Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
R
rtproofs
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Service Desk
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Operations
Operations
Environments
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Felipe Cerqueira
rtproofs
Commits
0582d634
Commit
0582d634
authored
Jan 13, 2016
by
Felipe Cerqueira
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Broken: still removing rate
parent
02b83aea
Changes
9
Expand all
Hide whitespace changes
Inline
Sidebyside
Showing
9 changed files
with
220 additions
and
248 deletions
+220
248
bertogna_fp_theory.v
bertogna_fp_theory.v
+30
37
interference.v
interference.v
+24
38
interference_bound_edf.v
interference_bound_edf.v
+15
18
platform.v
platform.v
+5
6
response_time.v
response_time.v
+9
11
schedulability.v
schedulability.v
+11
14
schedule.v
schedule.v
+54
45
workload.v
workload.v
+34
33
workload_bound.v
workload_bound.v
+38
46
No files found.
bertogna_fp_theory.v
View file @
0582d634
This diff is collapsed.
Click to expand it.
interference.v
View file @
0582d634
...
...
@@ 3,7 +3,7 @@ Require Import Vbase task job schedule priority workload util_divround
Module
Interference
.
Import
Schedule
Priority
Workload
.
Import
Schedule
OfSporadicTask
Priority
Workload
.
Section
InterferingTasks
.
...
...
@@ 45,9 +45,8 @@ Module Interference.
(
*
Assume
any
job
arrival
sequence
...
*
)
Context
{
arr_seq
:
arrival_sequence
Job
}
.
(
*
...
and
any
platform
.
*
)
(
*
...
and
any
schedule
.
*
)
Context
{
num_cpus
:
nat
}
.
Variable
rate
:
Job
>
processor
num_cpus
>
nat
.
Variable
sched
:
schedule
num_cpus
arr_seq
.
(
*
Consider
any
job
j
that
incurs
interference
.
*
)
...
...
@@ 55,7 +54,7 @@ Module Interference.
(
*
Recall
the
definition
of
backlogged
(
pending
and
not
scheduled
).
*
)
Let
job_is_backlogged
(
t
:
time
)
:=
backlogged
job_cost
rate
sched
j
t
.
backlogged
job_cost
sched
j
t
.
Section
TotalInterference
.
...
...
@@ 134,12 +133,10 @@ Module Interference.
first
by
apply
leq_sum
;
ins
;
apply
leq_b1
.
by
rewrite
big_const_nat
iter_addn
mul1n
addn0
addKn
leqnn
.
Qed
.
Hypothesis
rate_positive
:
forall
cpu
t
,
rate
cpu
t
>
0.
Lemma
job_interference_le_service
:
forall
j_other
t1
t2
,
job_interference
j_other
t1
t2
<=
service_during
rate
sched
j_other
t1
t2
.
job_interference
j_other
t1
t2
<=
service_during
sched
j_other
t1
t2
.
Proof
.
intros
j_other
t1
t2
;
unfold
job_interference
,
service_during
.
apply
leq_trans
with
(
n
:=
\
sum_
(
t1
<=
t
<
t2
)
scheduled
sched
j_other
t
);
...
...
@@ 148,13 +145,12 @@ Module Interference.
destruct
(
scheduled
sched
j_other
t
)
eqn
:
SCHED
;
last
by
done
.
move:
SCHED
=>
/
existsP
EX
;
destruct
EX
as
[
cpu
];
move
:
H
=>
/
andP
[
IN
SCHED
].
unfold
service_at
;
rewrite
(
bigD1
cpu
);
last
by
done
.
by
apply
leq_trans
with
(
n
:=
rate
j_other
cpu
);
[
by
apply
rate_positive

apply
leq_addr
].
by
apply
leq_trans
with
(
n
:=
1
).
Qed
.
Lemma
task_interference_le_workload
:
forall
tsk
t1
t2
,
task_interference
tsk
t1
t2
<=
workload
job_task
rate
sched
tsk
t1
t2
.
task_interference
tsk
t1
t2
<=
workload
job_task
sched
tsk
t1
t2
.
Proof
.
unfold
task_interference
,
workload
;
intros
tsk
t1
t2
.
apply
leq_sum
;
intros
t
_.
...
...
@@ 166,17 +162,15 @@ Module Interference.
destruct
SCHED
as
[
cpu
_
HAScpu
].
rewrite
>
bigD1
with
(
j
:=
cpu
);
simpl
;
last
by
ins
.
apply
ltn_addr
;
unfold
service_of_task
,
schedules_job_of_tsk
in
*
.
by
destruct
(
sched
cpu
t
);
[
rewrite
HAScpu
mul1n
rate_positive

by
ins
].
by
destruct
(
sched
cpu
t
);
[
rewrite
HAScpu

by
done
].
Qed
.
End
BasicLemmas
.
Section
EquivalenceTaskInterference
.
Hypothesis
H_no_intratask_parallelism
:
forall
(
j
j
'
:
JobIn
arr_seq
)
t
,
job_task
j
=
job_task
j
'
>
scheduled
sched
j
t
>
scheduled
sched
j
'
t
>
False
.
jobs_of_same_task_dont_execute_in_parallel
job_task
sched
.
Lemma
interference_eq_interference_joblist
:
forall
tsk
t1
t2
,
...
...
@@ 202,6 +196,7 @@ Module Interference.
first
by
rewrite
big_const_seq
iter_addn
mul0n
addn0
addn0
.
intros
j1
_
;
desf
;
[
rewrite
andTb

