Commit 258edf49 authored by Felipe Cerqueira's avatar Felipe Cerqueira

Formalization of Weakly Sustainable Policy

1) Formalize the notion of weakly sustainable policy, along with
its contrapositive, and prove the equivalence between the two.

2) Establish weak sustainability of self-suspending tasks w.r.t.
execution times and variable suspension times, based on the
transformation we had formalized.
parent 9aa57786
Require Import rt.util.all.
Require Import rt.model.priority rt.model.suspension.
Require Import rt.model.arrival.basic.arrival_sequence.
Require Import rt.model.schedule.uni.response_time
Require Import rt.model.schedule.uni.susp.suspension_intervals
Require Import rt.analysis.uni.susp.sustainability.allcosts.reduction
Require Import
From mathcomp Require Import ssreflect ssrbool eqtype ssrnat seq fintype bigop.
(* In this file, we use the reduction we derived to show the weak sustainability with
job costs and varying suspension times in the dynamic suspension model. *)
Module SustainabilityAllCostsProperty.
Import ScheduleWithSuspensions Suspension Priority SuspensionIntervals
PlatformWithSuspensions ResponseTime Sustainability
Module reduction := SustainabilityAllCosts.
Module reduction_prop := SustainabilityAllCostsProperties.
Section SustainabilityProperty.
Context {Task: eqType}.
Context {Job: eqType}.
(** Defining the task model *)
Variable higher_eq_priority: JLDP_policy Job.
Hypothesis H_priority_reflexive: JLDP_is_reflexive higher_eq_priority.
Hypothesis H_priority_transitive: JLDP_is_transitive higher_eq_priority.
Variable job_task: Job -> Task.
Variable task_suspension_bound: Task -> duration.
(* First, we state all properties about suspension, ... *)
Let satisfies_suspension_properties (params: seq (job_parameter Job)) :=
dynamic_suspension_model (return_param JOB_COST params) job_task
(return_param JOB_SUSPENSION params) task_suspension_bound.
(* ...all properties of the schedule, ... *)
Let satisfies_schedule_properties (params: seq (job_parameter Job)) (arr_seq: arrival_sequence Job)
(sched: schedule Job) :=
let job_arrival := return_param JOB_ARRIVAL params in
let job_cost := return_param JOB_COST params in
let job_suspension_duration := return_param JOB_SUSPENSION params in
jobs_come_from_arrival_sequence sched arr_seq /\
jobs_must_arrive_to_execute job_arrival sched /\
completed_jobs_dont_execute job_cost sched /\
work_conserving job_arrival job_cost job_suspension_duration arr_seq sched /\
respects_JLDP_policy job_arrival job_cost job_suspension_duration arr_seq
sched higher_eq_priority /\
respects_self_suspensions job_arrival job_cost job_suspension_duration sched.
(* ...and all properties of the arrival sequence. *)
Let satisfies_arrival_sequence_properties (params: seq (job_parameter Job))
(arr_seq: arrival_sequence Job) :=
arrival_times_are_consistent (return_param JOB_ARRIVAL params) arr_seq /\
JLDP_is_total arr_seq higher_eq_priority.
(* Then, we define the task model as the combination of such properties. *)
Let belongs_to_task_model (params: seq (job_parameter Job))
(arr_seq: arrival_sequence Job) (sched: schedule Job) :=
satisfies_arrival_sequence_properties params arr_seq /\
satisfies_schedule_properties params arr_seq sched /\
satisfies_suspension_properties params.
(** Sustainability Claim *)
(* We use as schedulability property the notion of response-time bound, i.e., we are
going to show that improving job parameters leads to "no worse response times". *)
Variable R: time.
Let response_time_bounded_by_R (params: seq (job_parameter Job)) (sched: schedule Job) (j: Job) :=
is_response_time_bound_of_job (return_param JOB_ARRIVAL params)
(return_param JOB_COST params) sched j R.
(* Next, we recall the definition of weakly-sustainable policy with job costs
and varying suspension times... *)
Let sustainable_param := JOB_COST.
Let variable_params := [:: JOB_SUSPENSION].
Let has_better_sustainable_param (cost cost': Job -> time) := forall j, cost j >= cost' j.
Let weakly_sustainable_with_job_costs_and_variable_suspension_times :=
weakly_sustainable all_params response_time_bounded_by_R belongs_to_task_model
sustainable_param has_better_sustainable_param variable_params.
(* ...and prove that it holds for this scheduling policy and task model. *)
Theorem policy_is_weakly_sustainable:
intros params good_params CONS CONS' ONLY BETTER VSCHED good_arr_seq good_sched good_j BELONGS.
split_conj BELONGS; split_conj BELONGS; split_conj BELONGS0; split_conj BELONGS1.
set job_arrival := return_param JOB_ARRIVAL good_params.
unfold differ_only_by in *.
have EQarr: job_arrival = return_param JOB_ARRIVAL params.
move: CONS CONS' => [UNIQ [IFF _]] [UNIQ' [IFF' _]].
have ARR: JOB_ARRIVAL \in labels_of params by apply IFF.
have ARR': JOB_ARRIVAL \in labels_of good_params by apply IFF'.
move: ARR ARR' => /mapP2 [p IN EQ] => /mapP2 [p' IN' EQ'].
symmetry in EQ; symmetry in EQ'.
have EQp := found_param_label params p JOB_ARRIVAL UNIQ IN EQ.
have EQp' := found_param_label good_params p' JOB_ARRIVAL UNIQ' IN' EQ'.
specialize (ONLY p p' IN IN').
feed_n 2 ONLY; [by rewrite EQ | by rewrite EQ |].
rewrite ONLY EQp' in EQp.
by inversion EQp.
set good_cost := return_param JOB_COST good_params.
set bad_cost := return_param JOB_COST params.
set good_suspension := return_param JOB_SUSPENSION good_params.
set bad_sched := reduction.sched_new job_arrival good_cost good_arr_seq higher_eq_priority
good_sched bad_cost good_j R.
set reduced_suspension_duration := reduction.reduced_suspension_duration job_arrival good_cost
good_arr_seq higher_eq_priority good_sched good_suspension bad_cost good_j R.
set bad_params := [:: param JOB_ARRIVAL job_arrival; param JOB_COST bad_cost;
param JOB_SUSPENSION reduced_suspension_duration].
apply reduction_prop.sched_new_response_time_of_job_j with (arr_seq := good_arr_seq)
(higher_eq_priority0 := higher_eq_priority) (inflated_job_cost := bad_cost);
try done.
feed (VSCHED bad_params).
split; first by done.
split; first by intros l; split;
move => IN; rewrite /= 2!in_cons mem_seq1 in IN;
move: IN => /orP [/eqP EQ | /orP [/eqP EQ | /eqP EQ]]; rewrite EQ.
intros l IN; move: CONS => [_ [IFF CONS]].
specialize (CONS l IN); apply IFF in CONS.
rewrite 2!in_cons mem_seq1 in CONS.
by move: CONS => /orP [/eqP EQ | /orP [/eqP EQ | /eqP EQ]]; rewrite EQ.
rewrite -/bad_sched.
apply VSCHED with (arr_seq := good_arr_seq).
intros P1 P2 IN1 IN2 EQ NOTIN; simpl in IN2.
move: CONS CONS' => [UNIQ _] [UNIQ' [IN' _]].
move: IN2 => [EQ2a | [EQ2c | [EQ2s | BUG]]]; try done; first last.
- by rewrite EQ -EQ2s in NOTIN.
- by rewrite -EQ2c; apply found_param_label; rewrite // EQ -EQ2c.
- by rewrite -EQ2a EQarr; apply found_param_label; rewrite // EQ -EQ2a.
repeat split; try (by done).
- by apply reduction_prop.sched_new_jobs_come_from_arrival_sequence.
- by apply reduction_prop.sched_new_jobs_must_arrive_to_execute.
- by apply reduction_prop.sched_new_completed_jobs_dont_execute.
- by apply reduction_prop.sched_new_work_conserving.
- by apply reduction_prop.sched_new_respects_policy.
- by apply reduction_prop.sched_new_respects_self_suspensions.
intros j0.
apply leq_trans with (n := total_suspension good_cost good_suspension j0); last by done.
by apply reduction_prop.sched_new_has_shorter_total_suspension.
End SustainabilityProperty.
End SustainabilityAllCostsProperty.
\ No newline at end of file
......@@ -24,7 +24,6 @@ Module SustainabilityAllCostsProperties.
Section ReductionProperties.
Context {Task: eqType}.
Context {Job: eqType}.
Variable job_arrival: Job -> time.
Variable job_cost: Job -> time.
......@@ -638,9 +637,9 @@ Module SustainabilityAllCostsProperties.
Let cumulative_suspension_in_sched_new :=
cumulative_suspension job_arrival inflated_job_cost reduced_suspension_duration sched_new.
