General readiness, take two (!39) · Merge requests · RT-PROOFS / PROSA - Formally Proven Schedulability Analysis

Björn Brandenburg requested to merge readiness-take-two into master Aug 21, 2019

A revised version of !36 (closed), rebased on top of current master and addressing the comments raised in the discussion of the first version.

NOTE: I have changed the definition of "completed jobs don't execute" to make it more uniform and to be able to prove that "only ready jobs execute" implies that "completed jobs don't execute".

I think the old definition is an artifact of history and does not generalize well. For instance, on non-uniform speed processors, what if a job receives more than remaining_cost units of service in the last time instant that it is scheduled? In such a case, service <= cost is not actually true. So let's not bake it into a fundamental part of the library.

The invariant service <= cost is true, however, if we know service_at <= 1 (i.e., a unit-speed model), and hence this is now proved as a lemma in facts/completion.v.

CC: @sophie @mlesourd @proux @sbozhko

Edited Aug 23, 2019 by Björn Brandenburg

General readiness, take two

Merge request reports