Skip to content
GitLab
Menu
Projects
Groups
Snippets
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Menu
Open sidebar
Marco Maida
PROSA  Formally Proven Schedulability Analysis
Commits
7755715d
Commit
7755715d
authored
Jan 13, 2016
by
Felipe Cerqueira
Browse files
Remove rate from the definitions
parent
331a6359
Changes
10
Hide whitespace changes
Inline
Sidebyside
bertogna_edf_comp.v
View file @
7755715d
...
...
@@ 912,21 +912,17 @@ Module ResponseTimeIterationEDF.
Hypothesis
H_sporadic_tasks
:
sporadic_task_model
task_period
arr_seq
job_task
.
(* Then, consider any platform with at least one CPU and unit
unit execution rate, where...*)
Variable
rate
:
Job
>
processor
num_cpus
>
nat
.
(* Then, consider any platform with at least one CPU such that...*)
Variable
sched
:
schedule
num_cpus
arr_seq
.
Hypothesis
H_at_least_one_cpu
:
num_cpus
>
0
.
Hypothesis
H_rate_equals_one
:
forall
j
cpu
,
rate
j
cpu
=
1
.
(* ...jobs only execute after they arrived and no longer
than their execution costs,... *)
Hypothesis
H_jobs_must_arrive_to_execute
:
jobs_must_arrive_to_execute
sched
.
Hypothesis
H_completed_jobs_dont_execute
:
completed_jobs_dont_execute
job_cost
rate
sched
.
completed_jobs_dont_execute
job_cost
sched
.
(* ...and do not execute in parallel. *)
Hypothesis
H_no_parallelism
:
...
...
@@ 949,12 +945,12 @@ Module ResponseTimeIterationEDF.
Let
higher_eq_priority
:
=
@
EDF
Job
arr_seq
job_deadline
.
(* TODO: implicit params seems broken *)
Hypothesis
H_global_scheduling_invariant
:
JLFP_JLDP_scheduling_invariant_holds
job_cost
num_cpus
rate
sched
higher_eq_priority
.
JLFP_JLDP_scheduling_invariant_holds
job_cost
num_cpus
sched
higher_eq_priority
.
Definition
no_deadline_missed_by_task
(
tsk
:
sporadic_task
)
:
=
task_misses_no_deadline
job_cost
job_deadline
job_task
rate
sched
tsk
.
task_misses_no_deadline
job_cost
job_deadline
job_task
sched
tsk
.
Definition
no_deadline_missed_by_job
:
=
job_misses_no_deadline
job_cost
job_deadline
rate
sched
.
job_misses_no_deadline
job_cost
job_deadline
sched
.
(* In the following theorem, we prove that any responsetime bound contained
in edf_claimed_bounds is safe. The proof follows by direct application of
...
...
@@ 964,7 +960,7 @@ Module ResponseTimeIterationEDF.
(
tsk
,
R
)
\
In
edf_claimed_bounds
ts
>
forall
j
:
JobIn
arr_seq
,
job_task
j
=
tsk
>
completed
job_cost
rate
sched
j
(
job_arrival
j
+
R
).
completed
job_cost
sched
j
(
job_arrival
j
+
R
).
Proof
.
intros
tsk
R
IN
j
JOBj
.
destruct
(
edf_claimed_bounds
ts
)
as
[
rt_bounds
]
eqn
:
SOME
;
last
by
done
.
...
...
@@ 1011,7 +1007,7 @@ Module ResponseTimeIterationEDF.
[
by
ins

