Commit 32126a75 authored by Felipe Cerqueira's avatar Felipe Cerqueira
Browse files

Major Changes in RTA and Directory Structure

- Removed unnecessary assumption in RTA about task precedence/no intra-task parallelism.
- Scheduler models and analyses are organized in separate modules/folders.
- Added RTA for FP and EDF for schedulers with release jitter.
- The scheduling invariants were split into more fine-grained assumptions:
  (a) scheduler is work-conserving
  (b) scheduler enforces FP/JLDP priority X
- New helper lemmas about counting, and sorted/uniq lists
- Inclusion of tactics feed and feed_n (see documentation).
- Added a Makefile generator
parent d3e96fc8
......@@ -14,7 +14,7 @@
#
# This Makefile was generated by the command line :
# coq_makefile arrival_sequence.v bertogna_edf_comp.v bertogna_edf_theory.v bertogna_fp_comp.v bertogna_fp_theory.v interference_bound_edf.v interference.v job.v platform.v priority.v response_time.v schedulability.v schedule.v ssromega.v task_arrival.v task.v util_divround.v util_lemmas.v Vbase.v workload_bound.v workload.v
# coq_makefile -R . rt ./util/ssromega.v ./util/lemmas.v ./util/Vbase.v ./util/divround.v ./analysis/basic/bertogna_fp_theory.v ./analysis/basic/bertogna_edf_comp.v ./analysis/basic/bertogna_fp_comp.v ./analysis/basic/bertogna_edf_theory.v ./analysis/jitter/bertogna_fp_theory.v ./analysis/jitter/bertogna_edf_comp.v ./analysis/jitter/bertogna_fp_comp.v ./analysis/jitter/bertogna_edf_theory.v ./model/basic/schedulability.v ./model/basic/interference_bound_edf.v ./model/basic/task.v ./model/basic/interference_bound_fp.v ./model/basic/task_arrival.v ./model/basic/interference_bound.v ./model/basic/platform.v ./model/basic/schedule.v ./model/basic/priority.v ./model/basic/interference_edf.v ./model/basic/interference.v ./model/basic/workload.v ./model/basic/job.v ./model/basic/arrival_sequence.v ./model/basic/response_time.v ./model/basic/platform_fp.v ./model/basic/workload_bound.v ./model/jitter/schedulability.v ./model/jitter/interference_bound_edf.v ./model/jitter/task.v ./model/jitter/interference_bound_fp.v ./model/jitter/task_arrival.v ./model/jitter/interference_bound.v ./model/jitter/platform.v ./model/jitter/schedule.v ./model/jitter/priority.v ./model/jitter/interference_edf.v ./model/jitter/interference.v ./model/jitter/workload.v ./model/jitter/job.v ./model/jitter/arrival_sequence.v ./model/jitter/response_time.v ./model/jitter/platform_fp.v ./model/jitter/workload_bound.v -o Makefile
#
.DEFAULT_GOAL := all
......@@ -39,8 +39,8 @@ $(call includecmdwithout@,$(COQBIN)coqtop -config)
# #
##########################
COQLIBS?=-I .
