bybrooklyn/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-04-18 14:53:58 -04:00
Code Issues Packages Projects Releases Wiki Activity
Files
d97e7d7c304f87419921f740743f7baa99f40539
linux/include/linux/rv.h
Gabriele Monaco 4a24127bd6 rv: Add support for per-object monitors in DA/HA 
RV deterministic and hybrid automata currently only support global,
per-cpu and per-task monitors. It isn't possible to write a model that
would follow some different type of object, like a deadline entity or a
lock.

Define the generic per-object monitor implementation which shares part
of the implementation with the per-task monitors.
The user needs to provide an id for the object (e.g. pid for tasks) and
define the data type for the monitor_target (e.g. struct task_struct *
for tasks). Both are supplied to the event handlers, as the id may not
be easily available in the target.

The monitor storage (e.g. the rv monitor, pointer to the target, etc.)
is stored in a hash table indexed by id. Monitor storage objects are
automatically allocated unless specified otherwise (e.g. if the creation
context is unsafe for allocation).

Reviewed-by: Nam Cao <namcao@linutronix.de>
Link: https://lore.kernel.org/r/20260330111010.153663-9-gmonaco@redhat.com
Signed-off-by: Gabriele Monaco <gmonaco@redhat.com>
2026-03-31 16:47:17 +02:00

175 lines
4.2 KiB
C
Raw Blame History

/* SPDX-License-Identifier: GPL-2.0 */
/*
* Runtime Verification.
*
* For futher information, see: kernel/trace/rv/rv.c.
*/
#ifndef _LINUX_RV_H
#define _LINUX_RV_H
#define MAX_DA_NAME_LEN 32
#define MAX_DA_RETRY_RACING_EVENTS 3
#define RV_MON_GLOBAL 0
#define RV_MON_PER_CPU 1
#define RV_MON_PER_TASK 2
#define RV_MON_PER_OBJ 3
#ifdef CONFIG_RV
#include <linux/array_size.h>
#include <linux/bitops.h>
#include <linux/list.h>
#include <linux/types.h>
/*
* Deterministic automaton per-object variables.
*/
struct da_monitor {
bool monitoring;
unsigned int curr_state;
};
#ifdef CONFIG_RV_LTL_MONITOR
/*
* In the future, if the number of atomic propositions or the size of Buchi
* automaton is larger, we can switch to dynamic allocation. For now, the code
* is simpler this way.
*/
#define RV_MAX_LTL_ATOM 32
#define RV_MAX_BA_STATES 32
/**
* struct ltl_monitor - A linear temporal logic runtime verification monitor
* @states: States in the Buchi automaton. As Buchi automaton is a
* non-deterministic state machine, the monitor can be in multiple
* states simultaneously. This is a bitmask of all possible states.
* If this is zero, that means either:
* - The monitor has not started yet (e.g. because not all
* atomic propositions are known).
* - There is no possible state to be in. In other words, a
* violation of the LTL property is detected.
* @atoms: The values of atomic propositions.
* @unknown_atoms: Atomic propositions which are still unknown.
*/
struct ltl_monitor {
DECLARE_BITMAP(states, RV_MAX_BA_STATES);
DECLARE_BITMAP(atoms, RV_MAX_LTL_ATOM);
DECLARE_BITMAP(unknown_atoms, RV_MAX_LTL_ATOM);
};
static inline bool rv_ltl_valid_state(struct ltl_monitor *mon)
{
for (int i = 0; i < ARRAY_SIZE(mon->states); ++i) {
if (mon->states[i])
return true;
}
return false;
}
static inline bool rv_ltl_all_atoms_known(struct ltl_monitor *mon)
{
for (int i = 0; i < ARRAY_SIZE(mon->unknown_atoms); ++i) {
if (mon->unknown_atoms[i])
return false;
}
return true;
}
#else
struct ltl_monitor {};
#endif /* CONFIG_RV_LTL_MONITOR */
#ifdef CONFIG_RV_HA_MONITOR
/*
* In the future, hybrid automata may rely on multiple
* environment variables, e.g. different clocks started at
* different times or running at different speed.
* For now we support only 1 variable.
*/
#define MAX_HA_ENV_LEN 1
/*
* Monitors can pick the preferred timer implementation:
* No timer: if monitors don't have state invariants.
* Timer wheel: lightweight invariants check but far less precise.
* Hrtimer: accurate invariants check with higher overhead.
*/
#define HA_TIMER_NONE 0
#define HA_TIMER_WHEEL 1
#define HA_TIMER_HRTIMER 2
/*
* Hybrid automaton per-object variables.
*/
struct ha_monitor {
struct da_monitor da_mon;
u64 env_store[MAX_HA_ENV_LEN];
union {
struct hrtimer hrtimer;
struct timer_list timer;
};
};
#else
struct ha_monitor { };
#endif /* CONFIG_RV_HA_MONITOR */
#define RV_PER_TASK_MONITOR_INIT (CONFIG_RV_PER_TASK_MONITORS)
union rv_task_monitor {
struct da_monitor da_mon;
struct ltl_monitor ltl_mon;
struct ha_monitor ha_mon;
};
#ifdef CONFIG_RV_REACTORS
struct rv_reactor {
const char *name;
const char *description;
__printf(1, 0) void (*react)(const char *msg, va_list args);
struct list_head list;
};
#endif
struct rv_monitor {
const char *name;
const char *description;
bool enabled;
int (*enable)(void);
void (*disable)(void);
void (*reset)(void);
#ifdef CONFIG_RV_REACTORS
struct rv_reactor *reactor;
__printf(1, 0) void (*react)(const char *msg, va_list args);
#endif
struct list_head list;
struct rv_monitor *parent;
struct dentry *root_d;
};
bool rv_monitoring_on(void);
int rv_unregister_monitor(struct rv_monitor *monitor);
int rv_register_monitor(struct rv_monitor *monitor, struct rv_monitor *parent);
int rv_get_task_monitor_slot(void);
void rv_put_task_monitor_slot(int slot);
#ifdef CONFIG_RV_REACTORS
int rv_unregister_reactor(struct rv_reactor *reactor);
int rv_register_reactor(struct rv_reactor *reactor);
__printf(2, 3)
void rv_react(struct rv_monitor *monitor, const char *msg, ...);
#else
__printf(2, 3)
static inline void rv_react(struct rv_monitor *monitor, const char *msg, ...)
{
}
#endif /* CONFIG_RV_REACTORS */
#endif /* CONFIG_RV */
#endif /* _LINUX_RV_H */
Reference in New Issue View Git Blame Copy Permalink