42: A Component-Based Approach to Virtual Prototyping of Heterogeneous Embedded Systems

tel-00539648, version 1-24 Nov 20 42: A Component-Based Approach to Virtual Prototyping of Heterogeneous Embedded Systems Ph.D. Defense Tayeb bouhadiba Directrice de thèse : Florence maraninchi Jury: Marc pouzet Rapporteur Lionel seinturier Rapporteur Jean-Bernard stefani Examinateur September 15th 20 Bouhadiba - Ph.D. Defense 42 September 15th 20 1 / 45

Introduction & Sources of Inspiration Embedded Systems tel-00539648, version 1-24 Nov 20 Safety Critical Systems Embedded Systems Consumer Electronics Bouhadiba - Ph.D. Defense 42 September 15th 20 2 / 45

Introduction & Sources of Inspiration Embedded Systems Embedded Systems, Components & Heterogeneity tel-00539648, version 1-24 Nov 20 Software + Hardware Bouhadiba - Ph.D. Defense 42 September 15th 20 3 / 45

Introduction & Sources of Inspiration Embedded Systems Embedded Systems, Components & Heterogeneity tel-00539648, version 1-24 Nov 20 Processors Hardware IP s (Intellectual Prerties) Software + Hardware Bouhadiba - Ph.D. Defense 42 September 15th 20 3 / 45

Introduction & Sources of Inspiration Embedded Systems Embedded Systems, Components & Heterogeneity tel-00539648, version 1-24 Nov 20 Processors Hardware IP s (Intellectual Prerties) Software + Hardware Bouhadiba - Ph.D. Defense 42 September 15th 20 3 / 45

Introduction & Sources of Inspiration Embedded Systems Embedded Systems, Components & Heterogeneity tel-00539648, version 1-24 Nov 20 Processors Analog Digital Hardware IP s (Intellectual Prerties) Software + Hardware Bouhadiba - Ph.D. Defense 42 September 15th 20 3 / 45

Introduction & Sources of Inspiration Embedded Systems Embedded Systems, Components & Heterogeneity tel-00539648, version 1-24 Nov 20 Processors Analog Digital Hardware IP s Synchronous (Intellectual Prerties) Asynchronous Software + Hardware Bouhadiba - Ph.D. Defense 42 September 15th 20 3 / 45

Introduction & Sources of Inspiration Virtual Prototyping tel-00539648, version 1-24 Nov 20 Embedded Systems Virtual Prototyping = An Executable Model Before the System is Manufactured Bouhadiba - Ph.D. Defense 42 September 15th 20 4 / 45

Introduction & Sources of Inspiration Embedded Systems Virtual Prototyping tel-00539648, version 1-24 Nov 20 Modeling Bouhadiba - Ph.D. Defense 42 September 15th 20 4 / 45

Introduction & Sources of Inspiration Embedded Systems Virtual Prototyping tel-00539648, version 1-24 Nov 20 Modeling Software Bouhadiba - Ph.D. Defense 42 September 15th 20 4 / 45

Introduction & Sources of Inspiration Embedded Systems Virtual Prototyping tel-00539648, version 1-24 Nov 20 Modeling Virtual Prototyping Software Bouhadiba - Ph.D. Defense 42 September 15th 20 4 / 45

Introduction & Sources of Inspiration Embedded Systems Virtual Prototyping tel-00539648, version 1-24 Nov 20 Modeling Virtual Prototyping Executability Software Bouhadiba - Ph.D. Defense 42 September 15th 20 4 / 45

6 Bouhadiba Summary - Ph.D. Defense 42 September 15th 20 5 / 45 Contents tel-00539648, version 1-24 Nov 20 Introduction & Sources of Inspiration Virtual Prototyping of Embedded Systems 1 Introduction & Sources of Inspiration Virtual Prototyping of Embedded Systems Modeling Hardware/Software with Synchronous Languages Ptolemy Specifying Components: Contracts 2 Overview of 42 & Examples [GPCE07] 3 Hardware Simulation by Interpreting Contracts [COORD09] 4 Using 42 Together with Existing Approaches [EMSOFT09] 5 Some Related Work

Introduction & Sources of Inspiration Virtual Prototyping of Embedded Systems SystemC/TLM for Systems-on-a-Chip tel-00539648, version 1-24 Nov 20 while(true) x = 42; while (x neq 0) y = read(addrm + x); write(addrm, x);... write(addrd+0x0, addrm); write(addrd+0x1, 42); write(addrd+0x4, 0x);...... Embedded Software Hardware Architecture A SoC (System-on-a-Chip) Bouhadiba - Ph.D. Defense 42 September 15th 20 6 / 45

Introduction & Sources of Inspiration Virtual Prototyping of Embedded Systems SystemC/TLM for Systems-on-a-Chip tel-00539648, version 1-24 Nov 20 while(true) x = 42; while (x neq 0) y = read(addrm + x); write(addrm, x);... write(addrd+0x0, addrm); write(addrd+0x1, 42); write(addrd+0x4, 0x);...... Embedded Software TLM (Transaction-Level Modeling) provides CPU Virtual Prototype Bouhadiba - Ph.D. Defense 42 September 15th 20 6 / 45

Introduction & Sources of Inspiration Virtual Prototyping of Embedded Systems SystemC/TLM for Systems-on-a-Chip tel-00539648, version 1-24 Nov 20 while(true) x = 42; while (x neq 0) y = read(addrm + x); write(addrm, x);... write(addrd+0x0, addrm); write(addrd+0x1, 42); write(addrd+0x4, 0x);...... Embedded Software TLM (Transaction-Level Modeling) provides CPU Virtual Prototype Bouhadiba - Ph.D. Defense 42 September 15th 20 6 / 45

Introduction & Sources of Inspiration Virtual Prototyping of Embedded Systems SystemC/TLM for Systems-on-a-Chip tel-00539648, version 1-24 Nov 20 while(true) x = 42; while (x neq 0) y = read(addrm + x); write(addrm, x);... write(addrd+0x0, addrm); write(addrd+0x1, 42); write(addrd+0x4, 0x);...... Embedded Software TLM (Transaction-Level Modeling) provides CPU Early Available Virtual Prototype Bouhadiba - Ph.D. Defense 42 September 15th 20 6 / 45

Introduction & Sources of Inspiration Virtual Prototyping of Embedded Systems Virtual Prototyping of Sensor Networks tel-00539648, version 1-24 Nov 20 CPU, Sensor, Memory, Radio, Battery Several sensors communicating by radio Network lifetime depends on energy consumption Use of virtual prototyping to study non-functional aspects (e.g., energy) Bouhadiba - Ph.D. Defense 42 September 15th 20 7 / 45

6 Bouhadiba Summary - Ph.D. Defense 42 September 15th 20 8 / 45 Contents tel-00539648, version 1-24 Nov 20 Introduction & Sources of Inspiration Modeling Hardware/Software with Synchronous Languages 1 Introduction & Sources of Inspiration Virtual Prototyping of Embedded Systems Modeling Hardware/Software with Synchronous Languages Ptolemy Specifying Components: Contracts 2 Overview of 42 & Examples [GPCE07] 3 Hardware Simulation by Interpreting Contracts [COORD09] 4 Using 42 Together with Existing Approaches [EMSOFT09] 5 Some Related Work

Introduction & Sources of Inspiration Modeling Hardware/Software with Synchronous Languages Modeling HW/SW with Synchronous Languages tel-00539648, version 1-24 Nov 20 ATV (Automated Transfer Vehicule) PFS (Proximity Flight Safety) is Embedded in the ATV Bouhadiba - Ph.D. Defense 42 September 15th 20 9 / 45

Introduction & Sources of Inspiration Modeling Hardware/Software with Synchronous Languages Modeling HW/SW with Synchronous Languages tel-00539648, version 1-24 Nov 20 ATV (Automated Transfer Vehicule) PFS (Proximity Flight Safety) is Embedded in the ATV The original model of the PFS is written in AADL (Architecture Analysis and Design Language) (Not Executbale) Bouhadiba - Ph.D. Defense 42 September 15th 20 9 / 45

Introduction & Sources of Inspiration Modeling Hardware/Software with Synchronous Languages Modeling HW/SW with Synchronous Languages tel-00539648, version 1-24 Nov 20 ATV (Automated Transfer Vehicule) Simulation Automatic Testing PFS (Proximity Flight Safety) is Embedded in the ATV PFS description in Lustre The original model of the PFS is written in AADL (Architecture Analysis and Design Language) (Not Executbale) Automatic Translation into Lustre E. Jahier, N. Halbwachs, P. Raymond, X. Nicollin, D. Lesens, Virtual Execution of AADL Models via a Translation into Synchronous Programs [EMSOFT07] Bouhadiba - Ph.D. Defense 42 September 15th 20 9 / 45

6 Bouhadiba Summary - Ph.D. Defense 42 September 15th 20 10 / 45 Contents tel-00539648, version 1-24 Nov 20 Introduction & Sources of Inspiration Ptolemy 1 Introduction & Sources of Inspiration Virtual Prototyping of Embedded Systems Modeling Hardware/Software with Synchronous Languages Ptolemy Specifying Components: Contracts 2 Overview of 42 & Examples [GPCE07] 3 Hardware Simulation by Interpreting Contracts [COORD09] 4 Using 42 Together with Existing Approaches [EMSOFT09] 5 Some Related Work

Introduction & Sources of Inspiration Ptolemy Ptolemy tel-00539648, version 1-24 Nov 20 ptolemy.eecs.berkeley.edu MoCC : Model of Computation and Communication composite actor external port actor port hierarchical abstraction Components are actors The director implements a MoCC Hierarchical framework a catalogue of predefined MoCCs: Synchronous Reactive, Discrete Event, Continuous Time, etc. Bouhadiba - Ph.D. Defense 42 September 15th 20 11 / 45

6 Bouhadiba Summary - Ph.D. Defense 42 September 15th 20 12 / 45 Contents tel-00539648, version 1-24 Nov 20 Introduction & Sources of Inspiration Specifying Components: Contracts 1 Introduction & Sources of Inspiration Virtual Prototyping of Embedded Systems Modeling Hardware/Software with Synchronous Languages Ptolemy Specifying Components: Contracts 2 Overview of 42 & Examples [GPCE07] 3 Hardware Simulation by Interpreting Contracts [COORD09] 4 Using 42 Together with Existing Approaches [EMSOFT09] 5 Some Related Work

Introduction & Sources of Inspiration Specifying Components: Contracts Classification of Contracts in the CBSE Community tel-00539648, version 1-24 Nov 20 (Component-Based Software Engineering) Syntactic contracts Interface Description languages (Java-IDL, WSDL, IDL, etc.) Behavioral contracts pre and post conditions, assertions, etc. (Design by Contracts TM, Eiffel, icontracts, etc.) Synchronization contracts Sequence of method-calls, Component synchronization, etc. (PROCOL, Interface automata, Session types, etc.) Quality of service contracts Resource consumption, Image quality, etc. Bouhadiba - Ph.D. Defense 42 September 15th 20 13 / 45

Introduction & Sources of Inspiration Specifying Components: Contracts Contracts in the Hardware Community tel-00539648, version 1-24 Nov 20 and the Synchronous Languages Don t care conditions Hardware timization Conditional dependencies in Signal Cycle analysis in synchronous circuits i Assume/Guarantee reasoning b Modular verification (K. McMillan) Executable specifications for Lustre (L. Morel) i o b o Input (ib)=() never occurs i b A o o o depends on i when b=true o o?? G Bouhadiba - Ph.D. Defense 42 September 15th 20 14 / 45

Introduction & Sources of Inspiration Specifying Components: Contracts Observation & Motivations of 42 tel-00539648, version 1-24 Nov 20 In each context of Virtual Prototyping of embedded systems, there exists a notion of components and MoCCs related issues 42 aims at providing: A language-independent component-based framework for modeling hardware/software systems. Support for a clean definition of components, and help enforcing the FAMAPASAP (Forget As Much As Possible As Soon As Possible) principle. Support for integration of existing code and models in en virtual prototyping environments. Bouhadiba - Ph.D. Defense 42 September 15th 20 15 / 45