COQDOCLIBS?=
COQLIBS?= -R . rt
COQDOCLIBS?=-R . rt
##########################
# #
......@@ -80,35 +80,57 @@ endif
# #
######################
VFILES:=arrival_sequence.v\
bertogna_edf_comp.v\
bertogna_edf_theory.v\
bertogna_fp_comp.v\
bertogna_fp_theory.v\
interference_bound_edf.v\
interference.v\
interference_edf.v\
job.v\
platform.v\
platform_edf.v\
priority.v\
response_time.v\
schedulability.v\
schedule.v\
ssromega.v\
task_arrival.v\
task.v\
util_divround.v\
util_lemmas.v\
Vbase.v\
workload_bound.v\
workload.v
VFILES:=util/ssromega.v\
util/lemmas.v\
util/Vbase.v\
util/divround.v\
analysis/basic/bertogna_fp_theory.v\
analysis/basic/bertogna_edf_comp.v\
analysis/basic/bertogna_fp_comp.v\
analysis/basic/bertogna_edf_theory.v\
analysis/jitter/bertogna_fp_theory.v\
analysis/jitter/bertogna_edf_comp.v\
analysis/jitter/bertogna_fp_comp.v\
analysis/jitter/bertogna_edf_theory.v\
model/basic/schedulability.v\
model/basic/interference_bound_edf.v\
model/basic/task.v\
model/basic/interference_bound_fp.v\
model/basic/task_arrival.v\
model/basic/interference_bound.v\
model/basic/platform.v\
model/basic/schedule.v\
model/basic/priority.v\
model/basic/interference_edf.v\
model/basic/interference.v\
model/basic/workload.v\
model/basic/job.v\
model/basic/arrival_sequence.v\
model/basic/response_time.v\
model/basic/platform_fp.v\
model/basic/workload_bound.v\
model/jitter/schedulability.v\
model/jitter/interference_bound_edf.v\
model/jitter/task.v\
model/jitter/interference_bound_fp.v\
model/jitter/task_arrival.v\
model/jitter/interference_bound.v\
model/jitter/platform.v\
model/jitter/schedule.v\
model/jitter/priority.v\
model/jitter/interference_edf.v\
model/jitter/interference.v\
model/jitter/workload.v\
model/jitter/job.v\
model/jitter/arrival_sequence.v\
model/jitter/response_time.v\
model/jitter/platform_fp.v\
model/jitter/workload_bound.v
-include $(addsuffix .d,$(VFILES))
.SECONDARY: $(addsuffix .d,$(VFILES))
VOFILES:=$(VFILES:.v=.vo)
VOFILESINC=$(filter $(wildcard ./*),$(VOFILES))
GLOBFILES:=$(VFILES:.v=.glob)
VIFILES:=$(VFILES:.v=.vi)
GFILES:=$(VFILES:.v=.g)
......@@ -178,15 +200,15 @@ userinstall:
+$(MAKE) USERINSTALL=true install
install:
install -d $(DSTROOT)$(COQLIBINSTALL)/$(INSTALLDEFAULTROOT); \
for i in $(VOFILESINC); do \
install -m 0644 $$i $(DSTROOT)$(COQLIBINSTALL)/$(INSTALLDEFAULTROOT)/`basename $$i`; \
for i in $(VOFILES); do \
install -d `dirname $(DSTROOT)$(COQLIBINSTALL)/rt/$$i`; \
install -m 0644 $$i $(DSTROOT)$(COQLIBINSTALL)/rt/$$i; \
done
install-doc:
install -d $(DSTROOT)$(COQDOCINSTALL)/$(INSTALLDEFAULTROOT)/html
install -d $(DSTROOT)$(COQDOCINSTALL)/rt/html
for i in html/*; do \
install -m 0644 $$i $(DSTROOT)$(COQDOCINSTALL)/$(INSTALLDEFAULTROOT)/$$i;\
install -m 0644 $$i $(DSTROOT)$(COQDOCINSTALL)/rt/$$i;\
done
clean:
......
This diff is collapsed.
Require Import Vbase task job task_arrival schedule platform interference
workload workload_bound schedulability priority platform
platform_edf response_time
bertogna_fp_theory interference_bound_edf util_divround util_lemmas
ssreflect ssrbool eqtype ssrnat seq fintype bigop div path.
Add LoadPath "../.." as rt.
Require Import rt.util.Vbase rt.util.lemmas rt.util.divround.
Require Import rt.model.basic.task rt.model.basic.job rt.model.basic.task_arrival
rt.model.basic.schedule rt.model.basic.platform rt.model.basic.interference
rt.model.basic.workload rt.model.basic.workload_bound rt.model.basic.schedulability
rt.model.basic.priority rt.model.basic.platform rt.model.basic.response_time
rt.model.basic.interference_bound_edf.
Require Import ssreflect ssrbool eqtype ssrnat seq fintype bigop div path.
Module ResponseTimeAnalysisEDF.
Import Job SporadicTaskset ScheduleOfSporadicTask Workload Schedulability ResponseTime
Priority SporadicTaskArrival WorkloadBound EDFSpecificBound ResponseTimeAnalysisFP
PlatformEDF.
(* In the following section, we define Bertogna and Cirinei's
interference bound for EDF scheduling. *)
Section TotalInterferenceBoundEDF.
Context {sporadic_task: eqType}.
Variable task_cost: sporadic_task -> nat.
Variable task_period: sporadic_task -> nat.
Variable task_deadline: sporadic_task -> nat.