by
done
].
apply
/
eqP
;
rewrite
eqb0
;
apply
/
negP
;
unfold
not
;
intro
SCHEDULED
'
.
exploit
(
H_no_intratask_parallelism
j0
j1
t
).
apply
(
H_no_intratask_parallelism
j0
j1
t
);
try
(
by
done
).
by
move
:
Heq0
=>
/
eqP
Heq0
;
rewrite
Heq0
.
}
...
...
@@ 243,41 +238,33 @@ Module Interference.
Hypothesis
no_parallelism
:
jobs_dont_execute_in_parallel
sched
.
(
*
and
that
processors
have
unit
speed
.
*
)
Hypothesis
rate_equals_one
:
forall
j
cpu
,
rate
j
cpu
=
1.
(
*
Also
assume
that
jobs
only
execute
after
they
arrived
(
*
...,
and
that
jobs
only
execute
after
they
arrived
and
no
longer
than
their
execution
costs
.
*
)
Hypothesis
jobs_must_arrive_to_execute
:
jobs_must_arrive_to_execute
sched
.
Hypothesis
completed_jobs_dont_execute
:
completed_jobs_dont_execute
job_cost
rate
sched
.
completed_jobs_dont_execute
job_cost
sched
.
(
*
If
job
j
had
already
arrived
at
time
t1
and
did
not
yet
complete
by
time
t2
,
...
*
)
Hypothesis
job_has_arrived
:
has_arrived
j
t1
.
Hypothesis
job_is_not_complete
:
~~
completed
job_cost
rate
sched
j
t2
.
~~
completed
job_cost
sched
j
t2
.
(
*
then
the
service
received
by
j
during
[
t1
,
t2
)
equals
the
cumulative
time
in
which
it
did
not
incur
interference
.
*
)
Lemma
complement_of_interf_equals_service
:
\
sum_
(
t1
<=
t
<
t2
)
service_at
rate
sched
j
t
=
\
sum_
(
t1
<=
t
<
t2
)
service_at
sched
j
t
=
t2

t1

total_interference
t1
t2
.
Proof
.
unfold
completed
,
total_interference
,
job_is_backlogged
,
backlogged
,
service_during
,
pending
.
rename
no_parallelism
into
NOPAR
,
rate_equals_one
into
RATE
,
jobs_must_arrive_to_execute
into
MUSTARRIVE
,
completed_jobs_dont_execute
into
COMP
,
job_is_not_complete
into
NOTCOMP
.
assert
(
SERVICE_ONE
:
forall
j
t
,
service_at
rate
sched
j
t
<=
1
).
by
ins
;
apply
service_at_le_max_rate
;
ins
;
rewrite
RATE
.
(
*
Reorder
terms
...
*
)
apply
/
eqP
;
rewrite
subh4
;
first
last
.
{
...
...
@@ 286,23 +273,23 @@ Module Interference.
}
{
rewrite

[
t2

t1
]
mul1n

[
1
*
_
]
addn0

iter_addn

big_const_nat
.
by
apply
leq_sum
;
ins
;
apply
service_at_
le_max_rate
;
ins
;
rewrite
RATE
.
by
apply
leq_sum
;
ins
;
apply
service_at_
most_one
.
}
apply
/
eqP
.
apply
eq_trans
with
(
y
:=
\
sum_
(
t1
<=
t
<
t2
)
(
1

service_at
rate
sched
j
t
));
(
1

service_at
sched
j
t
));
last
first
.
{
apply
/
eqP
;
rewrite
<
eqn_add2r
with
(
p
:=
\
sum_
(
t1
<=
t
<
t2
)
service_at
rate
sched
j
t
).
service_at
sched
j
t
).
rewrite
subh1
;
last
first
.
rewrite

[
t2

t1
]
mul1n

[
1
*
_
]
addn0

iter_addn

big_const_nat
.
by
apply
leq_sum
;
ins
;
apply
SERVICE_ONE
.
by
apply
leq_sum
;
ins
;
apply
service_at_most_one
.
rewrite

addnBA
// subnn addn0 big_split /=.
rewrite

[
t2

t1
]
mul1n

[
1
*
_
]
addn0

iter_addn

big_const_nat
.
apply
/
eqP
;
apply
eq_bigr
;
ins
;
rewrite
subh1
;
[
by
rewrite

addnBA
// subnn addn0  by apply
SERVICE_ONE
].
[
by
rewrite

addnBA
// subnn addn0  by apply
service_at_most_one
].
}
rewrite
big_nat_cond
[
\
sum_
(
_
<=
_
<
_

true
)
_
]
big_nat_cond
.
apply
eq_bigr
;
intro
t
;
rewrite
andbT
;
move
=>
/
andP
[
GEt1
LTt2
].
...
...
@@ 311,15 +298,14 @@ Module Interference.
apply
negbFE
in
SCHED
;
unfold
scheduled
in
*
.
move:
SCHED
=>
/
exists_inP
SCHED
;
destruct
SCHED
as
[
cpu
INcpu
SCHEDcpu
].
rewrite
andbF
;
apply
/
eqP
.
rewrite

(
eqn_add2r
(
service_at
rate
sched
j
t
))
add0n
.
rewrite
subh1
;
last
by
apply
SERVICE_ONE
.
rewrite

(
eqn_add2r
(
service_at
sched
j
t
))
add0n
.
rewrite
subh1
;
last
by
apply
service_at_most_one
.
rewrite

addnBA
// subnn addn0.
rewrite
eqn_leq
;
apply
/
andP
;
split
;
first
by
apply
SERVICE_ONE
.
rewrite
eqn_leq
;
apply
/
andP
;
split
;
first
by
apply
service_at_most_one
.
unfold
service_at
;
rewrite
(
bigD1
cpu
)
/=
;
last
by
apply
SCHEDcpu
.
apply
leq_trans
with
(
n
:=
rate
j
cpu
);
[
by
rewrite
RATE

by
apply
leq_addr
].
by
apply
leq_trans
with
(
n
:=
1
).
}
apply
not_scheduled_no_service
with
(
rate0
:=
rate
)
in
SCHED
.
apply
not_scheduled_no_service
in
SCHED
.
rewrite
SCHED
subn0
andbT
;
apply
/
eqP
;
rewrite
eqb1
.
apply
/
andP
;
split
;
first
by
apply
leq_trans
with
(
n
:=
t1
).
apply
/
negP
;
unfold
not
;
intro
BUG
.
...
...
interference_bound_edf.v
View file @
0582d634
...
...
@@ 65,7 +65,6 @@ Module EDFSpecificBound.
(
*
Consider
any
schedule
such
that
...
*
)
Variable
num_cpus
:
nat
.
Variable
rate
:
Job
>
processor
num_cpus
>
nat
.
Variable
sched
:
schedule
num_cpus
arr_seq
.
(
*
...
jobs
do
not
execute
before
their
arrival
times
nor
longer
...
...
@@ 73,14 +72,12 @@ Module EDFSpecificBound.
Hypothesis
H_jobs_must_arrive_to_execute
:
jobs_must_arrive_to_execute
sched
.
Hypothesis
H_completed_jobs_dont_execute
:
completed_jobs_dont_execute
job_cost
rate
sched
.
completed_jobs_dont_execute
job_cost
sched
.
(
*
Also
assume
that
jobs
do
not
execute
in
parallel
,
processors
have
unit
speed
,
and
that
there
exists
at
least
one
processor
.
*
)
(
*
Also
assume
that
jobs
do
not
execute
in
parallel
and
that
there
exists
at
least
one
processor
.
*
)
Hypothesis
H_no_parallelism
:
jobs_dont_execute_in_parallel
sched
.
Hypothesis
H_rate_equals_one
:
forall
j
cpu
,
rate
j
cpu
=
1.
Hypothesis
H_at_least_one_cpu
:
num_cpus
>
0.
...
...
@@ 105,16 +102,16 @@ Module EDFSpecificBound.
forall
tsk
,
tsk
\
in
ts
>
task_deadline
tsk
<=
task_period
tsk
.
Let
no_deadline_is_missed_by_tsk
(
tsk
:
sporadic_task
)
:=
task_misses_no_deadline
job_cost
job_deadline
job_task
rate
sched
tsk
.
task_misses_no_deadline
job_cost
job_deadline
job_task
sched
tsk
.
Let
response_time_bounded_by
(
tsk
:
sporadic_task
)
:=
is_response_time_bound_of_task
job_cost
job_task
tsk
rate
sched
.
is_response_time_bound_of_task
job_cost
job_task
tsk
sched
.
(
*
Assume
that
the
schedule
satisfies
the
global
scheduling
invariant
for
EDF
,
i
.
e
.,
if
any
job
of
tsk
is
backlogged
,
every
processor
must
be
busy
with
jobs
with
no
larger
absolute
deadline
.
*
)
Let
higher_eq_priority
:=
@
EDF
Job
arr_seq
job_deadline
.
(
*
TODO
:
implicit
params
broken
*
)
Hypothesis
H_global_scheduling_invariant
:
JLFP_JLDP_scheduling_invariant_holds
job_cost
num_cpus
rate
sched
higher_eq_priority
.
JLFP_JLDP_scheduling_invariant_holds
job_cost
num_cpus
sched
higher_eq_priority
.
(
*
Let
tsk_i
be
the
task
to
be
analyzed
,
...
*
)
Variable
tsk_i
:
sporadic_task
.
...
...
@@ 141,7 +138,7 @@ Module EDFSpecificBound.
forall
(
j_k
:
JobIn
arr_seq
),
job_task
j_k
=
tsk_k
>
job_arrival
j_k
+
R_k
<
job_arrival
j_i
+
delta
>
completed
job_cost
rate
sched
j_k
(
job_arrival
j_k
+
R_k
).
completed
job_cost
sched
j_k
(
job_arrival
j_k
+
R_k
).
(
*
In
this
section
,
we
prove
that
Bertogna
and
Cirinei
'
s
EDF
interference
bound
indeed
bounds
the
interference
caused
by
task
tsk_k
in
the
interval
[
t1
,
t1
+
delta
).
*
)
...
...
@@ 149,7 +146,7 @@ Module EDFSpecificBound.
(
*
Let
'
s
call
x
the
task
interference
incurred
by
job
j
due
to
tsk_k
.
*
)
Let
x
:=
task_interference
job_cost
job_task
rate
sched
j_i
task_interference
job_cost
job_task
sched
j_i
tsk_k
(
job_arrival
j_i
)
(
job_arrival
j_i
+
delta
).
(
*
Also
,
recall
the
EDF

