SoC Simulator

Cache policy and hierarchy behavior (L1 focus, with L2/L3 context)

Use this as a cache math lab. Split one address into tag (which memory line), index (which set), and offset (which byte in the line). Then run traffic shapes to see locality, conflict thrash, and how write policy changes DRAM pressure.

MESI (Modified, Exclusive, Shared, Invalid) with real values and bus messages

Use one shared address X with two cores and private caches. Trigger loads and stores from each core, then watch values, state transitions, bus messages, and DRAM updates in order.

MESI (Modified, Exclusive, Shared, Invalid)

Four-state tag attached to every cache line: Modified (I own the only dirty copy, RAM is stale), Exclusive (clean and mine alone, RAM matches), Shared (clean, other caches may also hold it), Invalid (line is empty or stale, must refetch). The snoop controller in each L1 watches the coherent bus and flips its own state when another core acts on the same physical address.

BusRd / BusRdX / Invalidate

The three bus messages that drive MESI. BusRd = "I want to read this line, anyone have it?" BusRdX = "I want to write it, give me exclusive ownership." Invalidate = "I already have it shared, drop your copy so I can write." On ARM A78AE this travels over the DSU (DynamIQ Shared Unit) at the L2 boundary.

DMA (Direct Memory Access): doorbells, descriptor rings, and cache ownership

In most drivers the protocol is: CPU writes a descriptor ring in RAM, rings a doorbell register, then hardware issues bus reads and writes (AXI on SoC, PCIe TLPs for external devices), and finally raises interrupts. This panel shows each stage, ownership handoff, and why cache sync is required in streaming mappings.

DMA control protocol (what actually happens)

1) Driver writes descriptor entries (address, length, flags, ownership). 2) Driver rings a doorbell register so the DMA engine starts. 3) DMA engine fetches descriptors over the bus (AXI read on SoC, MRd/CplD pair on PCIe). 4) DMA engine transfers payload data between device and RAM. 5) DMA engine raises an interrupt so software can reclaim buffers. In double-buffer and scatter-gather modes, this repeats per descriptor.

Interrupt flags used here

HT = Half Transfer, TC = Transfer Complete, TE = Transfer Error, FE = FIFO Error. These are status bits your interrupt handler checks before it decides whether to queue the next buffer, retry, or reset the engine.

MMU, IOMMU, and hypervisor stage-2 translation

This panel follows one translation chain end to end: VA (Virtual Address) to PA (Physical Address) for CPU loads, and bus/device addresses to host memory for DMA. In virtual machines, the chain becomes GVA (Guest Virtual Address) → IPA (Intermediate Physical Address) → HPA (Host Physical Address).

Memory ordering: two tests that separate the models

The flag handshake separates relaxed ordering from stronger modes. To compare acquire/release with seq_cst, run the store-buffer (Dekker-style) test: each thread writes one variable, then reads the other. Without a full fence, both reads can legally return zero on weakly ordered systems.

Spinlock, mutex, priority inversion, and compare-and-swap

These scenarios compare spinlock and mutex behavior, priority inversion, condition variables, and lock-free CAS updates. The goal is practical debugging intuition: who is running, who is waiting, and why progress stops.

C source → assembly → pipeline stages

Start from a short C snippet, inspect an ARM-style lowering, then step through a 5-stage pipeline (fetch, decode, execute, memory, writeback). Compare the cycle cost of an L1 miss versus a DRAM miss.

NVIDIA GPU warp, shared memory, and __syncthreads()

This model follows NVIDIA SM execution: a warp has 32 lockstep threads, shared memory is banked, and bank conflicts serialize access. __syncthreads() is a block-wide barrier; misuse can cause stale reads or deadlock.

Kernel memory: zones, buddy, and slab

The kernel splits physical memory into zones (DMA, DMA32, NORMAL, HIGHMEM). Buddy allocation manages page ranges, and slab allocation turns those pages into fixed-size kernel objects (for example task_struct, inode, and skbuff).

