€•€ë      Œsphinx.addnodes”Œdocument”“”)”}”(Œ	rawsource”Œ ”Œchildren”]”(Œtranslations”ŒLanguagesNode”“”)”}”(hhh]”(h Œpending_xref”“”)”}”(hhh]”Œdocutils.nodes”ŒText”“”ŒChinese (Simplified)”…””}”Œparent”hsbaŒ
attributes”}”(Œids”]”Œclasses”]”Œnames”]”Œdupnames”]”Œbackrefs”]”Œ	refdomain”Œstd”Œreftype”Œdoc”Œ	reftarget”Œ./translations/zh_CN/trace/rv/monitor_synthesis”Œmodname”NŒ	classname”NŒrefexplicit”ˆuŒtagname”hhhubh)”}”(hhh]”hŒChinese (Traditional)”…””}”hh2sbah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”h)Œreftype”h+Œ	reftarget”Œ./translations/zh_TW/trace/rv/monitor_synthesis”Œmodname”NŒ	classname”NŒrefexplicit”ˆuh1hhhubh)”}”(hhh]”hŒItalian”…””}”hhFsbah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”h)Œreftype”h+Œ	reftarget”Œ./translations/it_IT/trace/rv/monitor_synthesis”Œmodname”NŒ	classname”NŒrefexplicit”ˆuh1hhhubh)”}”(hhh]”hŒJapanese”…””}”hhZsbah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”h)Œreftype”h+Œ	reftarget”Œ./translations/ja_JP/trace/rv/monitor_synthesis”Œmodname”NŒ	classname”NŒrefexplicit”ˆuh1hhhubh)”}”(hhh]”hŒKorean”…””}”hhnsbah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”h)Œreftype”h+Œ	reftarget”Œ./translations/ko_KR/trace/rv/monitor_synthesis”Œmodname”NŒ	classname”NŒrefexplicit”ˆuh1hhhubh)”}”(hhh]”hŒPortuguese (Brazilian)”…””}”hh‚sbah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”h)Œreftype”h+Œ	reftarget”Œ./translations/pt_BR/trace/rv/monitor_synthesis”Œmodname”NŒ	classname”NŒrefexplicit”ˆuh1hhhubh)”}”(hhh]”hŒSpanish”…””}”hh–sbah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”h)Œreftype”h+Œ	reftarget”Œ./translations/sp_SP/trace/rv/monitor_synthesis”Œmodname”NŒ	classname”NŒrefexplicit”ˆuh1hhhubeh}”(h]”h ]”h"]”h$]”h&]”Œcurrent_language”ŒEnglish”uh1h
hhŒ	_document”hŒsource”NŒline”NubhŒsection”“”)”}”(hhh]”(hŒtitle”“”)”}”(hŒ&Runtime Verification Monitor Synthesis”h]”hŒ&Runtime Verification Monitor Synthesis”…””}”(hh¼h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hºhh·h²hh³ŒH/var/lib/git/docbuild/linux/Documentation/trace/rv/monitor_synthesis.rst”h´KubhŒ	paragraph”“”)”}”(hŒ¸The starting point for the application of runtime verification (RV) techniques
is the *specification* or *modeling* of the desired (or undesired) behavior
of the system under scrutiny.”h]”(hŒVThe starting point for the application of runtime verification (RV) techniques
is the ”…””}”(hhÍh²hh³Nh´NubhŒemphasis”“”)”}”(hŒ*specification*”h]”hŒspecification”…””}”(hh×h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÕhhÍubhŒ or ”…””}”(hhÍh²hh³Nh´NubhÖ)”}”(hŒ
*modeling*”h]”hŒmodeling”…””}”(hhéh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÕhhÍubhŒE of the desired (or undesired) behavior
of the system under scrutiny.”…””}”(hhÍh²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Khh·h²hubhÌ)”}”(hX  The formal representation needs to be then *synthesized* into a *monitor*
that can then be used in the analysis of the trace of the system. The
*monitor* connects to the system via an *instrumentation* that converts
the events from the *system* to the events of the *specification*.”h]”(hŒ+The formal representation needs to be then ”…””}”(hj  h²hh³Nh´NubhÖ)”}”(hŒ*synthesized*”h]”hŒsynthesized”…””}”(hj	  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÕhj  ubhŒ into a ”…””}”(hj  h²hh³Nh´NubhÖ)”}”(hŒ	*monitor*”h]”hŒmonitor”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÕhj  ubhŒG
that can then be used in the analysis of the trace of the system. The
”…””}”(hj  h²hh³Nh´NubhÖ)”}”(hŒ	*monitor*”h]”hŒmonitor”…””}”(hj-  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÕhj  ubhŒ connects to the system via an ”…””}”(hj  h²hh³Nh´NubhÖ)”}”(hŒ*instrumentation*”h]”hŒinstrumentation”…””}”(hj?  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÕhj  ubhŒ# that converts
the events from the ”…””}”(hj  h²hh³Nh´NubhÖ)”}”(hŒ*system*”h]”hŒsystem”…””}”(hjQ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÕhj  ubhŒ to the events of the ”…””}”(hj  h²hh³Nh´NubhÖ)”}”(hŒ*specification*”h]”hŒspecification”…””}”(hjc  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÕhj  ubhŒ.”…””}”(hj  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Khh·h²hubhÌ)”}”(hXs  In Linux terms, the runtime verification monitors are encapsulated inside
the *RV monitor* abstraction. The RV monitor includes a set of instances
of the monitor (per-cpu monitor, per-task monitor, and so on), the helper
functions that glue the monitor to the system reference model, and the
trace output as a reaction to event parsing and exceptions, as depicted
below::”h]”(hŒNIn Linux terms, the runtime verification monitors are encapsulated inside
the ”…””}”(hj{  h²hh³Nh´NubhÖ)”}”(hŒ*RV monitor*”h]”hŒ
RV monitor”…””}”(hjƒ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÕhj{  ubhX   abstraction. The RV monitor includes a set of instances
of the monitor (per-cpu monitor, per-task monitor, and so on), the helper
functions that glue the monitor to the system reference model, and the
trace output as a reaction to event parsing and exceptions, as depicted
below:”…””}”(hj{  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Khh·h²hubhŒliteral_block”“”)”}”(hX<  Linux   +---- RV Monitor ----------------------------------+ Formal
 Realm  |                                                  |  Realm
 +-------------------+     +----------------+     +-----------------+
 |   Linux kernel    |     |     Monitor    |     |     Reference   |
 |     Tracing       |  -> |   Instance(s)  | <-  |       Model     |
 | (instrumentation) |     | (verification) |     | (specification) |
 +-------------------+     +----------------+     +-----------------+
        |                          |                       |
        |                          V                       |
        |                     +----------+                 |
        |                     | Reaction |                 |
        |                     +--+--+--+-+                 |
        |                        |  |  |                   |
        |                        |  |  +-> trace output ?  |
        +------------------------|--|----------------------+
                                 |  +----> panic ?
                                 +-------> <user-specified>”h]”hX<  Linux   +---- RV Monitor ----------------------------------+ Formal
 Realm  |                                                  |  Realm
 +-------------------+     +----------------+     +-----------------+
 |   Linux kernel    |     |     Monitor    |     |     Reference   |
 |     Tracing       |  -> |   Instance(s)  | <-  |       Model     |
 | (instrumentation) |     | (verification) |     | (specification) |
 +-------------------+     +----------------+     +-----------------+
        |                          |                       |
        |                          V                       |
        |                     +----------+                 |
        |                     | Reaction |                 |
        |                     +--+--+--+-+                 |
        |                        |  |  |                   |
        |                        |  |  +-> trace output ?  |
        +------------------------|--|----------------------+
                                 |  +----> panic ?
                                 +-------> <user-specified>”…””}”hj  sbah}”(h]”h ]”h"]”h$]”h&]”Œ	xml:space”Œpreserve”uh1j›  h³hÊh´Khh·h²hubh¶)”}”(hhh]”(h»)”}”(hŒRV monitor synthesis”h]”hŒRV monitor synthesis”…””}”(hj°  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hºhj­  h²hh³hÊh´K(ubhÌ)”}”(hŒ¿The synthesis of a specification into the Linux *RV monitor* abstraction is
automated by the rvgen tool and the header file containing common code for
creating monitors. The header files are:”h]”(hŒ0The synthesis of a specification into the Linux ”…””}”(hj¾  h²hh³Nh´NubhÖ)”}”(hŒ*RV monitor*”h]”hŒ
RV monitor”…””}”(hjÆ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÕhj¾  ubhŒƒ abstraction is
automated by the rvgen tool and the header file containing common code for
creating monitors. The header files are:”…””}”(hj¾  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´K*hj­  h²hubhŒblock_quote”“”)”}”(hŒ* rv/da_monitor.h for deterministic automaton monitor.
* rv/ltl_monitor.h for linear temporal logic monitor.
* rv/ha_monitor.h for hybrid automaton monitor.
”h]”hŒbullet_list”“”)”}”(hhh]”(hŒ	list_item”“”)”}”(hŒ4rv/da_monitor.h for deterministic automaton monitor.”h]”hÌ)”}”(hjí  h]”hŒ4rv/da_monitor.h for deterministic automaton monitor.”…””}”(hjï  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´K.hjë  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jé  hjæ  ubjê  )”}”(hŒ3rv/ltl_monitor.h for linear temporal logic monitor.”h]”hÌ)”}”(hj  h]”hŒ3rv/ltl_monitor.h for linear temporal logic monitor.”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´K/hj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jé  hjæ  ubjê  )”}”(hŒ.rv/ha_monitor.h for hybrid automaton monitor.
”h]”hÌ)”}”(hŒ-rv/ha_monitor.h for hybrid automaton monitor.”h]”hŒ-rv/ha_monitor.h for hybrid automaton monitor.”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´K0hj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jé  hjæ  ubeh}”(h]”h ]”h"]”h$]”h&]”Œbullet”Œ*”uh1jä  h³hÊh´K.hjà  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÞ  h³hÊh´K.hj­  h²hubeh}”(h]”Œrv-monitor-synthesis”ah ]”h"]”Œrv monitor synthesis”ah$]”h&]”uh1hµhh·h²hh³hÊh´K(ubh¶)”}”(hhh]”(h»)”}”(hŒrvgen”h]”hŒrvgen”…””}”(hjJ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hºhjG  h²hh³hÊh´K3ubhÌ)”}”(hŒvThe rvgen utility converts a specification into the C presentation and creating
the skeleton of a kernel monitor in C.”h]”hŒvThe rvgen utility converts a specification into the C presentation and creating
the skeleton of a kernel monitor in C.”…””}”(hjX  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´K5hjG  h²hubhÌ)”}”(hŒ}For example, it is possible to transform the wip.dot model present in
[1] into a per-cpu monitor with the following command::”h]”hŒ|For example, it is possible to transform the wip.dot model present in
[1] into a per-cpu monitor with the following command:”…””}”(hjf  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´K8hjG  h²hubjœ  )”}”(hŒ+$ rvgen monitor -c da -s wip.dot -t per_cpu”h]”hŒ+$ rvgen monitor -c da -s wip.dot -t per_cpu”…””}”hjt  sbah}”(h]”h ]”h"]”h$]”h&]”j«  j¬  uh1j›  h³hÊh´K;hjG  h²hubhÌ)”}”(hŒAThis will create a directory named wip/ with the following files:”h]”hŒAThis will create a directory named wip/ with the following files:”…””}”(hj‚  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´K=hjG  h²hubjå  )”}”(hhh]”(jê  )”}”(hŒwip.h: the wip model in C”h]”hÌ)”}”(hj•  h]”hŒwip.h: the wip model in C”…””}”(hj—  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´K?hj“  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jé  hj  h²hh³hÊh´Nubjê  )”}”(hŒwip.c: the RV monitor
”h]”hÌ)”}”(hŒwip.c: the RV monitor”h]”hŒwip.c: the RV monitor”…””}”(hj®  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´K@hjª  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jé  hj  h²hh³hÊh´Nubeh}”(h]”h ]”h"]”h$]”h&]”j7  Œ-”uh1jä  h³hÊh´K?hjG  h²hubhÌ)”}”(hŒfThe wip.c file contains the monitor declaration and the starting point for
the system instrumentation.”h]”hŒfThe wip.c file contains the monitor declaration and the starting point for
the system instrumentation.”…””}”(hjÉ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´KBhjG  h²hubhÌ)”}”(hŒXSimilarly, a linear temporal logic monitor can be generated with the following
command::”h]”hŒWSimilarly, a linear temporal logic monitor can be generated with the following
command:”…””}”(hj×  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´KEhjG  h²hubjœ  )”}”(hŒ3$ rvgen monitor -c ltl -s pagefault.ltl -t per_task”h]”hŒ3$ rvgen monitor -c ltl -s pagefault.ltl -t per_task”…””}”hjå  sbah}”(h]”h ]”h"]”h$]”h&]”j«  j¬  uh1j›  h³hÊh´KHhjG  h²hubhÌ)”}”(hŒ)This generates pagefault/ directory with:”h]”hŒ)This generates pagefault/ directory with:”…””}”(hjó  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´KJhjG  h²hubjå  )”}”(hhh]”(jê  )”}”(hŒbpagefault.h: The Buchi automaton (the non-deterministic state machine to
verify the specification)”h]”hÌ)”}”(hŒbpagefault.h: The Buchi automaton (the non-deterministic state machine to
verify the specification)”h]”hŒbpagefault.h: The Buchi automaton (the non-deterministic state machine to
verify the specification)”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´KLhj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jé  hj  h²hh³hÊh´Nubjê  )”}”(hŒ-pagefault.c: The skeleton for the RV monitor
”h]”hÌ)”}”(hŒ,pagefault.c: The skeleton for the RV monitor”h]”hŒ,pagefault.c: The skeleton for the RV monitor”…””}”(hj   h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´KNhj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jé  hj  h²hh³hÊh´Nubeh}”(h]”h ]”h"]”h$]”h&]”j7  jÈ  uh1jä  h³hÊh´KLhjG  h²hubeh}”(h]”Œrvgen”ah ]”h"]”Œrvgen”ah$]”h&]”uh1hµhh·h²hh³hÊh´K3ubh¶)”}”(hhh]”(h»)”}”(hŒMonitor header files”h]”hŒMonitor header files”…””}”(hjE  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hºhjB  h²hh³hÊh´KQubhÌ)”}”(hŒThe header files:”h]”hŒThe header files:”…””}”(hjS  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´KShjB  h²hubjå  )”}”(hhh]”(jê  )”}”(hŒ5`rv/da_monitor.h` for deterministic automaton monitor”h]”hÌ)”}”(hjf  h]”(hŒtitle_reference”“”)”}”(hŒ`rv/da_monitor.h`”h]”hŒrv/da_monitor.h”…””}”(hjm  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jk  hjh  ubhŒ$ for deterministic automaton monitor”…””}”(hjh  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´KUhjd  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jé  hja  h²hh³hÊh´Nubjê  )”}”(hŒ3`rv/ltl_monitor` for linear temporal logic monitor
”h]”hÌ)”}”(hŒ2`rv/ltl_monitor` for linear temporal logic monitor”h]”(jl  )”}”(hŒ`rv/ltl_monitor`”h]”hŒrv/ltl_monitor”…””}”(hj“  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jk  hj  ubhŒ" for linear temporal logic monitor”…””}”(hj  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´KVhj‹  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jé  hja  h²hh³hÊh´Nubeh}”(h]”h ]”h"]”h$]”h&]”j7  jÈ  uh1jä  h³hÊh´KUhjB  h²hubhÌ)”}”(hŒRinclude common macros and static functions for implementing *Monitor
Instance(s)*.”h]”(hŒ<include common macros and static functions for implementing ”…””}”(hj·  h²hh³Nh´NubhÖ)”}”(hŒ*Monitor
Instance(s)*”h]”hŒMonitor
Instance(s)”…””}”(hj¿  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÕhj·  ubhŒ.”…””}”(hj·  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´KXhjB  h²hubhÌ)”}”(hŒUThe benefits of having all common functionalities in a single header file are
3-fold:”h]”hŒUThe benefits of having all common functionalities in a single header file are
3-fold:”…””}”(hj×  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´K[hjB  h²hubjß  )”}”(hŒÇ- Reduce the code duplication;
- Facilitate the bug fix/improvement;
- Avoid the case of developers changing the core of the monitor code to
  manipulate the model in a (let's say) non-standard way.
”h]”jå  )”}”(hhh]”(jê  )”}”(hŒReduce the code duplication;”h]”hÌ)”}”(hjî  h]”hŒReduce the code duplication;”…””}”(hjð  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´K^hjì  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jé  hjé  ubjê  )”}”(hŒ#Facilitate the bug fix/improvement;”h]”hÌ)”}”(hj  h]”hŒ#Facilitate the bug fix/improvement;”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´K_hj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jé  hjé  ubjê  )”}”(hŒ~Avoid the case of developers changing the core of the monitor code to
manipulate the model in a (let's say) non-standard way.
”h]”hÌ)”}”(hŒ}Avoid the case of developers changing the core of the monitor code to
manipulate the model in a (let's say) non-standard way.”h]”hŒAvoid the case of developers changing the core of the monitor code to
manipulate the model in a (letâ€™s say) non-standard way.”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´K`hj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jé  hjé  ubeh}”(h]”h ]”h"]”h$]”h&]”j7  jÈ  uh1jä  h³hÊh´K^hjå  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÞ  h³hÊh´K^hjB  h²hubh¶)”}”(hhh]”(h»)”}”(hŒrv/da_monitor.h”h]”hŒrv/da_monitor.h”…””}”(hjA  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hºhj>  h²hh³hÊh´KdubhÌ)”}”(hŒPThis initial implementation presents three different types of monitor instances:”h]”hŒPThis initial implementation presents three different types of monitor instances:”…””}”(hjO  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Kfhj>  h²hubjå  )”}”(hhh]”(jê  )”}”(hŒ%``#define RV_MON_TYPE RV_MON_GLOBAL``”h]”hÌ)”}”(hjb  h]”hŒliteral”“”)”}”(hjb  h]”hŒ!#define RV_MON_TYPE RV_MON_GLOBAL”…””}”(hji  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jg  hjd  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Khhj`  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jé  hj]  h²hh³hÊh´Nubjê  )”}”(hŒ&``#define RV_MON_TYPE RV_MON_PER_CPU``”h]”hÌ)”}”(hj„  h]”jh  )”}”(hj„  h]”hŒ"#define RV_MON_TYPE RV_MON_PER_CPU”…””}”(hj‰  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jg  hj†  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Kihj‚  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jé  hj]  h²hh³hÊh´Nubjê  )”}”(hŒ(``#define RV_MON_TYPE RV_MON_PER_TASK``
”h]”hÌ)”}”(hŒ'``#define RV_MON_TYPE RV_MON_PER_TASK``”h]”jh  )”}”(hj¨  h]”hŒ##define RV_MON_TYPE RV_MON_PER_TASK”…””}”(hjª  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jg  hj¦  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Kjhj¢  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jé  hj]  h²hh³hÊh´Nubeh}”(h]”h ]”h"]”h$]”h&]”j7  jÈ  uh1jä  h³hÊh´Khhj>  h²hubhÌ)”}”(hŒ«The first sets up functions declaration for a global deterministic automata
monitor, the second for monitors with per-cpu instances, and the third with
per-task instances.”h]”hŒ«The first sets up functions declaration for a global deterministic automata
monitor, the second for monitors with per-cpu instances, and the third with
per-task instances.”…””}”(hjÉ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Klhj>  h²hubhÌ)”}”(hŒ¯In all cases, the C file must include the $(MODEL_NAME).h file (generated by
`rvgen`), for example, to define the per-cpu 'wip' monitor, the `wip.c` source
file must include::”h]”(hŒMIn all cases, the C file must include the $(MODEL_NAME).h file (generated by
”…””}”(hj×  h²hh³Nh´Nubjl  )”}”(hŒ`rvgen`”h]”hŒrvgen”…””}”(hjß  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jk  hj×  ubhŒ=), for example, to define the per-cpu â€˜wipâ€™ monitor, the ”…””}”(hj×  h²hh³Nh´Nubjl  )”}”(hŒ`wip.c`”h]”hŒwip.c”…””}”(hjñ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jk  hj×  ubhŒ source
file must include:”…””}”(hj×  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Kphj>  h²hubjœ  )”}”(hŒN#define RV_MON_TYPE RV_MON_PER_CPU
#include "wip.h"
#include <rv/da_monitor.h>”h]”hŒN#define RV_MON_TYPE RV_MON_PER_CPU
#include "wip.h"
#include <rv/da_monitor.h>”…””}”hj	  sbah}”(h]”h ]”h"]”h$]”h&]”j«  j¬  uh1j›  h³hÊh´Kthj>  h²hubhÌ)”}”(hŒ]The monitor is executed by sending events to be processed via the functions
presented below::”h]”hŒ\The monitor is executed by sending events to be processed via the functions
presented below:”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Kxhj>  h²hubjœ  )”}”(hŒda_handle_event($(event from event enum));
da_handle_start_event($(event from event enum));
da_handle_start_run_event($(event from event enum));”h]”hŒda_handle_event($(event from event enum));
da_handle_start_event($(event from event enum));