specific
interference
bound
for
EDF
.
*
)
...
...
@@ 168,11 +165,11 @@ Module EDFSpecificBound.
(
*
Identify
the
subset
of
jobs
that
actually
cause
interference
*
)
Let
interfering_jobs
:=
filter
(
fun
(
x
:
JobIn
arr_seq
)
=>
(
job_task
x
==
tsk_k
)
&&
(
job_interference
job_cost
rate
sched
j_i
x
t1
t2
!=
0
))
(
job_task
x
==
tsk_k
)
&&
(
job_interference
job_cost
sched
j_i
x
t1
t2
!=
0
))
(
jobs_scheduled_between
sched
t1
t2
).
(
*
Let
'
s
give
a
simpler
name
to
job
interference
.
*
)
Let
interference_caused_by
:=
job_interference
job_cost
rate
sched
j_i
.
Let
interference_caused_by
:=
job_interference
job_cost
sched
j_i
.
(
*
Now
,
consider
the
list
of
interfering
jobs
sorted
by
arrival
time
.
*
)
Let
order
:=
fun
(
x
y
:
JobIn
arr_seq
)
=>
job_arrival
x
<=
job_arrival
y
.
...
...
@@ 185,10 +182,11 @@ Module EDFSpecificBound.
(
*
Use
the
alternative
definition
of
task
interference
,
based
on
individual
job
interference
.
*
)
Lemma
interference_bound_edf_use_another_definition
:
x
=
\
sum_
(
j
<
jobs_scheduled_between
sched
t1
t2

job_task
j
==
tsk_k
)
x
<
=
\
sum_
(
j
<
jobs_scheduled_between
sched
t1
t2

job_task
j
==
tsk_k
)
interference_caused_by
j
t1
t2
.
Proof
.
by
apply
interference_eq_interference_joblist
.
apply
interference_eq_interference_joblist
.
Qed
.
(
*
Remove
the
elements
that
we
don
'
t
care
about
from
the
sum
*
)
...
...
@@ 201,7 +199,7 @@ Module EDFSpecificBound.
rewrite
big_mkcond
;
rewrite
[
\
sum_
(
_
<
_

_
)
_
]
big_mkcond
/=
.
apply
eq_bigr
;
intros
i
_
;
clear

i
.
destruct
(
job_task
i
==
tsk_k
);
rewrite
?
andTb
?
andFb
;
last
by
done
.
destruct
(
job_interference
job_cost
rate
sched
j_i
i
t1
t2
!=
0
)
eqn
:
DIFF
;
first
by
done
.
destruct
(
job_interference
job_cost
sched
j_i
i
t1
t2
!=
0
)
eqn
:
DIFF
;
first
by
done
.
by
apply
negbT
in
DIFF
;
rewrite
negbK
in
DIFF
;
apply
/
eqP
.
Qed
.
...
...
@@ 251,8 +249,7 @@ Module EDFSpecificBound.
forall
j
(
INi
:
j
\
in
interfering_jobs
),
interference_caused_by
j
t1
t2
<=
task_cost
tsk_k
.
Proof
.
rename
H_valid_job_parameters
into
PARAMS
,
H_rate_equals_one
into
RATE
.
rename
H_valid_job_parameters
into
PARAMS
.
intros
j
;
rewrite
mem_filter
;
move
=>
/
andP
[
/
andP
[
/
eqP
JOBj
_
]
_
].
specialize
(
PARAMS
j
);
des
.
apply
leq_trans
with
(
n
:=
service_during
rate
sched
j
t1
t2
);
...
...
platform.v
View file @
0582d634
...
...
@@ 20,9 +20,8 @@ Module Platform.
(
*
Assume
any
job
arrival
sequence
...
*
)
Context
{
arr_seq
:
arrival_sequence
Job
}
.
(
*
Consider
any
schedule
such
that
...
*
)
(
*
Consider
any
schedule
.
*
)
Variable
num_cpus
:
nat
.
Variable
rate
:
Job
>
processor
num_cpus
>
nat
.
Variable
sched
:
schedule
num_cpus
arr_seq
.
(
*
Assume
that
we
have
a
task
set
where
all
tasks
have
valid
...
...
@@ 41,7 +40,7 @@ Module Platform.
forall
(
tsk
:
sporadic_task
)
(
j
:
JobIn
arr_seq
)
(
t
:
time
),
tsk
\
in
ts
>
job_task
j
=
tsk
>
backlogged
job_cost
rate
sched
j
t
>
backlogged
job_cost
sched
j
t
>
count
(
fun
tsk_other
:
sporadic_task
=>
is_interfering_task_fp
higher_eq_priority
tsk
tsk_other
&&
...
...
@@ 59,7 +58,7 @@ Module Platform.
jobs
of
higher