Contents tel-00539648, version 1-24 Nov 20 Overview of 42 & Examples [GPCE07] 1 Introduction & Sources of Inspiration Components & Assemblies 2 Overview of 42 & Examples [GPCE07] Components & Assemblies Explicit Specification of Components (Contracts) 3 Hardware Simulation by Interpreting Contracts [COORD09] 4 Using 42 Together with Existing Approaches [EMSOFT09] 5 Some Related Work 6 Summary Bouhadiba - Ph.D. Defense 42 September 15th 20 16 / 45

Overview of 42 & Examples [GPCE07] Components & Assemblies 42 in a Nutshell: Basic Components tel-00539648, version 1-24 Nov 20 Input Data Ports id1 id2 id3 Input Control Ports ic2 ic1 M: internal memory oc2 oc1 Output Control Ports od1 od2 od3 Output Data Ports oc1:{a, b, c} oc2:{t, F} Bouhadiba - Ph.D. Defense 42 September 15th 20 17 / 45

Overview of 42 & Examples [GPCE07] Components & Assemblies 42 in a Nutshell: Basic Components tel-00539648, version 1-24 Nov 20 Input Data Ports id1 id2 id3 Input Control Ports ic2 ic1 atomic step M: internal memory oc2 oc1 Output Control Ports od1 od2 od3 Output Data Ports oc1:{a, b, c} oc2:{t, F} Atomic... f o r i c 1 do : { a := i d 1 ; b := i d 2 ; od1 := f ( a, b ) ; oc1 := ok ; M :=!M; }... Bouhadiba - Ph.D. Defense 42 September 15th 20 17 / 45

Overview of 42 & Examples [GPCE07] Components & Assemblies 42 in a Nutshell: Assembling Components tel-00539648, version 1-24 Nov 20 PROD report G FIFO CONS report report report Bouhadiba - Ph.D. Defense 42 September 15th 20 18 / 45

Overview of 42 & Examples [GPCE07] Components & Assemblies 42 in a Nutshell: Assembling Components tel-00539648, version 1-24 Nov 20 PROD report d w g w req w FIFO G report req r report d r CONS g r report Bouhadiba - Ph.D. Defense 42 September 15th 20 18 / 45

Overview of 42 & Examples [GPCE07] Components & Assemblies 42 in a Nutshell: Assembling Components tel-00539648, version 1-24 Nov 20 For each OP G the controller: G PROD report d w g w req w FIFO report req r report d r 0000000 1111111 controller 0000000 1111111 CONS g r report Bouhadiba - Ph.D. Defense 42 September 15th 20 18 / 45

Overview of 42 & Examples [GPCE07] Components & Assemblies 42 in a Nutshell: Assembling Components tel-00539648, version 1-24 Nov 20 For each OP G the controller: Activates PROD, CONS, FIFO through Reads their output control ports (report) PROD report d w g w req w FIFO report G report req r d r 0000000 1111111 controller 0000000 1111111 CONS g r report Bouhadiba - Ph.D. Defense 42 September 15th 20 18 / 45

Overview of 42 & Examples [GPCE07] Components & Assemblies 42 in a Nutshell: Assembling Components tel-00539648, version 1-24 Nov 20 For each OP G the controller: Activates PROD, CONS, FIFO through Reads their output control ports (report) Manages a temporary memory (reqr, dr,...) PROD report d w g w req w FIFO report G report req r d r 0000000 1111111 controller 0000000 1111111 CONS g r report Bouhadiba - Ph.D. Defense 42 September 15th 20 18 / 45

Overview of 42 & Examples [GPCE07] Components & Assemblies 42 in a Nutshell: Assembling Components tel-00539648, version 1-24 Nov 20 For each OP G the controller: Activates PROD, CONS, FIFO through Reads their output control ports (report) Manages a temporary memory (reqr, dr,...) Sets global output values PROD report d w g w req w FIFO report G report req r d r 0000000 1111111 controller 0000000 1111111 CONS g r report Bouhadiba - Ph.D. Defense 42 September 15th 20 18 / 45

Overview of 42 & Examples [GPCE07] Components & Assemblies 42 in a Nutshell: Assembling Components tel-00539648, version 1-24 Nov 20 C o n t r o l l e r i s { v a r M : b o o l ; f o r OP G do : { / d e f i n e s g. dw, dr, reqw,... : f i f o ( 1, i n t ) ; M := random ( ) ; i f (M) { PROD. ; reqw. put ; reqw. g e t ; FIFO. ; gw. put ; gw. g e t ; a := FIFO. r e p o r t ; / r e a d s oc. i f ( a==ok ){ / o u t p u t c o n t r o l PROD. ; dw. put ; dw. g e t ; FIFO. ; / a c t i v a t e s FIFO.... }... } e l s e { CONS. ; r e q r. put ; r e q r. g e t ; FIFO. ; g r. put ; g r. g e t ; a := FIFO. r e p o r t ;... } } } For each OP G the controller: Activates PROD, CONS, FIFO through Reads their output control ports (report) Manages a temporary memory (reqr, dr,...) Sets global output values PROD report d w g w req w FIFO report G report req r d r 0000000 1111111 controller 0000000 1111111 CONS g r report Bouhadiba - Ph.D. Defense 42 September 15th 20 18 / 45

Overview of 42 & Examples [GPCE07] Components & Assemblies 42 in a Nutshell: Assembling Components tel-00539648, version 1-24 Nov 20 C o n t r o l l e r i s { v a r M : b o o l ; f o r OP G do : { / d e f i n e s g. dw, dr, reqw,... : f i f o ( 1, i n t ) ; M := random ( ) ; i f (M) { PROD. ; reqw. put ; reqw. g e t ; FIFO. ; gw. put ; gw. g e t ; a := FIFO. r e p o r t ; / r e a d s oc. i f ( a==ok ){ / o u t p u t c o n t r o l PROD. ; dw. put ; dw. g e t ; FIFO. ; / a c t i v a t e s FIFO.... }... } e l s e { CONS. ; r e q r. put ; r e q r. g e t ; FIFO. ; g r. put ; g r. g e t ; a := FIFO. r e p o r t ;... } } } For each OP G the controller: Activates PROD, CONS, FIFO through Reads their output control ports (report) Manages a temporary memory (reqr, dr,...) Sets global output values PROD report d w g w req w FIFO report G report req r d r 0000000 1111111 controller 0000000 1111111 CONS g r report Bouhadiba - Ph.D. Defense 42 September 15th 20 18 / 45

Overview of 42 & Examples [GPCE07] Components & Assemblies 42 in a Nutshell: Assembling Components tel-00539648, version 1-24 Nov 20 C o n t r o l l e r i s { v a r M : b o o l ; f o r OP G do : { / d e f i n e s g. dw, dr, reqw,... : f i f o ( 1, i n t ) ; M := random ( ) ; i f (M) { PROD. ; reqw. put ; reqw. g e t ; FIFO. ; gw. put ; gw. g e t ; a := FIFO. r e p o r t ; / r e a d s oc. i f ( a==ok ){ / o u t p u t c o n t r o l PROD. ; dw. put ; dw. g e t ; FIFO. ; / a c t i v a t e s FIFO.... }... } e l s e { CONS. ; r e q r. put ; r e q r. g e t ; FIFO. ; g r. put ; g r. g e t ; a := FIFO. r e p o r t ;... } } } For each OP G the controller: Activates PROD, CONS, FIFO through Reads their output control ports (report) Manages a temporary memory (reqr, dr,...) Sets global output values PROD report d w g w req w FIFO report G report req r d r 0000000 1111111 controller 0000000 1111111 CONS g r report Bouhadiba - Ph.D. Defense 42 September 15th 20 18 / 45

Overview of 42 & Examples [GPCE07] Components & Assemblies 42 in a Nutshell: Assembling Components tel-00539648, version 1-24 Nov 20 C o n t r o l l e r i s { v a r M : b o o l ; f o r OP G do : { / d e f i n e s g. dw, dr, reqw,... : f i f o ( 1, i n t ) ; M := random ( ) ; i f (M) { PROD. ; reqw. put ; reqw. g e t ; FIFO. ; gw. put ; gw. g e t ; a := FIFO. r e p o r t ; / r e a d s oc. i f ( a==ok ){ / o u t p u t c o n t r o l PROD. ; dw. put ; dw. g e t ; FIFO. ; / a c t i v a t e s FIFO.... }... } e l s e { CONS. ; r e q r. put ; r e q r. g e t ; FIFO. ; g r. put ; g r. g e t ; a := FIFO. r e p o r t ;... } } } For each OP G the controller: Activates PROD, CONS, FIFO through Reads their output control ports (report) Manages a temporary memory (reqr, dr,...) Sets global output values PROD report d w g w req w FIFO report G report req r d r 0000000 1111111 controller 0000000 1111111 CONS g r report Bouhadiba - Ph.D. Defense 42 September 15th 20 18 / 45

Overview of 42 & Examples [GPCE07] Components & Assemblies Summary of 42 Basics tel-00539648, version 1-24 Nov 20 Summary of 42 Hierarchical model = modeling heterogeneity in the same spirit as Ptolemy Controllers are expressed as programs identification of the basic primitives for describing MoCCs Separation of control/data to enforce the FAMAPASAP more details later Bouhadiba - Ph.D. Defense 42 September 15th 20 19 / 45

Input Data Ports Overview of 42 & Examples [GPCE07] Explicit Specification of Components (Contracts) Control Contracts for 42 Components tel-00539648, version 1-24 Nov 20 id1 id2 id3 c0 Input Control Ports ic2 ic1 atomic step internal memory oc2 oc1 Output Control Ports c1 od1 od2 od3 Output Data Ports oc1:{a, b, c} oc2:{t, F} c2 Bouhadiba - Ph.D. Defense 42 September 15th 20 20 / 45

Input Data Ports Overview of 42 & Examples [GPCE07] Explicit Specification of Components (Contracts) Control Contracts for 42 Components tel-00539648, version 1-24 Nov 20 id1 id2 id3 ic1 c0 Input Control Ports ic2 ic1 atomic step internal memory oc2 oc1 Output Control Ports ic2 ic1 c1 od1 od2 od3 Output Data Ports oc1:{a, b, c} oc2:{t, F} ic2 c2 Allowed activation sequences Bouhadiba - Ph.D. Defense 42 September 15th 20 20 / 45

Input Data Ports Overview of 42 & Examples [GPCE07] Explicit Specification of Components (Contracts) Control Contracts for 42 Components tel-00539648, version 1-24 Nov 20 id1 id2 id3 {id1} ic1 c0 Input Control Ports ic2 ic1 atomic step internal memory oc2 oc1 Output Control Ports {id1} ic1 {od2} {} ic2 c1 od1 od2 od3 {od2} Output Data Ports oc1:{a, b, c} oc2:{t, F} {id2} ic2 c2 Allowed activation sequences Data dependencies (Required, Provided) {od1; od3=l} Bouhadiba - Ph.D. Defense 42 September 15th 20 20 / 45

Input Data Ports Overview of 42 & Examples [GPCE07] Explicit Specification of Components (Contracts) Control Contracts for 42 Components tel-00539648, version 1-24 Nov 20 id1 id2 id3 Input Control Ports ic2 ic1 atomic step internal memory oc2 oc1 Output Control Ports {id1} ic1/α = oc2{od2} c0 {id1} ic1/α = oc2{od2} {} ic2 c1 od1 od2 od3 Output Data Ports oc1:{a, b, c} oc2:{t, F} {id2} ic2/β = oc1{od1; od3=l} c2 Allowed activation sequences Data dependencies (Required, Provided) Control information Bouhadiba - Ph.D. Defense 42 September 15th 20 20 / 45

