€•€       Œsphinx.addnodes”Œdocument”“”)”}”(Œ	rawsource”Œ ”Œchildren”]”(Œtranslations”ŒLanguagesNode”“”)”}”(hhh]”(h Œpending_xref”“”)”}”(hhh]”Œdocutils.nodes”ŒText”“”ŒChinese (Simplified)”…””}”Œparent”hsbaŒ
attributes”}”(Œids”]”Œclasses”]”Œnames”]”Œdupnames”]”Œbackrefs”]”Œ	refdomain”Œstd”Œreftype”Œdoc”Œ	reftarget”Œ./translations/zh_CN/trace/rv/monitor_synthesis”Œmodname”NŒ	classname”NŒrefexplicit”ˆuŒtagname”hhhubh)”}”(hhh]”hŒChinese (Traditional)”…””}”hh2sbah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”h)Œreftype”h+Œ	reftarget”Œ./translations/zh_TW/trace/rv/monitor_synthesis”Œmodname”NŒ	classname”NŒrefexplicit”ˆuh1hhhubh)”}”(hhh]”hŒItalian”…””}”hhFsbah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”h)Œreftype”h+Œ	reftarget”Œ./translations/it_IT/trace/rv/monitor_synthesis”Œmodname”NŒ	classname”NŒrefexplicit”ˆuh1hhhubh)”}”(hhh]”hŒJapanese”…””}”hhZsbah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”h)Œreftype”h+Œ	reftarget”Œ./translations/ja_JP/trace/rv/monitor_synthesis”Œmodname”NŒ	classname”NŒrefexplicit”ˆuh1hhhubh)”}”(hhh]”hŒKorean”…””}”hhnsbah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”h)Œreftype”h+Œ	reftarget”Œ./translations/ko_KR/trace/rv/monitor_synthesis”Œmodname”NŒ	classname”NŒrefexplicit”ˆuh1hhhubh)”}”(hhh]”hŒSpanish”…””}”hh‚sbah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”h)Œreftype”h+Œ	reftarget”Œ./translations/sp_SP/trace/rv/monitor_synthesis”Œmodname”NŒ	classname”NŒrefexplicit”ˆuh1hhhubeh}”(h]”h ]”h"]”h$]”h&]”Œcurrent_language”ŒEnglish”uh1h
hhŒ	_document”hŒsource”NŒline”NubhŒsection”“”)”}”(hhh]”(hŒtitle”“”)”}”(hŒ&Runtime Verification Monitor Synthesis”h]”hŒ&Runtime Verification Monitor Synthesis”…””}”(hh¨hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¦hh£hžhhŸŒH/var/lib/git/docbuild/linux/Documentation/trace/rv/monitor_synthesis.rst”h KubhŒ	paragraph”“”)”}”(hŒ¸The starting point for the application of runtime verification (RV) techniques
is the *specification* or *modeling* of the desired (or undesired) behavior
of the system under scrutiny.”h]”(hŒVThe starting point for the application of runtime verification (RV) techniques
is the ”…””}”(hh¹hžhhŸNh NubhŒemphasis”“”)”}”(hŒ*specification*”h]”hŒspecification”…””}”(hhÃhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÁhh¹ubhŒ or ”…””}”(hh¹hžhhŸNh NubhÂ)”}”(hŒ
*modeling*”h]”hŒmodeling”…””}”(hhÕhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÁhh¹ubhŒE of the desired (or undesired) behavior
of the system under scrutiny.”…””}”(hh¹hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h Khh£hžhubh¸)”}”(hX  The formal representation needs to be then *synthesized* into a *monitor*
that can then be used in the analysis of the trace of the system. The
*monitor* connects to the system via an *instrumentation* that converts
the events from the *system* to the events of the *specification*.”h]”(hŒ+The formal representation needs to be then ”…””}”(hhíhžhhŸNh NubhÂ)”}”(hŒ*synthesized*”h]”hŒsynthesized”…””}”(hhõhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÁhhíubhŒ into a ”…””}”(hhíhžhhŸNh NubhÂ)”}”(hŒ	*monitor*”h]”hŒmonitor”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÁhhíubhŒG
that can then be used in the analysis of the trace of the system. The
”…””}”(hhíhžhhŸNh NubhÂ)”}”(hŒ	*monitor*”h]”hŒmonitor”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÁhhíubhŒ connects to the system via an ”…””}”(hhíhžhhŸNh NubhÂ)”}”(hŒ*instrumentation*”h]”hŒinstrumentation”…””}”(hj+  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÁhhíubhŒ# that converts
the events from the ”…””}”(hhíhžhhŸNh NubhÂ)”}”(hŒ*system*”h]”hŒsystem”…””}”(hj=  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÁhhíubhŒ to the events of the ”…””}”(hhíhžhhŸNh NubhÂ)”}”(hŒ*specification*”h]”hŒspecification”…””}”(hjO  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÁhhíubhŒ.”…””}”(hhíhžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h Khh£hžhubh¸)”}”(hXs  In Linux terms, the runtime verification monitors are encapsulated inside
the *RV monitor* abstraction. The RV monitor includes a set of instances
of the monitor (per-cpu monitor, per-task monitor, and so on), the helper
functions that glue the monitor to the system reference model, and the
trace output as a reaction to event parsing and exceptions, as depicted
below::”h]”(hŒNIn Linux terms, the runtime verification monitors are encapsulated inside
the ”…””}”(hjg  hžhhŸNh NubhÂ)”}”(hŒ*RV monitor*”h]”hŒ
RV monitor”…””}”(hjo  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÁhjg  ubhX   abstraction. The RV monitor includes a set of instances
of the monitor (per-cpu monitor, per-task monitor, and so on), the helper
functions that glue the monitor to the system reference model, and the
trace output as a reaction to event parsing and exceptions, as depicted
below:”…””}”(hjg  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h Khh£hžhubhŒliteral_block”“”)”}”(hX<  Linux  +----- RV Monitor ----------------------------------+ Formal
 Realm |                                                   |  Realm
 +-------------------+     +----------------+     +-----------------+
 |   Linux kernel    |     |     Monitor    |     |     Reference   |
 |     Tracing       |  -> |   Instance(s)  | <-  |       Model     |
 | (instrumentation) |     | (verification) |     | (specification) |
 +-------------------+     +----------------+     +-----------------+
        |                          |                       |
        |                          V                       |
        |                     +----------+                 |
        |                     | Reaction |                 |
        |                     +--+--+--+-+                 |
        |                        |  |  |                   |
        |                        |  |  +-> trace output ?  |
        +------------------------|--|----------------------+
                                 |  +----> panic ?
                                 +-------> <user-specified>”h]”hX<  Linux  +----- RV Monitor ----------------------------------+ Formal
 Realm |                                                   |  Realm
 +-------------------+     +----------------+     +-----------------+
 |   Linux kernel    |     |     Monitor    |     |     Reference   |
 |     Tracing       |  -> |   Instance(s)  | <-  |       Model     |
 | (instrumentation) |     | (verification) |     | (specification) |
 +-------------------+     +----------------+     +-----------------+
        |                          |                       |
        |                          V                       |
        |                     +----------+                 |
        |                     | Reaction |                 |
        |                     +--+--+--+-+                 |
        |                        |  |  |                   |
        |                        |  |  +-> trace output ?  |
        +------------------------|--|----------------------+
                                 |  +----> panic ?
                                 +-------> <user-specified>”…””}”hj‰  sbah}”(h]”h ]”h"]”h$]”h&]”Œ	xml:space”Œpreserve”uh1j‡  hŸh¶h Khh£hžhubh¢)”}”(hhh]”(h§)”}”(hŒRV monitor synthesis”h]”hŒRV monitor synthesis”…””}”(hjœ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¦hj™  hžhhŸh¶h K(ubh¸)”}”(hŒ¿The synthesis of a specification into the Linux *RV monitor* abstraction is
automated by the rvgen tool and the header file containing common code for
creating monitors. The header files are:”h]”(hŒ0The synthesis of a specification into the Linux ”…””}”(hjª  hžhhŸNh NubhÂ)”}”(hŒ*RV monitor*”h]”hŒ
RV monitor”…””}”(hj²  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÁhjª  ubhŒƒ abstraction is
automated by the rvgen tool and the header file containing common code for
creating monitors. The header files are:”…””}”(hjª  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h K*hj™  hžhubhŒblock_quote”“”)”}”(hŒm* rv/da_monitor.h for deterministic automaton monitor.
* rv/ltl_monitor.h for linear temporal logic monitor.
”h]”hŒbullet_list”“”)”}”(hhh]”(hŒ	list_item”“”)”}”(hŒ4rv/da_monitor.h for deterministic automaton monitor.”h]”h¸)”}”(hjÙ  h]”hŒ4rv/da_monitor.h for deterministic automaton monitor.”…””}”(hjÛ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h K.hj×  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÕ  hjÒ  ubjÖ  )”}”(hŒ4rv/ltl_monitor.h for linear temporal logic monitor.
”h]”h¸)”}”(hŒ3rv/ltl_monitor.h for linear temporal logic monitor.”h]”hŒ3rv/ltl_monitor.h for linear temporal logic monitor.”…””}”(hjò  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h K/hjî  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÕ  hjÒ  ubeh}”(h]”h ]”h"]”h$]”h&]”Œbullet”Œ*”uh1jÐ  hŸh¶h K.hjÌ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÊ  hŸh¶h K.hj™  hžhubeh}”(h]”Œrv-monitor-synthesis”ah ]”h"]”Œrv monitor synthesis”ah$]”h&]”uh1h¡hh£hžhhŸh¶h K(ubh¢)”}”(hhh]”(h§)”}”(hŒrvgen”h]”hŒrvgen”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¦hj  hžhhŸh¶h K2ubh¸)”}”(hŒvThe rvgen utility converts a specification into the C presentation and creating
the skeleton of a kernel monitor in C.”h]”hŒvThe rvgen utility converts a specification into the C presentation and creating
the skeleton of a kernel monitor in C.”…””}”(hj-  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h K4hj  hžhubh¸)”}”(hŒ}For example, it is possible to transform the wip.dot model present in
[1] into a per-cpu monitor with the following command::”h]”hŒ|For example, it is possible to transform the wip.dot model present in
[1] into a per-cpu monitor with the following command:”…””}”(hj;  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h K7hj  hžhubjˆ  )”}”(hŒ+$ rvgen monitor -c da -s wip.dot -t per_cpu”h]”hŒ+$ rvgen monitor -c da -s wip.dot -t per_cpu”…””}”hjI  sbah}”(h]”h ]”h"]”h$]”h&]”j—  j˜  uh1j‡  hŸh¶h K:hj  hžhubh¸)”}”(hŒAThis will create a directory named wip/ with the following files:”h]”hŒAThis will create a directory named wip/ with the following files:”…””}”(hjW  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h K<hj  hžhubjÑ  )”}”(hhh]”(jÖ  )”}”(hŒwip.h: the wip model in C”h]”h¸)”}”(hjj  h]”hŒwip.h: the wip model in C”…””}”(hjl  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h K>hjh  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÕ  hje  hžhhŸh¶h NubjÖ  )”}”(hŒwip.c: the RV monitor
”h]”h¸)”}”(hŒwip.c: the RV monitor”h]”hŒwip.c: the RV monitor”…””}”(hjƒ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h K?hj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÕ  hje  hžhhŸh¶h Nubeh}”(h]”h ]”h"]”h$]”h&]”j  Œ-”uh1jÐ  hŸh¶h K>hj  hžhubh¸)”}”(hŒfThe wip.c file contains the monitor declaration and the starting point for
the system instrumentation.”h]”hŒfThe wip.c file contains the monitor declaration and the starting point for
the system instrumentation.”…””}”(hjž  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h KAhj  hžhubh¸)”}”(hŒXSimilarly, a linear temporal logic monitor can be generated with the following
command::”h]”hŒWSimilarly, a linear temporal logic monitor can be generated with the following
command:”…””}”(hj¬  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h KDhj  hžhubjˆ  )”}”(hŒ3$ rvgen monitor -c ltl -s pagefault.ltl -t per_task”h]”hŒ3$ rvgen monitor -c ltl -s pagefault.ltl -t per_task”…””}”hjº  sbah}”(h]”h ]”h"]”h$]”h&]”j—  j˜  uh1j‡  hŸh¶h KGhj  hžhubh¸)”}”(hŒ)This generates pagefault/ directory with:”h]”hŒ)This generates pagefault/ directory with:”…””}”(hjÈ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h KIhj  hžhubjÑ  )”}”(hhh]”(jÖ  )”}”(hŒbpagefault.h: The Buchi automaton (the non-deterministic state machine to
verify the specification)”h]”h¸)”}”(hŒbpagefault.h: The Buchi automaton (the non-deterministic state machine to
verify the specification)”h]”hŒbpagefault.h: The Buchi automaton (the non-deterministic state machine to
verify the specification)”…””}”(hjÝ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h KKhjÙ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÕ  hjÖ  hžhhŸh¶h NubjÖ  )”}”(hŒ-pagefault.c: The skeleton for the RV monitor
”h]”h¸)”}”(hŒ,pagefault.c: The skeleton for the RV monitor”h]”hŒ,pagefault.c: The skeleton for the RV monitor”…””}”(hjõ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h KMhjñ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÕ  hjÖ  hžhhŸh¶h Nubeh}”(h]”h ]”h"]”h$]”h&]”j  j  uh1jÐ  hŸh¶h KKhj  hžhubeh}”(h]”Œrvgen”ah ]”h"]”Œrvgen”ah$]”h&]”uh1h¡hh£hžhhŸh¶h K2ubh¢)”}”(hhh]”(h§)”}”(hŒMonitor header files”h]”hŒMonitor header files”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¦hj  hžhhŸh¶h KPubh¸)”}”(hŒThe header files:”h]”hŒThe header files:”…””}”(hj(  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h KRhj  hžhubjÑ  )”}”(hhh]”(jÖ  )”}”(hŒ5`rv/da_monitor.h` for deterministic automaton monitor”h]”h¸)”}”(hj;  h]”(hŒtitle_reference”“”)”}”(hŒ`rv/da_monitor.h`”h]”hŒrv/da_monitor.h”…””}”(hjB  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j@  hj=  ubhŒ$ for deterministic automaton monitor”…””}”(hj=  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h KThj9  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÕ  hj6  hžhhŸh¶h NubjÖ  )”}”(hŒ3`rv/ltl_monitor` for linear temporal logic monitor
”h]”h¸)”}”(hŒ2`rv/ltl_monitor` for linear temporal logic monitor”h]”(jA  )”}”(hŒ`rv/ltl_monitor`”h]”hŒrv/ltl_monitor”…””}”(hjh  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j@  hjd  ubhŒ" for linear temporal logic monitor”…””}”(hjd  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h KUhj`  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÕ  hj6  hžhhŸh¶h Nubeh}”(h]”h ]”h"]”h$]”h&]”j  j  uh1jÐ  hŸh¶h KThj  hžhubh¸)”}”(hŒRinclude common macros and static functions for implementing *Monitor
Instance(s)*.”h]”(hŒ<include common macros and static functions for implementing ”…””}”(hjŒ  hžhhŸNh NubhÂ)”}”(hŒ*Monitor
Instance(s)*”h]”hŒMonitor
Instance(s)”…””}”(hj”  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÁhjŒ  ubhŒ.”…””}”(hjŒ  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h KWhj  hžhubh¸)”}”(hŒUThe benefits of having all common functionalities in a single header file are
3-fold:”h]”hŒUThe benefits of having all common functionalities in a single header file are
3-fold:”…””}”(hj¬  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h KZhj  hžhubjË  )”}”(hŒÇ- Reduce the code duplication;
- Facilitate the bug fix/improvement;
- Avoid the case of developers changing the core of the monitor code to
  manipulate the model in a (let's say) non-standard way.
”h]”jÑ  )”}”(hhh]”(jÖ  )”}”(hŒReduce the code duplication;”h]”h¸)”}”(hjÃ  h]”hŒReduce the code duplication;”…””}”(hjÅ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h K]hjÁ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÕ  hj¾  ubjÖ  )”}”(hŒ#Facilitate the bug fix/improvement;”h]”h¸)”}”(hjÚ  h]”hŒ#Facilitate the bug fix/improvement;”…””}”(hjÜ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h K^hjØ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÕ  hj¾  ubjÖ  )”}”(hŒ~Avoid the case of developers changing the core of the monitor code to
manipulate the model in a (let's say) non-standard way.
”h]”h¸)”}”(hŒ}Avoid the case of developers changing the core of the monitor code to
manipulate the model in a (let's say) non-standard way.”h]”hŒAvoid the case of developers changing the core of the monitor code to
manipulate the model in a (letâ€™s say) non-standard way.”…””}”(hjó  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h K_hjï  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÕ  hj¾  ubeh}”(h]”h ]”h"]”h$]”h&]”j  j  uh1jÐ  hŸh¶h K]hjº  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÊ  hŸh¶h K]hj  hžhubh¢)”}”(hhh]”(h§)”}”(hŒrv/da_monitor.h”h]”hŒrv/da_monitor.h”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¦hj  hžhhŸh¶h Kcubh¸)”}”(hŒPThis initial implementation presents three different types of monitor instances:”h]”hŒPThis initial implementation presents three different types of monitor instances:”…””}”(hj$  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h Kehj  hžhubjÑ  )”}”(hhh]”(jÖ  )”}”(hŒ%``#define RV_MON_TYPE RV_MON_GLOBAL``”h]”h¸)”}”(hj7  h]”hŒliteral”“”)”}”(hj7  h]”hŒ!#define RV_MON_TYPE RV_MON_GLOBAL”…””}”(hj>  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j<  hj9  ubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h Kghj5  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÕ  hj2  hžhhŸh¶h NubjÖ  )”}”(hŒ&``#define RV_MON_TYPE RV_MON_PER_CPU``”h]”h¸)”}”(hjY  h]”j=  )”}”(hjY  h]”hŒ"#define RV_MON_TYPE RV_MON_PER_CPU”…””}”(hj^  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j<  hj[  ubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h KhhjW  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÕ  hj2  hžhhŸh¶h NubjÖ  )”}”(hŒ(``#define RV_MON_TYPE RV_MON_PER_TASK``
”h]”h¸)”}”(hŒ'``#define RV_MON_TYPE RV_MON_PER_TASK``”h]”j=  )”}”(hj}  h]”hŒ##define RV_MON_TYPE RV_MON_PER_TASK”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j<  hj{  ubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h Kihjw  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÕ  hj2  hžhhŸh¶h Nubeh}”(h]”h ]”h"]”h$]”h&]”j  j  uh1jÐ  hŸh¶h Kghj  hžhubh¸)”}”(hŒ«The first sets up functions declaration for a global deterministic automata
monitor, the second for monitors with per-cpu instances, and the third with
per-task instances.”h]”hŒ«The first sets up functions declaration for a global deterministic automata
monitor, the second for monitors with per-cpu instances, and the third with
per-task instances.”…””}”(hjž  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h Kkhj  hžhubh¸)”}”(hŒ¯In all cases, the C file must include the $(MODEL_NAME).h file (generated by
`rvgen`), for example, to define the per-cpu 'wip' monitor, the `wip.c` source
file must include::”h]”(hŒMIn all cases, the C file must include the $(MODEL_NAME).h file (generated by
”…””}”(hj¬  hžhhŸNh NubjA  )”}”(hŒ`rvgen`”h]”hŒrvgen”…””}”(hj´  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j@  hj¬  ubhŒ=), for example, to define the per-cpu â€˜wipâ€™ monitor, the ”…””}”(hj¬  hžhhŸNh NubjA  )”}”(hŒ`wip.c`”h]”hŒwip.c”…””}”(hjÆ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j@  hj¬  ubhŒ source
file must include:”…””}”(hj¬  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h Kohj  hžhubjˆ  )”}”(hŒN#define RV_MON_TYPE RV_MON_PER_CPU
#include "wip.h"
#include <rv/da_monitor.h>”h]”hŒN#define RV_MON_TYPE RV_MON_PER_CPU
#include "wip.h"
#include <rv/da_monitor.h>”…””}”hjÞ  sbah}”(h]”h ]”h"]”h$]”h&]”j—  j˜  uh1j‡  hŸh¶h Kshj  hžhubh¸)”}”(hŒ]The monitor is executed by sending events to be processed via the functions
presented below::”h]”hŒ\The monitor is executed by sending events to be processed via the functions
presented below:”…””}”(hjì  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h Kwhj  hžhubjˆ  )”}”(hŒda_handle_event($(event from event enum));
da_handle_start_event($(event from event enum));
da_handle_start_run_event($(event from event enum));”h]”hŒda_handle_event($(event from event enum));
da_handle_start_event($(event from event enum));
da_handle_start_run_event($(event from event enum));”…””}”hjú  sbah}”(h]”h ]”h"]”h$]”h&]”j—  j˜  uh1j‡  hŸh¶h Kzhj  hžhubh¸)”}”(hŒ}The function ``da_handle_event()`` is the regular case where
the event will be processed if the monitor is processing events.”h]”(hŒThe function ”…””}”(hj  hžhhŸNh Nubj=  )”}”(hŒ``da_handle_event()``”h]”hŒda_handle_event()”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j<  hj  ubhŒ[ is the regular case where
the event will be processed if the monitor is processing events.”…””}”(hj  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h K~hj  hžhubh¸)”}”(hŒ™When a monitor is enabled, it is placed in the initial state of the automata.
However, the monitor does not know if the system is in the *initial state*.”h]”(hŒ‰When a monitor is enabled, it is placed in the initial state of the automata.
However, the monitor does not know if the system is in the ”…””}”(hj(  hžhhŸNh NubhÂ)”}”(hŒ*initial state*”h]”hŒinitial state”…””}”(hj0  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÁhj(  ubhŒ.”…””}”(hj(  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h Khj  hžhubh¸)”}”(hŒ­The ``da_handle_start_event()`` function is used to notify the
monitor that the system is returning to the initial state, so the monitor can
start monitoring the next event.”h]”(hŒThe ”…””}”(hjH  hžhhŸNh Nubj=  )”}”(hŒ``da_handle_start_event()``”h]”hŒda_handle_start_event()”…””}”(hjP  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j<  hjH  ubhŒŽ function is used to notify the
monitor that the system is returning to the initial state, so the monitor can
start monitoring the next event.”…””}”(hjH  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h K„hj  hžhubh¸)”}”(hŒÂThe ``da_handle_start_run_event()`` function is used to notify
the monitor that the system is known to be in the initial state, so the
monitor can start monitoring and monitor the current event.”h]”(hŒThe ”…””}”(hjh  hžhhŸNh Nubj=  )”}”(hŒ``da_handle_start_run_event()``”h]”hŒda_handle_start_run_event()”…””}”(hjp  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j<  hjh  ubhŒŸ function is used to notify
the monitor that the system is known to be in the initial state, so the
monitor can start monitoring and monitor the current event.”…””}”(hjh  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h Kˆhj  hžhubh¸)”}”(hŒ‚Using the wip model as example, the events "preempt_disable" and
"sched_waking" should be sent to monitor, respectively, via [2]::”h]”hŒ‰Using the wip model as example, the events â€œpreempt_disableâ€ and
â€œsched_wakingâ€ should be sent to monitor, respectively, via [2]:”…””}”(hjˆ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h KŒhj  hžhubjˆ  )”}”(hŒHda_handle_event(preempt_disable_wip);
da_handle_event(sched_waking_wip);”h]”hŒHda_handle_event(preempt_disable_wip);
da_handle_event(sched_waking_wip);”…””}”hj–  sbah}”(h]”h ]”h"]”h$]”h&]”j—  j˜  uh1j‡  hŸh¶h Khj  hžhubh¸)”}”(hŒ,While the event "preempt_enabled" will use::”h]”hŒ/While the event â€œpreempt_enabledâ€ will use:”…””}”(hj¤  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h K’hj  hžhubjˆ  )”}”(hŒ*da_handle_start_event(preempt_enable_wip);”h]”hŒ*da_handle_start_event(preempt_enable_wip);”…””}”hj²  sbah}”(h]”h ]”h"]”h$]”h&]”j—  j˜  uh1j‡  hŸh¶h K”hj  hžhubh¸)”}”(hŒ~To notify the monitor that the system will be returning to the initial state,
so the system and the monitor should be in sync.”h]”hŒ~To notify the monitor that the system will be returning to the initial state,
so the system and the monitor should be in sync.”…””}”(hjÀ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h K–hj  hžhubeh}”(h]”Œrv-da-monitor-h”ah ]”h"]”Œrv/da_monitor.h”ah$]”h&]”uh1h¡hj  hžhhŸh¶h Kcubh¢)”}”(hhh]”(h§)”}”(hŒrv/ltl_monitor.h”h]”hŒrv/ltl_monitor.h”…””}”(hjÙ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¦hjÖ  hžhhŸh¶h Kšubh¸)”}”(hŒ¶This file must be combined with the $(MODEL_NAME).h file (generated by `rvgen`)
to be complete. For example, for the `pagefault` monitor, the `pagefault.c`
source file must include::”h]”(hŒGThis file must be combined with the $(MODEL_NAME).h file (generated by ”…””}”(hjç  hžhhŸNh NubjA  )”}”(hŒ`rvgen`”h]”hŒrvgen”…””}”(hjï  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j@  hjç  ubhŒ')
to be complete. For example, for the ”…””}”(hjç  hžhhŸNh NubjA  )”}”(hŒ`pagefault`”h]”hŒ	pagefault”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j@  hjç  ubhŒ monitor, the ”…””}”(hjç  hžhhŸNh NubjA  )”}”(hŒ`pagefault.c`”h]”hŒpagefault.c”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j@  hjç  ubhŒ
source file must include:”…””}”(hjç  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h K›hjÖ  hžhubjˆ  )”}”(hŒ2#include "pagefault.h"
#include <rv/ltl_monitor.h>”h]”hŒ2#include "pagefault.h"
#include <rv/ltl_monitor.h>”…””}”hj+  sbah}”(h]”h ]”h"]”h$]”h&]”j—  j˜  uh1j‡  hŸh¶h KŸhjÖ  hžhubh¸)”}”(hŒC(the skeleton monitor file generated by `rvgen` already does this).”h]”(hŒ((the skeleton monitor file generated by ”…””}”(hj9  hžhhŸNh NubjA  )”}”(hŒ`rvgen`”h]”hŒrvgen”…””}”(hjA  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j@  hj9  ubhŒ already does this).”…””}”(hj9  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h K¢hjÖ  hžhubh¸)”}”(hXg  `$(MODEL_NAME).h` (`pagefault.h` in the above example) includes the
implementation of the Buchi automaton - a non-deterministic state machine that
verifies the LTL specification. While `rv/ltl_monitor.h` includes the common
helper functions to interact with the Buchi automaton and to implement an RV
monitor. An important definition in `$(MODEL_NAME).h` is::”h]”(jA  )”}”(hŒ`$(MODEL_NAME).h`”h]”hŒ$(MODEL_NAME).h”…””}”(hj]  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j@  hjY  ubhŒ (”…””}”(hjY  hžhhŸNh NubjA  )”}”(hŒ`pagefault.h`”h]”hŒpagefault.h”…””}”(hjo  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j@  hjY  ubhŒ™ in the above example) includes the
implementation of the Buchi automaton - a non-deterministic state machine that
verifies the LTL specification. While ”…””}”(hjY  hžhhŸNh NubjA  )”}”(hŒ`rv/ltl_monitor.h`”h]”hŒrv/ltl_monitor.h”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j@  hjY  ubhŒ† includes the common
helper functions to interact with the Buchi automaton and to implement an RV
monitor. An important definition in ”…””}”(hjY  hžhhŸNh NubjA  )”}”(hŒ`$(MODEL_NAME).h`”h]”hŒ$(MODEL_NAME).h”…””}”(hj“  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j@  hjY  ubhŒ is:”…””}”(hjY  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h K¤hjÖ  hžhubjˆ  )”}”(hŒvenum ltl_atom {
    LTL_$(FIRST_ATOMIC_PROPOSITION),
    LTL_$(SECOND_ATOMIC_PROPOSITION),
    ...
    LTL_NUM_ATOM
};”h]”hŒvenum ltl_atom {
    LTL_$(FIRST_ATOMIC_PROPOSITION),
    LTL_$(SECOND_ATOMIC_PROPOSITION),
    ...
    LTL_NUM_ATOM
};”…””}”hj«  sbah}”(h]”h ]”h"]”h$]”h&]”j—  j˜  uh1j‡  hŸh¶h KªhjÖ  hžhubh¸)”}”(hŒÇwhich is the list of atomic propositions present in the LTL specification
(prefixed with "LTL\_" to avoid name collision). This `enum` is passed to the
functions interacting with the Buchi automaton.”h]”(hŒ„which is the list of atomic propositions present in the LTL specification
(prefixed with â€œLTL _â€ to avoid name collision). This ”…””}”(hj¹  hžhhŸNh NubjA  )”}”(hŒ`enum`”h]”hŒenum”…””}”(hjÁ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j@  hj¹  ubhŒA is passed to the
functions interacting with the Buchi automaton.”…””}”(hj¹  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h K±hjÖ  hžhubh¸)”}”(hX*  While generating code, `rvgen` cannot understand the meaning of the atomic
propositions. Thus, that task is left for manual work. The recommended practice
is adding tracepoints to places where the atomic propositions change; and in the
tracepoints' handlers: the Buchi automaton is executed using::”h]”(hŒWhile generating code, ”…””}”(hjÙ  hžhhŸNh NubjA  )”}”(hŒ`rvgen`”h]”hŒrvgen”…””}”(hjá  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j@  hjÙ  ubhX   cannot understand the meaning of the atomic
propositions. Thus, that task is left for manual work. The recommended practice
is adding tracepoints to places where the atomic propositions change; and in the
tracepointsâ€™ handlers: the Buchi automaton is executed using:”…””}”(hjÙ  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h KµhjÖ  hžhubjˆ  )”}”(hŒNvoid ltl_atom_update(struct task_struct *task, enum ltl_atom atom, bool value)”h]”hŒNvoid ltl_atom_update(struct task_struct *task, enum ltl_atom atom, bool value)”…””}”hjù  sbah}”(h]”h ]”h"]”h$]”h&]”j—  j˜  uh1j‡  hŸh¶h KºhjÖ  hžhubh¸)”}”(hŒôwhich tells the Buchi automaton that the atomic proposition `atom` is now
`value`. The Buchi automaton checks whether the LTL specification is still
satisfied, and invokes the monitor's error tracepoint and the reactor if
violation is detected.”h]”(hŒ<which tells the Buchi automaton that the atomic proposition ”…””}”(hj  hžhhŸNh NubjA  )”}”(hŒ`atom`”h]”hŒatom”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j@  hj  ubhŒ is now
”…””}”(hj  hžhhŸNh NubjA  )”}”(hŒ`value`”h]”hŒvalue”…””}”(hj!  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j@  hj  ubhŒ¥. The Buchi automaton checks whether the LTL specification is still
satisfied, and invokes the monitorâ€™s error tracepoint and the reactor if
violation is detected.”…””}”(hj  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h K¼hjÖ  hžhubh¸)”}”(hX“  Tracepoints and `ltl_atom_update()` should be used whenever possible. However,
it is sometimes not the most convenient. For some atomic propositions which are
changed in multiple places in the kernel, it is cumbersome to trace all those
places. Furthermore, it may not be important that the atomic propositions are
updated at precise times. For example, considering the following linear temporal
logic::”h]”(hŒTracepoints and ”…””}”(hj9  hžhhŸNh NubjA  )”}”(hŒ`ltl_atom_update()`”h]”hŒltl_atom_update()”…””}”(hjA  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j@  hj9  ubhXo   should be used whenever possible. However,
it is sometimes not the most convenient. For some atomic propositions which are
changed in multiple places in the kernel, it is cumbersome to trace all those
places. Furthermore, it may not be important that the atomic propositions are
updated at precise times. For example, considering the following linear temporal
logic:”…””}”(hj9  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h KÁhjÖ  hžhubjˆ  )”}”(hŒ&RULE = always (RT imply not PAGEFAULT)”h]”hŒ&RULE = always (RT imply not PAGEFAULT)”…””}”hjY  sbah}”(h]”h ]”h"]”h$]”h&]”j—  j˜  uh1j‡  hŸh¶h KÈhjÖ  hžhubh¸)”}”(hŒøThis LTL states that a real-time task does not raise page faults. For this
specification, it is not important when `RT` changes, as long as it has the
correct value when `PAGEFAULT` is true.  Motivated by this case, another
function is introduced::”h]”(hŒsThis LTL states that a real-time task does not raise page faults. For this
specification, it is not important when ”…””}”(hjg  hžhhŸNh NubjA  )”}”(hŒ`RT`”h]”hŒRT”…””}”(hjo  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j@  hjg  ubhŒ3 changes, as long as it has the
correct value when ”…””}”(hjg  hžhhŸNh NubjA  )”}”(hŒ`PAGEFAULT`”h]”hŒ	PAGEFAULT”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j@  hjg  ubhŒB is true.  Motivated by this case, another
function is introduced:”…””}”(hjg  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h KÊhjÖ  hžhubjˆ  )”}”(hŒFvoid ltl_atom_fetch(struct task_struct *task, struct ltl_monitor *mon)”h]”hŒFvoid ltl_atom_fetch(struct task_struct *task, struct ltl_monitor *mon)”…””}”hj™  sbah}”(h]”h ]”h"]”h$]”h&]”j—  j˜  uh1j‡  hŸh¶h KÏhjÖ  hžhubh¸)”}”(hŒ~This function is called whenever the Buchi automaton is triggered. Therefore, it
can be manually implemented to "fetch" `RT`::”h]”(hŒ|This function is called whenever the Buchi automaton is triggered. Therefore, it
can be manually implemented to â€œfetchâ€ ”…””}”(hj§  hžhhŸNh NubjA  )”}”(hŒ`RT`”h]”hŒRT”…””}”(hj¯  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j@  hj§  ubhŒ:”…””}”(hj§  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h KÑhjÖ  hžhubjˆ  )”}”(hŒxvoid ltl_atom_fetch(struct task_struct *task, struct ltl_monitor *mon)
{
    ltl_atom_set(mon, LTL_RT, rt_task(task));
}”h]”hŒxvoid ltl_atom_fetch(struct task_struct *task, struct ltl_monitor *mon)
{
    ltl_atom_set(mon, LTL_RT, rt_task(task));
}”…””}”hjÇ  sbah}”(h]”h ]”h"]”h$]”h&]”j—  j˜  uh1j‡  hŸh¶h KÔhjÖ  hžhubh¸)”}”(hŒ³Effectively, whenever `PAGEFAULT` is updated with a call to `ltl_atom_update()`,
`RT` is also fetched. Thus, the LTL specification can be verified without
tracing `RT` everywhere.”h]”(hŒEffectively, whenever ”…””}”(hjÕ  hžhhŸNh NubjA  )”}”(hŒ`PAGEFAULT`”h]”hŒ	PAGEFAULT”…””}”(hjÝ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j@  hjÕ  ubhŒ is updated with a call to ”…””}”(hjÕ  hžhhŸNh NubjA  )”}”(hŒ`ltl_atom_update()`”h]”hŒltl_atom_update()”…””}”(hjï  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j@  hjÕ  ubhŒ,
”…””}”(hjÕ  hžhhŸNh NubjA  )”}”(hŒ`RT`”h]”hŒRT”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j@  hjÕ  ubhŒN is also fetched. Thus, the LTL specification can be verified without
tracing ”…””}”(hjÕ  hžhhŸNh NubjA  )”}”(hŒ`RT`”h]”hŒRT”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j@  hjÕ  ubhŒ everywhere.”…””}”(hjÕ  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h KÙhjÖ  hžhubh¸)”}”(hŒ¢For atomic propositions which act like events, they usually need to be set (or
cleared) and then immediately cleared (or set). A convenient function is
provided::”h]”hŒ¡For atomic propositions which act like events, they usually need to be set (or
cleared) and then immediately cleared (or set). A convenient function is
provided:”…””}”(hj+  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h KÝhjÖ  hžhubjˆ  )”}”(hŒMvoid ltl_atom_pulse(struct task_struct *task, enum ltl_atom atom, bool value)”h]”hŒMvoid ltl_atom_pulse(struct task_struct *task, enum ltl_atom atom, bool value)”…””}”hj9  sbah}”(h]”h ]”h"]”h$]”h&]”j—  j˜  uh1j‡  hŸh¶h KáhjÖ  hžhubh¸)”}”(hŒwhich is equivalent to::”h]”hŒwhich is equivalent to:”…””}”(hjG  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h KãhjÖ  hžhubjˆ  )”}”(hŒHltl_atom_update(task, atom, value);
ltl_atom_update(task, atom, !value);”h]”hŒHltl_atom_update(task, atom, value);
ltl_atom_update(task, atom, !value);”…””}”hjU  sbah}”(h]”h ]”h"]”h$]”h&]”j—  j˜  uh1j‡  hŸh¶h KåhjÖ  hžhubh¸)”}”(hŒSTo initialize the atomic propositions, the following function must be
implemented::”h]”hŒRTo initialize the atomic propositions, the following function must be
implemented:”…””}”(hjc  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h KèhjÖ  hžhubjˆ  )”}”(hŒUltl_atoms_init(struct task_struct *task, struct ltl_monitor *mon, bool task_creation)”h]”hŒUltl_atoms_init(struct task_struct *task, struct ltl_monitor *mon, bool task_creation)”…””}”hjq  sbah}”(h]”h ]”h"]”h$]”h&]”j—  j˜  uh1j‡  hŸh¶h KëhjÖ  hžhubh¸)”}”(hŒÞThis function is called for all running tasks when the monitor is enabled. It is
also called for new tasks created after the enabling the monitor. It should
initialize as many atomic propositions as possible, for example::”h]”hŒÝThis function is called for all running tasks when the monitor is enabled. It is
also called for new tasks created after the enabling the monitor. It should
initialize as many atomic propositions as possible, for example:”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h KíhjÖ  hžhubjˆ  )”}”(hŒÓvoid ltl_atom_init(struct task_struct *task, struct ltl_monitor *mon, bool task_creation)
{
    ltl_atom_set(mon, LTL_RT, rt_task(task));
    if (task_creation)
        ltl_atom_set(mon, LTL_PAGEFAULT, false);
}”h]”hŒÓvoid ltl_atom_init(struct task_struct *task, struct ltl_monitor *mon, bool task_creation)
{
    ltl_atom_set(mon, LTL_RT, rt_task(task));
    if (task_creation)
        ltl_atom_set(mon, LTL_PAGEFAULT, false);
}”…””}”hj  sbah}”(h]”h ]”h"]”h$]”h&]”j—  j˜  uh1j‡  hŸh¶h KñhjÖ  hžhubh¸)”}”(hXº  Atomic propositions not initialized by `ltl_atom_init()` will stay in the
unknown state until relevant tracepoints are hit, which can take some time. As
monitoring for a task cannot be done until all atomic propositions is known for
the task, the monitor may need some time to start validating tasks which have
been running before the monitor is enabled. Therefore, it is recommended to
start the tasks of interest after enabling the monitor.”h]”(hŒ'Atomic propositions not initialized by ”…””}”(hj›  hžhhŸNh NubjA  )”}”(hŒ`ltl_atom_init()`”h]”hŒltl_atom_init()”…””}”(hj£  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j@  hj›  ubhX‚   will stay in the
unknown state until relevant tracepoints are hit, which can take some time. As
monitoring for a task cannot be done until all atomic propositions is known for
the task, the monitor may need some time to start validating tasks which have
been running before the monitor is enabled. Therefore, it is recommended to
start the tasks of interest after enabling the monitor.”…””}”(hj›  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h KøhjÖ  hžhubeh}”(h]”Œrv-ltl-monitor-h”ah ]”h"]”Œrv/ltl_monitor.h”ah$]”h&]”uh1h¡hj  hžhhŸh¶h Kšubeh}”(h]”Œmonitor-header-files”ah ]”h"]”Œmonitor header files”ah$]”h&]”uh1h¡hh£hžhhŸh¶h KPubh¢)”}”(hhh]”(h§)”}”(hŒFinal remarks”h]”hŒFinal remarks”…””}”(hjÎ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¦hjË  hžhhŸh¶h M ubh¸)”}”(hŒÅWith the monitor synthesis in place using the header files and
rvgen, the developer's work should be limited to the instrumentation
of the system, increasing the confidence in the overall approach.”h]”hŒÇWith the monitor synthesis in place using the header files and
rvgen, the developerâ€™s work should be limited to the instrumentation
of the system, increasing the confidence in the overall approach.”…””}”(hjÜ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h MhjË  hžhubh¸)”}”(hŒq[1] For details about deterministic automata format and the translation
from one representation to another, see::”h]”hŒp[1] For details about deterministic automata format and the translation
from one representation to another, see:”…””}”(hjê  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h MhjË  hžhubjˆ  )”}”(hŒ1Documentation/trace/rv/deterministic_automata.rst”h]”hŒ1Documentation/trace/rv/deterministic_automata.rst”…””}”hjø  sbah}”(h]”h ]”h"]”h$]”h&]”j—  j˜  uh1j‡  hŸh¶h M	hjË  hžhubh¸)”}”(hŒ—[2] rvgen appends the monitor's name suffix to the events enums to
avoid conflicting variables when exporting the global vmlinux.h
use by BPF programs.”h]”hŒ™[2] rvgen appends the monitorâ€™s name suffix to the events enums to
avoid conflicting variables when exporting the global vmlinux.h
use by BPF programs.”…””}”(hj	  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h MhjË  hžhubeh}”(h]”Œfinal-remarks”ah ]”h"]”Œfinal remarks”ah$]”h&]”uh1h¡hh£hžhhŸh¶h M ubeh}”(h]”Œ&runtime-verification-monitor-synthesis”ah ]”h"]”Œ&runtime verification monitor synthesis”ah$]”h&]”uh1h¡hhhžhhŸh¶h Kubeh}”(h]”h ]”h"]”h$]”h&]”Œsource”h¶uh1hŒcurrent_source”NŒcurrent_line”NŒsettings”Œdocutils.frontend”ŒValues”“”)”}”(h¦NŒ	generator”NŒ	datestamp”NŒsource_link”NŒ
source_url”NŒtoc_backlinks”Œentry”Œfootnote_backlinks”KŒsectnum_xform”KŒstrip_comments”NŒstrip_elements_with_classes”NŒstrip_classes”NŒreport_level”KŒ
halt_level”KŒexit_status_level”KŒdebug”NŒwarning_stream”NŒ	traceback”ˆŒinput_encoding”Œ	utf-8-sig”Œinput_encoding_error_handler”Œstrict”Œoutput_encoding”Œutf-8”Œoutput_encoding_error_handler”jG	  Œerror_encoding”Œutf-8”Œerror_encoding_error_handler”Œbackslashreplace”Œlanguage_code”Œen”Œrecord_dependencies”NŒconfig”NŒ	id_prefix”hŒauto_id_prefix”Œid”Œdump_settings”NŒdump_internals”NŒdump_transforms”NŒdump_pseudo_xml”NŒexpose_internals”NŒstrict_visitor”NŒ_disable_config”NŒ_source”h¶Œ_destination”NŒ_config_files”]”Œ7/var/lib/git/docbuild/linux/Documentation/docutils.conf”aŒfile_insertion_enabled”ˆŒraw_enabled”KŒline_length_limit”M'Œpep_references”NŒpep_base_url”Œhttps://peps.python.org/”Œpep_file_url_template”Œpep-%04d”Œrfc_references”NŒrfc_base_url”Œ&https://datatracker.ietf.org/doc/html/”Œ	tab_width”KŒtrim_footnote_reference_space”‰Œsyntax_highlight”Œlong”Œsmart_quotes”ˆŒsmartquotes_locales”]”Œcharacter_level_inline_markup”‰Œdoctitle_xform”‰Œdocinfo_xform”KŒsectsubtitle_xform”‰Œimage_loading”Œlink”Œembed_stylesheet”‰Œcloak_email_addresses”ˆŒsection_self_link”‰Œenv”NubŒreporter”NŒindirect_targets”]”Œsubstitution_defs”}”Œsubstitution_names”}”Œrefnames”}”Œrefids”}”Œnameids”}”(j!	  j	  j  j  j  j  jÈ  jÅ  jÓ  jÐ  jÀ  j½  j	  j	  uŒ	nametypes”}”(j!	  ‰j  ‰j  ‰jÈ  ‰jÓ  ‰jÀ  ‰j	  ‰uh}”(j	  h£j  j™  j  j  jÅ  j  jÐ  j  j½  jÖ  j	  jË  uŒfootnote_refs”}”Œcitation_refs”}”Œautofootnotes”]”Œautofootnote_refs”]”Œsymbol_footnotes”]”Œsymbol_footnote_refs”]”Œ	footnotes”]”Œ	citations”]”Œautofootnote_start”KŒsymbol_footnote_start”K Œ
id_counter”Œcollections”ŒCounter”“”}”…”R”Œparse_messages”]”Œtransform_messages”]”Œtransformer”NŒinclude_log”]”Œ
decoration”Nhžhub.