(* To conclude, we prove that the suspension durations in the new schedule are no
longer than in the original schedule. *)
Lemma sched_new_has_shorter_suspensions:
(* To conclude, we prove that the cumulative suspension in the new schedule is no
larger than in the original schedule,... *)
Lemma sched_new_has_shorter_suspension:
forall any_j t,
cumulative_suspension_in_sched_new any_j t
<= cumulative_suspension_in_sched_susp any_j t.
......@@ -665,6 +664,65 @@ Module SustainabilityAllCostsProperties.
(* ... which implies that the total suspension is also no larger. *)
Corollary sched_new_has_shorter_total_suspension:
forall any_j,
total_suspension inflated_job_cost reduced_suspension_duration any_j <=
total_suspension job_cost job_suspension_duration any_j.
intros any_j.
apply leq_trans with (n := cumulative_suspension_in_sched_new any_j (arr_j + R)).
unfold total_suspension, reduced_suspension_duration, reduction.reduced_suspension_duration,
rewrite -/sched_new.
set SUSP_new := _ job_arrival job_cost _ _ _ _ _ _ _.
set cost' := inflated_job_cost.
set arr := job_arrival j.
apply leq_trans with (n := \sum_(0 <= t < cost' any_j) \sum_(0 <= t0 < arr + R)
if (service sched_new any_j t0 == t) then SUSP_new any_j t0 else false);
first by apply leq_sum; ins; rewrite big_mkcond; apply leq_sum; ins; case: (_ == _).
rewrite exchange_big /=.
apply leq_sum_nat; move => i /= LT _.
case COMP: (completed_in_sched_new any_j i).
apply leq_trans with (n := 0); last by done.
rewrite big_nat_cond big1 //; move => s /= LTs.
case EQ: (_ == _); last by done.
move: EQ => /eqP EQ; rewrite andbT -EQ {EQ} in LTs.
by move: COMP => /eqP COMP; rewrite ltn_neqAle COMP eq_refl in LTs.
apply negbT in COMP; rewrite /completed_in_sched_new /completed_by in COMP.
set s := service sched_new any_j i; rewrite -/s neq_ltn in COMP.
move: COMP => /orP [LTs | GTs]; last first.
suff BUG': inflated_job_cost any_j >= s by rewrite ltnNge BUG' in GTs.
apply cumulative_service_le_job_cost.
by apply sched_new_completed_jobs_dont_execute.
rewrite -> big_cat_nat with (n := s); [simpl | by done | by apply ltnW].
rewrite -> big_cat_nat with (m := s) (n := s.+1); [simpl | by done | by done].
rewrite big_nat_cond big1; last first.
move => i0; rewrite andbT; move => /= LT0.
by case EQ: (_ == _) => //; move: EQ => /eqP EQ; subst; rewrite ltnn in LT0.
rewrite add0n big_nat_recr //= eq_refl big_geq // add0n.
rewrite big_nat_cond big1; [rewrite addn0 |]; last first.
move => i0; rewrite andbT; move => /andP [LT0 _].
rewrite ltn_neqAle in LT0; move: LT0 => /andP [NEQ _].
by apply negbTE in NEQ; rewrite NEQ.
by rewrite -sched_new_suspension_matches.
apply leq_trans with (n := cumulative_suspension_in_sched_susp any_j (arr_j + R));
first by apply sched_new_has_shorter_suspension.
by apply cumulative_suspension_le_total_suspension.
End SuspensionTable.
(** Suspension-Related Schedule Properties *)
This diff is collapsed.
......@@ -15,9 +15,9 @@ Module Suspension.
(* We define job suspension as a function that takes a job in the arrival
sequence and its current service and returns how long the job must
suspend next. *)
Definition job_suspension := Job -> (* job *)
time -> (* current service *)
time. (* duration of next suspension *)
Definition job_suspension := Job -> (* job *)
time -> (* current service *)
duration. (* duration of next suspension *)
End SuspensionTimes.
......@@ -25,7 +25,7 @@ Module Suspension.
Section TotalSuspensionTime.
Context {Job: eqType}.
Variable job_cost: Job -> time.
Variable job_cost: Job -> time.
(* Consider any job suspension function. *)
Variable next_suspension: job_suspension Job.
......@@ -56,7 +56,7 @@ Module Suspension.
Let total_job_suspension := total_suspension job_cost next_suspension.
(* Next, assume that for each task a suspension bound is known. *)
Variable suspension_bound: Task -> time.
Variable suspension_bound: Task -> duration.
(* Then, we say that the arrival sequence satisfies the dynamic
suspension model iff the total suspension time of each job is no
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment