The iPad A4 system on chip

Apple announced their tablet and its specifications to the tech world, and the tech world happily started to tear it apart and understand how it works. Engadget has one of the most complete pages about the details.

I’m particularly interested in the central processing chip, the Apple A4.

MacWorld explains some business facts that could be related to the system-on-chip in question. Great emphasis is put on Apple acquiring P.A.Semi in 2008;  this start-up created a power-efficient microprocessor from scratch: the PWRficient(the name says it all), and while it is very implausible that Apple used their architecture in the iPad (because the OS is the same as the iPhone’s) there is no doubt that P.A.Semi has the know-how and the expertise to improve the energy consumption of a chip architecture to the point of 10 hours of usage or 300 hours of stand-by.

Anand Lal Shimpi analyzes the hardware, here’s an excerpt of his considerations (full article here):

Given the fact that it runs the iPhone OS and nearly all iPhone apps, I’m guessing the A4 is ARMv7 based. It’s possible that Apple engineered its own architecture for the A4, but more likely that it simply took an existing ARM design and modified it to suit its needs.

If Apple wanted to save cost it would’ve gone with a Cortex A8 based processor, or if it wanted more performance it would be something more A9 like.

[...]

I’m going to say that there’s a good chance that the A4 is much closer to the A9 in terms of performance. If it’s not an A9 itself, it may be Apple’s own out-of-order design.

It is an educated guess and I believe it’s the right answer, given what we know; I am more inclined to say that the A4 is not a single-core Cortex-A9 but a multi-core, given the extraordinary power efficiency, but the fact that the OS seems almost exclusively single-task lessen the probability of this hypothesis.

This article instead reports that they received the information that the A4 contains a Cortex-A9 and an ARM Mali Graphic Processing Unit, or at least ARM licensed its CPU and GPU technology to Apple. It is clear that an advanced GPU has been used because of the smoothness of the user experience seen on videos, and this technology must also be power efficient given the iPad battery life.

Unfortunately, we can only keep guessing using these small chunks of information, until Apple decides to reveal the A4 secrets.

45.447224 8.599690

Memento code comments

Code comments are equal to flossing: you need to floss regularly or else… But how should a developer approach writing comments? As a personal technique I associate code comments with memento.

What does memento mean?

• Memento is the Latin imperative “Remember!”
• A memento is an object that serves the purpose to let us not forget something important.
• Memento is a famous movie where the protagonist suffers from memory loss.

How are these concepts associated with code comments?

• As an imperative on myself: “Remember to comment your code!”
• The reason for commenting code: to lower the possibility to forget something; something that might be overlooked and lead to bugs.
• A guideline on how to write them: comment your code as if you have no long-term memory. Sometimes I say “this is easy to remember!” and then I forget it the next hour/day/month, because I had hundreds of other small things to remember that pushed away the first ones.

45.447224 8.599690

How to watch Avatar

I went to see Avatar yesterday, in a theater that employed the XpanD technology to project 3D movies.

When the movie started, at first I was disoriented by the 3D because I could only focus on one element of the scene, and if I tried to look at the background I could only see a blurred image. I understood almost immediately that this was intended by the creators, and it helped me a lot through the movie: the movie director wants you to look at a specific object, character or field of vision, and enforces it by keeping only that particular target focused, and leaving the rest unfocused. In a sense, you must enjoy the experience that the director prepared for you, and understand that you have no freedom to do otherwise; be aware that this is not as bad as it sounds, because they really know their stuff. An example is the second scene, where the protagonist is in the foreground and two military officers are in the background: I wanted to see the officers’ faces but couldn’t, because they were too blurred; this was not an issue at the end, because those two people were never seen again in the entire movie. So the rule is:

If you can’t see it, you don’t need to see it.