da_handle_start_run_event($(event from event enum));”…””}”hj%  sbah}”(h]”h ]”h"]”h$]”h&]”j«  j¬  uh1j›  h³hÊh´K{hj>  h²hubhÌ)”}”(hŒ}The function ``da_handle_event()`` is the regular case where
the event will be processed if the monitor is processing events.”h]”(hŒThe function ”…””}”(hj3  h²hh³Nh´Nubjh  )”}”(hŒ``da_handle_event()``”h]”hŒda_handle_event()”…””}”(hj;  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jg  hj3  ubhŒ[ is the regular case where
the event will be processed if the monitor is processing events.”…””}”(hj3  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Khj>  h²hubhÌ)”}”(hŒ™When a monitor is enabled, it is placed in the initial state of the automata.
However, the monitor does not know if the system is in the *initial state*.”h]”(hŒ‰When a monitor is enabled, it is placed in the initial state of the automata.
However, the monitor does not know if the system is in the ”…””}”(hjS  h²hh³Nh´NubhÖ)”}”(hŒ*initial state*”h]”hŒinitial state”…””}”(hj[  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÕhjS  ubhŒ.”…””}”(hjS  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´K‚hj>  h²hubhÌ)”}”(hŒ­The ``da_handle_start_event()`` function is used to notify the
monitor that the system is returning to the initial state, so the monitor can
start monitoring the next event.”h]”(hŒThe ”…””}”(hjs  h²hh³Nh´Nubjh  )”}”(hŒ``da_handle_start_event()``”h]”hŒda_handle_start_event()”…””}”(hj{  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jg  hjs  ubhŒŽ function is used to notify the
monitor that the system is returning to the initial state, so the monitor can
start monitoring the next event.”…””}”(hjs  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´K…hj>  h²hubhÌ)”}”(hŒÂThe ``da_handle_start_run_event()`` function is used to notify
the monitor that the system is known to be in the initial state, so the
monitor can start monitoring and monitor the current event.”h]”(hŒThe ”…””}”(hj“  h²hh³Nh´Nubjh  )”}”(hŒ``da_handle_start_run_event()``”h]”hŒda_handle_start_run_event()”…””}”(hj›  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jg  hj“  ubhŒŸ function is used to notify
the monitor that the system is known to be in the initial state, so the
monitor can start monitoring and monitor the current event.”…””}”(hj“  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´K‰hj>  h²hubhÌ)”}”(hŒ‚Using the wip model as example, the events "preempt_disable" and
"sched_waking" should be sent to monitor, respectively, via [2]::”h]”hŒ‰Using the wip model as example, the events â€œpreempt_disableâ€ and
â€œsched_wakingâ€ should be sent to monitor, respectively, via [2]:”…””}”(hj³  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Khj>  h²hubjœ  )”}”(hŒHda_handle_event(preempt_disable_wip);
da_handle_event(sched_waking_wip);”h]”hŒHda_handle_event(preempt_disable_wip);
da_handle_event(sched_waking_wip);”…””}”hjÁ  sbah}”(h]”h ]”h"]”h$]”h&]”j«  j¬  uh1j›  h³hÊh´Khj>  h²hubhÌ)”}”(hŒ,While the event "preempt_enabled" will use::”h]”hŒ/While the event â€œpreempt_enabledâ€ will use:”…””}”(hjÏ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´K“hj>  h²hubjœ  )”}”(hŒ*da_handle_start_event(preempt_enable_wip);”h]”hŒ*da_handle_start_event(preempt_enable_wip);”…””}”hjÝ  sbah}”(h]”h ]”h"]”h$]”h&]”j«  j¬  uh1j›  h³hÊh´K•hj>  h²hubhÌ)”}”(hŒ~To notify the monitor that the system will be returning to the initial state,
so the system and the monitor should be in sync.”h]”hŒ~To notify the monitor that the system will be returning to the initial state,
so the system and the monitor should be in sync.”…””}”(hjë  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´K—hj>  h²hubeh}”(h]”Œrv-da-monitor-h”ah ]”h"]”Œrv/da_monitor.h”ah$]”h&]”uh1hµhjB  h²hh³hÊh´Kdubh¶)”}”(hhh]”(h»)”}”(hŒrv/ltl_monitor.h”h]”hŒrv/ltl_monitor.h”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hºhj  h²hh³hÊh´K›ubhÌ)”}”(hŒ¶This file must be combined with the $(MODEL_NAME).h file (generated by `rvgen`)
to be complete. For example, for the `pagefault` monitor, the `pagefault.c`
source file must include::”h]”(hŒGThis file must be combined with the $(MODEL_NAME).h file (generated by ”…””}”(hj  h²hh³Nh´Nubjl  )”}”(hŒ`rvgen`”h]”hŒrvgen”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jk  hj  ubhŒ')
to be complete. For example, for the ”…””}”(hj  h²hh³Nh´Nubjl  )”}”(hŒ`pagefault`”h]”hŒ	pagefault”…””}”(hj,  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jk  hj  ubhŒ monitor, the ”…””}”(hj  h²hh³Nh´Nubjl  )”}”(hŒ`pagefault.c`”h]”hŒpagefault.c”…””}”(hj>  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jk  hj  ubhŒ
source file must include:”…””}”(hj  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Kœhj  h²hubjœ  )”}”(hŒ2#include "pagefault.h"
#include <rv/ltl_monitor.h>”h]”hŒ2#include "pagefault.h"
#include <rv/ltl_monitor.h>”…””}”hjV  sbah}”(h]”h ]”h"]”h$]”h&]”j«  j¬  uh1j›  h³hÊh´K hj  h²hubhÌ)”}”(hŒC(the skeleton monitor file generated by `rvgen` already does this).”h]”(hŒ((the skeleton monitor file generated by ”…””}”(hjd  h²hh³Nh´Nubjl  )”}”(hŒ`rvgen`”h]”hŒrvgen”…””}”(hjl  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jk  hjd  ubhŒ already does this).”…””}”(hjd  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´K£hj  h²hubhÌ)”}”(hXg  `$(MODEL_NAME).h` (`pagefault.h` in the above example) includes the
implementation of the Buchi automaton - a non-deterministic state machine that
verifies the LTL specification. While `rv/ltl_monitor.h` includes the common
helper functions to interact with the Buchi automaton and to implement an RV
monitor. An important definition in `$(MODEL_NAME).h` is::”h]”(jl  )”}”(hŒ`$(MODEL_NAME).h`”h]”hŒ$(MODEL_NAME).h”…””}”(hjˆ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jk  hj„  ubhŒ (”…””}”(hj„  h²hh³Nh´Nubjl  )”}”(hŒ`pagefault.h`”h]”hŒpagefault.h”…””}”(hjš  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jk  hj„  ubhŒ™ in the above example) includes the
implementation of the Buchi automaton - a non-deterministic state machine that
verifies the LTL specification. While ”…””}”(hj„  h²hh³Nh´Nubjl  )”}”(hŒ`rv/ltl_monitor.h`”h]”hŒrv/ltl_monitor.h”…””}”(hj¬  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jk  hj„  ubhŒ† includes the common
helper functions to interact with the Buchi automaton and to implement an RV
monitor. An important definition in ”…””}”(hj„  h²hh³Nh´Nubjl  )”}”(hŒ`$(MODEL_NAME).h`”h]”hŒ$(MODEL_NAME).h”…””}”(hj¾  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jk  hj„  ubhŒ is:”…””}”(hj„  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´K¥hj  h²hubjœ  )”}”(hŒvenum ltl_atom {
    LTL_$(FIRST_ATOMIC_PROPOSITION),
    LTL_$(SECOND_ATOMIC_PROPOSITION),
    ...
    LTL_NUM_ATOM
};”h]”hŒvenum ltl_atom {
    LTL_$(FIRST_ATOMIC_PROPOSITION),
    LTL_$(SECOND_ATOMIC_PROPOSITION),
    ...
    LTL_NUM_ATOM
};”…””}”hjÖ  sbah}”(h]”h ]”h"]”h$]”h&]”j«  j¬  uh1j›  h³hÊh´K«hj  h²hubhÌ)”}”(hŒÇwhich is the list of atomic propositions present in the LTL specification
(prefixed with "LTL\_" to avoid name collision). This `enum` is passed to the
functions interacting with the Buchi automaton.”h]”(hŒ„which is the list of atomic propositions present in the LTL specification
(prefixed with â€œLTL _â€ to avoid name collision). This ”…””}”(hjä  h²hh³Nh´Nubjl  )”}”(hŒ`enum`”h]”hŒenum”…””}”(hjì  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jk  hjä  ubhŒA is passed to the
functions interacting with the Buchi automaton.”…””}”(hjä  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´K²hj  h²hubhÌ)”}”(hX*  While generating code, `rvgen` cannot understand the meaning of the atomic
propositions. Thus, that task is left for manual work. The recommended practice
is adding tracepoints to places where the atomic propositions change; and in the
tracepoints' handlers: the Buchi automaton is executed using::”h]”(hŒWhile generating code, ”…””}”(hj  h²hh³Nh´Nubjl  )”}”(hŒ`rvgen`”h]”hŒrvgen”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jk  hj  ubhX   cannot understand the meaning of the atomic
propositions. Thus, that task is left for manual work. The recommended practice
is adding tracepoints to places where the atomic propositions change; and in the
tracepointsâ€™ handlers: the Buchi automaton is executed using:”…””}”(hj  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´K¶hj  h²hubjœ  )”}”(hŒNvoid ltl_atom_update(struct task_struct *task, enum ltl_atom atom, bool value)”h]”hŒNvoid ltl_atom_update(struct task_struct *task, enum ltl_atom atom, bool value)”…””}”hj$  sbah}”(h]”h ]”h"]”h$]”h&]”j«  j¬  uh1j›  h³hÊh´K»hj  h²hubhÌ)”}”(hŒôwhich tells the Buchi automaton that the atomic proposition `atom` is now
`value`. The Buchi automaton checks whether the LTL specification is still
satisfied, and invokes the monitor's error tracepoint and the reactor if
violation is detected.”h]”(hŒ<which tells the Buchi automaton that the atomic proposition ”…””}”(hj2  h²hh³Nh´Nubjl  )”}”(hŒ`atom`”h]”hŒatom”…””}”(hj:  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jk  hj2  ubhŒ is now
”…””}”(hj2  h²hh³Nh´Nubjl  )”}”(hŒ`value`”h]”hŒvalue”…””}”(hjL  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jk  hj2  ubhŒ¥. The Buchi automaton checks whether the LTL specification is still
satisfied, and invokes the monitorâ€™s error tracepoint and the reactor if
violation is detected.”…””}”(hj2  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´K½hj  h²hubhÌ)”}”(hX“  Tracepoints and `ltl_atom_update()` should be used whenever possible. However,
it is sometimes not the most convenient. For some atomic propositions which are
changed in multiple places in the kernel, it is cumbersome to trace all those
places. Furthermore, it may not be important that the atomic propositions are
updated at precise times. For example, considering the following linear temporal
