Skip to content
GitLab
Menu
Projects
Groups
Snippets
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Menu
Open sidebar
Marco Maida
PROSA  Formally Proven Schedulability Analysis
Commits
c4495f5d
Commit
c4495f5d
authored
Jan 09, 2016
by
Felipe Cerqueira
Browse files
Cleanup FP comp code
parent
1f64552e
Changes
1
Hide whitespace changes
Inline
Sidebyside
bertogna_fp_comp.v
View file @
c4495f5d
...
...
@@ 64,7 +64,7 @@ Module ResponseTimeIterationFP.
(a) append the computed responsetime bound (tsk, R) of the current task
to the list of pairs, or,
(b) return None if the responsetime analysis failed. *)
Definition
R_list_helper
hp_pairs
tsk
:
=
Definition
fp_bound_of_task
hp_pairs
tsk
:
=
if
hp_pairs
is
Some
rt_bounds
then
let
R
:
=
per_task_rta
tsk
rt_bounds
(
max_steps
tsk
)
in
if
R
<=
task_deadline
tsk
then
...
...
@@ 75,13 +75,13 @@ Module ResponseTimeIterationFP.
(* The responsetime analysis for a given task set is defined
as a leftfold (reduce) based on the function above.
This either returns a list of task and responsetime bounds, or None. *)
Definition
R_list
(
ts
:
taskset_of
sporadic_task
)
:
=
foldl
R_list_helper
(
Some
[
::
])
ts
.
Definition
fp_claimed_bounds
(
ts
:
taskset_of
sporadic_task
)
:
=
foldl
fp_bound_of_task
(
Some
[
::
])
ts
.
(* The schedulability test simply checks if we got a list of
responsetime bounds (i.e., if the computation did not fail). *)
Definition
fp_schedulable
(
ts
:
taskset_of
sporadic_task
)
:
=
R_list
ts
!=
None
.
fp_claimed_bounds
ts
!=
None
.
(* In the following section, we prove several helper lemmas about the
list of responsetime bounds. The results seem trivial, but must be proven
...
...
@@ 90,17 +90,17 @@ Module ResponseTimeIterationFP.
Section
SimpleLemmas
.
(* First, we show that R_list of the prefix is the prefix of R_list. *)
Lemma
R_list
_rcons_prefix
:
Lemma
fp_claimed_bounds
_rcons_prefix
:
forall
ts'
hp_bounds
tsk1
tsk2
R
,
R_list
(
rcons
ts'
tsk1
)
=
Some
(
rcons
hp_bounds
(
tsk2
,
R
))
>
R_list
ts'
=
Some
hp_bounds
.
fp_claimed_bounds
(
rcons
ts'
tsk1
)
=
Some
(
rcons
hp_bounds
(
tsk2
,
R
))
>
fp_claimed_bounds
ts'
=
Some
hp_bounds
.
Proof
.
intros
ts
hp_bounds
tsk1
tsk2
R
SOME
.
rewrite

cats1
in
SOME
.
unfold
R_list
in
*.
unfold
fp_claimed_bounds
in
*.
rewrite
foldl_cat
in
SOME
.
simpl
in
SOME
.
unfold
R_list_helper
in
SOME
.
unfold
fp_bound_of_task
in
SOME
.
desf
;
rewrite
Heq
;
rename
H0
into
EQ
.
move
:
EQ
=>
/
eqP
EQ
.
rewrite
eqseq_rcons
in
EQ
.
...
...
@@ 109,17 +109,17 @@ Module ResponseTimeIterationFP.
Qed
.
(* R_list returns the same tasks as the original task set. *)
Lemma
R_list
_rcons_task
:
Lemma
fp_claimed_bounds
_rcons_task
:
forall
ts'
hp_bounds
tsk1
tsk2
R
,
R_list
(
rcons
ts'
tsk1
)
=
Some
(
rcons
hp_bounds
(
tsk2
,
R
))
>
fp_claimed_bounds
(
rcons
ts'
tsk1
)
=
Some
(
rcons
hp_bounds
(
tsk2
,
R
))
>
tsk1
=
tsk2
.
Proof
.
intros
ts
hp_bounds
tsk1
tsk2
R
SOME
.
rewrite