At one point I tried to adjust the 3D glasses on my nose, pushing between the lenses with my finger. In that moment I lost the 3D vision and the images appeared too bright and doubled; the correct behavior was reestablished a second after I removed the finger from the glasses. The reason for this is the presence of a sensor on the front of the glasses, between the lenses. This sensor communicates with a transmitter placed near the cinema screen, and receives a signal that is used to create the 3D effect. This is roughly how the 3D technology works:

XpanD 3D basic principle illustrated

The projector creates alternatively two images on the big screen: one must be seen by the spectator with the right eye, while the other must be seen with the left eye. To enforce this requirement the special glasses impede the view of the right or left eye by rendering their lens opaque and transparent alternatively. Our brain cannot perceive this switch between right and left eye because it is very fast: 120 times a second, which is 60 frames per second for each eye. To be sure that the right lens is opaque and the left lens is transparent when the projector is showing the left image (and the other way around), a synchronism must be applied between the projector and the glasses. This synchronism consists of a signal sent by the theater system to the glasses of all the spectators. By interrupting this signal both lenses become transparent and the spectator sees both images on the screen.

I think that having a basic understanding of the technology behind 3D cinema would help improve the user experience. When I got out of the cinema I overheard people saying “It was too blurred” or “Sometimes the 3D disappeared”; if those people knew these facts, maybe they would have enjoyed Avatar more: it is an awesome movie, created with an awesome technology.

45.447224 8.599690

Languages for hardware development

Hardware development is similar to software development when it comes to languages. There are many of them, each one with its own pros and cons, and when I start a project I must choose one, for the right or for the wrong reasons:

• It has the right set of functionalities for what I want to do
• I know this language so I must use it to complete something quickly
• I already have a library in this language
• There are free tools for this language
• This language needs a proprietary tool, but the tool quality is worth the price
• The environment we have in place is designed for this language
• We need support, and that well-known company sells good support for this language

A good place to find information about the different hardware description languages is ASIC World, a very complete portal with tutorials, examples and links. Here I’m giving a subjective take on some languages that I encountered. (The following list of languages is a glimpse on what’s available: it is not meant to be a complete reference)

Verilog

This language is the basis for hardware description: it’s simple, mature, widespread in the industry world and it’s regulated by a standard group. I think it is the best language to start developing hardware, because the learning curve of the language syntax is not very steep, and the brain can concentrate on other problems. The most difficult barriers when starting to design hardware are: understanding concurrency, and understanding the synchronous sequential logic (registers and clocks). These concepts can be grasped by using the opposite mindset with respect to sequential programming; for this reason it is particularly difficult for a software programmer to migrate to the hardware world.

Best for:

low-level description

VHDL

VHDL is much like Verilog, in terms of low-level hardware description.  In addition it puts the emphasis on abstraction in terms of libraries (for example the handling of integer values), and on behavioral modeling. It is also possible to define types and “records”, that are similar to the ANSI C “struct”. Together with Verilog, they describe the great majority of hardware components.

Best for

low-level description

SystemC

SystemC is a way to use C++ to model hardware. The definition of objects in C++ is similar to the description of hardware modules, and similar is also the encapsulation of objects inside other objects. SystemC consists of a library of classes that can be used to model hardware, and a runtime that performs simulations. A SystemC design can be compiled using a C++ compiler such as the one in Visual Studio or GNU g++, and the resulting simulation is very fast. Moreover, running a simulation on a multi-core machine is very efficient, because it is largely based on threads to model concurrency [Edit: the current SystemC simulation kernels are single-threaded, work has been done to create an experimental kernel expoiting Simmetric MultiProcessing].

Best for

high-level modeling

e

The e language is impossible to Google. For this reason, it is better to associate it with the proprietary tool that interprets it: Specman. There are other tools that can deal with e, but historically and commercially Specman is the most fit. This language is based on extensions: for example if you have a library function that prints “Hello World!” you can extend it to print also “Especially hello girls!”. This language can also model a random behavior: you can define a module containing an integer, and write a constraint that keeps the integer in the range 0 to 100; during the simulation the module instance will contain an integer with a specific value that satisfies all the constraints. This feature is useful to verify an hardware block by giving it many random inputs that have specific rules (data packets, control messages…). The syntax is quite clear, but the concepts of aspect-oriented programming are not immediate to grasp.

Best for

verification

IP-XACT

IP-XACT is not really a language but a group of specifications to write an XML description of a hardware design. It has been created by the Spirit Consortium and is in active development. IP-XACT was born to cope with real world problems of the hardware industry from design to implementation.

Those problems for example are:

• how should I deliver my hardware block to other companies?
• how can I keep synchronized: hardware development, documentation and software code?
• how do I integrate hardware blocks from different vendors, written in different languages?
• how can I connect different blocks to design my system top-down?
• how should I keep track of information associated with the code, for example the tools used to compile?

IP-XACT offers a framework to solve these problems using XML descriptions as the common denominator. Ideally, this is how it should work out:

Suppose you’re designing a system with a CPU and a SATA controller. You get the CPU from a vendor and the SATA from another, both ship their product with it an IP-XACT description. You use an IP-XACT enabled graphical tool to import the two blocks into your project and connect them (using your mouse) to the bus, to the memory and the other peripherals of your system. You then click a button to generate ANSI C code to access SATA using the IP-XACT description of its registers; you compile it using the software indicated in the IP-XACT files. You then elaborate the design for simulation using the tool information in the IP-XACT, and run the simulation.

The key to make this work-flow possible is to have all tools with IP-XACT support, and this is gradually becoming the case. There is a shortage of open source tools though, apart from a useful Eclipse plugin.

Best for

high-level description

MyHDL

MyHDL is an open source tool (hosted on sourceforge) that allows you to describe hardware using the Python language. Establishing a new language is not straightforward; MyHDL renders the transition easy in many ways:

• it is based on an existing well-known and proven language syntax (Python)
• it implements code generation to Verilog and VHDL
• it allows mixed simulation of MyHDL and Verilog (through VPI modules)

Moreover, MyHDL associates the concept of verification in the hardware world with the concept of unit testing in the software world. While doing so, it exploits the existing Python modules for unit testing, that are widely used for entirely different projects such as web services. Hardware verification is the most time-consuming task in the design flow, so anything that can ease the job is well accepted.

Best for

low-level description and verification

45.447224 8.599690

OpenRisc Verilog simulation of serial port communication

OpenRisc is an open source microprocessor architecture; being it open source, one of the key benefits is the possibility to examine it, compile it and make it work. OpenCores provides an environment to compile the Verilog RTL description of a OpenRisc system (called ORPSoC) and run tests using Icarus Verilog, that is a quite mature FLOSS Verilog compiler and event-driven simulator. Here is what I did to set up the simulation environment, following the guidelines in the ORPSoCv2 page:

• Download the OpenRisc toolchain and install it using the provided script
• Download the Orpsocv2 system from Subversion repository
• Install Icarus Verilog and GTKWave (using “sudo apt-get install verilog gtkwave” on my Ubuntu box)
• Open a terminal and setup the environment, which consists only in adding the “or32-elf/bin” directory to the PATH environment variable (export PATH=”${HOME}/src/openrisc/or32-elf/bin:${PATH}”)

With the environment ready, I got into the directory “orpsocv2/sim/run” and run:

make rtl-tests TESTS=uart-nocache UART_PRINTF=1 VCD=1

the command launches the “uart-nocache” test, printing on the terminal the bytes coming from the UART and dumping the waveforms into a VCD format file. The following is the output on-screen of the simulation:

Beginning loop that will complete the following tests: uart-nocache

################################################################################

 #### Current test: uart-nocache ####

 #### Compiling software ####

make[1]: Entering directory `/home/francesco/src/openrisc/orpsocv2/sw/uart'
or32-elf-gcc -O2 -mhard-mul -g -DUART_PRINTF uart.c -c -o uart.o
In file included from uart.c:1:
../support/support.h:18: warning: conflicting types for built-in function ‘printf’
or32-elf-gcc -mhard-mul -g -DUART_PRINTF  -T ../support/orp.ld uart.o ../support/reset-nocache.o ../support/libsupport.a ../support/except.o -o uart-nocache.or32
or32-elf-objcopy -O binary uart-nocache.or32 uart-nocache.bin
../utils/bin2hex uart-nocache.bin 1 -size_word > uart-nocache-twobyte-sizefirst.hex
../utils/bin2vmem uart-nocache.bin > uart-nocache.vmem
make[1]: Leaving directory `/home/francesco/src/openrisc/orpsocv2/sw/uart'

 #### Compiling RTL ####
/home/francesco/src/openrisc/orpsocv2/sim/run/../../rtl/verilog/components/or1200r2/or1200_cfgr.v:185: warning: Numeric constant truncated to 3 bits.

 #### Beginning simulation ####

Starting RTL simulation of uart-nocache test

VCD in /home/francesco/src/openrisc/orpsocv2/sim/run/../../sim/results/uart-nocache.vcd

VCD info: dumpfile /home/francesco/src/openrisc/orpsocv2/sim/run/../../sim/results/uart-nocache.vcd opened for output.

Hello World.
real 40.16
user 39.58
sys 0.52

 ####
 #### Test uart-nocache PASSED ####
 ####

Test results: 1 out of 1 tests passed

What happened? Here is a diagram:

OpenRisc Hardware/Software co-simulation

A test program (uart.c) is compiled using the OpenRisc toolchain (or32-elf-gcc), and a memory image is generated (uart-nocache.vmem); the program takes a string “Hello World.\n” and sends it through the UART one byte at a time. The program image is used in simulation to fill the RAM. The Verilog RTL sources, including the OpenRisc core, the UART and the testbench that checks the results, are compiled and then simulated; the software runs and the simulator prints the characters composing “Hello World.” that have been sent to the serial port. It is shown that the simulation took about 40 seconds to run.

After the simulation is completed, it is possible to examine the waveforms of the digital circuit using the graphical software GTKWave to open “../results/uart-nocache.vcd“; this is a screenshot of a part of the simulation (click it to enlarge):

GTKWave display of OpenRisc UART simulation

In the image it is captured the printing of the “H” character, that in ASCII is coded as 0×48. The red vertical line shows the instant in which the OpenRisc writes 0×48 to the UART. The “Signals” panel shows that “dwb_dat_o” contains the hexadecimal value “48480048“  written in the hexadecimal address “dwb_adr_o = 9000000” that is the zone of memory that contains the UART. The byte is then transmitted serially (and slooowly) up to the most external signal which is “uart0_stx_o“, that can be seen as an external pin of a microchip. This signal is read by a dedicated UART decoder whose purpose is to construct the transmitted data into the “tx_byte” register and print the character to the terminal. Rightmost in the window , in the last line, the character “H” can be seen completely reconstructed, and it will be printed on-screen.

I think that these simulations can be really interesting for those who want to learn about digital electronics, hardware description languages and embedded software development. It is quite easy, and absolutely free, to start toying with this environment, but the concepts are very similar to the digital design of real chips. I can picture students using this as a base for a thesis about hardware IP design, or verification methodology, or optimization of simulators.

45.447224 8.599690

OpenRisc simulator runs Linux

OpenCores is an organization owned by ORSoc that invests in open source hardware. Their site hosts many hardware projects that ship the source code (Hardware Description Language in this case) with the GNU Lesser General Public Licence. This allows the adoption of free Intellectual Properties (hardware blocks) in any hardware design, being it proprietary (closed-source) or not. One of the most exciting project is the OpenRisc, a 32bit micro-controller that competes with professional cores. Even in one of the most loved open source platforms, the Arduino, the core itself (an Atmel AVR variant) is “closed source”.

By extending the open source philosophy to the core itself, it is possible to:

• understand “what’s behind” an embedded platform
• study and exploit the lower layers of the firmware
• discover hardware bugs
• customize the micro-controller design

In order to develop software on this particular micro-controller, a toolchain has been developed (thanks to Means of Freedom and ORSoc) based on the widely adopted GNU toolchain. Using this toolchain it is possible to compile C code for the OpenRisc platform and run it inside a simulator. The most complete example of the toolchain’s potential is the compilation and simulation of a small Linux system.

OpenCores provides a VMWare image that contains an Ubuntu system with all the tools to start toying with OpenRisc. More information here: http://www.opencores.org/openrisc,vmware

To use the toolchain on an existing Linux system (Ubuntu, for example), there is a guide here: http://www.opencores.org/openrisc,gnu_toolchain

The steps basically involve:

• installing the prerequisites (for example build-essentials)
• running a script that:
  • downloads the version of the software that can be compiled for OpenRisc
  • patches the source code to add OpenRisc-specific compatibility
  • compiles the toolchain and the Linux system to simulate
• running the simulator (or32-elf-sim) using the Linux image and a configuration file.
• connecting to the simulated Linux system (using telnet on localhost, port 10084)

The simulator can be launched with a configuration file that allows to change many parts of the system, like the memory and the peripherals, and the connections to the external world; for example it redirects the serial port to a listening TCP socket on port 10084 that can be accessed with telnet.

