rv/include: Add deterministic automata monitor definition via C macros
In Linux terms, the runtime verification monitors are encapsulated
inside the "RV monitor" abstraction. The "RV monitor" includes a set
of instances of the monitor (per-cpu monitor, per-task monitor, and
so on), the helper functions that glue the monitor to the system
reference model, and the trace output as a reaction for event parsing
and exceptions, as depicted below:
Linux +----- RV Monitor ----------------------------------+ Formal
Realm | | Realm
+-------------------+ +----------------+ +-----------------+
| Linux kernel | | Monitor | | Reference |
| Tracing | -> | Instance(s) | <- | Model |
| (instrumentation) | | (verification) | | (specification) |
+-------------------+ +----------------+ +-----------------+
| | |
| V |
| +----------+ |
| | Reaction | |
| +--+--+--+-+ |
| | | | |
| | | +-> trace output ? |
+------------------------|--|----------------------+
| +----> panic ?
+-------> <user-specified>
Add the rv/da_monitor.h, enabling automatic code generation for the
*Monitor Instance(s)* using C macros, and code to support it.
The benefits of the usage of macro for monitor synthesis are 3-fold as it:
- Reduces the code duplication;
- Facilitates the bug fix/improvement;
- Avoids the case of developers changing the core of the monitor code
to manipulate the model in a (let's say) non-standard way.
This initial implementation presents three different types of monitor
instances:
- DECLARE_DA_MON_GLOBAL(name, type)
- DECLARE_DA_MON_PER_CPU(name, type)
- DECLARE_DA_MON_PER_TASK(name, type)
The first declares the functions for a global deterministic automata monitor,
the second for monitors with per-cpu instances, and the third with per-task
instances.
Link: https://lkml.kernel.org/r/51b0bf425a281e226dfeba7401d2115d6091f84e.1659052063.git.bristot@kernel.org
Cc: Wim Van Sebroeck <wim@linux-watchdog.org>
Cc: Guenter Roeck <linux@roeck-us.net>
Cc: Jonathan Corbet <corbet@lwn.net>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Will Deacon <will@kernel.org>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Marco Elver <elver@google.com>
Cc: Dmitry Vyukov <dvyukov@google.com>
Cc: "Paul E. McKenney" <paulmck@kernel.org>
Cc: Shuah Khan <skhan@linuxfoundation.org>
Cc: Gabriele Paoloni <gpaoloni@redhat.com>
Cc: Juri Lelli <juri.lelli@redhat.com>
Cc: Clark Williams <williams@redhat.com>
Cc: Tao Zhou <tao.zhou@linux.dev>
Cc: Randy Dunlap <rdunlap@infradead.org>
Cc: linux-doc@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Cc: linux-trace-devel@vger.kernel.org
Signed-off-by: Daniel Bristot de Oliveira <bristot@kernel.org>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
2022-07-29 11:38:43 +02:00
/* SPDX-License-Identifier: GPL-2.0 */
# undef TRACE_SYSTEM
# define TRACE_SYSTEM rv
# if !defined(_TRACE_RV_H) || defined(TRACE_HEADER_MULTI_READ)
# define _TRACE_RV_H
# include <linux/rv.h>
# include <linux/tracepoint.h>
# ifdef CONFIG_DA_MON_EVENTS_IMPLICIT
DECLARE_EVENT_CLASS ( event_da_monitor ,
TP_PROTO ( char * state , char * event , char * next_state , bool final_state ) ,
TP_ARGS ( state , event , next_state , final_state ) ,
TP_STRUCT__entry (
__array ( char , state , MAX_DA_NAME_LEN )
__array ( char , event , MAX_DA_NAME_LEN )
__array ( char , next_state , MAX_DA_NAME_LEN )
__field ( bool , final_state )
) ,
TP_fast_assign (
memcpy ( __entry - > state , state , MAX_DA_NAME_LEN ) ;
memcpy ( __entry - > event , event , MAX_DA_NAME_LEN ) ;
memcpy ( __entry - > next_state , next_state , MAX_DA_NAME_LEN ) ;
__entry - > final_state = final_state ;
) ,
TP_printk ( " %s x %s -> %s %s " ,
__entry - > state ,
__entry - > event ,
__entry - > next_state ,
__entry - > final_state ? " (final) " : " " )
) ;
DECLARE_EVENT_CLASS ( error_da_monitor ,
TP_PROTO ( char * state , char * event ) ,
TP_ARGS ( state , event ) ,
TP_STRUCT__entry (
__array ( char , state , MAX_DA_NAME_LEN )
__array ( char , event , MAX_DA_NAME_LEN )
) ,
TP_fast_assign (
memcpy ( __entry - > state , state , MAX_DA_NAME_LEN ) ;