cats1
in
SOME
.
unfold
R_list
in
*.
unfold
fp_claimed_bounds
in
*.
rewrite
foldl_cat
in
SOME
.
simpl
in
SOME
.
unfold
R_list_helper
in
SOME
.
unfold
fp_bound_of_task
in
SOME
.
desf
;
rename
H0
into
EQ
.
move
:
EQ
=>
/
eqP
EQ
.
rewrite
eqseq_rcons
in
EQ
.
...
...
@@ 129,17 +129,17 @@ Module ResponseTimeIterationFP.
(* The responsetime bounds computed using R_list are based on the pertask
fixedpoint iteration. *)
Lemma
R_list
_rcons_response_time
:
Lemma
fp_claimed_bounds
_rcons_response_time
:
forall
ts'
hp_bounds
tsk
R
,
R_list
(
rcons
ts'
tsk
)
=
Some
(
rcons
hp_bounds
(
tsk
,
R
))
>
fp_claimed_bounds
(
rcons
ts'
tsk
)
=
Some
(
rcons
hp_bounds
(
tsk
,
R
))
>
R
=
per_task_rta
tsk
hp_bounds
(
max_steps
tsk
).
Proof
.
intros
ts
hp_bounds
tsk
R
SOME
.
rewrite

cats1
in
SOME
.
unfold
R_list
in
SOME
.
unfold
fp_claimed_bounds
in
SOME
.
rewrite
foldl_cat
in
SOME
.
simpl
in
SOME
.
unfold
R_list_helper
in
SOME
.
unfold
fp_bound_of_task
in
SOME
.
desf
;
rename
H0
into
EQ
;
move
:
EQ
=>
/
eqP
EQ
.
rewrite
eqseq_rcons
in
EQ
;
move
:
EQ
=>
/
andP
[/
eqP
EQ1
/
eqP
EQ2
].
by
inversion
EQ2
;
rewrite
EQ1
.
...
...
@@ 147,9 +147,9 @@ Module ResponseTimeIterationFP.
(* If the analysis suceeds, the computed responsetime bounds are no larger
than the deadline. *)
Lemma
R_list
_le_deadline
:
Lemma
fp_claimed_bounds
_le_deadline
:
forall
ts'
rt_bounds
tsk
R
,
R_list
ts'
=
Some
rt_bounds
>
fp_claimed_bounds
ts'
=
Some
rt_bounds
>
(
tsk
,
R
)
\
in
rt_bounds
>
R
<=
task_deadline
tsk
.
Proof
.
...
...
@@ 167,10 +167,9 @@ Module ResponseTimeIterationFP.
{
move
:
LAST
=>
/
eqP
LAST
.
rewrite

cats1
in
SOME
.
unfold
R_list
in
*.
rewrite
foldl_cat
in
SOME
.
simpl
in
SOME
.
unfold
R_list_helper
in
SOME
.
unfold
fp_claimed_bounds
in
*.
rewrite
foldl_cat
/=
in
SOME
.
unfold
fp_bound_of_task
in
SOME
.
desf
;
rename
H0
into
EQ
.
move
:
EQ
=>
/
eqP
EQ
.
rewrite
eqseq_rcons
in
EQ
.
...
...
@@ 180,16 +179,16 @@ Module ResponseTimeIterationFP.
}
{
apply
IHts
with
(
rt_bounds
:
=
rt_bounds
)
;
last
by
ins
.
by
apply
R_list
_rcons_prefix
in
SOME
.
by
apply
fp_claimed_bounds
_rcons_prefix
in
SOME
.
}
}
Qed
.
(* If the analysis succeeds, the computed responsetime bounds are no smaller
than the task cost. *)
Lemma
R_list
_ge_cost
:
Lemma
fp_claimed_bounds
_ge_cost
:
forall
ts'
rt_bounds
tsk
R
,
R_list
ts'
=
Some
rt_bounds
>
fp_claimed_bounds
ts'
=
Some
rt_bounds
>
(
tsk
,
R
)
\
in
rt_bounds
>
R
>=
task_cost
tsk
.
Proof
.
...
...
@@ 207,10 +206,9 @@ Module ResponseTimeIterationFP.
{
move
:
LAST
=>
/
eqP
LAST
.
rewrite

cats1
in
SOME
.
unfold
R_list
in
*.
rewrite
foldl_cat
in
SOME
.
simpl
in
SOME
.
unfold
R_list_helper
in
SOME
.
unfold
fp_claimed_bounds
in
*.
rewrite
foldl_cat
/=
in
SOME
.
unfold
fp_bound_of_task
in
SOME
.
desf
;
rename
H0
into
EQ
.
move
:
EQ
=>
/
eqP
EQ
.
rewrite
eqseq_rcons
in
EQ
.
...
...
@@ 221,15 +219,15 @@ Module ResponseTimeIterationFP.
}
{
apply
IHts
with
(
rt_bounds
:
=
rt_bounds
)
;
last
by
ins
.
by
apply
R_list
_rcons_prefix
in
SOME
.
by
apply
fp_claimed_bounds
_rcons_prefix
in
SOME
.
}
}
Qed
.
(*
R_list
contains a responsetime bound for every tasks in the original task set. *)
Lemma
R_list
_non_empty
:
(*
fp_claimed_bounds
contains a responsetime bound for every tasks in the original task set. *)
Lemma
fp_claimed_bounds
_non_empty
:
forall
ts'
rt_bounds
tsk
,
R_list
ts'
=
Some
rt_bounds
>
fp_claimed_bounds
ts'
=
Some
rt_bounds
>
(
tsk
\
in
ts'
<>
exists
R
,
(
tsk
,
R
)
\
in
rt_bounds
).
...
...
@@ 245,10 +243,10 @@ Module ResponseTimeIterationFP.
destruct
(
lastP
rt_bounds
)
as
[
rt_bounds
(
tsk_lst'
,
R_lst
)].
{
split
;
last
first
;
intro
EX
;
des
;
first
by
rewrite
in_nil
in
EX
.
unfold
R_list
in
*.
unfold
fp_claimed_bounds
in
*.
rewrite

cats1
foldl_cat
in
SOME
.
simpl
in
SOME
.
unfold
R_list_helper
in
*
;
desf
;
rename
H0
into
EQ
.
unfold
fp_bound_of_task
in
*
;
desf
;
rename
H0
into
EQ
.
destruct
l
;
first
by
ins
.
by
rewrite
rcons_cons
in
EQ
;
inversion
EQ
.
}
...
...
@@ 258,12 +256,12 @@ Module ResponseTimeIterationFP.
destruct
IN
as
[
LAST

FRONT
].
{
move
:
LAST
=>
/
eqP
LAST
;
subst
tsk_i
.
generalize
SOME
;
apply
R_list
_rcons_task
in
SOME
;
subst
tsk_lst'
;
intro
SOME
.
generalize
SOME
;
apply
fp_claimed_bounds
_rcons_task
in
SOME
;
subst
tsk_lst'
;
intro
SOME
.
exists
R_lst
.
by
rewrite
mem_rcons
in_cons
;
apply
/
orP
;
left
.
}
{
apply
R_list
_rcons_prefix
in
SOME
.
apply
fp_claimed_bounds
_rcons_prefix
in
SOME
.
exploit
(
IHts
rt_bounds
tsk_i
)
;
[
by
ins

intro
EX
].
apply
EX
in
FRONT
;
des
.
by
exists
R
;
rewrite
mem_rcons
in_cons
;
apply
/
orP
;
right
.
...
...
@@ 276,13 +274,13 @@ Module ResponseTimeIterationFP.
{
move
:
LAST
=>
/
eqP
LAST
.
inversion
LAST
;
subst
tsk_i
R
;
clear
LAST
.
apply
R_list
_rcons_task
in
SOME
;
subst
.
apply
fp_claimed_bounds
_rcons_task
in
SOME
;
subst
.
by
rewrite
mem_rcons
in_cons
;
apply
/
orP
;
left
.
}
{
rewrite
mem_rcons
in_cons
;
apply
/
orP
;
right
.
exploit
(
IHts
rt_bounds
tsk_i
)
;
[
by
apply
R_list
_rcons_prefix
in
SOME

intro
EX
].
[
by
apply
fp_claimed_bounds
_rcons_prefix
in
SOME

intro
EX
].
by
apply
EX
;
exists
R
.
}
}
...
...
@@ 303,7 +301,7 @@ Module ResponseTimeIterationFP.
End
SimpleLemmas
.
(* In this section, we prove that if the task set is sorted by priority,
the tasks in
R_list
are interfering tasks. *)
the tasks in
fp_claimed_bounds
are interfering tasks. *)
Section
HighPriorityTasks
.
(* Consider a list of previous tasks and a task tsk to be analyzed. *)
...
...
@@ 320,11 +318,11 @@ Module ResponseTimeIterationFP.
(* ... and that the responsetime analysis succeeds. *)
Variable
hp_bounds
:
seq
task_with_response_time
.
Variable
R
:
time
.
Hypothesis
H_analysis_succeeds
:
R_list
(
rcons
ts_hp
tsk
)
=
Some
(
rcons
hp_bounds
(
tsk
,
R
)).
Hypothesis
H_analysis_succeeds
:
fp_claimed_bounds
(
rcons
ts_hp
tsk
)
=
Some
(
rcons
hp_bounds
(
tsk
,
R
)).
(* Then, the tasks in the prefix of
R_list
are exactly interfering tasks
(* Then, the tasks in the prefix of
fp_claimed_bounds
are exactly interfering tasks
under FP scheduling.*)
Lemma
R_list
_unzip1
:
Lemma
fp_claimed_bounds
_unzip1
:
[
seq
tsk_hp
<
rcons
ts_hp
tsk

is_interfering_task_fp
higher_priority
tsk
tsk_hp
]
=
unzip1
hp_bounds
.
Proof
.
...
...
@@ 339,21 +337,21 @@ Module ResponseTimeIterationFP.
unfold
is_interfering_task_fp
.
rewrite
eq_refl
andbF
.
destruct
hp_bounds
;
first
by
ins
.
unfold
R_list
in
SOME
;
inversion
SOME
;
desf
.
unfold
fp_claimed_bounds
in
SOME
;
inversion
SOME
;
desf
.
by
destruct
l
.
}
{
intros
tsk
hp_bounds
R
UNIQ
SORTED
SOME
.
destruct
(
lastP
hp_bounds
)
as
[
hp_bounds
(
tsk_lst'
,
R_lst
)].
{
apply
R_list
_rcons_prefix
in
SOME
.
unfold
R_list
in
SOME
.
apply
fp_claimed_bounds
_rcons_prefix
in
SOME
.
unfold
fp_claimed_bounds
in
SOME
.
rewrite

cats1
foldl_cat
in
SOME
.
unfold
R_list_helper
in
SOME
.
unfold
fp_bound_of_task
in
SOME
.
inversion
SOME
;
desf
.
by
destruct
l
.
}
generalize
SOME
;
apply
R_list_rcons_prefix
,
R_list
_rcons_task
in
SOME
;
generalize
SOME
;
apply
fp_claimed_bounds_rcons_prefix
,
fp_claimed_bounds
_rcons_task
in
SOME
;
subst
tsk_lst'
;
intro
SOME
.
specialize
(
IHt
tsk_lst
hp_bounds
R_lst
).
rewrite
filter_rcons
in
IHt
.
...
...
@@ 400,7 +398,7 @@ Module ResponseTimeIterationFP.
apply
IHt
.
by
rewrite
rcons_uniq
in
UNIQ
;
move
:
UNIQ
=>
/
andP
[
_
UNIQ
].
by
apply
sorted_rcons_prefix
in
SORTED
.
by
apply
R_list
_rcons_prefix
in
SOME
.
by
apply
fp_claimed_bounds
_rcons_prefix
in
SOME
.
}
Qed
.
...
...
@@ 414,7 +412,7 @@ Module ResponseTimeIterationFP.
(* Assume that the responsetime analysis succeeds for the higherpriority tasks. *)
Variable
rt_bounds
:
seq
task_with_response_time
.
Hypothesis
H_test_succeeds
:
R_list
ts_hp
=
Some
rt_bounds
.
Hypothesis
H_test_succeeds
:
fp_claimed_bounds
ts_hp
=
Some
rt_bounds
.
(* Consider any task tsk to be analyzed, ... *)
Variable
tsk
:
sporadic_task
.
...
...
@@ 446,8 +444,8 @@ Module ResponseTimeIterationFP.
intros
i
;
destruct
(
i
\
in
rt_bounds
)
eqn
:
HP
;
last
by
rewrite
andFb
.
destruct
i
as
[
i
R
]
;
intros
_
.
have
GE_COST
:
=
(
R_list
_ge_cost
ts_hp
rt_bounds
i
R
).
have
INts
:
=
(
R_list
_non_empty
ts_hp
rt_bounds
i
SOME
).
have
GE_COST
:
=
(
fp_claimed_bounds
_ge_cost
ts_hp
rt_bounds
i
R
).
have
INts
:
=
(
fp_claimed_bounds
_non_empty
ts_hp
rt_bounds
i
SOME
).
destruct
INts
as
[
_
EX
]
;
exploit
EX
;
[
by
exists
R

intro
IN
].
unfold
interference_bound_fp
;
simpl
.
rewrite
leq_min
;
apply
/
andP
;
split
.
...
...
@@ 637,20 +635,17 @@ Module ResponseTimeIterationFP.
Let
response_time_bounded_by
(
tsk
:
sporadic_task
)
:
=
is_response_time_bound_of_task
job_cost
job_task
tsk
rate
sched
.
(* In the following
lemma
, we prove that any responsetime bound contained
in
R_list
is safe. The proof follows by induction on the task set:
(* In the following
theorem
, we prove that any responsetime bound contained
in
fp_claimed_bounds
is safe. The proof follows by induction on the task set:
Induction hypothesis: all higherpriority tasks have safe responsetime bounds.
Inductive step: We prove that the responsetime bound of the current task is safe.
Note that the inductive step is a direct application of the main Theorem from
bertogna_fp_theory.v.
The proof is only long because of the dozens of hypothesis that we need to supply,
so there's no clean way of breaking this down into small lemmas. *)
Lemma
R_list_has_response_time_bounds
:
forall
rt_bounds
tsk
R
,
R_list
ts
=
Some
rt_bounds
>
(
tsk
,
R
)
\
in
rt_bounds
>
bertogna_fp_theory.v. *)
Theorem
fp_analysis_yields_response_time_bounds
:
forall
tsk
R
,
(
tsk
,
R
)
\
In
fp_claimed_bounds
ts
>
response_time_bounded_by
tsk
R
.
Proof
.
rename
H_valid_job_parameters
into
JOBPARAMS
,
H_valid_task_parameters
into
TASKPARAMS
,
...
...
@@ 660,21 +655,27 @@ Module ResponseTimeIterationFP.
H_unique_priorities
into
UNIQ
,
H_total
into
TOTAL
,
H_all_jobs_from_taskset
into
ALLJOBS
,
H_ts_is_a_set
into
SET
.
clear
ALLJOBS
.
unfold
fp_schedulable
,
R_list
in
*.
intros
tsk
R
MATCH
.
assert
(
SOME
:
exists
hp_bounds
,
fp_claimed_bounds
ts
=
Some
hp_bounds
/\
(
tsk
,
R
)
\
in
hp_bounds
).
{
destruct
(
fp_claimed_bounds
ts
)
;
last
by
done
.
by
exists
l
;
split
.
}
clear
MATCH
;
des
.
revert
hp_bounds
tsk
R
SOME
SOME0
.
unfold
fp_schedulable
,
fp_claimed_bounds
in
*.
induction
ts
as
[
ts'
tsk_i
IH
]
using
last_ind
.
{
intros
rt
_bounds
tsk
R
SOME
IN
.
intros
hp
_bounds
tsk
R
SOME
IN
.
by
inversion
SOME
;
subst
;
rewrite
in_nil
in
IN
.
}
{
intros
rt
_bounds
tsk
R
SOME
IN
j
JOBj
.
destruct
(
lastP
rt
_bounds
)
as
[
hp_bounds
(
tsk_lst
,
R_lst
)]
;
intros
hp
_bounds
tsk
R
SOME
IN
j
JOBj
.
destruct
(
lastP
hp
_bounds
)
as
[
hp_bounds
(
tsk_lst
,
R_lst
)]
;
first
by
rewrite
in_nil
in
IN
.
rewrite
mem_rcons
in_cons
in
IN
;
move
:
IN
=>
/
orP
IN
.
destruct
IN
as
[
LAST

BEGINNING
]
;
last
first
.
{
apply
IH
with
(
rt
_bounds
:
=
hp_bounds
)
(
tsk
:
=
tsk
)
;
try
(
by
ins
).
apply
IH
with
(
hp
_bounds
:
=
hp_bounds
)
(
tsk
:
=
tsk
)
;
try
(
by
ins
).
by
rewrite
rcons_uniq
in
SET
;
move
:
SET
=>
/
andP
[
_
SET
].
by
ins
;
red
;
ins
;
apply
TASKPARAMS
;
rewrite
mem_rcons
in_cons
;
apply
/
orP
;
right
.
by
ins
;
apply
RESTR
;
rewrite
mem_rcons
in_cons
;
apply
/
orP
;
right
.
...
...
@@ 685,7 +686,7 @@ Module ResponseTimeIterationFP.
[
by
rewrite
mem_rcons
in_cons
;
apply
/
orP
;
right

intro
INV
].
rewrite

cats1
count_cat
/=
in
INV
.
unfold
is_interfering_task_fp
in
INV
.
generalize
SOME
;
apply
R_list
_rcons_task
in
SOME
;
subst
tsk_i
;
intro
SOME
.
generalize
SOME
;
apply
fp_claimed_bounds
_rcons_task
in
SOME
;
subst
tsk_i
;
intro
SOME
.
assert
(
HP
:
higher_priority
tsk_lst
tsk0
=
false
).
{
apply
order_sorted_rcons
with
(
x
:
=
tsk0
)
in
SORT
;
[
by
ins

by
ins
].
...
...
@@ 695,24 +696,25 @@ Module ResponseTimeIterationFP.
}
by
rewrite
HP
2
!
andFb
2
!
addn0
in
INV
.
}
by
apply
R_list
_rcons_prefix
in
SOME
.
by
apply
fp_claimed_bounds
_rcons_prefix
in
SOME
.
}
{
move
:
LAST
=>
/
eqP
LAST
.
inversion
LAST
as
[[
EQ1
EQ2
]].
rewrite
>
EQ1
in
*
;
rewrite
>
EQ2
in
*
;
clear
EQ1
EQ2
LAST
.
generalize
SOME
;
apply
R_list
_rcons_task
in
SOME
;
subst
tsk_i
;
intro
SOME
.
generalize
SOME
;
apply
R_list
_rcons_prefix
in
SOME
;
intro
SOME'
.
generalize
SOME
;
apply
fp_claimed_bounds
_rcons_task
in
SOME
;
subst
tsk_i
;
intro
SOME
.
generalize
SOME
;
apply
fp_claimed_bounds
_rcons_prefix
in
SOME
;
intro
SOME'
.
have
BOUND
:
=
bertogna_cirinei_response_time_bound_fp
.
unfold
is_response_time_bound_of_task
in
BOUND
.
apply
BOUND
with
(
task_cost
:
=
task_cost
)
(
task_period
:
=
task_period
)
(
task_deadline
:
=
task_deadline
)
(
job_deadline
:
=
job_deadline
)
(
job_task
:
=
job_task
)
(
tsk
:
=
tsk_lst
)
(
ts
:
=
rcons
ts'
tsk_lst
)
(
hp_bounds
:
=
hp_bounds
)
apply
BOUND
with
(
task_cost
:
=
task_cost
)
(
task_period
:
=
task_period
)
(
task_deadline
:
=
task_deadline
)
(
job_deadline
:
=
job_deadline
)
(
tsk
:
=
tsk_lst
)
(
job_task
:
=
job_task
)
(
ts
:
=
rcons
ts'
tsk_lst
)
(
hp_bounds
:
=
hp_bounds
)
(
higher_eq_priority
:
=
higher_priority
)
;
clear
BOUND
;
try
(
by
ins
).
by
rewrite
mem_rcons
in_cons
eq_refl
orTb
.
by
apply
R_list
_unzip1
with
(
R
:
=
R_lst
).
by
apply
fp_claimed_bounds
_unzip1
with
(
R
:
=
R_lst
).
{
intros
hp_tsk
R0
HP
j0
JOB0
.
apply
IH
with
(
rt
_bounds
:
=
hp_bounds
)
(
tsk
:
=
hp_tsk
)
;
try
(
by
ins
).
apply
IH
with
(
hp
_bounds
:
=
hp_bounds
)
(
tsk
:
=
hp_tsk
)
;
try
(
by
ins
).
by
rewrite
rcons_uniq
in
SET
;
move
:
SET
=>
/
andP
[
_
SET
].
by
red
;
ins
;
apply
TASKPARAMS
;
rewrite
mem_rcons
in_cons
;
apply
/
orP
;
right
.
by
ins
;
apply
RESTR
;
rewrite
mem_rcons
in_cons
;
apply
/
orP
;
right
.
...
...
@@ 733,27 +735,27 @@ Module ResponseTimeIterationFP.
by
rewrite
NOINTERF
2
!
andFb
addn0
in
INV
.
}
}
by
ins
;
apply
R_list
_ge_cost
with
(
ts'
:
=
ts'
)
(
rt_bounds
:
=
hp_bounds
).
by
ins
;
apply
R_list
_le_deadline
with
(
ts'
:
=
ts'
)
(
rt_bounds
:
=
hp_bounds
).
by
ins
;
apply
fp_claimed_bounds
_ge_cost
with
(
ts'
:
=
ts'
)
(
rt_bounds
:
=
hp_bounds
).
by
ins
;
apply
fp_claimed_bounds
_le_deadline
with
(
ts'
:
=
ts'
)
(
rt_bounds
:
=
hp_bounds
).
{
rewrite
[
R_lst
](
R_list
_rcons_response_time
ts'
hp_bounds
tsk_lst
)
;
last
by
ins
.
rewrite
[
R_lst
](
fp_claimed_bounds
_rcons_response_time
ts'
hp_bounds
tsk_lst
)
;
last
by
ins
.
rewrite
per_task_rta_fold
.
apply
per_task_rta_converges
with
(
ts_hp
:
=
ts'
)
;
try
(
by
done
).
apply
R_list
_le_deadline
with
(
ts'
:
=
rcons
ts'
tsk_lst
)
apply
fp_claimed_bounds
_le_deadline
with
(
ts'
:
=
rcons
ts'
tsk_lst
)
(
rt_bounds
:
=
rcons
hp_bounds
(
tsk_lst
,
R_lst
))
;
first
by
apply
SOME'
.
rewrite
mem_rcons
in_cons
;
apply
/
orP
;
left
;
apply
/
eqP
.
f_equal
;
symmetry
.
by
apply
R_list
_rcons_response_time
with
(
ts'
:
=
ts'
).
by
apply
fp_claimed_bounds
_rcons_response_time
with
(
ts'
:
=
ts'
).
}
}
}
Qed
.
(*
Finally
, if the schedulability test suceeds, ...*)
(*
Therefore
, if the schedulability test suceeds, ...*)
Hypothesis
H_test_succeeds
:
fp_schedulable
ts
.
(*..., no task misses its deadline
,..
. *)
(*..., no task misses its deadline. *)
Theorem
taskset_schedulable_by_fp_rta
:
forall
tsk
,
tsk
\
in
ts
>
no_deadline_missed_by_task
tsk
.
Proof
.
...
...
@@ 775,13 +777,13 @@ Module ResponseTimeIterationFP.
H_test_succeeds
into
TEST
.
move
=>
tsk
INtsk
j
JOBtsk
.
have
RLIST
:
=
(
R_list_ha
s_response_time_bounds
).
have
NONEMPTY
:
=
(
R_list
_non_empty
ts
).
have
DL
:
=
(
R_list
_le_deadline
ts
).
have
RLIST
:
=
(
fp_analysis_yield
s_response_time_bounds
).
have
NONEMPTY
:
=
(
fp_claimed_bounds
_non_empty
ts
).
have
DL
:
=
(
fp_claimed_bounds
_le_deadline
ts
).
destruct
(
R_list
ts
)
as
[
rt_bounds
]
;
last
by
ins
.
destruct
(
fp_claimed_bounds
ts
)
as
[
rt_bounds
]
;
last
by
ins
.
exploit
(
NONEMPTY
rt_bounds
tsk
)
;
[
by
ins

intros
[
EX
_
]
;
specialize
(
EX
INtsk
)
;
des
].
exploit
(
RLIST
rt_bounds
tsk
R
)
;
[
by
ins

by
ins

by
apply
JOBtsk

intro
COMPLETED
].
exploit
(
RLIST
tsk
R
)
;
[
by
ins

by
apply
JOBtsk

intro
COMPLETED
].
exploit
(
DL
rt_bounds
tsk
R
)
;
[
by
ins

by
ins

clear
DL
;
intro
DL
].
rewrite
eqn_leq
;
apply
/
andP
;
split
;
first
by
apply
cumulative_service_le_job_cost
.
...
...
@@ 796,31 +798,6 @@ Module ResponseTimeIterationFP.
by
apply
COMPLETED
.
Qed
.
(* ..., and the schedulability test yields safe responsetime
bounds for each task. *)
Theorem
fp_schedulability_test_yields_response_time_bounds
:
forall
tsk
,
tsk
\
in
ts
>
if
R_list
ts
is
Some
rt_bounds
then
exists
R
,
(
tsk
,
R
)
\
in
rt_bounds
/\
R
<=
task_deadline
tsk
/\
response_time_bounded_by
tsk
R
else
False
.
Proof
.
intros
tsk
IN
.
unfold
fp_schedulable
in
*.
have
TASKS
:
=
R_list_non_empty
ts
.
have
BOUNDS
:
=
(
R_list_has_response_time_bounds
).
have
DL
:
=
(
R_list_le_deadline
ts
).
destruct
(
R_list
ts
)
as
[
rt_bounds
]
;
last
by
ins
.
exploit
(
TASKS
rt_bounds
tsk
)
;
[
by
ins

clear
TASKS
;
intro
EX
].
destruct
EX
as
[
EX
_
]
;
specialize
(
EX
IN
)
;
des
.
exists
R
;
repeat
split
;
try
(
by
done
).
by
apply
DL
with
(
rt_bounds0
:
=
rt_bounds
).
by
ins
;
apply
(
BOUNDS
rt_bounds
tsk
).
Qed
.
(* For completeness, since all jobs of the arrival sequence
are spawned by the task set, we also conclude that no job in
the schedule misses its deadline. *)
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment