Sverker Nilsson wrote:
> [True random input in CPU]
> I hope this diode is only accessible from supervisor mode, because
> otherwise we won't have as many provably deterministic user mode
> programs as before.
>
> Relevance for Haskell would be that you wouldnt be able to fork a
> program written in C into a protected environment (functional
> sandbox?) and know that its result would depend only on its input
> arguments. So you couldnt safely do this thru an ordinary Haskell
> function call that could be cached for example.
Very good point!
With a deterministic CPU (or deterministic CPU mode) and sufficient
protection, users could implement higher-order functions in machine code. And
even across multiple machines (with same architecture), the same input would
yield the same output, which is absolutely essential, if one implements some
distributed functional system.
So why don't we start building a FOS (Functional Operating System :-)
supporting the "functional sandbox" model? :-)
In my wildest dreams, I see the functional answer to JVM, i.e. a virtual
machine supporting referential transparency (even across networks) based on a
common binary format. Use cryptographic hashing for identification of
aggregated values (to support "distributed immutability").
> To get at this diode, or any other such device, one should have
> to go thru a device driver or I/O instruction that could be disabled.
> I hope they did it like this...
Yes, hopefully! I tried to look for it at http://www.intel.com/, but I only
found the following "non-deterministic" things:
* On-die diode to measure die temperature.
* CPU serial number
* Performance counters
* Query about cache state, page translation look-aside buffers, etc.
Probably not fun to put in a deterministic state before calling the sandbox.
Hopefully all of these can be turned off in non-privileged mode (I know at
least some of them can). The serial number would of course still give
determinism on a single machine, but would break "output depends only on
input" on a distributed functional system.
Does anyone have precise information about the possible "random diode" on the
Pentium-III?
/Bjarke
--
Bjarke Dahl Ebert, Bruz, Bretagne, France
http://www.irisa.fr/compose/ebert/