logic::”h]”(hŒTracepoints and ”…””}”(hjd  h²hh³Nh´Nubjl  )”}”(hŒ`ltl_atom_update()`”h]”hŒltl_atom_update()”…””}”(hjl  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jk  hjd  ubhXo   should be used whenever possible. However,
it is sometimes not the most convenient. For some atomic propositions which are
changed in multiple places in the kernel, it is cumbersome to trace all those
places. Furthermore, it may not be important that the atomic propositions are
updated at precise times. For example, considering the following linear temporal
logic:”…””}”(hjd  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´KÂhj  h²hubjœ  )”}”(hŒ&RULE = always (RT imply not PAGEFAULT)”h]”hŒ&RULE = always (RT imply not PAGEFAULT)”…””}”hj„  sbah}”(h]”h ]”h"]”h$]”h&]”j«  j¬  uh1j›  h³hÊh´KÉhj  h²hubhÌ)”}”(hŒøThis LTL states that a real-time task does not raise page faults. For this
specification, it is not important when `RT` changes, as long as it has the
correct value when `PAGEFAULT` is true.  Motivated by this case, another
function is introduced::”h]”(hŒsThis LTL states that a real-time task does not raise page faults. For this
specification, it is not important when ”…””}”(hj’  h²hh³Nh´Nubjl  )”}”(hŒ`RT`”h]”hŒRT”…””}”(hjš  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jk  hj’  ubhŒ3 changes, as long as it has the
correct value when ”…””}”(hj’  h²hh³Nh´Nubjl  )”}”(hŒ`PAGEFAULT`”h]”hŒ	PAGEFAULT”…””}”(hj¬  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jk  hj’  ubhŒB is true.  Motivated by this case, another
function is introduced:”…””}”(hj’  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´KËhj  h²hubjœ  )”}”(hŒFvoid ltl_atom_fetch(struct task_struct *task, struct ltl_monitor *mon)”h]”hŒFvoid ltl_atom_fetch(struct task_struct *task, struct ltl_monitor *mon)”…””}”hjÄ  sbah}”(h]”h ]”h"]”h$]”h&]”j«  j¬  uh1j›  h³hÊh´KÐhj  h²hubhÌ)”}”(hŒ~This function is called whenever the Buchi automaton is triggered. Therefore, it
can be manually implemented to "fetch" `RT`::”h]”(hŒ|This function is called whenever the Buchi automaton is triggered. Therefore, it
can be manually implemented to â€œfetchâ€ ”…””}”(hjÒ  h²hh³Nh´Nubjl  )”}”(hŒ`RT`”h]”hŒRT”…””}”(hjÚ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jk  hjÒ  ubhŒ:”…””}”(hjÒ  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´KÒhj  h²hubjœ  )”}”(hŒxvoid ltl_atom_fetch(struct task_struct *task, struct ltl_monitor *mon)
{
    ltl_atom_set(mon, LTL_RT, rt_task(task));
}”h]”hŒxvoid ltl_atom_fetch(struct task_struct *task, struct ltl_monitor *mon)
{
    ltl_atom_set(mon, LTL_RT, rt_task(task));
}”…””}”hjò  sbah}”(h]”h ]”h"]”h$]”h&]”j«  j¬  uh1j›  h³hÊh´KÕhj  h²hubhÌ)”}”(hŒ³Effectively, whenever `PAGEFAULT` is updated with a call to `ltl_atom_update()`,
`RT` is also fetched. Thus, the LTL specification can be verified without
tracing `RT` everywhere.”h]”(hŒEffectively, whenever ”…””}”(hj   h²hh³Nh´Nubjl  )”}”(hŒ`PAGEFAULT`”h]”hŒ	PAGEFAULT”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jk  hj   ubhŒ is updated with a call to ”…””}”(hj   h²hh³Nh´Nubjl  )”}”(hŒ`ltl_atom_update()`”h]”hŒltl_atom_update()”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jk  hj   ubhŒ,
”…””}”(hj   h²hh³Nh´Nubjl  )”}”(hŒ`RT`”h]”hŒRT”…””}”(hj,  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jk  hj   ubhŒN is also fetched. Thus, the LTL specification can be verified without
tracing ”…””}”(hj   h²hh³Nh´Nubjl  )”}”(hŒ`RT`”h]”hŒRT”…””}”(hj>  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jk  hj   ubhŒ everywhere.”…””}”(hj   h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´KÚhj  h²hubhÌ)”}”(hŒ¢For atomic propositions which act like events, they usually need to be set (or
cleared) and then immediately cleared (or set). A convenient function is
provided::”h]”hŒ¡For atomic propositions which act like events, they usually need to be set (or
cleared) and then immediately cleared (or set). A convenient function is
provided:”…””}”(hjV  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´KÞhj  h²hubjœ  )”}”(hŒMvoid ltl_atom_pulse(struct task_struct *task, enum ltl_atom atom, bool value)”h]”hŒMvoid ltl_atom_pulse(struct task_struct *task, enum ltl_atom atom, bool value)”…””}”hjd  sbah}”(h]”h ]”h"]”h$]”h&]”j«  j¬  uh1j›  h³hÊh´Kâhj  h²hubhÌ)”}”(hŒwhich is equivalent to::”h]”hŒwhich is equivalent to:”…””}”(hjr  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Kähj  h²hubjœ  )”}”(hŒHltl_atom_update(task, atom, value);
ltl_atom_update(task, atom, !value);”h]”hŒHltl_atom_update(task, atom, value);
ltl_atom_update(task, atom, !value);”…””}”hj€  sbah}”(h]”h ]”h"]”h$]”h&]”j«  j¬  uh1j›  h³hÊh´Kæhj  h²hubhÌ)”}”(hŒSTo initialize the atomic propositions, the following function must be
implemented::”h]”hŒRTo initialize the atomic propositions, the following function must be
implemented:”…””}”(hjŽ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Kéhj  h²hubjœ  )”}”(hŒUltl_atoms_init(struct task_struct *task, struct ltl_monitor *mon, bool task_creation)”h]”hŒUltl_atoms_init(struct task_struct *task, struct ltl_monitor *mon, bool task_creation)”…””}”hjœ  sbah}”(h]”h ]”h"]”h$]”h&]”j«  j¬  uh1j›  h³hÊh´Kìhj  h²hubhÌ)”}”(hŒÞThis function is called for all running tasks when the monitor is enabled. It is
also called for new tasks created after the enabling the monitor. It should
initialize as many atomic propositions as possible, for example::”h]”hŒÝThis function is called for all running tasks when the monitor is enabled. It is
also called for new tasks created after the enabling the monitor. It should
initialize as many atomic propositions as possible, for example:”…””}”(hjª  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Kîhj  h²hubjœ  )”}”(hŒÓvoid ltl_atom_init(struct task_struct *task, struct ltl_monitor *mon, bool task_creation)
{
    ltl_atom_set(mon, LTL_RT, rt_task(task));
    if (task_creation)
        ltl_atom_set(mon, LTL_PAGEFAULT, false);
}”h]”hŒÓvoid ltl_atom_init(struct task_struct *task, struct ltl_monitor *mon, bool task_creation)
{
    ltl_atom_set(mon, LTL_RT, rt_task(task));
    if (task_creation)
        ltl_atom_set(mon, LTL_PAGEFAULT, false);
}”…””}”hj¸  sbah}”(h]”h ]”h"]”h$]”h&]”j«  j¬  uh1j›  h³hÊh´Kòhj  h²hubhÌ)”}”(hXº  Atomic propositions not initialized by `ltl_atom_init()` will stay in the
unknown state until relevant tracepoints are hit, which can take some time. As
monitoring for a task cannot be done until all atomic propositions is known for
the task, the monitor may need some time to start validating tasks which have
been running before the monitor is enabled. Therefore, it is recommended to
start the tasks of interest after enabling the monitor.”h]”(hŒ'Atomic propositions not initialized by ”…””}”(hjÆ  h²hh³Nh´Nubjl  )”}”(hŒ`ltl_atom_init()`”h]”hŒltl_atom_init()”…””}”(hjÎ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jk  hjÆ  ubhX‚   will stay in the
unknown state until relevant tracepoints are hit, which can take some time. As
monitoring for a task cannot be done until all atomic propositions is known for
the task, the monitor may need some time to start validating tasks which have
been running before the monitor is enabled. Therefore, it is recommended to
start the tasks of interest after enabling the monitor.”…””}”(hjÆ  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Kùhj  h²hubeh}”(h]”Œrv-ltl-monitor-h”ah ]”h"]”Œrv/ltl_monitor.h”ah$]”h&]”uh1hµhjB  h²hh³hÊh´K›ubh¶)”}”(hhh]”(h»)”}”(hŒrv/ha_monitor.h”h]”hŒrv/ha_monitor.h”…””}”(hjñ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hºhjî  h²hh³hÊh´MubhÌ)”}”(hŒâThe implementation of hybrid automaton monitors derives directly from the
deterministic automaton one. Despite using a different header
(``ha_monitor.h``) the functions to handle events are the same (e.g.
``da_handle_event``).”h]”(hŒ‰The implementation of hybrid automaton monitors derives directly from the
deterministic automaton one. Despite using a different header
(”…””}”(hjÿ  h²hh³Nh´Nubjh  )”}”(hŒ``ha_monitor.h``”h]”hŒha_monitor.h”…””}”(hj	  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jg  hjÿ  ubhŒ4) the functions to handle events are the same (e.g.
”…””}”(hjÿ  h²hh³Nh´Nubjh  )”}”(hŒ``da_handle_event``”h]”hŒda_handle_event”…””}”(hj	  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jg  hjÿ  ubhŒ).”…””}”(hjÿ  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Mhjî  h²hubhÌ)”}”(hŒ·Additionally, the `rvgen` tool populates skeletons for the
``ha_verify_constraint``, ``ha_get_env`` and ``ha_reset_env`` based on the
monitor specification in the monitor source file.”h]”(hŒAdditionally, the ”…””}”(hj1	  h²hh³Nh´Nubjl  )”}”(hŒ`rvgen`”h]”hŒrvgen”…””}”(hj9	  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jk  hj1	  ubhŒ" tool populates skeletons for the
”…””}”(hj1	  h²hh³Nh´Nubjh  )”}”(hŒ``ha_verify_constraint``”h]”hŒha_verify_constraint”…””}”(hjK	  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jg  hj1	  ubhŒ, ”…””}”(hj1	  h²hh³Nh´Nubjh  )”}”(hŒ``ha_get_env``”h]”hŒ
ha_get_env”…””}”(hj]	  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jg  hj1	  ubhŒ and ”…””}”(hj1	  h²hh³Nh´Nubjh  )”}”(hŒ``ha_reset_env``”h]”hŒha_reset_env”…””}”(hjo	  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jg  hj1	  ubhŒ? based on the
monitor specification in the monitor source file.”…””}”(hj1	  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Mhjî  h²hubhÌ)”}”(hŒJ``ha_verify_constraint`` is typically ready as it is generated by `rvgen`:”h]”(jh  )”}”(hŒ``ha_verify_constraint``”h]”hŒha_verify_constraint”…””}”(hj‹	  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jg  hj‡	  ubhŒ* is typically ready as it is generated by ”…””}”(hj‡	  h²hh³Nh´Nubjl  )”}”(hŒ`rvgen`”h]”hŒrvgen”…””}”(hj	  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jk  hj‡	  ubhŒ:”…””}”(hj‡	  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Mhjî  h²hubjå  )”}”(hhh]”(jê  )”}”(hŒcstandard constraints on edges are turned into the form::