Input Data Ports Overview of 42 & Examples [GPCE07] Explicit Specification of Components (Contracts) Control Contracts for 42 Components tel-00539648, version 1-24 Nov 20 id1 id2 id3 Input Control Ports ic2 ic1 atomic step internal memory oc2 oc1 Output Control Ports [α = T ]{id1} ic1/α = oc2{od2} {id1} ic1/α = oc2{od2} c0 {} ic2 c1 od1 od2 od3 Output Data Ports oc1:{a, b, c} oc2:{t, F} [α = F ]{id2} ic2/β = oc1{od1; od3=l} c2 Allowed activation sequences Data dependencies (Required, Provided) Control information Conditional activations. Bouhadiba - Ph.D. Defense 42 September 15th 20 20 / 45

Input Data Ports Overview of 42 & Examples [GPCE07] Explicit Specification of Components (Contracts) Control Contracts for 42 Components tel-00539648, version 1-24 Nov 20 id1 id2 id3 Input Control Ports ic2 ic1 atomic step internal memory oc2 oc1 Output Control Ports [α = T ]{id1} ic1/α = oc2{od2} {id1} ic1/α = oc2{od2} c0 c1 od1 od2 od3 Output Data Ports oc1:{a, b, c} oc2:{t, F} {} ic2 {if (β=a) then od2;} [α = F ]{id2} ic2/β = oc1{od1; od3=l} c2 Allowed activation sequences Data dependencies (Required, Provided) Control information Conditional activations. Conditional data dependencies. Bouhadiba - Ph.D. Defense 42 September 15th 20 20 / 45

Overview of 42 & Examples [GPCE07] What are 42 Contracts used for? tel-00539648, version 1-24 Nov 20 42 contracts (+ the Architecture Description Language) 00 00 11 00 11 00 11 00 11 11 PROD 00 11 report FIFO report Explicit Specification of Components (Contracts) controller 0000000 1111111 CONS report Bouhadiba - Ph.D. Defense 42 September 15th 20 21 / 45

Overview of 42 & Examples [GPCE07] What are 42 Contracts used for? tel-00539648, version 1-24 Nov 20 42 contracts (+ the Architecture Description Language) 00 00 11 00 11 00 11 00 11 11 PROD 00 11 report FIFO report Explicit Specification of Components (Contracts) controller 0000000 1111111 CONS report Bouhadiba - Ph.D. Defense 42 September 15th 20 21 / 45

Overview of 42 & Examples [GPCE07] What are 42 Contracts used for? tel-00539648, version 1-24 Nov 20 42 contracts (+ the Architecture Description Language) Testing controllers/components consistency 00 00 11 00 11 00 11 00 11 11 PROD 00 11 report FIFO report Explicit Specification of Components (Contracts) controller 0000000 1111111 CONS report Bouhadiba - Ph.D. Defense 42 September 15th 20 21 / 45

Overview of 42 & Examples [GPCE07] What are 42 Contracts used for? tel-00539648, version 1-24 Nov 20 42 contracts (+ the Architecture Description Language) Testing controllers/components consistency Contract Interpretation 00 00 11 00 11 00 11 00 11 11 PROD 00 11 report FIFO report Explicit Specification of Components (Contracts) controller 0000000 1111111 CONS report Bouhadiba - Ph.D. Defense 42 September 15th 20 21 / 45

Overview of 42 & Examples [GPCE07] What are 42 Contracts used for? tel-00539648, version 1-24 Nov 20 42 contracts (+ the Architecture Description Language) Testing controllers/components consistency Contract Interpretation 00 00 11 00 11 00 11 00 11 11 PROD 00 11 report FIFO report Explicit Specification of Components (Contracts) controller 0000000 1111111 CONS report Bouhadiba - Ph.D. Defense 42 September 15th 20 21 / 45

Overview of 42 & Examples [GPCE07] What are 42 Contracts used for? tel-00539648, version 1-24 Nov 20 42 contracts (+ the Architecture Description Language) Testing controllers/components consistency Contract Interpretation Testing component/contract consistency? 00 00 11 00 11 00 11 00 11 11 PROD 00 11 report FIFO report Explicit Specification of Components (Contracts) controller 0000000 1111111 CONS report Bouhadiba - Ph.D. Defense 42 September 15th 20 21 / 45?

Hardware Simulation by Interpreting Contracts [COORD09] Contents tel-00539648, version 1-24 Nov 20 1 Introduction & Sources of Inspiration 2 Overview of 42 & Examples [GPCE07] 3 Hardware Simulation by Interpreting Contracts [COORD09] Contract Interpretation Contract Interpretation for Hardware Simulation Executing Embedded Software on Hardware Models 4 Using 42 Together with Existing Approaches [EMSOFT09] 5 Some Related Work 6 Summary Bouhadiba - Ph.D. Defense 42 September 15th 20 22 / 45

Hardware Simulation by Interpreting Contracts [COORD09] Contract Interpretation Contract Interpretation: Principle tel-00539648, version 1-24 Nov 20 [α = n]{}/α = end{} ctrl Async {}{} {}/α = end{} b a1 a2 b1 b2 Contract A Contract B a A B {b}{} a3 end end [α = y]{}{a} {a}{} b3 {}{b} Bouhadiba - Ph.D. Defense 42 September 15th 20 23 / 45

Hardware Simulation by Interpreting Contracts [COORD09] Contract Interpretation Contract Interpretation: Principle tel-00539648, version 1-24 Nov 20 [α = n]{}/α = end{} ctrl Async {}{} {}/α = end{} b a1 a2 b1 b2 Contract A Contract B a A B {b}{} a3 a1 b1 available={} α = [α = y]{}{a} end end The controller maintains: {a}{} The current state of each contract The set of available data The values of the variables(α) b3 {}{b} Bouhadiba - Ph.D. Defense 42 September 15th 20 23 / 45

Hardware Simulation by Interpreting Contracts [COORD09] Contract Interpretation Contract Interpretation: Principle tel-00539648, version 1-24 Nov 20 [α = n]{}/α = end{} ctrl Async {}{} {}/α = end{} b a1 a2 b1 b2 Contract A Contract B a A B {b}{} a3 a1 b1 A. available={} α = A. B. a1 b2 available={} α = [α = y]{}{a} a2 b1 available={} α = y a2 b1 available={} α = n end end For each global activation : {a}{} b3 Depending on the available data it selects a component and activates it The set of available data is updated The output controls are given non-deterministic values {}{b} Bouhadiba - Ph.D. Defense 42 September 15th 20 23 / 45

Hardware Simulation by Interpreting Contracts [COORD09] Contract Interpretation Contract Interpretation: Principle tel-00539648, version 1-24 Nov 20 [α = n]{}/α = end{} ctrl Async {}{} {}/α = end{} b a1 a2 b1 b2 Contract A Contract B a A B {b}{} a3 a1 b1 A. available={} α = A. B. a1 b2 available={} α = B. a1 b3 available={b} α = [α = y]{}{a} a2 b1 A. available={} α = y A. A. a2 b1 available={} α = n a1 b3 A. available={a} α = end a3 b1 available={a} α = y B. end a3 b2 available={a} α = B. a3 b3 available={a, b} α = {a}{} b3 {}{b} Bouhadiba - Ph.D. Defense 42 September 15th 20 23 / 45

Hardware Simulation by Interpreting Contracts [COORD09] Contract Interpretation Contract Interpretation: Principle tel-00539648, version 1-24 Nov 20 [α = n]{}/α = end{} ctrl Async {}{} {}/α = end{} b a1 a2 b1 b2 Contract A Contract B a A B {b}{} a3 a1 b1 A. available={} α = A. B. a1 b2 available={} α = B. a1 b3 available={b} α = [α = y]{}{a} a2 b1 A. available={} α = y A. A. a2 b1 available={} α = n a1 b3 A. available={a} α = end end a3 b1 available={a} α = y B. Example execution path a3 b2 available={a} α = B. a3 b3 available={a, b} α = {a}{} b3 {}{b} Bouhadiba - Ph.D. Defense 42 September 15th 20 23 / 45

Hardware Simulation by Interpreting Contracts [COORD09] Contract Interpretation Contract Interpretation: Principle tel-00539648, version 1-24 Nov 20 [α = n]{}/α = end{} ctrl Async {}{} {}/α = end{} b a1 a2 b1 b2 Contract A Contract B a A B {b}{} a3 a1 b1 A. available={} α = A. B. a1 b2 available={} α = B. a1 b3 available={b} α = [α = y]{}{a} a2 b1 A. available={} α = y A. A. a2 b1 available={} α = n a1 b3 A. available={a} α = end end a3 b1 A. available={a} α = y B. Example execution path a3 b2 available={a} α = B. a3 b3 available={a, b} α = {a}{} b3 {}{b} Bouhadiba - Ph.D. Defense 42 September 15th 20 23 / 45

Hardware Simulation by Interpreting Contracts [COORD09] Contract Interpretation Contract Interpretation: Principle tel-00539648, version 1-24 Nov 20 [α = n]{}/α = end{} ctrl Async {}{} {}/α = end{} b a1 a2 b1 b2 Contract A Contract B a A B {b}{} a3 a1 b1 A. available={} α = A. B. a1 b2 available={} α = B. a1 b3 available={b} α = [α = y]{}{a} a2 b1 A. available={} α = y A. A. a2 b1 available={} α = n a1 b3 A. available={a} α = end end requires b X a3 b1 A. available={a} α = y B. Example execution path a3 b2 available={a} α = B. a3 b3 available={a, b} α = {a}{} b3 {}{b} Bouhadiba - Ph.D. Defense 42 September 15th 20 23 / 45

Hardware Simulation by Interpreting Contracts [COORD09] Contract Interpretation for Hardware Simulation Modeling Hardware with 42: Case Study tel-00539648, version 1-24 Nov 20 Embedded Software #d e f i n e width 240 #d e f i n e h e i g h t 240 #d e f i n e g r e e n 0x0000AABB... i n t main ( ) { w h i l e ( 1 ) { // w r i t i n g t h e g r e e n image / f o r ( i n t x =0; x<width h e i g h t ) write mem ( g r e e n ) ; w r i t e l c d (0 x, 0 x1 ) ; w a i t i n t e r r u p t ( ) ; // w r i t i n g t h e b l u e image / f o r ( i n t x =0; x<width h e i g h t ) write mem ( b l u e ) ; w r i t e l c d (0 x, 0 x1 ) ; w a i t i n t e r r u p t ( ) ; // w r i t i n g t h e r e d image / f o r ( i n t x =0; x<width h e i g h t ) write mem ( r e d ) ; w r i t e l c d (0 x, 0 x1 ) ; w a i t i n t e r r u p t ( ) ; } } CPU Interrupt LCD (display) address r/w status data address r/w status data BUS address r/w status data MEM Bouhadiba - Ph.D. Defense 42 September 15th 20 24 / 45

Hardware Simulation by Interpreting Contracts [COORD09] Contract Interpretation for Hardware Simulation Modeling Hardware with 42: Case Study tel-00539648, version 1-24 Nov 20 Embedded Software #d e f i n e width 240 #d e f i n e h e i g h t 240 #d e f i n e g r e e n 0x0000AABB... i n t main ( ) { w h i l e ( 1 ) { // w r i t i n g t h e g r e e n image / f o r ( i n t x =0; x<width h e i g h t ) write mem ( g r e e n ) ; w r i t e l c d (0 x, 0 x1 ) ; w a i t i n t e r r u p t ( ) ; // w r i t i n g t h e b l u e image / f o r ( i n t x =0; x<width h e i g h t ) write mem ( b l u e ) ; w r i t e l c d (0 x, 0 x1 ) ; w a i t i n t e r r u p t ( ) ; // w r i t i n g t h e r e d image / f o r ( i n t x =0; x<width h e i g h t ) write mem ( r e d ) ; w r i t e l c d (0 x, 0 x1 ) ; w a i t i n t e r r u p t ( ) ; } } CPU Interrupt LCD (display) address r/w status data address r/w status data BUS address r/w status data MEM Bouhadiba - Ph.D. Defense 42 September 15th 20 24 / 45

