diff --git a/artifacts/phase2-pixhawk.yaml b/artifacts/phase2-pixhawk.yaml index 2fc8137..f9f0f0f 100644 --- a/artifacts/phase2-pixhawk.yaml +++ b/artifacts/phase2-pixhawk.yaml @@ -559,3 +559,30 @@ artifacts: links: - type: verifies target: REQ-PIX-017 + + - id: TEST-PIX-019 + type: test-spec + title: Renode multi-node vehicle (Track B) - M7 + F100 real binaries co-execute in one emulation joined by the IPC hub (the real-hardware mirror of TEST-PIX-018) + status: draft + description: > + hardware/renode/vehicle/run-vehicle-multinode.sh - the Renode (real synth->ARM) + mirror of the wasmtime combined harness (TEST-PIX-018), same two-node scenario + (DD-019). Instantiates BOTH nodes in one Renode emulation: mach m7-fmu + (pixhawk6xrt.repl + a bring-up firmware) + mach f100-io (gale gust_m3_8k.repl + + gust_wasm.elf, the real dissolved failsafe), joined by a UARTHub "relaybus" (the + relay-bus carrier proxy, relay#177 / DD-009). CONFIRMED 2026-06-22: both machines + co-execute - `mach` lists m7-fmu (RT1176, SP 0x20040000) + f100-io (gust, bss 4256 + @0x20000214, SP 0x20002000), both Machine started, M7 lpuart1 connected to the hub. + DEFERRED (honest scope, hence status=draft): the REACTIVE failsafe handoff (gust + consuming the M7 heartbeat over ipc-rx + tripping on loss) needs a gust ipc-rx build + with a connectable UART (gale - gust_m3_8k.repl has only a SemihostingUart, so only + the M7 side is hub-wired today); and real falcon on the M7 is a bring-up STUB until + the on-target punch-list clears (#369 hard-float/AFD-024, #275 dispatch/AFD-008). + Until then the handoff is orchestration-modeled (pause m7-fmu = M7 fault), mirroring + how the wasmtime track host-models the arbitration. Track A (TEST-PIX-018) carries + the handoff LOGIC end-to-end; the two together are the DD-010/DD-019 SIL-differential + at vehicle scale. + tags: [phase-2, simulation, renode, multi-node, vehicle, on-target] + links: + - type: verifies + target: REQ-PIX-017 diff --git a/hardware/renode/vehicle/README.md b/hardware/renode/vehicle/README.md new file mode 100644 index 0000000..5f34a7e --- /dev/null +++ b/hardware/renode/vehicle/README.md @@ -0,0 +1,36 @@ +# Track B — Renode multi-node vehicle (the real-hardware mirror of the wasmtime sim) + +The Renode (real synth→ARM, modeled silicon) counterpart of `sim/vehicle-wasmtime.sh`. +Same two-node scenario (DD-019 / REQ-PIX-017), exercised on real ISA models instead of +in wasmtime. + +``` + mach "m7-fmu" : hardware/renode/pixhawk6xrt.repl + bring-up firmware (M7 / RT1176) + mach "f100-io" : gale gust_m3_8k.repl + gust_wasm.elf (F100 / real dissolved failsafe) + └── UARTHub "relaybus" ── the inter-node IPC link (relay-bus carrier, relay#177 / DD-009) +``` + +Run: `RENODE=~/renode-…/renode hardware/renode/vehicle/run-vehicle-multinode.sh` + +## What this rung CONFIRMS (2026-06-22) +Both real node binaries **co-execute in one Renode emulation**: `mach` lists `m7-fmu` +(RT1176, SP 0x20040000) and `f100-io` (gust, `.bss` 4256 @ 0x20000214, SP 0x20002000 = +top of 8 KB), both `Machine started`, joined by the `relaybus` UART hub (M7 `lpuart1` +connected). This is the multi-node **topology** of the real-hardware vehicle sim — the +Track-B structural mirror of the wasmtime combined harness. + +## What is DEFERRED (honest scope) and why +- **Reactive failsafe handoff** (gust *consuming* the M7 heartbeat over `ipc-rx` and + tripping on loss) needs a **gust `ipc-rx` build with a connectable UART** — gale's + `gust_m3_8k.repl` exposes only a `SemihostingUart`, so only the M7 side is wired to the + hub today. Until then the handoff is **orchestration-modeled** (pausing the `m7-fmu` + machine = M7 fault), exactly as the wasmtime track host-models the arbitration. +- **Real falcon on the M7** is a bring-up stub here because falcon's synth→ARM image is + still blocked by the on-target punch-list (**#369 hard-float / AFD-024**, **#275 + dispatch / AFD-008**). When those land, the M7 node runs real falcon and the Renode + rung becomes a full real-binary vehicle sim. + +So Track B = multi-node co-execution + IPC scaffold **now**; full reactive handoff gated +on (a) gust `ipc-rx` (gale) and (b) the synth punch-list. The wasmtime track (Track A) +already demonstrates the *logic* of the handoff end-to-end (TEST-PIX-018) — the +SIL-differential pairing (DD-010 / DD-019) is what makes that division productive. diff --git a/hardware/renode/vehicle/run-vehicle-multinode.sh b/hardware/renode/vehicle/run-vehicle-multinode.sh new file mode 100755 index 0000000..c62a4ba --- /dev/null +++ b/hardware/renode/vehicle/run-vehicle-multinode.sh @@ -0,0 +1,43 @@ +#!/usr/bin/env bash +# Track B (Renode real-hardware) mirror of the combined-vehicle wasmtime sim +# (sim/vehicle-wasmtime.sh): BOTH nodes as real ARM binaries in ONE Renode emulation. +# M7 (FMU) : pixhawk6xrt.repl + a bring-up firmware (real falcon pending #369/#275) +# F100 (IO) : gale gust_m3_8k.repl + gust_wasm.elf (the real dissolved failsafe) +# IPC link : a Renode UARTHub (the relay-bus carrier proxy, relay#177 / DD-009) +# Confirms the multi-node TOPOLOGY: both real node binaries co-execute in one emulation +# joined by the inter-node link. The reactive failsafe handoff (gust consuming the M7 +# heartbeat over ipc-rx) needs a gust ipc-rx build (gale) + real falcon on the M7; until +# then the handoff is orchestration-modeled (pausing the M7 machine = fault injection), +# exactly as the wasmtime track host-models the arbitration. +set -euo pipefail +RENODE="${RENODE:?set RENODE to the renode binary}" +ROOT="$(cd "$(dirname "$0")/../../.." && pwd)" +M7ELF="$ROOT/hardware/renode/smoke/rt1176-smoke.elf" +# fetch gale's gust artifacts (not vendored — avoid stale gale binary) +GUSTREPL=/tmp/gust_m3_8k.repl; GUSTELF=/tmp/gust_wasm.elf +gh api repos/pulseengine/gale/contents/benches/gust/renode-test/gust_m3_8k.repl --jq '.content' | base64 -d > "$GUSTREPL" +gh api repos/pulseengine/gale/contents/benches/gust/renode-test/gust_wasm.elf --jq '.content' | base64 -d > "$GUSTELF" +RESC=$(mktemp -t vehicle).resc +cat > "$RESC" <&1 | grep -iE 'm7-fmu|f100-io|machines|executed|[0-9]{5,}|relaybus|fault|error' | tail -20