From nobody Fri Dec 19 07:17:15 2025 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3E1B0258CDC for ; Fri, 5 Dec 2025 13:16:45 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.133.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1764940611; cv=none; b=mA/vaPlItz8NpO0FL8aXA5D7njKYRFpCdpAVvEC6xkGDYWCFtN8IIV7yOswoZAAqPucmZkIzp3+kO763mVfdJ9yNqAX6WcwNvUAhM4T4392jo0KZE+RA9ZnF1OEepI1JANlfpbsR+seL5mC765SThmbZIi8TXlnvVU/yR0ZTZSk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1764940611; c=relaxed/simple; bh=gHuhE2x9u+U2pica3eefODdsaZbFnuuTQkcQItb1UnM=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=iNUXKxFUVpW82hdKSrRua0UOzDmnfyxY8+SwOSttPa/dMQOYRXN5zxxuazj2zSpKnxPagiVeo5cp05QDlbeVUXIVv6lvrAAYBIe9kN7uUa+qXnRUuoXUS5a8SZBqqmZ3l70o/g93QOxYI7qqvFpl5aAAjkxZKu7WHWOFJMW3S7Y= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=Xhd1zh0E; arc=none smtp.client-ip=170.10.133.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="Xhd1zh0E" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1764940603; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=0OSD+9pUh1Fi9aVWFLc+TIOzBlYEj33f0jTUdfdmkB0=; b=Xhd1zh0EeoOK+xOIpgH/bCGKeSCYBCWBfMxFlZUndc2U0LrjIHx8sqtHU6+SQaB01TULKg /MwyGVjaD2I2DVVQEYcO8jmFCH8lCCDCpMWTdl0rA95mU6TkNWKFVQNNzm0wEdurLau+1Y k0O3qC08surHszAeOU84BgdmsuBudyY= Received: from mx-prod-mc-05.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-692-OhUSHLf5O1uixNQtPwalfA-1; Fri, 05 Dec 2025 08:16:39 -0500 X-MC-Unique: OhUSHLf5O1uixNQtPwalfA-1 X-Mimecast-MFC-AGG-ID: OhUSHLf5O1uixNQtPwalfA_1764940598 Received: from mx-prod-int-08.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-08.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.111]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-05.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 0D5AA1956088; Fri, 5 Dec 2025 13:16:38 +0000 (UTC) Received: from gmonaco-thinkpadt14gen3.rmtit.csb (unknown [10.45.226.23]) by mx-prod-int-08.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id E6F00180044F; Fri, 5 Dec 2025 13:16:33 +0000 (UTC) From: Gabriele Monaco To: linux-kernel@vger.kernel.org, Steven Rostedt , Nam Cao , Gabriele Monaco , linux-trace-kernel@vger.kernel.org Cc: Tomas Glozar , Juri Lelli , Clark Williams , John Kacur Subject: [PATCH v3 01/13] rv: Unify DA event handling functions across monitor types Date: Fri, 5 Dec 2025 14:16:09 +0100 Message-ID: <20251205131621.135513-2-gmonaco@redhat.com> In-Reply-To: <20251205131621.135513-1-gmonaco@redhat.com> References: <20251205131621.135513-1-gmonaco@redhat.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.111 Content-Type: text/plain; charset="utf-8" The DA event handling functions are mostly duplicated because the per-task monitors need to propagate the task to use the pid in the trace events. This is a maintenance burden for a little advantage. The task can be obtained with some pointer arithmetic from the da_mon, hence only the function tracing events really need to differ. Unify all code handling the events, create da_trace_event() and da_trace_error() that only call the tracepoint function. Propagate the monitor id through the calls, the do_trace_ functions use the id (pid) in case of per-task monitors but ignore it for implicit monitors. Signed-off-by: Gabriele Monaco Reviewed-by: Nam Cao --- Notes: V3: * Rearrange start/handle helpers to share more code include/rv/da_monitor.h | 303 +++++++++++++++++----------------------- 1 file changed, 132 insertions(+), 171 deletions(-) diff --git a/include/rv/da_monitor.h b/include/rv/da_monitor.h index 7b28ef9f73bd..6b564fad8c4d 100644 --- a/include/rv/da_monitor.h +++ b/include/rv/da_monitor.h @@ -22,6 +22,13 @@ =20 static struct rv_monitor rv_this; =20 +/* + * Type for the target id, default to int but can be overridden. + */ +#ifndef da_id_type +#define da_id_type int +#endif + static void react(enum states curr_state, enum events event) { rv_react(&rv_this, @@ -91,90 +98,6 @@ static inline bool da_monitor_handling_event(struct da_m= onitor *da_mon) return 1; } =20 -#if RV_MON_TYPE =3D=3D RV_MON_GLOBAL || RV_MON_TYPE =3D=3D RV_MON_PER_CPU -/* - * Event handler for implicit monitors. Implicit monitor is the one which = the - * handler does not need to specify which da_monitor to manipulate. Exampl= es - * of implicit monitor are the per_cpu or the global ones. - * - * Retry in case there is a race between getting and setting the next stat= e, - * warn and reset the monitor if it runs out of retries. The monitor shoul= d be - * able to handle various orders. - */ - -static inline bool da_event(struct da_monitor *da_mon, enum events event) -{ - enum states curr_state, next_state; - - curr_state =3D READ_ONCE(da_mon->curr_state); - for (int i =3D 0; i < MAX_DA_RETRY_RACING_EVENTS; i++) { - next_state =3D model_get_next_state(curr_state, event); - if (next_state =3D=3D INVALID_STATE) { - react(curr_state, event); - CONCATENATE(trace_error_, MONITOR_NAME)( - model_get_state_name(curr_state), - model_get_event_name(event)); - return false; - } - if (likely(try_cmpxchg(&da_mon->curr_state, &curr_state, next_state))) { - CONCATENATE(trace_event_, MONITOR_NAME)( - model_get_state_name(curr_state), - model_get_event_name(event), - model_get_state_name(next_state), - model_is_final_state(next_state)); - return true; - } - } - - trace_rv_retries_error(__stringify(MONITOR_NAME), model_get_event_name(ev= ent)); - pr_warn("rv: " __stringify(MAX_DA_RETRY_RACING_EVENTS) - " retries reached for event %s, resetting monitor %s", - model_get_event_name(event), __stringify(MONITOR_NAME)); - return false; -} - -#elif RV_MON_TYPE =3D=3D RV_MON_PER_TASK -/* - * Event handler for per_task monitors. - * - * Retry in case there is a race between getting and setting the next stat= e, - * warn and reset the monitor if it runs out of retries. The monitor shoul= d be - * able to handle various orders. - */ - -static inline bool da_event(struct da_monitor *da_mon, struct task_struct = *tsk, - enum events event) -{ - enum states curr_state, next_state; - - curr_state =3D READ_ONCE(da_mon->curr_state); - for (int i =3D 0; i < MAX_DA_RETRY_RACING_EVENTS; i++) { - next_state =3D model_get_next_state(curr_state, event); - if (next_state =3D=3D INVALID_STATE) { - react(curr_state, event); - CONCATENATE(trace_error_, MONITOR_NAME)(tsk->pid, - model_get_state_name(curr_state), - model_get_event_name(event)); - return false; - } - if (likely(try_cmpxchg(&da_mon->curr_state, &curr_state, next_state))) { - CONCATENATE(trace_event_, MONITOR_NAME)(tsk->pid, - model_get_state_name(curr_state), - model_get_event_name(event), - model_get_state_name(next_state), - model_is_final_state(next_state)); - return true; - } - } - - trace_rv_retries_error(__stringify(MONITOR_NAME), model_get_event_name(ev= ent)); - pr_warn("rv: " __stringify(MAX_DA_RETRY_RACING_EVENTS) - " retries reached for event %s, resetting monitor %s", - model_get_event_name(event), __stringify(MONITOR_NAME)); - return false; -} -#endif /* RV_MON_TYPE */ - #if RV_MON_TYPE =3D=3D RV_MON_GLOBAL /* * Functions to define, init and get a global monitor. @@ -329,115 +252,179 @@ static inline void da_monitor_destroy(void) =20 #if RV_MON_TYPE =3D=3D RV_MON_GLOBAL || RV_MON_TYPE =3D=3D RV_MON_PER_CPU /* - * Handle event for implicit monitor: da_get_monitor() will figure out - * the monitor. + * Trace events for implicit monitors. Implicit monitor is the one which t= he + * handler does not need to specify which da_monitor to manipulate. Exampl= es + * of implicit monitor are the per_cpu or the global ones. */ =20 -static inline void __da_handle_event(struct da_monitor *da_mon, - enum events event) +static inline void da_trace_event(struct da_monitor *da_mon, + char *curr_state, char *event, + char *next_state, bool is_final, + da_id_type id) { - bool retval; + CONCATENATE(trace_event_, MONITOR_NAME)(curr_state, event, next_state, + is_final); +} =20 - retval =3D da_event(da_mon, event); - if (!retval) - da_monitor_reset(da_mon); +static inline void da_trace_error(struct da_monitor *da_mon, + char *curr_state, char *event, + da_id_type id) +{ + CONCATENATE(trace_error_, MONITOR_NAME)(curr_state, event); } =20 +#elif RV_MON_TYPE =3D=3D RV_MON_PER_TASK /* - * da_handle_event - handle an event + * Trace events for per_task monitors, report the PID of the task. */ -static inline void da_handle_event(enum events event) -{ - struct da_monitor *da_mon =3D da_get_monitor(); - bool retval; =20 - retval =3D da_monitor_handling_event(da_mon); - if (!retval) - return; +static inline void da_trace_event(struct da_monitor *da_mon, + char *curr_state, char *event, + char *next_state, bool is_final, + da_id_type id) +{ + CONCATENATE(trace_event_, MONITOR_NAME)(id, curr_state, event, + next_state, is_final); +} =20 - __da_handle_event(da_mon, event); +static inline void da_trace_error(struct da_monitor *da_mon, + char *curr_state, char *event, + da_id_type id) +{ + CONCATENATE(trace_error_, MONITOR_NAME)(id, curr_state, event); } +#endif /* RV_MON_TYPE */ =20 /* - * da_handle_start_event - start monitoring or handle event - * - * This function is used to notify the monitor that the system is returning - * to the initial state, so the monitor can start monitoring in the next e= vent. - * Thus: + * da_event - handle an event for the da_mon * - * If the monitor already started, handle the event. - * If the monitor did not start yet, start the monitor but skip the event. + * This function is valid for both implicit and id monitors. + * Retry in case there is a race between getting and setting the next stat= e, + * warn and reset the monitor if it runs out of retries. The monitor shoul= d be + * able to handle various orders. */ -static inline bool da_handle_start_event(enum events event) +static inline bool da_event(struct da_monitor *da_mon, enum events event, = da_id_type id) { - struct da_monitor *da_mon; + enum states curr_state, next_state; =20 - if (!da_monitor_enabled()) - return 0; + curr_state =3D READ_ONCE(da_mon->curr_state); + for (int i =3D 0; i < MAX_DA_RETRY_RACING_EVENTS; i++) { + next_state =3D model_get_next_state(curr_state, event); + if (next_state =3D=3D INVALID_STATE) { + react(curr_state, event); + da_trace_error(da_mon, model_get_state_name(curr_state), + model_get_event_name(event), id); + return false; + } + if (likely(try_cmpxchg(&da_mon->curr_state, &curr_state, next_state))) { + da_trace_event(da_mon, model_get_state_name(curr_state), + model_get_event_name(event), + model_get_state_name(next_state), + model_is_final_state(next_state), id); + return true; + } + } + + trace_rv_retries_error(__stringify(MONITOR_NAME), model_get_event_name(ev= ent)); + pr_warn("rv: " __stringify(MAX_DA_RETRY_RACING_EVENTS) + " retries reached for event %s, resetting monitor %s", + model_get_event_name(event), __stringify(MONITOR_NAME)); + return false; +} =20 - da_mon =3D da_get_monitor(); +static inline void __da_handle_event_common(struct da_monitor *da_mon, + enum events event, da_id_type id) +{ + if (!da_event(da_mon, event, id)) + da_monitor_reset(da_mon); +} =20 +static inline void __da_handle_event(struct da_monitor *da_mon, + enum events event, da_id_type id) +{ + if (da_monitor_handling_event(da_mon)) + __da_handle_event_common(da_mon, event, id); +} + +static inline bool __da_handle_start_event(struct da_monitor *da_mon, + enum events event, da_id_type id) +{ + if (!da_monitor_enabled()) + return 0; if (unlikely(!da_monitoring(da_mon))) { da_monitor_start(da_mon); return 0; } =20 - __da_handle_event(da_mon, event); + __da_handle_event_common(da_mon, event, id); =20 return 1; } =20 -/* - * da_handle_start_run_event - start monitoring and handle event - * - * This function is used to notify the monitor that the system is in the - * initial state, so the monitor can start monitoring and handling event. - */ -static inline bool da_handle_start_run_event(enum events event) +static inline bool __da_handle_start_run_event(struct da_monitor *da_mon, + enum events event, da_id_type id) { - struct da_monitor *da_mon; - if (!da_monitor_enabled()) return 0; - - da_mon =3D da_get_monitor(); - if (unlikely(!da_monitoring(da_mon))) da_monitor_start(da_mon); =20 - __da_handle_event(da_mon, event); + __da_handle_event_common(da_mon, event, id); =20 return 1; } =20 -#elif RV_MON_TYPE =3D=3D RV_MON_PER_TASK +#if RV_MON_TYPE =3D=3D RV_MON_GLOBAL || RV_MON_TYPE =3D=3D RV_MON_PER_CPU /* - * Handle event for per task. + * Handle event for implicit monitor: da_get_monitor() will figure out + * the monitor. */ =20 -static inline void __da_handle_event(struct da_monitor *da_mon, - struct task_struct *tsk, enum events event) +/* + * da_handle_event - handle an event + */ +static inline void da_handle_event(enum events event) { - bool retval; + __da_handle_event(da_get_monitor(), event, 0); +} =20 - retval =3D da_event(da_mon, tsk, event); - if (!retval) - da_monitor_reset(da_mon); +/* + * da_handle_start_event - start monitoring or handle event + * + * This function is used to notify the monitor that the system is returning + * to the initial state, so the monitor can start monitoring in the next e= vent. + * Thus: + * + * If the monitor already started, handle the event. + * If the monitor did not start yet, start the monitor but skip the event. + */ +static inline bool da_handle_start_event(enum events event) +{ + return __da_handle_start_event(da_get_monitor(), event, 0); } =20 /* - * da_handle_event - handle an event + * da_handle_start_run_event - start monitoring and handle event + * + * This function is used to notify the monitor that the system is in the + * initial state, so the monitor can start monitoring and handling event. */ -static inline void da_handle_event(struct task_struct *tsk, enum events ev= ent) +static inline bool da_handle_start_run_event(enum events event) { - struct da_monitor *da_mon =3D da_get_monitor(tsk); - bool retval; + return __da_handle_start_run_event(da_get_monitor(), event, 0); +} =20 - retval =3D da_monitor_handling_event(da_mon); - if (!retval) - return; +#elif RV_MON_TYPE =3D=3D RV_MON_PER_TASK +/* + * Handle event for per task. + */ =20 - __da_handle_event(da_mon, tsk, event); +/* + * da_handle_event - handle an event + */ +static inline void da_handle_event(struct task_struct *tsk, enum events ev= ent) +{ + __da_handle_event(da_get_monitor(tsk), event, tsk->pid); } =20 /* @@ -453,21 +440,7 @@ static inline void da_handle_event(struct task_struct = *tsk, enum events event) static inline bool da_handle_start_event(struct task_struct *tsk, enum events event) { - struct da_monitor *da_mon; - - if (!da_monitor_enabled()) - return 0; - - da_mon =3D da_get_monitor(tsk); - - if (unlikely(!da_monitoring(da_mon))) { - da_monitor_start(da_mon); - return 0; - } - - __da_handle_event(da_mon, tsk, event); - - return 1; + return __da_handle_start_event(da_get_monitor(tsk), event, tsk->pid); } =20 /* @@ -479,19 +452,7 @@ static inline bool da_handle_start_event(struct task_s= truct *tsk, static inline bool da_handle_start_run_event(struct task_struct *tsk, enum events event) { - struct da_monitor *da_mon; - - if (!da_monitor_enabled()) - return 0; - - da_mon =3D da_get_monitor(tsk); - - if (unlikely(!da_monitoring(da_mon))) - da_monitor_start(da_mon); - - __da_handle_event(da_mon, tsk, event); - - return 1; + return __da_handle_start_run_event(da_get_monitor(tsk), event, tsk->pid); } #endif /* RV_MON_TYPE */ =20 --=20 2.52.0 From nobody Fri Dec 19 07:17:15 2025 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id BB0E62D321B for ; Fri, 5 Dec 2025 13:16:50 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.129.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1764940617; cv=none; b=j7klsWvPdqmXv09IPFUUSlelv/53Wvd8aLMJCS+oOedtESdJwtj8EJILIiR5wfP58xvpyzTmIevB8M45PDk9wnqwumKnmSYnPzLGrgLR7s2jfwkcAUwqclTH4Z1escin+So8+etQglLGkOM8K9oSUV5kLOnFr78axMISQY+3Gxo= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1764940617; c=relaxed/simple; bh=IYPzlypuytQUXD2Kmwt5/SUQVdBQLn1z4FdGTaKuzX0=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=DFI3etWVddSTQBY7mXvB7FGXdYm6LpTPfNwNCGSrL6CA5oTIJZVjTI/WEiI8ttUY6zZRGk8BcZpz20mkIjmKPj9QeM5CgHfzS9UMvGvx1jRIqmOn9KDv3LtvXjtVa3/RGRpEnmojL408SZ8ELMAufNbSdJWFuElPRdph2IQc1io= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=F3DtkaJ3; arc=none smtp.client-ip=170.10.129.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="F3DtkaJ3" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1764940608; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=wjQfNytutWMVPSwLmykfwBg30fge633SbtXsE0ujwIA=; b=F3DtkaJ3W0ZcN7gdJ/snZ9csLHJlYkyqfYPxFz78GYq9dqGat04xLyJx11/NGnrCNxjOOJ s8wFSz5aHO1f+8H0vAlKZcmfrL/JjRGDdt24qxy7LKDroj86OkjgT+qLhJxlnkT+LPDynJ 6SSqUOqVHsfBL+WXgjcTN0btSOpc37g= Received: from mx-prod-mc-08.mail-002.prod.us-west-2.aws.redhat.com (ec2-35-165-154-97.us-west-2.compute.amazonaws.com [35.165.154.97]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-629-shYMCsO4Om2cTJuEToVdzg-1; Fri, 05 Dec 2025 08:16:45 -0500 X-MC-Unique: shYMCsO4Om2cTJuEToVdzg-1 X-Mimecast-MFC-AGG-ID: shYMCsO4Om2cTJuEToVdzg_1764940604 Received: from mx-prod-int-08.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-08.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.111]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-08.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 18A88180034C; Fri, 5 Dec 2025 13:16:44 +0000 (UTC) Received: from gmonaco-thinkpadt14gen3.rmtit.csb (unknown [10.45.226.23]) by mx-prod-int-08.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id DE582180044F; Fri, 5 Dec 2025 13:16:39 +0000 (UTC) From: Gabriele Monaco To: linux-kernel@vger.kernel.org, Steven Rostedt , Nam Cao , Gabriele Monaco , Masami Hiramatsu , linux-trace-kernel@vger.kernel.org Cc: Tomas Glozar , Juri Lelli , Clark Williams , John Kacur Subject: [PATCH v3 02/13] rv: Add Hybrid Automata monitor type Date: Fri, 5 Dec 2025 14:16:10 +0100 Message-ID: <20251205131621.135513-3-gmonaco@redhat.com> In-Reply-To: <20251205131621.135513-1-gmonaco@redhat.com> References: <20251205131621.135513-1-gmonaco@redhat.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.111 Content-Type: text/plain; charset="utf-8" Deterministic automata define which events are allowed in every state, but cannot define more sophisticated constraint taking into account the system's environment (e.g. time or other states not producing events). Add the Hybrid Automata monitor type as an extension of Deterministic automata where each state transition is validating a constraint on a finite number of environment variables. Hybrid automata can be used to implement timed automata, where the environment variables are clocks. Also implement the necessary functionality to handle clock constraints (ns or jiffy granularity) on state and events. Signed-off-by: Gabriele Monaco Reviewed-by: Nam Cao --- Notes: V3: * Improve functions naming for HA helpers include/linux/rv.h | 38 +++ include/rv/da_monitor.h | 83 ++++++- include/rv/ha_monitor.h | 476 +++++++++++++++++++++++++++++++++++++ kernel/trace/rv/Kconfig | 13 + kernel/trace/rv/rv_trace.h | 63 +++++ 5 files changed, 664 insertions(+), 9 deletions(-) create mode 100644 include/rv/ha_monitor.h diff --git a/include/linux/rv.h b/include/linux/rv.h index 58774eb3aecf..0aef9e3c785c 100644 --- a/include/linux/rv.h +++ b/include/linux/rv.h @@ -81,11 +81,49 @@ struct ltl_monitor {}; =20 #endif /* CONFIG_RV_LTL_MONITOR */ =20 +#ifdef CONFIG_RV_HA_MONITOR +/* + * In the future, hybrid automata may rely on multiple + * environment variables, e.g. different clocks started at + * different times or running at different speed. + * For now we support only 1 variable. + */ +#define MAX_HA_ENV_LEN 1 + +/* + * Monitors can pick the preferred timer implementation: + * No timer: if monitors don't have state invariants. + * Timer wheel: lightweight invariants check but far less precise. + * Hrtimer: accurate invariants check with higher overhead. + */ +#define HA_TIMER_NONE 0 +#define HA_TIMER_WHEEL 1 +#define HA_TIMER_HRTIMER 2 + +/* + * Hybrid automaton per-object variables. + */ +struct ha_monitor { + struct da_monitor da_mon; + u64 env_store[MAX_HA_ENV_LEN]; + union { + struct hrtimer hrtimer; + struct timer_list timer; + }; +}; + +#else + +struct ha_monitor { }; + +#endif /* CONFIG_RV_HA_MONITOR */ + #define RV_PER_TASK_MONITOR_INIT (CONFIG_RV_PER_TASK_MONITORS) =20 union rv_task_monitor { struct da_monitor da_mon; struct ltl_monitor ltl_mon; + struct ha_monitor ha_mon; }; =20 #ifdef CONFIG_RV_REACTORS diff --git a/include/rv/da_monitor.h b/include/rv/da_monitor.h index 6b564fad8c4d..4d0f9fb60e3c 100644 --- a/include/rv/da_monitor.h +++ b/include/rv/da_monitor.h @@ -3,9 +3,9 @@ * Copyright (C) 2019-2022 Red Hat, Inc. Daniel Bristot de Oliveira * * Deterministic automata (DA) monitor functions, to be used together - * with automata models in C generated by the dot2k tool. + * with automata models in C generated by the rvgen tool. * - * The dot2k tool is available at tools/verification/dot2k/ + * The rvgen tool is available at tools/verification/rvgen/ * * For further information, see: * Documentation/trace/rv/da_monitor_synthesis.rst @@ -22,6 +22,33 @@ =20 static struct rv_monitor rv_this; =20 +/* + * Hook to allow the implementation of hybrid automata: define it with a + * function that takes curr_state, event and next_state and returns true i= f the + * environment constraints (e.g. timing) are satisfied, false otherwise. + */ +#ifndef da_monitor_event_hook +#define da_monitor_event_hook(...) true +#endif + +/* + * Hook to allow the implementation of hybrid automata: define it with a + * function that takes the da_monitor and performs further initialisation + * (e.g. reset set up timers). + */ +#ifndef da_monitor_init_hook +#define da_monitor_init_hook(da_mon) +#endif + +/* + * Hook to allow the implementation of hybrid automata: define it with a + * function that takes the da_monitor and performs further reset (e.g. res= et + * all clocks). + */ +#ifndef da_monitor_reset_hook +#define da_monitor_reset_hook(da_mon) +#endif + /* * Type for the target id, default to int but can be overridden. */ @@ -43,6 +70,7 @@ static void react(enum states curr_state, enum events eve= nt) */ static inline void da_monitor_reset(struct da_monitor *da_mon) { + da_monitor_reset_hook(da_mon); da_mon->monitoring =3D 0; da_mon->curr_state =3D model_get_initial_state(); } @@ -57,6 +85,7 @@ static inline void da_monitor_start(struct da_monitor *da= _mon) { da_mon->curr_state =3D model_get_initial_state(); da_mon->monitoring =3D 1; + da_monitor_init_hook(da_mon); } =20 /* @@ -106,14 +135,14 @@ static inline bool da_monitor_handling_event(struct d= a_monitor *da_mon) /* * global monitor (a single variable) */ -static struct da_monitor da_mon_this; +static union rv_task_monitor da_mon_this; =20 /* * da_get_monitor - return the global monitor address */ static struct da_monitor *da_get_monitor(void) { - return &da_mon_this; + return &(da_mon_this.da_mon); } =20 /* @@ -136,7 +165,10 @@ static inline int da_monitor_init(void) /* * da_monitor_destroy - destroy the monitor */ -static inline void da_monitor_destroy(void) { } +static inline void da_monitor_destroy(void) +{ + da_monitor_reset_all(); +} =20 #elif RV_MON_TYPE =3D=3D RV_MON_PER_CPU /* @@ -146,14 +178,14 @@ static inline void da_monitor_destroy(void) { } /* * per-cpu monitor variables */ -static DEFINE_PER_CPU(struct da_monitor, da_mon_this); +static DEFINE_PER_CPU(union rv_task_monitor, da_mon_this); =20 /* * da_get_monitor - return current CPU monitor address */ static struct da_monitor *da_get_monitor(void) { - return this_cpu_ptr(&da_mon_this); + return &this_cpu_ptr(&da_mon_this)->da_mon; } =20 /* @@ -165,7 +197,7 @@ static void da_monitor_reset_all(void) int cpu; =20 for_each_cpu(cpu, cpu_online_mask) { - da_mon =3D per_cpu_ptr(&da_mon_this, cpu); + da_mon =3D &per_cpu_ptr(&da_mon_this, cpu)->da_mon; da_monitor_reset(da_mon); } } @@ -182,7 +214,10 @@ static inline int da_monitor_init(void) /* * da_monitor_destroy - destroy the monitor */ -static inline void da_monitor_destroy(void) { } +static inline void da_monitor_destroy(void) +{ + da_monitor_reset_all(); +} =20 #elif RV_MON_TYPE =3D=3D RV_MON_PER_TASK /* @@ -203,6 +238,24 @@ static inline struct da_monitor *da_get_monitor(struct= task_struct *tsk) return &tsk->rv[task_mon_slot].da_mon; } =20 +/* + * da_get_task - return the task associated to the monitor + */ +static inline struct task_struct *da_get_task(struct da_monitor *da_mon) +{ + return container_of(da_mon, struct task_struct, rv[task_mon_slot].da_mon); +} + +/* + * da_get_id - return the id associated to the monitor + * + * For per-task monitors, the id is the task's PID. + */ +static inline da_id_type da_get_id(struct da_monitor *da_mon) +{ + return da_get_task(da_mon)->pid; +} + static void da_monitor_reset_all(void) { struct task_struct *g, *p; @@ -247,6 +300,8 @@ static inline void da_monitor_destroy(void) } rv_put_task_monitor_slot(task_mon_slot); task_mon_slot =3D RV_PER_TASK_MONITOR_INIT; + + da_monitor_reset_all(); } #endif /* RV_MON_TYPE */ =20 @@ -273,6 +328,14 @@ static inline void da_trace_error(struct da_monitor *d= a_mon, CONCATENATE(trace_error_, MONITOR_NAME)(curr_state, event); } =20 +/* + * da_get_id - unused for implicit monitors + */ +static inline da_id_type da_get_id(struct da_monitor *da_mon) +{ + return 0; +} + #elif RV_MON_TYPE =3D=3D RV_MON_PER_TASK /* * Trace events for per_task monitors, report the PID of the task. @@ -317,6 +380,8 @@ static inline bool da_event(struct da_monitor *da_mon, = enum events event, da_id_ return false; } if (likely(try_cmpxchg(&da_mon->curr_state, &curr_state, next_state))) { + if (!da_monitor_event_hook(da_mon, curr_state, event, next_state, id)) + return false; da_trace_event(da_mon, model_get_state_name(curr_state), model_get_event_name(event), model_get_state_name(next_state), diff --git a/include/rv/ha_monitor.h b/include/rv/ha_monitor.h new file mode 100644 index 000000000000..c8a434cb46ac --- /dev/null +++ b/include/rv/ha_monitor.h @@ -0,0 +1,476 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +/* + * Copyright (C) 2025-2028 Red Hat, Inc. Gabriele Monaco + * + * Hybrid automata (HA) monitor functions, to be used together + * with automata models in C generated by the rvgen tool. + * + * This type of monitors extends the Deterministic automata (DA) class by + * adding a set of environment variables (e.g. clocks) that can be used to + * constraint the valid transitions. + * + * The rvgen tool is available at tools/verification/rvgen/ + * + * For further information, see: + * Documentation/trace/rv/ha_monitor_synthesis.rst + */ + +#ifndef _RV_HA_MONITOR_H +#define _RV_HA_MONITOR_H + +#include + +#ifndef da_id_type +#define da_id_type int +#endif + +static inline void ha_monitor_init_env(struct da_monitor *da_mon); +static inline void ha_monitor_reset_env(struct da_monitor *da_mon); +static inline void ha_setup_timer(struct ha_monitor *ha_mon); +static inline bool ha_cancel_timer(struct ha_monitor *ha_mon); +static bool ha_monitor_handle_constraint(struct da_monitor *da_mon, + enum states curr_state, + enum events event, + enum states next_state, + da_id_type id); +#define da_monitor_event_hook ha_monitor_handle_constraint +#define da_monitor_init_hook ha_monitor_init_env +#define da_monitor_reset_hook ha_monitor_reset_env + +#include +#include + +/* This simplifies things since da_mon and ha_mon coexist in the same unio= n */ +_Static_assert(offsetof(struct ha_monitor, da_mon) =3D=3D 0, + "da_mon must be the first element in an ha_mon!"); +#define to_ha_monitor(da) container_of(da, struct ha_monitor, da_mon) + +#define ENV_MAX CONCATENATE(env_max_, MONITOR_NAME) +#define ENV_MAX_STORED CONCATENATE(env_max_stored_, MONITOR_NAME) +#define envs CONCATENATE(envs_, MONITOR_NAME) + +/* Environment storage before being reset */ +#define ENV_INVALID_VALUE U64_MAX +/* Error with no event occurs only on timeouts */ +#define EVENT_NONE EVENT_MAX +#define EVENT_NONE_LBL "none" +#define ENV_BUFFER_SIZE 64 + +#ifdef CONFIG_RV_REACTORS + +/* + * ha_react - trigger the reaction after a failed environment constraint + * + * The transition from curr_state with event is otherwise valid, but the + * environment constraint is false. This function can be called also with = no + * event from a timer (state constraints only). + */ +static void ha_react(enum states curr_state, enum events event, char *env) +{ + rv_react(&rv_this, + "rv: monitor %s does not allow event %s on state %s with env %s\n", + __stringify(MONITOR_NAME), + event =3D=3D EVENT_NONE ? EVENT_NONE_LBL : model_get_event_name(event), + model_get_state_name(curr_state), env); +} + +#else /* CONFIG_RV_REACTOR */ + +static void ha_react(enum states curr_state, enum events event, char *env)= { } +#endif + +/* + * model_get_state_name - return the (string) name of the given state + */ +static char *model_get_env_name(enum envs env) +{ + if ((env < 0) || (env >=3D ENV_MAX)) + return "INVALID"; + + return RV_AUTOMATON_NAME.env_names[env]; +} + +/* + * Monitors requiring a timer implementation need to request it explicitly. + */ +#ifndef HA_TIMER_TYPE +#define HA_TIMER_TYPE HA_TIMER_NONE +#endif + +#if HA_TIMER_TYPE =3D=3D HA_TIMER_WHEEL +static void ha_monitor_timer_callback(struct timer_list *timer); +#elif HA_TIMER_TYPE =3D=3D HA_TIMER_HRTIMER +static enum hrtimer_restart ha_monitor_timer_callback(struct hrtimer *hrti= mer); +#endif + +/* + * ktime_get_ns is expensive, since we usually don't require precise accou= nting + * of changes within the same event, cache the current time at the beginni= ng of + * the constraint handler and use the cache for subsequent calls. + * Monitors without ns clocks automatically skip this. + */ +#ifdef HA_CLK_NS +#define ha_get_ns() ktime_get_ns() +#else +#define ha_get_ns() 0 +#endif /* HA_CLK_NS */ + +/* Should be supplied by the monitor */ +static u64 ha_get_env(struct ha_monitor *ha_mon, enum envs env, u64 time_n= s); +static bool ha_verify_constraint(struct ha_monitor *ha_mon, + enum states curr_state, + enum events event, + enum states next_state, + u64 time_ns); + +/* + * ha_monitor_reset_all_stored - reset all environment variables in the mo= nitor + */ +static inline void ha_monitor_reset_all_stored(struct ha_monitor *ha_mon) +{ + for (int i =3D 0; i < ENV_MAX_STORED; i++) + WRITE_ONCE(ha_mon->env_store[i], ENV_INVALID_VALUE); +} + +/* + * ha_monitor_init_env - setup timer and reset all environment + * + * Called from a hook in the DA start functions, it supplies the da_mon + * corresponding to the current ha_mon. + * Not all hybrid automata require the timer, still set it for simplicity. + */ +static inline void ha_monitor_init_env(struct da_monitor *da_mon) +{ + struct ha_monitor *ha_mon =3D to_ha_monitor(da_mon); + + ha_monitor_reset_all_stored(ha_mon); + ha_setup_timer(ha_mon); +} + +/* + * ha_monitor_reset_env - stop timer and reset all environment + * + * Called from a hook in the DA reset functions, it supplies the da_mon + * corresponding to the current ha_mon. + * Not all hybrid automata require the timer, still clear it for simplicit= y. + */ +static inline void ha_monitor_reset_env(struct da_monitor *da_mon) +{ + struct ha_monitor *ha_mon =3D to_ha_monitor(da_mon); + + ha_monitor_reset_all_stored(ha_mon); + /* Initialisation resets the monitor before initialising the timer */ + if (likely(da_monitoring(da_mon))) + ha_cancel_timer(ha_mon); +} + +/* + * ha_monitor_env_invalid - return true if env has not been initialised + */ +static inline bool ha_monitor_env_invalid(struct ha_monitor *ha_mon, enum = envs env) +{ + return READ_ONCE(ha_mon->env_store[env]) =3D=3D ENV_INVALID_VALUE; +} + +static inline void ha_get_env_string(struct seq_buf *s, + struct ha_monitor *ha_mon, u64 time_ns) +{ + const char *format_str =3D "%s=3D%llu"; + + for (int i =3D 0; i < ENV_MAX; i++) { + seq_buf_printf(s, format_str, model_get_env_name(i), + ha_get_env(ha_mon, i, time_ns)); + format_str =3D ",%s=3D%llu"; + } +} + +#if RV_MON_TYPE =3D=3D RV_MON_GLOBAL || RV_MON_TYPE =3D=3D RV_MON_PER_CPU +static inline void ha_trace_error_env(struct ha_monitor *ha_mon, + char *curr_state, char *event, char *env, + da_id_type id) +{ + CONCATENATE(trace_error_env_, MONITOR_NAME)(curr_state, event, env); +} +#elif RV_MON_TYPE =3D=3D RV_MON_PER_TASK +static inline void ha_trace_error_env(struct ha_monitor *ha_mon, + char *curr_state, char *event, char *env, + da_id_type id) +{ + CONCATENATE(trace_error_env_, MONITOR_NAME)(id, curr_state, event, env); +} +#endif /* RV_MON_TYPE */ + +/* + * ha_get_monitor - return the current monitor + */ +#define ha_get_monitor(...) to_ha_monitor(da_get_monitor(__VA_ARGS__)) + +/* + * ha_monitor_handle_constraint - handle the constraint on the current tra= nsition + * + * If the monitor implementation defines a constraint in the transition fr= om + * curr_state to event, react and trace appropriately as well as return fa= lse. + * This function is called from the hook in the DA event handle function a= nd + * triggers a failure in the monitor. + */ +static bool ha_monitor_handle_constraint(struct da_monitor *da_mon, + enum states curr_state, + enum events event, + enum states next_state, + da_id_type id) +{ + struct ha_monitor *ha_mon =3D to_ha_monitor(da_mon); + u64 time_ns =3D ha_get_ns(); + DECLARE_SEQ_BUF(env_string, ENV_BUFFER_SIZE); + + if (ha_verify_constraint(ha_mon, curr_state, event, next_state, time_ns)) + return true; + + ha_get_env_string(&env_string, ha_mon, time_ns); + ha_react(curr_state, event, env_string.buffer); + ha_trace_error_env(ha_mon, + model_get_state_name(curr_state), + model_get_event_name(event), + env_string.buffer, id); + return false; +} + +static inline void __ha_monitor_timer_callback(struct ha_monitor *ha_mon) +{ + enum states curr_state =3D READ_ONCE(ha_mon->da_mon.curr_state); + DECLARE_SEQ_BUF(env_string, ENV_BUFFER_SIZE); + u64 time_ns =3D