  res = ha_get_env(ha_mon, ENV) < VALUE;
”h]”(hÌ)”}”(hŒ8standard constraints on edges are turned into the form::”h]”hŒ7standard constraints on edges are turned into the form:”…””}”(hj¼	  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Mhj¸	  ubjœ  )”}”(hŒ&res = ha_get_env(ha_mon, ENV) < VALUE;”h]”hŒ&res = ha_get_env(ha_mon, ENV) < VALUE;”…””}”hjÊ	  sbah}”(h]”h ]”h"]”h$]”h&]”j«  j¬  uh1j›  h³hÊh´Mhj¸	  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jé  hjµ	  h²hh³hÊh´Nubjê  )”}”(hŒKreset constraints are turned into the form::

  ha_reset_env(ha_mon, ENV);
”h]”(hÌ)”}”(hŒ,reset constraints are turned into the form::”h]”hŒ+reset constraints are turned into the form:”…””}”(hjâ	  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´MhjÞ	  ubjœ  )”}”(hŒha_reset_env(ha_mon, ENV);”h]”hŒha_reset_env(ha_mon, ENV);”…””}”hjð	  sbah}”(h]”h ]”h"]”h$]”h&]”j«  j¬  uh1j›  h³hÊh´MhjÞ	  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jé  hjµ	  h²hh³hÊh´Nubjê  )”}”(hXû  constraints on the state are implemented using timers

