Skip to content
GitLab
Explore
Sign in
Primary navigation
Search or go to…
Project
P
PROSA - Formally Proven Schedulability Analysis
Manage
Activity
Members
Labels
Plan
Issues
Issue boards
Milestones
Code
Merge requests
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Build
Pipelines
Jobs
Pipeline schedules
Artifacts
Help
Help
Support
GitLab documentation
Compare GitLab plans
Community forum
Contribute to GitLab
Provide feedback
Terms and privacy
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
RT-PROOFS
PROSA - Formally Proven Schedulability Analysis
Commits
35ed3fa3
Commit
35ed3fa3
authored
4 years ago
by
Marco Maida
Browse files
Options
Downloads
Patches
Plain Diff
Shortened, restructured, polished proofs
parent
6b15dbb0
No related branches found
No related tags found
1 merge request
!114
Preemption model compliance
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
implementation/facts/ideal_uni/preemption_aware.v
+25
-20
25 additions, 20 deletions
implementation/facts/ideal_uni/preemption_aware.v
with
25 additions
and
20 deletions
implementation/facts/ideal_uni/preemption_aware.v
+
25
−
20
View file @
35ed3fa3
...
@@ -123,11 +123,24 @@ Section NPUniprocessorScheduler.
...
@@ -123,11 +123,24 @@ Section NPUniprocessorScheduler.
Hypothesis
H_valid_preemption_behavior
:
Hypothesis
H_valid_preemption_behavior
:
valid_nonpreemptive_readiness
RM
.
valid_nonpreemptive_readiness
RM
.
(** Under this natural assumption, the generated schedule is valid. *)
(** First, we show that if a job is chosen from the list of backlogged jobs, then it must be ready. *)
Lemma
choose_job_implies_job_ready
:
forall
t
j
,
choose_job
t
.
+
1
(
jobs_backlogged_at
arr_seq
(
schedule_up_to
policy
idle_state
t
)
t
.
+
1
)
=
Some
j
->
job_ready
schedule
j
t
.
+
1
.
Proof
.
move
=>
t
j
IN
.
move
:
(
H_chooses_from_set
_
_
_
IN
)
.
rewrite
mem_filter
/
backlogged
=>
/
andP
[
/
andP
[
READY
_]
_]
.
rewrite
-
(
H_nonclairvoyant_job_readiness
(
schedule_up_to
policy
idle_state
t
)
schedule
j
t
.
+
1
)
//.
by
apply
schedule_up_to_identical_prefix
.
Qed
.
(** Next, we show that, under these natural assumptions, the generated schedule is valid. *)
Theorem
np_schedule_valid
:
Theorem
np_schedule_valid
:
valid_schedule
schedule
arr_seq
.
valid_schedule
schedule
arr_seq
.
Proof
.
Proof
.
rewrite
/
valid_schedule
;
split
;
move
=>
j
t
;
rewrite
scheduled_at_def
/
schedule
/
np_uni_schedule
/
generic_schedule
.
split
;
move
=>
j
t
;
rewrite
scheduled_at_def
/
schedule
/
np_uni_schedule
/
generic_schedule
.
{
elim
:
t
=>
[
/
eqP
|
t'
IH
/
eqP
]
.
{
elim
:
t
=>
[
/
eqP
|
t'
IH
/
eqP
]
.
-
rewrite
schedule_up_to_def
/
allocation_at
/
prev_job_nonpreemptive
=>
IN
.
-
rewrite
schedule_up_to_def
/
allocation_at
/
prev_job_nonpreemptive
=>
IN
.
move
:
(
H_chooses_from_set
_
_
_
IN
)
.
move
:
(
H_chooses_from_set
_
_
_
IN
)
.
...
@@ -143,16 +156,8 @@ Section NPUniprocessorScheduler.
...
@@ -143,16 +156,8 @@ Section NPUniprocessorScheduler.
rewrite
mem_filter
/
backlogged
=>
/
andP
[
/
andP
[
READY
_]
_]
.
rewrite
mem_filter
/
backlogged
=>
/
andP
[
/
andP
[
READY
_]
_]
.
by
rewrite
-
(
H_nonclairvoyant_job_readiness
(
empty_schedule
idle_state
)
schedule
j
0
)
.
by
rewrite
-
(
H_nonclairvoyant_job_readiness
(
empty_schedule
idle_state
)
schedule
j
0
)
.
-
rewrite
schedule_up_to_def
/
allocation_at
/
prev_job_nonpreemptive
.
-
rewrite
schedule_up_to_def
/
allocation_at
/
prev_job_nonpreemptive
.
have
JOB
:
choose_job
t'
.
+
1
(
jobs_backlogged_at
arr_seq
(
schedule_up_to
policy
idle_state
t'
)
t'
.