ha_get_ns(); + + ha_get_env_string(&env_string, ha_mon, time_ns); + ha_react(curr_state, EVENT_NONE, env_string.buffer); + ha_trace_error_env(ha_mon, model_get_state_name(curr_state), + EVENT_NONE_LBL, env_string.buffer, + da_get_id(&ha_mon->da_mon)); + + da_monitor_reset(&ha_mon->da_mon); +} + +/* + * The clock variables have 2 different representations in the env_store: + * - The guard representation is the timestamp of the last reset + * - The invariant representation is the timestamp when the invariant expi= res + * As the representations are incompatible, care must be taken when switch= ing + * between them: the invariant representation can only be used when starti= ng a + * timer when the previous representation was guard (e.g. no other invaria= nt + * started since the last reset operation). + * Likewise, switching from invariant to guard representation without a re= set + * can be done only by subtracting the exact value used to start the invar= iant. + * + * Reading the environment variable (ha_get_clk) also reflects this differ= ence + * any reads in states that have an invariant return the (possibly negativ= e) + * time since expiration, other reads return the time since last reset. + */ + +/* + * Helper functions for env variables describing clocks with ns granularity + */ +static inline u64 ha_get_clk_ns(struct ha_monitor *ha_mon, enum envs env, = u64 time_ns) +{ + return time_ns - READ_ONCE(ha_mon->env_store[env]); +} +static inline void ha_reset_clk_ns(struct ha_monitor *ha_mon, enum envs en= v, u64 time_ns) +{ + WRITE_ONCE(ha_mon->env_store[env], time_ns); +} +static inline void ha_set_invariant_ns(struct ha_monitor *ha_mon, enum env= s env, + u64 value, u64 time_ns) +{ + WRITE_ONCE(ha_mon->env_store[env], time_ns + value); +} +static inline bool ha_check_invariant_ns(struct ha_monitor *ha_mon, + enum envs env, u64 time_ns) +{ + return READ_ONCE(ha_mon->env_store[env]) >=3D time_ns; +} +/* + * ha_invariant_passed_ns - prepare the invariant and return the time sinc= e reset + */ +static inline u64 ha_invariant_passed_ns(struct ha_monitor *ha_mon, enum e= nvs env, + u64 expire, u64 time_ns) +{ + u64 passed =3D 0; + + if (env < 0 || env >=3D ENV_MAX_STORED) + return 0; + if (ha_monitor_env_invalid(ha_mon, env)) + return 0; + passed =3D ha_get_env(ha_mon, env, time_ns); + ha_set_invariant_ns(ha_mon, env, expire - passed, time_ns); + return passed; +} + +/* + * Helper functions for env variables describing clocks with jiffy granula= rity + */ +static inline u64 ha_get_clk_jiffy(struct ha_monitor *ha_mon, enum envs en= v) +{ + return get_jiffies_64() - READ_ONCE(ha_mon->env_store[env]); +} +static inline void ha_reset_clk_jiffy(struct ha_monitor *ha_mon, enum envs= env) +{ + WRITE_ONCE(ha_mon->env_store[env], get_jiffies_64()); +} +static inline void ha_set_invariant_jiffy(struct ha_monitor *ha_mon, + enum envs env, u64 value) +{ + WRITE_ONCE(ha_mon->env_store[env], get_jiffies_64() + value); +} +static inline bool ha_check_invariant_jiffy(struct ha_monitor *ha_mon, + enum envs env, u64 time_ns) +{ + return time_after64(READ_ONCE(ha_mon->env_store[env]), get_jiffies_64()); + +} +/* + * ha_invariant_passed_jiffy - prepare the invariant and return the time s= ince reset + */ +static inline u64 ha_invariant_passed_jiffy(struct ha_monitor *ha_mon, enu= m envs env, + u64 expire, u64 time_ns) +{ + u64 passed =3D 0; + + if (env < 0 || env >=3D ENV_MAX_STORED) + return 0; + if (ha_monitor_env_invalid(ha_mon, env)) + return 0; + passed =3D ha_get_env(ha_mon, env, time_ns); + ha_set_invariant_jiffy(ha_mon, env, expire - passed); + return passed; +} + +/* + * Retrieve the last reset time (guard representation) from the invariant + * representation (expiration). + * It the caller's responsibility to make sure the storage was actually in= the + * invariant representation (e.g. the current state has an invariant). + * The provided value must be the same used when starting the invariant. + * + * This function's access to the storage is NOT atomic, due to the rarity = when + * this is used. If a monitor allows writes concurrent to this, likely + * other things are broken and need rethinking the model or additional loc= king. + */ +static inline void ha_inv_to_guard(struct ha_monitor *ha_mon, enum envs en= v, + u64 value, u64 time_ns) +{ + WRITE_ONCE(ha_mon->env_store[env], READ_ONCE(ha_mon->env_store[env]) - va= lue); +} + +#if HA_TIMER_TYPE =3D=3D HA_TIMER_WHEEL +/* + * Helper functions to handle the monitor timer. + * Not all monitors require a timer, in such case the timer will be set up= but + * never armed. + * Timers start since the last reset of the supplied env or from now if en= v is + * not an environment variable. If env was not initialised no timer starts. + * Timers can expire on any CPU unless the monitor is per-cpu, + * where we assume every event occurs on the local CPU. + */ +static void ha_monitor_timer_callback(struct timer_list *timer) +{ + struct ha_monitor *ha_mon =3D container_of(timer, struct ha_monitor, time= r); + + __ha_monitor_timer_callback(ha_mon); +} +static inline void ha_setup_timer(struct ha_monitor *ha_mon) +{ + int mode =3D 0; + + if (RV_MON_TYPE =3D=3D RV_MON_PER_CPU) + mode |=3D TIMER_PINNED; + timer_setup(&ha_mon->timer, ha_monitor_timer_callback, mode); +} +static inline void ha_start_timer_jiffy(struct ha_monitor *ha_mon, enum en= vs env, + u64 expire, u64 time_ns) +{ + u64 passed =3D ha_invariant_passed_jiffy(ha_mon, env, expire, time_ns); + + mod_timer(&ha_mon->timer, get_jiffies_64() + expire - passed); +} +static inline void ha_start_timer_ns(struct ha_monitor *ha_mon, enum envs = env, + u64 expire, u64 time_ns) +{ + u64 passed =3D ha_invariant_passed_ns(ha_mon, env, expire, time_ns); + + ha_start_timer_jiffy(ha_mon, ENV_MAX_STORED, + nsecs_to_jiffies(expire - passed) + 1, time_ns); +} +/* + * ha_cancel_timer - Cancel the timer + * + * Returns: + * * 1 when the timer was active + * * 0 when the timer was not active or running a callback + */ +static inline bool ha_cancel_timer(struct ha_monitor *ha_mon) +{ + return timer_delete(&ha_mon->timer); +} +#elif HA_TIMER_TYPE =3D=3D HA_TIMER_HRTIMER +/* + * Helper functions to handle the monitor timer. + * Not all monitors require a timer, in such case the timer will be set up= but + * never armed. + * Timers start since the last reset of the supplied env or from now if en= v is + * not an environment variable. If env was not initialised no timer starts. + * Timers can expire on any CPU unless the monitor is per-cpu, + * where we assume every event occurs on the local CPU. + */ +static enum hrtimer_restart ha_monitor_timer_callback(struct hrtimer *hrti= mer) +{ + struct ha_monitor *ha_mon =3D container_of(hrtimer, struct ha_monitor, hr= timer); + + __ha_monitor_timer_callback(ha_mon); + return HRTIMER_NORESTART; +} +static inline void ha_setup_timer(struct ha_monitor *ha_mon) +{ + hrtimer_setup(&ha_mon->hrtimer, ha_monitor_timer_callback, + CLOCK_MONOTONIC, HRTIMER_MODE_REL_HARD); +} +static inline void ha_start_timer_ns(struct ha_monitor *ha_mon, enum envs = env, + u64 expire, u64 time_ns) +{ + int mode =3D HRTIMER_MODE_REL_HARD; + u64 passed =3D ha_invariant_passed_ns(ha_mon, env, expire, time_ns); + + if (RV_MON_TYPE =3D=3D RV_MON_PER_CPU) + mode |=3D HRTIMER_MODE_PINNED; + hrtimer_start(&ha_mon->hrtimer, ns_to_ktime(expire - passed), mode); +} +static inline void ha_start_timer_jiffy(struct ha_monitor *ha_mon, enum en= vs env, + u64 expire, u64 time_ns) +{ + u64 passed =3D ha_invariant_passed_jiffy(ha_mon, env, expire, time_ns); + + ha_start_timer_ns(ha_mon, ENV_MAX_STORED, + jiffies_to_nsecs(expire - passed), time_ns); +} +/* + * ha_cancel_timer - Cancel the timer + * + * Returns: + * * 1 when the timer was active + * * 0 when the timer was not active or running a callback + */ +static inline bool ha_cancel_timer(struct ha_monitor *ha_mon) +{ + return hrtimer_try_to_cancel(&ha_mon->hrtimer) =3D=3D 1; +} +#else //HA_TIMER_NONE +/* + * Start function is intentionally not defined, monitors using timers must + * set HA_TIMER_TYPE to either HA_TIMER_WHEEL or HA_TIMER_HRTIMER. + */ +static inline void ha_setup_timer(struct ha_monitor *ha_mon) { } +static inline bool ha_cancel_timer(struct ha_monitor *ha_mon) +{ + return false; +} +#endif + +#endif diff --git a/kernel/trace/rv/Kconfig b/kernel/trace/rv/Kconfig index 5b4be87ba59d..4ad392dfc57f 100644 --- a/kernel/trace/rv/Kconfig +++ b/kernel/trace/rv/Kconfig @@ -23,6 +23,19 @@ config LTL_MON_EVENTS_ID config RV_LTL_MONITOR bool =20 +config RV_HA_MONITOR + bool + +config HA_MON_EVENTS_IMPLICIT + select DA_MON_EVENTS_IMPLICIT + select RV_HA_MONITOR + bool + +config HA_MON_EVENTS_ID + select DA_MON_EVENTS_ID + select RV_HA_MONITOR + bool + menuconfig RV bool "Runtime Verification" select TRACING diff --git a/kernel/trace/rv/rv_trace.h b/kernel/trace/rv/rv_trace.h index 4a6faddac614..7c598967bc0e 100644 --- a/kernel/trace/rv/rv_trace.h +++ b/kernel/trace/rv/rv_trace.h @@ -65,6 +65,36 @@ DECLARE_EVENT_CLASS(error_da_monitor, #include // Add new monitors based on CONFIG_DA_MON_EVENTS_IMPLICIT here =20 +#ifdef CONFIG_HA_MON_EVENTS_IMPLICIT +/* For simplicity this class is marked as DA although relevant only for HA= */ +DECLARE_EVENT_CLASS(error_env_da_monitor, + + TP_PROTO(char *state, char *event, char *env), + + TP_ARGS(state, event, env), + + TP_STRUCT__entry( + __string( state, state ) + __string( event, event ) + __string( env, env ) + ), + + TP_fast_assign( + __assign_str(state); + __assign_str(event); + __assign_str(env); + ), + + TP_printk("event %s not expected in the state %s with env %s", + __get_str(event), + __get_str(state), + __get_str(env)) +); + +// Add new monitors based on CONFIG_HA_MON_EVENTS_IMPLICIT here + +#endif + #endif /* CONFIG_DA_MON_EVENTS_IMPLICIT */ =20 #ifdef CONFIG_DA_MON_EVENTS_ID @@ -128,6 +158,39 @@ DECLARE_EVENT_CLASS(error_da_monitor_id, #include // Add new monitors based on CONFIG_DA_MON_EVENTS_ID here =20 +#ifdef CONFIG_HA_MON_EVENTS_ID +/* For simplicity this class is marked as DA although relevant only for HA= */ +DECLARE_EVENT_CLASS(error_env_da_monitor_id, + + TP_PROTO(int id, char *state, char *event, char *env), + + TP_ARGS(id, state, event, env), + + TP_STRUCT__entry( + __field( int, id ) + __string( state, state ) + __string( event, event ) + __string( env, env ) + ), + + TP_fast_assign( + __assign_str(state); + __assign_str(event); + __assign_str(env); + __entry->id =3D id; + ), + + TP_printk("%d: event %s not expected in the state %s with env %s", + __entry->id, + __get_str(event), + __get_str(state), + __get_str(env)) +); + +// Add new monitors based on CONFIG_HA_MON_EVENTS_ID here + +#endif + #endif /* CONFIG_DA_MON_EVENTS_ID */ #ifdef CONFIG_LTL_MON_EVENTS_ID DECLARE_EVENT_CLASS(event_ltl_monitor_id, --=20 2.52.0 From nobody Fri Dec 19 07:17:15 2025 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2EC3032ABC3 for ; Fri, 5 Dec 2025 13:16:57 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.133.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1764940621; cv=none; b=lzJtUn6PopZEi0/B71f1m9lNyBOVUdKJrvzT1O6ZmhquhY2SqvUenBqf8cq1VExzn8/P7Z05hrY9w3LMSaq7yKFTauwkXxGKn5ftfBnQhdsmEDZv60YnQIcUNXaJ1THRwAIrtTOk+QzUgV7oLWX0PeZRc78c6yK65RbkPlNsJ40= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1764940621; c=relaxed/simple; bh=Hp1UUc//HkW6+lKEgtSCyi+d4ZcTEwDVx10LTVXpvzg=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=Y7IJl8xc8xoY1GXBQ655TC8Oy4SM+aEGEzlVTpumJcWHS9JtO+wbvX7PIqlZfvrsCC5CkrgQqC62K86Tko3SiyImhQzJWHK5E1KLUQBabTG2vOIl36/BFe3LsoKkuexk2AZceuI9Txe+tTkfVngAIiyIVU87A8tibzSB3m7jD7s= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=NlLdI5FK; arc=none smtp.client-ip=170.10.133.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="NlLdI5FK" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1764940613; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=SqglkPDvlxAEmEtclUgwCg2/uHzDAdN41CTr/RpBOsc=; b=NlLdI5FKwb7OhJd+0iReyyXjMpEyDrTHBmnaUDUAlPtkgnG2pevpzYe/UGe9d2YNmNpScN cf1QjX6pHg3SxIuQlsg4Uirplw2IfQ9Fwrh8wJR2ag0NOaW78uBNdDL38JUs2jF9BVxCJO s3ZuPO9UmVozsYaSI/YSTc/s5Lfwx4Y= Received: from mx-prod-mc-08.mail-002.prod.us-west-2.aws.redhat.com (ec2-35-165-154-97.us-west-2.compute.amazonaws.com [35.165.154.97]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-562-wQd3jWLiNk6wiBn20eiToA-1; Fri, 05 Dec 2025 08:16:50 -0500 X-MC-Unique: wQd3jWLiNk6wiBn20eiToA-1 X-Mimecast-MFC-AGG-ID: wQd3jWLiNk6wiBn20eiToA_1764940609 Received: from mx-prod-int-08.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-08.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.111]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-08.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 337091800342; Fri, 5 Dec 2025 13:16:49 +0000 (UTC) Received: from gmonaco-thinkpadt14gen3.rmtit.csb (unknown [10.45.226.23]) by mx-prod-int-08.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id 3303C180045B; Fri, 5 Dec 2025 13:16:44 +0000 (UTC) From: Gabriele Monaco To: linux-kernel@vger.kernel.org, Steven Rostedt , Nam Cao , Gabriele Monaco , linux-trace-kernel@vger.kernel.org Cc: Tomas Glozar , Juri Lelli , Clark Williams , John Kacur Subject: [PATCH v3 03/13] verification/rvgen: Allow spaces in and events strings Date: Fri, 5 Dec 2025 14:16:11 +0100 Message-ID: <20251205131621.135513-4-gmonaco@redhat.com> In-Reply-To: <20251205131621.135513-1-gmonaco@redhat.com> References: <20251205131621.135513-1-gmonaco@redhat.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.111 Content-Type: text/plain; charset="utf-8" Currently the automata parser assumes event strings don't have any space, this stands true for event names, but can be a wrong assumption if we want to store other information in the event strings (e.g. constraints for hybrid automata). Adapt the parser logic to allow spaces in the event strings. Reviewed-by: Nam Cao Signed-off-by: Gabriele Monaco --- tools/verification/rvgen/rvgen/automata.py | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/tools/verification/rvgen/rvgen/automata.py b/tools/verificatio= n/rvgen/rvgen/automata.py index 3f06aef8d4fd..977ba859c34e 100644 --- a/tools/verification/rvgen/rvgen/automata.py +++ b/tools/verification/rvgen/rvgen/automata.py @@ -127,14 +127,13 @@ class Automata: # ------------ event is here ------------^^^^^ if self.__dot_lines[cursor].split()[1] =3D=3D "->": line =3D self.__dot_lines[cursor].split() - event =3D line[-2].replace('"','') + event =3D "".join(line[line.index("label")+2:-1]).replace(= '"','') =20 # when a transition has more than one lables, they are lik= e this # "local_irq_enable\nhw_local_irq_enable_n" # so split them. =20 - event =3D event.replace("\\n", " ") - for i in event.split(): + for i in event.split("\\n"): events.append(i) cursor +=3D 1 =20 @@ -167,8 +166,8 @@ class Automata: line =3D self.__dot_lines[cursor].split() origin_state =3D line[0].replace('"','').replace(',','_') dest_state =3D line[2].replace('"','').replace(',','_') - possible_events =3D line[-2].replace('"','').replace("\\n"= , " ") - for event in possible_events.split(): + possible_events =3D "".join(line[line.index("label")+2:-1]= ).replace('"','') + for event in possible_events.split("\\n"): matrix[states_dict[origin_state]][events_dict[event]] = =3D dest_state cursor +=3D 1 =20 --=20 2.52.0 From nobody Fri Dec 19 07:17:15 2025 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6C64732FA16 for ; Fri, 5 Dec 2025 13:17:01 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.133.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1764940626; cv=none; b=HcN4C767C/1kGTR7IJ12bNq/kS2/54jJNJBusk2PUmvnebYBgeRMy2oubAD60204G4O4YDpspfRZnEKtjxnooIOm4r4ABl3nksCbstu95dyuunnPJaLQKLcOKhMNxdLqI7J/YhgSc7YTtAvd4aygRASpJUPCSpajD3ZaBlLxo1Y= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1764940626; c=relaxed/simple; bh=P7jRvn9M5gqanE12OJhNw9Zo9LYWcONhcYjh0YljXPw=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=o1/jCA/oanpuSB6RpyLY5vQxIiRImoA3hvBZr4PlK5QlMyV5RdzqlQwc1Nhq+u6sGgM1v39dwDh2ZaSbm31cNpHnBrwTYk1FpDCjKYP1A72HXjPoXRLMVLbfiFTHXBeCDdEN/m3qTnUZuZwPyKZCMU0vUh9cbD1FWx6qpt/VbSg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=GoYn2xK7; arc=none smtp.client-ip=170.10.133.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="GoYn2xK7" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1764940619; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=GE9SUm+G0dnEBbgtLeKU+UqlHVL9kA8ig3SnM7DTyDk=; b=GoYn2xK73yW1tw83MqThl0lMzWsf+E+UKi2Utdd2NvlcKQBeeb+Nmkv0x77doagI7riv2m BHJebS/yzGe6W9RR4GkoCJUU5RxYOvifdo1YQq4Kjfp2UF3YxwtmH7bN3y3cZ9VEsypZkB H/dhdq1fsPO89b4/uX07yq2of8rJx0I= Received: from mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com (ec2-35-165-154-97.us-west-2.compute.amazonaws.com [35.165.154.97]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-216-RS00ZabbMpOEtLe4qlPriw-1; Fri, 05 Dec 2025 08:16:58 -0500 X-MC-Unique: RS00ZabbMpOEtLe4qlPriw-1 X-Mimecast-MFC-AGG-ID: RS00ZabbMpOEtLe4qlPriw_1764940616 Received: from mx-prod-int-08.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-08.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.111]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id E17CB180065F; Fri, 5 Dec 2025 13:16:55 +0000 (UTC) Received: from gmonaco-thinkpadt14gen3.rmtit.csb (unknown [10.45.226.23]) by mx-prod-int-08.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id 688E4180045B; Fri, 5 Dec 2025 13:16:51 +0000 (UTC) From: Gabriele Monaco To: linux-kernel@vger.kernel.org, Steven Rostedt , Nam Cao , Gabriele Monaco , linux-trace-kernel@vger.kernel.org Cc: Tomas Glozar , Juri Lelli , Clark Williams , John Kacur Subject: [PATCH v3 04/13] verification/rvgen: Add support for Hybrid Automata Date: Fri, 5 Dec 2025 14:16:12 +0100 Message-ID: <20251205131621.135513-5-gmonaco@redhat.com> In-Reply-To: <20251205131621.135513-1-gmonaco@redhat.com> References: <20251205131621.135513-1-gmonaco@redhat.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.111 Content-Type: text/plain; charset="utf-8" Add the possibility to parse dot files as hybrid automata and generate the necessary code from rvgen. Hybrid automata are very similar to deterministic ones and most functionality is shared, the dot files include also constraints together with event names (separated by ;) and state names (separated by \n). The tool can now generate the appropriate code to validate constraints at runtime according to the dot specification. Signed-off-by: Gabriele Monaco --- tools/verification/rvgen/__main__.py | 8 +- tools/verification/rvgen/rvgen/automata.py | 141 +++++- tools/verification/rvgen/rvgen/dot2c.py | 49 ++ tools/verification/rvgen/rvgen/dot2k.py | 473 +++++++++++++++++- tools/verification/rvgen/rvgen/generator.py | 2 + .../rvgen/rvgen/templates/dot2k/main.c | 2 +- .../rvgen/templates/dot2k/trace_hybrid.h | 16 + 7 files changed, 677 insertions(+), 14 deletions(-) create mode 100644 tools/verification/rvgen/rvgen/templates/dot2k/trace_hy= brid.h diff --git a/tools/verification/rvgen/__main__.py b/tools/verification/rvge= n/__main__.py index fa6fc1f4de2f..b8e07e463293 100644 --- a/tools/verification/rvgen/__main__.py +++ b/tools/verification/rvgen/__main__.py @@ -9,7 +9,7 @@ # Documentation/trace/rv/da_monitor_synthesis.rst =20 if __name__ =3D=3D '__main__': - from rvgen.dot2k import dot2k + from rvgen.dot2k import da2k, ha2k from rvgen.generator import Monitor from rvgen.container import Container from rvgen.ltl2k import ltl2k @@ -29,7 +29,7 @@ if __name__ =3D=3D '__main__': monitor_parser.add_argument("-p", "--parent", dest=3D"parent", required=3DFalse, help=3D"Create a monitor= nested to parent") monitor_parser.add_argument('-c', "--class", dest=3D"monitor_class", - help=3D"Monitor class, either \"da\" or \"= ltl\"") + help=3D"Monitor class, either \"da\", \"ha= \" or \"ltl\"") monitor_parser.add_argument('-s', "--spec", dest=3D"spec", help=3D"Mon= itor specification file") monitor_parser.add_argument('-t', "--monitor_type", dest=3D"monitor_ty= pe", help=3Df"Available options: {', '.join(Mon= itor.monitor_types.keys())}") @@ -43,7 +43,9 @@ if __name__ =3D=3D '__main__': if params.subcmd =3D=3D "monitor": print("Opening and parsing the specification file %s" % params= .spec) if params.monitor_class =3D=3D "da": - monitor =3D dot2k(params.spec, params.monitor_type, vars(p= arams)) + monitor =3D da2k(params.spec, params.monitor_type, vars(pa= rams)) + elif params.monitor_class =3D=3D "ha": + monitor =3D ha2k(params.spec, params.monitor_type, vars(pa= rams)) elif params.monitor_class =3D=3D "ltl": monitor =3D ltl2k(params.spec, params.monitor_type, vars(p= arams)) else: diff --git a/tools/verification/rvgen/rvgen/automata.py b/tools/verificatio= n/rvgen/rvgen/automata.py index 977ba859c34e..252c9960ee1c 100644 --- a/tools/verification/rvgen/rvgen/automata.py +++ b/tools/verification/rvgen/rvgen/automata.py @@ -9,24 +9,63 @@ # Documentation/trace/rv/deterministic_automata.rst =20 import ntpath +import re +from typing import Iterator + +class _ConstraintKey: + """Base class for constraint keys.""" + +class _StateConstraintKey(_ConstraintKey, int): + """Key for a state constraint. Under the hood just state_id.""" + def __new__(cls, state_id: int): + return super().__new__(cls, state_id) + +class _EventConstraintKey(_ConstraintKey, tuple): + """Key for an event constraint. Under the hood just tuple(state_id,eve= nt_id).""" + def __new__(cls, state_id: int, event_id: int): + return super().__new__(cls, (state_id, event_id)) =20 class Automata: """Automata class: Reads a dot file and part it as an automata. =20 + It supports both deterministic and hybrid automata. + Attributes: dot_file: A dot file with an state_automaton definition. """ =20 invalid_state_str =3D "INVALID_STATE" + # val can be numerical, uppercase (constant or macro), lowercase (para= meter or function) + # only numerical values should have units + constraint_rule =3D re.compile(r""" + ^ + (?P[a-zA-Z_][a-zA-Z0-9_]+) # C-like identifier for the env v= ar + (?P[!<=3D>]{1,2}) # operator + (?P + [0-9]+ | # numerical value + [A-Z_]+\(\) | # macro + [A-Z_]+ | # constant + [a-z_]+\(\) | # function + [a-z_]+ # parameter + ) + (?P[a-z]{1,2})? # optional unit for numerical val= ues + """, re.VERBOSE) + constraint_reset =3D re.compile(r"^reset\((?P[a-zA-Z_][a-zA-Z0-9_= ]+)\)") =20 def __init__(self, file_path, model_name=3DNone): self.__dot_path =3D file_path self.name =3D model_name or self.__get_model_name() self.__dot_lines =3D self.__open_dot() self.states, self.initial_state, self.final_states =3D self.__get_= state_variables() - self.events =3D self.__get_event_variables() - self.function =3D self.__create_matrix() + self.env_types =3D {} + self.env_stored =3D set() + self.constraint_vars =3D set() + self.self_loop_reset_events =3D set() + self.events, self.envs =3D self.__get_event_variables() + self.function, self.constraints =3D self.__create_matrix() self.events_start, self.events_start_run =3D self.__store_init_eve= nts() + self.env_stored =3D sorted(self.env_stored) + self.constraint_vars =3D sorted(self.constraint_vars) =20 def __get_model_name(self) -> str: basename =3D ntpath.basename(self.__dot_path) @@ -116,11 +155,12 @@ class Automata: =20 return states, initial_state, final_states =20 - def __get_event_variables(self) -> list[str]: + def __get_event_variables(self) -> tuple[list[str], list[str]]: # here we are at the begin of transitions, take a note, we will re= turn later. cursor =3D self.__get_cursor_begin_events() =20 events =3D [] + envs =3D [] while self.__dot_lines[cursor].lstrip()[0] =3D=3D '"': # transitions have the format: # "all_fired" -> "both_fired" [ label =3D "disable_irq" ]; @@ -134,12 +174,74 @@ class Automata: # so split them. =20 for i in event.split("\\n"): - events.append(i) + # if the event contains a constraint (hybrid automata), + # it will be separated by a ";": + # "sched_switch;x<1000;reset(x)" + ev, *constr =3D i.split(";") + if constr: + if len(constr) > 2: + raise ValueError("Only 1 constraint and 1 rese= t are supported") + envs +=3D self.__extract_env_var(constr) + events.append(ev) + else: + # state labels have the format: + # "enable_fired" [label =3D "enable_fired\ncondition"]; + # ----- label is here -----^^^^^ + # label and node name must be the same, condition is optio= nal + state =3D self.__dot_lines[cursor].split("label")[1].split= ('"')[1] + _, *constr =3D state.split("\\n") + if constr: + if len(constr) > 1: + raise ValueError("Only 1 constraint is supported i= n the state") + envs +=3D self.__extract_env_var([constr[0].replace(" = ", "")]) cursor +=3D 1 =20 - return sorted(set(events)) - - def __create_matrix(self) -> list[list[str]]: + return sorted(set(events)), sorted(set(envs)) + + def _split_constraint_expr(self, constr: list[str]) -> Iterator[tuple[= str, + = str | None]]: + """ + Get a list of strings of the type constr1 && constr2 and returns a= list of + constraints and separators: [[constr1,"&&"],[constr2,None]] + """ + exprs =3D [] + seps =3D [] + for c in constr: + while "&&" in c or "||" in c: + a =3D c.find("&&") + o =3D c.find("||") + pos =3D a if o < 0 or 0 < a < o else o + exprs.append(c[:pos].replace(" ", "")) + seps.append(c[pos:pos+2].replace(" ", "")) + c =3D c[pos+2:].replace(" ", "") + exprs.append(c) + seps.append(None) + return zip(exprs, seps) + + def __extract_env_var(self, constraint: list[str]) -> list[str]: + env =3D [] + for c, _ in self._split_constraint_expr(constraint): + rule =3D self.constraint_rule.search(c) + reset =3D self.constraint_reset.search(c) + if rule: + env.append(rule["env"]) + if rule.groupdict().get("unit"): + self.env_types[rule["env"]] =3D rule["unit"] + if rule["val"][0].isalpha(): + self.constraint_vars.add(rule["val"]) + # try to infer unit from constants or parameters + val_for_unit =3D rule["val"].lower().replace("()", "") + if val_for_unit.endswith("_ns"): + self.env_types[rule["env"]] =3D "ns" + if val_for_unit.endswith("_jiffies"): + self.env_types[rule["env"]] =3D "j" + if reset: + env.append(reset["env"]) + # environment variables that are reset need a storage + self.env_stored.add(reset["env"]) + return env + + def __create_matrix(self) -> tuple[list[list[str]], dict[_ConstraintKe= y, list[str]]]: # transform the array into a dictionary events =3D self.events states =3D self.states @@ -157,6 +259,7 @@ class Automata: =20 # declare the matrix.... matrix =3D [[ self.invalid_state_str for x in range(nr_event)] for= y in range(nr_state)] + constraints: dict[_ConstraintKey, list[str]] =3D {} =20 # and we are back! Let's fill the matrix cursor =3D self.__get_cursor_begin_events() @@ -168,10 +271,22 @@ class Automata: dest_state =3D line[2].replace('"','').replace(',','_') possible_events =3D "".join(line[line.index("label")+2:-1]= ).replace('"','') for event in possible_events.split("\\n"): + event, *constr =3D event.split(";") + if constr: + key =3D _EventConstraintKey(states_dict[origin_sta= te], events_dict[event]) + constraints[key] =3D constr + # those events reset also on self loops + if origin_state =3D=3D dest_state and "reset" in "= ".join(constr): + self.self_loop_reset_events.add(event) matrix[states_dict[origin_state]][events_dict[event]] = =3D dest_state + else: + state =3D self.__dot_lines[cursor].split("label")[1].split= ('"')[1] + state, *constr =3D state.replace(" ", "").split("\\n") + if constr: + constraints[_StateConstraintKey(states_dict[state])] = =3D constr cursor +=3D 1 =20 - return matrix + return matrix, constraints =20 def __store_init_events(self) -> tuple[list[bool], list[bool]]: events_start =3D [False] * len(self.events) @@ -203,3 +318,13 @@ class Automata: if any(self.events_start): return False return self.events_start_run[self.events.index(event)] + + def is_hybrid_automata(self) -> bool: + return bool(self.envs) + + def is_event_constraint(self, key: _ConstraintKey) -> bool: + """ + Given the key in self.constraints return true if it is an event + constraint, false if it is a state constraint + """ + return isinstance(key, _EventConstraintKey) diff --git a/tools/verification/rvgen/rvgen/dot2c.py b/tools/verification/r= vgen/rvgen/dot2c.py index 06a26bf15a7e..7f2efcfe3e52 100644 --- a/tools/verification/rvgen/rvgen/dot2c.py +++ b/tools/verification/rvgen/rvgen/dot2c.py @@ -19,6 +19,7 @@ class Dot2c(Automata): enum_suffix =3D "" enum_states_def =3D "states" enum_events_def =3D "events" + enum_envs_def =3D "envs" struct_automaton_def =3D "automaton" var_automaton_def =3D "aut" =20 @@ -61,6 +62,39 @@ class Dot2c(Automata): =20 return buff =20 + def __get_non_stored_envs(self) -> list[str]: + return [ e for e in self.envs if e not in self.env_stored ] + + def __get_enum_envs_content(self) -> list[str]: + buff =3D [] + # We first place env variables that have a u64 storage. + # Those are limited by MAX_HA_ENV_LEN, other variables + # are read only and don't require a storage. + unstored =3D self.__get_non_stored_envs() + for env in list(self.env_stored) + unstored: + buff.append("\t%s%s," % (env, self.enum_suffix)) + + buff.append("\tenv_max%s," % self.enum_suffix) + buff.append("\tenv_max_stored%s =3D %s%s," % + (self.enum_suffix, + unstored[0] if len(unstored) else "env_max", + self.enum_suffix)) + + return buff + + def format_envs_enum(self) -> list[str]: + buff =3D [] + if self.is_hybrid_automata(): + buff.append("enum %s {" % self.enum_envs_def) + buff +=3D self.__get_enum_envs_content() + buff.append("};\n") + buff.append('_Static_assert(env_max_stored%s <=3D MAX_HA_ENV_L= EN, "Not enough slots");' % + (self.enum_suffix)) + if {"ns", "us", "ms", "s"}.intersection(self.env_types.values(= )): + buff.append("#define HA_CLK_NS") + buff.append("") + return buff + def get_minimun_type(self) -> str: min_type =3D "unsigned char" =20 @@ -81,6 +115,8 @@ class Dot2c(Automata): buff.append("struct %s {" % self.struct_automaton_def) buff.append("\tchar *state_names[state_max%s];" % (self.enum_suffi= x)) buff.append("\tchar *event_names[event_max%s];" % (self.enum_suffi= x)) + if self.is_hybrid_automata(): + buff.append("\tchar *env_names[env_max%s];" % (self.enum_suffi= x)) buff.append("\t%s function[state_max%s][event_max%s];" % (min_type= , self.enum_suffix, self.enum_suffix)) buff.append("\t%s initial_state;" % min_type) buff.append("\tbool final_states[state_max%s];" % (self.enum_suffi= x)) @@ -113,6 +149,17 @@ class Dot2c(Automata): =20 return buff =20 + def format_aut_init_envs_string(self) -> list[str]: + buff =3D [] + if self.is_hybrid_automata(): + buff.append("\t.env_names =3D {") + # maintain consistent order with the enum + ordered_envs =3D list(self.env_stored) + self.__get_non_stored= _envs() + buff.append(self.__get_string_vector_per_line_content(ordered_= envs)) + buff.append("\t},") + + return buff + def __get_max_strlen_of_states(self) -> int: max_state_name =3D max(self.states, key =3D len).__len__() return max(max_state_name, self.invalid_state_str.__len__()) @@ -205,10 +252,12 @@ class Dot2c(Automata): buff +=3D self.format_states_enum() buff +=3D self.format_invalid_state() buff +=3D self.format_events_enum() + buff +=3D self.format_envs_enum() buff +=3D self.format_automaton_definition() buff +=3D self.format_aut_init_header() buff +=3D self.format_aut_init_states_string() buff +=3D self.format_aut_init_events_string() + buff +=3D self.format_aut_init_envs_string() buff +=3D self.format_aut_init_function() buff +=3D self.format_aut_init_initial_state() buff +=3D self.format_aut_init_final_states() diff --git a/tools/verification/rvgen/rvgen/dot2k.py b/tools/verification/r= vgen/rvgen/dot2k.py index 6128fe238430..e72369ec1ad7 100644 --- a/tools/verification/rvgen/rvgen/dot2k.py +++ b/tools/verification/rvgen/rvgen/dot2k.py @@ -8,8 +8,10 @@ # For further information, see: # Documentation/trace/rv/da_monitor_synthesis.rst =20 +from collections import deque from .dot2c import Dot2c from .generator import Monitor +from .automata import _EventConstraintKey, _StateConstraintKey =20 =20 class dot2k(Monitor, Dot2c): @@ -20,12 +22,16 @@ class dot2k(Monitor, Dot2c): Monitor.__init__(self, extra_params) Dot2c.__init__(self, file_path, extra_params.get("model_name")) self.enum_suffix =3D "_%s" % self.name + self.monitor_class =3D extra_params["monitor_class"] =20 def fill_monitor_type(self) -> str: - return self.monitor_type.upper() + buff =3D [ self.monitor_type.upper() ] + buff +=3D self._fill_timer_type() + return "\n".join(buff) =20 def fill_tracepoint_handlers_skel(self) -> str: buff =3D [] + buff +=3D self._fill_hybrid_definitions() for event in self.events: buff.append("static void handle_%s(void *data, /* XXX: fill he= ader */)" % event) buff.append("{") @@ -77,6 +83,7 @@ class dot2k(Monitor, Dot2c): # self.enum_states_def =3D "states_%s" % self.name self.enum_events_def =3D "events_%s" % self.name + self.enum_envs_def =3D "envs_%s" % self.name self.struct_automaton_def =3D "automaton_%s" % self.name self.var_automaton_def =3D "automaton_%s" % self.name =20 @@ -107,8 +114,14 @@ class dot2k(Monitor, Dot2c): ("char *", "state"), ("char *", "event"), ] + tp_args_error_env =3D tp_args_error + [("char *", "env")] + tp_args_dict =3D { + "event": tp_args_event, + "error": tp_args_error, + "error_env": tp_args_error_env + } tp_args_id =3D ("int ", "id") - tp_args =3D tp_args_event if tp_type =3D=3D "event" else tp_args_e= rror + tp_args =3D tp_args_dict[tp_type] if self.monitor_type =3D=3D "per_task": tp_args.insert(0, tp_args_id) tp_proto_c =3D ", ".join([a+b for a,b in tp_args]) @@ -117,6 +130,14 @@ class dot2k(Monitor, Dot2c): buff.append(" TP_ARGS(%s)" % tp_args_c) return '\n'.join(buff) =20 + def _fill_hybrid_definitions(self) -> list: + """Stub, not valid for deterministic automata""" + return [] + + def _fill_timer_type(self) -> list: + """Stub, not valid for deterministic automata""" + return [] + def fill_main_c(self) -> str: main_c =3D super().fill_main_c() =20 @@ -127,5 +148,453 @@ class dot2k(Monitor, Dot2c): main_c =3D main_c.replace("%%MIN_TYPE%%", min_type) main_c =3D main_c.replace("%%NR_EVENTS%%", str(nr_events)) main_c =3D main_c.replace("%%MONITOR_TYPE%%", monitor_type) + main_c =3D main_c.replace("%%MONITOR_CLASS%%", self.monitor_class) =20 return main_c + +class da2k(dot2k): + """Deterministic automata only""" + def __init__(self, *args, **kwargs): + super().