feature article
Subscribe Now

Update Time: What Happened Next?

Revisiting Two Fast Changing Topics

I am revisiting the subject of a couple of articles. We publish stories about things that we feel are interesting and important, but, in most cases, they are only snapshots of an evolving process. So, today, I thought it was worth looking at two subjects where the evolution is particularly rapid.

I originally wrote about RISC-V last December. RISC-V is an open-instruction-set architecture (ISA), originally from Berkeley. Designed as an alternative to ARM and Intel architectures, it is gaining ground in a number of implementations, including in Microsemi’s FPGAs and some other single-core implementations. It has 16-, 32-, and 64-bit versions and a path to 128-bit, and it is designed for single or multicore implementations. Its development is under the guidance of the RISC-V Foundation. In what some gleefully reported as a setback for the RISC-V, a team at Princeton found a flaw in the memory-consistency model (MCM). The Foundation describes the MCM as a portion of the ISA specification that describes how values produced by one core are made visible to other cores in the system when running multithreaded programs – i.e., amongst other things, the MCM stops a core from overwriting memory that has been written by another core.

The press release from Princeton, dated 12 April, said, “The researchers, testing a technique they created for analyzing computer memory use, found over 100 errors involving incorrect orderings in the storage and retrieval of information from memory in variations of the RISC-V processor architecture.” This sounds pretty horrible, but, as so often in press releases, there is a lot more going on. The Princeton team first found MCM issues with the RISC-V ISA in late 2015 and communicated them to the Foundation and also more broadly. The Foundation is working on what it calls “cleaning up” the ISAs from Berkeley and publishing them as Foundation Standards in 2017. Redefining the MCM is seen as part of this activity. (That there has not been an immediate rush is explained by there being no multicore implementations yet announced.) The working party for the MCM is chaired by Daniel Lustig, a member of the Princeton team, who is now at NVIDIA.

Krste Asanović, Chairman of the RISC-V Foundation, has responded publically, explaining what the issues are, saying that the “100 errors” would be cured in one simple code change and that he is confident that, when multicore implementations are created, the problem will be solved.

My favourite response was from Codasip, a company with an implementation of RISC-V. It was called, “When a bug really is a feature” and points out that, as the ISA is open, Princeton was able to freely publish the results and to work with the Foundation to resolve the problem, which would not necessarily have been the case with a proprietary architecture. In fact, Codasip pointed out, a similar issue has occurred with both Intel and ARM multicore implementations and, at least in the case of the ARM issue, can be resolved by a software work-around.

While I am not certain what the ARM problem is, there are reports of cache issues with the big:LITTLE devices. By coincidence, a different issue has emerged with Intel, where the firmware for some of the company’s server processors, which runs independently of the OS, has a security hole that allows “an unprivileged attacker to gain control of the manageability features provided by these products.”

In other RISC-V news, Imperas has developed and released open-source models of the RISC-V RV32I / RV32G and RV64I / RV64G cores through the Open Virtual Platforms (OVP) website. This, in conjunction with other models on OVP, allows developers to build and customise instruction-accurate models and platforms for custom SoC subsystems, full SoCs, and larger systems. These can be used for software development while the physical implementation is taking place. Imperas (catch phrase, “Without software, silicon is just sand”) has also joined the RISC-V Foundation, which now has around 56 members.

SiFive, which was founded by the inventors of the RISC-V ISA, has announced what it claims is the fastest and easiest way to license RISC-V cores. The website has full datasheets, specifications, and app notes available without an NDA. A designer can get instant access to full FPGA bit-stream models to test software, an SDK, and tools. Fully functional, synthesizable evaluation RTL is also available instantly, allowing the designer to synthesize and simulate in their own design environment and process nodes. When it is time to move to production, SiFive claims, “…a simple seven-page contract with transparent pricing makes it straightforward and easy to license the IP for commercial use.”

And, finally, the venerable textbook series, Computer Organization and Design, has been extended by a RISC-V edition, joining ARM, MIPS and plain vanilla versions.

The second topic is cyber security. Last autumn, I wrote about the growing issues within cyber security. Since then, it has become one of the most discussed topics in many areas. Politics is, of course, the area with the highest profile, and it is the place where what is happening is least understood. Which country is spying on which other country, and why, is never something that will be totally clear, but it is clear that Russia is enjoying itself in stirring up the debate. In this context, Microsoft’s President Brad Smith’s call for a Digital Geneva Convention to protect non-combatants in a cyber war is interesting but unlikely to take place.

Surveillance, by individuals, companies, and governments, is another aspect of cyber security. As I am writing this, a confidential paper on the UK government’s plans to make all communications companies provide security services with real time access to users’ web browsing (which would include web-based email) and other data about users, was leaked. The government plans to slip the new rules through a legal loophole to avoid wider consultation.

There are initiatives that are more positive – for example, the UK government’s Health and Safety Executive has issued Guidelines for Cyber Security for Industrial Automation and Control Systems, and the UK government is backing 5*StarS, a consortium that “will research and develop an innovative assurance methodology to assure that connected autonomous vehicles’ components and systems have been designed and tested to the relevant cyber security standards throughout their whole lifecycle.

The ultimate aim of the consortium is to develop a 5-star type consumer rating framework, analogous to existing EuroNCAP type ratings for vehicle safety.”

The talking doll Cayla, whose insecurity I wrote about some 18 months ago, has now been banned in Germany after a researcher used Bluetooth to hack the doll.

Everyone and their dog are setting up companies or divisions within existing companies to address cyber security issues. As one might expect, not all of these are deeply competent, and some are downright evil – and all are, to some extent, trading on the FUD (Fear Uncertainty and Doubt) factor. And even established white-hats are not immune from incompetence. In February, Cloudflare, a company that “speeds up and protects millions of websites, APIs, SaaS services, and other properties connected to the Internet,” was found to have a bug that exposed users’ data. A Google search, for example, could, in certain circumstances, display information about another user.

Among the FUD bandwagon-jumpers are, predictably, the money men. A $300 million specialist venture fund – Trident Capital Cybersecurity – has been set up, and Bloomberg reports that the existing funds are all hurling money at start-ups that are aiming at cyber security. (Why do I hear echoes of previous technology bubbles?)

Another financial sector – insurance – is also riding the FUD bandwagon. According to the Financial Times, cyber security insurance is now a real hot spot for insurers, with companies competing aggressively to be seen as the market leaders. The article suggests that the policies that companies are buying are fairly limited and that the rates are high and the claims are few – it is obvious why this is attractive.

The stock market has a dim view of companies that have been the target of a cyber attack. According to the economic consultancy, Oxford Economics, companies that reported data breaches were likely to see an average of 1.8% decline in share value compared to their sector rivals. That can be big money.

Oxford Economics drew on intrusion company Gemalto’s data. Gemalto reported that, worldwide, almost 1.4 billion data records were compromised – nearly double (up by 86%) the 2015 number.

My concern is still that there is a lot of noise, considerable smoke and mirrors, and massive amounts of activity, with conferences, webinars, white papers, and other events appearing every day, and it is not clear that the information is reaching or being understood by the majority of companies.

One thought on “Update Time: What Happened Next?”

  1. Since I passed this to the production team there have been a number of updates. Andes has announced its 64 bit RISC V IP, joining a SiFive version in the market. That’s the good news. The bad news is that some black hats have used a phishing attack to exploit a flaw in Microsoft’s XP to seize control of millions of PCs in the hope of their owners paying a ransom. Industry sources are suggesting that there is another attack underway, this time using a stealth approach to steal financial details.

Leave a Reply

featured blogs
Dec 4, 2023
The OrCAD X and Allegro X 23.1 release comes with a brand-new content delivery application called Cadence Doc Assistant, shortened to Doc Assistant, the next-gen app for content searching, navigation, and presentation. Doc Assistant, with its simplified content classification...
Nov 27, 2023
See how we're harnessing generative AI throughout our suite of EDA tools with Synopsys.AI Copilot, the world's first GenAI capability for chip design.The post Meet Synopsys.ai Copilot, Industry's First GenAI Capability for Chip Design appeared first on Chip Design....
Nov 6, 2023
Suffice it to say that everyone and everything in these images was shot in-camera underwater, and that the results truly are haunting....

featured video

Dramatically Improve PPA and Productivity with Generative AI

Sponsored by Cadence Design Systems

Discover how you can quickly optimize flows for many blocks concurrently and use that knowledge for your next design. The Cadence Cerebrus Intelligent Chip Explorer is a revolutionary, AI-driven, automated approach to chip design flow optimization. Block engineers specify the design goals, and generative AI features within Cadence Cerebrus Explorer will intelligently optimize the design to meet the power, performance, and area (PPA) goals in a completely automated way.

Click here for more information

featured paper

3D-IC Design Challenges and Requirements

Sponsored by Cadence Design Systems

While there is great interest in 3D-IC technology, it is still in its early phases. Standard definitions are lacking, the supply chain ecosystem is in flux, and design, analysis, verification, and test challenges need to be resolved. Read this paper to learn about design challenges, ecosystem requirements, and needed solutions. While various types of multi-die packages have been available for many years, this paper focuses on 3D integration and packaging of multiple stacked dies.

Click to read more

featured chalk talk

Digi XBee 3 Global Cellular Solutions
Sponsored by Mouser Electronics and Digi
Adding cellular capabilities to your next design can be a complicated, time consuming process. In this episode of Chalk Talk, Amelia Dalton and Alec Jahnke from Digi chat about how Digi XBee Global Cellular Solutions can help you navigate the complexities of adding cellular connectivity to your next design. They investigate how the Digi XBee software can help you monitor and manage your connected devices and how the Digi Xbee 3 cellular ecosystem can help future proof your next design.
Nov 6, 2023