#!/usr/bin/env python3
"""Count signal events on each tid in ours-postfix.jsonl during the full
run window. Compare against canary [1.9..2.1s]."""
import json
from collections import Counter

OURS = "/home/fabi/RE - Project Sylpheed/xenia-rs/audit-runs/phase-w-wedge-reattack/ours-postfix.jsonl"
counts = Counter()
last_ns_per_tid = {}
first_ns_per_tid = {}
event_count_per_tid = Counter()

with open(OURS, "r") as f:
    for line in f:
        try:
            ev = json.loads(line)
        except json.JSONDecodeError:
            continue
        tid = ev.get("tid")
        if tid is None:
            continue
        host_ns = ev.get("host_ns", 0)
        event_count_per_tid[tid] += 1
        if tid not in first_ns_per_tid:
            first_ns_per_tid[tid] = host_ns
        last_ns_per_tid[tid] = host_ns
        kind = ev.get("kind", "")
        if kind == "kernel.call":
            n = ev["payload"].get("name", "")
            if n in ("NtSetEvent", "NtReleaseSemaphore", "NtSetEventBoostPriority", "KeSetEvent"):
                counts[(tid, n)] += 1

print("=== Signal counts in ours-postfix.jsonl (full window ~1.73s wallclock) ===")
total = 0
for (tid, n), c in sorted(counts.items()):
    print(f"  tid={tid:3d}  {n:30s}  {c}")
    total += c
print(f"  TOTAL signals: {total}")

print("\n=== Per-tid event counts + lifetime ===")
for tid in sorted(event_count_per_tid):
    first = first_ns_per_tid.get(tid, 0) / 1e9
    last = last_ns_per_tid.get(tid, 0) / 1e9
    print(f"  tid={tid:3d}  {event_count_per_tid[tid]:7d} events  first={first:.4f}s last={last:.4f}s")