Hardware Simulation by Interpreting Contracts [COORD09] Contract Interpretation for Hardware Simulation Modeling Hardware with 42: Case Study tel-00539648, version 1-24 Nov 20 Embedded Software #d e f i n e width 240 #d e f i n e h e i g h t 240 #d e f i n e g r e e n 0x0000AABB... i n t main ( ) { w h i l e ( 1 ) { // w r i t i n g t h e g r e e n image / f o r ( i n t x =0; x<width h e i g h t ) write mem ( g r e e n ) ; w r i t e l c d (0 x, 0 x1 ) ; w a i t i n t e r r u p t ( ) ; // w r i t i n g t h e b l u e image / f o r ( i n t x =0; x<width h e i g h t ) write mem ( b l u e ) ; w r i t e l c d (0 x, 0 x1 ) ; w a i t i n t e r r u p t ( ) ; // w r i t i n g t h e r e d image / f o r ( i n t x =0; x<width h e i g h t ) write mem ( r e d ) ; w r i t e l c d (0 x, 0 x1 ) ; w a i t i n t e r r u p t ( ) ; } } CPU Interrupt LCD (display) address r/w status data address r/w status data BUS address r/w status data MEM Bouhadiba - Ph.D. Defense 42 September 15th 20 24 / 45

Hardware Simulation by Interpreting Contracts [COORD09] Contract Interpretation for Hardware Simulation Modeling Hardware with 42: Case Study tel-00539648, version 1-24 Nov 20 Embedded Software #d e f i n e width 240 #d e f i n e h e i g h t 240 #d e f i n e g r e e n 0x0000AABB... i n t main ( ) { w h i l e ( 1 ) { // w r i t i n g t h e g r e e n image / f o r ( i n t x =0; x<width h e i g h t ) write mem ( g r e e n ) ; w r i t e l c d (0 x, 0 x1 ) ; w a i t i n t e r r u p t ( ) ; // w r i t i n g t h e b l u e image / f o r ( i n t x =0; x<width h e i g h t ) write mem ( b l u e ) ; w r i t e l c d (0 x, 0 x1 ) ; w a i t i n t e r r u p t ( ) ; // w r i t i n g t h e r e d image / f o r ( i n t x =0; x<width h e i g h t ) write mem ( r e d ) ; w r i t e l c d (0 x, 0 x1 ) ; w a i t i n t e r r u p t ( ) ; } } CPU Interrupt LCD (display) address r/w status data address r/w status data BUS address r/w status data MEM Bouhadiba - Ph.D. Defense 42 September 15th 20 24 / 45

Hardware Simulation by Interpreting Contracts [COORD09] Contract Interpretation for Hardware Simulation Modeling Hardware with 42: Case Study tel-00539648, version 1-24 Nov 20 Embedded Software #d e f i n e width 240 #d e f i n e h e i g h t 240 #d e f i n e g r e e n 0x0000AABB... i n t main ( ) { w h i l e ( 1 ) { // w r i t i n g t h e g r e e n image / f o r ( i n t x =0; x<width h e i g h t ) write mem ( g r e e n ) ; w r i t e l c d (0 x, 0 x1 ) ; w a i t i n t e r r u p t ( ) ; // w r i t i n g t h e b l u e image / f o r ( i n t x =0; x<width h e i g h t ) write mem ( b l u e ) ; w r i t e l c d (0 x, 0 x1 ) ; w a i t i n t e r r u p t ( ) ; // w r i t i n g t h e r e d image / f o r ( i n t x =0; x<width h e i g h t ) write mem ( r e d ) ; w r i t e l c d (0 x, 0 x1 ) ; w a i t i n t e r r u p t ( ) ; } } CPU Interrupt LCD (display) address r/w status data address r/w status data BUS address r/w status data MEM Bouhadiba - Ph.D. Defense 42 September 15th 20 24 / 45

Hardware Simulation by Interpreting Contracts [COORD09] Contract Interpretation for Hardware Simulation Modeling Hardware with 42: Case Study tel-00539648, version 1-24 Nov 20 Embedded Software #d e f i n e width 240 #d e f i n e h e i g h t 240 #d e f i n e g r e e n 0x0000AABB... i n t main ( ) { w h i l e ( 1 ) { // w r i t i n g t h e g r e e n image / f o r ( i n t x =0; x<width h e i g h t ) write mem ( g r e e n ) ; w r i t e l c d (0 x, 0 x1 ) ; w a i t i n t e r r u p t ( ) ; // w r i t i n g t h e b l u e image / f o r ( i n t x =0; x<width h e i g h t ) write mem ( b l u e ) ; w r i t e l c d (0 x, 0 x1 ) ; w a i t i n t e r r u p t ( ) ; // w r i t i n g t h e r e d image / f o r ( i n t x =0; x<width h e i g h t ) write mem ( r e d ) ; w r i t e l c d (0 x, 0 x1 ) ; w a i t i n t e r r u p t ( ) ; } } CPU Interrupt LCD (display) address r/w status data address r/w status data BUS address r/w status data a b c d MEM Bouhadiba - Ph.D. Defense 42 September 15th 20 24 / 45

Hardware Simulation by Interpreting Contracts [COORD09] Contract Interpretation for Hardware Simulation Modeling Hardware with 42: Case Study tel-00539648, version 1-24 Nov 20 Embedded Software #d e f i n e width 240 #d e f i n e h e i g h t 240 #d e f i n e g r e e n 0x0000AABB... i n t main ( ) { w h i l e ( 1 ) { // w r i t i n g t h e g r e e n image / f o r ( i n t x =0; x<width h e i g h t ) write mem ( g r e e n ) ; w r i t e l c d (0 x, 0 x1 ) ; w a i t i n t e r r u p t ( ) ; // w r i t i n g t h e b l u e image / f o r ( i n t x =0; x<width h e i g h t ) write mem ( b l u e ) ; w r i t e l c d (0 x, 0 x1 ) ; w a i t i n t e r r u p t ( ) ; // w r i t i n g t h e r e d image / f o r ( i n t x =0; x<width h e i g h t ) write mem ( r e d ) ; w r i t e l c d (0 x, 0 x1 ) ; w a i t i n t e r r u p t ( ) ; } } a b c d ok CPU Interrupt LCD (display) address r/w status data address r/w status data BUS address r/w status data MEM Bouhadiba - Ph.D. Defense 42 September 15th 20 24 / 45

Hardware Simulation by Interpreting Contracts [COORD09] Contract Interpretation for Hardware Simulation Modeling Hardware with 42: Case Study tel-00539648, version 1-24 Nov 20 Embedded Software #d e f i n e width 240 #d e f i n e h e i g h t 240 #d e f i n e g r e e n 0x0000AABB... i n t main ( ) { w h i l e ( 1 ) { // w r i t i n g t h e g r e e n image / f o r ( i n t x =0; x<width h e i g h t ) write mem ( g r e e n ) ; w r i t e l c d (0 x, 0 x1 ) ; w a i t i n t e r r u p t ( ) ; // w r i t i n g t h e b l u e image / f o r ( i n t x =0; x<width h e i g h t ) write mem ( b l u e ) ; w r i t e l c d (0 x, 0 x1 ) ; w a i t i n t e r r u p t ( ) ; // w r i t i n g t h e r e d image / f o r ( i n t x =0; x<width h e i g h t ) write mem ( r e d ) ; w r i t e l c d (0 x, 0 x1 ) ; w a i t i n t e r r u p t ( ) ; } } a b c d ok CPU Interrupt LCD (display) ok address r/w status data address r/w status data BUS address r/w status data MEM Bouhadiba - Ph.D. Defense 42 September 15th 20 24 / 45

Hardware Simulation by Interpreting Contracts [COORD09] Contract Interpretation for Hardware Simulation Modeling Hardware with 42: Case Study tel-00539648, version 1-24 Nov 20 Embedded Software #d e f i n e width 240 #d e f i n e h e i g h t 240 #d e f i n e g r e e n 0x0000AABB... i n t main ( ) { w h i l e ( 1 ) { // w r i t i n g t h e g r e e n image / f o r ( i n t x =0; x<width h e i g h t ) write mem ( g r e e n ) ; w r i t e l c d (0 x, 0 x1 ) ; w a i t i n t e r r u p t ( ) ; // w r i t i n g t h e b l u e image / f o r ( i n t x =0; x<width h e i g h t ) write mem ( b l u e ) ; w r i t e l c d (0 x, 0 x1 ) ; w a i t i n t e r r u p t ( ) ; // w r i t i n g t h e r e d image / f o r ( i n t x =0; x<width h e i g h t ) write mem ( r e d ) ; w r i t e l c d (0 x, 0 x1 ) ; // w await i t i ninterrupt() t e r r u p t ( ); ; } } Interrupt status data address r/w LCD (display) status data X a b c d bug (Synchronization) ok CPU ok address r/w status data BUS address r/w MEM Bouhadiba - Ph.D. Defense 42 September 15th 20 24 / 45

Hardware Simulation by Interpreting Contracts [COORD09] Contract Interpretation for Hardware Simulation Modeling Hardware with 42: Case Study tel-00539648, version 1-24 Nov 20 Embedded Software #d e f i n e width 240 #d e f i n e h e i g h t 240 #d e f i n e g r e e n 0x0000AABB... i n t main ( ) { w h i l e ( 1 ) { // w r i t i n g t h e g r e e n image / f o r ( i n t x =0; x<width h e i g h t ) write mem ( g r e e n ) ; w r i t e l c d (0 x, 0 x1 ) ; w a i t i n t e r r u p t ( ) ; // w r i t i n g t h e b l u e image / f o r ( i n t x =0; x<width h e i g h t ) write mem ( b l u e ) ; w r i t e l c d (0 x, 0 x1 ) ; w a i t i n t e r r u p t ( ) ; // w r i t i n g t h e r e d image / f o r ( i n t x =0; x<width h e i g h t ) write mem ( r e d ) ; w r i t e l c d (0 x, 0 x1 ) ; // w await i t i ninterrupt() t e r r u p t ( ); ; } } ok CPU Interrupt LCD (display) ok address r/w status data address r/w status data BUS address r/w status data X a b c d bug (Synchronization) Xbug (Data) MEM Bouhadiba - Ph.D. Defense 42 September 15th 20 24 / 45

Hardware Simulation by Interpreting Contracts [COORD09] Contract Interpretation for Hardware Simulation Modeling Hardware with 42: The 42 Model tel-00539648, version 1-24 Nov 20 CPU resp C acd C report report intr acd L LCD report target resp LT resp L acd LT 00 11 00 11 00 11 BUS acd M 00 11 00 11 00 11 resp M Contract Interpreter MEM Bouhadiba - Ph.D. Defense 42 September 15th 20 25 / 45

Hardware Simulation by Interpreting Contracts [COORD09] Contract Interpretation for Hardware Simulation Modeling Hardware with 42: The contracts (CPU) tel-00539648, version 1-24 Nov 20 {respc}/α=report{} [α =LT]{}{acdC; target=l} {intr=t}{} {intr=t}{} c3 {resp C }/α=report; report =IT{} c3 {resp C }/α=report; report =IT{} c4 {intr=t}{} c4 {}/α=report{} {intr=t}{} c1 {intr=t}{} c1 {}/α=report{} c0 [α=mt]{}{acd C ; target=m} [α=mt]{}{acd C ; target=m} c2 {intr=t}{} c2 {intr=t}{} The contract of the CPU is in fact the contract of (CPU + Software) {respc}/α=report{} [α=lt]{}{acdc; target=l} Bouhadiba - Ph.D. Defense 42 September 15th 20 26 / 45