Syscall path lab: read/write/ioctl/mmap/fsync

Pick a syscall and trace the full path through trap handling, VFS, filesystem, page cache, block layer, driver, DMA, IRQ, and return to userspace. Compare control-heavy calls (ioctl), mapping calls (mmap), and durability calls (fsync/sync).

VFS (Virtual File System)

A thin indirection layer in the Linux kernel. Userspace calls read()/write()/ioctl() on a file descriptor; the syscall handler dereferences that fd to a struct file, which points to a struct file_operations vtable supplied by whichever driver or filesystem owns the inode. VFS itself does not read blocks - it dispatches. That is why the same read() can end up in ext4, in a ramdisk, or in a v4l2 camera driver.

Page cache

The kernel's RAM-resident copy of file data, indexed by (inode, offset). read() hits it on warm pages and skips the block layer entirely; write() marks pages dirty and returns before any disk I/O. fsync() is the call that actually forces dirty pages down through the block layer and the device FUA flush.

NVMe (Non-Volatile Memory Express)

NVMe is a queue-based storage protocol. The kernel posts commands into a submission queue, rings a doorbell register, the controller performs DMA to/from RAM, then raises an MSI-X interrupt on completion. In this panel, NVMe appears on read-miss, writeback, and fsync durability paths.

Serial protocol waveforms and digital receive logic

Choose a protocol, edit one payload byte, and watch how receiver logic interprets clock edges into bits and bytes. Focus is digital-circuit behavior: sampling, shifting, framing, and commit to memory.

MIPI CSI-2 camera pipeline

Lens → sensor → CSI-2 receiver → ISP → DMA → IOMMU → V4L2 queue → userspace. This view tracks where timing pressure appears and why frame drops occur.

CPU ↔ GPU data path: pageable, pinned, and unified memory

A CUDA kernel can run only after input data is visible to the GPU. Transfer mode determines latency and throughput. Compare pageable, pinned, and unified memory to see where transfer time and ownership handoff are spent.

PCIe (Peripheral Component Interconnect Express)

The serial, packet-switched link between the CPU complex and the GPU. Transfers are TLPs (Transaction Layer Packets): MRd memory read, MWr memory write, Cpl/CplD completion with or without data. Each lane is a differential pair; Gen4 x16 ≈ 32 GB/s one way. Flow control is credit-based, so an overloaded receiver throttles the sender instead of dropping packets.

Doorbell / BAR

A BAR (Base Address Register) is a window into the GPU's MMIO space that the CPU can store to directly. A doorbell is a specific 32-bit register inside that window; writing to it tells the GPU "go look at the work queue you already know about." One store, one TLP, kernel launch begins.

NVIDIA Streaming Multiprocessor: Ampere reference (SM_86)

An SM (Streaming Multiprocessor) is the unit that schedules warps and executes instructions. Click blocks to connect hardware units to practical performance outcomes: occupancy, memory-latency hiding, and shared-memory pressure.

Write-through, write-back, and write-combine on one timeline

Run the same store under three L1 policies. Compare when DRAM is written and what DMB ISH (Data Memory Barrier, Inner Shareable) forces to complete before later instructions continue.

WCB (Write Combine Buffer)

A small staging FIFO between the core and the coherent bus for regions marked as Normal Non-Cacheable or Device-GRE. Consecutive stores to the same cache-line-aligned range are merged into one wider burst, so four 32-bit writes to a GPU ring buffer become one 128-bit beat on AXI. The downside is ordering: a WCB can hold your store for cycles before anyone else sees it, which is why pushing a doorbell needs DMB ISHST (Data Memory Barrier, Inner Shareable, Store) to drain it.

Write-through vs write-back vs write-combine

WT (write-through) stores hit L1 and propagate to L2/DRAM immediately: simple and predictable, but higher traffic. WB (write-back) stores stay in L1 as dirty data until eviction or snoop: faster, but visibility depends on coherence. WC (write-combine) batches stores in WCB and flushes as bursts: useful for MMIO fills and GPU command buffers.

DMA coherent vs streaming: same transfer goal, different ownership rules

Both modes move bytes between device and RAM. The difference is cache ownership. Coherent mappings avoid manual cache sync; streaming mappings need explicit handoff calls before and after DMA.

Video buffering timeline: writer pointer vs scanout pointer

In a healthy double-buffer pipeline, ISP writes the next frame into an idle buffer while display scans the current frame from a different buffer. At vsync, roles swap atomically.

Condition variables for producer/consumer correctness

Use this when a thread should sleep until shared state changes. pthread_cond_wait releases the mutex and sleeps atomically, then re-locks before returning.

End-to-end: writel(1, BAR0 + GPIO_SET) lights an LED

Trace one memory-mapped write from instruction issue to pad toggle: memory type check, barrier ordering, interconnect transfer, SMMU (System Memory Management Unit) translation, GPIO decode, then output latch.

Hypervisor translation chain: GVA → IPA → HPA

In a guest VM, software at EL1 (Exception Level 1) translates GVA (Guest Virtual Address) to IPA (Intermediate Physical Address). Hardware controlled by EL2 (Exception Level 2) then translates IPA to HPA (Host Physical Address).

Stage-1 / Stage-2

Stage-1 uses TTBR0_EL1 (Translation Table Base Register 0, EL1) to walk guest page tables. Stage-2 uses VTTBR_EL2 (Virtualization Translation Table Base Register, EL2) to map guest physical space into host physical space. Hardware chains both walks; guest software cannot bypass stage-2.

Why DMA uses stage-2 too

When a PCIe device issues a DMA, the SMMU applies stage-1 (device driver's IOVA map) and then stage-2 (hypervisor's guest-physical map). This is how a passthrough NVMe can issue DMA with only guest-physical addresses without escaping the VM.

PCIe (Peripheral Component Interconnect Express) TLPs on the wire

CPU↔GPU traffic on PCIe is packetized. Send posted writes, send non-posted reads, and watch completions return. If receiver credits run out, traffic pauses until FC Update (Flow Control Update) replenishes credits.

TLP (Transaction Layer Packet)

The transport unit across PCIe. MWr is posted (fire-and-forget), MRd is non-posted (requester waits for CplD, short for Completion with Data). A doorbell is one MWr; a DMA descriptor fetch is one MRd + one CplD.

Credits

Each receiver advertises header and payload credit limits. The sender decrements local credit counters before transmit. If credits reach zero, transmission pauses. FC Update (Flow Control Update) DLLPs refill credits as receive buffers drain.

Page faults: minor, major, COW, file-backed mmap

From userspace, all four faults look like a stalled load instruction. Inside the kernel, paths differ: minor faults map existing memory, major faults need I/O, COW faults duplicate shared pages, and file-backed faults pull from storage via page cache.

Minor vs major

Minor: the PTE (Page Table Entry) was not present, but the page was already in RAM (anonymous zero-fill, or file page still in page cache). Fix-up is a couple of microseconds. Major: the page was paged out to swap or was never read from disk. Fix-up requires I/O, typically milliseconds.

COW (copy-on-write)

After fork(), parent and child share anonymous pages read-only. The first write triggers a page fault with FSR.WnR=1 on a writable VMA (Virtual Memory Area) but a read-only PTE. The handler allocates a fresh page, copies data, updates the PTE writable, and retries the instruction.

Why write() returning is not on-disk: fsync, journal, FUA

A successful write() means bytes reached page cache, not durable media. Power-loss durability also needs writeback, journal commit, and device cache flush. Run each call path to see what actually happens.

Journal (jbd2)

Ext4 writes metadata changes into a circular log before touching the real inode blocks. If power is lost mid-write, recovery replays the log to restore consistency. fsync() forces both the data block and the metadata journal commit.

FUA / FLUSH

NVMe commands can carry a Force Unit Access bit that bypasses the device cache for durability, or be preceded by a Flush command that drains the cache. Without one of these, the device may return completion while bytes still sit in its volatile DRAM.