(* Let tsk be the task to be analyzed. *)
Variable tsk: sporadic_task.
Let task_with_response_time := (sporadic_task * time)%type.
(* Assume a known response-time bound for each interfering task ... *)
Variable R_prev: seq task_with_response_time.
(* ... and an interval length delta. *)
Variable delta: time.
Section PerTask.
Variable tsk_R: task_with_response_time.
Let tsk_other := fst tsk_R.
Let R_other := snd tsk_R.
(* By combining Bertogna's interference bound for a work-conserving
scheduler ... *)
Let basic_interference_bound := interference_bound_fp task_cost task_period tsk delta tsk_R.
(* ... with and EDF-specific interference bound, ... *)
Let edf_specific_bound := edf_specific_interference_bound task_cost task_period task_deadline tsk tsk_other R_other.
(* Bertogna and Cirinei define the following interference bound
under EDF scheduling. *)
Definition interference_bound_edf :=
minn basic_interference_bound edf_specific_bound.
End PerTask.
Section AllTasks.
Let interferes_with_tsk := is_interfering_task_jlfp tsk.
(* The total interference incurred by tsk is bounded by the sum
of individual task interferences. *)
Definition total_interference_bound_edf :=
\sum_((tsk_other, R_other) <- R_prev | interferes_with_tsk tsk_other)
interference_bound_edf (tsk_other, R_other).
End AllTasks.
End TotalInterferenceBoundEDF.
Export Job SporadicTaskset Schedule ScheduleOfSporadicTask Workload Schedulability ResponseTime
Priority SporadicTaskArrival WorkloadBound InterferenceBoundEDF
Interference Platform.
(* In this section, we prove that Bertogna and Cirinei's RTA yields
safe response-time bounds. *)
......@@ -106,16 +55,6 @@ Module ResponseTimeAnalysisEDF.
Hypothesis H_at_least_one_cpu :
num_cpus > 0.
(* In order not to overcount job interference, we assume that
jobs of the same task do not execute in parallel.
Note that under EDF, this is equivalent to task precedence
constraints.
This is required because our proof uses a definition of
interference based on the sum of the individual contributions
of each job: I_total = I_j1 + I_j2 + ... *)
Hypothesis H_no_intra_task_parallelism:
jobs_of_same_task_dont_execute_in_parallel job_task sched.
(* Assume that we have a task set where all tasks have valid
parameters and restricted deadlines. *)
Variable ts: taskset_of sporadic_task.
......@@ -151,14 +90,9 @@ Module ResponseTimeAnalysisEDF.
forall tsk_other R,
(tsk_other, R) \in rt_bounds -> R <= task_deadline tsk_other.
Let higher_eq_priority := @EDF Job arr_seq job_deadline. (* TODO: implicit params broken *)
(* Assume that the schedule satisfies the global scheduling invariant
for EDF, i.e., if any job of tsk is backlogged, every processor
must be busy with jobs with no larger absolute deadline. *)
Hypothesis H_global_scheduling_invariant:
JLFP_JLDP_scheduling_invariant_holds job_cost num_cpus sched higher_eq_priority.
(* Assume that we have a work-conserving EDF scheduler. *)
Hypothesis H_work_conserving: work_conserving job_cost sched.
Hypothesis H_edf_policy: enforces_JLDP_policy job_cost sched (EDF job_deadline).
(* Assume that the task set has no duplicates. Otherwise, counting
the number of tasks that have some property does not make sense
......@@ -210,7 +144,7 @@ Module ResponseTimeAnalysisEDF.
interference_bound_edf task_cost task_period task_deadline tsk R (tsk_other, R_other).
(* Also, let ts_interf be the subset of tasks that interfere with tsk. *)
Let ts_interf := [seq tsk_other <- ts | is_interfering_task_jlfp tsk tsk_other].
Let ts_interf := [seq tsk_other <- ts | jldp_can_interfere_with tsk tsk_other].
Section LemmasAboutInterferingTasks.
......@@ -276,7 +210,8 @@ Module ResponseTimeAnalysisEDF.
(* Next we prove some lemmas that help to derive a contradiction.*)
Section DerivingContradiction.
(* 1) Since job j did not complete by its response time bound, it follows that
(* 0) Since job j did not complete by its response time bound, it follows that
the total interference X >= R - e_k + 1. *)
Lemma bertogna_edf_too_much_interference : X >= R - task_cost tsk + 1.
Proof.
......@@ -323,60 +258,87 @@ Module ResponseTimeAnalysisEDF.
}
Qed.
Let scheduled_task_other_than_tsk (t: time) (tsk_other: sporadic_task) :=
task_is_scheduled job_task sched tsk_other t &&
jldp_can_interfere_with tsk tsk_other.
(* 1) At all times that j is backlogged, all processors are busy with other tasks. *)
Lemma bertogna_edf_scheduling_invariant:
forall t,
job_arrival j <= t < job_arrival j + R ->
backlogged job_cost sched j t ->
count (scheduled_task_other_than_tsk t) ts = num_cpus.
Proof.
rename H_all_jobs_from_taskset into FROMTS,
H_valid_task_parameters into PARAMS,
H_job_of_tsk into JOBtsk,
H_sporadic_tasks into SPO,
H_tsk_R_in_rt_bounds into INbounds,
H_all_previous_jobs_completed_on_time into BEFOREok,
H_tasks_miss_no_deadlines into NOMISS,
H_rt_bounds_contains_all_tasks into UNZIP,
H_restricted_deadlines into RESTR,
H_work_conserving into WORK.
unfold x, X, total_interference, task_interference.
move => t /andP [LEt LTt] BACK.
unfold scheduled_task_other_than_tsk in *.
eapply platform_cpus_busy_with_interfering_tasks; try (by done);
[ by apply WORK | by apply SPO
| apply PARAMS; rewrite -JOBtsk; apply FROMTS
| by apply JOBtsk | by apply BACK | ].
{
intros j0 tsk0 TSK0 LE.
cut (tsk0 \in unzip1 rt_bounds); [intro IN | by rewrite UNZIP -TSK0 FROMTS].
move: IN => /mapP [p IN EQ]; destruct p as [tsk' R0]; simpl in *; subst tsk'.
apply completion_monotonic with (t0 := job_arrival j0 + R0); try (by done).
{
rewrite leq_add2l TSK0.
apply leq_trans with (n := task_deadline tsk0); first by apply NOMISS.
by apply RESTR; rewrite -TSK0 FROMTS.
}
{
apply BEFOREok with (tsk_other := tsk0); try (by done).
apply leq_ltn_trans with (n := t); last by done.
apply leq_trans with (n := job_arrival j0 + task_period tsk0); last by done.
rewrite leq_add2l; apply leq_trans with (n := task_deadline tsk0); first by apply NOMISS.
by apply RESTR; rewrite -TSK0 FROMTS.
}
}
Qed.
(* 2) Next, we prove that the sum of the interference of each task is equal
to the total interference multiplied by the number of processors. This
holds because interference only occurs when all processors are busy. *)
Lemma bertogna_edf_all_cpus_busy :
\sum_(tsk_k <- ts_interf) x tsk_k = X * num_cpus.
Proof.
rename H_global_scheduling_invariant into INV,
H_all_jobs_from_taskset into FROMTS,
rename H_all_jobs_from_taskset into FROMTS,
H_valid_task_parameters into PARAMS,
H_job_of_tsk into JOBtsk,
H_sporadic_tasks into SPO,
H_tsk_R_in_rt_bounds into INbounds,
H_all_previous_jobs_completed_on_time into BEFOREok,
H_tasks_miss_no_deadlines into NOMISS,
H_rt_bounds_contains_all_tasks into UNZIP,
H_restricted_deadlines into RESTR.
unfold sporadic_task_model in *.
unfold x, X, total_interference, task_interference.
rewrite -big_mkcond -exchange_big big_distrl /=.
rewrite [\sum_(_ <= _ < _ | backlogged _ _ _ _) _]big_mkcond.
apply eq_big_nat; move => t /andP [LEt LTt].
apply eq_big_nat; move => t LEt.
destruct (backlogged job_cost sched j t) eqn:BACK;
last by rewrite (eq_bigr (fun i => 0));
[by rewrite big_const_seq iter_addn mul0n addn0 | by done].
rewrite big_mkcond mul1n /=.
rewrite big_filter big_mkcond.
rewrite (eq_bigr (fun i => if (is_interfering_task_jlfp tsk i &&
task_is_scheduled job_task sched i t) then 1 else 0));
last by intro i; clear -i; desf.
rewrite -big_mkcond sum1_count.
eapply cpus_busy_with_interfering_tasks; try (by done);
[ by apply INV
| by red; apply SPO
| by apply PARAMS; rewrite -JOBtsk FROMTS
| by apply JOBtsk
| by apply BACK | ].
rewrite (eq_bigr (fun i => if (scheduled_task_other_than_tsk t i) then 1 else 0));
last first.