__init__(*args, **kwargs) + if self.is_hybrid_automata(): + raise ValueError("Detected hybrid automata, use the 'ha' class= ") + +class ha2k(dot2k): + """Hybrid automata only""" + def __init__(self, *args, **kwargs): + super().__init__(*args, **kwargs) + if not self.is_hybrid_automata(): + raise ValueError("Detected deterministic automata, use the 'da= ' class") + self.trace_h =3D self._read_template_file("trace_hybrid.h") + self.__parse_constraints() + + def fill_monitor_class_type(self) -> str: + if self.monitor_type =3D=3D "per_task": + return "HA_MON_EVENTS_ID" + return "HA_MON_EVENTS_IMPLICIT" + + def fill_monitor_class(self) -> str: + """ + Used for tracepoint classes, since they are shared we keep da + instead of ha (also for the ha specific tracepoints). + The tracepoint class is not visible to the tools. + """ + return super().fill_monitor_class() + + def __adjust_value(self, value: str | int, unit: str | None) -> str: + """Adjust the value in ns""" + try: + value =3D int(value) + except ValueError: + # it's a constant, a parameter or a function + if value.endswith("()"): + return value.replace("()", "(ha_mon)") + return value + match unit: + case "us": + value *=3D 10**3 + case "ms": + value *=3D 10**6 + case "s": + value *=3D 10**9 + return str(value) + "ull" + + def __parse_single_constraint(self, rule: dict, value: str) -> str: + return "ha_get_env(ha_mon, %s%s, time_ns) %s %s" % ( + rule["env"], self.enum_suffix, rule["op"], value) + + def __get_constraint_env(self, constr: str) -> str: + """Extract the second argument from an ha_ function""" + env =3D constr.split("(")[1].split()[1].rstrip(")").rstrip(",") + assert env.rstrip(f"_{self.name}") in self.envs + return env + + def __start_to_invariant_check(self, constr:str) -> str: + # by default assume the timer has ns expiration + env =3D self.__get_constraint_env(constr) + clock_type =3D "ns" + if self.env_types.get(env.rstrip(f"_{self.name}")) =3D=3D "j": + clock_type =3D "jiffy" + + return "return ha_check_invariant_%s(ha_mon, %s, time_ns)" % (cloc= k_type, env) + + def __start_to_conv(self, constr: str) -> str: + """ + Undo the storage conversion done by ha_start_timer_ + """ + return "ha_inv_to_guard" + constr[constr.find("("):] + + def __parse_timer_constraint(self, rule: dict, value: str) -> str: + # by default assume the timer has ns expiration + clock_type =3D "ns" + if self.env_types.get(rule["env"]) =3D=3D "j": + clock_type =3D "jiffy" + + return "ha_start_timer_%s(ha_mon, %s%s, %s, time_ns)" % (clock_typ= e, rule["env"], + self.enum= _suffix, value) + + def __format_guard_rules(self, rules: list[str]) -> list[str]: + """ + Merge guard constraints as a single C return statement. + If the rules include a stored env, also check its validity. + Break lines in a best effort way that tries to keep readability. + """ + if not rules: + return [] + + invalid_checks =3D [f"ha_monitor_env_invalid(ha_mon, {env}{self.en= um_suffix}) ||" + for env in self.env_stored if any(env in rule for= rule in rules)] + if invalid_checks and len(rules) > 1: + rules[0] =3D "(" + rules[0] + rules[-1] =3D rules[-1] + ")" + rules =3D invalid_checks + rules + + separator =3D "\n\t\t " if sum(len(r) for r in rules) > 80 el= se " " + return ["res =3D " + separator.join(rules)] + + def __validate_constraint(self, key: tuple[int, int] | int, constr: st= r, + rule, reset) -> None: + # event constrains are tuples and allow both rules and reset + # state constraints are only used for expirations (e.g. clk None: + self.guards: dict[_EventConstraintKey, str] =3D {} + self.invariants: dict[_StateConstraintKey, str] =3D {} + for key, constraint in self.constraints.items(): + rules =3D [] + resets =3D [] + for c, sep in self._split_constraint_expr(constraint): + rule =3D self.constraint_rule.search(c) + reset =3D self.constraint_reset.search(c) + self.__validate_constraint(key, c, rule, reset) + if rule: + value =3D rule["val"] + value_len =3D len(rule["val"]) + unit =3D None + if rule.groupdict().get("unit"): + value_len +=3D len(rule["unit"]) + unit =3D rule["unit"] + c =3D c[:-(value_len)] + value =3D self.__adjust_value(value, unit) + if self.is_event_constraint(key): + c =3D self.__parse_single_constraint(rule, value) + if sep: + c +=3D f" {sep}" + else: + c =3D self.__parse_timer_constraint(rule, value) + rules.append(c) + if reset: + c =3D "ha_reset_env(ha_mon, %s%s, time_ns)" % (reset["= env"], + self.enum= _suffix) + resets.append(c) + if self.is_event_constraint(key): + res =3D self.__format_guard_rules(rules) + resets + self.guards[key] =3D ";".join(res) + else: + self.invariants[key] =3D rules[0] + + def __fill_verify_invariants_func(self) -> list[str]: + buff =3D [] + if not self.invariants: + return [] + + buff.append( +"""static inline bool ha_verify_invariants(struct ha_monitor *ha_mon, +\t\t\t\t\tenum %s curr_state, enum %s event, +\t\t\t\t\tenum %s next_state, u64 time_ns) +{""" % (self.enum_states_def, self.enum_events_def, self.enum_states_def)) + + _else =3D "" + for state, constr in self.invariants.items(): + check_str =3D self.__start_to_invariant_check(constr) + buff.append("\t%sif (curr_state =3D=3D %s%s)" % + (_else, self.states[state], self.enum_suffix)) + buff.append("\t\t%s;" % check_str) + _else =3D "else " + + buff.append("\treturn true;\n}\n") + return buff + + def __fill_convert_inv_guard_func(self) -> list[str]: + buff =3D [] + if not self.invariants: + return [] + + conflict_guards, conflict_invs =3D self.__find_inv_conflicts() + if not conflict_guards and not conflict_invs: + return [] + + buff.append( +"""static inline void ha_convert_inv_guard(struct ha_monitor *ha_mon, +\t\t\t\t\tenum %s curr_state, enum %s event, +\t\t\t\t\tenum %s next_state, u64 time_ns) +{""" % (self.enum_states_def, self.enum_events_def, self.enum_states_def)) + buff.append("\tif (curr_state =3D=3D next_state)\n\t\treturn;") + + _else =3D "" + for state, constr in self.invariants.items(): + # a state with invariant can reach us without reset + # multiple conflicts must have the same invariant, otherwise w= e cannot + # know how to reset the value + conf_i =3D [start for start, end in conflict_invs if end =3D= =3D state] + # we can reach a guard without reset + conf_g =3D [e for s, e in conflict_guards if s =3D=3D state] + if not conf_i and not conf_g: + continue + buff.append("\t%sif (curr_state =3D=3D %s%s)" % + (_else, self.states[state], self.enum_suffix)) + buff.append("\t\t%s;" % self.__start_to_conv(constr)) + _else =3D "else " + + buff.append("}\n") + return buff + + def __fill_verify_guards_func(self) -> list[str]: + buff =3D [] + if not self.guards: + return [] + + buff.append( +"""static inline bool ha_verify_guards(struct ha_monitor *ha_mon, +\t\t\t\t enum %s curr_state, enum %s event, +\t\t\t\t enum %s next_state, u64 time_ns) +{ +\tbool res =3D true; +""" % (self.enum_states_def, self.enum_events_def, self.enum_states_def)) + + _else =3D "" + for edge, constr in self.guards.items(): + buff.append("\t%sif (curr_state =3D=3D %s%s && event =3D=3D %s= %s)" % + (_else, self.states[edge[0]], self.enum_suffix, + self.events[edge[1]], self.enum_suffix)) + if constr.count(";") > 0: + buff[-1] +=3D " {" + buff +=3D [ "\t\t%s;" % c for c in constr.split(";") ] + if constr.count(";") > 0: + _else =3D "} else " + else: + _else =3D "else " + if _else[0] =3D=3D "}": + buff.append("\t}") + buff.append("\treturn res;\n}\n") + return buff + + def __find_inv_conflicts(self) -> tuple[set[tuple[int, _EventConstrain= tKey]], + set[tuple[int, _StateConstrain= tKey]]]: + """ + Run a breadth first search from all states with an invariant. + Find any conflicting constraints reachable from there, this can be + another state with an invariant or an edge with a non-reset guard. + Stop when we find a reset. + + Return the set of conflicting guards and invariants as tuples of + conflicting state and constraint key. + """ + conflict_guards : set[tuple[int, _EventConstraintKey]] =3D set() + conflict_invs : set[tuple[int, _StateConstraintKey]] =3D set() + for start_idx in self.invariants: + queue =3D deque([(start_idx, 0)]) # (state_idx, distance) + env =3D self.__get_constraint_env(self.invariants[start_idx]) + + while queue: + curr_idx, distance =3D queue.popleft() + + # Check state condition + if curr_idx !=3D start_idx and curr_idx in self.invariants: + conflict_invs.add((start_idx, _StateConstraintKey(curr= _idx))) + continue + + # Check if we should stop + if distance > len(self.states): + break + if curr_idx !=3D start_idx and distance > 1: + continue + + for event_idx, next_state_name in enumerate(self.function[= curr_idx]): + if next_state_name =3D=3D self.invalid_state_str: + continue + curr_guard =3D self.guards.get((curr_idx, event_idx), = "") + if "reset" in curr_guard and env in curr_guard: + continue + + if env in curr_guard: + conflict_guards.add((start_idx, + _EventConstraintKey(curr_idx,= event_idx))) + continue + + next_idx =3D self.states.index(next_state_name) + queue.append((next_idx, distance + 1)) + + return conflict_guards, conflict_invs + + def __fill_setup_invariants_func(self) -> list[str]: + buff =3D [] + if not self.invariants: + return [] + + buff.append( +"""static inline void ha_setup_invariants(struct ha_monitor *ha_mon, +\t\t\t\t enum %s curr_state, enum %s event, +\t\t\t\t enum %s next_state, u64 time_ns) +{""" % (self.enum_states_def, self.enum_events_def, self.enum_states_def)) + + conditions =3D ["next_state =3D=3D curr_state"] + conditions +=3D ["event !=3D %s%s" % (e, self.enum_suffix) + for e in self.self_loop_reset_events] + condition_str =3D " && ".join(conditions) + buff.append(f"\tif ({condition_str})\n\t\treturn;") + + _else =3D "" + for state, constr in self.invariants.items(): + buff.append("\t%sif (next_state =3D=3D %s%s)" % + (_else, self.states[state], self.enum_suffix)) + buff.append("\t\t%s;" % constr) + _else =3D "else " + + for state in self.invariants: + buff.append("\telse if (curr_state =3D=3D %s%s)" % + (self.states[state], self.enum_suffix)) + buff.append("\t\tha_cancel_timer(ha_mon);") + + buff.append("}\n") + return buff + + def __fill_constr_func(self) -> list[str]: + buff =3D [] + if not self.constraints: + return [] + + buff.append( +"""/* + * These functions are used to validate state transitions. + * + * They are generated by parsing the model, there is usually no need to ch= ange them. + * If the monitor requires a timer, there are functions responsible to arm= it when + * the next state has a constraint, cancel it in any other case and to che= ck + * that it didn't expire before the callback run. Transitions to the same = state + * without a reset never affect timers. + * Due to the different representations between invariants and guards, the= re is + * a function to convert it in case invariants or guards are reachable from + * another invariant without reset. Those are not present if not required = in + * the model. This is all automatic but is worth checking because it may s= how + * errors in the model (e.g. missing resets). + */""") + + buff +=3D self.__fill_verify_invariants_func() + inv_conflicts =3D self.__fill_convert_inv_guard_func() + buff +=3D inv_conflicts + buff +=3D self.__fill_verify_guards_func() + buff +=3D self.__fill_setup_invariants_func() + + buff.append( +"""static bool ha_verify_constraint(struct ha_monitor *ha_mon, +\t\t\t\t enum %s curr_state, enum %s event, +\t\t\t\t enum %s next_state, u64 time_ns) +{""" % (self.enum_states_def, self.enum_events_def, self.enum_states_def)) + + if self.invariants: + buff.append("\tif (!ha_verify_invariants(ha_mon, curr_state, e= vent, next_state, time_ns))\n\t\treturn false;\n") + if inv_conflicts: + buff.append("\tha_convert_inv_guard(ha_mon, curr_state, event,= next_state, time_ns);\n") + + if self.guards: + buff.append("\tif (!ha_verify_guards(ha_mon, curr_state, event= , next_state, time_ns))\n\t\treturn false;\n") + + if self.invariants: + buff.append("\tha_setup_invariants(ha_mon, curr_state, event, = next_state, time_ns);\n") + + buff.append("\treturn true;\n}\n") + return buff + + def __fill_env_getter(self, env: str) -> str: + if env in self.env_types: + match self.env_types[env]: + case "ns" | "us" | "ms" | "s": + return "ha_get_clk_ns(ha_mon, env, time_ns);" + case "j": + return "ha_get_clk_jiffy(ha_mon, env);" + return "/* XXX: how do I read %s? */" % env + + def __fill_env_resetter(self, env: str) -> str: + if env in self.env_types: + match self.env_types[env]: + case "ns" | "us" | "ms" | "s": + return "ha_reset_clk_ns(ha_mon, env, time_ns);" + case "j": + return "ha_reset_clk_jiffy(ha_mon, env);" + return "/* XXX: how do I reset %s? */" % env + + def __fill_hybrid_get_reset_functions(self) -> list[str]: + buff =3D [] + if self.is_hybrid_automata(): + for var in self.constraint_vars: + if var.endswith("()"): + func_name =3D var.replace("()", "") + if func_name.isupper(): + buff.append("#define %s(ha_mon) /* XXX: what is %s= (ha_mon)? */\n" % (func_name, func_name)) + else: + buff.append("static inline u64 %s(struct ha_monito= r *ha_mon)\n{" % func_name) + buff.append("\treturn /* XXX: what is %s(ha_mon)? = */;" % func_name) + buff.append("}\n") + elif var.isupper(): + buff.append("#define %s /* XXX: what is %s? */\n" % (v= ar, var)) + else: + buff.append("static u64 %s =3D /* XXX: default value *= /;" % var) + buff.append("module_param(%s, ullong, 0644);\n" % var) + buff.append("""/* + * These functions define how to read and reset the environment variable. + * + * Common environment variables like ns-based and jiffy-based clocks have + * pre-define getters and resetters you can use. The parser can infer the = type + * of the environment variable if you supply a measure unit in the constra= int. + * If you define your own functions, make sure to add appropriate memory + * barriers if required. + * Some environment variables don't require a storage as they read a system + * state (e.g. preemption count). Those variables are never reset, so we d= on't + * define a reset function on monitors only relying on this type of variab= les. + */""") + buff.append("static u64 ha_get_env(struct ha_monitor *ha_mon, = enum envs%s env, u64 time_ns)\n{" % self.enum_suffix) + _else =3D "" + for env in self.envs: + buff.append("\t%sif (env =3D=3D %s%s)\n\t\treturn %s" % + (_else, env, self.enum_suffix, self.__fill_env= _getter(env))) + _else =3D "else " + buff.append("\treturn ENV_INVALID_VALUE;\n}\n") + if len(self.env_stored): + buff.append("static void ha_reset_env(struct ha_monitor *h= a_mon, enum envs%s env, u64 time_ns)\n{" % self.enum_suffix) + _else =3D "" + for env in self.env_stored: + buff.append("\t%sif (env =3D=3D %s%s)\n\t\t%s" % + (_else, env, self.enum_suffix, self.__fill= _env_resetter(env))) + _else =3D "else " + buff.append("}\n") + return buff + + def _fill_hybrid_definitions(self) -> list[str]: + return self.__fill_hybrid_get_reset_functions() + self.__fill_cons= tr_func() + + def _fill_timer_type(self) -> list: + if self.invariants: + return [ + "/* XXX: If the monitor has several instances, conside= r HA_TIMER_WHEEL */", + "#define HA_TIMER_TYPE HA_TIMER_HRTIMER" + ] + return [] diff --git a/tools/verification/rvgen/rvgen/generator.py b/tools/verificati= on/rvgen/rvgen/generator.py index 3441385c1177..b80af3fd6701 100644 --- a/tools/verification/rvgen/rvgen/generator.py +++ b/tools/verification/rvgen/rvgen/generator.py @@ -255,12 +255,14 @@ class Monitor(RVGenerator): monitor_class_type =3D self.fill_monitor_class_type() tracepoint_args_skel_event =3D self.fill_tracepoint_args_skel("eve= nt") tracepoint_args_skel_error =3D self.fill_tracepoint_args_skel("err= or") + tracepoint_args_skel_error_env =3D self.fill_tracepoint_args_skel(= "error_env") trace_h =3D trace_h.replace("%%MODEL_NAME%%", self.name) trace_h =3D trace_h.replace("%%MODEL_NAME_UP%%", self.name.upper()) trace_h =3D trace_h.replace("%%MONITOR_CLASS%%", monitor_class) trace_h =3D trace_h.replace("%%MONITOR_CLASS_TYPE%%", monitor_clas= s_type) trace_h =3D trace_h.replace("%%TRACEPOINT_ARGS_SKEL_EVENT%%", trac= epoint_args_skel_event) trace_h =3D trace_h.replace("%%TRACEPOINT_ARGS_SKEL_ERROR%%", trac= epoint_args_skel_error) + trace_h =3D trace_h.replace("%%TRACEPOINT_ARGS_SKEL_ERROR_ENV%%", = tracepoint_args_skel_error_env) return trace_h =20 def print_files(self): diff --git a/tools/verification/rvgen/rvgen/templates/dot2k/main.c b/tools/= verification/rvgen/rvgen/templates/dot2k/main.c index a14e4f0883db..bf0999f6657a 100644 --- a/tools/verification/rvgen/rvgen/templates/dot2k/main.c +++ b/tools/verification/rvgen/rvgen/templates/dot2k/main.c @@ -21,7 +21,7 @@ */ #define RV_MON_TYPE RV_MON_%%MONITOR_TYPE%% #include "%%MODEL_NAME%%.h" -#include +#include =20 /* * This is the instrumentation part of the monitor. diff --git a/tools/verification/rvgen/rvgen/templates/dot2k/trace_hybrid.h = b/tools/verification/rvgen/rvgen/templates/dot2k/trace_hybrid.h new file mode 100644 index 000000000000..c8290e9ba2f4 --- /dev/null +++ b/tools/verification/rvgen/rvgen/templates/dot2k/trace_hybrid.h @@ -0,0 +1,16 @@ +/* SPDX-License-Identifier: GPL-2.0 */ + +/* + * Snippet to be included in rv_trace.h + */ + +#ifdef CONFIG_RV_MON_%%MODEL_NAME_UP%% +DEFINE_EVENT(event_%%MONITOR_CLASS%%, event_%%MODEL_NAME%%, +%%TRACEPOINT_ARGS_SKEL_EVENT%%); + +DEFINE_EVENT(error_%%MONITOR_CLASS%%, error_%%MODEL_NAME%%, +%%TRACEPOINT_ARGS_SKEL_ERROR%%); + +DEFINE_EVENT(error_env_%%MONITOR_CLASS%%, error_env_%%MODEL_NAME%%, +%%TRACEPOINT_ARGS_SKEL_ERROR_ENV%%); +#endif /* CONFIG_RV_MON_%%MODEL_NAME_UP%% */ --=20 2.52.0 From nobody Fri Dec 19 07:17:15 2025 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 41CCC32F756 for ; Fri, 5 Dec 2025 13:17:08 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.129.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1764940634; cv=none; b=nn+t4hbv4atlTmSOyBFrHATmXr8t0X9rCl1TwwmQz8FFDNzoTnBN0FAJdCO6l8VjhucNwweBP8v2bUrG0WHzGcgW/88BKIw3/2X8WiruRVQqH+UCWLZtcNhkVLkdAH+dUFPSM5mVCEI5xuLaL2skSNk4AsJOt1+FlNrgv8HlQVA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1764940634; c=relaxed/simple; bh=c88/gAeDB8w81i1lCimBOwsvdZv1Gg+9eaLprwh3c3Y=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=hXsbZOVtej3DSLdnsWYty8iwoojOssu1130CpgGJOIcphh+a7fR4z/ogMefwXweP+0sDZYZaIWPUTOtyPC4LZ+iEVRuXliZAwq/v3DZ3q7FQNofZ22QOFawV4/ndpEKMtOg0z9O1wclKA8KCp0MOIENQJoxj1gYVBSz/A/gx6oQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=fIU/hWKm; arc=none smtp.client-ip=170.10.129.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="fIU/hWKm" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1764940627; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=APd3+ei4krlT0Gz5Dc+j1rM3x9oyK3e8Ns0QtiOShZQ=; b=fIU/hWKmyhKMCjbXFafRymKH2jIl+f/EMbJnJRM+P5g8o59TxIGSOfJOxeBKlqdOj5+RMT ZJg+LnJRaQNElPP32yXKSa1LYdvaHbLqheY2BAa+s7g7RpAfI/7C/4OTGSGhKJ7hQI68Ht 9TL6wTrifRfZdqlZYKx7MOpk1EWy10U= Received: from mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com (ec2-35-165-154-97.us-west-2.compute.amazonaws.com [35.165.154.97]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-237-rnBtK6D-MZKJav0DinuqJg-1; Fri, 05 Dec 2025 08:17:04 -0500 X-MC-Unique: rnBtK6D-MZKJav0DinuqJg-1 X-Mimecast-MFC-AGG-ID: rnBtK6D-MZKJav0DinuqJg_1764940623 Received: from mx-prod-int-08.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-08.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.111]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id EFA21180060D; Fri, 5 Dec 2025 13:17:02 +0000 (UTC) Received: from gmonaco-thinkpadt14gen3.rmtit.csb (unknown [10.45.226.23]) by mx-prod-int-08.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id A85EC180044F; Fri, 5 Dec 2025 13:16:57 +0000 (UTC) From: Gabriele Monaco To: linux-kernel@vger.kernel.org, Steven Rostedt , Nam Cao , Gabriele Monaco , Jonathan Corbet , linux-trace-kernel@vger.kernel.org, linux-doc@vger.kernel.org Cc: Tomas Glozar , Juri Lelli , Clark Williams , John Kacur Subject: [PATCH v3 05/13] Documentation/rv: Add documentation about hybrid automata Date: Fri, 5 Dec 2025 14:16:13 +0100 Message-ID: <20251205131621.135513-6-gmonaco@redhat.com> In-Reply-To: <20251205131621.135513-1-gmonaco@redhat.com> References: <20251205131621.135513-1-gmonaco@redhat.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.111 Content-Type: text/plain; charset="utf-8" Describe theory and implementation of hybrid automata in the dedicated page hybrid_automata.rst Include a section on how to integrate a hybrid automaton in monitor_synthesis.rst Also remove a hanging $ in deterministic_automata.rst Signed-off-by: Gabriele Monaco --- Notes: V3: * Improve documentation clarity after review .../trace/rv/deterministic_automata.rst | 2 +- Documentation/trace/rv/hybrid_automata.rst | 341 ++++++++++++++++++ Documentation/trace/rv/index.rst | 1 + Documentation/trace/rv/monitor_synthesis.rst | 117 +++++- 4 files changed, 458 insertions(+), 3 deletions(-) create mode 100644 Documentation/trace/rv/hybrid_automata.rst diff --git a/Documentation/trace/rv/deterministic_automata.rst b/Documentat= ion/trace/rv/deterministic_automata.rst index d0638f95a455..7a1c2b20ec72 100644 --- a/Documentation/trace/rv/deterministic_automata.rst +++ b/Documentation/trace/rv/deterministic_automata.rst @@ -11,7 +11,7 @@ where: - *E* is the finite set of events; - x\ :subscript:`0` is the initial state; - X\ :subscript:`m` (subset of *X*) is the set of marked (or final) states. -- *f* : *X* x *E* -> *X* $ is the transition function. It defines the state +- *f* : *X* x *E* -> *X* is the transition function. It defines the state transition in the occurrence of an event from *E* in the state *X*. In t= he special case of deterministic automata, the occurrence of the event in *= E* in a state in *X* has a deterministic next state from *X*. diff --git a/Documentation/trace/rv/hybrid_automata.rst b/Documentation/tra= ce/rv/hybrid_automata.rst new file mode 100644 index 000000000000..39c037a71b89 --- /dev/null +++ b/Documentation/trace/rv/hybrid_automata.rst @@ -0,0 +1,341 @@ +Hybrid Automata +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D + +Hybrid automata are an extension of deterministic automata, there are seve= ral +definitions of hybrid automata in the literature. The adaptation implement= ed +here is formally denoted by G and defined as a 7-tuple: + + *G* =3D { *X*, *E*, *V*, *f*, x\ :subscript:`0`, X\ :subscript:`m`= , *i* } + +- *X* is the set of states; +- *E* is the finite set of events; +- *V* is the finite set of environment variables; +- x\ :subscript:`0` is the initial state; +- X\ :subscript:`m` (subset of *X*) is the set of marked (or final) states. +- *f* : *X* x *E* x *C(V)* -> *X* is the transition function. + It defines the state transition in the occurrence of an event from *E* i= n the + state *X*. Unlike deterministic automata, the transition function also + includes guards from the set of all possible constraints (defined as *C(= V)*). + Guards can be true or false with the valuation of *V* when the event occ= urs, + and the transition is possible only when constraints are true. Similarly= to + deterministic automata, the occurrence of the event in *E* in a state in= *X* + has a deterministic next state from *X*, if the guard is true. +- *i* : *X* -> *C'(V)* is the invariant assignment function, this is a + constraint assigned to each state in *X*, every state in *X* must be left + before the invariant turns to false. We can omit the representation of + invariants whose value is true regardless of the valuation of *V*. + +The set of all possible constraints *C(V)* is defined according to the +following grammar: + + g =3D v < c | v > c | v <=3D c | v >=3D c | v =3D=3D c | v !=3D c = | g && g | true + +With v a variable in *V* and c a numerical value. + +We define the special case of hybrid automata whose variables grow with un= iform +rates as timed automata. In this case, the variables are called clocks. +As the name implies, timed automata can be used to describe real time. +Additionally, clocks support another type of guard which always evaluates = to true: + + reset(v) + +The reset constraint is used to set the value of a clock to 0. + +The set of invariant constraints *C'(V)* is a subset of *C(V)* including o= nly +constraint of the form: + + g =3D v < c | true + +This simplifies the implementation as a clock expiration is a necessary and +sufficient condition for the violation of invariants while still allowing = more +complex constraints to be specified as guards. + +It is important to note that any hybrid automaton is a valid deterministic +automaton with additional guards and invariants. Those can only further +constrain what transitions are valid but it is not possible to define +transition functions starting from the same state in *X* and the same even= t in +*E* but ending up in different states in *X* based on the valuation of *V*. + +Examples +-------- + +Wip as hybrid automaton +~~~~~~~~~~~~~~~~~~~~~~~ + +The 'wip' (wakeup in preemptive) example introduced as a deterministic aut= omaton +can also be described as: + +- *X* =3D { ``any_thread_running`` } +- *E* =3D { ``sched_waking`` } +- *V* =3D { ``preemptive`` } +- x\ :subscript:`0` =3D ``any_thread_running`` +- X\ :subscript:`m` =3D {``any_thread_running``} +- *f* =3D + - *f*\ (``any_thread_running``, ``sched_waking``, ``preemptive=3D=3D0``= ) =3D ``any_thread_running`` +- *i* =3D + - *i*\ (``any_thread_running``) =3D ``true`` + +Which can be represented graphically as:: + + | + | + v + #=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D# sched_= waking;preemptive=3D=3D0 + H H ------------------------------+ + H any_thread_running H | + H H <-----------------------------+ + #=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D# + +In this example, by using the preemptive state of the system as an environ= ment +variable, we can assert this constraint on ``sched_waking`` without requir= ing +preemption events (as we would in a deterministic automaton), which can be +useful in case those events are not available or not reliable on the syste= m. + +Since all the invariants in *i* are true, we can omit them from the repres= entation. + +Stall model with guards (iteration 1) +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +As a sample timed automaton we can define 'stall' as: + +- *X* =3D { ``dequeued``, ``enqueued``, ``running``} +- *E* =3D { ``enqueue``, ``dequeue``, ``switch_in``} +- *V* =3D { ``clk`` } +- x\ :subscript:`0` =3D ``dequeue`` +- X\ :subscript:`m` =3D {``dequeue``} +- *f* =3D + - *f*\ (``enqueued``, ``switch_in``, ``clk < threshold``) =3D ``running= `` + - *f*\ (``running``, ``dequeue``) =3D ``dequeued`` + - *f*\ (``dequeued``, ``enqueue``, ``reset(clk)``) =3D ``enqueued`` +- *i* =3D *omitted as all true* + +Graphically represented as:: + + | + | + v + #=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D# + H dequeued H <+ + #=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D# | + | | + | enqueue; reset(clk) | + v | + +----------------------------+ | + | enqueued | | dequeue + +----------------------------+ | + | | + | switch_in; clk < threshold | + v | + +----------------------------+ | + | running | -+ + +----------------------------+ + +This model imposes that the time between when a task is enqueued (it becom= es +runnable) and when the task gets to run must be lower than a certain thres= hold. +A failure in this model means that the task is starving. +One problem in using guards on the edges in this case is that the model wi= ll +not report a failure until the ``switch_in`` event occurs. This means that, +according to the model, it is valid for the task never to run. + +Stall model with invariants (iteration 2) +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +The first iteration isn't exactly what was intended, we can change the mod= el as: + +- *X* =3D { ``dequeued``, ``enqueued``, ``running``} +- *E* =3D { ``enqueue``, ``dequeue``, ``switch_in``} +- *V* =3D { ``clk`` } +- x\ :subscript:`0` =3D ``dequeue`` +- X\ :subscript:`m` =3D {``dequeue``} +- *f* =3D + - *f*\ (``enqueued``, ``switch_in``) =3D ``running`` + - *f*\ (``running``, ``dequeue``) =3D ``dequeued`` + - *f*\ (``dequeued``, ``enqueue``, ``reset(clk)``) =3D ``enqueued`` +- *i* =3D + - *i*\ (``enqueued``) =3D ``clk < threshold`` + +Graphically:: + + | + | + v + #=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D# + H dequeued H <+ + #=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D# | + | | + | enqueue; reset(clk) | + v | + +-------------------------+ | + | enqueued | | + | clk < threshold | | dequeue + +-------------------------+ | + | | + | switch_in | + v | + +-------------------------+ | + | running | -+ + +-------------------------+ + +In this case, we moved the guard as an invariant to the ``enqueued`` state, +this means we not only forbid the occurrence of ``switch_in`` when ``clk``= is +past the threshold but also mark as invalid in case we are *still* in +``enqueued`` after the threshold. This model is effectively in an invalid = state +as soon as a task is starving, rather than when the starving task finally = runs. + +Hybrid Automaton in C +--------------------- + +The definition of hybrid automata in C is heavily based on the determinist= ic +automata one. Specifically, we add the set of environment variables and the +constraints (both guards on transitions and invariants on states) as follo= ws. +This is a combination of both iterations of the stall example:: + + /* enum representation of X (set of states) to be used as index */ + enum states { + dequeued, + enqueued, + running, + state_max, + }; + + #define INVALID_STATE state_max + + /* enum representation of E (set of events) to be used as index */ + enum events { + dequeue, + enqueue, + switch_in, + event_max, + }; + + /* enum representation of V (set of environment variables) to be used as= index */ + enum envs { + clk, + env_max, + env_max_stored =3D env_max, + }; + + struct automaton { + char *state_names[state_max]; // X: the set of states + char *event_names[event_max]; // E: the finite set of ev= ents + char *env_names[env_max]; // V: the finite set of en= v vars + unsigned char function[state_max][event_max]; // f: transition function + unsigned char initial_state; // x_0: the initial state + bool final_states[state_max]; // X_m: the set of marked = states + }; + + struct automaton aut =3D { + .state_names =3D { + "dequeued", + "enqueued", + "running", + }, + .event_names =3D { + "dequeue", + "enqueue", + "switch_in", + }, + .env_names =3D { + "clk", + }, + .function =3D { + { INVALID_STATE, enqueued, INVALID_STATE }, + { INVALID_STATE, INVALID_STATE, running }, + { dequeued, INVALID_STATE, INVALID_STATE }, + }, + .initial_state =3D dequeued, + .final_states =3D { 1, 0, 0 }, + }; + + static bool verify_constraint(enum states curr_state, enum events event, + enum states next_state) + { + bool res =3D true; + + /* Validate guards as part of f */ + if (curr_state =3D=3D enqueued && event =3D=3D sched_switch_in) + res =3D get_env(clk) < threshold; + else if (curr_state =3D=3D dequeued && event =3D=3D sched_wakeup) + reset_env(clk); + + /* Validate invariants in i */ + if (next_state =3D=3D curr_state || !res) + return res; + if (next_state =3D=3D enqueued) + ha_start_timer_jiffy(ha_mon, clk, threshold_jiffies); + else if (curr_state =3D=3D enqueued) + res =3D !ha_cancel_timer(ha_mon); + return res; + } + +The function ``verify_constraint``, here reported as simplified, checks gu= ards, +performs resets and starts timers to validate invariants according to +specification. +Due to the complex nature of environment variables, the user needs to prov= ide +functions to get and reset environment variables that are not common clocks +(e.g. clocks with ns or jiffy granularity). +Since invariants are only defined as clock expirations (e.g. *clk < +threshold*), reaching the expiration of a timer armed when entering the st= ate +is in fact a failure in the model and triggers a reaction. Leaving the sta= te +stops the timer. + +It is important to note that timers implemented with hrtimers introduce +overhead, if the monitor has several instances (e.g. all tasks) this can b= ecome +an issue. The impact can be decreased using the timer wheel (``HA_TIMER_TY= PE`` +set to ``HA_TIMER_WHEEL``), this lowers the responsiveness of the timer wi= thout +damaging the accuracy of the model, since the invariant condition is check= ed +before disabling the timer in case the callback is late. +Alternatively, if the monitor is guaranteed to *eventually* leave the stat= e and +the incurred delay to wait for the next event is acceptable, guards can be= used +in place of invariants, as seen in the stall example. + +Graphviz .dot format +-------------------- + +Also the Graphviz representation of hybrid automata is an extension of the +deterministic automata one. Specifically, guards can be provided in the ev= ent +name separated by ``;``:: + + "state_start" -> "state_dest" [ label =3D "sched_waking;preemptible=3D= =3D0;reset(clk)" ]; + +Invariant can be specified in the state label (not the node name!) separat= ed by ``\n``:: + + "enqueued" [label =3D "enqueued\nclk < threshold_jiffies"]; + +Constraints can be specified as valid C comparisons and allow spaces, the = first +element of the comparison must be the clock while the second is a numerica= l or +parametrised value. Guards allow comparisons to be combined with boolean +operations (``&&`` and ``||``), resets must be separated from other constr= aints. + +This is the full example of the last version of the 'stall' model in DOT:: + + digraph state_automaton { + {node [shape =3D circle] "enqueued"}; + {node [shape =3D plaintext, style=3Dinvis, label=3D""] "__init_deque= ued"}; + {node [shape =3D doublecircle] "dequeued"}; + {node [shape =3D circle] "running"}; + "__init_dequeued" -> "dequeued"; + "enqueued" [label =3D "enqueued\nclk < threshold_jiffies"]; + "running" [label =3D "running"]; + "dequeued" [label =3D "dequeued"]; + "enqueued" -> "running" [ label =3D "switch_in" ]; + "running" -> "dequeued" [ label =3D "dequeue" ]; + "dequeued" -> "enqueued" [ label =3D "enqueue;reset(clk)" ]; + { rank =3D min ; + "__init_dequeued"; + "dequeued"; + } + } + +References +---------- + +One book covering model checking and timed automata is:: + + Christel Baier and Joost-Pieter Katoen: Principles of Model Checking, + The MIT Press, 2008. + +Hybrid automata are described in detail in:: + + Thomas Henzinger: The theory of hybrid automata, + Proceedings 11th Annual IEEE Symposium on Logic in Computer Science, 199= 6. diff --git a/Documentation/trace/rv/index.rst b/Documentation/trace/rv/inde= x.rst index a2812ac5cfeb..ad298784bda2 100644 --- a/Documentation/trace/rv/index.rst +++ b/Documentation/trace/rv/index.rst @@ -9,6 +9,7 @@ Runtime Verification runtime-verification.rst deterministic_automata.rst linear_temporal_logic.rst + hybrid_automata.rst monitor_synthesis.rst da_monitor_instrumentation.rst monitor_wip.rst diff --git a/Documentation/trace/rv/monitor_synthesis.rst b/Documentation/t= race/rv/monitor_synthesis.rst index cc5f97977a29..2c1b5a0ae154 100644 --- a/Documentation/trace/rv/monitor_synthesis.rst +++ b/Documentation/trace/rv/monitor_synthesis.rst @@ -18,8 +18,8 @@ functions that glue the monitor to the system reference m= odel, and the trace output as a reaction to event parsing and exceptions, as depicted below:: =20 - Linux +----- RV Monitor ----------------------------------+ Formal - Realm | | Realm + Linux +---- RV Monitor ----------------------------------+ Formal + Realm | | Realm +-------------------+ +----------------+ +-----------------+ | Linux kernel | | Monitor | | Reference | | Tracing | -> | Instance(s) | <- | Model | @@ -45,6 +45,7 @@ creating monitors. The header files are: =20 * rv/da_monitor.h for deterministic automaton monitor. * rv/ltl_monitor.h for linear temporal logic monitor. + * rv/ha_monitor.h for hybrid automaton monitor. =20 rvgen ----- @@ -252,6 +253,118 @@ the task, the monitor may need some time to start val= idating tasks which have been running before the monitor is enabled. Therefore, it is recommended to start the tasks of interest after enabling the monitor. =20 +rv/ha_monitor.h ++++++++++++++++ + +The implementation of hybrid automaton monitors derives directly from the +deterministic automaton one. Despite using a different header +(``ha_monitor.h``) the functions to handle events are the same (e.g. +``da_handle_event``). + +Additionally, the `rvgen` tool populates skeletons for the +``ha_verify_constraint``, ``ha_get_env`` and ``ha_reset_env`` based on the +monitor specification in the monitor source file. + +``ha_verify_constraint`` is typically ready as it is generated by `rvgen`: + +* standard constraints on edges are turned into the form:: + + res =3D ha_get_env(ha_mon, ENV) < VALUE; + +* reset constraints are turned into the form:: + + ha_reset_env(ha_mon, ENV); + +* constraints on the state are implemented using timers + + - armed before entering the state + + - cancelled while entering any other state + + - untouched if the state does not change as a result of the event + + - checked if the timer expired but the callback did not run + + - available implementation are `HA_TIMER_HRTIMER` and `HA_TIMER_WHEEL` + + - hrtimers are more precise but may have higher overhead + + - select by defining `HA_TIMER_TYPE` before including the header:: + + #define HA_TIMER_TYPE HA_TIMER_HRTIMER + +Constraint values can be specified in different forms: + +* literal value (with optional unit). E.g.:: + + preemptive =3D=3D 0 + clk < 100ns + threshold <=3D 10j + +* constant value (uppercase string). E.g.:: + + clk < MAX_NS + +* parameter (lowercase string). E.g.:: + + clk <=3D threshold_jiffies + +* macro (uppercase string with parentheses). E.g.:: + + clk < MAX_NS() + +* function (lowercase string with parentheses). E.g.:: + + clk <=3D threshold_jiffies() + +In all cases, `rvgen` will try to understand the type of the environment +variable from the name or unit. For instance, constants or parameters +terminating with ``_NS`` or ``_jiffies`` are intended as clocks with ns an= d jiffy +granularity, respectively. Literals with measure unit `j` are jiffies and = if a +time unit is specified (`ns` to `s`), `rvgen` will convert the value to `n= s`. + +Constants need to be defined by the user (but unlike the name, they don't +necessarily need to be defined as constants). Parameters get converted to +module parameters and the user needs to provide a default value. +Also function and macros are defined by the user, by default they get as an +argument the ``ha_monitor``, a common usage would be to get the required v= alue +from the target, e.g. the task in per-task monitors, using the helper +``ha_get_target(ha_mon)``. + +If `rvgen` determines that the variable is a clock, it provides the getter= and +resetter based on the unit. Otherwise, the user needs to provide an approp= riate +definition. +Typically non-clock environment variables are not reset. In such case only= the +getter skeleton will be present in the file generated by `rvgen`. +For instance, the getter for preemptive can be filled as:: + + static u64 ha_get_env(struct ha_monitor *ha_mon, enum envs env) + { + if (env =3D=3D preemptible) + return preempt_count() =3D=3D 0; + return ENV_INVALID_VALUE; + } + +The function is supplied the ``ha_mon`` parameter in case some storage is +required (as it is for clocks), but environment variables without reset do= not +require a storage and can ignore that argument. +The number of environment variables requiring a storage is limited by +``MAX_HA_ENV_LEN``, however such limitation doesn't stand for other variab= les. + +Finally, constraints on states are only valid for clocks and only if the +constraint is of the form `clk < N`. This is because such constraints are +implemented with the expiration of a timer. +Typically the clock variables are reset just before arming the timer, but = this +doesn't have to be the case and the available functions take care of it. +It is a responsibility of per-task monitors to make sure no timer is left +running when the task exits. + +By default the generator implements timers with hrtimers (setting +``HA_TIMER_TYPE`` to ``HA_TIMER_HRTIMER``), this gives better responsivene= ss +but higher overhead. The timer wheel (``HA_TIMER_WHEEL``) is a good altern= ative +for monitors with several instances (e.g. per-task) that achieves lower +overhead with increased latency, yet without compromising precision. + Final remarks ------------- =20 --=20 2.52.0 From nobody Fri Dec 19 07:17:15 2025 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8F29A308F36 for ; Fri, 5 Dec 2025 13:17:18 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.133.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1764940644; cv=none; b=oxelwqHQrrLtwDIeXL14mfTik4l+pJwOw0Jmlh3MwAWs4TIiIghcH83USNIFbTVRzyeySWSyqfmt5ZxjP4kCH8V+S3fSPgBQPse1otlNe811VGVwyVWyCM0E5khvxL9l3XI7wQkYqdXlqTqBlFNzli0dF+xIfOmUNkXW4isuLCw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1764940644; c=relaxed/simple; bh=tiaUo0qYIAxuMm1nZKXfE8h7DaMsLLuoN6nP7ese+Is=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=cAg6NRXvRr9JJu+UQMke1hCIEkoW5J6FUjNley09rj55i0KpZvPswzUPZ+LEwrGVJMQyNucAPoqWXscGUJ3uL0LwDfbenV542U/zxYXqmzRVLqzrNQXdqvT+Xi90ga3PTzDMiPzggqK/OXboTMZMGKakDEm1k7L733vModbwVZY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=bdDzwMhZ; arc=none smtp.client-ip=170.10.133.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="bdDzwMhZ" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1764940635; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=80GuvibACcJ2VyVxoFdm18G8D8rfzxl/Aix/mgujaLk=; b=bdDzwMhZ5EiG1DO58sTwMtw7wku6BX6iz6XvT2mBt2nXobr3WSo/kyOzqnGs21F860KBeE N4QQL2hGu9KU858+0t81Cb5QZWQlTKgMegzUM3b1u1Q6yZ9qg5UnhSzx3T3iIWBe5tuu3p NsZ4dYhm+ZSQwvz2Wyey5iW2P+c/PH8= Received: from mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com (ec2-35-165-154-97.us-west-2.compute.amazonaws.com [35.165.154.97]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-440-P675trQbMLyzUkGb2DEpXw-1; Fri, 05 Dec 2025 08:17:12 -0500 X-MC-Unique: P675trQbMLyzUkGb2DEpXw-1 X-Mimecast-MFC-AGG-ID: P675trQbMLyzUkGb2DEpXw_1764940631 Received: from mx-prod-int-08.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-08.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.111]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 22E471800365; Fri, 5 Dec 2025 13:17:11 +0000 (UTC) Received: from gmonaco-thinkpadt14gen3.rmtit.csb (unknown [10.45.226.23]) by mx-prod-int-08.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id A5539180045B; Fri, 5 Dec 2025 13:17:05 +0000 (UTC) From: Gabriele Monaco To: linux-kernel@vger.kernel.org, Steven Rostedt , Nam Cao , Jonathan Corbet , Gabriele Monaco , Masami Hiramatsu , linux-doc@vger.kernel.org, linux-trace-kernel@vger.kernel.org Cc: Tomas Glozar , Juri Lelli , Clark Williams , John Kacur Subject: [PATCH v3 06/13] rv: Add sample hybrid monitors stall Date: Fri, 5 Dec 2025 14:16:14 +0100 Message-ID: <20251205131621.135513-7-gmonaco@redhat.com> In-Reply-To: <20251205131621.135513-1-gmonaco@redhat.com> References: <20251205131621.135513-1-gmonaco@redhat.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.111 Content-Type: text/plain; charset="utf-8" Add a sample monitor to showcase hybrid/timed automata. The stall monitor identifies tasks stalled for longer than a threshold and reacts when that happens. Signed-off-by: Gabriele Monaco Reviewed-by: Nam Cao --- Notes: V3: * Extend stall model to handle preemption Documentation/tools/rv/index.rst | 1 + Documentation/tools/rv/rv-mon-stall.rst | 44 ++++++ Documentation/trace/rv/index.rst | 1 + Documentation/trace/rv/monitor_stall.rst | 43 ++++++ kernel/trace/rv/Kconfig | 1 + kernel/trace/rv/Makefile | 1 + kernel/trace/rv/monitors/stall/Kconfig | 13 ++ kernel/trace/rv/monitors/stall/stall.c | 150 +++++++++++++++++++ kernel/trace/rv/monitors/stall/stall.h | 81 ++++++++++ kernel/trace/rv/monitors/stall/stall_trace.h | 19 +++ kernel/trace/rv/rv_trace.h | 1 + tools/verification/models/stall.dot | 22 +++ 12 files changed, 377 insertions(+) create mode 100644 Documentation/tools/rv/rv-mon-stall.rst create mode 100644 Documentation/trace/rv/monitor_stall.rst create mode 100644 kernel/trace/rv/monitors/stall/Kconfig create mode 100644 kernel/trace/rv/monitors/stall/stall.c create mode 100644 kernel/trace/rv/monitors/stall/stall.h create mode 100644 kernel/trace/rv/monitors/stall/stall_trace.h create mode 100644 tools/verification/models/stall.dot diff --git a/Documentation/tools/rv/index.rst b/Documentation/tools/rv/inde= x.rst index 64ba2efe2e85..4d66e0a78e1e 100644 --- a/Documentation/tools/rv/index.rst +++ b/Documentation/tools/rv/index.rst @@ -16,6 +16,7 @@ Runtime verification (rv) tool rv-mon-wip rv-mon-wwnr rv-mon-sched + rv-mon-stall =20 .. only:: subproject and html =20 diff --git a/Documentation/tools/rv/rv-mon-stall.rst b/Documentation/tools/= rv/rv-mon-stall.rst new file mode 100644 index 000000000000..c79d7c2e4dd4 --- /dev/null +++ b/Documentation/tools/rv/rv-mon-stall.rst @@ -0,0 +1,44 @@ +.. SPDX-License-Identifier: GPL-2.0 + +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D +rv-mon-stall +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D +-------------------- +Stalled task monitor +-------------------- + +:Manual section: 1 + +SYNOPSIS +=3D=3D=3D=3D=3D=3D=3D=3D + +**rv mon stall** [*OPTIONS*] + +DESCRIPTION +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D + +The stalled task (**stall**) monitor is a sample per-task timed monitor th= at +checks if tasks are scheduled within a defined threshold after they are re= ady. + +See kernel documentation for further information about this monitor: + + +OPTIONS +=3D=3D=3D=3D=3D=3D=3D + +.. include:: common_ikm.rst + +SEE ALSO +=3D=3D=3D=3D=3D=3D=3D=3D + +**rv**\(1), **rv-mon**\(1) + +Linux kernel *RV* documentation: + + +AUTHOR +=3D=3D=3D=3D=3D=3D + +Written by Gabriele Monaco + +.. include:: common_appendix.rst diff --git a/Documentation/trace/rv/index.rst b/Documentation/trace/rv/inde= x.rst index ad298784bda2..bf9962f49959 100644 --- a/Documentation/trace/rv/index.rst +++ b/Documentation/trace/rv/index.rst @@ -16,3 +16,4 @@ Runtime Verification monitor_wwnr.rst monitor_sched.rst monitor_rtapp.rst + monitor_stall.rst diff --git a/Documentation/trace/rv/monitor_stall.rst b/Documentation/trace= /rv/monitor_stall.rst new file mode 100644 index 000000000000..d29e820b2433 --- /dev/null +++ b/Documentation/trace/rv/monitor_stall.rst @@ -0,0 +1,43 @@ +Monitor stall +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D + +- Name: stall - stalled task monitor +- Type: per-task hybrid automaton +- Author: Gabriele Monaco + +Description +----------- + +The stalled task (stall) monitor is a sample per-task timed monitor that c= hecks +if tasks are scheduled within a defined threshold after they are ready:: + + | + | + v + #=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D# + +-----------------> H dequeued H + | #=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D# + | | + sched_switch_wait | sched_wakeup;reset(clk) + | v + | +--------------------------+ <+ + | | enqueued | | sched_wakeup + | | clk < threshold_jiffies | -+ + | +--------------------------+ + | | ^ + | sched_switch_in sched_switch_preempt;reset(clk) + | v | + | +--------------------------+ + +------------------ | running | + +--------------------------+ + ^ sched_switch_in | + | sched_wakeup | + +----------------------+ + +The threshold can be configured as a parameter by either booting with the +``stall.threshold_jiffies=3D`` argument or writing a new value = to +``/sys/module/stall/parameters/threshold_jiffies``. + +Specification +------------- +Graphviz Dot file in tools/verification/models/stall.dot diff --git a/kernel/trace/rv/Kconfig b/kernel/trace/rv/Kconfig index 4ad392dfc57f..720fbe4935f8 100644 --- a/kernel/trace/rv/Kconfig +++ b/kernel/trace/rv/Kconfig @@ -78,6 +78,7 @@ source "kernel/trace/rv/monitors/pagefault/Kconfig" source "kernel/trace/rv/monitors/sleep/Kconfig" # Add new rtapp monitors here =20 +source "kernel/trace/rv/monitors/stall/Kconfig" # Add new monitors here =20 config RV_REACTORS diff --git a/kernel/trace/rv/Makefile b/kernel/trace/rv/Makefile index 750e4ad6fa0f..51c95e2d2da6 100644 --- a/kernel/trace/rv/Makefile +++ b/kernel/trace/rv/Makefile @@ -17,6 +17,7 @@ obj-$(CONFIG_RV_MON_STS) +=3D monitors/sts/sts.o obj-$(CONFIG_RV_MON_NRP) +=3D monitors/nrp/nrp.o obj-$(CONFIG_RV_MON_SSSW) +=3D monitors/sssw/sssw.o obj-$(CONFIG_RV_MON_OPID) +=3D monitors/opid/opid.o +obj-$(CONFIG_RV_MON_STALL) +=3D monitors/stall/stall.o # Add new monitors here obj-$(CONFIG_RV_REACTORS) +=3D rv_reactors.o obj-$(CONFIG_RV_REACT_PRINTK) +=3D reactor_printk.o diff --git a/kernel/trace/rv/monitors/stall/Kconfig b/kernel/trace/rv/monit= ors/stall/Kconfig new file mode 100644 index 000000000000..6f846b642544 --- /dev/null +++ b/kernel/trace/rv/monitors/stall/Kconfig @@ -0,0 +1,13 @@ +# SPDX-License-Identifier: GPL-2.0-only +# +config RV_MON_STALL + depends on RV + select HA_MON_EVENTS_ID + bool "stall monitor" + help + Enable the stall sample monitor that illustrates the usage of hybrid + automata monitors. It can be used to identify tasks stalled for + longer than a threshold. + + For further information, see: + Documentation/trace/rv/monitor_stall.rst diff --git a/kernel/trace/rv/monitors/stall/stall.c b/kernel/trace/rv/monit= ors/stall/stall.c new file mode 100644 index 000000000000..9ccfda6b0e73 --- /dev/null +++ b/kernel/trace/rv/monitors/stall/stall.c @@ -0,0 +1,150 @@ +// SPDX-License-Identifier: GPL-2.0 +#include +#include +#include +#include +#include +#include +#include + +#define MODULE_NAME "stall" + +#include +#include + +#define RV_MON_TYPE RV_MON_PER_TASK +#define HA_TIMER_TYPE HA_TIMER_WHEEL +#include "stall.h" +#include + +static u64 threshold_jiffies =3D 1000; +module_param(threshold_jiffies, ullong, 0644); + +static u64 ha_get_env(struct ha_monitor *ha_mon, enum envs_stall env, u64 = time_ns) +{ + if (env =3D=3D clk_stall) + return ha_get_clk_jiffy(ha_mon, env); + return ENV_INVALID_VALUE; +} + +static void ha_reset_env(struct ha_monitor *ha_mon, enum envs_stall env, u= 64 time_ns) +{ + if (env =3D=3D clk_stall) + ha_reset_clk_jiffy(ha_mon, env); +} + +static inline bool ha_verify_invariants(struct ha_monitor *ha_mon, + enum states curr_state, enum events event, + enum states next_state, u64 time_ns) +{ + if (curr_state =3D=3D enqueued_stall) + return ha_check_invariant_jiffy(ha_mon, clk_stall, time_ns); + return true; +} + +static inline bool ha_verify_guards(struct ha_monitor *ha_mon, + enum states curr_state, enum events event, + enum states next_state, u64 time_ns) +{ + bool res =3D true; + + if (curr_state =3D=3D dequeued_stall && event =3D=3D sched_wakeup_stall) + ha_reset_env(ha_mon, clk_stall, time_ns); + else if (curr_state =3D=3D running_stall && event =3D=3D sched_switch_pre= empt_stall) + ha_reset_env(ha_mon, clk_stall, time_ns); + return res; +} + +static inline void ha_setup_invariants(struct ha_monitor *ha_mon, + enum states curr_state, enum events event, + enum states next_state, u64 time_ns) +{ + if (next_state =3D=3D curr_state) + return; + if (next_state =3D=3D enqueued_stall) + ha_start_timer_jiffy(ha_mon, clk_stall, threshold_jiffies, time_ns); + else if (curr_state =3D=3D enqueued_stall) + ha_cancel_timer(ha_mon); +} + +static bool ha_verify_constraint(struct ha_monitor *ha_mon, + enum states curr_state, enum events event, + enum states next_state, u64 time_ns) +{ + if (!ha_verify_invariants(ha_mon, curr_state, event, next_state, time_ns)) + return false; + + if (!ha_verify_guards(ha_mon, curr_state, event, next_state, time_ns)) + return false; + + ha_setup_invariants(ha_mon, curr_state, event, next_state, time_ns); + + return true; +} + +static void handle_sched_switch(void *data, bool preempt, + struct task_struct *prev, + struct task_struct *next, + unsigned int prev_state) +{ + if (!preempt && prev_state !=3D TASK_RUNNING) + da_handle_start_event(prev, sched_switch_wait_stall); + else + da_handle_event(prev, sched_switch_preempt_stall); + da_handle_event(next, sched_switch_in_stall); +} + +static void handle_sched_wakeup(void *data, struct task_struct *p) +{ + da_handle_event(p, sched_wakeup_stall); +} + +static int enable_stall(void) +{ + int retval; + + retval =3D da_monitor_init(); + if (retval) + return retval; + + rv_attach_trace_probe("stall", sched_switch, handle_sched_switch); + rv_attach_trace_probe("stall", sched_wakeup, handle_sched_wakeup); + + return 0; +} + +static void disable_stall(void) +{ + rv_this.enabled =3D 0; + + rv_detach_trace_probe("stall", sched_switch, handle_sched_switch); + rv_detach_trace_probe("stall", sched_wakeup, handle_sched_wakeup); + + da_monitor_destroy(); +} + +static struct rv_monitor rv_this =3D { + .name =3D "stall", + .description =3D "identify tasks stalled for longer than a threshold.", + .enable =3D enable_stall, + .disable =3D disable_stall, + .reset =3D da_monitor_reset_all, + .enabled =3D 0, +}; + +static int __init register_stall(void) +{ + return rv_register_monitor(&rv_this, NULL); +} + +static void __exit unregister_stall(void) +{ + rv_unregister_monitor(&rv_this); +} + +module_init(register_stall); +module_exit(unregister_stall); + +MODULE_LICENSE("GPL"); +MODULE_AUTHOR("Gabriele Monaco "); +MODULE_DESCRIPTION("stall: identify tasks stalled for longer than a thresh= old."); diff --git a/kernel/trace/rv/monitors/stall/stall.h b/kernel/trace/rv/monit= ors/stall/stall.h new file mode 100644 index 000000000000..638520cb1082 --- /dev/null +++ b/kernel/trace/rv/monitors/stall/stall.h @@ -0,0 +1,81 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +/* + * Automatically generated C representation of stall automaton + * For further information about this format, see kernel documentation: + * Documentation/trace/rv/deterministic_automata.rst + */ + +#define MONITOR_NAME stall + +enum states_stall { + dequeued_stall, + enqueued_stall, + running_stall, + state_max_stall, +}; + +#define INVALID_STATE state_max_stall + +enum events_stall { + sched_switch_in_stall, + sched_switch_preempt_stall, + sched_switch_wait_stall, + sched_wakeup_stall, + event_max_stall, +}; + +enum envs_stall { + clk_stall, + env_max_stall, + env_max_stored_stall =3D env_max_stall, +}; + +_Static_assert(env_max_stored_stall <=3D MAX_HA_ENV_LEN, "Not enough slots= "); + +struct automaton_stall { + char *state_names[state_max_stall]; + char *event_names[event_max_stall]; + char *env_names[env_max_stall]; + unsigned char function[state_max_stall][event_max_stall]; + unsigned char initial_state; + bool final_states[state_max_stall]; +}; + +static const struct automaton_stall automaton_stall =3D { + .state_names =3D { + "dequeued", + "enqueued", + "running", + }, + .event_names =3D { + "sched_switch_in", + "sched_switch_preempt", + "sched_switch_wait", + "sched_wakeup", + }, + .env_names =3D { + "clk", + }, + .function =3D { + { + INVALID_STATE, + INVALID_STATE, + INVALID_STATE, + enqueued_stall, + }, + { + running_stall, + INVALID_STATE, + INVALID_STATE, + enqueued_stall, + }, + { + running_stall, + enqueued_stall, + dequeued_stall, + running_stall, + }, + }, + .initial_state =3D dequeued_stall, + .final_states =3D { 1, 0, 0 }, +}; diff --git a/kernel/trace/rv/monitors/stall/stall_trace.h b/kernel/trace/rv= /monitors/stall/stall_trace.h new file mode 100644 index 000000000000..6a7cc1b1d040 --- /dev/null +++ b/kernel/trace/rv/monitors/stall/stall_trace.h @@ -0,0 +1,19 @@ +/* SPDX-License-Identifier: GPL-2.0 */ + +/* + * Snippet to be included in rv_trace.h + */ + +#ifdef CONFIG_RV_MON_STALL +DEFINE_EVENT(event_da_monitor_id, event_stall, + TP_PROTO(int id, char *state, char *event, char *next_state, bool fi= nal_state), + TP_ARGS(id, state, event, next_state, final_state)); + +DEFINE_EVENT(error_da_monitor_id, error_stall, + TP_PROTO(int id, char *state, char *event), + TP_ARGS(id, state, event)); + +DEFINE_EVENT(error_env_da_monitor_id, error_env_stall, + TP_PROTO(int id, char *state, char *event, char *env), + TP_ARGS(id, state, event, env)); +#endif /* CONFIG_RV_MON_STALL */ diff --git a/kernel/trace/rv/rv_trace.h b/kernel/trace/rv/rv_trace.h index 7c598967bc0e..1661f8fe4a88 100644 --- a/kernel/trace/rv/rv_trace.h +++ b/kernel/trace/rv/rv_trace.h @@ -187,6 +187,7 @@ DECLARE_EVENT_CLASS(error_env_da_monitor_id, __get_str(env)) ); =20 +#include // Add new monitors based on CONFIG_HA_MON_EVENTS_ID here =20 #endif diff --git a/tools/verification/models/stall.dot b/tools/verification/model= s/stall.dot new file mode 100644 index 000000000000..50077d1dff74 --- /dev/null +++ b/tools/verification/models/stall.dot @@ -0,0 +1,22 @@ +digraph state_automaton { + center =3D true; + size =3D "7,11"; + {node [shape =3D circle] "enqueued"}; + {node [shape =3D plaintext, style=3Dinvis, label=3D""] "__init_dequeued"}; + {node [shape =3D doublecircle] "dequeued"}; + {node [shape =3D circle] "running"}; + "__init_dequeued" -> "dequeued"; + "enqueued" [label =3D "enqueued\nclk < threshold_jiffies"]; + "running" [label =3D "running"]; + "dequeued" [label =3D "dequeued", color =3D green3]; + "running" -> "running" [ label =3D "sched_switch_in\nsched_wakeup" ]; + "enqueued" -> "enqueued" [ label =3D "sched_wakeup" ]; + "enqueued" -> "running" [ label =3D "sched_switch_in" ]; + "running" -> "dequeued" [ label =3D "sched_switch_wait" ]; + "dequeued" -> "enqueued" [ label =3D "sched_wakeup;reset(clk)" ]; + "running" -> "enqueued" [ label =3D "sched_switch_preempt;reset(clk)" ]; + { rank =3D min ; + "__init_dequeued"; + "dequeued"; + } +} --=20 2.52.0 From nobody Fri Dec 19 07:17:15 2025 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0708532FA0D for ; Fri, 5 Dec 2025 13:17:24 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.129.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1764940652; cv=none; b=O99gmlKRK6FNFF0uHDkaU9rBqF0IcbK874sFL1Capvqp/J4XKbt2+J6g6zdtGh/x3HkoUW/yQcOWWYdyLIwmPKM1QTpTnLiWXxcge5fHsUzwB5uOue2YbPOu1zyVc6lGJ5PEs+jm+wuJXaF1nWobXaNJe1GYguJ4/9pZSxNTrxw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1764940652; c=relaxed/simple; bh=z4YARXkl3mRwNdBVaSkgq2IN/yNX76nuFd5sQgXyqr0=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=BJOObi5E6j5RZpRmQq+wqlGt3ndpvv8ZF2AFs3IXvhU6c8jYpLj91N20WURfoCnyqYRvwBE1bFDbczRT2C1ZyA9JF9Nz4M+OrY4WkCnt9Y0zoQxFjG5dHK88dRPhQuEg3rPmMI1otWVgGT6O8mT2ofdLyivNI0VH3d6BmagsjvE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=QGHdHne4; arc=none smtp.client-ip=170.10.129.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="QGHdHne4" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1764940642; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=cC/ums3rFV36I669OltZJV4c+DkcOkRBk2xfHvu3rAo=; b=QGHdHne4V0k9jLjHSGTy9o5zpfBZhC3CWvEhVs7e0c8383QBBF7u9WpVtFRNlSJYSvERFr AUzPnfPCohsUEpKefa50SKvMV7lVj8MFWmTqA/ZtVtT/otP/F/yCk/pbLOiz7+8KxmHU2F Kug4bfjnTfVvZcQnUJ1pQMWlxXa/bPY= Received: from mx-prod-mc-01.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-257-3UVTRNFnNYSY7liwKJ-zeQ-1; Fri, 05 Dec 2025 08:17:19 -0500 X-MC-Unique: 3UVTRNFnNYSY7liwKJ-zeQ-1 X-Mimecast-MFC-AGG-ID: 3UVTRNFnNYSY7liwKJ-zeQ_1764940638 Received: from mx-prod-int-08.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-08.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.111]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-01.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 63D9A1956055; Fri, 5 Dec 2025 13:17:18 +0000 (UTC) Received: from gmonaco-thinkpadt14gen3.rmtit.csb (unknown [10.45.226.23]) by mx-prod-int-08.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id 0E890180029A; Fri, 5 Dec 2025 13:17:12 +0000 (UTC) From: Gabriele Monaco To: linux-kernel@vger.kernel.org, Steven Rostedt , Nam Cao , Gabriele Monaco , Jonathan Corbet , Masami Hiramatsu , linux-trace-kernel@vger.kernel.org, linux-doc@vger.kernel.org Cc: Tomas Glozar , Juri Lelli , Clark Williams , John Kacur Subject: [PATCH v3 07/13] rv: Convert the opid monitor to a hybrid automaton Date: Fri, 5 Dec 2025 14:16:15 +0100 Message-ID: <20251205131621.135513-8-gmonaco@redhat.com> In-Reply-To: <20251205131621.135513-1-gmonaco@redhat.com> References: <20251205131621.135513-1-gmonaco@redhat.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.111 Content-Type: text/plain; charset="utf-8" The opid monitor validates that wakeup and need_resched events only occur with interrupts and preemption disabled by following the preemptirq tracepoints. As reported in [1], those tracepoints might be inaccurate in some situations (e.g. NMIs). Since the monitor doesn't validate other ordering properties, remove the dependency on preemptirq tracepoints and convert the monitor to a hybrid automaton to validate the constraint during event handling. This makes the monitor more robust by also removing the workaround for interrupts missing the preemption tracepoints, which was working on PREEMPT_RT only and allows the monitor to be built on kernels without the preemptirqs tracepoints. [1] - https://lore.kernel.org/lkml/20250625120823.60600-1-gmonaco@redhat.com Signed-off-by: Gabriele Monaco Reviewed-by: Nam Cao --- Documentation/trace/rv/monitor_sched.rst | 62 +++--------- kernel/trace/rv/monitors/opid/Kconfig | 11 +- kernel/trace/rv/monitors/opid/opid.c | 111 +++++++-------------- kernel/trace/rv/monitors/opid/opid.h | 86 ++++------------ kernel/trace/rv/monitors/opid/opid_trace.h | 4 + kernel/trace/rv/rv_trace.h | 2 +- tools/verification/models/sched/opid.dot | 36 ++----- 7 files changed, 82 insertions(+), 230 deletions(-) diff --git a/Documentation/trace/rv/monitor_sched.rst b/Documentation/trace= /rv/monitor_sched.rst index 3f8381ad9ec7..0b96d6e147c6 100644 --- a/Documentation/trace/rv/monitor_sched.rst +++ b/Documentation/trace/rv/monitor_sched.rst @@ -346,55 +346,21 @@ Monitor opid =20 The operations with preemption and irq disabled (opid) monitor ensures operations like ``wakeup`` and ``need_resched`` occur with interrupts and -preemption disabled or during interrupt context, in such case preemption m= ay -not be disabled explicitly. +preemption disabled. ``need_resched`` can be set by some RCU internals functions, in which case= it -doesn't match a task wakeup and might occur with only interrupts disabled:: - - | sched_need_resched - | sched_waking - | irq_entry - | +--------------------+ - v v | - +------------------------------------------------------+ - +----------- | disabled | <+ - | +------------------------------------------------------+ | - | | ^ | - | | preempt_disable sched_need_resched | - | preempt_enable | +--------------------+ | - | v | v | | - | +------------------------------------------------------+ | - | | irq_disabled | | - | +------------------------------------------------------+ | - | | | ^ | - | irq_entry irq_entry | | | - | sched_need_resched v | irq_disable | - | sched_waking +--------------+ | | | - | +----- | | irq_enable | | - | | | in_irq | | | | - | +----> | | | | | - | +--------------+ | | irq_dis= able - | | | | | - | irq_enable | irq_enable | | | - | v v | | - | #=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D# | - | H enabled H | - | #=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D# | - | | ^ ^ preempt_enable | | - | preempt_disable preempt_enable +--------------------+ | - | v | | - | +------------------+ | | - +----------> | preempt_disabled | -+ | - +------------------+ | - | | - +-------------------------------------------------------+ - -This monitor is designed to work on ``PREEMPT_RT`` kernels, the special ca= se of -events occurring in interrupt context is a shortcut to identify valid scen= arios -where the preemption tracepoints might not be visible, during interrupts -preemption is always disabled. On non- ``PREEMPT_RT`` kernels, the interru= pts -might invoke a softirq to set ``need_resched`` and wake up a task. This is -another special case that is currently not supported by the monitor. +doesn't match a task wakeup and might occur with only interrupts disabled. +The interrupt and preemption status are validated by the hybrid automaton +constraints when processing the events:: + + | + | + v + #=3D=3D=3D=3D=3D=3D=3D=3D=3D# sched_need_resched;irq_off =3D=3D 1 + H H sched_waking;irq_off =3D=3D 1 && preempt_off =3D=3D 1 + H any H ------------------------------------------------+ + H H | + H H <-----------------------------------------------+ + #=3D=3D=3D=3D=3D=3D=3D=3D=3D# =20 References ---------- diff --git a/kernel/trace/rv/monitors/opid/Kconfig b/kernel/trace/rv/monito= rs/opid/Kconfig index 561d32da572b..6d02e239b684 100644 --- a/kernel/trace/rv/monitors/opid/Kconfig +++ b/kernel/trace/rv/monitors/opid/Kconfig @@ -2,18 +2,13 @@ # config RV_MON_OPID depends on RV - depends on TRACE_IRQFLAGS - depends on TRACE_PREEMPT_TOGGLE depends on RV_MON_SCHED - default y if PREEMPT_RT - select DA_MON_EVENTS_IMPLICIT + default y + select HA_MON_EVENTS_IMPLICIT bool "opid monitor" help Monitor to ensure operations like wakeup and need resched occur with - interrupts and preemption disabled or during IRQs, where preemption - may not be disabled explicitly. - - This monitor is unstable on !PREEMPT_RT, say N unless you are testing i= t. + interrupts and preemption disabled. =20 For further information, see: Documentation/trace/rv/monitor_sched.rst diff --git a/kernel/trace/rv/monitors/opid/opid.c b/kernel/trace/rv/monitor= s/opid/opid.c index 25a40e90fa40..160a518ce1cb 100644 --- a/kernel/trace/rv/monitors/opid/opid.c +++ b/kernel/trace/rv/monitors/opid/opid.c @@ -10,94 +10,63 @@ #define MODULE_NAME "opid" =20 #include -#include -#include #include #include =20 #define RV_MON_TYPE RV_MON_PER_CPU #include "opid.h" -#include +#include =20 -#ifdef CONFIG_X86_LOCAL_APIC -#include - -static void handle_vector_irq_entry(void *data, int vector) +static u64 ha_get_env(struct ha_monitor *ha_mon, enum envs_opid env, u64 t= ime_ns) { - da_handle_event(irq_entry_opid); -} - -static void attach_vector_irq(void) -{ - rv_attach_trace_probe("opid", local_timer_entry, handle_vector_irq_entry); - if (IS_ENABLED(CONFIG_IRQ_WORK)) - rv_attach_trace_probe("opid", irq_work_entry, handle_vector_irq_entry); - if (IS_ENABLED(CONFIG_SMP)) { - rv_attach_trace_probe("opid", reschedule_entry, handle_vector_irq_entry); - rv_attach_trace_probe("opid", call_function_entry, handle_vector_irq_ent= ry); - rv_attach_trace_probe("opid", call_function_single_entry, handle_vector_= irq_entry); + if (env =3D=3D irq_off_opid) + return irqs_disabled(); + else if (env =3D=3D preempt_off_opid) { + /* + * If CONFIG_PREEMPTION is enabled, then the tracepoint itself disables + * preemption (adding one to the preempt_count). Since we are + * interested in the preempt_count at the time the tracepoint was + * hit, we consider 1 as still enabled. + */ + if (IS_ENABLED(CONFIG_PREEMPTION)) + return (preempt_count() & PREEMPT_MASK) > 1; + return true; } + return ENV_INVALID_VALUE; } =20 -static void detach_vector_irq(void) +static inline bool ha_verify_guards(struct ha_monitor *ha_mon, + enum states curr_state, enum events event, + enum states next_state, u64 time_ns) { - rv_detach_trace_probe("opid", local_timer_entry, handle_vector_irq_entry); - if (IS_ENABLED(CONFIG_IRQ_WORK)) - rv_detach_trace_probe("opid", irq_work_entry, handle_vector_irq_entry); - if (IS_ENABLED(CONFIG_SMP)) { - rv_detach_trace_probe("opid", reschedule_entry, handle_vector_irq_entry); - rv_detach_trace_probe("opid", call_function_entry, handle_vector_irq_ent= ry); - rv_detach_trace_probe("opid", call_function_single_entry, handle_vector_= irq_entry); - } + bool res =3D true; + + if (curr_state =3D=3D any_opid && event =3D=3D sched_need_resched_opid) + res =3D ha_get_env(ha_mon, irq_off_opid, time_ns) =3D=3D 1ull; + else if (curr_state =3D=3D any_opid && event =3D=3D sched_waking_opid) + res =3D ha_get_env(ha_mon, irq_off_opid, time_ns) =3D=3D 1ull && + ha_get_env(ha_mon, preempt_off_opid, time_ns) =3D=3D 1ull; + return res; } =20 -#else -/* We assume irq_entry tracepoints are sufficient on other architectures */ -static void attach_vector_irq(void) { } -static void detach_vector_irq(void) { } -#endif - -static void handle_irq_disable(void *data, unsigned long ip, unsigned long= parent_ip) +static bool ha_verify_constraint(struct ha_monitor *ha_mon, + enum states curr_state, enum events event, + enum states next_state, u64 time_ns) { - da_handle_event(irq_disable_opid); -} + if (!ha_verify_guards(ha_mon, curr_state, event, next_state, time_ns)) + return false; =20 -static void handle_irq_enable(void *data, unsigned long ip, unsigned long = parent_ip) -{ - da_handle_event(irq_enable_opid); -} - -static void handle_irq_entry(void *data, int irq, struct irqaction *action) -{ - da_handle_event(irq_entry_opid); -} - -static void handle_preempt_disable(void *data, unsigned long ip, unsigned = long parent_ip) -{ - da_handle_event(preempt_disable_opid); -} - -static void handle_preempt_enable(void *data, unsigned long ip, unsigned l= ong parent_ip) -{ - da_handle_event(preempt_enable_opid); + return true; } =20 static void handle_sched_need_resched(void *data, struct task_struct *tsk,= int cpu, int tif) { - /* The monitor's intitial state is not in_irq */ - if (this_cpu_read(hardirq_context)) - da_handle_event(sched_need_resched_opid); - else - da_handle_start_event(sched_need_resched_opid); + da_handle_start_event(sched_need_resched_opid); } =20 static void handle_sched_waking(void *data, struct task_struct *p) { - /* The monitor's intitial state is not in_irq */ - if (this_cpu_read(hardirq_context)) - da_handle_event(sched_waking_opid); - else - da_handle_start_event(sched_waking_opid); + da_handle_start_event(sched_waking_opid); } =20 static int enable_opid(void) @@ -108,14 +77,8 @@ static int enable_opid(void) if (retval) return retval; =20 - rv_attach_trace_probe("opid", irq_disable, handle_irq_disable); - rv_attach_trace_probe("opid", irq_enable, handle_irq_enable); - rv_attach_trace_probe("opid", irq_handler_entry, handle_irq_entry); - rv_attach_trace_probe("opid", preempt_disable, handle_preempt_disable); - rv_attach_trace_probe("opid", preempt_enable, handle_preempt_enable); rv_attach_trace_probe("opid", sched_set_need_resched_tp, handle_sched_nee= d_resched); rv_attach_trace_probe("opid", sched_waking, handle_sched_waking); - attach_vector_irq(); =20 return 0; } @@ -124,14 +87,8 @@ static void disable_opid(void) { rv_this.enabled =3D 0; =20 - rv_detach_trace_probe("opid", irq_disable, handle_irq_disable); - rv_detach_trace_probe("opid", irq_enable, handle_irq_enable); - rv_detach_trace_probe("opid", irq_handler_entry, handle_irq_entry); - rv_detach_trace_probe("opid", preempt_disable, handle_preempt_disable); - rv_detach_trace_probe("opid", preempt_enable, handle_preempt_enable); rv_detach_trace_probe("opid", sched_set_need_resched_tp, handle_sched_nee= d_resched); rv_detach_trace_probe("opid", sched_waking, handle_sched_waking); - detach_vector_irq(); =20 da_monitor_destroy(); } diff --git a/kernel/trace/rv/monitors/opid/opid.h b/kernel/trace/rv/monitor= s/opid/opid.h index 092992514970..fb0aa4c28aa6 100644 --- a/kernel/trace/rv/monitors/opid/opid.h +++ b/kernel/trace/rv/monitors/opid/opid.h @@ -8,30 +8,31 @@ #define MONITOR_NAME opid =20 enum states_opid { - disabled_opid, - enabled_opid, - in_irq_opid, - irq_disabled_opid, - preempt_disabled_opid, + any_opid, state_max_opid, }; =20 #define INVALID_STATE state_max_opid =20 enum events_opid { - irq_disable_opid, - irq_enable_opid, - irq_entry_opid, - preempt_disable_opid, - preempt_enable_opid, sched_need_resched_opid, sched_waking_opid, event_max_opid, }; =20 +enum envs_opid { + irq_off_opid, + preempt_off_opid, + env_max_opid, + env_max_stored_opid =3D irq_off_opid, +}; + +_Static_assert(env_max_stored_opid <=3D MAX_HA_ENV_LEN, "Not enough slots"= ); + struct automaton_opid { char *state_names[state_max_opid]; char *event_names[event_max_opid]; + char *env_names[env_max_opid]; unsigned char function[state_max_opid][event_max_opid]; unsigned char initial_state; bool final_states[state_max_opid]; @@ -39,68 +40,19 @@ struct automaton_opid { =20 static const struct automaton_opid automaton_opid =3D { .state_names =3D { - "disabled", - "enabled", - "in_irq", - "irq_disabled", - "preempt_disabled", + "any", }, .event_names =3D { - "irq_disable", - "irq_enable", - "irq_entry", - "preempt_disable", - "preempt_enable", "sched_need_resched", "sched_waking", }, + .env_names =3D { + "irq_off", + "preempt_off", + }, .function =3D { - { - INVALID_STATE, - preempt_disabled_opid, - disabled_opid, - INVALID_STATE, - irq_disabled_opid, - disabled_opid, - disabled_opid, - }, - { - irq_disabled_opid, - INVALID_STATE, - INVALID_STATE, - preempt_disabled_opid, - enabled_opid, - INVALID_STATE, - INVALID_STATE, - }, - { - INVALID_STATE, - enabled_opid, - in_irq_opid, - INVALID_STATE, - INVALID_STATE, - in_irq_opid, - in_irq_opid, - }, - { - INVALID_STATE, - enabled_opid, - in_irq_opid, - disabled_opid, - INVALID_STATE, - irq_disabled_opid, - INVALID_STATE, - }, - { - disabled_opid, - INVALID_STATE, - INVALID_STATE, - INVALID_STATE, - enabled_opid, - INVALID_STATE, - INVALID_STATE, - }, + { any_opid, any_opid }, }, - .initial_state =3D disabled_opid, - .final_states =3D { 0, 1, 0, 0, 0 }, + .initial_state =3D any_opid, + .final_states =3D { 1 }, }; diff --git a/kernel/trace/rv/monitors/opid/opid_trace.h b/kernel/trace/rv/m= onitors/opid/opid_trace.h index 3df6ff955c30..b04005b64208 100644 --- a/kernel/trace/rv/monitors/opid/opid_trace.h +++ b/kernel/trace/rv/monitors/opid/opid_trace.h @@ -12,4 +12,8 @@ DEFINE_EVENT(event_da_monitor, event_opid, DEFINE_EVENT(error_da_monitor, error_opid, TP_PROTO(char *state, char *event), TP_ARGS(state, event)); + +DEFINE_EVENT(error_env_da_monitor, error_env_opid, + TP_PROTO(char *state, char *event, char *env), + TP_ARGS(state, event, env)); #endif /* CONFIG_RV_MON_OPID */ diff --git a/kernel/trace/rv/rv_trace.h b/kernel/trace/rv/rv_trace.h index 1661f8fe4a88..9e8072d863a2 100644 --- a/kernel/trace/rv/rv_trace.h +++ b/kernel/trace/rv/rv_trace.h @@ -62,7 +62,6 @@ DECLARE_EVENT_CLASS(error_da_monitor, #include #include #include -#include // Add new monitors based on CONFIG_DA_MON_EVENTS_IMPLICIT here =20 #ifdef CONFIG_HA_MON_EVENTS_IMPLICIT @@ -91,6 +90,7 @@ DECLARE_EVENT_CLASS(error_env_da_monitor, __get_str(env)) ); =20 +#include // Add new monitors based on CONFIG_HA_MON_EVENTS_IMPLICIT here =20 #endif diff --git a/tools/verification/models/sched/opid.dot b/tools/verification/= models/sched/opid.dot index 840052f6952b..511051fce430 100644 --- a/tools/verification/models/sched/opid.dot +++ b/tools/verification/models/sched/opid.dot @@ -1,35 +1,13 @@ digraph state_automaton { center =3D true; size =3D "7,11"; - {node [shape =3D plaintext, style=3Dinvis, label=3D""] "__init_disabled"}; - {node [shape =3D circle] "disabled"}; - {node [shape =3D doublecircle] "enabled"}; - {node [shape =3D circle] "enabled"}; - {node [shape =3D circle] "in_irq"}; - {node [shape =3D circle] "irq_disabled"}; - {node [shape =3D circle] "preempt_disabled"}; - "__init_disabled" -> "disabled"; - "disabled" [label =3D "disabled"]; - "disabled" -> "disabled" [ label =3D "sched_need_resched\nsched_waking\ni= rq_entry" ]; - "disabled" -> "irq_disabled" [ label =3D "preempt_enable" ]; - "disabled" -> "preempt_disabled" [ label =3D "irq_enable" ]; - "enabled" [label =3D "enabled", color =3D green3]; - "enabled" -> "enabled" [ label =3D "preempt_enable" ]; - "enabled" -> "irq_disabled" [ label =3D "irq_disable" ]; - "enabled" -> "preempt_disabled" [ label =3D "preempt_disable" ]; - "in_irq" [label =3D "in_irq"]; - "in_irq" -> "enabled" [ label =3D "irq_enable" ]; - "in_irq" -> "in_irq" [ label =3D "sched_need_resched\nsched_waking\nirq_e= ntry" ]; - "irq_disabled" [label =3D "irq_disabled"]; - "irq_disabled" -> "disabled" [ label =3D "preempt_disable" ]; - "irq_disabled" -> "enabled" [ label =3D "irq_enable" ]; - "irq_disabled" -> "in_irq" [ label =3D "irq_entry" ]; - "irq_disabled" -> "irq_disabled" [ label =3D "sched_need_resched" ]; - "preempt_disabled" [label =3D "preempt_disabled"]; - "preempt_disabled" -> "disabled" [ label =3D "irq_disable" ]; - "preempt_disabled" -> "enabled" [ label =3D "preempt_enable" ]; + {node [shape =3D plaintext, style=3Dinvis, label=3D""] "__init_any"}; + {node [shape =3D doublecircle] "any"}; + "__init_any" -> "any"; + "any" [label =3D "any", color =3D green3]; + "any" -> "any" [ label =3D "sched_need_resched;irq_off =3D=3D 1\nsched_wa= king;irq_off =3D=3D 1 && preempt_off =3D=3D 1" ]; { rank =3D min ; - "__init_disabled"; - "disabled"; + "__init_any"; + "any"; } } --=20 2.52.0 From nobody Fri Dec 19 07:17:15 2025 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4F819328638 for ; Fri, 5 Dec 2025 13:17:36 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.133.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1764940660; cv=none; b=j0Ysv7dqCacwDrTuJ8QopYLlH4SSx9LpwGm6C8/pWffASPBgTU1asXYVwjikdhe5oeoz1/LRM+MHXXUGmapKvZHZvINu2KW/Ol4WPw2gbxRXiG631nsDBMsAFiqftwLkKhXB3qQBM2c04rM1LNeLfN2Bt5LWZYM4DAjncMVbIrY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1764940660; c=relaxed/simple; bh=SorEftN465iALi+UJXefhW0QJmJudzL9xPrRz0QECIs=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=efAfmx/a85MPxY2SzZ0vVTU3VyGItI8VRenCeFRRdtq5paHLWhTYYElSzOuO68PXIXe6sBfzm9RVI/m03eZYgqy5KW4g9Ux+Vn0XqttPk9nngUfVgU9bLGr7Mkji2bawZp3GJcNhxDHtEILo6hdgw7HgRiL/JpVDOeReHwwL4eM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=XG3HRSWM; arc=none smtp.client-ip=170.10.133.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="XG3HRSWM" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1764940651; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=J0tKeHSR6suvMZ7mRBooRmcXR5/m7EtHU+M6mhUl95w=; b=XG3HRSWMUw8dpIVT3CThrqRpZ7WPMOo1B2SAzyRVYu4glVk4+BcSzs6Y1prVDmYICBlSlE 7EAsNzrvQ9UXrTIH9+RxNq9+YZRBYQU9rTd1F7Q6fiOug3Kk/th5OYcTRjsgA2rfdWH8uS FwoEz9Evgu32ioroyE0H6i+K9Wuz90M= Received: from mx-prod-mc-08.mail-002.prod.us-west-2.aws.redhat.com (ec2-35-165-154-97.us-west-2.compute.amazonaws.com [35.165.154.97]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-538-WkYDEsGfMviznpfRFFiR-g-1; Fri, 05 Dec 2025 08:17:27 -0500 X-MC-Unique: WkYDEsGfMviznpfRFFiR-g-1 X-Mimecast-MFC-AGG-ID: WkYDEsGfMviznpfRFFiR-g_1764940646 Received: from mx-prod-int-08.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-08.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.111]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-08.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 8F89918002C1; Fri, 5 Dec 2025 13:17:25 +0000 (UTC) Received: from gmonaco-thinkpadt14gen3.rmtit.csb (unknown [10.45.226.23]) by mx-prod-int-08.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id 6D441180045B; Fri, 5 Dec 2025 13:17:19 +0000 (UTC) From: Gabriele Monaco To: linux-kernel@vger.kernel.org, Steven Rostedt , Nam Cao , Ingo Molnar , Peter Zijlstra Cc: Gabriele Monaco , Tomas Glozar , Juri Lelli , Clark Williams , John Kacur , linux-trace-kernel@vger.kernel.org Subject: [PATCH v3 08/13] sched: Export hidden tracepoints to modules Date: Fri, 5 Dec 2025 14:16:16 +0100 Message-ID: <20251205131621.135513-9-gmonaco@redhat.com> In-Reply-To: <20251205131621.135513-1-gmonaco@redhat.com> References: <20251205131621.135513-1-gmonaco@redhat.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.111 Content-Type: text/plain; charset="utf-8" The tracepoints sched_entry, sched_exit and sched_set_need_resched are not exported to tracefs as trace events, this allows only kernel code to access them. Helper modules like [1] can be used to still have the tracepoints available to ftrace for debugging purposes, but they do rely on the tracepoints being exported. Export the 3 not exported tracepoints. Note that sched_set_state is already exported as the macro is called from modules. [1] - https://github.com/qais-yousef/sched_tp.git Signed-off-by: Gabriele Monaco Reviewed-by: Phil Auld --- kernel/sched/core.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/kernel/sched/core.c b/kernel/sched/core.c index 41ba0be16911..5516778c19eb 100644 --- a/kernel/sched/core.c +++ b/kernel/sched/core.c @@ -119,6 +119,9 @@ EXPORT_TRACEPOINT_SYMBOL_GPL(sched_util_est_cfs_tp); EXPORT_TRACEPOINT_SYMBOL_GPL(sched_util_est_se_tp); EXPORT_TRACEPOINT_SYMBOL_GPL(sched_update_nr_running_tp); EXPORT_TRACEPOINT_SYMBOL_GPL(sched_compute_energy_tp); +EXPORT_TRACEPOINT_SYMBOL_GPL(sched_entry_tp); +EXPORT_TRACEPOINT_SYMBOL_GPL(sched_exit_tp); +EXPORT_TRACEPOINT_SYMBOL_GPL(sched_set_need_resched_tp); =20 DEFINE_PER_CPU_SHARED_ALIGNED(struct rq, runqueues); DEFINE_PER_CPU(struct rnd_state, sched_rnd_state); --=20 2.52.0 From nobody Fri Dec 19 07:17:15 2025 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6A90831327F for ; Fri, 5 Dec 2025 13:17:43 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.133.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1764940668; cv=none; b=Bs0AGWzhnUlUdNmMf1M1O1CGk2WnYKkVVr/44EJv7OEHbeXfXaUqJDbLzcn49RXYqKOwCx3y12Wf/UIpFfnwiCjYcxAuvvckpzBWctkkXem69kWnOdka0HkDqeGLfbDrr03l4zn9OxB1sc+ZSnbtUJIBvCQ33YEwtoH3h09CbCY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1764940668; c=relaxed/simple; bh=qyVVzKDuMAKpPvfsvjIAbJrM0jyXjXukEt2k97VSu34=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=CCPnO/tYH5jhDXO/CasSQG8K1k11D+pFXPvxI7SfCeNma5hmy+AyKmR+LyEZSejtQipOeKOx1TGcWUMebAvBb8sZRbjZ4o2YQFGoIQHF0tQ6b+vw2gRQqmK+P9qb/8PEyJPHThi5HV+sEWO3A0ihLXGWy8uiELPaJaJ8guO3Yuo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=Z2wfN4R/; arc=none smtp.client-ip=170.10.133.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="Z2wfN4R/" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1764940657; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=HlhulN7DQPy6mdgynlshgNmSXZVBLh8VXkAgCCcFeJA=; b=Z2wfN4R/hURwCnX09lqvHtsDqhctw1OHWPkdBWxEgIju4YMFWfiQcARqyugkmqXu6HtYcM NwHT6s+Eaaaum0cjFyB6RqOAFoyjZxkHyo4YaXger7wnpFAfrrDp/4Fx8dWxhZGEDClONI VSjd49/gbYhb0ZezMdf6/f0zJXEZcsI= Received: from mx-prod-mc-05.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-630-p-Dk8quHO3uqm0PNPWExmg-1; Fri, 05 Dec 2025 08:17:34 -0500 X-MC-Unique: p-Dk8quHO3uqm0PNPWExmg-1 X-Mimecast-MFC-AGG-ID: p-Dk8quHO3uqm0PNPWExmg_1764940652 Received: from mx-prod-int-08.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-08.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.111]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-05.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 1E8D5195608D; Fri, 5 Dec 2025 13:17:32 +0000 (UTC) Received: from gmonaco-thinkpadt14gen3.rmtit.csb (unknown [10.45.226.23]) by mx-prod-int-08.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id EE966180044F; Fri, 5 Dec 2025 13:17:26 +0000 (UTC) From: Gabriele Monaco To: linux-kernel@vger.kernel.org, Steven Rostedt , Nam Cao , Masami Hiramatsu , Ingo Molnar , Peter Zijlstra , linux-trace-kernel@vger.kernel.org Cc: Gabriele Monaco , Tomas Glozar , Juri Lelli , Clark Williams , John Kacur Subject: [PATCH v3 09/13] sched: Add deadline tracepoints Date: Fri, 5 Dec 2025 14:16:17 +0100 Message-ID: <20251205131621.135513-10-gmonaco@redhat.com> In-Reply-To: <20251205131621.135513-1-gmonaco@redhat.com> References: <20251205131621.135513-1-gmonaco@redhat.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.111 Content-Type: text/plain; charset="utf-8" Add the following tracepoints: * sched_dl_throttle(dl_se, cpu): Called when a deadline entity is throttled * sched_dl_replenish(dl_se, cpu): Called when a deadline entity's runtime is replenished * sched_dl_server_start(dl_se, cpu): Called when a deadline server is started * sched_dl_server_stop(dl_se, cpu): Called when a deadline server is stopped Those tracepoints can be useful to validate the deadline scheduler with RV and are not exported to tracefs. Signed-off-by: Gabriele Monaco Reviewed-by: Phil Auld --- Notes: V3: * Rename dl argument to dl_se in tracepoints include/trace/events/sched.h | 16 ++++++++++++++++ kernel/sched/core.c | 4 ++++ kernel/sched/deadline.c | 7 +++++++ 3 files changed, 27 insertions(+) diff --git a/include/trace/events/sched.h b/include/trace/events/sched.h index 7b2645b50e78..366b2e8ec40c 100644 --- a/include/trace/events/sched.h +++ b/include/trace/events/sched.h @@ -896,6 +896,22 @@ DECLARE_TRACE(sched_set_need_resched, TP_PROTO(struct task_struct *tsk, int cpu, int tif), TP_ARGS(tsk, cpu, tif)); =20 +DECLARE_TRACE(sched_dl_throttle, + TP_PROTO(struct sched_dl_entity *dl_se, int cpu), + TP_ARGS(dl_se, cpu)); + +DECLARE_TRACE(sched_dl_replenish, + TP_PROTO(struct sched_dl_entity *dl_se, int cpu), + TP_ARGS(dl_se, cpu)); + +DECLARE_TRACE(sched_dl_server_start, + TP_PROTO(struct sched_dl_entity *dl_se, int cpu), + TP_ARGS(dl_se, cpu)); + +DECLARE_TRACE(sched_dl_server_stop, + TP_PROTO(struct sched_dl_entity *dl_se, int cpu), + TP_ARGS(dl_se, cpu)); + #endif /* _TRACE_SCHED_H */ =20 /* This part must be outside protection */ diff --git a/kernel/sched/core.c b/kernel/sched/core.c index 5516778c19eb..3aed0ed6f2e9 100644 --- a/kernel/sched/core.c +++ b/kernel/sched/core.c @@ -122,6 +122,10 @@ EXPORT_TRACEPOINT_SYMBOL_GPL(sched_compute_energy_tp); EXPORT_TRACEPOINT_SYMBOL_GPL(sched_entry_tp); EXPORT_TRACEPOINT_SYMBOL_GPL(sched_exit_tp); EXPORT_TRACEPOINT_SYMBOL_GPL(sched_set_need_resched_tp); +EXPORT_TRACEPOINT_SYMBOL_GPL(sched_dl_throttle_tp); +EXPORT_TRACEPOINT_SYMBOL_GPL(sched_dl_replenish_tp); +EXPORT_TRACEPOINT_SYMBOL_GPL(sched_dl_server_start_tp); +EXPORT_TRACEPOINT_SYMBOL_GPL(sched_dl_server_stop_tp); =20 DEFINE_PER_CPU_SHARED_ALIGNED(struct rq, runqueues); DEFINE_PER_CPU(struct rnd_state, sched_rnd_state); diff --git a/kernel/sched/deadline.c b/kernel/sched/deadline.c index 319439fe1870..2192e9f42e02 100644 --- a/kernel/sched/deadline.c +++ b/kernel/sched/deadline.c @@ -733,6 +733,7 @@ static inline void replenish_dl_new_period(struct sched= _dl_entity *dl_se, dl_se->dl_throttled =3D 1; dl_se->dl_defer_armed =3D 1; } + trace_sched_dl_replenish_tp(dl_se, cpu_of(rq)); } =20 /* @@ -850,6 +851,8 @@ static void replenish_dl_entity(struct sched_dl_entity = *dl_se) if (dl_se->dl_throttled) dl_se->dl_throttled =3D 0; =20 + trace_sched_dl_replenish_tp(dl_se, cpu_of(rq)); + /* * If this is the replenishment of a deferred reservation, * clear the flag and return. @@ -1341,6 +1344,7 @@ static inline void dl_check_constrained_dl(struct sch= ed_dl_entity *dl_se) dl_time_before(rq_clock(rq), dl_next_period(dl_se))) { if (unlikely(is_dl_boosted(dl_se) || !start_dl_timer(dl_se))) return; + trace_sched_dl_throttle_tp(dl_se, cpu_of(rq)); dl_se->dl_throttled =3D 1; if (dl_se->runtime > 0) dl_se->runtime =3D 0; @@ -1504,6 +1508,7 @@ static void update_curr_dl_se(struct rq *rq, struct s= ched_dl_entity *dl_se, s64 =20 throttle: if (dl_runtime_exceeded(dl_se) || dl_se->dl_yielded) { + trace_sched_dl_throttle_tp(dl_se, cpu_of(rq)); dl_se->dl_throttled =3D 1; =20 /* If requested, inform the user about runtime overruns. */ @@ -1795,6 +1800,7 @@ void dl_server_start(struct sched_dl_entity *dl_se) if (WARN_ON_ONCE(!cpu_online(cpu_of(rq)))) return; =20 + trace_sched_dl_server_start_tp(dl_se, cpu_of(rq)); dl_se->dl_server_active =3D 1; enqueue_dl_entity(dl_se, ENQUEUE_WAKEUP); if (!dl_task(dl_se->rq->curr) || dl_entity_preempt(dl_se, &rq->curr->dl)) @@ -1806,6 +1812,7 @@ void dl_server_stop(struct sched_dl_entity *dl_se) if (!dl_server(dl_se) || !dl_server_active(dl_se)) return; =20 + trace_sched_dl_server_stop_tp(dl_se, cpu_of(dl_se->rq)); dequeue_dl_entity(dl_se, DEQUEUE_SLEEP); hrtimer_try_to_cancel(&dl_se->dl_timer); dl_se->dl_defer_armed =3D 0; --=20 2.52.0 From nobody Fri Dec 19 07:17:15 2025 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8F6D1330B06 for ; Fri, 5 Dec 2025 13:17:44 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.129.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1764940671; cv=none; b=Ha7Xqt/axJjdAE2qBtCbRkC/H5vS45ARTcnm/50kJvCp3fE4loBi5Dwr/pmd8jrMphqdEItyMzC71XWhG9PE9TXzMkGatfIG1vduwDM5GM4akKokB0FOVv0EXHMUJKC4RA2/Fs9EKIVGC+H9BpneK+dfeCmg+FM6xeOLxOmFBnA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1764940671; c=relaxed/simple; bh=DADXSEOcaK7LeVs5YtbbUtU17rf997ocYUYQI1LFs2Y=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=JC9GLLuypgdSflgQRYXBxJmtALAf+9kNGpLFQMMH9mkqLBuFc+nHj+CUT7/BumOZFkNNTEHa10Jo4LBmUG1EfzFA+UKG9kG4WL1tbfNYSQGx7lNEtOX9/3jSMHSlebY9kuX/CyWM5ruTpel/20y/Z3gqbO+EDJpODaYdH1JCWSc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=c+hvLT2a; arc=none smtp.client-ip=170.10.129.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="c+hvLT2a" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1764940662; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=SMVmuzJXyUPBkyY/SPkNB8rnO659ATiXpINNXl4cPfo=; b=c+hvLT2aQKkr6MnKP0t24rTig+4XN8gsxbfLOXG6Jrb03f7Pg7iAAVRkNv+zWKh90ZpBl7 OY2ezM3+qxcA8zfSWuHtqJal4im9MZbI1U5nGdtwZlgekbGFgL+TNDRNmYegeC6bU+zXdW L9Z9VmnAAw0n+duUpkGo+zwtzH2CAF8= Received: from mx-prod-mc-05.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-455-DXANc_2bM7WE6rjpCj6_CA-1; Fri, 05 Dec 2025 08:17:38 -0500 X-MC-Unique: DXANc_2bM7WE6rjpCj6_CA-1 X-Mimecast-MFC-AGG-ID: DXANc_2bM7WE6rjpCj6_CA_1764940658 Received: from mx-prod-int-08.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-08.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.111]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-05.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id E52AD19560B4; Fri, 5 Dec 2025 13:17:37 +0000 (UTC) Received: from gmonaco-thinkpadt14gen3.rmtit.csb (unknown [10.45.226.23]) by mx-prod-int-08.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id 9B0F4180044F; Fri, 5 Dec 2025 13:17:33 +0000 (UTC) From: Gabriele Monaco To: linux-kernel@vger.kernel.org, Steven Rostedt , Nam Cao , Gabriele Monaco , linux-trace-kernel@vger.kernel.org Cc: Tomas Glozar , Juri Lelli , Clark Williams , John Kacur Subject: [PATCH v3 10/13] rv: Add support for per-object monitors in DA/HA Date: Fri, 5 Dec 2025 14:16:18 +0100 Message-ID: <20251205131621.135513-11-gmonaco@redhat.com> In-Reply-To: <20251205131621.135513-1-gmonaco@redhat.com> References: <20251205131621.135513-1-gmonaco@redhat.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.111 Content-Type: text/plain; charset="utf-8" RV deterministic and hybrid automata currently only support global, per-cpu and per-task monitors. It isn't possible to write a model that would follow some different type of object, like a deadline entity or a lock. Define the generic per-object monitor implementation which shares part of the implementation with the per-task monitors. The user needs to provide an id for the object (e.g. pid for tasks) and define the data type for the monitor_target (e.g. struct task_struct * for tasks). Both are supplied to the event handlers, as the id may not be easily available in the target. The monitor storage (e.g. the rv monitor, pointer to the target, etc.) is stored in a hash table indexed by id. Monitor storage objects are automatically allocated unless specified otherwise (e.g. if the creation context is unsafe for allocation). Signed-off-by: Gabriele Monaco Reviewed-by: Nam Cao --- Notes: V3: * Use kmalloc_nolock for per-obj storage allocation * Improve function name consistency include/linux/rv.h | 1 + include/rv/da_monitor.h | 300 +++++++++++++++++++++++++++++++++++++++- include/rv/ha_monitor.h | 5 +- 3 files changed, 300 insertions(+), 6 deletions(-) diff --git a/include/linux/rv.h b/include/linux/rv.h index 0aef9e3c785c..541ba404926a 100644 --- a/include/linux/rv.h +++ b/include/linux/rv.h @@ -13,6 +13,7 @@ #define RV_MON_GLOBAL 0 #define RV_MON_PER_CPU 1 #define RV_MON_PER_TASK 2 +#define RV_MON_PER_OBJ 3 =20 #ifdef CONFIG_RV #include diff --git a/include/rv/da_monitor.h b/include/rv/da_monitor.h index 4d0f9fb60e3c..6830b5d6f34a 100644 --- a/include/rv/da_monitor.h +++ b/include/rv/da_monitor.h @@ -19,6 +19,8 @@ #include #include #include +#include +#include =20 static struct rv_monitor rv_this; =20 @@ -51,6 +53,9 @@ static struct rv_monitor rv_this; =20 /* * Type for the target id, default to int but can be overridden. + * A long type can work as hash table key (PER_OBJ) but will be downgraded= to + * int in the event tracepoint. + * Unused for implicit monitors. */ #ifndef da_id_type #define da_id_type int @@ -239,9 +244,9 @@ static inline struct da_monitor *da_get_monitor(struct = task_struct *tsk) } =20 /* - * da_get_task - return the task associated to the monitor + * da_get_target - return the task associated to the monitor */ -static inline struct task_struct *da_get_task(struct da_monitor *da_mon) +static inline struct task_struct *da_get_target(struct da_monitor *da_mon) { return container_of(da_mon, struct task_struct, rv[task_mon_slot].da_mon); } @@ -253,7 +258,7 @@ static inline struct task_struct *da_get_task(struct da= _monitor *da_mon) */ static inline da_id_type da_get_id(struct da_monitor *da_mon) { - return da_get_task(da_mon)->pid; + return da_get_target(da_mon)->pid; } =20 static void da_monitor_reset_all(void) @@ -303,6 +308,221 @@ static inline void da_monitor_destroy(void) =20 da_monitor_reset_all(); } + +#elif RV_MON_TYPE =3D=3D RV_MON_PER_OBJ +/* + * Functions to define, init and get a per-object monitor. + */ + +struct da_monitor_storage { + da_id_type id; + monitor_target target; + union rv_task_monitor rv; + struct hlist_node node; + struct rcu_head rcu; +}; + +#ifndef DA_MONITOR_HT_BITS +#define DA_MONITOR_HT_BITS 10 +#endif +static DEFINE_HASHTABLE(da_monitor_ht, DA_MONITOR_HT_BITS); + +/* + * da_create_empty_storage - pre-allocate an empty storage + */ +static inline struct da_monitor_storage *da_create_empty_storage(da_id_typ= e id) +{ + struct da_monitor_storage *mon_storage; + + mon_storage =3D kmalloc_nolock(sizeof(struct da_monitor_storage), + __GFP_ZERO, NUMA_NO_NODE); + if (!mon_storage) + return NULL; + + hash_add_rcu(da_monitor_ht, &mon_storage->node, id); + mon_storage->id =3D id; + return mon_storage; +} + +/* + * da_create_storage - create the per-object storage + * + * The caller is responsible to synchronise writers, either with locks or + * implicitly. For instance, if da_create_storage is only called from a si= ngle + * event for target (e.g. sched_switch), it's safe to call this without lo= cks. + */ +static inline struct da_monitor *da_create_storage(da_id_type id, + monitor_target target, + struct da_monitor *da_mon) +{ + struct da_monitor_storage *mon_storage; + + if (da_mon) + return da_mon; + + mon_storage =3D da_create_empty_storage(id); + if (!mon_storage) + return NULL; + + mon_storage->target =3D target; + return &mon_storage->rv.da_mon; +} + +/* + * __da_get_mon_storage - get the monitor storage from the hash table + */ +static inline struct da_monitor_storage *__da_get_mon_storage(da_id_type i= d) +{ + struct da_monitor_storage *mon_storage; + + lockdep_assert_in_rcu_read_lock(); + hash_for_each_possible_rcu(da_monitor_ht, mon_storage, node, id) { + if (mon_storage->id =3D=3D id) + return mon_storage; + } + + return NULL; +} + +/* + * da_get_monitor - return the monitor for target + */ +static struct da_monitor *da_get_monitor(da_id_type id, monitor_target tar= get) +{ + struct da_monitor_storage *mon_storage; + + mon_storage =3D __da_get_mon_storage(id); + return mon_storage ? &mon_storage->rv.da_mon : NULL; +} + +/* + * da_get_target - return the object associated to the monitor + */ +static inline monitor_target da_get_target(struct da_monitor *da_mon) +{ + return container_of(da_mon, struct da_monitor_storage, rv.da_mon)->target; +} + +/* + * da_get_id - return the id associated to the monitor + */ +static inline da_id_type da_get_id(struct da_monitor *da_mon) +{ + return container_of(da_mon, struct da_monitor_storage, rv.da_mon)->id; +} + +/* + * da_create_or_get - create the per-object storage if not already there + * + * This needs a lookup so should be guarded by RCU, the condition is check= ed + * directly in da_create_storage() + */ +static inline void da_create_or_get(da_id_type id, monitor_target target) +{ + guard(rcu)(); + da_create_storage(id, target, da_get_monitor(id, target)); +} + +/* + * da_fill_empty_storage - store the target in a pre-allocated storage + * + * Can be used as a substitute of da_create_storage when starting a monito= r in + * an environment where allocation is unsafe. + */ +static inline struct da_monitor *da_fill_empty_storage(da_id_type id, + monitor_target target, + struct da_monitor *da_mon) +{ + if (unlikely(da_mon && !da_get_target(da_mon))) + container_of(da_mon, struct da_monitor_storage, rv.da_mon)->target =3D t= arget; + return da_mon; +} + +/* + * da_get_target_by_id - return the object associated to the id + */ +static inline monitor_target da_get_target_by_id(da_id_type id) +{ + struct da_monitor_storage *mon_storage; + + guard(rcu)(); + mon_storage =3D __da_get_mon_storage(id); + + if (unlikely(!mon_storage)) + return NULL; + return mon_storage->target; +} + +/* + * da_destroy_storage - destroy the per-object storage + * + * The caller is responsible to synchronise writers, either with locks or + * implicitly. For instance, if da_destroy_storage is called at sched_exit= and + * da_create_storage can never occur after that, it's safe to call this wi= thout + * locks. + * This function includes an RCU read-side critical section to synchronise + * against da_monitor_destroy(). + */ +static inline void da_destroy_storage(da_id_type id) +{ + struct da_monitor_storage *mon_storage; + + guard(rcu)(); + mon_storage =3D __da_get_mon_storage(id); + + if (!mon_storage) + return; + da_monitor_reset_hook(&mon_storage->rv.da_mon); + hash_del_rcu(&mon_storage->node); + kfree_rcu(mon_storage, rcu); +} + +static void da_monitor_reset_all(void) +{ + struct da_monitor_storage *mon_storage; + int bkt; + + rcu_read_lock(); + hash_for_each_rcu(da_monitor_ht, bkt, mon_storage, node) + da_monitor_reset(&mon_storage->rv.da_mon); + rcu_read_unlock(); +} + +static inline int da_monitor_init(void) +{ + hash_init(da_monitor_ht); + return 0; +} + +static inline void da_monitor_destroy(void) +{ + struct da_monitor_storage *mon_storage; + struct hlist_node *tmp; + int bkt; + + /* + * This function is called after all probes are disabled, we need only + * worry about concurrency against old events. + */ + synchronize_rcu(); + hash_for_each_safe(da_monitor_ht, bkt, tmp, mon_storage, node) { + da_monitor_reset_hook(&mon_storage->rv.da_mon); + hash_del_rcu(&mon_storage->node); + kfree(mon_storage); + } +} + +/* + * Allow the per-object monitors to run allocation manually, necessary if = the + * start condition is in a context problematic for allocation (e.g. schedu= ling). + * In such case, if the storage was pre-allocated without a target, set it= now. + */ +#ifdef DA_SKIP_AUTO_ALLOC +#define da_prepare_storage da_fill_empty_storage +#else +#define da_prepare_storage da_create_storage +#endif /* DA_SKIP_AUTO_ALLOC */ + #endif /* RV_MON_TYPE */ =20 #if RV_MON_TYPE =3D=3D RV_MON_GLOBAL || RV_MON_TYPE =3D=3D RV_MON_PER_CPU @@ -336,9 +556,9 @@ static inline da_id_type da_get_id(struct da_monitor *d= a_mon) return 0; } =20 -#elif RV_MON_TYPE =3D=3D RV_MON_PER_TASK +#elif RV_MON_TYPE =3D=3D RV_MON_PER_TASK || RV_MON_TYPE =3D=3D RV_MON_PER_= OBJ /* - * Trace events for per_task monitors, report the PID of the task. + * Trace events for per_task/per_object monitors, report the target id. */ =20 static inline void da_trace_event(struct da_monitor *da_mon, @@ -519,6 +739,76 @@ static inline bool da_handle_start_run_event(struct ta= sk_struct *tsk, { return __da_handle_start_run_event(da_get_monitor(tsk), event, tsk->pid); } + +#elif RV_MON_TYPE =3D=3D RV_MON_PER_OBJ +/* + * Handle event for per object. + */ + +/* + * da_handle_event - handle an event + */ +static inline void da_handle_event(da_id_type id, monitor_target target, e= num events event) +{ + struct da_monitor *da_mon; + + guard(rcu)(); + da_mon =3D da_get_monitor(id, target); + if (likely(da_mon)) + __da_handle_event(da_mon, event, id); +} + +/* + * da_handle_start_event - start monitoring or handle event + * + * This function is used to notify the monitor that the system is returning + * to the initial state, so the monitor can start monitoring in the next e= vent. + * Thus: + * + * If the monitor already started, handle the event. + * If the monitor did not start yet, start the monitor but skip the event. + */ +static inline bool da_handle_start_event(da_id_type id, monitor_target tar= get, + enum events event) +{ + struct da_monitor *da_mon; + + guard(rcu)(); + da_mon =3D da_get_monitor(id, target); + da_mon =3D da_prepare_storage(id, target, da_mon); + if (unlikely(!da_mon)) + return 0; + return __da_handle_start_event(da_mon, event, id); +} + +/* + * da_handle_start_run_event - start monitoring and handle event + * + * This function is used to notify the monitor that the system is in the + * initial state, so the monitor can start monitoring and handling event. + */ +static inline bool da_handle_start_run_event(da_id_type id, monitor_target= target, + enum events event) +{ + struct da_monitor *da_mon; + + guard(rcu)(); + da_mon =3D da_get_monitor(id, target); + da_mon =3D da_prepare_storage(id, target, da_mon); + if (unlikely(!da_mon)) + return 0; + return __da_handle_start_run_event(da_mon, event, id); +} + +static inline void da_reset(da_id_type id, monitor_target target) +{ + struct da_monitor *da_mon; + + guard(rcu)(); + da_mon =3D da_get_monitor(id, target); + if (likely(da_mon)) + da_monitor_reset(da_mon); +} #endif /* RV_MON_TYPE */ =20 #endif diff --git a/include/rv/ha_monitor.h b/include/rv/ha_monitor.h index c8a434cb46ac..047059e54ae8 100644 --- a/include/rv/ha_monitor.h +++ b/include/rv/ha_monitor.h @@ -191,7 +191,10 @@ static inline void ha_trace_error_env(struct ha_monito= r *ha_mon, { CONCATENATE(trace_error_env_, MONITOR_NAME)(curr_state, event, env); } -#elif RV_MON_TYPE =3D=3D RV_MON_PER_TASK +#elif RV_MON_TYPE =3D=3D RV_MON_PER_TASK || RV_MON_TYPE =3D=3D RV_MON_PER_= OBJ + +#define ha_get_target(ha_mon) da_get_target(&ha_mon->da_mon) + static inline void ha_trace_error_env(struct ha_monitor *ha_mon, char *curr_state, char *event, char *env, da_id_type id) --=20 2.52.0 From nobody Fri Dec 19 07:17:15 2025 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B5C39331A5E for ; Fri, 5 Dec 2025 13:17:53 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.129.