by
ins

clear
DL
;
intro
DL
].
rewrite
eqn_leq
;
apply
/
andP
;
split
;
first
by
apply
cumulative_service_le_job_cost
.
apply
leq_trans
with
(
n
:
=
service
rate
sched
j
(
job_arrival
j
+
R
))
;
last
first
.
apply
leq_trans
with
(
n
:
=
service
sched
j
(
job_arrival
j
+
R
))
;
last
first
.
{
unfold
valid_sporadic_taskset
,
is_valid_sporadic_task
in
*.
apply
extend_sum
;
rewrite
//
leq_add2l
.
...
...
bertogna_edf_theory.v
View file @
7755715d
...
...
@@ 88,7 +88,6 @@ Module ResponseTimeAnalysisEDF.
(* Consider any schedule such that...*)
Variable
num_cpus
:
nat
.
Variable
rate
:
Job
>
processor
num_cpus
>
nat
.
Variable
sched
:
schedule
num_cpus
arr_seq
.
(* ...jobs do not execute before their arrival times nor longer
...
...
@@ 96,14 +95,12 @@ Module ResponseTimeAnalysisEDF.
Hypothesis
H_jobs_must_arrive_to_execute
:
jobs_must_arrive_to_execute
sched
.
Hypothesis
H_completed_jobs_dont_execute
:
completed_jobs_dont_execute
job_cost
rate
sched
.
completed_jobs_dont_execute
job_cost
sched
.
(* Also assume that jobs do not execute in parallel
, processors have
unit speed, and that
there exists at least one processor. *)
(* Also assume that jobs do not execute in parallel
and that
there exists at least one processor. *)
Hypothesis
H_no_parallelism
:
jobs_dont_execute_in_parallel
sched
.
Hypothesis
H_rate_equals_one
:
forall
j
cpu
,
rate
j
cpu
=
1
.
Hypothesis
H_at_least_one_cpu
:
num_cpus
>
0
.
...
...
@@ 128,9 +125,9 @@ Module ResponseTimeAnalysisEDF.
forall
tsk
,
tsk
\
in
ts
>
task_deadline
tsk
<=
task_period
tsk
.
Let
no_deadline_is_missed_by_tsk
(
tsk
:
sporadic_task
)
:
=
task_misses_no_deadline
job_cost
job_deadline
job_task
rate
sched
tsk
.
task_misses_no_deadline
job_cost
job_deadline
job_task
sched
tsk
.
Let
response_time_bounded_by
(
tsk
:
sporadic_task
)
:
=
is_response_time_bound_of_task
job_cost
job_task
tsk
rate
sched
.
is_response_time_bound_of_task
job_cost
job_task
tsk
sched
.
(* Assume a known responsetime bound R is known... *)
Let
task_with_response_time
:
=
(
sporadic_task
*
time
)%
type
.
...
...
@@ 152,13 +149,20 @@ Module ResponseTimeAnalysisEDF.
forall
tsk_other
R
,
(
tsk_other
,
R
)
\
in
rt_bounds
>
R
<=
task_deadline
tsk_other
.
Let
higher_eq_priority
:
=
@
EDF
Job
arr_seq
job_deadline
.
(* TODO: implicit params broken *)
(* Assume that the schedule satisfies the global scheduling invariant
for EDF, i.e., if any job of tsk is backlogged, every processor
must be busy with jobs with no larger absolute deadline. *)
Let
higher_eq_priority
:
=
@
EDF
Job
arr_seq
job_deadline
.
(* TODO: implicit params broken *)
Hypothesis
H_global_scheduling_invariant
:
JLFP_JLDP_scheduling_invariant_holds
job_cost
num_cpus
rate
sched
higher_eq_priority
.
JLFP_JLDP_scheduling_invariant_holds
job_cost
num_cpus
sched
higher_eq_priority
.
(* Assume that the task set has no duplicates. Otherwise, counting
the number of tasks that have some property does not make sense
(for example, for stating the global scheduling invariant as
using number of scheduled interfering tasks = number of cpus). *)
Hypothesis
H_ts_is_a_set
:
uniq
ts
.
(* In order to prove that R is a responsetime bound, we first present some lemmas. *)
Section
Lemmas
.
...
...
@@ 173,7 +177,7 @@ Module ResponseTimeAnalysisEDF.
Hypothesis
H_job_of_tsk
:
job_task
j
=
tsk
.
(* Assume that job j did not complete on time, ... *)
Hypothesis
H_j_not_completed
:
~~
completed
job_cost
rate
sched
j
(
job_arrival
j
+
R
).
Hypothesis
H_j_not_completed
:
~~
completed
job_cost
sched
j
(
job_arrival
j
+
R
).
(* and that it is the first job not to satisfy its responsetime bound. *)
Hypothesis
H_all_previous_jobs_completed_on_time
:
...
...
@@ 181,15 +185,15 @@ Module ResponseTimeAnalysisEDF.
job_task
j_other
=
tsk_other
>
(
tsk_other
,
R_other
)
\
in
rt_bounds
>
job_arrival
j_other
+
R_other
<
job_arrival
j
+
R
>
completed
job_cost
rate
sched
j_other
(
job_arrival
j_other
+
R_other
).
completed
job_cost
sched
j_other
(
job_arrival
j_other
+
R_other
).
(* Let's call x the interference incurred by job j due to tsk_other, ...*)
Let
x
(
tsk_other
:
sporadic_task
)
:
=
task_interference
job_cost
job_task
rate
sched
j
task_interference
job_cost
job_task
sched
j
tsk_other
(
job_arrival
j
)
(
job_arrival
j
+
R
).
(* and X the total interference incurred by job j due to any task. *)
Let
X
:
=
total_interference
job_cost
rate
sched
j
(
job_arrival
j
)
(
job_arrival
j
+
R
).
Let
X
:
=
total_interference
job_cost
sched
j
(
job_arrival
j
)
(
job_arrival
j
+
R
).
(* Recall Bertogna and Cirinei's workload bound ... *)
Let
workload_bound
(
tsk_other
:
sporadic_task
)
(
R_other
:
time
)
:
=
...
...
@@ 234,21 +238,19 @@ Module ResponseTimeAnalysisEDF.
x
tsk_other
<=
workload_bound
tsk_other
R_other
.
Proof
.
unfold
valid_sporadic_job
in
*.
rename
H_rate_equals_one
into
RATE
,
H_all_previous_jobs_completed_on_time
into
BEFOREok
,
rename
H_all_previous_jobs_completed_on_time
into
BEFOREok
,
H_valid_job_parameters
into
PARAMS
,
H_valid_task_parameters
into
TASK_PARAMS
,
H_restricted_deadlines
into
RESTR
,
H_tasks_miss_no_deadlines
into
NOMISS
.
unfold
x
,
task_interference
.
have
INts
:
=
bertogna_edf_tsk_other_in_ts
.
apply
leq_trans
with
(
n
:
=
workload
job_task
rate
sched
tsk_other
apply
leq_trans
with
(
n
:
=
workload
job_task
sched
tsk_other
(
job_arrival
j
)
(
job_arrival
j
+
R
))
;
first
by
apply
task_interference_le_workload
;
ins
;
rewrite
RATE
.
first
by
apply
task_interference_le_workload
.
apply
workload_bounded_by_W
with
(
task_deadline0
:
=
task_deadline
)
(
job_cost0
:
=
job_cost
)
(
job_deadline0
:
=
job_deadline
)
;
try
(
by
ins
)
;
last
2
first
;
[
by
apply
bertogna_edf_R_other_ge_cost