- armed before entering the state

- cancelled while entering any other state

- untouched if the state does not change as a result of the event

- checked if the timer expired but the callback did not run

- available implementation are `HA_TIMER_HRTIMER` and `HA_TIMER_WHEEL`

  - hrtimers are more precise but may have higher overhead

  - select by defining `HA_TIMER_TYPE` before including the header::

    #define HA_TIMER_TYPE HA_TIMER_HRTIMER
”h]”(hÌ)”}”(hŒ5constraints on the state are implemented using timers”h]”hŒ5constraints on the state are implemented using timers”…””}”(hj
  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Mhj
  ubjå  )”}”(hhh]”(jê  )”}”(hŒ armed before entering the state
”h]”hÌ)”}”(hŒarmed before entering the state”h]”hŒarmed before entering the state”…””}”(hj
  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Mhj
  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jé  hj
  ubjê  )”}”(hŒ)cancelled while entering any other state
”h]”hÌ)”}”(hŒ(cancelled while entering any other state”h]”hŒ(cancelled while entering any other state”…””}”(hj5
  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Mhj1
  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jé  hj
  ubjê  )”}”(hŒ@untouched if the state does not change as a result of the event
”h]”hÌ)”}”(hŒ?untouched if the state does not change as a result of the event”h]”hŒ?untouched if the state does not change as a result of the event”…””}”(hjM
  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´MhjI
  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jé  hj
  ubjê  )”}”(hŒ:checked if the timer expired but the callback did not run
”h]”hÌ)”}”(hŒ9checked if the timer expired but the callback did not run”h]”hŒ9checked if the timer expired but the callback did not run”…””}”(hje
  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Mhja
  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jé  hj
  ubjê  )”}”(hŒíavailable implementation are `HA_TIMER_HRTIMER` and `HA_TIMER_WHEEL`

- hrtimers are more precise but may have higher overhead

- select by defining `HA_TIMER_TYPE` before including the header::

  #define HA_TIMER_TYPE HA_TIMER_HRTIMER
”h]”(hÌ)”}”(hŒDavailable implementation are `HA_TIMER_HRTIMER` and `HA_TIMER_WHEEL`”h]”(hŒavailable implementation are ”…””}”(hj}
  h²hh³Nh´Nubjl  )”}”(hŒ`HA_TIMER_HRTIMER`”h]”hŒHA_TIMER_HRTIMER”…””}”(hj…
  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jk  hj}
  ubhŒ and ”…””}”(hj}
  h²hh³Nh´Nubjl  )”}”(hŒ`HA_TIMER_WHEEL`”h]”hŒHA_TIMER_WHEEL”…””}”(hj—
  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jk  hj}
  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M hjy
  ubjå  )”}”(hhh]”(jê  )”}”(hŒ7hrtimers are more precise but may have higher overhead
”h]”hÌ)”}”(hŒ6hrtimers are more precise but may have higher overhead”h]”hŒ6hrtimers are more precise but may have higher overhead”…””}”(hj²
  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M"hj®
  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jé  hj«
  ubjê  )”}”(hŒiselect by defining `HA_TIMER_TYPE` before including the header::

#define HA_TIMER_TYPE HA_TIMER_HRTIMER
”h]”(hÌ)”}”(hŒ@select by defining `HA_TIMER_TYPE` before including the header::”h]”(hŒselect by defining ”…””}”(hjÊ
  h²hh³Nh´Nubjl  )”}”(hŒ`HA_TIMER_TYPE`”h]”hŒHA_TIMER_TYPE”…””}”(hjÒ
  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jk  hjÊ
  ubhŒ before including the header:”…””}”(hjÊ
  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M$hjÆ
  ubjœ  )”}”(hŒ&#define HA_TIMER_TYPE HA_TIMER_HRTIMER”h]”hŒ&#define HA_TIMER_TYPE HA_TIMER_HRTIMER”…””}”hjê
  sbah}”(h]”h ]”h"]”h$]”h&]”j«  j¬  uh1j›  h³hÊh´M&hjÆ
  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jé  hj«
  ubeh}”(h]”h ]”h"]”h$]”h&]”j7  jÈ  uh1jä  h³hÊh´M"hjy
  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jé  hj
  ubeh}”(h]”h ]”h"]”h$]”h&]”j7  jÈ  uh1jä  h³hÊh´Mhj
  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jé  hjµ	  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”j7  j8  uh1jä  h³hÊh´Mhjî  h²hubhÌ)”}”(hŒ6Constraint values can be specified in different forms:”h]”hŒ6Constraint values can be specified in different forms:”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M(hjî  h²hubjå  )”}”(hhh]”(jê  )”}”(hŒ_literal value (with optional unit). E.g.::

  preemptive == 0
  clk < 100ns
  threshold <= 10j
”h]”(hÌ)”}”(hŒ*literal value (with optional unit). E.g.::”h]”hŒ)literal value (with optional unit). E.g.:”…””}”(hj1  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M*hj-  ubjœ  )”}”(hŒ,preemptive == 0
clk < 100ns
threshold <= 10j”h]”hŒ,preemptive == 0
clk < 100ns
threshold <= 10j”…””}”hj?  sbah}”(h]”h ]”h"]”h$]”h&]”j«  j¬  uh1j›  h³hÊh´M,hj-  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jé  hj*  h²hh³hÊh´Nubjê  )”}”(hŒ:constant value (uppercase string). E.g.::

  clk < MAX_NS
”h]”(hÌ)”}”(hŒ)constant value (uppercase string). E.g.::”h]”hŒ(constant value (uppercase string). E.g.:”…””}”(hjW  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M0hjS  ubjœ  )”}”(hŒclk < MAX_NS”h]”hŒclk < MAX_NS”…””}”hje  sbah}”(h]”h ]”h"]”h$]”h&]”j«  j¬  uh1j›  h³hÊh´M2hjS  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jé  hj*  h²hh³hÊh´Nubjê  )”}”(hŒAparameter (lowercase string). E.g.::

  clk <= threshold_jiffies
”h]”(hÌ)”}”(hŒ$parameter (lowercase string). E.g.::”h]”hŒ#parameter (lowercase string). E.g.:”…””}”(hj}  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M4hjy  ubjœ  )”}”(hŒclk <= threshold_jiffies”h]”hŒclk <= threshold_jiffies”…””}”hj‹  sbah}”(h]”h ]”h"]”h$]”h&]”j«  j¬  uh1j›  h³hÊh´M6hjy  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jé  hj*  h²hh³hÊh´Nubjê  )”}”(hŒDmacro (uppercase string with parentheses). E.g.::

  clk < MAX_NS()
”h]”(hÌ)”}”(hŒ1macro (uppercase string with parentheses). E.g.::”h]”hŒ0macro (uppercase string with parentheses). E.g.:”…””}”(hj£  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M8hjŸ  ubjœ  )”}”(hŒclk < MAX_NS()”h]”hŒclk < MAX_NS()”…””}”hj±  sbah}”(h]”h ]”h"]”h$]”h&]”j«  j¬  uh1j›  h³hÊh´M:hjŸ  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jé  hj*  h²hh³hÊh´Nubjê  )”}”(hŒSfunction (lowercase string with parentheses). E.g.::

  clk <= threshold_jiffies()
”h]”(hÌ)”}”(hŒ4function (lowercase string with parentheses). E.g.::”h]”hŒ3function (lowercase string with parentheses). E.g.:”…””}”(hjÉ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M<hjÅ  ubjœ  )”}”(hŒclk <= threshold_jiffies()”h]”hŒclk <= threshold_jiffies()”…””}”hj×  sbah}”(h]”h ]”h"]”h$]”h&]”j«  j¬  uh1j›  h³hÊh´M>hjÅ  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jé  hj*  h²hh³hÊh´Nubeh}”(h]”h ]”h"]”h$]”h&]”j7  j8  uh1jä  h³hÊh´M*hjî  h²hubhÌ)”}”(hX}  In all cases, `rvgen` will try to understand the type of the environment
variable from the name or unit. For instance, constants or parameters
terminating with ``_NS`` or ``_jiffies`` are intended as clocks with ns and jiffy
granularity, respectively. Literals with measure unit `j` are jiffies and if a
time unit is specified (`ns` to `s`), `rvgen` will convert the value to `ns`.”h]”(hŒIn all cases, ”…””}”(hjñ  h²hh³Nh´Nubjl  )”}”(hŒ`rvgen`”h]”hŒrvgen”…””}”(hjù  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jk  hjñ  ubhŒ‹ will try to understand the type of the environment
variable from the name or unit. For instance, constants or parameters
terminating with ”…””}”(hjñ  h²hh³Nh´Nubjh  )”}”(hŒ``_NS``”h]”hŒ_NS”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jg  hjñ  ubhŒ or ”…””}”(hjñ  h²hh³Nh´Nubjh  )”}”(hŒ``_jiffies``”h]”hŒ_jiffies”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jg  hjñ  ubhŒ` are intended as clocks with ns and jiffy
granularity, respectively. Literals with measure unit ”…””}”(hjñ  h²hh³Nh´Nubjl  )”}”(hŒ`j`”h]”hŒj”…””}”(hj/  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jk  hjñ  ubhŒ. are jiffies and if a
time unit is specified (”…””}”(hjñ  h²hh³Nh´Nubjl  )”}”(hŒ`ns`”h]”hŒns”…””}”(hjA  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jk  hjñ  ubhŒ to ”…””}”(hjñ  h²hh³Nh´Nubjl  )”}”(hŒ`s`”h]”hŒs”…””}”(hjS  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jk  hjñ  ubhŒ), ”…””}”(hjñ  h²hh³Nh´Nubjl  )”}”(hŒ`rvgen`”h]”hŒrvgen”…””}”(hje  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jk  hjñ  ubhŒ will convert the value to ”…””}”(hjñ  h²hh³Nh´Nubjl  )”}”(hŒ`ns`”h]”hŒns”…””}”(hjw  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jk  hjñ  ubhŒ.”…””}”(hjñ  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M@hjî  h²hubhÌ)”}”(hXÐ  Constants need to be defined by the user (but unlike the name, they don't
necessarily need to be defined as constants). Parameters get converted to
module parameters and the user needs to provide a default value.
Also function and macros are defined by the user, by default they get as an
argument the ``ha_monitor``, a common usage would be to get the required value
from the target, e.g. the task in per-task monitors, using the helper
``ha_get_target(ha_mon)``.”h]”(hX0  Constants need to be defined by the user (but unlike the name, they donâ€™t
necessarily need to be defined as constants). Parameters get converted to
module parameters and the user needs to provide a default value.
Also function and macros are defined by the user, by default they get as an
argument the ”…””}”(hj  h²hh³Nh´Nubjh  )”}”(hŒ``ha_monitor``”h]”hŒ
ha_monitor”…””}”(hj—  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jg  hj  ubhŒz, a common usage would be to get the required value
from the target, e.g. the task in per-task monitors, using the helper
”…””}”(hj  h²hh³Nh´Nubjh  )”}”(hŒ``ha_get_target(ha_mon)``”h]”hŒha_get_target(ha_mon)”…””}”(hj©  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jg  hj  ubhŒ.”…””}”(hj  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´MFhjî  h²hubhÌ)”}”(hXv  If `rvgen` determines that the variable is a clock, it provides the getter and
resetter based on the unit. Otherwise, the user needs to provide an appropriate
definition.
Typically non-clock environment variables are not reset. In such case only the
getter skeleton will be present in the file generated by `rvgen`.
For instance, the getter for preemptive can be filled as::”h]”(hŒIf ”…””}”(hjÁ  h²hh³Nh´Nubjl  )”}”(hŒ`rvgen`”h]”hŒrvgen”…””}”(hjÉ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jk  hjÁ  ubhX)   determines that the variable is a clock, it provides the getter and
resetter based on the unit. Otherwise, the user needs to provide an appropriate
definition.
Typically non-clock environment variables are not reset. In such case only the
getter skeleton will be present in the file generated by ”…””}”(hjÁ  h²hh³Nh´Nubjl  )”}”(hŒ`rvgen`”h]”hŒrvgen”…””}”(hjÛ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jk  hjÁ  ubhŒ;.
For instance, the getter for preemptive can be filled as:”…””}”(hjÁ  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´MNhjî  h²hubjœ  )”}”(hŒ¢static u64 ha_get_env(struct ha_monitor *ha_mon, enum envs env)
{
    if (env == preemptible)
        return preempt_count() == 0;
    return ENV_INVALID_VALUE;
}”h]”hŒ¢static u64 ha_get_env(struct ha_monitor *ha_mon, enum envs env)
{
    if (env == preemptible)
        return preempt_count() == 0;
    return ENV_INVALID_VALUE;
}”…””}”hjó  sbah}”(h]”h ]”h"]”h$]”h&]”j«  j¬  uh1j›  h³hÊh´MUhjî  h²hubhÌ)”}”(hX]  The function is supplied the ``ha_mon`` parameter in case some storage is
required (as it is for clocks), but environment variables without reset do not
require a storage and can ignore that argument.
The number of environment variables requiring a storage is limited by
``MAX_HA_ENV_LEN``, however such limitation doesn't stand for other variables.”h]”(hŒThe function is supplied the ”…””}”(hj  h²hh³Nh´Nubjh  )”}”(hŒ
``ha_mon``”h]”hŒha_mon”…””}”(hj	  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jg  hj  ubhŒè parameter in case some storage is
required (as it is for clocks), but environment variables without reset do not
require a storage and can ignore that argument.
The number of environment variables requiring a storage is limited by
”…””}”(hj  h²hh³Nh´Nubjh  )”}”(hŒ``MAX_HA_ENV_LEN``”h]”hŒMAX_HA_ENV_LEN”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jg  hj  ubhŒ>, however such limitation doesnâ€™t stand for other variables.”…””}”(hj  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M\hjî  h²hubhÌ)”}”(hX½  Finally, constraints on states are only valid for clocks and only if the
constraint is of the form `clk < N`. This is because such constraints are
implemented with the expiration of a timer.
Typically the clock variables are reset just before arming the timer, but this
doesn't have to be the case and the available functions take care of it.
It is a responsibility of per-task monitors to make sure no timer is left
running when the task exits.”h]”(hŒcFinally, constraints on states are only valid for clocks and only if the
constraint is of the form ”…””}”(hj3  h²hh³Nh´Nubjl  )”}”(hŒ	`clk < N`”h]”hŒclk < N”…””}”(hj;  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jk  hj3  ubhXS  . This is because such constraints are
implemented with the expiration of a timer.
Typically the clock variables are reset just before arming the timer, but this
doesnâ€™t have to be the case and the available functions take care of it.
It is a responsibility of per-task monitors to make sure no timer is left
running when the task exits.”…””}”(hj3  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Mbhjî  h²hubhÌ)”}”(hXk  By default the generator implements timers with hrtimers (setting
``HA_TIMER_TYPE`` to ``HA_TIMER_HRTIMER``), this gives better responsiveness
but higher overhead. The timer wheel (``HA_TIMER_WHEEL``) is a good alternative
for monitors with several instances (e.g. per-task) that achieves lower
overhead with increased latency, yet without compromising precision.”h]”(hŒBBy default the generator implements timers with hrtimers (setting
”…””}”(hjS  h²hh³Nh´Nubjh  )”}”(hŒ``HA_TIMER_TYPE``”h]”hŒHA_TIMER_TYPE”…””}”(hj[  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jg  hjS  ubhŒ to ”…””}”(hjS  h²hh³Nh´Nubjh  )”}”(hŒ``HA_TIMER_HRTIMER``”h]”hŒHA_TIMER_HRTIMER”…””}”(hjm  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jg  hjS  ubhŒJ), this gives better responsiveness
but higher overhead. The timer wheel (”…””}”(hjS  h²hh³Nh´Nubjh  )”}”(hŒ``HA_TIMER_WHEEL``”h]”hŒHA_TIMER_WHEEL”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jg  hjS  ubhŒ¤) is a good alternative
for monitors with several instances (e.g. per-task) that achieves lower
overhead with increased latency, yet without compromising precision.”…””}”(hjS  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Mjhjî  h²hubeh}”(h]”Œrv-ha-monitor-h”ah ]”h"]”Œrv/ha_monitor.h”ah$]”h&]”uh1hµhjB  h²hh³hÊh´Mubeh}”(h]”Œmonitor-header-files”ah ]”h"]”Œmonitor header files”ah$]”h&]”uh1hµhh·h²hh³hÊh´KQubh¶)”}”(hhh]”(h»)”}”(hŒFinal remarks”h]”hŒFinal remarks”…””}”(hjª  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hºhj§  h²hh³hÊh´MqubhÌ)”}”(hŒÅWith the monitor synthesis in place using the header files and
rvgen, the developer's work should be limited to the instrumentation
of the system, increasing the confidence in the overall approach.”h]”hŒÇWith the monitor synthesis in place using the header files and
rvgen, the developerâ€™s work should be limited to the instrumentation
of the system, increasing the confidence in the overall approach.”…””}”(hj¸  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Mshj§  h²hubhÌ)”}”(hŒq[1] For details about deterministic automata format and the translation
from one representation to another, see::”h]”hŒp[1] For details about deterministic automata format and the translation
from one representation to another, see:”…””}”(hjÆ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Mwhj§  h²hubjœ  )”}”(hŒ1Documentation/trace/rv/deterministic_automata.rst”h]”hŒ1Documentation/trace/rv/deterministic_automata.rst”…””}”hjÔ  sbah}”(h]”h ]”h"]”h$]”h&]”j«  j¬  uh1j›  h³hÊh´Mzhj§  h²hubhÌ)”}”(hŒ—[2] rvgen appends the monitor's name suffix to the events enums to
avoid conflicting variables when exporting the global vmlinux.h
use by BPF programs.”h]”hŒ™[2] rvgen appends the monitorâ€™s name suffix to the events enums to
avoid conflicting variables when exporting the global vmlinux.h
use by BPF programs.”…””}”(hjâ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M|hj§  h²hubeh}”(h]”Œfinal-remarks”ah ]”h"]”Œfinal remarks”ah$]”h&]”uh1hµhh·h²hh³hÊh´Mqubeh}”(h]”Œ&runtime-verification-monitor-synthesis”ah ]”h"]”Œ&runtime verification monitor synthesis”ah$]”h&]”uh1hµhhh²hh³hÊh´Kubeh}”(h]”h ]”h"]”h$]”h&]”Œsource”hÊuh1hŒcurrent_source”NŒcurrent_line”NŒsettings”Œdocutils.frontend”ŒValues”“”)”}”(hºNŒ	generator”NŒ	datestamp”NŒsource_link”NŒ
source_url”NŒtoc_backlinks”Œentry”Œfootnote_backlinks”KŒsectnum_xform”KŒstrip_comments”NŒstrip_elements_with_classes”NŒstrip_classes”NŒreport_level”KŒ
halt_level”KŒexit_status_level”KŒdebug”NŒwarning_stream”NŒ	traceback”ˆŒinput_encoding”Œ	utf-8-sig”Œinput_encoding_error_handler”Œstrict”Œoutput_encoding”Œutf-8”Œoutput_encoding_error_handler”j#  Œerror_encoding”Œutf-8”Œerror_encoding_error_handler”Œbackslashreplace”Œlanguage_code”Œen”Œrecord_dependencies”NŒconfig”NŒ	id_prefix”hŒauto_id_prefix”Œid”Œdump_settings”NŒdump_internals”NŒdump_transforms”NŒdump_pseudo_xml”NŒexpose_internals”NŒstrict_visitor”NŒ_disable_config”NŒ_source”hÊŒ_destination”NŒ_config_files”]”Œ7/var/lib/git/docbuild/linux/Documentation/docutils.conf”aŒfile_insertion_enabled”ˆŒraw_enabled”KŒline_length_limit”M'Œpep_references”NŒpep_base_url”Œhttps://peps.python.org/”Œpep_file_url_template”Œpep-%04d”Œrfc_references”NŒrfc_base_url”Œ&https://datatracker.ietf.org/doc/html/”Œ	tab_width”KŒtrim_footnote_reference_space”‰Œsyntax_highlight”Œlong”Œsmart_quotes”ˆŒsmartquotes_locales”]”Œcharacter_level_inline_markup”‰Œdoctitle_xform”‰Œdocinfo_xform”KŒsectsubtitle_xform”‰Œimage_loading”Œlink”Œembed_stylesheet”‰Œcloak_email_addresses”ˆŒsection_self_link”‰Œenv”NubŒreporter”NŒindirect_targets”]”Œsubstitution_defs”}”Œsubstitution_names”}”Œrefnames”}”Œrefids”}”Œnameids”}”(jý  jú  jD  jA  j?  j<  j¤  j¡  jþ  jû  jë  jè  jœ  j™  jõ  jò  uŒ	nametypes”}”(jý  ‰jD  ‰j?  ‰j¤  ‰jþ  ‰jë  ‰jœ  ‰jõ  ‰uh}”(jú  h·jA  j­  j<  jG  j¡  jB  jû  j>  jè  j  j™  jî  jò  j§  uŒfootnote_refs”}”Œcitation_refs”}”Œautofootnotes”]”Œautofootnote_refs”]”Œsymbol_footnotes”]”Œsymbol_footnote_refs”]”Œ	footnotes”]”Œ	citations”]”Œautofootnote_start”KŒsymbol_footnote_start”K Œ
id_counter”Œcollections”ŒCounter”“”}”…”R”Œparse_messages”]”Œtransform_messages”]”Œtransformer”NŒinclude_log”]”Œ
decoration”Nh²hub.