Hardware Simulation by Interpreting Contracts [COORD09] Contract Interpretation for Hardware Simulation Modeling Hardware with 42: The contracts (CPU) tel-00539648, version 1-24 Nov 20 {respc}/α=report{} [α =LT]{}{acdC; target=l} {intr=t}{} {intr=t}{} c3 {resp C }/α=report; report =IT{} c3 {resp C }/α=report; report =IT{} c4 {intr=t}{} c4 {}/α=report{} {intr=t}{} c1 {intr=t}{} c1 {}/α=report{} c0 [α=mt]{}{acd C ; target=m} [α=mt]{}{acd C ; target=m} c2 {intr=t}{} c2 {intr=t}{} The contract of the CPU is in fact the contract of (CPU + Software) {respc}/α=report{} [α=lt]{}{acdc; target=l} Bouhadiba - Ph.D. Defense 42 September 15th 20 26 / 45

Hardware Simulation by Interpreting Contracts [COORD09] Contract Interpretation for Hardware Simulation Modeling Hardware with 42: The contracts (CPU) tel-00539648, version 1-24 Nov 20 {respc}/α=report{} [α =LT]{}{acdC; target=l} {intr=t}{} {intr=t}{} c3 {resp C }/α=report; report =IT{} c3 {resp C }/α=report; report =IT{} c4 {intr=t}{} c4 {}/α=report{} {intr=t}{} c1 {intr=t}{} c1 {}/α=report{} c0 [α=mt]{}{acd C ; target=m} [α=mt]{}{acd C ; target=m} c2 {intr=t}{} c2 {intr=t}{} The contract of the CPU is in fact the contract of (CPU + Software) {respc}/α=report{} [α=lt]{}{acdc; target=l} Bouhadiba - Ph.D. Defense 42 September 15th 20 26 / 45

Hardware Simulation by Interpreting Contracts [COORD09] Contract Interpretation for Hardware Simulation Modeling Hardware with 42: The contracts (CPU) tel-00539648, version 1-24 Nov 20 {respc}/α=report{} [α =LT]{}{acdC; target=l} {intr=t}{} {intr=t}{} c3 {resp C }/α=report; report =IT{} c3 {resp C }/α=report; report =IT{} c4 {intr=t}{} c4 {}/α=report{} {intr=t}{} c1 {intr=t}{} c1 {}/α=report{} c0 [α=mt]{}{acd C ; target=m} [α=mt]{}{acd C ; target=m} c2 {intr=t}{} c2 {intr=t}{} The contract of the CPU is in fact the contract of (CPU + Software) {respc}/α=report{} [α=lt]{}{acdc; target=l} Bouhadiba - Ph.D. Defense 42 September 15th 20 26 / 45

Hardware Simulation by Interpreting Contracts [COORD09] Contract Interpretation for Hardware Simulation Modeling Hardware with 42: The contracts (CPU) tel-00539648, version 1-24 Nov 20 {respc}/α=report{} [α =LT]{}{acdC; target=l} {intr=t}{} {intr=t}{} c3 {resp C }/α=report; report =IT{} c3 {resp C }/α=report; report =IT{} c4 {intr=t}{} c4 {}/α=report{} {intr=t}{} c1 {intr=t}{} c1 {}/α=report{} c0 [α=mt]{}{acd C ; target=m} [α=mt]{}{acd C ; target=m} c2 {intr=t}{} c2 {intr=t}{} The contract of the CPU is in fact the contract of (CPU + Software) {respc}/α=report{} [α=lt]{}{acdc; target=l} Bouhadiba - Ph.D. Defense 42 September 15th 20 26 / 45

Hardware Simulation by Interpreting Contracts [COORD09] Contract Interpretation for Hardware Simulation Detecting Synchronization Bugs by Executing Contracts tel-00539648, version 1-24 Nov 20 If the software doesn t wait for the interrupt = We don t have the software yet. We execute only the contracts. Synchronization Bug: The contract doesn t wait for interrupts Detection: Deadlock during contract interpretation Bouhadiba - Ph.D. Defense 42 September 15th 20 27 / 45

Hardware Simulation by Interpreting Contracts [COORD09] Executing Embedded Software on Hardware Models Detecting SW Bugs by Executing the SW Against the Contract tel-00539648, version 1-24 Nov 20 a int main(){ while (true){ int x =... while(x>0){ x - -;... b write mem(adr, data);... d write lcd(adr2, data2);... } e f } wait interrupt(); if(y!=0) write mem(adr, data)... software wrapper controller report 00000000 11111111 00000000 11111111 00000000 11111111 soft.o 00000000 11111111 00000000 11111111 00000000 11111111 00000000 11111111 controller CPU (wrapper) report {intr=t}{} acd c4 c4 {}/α=report{} target {resp C }/α=report{} [α =LT]{}{acd C ; target=l} c3 c1 c2 c0 {intr=t}{} {resp C }/α=report; report2=it{} {resp C }/α=report; report2=it{} {intr=t}{} {}/α=report{} [α=mt]{}{acd C ; target=m} [α=mt]{}{acd C ; target=m} {intr=t}{} {intr=t}{} c3 {intr=t}{} c1 c2 {intr=t}{} Bouhadiba - Ph.D. Defense 42 September 15th 20 28 / 45 {resp C }/α=report{} [α=lt]{}{acd C ; target=l}

Hardware Simulation by Interpreting Contracts [COORD09] Executing Embedded Software on Hardware Models Detecting SW Bugs by Executing the SW Against the Contract tel-00539648, version 1-24 Nov 20 a int main(){ while (true){ int x =... while(x>0){ x - -;... b write mem(adr, data);... d write lcd(adr2, data2);... } e f } wait interrupt(); if(y!=0) write mem(adr, data)... software wrapper controller report 00000000 11111111 00000000 11111111 00000000 11111111 soft.o 00000000 11111111 00000000 11111111 00000000 11111111 00000000 11111111 controller CPU (wrapper) report cpu. {intr=t}{} acd c4 c4 {}/α=report{} target {resp C }/α=report{} [α =LT]{}{acd C ; target=l} c3 c1 c2 c0 {intr=t}{} {resp C }/α=report; report2=it{} {resp C }/α=report; report2=it{} {intr=t}{} {}/α=report{} [α=mt]{}{acd C ; target=m} [α=mt]{}{acd C ; target=m} {intr=t}{} {intr=t}{} c3 {intr=t}{} c1 c2 {intr=t}{} Bouhadiba - Ph.D. Defense 42 September 15th 20 28 / 45 {resp C }/α=report{} [α=lt]{}{acd C ; target=l}

Hardware Simulation by Interpreting Contracts [COORD09] Executing Embedded Software on Hardware Models Detecting SW Bugs by Executing the SW Against the Contract tel-00539648, version 1-24 Nov 20 a int main(){ while (true){ int x =... while(x>0){ x - -;... b write mem(adr, data);... d write lcd(adr2, data2);... } e f } wait interrupt(); if(y!=0) write mem(adr, data)... software wrapper controller report 00000000 11111111 00000000 11111111 00000000 11111111 soft.o 00000000 11111111 00000000 11111111 00000000 11111111 00000000 11111111 controller CPU (wrapper) report activates SW cpu. {intr=t}{} acd c4 c4 {}/α=report{} target {resp C }/α=report{} [α =LT]{}{acd C ; target=l} c3 c1 c2 c0 {intr=t}{} {resp C }/α=report; report2=it{} {resp C }/α=report; report2=it{} {intr=t}{} {}/α=report{} [α=mt]{}{acd C ; target=m} [α=mt]{}{acd C ; target=m} {intr=t}{} {intr=t}{} c3 {intr=t}{} c1 c2 {intr=t}{} Bouhadiba - Ph.D. Defense 42 September 15th 20 28 / 45 {resp C }/α=report{} [α=lt]{}{acd C ; target=l}

Hardware Simulation by Interpreting Contracts [COORD09] Executing Embedded Software on Hardware Models Detecting SW Bugs by Executing the SW Against the Contract tel-00539648, version 1-24 Nov 20 atomic a int main(){ while (true){ int x =... while(x>0){ x - -;... b write mem(adr, data);... d write lcd(adr2, data2);... } e f } wait interrupt(); if(y!=0) write mem(adr, data)... software wrapper controller report wait_interrupt() 00000000 11111111 00000000 11111111 00000000 11111111 soft.o 00000000 11111111 00000000 11111111 00000000 11111111 00000000 11111111 controller CPU (wrapper) report activates SW cpu. {intr=t}{} acd c4 c4 {}/α=report{} target {resp C }/α=report{} [α =LT]{}{acd C ; target=l} c3 c1 c2 c0 {intr=t}{} {resp C }/α=report; report2=it{} {resp C }/α=report; report2=it{} {intr=t}{} {}/α=report{} [α=mt]{}{acd C ; target=m} [α=mt]{}{acd C ; target=m} {intr=t}{} {intr=t}{} c3 {intr=t}{} c1 c2 {intr=t}{} Bouhadiba - Ph.D. Defense 42 September 15th 20 28 / 45 {resp C }/α=report{} [α=lt]{}{acd C ; target=l}

Hardware Simulation by Interpreting Contracts [COORD09] Executing Embedded Software on Hardware Models Detecting SW Bugs by Executing the SW Against the Contract tel-00539648, version 1-24 Nov 20 atomic a int main(){ while (true){ int x =... while(x>0){ x - -;... b write mem(adr, data);... d write lcd(adr2, data2);... } e f } wait interrupt(); if(y!=0) write mem(adr, data)... software wrapper controller report wait_interrupt() 00000000 11111111 00000000 11111111 00000000 11111111 soft.o 00000000 11111111 00000000 11111111 00000000 11111111 00000000 11111111 controller CPU (wrapper) report activates SW cpu. Reports on SW activity {intr=t}{} acd c4 c4 {}/α=report{} target {resp C }/α=report{} [α =LT]{}{acd C ; target=l} c3 c1 c2 c0 {intr=t}{} {resp C }/α=report; report2=it{} {resp C }/α=report; report2=it{} {intr=t}{} {}/α=report{} [α=mt]{}{acd C ; target=m} [α=mt]{}{acd C ; target=m} {intr=t}{} {intr=t}{} c3 {intr=t}{} c1 c2 {intr=t}{} Bouhadiba - Ph.D. Defense 42 September 15th 20 28 / 45 {resp C }/α=report{} [α=lt]{}{acd C ; target=l}

Hardware Simulation by Interpreting Contracts [COORD09] Executing Embedded Software on Hardware Models Detecting SW Bugs by Executing the SW Against the Contract tel-00539648, version 1-24 Nov 20 atomic a int main(){ while (true){ int x =... while(x>0){ x - -;... b write mem(adr, data);... d write lcd(adr2, data2);... } e f } wait interrupt(); if(y!=0) write mem(adr, data)... software wrapper controller report wait_interrupt() 00000000 11111111 00000000 11111111 00000000 11111111 soft.o 00000000 00000000 00000000 11111111 11111111 11111111 c4 00000000 11111111 controller {...}/...report = IT CPU (wrapper) report activates SW cpu. Reports on SW activity {intr=t}{} acd c4 c4 {}/α=report{} target {resp C }/α=report{} [α =LT]{}{acd C ; target=l} c3 c1 c2 c0 {intr=t}{} {resp C }/α=report; report2=it{} {resp C }/α=report; report2=it{} {intr=t}{} {}/α=report{} [α=mt]{}{acd C ; target=m} [α=mt]{}{acd C ; target=m} {intr=t}{} {intr=t}{} c3 {intr=t}{} c1 c2 {intr=t}{} Bouhadiba - Ph.D. Defense 42 September 15th 20 28 / 45 {resp C }/α=report{} [α=lt]{}{acd C ; target=l}

Hardware Simulation by Interpreting Contracts [COORD09] Summary tel-00539648, version 1-24 Nov 20 Executing Embedded Software on Hardware Models Contracts are non-deterministic abstractions of the behavior of components and allow for early execution Contract execution detects synchronization bugs Executing contract together with implementation allows to check their consistency Bouhadiba - Ph.D. Defense 42 September 15th 20 29 / 45

Using 42 Together with Existing Approaches [EMSOFT09] Contents tel-00539648, version 1-24 Nov 20 1 Introduction & Sources of Inspiration 2 Overview of 42 & Examples [GPCE07] 3 Hardware Simulation by Interpreting Contracts [COORD09] 4 Using 42 Together with Existing Approaches [EMSOFT09] TLM with SystemC 42-ization of SystemC/TLM Typical Uses of 42 Contracts with SystemC-TLM 5 Some Related Work 6 Summary Bouhadiba - Ph.D. Defense 42 September 15th 20 30 / 45

Using 42 Together with Existing Approaches [EMSOFT09] Motivation tel-00539648, version 1-24 Nov 20 TLM = Transaction-Level Modeling + Widely used + Powerful (large systems, heterogeneous models,...) + Intrinsically component-based Very informal, models are mixed with the simulation mechanics Motivation Prose a clear definition of TLM components Simplify the simulation Focus on Control Flow and Synchronizations Find bugs earlier Bouhadiba - Ph.D. Defense 42 September 15th 20 31 / 45

Using 42 Together with Existing Approaches [EMSOFT09] TLM in practice (SystemC) tel-00539648, version 1-24 Nov 20 T3 modulex T2 irq write read DMA T1 Bus write TLM with SystemC Memory read write Threads Functions Bouhadiba - Ph.D. Defense 42 September 15th 20 32 / 45

Using 42 Together with Existing Approaches [EMSOFT09] TLM in practice (SystemC) tel-00539648, version 1-24 Nov 20 T3 Some Guidelines: modulex T2 irq write read DMA T1 Bus write TLM with SystemC Memory read write Threads Functions Bouhadiba - Ph.D. Defense 42 September 15th 20 32 / 45

Using 42 Together with Existing Approaches [EMSOFT09] TLM in practice (SystemC) tel-00539648, version 1-24 Nov 20 T3 modulex T2 irq write read Some Guidelines: Inside a module: Shared variables Events (wait, notify) DMA e1 T1 Bus write TLM with SystemC Memory read write Threads Functions Bouhadiba - Ph.D. Defense 42 September 15th 20 32 / 45

Using 42 Together with Existing Approaches [EMSOFT09] TLM in practice (SystemC) tel-00539648, version 1-24 Nov 20 T3 modulex T2 irq DMA e1 T1 write read Bus Some Guidelines: Inside a module: Shared variables Events (wait, notify) Between modules: Function calls through ports... write TLM with SystemC Memory read write Threads Functions Bouhadiba - Ph.D. Defense 42 September 15th 20 32 / 45

Using 42 Together with Existing Approaches [EMSOFT09] TLM in practice (SystemC) tel-00539648, version 1-24 Nov 20 T3 modulex T2 irq write read Some Guidelines: Inside a module: Shared variables Events (wait, notify) Between modules: DMA e1 T1 Bus Function calls through ports... write TLM with SystemC Memory read write Threads Functions A non-preemptive scheduler manages the execution of threads Bouhadiba - Ph.D. Defense 42 September 15th 20 32 / 45

Using 42 Together with Existing Approaches [EMSOFT09] TLM in practice (SystemC) tel-00539648, version 1-24 Nov 20 T3 modulex T2 irq DMA e1 T1 write read Bus Some Guidelines: Inside a module: Shared variables Events (wait, notify) Between modules: Function calls through ports... write TLM with SystemC Memory modulex : : T2(){ w h i l e ( t r u e ){ x = 4 2 ; w h i l e ( x > 0){ y = p. r e a d ( addrm + x )ˆ0 xff ; p. w r i t e ( addrm, x ) ; } p. w r i t e ( addrd+0x0, addrm ) ; p. w r i t e ( addrd+0x1, 4 2 ) ; p. w r i t e ( addrd+0x4, 0 x ) ; w a i t ( e0 ) ;... e2. n o t i f y ( ) ; }... } read write modulex : : i r q ( i n t n){... Threads Functions A non-preemptive e0. n o t i f y ( ) ; scheduler manages the execution... w a i t ( e2 ) ; of threads } Example Implementation of modulex Bouhadiba - Ph.D. Defense 42 September 15th 20 32 / 45

Using 42 Together with Existing Approaches [EMSOFT09] Structural Correspondence tel-00539648, version 1-24 Nov 20 module1::t1(){ while(true){ x++;...; p2.f2(x);...; wait(e1);...; } }... module2::f2(int x){...; y = x * 42;...; notify(e2);...;...; } }... 42-ization of SystemC/TLM p2 module1 T1 f1 p1 module2 T2 f2 p1 p2 Bouhadiba - Ph.D. Defense 42 September 15th 20 33 / 45

Using 42 Together with Existing Approaches [EMSOFT09] Structural Correspondence tel-00539648, version 1-24 Nov 20 module1::t1(){ while(true){ x++;...; p2.f2(x);...; wait(e1);...; } }... ctrl main callf1 ctrl module f1 callf1 endf1 module1 n e1 module2::f2(int x){...; y = x * 42;...; notify(e2);...;...; } }... contf2 T1 contf2 f2 C endf1 f2 C resp enq f2d f1d 42-ization of SystemC/TLM f2 p2 module1 T1 callf2 ctrl module callf2 e2 f1 p1 endf2 module2 endf2 f1 C e3 module2 T2 f2 p1 p2 T2 f1 C Bouhadiba - Ph.D. Defense 42 September 15th 20 33 / 45

Using 42 Together with Existing Approaches [EMSOFT09] Structural Correspondence tel-00539648, version 1-24 Nov 20 42-ization of SystemC/TLM module1::t1(){ module2::f2(int x){ module1 module2 while(true){...; An activation of the main component witht1op x++; y = x * 42; f1 corresponds T2 f2 to what...; happens in the...; SystemC-TLMp2 model p1 when p1 the p2 p2.f2(x); notify(e2); scheduler elects a new thread to execute....;...; wait(e1);...;...; } } } }...... ctrl main callf1 ctrl module f1 callf1 endf1 module1 n e1 contf2 T1 contf2 f2 C endf1 f2 C resp enq f2d f1d ctrl module callf2 f2 callf2 e2 endf2 module2 endf2 f1 C e3 T2 f1 C Bouhadiba - Ph.D. Defense 42 September 15th 20 33 / 45

Using 42 Together with Existing Approaches [EMSOFT09] Structural Correspondence tel-00539648, version 1-24 Nov 20 module1::t1(){ while(true){ x++;...; p2.f2(x);...; wait(e1);...; } }... ctrl main callf1 ctrl module f1 callf1 endf1 module1 n e1 module2::f2(int x){...; y = x * 42;...; notify(e2);...;...; } }... contf2 T1 contf2 f2 C endf1 f2 C resp enq f2d f1d 42-ization of SystemC/TLM f2 p2 module1 T1 callf2 ctrl module callf2 e2 f1 p1 endf2 module2 endf2 f1 C e3 module2 T2 f2 p1 p2 T2 f1 C Bouhadiba - Ph.D. Defense 42 September 15th 20 33 / 45

Using 42 Together with Existing Approaches [EMSOFT09] Structural Correspondence tel-00539648, version 1-24 Nov 20 module1::t1(){ while(true){ x++;...; p2.f2(x);...; wait(e1);...; } }... ctrl main callf1 ctrl module f1 callf1 endf1 module1 n e1 module2::f2(int x){...; y = x * 42;...; notify(e2);...;...; } }... contf2 T1 contf2 f2 C endf1 f2 C resp enq f2d f1d 42-ization of SystemC/TLM f2 p2 module1 T1 callf2 ctrl module callf2 e2 f1 p1 endf2 module2 endf2 f1 C e3 module2 T2 f2 p1 p2 T2 f1 C Bouhadiba - Ph.D. Defense 42 September 15th 20 33 / 45

Using 42 Together with Existing Approaches [EMSOFT09] Structural Correspondence tel-00539648, version 1-24 Nov 20 module1::t1(){ while(true){ x++;...; p2.f2(x);...; wait(e1);...; } }... ctrl main callf1 ctrl module f1 callf1 endf1 module1 n e1 module2::f2(int x){...; y = x * 42;...; notify(e2);...;...; } }... contf2 T1 contf2 f2 C endf1 f2 C resp enq f2d f1d 42-ization of SystemC/TLM f2 p2 module1 T1 callf2 ctrl module callf2 e2 f1 p1 endf2 module2 endf2 f1 C e3 module2 T2 f2 p1 p2 T2 f1 C Bouhadiba - Ph.D. Defense 42 September 15th 20 33 / 45

Using 42 Together with Existing Approaches [EMSOFT09] Structural Correspondence tel-00539648, version 1-24 Nov 20 module1::t1(){ while(true){ x++;...; p2.f2(x);...; wait(e1);...; } }... ctrl main callf1 ctrl module f1 callf1 endf1 module1 n e1 module2::f2(int x){...; y = x * 42;...; notify(e2);...;...; } }... contf2 T1 contf2 f2 C endf1 f2 C resp enq f2d f1d 42-ization of SystemC/TLM f2 p2 module1 T1 callf2 ctrl module callf2 e2 f1 p1 endf2 module2 endf2 f1 C e3 module2 T2 f2 p1 p2 T2 f1 C Bouhadiba - Ph.D. Defense 42 September 15th 20 33 / 45

Using 42 Together with Existing Approaches [EMSOFT09] Structural Correspondence tel-00539648, version 1-24 Nov 20 module1::t1(){ while(true){ x++;...; p2.f2(x);...; wait(e1);...; } }... ctrl main callf1 ctrl module f1 callf1 endf1 module1 n e1 module2::f2(int x){...; y = x * 42;...; notify(e2);...;...; } }... contf2 T1 contf2 f2 C endf1 f2 C resp enq f2d f1d 42-ization of SystemC/TLM f2 p2 module1 T1 callf2 ctrl module callf2 e2 f1 p1 endf2 module2 endf2 f1 C e3 module2 T2 f2 p1 p2 T2 f1 C Bouhadiba - Ph.D. Defense 42 September 15th 20 33 / 45

Using 42 Together with Existing Approaches [EMSOFT09] Structural Correspondence tel-00539648, version 1-24 Nov 20 module1::t1(){ while(true){ x++;...; p2.f2(x);...; wait(e1);...; } }... ctrl main callf1 ctrl module f1 callf1 endf1 module1 n e1 module2::f2(int x){...; y = x * 42;...; notify(e2);...;...; } }... contf2 T1 contf2 f2 C endf1 f2 C resp enq f2d f1d 42-ization of SystemC/TLM f2 p2 module1 T1 callf2 ctrl module callf2 e2 f1 p1 endf2 module2 endf2 f1 C e3 module2 T2 f2 p1 p2 T2 f1 C Bouhadiba - Ph.D. Defense 42 September 15th 20 33 / 45

Using 42 Together with Existing Approaches [EMSOFT09] Structural Correspondence tel-00539648, version 1-24 Nov 20 module1::t1(){ while(true){ x++;...; p2.f2(x);...; wait(e1);...; } }... ctrl main callf1 ctrl module f1 callf1 endf1 module1 n e1 module2::f2(int x){...; y = x * 42;...; notify(e2);...;...; } }... contf2 T1 contf2 f2 C endf1 f2 C resp enq f2d f1d 42-ization of SystemC/TLM f2 p2 module1 T1 callf2 ctrl module callf2 e2 f1 p1 endf2 module2 endf2 f1 C e3 module2 T2 f2 p1 p2 T2 f1 C Bouhadiba - Ph.D. Defense 42 September 15th 20 33 / 45

Using 42 Together with Existing Approaches [EMSOFT09] Structural Correspondence tel-00539648, version 1-24 Nov 20 module1::t1(){ while(true){ x++;...; p2.f2(x);...; wait(e1);...; } }... ctrl main callf1 ctrl module f1 callf1 endf1 module1 n e1 module2::f2(int x){...; y = x * 42;...; notify(e2);...;...; } }... contf2 T1 contf2 f2 C endf1 f2 C resp enq f2d f1d 42-ization of SystemC/TLM f2 p2 module1 T1 callf2 ctrl module callf2 e2 f1 p1 endf2 module2 endf2 f1 C e3 module2 T2 f2 p1 p2 T2 f1 C Bouhadiba - Ph.D. Defense 42 September 15th 20 33 / 45

Using 42 Together with Existing Approaches [EMSOFT09] Structural Correspondence tel-00539648, version 1-24 Nov 20 42-ization of SystemC/TLM module1::t1(){ module2::f2(int x){ module1 module2 while(true){...; An activation of the main component witht1op x++; y = x * 42; f1 corresponds T2 f2 to what...; happens in the...; SystemC-TLMp2 model p1 when p1 the p2 p2.f2(x); notify(e2); scheduler elects a new thread to execute....;...; wait(e1);...;...; } } } }...... ++ The 42 model behaves like the SystemC one ctrl main callf1 n contf2 - - But is less efficient ctrl module callf1 contf2 We use 42 control contracts e1 f2d f1 T1 endf1 module1 f2 C endf1 f2 C resp enq f1d ctrl module callf2 We will not re-write SystemC in 42 f2 callf2 e2 endf2 module2 endf2 f1 C e3 T2 f1 C Bouhadiba - Ph.D. Defense 42 September 15th 20 33 / 45

Using 42 Together with Existing Approaches [EMSOFT09] 42-ization of SystemC/TLM Extracting Control Contracts From SC-TLM Code tel-00539648, version 1-24 Nov 20 a a while ( true ){ x++; e3. n o t i f y ( ) ; e4. n o t i f y ( ) ; b w a i t ( e1 ) ; i f ( x < 42){ c p. f ( x ) ; d p. g ( x ) ; } y=x +1; while ( y < 5){ y++; e w a i t ( e2 ) ; } } b c d States correspond to wait statements or function calls. e Bouhadiba - Ph.D. Defense 42 September 15th 20 34 / 45

Using 42 Together with Existing Approaches [EMSOFT09] 42-ization of SystemC/TLM Extracting Control Contracts From SC-TLM Code tel-00539648, version 1-24 Nov 20 a a while ( true ){ x++; e3. n o t i f y ( ) ; e4. n o t i f y ( ) ; b w a i t ( e1 ) ; i f ( x < 42){ c p. f ( x ) ; d p. g ( x ) ; } y=x +1; while ( y < 5){ y++; e w a i t ( e2 ) ; } } b c d States correspond to wait statements or function calls. Data values are abstracted e Bouhadiba - Ph.D. Defense 42 September 15th 20 34 / 45

Using 42 Together with Existing Approaches [EMSOFT09] 42-ization of SystemC/TLM Extracting Control Contracts From SC-TLM Code tel-00539648, version 1-24 Nov 20 {}{e3;e4} I call the function f a a while ( true ){ x++; {e1}/f C {fd} {}contf/g C {gd} e3. n o t i f y ( ) ; b c d e4. n o t i f y ( ) ; {}contg{e3;e4} b w a i t ( e1 ) ; {e1}{e3;e4} i f ( x < 42){ {}contg{} c p. f ( x ) ; {e2}{e3;e4} e d p. g ( x ) ; {e2}{} } y=x +1; while ( y < 5){ States correspond to wait statements or y++; function calls. e w a i t ( e2 ) ; } Data values are abstracted } {e1}{} Bouhadiba - Ph.D. Defense 42 September 15th 20 34 / 45

Using 42 Together with Existing Approaches [EMSOFT09] 42-ization of SystemC/TLM Lightweight Execution for SystemC-TLM tel-00539648, version 1-24 Nov 20 module1 module2 T1 f1 T2 f2 p2 p1 p1 p2 ctrl main callf1 n contf2 enq callf2 ctrl module ctrl module callf2 e3 callf1 contf2 e1 f2d f2 e2 f1 T1 T2 endf1 f2 C endf2 f1 C module1 module2 endf1 f2 C resp f1d endf2 f1 C Bouhadiba - Ph.D. Defense 42 September 15th 20 35 / 45

Using 42 Together with Existing Approaches [EMSOFT09] 42-ization of SystemC/TLM Lightweight Execution for SystemC-TLM tel-00539648, version 1-24 Nov 20 Extract Contracts From SystemC module1 module2 T1 f1 T2 f2 p2 p1 p1 p2 ctrl main callf1 n contf2 enq callf2 ctrl module ctrl module callf2 e3 callf1 contf2 e1 f2d f2 e2 f1 T1 T2 endf1 f2 C endf2 f1 C module1 module2 endf1 f2 C resp f1d endf2 f1 C Bouhadiba - Ph.D. Defense 42 September 15th 20 35 / 45

Using 42 Together with Existing Approaches [EMSOFT09] 42-ization of SystemC/TLM Lightweight Execution for SystemC-TLM tel-00539648, version 1-24 Nov 20 Extract Contracts From SystemC Execute Contracts instead of Code ctrl main callf1 n contf2 enq ctrl module callf1 f1 endf1 module1 e1 T1 contf2 f2 C endf1 f2 C resp f2d f1d f2 p2 callf2 ctrl module callf2 e2 e3 endf2 module2 endf2 module1 T1 f1 p1 f1 C T2 p1 f1 C module2 T2 f2 p2 Bouhadiba - Ph.D. Defense 42 September 15th 20 35 / 45

Using 42 Together with Existing Approaches [EMSOFT09] 42-ization of SystemC/TLM Lightweight Execution for SystemC-TLM tel-00539648, version 1-24 Nov 20 Extract Contracts From SystemC Execute Contracts instead of Code Produces a super-set of SystemC executions ctrl main callf1 n contf2 enq ctrl module callf1 f1 endf1 module1 e1 T1 contf2 f2 C endf1 f2 C resp f2d f1d f2 p2 callf2 ctrl module callf2 e2 e3 endf2 module2 endf2 module1 T1 f1 p1 f1 C T2 p1 f1 C module2 T2 f2 p2 Bouhadiba - Ph.D. Defense 42 September 15th 20 35 / 45

Using 42 Together with Existing Approaches [EMSOFT09] Contents tel-00539648, version 1-24 Nov 20 1 Introduction & Sources of Inspiration 2 Overview of 42 & Examples [GPCE07] Typical Uses of 42 Contracts with SystemC-TLM 3 Hardware Simulation by Interpreting Contracts [COORD09] 4 Using 42 Together with Existing Approaches [EMSOFT09] TLM with SystemC 42-ization of SystemC/TLM Typical Uses of 42 Contracts with SystemC-TLM 5 Some Related Work 6 Summary Bouhadiba - Ph.D. Defense 42 September 15th 20 36 / 45

Using 42 Together with Existing Approaches [EMSOFT09] Typical Uses of 42 Contracts with SystemC-TLM TL-Modeling with SystemC: an Example tel-00539648, version 1-24 Nov 20 DMA Memory Bus Bouhadiba - Ph.D. Defense 42 September 15th 20 37 / 45

Using 42 Together with Existing Approaches [EMSOFT09] Typical Uses of 42 Contracts with SystemC-TLM TL-Modeling with SystemC: an Example tel-00539648, version 1-24 Nov 20 DMA Memory Bus Reuse of existing components (e.g., DMA, Memory, Bus) Bouhadiba - Ph.D. Defense 42 September 15th 20 37 / 45

Using 42 Together with Existing Approaches [EMSOFT09] Typical Uses of 42 Contracts with SystemC-TLM TL-Modeling with SystemC: an Example tel-00539648, version 1-24 Nov 20? DMA Memory Bus Reuse of existing components (e.g., DMA, Memory, Bus) Part of the functionality is not implemented Bouhadiba - Ph.D. Defense 42 September 15th 20 37 / 45

Using 42 Together with Existing Approaches [EMSOFT09] Typical Uses of 42 Contracts with SystemC-TLM TL-Modeling with SystemC: an Example tel-00539648, version 1-24 Nov 20? DMA Memory Bus Extract control contracts from existing SC-TLM components Bouhadiba - Ph.D. Defense 42 September 15th 20 37 / 45

Using 42 Together with Existing Approaches [EMSOFT09] Typical Uses of 42 Contracts with SystemC-TLM TL-Modeling with SystemC: an Example tel-00539648, version 1-24 Nov 20? DMA Memory Bus Extract control contracts from existing SC-TLM components Write new contracts for the missing ones Bouhadiba - Ph.D. Defense 42 September 15th 20 37 / 45

Using 42 Together with Existing Approaches [EMSOFT09] Typical Uses of 42 Contracts with SystemC-TLM TL-Modeling with SystemC: an Example tel-00539648, version 1-24 Nov 20? DMA Memory Bus Extract control contracts from existing SC-TLM components Write new contracts for the missing ones Execute the contracts with 42 controllers Bouhadiba - Ph.D. Defense 42 September 15th 20 37 / 45

Using 42 Together with Existing Approaches [EMSOFT09] Typical Uses of 42 Contracts with SystemC-TLM TL-Modeling with SystemC: an Example tel-00539648, version 1-24 Nov 20? DMA Memory Bus Extract control contracts from existing SC-TLM components Write new contracts for the missing ones Execute the contracts with 42 controllers Find Synchronization Bugs Bouhadiba - Ph.D. Defense 42 September 15th 20 37 / 45

Using 42 Together with Existing Approaches [EMSOFT09] Typical Uses of 42 Contracts with SystemC-TLM TL-Modeling with SystemC: an Example tel-00539648, version 1-24 Nov 20 - If there is a bug, the new contract is not compatible with the extracted ones? - Modify the new contract DMA until Memory synchronization bugs are fixed Bus Extract control contracts from existing SC-TLM components Write new contracts for the missing ones Execute the contracts with 42 controllers Find Synchronization Bugs Bouhadiba - Ph.D. Defense 42 September 15th 20 37 / 45

Using 42 Together with Existing Approaches [EMSOFT09] Typical Uses of 42 Contracts with SystemC-TLM Executing the Implementation against the Contract tel-00539648, version 1-24 Nov 20 Component implementation:.... modulex : : T(){ a w h i l e ( t r u e ){ x++; e3. n o t i f y ( ) ; e4. n o t i f y ( ) ; b w a i t ( e1 ) ; i f ( x < 42){ c p. f ( x ) ; d p. g ( x ) ;..... T a {e1}{e3;e4} Contract of T {}{e3;e4} {e1}/f C {fd} b {e1}{} {e2}{e3;e4} ctrl (main+module) c e Bouhadiba - Ph.D. Defense 42 September 15th 20 38 / 45

Using 42 Together with Existing Approaches [EMSOFT09] Typical Uses of 42 Contracts with SystemC-TLM Executing the Implementation against the Contract tel-00539648, version 1-24 Nov 20 Component implementation:.... modulex : : T(){ a w h i l e ( t r u e ){ x++; e3. n o t i f y ( ) ; e4. n o t i f y ( ) ; b w a i t ( e1 ) ; i f ( x < 42){ c p. f ( x ) ; d p. g ( x ) ;..... T a {e1}{e3;e4} Contract of T {}{e3;e4} {e1}/f C {fd} b {e1}{} {e2}{e3;e4} ctrl (main+module) 1-selection c e Bouhadiba - Ph.D. Defense 42 September 15th 20 38 / 45

Using 42 Together with Existing Approaches [EMSOFT09] Typical Uses of 42 Contracts with SystemC-TLM Executing the Implementation against the Contract tel-00539648, version 1-24 Nov 20 Component implementation:.... modulex : : T(){ a w h i l e ( t r u e ){ x++; e3. n o t i f y ( ) ; e4. n o t i f y ( ) ; b w a i t ( e1 ) ; i f ( x < 42){ c p. f ( x ) ; d p. g ( x ) ;..... 2-activation T a {e1}{e3;e4} Contract of T {}{e3;e4} {e1}/f C {fd} b {e1}{} {e2}{e3;e4} ctrl (main+module) 1-selection c e Bouhadiba - Ph.D. Defense 42 September 15th 20 38 / 45

Using 42 Together with Existing Approaches [EMSOFT09] Typical Uses of 42 Contracts with SystemC-TLM Executing the Implementation against the Contract tel-00539648, version 1-24 Nov 20 Component implementation:.... modulex : : T(){ a w h i l e ( t r u e ){ x++; e3. n o t i f y ( ) ; e4. n o t i f y ( ) ; b w a i t ( e1 ) ; i f ( x < 42){ c p. f ( x ) ; d p. g ( x ) ;..... 3-resume 2-activation T a {e1}{e3;e4} Contract of T {}{e3;e4} {e1}/f C {fd} b {e1}{} {e2}{e3;e4} ctrl (main+module) 1-selection c e Bouhadiba - Ph.D. Defense 42 September 15th 20 38 / 45

Using 42 Together with Existing Approaches [EMSOFT09] Typical Uses of 42 Contracts with SystemC-TLM Executing the Implementation against the Contract tel-00539648, version 1-24 Nov 20 Component implementation:.... modulex : : T(){...notify() a w h i l e ( t r u e ){ x++; e3. n o t i f y ( ) ; e4. n o t i f y ( ) ; b w a i t ( e1 ) ; i f ( x < 42){ c p. f ( x ) ; d p. g ( x ) ;..... 3-resume 2-activation T e3 e4 a {e1}{e3;e4} Contract of T {}{e3;e4} {e1}/f C {fd} b {e1}{} {e2}{e3;e4} ctrl (main+module) 1-selection c e Bouhadiba - Ph.D. Defense 42 September 15th 20 38 / 45

Using 42 Together with Existing Approaches [EMSOFT09] Typical Uses of 42 Contracts with SystemC-TLM Executing the Implementation against the Contract tel-00539648, version 1-24 Nov 20 Component implementation:.... modulex : : T(){ a w h i l e ( t r u e ){ x++; e3. n o t i f y ( ) ; e4. n o t i f y ( ) ; b w a i t ( e1 ) ; i f ( x < 42){ c p. f ( x ) ; d p. g ( x ) ;..... 3-resume 4-wait(...) 4-suspend 2-activation T e3 e4 a {e1}{e3;e4} Contract of T {}{e3;e4} {e1}/f C {fd} b {e1}{} {e2}{e3;e4} ctrl (main+module) 1-selection c e Bouhadiba - Ph.D. Defense 42 September 15th 20 38 / 45

Using 42 Together with Existing Approaches [EMSOFT09] Typical Uses of 42 Contracts with SystemC-TLM Executing the Implementation against the Contract tel-00539648, version 1-24 Nov 20 Component implementation:.... modulex : : T(){ a w h i l e ( t r u e ){ x++; e3. n o t i f y ( ) ; e4. n o t i f y ( ) ; b w a i t ( e1 ) ; i f ( x < 42){ c p. f ( x ) ; d p. g ( x ) ;..... 3-resume 4-wait(...) 4-suspend 2-activation T e3 e4 a {e1}{e3;e4} Contract of T {}{e3;e4} {e1}/f C {fd} b {e1}{} {e2}{e3;e4} ctrl (main+module) 1-selection 5- finished c e Bouhadiba - Ph.D. Defense 42 September 15th 20 38 / 45

Using 42 Together with Existing Approaches [EMSOFT09] Typical Uses of 42 Contracts with SystemC-TLM Executing the Implementation against the Contract tel-00539648, version 1-24 Nov 20 Component implementation:.... modulex : : T(){ a w h i l e ( t r u e ){ x++; e3. n o t i f y ( ) ; a Contract of T {}{e3;e4} 6-compatibility? {e1}/f C {fd} e4. n o t i f y ( ) ; b w a i t ( e1 ) ; i f ( x < 42){ {e1}{e3;e4} b c c p. f ( x ) ; d p. g ( x ) ; 4-wait(...) This..... execution 4-suspend step should notify e3 and e4 (calls to e.notify()). Otherwise, the implementation {e2}{e3;e4} does not re-spect the contract. 2-activation 3-resume ctrl (main+module) 1-selection T e3 e4 5- finished {e1}{} Bouhadiba - Ph.D. Defense 42 September 15th 20 38 / 45

Using 42 Together with Existing Approaches [EMSOFT09] Summary tel-00539648, version 1-24 Nov 20 Use of 42 with an existing approach (TLM) Typical Uses of 42 Contracts with SystemC-TLM Separation of the semantics of models from the execution mechanics Support for reasoning on component synchronizations A tool for extracting control contracts from SystemC code [Master 1, P. Delahaye, 20] Possibility of connection to verification tools Bouhadiba - Ph.D. Defense 42 September 15th 20 39 / 45

Contents tel-00539648, version 1-24 Nov 20 Some Related Work 1 Introduction & Sources of Inspiration 2 Overview of 42 & Examples [GPCE07] 3 Hardware Simulation by Interpreting Contracts [COORD09] 4 Using 42 Together with Existing Approaches [EMSOFT09] 5 Some Related Work 6 Summary Bouhadiba - Ph.D. Defense 42 September 15th 20 40 / 45

Some Related Work tel-00539648, version 1-24 Nov 20 Some Related Work Ptolemy 42 Simulation tool for heterogeneous E.S. Semantics of heterogeneity Catalogue of predefined MoCCs Programmable MoCCs Modeling discrete/continuous systems focuses on discrete ones Fractal Language independent component-based approach Dedicated to design and deployment Does not deal with MoCCs Similar Virtual Prototyping Central notion Formal Models for Embedded Systems Formal Verification = Reduced expressiveness Favor expressiveness Describing MoCCs and Heterogeneity with TAG machines Operational description of MoCCs Bouhadiba - Ph.D. Defense 42 September 15th 20 41 / 45

Contents tel-00539648, version 1-24 Nov 20 Summary 1 Introduction & Sources of Inspiration 2 Overview of 42 & Examples [GPCE07] 3 Hardware Simulation by Interpreting Contracts [COORD09] 4 Using 42 Together with Existing Approaches [EMSOFT09] 5 Some Related Work 6 Summary Bouhadiba - Ph.D. Defense 42 September 15th 20 42 / 45

Contributions tel-00539648, version 1-24 Nov 20 Summary A language-independent component-based model for heterogeneous embedded systems, and reuse of existing code An executable specification language for components A rich set of examples for modeling MoCCs and heterogeneity A complete case-study on the use of 42 with existing approaches Bouhadiba - Ph.D. Defense 42 September 15th 20 43 / 45

Summary A tool for describing/executing 42 models tel-00539648, version 1-24 Nov 20 Bouhadiba - Ph.D. Defense 42 September 15th 20 44 / 45

Future Work tel-00539648, version 1-24 Nov 20 Summary Extending the semantics of 42 with a quantitative notion of time Investigate on expressiveness and readability of contracts Modeling non-functional aspects and their relation with functional models [MOCCs 08] Bouhadiba - Ph.D. Defense 42 September 15th 20 45 / 45

Communication on 42 tel-00539648, version 1-24 Nov 20 references Tayeb Bouhadiba and Florence Maraninchi, Contract-based coordination of hardware components for the develment of embedded software, COORDINATION, Lecture Notes in Computer Science, vol. 5521, Springer, 2009, pp. 204 224. Tayeb Bouhadiba, Florence Maraninchi, and Giovanni Funchal, Formal and executable contracts for transaction-level modeling in systemc, EMSOFT, ACM, 2009, pp. 97 106. Florence Maraninchi and Tayeb Bouhadiba, 42: programmable models of computation for a component-based approach to heterogeneous embedded systems, GPCE, ACM, 2007, pp. 53 62. Florence Maraninchi and Tayeb Bouhadiba, 42: programmable models of computation for a component-based approach to heterogeneous embedded systems, In SYNCHRON 07 International Open Worksh on Synchronous Programming. Tayeb Bouhadiba, Florence Maraninchi, Karine Altisen, Matthieu Moy. Computational Modeling of Non-Functional Prerties with the Component Model 42, Position paper for the ARTIST MoCC 08 Worksh, july 2008, Eindhoven Bouhadiba - Ph.D. Defense 42 September 15th 20 46 / 45

Computational Modeling of Energy Consumption (Principle) tel-00539648, version 1-24 Nov 20 N Functional Radio consumption X e=60 e=50 e=0 CPU consumption Y e=150 e=5 Bouhadiba - Ph.D. Defense 42 September 15th 20 47 / 45

Computational Modeling of Energy Consumption (Principle) tel-00539648, version 1-24 Nov 20 Functional cptx SW N Functional Radio consumption X e=60 e=50 e=0 CPU consumption Y e=150 e=5 Bouhadiba - Ph.D. Defense 42 September 15th 20 47 / 45

Computational Modeling of Energy Consumption (Principle) tel-00539648, version 1-24 Nov 20 Functional cptx SW X Y N Functional Radio consumption X e=60 e=50 e=0 CPU consumption Y e=150 e=5 Bouhadiba - Ph.D. Defense 42 September 15th 20 47 / 45

Computational Modeling of Energy Consumption (Principle) tel-00539648, version 1-24 Nov 20 Functional cptx SW X Y N Functional Radio consumption X e=60 e=50 e=0 CPU consumption Y e=150 e=5 Bouhadiba - Ph.D. Defense 42 September 15th 20 47 / 45

Computational Modeling of Energy Consumption (Principle) tel-00539648, version 1-24 Nov 20 Functional cptx SW X Y N Functional Radio consumption X e=60 e=50 e=0 CPU consumption Y e=150 e=5 Bouhadiba - Ph.D. Defense 42 September 15th 20 47 / 45

Computational Modeling of Energy Consumption (Principle) tel-00539648, version 1-24 Nov 20 Functional cptx SW X Y N Functional Radio consumption X e=60 e=50 e=0 CPU consumption Y e=150 e=5 Bouhadiba - Ph.D. Defense 42 September 15th 20 47 / 45

Integrating Functional/Non-Functional Model (tion 1) tel-00539648, version 1-24 Nov 20 Physiqual environment Node i App Mac Rout NF cpu Radio Controller Node j NF sen Controller NF rad Channel Bouhadiba - Ph.D. Defense 42 September 15th 20 48 / 45

Integrating Functional/Non-Functional Model (tion 1) tel-00539648, version 1-24 Nov 20 Physiqual environment Node i Simulation App Mac Rout NF cpu Radio Controller Node j NF sen Controller NF rad Channel Exec + Integr The simulation MoCC is still the same. No separation between Non Functional / Functional Complicated MoCC. Each Component (node) will always be run as Func/N-Func component. Bouhadiba - Ph.D. Defense 42 September 15th 20 48 / 45

Integrating Functional/Non-Functional Model (tion 2) tel-00539648, version 1-24 Nov 20 Physiqual environment Node i App Mac Rout Radio Controller Node j Controller Channel Node i Node k Controller Node j Bouhadiba - Ph.D. Defense 42 September 15th 20 49 / 45

Integrating Functional/Non-Functional Model (tion 2) tel-00539648, version 1-24 Nov 20 Physiqual environment Node i App Mac Cosimulation Rout Radio Controller Node j Controller Node i Very clear separation Func/N-Func. Channel Controller Node k Controller Duplication of hierarchy (hard to maintain). To many wires to manage. Would be well suited for other applications. Node j Bouhadiba - Ph.D. Defense 42 September 15th 20 49 / 45

Integrating the Functional/Non-Functional Model (tion 3) tel-00539648, version 1-24 Nov 20 Physiqual environment Node i App Mac Rout Radio Controller NF cpu Node j Controller NF rad NF sen Channel Bouhadiba - Ph.D. Defense 42 September 15th 20 50 / 45

Integrating the Functional/Non-Functional Model (tion 3) tel-00539648, version 1-24 Nov 20 Physiqual environment Node i Simulation App Controller Node j Controller NF cpu Rout Exec Integr NF sen Mac Radio NF rad wrapper Identification of Func/N-Func models. Functional models still unchanged. This structuring is well suited for WSN applications. Not adequate for applications where Energy models share resources. Bouhadiba - Ph.D. Defense 42 September 15th 20 50 / 45 Channel