{
intros j0 TSK0 LT0.
unfold pending in *.
apply completion_monotonic with (t0 := job_arrival j0 + R);
try (by done).
{
apply leq_trans with (n := job_arrival j); last by done.
apply leq_trans with (n := job_arrival j0 + task_period tsk).
{
rewrite leq_add2l.
apply leq_trans with (n := task_deadline tsk);
[by apply NOMISS | by apply RESTR; rewrite -JOBtsk FROMTS].
}
rewrite -TSK0; apply SPO;
[| by rewrite JOBtsk TSK0 | by apply ltnW ].
by unfold not; intro BUG; rewrite BUG ltnn in LT0.
}
by apply BEFOREok with (tsk_other := tsk); rewrite ?ltn_add2r.
unfold scheduled_task_other_than_tsk; intros i _; clear -i.
by destruct (task_is_scheduled job_task sched i t); rewrite ?andFb ?andTb ?andbT //; desf.
}
rewrite -big_mkcond sum1_count.
by apply bertogna_edf_scheduling_invariant.
Qed.
(* Let (cardGE delta) be the number of interfering tasks whose interference
......@@ -391,8 +353,7 @@ Module ResponseTimeAnalysisEDF.
cardGE delta > 0 ->
\sum_(i <- ts_interf | x i < delta) x i >= delta * (num_cpus - cardGE delta).
Proof.
rename H_global_scheduling_invariant into INV,
H_all_jobs_from_taskset into FROMTS,
rename H_all_jobs_from_taskset into FROMTS,
H_valid_task_parameters into PARAMS,
H_job_of_tsk into JOBtsk,
H_sporadic_tasks into SPO,
......@@ -431,7 +392,8 @@ Module ResponseTimeAnalysisEDF.
total_interference_B t).
{
rewrite big_distrl /=.
apply leq_sum; intros t _.
rewrite big_nat_cond [\sum_(_ <= _ < _ | true)_]big_nat_cond.
apply leq_sum; move => t /andP [LEt _].
unfold some_interference_A, total_interference_B.
destruct (backlogged job_cost sched j t) eqn:BACK;
[rewrite andTb mul1n | by done].
......@@ -441,33 +403,8 @@ Module ResponseTimeAnalysisEDF.
rewrite mul1n; move: HAS => /hasP HAS.
destruct HAS as [tsk_k INk LEk].
generalize INV; intro COUNT.
apply cpus_busy_with_interfering_tasks with
(job_task0:=job_task) (ts0:=ts) (j0:=j) (tsk0:=tsk) (t0:=t)
(task_cost0 := task_cost) (task_period0 := task_period)
(task_deadline0 := task_deadline) in COUNT; try (by done);
[| by apply PARAMS; rewrite -JOBtsk FROMTS | ]; last first.
{
intros j0 TSK0 LT0.
unfold pending in *.
apply completion_monotonic with (t0 := job_arrival j0 + R);
try (by done).
{
move: BACK => /andP [/andP [ARRIVED NOTCOMP] NOTSCHED].
apply leq_trans with (n := job_arrival j); last by done.
apply leq_trans with (n := job_arrival j0 + task_period tsk).
{
rewrite leq_add2l.
apply leq_trans with (n := task_deadline tsk);
[by apply NOMISS | by apply RESTR; rewrite -JOBtsk FROMTS].
}
rewrite -TSK0; apply SPO;
[| by rewrite JOBtsk TSK0 | by apply ltnW ].
by unfold not; intro BUG; rewrite BUG ltnn in LT0.
}
by apply BEFOREok with (tsk_other := tsk); rewrite ?ltn_add2r.
}
have COUNT := bertogna_edf_scheduling_invariant t LEt BACK.
unfold cardGE.
set interfering_tasks_at_t :=
[seq tsk_k <- ts_interf | task_is_scheduled job_task
......@@ -578,7 +515,7 @@ Module ResponseTimeAnalysisEDF.
is not enough to cover the sum of the "minimum" term over
all tasks (artifact of the proof by contradiction). *)
Lemma bertogna_edf_sum_exceeds_total_interference:
\sum_((tsk_other, R_other) <- rt_bounds | is_interfering_task_jlfp tsk tsk_other)
\sum_((tsk_other, R_other) <- rt_bounds | jldp_can_interfere_with tsk tsk_other)
minn (x tsk_other) (R - task_cost tsk + 1) > I tsk R.
Proof.
rename H_rt_bounds_contains_all_tasks into UNZIP,
......@@ -590,15 +527,15 @@ Module ResponseTimeAnalysisEDF.
rewrite (eq_bigr (fun i => minn (x (fst i)) (R - task_cost tsk + 1)));
last by ins; destruct i.
move: UNZIP => UNZIP.
assert (FILTER: filter (is_interfering_task_jlfp tsk) (unzip1 rt_bounds) =
filter (is_interfering_task_jlfp tsk) ts).
assert (FILTER: filter (jldp_can_interfere_with tsk) (unzip1 rt_bounds) =
filter (jldp_can_interfere_with tsk) ts).
by f_equal.
unfold ts_interf; rewrite -FILTER; clear FILTER.
rewrite -[\sum_(_ <- rt_bounds | _)_]big_filter.
assert (SUBST: [seq i <- rt_bounds
| let '(tsk_other, _) := i in
is_interfering_task_jlfp tsk tsk_other] = [seq i <- rt_bounds
| is_interfering_task_jlfp tsk (fst i)]).
jldp_can_interfere_with tsk tsk_other] = [seq i <- rt_bounds
| jldp_can_interfere_with tsk (fst i)]).
{
by apply eq_filter; red; intro i; destruct i.
} rewrite SUBST; clear SUBST.
......@@ -629,7 +566,7 @@ Module ResponseTimeAnalysisEDF.
rename H_rt_bounds_contains_all_tasks into UNZIP.
assert (HAS: has (fun tup : task_with_response_time =>
let (tsk_other, R_other) := tup in
(tsk_other \in ts) && is_interfering_task_jlfp tsk tsk_other &&
(tsk_other \in ts) && jldp_can_interfere_with tsk tsk_other &&
(minn (x tsk_other) (R - task_cost tsk + 1) >
interference_bound tsk_other R_other))
rt_bounds).
......@@ -713,7 +650,7 @@ Module ResponseTimeAnalysisEDF.
by ins; apply IH with (tsk := tsk_other) (R := R_other).
}
intro EX; destruct EX as [tsk_other [R_other [HP LTmin]]].
unfold interference_bound_edf, interference_bound_fp in LTmin.
unfold interference_bound_edf, interference_bound_generic in LTmin.
rewrite minnAC in LTmin; apply min_lt_same in LTmin.
have BASICBOUND := bertogna_edf_workload_bounds_interference R' j BEFOREok tsk_other R_other HP.
have EDFBOUND := (bertogna_edf_specific_bound_holds tsk' R' INbounds j JOBtsk BEFOREok tsk_other R_other HP).
......
This diff is collapsed.
Require Import Vbase task job task_arrival schedule platform interference
workload workload_bound schedulability priority response_time
bertogna_fp_theory bertogna_edf_theory interference_bound_edf util_divround util_lemmas
ssreflect ssrbool eqtype ssrnat seq fintype bigop div path.
Add LoadPath "../.." as rt.
Require Import rt.util.Vbase rt.util.lemmas rt.util.divround.
Require Import rt.analysis.jitter.bertogna_edf_theory.
Require Import ssreflect ssrbool eqtype ssrnat seq fintype bigop div path.
Module ResponseTimeIterationEDF.
Import Job SporadicTaskset ScheduleOfSporadicTask Workload Schedulability ResponseTime
Priority SporadicTaskArrival WorkloadBound EDFSpecificBound ResponseTimeAnalysisFP
ResponseTimeAnalysisEDF.
Import ResponseTimeAnalysisEDFJitter.
(* In this section, we define the algorithm of Bertogna and Cirinei's
response-time analysis for EDF scheduling. *)
......@@ -17,6 +15,7 @@ Module ResponseTimeIterationEDF.
Variable task_cost: sporadic_task -> nat.
Variable task_period: sporadic_task -> nat.
Variable task_deadline: sporadic_task -> nat.
Variable task_jitter: sporadic_task -> nat.
(* During the iterations of the algorithm, we pass around pairs
of tasks and computed response-time bounds. *)
......@@ -26,6 +25,7 @@ Module ResponseTimeIterationEDF.
Variable job_cost: Job -> nat.
Variable job_deadline: Job -> nat.
Variable job_task: Job -> sporadic_task.
Variable job_jitter: Job -> nat.
(* Consider a platform with num_cpus processors. *)
Variable num_cpus: nat.
......@@ -33,18 +33,18 @@ Module ResponseTimeIterationEDF.
(* First, recall the interference bound under EDF, ... *)
Let I (rt_bounds: seq task_with_response_time)
(tsk: sporadic_task) (delta: time) :=
total_interference_bound_edf task_cost task_period task_deadline tsk rt_bounds delta.
total_interference_bound_edf task_cost task_period task_deadline task_jitter tsk rt_bounds delta.
(* ..., which yields the following response-time bound. *)
Definition edf_response_time_bound (rt_bounds: seq task_with_response_time)
(tsk: sporadic_task) (delta: time) :=
task_cost tsk + div_floor (I rt_bounds tsk delta) num_cpus.
(* Also note that a response-time is only valid if it is no larger
(* Also note that a response-time R is only valid if R + jitter is no larger
than the deadline. *)
Definition R_le_deadline (pair: task_with_response_time) :=
Definition jitter_plus_R_le_deadline (pair: task_with_response_time) :=
let (tsk, R) := pair in
R <= task_deadline tsk.
task_jitter tsk + R <= task_deadline tsk.
(* Next we define the fixed-point iteration for computing
Bertogna's response-time bound of a task set. *)
......@@ -80,7 +80,7 @@ Module ResponseTimeIterationEDF.
valid. *)
Definition edf_claimed_bounds (ts: taskset_of sporadic_task) :=
let R_values := iter (max_steps ts) edf_rta_iteration (initial_state ts) in
if (all R_le_deadline R_values) then
if (all jitter_plus_R_le_deadline R_values) then
Some R_values
else None.
......@@ -159,10 +159,10 @@ Module ResponseTimeIterationEDF.
forall ts rt_bounds tsk R,
edf_claimed_bounds ts = Some rt_bounds ->
(tsk, R) \in rt_bounds ->
R <= task_deadline tsk.
task_jitter tsk + R <= task_deadline tsk.
Proof.
intros ts rt_bounds tsk R SOME PAIR; unfold edf_claimed_bounds in SOME.
destruct (all R_le_deadline (iter (max_steps ts)
destruct (all jitter_plus_R_le_deadline (iter (max_steps ts)
edf_rta_iteration (initial_state ts))) eqn:DEADLINE;
last by done.
move: DEADLINE => /allP DEADLINE.
......@@ -180,7 +180,7 @@ Module ResponseTimeIterationEDF.
Proof.
intros ts rt_bounds tsk SOME IN.
unfold edf_claimed_bounds in SOME.
destruct (all R_le_deadline (iter (max_steps ts) edf_rta_iteration (initial_state ts)));
destruct (all jitter_plus_R_le_deadline (iter (max_steps ts) edf_rta_iteration (initial_state ts)));
last by done.
inversion SOME as [EQ]; clear SOME EQ.
generalize dependent tsk.
......@@ -218,22 +218,22 @@ Module ResponseTimeIterationEDF.
Hypothesis H_cost_le_rt_bound: task_cost tsk_other <= R.
Lemma interference_bound_edf_monotonic :
interference_bound_edf task_cost task_period task_deadline tsk delta (tsk_other, R) <=
interference_bound_edf task_cost task_period task_deadline tsk delta' (tsk_other, R').
interference_bound_edf task_cost task_period task_deadline task_jitter tsk delta (tsk_other, R) <=
interference_bound_edf task_cost task_period task_deadline task_jitter tsk delta' (tsk_other, R').
Proof.
rename H_response_time_monotonic into LEr, H_delta_monotonic into LEx,
H_cost_le_rt_bound into LEcost, H_period_positive into GEperiod.
unfold interference_bound_edf, interference_bound_fp.
unfold interference_bound_edf, interference_bound_generic.
rewrite leq_min; apply/andP; split.
{