This system shows untapped potential: it could become widely adopted by electronic enthusiasts that now are enjoying Arduino and PICs. After that, the project could mature up to the point of being competitive against commercial cores. Up to now, ORSoc sells development kits based on (expensive) FPGA, but in the near future I hope that they will sell a real OpenRisc-based chip mounted on a set of boards just like the Arduino ones.

45.447224 8.599690

Reinforce ssh security with Denyhosts

…For years I’ve been saying security consists of protection, detection and response–and you need all three to have good security…

March 2007, Bruce Schneier

I always read Schneier’s site carefully, because everything he says is precise, consistent and grounded in experience. When I stumbled upon this concept of three components of security, I realized that most of my systems have only the first component: protection. My ssh servers, for example, use authentication through RSA key pairs, do not allow root login and listen to a non-standard port. But I have no way of knowing whether these servers were under a brute force attack (for example), unless I check the logs each day when I come home. And even then, that means the attacker had an entire day to try passwords.

Enter Denyhosts.

Denyhosts is a service that detects failed login attempts and reacts to them by adding into the hosts.deny file the IP of the offending hosts that are trying to login. It can also be configured to send a mail when it detects a possible attack. With ssh+Denyhosts  the security of my systems contains all three components:

• Protection: users cannot login to the servers unless they know the port of the service and possess a strong authentication key.
• Detection: the login attempts are logged and constantly checked by the Denyhosts service.
• Response: the Denyhosts service blocks the offending hosts and reports the attack to the administrator, that in turn can take other measures such as stopping the ssh service, adding a rule to the firewall or trace the IP from whence the attack comes.

This setup could also be taken as example for many other applications, and the added strength of the components can be evaluated. For example, in my case the protection against brute force attacks was strong anyway, because of the RSA key authentication, and the weakest link could be, for example, the location of the private keys. A strong detection system could then also audit any successful access and mail the user that is logging in, in order to alarm him if someone stole his account.

Security is as strong as its weakest link; for this reason it is important to have a good understanding of the system and its vulnerabilities, and to act accordingly.

Italian Linux Day 2009

The Italian Linux Society promoted today a nation-wide event called Linux Day 2009. I went to the event that was nearest to my home, organized by the local Linux User Group (the GalLUG). They spoke to an audience that was mainly made of 18yo boys of the local technical institute, promoting the Free Open Source philosophy and demonstrating the power of Linux.

• Presentation of the LUG and its initiatives
• Open Source, GNU and Linux
• How to install Puppy Linux on CD or USB Key
• Linux and virtualization
• inux steel (a pun on inox steel): a lesson on security
• #!/bin/bash
• Ideas and projects with Linux: tips for the 5th year project that the students must complete

They also prepared a stand where anyone could try Ubuntu, and they distributed Live CDs.

Free relax in an open plan office

The phone rings. LOUD. It’s from the nearest cubicle. Nobody answers. It’s LOUD. I’m working on something that requires long and constant atten- LOUD -tion.  The phone stops ringing, and the colleagues’ voices return to be distracting again. There’s an informal meeting a handful of seats from me; I’m happy for them that they’re laughing, but I’m afraid the software bug I’m hunting will take the time to hide himself deeper while I’m not looking.

I think that some of you may relate to my experience. Actually, I’m sure. The greatest source of distraction for me is noise, sounds and voices; if you are like me, you will like this lecture about sound on TED:

Julian Treasure: the 4 ways sound affects us

Quoting his presentation, open plan office: productivity loss = 66%. Mr.Treasure also stresses the importance of the positive effect that some sounds have on us, even on an instinctive level; I decided to give the “birdsong therapy” a try at the office. I started searching for sounds to use, and I stumbled upon this social and free database of sounds:

The Freesound Project

Basically every user can contribute to add sounds that can be used freely as Creative Commons. The site has tons of different ambient captures of birdsong. I enjoyed very much, and found suitable for my situation, this 42 minutes long recording of birds. The file’s format is wav, and this means that the size is unnecessarily big. In order to compress the sound on my Ubuntu Linux computer, I used a context-menu driven utility for sound conversion that is a Nautilus add-on. You can install it with:

sudo apt-get install nautilus-script-audio-convert

With this utility I compressed the 420MB wav file into a 63MB good quality OGG/Vorbis audio file (Vorbis is a free open source encoding algorithm). The last problem is that at the office I have a Windows XP box, and I need a player that reads ogg files. For this reason I decided to install the codecs for Windows Media Player:

DirectShow filters – play back ogg files in Media Player

The next day I copied the birdsong inside my workstation, installed the codec, put on my headphones and jumped into the nature. It worked, somehow. The noise of the office was still present, but more distant and subdued under the melody of the forest. In order to completely annihilate the auditory pollution, I feel that classic orchestral music is more appropriate, since it gives a harmonic background covering everything else.

Give it a try: it won’t cost you a penny and it could greatly improve your productivity.

Secure remote storage with Dropbox and TrueCrypt

Dropbox is a service for backup and synchronization of files, and it runs on Windows, Mac OS X and Linux.  As I pointed out before, I’d like to be able to use Dropbox without security torments. I don’t think that the guys who run Dropbox really want to peek inside my files, but the risk that someone else does indeed gain access to my data, accidentally or intentionally, is not negligible. A malicious employee, a security breach, the company is sold… I want to feel safe; I need a solution that, on top of Dropbox, adds the security I need. One of the best things about Dropbox is the ability to run on most computer platforms, so a nice solution to the security problem should also possess this quality. The most portable solution up to now seems to be the addition of TrueCrypt. TrueCrypt is a cross-platform encryption software that, among other functionalities, creates files that can be used as encrypted volumes. The idea is to put these encrypted files (that can be considered as safety vaults) inside Dropbox, and to use TrueCrypt on the local copy of the files to decrypt and access the private data. In this way, the data that is stored inside Dropbox is completely unusable by everyone, except the ones who can decrypt it. The decryption can involve a password that a user must remember, a key file that a user must have in his computer, or both.  I like the idea of having both because then, in order to read my data, a potential spy must have:

• The encrypted vault file (located in my Dropbox or any other computer linked to it)
• The key file (located in my computers or inside a USB drive)
• The password (located in my brain)

I think the only feasible attacks to read my data would then be aimed at reading it when I have decrypted it (other than beat me with a 5$ wrench to make me hand over my USB drive and spit out the password).

Installation steps in brief:

• Install Dropbox
• Install TrueCrypt (or use it in Portable Mode)
• Create a TrueCrypt encrypted vault file (with optional key file)
• Put the vault file in a Dropbox folder
• The vault file is automatically synchronized by Dropbox

For each other computer that you want to use to access the vault, you need to:

• Install Dropbox
• Install TrueCrypt (or use it in Portable Mode)
• Synchronize the Dropbox folder (to download the vault file)
• Copy the optional key file

The common use case to access your private data will then be:

• Mount the vault
• Access or modify the files inside the vault
• Unmount the vault
• The vault file is automatically synchronized by Dropbox

Tips to Ubuntu users:

I created a simple script that opens/closes a vault. It can be easily added to the “Applications” menu.

#!/bin/bash

MOUNT_DIR="${HOME}/truecrypt"
VAULT_FILE="${HOME}/Dropbox/Vault.tc"
KEY_FILE="${HOME}/Vault.tck"

if mount | grep "${MOUNT_DIR}" >/dev/null; then
    truecrypt -d "${VAULT_FILE}" && zenity --info --text="Vault closed: ${VAULT_FILE}";
else
    test -d "${MOUNT_DIR}" || mkdir -p "${MOUNT_DIR}"
    truecrypt --keyfiles="$KEY_FILE" "${VAULT_FILE}" "${MOUNT_DIR}" && gnome-open "${MOUNT_DIR}";
fi

Another useful trick for Linux/Mac users is to keep the files in the Dropbox folder, and create a link where you need them using “ln -s target link_name“. For example, you can copy the “places.sqlite” file that is inside your Firefox profile, and contains your bookmarks and history, inside the Dropbox folder, and create a link to it in your Firefox profile folder. Doing so, you can synchronize your Firefox bookmarks for all your computers.