memcpy ( __entry - > event , event , MAX_DA_NAME_LEN ) ;
) ,
TP_printk ( " event %s not expected in the state %s " ,
__entry - > event ,
__entry - > state )
) ;
2022-07-29 11:38:52 +02:00
# ifdef CONFIG_RV_MON_WIP
DEFINE_EVENT ( event_da_monitor , event_wip ,
TP_PROTO ( char * state , char * event , char * next_state , bool final_state ) ,
TP_ARGS ( state , event , next_state , final_state ) ) ;
DEFINE_EVENT ( error_da_monitor , error_wip ,
TP_PROTO ( char * state , char * event ) ,
TP_ARGS ( state , event ) ) ;
# endif /* CONFIG_RV_MON_WIP */
rv/include: Add deterministic automata monitor definition via C macros
In Linux terms, the runtime verification monitors are encapsulated
inside the "RV monitor" abstraction. The "RV monitor" includes a set
of instances of the monitor (per-cpu monitor, per-task monitor, and
so on), the helper functions that glue the monitor to the system
reference model, and the trace output as a reaction for event parsing
and exceptions, as depicted below:
Linux +----- RV Monitor ----------------------------------+ Formal
Realm | | Realm
+-------------------+ +----------------+ +-----------------+
| Linux kernel | | Monitor | | Reference |
| Tracing | -> | Instance(s) | <- | Model |
| (instrumentation) | | (verification) | | (specification) |
+-------------------+ +----------------+ +-----------------+
| | |
| V |
| +----------+ |
| | Reaction | |
| +--+--+--+-+ |
| | | | |
| | | +-> trace output ? |
+------------------------|--|----------------------+
| +----> panic ?
+-------> <user-specified>
Add the rv/da_monitor.h, enabling automatic code generation for the
*Monitor Instance(s)* using C macros, and code to support it.
The benefits of the usage of macro for monitor synthesis are 3-fold as it:
- Reduces the code duplication;
- Facilitates the bug fix/improvement;
- Avoids the case of developers changing the core of the monitor code
to manipulate the model in a (let's say) non-standard way.
This initial implementation presents three different types of monitor
instances:
- DECLARE_DA_MON_GLOBAL(name, type)
- DECLARE_DA_MON_PER_CPU(name, type)
- DECLARE_DA_MON_PER_TASK(name, type)
The first declares the functions for a global deterministic automata monitor,
the second for monitors with per-cpu instances, and the third with per-task
instances.
Link: https://lkml.kernel.org/r/51b0bf425a281e226dfeba7401d2115d6091f84e.1659052063.git.bristot@kernel.org
Cc: Wim Van Sebroeck <wim@linux-watchdog.org>
Cc: Guenter Roeck <linux@roeck-us.net>
Cc: Jonathan Corbet <corbet@lwn.net>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Will Deacon <will@kernel.org>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Marco Elver <elver@google.com>
Cc: Dmitry Vyukov <dvyukov@google.com>
Cc: "Paul E. McKenney" <paulmck@kernel.org>
Cc: Shuah Khan <skhan@linuxfoundation.org>
Cc: Gabriele Paoloni <gpaoloni@redhat.com>
Cc: Juri Lelli <juri.lelli@redhat.com>
Cc: Clark Williams <williams@redhat.com>
Cc: Tao Zhou <tao.zhou@linux.dev>
Cc: Randy Dunlap <rdunlap@infradead.org>
Cc: linux-doc@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Cc: linux-trace-devel@vger.kernel.org
Signed-off-by: Daniel Bristot de Oliveira <bristot@kernel.org>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
2022-07-29 11:38:43 +02:00
# endif /* CONFIG_DA_MON_EVENTS_IMPLICIT */
# ifdef CONFIG_DA_MON_EVENTS_ID
DECLARE_EVENT_CLASS ( event_da_monitor_id ,
TP_PROTO ( int id , char * state , char * event , char * next_state , bool final_state ) ,
TP_ARGS ( id , state , event , next_state , final_state ) ,
TP_STRUCT__entry (
__field ( int , id )
__array ( char , state , MAX_DA_NAME_LEN )
__array ( char , event , MAX_DA_NAME_LEN )
__array ( char , next_state , MAX_DA_NAME_LEN )
__field ( bool , final_state )
) ,
TP_fast_assign (
memcpy ( __entry - > state , state , MAX_DA_NAME_LEN ) ;
memcpy ( __entry - > event , event , MAX_DA_NAME_LEN ) ;
memcpy ( __entry - > next_state , next_state , MAX_DA_NAME_LEN ) ;
__entry - > id = id ;
__entry - > final_state = final_state ;
) ,
TP_printk ( " %d: %s x %s -> %s %s " ,
__entry - > id ,
__entry - > state ,
__entry - > event ,
__entry - > next_state ,
__entry - > final_state ? " (final) " : " " )
) ;
DECLARE_EVENT_CLASS ( error_da_monitor_id ,
TP_PROTO ( int id , char * state , char * event ) ,
TP_ARGS ( id , state , event ) ,
TP_STRUCT__entry (
__field ( int , id )
__array ( char , state , MAX_DA_NAME_LEN )
__array ( char , event , MAX_DA_NAME_LEN )
) ,
TP_fast_assign (
memcpy ( __entry - > state , state , MAX_DA_NAME_LEN ) ;
memcpy ( __entry - > event , event , MAX_DA_NAME_LEN ) ;
__entry - > id = id ;
) ,
TP_printk ( " %d: event %s not expected in the state %s " ,
__entry - > id ,
__entry - > event ,
__entry - > state )
) ;
2022-07-29 11:38:53 +02:00
# ifdef CONFIG_RV_MON_WWNR
/* id is the pid of the task */
DEFINE_EVENT ( event_da_monitor_id , event_wwnr ,
TP_PROTO ( int id , char * state , char * event , char * next_state , bool final_state ) ,
TP_ARGS ( id , state , event , next_state , final_state ) ) ;
DEFINE_EVENT ( error_da_monitor_id , error_wwnr ,
TP_PROTO ( int id , char * state , char * event ) ,
TP_ARGS ( id , state , event ) ) ;
# endif /* CONFIG_RV_MON_WWNR */
rv/include: Add deterministic automata monitor definition via C macros
In Linux terms, the runtime verification monitors are encapsulated
inside the "RV monitor" abstraction. The "RV monitor" includes a set
of instances of the monitor (per-cpu monitor, per-task monitor, and
so on), the helper functions that glue the monitor to the system
reference model, and the trace output as a reaction for event parsing
and exceptions, as depicted below:
Linux +----- RV Monitor ----------------------------------+ Formal
Realm | | Realm
+-------------------+ +----------------+ +-----------------+
| Linux kernel | | Monitor | | Reference |
| Tracing | -> | Instance(s) | <- | Model |
| (instrumentation) | | (verification) | | (specification) |
+-------------------+ +----------------+ +-----------------+
| | |
| V |
| +----------+ |
| | Reaction | |
| +--+--+--+-+ |
| | | | |
| | | +-> trace output ? |
+------------------------|--|----------------------+
| +----> panic ?
+-------> <user-specified>
Add the rv/da_monitor.h, enabling automatic code generation for the
*Monitor Instance(s)* using C macros, and code to support it.
The benefits of the usage of macro for monitor synthesis are 3-fold as it:
- Reduces the code duplication;
- Facilitates the bug fix/improvement;
- Avoids the case of developers changing the core of the monitor code
to manipulate the model in a (let's say) non-standard way.
This initial implementation presents three different types of monitor
instances:
- DECLARE_DA_MON_GLOBAL(name, type)
- DECLARE_DA_MON_PER_CPU(name, type)
- DECLARE_DA_MON_PER_TASK(name, type)
The first declares the functions for a global deterministic automata monitor,
the second for monitors with per-cpu instances, and the third with per-task
instances.
Link: https://lkml.kernel.org/r/51b0bf425a281e226dfeba7401d2115d6091f84e.1659052063.git.bristot@kernel.org
Cc: Wim Van Sebroeck <wim@linux-watchdog.org>
Cc: Guenter Roeck <linux@roeck-us.net>
Cc: Jonathan Corbet <corbet@lwn.net>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Will Deacon <will@kernel.org>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Marco Elver <elver@google.com>
Cc: Dmitry Vyukov <dvyukov@google.com>
Cc: "Paul E. McKenney" <paulmck@kernel.org>
Cc: Shuah Khan <skhan@linuxfoundation.org>
Cc: Gabriele Paoloni <gpaoloni@redhat.com>
Cc: Juri Lelli <juri.lelli@redhat.com>
Cc: Clark Williams <williams@redhat.com>
Cc: Tao Zhou <tao.zhou@linux.dev>
Cc: Randy Dunlap <rdunlap@infradead.org>
Cc: linux-doc@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Cc: linux-trace-devel@vger.kernel.org
Signed-off-by: Daniel Bristot de Oliveira <bristot@kernel.org>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
2022-07-29 11:38:43 +02:00
# endif /* CONFIG_DA_MON_EVENTS_ID */
# endif /* _TRACE_RV_H */
/* This part ust be outside protection */
# undef TRACE_INCLUDE_PATH
# include <trace/define_trace.h>