+
1
)
case
:
(
schedule_up_to
_
_
t'
t'
)
=>
[
j'
|
IN
];
last
by
apply
choose_job_implies_job_ready
.
=
Some
j
destruct
(
~~
job_preemptable
j'
_)
eqn
:
NP
=>
[
EQ
|
IN
];
last
by
apply
choose_job_implies_job_ready
.
->
job_ready
schedule
j
t'
.
+
1
.
{
move
=>
IN
.
move
:
(
H_chooses_from_set
_
_
_
IN
)
.
rewrite
mem_filter
/
backlogged
=>
/
andP
[
/
andP
[
READY
_]
_]
.
rewrite
-
(
H_nonclairvoyant_job_readiness
(
schedule_up_to
policy
idle_state
t'
)
schedule
j
t'
.
+
1
)
//.
by
apply
schedule_up_to_identical_prefix
.
}
case
:
(
schedule_up_to
_
_
t'
t'
)
=>
[
j'
|
IN
];
last
by
apply
JOB
.
destruct
(
~~
job_preemptable
j'
_)
eqn
:
NP
=>
[
EQ
|
IN
];
last
by
apply
JOB
.
apply
H_valid_preemption_behavior
.
apply
H_valid_preemption_behavior
.
injection
EQ
=>
<-.
injection
EQ
=>
<-.
move
:
NP
.
move
:
NP
.
...
@@ -196,13 +201,13 @@ Section NPUniprocessorScheduler.
...
@@ -196,13 +201,13 @@ Section NPUniprocessorScheduler.
~~
preemption_time
schedule
t
.
~~
preemption_time
schedule
t
.
Proof
.
Proof
.
elim
=>
[|
t
_];
first
by
rewrite
/
prev_job_nonpreemptive
.
elim
=>
[|
t
_];
first
by
rewrite
/
prev_job_nonpreemptive
.
rewrite
/
schedule
/
np_uni_schedule
/
generic_schedule
/
preemption_time
schedule_up_to_def
/
prefix
/
allocation_at
=>
NP
.
rewrite
/
schedule
/
np_uni_schedule
/
generic_schedule
/
preemption_time
rewrite
ifT
//
.
schedule_up_to_def
/
prefix
/
allocation_at
=>
NP
.
rewrite
-
pred_Sn
.
rewrite
ifT
//
-
pred_Sn
.
move
:
NP
.
rewrite
/
prev_job_nonpreemptive
.
move
:
NP
;
rewrite
/
prev_job_nonpreemptive
.
elim
:
(
schedule_up_to
policy
idle_state
t
t
)
=>
//
j
.
elim
:
(
schedule_up_to
policy
idle_state
t
t
)
=>
//
j
.
have
<
-:
service
(
schedule_up_to
policy
idle_state
t
)
j
t
.
+
1
have
-
>
:
(
service
(
fun
t0
:
instant
=>
schedule_up_to
policy
idle_state
t
0
t0
)
j
t
.
+
1
=
=
service
(
fun
t0
:
instant
=>
schedule_up_to
policy
idle_state
t
0
t0
)
j
t
.
+
1
=>
//.
service
(
schedule_up_to
policy
idle_state
t
)
j
t
.
+
1
)
=>
//.
rewrite
/
service
.
rewrite
/
service
.
apply
equal_prefix_implies_same_service_during
=>
t'
/
andP
[_
BOUND
]
.
apply
equal_prefix_implies_same_service_during
=>
t'
/
andP
[_
BOUND
]
.
by
rewrite
(
schedule_up_to_prefix_inclusion
_
_
t'
t
)
.
by
rewrite
(
schedule_up_to_prefix_inclusion
_
_
t'
t
)
.
...
@@ -227,8 +232,8 @@ Section NPUniprocessorScheduler.
...
@@ -227,8 +232,8 @@ Section NPUniprocessorScheduler.
Lemma
np_respects_preemption_model
:
Lemma
np_respects_preemption_model
:
schedule_respects_preemption_model
arr_seq
schedule
.
schedule_respects_preemption_model
arr_seq
schedule
.
Proof
.
Proof
.
move
=>
j
;
elim
=>
[|
t'
IH
];
move
=>
j
.
first
by
rewrite
service0
=>
ARR
/
negP
NP
;
move
:
(
H_valid_preemption_function
j
ARR
)
=>
P
;
exfalso
.
elim
=>
[|
t'
IH
];
first
by
rewrite
service0
=>
ARR
/
negP
NP
;
move
:
(
H_valid_preemption_function
j
ARR
)
.
move
=>
ARR
NP
.
move
=>
ARR
NP
.
have
:
scheduled_at
schedule
j
t'
.
have
:
scheduled_at
schedule
j
t'
.
{
apply
contraT
=>
NOT_SCHED
.
{
apply
contraT
=>
NOT_SCHED
.
...
...
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment