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1764940682; cv=none; b=PBP6N+ieTsG90U468s3ZP+uTUE90VtjcuCDutuCS9fS3KBpRZYA22PMOb/SRlwOQDAzDdieluv+MMbNobsfPCsjHhE4SmSY2vLm5EgWLYmMyTfngiO8xIzFrL53K2l1GAwmvjLlV0K0Av/nzXALpXZkRGUM+5yBK3JMt1eS3DHA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1764940682; c=relaxed/simple; bh=BjyFbWOLnAMDRRTwhFDhqlbnNvzF0hdM49UKapjXlbA=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=J3shuudr/PsvU2OYbhD4dg/WY2f1OXFuE6AtqImz3AWb8ylF5XZCsvVExTOrW0cyrOXEby352SKg0uG5AoPtA15dZoAp86aGrr+sH+CfEwN68kO3xLXVOyzWDQiFstuALvQ12e7RckwadIVKO5ptjTfiNbIu+fJ2A7Usy8egEUA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=Jj6BNpCy; arc=none smtp.client-ip=170.10.129.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="Jj6BNpCy" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1764940667; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=dAoPUIzAik8RD9AhaF+rfLnULWVNshaDs6FrjHeeJZM=; b=Jj6BNpCyy1O6sxTFrzu5x2hxZjtGTykUlobQYM8z0OAohfYGTcwWBQW8VZGLmnoSa8443K +LH//3b044C2TWzd7DaHUm9ohX855g7Hu/TQMQMPIld2MHJXTzsMMvHqlt006WDTZwbcYO 27sUVGJeloN0lQKVW56okX1BkzYnhFA= Received: from mx-prod-mc-08.mail-002.prod.us-west-2.aws.redhat.com (ec2-35-165-154-97.us-west-2.compute.amazonaws.com [35.165.154.97]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-235-iUv49K3YOrCXth5IBRTioA-1; Fri, 05 Dec 2025 08:17:43 -0500 X-MC-Unique: iUv49K3YOrCXth5IBRTioA-1 X-Mimecast-MFC-AGG-ID: iUv49K3YOrCXth5IBRTioA_1764940663 Received: from mx-prod-int-08.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-08.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.111]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-08.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id EFF1E18002DE; Fri, 5 Dec 2025 13:17:42 +0000 (UTC) Received: from gmonaco-thinkpadt14gen3.rmtit.csb (unknown [10.45.226.23]) by mx-prod-int-08.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id 2796D180029B; Fri, 5 Dec 2025 13:17:38 +0000 (UTC) From: Gabriele Monaco To: linux-kernel@vger.kernel.org, Steven Rostedt , Nam Cao , Gabriele Monaco , linux-trace-kernel@vger.kernel.org Cc: Tomas Glozar , Juri Lelli , Clark Williams , John Kacur Subject: [PATCH v3 11/13] verification/rvgen: Add support for per-obj monitors Date: Fri, 5 Dec 2025 14:16:19 +0100 Message-ID: <20251205131621.135513-12-gmonaco@redhat.com> In-Reply-To: <20251205131621.135513-1-gmonaco@redhat.com> References: <20251205131621.135513-1-gmonaco@redhat.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.111 Content-Type: text/plain; charset="utf-8" The special per-object monitor type was just introduced in RV, this requires the user to define some functions and type specific to the object. Adapt rvgen to add stub definitions for the monitor_target type and other modifications required to create per-object monitors. Reviewed-by: Nam Cao Signed-off-by: Gabriele Monaco --- Notes: V3: * Add _is_id_monitor() in dot2k to handle per-obj together with per-task tools/verification/rvgen/rvgen/dot2k.py | 17 +++++++++++++---- tools/verification/rvgen/rvgen/generator.py | 2 +- 2 files changed, 14 insertions(+), 5 deletions(-) diff --git a/tools/verification/rvgen/rvgen/dot2k.py b/tools/verification/r= vgen/rvgen/dot2k.py index e72369ec1ad7..42111b477847 100644 --- a/tools/verification/rvgen/rvgen/dot2k.py +++ b/tools/verification/rvgen/rvgen/dot2k.py @@ -27,6 +27,8 @@ class dot2k(Monitor, Dot2c): def fill_monitor_type(self) -> str: buff =3D [ self.monitor_type.upper() ] buff +=3D self._fill_timer_type() + if self.monitor_type =3D=3D "per_obj": + buff.append("typedef /* XXX: define the target type */ *monito= r_target;") return "\n".join(buff) =20 def fill_tracepoint_handlers_skel(self) -> str: @@ -45,6 +47,10 @@ class dot2k(Monitor, Dot2c): if self.monitor_type =3D=3D "per_task": buff.append("\tstruct task_struct *p =3D /* XXX: how do I = get p? */;"); buff.append("\tda_%s(p, %s%s);" % (handle, event, self.enu= m_suffix)); + elif self.monitor_type =3D=3D "per_obj": + buff.append("\tint id =3D /* XXX: how do I get the id? */;= "); + buff.append("\tmonitor_target t =3D /* XXX: how do I get t= ? */;"); + buff.append("\tda_%s(id, t, %s%s);" % (handle, event, self= .enum_suffix)); else: buff.append("\tda_%s(%s%s);" % (handle, event, self.enum_s= uffix)); buff.append("}") @@ -92,13 +98,16 @@ class dot2k(Monitor, Dot2c): =20 return '\n'.join(buff) =20 + def _is_id_monitor(self) -> bool: + return self.monitor_type in ("per_task", "per_obj") + def fill_monitor_class_type(self) -> str: - if self.monitor_type =3D=3D "per_task": + if self._is_id_monitor(): return "DA_MON_EVENTS_ID" return "DA_MON_EVENTS_IMPLICIT" =20 def fill_monitor_class(self) -> str: - if self.monitor_type =3D=3D "per_task": + if self._is_id_monitor(): return "da_monitor_id" return "da_monitor" =20 @@ -122,7 +131,7 @@ class dot2k(Monitor, Dot2c): } tp_args_id =3D ("int ", "id") tp_args =3D tp_args_dict[tp_type] - if self.monitor_type =3D=3D "per_task": + if self._is_id_monitor(): tp_args.insert(0, tp_args_id) tp_proto_c =3D ", ".join([a+b for a,b in tp_args]) tp_args_c =3D ", ".join([b for a,b in tp_args]) @@ -169,7 +178,7 @@ class ha2k(dot2k): self.__parse_constraints() =20 def fill_monitor_class_type(self) -> str: - if self.monitor_type =3D=3D "per_task": + if self._is_id_monitor(): return "HA_MON_EVENTS_ID" return "HA_MON_EVENTS_IMPLICIT" =20 diff --git a/tools/verification/rvgen/rvgen/generator.py b/tools/verificati= on/rvgen/rvgen/generator.py index b80af3fd6701..5eac12e110dc 100644 --- a/tools/verification/rvgen/rvgen/generator.py +++ b/tools/verification/rvgen/rvgen/generator.py @@ -243,7 +243,7 @@ obj-$(CONFIG_RV_MON_%s) +=3D monitors/%s/%s.o =20 =20 class Monitor(RVGenerator): - monitor_types =3D { "global" : 1, "per_cpu" : 2, "per_task" : 3 } + monitor_types =3D { "global" : 1, "per_cpu" : 2, "per_task" : 3, "per_= obj" : 4 } =20 def __init__(self, extra_params=3D{}): super().__init__(extra_params) --=20 2.52.0 From nobody Fri Dec 19 07:17:15 2025 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id AF77932ED56 for ; Fri, 5 Dec 2025 13:18:05 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.129.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1764940692; cv=none; b=tEmCxouEArd/1pdGLW1qW+rB/Qel5ppsdw4fCRoQxecNOFd7oM7EzdMi3+wvGv2plr005TREorZ5DUNW8ZZkP4EvVsIK04EA0+w1PX7aDetQ86nZE1Ft6libHVWiKeS14OxNyfUONQIlrD9Hog88ftO7zWoYVXL3CySDip27mZM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1764940692; c=relaxed/simple; bh=V77/sMTswIzAdIinXAUim4qkMKidiu3TrwHTQZkzI+4=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=Znz6PIcg04135zi2qSqcCCB1+i025ZFTk93Ux0h4tKHfIIC1k2KvnPOvLkyBRs8wOgxV/hO381ZkUtLDGFgthUFCJhOFEQBD6Lajba/UXD6rnT75XFDUt/lfRRgkj5UOz5yKP/8xDh0VvihqyeDfve4HfUYZI7WEtslNUlSqCRU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=cCjuApPD; arc=none smtp.client-ip=170.10.129.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="cCjuApPD" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1764940677; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=yrZ0TmfJm7XIEY36T1h1wc31tcVb4lhZdMxv3QsGEm4=; b=cCjuApPD8m6snk7CbeYDYwiFfWoCXpQ8vfsjiGKmUS5JnOmYtDlLalUtvr7hdYRhTcJdpr 6wLTvXcuRg77rm0kO7wQjoc/n04qoVFYJB90Xdc2pjdma/trtxKDQf/FnqOr+AxCbM1jGs bAv8uJzUQVwim58b1QzDGBR3B4nbxiQ= Received: from mx-prod-mc-01.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-49-bLjv2s4EPeaCu-z53OCzcA-1; Fri, 05 Dec 2025 08:17:54 -0500 X-MC-Unique: bLjv2s4EPeaCu-z53OCzcA-1 X-Mimecast-MFC-AGG-ID: bLjv2s4EPeaCu-z53OCzcA_1764940672 Received: from mx-prod-int-08.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-08.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.111]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-01.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 60B991956051; Fri, 5 Dec 2025 13:17:52 +0000 (UTC) Received: from gmonaco-thinkpadt14gen3.rmtit.csb (unknown [10.45.226.23]) by mx-prod-int-08.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id 82F92180044F; Fri, 5 Dec 2025 13:17:46 +0000 (UTC) From: Gabriele Monaco To: linux-kernel@vger.kernel.org, Steven Rostedt , Nam Cao , Gabriele Monaco , Jonathan Corbet , Masami Hiramatsu , linux-trace-kernel@vger.kernel.org, linux-doc@vger.kernel.org Cc: Tomas Glozar , Juri Lelli , Clark Williams , John Kacur Subject: [PATCH v3 12/13] rv: Add deadline monitors Date: Fri, 5 Dec 2025 14:16:20 +0100 Message-ID: <20251205131621.135513-13-gmonaco@redhat.com> In-Reply-To: <20251205131621.135513-1-gmonaco@redhat.com> References: <20251205131621.135513-1-gmonaco@redhat.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.111 Content-Type: text/plain; charset="utf-8" Add the deadline monitors collection to validate the deadline scheduler, both for deadline tasks and servers. The currently implemented monitors are: * throttle: validate dl entities are throttled when they use up their runtime * nomiss: validate dl entities run to completion before their deadiline Signed-off-by: Gabriele Monaco --- Notes: V3: * Adapt models to new dl server behaviour * Rename dl argument to dl_se in tracepoints * Use __COUNTER__ in dl monitor syscall helpers Documentation/trace/rv/index.rst | 1 + Documentation/trace/rv/monitor_deadline.rst | 151 +++++++++ kernel/trace/rv/Kconfig | 5 + kernel/trace/rv/Makefile | 3 + kernel/trace/rv/monitors/deadline/Kconfig | 10 + kernel/trace/rv/monitors/deadline/deadline.c | 35 +++ kernel/trace/rv/monitors/deadline/deadline.h | 203 ++++++++++++ kernel/trace/rv/monitors/nomiss/Kconfig | 15 + kernel/trace/rv/monitors/nomiss/nomiss.c | 289 ++++++++++++++++++ kernel/trace/rv/monitors/nomiss/nomiss.h | 137 +++++++++ .../trace/rv/monitors/nomiss/nomiss_trace.h | 19 ++ kernel/trace/rv/monitors/throttle/Kconfig | 15 + kernel/trace/rv/monitors/throttle/throttle.c | 248 +++++++++++++++ kernel/trace/rv/monitors/throttle/throttle.h | 116 +++++++ .../rv/monitors/throttle/throttle_trace.h | 19 ++ kernel/trace/rv/rv_trace.h | 2 + tools/verification/models/deadline/nomiss.dot | 43 +++ .../verification/models/deadline/throttle.dot | 44 +++ 18 files changed, 1355 insertions(+) create mode 100644 Documentation/trace/rv/monitor_deadline.rst create mode 100644 kernel/trace/rv/monitors/deadline/Kconfig create mode 100644 kernel/trace/rv/monitors/deadline/deadline.c create mode 100644 kernel/trace/rv/monitors/deadline/deadline.h create mode 100644 kernel/trace/rv/monitors/nomiss/Kconfig create mode 100644 kernel/trace/rv/monitors/nomiss/nomiss.c create mode 100644 kernel/trace/rv/monitors/nomiss/nomiss.h create mode 100644 kernel/trace/rv/monitors/nomiss/nomiss_trace.h create mode 100644 kernel/trace/rv/monitors/throttle/Kconfig create mode 100644 kernel/trace/rv/monitors/throttle/throttle.c create mode 100644 kernel/trace/rv/monitors/throttle/throttle.h create mode 100644 kernel/trace/rv/monitors/throttle/throttle_trace.h create mode 100644 tools/verification/models/deadline/nomiss.dot create mode 100644 tools/verification/models/deadline/throttle.dot diff --git a/Documentation/trace/rv/index.rst b/Documentation/trace/rv/inde= x.rst index bf9962f49959..29769f06bb0f 100644 --- a/Documentation/trace/rv/index.rst +++ b/Documentation/trace/rv/index.rst @@ -17,3 +17,4 @@ Runtime Verification monitor_sched.rst monitor_rtapp.rst monitor_stall.rst + monitor_deadline.rst diff --git a/Documentation/trace/rv/monitor_deadline.rst b/Documentation/tr= ace/rv/monitor_deadline.rst new file mode 100644 index 000000000000..481748adaac3 --- /dev/null +++ b/Documentation/trace/rv/monitor_deadline.rst @@ -0,0 +1,151 @@ +Scheduler monitors +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D + +- Name: deadline +- Type: container for multiple monitors +- Author: Gabriele Monaco + +Description +----------- + +The deadline monitor is a set of specifications to describe the deadline +scheduler behaviour. It includes monitors per scheduling entity (deadline = tasks +and servers) that work independently to verify different specifications the +deadline scheduler should follow. + +Specifications +-------------- + +Monitor throttle +~~~~~~~~~~~~~~~~ + +The throttle monitor ensures deadline entities are throttled when they use= up +their runtime. Deadline tasks can be only ``running``, ``preempted`` and +``throttled``, the runtime is enforced only in ``running`` based on an int= ernal +clock and the runtime value in the deadline entity. + +Servers can be also in the ``armed`` state, which corresponds to when the +server is consuming bandwidth in background (e.g. idle or normal tasks are +running without any boost). From this state the server can be throttled bu= t it +can also use more runtime than available. A server is considered ``running= `` +when it's actively boosting a task, only there the runtime is enforced. The +server is preempted if the running task is not in the server's runqueue (e= .g. a +FIFO task for the fair server). +Events like ``dl_armed`` and ``sched_switch_in`` can occur sequentially for +servers since they are related to the current task (e.g. a 2 fair tasks ca= n be +switched in sequentially, that corresponds to multiple ``dl_armed``). + +Any task or server in the ``throttled`` state must leave it shortly, e.g. +become ``preempted``:: + + | + | + dl_replenish;reset(clk) v + sched_switch_in #=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D# sched_switch_in; + +--------------- H H reset(clk) + | H H <-------------= ---+ + +--------------> H running H = | + dl_throttle;reset(clk) H clk < runtime_left_ns() H = | + +--------------------------- H H sched_switch_o= ut | + | +------------------> H H -------------+= | + | dl_replenish;reset(clk) #=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D# | | + | | | ^ |= | + v | dl_defer_arm | |= | + +-------------------------+ | | |= | + | throttled | | sched_switch_in;reset(clk) |= | + | clk < THROTTLED_TIME_NS | v | |= | + +-------------------------+ +----------------+ |= | + | | | | sched_switch_out |= | + | | +---------- | | -------------+ |= | + | | dl_replenish | armed | | |= | + | | dl_defer_arm | | <--------+ | |= | + | | +---------> | | dl_defer_arm | |= | + | | +----------------+ | | |= | + | | | ^ | | |= | + | | dl_throttle dl_replenish | | |= | + | | v | | | |= | + | | dl_defer_arm +-------------------+ | v v= | + | | +---------- | | +-----------= ---+ + | | | | | | = | + | | +---------> | armed_throttled | | preempted= | + | | | | | = | + | +-----------------> | | +-----------= ---+ + | dl_defer_arm +-------------------+ sched_switch_out ^ |= ^ + | | ^ dl_replenish | |= | + | sched_switch_out dl_defer_arm +----+ |= | + | v | |= | + | sched_switch_out +-----------------------+ |= | + | +-------------- | | dl_throttle; |= | + | | | | is_constr_dl=3D=3D= 1 | | + | +-------------> | preempted_throttled | <-----------------+= | + | | | = | + +-----------------------> | | -- dl_replenish ---= --+ + sched_switch_out +-----------------------+ + +The value of ``runtime_left_ns()`` is directly read from the deadline enti= ty +and updated as the task runs. It is increased by 1 tick to account for the +maximum delay to throttle (not valid if ``sched_feat(HRTICK_DL)`` is activ= e). + +Monitor nomiss +~~~~~~~~~~~~~~ + +The nomiss monitor ensures dl entities get to run *and* run to completion +before their deadline, although deferrable servers may not run. An entity = is +considered done if ``throttled``, either because it yielded or used up its +runtime, or when it voluntarily starts ``sleeping``. +The monitor includes a user configurable deadline threshold. If the total +utilisation of deadline tasks is larger than 1, they are only guaranteed +bounded tardiness. See Documentation/scheduler/sched-deadline.rst for more +details. The threshold (module parameter ``nomiss.deadline_thresh``) can be +configured to avoid the monitor to fail based on the acceptable tardiness = in +the system. Since ``dl_throttle`` is a valid outcome for the entity to be = done, +the minimum tardiness needs be 1 tick to consider the throttle delay. + +Servers have also an intermediate ``idle`` state, occurring as soon as no +runnable task is available. The special event ``dl_replenish_idle`` is a c= ommon +replenish on an idle CPU, meaningful only for servers:: + + sched_wakeup | + dl_server_start v + dl_replenish;reset(clk) -- #=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D# + | H H dl_replenish;res= et(clk) + +-----------> H H <---------------= -----+ + H H = | + +- dl_server_stop ---- H ready H = | + | +-----------------> H clk < DEADLINE_NS() H dl_throttle; = | + | | H H is_defer =3D= =3D 1 | + | | sched_switch_in - H H ----------------= --+ | + | | | #=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D# | | + | | | | ^ = | | + | | | dl_server_idle dl_replenish;reset(clk) = | | + | | | v | = | | + | | | dl_server_idle +--------------+ = | | + | | | dl_server_start --- | | = | | + | | | dl_replenish_idle; | | dl_throttle = | | + | | | reset(clk) | idle | ------------------+ = | | + | | | +--------> | | | = | | + +-----+--+---+--- dl_server_idle -> | | dl_server_idle | = | | + | | | | | | <--------------+ | = | | + | +--+--+---+--- dl_server_stop -- +--------------+ | | = | | + | | | | | | ^ | | = | | + | | | | | sched_switch_in dl_server_idle | | = | | + | | | | | v | | | = | | + | | | | | +---------- +---------------------+ | | = | | + | | | | | sched_switch_in | | | | = | | + | | | | | sched_wakeup | | | | = | | + | | | | | dl_replenish; | running | -------+ | | = | | + | | | | | reset(clk) | clk < DEADLINE_NS() | | | | = | | + | | | | | +---------> | | dl_throttle | | = | | + | | | | +----------------> | | | | | = | | + | | | | +---------------------+ | | | = | | + | | | sched_wakeup ^ sched_switch_suspend | | | = | | + | v v dl_replenish*;reset(clk) | dl_server_stop | | | = | | + +---------------+ | | v | v = v | + | | - sched_switch_in + | +----------= -----+ + | | <---------------------+ dl_throttle +-- | = | + | sleeping | sched_wakeup | | throttl= ed | + | | --+ dl_server_start +-> | = | + | | dl_server_start sched_switch_suspend +----------= -----+ + +---------------+ <-+ ^ + | | + +---------------- dl_throttle;is_constr_dl =3D=3D 1 -------------+ diff --git a/kernel/trace/rv/Kconfig b/kernel/trace/rv/Kconfig index 720fbe4935f8..719cdcfb6d41 100644 --- a/kernel/trace/rv/Kconfig +++ b/kernel/trace/rv/Kconfig @@ -79,6 +79,11 @@ source "kernel/trace/rv/monitors/sleep/Kconfig" # Add new rtapp monitors here =20 source "kernel/trace/rv/monitors/stall/Kconfig" +source "kernel/trace/rv/monitors/deadline/Kconfig" +source "kernel/trace/rv/monitors/nomiss/Kconfig" +source "kernel/trace/rv/monitors/throttle/Kconfig" +# Add new deadline monitors here + # Add new monitors here =20 config RV_REACTORS diff --git a/kernel/trace/rv/Makefile b/kernel/trace/rv/Makefile index 51c95e2d2da6..15a1edc8bd0f 100644 --- a/kernel/trace/rv/Makefile +++ b/kernel/trace/rv/Makefile @@ -18,6 +18,9 @@ obj-$(CONFIG_RV_MON_NRP) +=3D monitors/nrp/nrp.o obj-$(CONFIG_RV_MON_SSSW) +=3D monitors/sssw/sssw.o obj-$(CONFIG_RV_MON_OPID) +=3D monitors/opid/opid.o obj-$(CONFIG_RV_MON_STALL) +=3D monitors/stall/stall.o +obj-$(CONFIG_RV_MON_DEADLINE) +=3D monitors/deadline/deadline.o +obj-$(CONFIG_RV_MON_NOMISS) +=3D monitors/nomiss/nomiss.o +obj-$(CONFIG_RV_MON_THROTTLE) +=3D monitors/throttle/throttle.o # Add new monitors here obj-$(CONFIG_RV_REACTORS) +=3D rv_reactors.o obj-$(CONFIG_RV_REACT_PRINTK) +=3D reactor_printk.o diff --git a/kernel/trace/rv/monitors/deadline/Kconfig b/kernel/trace/rv/mo= nitors/deadline/Kconfig new file mode 100644 index 000000000000..38804a6ad91d --- /dev/null +++ b/kernel/trace/rv/monitors/deadline/Kconfig @@ -0,0 +1,10 @@ +config RV_MON_DEADLINE + depends on RV + bool "deadline monitor" + help + Collection of monitors to check the deadline scheduler and server + behave according to specifications. Enable this to enable all + scheduler specification supported by the current kernel. + + For further information, see: + Documentation/trace/rv/monitor_deadline.rst diff --git a/kernel/trace/rv/monitors/deadline/deadline.c b/kernel/trace/rv= /monitors/deadline/deadline.c new file mode 100644 index 000000000000..45aed62c1371 --- /dev/null +++ b/kernel/trace/rv/monitors/deadline/deadline.c @@ -0,0 +1,35 @@ +// SPDX-License-Identifier: GPL-2.0 +#include +#include +#include +#include + +#define MODULE_NAME "deadline" + +#include "deadline.h" + +struct rv_monitor rv_deadline =3D { + .name =3D "deadline", + .description =3D "container for several deadline scheduler specifications= .", + .enable =3D NULL, + .disable =3D NULL, + .reset =3D NULL, + .enabled =3D 0, +}; + +static int __init register_deadline(void) +{ + return rv_register_monitor(&rv_deadline, NULL); +} + +static void __exit unregister_deadline(void) +{ + rv_unregister_monitor(&rv_deadline); +} + +module_init(register_deadline); +module_exit(unregister_deadline); + +MODULE_LICENSE("GPL"); +MODULE_AUTHOR("Gabriele Monaco "); +MODULE_DESCRIPTION("deadline: container for several deadline scheduler spe= cifications."); diff --git a/kernel/trace/rv/monitors/deadline/deadline.h b/kernel/trace/rv= /monitors/deadline/deadline.h new file mode 100644 index 000000000000..f6c9689d1c7d --- /dev/null +++ b/kernel/trace/rv/monitors/deadline/deadline.h @@ -0,0 +1,203 @@ +/* SPDX-License-Identifier: GPL-2.0 */ + +#include +#include +#include +#include + +/* + * Dummy values if not available + */ +#ifndef __NR_sched_setscheduler +#define __NR_sched_setscheduler -__COUNTER__ +#endif +#ifndef __NR_sched_setattr +#define __NR_sched_setattr -__COUNTER__ +#endif + +extern struct rv_monitor rv_deadline; + +static inline struct task_struct *dl_task_of(struct sched_dl_entity *dl_se) +{ + if (WARN_ONCE(dl_se->dl_server, "Call this only on a DL task!")) + return NULL; + return container_of(dl_se, struct task_struct, dl); +} + +#ifdef CONFIG_RT_MUTEXES +static inline struct sched_dl_entity *pi_of(struct sched_dl_entity *dl_se) +{ + return dl_se->pi_se; +} + +static inline bool is_dl_boosted(struct sched_dl_entity *dl_se) +{ + return pi_of(dl_se) !=3D dl_se; +} +#else /* !CONFIG_RT_MUTEXES: */ +static inline struct sched_dl_entity *pi_of(struct sched_dl_entity *dl_se) +{ + return dl_se; +} + +static inline bool is_dl_boosted(struct sched_dl_entity *dl_se) +{ + return false; +} +#endif /* !CONFIG_RT_MUTEXES */ + +static inline bool dl_is_implicit(struct sched_dl_entity *dl_se) +{ + return dl_se->dl_deadline =3D=3D dl_se->dl_period; +} + +/* + * If both have dummy values, the syscalls are not supported and we don't = even + * need to register the handler. + */ +static inline bool should_skip_syscall_handle(void) +{ + return __NR_sched_setattr < 0 && __NR_sched_setscheduler < 0; +} + +/* + * Use negative numbers for the server. + * Currently only one fair server per CPU, may change in the future. + */ +#define fair_server_id(cpu) (-cpu) +/* + * Get a unique id used for dl entities + * + * The cpu is not required for tasks as the pid is used there, if this fun= ction + * is called on a dl_se that for sure corresponds to a task, DL_TASK can be + * used in place of cpu. + * We need the cpu for servers as it is provided in the tracepoint and we + * cannot easily retrieve it from the dl_se (requires the struct rq defini= tion). + */ +static inline int get_entity_id(struct sched_dl_entity *dl_se, int cpu) +{ + if (dl_se->dl_server) + return fair_server_id(cpu); + return dl_task_of(dl_se)->pid; +} + +/* Expand id and target as arguments for da functions */ +#define EXPAND_ID(dl_se, cpu) get_entity_id(dl_se, cpu), dl_se + +/* Use this as the cpu in EXPAND_ID in case the dl_se is surely from a tas= k */ +#define DL_TASK -1 + +static inline int extract_params(struct pt_regs *regs, long id, struct tas= k_struct **p) +{ + size_t size =3D offsetof(struct sched_attr, sched_nice); + struct sched_attr __user *uattr, attr; + int new_policy =3D -1, ret; + unsigned long args[6]; + pid_t pid; + + switch (id) { + case __NR_sched_setscheduler: + syscall_get_arguments(current, regs, args); + pid =3D args[0]; + new_policy =3D args[1]; + break; + case __NR_sched_setattr: + syscall_get_arguments(current, regs, args); + pid =3D args[0]; + uattr =3D (void *)args[1]; + /* + * Just copy up to sched_flags, we are not interested after that + */ + ret =3D copy_struct_from_user(&attr, size, uattr, size); + if (ret) + return ret; + if (attr.sched_flags & SCHED_FLAG_KEEP_POLICY) + return -EINVAL; + new_policy =3D attr.sched_policy; + break; + default: + return -EINVAL; + } + if (!pid) + *p =3D current; + else { + /* + * Required for find_task_by_vpid, make sure the caller doesn't + * need to get_task_struct(). + */ + guard(rcu)(); + *p =3D find_task_by_vpid(pid); + if (unlikely(!p)) + return -EINVAL; + } + + return new_policy & ~SCHED_RESET_ON_FORK; +} + +/* Helper functions requiring DA/HA utilities */ +#ifdef RV_MON_TYPE + +/* + * get_fair_server - get the fair server associated to a task + * + * If the task is a boosted task, the server is available in the task_stru= ct, + * otherwise grab the dl entity saved for the CPU where the task is enqueu= ed. + * This function assumes the task is enqueued somewhere. + */ +static inline struct sched_dl_entity *get_fair_server(struct task_struct *= tsk) +{ + if (tsk->dl_server) + return tsk->dl_server; + return da_get_target_by_id(fair_server_id(task_cpu(tsk))); +} + +/* + * Initialise monitors for all tasks and pre-allocate the storage for serv= ers. + * This is necessary since we don't have access to the servers here and + * allocation can cause deadlocks from their tracepoints. We can only fill + * pre-initialised storage from there. + */ +static inline int init_storage(bool skip_tasks) +{ + struct task_struct *g, *p; + int cpu; + + for_each_possible_cpu(cpu) { + if (!da_create_empty_storage(fair_server_id(cpu))) + goto fail; + } + + if (skip_tasks) + return 0; + + read_lock(&tasklist_lock); + for_each_process_thread(g, p) { + if (p->policy =3D=3D SCHED_DEADLINE) { + if (!da_create_storage(EXPAND_ID(&p->dl, DL_TASK), NULL)) { + read_unlock(&tasklist_lock); + goto fail; + } + } + } + read_unlock(&tasklist_lock); + return 0; + +fail: + da_monitor_destroy(); + return -ENOMEM; +} + +static void __maybe_unused handle_newtask(void *data, struct task_struct *= task, u64 flags) +{ + /* Might be superfluous as tasks are not started with this policy.. */ + if (task->policy =3D=3D SCHED_DEADLINE) + da_create_storage(EXPAND_ID(&task->dl, DL_TASK), NULL); +} + +static void __maybe_unused handle_exit(void *data, struct task_struct *p, = bool group_dead) +{ + if (p->policy =3D=3D SCHED_DEADLINE) + da_destroy_storage(get_entity_id(&p->dl, DL_TASK)); +} + +#endif diff --git a/kernel/trace/rv/monitors/nomiss/Kconfig b/kernel/trace/rv/moni= tors/nomiss/Kconfig new file mode 100644 index 000000000000..e1886c3a0dd9 --- /dev/null +++ b/kernel/trace/rv/monitors/nomiss/Kconfig @@ -0,0 +1,15 @@ +# SPDX-License-Identifier: GPL-2.0-only +# +config RV_MON_NOMISS + depends on RV + depends on HAVE_SYSCALL_TRACEPOINTS + depends on RV_MON_DEADLINE + default y + select HA_MON_EVENTS_ID + bool "nomiss monitor" + help + Monitor to ensure dl entities run to completion before their deadiline. + This monitor is part of the deadline monitors collection. + + For further information, see: + Documentation/trace/rv/monitor_deadline.rst diff --git a/kernel/trace/rv/monitors/nomiss/nomiss.c b/kernel/trace/rv/mon= itors/nomiss/nomiss.c new file mode 100644 index 000000000000..1b0b79d39ddf --- /dev/null +++ b/kernel/trace/rv/monitors/nomiss/nomiss.c @@ -0,0 +1,289 @@ +// SPDX-License-Identifier: GPL-2.0 +#include +#include +#include +#include +#include +#include +#include + +#define MODULE_NAME "nomiss" + +#include +#include +#include +#include +#include + +#define RV_MON_TYPE RV_MON_PER_OBJ +#define HA_TIMER_TYPE HA_TIMER_WHEEL +/* The start condition is on sched_switch, it's dangerous to allocate ther= e */ +#define DA_SKIP_AUTO_ALLOC +typedef struct sched_dl_entity *monitor_target; +#include "nomiss.h" +#include +#include + +/* + * User configurable deadline threshold. If the total utilisation of deadl= ine + * tasks is larger than 1, they are only guaranteed bounded tardiness. See + * Documentation/scheduler/sched-deadline.rst for more details. + * The minimum tardiness without sched_feat(HRTICK_DL) is 1 tick to accomm= odate + * for throttle enforced on the next tick. + */ +static u64 deadline_thresh =3D TICK_NSEC; +module_param(deadline_thresh, ullong, 0644); +#define DEADLINE_NS(ha_mon) (pi_of(ha_get_target(ha_mon))->dl_deadline + d= eadline_thresh) + +static u64 ha_get_env(struct ha_monitor *ha_mon, enum envs_nomiss env, u64= time_ns) +{ + if (env =3D=3D clk_nomiss) + return ha_get_clk_ns(ha_mon, env, time_ns); + else if (env =3D=3D is_constr_dl_nomiss) + return !dl_is_implicit(ha_get_target(ha_mon)); + else if (env =3D=3D is_defer_nomiss) + return ha_get_target(ha_mon)->dl_defer; + return ENV_INVALID_VALUE; +} + +static void ha_reset_env(struct ha_monitor *ha_mon, enum envs_nomiss env, = u64 time_ns) +{ + if (env =3D=3D clk_nomiss) + ha_reset_clk_ns(ha_mon, env, time_ns); +} + +static inline bool ha_verify_invariants(struct ha_monitor *ha_mon, + enum states curr_state, enum events event, + enum states next_state, u64 time_ns) +{ + if (curr_state =3D=3D ready_nomiss) + return ha_check_invariant_ns(ha_mon, clk_nomiss, time_ns); + else if (curr_state =3D=3D running_nomiss) + return ha_check_invariant_ns(ha_mon, clk_nomiss, time_ns); + return true; +} + +static inline void ha_convert_inv_guard(struct ha_monitor *ha_mon, + enum states curr_state, enum events event, + enum states next_state, u64 time_ns) +{ + if (curr_state =3D=3D next_state) + return; + if (curr_state =3D=3D ready_nomiss) + ha_inv_to_guard(ha_mon, clk_nomiss, DEADLINE_NS(ha_mon), time_ns); + else if (curr_state =3D=3D running_nomiss) + ha_inv_to_guard(ha_mon, clk_nomiss, DEADLINE_NS(ha_mon), time_ns); +} + +static inline bool ha_verify_guards(struct ha_monitor *ha_mon, + enum states curr_state, enum events event, + enum states next_state, u64 time_ns) +{ + bool res =3D true; + + if (curr_state =3D=3D idle_nomiss && event =3D=3D dl_replenish_idle_nomis= s) + ha_reset_env(ha_mon, clk_nomiss, time_ns); + else if (curr_state =3D=3D idle_nomiss && event =3D=3D dl_replenish_nomis= s) + ha_reset_env(ha_mon, clk_nomiss, time_ns); + else if (curr_state =3D=3D ready_nomiss && event =3D=3D dl_replenish_nomi= ss) + ha_reset_env(ha_mon, clk_nomiss, time_ns); + else if (curr_state =3D=3D ready_nomiss && event =3D=3D dl_throttle_nomis= s) + res =3D ha_get_env(ha_mon, is_defer_nomiss, time_ns) =3D=3D 1ull; + else if (curr_state =3D=3D running_nomiss && event =3D=3D dl_replenish_no= miss) + ha_reset_env(ha_mon, clk_nomiss, time_ns); + else if (curr_state =3D=3D sleeping_nomiss && event =3D=3D dl_replenish_n= omiss) + ha_reset_env(ha_mon, clk_nomiss, time_ns); + else if (curr_state =3D=3D sleeping_nomiss && event =3D=3D dl_replenish_i= dle_nomiss) + ha_reset_env(ha_mon, clk_nomiss, time_ns); + else if (curr_state =3D=3D sleeping_nomiss && event =3D=3D dl_throttle_no= miss) + res =3D ha_get_env(ha_mon, is_constr_dl_nomiss, time_ns) =3D=3D 1ull; + else if (curr_state =3D=3D throttled_nomiss && event =3D=3D dl_replenish_= nomiss) + ha_reset_env(ha_mon, clk_nomiss, time_ns); + return res; +} + +static inline void ha_setup_invariants(struct ha_monitor *ha_mon, + enum states curr_state, enum events event, + enum states next_state, u64 time_ns) +{ + if (next_state =3D=3D curr_state && event !=3D dl_replenish_nomiss && + event !=3D dl_replenish_idle_nomiss) + return; + if (next_state =3D=3D ready_nomiss) + ha_start_timer_ns(ha_mon, clk_nomiss, DEADLINE_NS(ha_mon), time_ns); + else if (next_state =3D=3D running_nomiss) + ha_start_timer_ns(ha_mon, clk_nomiss, DEADLINE_NS(ha_mon), time_ns); + else if (curr_state =3D=3D ready_nomiss) + ha_cancel_timer(ha_mon); + else if (curr_state =3D=3D running_nomiss) + ha_cancel_timer(ha_mon); +} + +static bool ha_verify_constraint(struct ha_monitor *ha_mon, + enum states curr_state, enum events event, + enum states next_state, u64 time_ns) +{ + if (!ha_verify_invariants(ha_mon, curr_state, event, next_state, time_ns)) + return false; + + ha_convert_inv_guard(ha_mon, curr_state, event, next_state, time_ns); + + if (!ha_verify_guards(ha_mon, curr_state, event, next_state, time_ns)) + return false; + + ha_setup_invariants(ha_mon, curr_state, event, next_state, time_ns); + + return true; +} + +static void handle_dl_replenish(void *data, struct sched_dl_entity *dl_se,= int cpu) +{ + /* Special case of replenish with idle CPU */ + if ((idle_cpu(cpu) || (smp_processor_id() =3D=3D cpu && is_idle_task(curr= ent))) && + dl_se->dl_server) { + da_handle_event(EXPAND_ID(dl_se, cpu), dl_replenish_idle_nomiss); + return; + } + da_handle_event(EXPAND_ID(dl_se, cpu), dl_replenish_nomiss); +} + +static void handle_dl_throttle(void *data, struct sched_dl_entity *dl_se, = int cpu) +{ + da_handle_event(EXPAND_ID(dl_se, cpu), dl_throttle_nomiss); +} + +static void handle_dl_server_start(void *data, struct sched_dl_entity *dl_= se, int cpu) +{ + da_handle_event(EXPAND_ID(dl_se, cpu), dl_server_start_nomiss); +} + +static void handle_dl_server_stop(void *data, struct sched_dl_entity *dl_s= e, int cpu) +{ + /* + * This isn't the standard use of da_handle_start_run_event since those + * events cannot only occur from the initial states. + * It is fine to use here because they always bring to a known state + * and the fact we "pretend" the transition starts from the initial + * state has no side effect. + */ + da_handle_start_run_event(EXPAND_ID(dl_se, cpu), dl_server_stop_nomiss); +} + +static void handle_sched_switch(void *data, bool preempt, + struct task_struct *prev, + struct task_struct *next, + unsigned int prev_state) +{ + struct sched_dl_entity *dl_se; + int cpu =3D task_cpu(next); + + if (prev_state !=3D TASK_RUNNING && !preempt && prev->policy =3D=3D SCHED= _DEADLINE) + da_handle_event(EXPAND_ID(&prev->dl, cpu), sched_switch_suspend_nomiss); + if (next->policy =3D=3D SCHED_DEADLINE) + da_handle_start_run_event(EXPAND_ID(&next->dl, cpu), sched_switch_in_nom= iss); + + /* + * The server is available in next only if the next task is boosted, + * otherwise we need to retrieve it. + * Here the server continues in the state running/armed until actually + * stopped, this works since we continue expecting a throttle. + */ + dl_se =3D get_fair_server(next); + if (!dl_se) + return; + if (next->dl_server) + da_handle_start_run_event(EXPAND_ID(next->dl_server, cpu), sched_switch_= in_nomiss); + else if (is_idle_task(next)) + da_handle_start_run_event(EXPAND_ID(dl_se, cpu), dl_server_idle_nomiss); +} + +static void handle_syscall(void *data, struct pt_regs *regs, long id) +{ + struct task_struct *p; + int new_policy =3D -1; + + new_policy =3D extract_params(regs, id, &p); + if (new_policy < 0 || new_policy =3D=3D p->policy) + return; + if (p->policy =3D=3D SCHED_DEADLINE) + da_reset(EXPAND_ID(&p->dl, DL_TASK)); + else if (new_policy =3D=3D SCHED_DEADLINE) + da_create_or_get(EXPAND_ID(&p->dl, DL_TASK)); +} + +static void handle_sched_wakeup(void *data, struct task_struct *tsk) +{ + if (tsk->policy =3D=3D SCHED_DEADLINE) + da_handle_event(EXPAND_ID(&tsk->dl, task_cpu(tsk)), sched_wakeup_nomiss); +} + +static int enable_nomiss(void) +{ + int retval; + + retval =3D da_monitor_init(); + if (retval) + return retval; + + retval =3D init_storage(false); + if (retval) + return retval; + rv_attach_trace_probe("nomiss", sched_dl_replenish_tp, handle_dl_replenis= h); + rv_attach_trace_probe("nomiss", sched_dl_throttle_tp, handle_dl_throttle); + rv_attach_trace_probe("nomiss", sched_dl_server_start_tp, handle_dl_serve= r_start); + rv_attach_trace_probe("nomiss", sched_dl_server_stop_tp, handle_dl_server= _stop); + rv_attach_trace_probe("nomiss", sched_switch, handle_sched_switch); + rv_attach_trace_probe("nomiss", sched_wakeup, handle_sched_wakeup); + if (!should_skip_syscall_handle()) + rv_attach_trace_probe("nomiss", sys_enter, handle_syscall); + rv_attach_trace_probe("nomiss", task_newtask, handle_newtask); + rv_attach_trace_probe("nomiss", sched_process_exit, handle_exit); + + return 0; +} + +static void disable_nomiss(void) +{ + rv_this.enabled =3D 0; + + /* Those are RCU writers, detach earlier hoping to close a bit faster */ + rv_detach_trace_probe("nomiss", task_newtask, handle_newtask); + rv_detach_trace_probe("nomiss", sched_process_exit, handle_exit); + if (!should_skip_syscall_handle()) + rv_detach_trace_probe("nomiss", sys_enter, handle_syscall); + + rv_detach_trace_probe("nomiss", sched_dl_replenish_tp, handle_dl_replenis= h); + rv_detach_trace_probe("nomiss", sched_dl_throttle_tp, handle_dl_throttle); + rv_detach_trace_probe("nomiss", sched_dl_server_start_tp, handle_dl_serve= r_start); + rv_detach_trace_probe("nomiss", sched_dl_server_stop_tp, handle_dl_server= _stop); + rv_detach_trace_probe("nomiss", sched_switch, handle_sched_switch); + rv_detach_trace_probe("nomiss", sched_wakeup, handle_sched_wakeup); + + da_monitor_destroy(); +} + +static struct rv_monitor rv_this =3D { + .name =3D "nomiss", + .description =3D "dl entities run to completion before their deadiline.", + .enable =3D enable_nomiss, + .disable =3D disable_nomiss, + .reset =3D da_monitor_reset_all, + .enabled =3D 0, +}; + +static int __init register_nomiss(void) +{ + return rv_register_monitor(&rv_this, &rv_deadline); +} + +static void __exit unregister_nomiss(void) +{ + rv_unregister_monitor(&rv_this); +} + +module_init(register_nomiss); +module_exit(unregister_nomiss); + +MODULE_LICENSE("GPL"); +MODULE_AUTHOR("Gabriele Monaco "); +MODULE_DESCRIPTION("nomiss: dl entities run to completion before their dea= diline."); diff --git a/kernel/trace/rv/monitors/nomiss/nomiss.h b/kernel/trace/rv/mon= itors/nomiss/nomiss.h new file mode 100644 index 000000000000..c30c064aacdf --- /dev/null +++ b/kernel/trace/rv/monitors/nomiss/nomiss.h @@ -0,0 +1,137 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +/* + * Automatically generated C representation of nomiss automaton + * For further information about this format, see kernel documentation: + * Documentation/trace/rv/deterministic_automata.rst + */ + +#define MONITOR_NAME nomiss + +enum states_nomiss { + ready_nomiss, + idle_nomiss, + running_nomiss, + sleeping_nomiss, + throttled_nomiss, + state_max_nomiss, +}; + +#define INVALID_STATE state_max_nomiss + +enum events_nomiss { + dl_replenish_nomiss, + dl_replenish_idle_nomiss, + dl_server_idle_nomiss, + dl_server_start_nomiss, + dl_server_stop_nomiss, + dl_throttle_nomiss, + sched_switch_in_nomiss, + sched_switch_suspend_nomiss, + sched_wakeup_nomiss, + event_max_nomiss, +}; + +enum envs_nomiss { + clk_nomiss, + is_constr_dl_nomiss, + is_defer_nomiss, + env_max_nomiss, + env_max_stored_nomiss =3D is_constr_dl_nomiss, +}; + +_Static_assert(env_max_stored_nomiss <=3D MAX_HA_ENV_LEN, "Not enough slot= s"); +#define HA_CLK_NS + +struct automaton_nomiss { + char *state_names[state_max_nomiss]; + char *event_names[event_max_nomiss]; + char *env_names[env_max_nomiss]; + unsigned char function[state_max_nomiss][event_max_nomiss]; + unsigned char initial_state; + bool final_states[state_max_nomiss]; +}; + +static const struct automaton_nomiss automaton_nomiss =3D { + .state_names =3D { + "ready", + "idle", + "running", + "sleeping", + "throttled", + }, + .event_names =3D { + "dl_replenish", + "dl_replenish_idle", + "dl_server_idle", + "dl_server_start", + "dl_server_stop", + "dl_throttle", + "sched_switch_in", + "sched_switch_suspend", + "sched_wakeup", + }, + .env_names =3D { + "clk", + "is_constr_dl", + "is_defer", + }, + .function =3D { + { + ready_nomiss, + INVALID_STATE, + idle_nomiss, + ready_nomiss, + sleeping_nomiss, + throttled_nomiss, + running_nomiss, + INVALID_STATE, + ready_nomiss, + }, + { + ready_nomiss, + idle_nomiss, + idle_nomiss, + idle_nomiss, + sleeping_nomiss, + throttled_nomiss, + running_nomiss, + INVALID_STATE, + INVALID_STATE, + }, + { + running_nomiss, + INVALID_STATE, + idle_nomiss, + INVALID_STATE, + sleeping_nomiss, + throttled_nomiss, + running_nomiss, + sleeping_nomiss, + running_nomiss, + }, + { + ready_nomiss, + ready_nomiss, + idle_nomiss, + sleeping_nomiss, + INVALID_STATE, + throttled_nomiss, + running_nomiss, + INVALID_STATE, + ready_nomiss, + }, + { + ready_nomiss, + INVALID_STATE, + idle_nomiss, + throttled_nomiss, + INVALID_STATE, + throttled_nomiss, + INVALID_STATE, + throttled_nomiss, + throttled_nomiss, + }, + }, + .initial_state =3D ready_nomiss, + .final_states =3D { 1, 0, 0, 0, 0 }, +}; diff --git a/kernel/trace/rv/monitors/nomiss/nomiss_trace.h b/kernel/trace/= rv/monitors/nomiss/nomiss_trace.h new file mode 100644 index 000000000000..42e7efaca4e7 --- /dev/null +++ b/kernel/trace/rv/monitors/nomiss/nomiss_trace.h @@ -0,0 +1,19 @@ +/* SPDX-License-Identifier: GPL-2.0 */ + +/* + * Snippet to be included in rv_trace.h + */ + +#ifdef CONFIG_RV_MON_NOMISS +DEFINE_EVENT(event_da_monitor_id, event_nomiss, + TP_PROTO(int id, char *state, char *event, char *next_state, bool fi= nal_state), + TP_ARGS(id, state, event, next_state, final_state)); + +DEFINE_EVENT(error_da_monitor_id, error_nomiss, + TP_PROTO(int id, char *state, char *event), + TP_ARGS(id, state, event)); + +DEFINE_EVENT(error_env_da_monitor_id, error_env_nomiss, + TP_PROTO(int id, char *state, char *event, char *env), + TP_ARGS(id, state, event, env)); +#endif /* CONFIG_RV_MON_NOMISS */ diff --git a/kernel/trace/rv/monitors/throttle/Kconfig b/kernel/trace/rv/mo= nitors/throttle/Kconfig new file mode 100644 index 000000000000..d9bd2dc903cd --- /dev/null +++ b/kernel/trace/rv/monitors/throttle/Kconfig @@ -0,0 +1,15 @@ +# SPDX-License-Identifier: GPL-2.0-only +# +config RV_MON_THROTTLE + depends on RV + depends on HAVE_SYSCALL_TRACEPOINTS + depends on RV_MON_DEADLINE + default y + select HA_MON_EVENTS_ID + bool "throttle monitor" + help + Monitor to ensure dl entities are throttled when they use up their runt= ime. + This monitor is part of the deadline monitors collection. + + For further information, see: + Documentation/trace/rv/monitor_deadline.rst diff --git a/kernel/trace/rv/monitors/throttle/throttle.c b/kernel/trace/rv= /monitors/throttle/throttle.c new file mode 100644 index 000000000000..eb3cf4365416 --- /dev/null +++ b/kernel/trace/rv/monitors/throttle/throttle.c @@ -0,0 +1,248 @@ +// SPDX-License-Identifier: GPL-2.0 +#include +#include +#include +#include +#include +#include +#include + +#define MODULE_NAME "throttle" + +#include +#include +#include +#include +#include + +#define RV_MON_TYPE RV_MON_PER_OBJ +#define HA_TIMER_TYPE HA_TIMER_WHEEL +/* The start condition is on sched_switch, it's dangerous to allocate ther= e */ +#define DA_SKIP_AUTO_ALLOC +typedef struct sched_dl_entity *monitor_target; +#include "throttle.h" +#include +#include + +#define THROTTLED_TIME_NS TICK_NSEC +/* with sched_feat(HRTICK_DL) the threshold can be lower */ +#define RUNTIME_THRESH TICK_NSEC + +static inline u64 runtime_left_ns(struct ha_monitor *ha_mon) +{ + return pi_of(ha_get_target(ha_mon))->runtime + RUNTIME_THRESH; +} + +static u64 ha_get_env(struct ha_monitor *ha_mon, enum envs_throttle env, u= 64 time_ns) +{ + if (env =3D=3D clk_throttle) + return ha_get_clk_ns(ha_mon, env, time_ns); + else if (env =3D=3D is_constr_dl_throttle) + return !dl_is_implicit(ha_get_target(ha_mon)); + return ENV_INVALID_VALUE; +} + +static void ha_reset_env(struct ha_monitor *ha_mon, enum envs_throttle env= , u64 time_ns) +{ + if (env =3D=3D clk_throttle) + ha_reset_clk_ns(ha_mon, env, time_ns); +} + +static inline bool ha_verify_invariants(struct ha_monitor *ha_mon, + enum states curr_state, enum events event, + enum states next_state, u64 time_ns) +{ + if (curr_state =3D=3D running_throttle) + return ha_check_invariant_ns(ha_mon, clk_throttle, time_ns); + else if (curr_state =3D=3D throttled_throttle) + return ha_check_invariant_ns(ha_mon, clk_throttle, time_ns); + return true; +} + +static inline bool ha_verify_guards(struct ha_monitor *ha_mon, + enum states curr_state, enum events event, + enum states next_state, u64 time_ns) +{ + bool res =3D true; + + if (curr_state =3D=3D armed_throttle && event =3D=3D sched_switch_in_thro= ttle) + ha_reset_env(ha_mon, clk_throttle, time_ns); + else if (curr_state =3D=3D preempted_throttle && event =3D=3D dl_throttle= _throttle) + res =3D ha_get_env(ha_mon, is_constr_dl_throttle, time_ns) =3D=3D 1ull; + else if (curr_state =3D=3D preempted_throttle && event =3D=3D sched_switc= h_in_throttle) + ha_reset_env(ha_mon, clk_throttle, time_ns); + else if (curr_state =3D=3D running_throttle && event =3D=3D dl_replenish_= throttle) + ha_reset_env(ha_mon, clk_throttle, time_ns); + else if (curr_state =3D=3D running_throttle && event =3D=3D dl_throttle_t= hrottle) + ha_reset_env(ha_mon, clk_throttle, time_ns); + else if (curr_state =3D=3D throttled_throttle && event =3D=3D dl_replenis= h_throttle) + ha_reset_env(ha_mon, clk_throttle, time_ns); + return res; +} + +static inline void ha_setup_invariants(struct ha_monitor *ha_mon, + enum states curr_state, enum events event, + enum states next_state, u64 time_ns) +{ + if (next_state =3D=3D curr_state && event !=3D dl_replenish_throttle) + return; + if (next_state =3D=3D running_throttle) + ha_start_timer_ns(ha_mon, clk_throttle, runtime_left_ns(ha_mon), time_ns= ); + else if (next_state =3D=3D throttled_throttle) + ha_start_timer_ns(ha_mon, clk_throttle, THROTTLED_TIME_NS, time_ns); + else if (curr_state =3D=3D running_throttle) + ha_cancel_timer(ha_mon); + else if (curr_state =3D=3D throttled_throttle) + ha_cancel_timer(ha_mon); +} + +static bool ha_verify_constraint(struct ha_monitor *ha_mon, + enum states curr_state, enum events event, + enum states next_state, u64 time_ns) +{ + if (!ha_verify_invariants(ha_mon, curr_state, event, next_state, time_ns)) + return false; + + if (!ha_verify_guards(ha_mon, curr_state, event, next_state, time_ns)) + return false; + + ha_setup_invariants(ha_mon, curr_state, event, next_state, time_ns); + + return true; +} + +static void handle_dl_replenish(void *data, struct sched_dl_entity *dl_se,= int cpu) +{ + da_handle_event(EXPAND_ID(dl_se, cpu), dl_replenish_throttle); +} + +static void handle_dl_throttle(void *data, struct sched_dl_entity *dl_se, = int cpu) +{ + da_handle_event(EXPAND_ID(dl_se, cpu), dl_throttle_throttle); +} + +static void handle_dl_server_stop(void *data, struct sched_dl_entity *dl_s= e, int cpu) +{ + da_handle_start_run_event(EXPAND_ID(dl_se, cpu), sched_switch_out_throttl= e); +} + +static void handle_sched_switch(void *data, bool preempt, + struct task_struct *prev, + struct task_struct *next, + unsigned int prev_state) +{ + struct sched_dl_entity *dl_se; + int cpu =3D task_cpu(next); + + if (prev->policy =3D=3D SCHED_DEADLINE) + da_handle_event(EXPAND_ID(&prev->dl, cpu), sched_switch_out_throttle); + if (next->policy =3D=3D SCHED_DEADLINE) + da_handle_start_event(EXPAND_ID(&next->dl, cpu), sched_switch_in_throttl= e); + + /* + * The server is available in next only if the next task is boosted, + * otherwise we need to retrieve it. + * Here the server continues in the state running/armed until actually + * stopped, this works since we continue expecting a throttle. + */ + dl_se =3D get_fair_server(next); + if (!dl_se) + return; + if (next->dl_server) + da_handle_start_event(EXPAND_ID(next->dl_server, cpu), sched_switch_in_t= hrottle); + else if (is_idle_task(next) || next->policy =3D=3D SCHED_NORMAL) + da_handle_event(EXPAND_ID(dl_se, cpu), dl_defer_arm_throttle); +} + +static void handle_syscall(void *data, struct pt_regs *regs, long id) +{ + struct task_struct *p; + int new_policy =3D -1; + + new_policy =3D extract_params(regs, id, &p); + if (new_policy < 0 || new_policy =3D=3D p->policy) + return; + if (p->policy =3D=3D SCHED_DEADLINE) { + da_reset(EXPAND_ID(&p->dl, DL_TASK)); + /* + * When a task changes from SCHED_DEADLINE to SCHED_NORMAL, the + * runtime after the change is counted in the fair server. + */ + if (new_policy =3D=3D SCHED_NORMAL) { + struct sched_dl_entity *dl_se =3D get_fair_server(p); + + if (!dl_se || !p->on_cpu) + return; + da_handle_event(EXPAND_ID(dl_se, task_cpu(p)), dl_defer_arm_throttle); + } + } else if (new_policy =3D=3D SCHED_DEADLINE) { + da_create_or_get(EXPAND_ID(&p->dl, DL_TASK)); + } +} + +static int enable_throttle(void) +{ + int retval; + + retval =3D da_monitor_init(); + if (retval) + return retval; + + retval =3D init_storage(false); + if (retval) + return retval; + rv_attach_trace_probe("throttle", sched_dl_replenish_tp, handle_dl_replen= ish); + rv_attach_trace_probe("throttle", sched_dl_throttle_tp, handle_dl_throttl= e); + rv_attach_trace_probe("throttle", sched_switch, handle_sched_switch); + if (!should_skip_syscall_handle()) + rv_attach_trace_probe("throttle", sys_enter, handle_syscall); + rv_attach_trace_probe("throttle", task_newtask, handle_newtask); + rv_attach_trace_probe("throttle", sched_dl_server_stop_tp, handle_dl_serv= er_stop); + rv_attach_trace_probe("throttle", sched_process_exit, handle_exit); + + return 0; +} + +static void disable_throttle(void) +{ + rv_this.enabled =3D 0; + + /* Those are RCU writers, detach earlier hoping to close a bit faster */ + rv_detach_trace_probe("throttle", task_newtask, handle_newtask); + rv_detach_trace_probe("throttle", sched_process_exit, handle_exit); + if (!should_skip_syscall_handle()) + rv_detach_trace_probe("throttle", sys_enter, handle_syscall); + + rv_detach_trace_probe("throttle", sched_dl_replenish_tp, handle_dl_replen= ish); + rv_detach_trace_probe("throttle", sched_dl_throttle_tp, handle_dl_throttl= e); + rv_detach_trace_probe("throttle", sched_dl_server_stop_tp, handle_dl_serv= er_stop); + rv_detach_trace_probe("throttle", sched_switch, handle_sched_switch); + + da_monitor_destroy(); +} + +static struct rv_monitor rv_this =3D { + .name =3D "throttle", + .description =3D "throttle dl entities when they use up their runtime.", + .enable =3D enable_throttle, + .disable =3D disable_throttle, + .reset =3D da_monitor_reset_all, + .enabled =3D 0, +}; + +static int __init register_throttle(void) +{ + return rv_register_monitor(&rv_this, &rv_deadline); +} + +static void __exit unregister_throttle(void) +{ + rv_unregister_monitor(&rv_this); +} + +module_init(register_throttle); +module_exit(unregister_throttle); + +MODULE_LICENSE("GPL"); +MODULE_AUTHOR("Gabriele Monaco "); +MODULE_DESCRIPTION("throttle: throttle dl entities when they use up their = runtime."); diff --git a/kernel/trace/rv/monitors/throttle/throttle.h b/kernel/trace/rv= /monitors/throttle/throttle.h new file mode 100644 index 000000000000..3ab6d73280d2 --- /dev/null +++ b/kernel/trace/rv/monitors/throttle/throttle.h @@ -0,0 +1,116 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +/* + * Automatically generated C representation of throttle automaton + * For further information about this format, see kernel documentation: + * Documentation/trace/rv/deterministic_automata.rst + */ + +#define MONITOR_NAME throttle + +enum states_throttle { + running_throttle, + armed_throttle, + armed_throttled_throttle, + preempted_throttle, + preempted_throttled_throttle, + throttled_throttle, + state_max_throttle, +}; + +#define INVALID_STATE state_max_throttle + +enum events_throttle { + dl_defer_arm_throttle, + dl_replenish_throttle, + dl_throttle_throttle, + sched_switch_in_throttle, + sched_switch_out_throttle, + event_max_throttle, +}; + +enum envs_throttle { + clk_throttle, + is_constr_dl_throttle, + env_max_throttle, + env_max_stored_throttle =3D is_constr_dl_throttle, +}; + +_Static_assert(env_max_stored_throttle <=3D MAX_HA_ENV_LEN, "Not enough sl= ots"); +#define HA_CLK_NS + +struct automaton_throttle { + char *state_names[state_max_throttle]; + char *event_names[event_max_throttle]; + char *env_names[env_max_throttle]; + unsigned char function[state_max_throttle][event_max_throttle]; + unsigned char initial_state; + bool final_states[state_max_throttle]; +}; + +static const struct automaton_throttle automaton_throttle =3D { + .state_names =3D { + "running", + "armed", + "armed_throttled", + "preempted", + "preempted_throttled", + "throttled", + }, + .event_names =3D { + "dl_defer_arm", + "dl_replenish", + "dl_throttle", + "sched_switch_in", + "sched_switch_out", + }, + .env_names =3D { + "clk", + "is_constr_dl", + }, + .function =3D { + { + armed_throttle, + running_throttle, + throttled_throttle, + running_throttle, + preempted_throttle, + }, + { + armed_throttle, + armed_throttle, + armed_throttled_throttle, + running_throttle, + preempted_throttle, + }, + { + armed_throttled_throttle, + armed_throttle, + INVALID_STATE, + INVALID_STATE, + preempted_throttled_throttle, + }, + { + armed_throttle, + preempted_throttle, + preempted_throttled_throttle, + running_throttle, + preempted_throttle, + }, + { + armed_throttled_throttle, + preempted_throttle, + INVALID_STATE, + INVALID_STATE, + preempted_throttled_throttle, + }, + { + armed_throttled_throttle, + running_throttle, + INVALID_STATE, + INVALID_STATE, + preempted_throttled_throttle, + }, + }, + .initial_state =3D running_throttle, + .final_states =3D { 1, 0, 0, 0, 0, 0 }, +}; diff --git a/kernel/trace/rv/monitors/throttle/throttle_trace.h b/kernel/tr= ace/rv/monitors/throttle/throttle_trace.h new file mode 100644 index 000000000000..7e376d3aec60 --- /dev/null +++ b/kernel/trace/rv/monitors/throttle/throttle_trace.h @@ -0,0 +1,19 @@ +/* SPDX-License-Identifier: GPL-2.0 */ + +/* + * Snippet to be included in rv_trace.h + */ + +#ifdef CONFIG_RV_MON_THROTTLE +DEFINE_EVENT(event_da_monitor_id, event_throttle, + TP_PROTO(int id, char *state, char *event, char *next_state, bool fi= nal_state), + TP_ARGS(id, state, event, next_state, final_state)); + +DEFINE_EVENT(error_da_monitor_id, error_throttle, + TP_PROTO(int id, char *state, char *event), + TP_ARGS(id, state, event)); + +DEFINE_EVENT(error_env_da_monitor_id, error_env_throttle, + TP_PROTO(int id, char *state, char *event, char *env), + TP_ARGS(id, state, event, env)); +#endif /* CONFIG_RV_MON_THROTTLE */ diff --git a/kernel/trace/rv/rv_trace.h b/kernel/trace/rv/rv_trace.h index 9e8072d863a2..1bf0f3666ee4 100644 --- a/kernel/trace/rv/rv_trace.h +++ b/kernel/trace/rv/rv_trace.h @@ -188,6 +188,8 @@ DECLARE_EVENT_CLASS(error_env_da_monitor_id, ); =20 #include +#include +#include // Add new monitors based on CONFIG_HA_MON_EVENTS_ID here =20 #endif diff --git a/tools/verification/models/deadline/nomiss.dot b/tools/verifica= tion/models/deadline/nomiss.dot new file mode 100644 index 000000000000..ff51ce8be8e5 --- /dev/null +++ b/tools/verification/models/deadline/nomiss.dot @@ -0,0 +1,43 @@ +digraph state_automaton { + center =3D true; + size =3D "7,11"; + {node [shape =3D circle] "idle"}; + {node [shape =3D plaintext, style=3Dinvis, label=3D""] "__init_ready"}; + {node [shape =3D doublecircle] "ready"}; + {node [shape =3D circle] "ready"}; + {node [shape =3D circle] "running"}; + {node [shape =3D circle] "sleeping"}; + {node [shape =3D circle] "throttled"}; + "__init_ready" -> "ready"; + "idle" [label =3D "idle"]; + "idle" -> "idle" [ label =3D "dl_server_idle\ndl_server_start\ndl_repleni= sh_idle;reset(clk)" ]; + "idle" -> "ready" [ label =3D "dl_replenish;reset(clk)" ]; + "idle" -> "running" [ label =3D "sched_switch_in" ]; + "idle" -> "sleeping" [ label =3D "dl_server_stop" ]; + "idle" -> "throttled" [ label =3D "dl_throttle" ]; + "ready" [label =3D "ready\nclk < DEADLINE_NS()", color =3D green3]; + "ready" -> "idle" [ label =3D "dl_server_idle" ]; + "ready" -> "ready" [ label =3D "sched_wakeup\ndl_server_start\ndl_repleni= sh;reset(clk)" ]; + "ready" -> "running" [ label =3D "sched_switch_in" ]; + "ready" -> "sleeping" [ label =3D "dl_server_stop" ]; + "ready" -> "throttled" [ label =3D "dl_throttle;is_defer =3D=3D 1" ]; + "running" [label =3D "running\nclk < DEADLINE_NS()"]; + "running" -> "idle" [ label =3D "dl_server_idle" ]; + "running" -> "running" [ label =3D "dl_replenish;reset(clk)\nsched_switch= _in\nsched_wakeup" ]; + "running" -> "sleeping" [ label =3D "sched_switch_suspend\ndl_server_stop= " ]; + "running" -> "throttled" [ label =3D "dl_throttle" ]; + "sleeping" [label =3D "sleeping"]; + "sleeping" -> "idle" [ label =3D "dl_server_idle" ]; + "sleeping" -> "ready" [ label =3D "sched_wakeup\ndl_replenish_idle;reset(= clk)\ndl_replenish;reset(clk)" ]; + "sleeping" -> "running" [ label =3D "sched_switch_in" ]; + "sleeping" -> "sleeping" [ label =3D "dl_server_start" ]; + "sleeping" -> "throttled" [ label =3D "dl_throttle;is_constr_dl =3D=3D 1"= ]; + "throttled" [label =3D "throttled"]; + "throttled" -> "idle" [ label =3D "dl_server_idle" ]; + "throttled" -> "ready" [ label =3D "dl_replenish;reset(clk)" ]; + "throttled" -> "throttled" [ label =3D "sched_switch_suspend\nsched_wakeu= p\ndl_server_start\ndl_throttle" ]; + { rank =3D min ; + "__init_ready"; + "ready"; + } +} diff --git a/tools/verification/models/deadline/throttle.dot b/tools/verifi= cation/models/deadline/throttle.dot new file mode 100644 index 000000000000..c24fc3f291a9 --- /dev/null +++ b/tools/verification/models/deadline/throttle.dot @@ -0,0 +1,44 @@ +digraph state_automaton { + center =3D true; + size =3D "7,11"; + {node [shape =3D circle] "armed"}; + {node [shape =3D circle] "armed_throttled"}; + {node [shape =3D circle] "preempted"}; + {node [shape =3D circle] "preempted_throttled"}; + {node [shape =3D plaintext, style=3Dinvis, label=3D""] "__init_running"}; + {node [shape =3D doublecircle] "running"}; + {node [shape =3D circle] "running"}; + {node [shape =3D circle] "throttled"}; + "__init_running" -> "running"; + "armed" [label =3D "armed"]; + "armed" -> "armed" [ label =3D "dl_replenish\ndl_defer_arm" ]; + "armed" -> "armed_throttled" [ label =3D "dl_throttle" ]; + "armed" -> "preempted" [ label =3D "sched_switch_out" ]; + "armed" -> "running" [ label =3D "sched_switch_in;reset(clk)" ]; + "armed_throttled" [label =3D "armed_throttled"]; + "armed_throttled" -> "armed" [ label =3D "dl_replenish" ]; + "armed_throttled" -> "armed_throttled" [ label =3D "dl_defer_arm" ]; + "armed_throttled" -> "preempted_throttled" [ label =3D "sched_switch_out"= ]; + "preempted" [label =3D "preempted"]; + "preempted" -> "armed" [ label =3D "dl_defer_arm" ]; + "preempted" -> "preempted" [ label =3D "dl_replenish\nsched_switch_out" ]; + "preempted" -> "preempted_throttled" [ label =3D "dl_throttle;is_constr_d= l =3D=3D 1" ]; + "preempted" -> "running" [ label =3D "sched_switch_in;reset(clk)" ]; + "preempted_throttled" [label =3D "preempted_throttled"]; + "preempted_throttled" -> "armed_throttled" [ label =3D "dl_defer_arm" ]; + "preempted_throttled" -> "preempted" [ label =3D "dl_replenish" ]; + "preempted_throttled" -> "preempted_throttled" [ label =3D "sched_switch_= out" ]; + "running" [label =3D "running\nclk < runtime_left_ns()", color =3D green3= ]; + "running" -> "armed" [ label =3D "dl_defer_arm" ]; + "running" -> "preempted" [ label =3D "sched_switch_out" ]; + "running" -> "running" [ label =3D "dl_replenish;reset(clk)\nsched_switch= _in" ]; + "running" -> "throttled" [ label =3D "dl_throttle;reset(clk)" ]; + "throttled" [label =3D "throttled\nclk < THROTTLED_TIME_NS"]; + "throttled" -> "armed_throttled" [ label =3D "dl_defer_arm" ]; + "throttled" -> "preempted_throttled" [ label =3D "sched_switch_out" ]; + "throttled" -> "running" [ label =3D "dl_replenish;reset(clk)" ]; + { rank =3D min ; + "__init_running"; + "running"; + } +} --=20 2.52.0 From nobody Fri Dec 19 07:17:15 2025 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8180532694D for ; Fri, 5 Dec 2025 13:18:08 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.133.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1764940697; cv=none; b=m3+bmtebyK7/8o8kkD3Nu3WHpQh9y7zr1+JMYGTeV6Qt9kth4M52F2d+BqSUM+fRV38E5D/tZxj8TzapNLK+TlEQq+aoJOQ2uPFWxLD+B+YJzKh/Tfw+MaoGpFPCGMPGYk3V9bxru1NwVF9GKOdiIQB881ea5i7XzSRJQWKQrsY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1764940697; c=relaxed/simple; bh=vRoiUkHhty69DmiZzizswQMZUC6qUgKmStlrCcfA3Es=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=jgkOvO7lr0w08NE1TcTuqcPz+GWpcycxlzFOeFG4Yc6KqXjB8fFADKO9ePGK5chr4rQvLgIwezxxBM689nILoQ42w8SEURx7H+5FSLtPc8kCKsq3TNJACUXbL7dyGxRIOpQYC9nrClq46SfK2+AoIsekt8+tEGRfhXvsVkPUGts= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=fCKFJ50Y; arc=none smtp.client-ip=170.10.133.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="fCKFJ50Y" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1764940685; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=ICOmQ7fc5SQrnAuXkV7VaT/+VP+aLo06mkMalK5kUN8=; b=fCKFJ50YL0FcDQwhm5lmIBVO+9hOSpGItHOURUCLOH13gLFErIuYs7/5Wgne0xfTkyzks+ ow9mMH0+YDfvqEWz+pExj83rEmBlBBE2wL2BVrRnTy3FLbEa3oofuf+pyhLdGaySbmihq8 L1v8Om2Q4qUi7lWQfl1KaCCWdgxsWWY= Received: from mx-prod-mc-08.mail-002.prod.us-west-2.aws.redhat.com (ec2-35-165-154-97.us-west-2.compute.amazonaws.com [35.165.154.97]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-30-zAaaEvUWPuOwqa8iv2sfCw-1; Fri, 05 Dec 2025 08:18:02 -0500 X-MC-Unique: zAaaEvUWPuOwqa8iv2sfCw-1 X-Mimecast-MFC-AGG-ID: zAaaEvUWPuOwqa8iv2sfCw_1764940681 Received: from mx-prod-int-08.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-08.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.111]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-08.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 0106C18002C1; Fri, 5 Dec 2025 13:18:01 +0000 (UTC) Received: from gmonaco-thinkpadt14gen3.rmtit.csb (unknown [10.45.226.23]) by mx-prod-int-08.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id 6CB6B180044F; Fri, 5 Dec 2025 13:17:55 +0000 (UTC) From: Gabriele Monaco To: linux-kernel@vger.kernel.org, Steven Rostedt , Nam Cao , Gabriele Monaco , Jonathan Corbet , Masami Hiramatsu , linux-trace-kernel@vger.kernel.org, linux-doc@vger.kernel.org Cc: Tomas Glozar , Juri Lelli , Clark Williams , John Kacur Subject: [PATCH v3 13/13] rv: Add dl_server specific monitors Date: Fri, 5 Dec 2025 14:16:21 +0100 Message-ID: <20251205131621.135513-14-gmonaco@redhat.com> In-Reply-To: <20251205131621.135513-1-gmonaco@redhat.com> References: <20251205131621.135513-1-gmonaco@redhat.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.111 Content-Type: text/plain; charset="utf-8" Add monitors to validate the behaviour of the deadline server. The currently implemented monitors are: * boost fair tasks run either independently or boosted * laxity deferrable servers wait for zero-laxity and run Signed-off-by: Gabriele Monaco --- Documentation/trace/rv/monitor_deadline.rst | 115 ++++++++ kernel/trace/rv/Kconfig | 2 + kernel/trace/rv/Makefile | 2 + kernel/trace/rv/monitors/boost/Kconfig | 15 + kernel/trace/rv/monitors/boost/boost.c | 279 ++++++++++++++++++ kernel/trace/rv/monitors/boost/boost.h | 159 ++++++++++ kernel/trace/rv/monitors/boost/boost_trace.h | 19 ++ kernel/trace/rv/monitors/laxity/Kconfig | 14 + kernel/trace/rv/monitors/laxity/laxity.c | 226 ++++++++++++++ kernel/trace/rv/monitors/laxity/laxity.h | 126 ++++++++ .../trace/rv/monitors/laxity/laxity_trace.h | 19 ++ kernel/trace/rv/rv_trace.h | 2 + tools/verification/models/deadline/boost.dot | 51 ++++ tools/verification/models/deadline/laxity.dot | 34 +++ 14 files changed, 1063 insertions(+) create mode 100644 kernel/trace/rv/monitors/boost/Kconfig create mode 100644 kernel/trace/rv/monitors/boost/boost.c create mode 100644 kernel/trace/rv/monitors/boost/boost.h create mode 100644 kernel/trace/rv/monitors/boost/boost_trace.h create mode 100644 kernel/trace/rv/monitors/laxity/Kconfig create mode 100644 kernel/trace/rv/monitors/laxity/laxity.c create mode 100644 kernel/trace/rv/monitors/laxity/laxity.h create mode 100644 kernel/trace/rv/monitors/laxity/laxity_trace.h create mode 100644 tools/verification/models/deadline/boost.dot create mode 100644 tools/verification/models/deadline/laxity.dot diff --git a/Documentation/trace/rv/monitor_deadline.rst b/Documentation/tr= ace/rv/monitor_deadline.rst index 481748adaac3..e5cf5db91650 100644 --- a/Documentation/trace/rv/monitor_deadline.rst +++ b/Documentation/trace/rv/monitor_deadline.rst @@ -149,3 +149,118 @@ replenish on an idle CPU, meaningful only for servers= :: +---------------+ <-+ ^ | | +---------------- dl_throttle;is_constr_dl =3D=3D 1 -------------+ + +Monitor boost +~~~~~~~~~~~~~ + +The boost monitor ensures tasks associated to a server (e.g. fair tasks) r= un +either independently or boosted in a timely manner. +Unlike other models, the ``running`` state (and the ``switch_in/out`` even= ts) +indicates that any fair task is running, this needs to happen within a +threshold that depends on server deadline and remaining runtime, whenever a +task is ready. + +The following chart is simplified to avoid confusion, several less importa= nt +self-loops on states have been removed and event names have been simplifie= d: + +* ``idle`` (``dl_server_idle``) occurs when the CPU runs the idle task. +* ``start/stop`` (``dl_server_start/stop``) start and stop the server. +* ``switch`` (``sched_switch_in/out``) represented as a double arrow to + indicate both events are present: ``ready/throttled -- switch_in -> + running/throttled_running`` and vice versa with ``switch_out``. As stated + above this fires when any fair task starting or stopping to run. +* ``resume/resume_throttle``: a fair task woke up, potentially when the se= rver + is throttled (no runtime left), this event is especially frequent on self + loops (no state change during a wakeup) but is removed here for clarity. +* arrows merges with an ``x`` sign to indicate they are the same event goi= ng to + the same state (but with different origins). The ``+`` sign indicates no= rmal + crossings or corners. + +Refer to the dot file for the full specification:: + + | + v + #=3D=3D=3D=3D=3D=3D=3D=3D=3D# idle +----------+ + H H <----- switch_out ----- | | + +-->H stopped H | stopping | + | H H --+ | | + | #=3D=3D=3D=3D=3D=3D=3D=3D=3D# | +----------+ + | ^ | ^ + | | | stop;reset(clk) | replenish;reset= (clk) + | stop | | +--+ + | | start;reset(clk) +--------------------+ | | + | | v | | v + | +--------- +---------------+ <---------- switch --------> +-------= --+ + | | ready | | = | + | +- resume -> | | -replenish;reset(clk) | runnin= g | + | | | clk < thesh() | | | = | + | | +- idle - +---------------+ <-+ +---------------- +-------= --+ + | | | | ^ | ^ | + | | | | | throttle | | + | | | | |replenish;reset(clk) | | | + | | | throttle | | replenish;reset(clk) | + | | | | | | | | + | | | v | v | | + | | | +---------+ switch +-------------------+ | | + x---+--+-- | | <----------> | throttled_running | --------+ | + | | | |throttled| +-------------------+ | + | | | | | -----+ | | + | | | +---------+ | | | + | | | ^ | | | + | | | resume_throttle | | | + stop | | | | | | + | | v | | | | + | +---------+ <-----------x--- idle ---x-----------------------------+ + | | | + +-- | idle | <--+ + | | | replenish;reset(clk) + +---------+ ---+ + +Monitor laxity +~~~~~~~~~~~~~~ + +The laxity monitor ensure deferrable servers go to a zero-laxity wait unle= ss +already running and run in starvation cases. The model can stay in the +zero-laxity wait only for a limited time depending on deadline and runtime, +then the server either prepares to stop (after ``idle_wait``) or prepares = to +boost a task (``running``). Boosting (``sched_switch_in``) is only allowed= in +the ``running`` state:: + + | + +----- dl_server_stop -----+ | + | v v + | #=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D# + | +------- H stopped H + | | #=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D# + | | | ^ + | | dl_server_start_running; dl_server_stop + | | reset(clk) | + | | v | dl_replenish_running; + | | +-------------------------------------+ clk < REPLENISH_NS + | | | | -------------+ + | | | running | | + | | | | <------------+ + | | +-------------------------------------+ + | | | ^ ^ + | | dl_throttle dl_replenish_running | + | | v | | + | | +-----------------+ | | + | | | replenish_wait | -+ | + | | +-----------------+ | + | | | | + | | dl_replenish;reset(clk) | dl_replenish_running + | | dl_replenish_idle;reset(clk) | + | | v | + | dl_server_start; +--------------------------+ dl_replenish;reset= (clk) + | reset(clk) | zero_laxity_wait | -------------+ + | | | clk < laxity_ns() | | + | +---------------> | | <------------+ + | +--------------------------+ + | | ^ + | dl_replenish_idle;reset(clk) | dl_replenish;reset(clk) + | v | + | +-------------------------+ | + +------------------ | idle_wait | -+ + +-------------------------+ + ^ dl_replenish_idle;reset(clk) + +-------------+ diff --git a/kernel/trace/rv/Kconfig b/kernel/trace/rv/Kconfig index 719cdcfb6d41..139443e0e51c 100644 --- a/kernel/trace/rv/Kconfig +++ b/kernel/trace/rv/Kconfig @@ -82,6 +82,8 @@ source "kernel/trace/rv/monitors/stall/Kconfig" source "kernel/trace/rv/monitors/deadline/Kconfig" source "kernel/trace/rv/monitors/nomiss/Kconfig" source "kernel/trace/rv/monitors/throttle/Kconfig" +source "kernel/trace/rv/monitors/boost/Kconfig" +source "kernel/trace/rv/monitors/laxity/Kconfig" # Add new deadline monitors here =20 # Add new monitors here diff --git a/kernel/trace/rv/Makefile b/kernel/trace/rv/Makefile index 15a1edc8bd0f..4cf15c189a96 100644 --- a/kernel/trace/rv/Makefile +++ b/kernel/trace/rv/Makefile @@ -21,6 +21,8 @@ obj-$(CONFIG_RV_MON_STALL) +=3D monitors/stall/stall.o obj-$(CONFIG_RV_MON_DEADLINE) +=3D monitors/deadline/deadline.o obj-$(CONFIG_RV_MON_NOMISS) +=3D monitors/nomiss/nomiss.o obj-$(CONFIG_RV_MON_THROTTLE) +=3D monitors/throttle/throttle.o +obj-$(CONFIG_RV_MON_BOOST) +=3D monitors/boost/boost.o +obj-$(CONFIG_RV_MON_LAXITY) +=3D monitors/laxity/laxity.o # Add new monitors here obj-$(CONFIG_RV_REACTORS) +=3D rv_reactors.o obj-$(CONFIG_RV_REACT_PRINTK) +=3D reactor_printk.o diff --git a/kernel/trace/rv/monitors/boost/Kconfig b/kernel/trace/rv/monit= ors/boost/Kconfig new file mode 100644 index 000000000000..3fa121f77729 --- /dev/null +++ b/kernel/trace/rv/monitors/boost/Kconfig @@ -0,0 +1,15 @@ +# SPDX-License-Identifier: GPL-2.0-only +# +config RV_MON_BOOST + depends on RV + depends on RV_MON_DEADLINE + default y + select HA_MON_EVENTS_ID + bool "boost monitor" + help + Monitor to ensure tasks associated to a server (e.g. fair tasks) run + either independently or boosted in a timely manner. + This monitor is part of the deadline monitors collection. + + For further information, see: + Documentation/trace/rv/monitor_deadline.rst diff --git a/kernel/trace/rv/monitors/boost/boost.c b/kernel/trace/rv/monit= ors/boost/boost.c new file mode 100644 index 000000000000..1f940dc7a9c5 --- /dev/null +++ b/kernel/trace/rv/monitors/boost/boost.c @@ -0,0 +1,279 @@ +// SPDX-License-Identifier: GPL-2.0 +#include +#include +#include +#include +#include +#include +#include + +#define MODULE_NAME "boost" + +#include +#include +#include + +#define RV_MON_TYPE RV_MON_PER_OBJ +#define DA_SKIP_AUTO_ALLOC +#define HA_TIMER_TYPE HA_TIMER_WHEEL +typedef struct sched_dl_entity *monitor_target; +#include "boost.h" +#include +#include + +#define STOPPING_NS TICK_NSEC + +static inline u64 server_threshold_ns(struct ha_monitor *ha_mon) +{ + struct sched_dl_entity *dl_se =3D ha_get_target(ha_mon); + + return dl_se->dl_deadline + TICK_NSEC - dl_se->runtime; +} + +static u64 ha_get_env(struct ha_monitor *ha_mon, enum envs_boost env, u64 = time_ns) +{ + if (env =3D=3D clk_boost) + return ha_get_clk_ns(ha_mon, env, time_ns); + return ENV_INVALID_VALUE; +} + +static void ha_reset_env(struct ha_monitor *ha_mon, enum envs_boost env, u= 64 time_ns) +{ + if (env =3D=3D clk_boost) + ha_reset_clk_ns(ha_mon, env, time_ns); +} + +static inline bool ha_verify_invariants(struct ha_monitor *ha_mon, + enum states curr_state, enum events event, + enum states next_state, u64 time_ns) +{ + if (curr_state =3D=3D ready_boost) + return ha_check_invariant_ns(ha_mon, clk_boost, time_ns); + else if (curr_state =3D=3D stopping_boost) + return ha_check_invariant_ns(ha_mon, clk_boost, time_ns); + return true; +} + +static inline bool ha_verify_guards(struct ha_monitor *ha_mon, + enum states curr_state, enum events event, + enum states next_state, u64 time_ns) +{ + bool res =3D true; + + if (curr_state =3D=3D idle_boost && event =3D=3D dl_replenish_boost) + ha_reset_env(ha_mon, clk_boost, time_ns); + else if (curr_state =3D=3D ready_boost && event =3D=3D dl_replenish_boost) + ha_reset_env(ha_mon, clk_boost, time_ns); + else if (curr_state =3D=3D running_boost && event =3D=3D dl_replenish_boo= st) + ha_reset_env(ha_mon, clk_boost, time_ns); + else if (curr_state =3D=3D running_boost && event =3D=3D dl_server_stop_b= oost) + ha_reset_env(ha_mon, clk_boost, time_ns); + else if (curr_state =3D=3D stopped_boost && event =3D=3D dl_server_start_= boost) + ha_reset_env(ha_mon, clk_boost, time_ns); + else if (curr_state =3D=3D throttled_boost && event =3D=3D dl_replenish_b= oost) + ha_reset_env(ha_mon, clk_boost, time_ns); + else if (curr_state =3D=3D throttled_running_boost && event =3D=3D dl_rep= lenish_boost) + ha_reset_env(ha_mon, clk_boost, time_ns); + return res; +} + +static inline void ha_setup_invariants(struct ha_monitor *ha_mon, + enum states curr_state, enum events event, + enum states next_state, u64 time_ns) +{ + if (next_state =3D=3D curr_state && event !=3D dl_replenish_boost) + return; + if (next_state =3D=3D ready_boost) + ha_start_timer_ns(ha_mon, clk_boost, server_threshold_ns(ha_mon), time_n= s); + else if (next_state =3D=3D stopping_boost) + ha_start_timer_ns(ha_mon, clk_boost, STOPPING_NS, time_ns); + else if (curr_state =3D=3D ready_boost) + ha_cancel_timer(ha_mon); + else if (curr_state =3D=3D stopping_boost) + ha_cancel_timer(ha_mon); +} + +static bool ha_verify_constraint(struct ha_monitor *ha_mon, + enum states curr_state, enum events event, + enum states next_state, u64 time_ns) +{ + if (!ha_verify_invariants(ha_mon, curr_state, event, next_state, time_ns)) + return false; + + if (!ha_verify_guards(ha_mon, curr_state, event, next_state, time_ns)) + return false; + + ha_setup_invariants(ha_mon, curr_state, event, next_state, time_ns); + + return true; +} + +static void handle_dl_replenish(void *data, struct sched_dl_entity *dl_se,= int cpu) +{ + da_handle_event(EXPAND_ID(dl_se, cpu), dl_replenish_boost); +} + +static void handle_sched_switch(void *data, bool preempt, + struct task_struct *prev, + struct task_struct *next, + unsigned int prev_state) +{ + struct sched_dl_entity *dl_se =3D get_fair_server(next); + int cpu =3D task_cpu(next); + + /* + * The server is available in next only if the next task is boosted, + * otherwise we need to retrieve it. + * This monitor considers switch in/out whenever a task related to the + * server (i.e. fair) is scheduled in or out, boosted or not. + * Any switch to the same policy is ignored. + * Note: idle may race with concurrent wakeup/migration events. + */ + if (!dl_se || (next->policy =3D=3D prev->policy && !is_idle_task(next) && + !is_idle_task(prev))) + return; + if (is_idle_task(next)) + da_handle_event(EXPAND_ID(dl_se, cpu), dl_server_idle_boost); + else if (next->policy =3D=3D SCHED_NORMAL) + da_handle_event(EXPAND_ID(dl_se, cpu), sched_switch_in_boost); + else if (prev->policy =3D=3D SCHED_NORMAL && !is_idle_task(prev)) + da_handle_event(EXPAND_ID(dl_se, cpu), sched_switch_out_boost); +} + +static void handle_syscall(void *data, struct pt_regs *regs, long id) +{ + struct sched_dl_entity *dl_se; + struct task_struct *p; + int new_policy =3D -1; + + new_policy =3D extract_params(regs, id, &p); + if (new_policy < 0 || new_policy =3D=3D p->policy) + return; + dl_se =3D get_fair_server(p); + if (!dl_se || !p->on_rq) + return; + /* + * Note: this attaches to the syscall entry and is unstable: + * - the syscall may fail + * - the task may be preempted before changing the policy + * A more robust solution can be written using enqueue/dequeue events. + */ + if (p->policy =3D=3D SCHED_NORMAL) + da_handle_event(EXPAND_ID(dl_se, task_cpu(p)), sched_switch_out_boost); + else if (new_policy =3D=3D SCHED_NORMAL) + da_handle_event(EXPAND_ID(dl_se, task_cpu(p)), dl_server_resume_boost); +} + +static void handle_sched_wakeup(void *data, struct task_struct *tsk) +{ + struct sched_dl_entity *dl_se =3D get_fair_server(tsk); + + if (dl_se && tsk->policy =3D=3D SCHED_NORMAL) { + da_handle_event(EXPAND_ID(dl_se, task_cpu(tsk)), + dl_se->runtime > 0 ? + dl_server_resume_boost : + dl_server_resume_throttled_boost); + } +} + +static void handle_sched_migrate(void *data, struct task_struct *p, int de= st_cpu) +{ + struct sched_dl_entity *orig_dl_se, *dest_dl_se; + + if (p->policy !=3D SCHED_NORMAL) + return; + orig_dl_se =3D get_fair_server(p); + dest_dl_se =3D da_get_target_by_id(fair_server_id(dest_cpu)); + if (orig_dl_se && idle_cpu(task_cpu(p))) + da_handle_event(EXPAND_ID(orig_dl_se, task_cpu(p)), dl_server_idle_boost= ); + if (dest_dl_se) { + da_handle_event(EXPAND_ID(dest_dl_se, dest_cpu), + dest_dl_se->runtime > 0 ? + dl_server_resume_boost : + dl_server_resume_throttled_boost); + } +} + +static void handle_dl_server_start(void *data, struct sched_dl_entity *dl_= se, int cpu) +{ + da_handle_event(EXPAND_ID(dl_se, cpu), dl_server_start_boost); +} + +static void handle_dl_server_stop(void *data, struct sched_dl_entity *dl_s= e, int cpu) +{ + da_handle_start_event(EXPAND_ID(dl_se, cpu), dl_server_stop_boost); +} + +static void handle_dl_throttle(void *data, struct sched_dl_entity *dl_se, = int cpu) +{ + da_handle_event(EXPAND_ID(dl_se, cpu), dl_throttle_boost); +} + +static int enable_boost(void) +{ + int retval; + + retval =3D da_monitor_init(); + if (retval) + return retval; + + retval =3D init_storage(true); + if (retval) + return retval; + rv_attach_trace_probe("boost", sched_dl_replenish_tp, handle_dl_replenish= ); + rv_attach_trace_probe("boost", sched_dl_server_start_tp, handle_dl_server= _start); + rv_attach_trace_probe("boost", sched_dl_server_stop_tp, handle_dl_server_= stop); + rv_attach_trace_probe("boost", sched_dl_throttle_tp, handle_dl_throttle); + rv_attach_trace_probe("boost", sched_wakeup, handle_sched_wakeup); + rv_attach_trace_probe("boost", sched_wakeup_new, handle_sched_wakeup); + rv_attach_trace_probe("boost", sched_migrate_task, handle_sched_migrate); + rv_attach_trace_probe("boost", sched_switch, handle_sched_switch); + if (!should_skip_syscall_handle()) + rv_attach_trace_probe("boost", sys_enter, handle_syscall); + + return 0; +} + +static void disable_boost(void) +{ + rv_this.enabled =3D 0; + + rv_detach_trace_probe("boost", sched_dl_replenish_tp, handle_dl_replenish= ); + rv_detach_trace_probe("boost", sched_dl_server_start_tp, handle_dl_server= _start); + rv_detach_trace_probe("boost", sched_dl_server_stop_tp, handle_dl_server_= stop); + rv_detach_trace_probe("boost", sched_dl_throttle_tp, handle_dl_throttle); + rv_detach_trace_probe("boost", sched_wakeup, handle_sched_wakeup); + rv_detach_trace_probe("boost", sched_wakeup_new, handle_sched_wakeup); + rv_detach_trace_probe("boost", sched_migrate_task, handle_sched_migrate); + rv_detach_trace_probe("boost", sched_switch, handle_sched_switch); + if (!should_skip_syscall_handle()) + rv_detach_trace_probe("boost", sys_enter, handle_syscall); + + da_monitor_destroy(); +} + +static struct rv_monitor rv_this =3D { + .name =3D "boost", + .description =3D "fair tasks run either independently or boosted.", + .enable =3D enable_boost, + .disable =3D disable_boost, + .reset =3D da_monitor_reset_all, + .enabled =3D 0, +}; + +static int __init register_boost(void) +{ + return rv_register_monitor(&rv_this, &rv_deadline); +} + +static void __exit unregister_boost(void) +{ + rv_unregister_monitor(&rv_this); +} + +module_init(register_boost); +module_exit(unregister_boost); + +MODULE_LICENSE("GPL"); +MODULE_AUTHOR("Gabriele Monaco "); +MODULE_DESCRIPTION("boost: fair tasks run either independently or boosted.= "); diff --git a/kernel/trace/rv/monitors/boost/boost.h b/kernel/trace/rv/monit= ors/boost/boost.h new file mode 100644 index 000000000000..2d7b6116b1d0 --- /dev/null +++ b/kernel/trace/rv/monitors/boost/boost.h @@ -0,0 +1,159 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +/* + * Automatically generated C representation of boost automaton + * For further information about this format, see kernel documentation: + * Documentation/trace/rv/deterministic_automata.rst + */ + +#define MONITOR_NAME boost + +enum states_boost { + stopped_boost, + idle_boost, + ready_boost, + running_boost, + stopping_boost, + throttled_boost, + throttled_running_boost, + state_max_boost, +}; + +#define INVALID_STATE state_max_boost + +enum events_boost { + dl_replenish_boost, + dl_server_idle_boost, + dl_server_resume_boost, + dl_server_resume_throttled_boost, + dl_server_start_boost, + dl_server_stop_boost, + dl_throttle_boost, + sched_switch_in_boost, + sched_switch_out_boost, + event_max_boost, +}; + +enum envs_boost { + clk_boost, + env_max_boost, + env_max_stored_boost =3D env_max_boost, +}; + +_Static_assert(env_max_stored_boost <=3D MAX_HA_ENV_LEN, "Not enough slots= "); +#define HA_CLK_NS + +struct automaton_boost { + char *state_names[state_max_boost]; + char *event_names[event_max_boost]; + char *env_names[env_max_boost]; + unsigned char function[state_max_boost][event_max_boost]; + unsigned char initial_state; + bool final_states[state_max_boost]; +}; + +static const struct automaton_boost automaton_boost =3D { + .state_names =3D { + "stopped", + "idle", + "ready", + "running", + "stopping", + "throttled", + "throttled_running", + }, + .event_names =3D { + "dl_replenish", + "dl_server_idle", + "dl_server_resume", + "dl_server_resume_throttled", + "dl_server_start", + "dl_server_stop", + "dl_throttle", + "sched_switch_in", + "sched_switch_out", + }, + .env_names =3D { + "clk", + }, + .function =3D { + { + INVALID_STATE, + stopped_boost, + stopped_boost, + stopped_boost, + ready_boost, + INVALID_STATE, + INVALID_STATE, + INVALID_STATE, + stopped_boost, + }, + { + idle_boost, + idle_boost, + ready_boost, + throttled_boost, + INVALID_STATE, + stopped_boost, + idle_boost, + INVALID_STATE, + INVALID_STATE, + }, + { + ready_boost, + idle_boost, + ready_boost, + ready_boost, + INVALID_STATE, + stopped_boost, + throttled_boost, + running_boost, + ready_boost, + }, + { + running_boost, + idle_boost, + running_boost, + running_boost, + INVALID_STATE, + stopping_boost, + throttled_running_boost, + INVALID_STATE, + ready_boost, + }, + { + INVALID_STATE, + stopped_boost, + INVALID_STATE, + INVALID_STATE, + INVALID_STATE, + INVALID_STATE, + INVALID_STATE, + INVALID_STATE, + stopped_boost, + }, + { + ready_boost, + idle_boost, + INVALID_STATE, + throttled_boost, + INVALID_STATE, + stopped_boost, + throttled_boost, + throttled_running_boost, + INVALID_STATE, + }, + { + running_boost, + idle_boost, + INVALID_STATE, + throttled_running_boost, + INVALID_STATE, + INVALID_STATE, + throttled_running_boost, + INVALID_STATE, + throttled_boost, + }, + }, + .initial_state =3D stopped_boost, + .final_states =3D { 1, 0, 0, 0, 0, 0, 0 }, +}; diff --git a/kernel/trace/rv/monitors/boost/boost_trace.h b/kernel/trace/rv= /monitors/boost/boost_trace.h new file mode 100644 index 000000000000..7e422b0e586d --- /dev/null +++ b/kernel/trace/rv/monitors/boost/boost_trace.h @@ -0,0 +1,19 @@ +/* SPDX-License-Identifier: GPL-2.0 */ + +/* + * Snippet to be included in rv_trace.h + */ + +#ifdef CONFIG_RV_MON_BOOST +DEFINE_EVENT(event_da_monitor_id, event_boost, + TP_PROTO(int id, char *state, char *event, char *next_state, bool fi= nal_state), + TP_ARGS(id, state, event, next_state, final_state)); + +DEFINE_EVENT(error_da_monitor_id, error_boost, + TP_PROTO(int id, char *state, char *event), + TP_ARGS(id, state, event)); + +DEFINE_EVENT(error_env_da_monitor_id, error_env_boost, + TP_PROTO(int id, char *state, char *event, char *env), + TP_ARGS(id, state, event, env)); +#endif /* CONFIG_RV_MON_BOOST */ diff --git a/kernel/trace/rv/monitors/laxity/Kconfig b/kernel/trace/rv/moni= tors/laxity/Kconfig new file mode 100644 index 000000000000..7ba69405d09b --- /dev/null +++ b/kernel/trace/rv/monitors/laxity/Kconfig @@ -0,0 +1,14 @@ +# SPDX-License-Identifier: GPL-2.0-only +# +config RV_MON_LAXITY + depends on RV + depends on RV_MON_DEADLINE + default y + select HA_MON_EVENTS_ID + bool "laxity monitor" + help + Monitor to ensure deferrable servers go to a zero-laxity wait unless + already running and run in starvation cases. + + For further information, see: + Documentation/trace/rv/monitor_deadline.rst diff --git a/kernel/trace/rv/monitors/laxity/laxity.c b/kernel/trace/rv/mon= itors/laxity/laxity.c new file mode 100644 index 000000000000..5a2ef4a4ec9b --- /dev/null +++ b/kernel/trace/rv/monitors/laxity/laxity.c @@ -0,0 +1,226 @@ +// SPDX-License-Identifier: GPL-2.0 +#include +#include +#include +#include +#include +#include +#include + +#define MODULE_NAME "laxity" + +#include +#include +#include + +#define RV_MON_TYPE RV_MON_PER_OBJ +#define HA_TIMER_TYPE HA_TIMER_WHEEL +/* The start condition is on server_stop, allocation likely fails on PREEM= PT_RT */ +#define DA_SKIP_AUTO_ALLOC +typedef struct sched_dl_entity *monitor_target; +#include "laxity.h" +#include +#include + +/* with sched_feat(HRTICK_DL) the threshold can be lower */ +#define RUNTIME_THRESH TICK_NSEC + +/* allow replenish when running only right after server start */ +#define REPLENISH_NS TICK_NSEC + +static inline u64 laxity_ns(struct ha_monitor *ha_mon) +{ + struct sched_dl_entity *dl_se =3D pi_of(ha_get_target(ha_mon)); + + return dl_se->dl_deadline - dl_se->runtime + RUNTIME_THRESH; +} + +static u64 ha_get_env(struct ha_monitor *ha_mon, enum envs_laxity env, u64= time_ns) +{ + if (env =3D=3D clk_laxity) + return ha_get_clk_ns(ha_mon, env, time_ns); + return ENV_INVALID_VALUE; +} + +static void ha_reset_env(struct ha_monitor *ha_mon, enum envs_laxity env, = u64 time_ns) +{ + if (env =3D=3D clk_laxity) + ha_reset_clk_ns(ha_mon, env, time_ns); +} + +static inline bool ha_verify_invariants(struct ha_monitor *ha_mon, + enum states curr_state, enum events event, + enum states next_state, u64 time_ns) +{ + if (curr_state =3D=3D zero_laxity_wait_laxity) + return ha_check_invariant_ns(ha_mon, clk_laxity, time_ns); + return true; +} + +static inline void ha_convert_inv_guard(struct ha_monitor *ha_mon, + enum states curr_state, enum events event, + enum states next_state, u64 time_ns) +{ + if (curr_state =3D=3D next_state) + return; + if (curr_state =3D=3D zero_laxity_wait_laxity) + ha_inv_to_guard(ha_mon, clk_laxity, laxity_ns(ha_mon), time_ns); +} + +static inline bool ha_verify_guards(struct ha_monitor *ha_mon, + enum states curr_state, enum events event, + enum states next_state, u64 time_ns) +{ + bool res =3D true; + + if (curr_state =3D=3D idle_wait_laxity && event =3D=3D dl_replenish_idle_= laxity) + ha_reset_env(ha_mon, clk_laxity, time_ns); + else if (curr_state =3D=3D idle_wait_laxity && event =3D=3D dl_replenish_= laxity) + ha_reset_env(ha_mon, clk_laxity, time_ns); + else if (curr_state =3D=3D replenish_wait_laxity && event =3D=3D dl_reple= nish_laxity) + ha_reset_env(ha_mon, clk_laxity, time_ns); + else if (curr_state =3D=3D replenish_wait_laxity && event =3D=3D dl_reple= nish_idle_laxity) + ha_reset_env(ha_mon, clk_laxity, time_ns); + else if (curr_state =3D=3D running_laxity && event =3D=3D dl_replenish_ru= nning_laxity) + res =3D ha_monitor_env_invalid(ha_mon, clk_laxity) || + ha_get_env(ha_mon, clk_laxity, time_ns) < REPLENISH_NS; + else if (curr_state =3D=3D stopped_laxity && event =3D=3D dl_server_start= _running_laxity) + ha_reset_env(ha_mon, clk_laxity, time_ns); + else if (curr_state =3D=3D stopped_laxity && event =3D=3D dl_server_start= _laxity) + ha_reset_env(ha_mon, clk_laxity, time_ns); + else if (curr_state =3D=3D zero_laxity_wait_laxity && event =3D=3D dl_rep= lenish_idle_laxity) + ha_reset_env(ha_mon, clk_laxity, time_ns); + else if (curr_state =3D=3D zero_laxity_wait_laxity && event =3D=3D dl_rep= lenish_laxity) + ha_reset_env(ha_mon, clk_laxity, time_ns); + return res; +} + +static inline void ha_setup_invariants(struct ha_monitor *ha_mon, + enum states curr_state, enum events event, + enum states next_state, u64 time_ns) +{ + if (next_state =3D=3D curr_state && event !=3D dl_replenish_idle_laxity && + event !=3D dl_replenish_laxity) + return; + if (next_state =3D=3D zero_laxity_wait_laxity) + ha_start_timer_ns(ha_mon, clk_laxity, laxity_ns(ha_mon), time_ns); + else if (curr_state =3D=3D zero_laxity_wait_laxity) + ha_cancel_timer(ha_mon); +} + +static bool ha_verify_constraint(struct ha_monitor *ha_mon, + enum states curr_state, enum events event, + enum states next_state, u64 time_ns) +{ + if (!ha_verify_invariants(ha_mon, curr_state, event, next_state, time_ns)) + return false; + + ha_convert_inv_guard(ha_mon, curr_state, event, next_state, time_ns); + + if (!ha_verify_guards(ha_mon, curr_state, event, next_state, time_ns)) + return false; + + ha_setup_invariants(ha_mon, curr_state, event, next_state, time_ns); + + return true; +} + +static void handle_dl_replenish(void *data, struct sched_dl_entity *dl_se,= int cpu) +{ + /* Special replenish happening after throttle, ignore it */ + if (dl_se->dl_defer_running && dl_se->dl_throttled) + return; + if (dl_se->dl_defer_running) + da_handle_event(EXPAND_ID(dl_se, cpu), dl_replenish_running_laxity); + else if (idle_cpu(cpu) || (smp_processor_id() =3D=3D cpu && is_idle_task(= current))) + da_handle_event(EXPAND_ID(dl_se, cpu), dl_replenish_idle_laxity); + else + da_handle_event(EXPAND_ID(dl_se, cpu), dl_replenish_laxity); +} + +static void handle_dl_server_start(void *data, struct sched_dl_entity *dl_= se, int cpu) +{ + if (dl_se->dl_defer_running) + da_handle_event(EXPAND_ID(dl_se, cpu), dl_server_start_running_laxity); + else + da_handle_event(EXPAND_ID(dl_se, cpu), dl_server_start_laxity); +} + +static void handle_dl_server_stop(void *data, struct sched_dl_entity *dl_s= e, int cpu) +{ + da_handle_start_event(EXPAND_ID(dl_se, cpu), dl_server_stop_laxity); +} + +static void handle_dl_throttle(void *data, struct sched_dl_entity *dl_se, = int cpu) +{ + da_handle_event(EXPAND_ID(dl_se, cpu), dl_throttle_laxity); +} + +static void handle_sched_switch(void *data, bool preempt, + struct task_struct *prev, + struct task_struct *next, + unsigned int prev_state) +{ + if (next->dl_server) + da_handle_start_event(EXPAND_ID(next->dl_server, task_cpu(next)), + sched_switch_in_laxity); +} + +static int enable_laxity(void) +{ + int retval; + + retval =3D da_monitor_init(); + if (retval) + return retval; + + retval =3D init_storage(true); + if (retval) + return retval; + rv_attach_trace_probe("laxity", sched_dl_replenish_tp, handle_dl_replenis= h); + rv_attach_trace_probe("laxity", sched_dl_server_start_tp, handle_dl_serve= r_start); + rv_attach_trace_probe("laxity", sched_dl_server_stop_tp, handle_dl_server= _stop); + rv_attach_trace_probe("laxity", sched_dl_throttle_tp, handle_dl_throttle); + rv_attach_trace_probe("laxity", sched_switch, handle_sched_switch); + + return 0; +} + +static void disable_laxity(void) +{ + rv_this.enabled =3D 0; + + rv_detach_trace_probe("laxity", sched_dl_replenish_tp, handle_dl_replenis= h); + rv_detach_trace_probe("laxity", sched_dl_server_start_tp, handle_dl_serve= r_start); + rv_detach_trace_probe("laxity", sched_dl_server_stop_tp, handle_dl_server= _stop); + rv_detach_trace_probe("laxity", sched_dl_throttle_tp, handle_dl_throttle); + rv_detach_trace_probe("laxity", sched_switch, handle_sched_switch); + + da_monitor_destroy(); +} + +static struct rv_monitor rv_this =3D { + .name =3D "laxity", + .description =3D "deferrable servers wait for zero-laxity and run.", + .enable =3D enable_laxity, + .disable =3D disable_laxity, + .reset =3D da_monitor_reset_all, + .enabled =3D 0, +}; + +static int __init register_laxity(void) +{ + return rv_register_monitor(&rv_this, &rv_deadline); +} + +static void __exit unregister_laxity(void) +{ + rv_unregister_monitor(&rv_this); +} + +module_init(register_laxity); +module_exit(unregister_laxity); + +MODULE_LICENSE("GPL"); +MODULE_AUTHOR("Gabriele Monaco "); +MODULE_DESCRIPTION("laxity: deferrable servers wait for zero-laxity and ru= n."); diff --git a/kernel/trace/rv/monitors/laxity/laxity.h b/kernel/trace/rv/mon= itors/laxity/laxity.h new file mode 100644 index 000000000000..3fdab88be535 --- /dev/null +++ b/kernel/trace/rv/monitors/laxity/laxity.h @@ -0,0 +1,126 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +/* + * Automatically generated C representation of laxity automaton + * For further information about this format, see kernel documentation: + * Documentation/trace/rv/deterministic_automata.rst + */ + +#define MONITOR_NAME laxity + +enum states_laxity { + stopped_laxity, + idle_wait_laxity, + replenish_wait_laxity, + running_laxity, + zero_laxity_wait_laxity, + state_max_laxity, +}; + +#define INVALID_STATE state_max_laxity + +enum events_laxity { + dl_replenish_laxity, + dl_replenish_idle_laxity, + dl_replenish_running_laxity, + dl_server_start_laxity, + dl_server_start_running_laxity, + dl_server_stop_laxity, + dl_throttle_laxity, + sched_switch_in_laxity, + event_max_laxity, +}; + +enum envs_laxity { + clk_laxity, + env_max_laxity, + env_max_stored_laxity =3D env_max_laxity, +}; + +_Static_assert(env_max_stored_laxity <=3D MAX_HA_ENV_LEN, "Not enough slot= s"); +#define HA_CLK_NS + +struct automaton_laxity { + char *state_names[state_max_laxity]; + char *event_names[event_max_laxity]; + char *env_names[env_max_laxity]; + unsigned char function[state_max_laxity][event_max_laxity]; + unsigned char initial_state; + bool final_states[state_max_laxity]; +}; + +static const struct automaton_laxity automaton_laxity =3D { + .state_names =3D { + "stopped", + "idle_wait", + "replenish_wait", + "running", + "zero_laxity_wait", + }, + .event_names =3D { + "dl_replenish", + "dl_replenish_idle", + "dl_replenish_running", + "dl_server_start", + "dl_server_start_running", + "dl_server_stop", + "dl_throttle", + "sched_switch_in", + }, + .env_names =3D { + "clk", + }, + .function =3D { + { + INVALID_STATE, + INVALID_STATE, + INVALID_STATE, + zero_laxity_wait_laxity, + running_laxity, + INVALID_STATE, + INVALID_STATE, + INVALID_STATE, + }, + { + zero_laxity_wait_laxity, + idle_wait_laxity, + INVALID_STATE, + INVALID_STATE, + INVALID_STATE, + stopped_laxity, + INVALID_STATE, + INVALID_STATE, + }, + { + zero_laxity_wait_laxity, + zero_laxity_wait_laxity, + running_laxity, + INVALID_STATE, + INVALID_STATE, + INVALID_STATE, + INVALID_STATE, + INVALID_STATE, + }, + { + INVALID_STATE, + INVALID_STATE, + running_laxity, + INVALID_STATE, + INVALID_STATE, + stopped_laxity, + replenish_wait_laxity, + running_laxity, + }, + { + zero_laxity_wait_laxity, + idle_wait_laxity, + running_laxity, + INVALID_STATE, + INVALID_STATE, + INVALID_STATE, + INVALID_STATE, + INVALID_STATE, + }, + }, + .initial_state =3D stopped_laxity, + .final_states =3D { 1, 0, 0, 0, 0 }, +}; diff --git a/kernel/trace/rv/monitors/laxity/laxity_trace.h b/kernel/trace/= rv/monitors/laxity/laxity_trace.h new file mode 100644 index 000000000000..32580dba8f42 --- /dev/null +++ b/kernel/trace/rv/monitors/laxity/laxity_trace.h @@ -0,0 +1,19 @@ +/* SPDX-License-Identifier: GPL-2.0 */ + +/* + * Snippet to be included in rv_trace.h + */ + +#ifdef CONFIG_RV_MON_LAXITY +DEFINE_EVENT(event_da_monitor_id, event_laxity, + TP_PROTO(int id, char *state, char *event, char *next_state, bool fi= nal_state), + TP_ARGS(id, state, event, next_state, final_state)); + +DEFINE_EVENT(error_da_monitor_id, error_laxity, + TP_PROTO(int id, char *state, char *event), + TP_ARGS(id, state, event)); + +DEFINE_EVENT(error_env_da_monitor_id, error_env_laxity, + TP_PROTO(int id, char *state, char *event, char *env), + TP_ARGS(id, state, event, env)); +#endif /* CONFIG_RV_MON_LAXITY */ diff --git a/kernel/trace/rv/rv_trace.h b/kernel/trace/rv/rv_trace.h index 1bf0f3666ee4..f1d55c39dc48 100644 --- a/kernel/trace/rv/rv_trace.h +++ b/kernel/trace/rv/rv_trace.h @@ -190,6 +190,8 @@ DECLARE_EVENT_CLASS(error_env_da_monitor_id, #include #include #include +#include +#include // Add new monitors based on CONFIG_HA_MON_EVENTS_ID here =20 #endif diff --git a/tools/verification/models/deadline/boost.dot b/tools/verificat= ion/models/deadline/boost.dot new file mode 100644 index 000000000000..ee7bae1e8feb --- /dev/null +++ b/tools/verification/models/deadline/boost.dot @@ -0,0 +1,51 @@ +digraph state_automaton { + center =3D true; + size =3D "7,11"; + {node [shape =3D circle] "idle"}; + {node [shape =3D circle] "ready"}; + {node [shape =3D circle] "running"}; + {node [shape =3D plaintext, style=3Dinvis, label=3D""] "__init_stopped"}; + {node [shape =3D doublecircle] "stopped"}; + {node [shape =3D circle] "stopped"}; + {node [shape =3D circle] "stopping"}; + {node [shape =3D circle] "throttled"}; + {node [shape =3D circle] "throttled_running"}; + "__init_stopped" -> "stopped"; + "idle" [label =3D "idle"]; + "idle" -> "idle" [ label =3D "dl_server_idle\ndl_replenish;reset(clk)\ndl= _throttle" ]; + "idle" -> "ready" [ label =3D "dl_server_resume" ]; + "idle" -> "stopped" [ label =3D "dl_server_stop" ]; + "idle" -> "throttled" [ label =3D "dl_server_resume_throttled" ]; + "ready" [label =3D "ready\nclk < server_threshold_ns()"]; + "ready" -> "idle" [ label =3D "dl_server_idle" ]; + "ready" -> "ready" [ label =3D "sched_switch_out\ndl_server_resume_thrott= led\ndl_server_resume\ndl_replenish;reset(clk)" ]; + "ready" -> "running" [ label =3D "sched_switch_in" ]; + "ready" -> "stopped" [ label =3D "dl_server_stop" ]; + "ready" -> "throttled" [ label =3D "dl_throttle" ]; + "running" [label =3D "running"]; + "running" -> "idle" [ label =3D "dl_server_idle" ]; + "running" -> "ready" [ label =3D "sched_switch_out" ]; + "running" -> "running" [ label =3D "dl_server_resume_throttled\ndl_server= _resume\ndl_replenish;reset(clk)" ]; + "running" -> "stopping" [ label =3D "dl_server_stop;reset(clk)" ]; + "running" -> "throttled_running" [ label =3D "dl_throttle" ]; + "stopped" [label =3D "stopped", color =3D green3]; + "stopped" -> "ready" [ label =3D "dl_server_start;reset(clk)" ]; + "stopped" -> "stopped" [ label =3D "dl_server_idle\nsched_switch_out\ndl_= server_resume\ndl_server_resume_throttled" ]; + "stopping" [label =3D "stopping\nclk < STOPPING_NS"]; + "stopping" -> "stopped" [ label =3D "dl_server_idle\nsched_switch_out" ]; + "throttled" [label =3D "throttled"]; + "throttled" -> "idle" [ label =3D "dl_server_idle" ]; + "throttled" -> "ready" [ label =3D "dl_replenish;reset(clk)" ]; + "throttled" -> "stopped" [ label =3D "dl_server_stop" ]; + "throttled" -> "throttled" [ label =3D "dl_throttle\ndl_server_resume_thr= ottled" ]; + "throttled" -> "throttled_running" [ label =3D "sched_switch_in" ]; + "throttled_running" [label =3D "throttled_running"]; + "throttled_running" -> "idle" [ label =3D "dl_server_idle" ]; + "throttled_running" -> "running" [ label =3D "dl_replenish;reset(clk)" ]; + "throttled_running" -> "throttled" [ label =3D "sched_switch_out" ]; + "throttled_running" -> "throttled_running" [ label =3D "dl_throttle\ndl_s= erver_resume_throttled" ]; + { rank =3D min ; + "__init_stopped"; + "stopped"; + } +} diff --git a/tools/verification/models/deadline/laxity.dot b/tools/verifica= tion/models/deadline/laxity.dot new file mode 100644 index 000000000000..e423a9de573c --- /dev/null +++ b/tools/verification/models/deadline/laxity.dot @@ -0,0 +1,34 @@ +digraph state_automaton { + center =3D true; + size =3D "7,11"; + {node [shape =3D circle] "idle_wait"}; + {node [shape =3D circle] "replenish_wait"}; + {node [shape =3D circle] "running"}; + {node [shape =3D plaintext, style=3Dinvis, label=3D""] "__init_stopped"}; + {node [shape =3D doublecircle] "stopped"}; + {node [shape =3D circle] "stopped"}; + {node [shape =3D circle] "zero_laxity_wait"}; + "__init_stopped" -> "stopped"; + "idle_wait" [label =3D "idle_wait"]; + "idle_wait" -> "idle_wait" [ label =3D "dl_replenish_idle;reset(clk)" ]; + "idle_wait" -> "stopped" [ label =3D "dl_server_stop" ]; + "idle_wait" -> "zero_laxity_wait" [ label =3D "dl_replenish;reset(clk)" ]; + "replenish_wait" [label =3D "replenish_wait"]; + "replenish_wait" -> "running" [ label =3D "dl_replenish_running" ]; + "replenish_wait" -> "zero_laxity_wait" [ label =3D "dl_replenish;reset(cl= k)\ndl_replenish_idle;reset(clk)" ]; + "running" [label =3D "running"]; + "running" -> "replenish_wait" [ label =3D "dl_throttle" ]; + "running" -> "running" [ label =3D "dl_replenish_running;clk < REPLENISH_= NS" ]; + "running" -> "stopped" [ label =3D "dl_server_stop" ]; + "stopped" [label =3D "stopped", color =3D green3]; + "stopped" -> "running" [ label =3D "dl_server_start_running;reset(clk)" ]; + "stopped" -> "zero_laxity_wait" [ label =3D "dl_server_start;reset(clk)" = ]; + "zero_laxity_wait" [label =3D "zero_laxity_wait\nclk < laxity_ns()"]; + "zero_laxity_wait" -> "idle_wait" [ label =3D "dl_replenish_idle;reset(cl= k)" ]; + "zero_laxity_wait" -> "running" [ label =3D "dl_replenish_running" ]; + "zero_laxity_wait" -> "zero_laxity_wait" [ label =3D "dl_replenish;reset(= clk)" ]; + { rank =3D min ; + "__init_stopped"; + "stopped"; + } +} --=20 2.52.0