priority
.
*
)
Definition
JLFP_JLDP_scheduling_invariant_holds
:=
forall
(
j
:
JobIn
arr_seq
)
(
t
:
time
),
backlogged
job_cost
rate
sched
j
t
>
backlogged
job_cost
sched
j
t
>
count
(
fun
j_other
=>
higher_eq_priority
t
j_other
j
)
(
jobs_scheduled_at
sched
t
)
...
...
@@ 73,7 +72,7 @@ Module Platform.
(
*
The
job
which
is
interfering
has
higher
or
equal
priority
to
the
interfered
one
.
*
)
Lemma
interfering_job_has_higher_eq_prio
:
forall
j
j_other
t
,
backlogged
job_cost
rate
sched
j
t
>
backlogged
job_cost
sched
j
t
>
scheduled
sched
j_other
t
>
higher_eq_priority
t
j_other
j
.
Proof
.
...
...
@@ 167,7 +166,7 @@ Module Platform.
Lemma
cpus_busy_with_interfering_tasks
:
forall
(
j
:
JobIn
arr_seq
)
tsk
t
,
job_task
j
=
tsk
>
backlogged
job_cost
rate
sched
j
t
>
backlogged
job_cost
sched
j
t
>
count
(
fun
j
:
sporadic_task
=>
is_interfering_task_jlfp
tsk
j
&&
...
...
response_time.v
View file @
0582d634
...
...
@@ 19,13 +19,12 @@ Module ResponseTime.
(
*
...
and
a
particular
schedule
,
...
*
)
Context
{
num_cpus
:
nat
}
.
Variable
rate
:
Job
>
processor
num_cpus
>
nat
.
Variable
sched
:
schedule
num_cpus
arr_seq
.
(
*
...
R
is
a
response

time
bound
of
tsk
in
this
schedule
...
*
)
Variable
R
:
time
.
Let
job_has_completed_by
:=
completed
job_cost
rate
sched
.
Let
job_has_completed_by
:=
completed
job_cost
sched
.
(
*
...
iff
any
job
j
of
tsk
in
this
arrival
sequence
has
completed
by
(
job_arrival
j
+
R
).
*
)
...
...
@@ 48,13 +47,12 @@ Module ResponseTime.
(
*
Consider
any
valid
schedule
...
*
)
Context
{
num_cpus
:
nat
}
.
Variable
sched
:
schedule
num_cpus
arr_seq
.
Variable
rate
:
Job
>
processor
num_cpus
>
nat
.
Let
job_has_completed_by
:=
completed
job_cost
rate
sched
.
Let
job_has_completed_by
:=
completed
job_cost
sched
.
(
*
...
where
jobs
dont
execute
after
completion
.
*
)
Hypothesis
H_completed_jobs_dont_execute
:
completed_jobs_dont_execute
job_cost
rate
sched
.
completed_jobs_dont_execute
job_cost
sched
.
Section
SpecificJob
.
...
...
@@ 70,7 +68,7 @@ Module ResponseTime.
Lemma
service_after_job_rt_zero
:
forall
t
'
,
t
'
>=
job_arrival
j
+
R
>
service_at
rate
sched
j
t
'
=
0.
service_at
sched
j
t
'
=
0.
Proof
.
rename
response_time_bound
into
RT
,
H_completed_jobs_dont_execute
into
EXEC
;
ins
.
...
...
@@ 79,7 +77,7 @@ Module ResponseTime.
apply
/
eqP
;
rewrite

leqn0
.
rewrite
<
leq_add2l
with
(
p
:=
job_cost
j
).
move:
RT
=>
/
eqP
RT
;
rewrite
{
1
}
RT
addn0
.
apply
leq_trans
with
(
n
:=
service
rate
sched
j
t
'
.
+
1
);
apply
leq_trans
with
(
n
:=
service
sched
j
t
'
.
+
1
);
last
by
apply
EXEC
.
unfold
service
;
rewrite
>
big_cat_nat
with
(
p
:=
t
'
.
+
1
)
(
n
:=
job_arrival
j
+
R
);
...
...
@@ 91,7 +89,7 @@ Module ResponseTime.
Lemma
cumulative_service_after_job_rt_zero
:
forall
t
'
t
''
,
t
'
>=
job_arrival
j
+
R
>
\
sum_
(
t
'
<=
t
<
t
''
)
service_at
rate
sched
j
t
=
0.
\
sum_
(
t
'
<=
t
<
t
''
)
service_at
sched
j
t
=
0.
Proof
.
ins
;
apply
/
eqP
;
rewrite