by
ins
;
apply
BEFOREok
with
(
tsk_other
:
=
tsk_other
)
;
ins
;
rewrite
RATE

by
ins
;
rewrite
RATE

by
ins
;
apply
BEFOREok
with
(
tsk_other
:
=
tsk_other
)

by
ins
;
apply
TASK_PARAMS

by
ins
;
apply
RESTR
].
red
;
move
=>
j'
JOBtsk'
LEdl
;
unfold
job_misses_no_deadline
.
...
...
@@ 289,7 +291,7 @@ Module ResponseTimeAnalysisEDF.
(* Since j has not completed, recall the time when it is not
executing is the total interference. *)
exploit
(
complement_of_interf_equals_service
job_cost
rate
sched
j
(
job_arrival
j
)
exploit
(
complement_of_interf_equals_service
job_cost
sched
j
(
job_arrival
j
)
(
job_arrival
j
+
R
))
;
last
intro
EQinterf
;
ins
;
unfold
has_arrived
;
first
by
apply
leqnn
.
rewrite
{
2
}[
_
+
R
]
addnC

addnBA
//
subnn
addn0
in
EQinterf
.
...
...
@@ 300,7 +302,7 @@ Module ResponseTimeAnalysisEDF.
apply
(
leq_ltn_trans
(
COMP
j
(
job_arrival
j
+
R
)))
in
NOTCOMP
.
by
rewrite
ltnn
in
NOTCOMP
.
}
apply
leq_trans
with
(
n
:
=
R

service
rate
sched
j
(
job_arrival
j
+
R
))
;
last
first
.
apply
leq_trans
with
(
n
:
=
R

service
sched
j
(
job_arrival
j
+
R
))
;
last
first
.
{
unfold
service
;
rewrite
service_before_arrival_eq_service_during
;
ins
.
rewrite
EQinterf
subKn
;
first
by
done
.
...
...
@@ 333,9 +335,9 @@ Module ResponseTimeAnalysisEDF.
rename
H_global_scheduling_invariant
into
INV
.
unfold
x
,
X
,
total_interference
,
task_interference
.
rewrite

big_mkcond

exchange_big
big_distrl
/=.
rewrite
[
\
sum_
(
_
<=
_
<
_

backlogged
_
_
_
_
_
)
_
]
big_mkcond
.
rewrite
[
\
sum_
(
_
<=
_
<
_

backlogged
_
_
_
_
)
_
]
big_mkcond
.
apply
eq_big_nat
;
move
=>
t
LTt
.
destruct
(
backlogged
job_cost
rate
sched
j
t
)
eqn
:
BACK
;
destruct
(
backlogged
job_cost
sched
j
t
)
eqn
:
BACK
;
last
by
rewrite
(
eq_bigr
(
fun
i
=>
0
))
;
[
by
rewrite
big_const_seq
iter_addn
mul0n
addn0

by
done
].
rewrite
big_mkcond
mul1n
/=.
...
...
@@ 363,11 +365,11 @@ Module ResponseTimeAnalysisEDF.
rename
H_global_scheduling_invariant
into
INVARIANT
.
intros
delta
HAS
.
set
some_interference_A
:
=
fun
t
=>
backlogged
job_cost
rate
sched
j
t
&&
backlogged
job_cost
sched
j
t
&&
has
(
fun
tsk_k
=>
((
x
tsk_k
>=
delta
)
&&
task_is_scheduled
job_task
sched
tsk_k
t
))
ts_interf
.
set
total_interference_B
:
=
fun
t
=>
backlogged
job_cost
rate
sched
j
t
*
backlogged
job_cost
sched
j
t
*
count
(
fun
tsk_k
=>
(
x
tsk_k
<
delta
)
&&
task_is_scheduled
job_task
sched
tsk_k
t
)
ts_interf
.
...
...
@@ 380,7 +382,7 @@ Module ResponseTimeAnalysisEDF.
apply
leq_trans
with
(
n
:
=
x
tsk_a
)
;
first
by
apply
LEa
.
unfold
x
,
task_interference
,
some_interference_A
.
apply
leq_sum
;
ins
.
destruct
(
backlogged
job_cost
rate
sched
j
i
)
;
destruct
(
backlogged
job_cost
sched
j
i
)
;
[
rewrite
2
!
andTb

by
ins
].
destruct
(
task_is_scheduled
job_task
sched
tsk_a
i
)
eqn
:
SCHEDa
;
[
apply
eq_leq
;
symmetry

by
ins
].
...
...
@@ 393,7 +395,7 @@ Module ResponseTimeAnalysisEDF.
rewrite
big_distrl
/=.
apply
leq_sum
;
intros
t
_
.
unfold
some_interference_A
,
total_interference_B
.
destruct
(
backlogged
job_cost
rate
sched
j
t
)
eqn
:
BACK
;
destruct
(
backlogged
job_cost
sched
j
t
)
eqn
:
BACK
;
[
rewrite
andTb
mul1n

by
done
].
destruct
(
has
(
fun
tsk_k
:
sporadic_task
=>
(
delta
<=
x
tsk_k
)
&&
task_is_scheduled
job_task
sched
tsk_k
t
)
ts_interf
)
eqn
:
HAS'
;
...
...
@@ 455,7 +457,7 @@ Module ResponseTimeAnalysisEDF.
unfold
x
at
2
,
task_interference
.
rewrite
exchange_big
/=
;
apply
leq_sum
;
intros
t
_
.
unfold
total_interference_B
.
destruct
(
backlogged
job_cost
rate
sched
j
t
)
;
last
by
ins
.
destruct
(
backlogged
job_cost
sched
j
t
)
;
last
by
ins
.
rewrite
mul1n

sum1_count
.
rewrite
big_seq_cond
big_mkcond
[
\
sum_
(
i
<
ts_interf

_
<
_
)
_
]
big_mkcond
.
by
apply
leq_sum
;
ins
;
clear

i
;
desf
;
des
;
rewrite
?Heq2
.
...
...
@@ 631,7 +633,7 @@ Module ResponseTimeAnalysisEDF.
job_task
j0
=
tsk
>
(
tsk
,
R0
)
\
in
rt_bounds
>
job_arrival
j0
+
R0
<
job_arrival
j
+
R'
>
service
rate
sched
j0
(
job_arrival
j0
+
R0
)
==
job_cost
j0
).
service
sched
j0
(
job_arrival
j0
+
R0
)
==
job_cost
j0
).
{
by
ins
;
apply
IH
with
(
tsk
:
=
tsk0
)
(
R
:
=
R0
).
}
...
...
@@ 640,7 +642,7 @@ Module ResponseTimeAnalysisEDF.
(* The proof follows by contradiction. Assume that job j does not complete by its
responsetime bound. By the induction hypothesis, all jobs with absolute
responsetime bound t < (job_arrival j + R) have correct responsetime bounds. *)
destruct
(
completed
job_cost
rate
sched
j
(
job_arrival
j
+
R'
))
eqn
:
NOTCOMP
;
destruct
(
completed
job_cost
sched
j
(
job_arrival
j
+
R'
))
eqn
:
NOTCOMP
;
first
by
done
.
apply
negbT
in
NOTCOMP
;
exfalso
.
...
...
bertogna_fp_comp.v
View file @
7755715d
...
...
@@ 604,21 +604,17 @@ Module ResponseTimeIterationFP.
Hypothesis
H_sporadic_tasks
:
sporadic_task_model
task_period
arr_seq
job_task
.
(* Then, consider any platform with at least one CPU and unit
unit execution rate, where...*)
Variable
rate
:
Job
>
processor
num_cpus
>
nat
.
(* Then, consider any platform with at least one CPU such that...*)
Variable
sched
:
schedule
num_cpus
arr_seq
.
Hypothesis
H_at_least_one_cpu
:
num_cpus
>
0
.
Hypothesis
H_rate_equals_one
:
forall
j
cpu
,
rate
j
cpu
=
1
.
(* ...jobs only execute after they arrived and no longer
than their execution costs,... *)
Hypothesis
H_jobs_must_arrive_to_execute
:
jobs_must_arrive_to_execute
sched
.
Hypothesis
H_completed_jobs_dont_execute
:
completed_jobs_dont_execute
job_cost
rate
sched
.
completed_jobs_dont_execute
job_cost
sched
.
(* ...and do not execute in parallel (required by the workload bound). *)
Hypothesis
H_no_parallelism
:
...
...
@@ 626,14 +622,14 @@ Module ResponseTimeIterationFP.
(* Assume the platform satisfies the global scheduling invariant. *)
Hypothesis
H_global_scheduling_invariant
:
FP_scheduling_invariant_holds
job_cost
job_task
num_cpus
rate
sched
ts
higher_priority
.
FP_scheduling_invariant_holds
job_cost
job_task
num_cpus
sched
ts
higher_priority
.
Let
no_deadline_missed_by_task
(
tsk
:
sporadic_task
)
:
=
task_misses_no_deadline
job_cost
job_deadline
job_task
rate
sched
tsk
.
task_misses_no_deadline
job_cost
job_deadline
job_task
sched
tsk
.
Let
no_deadline_missed_by_job
:
=
job_misses_no_deadline
job_cost
job_deadline
rate
sched
.
job_misses_no_deadline
job_cost
job_deadline
sched
.
Let
response_time_bounded_by
(
tsk
:
sporadic_task
)
:
=
is_response_time_bound_of_task
job_cost
job_task
tsk
rate
sched
.
is_response_time_bound_of_task
job_cost
job_task
tsk
sched
.
(* In the following theorem, we prove that any responsetime bound contained
in fp_claimed_bounds is safe. The proof follows by induction on the task set:
...
...
@@ 787,7 +783,7 @@ Module ResponseTimeIterationFP.
exploit
(
DL
rt_bounds
tsk
R
)
;
[
by
ins

by
ins

clear
DL
;
intro
DL
].
rewrite
eqn_leq
;
apply
/
andP
;
split
;
first
by
apply
cumulative_service_le_job_cost
.
apply
leq_trans
with
(
n
:
=
service
rate
sched
j
(
job_arrival
j
+
R
))
;
last
first
.
apply
leq_trans
with
(
n
:
=
service
sched
j
(
job_arrival
j
+
R
))
;
last
first
.
{
unfold
valid_sporadic_taskset
,
is_valid_sporadic_task
in
*.
apply
extend_sum
;
rewrite
//
leq_add2l
.
...
...
bertogna_fp_jitter_comp.v
View file @
7755715d
...
...
@@ 505,21 +505,17 @@ Module ResponseTimeIterationFPWithJitter.
Hypothesis
H_sporadic_tasks
:
sporadic_task_model
task_period
arr_seq
job_task
.
(* Then, consider any platform with at least one CPU and unit
unit execution rate, where...*)
Variable
rate
:
Job
>
processor
num_cpus
>
nat
.
(* Then, consider any platform with at least one CPU such that...*)
Variable
sched
:
schedule
num_cpus
arr_seq
.
Hypothesis
H_at_least_one_cpu
:
num_cpus
>
0
.
Hypothesis
H_rate_equals_one
:
forall
j
cpu
,
rate
j
cpu
=
1
.
(* ...jobs only execute after the jitter and no longer
than their execution costs,... *)
Hypothesis
H_jobs_execute_after_jitter
:
jobs_execute_after_jitter
job_jitter
sched
.
Hypothesis
H_completed_jobs_dont_execute
:
completed_jobs_dont_execute
job_cost
rate
sched
.
completed_jobs_dont_execute
job_cost
sched
.
(* ...and do not execute in parallel. *)
Hypothesis
H_no_parallelism
:
...
...
@@ 527,12 +523,12 @@ Module ResponseTimeIterationFPWithJitter.
(* Assume the platform satisfies the global scheduling invariant. *)
Hypothesis
H_global_scheduling_invariant
:
FP_scheduling_invariant_holds
job_cost
job_task
num_cpus
rate
sched
ts
higher_eq_priority
.
FP_scheduling_invariant_holds
job_cost
job_task
num_cpus
sched
ts
higher_eq_priority
.
Definition
no_deadline_missed_by_task
(
tsk
:
sporadic_task_with_jitter
)
:
=
task_misses_no_deadline
job_cost
job_deadline
job_task
rate
sched
tsk
.
task_misses_no_deadline
job_cost
job_deadline
job_task
sched
tsk
.
Definition
no_deadline_missed_by_job
:
=
job_misses_no_deadline
job_cost
job_deadline
rate
sched
.
job_misses_no_deadline
job_cost
job_deadline
sched
.
Section
HelperLemma
.
...
...
@@ 544,7 +540,7 @@ Module ResponseTimeIterationFPWithJitter.
(
tsk
,
R
)
\
in
rt_bounds
>
forall
j
:
JobIn
arr_seq
,
job_task
j
=
tsk
>
completed
job_cost
rate
sched
j
(
job_arrival
j
+
R
).
completed
job_cost
sched
j
(
job_arrival
j
+
R
).
Proof
.
unfold
valid_fp_policy
,
fp_is_transitive
,
fp_is_reflexive
,
fp_is_total
in
*.
...
...
@@ 690,7 +686,7 @@ Module ResponseTimeIterationFPWithJitter.
exploit
(
DL
rt_bounds
tsk
R
)
;
[
by
ins

by
ins

clear
DL
;
intro
DL
].
rewrite
eqn_leq
;
apply
/
andP
;
split
;
first
by
apply
cumulative_service_le_job_cost
.
apply
leq_trans
with
(
n
:
=
service
rate
sched
j
(
job_arrival
j
+
R
))
;
last
first
.
apply
leq_trans
with
(
n
:
=
service
sched
j
(
job_arrival
j
+
R
))
;
last
first
.
{
unfold
valid_sporadic_taskset
,
is_valid_sporadic_task
in
*.
apply
extend_sum
;
rewrite
//
leq_add2l
.
...
...
@@ 710,7 +706,7 @@ Module ResponseTimeIterationFPWithJitter.
R
<=
task_deadline
tsk
/\
forall
(
j
:
JobIn
arr_seq
),
job_task
j
=
tsk
>
completed
job_cost
rate
sched
j
(
job_arrival
j
+
R
).
completed
job_cost
sched
j
(
job_arrival
j
+
R
).
Proof
.
intros
tsk
IN
.
unfold
fp_schedulable
in
*.
...
...
bertogna_fp_jitter_theory.v
View file @
7755715d
...
...
@@ 95,7 +95,6 @@ Module ResponseTimeAnalysisJitter.
(* Consider any schedule such that...*)
Variable
num_cpus
:
nat
.
Variable
rate
:
Job
>
processor
num_cpus
>
nat
.
Variable
sched
:
schedule
num_cpus
arr_seq
.
(* ...jobs do not execute before their arrival times nor longer
...
...
@@ 103,14 +102,12 @@ Module ResponseTimeAnalysisJitter.
Hypothesis
H_jobs_execute_after_jitter
:
jobs_execute_after_jitter
job_jitter
sched
.
Hypothesis
H_completed_jobs_dont_execute
:
completed_jobs_dont_execute
job_cost
rate
sched
.
completed_jobs_dont_execute
job_cost
sched
.
(* Also assume that jobs do not execute in parallel
, processors have
unit speed, and that
there exists at least one processor. *)
(* Also assume that jobs do not execute in parallel
and that
there exists at least one processor. *)
Hypothesis
H_no_parallelism
:
jobs_dont_execute_in_parallel
sched
.
Hypothesis
H_rate_equals_one
:
forall
j
cpu
,
rate
j
cpu
=
1
.
Hypothesis
H_at_least_one_cpu
:
num_cpus
>
0
.
...
...
@@ 127,9 +124,9 @@ Module ResponseTimeAnalysisJitter.
Hypothesis
task_in_ts
:
tsk
\
in
ts
.
Let
no_deadline_is_missed_by_tsk
(
tsk
:
sporadic_task_with_jitter
)
:
=
task_misses_no_deadline
job_cost
job_deadline
job_task
rate
sched
tsk
.
task_misses_no_deadline
job_cost
job_deadline
job_task
sched
tsk
.
Let
is_response_time_bound
(
tsk
:
sporadic_task_with_jitter
)
:
=
is_response_time_bound_of_task
job_cost
job_task
tsk
rate
sched
.
is_response_time_bound_of_task
job_cost
job_task
tsk
sched
.
(* Assume a known responsetime bound for any interfering task *)
Let
task_with_response_time
:
=
(
sporadic_task_with_jitter
*
time
)%
type
.
...
...
@@ 148,7 +145,7 @@ Module ResponseTimeAnalysisJitter.
Hypothesis
H_response_time_of_interfering_tasks_is_known
:
forall
hp_tsk
R
,
(
hp_tsk
,
R
)
\
in
hp_bounds
>
is_response_time_bound_of_task
job_cost
job_task
hp_tsk
rate
sched
R
.
is_response_time_bound_of_task
job_cost
job_task
hp_tsk
sched
R
.
(* Assume that the responsetime bounds are larger than task costs. *)
Hypothesis
H_response_time_bounds_ge_cost
:
...
...
@@ 166,7 +163,7 @@ Module ResponseTimeAnalysisJitter.
the processors must be busy with jobs of equal or higher
priority. *)
Hypothesis
H_global_scheduling_invariant
:
FP_scheduling_invariant_holds
job_cost
job_task
num_cpus
rate
sched
ts
higher_eq_priority
.
FP_scheduling_invariant_holds
job_cost
job_task
num_cpus
sched
ts
higher_eq_priority
.
(* Next, we define Bertogna and Cirinei's responsetime bound recurrence *)
...
...
@@ 202,7 +199,6 @@ Module ResponseTimeAnalysisJitter.
H_response_time_of_interfering_tasks_is_known
into
RESP
,
H_hp_bounds_has_interfering_tasks
into
UNZIP
,
H_interfering_tasks_miss_no_deadlines
into
NOMISS
,
H_rate_equals_one
into
RATE
,
H_global_scheduling_invariant
into
INVARIANT
,
H_response_time_bounds_ge_cost
into
GE_COST
.
intros
j
JOBtsk
.
...
...
@@ 211,10 +207,10 @@ Module ResponseTimeAnalysisJitter.
scheduling, and let X denote the total interference. *)
set
x
:
=
fun
hp_tsk
=>
if
(
hp_tsk
\
in
ts
)
&&
interferes_with_tsk
hp_tsk
then
task_interference
job_cost
job_task
rate
sched
j
task_interference
job_cost
job_task
sched
j
hp_tsk
(
job_arrival
j
)
(
job_arrival
j
+
R
)
else
0
.
set
X
:
=
total_interference
job_cost
rate
sched
j
(
job_arrival
j
)
(
job_arrival
j
+
R
).
set
X
:
=
total_interference
job_cost
sched
j
(
job_arrival
j
)
(
job_arrival
j
+
R
).
(* Let's recall the workload bound under FP scheduling. *)
set
workload_bound
:
=
fun
(
tup
:
task_with_response_time
)
=>
...
...
@@ 225,12 +221,12 @@ Module ResponseTimeAnalysisJitter.
(* Now we start the proof. Assume by contradiction that job j
is not complete at time (job_arrival j + R). *)
destruct
(
completed
job_cost
rate
sched
j
(
job_arrival
j
+
R'
))
eqn
:
COMPLETED
;
destruct
(
completed
job_cost
sched
j
(
job_arrival
j
+
R'
))
eqn
:
COMPLETED
;
first
by
move
:
COMPLETED
=>
/
eqP
COMPLETED
;
rewrite
COMPLETED
eq_refl
.
apply
negbT
in
COMPLETED
;
exfalso
.
(* Note that j cannot have completed by job_arrival j + R either. *)
assert
(
COMPLETED'
:
~~
completed
job_cost
rate
sched
j
(
job_arrival
j
+
R
)).
assert
(
COMPLETED'
:
~~
completed
job_cost
sched
j
(
job_arrival
j
+
R
)).
{
apply
/
negP
;
unfold
not
;
intro
BUG
.
apply
completion_monotonic
with
(
t'
:
=
job_arrival
j
+
R'
)
in
BUG
;
...
...
@@ 241,7 +237,7 @@ Module ResponseTimeAnalysisJitter.
(* Since j has not completed, recall the time when it is not
executing is the total interference. *)
exploit
(
complement_of_interf_equals_service
job_cost
rate
sched
j
(
job_arrival
j
)
exploit
(
complement_of_interf_equals_service
job_cost
sched
j
(
job_arrival
j
)
(
job_arrival
j
+
R
))
;
last
intro
EQinterf
;
ins
;
unfold
has_arrived
;
first
by
apply
leqnn
.
...
...
@@ 258,14 +254,13 @@ Module ResponseTimeAnalysisJitter.
{
move
=>
tsk_k
/
andP
[
INk
INTERk
]
R_k
HPk
.
unfold
x
,
workload_bound
;
rewrite
INk
INTERk
andbT
.
apply
leq_trans
with
(
n
:
=
workload
job_task
rate
sched
tsk_k
apply
leq_trans
with
(
n
:
=
workload
job_task
sched
tsk_k
(
job_arrival
j
)
(
job_arrival
j
+
R
))
;
first
by
apply
task_interference_le_workload
;
ins
;
rewrite
RATE
.
first
by
apply
task_interference_le_workload
.
apply
workload_bounded_by_W_jitter
with
(
task_deadline0
:
=
task_deadline
)
(
job_cost0
:
=
job_cost
)
(
job_deadline0
:
=
job_deadline
)
(
job_jitter0
:
=
job_jitter
)
;
ins
;
[
by
rewrite
RATE

by
apply
TASK_PARAMS
[
by
apply
TASK_PARAMS

by
apply
RESTR

by
red
;
red
;
ins
;
apply
(
RESP
tsk_k
)

by
apply
GE_COST
].
...
...
@@ 292,7 +287,7 @@ Module ResponseTimeAnalysisJitter.
apply
(
leq_ltn_trans
(
COMP
j
(
job_arrival
j
+
R
)))
in
COMPLETED'
.
by
rewrite
ltnn
in
COMPLETED'
.
}
apply
leq_trans
with
(
n
:
=
R

service
rate
sched
j
(
job_arrival
j
+
R
))
;
last
first
.
apply
leq_trans
with
(
n
:
=
R

service
sched
j
(
job_arrival
j
+
R
))
;
last
first
.
{
unfold
service
.
rewrite
service_before_arrival_eq_service_during
;
ins
;
...
...
@@ 327,7 +322,7 @@ Module ResponseTimeAnalysisJitter.
unfold
x
,
X
,
total_interference
,
task_interference
.
rewrite

big_mkcond

exchange_big
big_distrl
/=.
apply
eq_big_nat
;
move
=>
t
LTt
.
destruct
(
backlogged
job_cost
rate
sched
j
t
)
eqn
:
BACK
;
destruct
(
backlogged
job_cost
sched
j
t
)
eqn
:
BACK
;
last
by
rewrite
(
eq_bigr
(
fun
i
=>
0
))
;
[
by
rewrite
big_const_seq
iter_addn
mul0n
addn0
mul0n

by
ins
].
rewrite
big_mkcond
mul1n
/=.
...
...
@@ 390,12 +385,12 @@ Module ResponseTimeAnalysisJitter.
(
R

task_cost
tsk
+
1
)
*
(
num_cpus

cardA
)).
{
set
some_interference_A
:
=
fun
t
=>
backlogged
job_cost
rate
sched
j
t
&&
backlogged
job_cost
sched
j
t
&&
has
(
fun
tsk_k
=>
(
interferes_with_tsk
tsk_k
&&
((
x
tsk_k
)
>=
R

task_cost
tsk
+
1
)
&&
task_is_scheduled
job_task
sched
tsk_k
t
))
ts
.
set
total_interference_B
:
=
fun
t
=>
backlogged
job_cost
rate
sched
j
t
*
backlogged
job_cost
sched
j
t
*
count
(
fun
tsk_k
=>
interferes_with_tsk
tsk_k
&&
((
x
tsk_k
)
<
R

task_cost
tsk
+
1
)
&&
...
...
@@ 412,7 +407,7 @@ Module ResponseTimeAnalysisJitter.
last
by
ins
.
move
:
INTERFa
=>
/
andP
INTERFa
;
des
.
apply
leq_sum
;
ins
.
destruct
(
backlogged
job_cost
rate
sched
j
i
)
;
destruct
(
backlogged
job_cost
sched
j
i
)
;
[
rewrite
2
!
andTb

by
ins
].
destruct
(
task_is_scheduled
job_task
sched
tsk_a
i
)
eqn
:
SCHEDa
;
[
apply
eq_leq
;
symmetry

by
ins
].
...
...
@@ 427,7 +422,7 @@ Module ResponseTimeAnalysisJitter.
rewrite
big_distrl
/=.
apply
leq_sum
;
intros
t
_
.
unfold
some_interference_A
,
total_interference_B
.
destruct
(
backlogged
job_cost
rate
sched
j
t
)
eqn
:
BACK
;
destruct
(
backlogged
job_cost
sched
j
t
)
eqn
:
BACK
;
[
rewrite
andTb
mul1n

by
ins
].
destruct
(
has
(
fun
tsk_k
:
sporadic_task_with_jitter
=>
interferes_with_tsk
tsk_k
&&
...
...
@@ 491,7 +486,7 @@ Module ResponseTimeAnalysisJitter.
rewrite
[
\
sum_
(
i
<
ts

_
)
_
](
eq_bigr
(
fun
i
=>
\
sum_
(
job_arrival
j
<=
t
<
job_arrival
j
+
R
)
(
i
\
in
ts
)
&&
interferes_with_tsk
i
&&
backlogged
job_cost
rate
sched
j
t
&&
backlogged
job_cost
sched
j
t
&&
task_is_scheduled
job_task
sched
i
t
))
;
last
first
.
{
...
...
@@ 503,7 +498,7 @@ Module ResponseTimeAnalysisJitter.
{
rewrite
exchange_big
/=
;
apply
leq_sum
;
intros
t
_
.
unfold
total_interference_B
.
destruct
(
backlogged
job_cost
rate
sched
j
t
)
;
last
by
ins
.
destruct
(
backlogged
job_cost
sched
j
t
)
;
last
by
ins
.
rewrite
mul1n

sum1_count
.
rewrite
big_seq_cond
big_mkcond
[
\
sum_
(
i
<
ts

_
<
_
)
_
]
big_mkcond
.
apply
leq_sum
;
ins
;
destruct
(
x
i
<
R

task_cost
tsk
+
1
)
;
...
...
guan_fp_comp.v
View file @
7755715d
...
...
@@ 544,21 +544,17 @@ Module ResponseTimeIterationFPGuan.
Hypothesis
H_sporadic_tasks
:
sporadic_task_model
task_period
arr_seq
job_task
.
(* Then, consider any platform with at least one CPU and unit
unit execution rate, where...*)
Variable
rate
:
Job
>
processor
num_cpus
>
nat
.
(* Then, consider any platform with at least one CPU such that...*)
Variable
sched
:
schedule
num_cpus
arr_seq
.
Hypothesis
H_at_least_one_cpu
:
num_cpus
>
0
.
Hypothesis
H_rate_equals_one
:
forall
j
cpu
,
rate
j
cpu
=
1
.
(* ...jobs only execute after the jitter and no longer
than their execution costs,... *)
Hypothesis
H_jobs_execute_after_jitter
:
jobs_must_arrive_to_execute
sched
.