leqn0
.
rewrite
big_nat_cond
;
rewrite
>
eq_bigr
with
(
F2
:=
fun
i
=>
0
);
...
...
@@ 111,7 +109,7 @@ Module ResponseTime.
(
*
...
for
which
a
response

time
bound
R
is
known
.
*
)
Variable
R
:
time
.
Hypothesis
response_time_bound
:
is_response_time_bound_of_task
job_cost
job_task
tsk
rate
sched
R
.
is_response_time_bound_of_task
job_cost
job_task
tsk
sched
R
.
(
*
Then
,
for
any
job
j
of
this
task
,
...
*
)
Variable
j
:
JobIn
arr_seq
.
...
...
@@ 121,7 +119,7 @@ Module ResponseTime.
Lemma
service_after_task_rt_zero
:
forall
t
'
,
t
'
>=
job_arrival
j
+
R
>
service_at
rate
sched
j
t
'
=
0.
service_at
sched
j
t
'
=
0.
Proof
.
by
ins
;
apply
service_after_job_rt_zero
with
(
R
:=
R
);
[
apply
response_time_bound

].
Qed
.
...
...
@@ 130,7 +128,7 @@ Module ResponseTime.
Lemma
cumulative_service_after_task_rt_zero
:
forall
t
'
t
''
,
t
'
>=
job_arrival
j
+
R
>
\
sum_
(
t
'
<=
t
<
t
''
)
service_at
rate
sched
j
t
=
0.
\
sum_
(
t
'
<=
t
<
t
''
)
service_at
sched
j
t
=
0.
Proof
.
by
ins
;
apply
cumulative_service_after_job_rt_zero
with
(
R
:=
R
);
first
by
apply
response_time_bound
.
...
...
schedulability.v
View file @
0582d634
...
...
@@ 18,14 +18,13 @@ Module Schedulability.
(
*
For
any
job
j
in
schedule
sched
,
...
*
)
Context
{
num_cpus
:
nat
}
.
Variable
rate
:
Job
>
processor
num_cpus
>
nat
.
Variable
sched
:
schedule
num_cpus
arr_seq
.
Variable
j
:
JobIn
arr_seq
.
(
*
job
j
misses
no
deadline
in
sched
if
it
completed
by
its
absolute
deadline
.
*
)
Definition
job_misses_no_deadline
:=
completed
job_cost
rate
sched
j
(
job_arrival
j
+
job_deadline
j
).
completed
job_cost
sched
j
(
job_arrival
j
+
job_deadline
j
).
End
ScheduleOfJobs
.
...
...
@@ 35,7 +34,6 @@ Module Schedulability.
Variable
job_task
:
Job
>
sporadic_task
.
Context
{
num_cpus
:
nat
}
.
Variable
rate
:
Job
>
processor
num_cpus
>
nat
.
Variable
sched
:
schedule
num_cpus
arr_seq
.
(
*
Consider
any
task
tsk
.
*
)
...
...
@@ 45,7 +43,7 @@ Module Schedulability.
Definition
task_misses_no_deadline
:=
forall
(
j
:
JobIn
arr_seq
),
job_task
j
=
tsk
>
job_misses_no_deadline
rate
sched
j
.
job_misses_no_deadline
sched
j
.
(
*
Task
tsk
doesn
'
t
miss
its
deadline
before
time
t
'
iff
all
of
its
jobs
don
'
t
miss
their
deadline
by
that
time
.
*
)
...
...
@@ 53,7 +51,7 @@ Module Schedulability.
forall
(
j
:
JobIn
arr_seq
),
job_task
j
=
tsk
>
job_arrival
j
+
job_deadline
j
<
t
'
>
job_misses_no_deadline
rate
sched
j
.
job_misses_no_deadline
sched
j
.
End
ScheduleOfTasks
.
...
...
@@ 76,11 +74,10 @@ Module Schedulability.
(
*
Consider
any
valid
schedule
...
*
)
Context
{
num_cpus
:
nat
}
.
Variable
sched
:
schedule
num_cpus
arr_seq
.
Variable
rate
:
Job
>
processor
num_cpus
>
nat
.
(
*
...
where
jobs
dont
execute
after
completion
.
*
)
Hypothesis
H_completed_jobs_dont_execute
:
completed_jobs_dont_execute
job_cost
rate
sched
.
completed_jobs_dont_execute
job_cost
sched
.
Section
SpecificJob
.
...
...
@@ 89,13 +86,13 @@ Module Schedulability.
(
*
...
that
doesn
'
t
miss
a
deadline
in
this
schedule
,
...
*
)
Hypothesis
no_deadline_miss
:
job_misses_no_deadline
job_cost
job_deadline
rate
sched
j
.
job_misses_no_deadline
job_cost
job_deadline
sched
j
.
(
*
the
service
received
by
j
at
any
time
t
'
after
its
deadline
is
0.
*
)
Lemma
service_after_job_deadline_zero
:
forall
t
'
,
t
'
>=
job_arrival
j
+
job_deadline
j
>
service_at
rate
sched
j
t
'
=
0.
service_at
sched
j
t
'
=
0.
Proof
.
intros
t
'
LE
.
rename
no_deadline_miss
into
NOMISS
,
...
...
@@ 104,7 +101,7 @@ Module Schedulability.
apply
/
eqP
;
rewrite

leqn0
.
rewrite
<
leq_add2l
with
(
p
:=
job_cost
j
).
move:
NOMISS
=>
/
eqP
NOMISS
;
rewrite
{
1
}
NOMISS
addn0
.
apply
leq_trans
with
(
n
:=
service
rate
sched
j
t
'
.
+
1
);
last
by
apply
EXEC
.
apply
leq_trans
with
(
n
:=
service
sched
j
t
'
.
+
1
);
last
by
apply
EXEC
.
unfold
service
;
rewrite
>
big_cat_nat
with
(
p
:=
t
'
.
+
1
)
(
n
:=
job_arrival
j
+
job_deadline
j
);
[
rewrite
leq_add2l
/=

by
ins

by
apply
ltnW
].
...
...
@@ 115,7 +112,7 @@ Module Schedulability.
Lemma
cumulative_service_after_job_deadline_zero
:
forall
t
'
t
''
,
t
'
>=
job_arrival
j
+
job_deadline
j
>
\
sum_
(
t
'
<=
t
<
t
''
)
service_at
rate
sched
j
t
=
0.
\
sum_
(
t
'
<=
t
<
t
''
)
service_at
sched
j
t
=
0.
Proof
.
ins
;
apply
/
eqP
;
rewrite

leqn0
.
rewrite
big_nat_cond
;
rewrite
>
eq_bigr
with
(
F2
:=
fun
i
=>
0
);
...
...
@@ 134,7 +131,7 @@ Module Schedulability.
(
*
...
that
doesn
'
t
miss
any
deadline
.
*
)
Hypothesis
no_deadline_misses
:
task_misses_no_deadline
job_cost
job_deadline
job_task
rate
sched
tsk
.
task_misses_no_deadline
job_cost
job_deadline
job_task
sched
tsk
.
(
*
Then
,
for
any
valid
job
j
of
this
task
,
...
*
)
Variable
j
:
JobIn
arr_seq
.
...
...
@@ 146,7 +143,7 @@ Module Schedulability.
Lemma
service_after_task_deadline_zero
:
forall
t
'
,
t
'
>=
job_arrival
j
+
task_deadline
tsk
>
service_at
rate
sched
j
t
'
=
0.
service_at
sched
j
t
'
=
0.
Proof
.
rename
H_valid_job
into
PARAMS
;
unfold
valid_sporadic_job
in
*
;
des
;
intros
t
'
.
rewrite

H_job_of_task

PARAMS1
.
...
...
@@ 157,7 +154,7 @@ Module Schedulability.
Lemma
cumulative_service_after_task_deadline_zero
:
forall
t
'
t
''
,
t
'
>=
job_arrival
j
+
task_deadline
tsk
>
\
sum_
(
t
'
<=
t
<
t
''
)
service_at
rate
sched
j
t
=
0.
\
sum_
(
t
'
<=
t
<
t
''
)
service_at
sched
j
t
=
0.
Proof
.
rename
H_valid_job
into
PARAMS
;
unfold
valid_sporadic_job
in
*
;
des
;
intros
t
'
t
''
.
rewrite

H_job_of_task

PARAMS1
.
...
...
schedule.v
View file @
0582d634
This diff is collapsed.
Click to expand it.
workload.v
View file @
0582d634
...
...
@@ 15,7 +15,6 @@ Module Workload.
Context
{
arr_seq
:
arrival_sequence
Job
}
.
Context
{
num_cpus
:
nat
}
.
Variable
rate
:
Job
>
processor
num_cpus
>
nat
.
Variable
sched
:
schedule
num_cpus
arr_seq
.
(
*
Consider
some
task
*
)
...
...
@@ 24,9 +23,9 @@ Module Workload.
(
*
First
,
we
define
a
function
that
returns
the
amount
of
service
received
by
this
task
in
a
particular
processor
.
*
)
Definition
service_of_task
(
cpu
:
processor
num_cpus
)
(
j
:
option
(
JobIn
arr_seq
))
:=
(
j
:
option
(
JobIn
arr_seq
))
:
nat
:
=
match
j
with

Some
j
'
=>
(
job_task
j
'
==
tsk
)
*
(
rate
j
'
cpu
)

Some
j
'
=>
(
job_task
j
'
==
tsk
)

None
=>
0
end
.
...
...
@@ 42,7 +41,7 @@ Module Workload.
by
the
task
that
we
care
about
.
*
)
Definition
workload_joblist
(
t1
t2
:
time
)
:=
\
sum_
(
j
<
jobs_scheduled_between
sched
t1
t2

job_task
j
==
tsk
)
service_during
rate
sched
j
t1
t2
.
service_during
sched
j
t1
t2
.
(
*
Next
,
we
show
that
the
two
definitions
are
equivalent
.
*
)
...
...
@@ 54,41 +53,43 @@ Module Workload.
rewrite
[
\
sum_
(
j
<
jobs_scheduled_between
_
_
_

_
)
_
]
exchange_big
/=
.
apply
eq_big_nat
;
unfold
service_at
;
intros
t
LEt
.
rewrite
[
\
sum_
(
i
<
jobs_scheduled_between
_
_
_

_
)
_
](
eq_bigr
(
fun
i
=>
\
sum_
(
cpu
<
num_cpus
)
(
sched
cpu
t
==
Some
i
)
*
rate
i
cpu
));
\
sum_
(
cpu
<
num_cpus
)
(
sched
cpu
t
==
Some
i
)));
last
by
ins
;
rewrite
big_mkcond
;
apply
eq_bigr
;
ins
;
rewrite
mulnbl
.
rewrite
exchange_big
/=
;
apply
eq_bigr
.
intros
cpu
LEcpu
;
rewrite

big_filter
.
destruct
(
sched
cpu
t
)
eqn
:
SCHED
;
simpl
;
last
first
.
by
rewrite
>
eq_bigr
with
(
F2
:=
fun
i
=>
0
);
[
by
rewrite
big_const_seq
iter_addn

by
ins
].
{
destruct
(
job_task
j
==
tsk
)
eqn
:
EQtsk
;
try
rewrite
mul1n
;
try
rewrite
mul0n
.
{
rewrite
>
bigD1_seq
with
(
j
:=
j
);
last
by
rewrite
filter_undup
undup_uniq
.
{
rewrite
>
eq_bigr
with
(
F2
:=
fun
i
=>
0
);
first
by
rewrite
big_const_seq
iter_addn
/=
mul0n
2
!
addn0
eq_refl
mul1n
.
intros
i
NEQ
;
destruct
(
Some
j
==
Some
i
)
eqn
:
SOMEeq
;
last
by
rewrite
SOMEeq
mul0n
.
by
move
:
SOMEeq
=>
/
eqP
SOMEeq
;
inversion
SOMEeq
;
subst
;
rewrite
eq_refl
in
NEQ
.
}
{
rewrite
mem_filter
;
apply
/
andP
;
split
;
first
by
ins
.
rewrite
mem_undup
.
apply
mem_bigcat_nat
with
(
j
:=
t
);
first
by
ins
.
apply
mem_bigcat_ord
with
(
j
:=
cpu
);
first
by
apply
ltn_ord
.
by
rewrite
SCHED
inE
;
apply
/
eqP
.
}
}
destruct
(
sched
cpu
t
)
eqn
:
SCHED
;
simpl
;
last
by
rewrite
big_const_seq
iter_addn
mul0n
addn0
.
destruct
(
job_task
j
==
tsk
)
eqn
:
EQtsk
;
try
rewrite
mul1n
;
try
rewrite
mul0n
.
{
rewrite
>
bigD1_seq
with
(
j
:=
j
);
last
by
rewrite
filter_undup
undup_uniq
.
{
rewrite
>
eq_bigr
with
(
F2
:=
fun
i
=>
0
);
last
first
.
{
rewrite
big_filter
;
rewrite
>
eq_bigr
with
(
F2
:=
fun
i
=>
0
);
first
by
rewrite
big_const_seq
iter_addn
mul0n
addn0
.
intros
i
EQtsk2
;
destruct
(
Some
j
==
Some
i
)
eqn
:
SOMEeq
;
last
by
rewrite
mul0n
.
by
move
:
SOMEeq
=>
/
eqP
SOMEeq
;
inversion
SOMEeq
;
subst
;
rewrite
EQtsk2
in
EQtsk
.
intros
i
DIFF
.
destruct
(
Some
j
==
Some
i
)
eqn
:
SOME
;
rewrite
SOME
;
last
by
done
.
move:
SOME
=>
/
eqP
SOME
;
inversion
SOME
as
[
EQ
].
by
rewrite
EQ
eq_refl
in
DIFF
.
}
by
rewrite
/=
big_const_seq
iter_addn
mul0n
2
!
addn0
eq_refl
.
}
Qed
.
{
rewrite
mem_filter
;
apply
/
andP
;
split
;
first
by
ins
.
rewrite
mem_undup
.
apply
mem_bigcat_nat
with
(
j
:=
t
);
first
by
ins
.
apply
mem_bigcat_ord
with
(
j
:=
cpu
);
first
by
apply
ltn_ord
.
by
rewrite
SCHED
inE
;
apply
/
eqP
.
}
}
{
rewrite
big_filter
;
rewrite
>
eq_bigr
with
(
F2
:=
fun
i
=>
0
);
first
by
rewrite
big_const_seq
iter_addn
mul0n
addn0
.
intros
i
EQtsk2
;
destruct
(
Some
j
==
Some
i
)
eqn
:
SOME
;
last
by
done
.
move:
SOME
=>
/
eqP
SOME
;
inversion
SOME
;
subst
.
by
rewrite
EQtsk2
in
EQtsk
.
}
Qed
.
End
WorkloadDef
.
End
Workload
.
workload_bound.v
View file @
0582d634
This diff is collapsed.
Click to expand it.