Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
P
PROSA  Formally Proven Schedulability Analysis
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Marco Perronet
PROSA  Formally Proven Schedulability Analysis
Commits
49036f00
Commit
49036f00
authored
Dec 20, 2019
by
Sergey Bozhko
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Improve readability of analysis
parent
5fc2e7dd
Changes
29
Expand all
Hide whitespace changes
Inline
Sidebyside
Showing
29 changed files
with
297 additions
and
295 deletions
+297
295
analysis/definitions/busy_interval.v
analysis/definitions/busy_interval.v
+2
2
analysis/definitions/job_properties.v
analysis/definitions/job_properties.v
+0
1
analysis/definitions/priority_inversion.v
analysis/definitions/priority_inversion.v
+0
2
analysis/definitions/progress.v
analysis/definitions/progress.v
+1
0
analysis/definitions/request_bound_function.v
analysis/definitions/request_bound_function.v
+2
3
analysis/definitions/schedulability.v
analysis/definitions/schedulability.v
+32
35
analysis/definitions/task_schedule.v
analysis/definitions/task_schedule.v
+20
23
analysis/facts/behavior/arrivals.v
analysis/facts/behavior/arrivals.v
+128
130
analysis/facts/behavior/completion.v
analysis/facts/behavior/completion.v
+19
19
analysis/facts/behavior/deadlines.v
analysis/facts/behavior/deadlines.v
+4
1
analysis/facts/behavior/service.v
analysis/facts/behavior/service.v
+37
36
analysis/facts/edf.v
analysis/facts/edf.v
+1
2
analysis/facts/model/ideal_schedule.v
analysis/facts/model/ideal_schedule.v
+27
28
analysis/facts/model/sequential.v
analysis/facts/model/sequential.v
+2
1
analysis/facts/model/workload.v
analysis/facts/model/workload.v
+0
2
analysis/facts/preemption/job/limited.v
analysis/facts/preemption/job/limited.v
+2
1
analysis/facts/preemption/job/nonpreemptive.v
analysis/facts/preemption/job/nonpreemptive.v
+1
0
analysis/facts/preemption/job/preemptive.v
analysis/facts/preemption/job/preemptive.v
+2
0
analysis/facts/preemption/rtc_threshold/floating.v
analysis/facts/preemption/rtc_threshold/floating.v
+4
2
analysis/facts/preemption/rtc_threshold/limited.v
analysis/facts/preemption/rtc_threshold/limited.v
+1
0
analysis/facts/preemption/rtc_threshold/nonpreemptive.v
analysis/facts/preemption/rtc_threshold/nonpreemptive.v
+1
2
analysis/facts/preemption/rtc_threshold/preemptive.v
analysis/facts/preemption/rtc_threshold/preemptive.v
+1
0
analysis/facts/preemption/task/floating.v
analysis/facts/preemption/task/floating.v
+2
2
analysis/facts/preemption/task/limited.v
analysis/facts/preemption/task/limited.v
+2
0
analysis/facts/preemption/task/nonpreemptive.v
analysis/facts/preemption/task/nonpreemptive.v
+2
2
analysis/facts/preemption/task/preemptive.v
analysis/facts/preemption/task/preemptive.v
+2
0
analysis/transform/prefix.v
analysis/transform/prefix.v
+1
0
results/edf/rta/bounded_nps.v
results/edf/rta/bounded_nps.v
+1
0
results/edf/rta/bounded_pi.v
results/edf/rta/bounded_pi.v
+0
1
No files found.
analysis/definitions/busy_interval.v
View file @
49036f00
...
...
@@ 59,11 +59,11 @@ Section BusyIntervalJLFP.
End
BusyInterval
.
(** In this section we define the computational
version of the notion of quiet time. *)
version of the notion of quiet time. *)
Section
DecidableQuietTime
.
(** We say that t is a quiet time for j iff every higherpriority job from
the arrival sequence that arrived before t has completed by that time. *)
the arrival sequence that arrived before t has completed by that time. *)
Definition
quiet_time_dec
(
j
:
Job
)
(
t
:
instant
)
:
=
all
(
fun
j_hp
=>
hep_job
j_hp
j
==>
(
completed_by
sched
j_hp
t
))
...
...
analysis/definitions/job_properties.v
View file @
49036f00
Require
Export
prosa
.
behavior
.
all
.
From
mathcomp
Require
Export
eqtype
ssrnat
.
(** In this section, we introduce properties of a job. *)
Section
PropertiesOfJob
.
...
...
analysis/definitions/priority_inversion.v
View file @
49036f00
Require
Export
prosa
.
analysis
.
definitions
.
busy_interval
.
From
mathcomp
Require
Import
ssreflect
ssrbool
eqtype
ssrnat
seq
fintype
bigop
.
(** * Cumulative Priority Inversion for JLFPmodels *)
(** In this module we define the notion of cumulative priority inversion for uniprocessor for JLFP schedulers. *)
Section
CumulativePriorityInversion
.
...
...
analysis/definitions/progress.v
View file @
49036f00
...
...
@@ 6,6 +6,7 @@ Require Export prosa.analysis.facts.behavior.service.
conversely a notion of a lack of progress. *)
Section
Progress
.
(** Consider any type of jobs with a known cost... *)
Context
{
Job
:
JobType
}.
Context
`
{
JobCost
Job
}.
...
...
analysis/definitions/request_bound_function.v
View file @
49036f00
...
...
@@ 6,8 +6,6 @@ Require Export prosa.model.priority.classes.
could be generalized in future work. *)
Require
Import
prosa
.
analysis
.
facts
.
model
.
ideal_schedule
.
From
mathcomp
Require
Import
ssreflect
ssrbool
eqtype
ssrnat
seq
path
fintype
bigop
.
(** * Request Bound Function (RBF) *)
(** We define the notion of a task's requestbound function (RBF), as well as
...
...
@@ 47,7 +45,8 @@ Section TaskWorkloadBoundedByArrivalCurves.
Variable
delta
:
duration
.
(** We define the following workload bound for the task. *)
Definition
task_request_bound_function
:
=
task_cost
tsk
*
max_arrivals
tsk
delta
.
Definition
task_request_bound_function
:
=
task_cost
tsk
*
max_arrivals
tsk
delta
.
End
SingleTask
.
...
...
analysis/definitions/schedulability.v
View file @
49036f00
Require
Export
prosa
.
analysis
.
facts
.
behavior
.
completion
.
Require
Import
prosa
.
model
.
task
.
absolute_deadline
.
(** * Schedulability *)
(** In the following section we define the notion of schedulable
task. *)
Section
Task
.
(** Consider any type of tasks, ... *)
Context
{
Task
:
TaskType
}.
Context
{
Job
:
JobType
}.
Context
`
{
JobArrival
Job
}
`
{
JobCost
Job
}
`
{
JobTask
Job
Task
}.
(** ... any type of jobs associated with these tasks, ... *)
Context
{
Job
:
JobType
}.
Context
`
{
JobArrival
Job
}.
Context
`
{
JobCost
Job
}.
Context
`
{
JobDeadline
Job
}.
Context
`
{
JobTask
Job
Task
}.
(** ... and any kind of processor state. *)
Context
{
PState
:
Type
}.
Context
`
{
ProcessorState
Job
PState
}.
...
...
@@ 37,43 +47,27 @@ Section Task.
arrives_in
arr_seq
j
>
job_task
j
=
tsk
>
job_meets_deadline
sched
j
.
End
Task
.
Section
TaskSet
.
Context
{
Task
:
TaskType
}.
Context
{
Job
:
JobType
}.
Context
`
{
JobArrival
Job
}
`
{
JobCost
Job
}
`
{
JobTask
Job
Task
}.
Context
`
{
JobDeadline
Job
}.
Context
{
PState
:
Type
}.
Context
`
{
ProcessorState
Job
PState
}.
Variable
ts
:
{
set
Task
}.
(** Consider any job arrival sequence... *)
Variable
arr_seq
:
arrival_sequence
Job
.
(** ...and any schedule of these jobs. *)
Variable
sched
:
schedule
PState
.
(** We say that a task set is schedulable if all its tasks are schedulable *)
Definition
schedulable_taskset
:
=
forall
tsk
,
tsk
\
in
ts
>
schedulable_task
arr_seq
sched
tsk
.
End
TaskSet
.
Section
Schedulability
.
(** We can infer schedulability from a responsetime bound of a task. *)
(** In this section we infer schedulability from a responsetime bound
of a task. *)
Section
Schedulability
.
(** Consider any type of tasks, ... *)
Context
{
Task
:
TaskType
}.
Context
{
Job
:
JobType
}.
Context
`
{
TaskDeadline
Task
}.
Context
`
{
JobArrival
Job
}
`
{
JobCost
Job
}
`
{
JobTask
Job
Task
}.
(** ... any type of jobs associated with these tasks, ... *)
Context
{
Job
:
JobType
}.
Context
`
{
JobArrival
Job
}.
Context
`
{
JobCost
Job
}.
Context
`
{
JobTask
Job
Task
}.
(** ... and any kind of processor state. *)
Context
{
PState
:
Type
}.
Context
`
{
ProcessorState
Job
PState
}.
(** Consider any job arrival sequence... *)
Variable
arr_seq
:
arrival_sequence
Job
.
...
...
@@ 112,9 +106,12 @@ End Schedulability.
given schedule and one w.r.t. all jobs that arrive in a given
arrival sequence. *)
Section
AllDeadlinesMet
.
(** Consider any given type of jobs... *)
Context
{
Job
:
JobType
}
`
{
JobCost
Job
}
`
{
JobDeadline
Job
}
`
{
JobArrival
Job
}.
Context
{
Job
:
JobType
}.
Context
`
{
JobArrival
Job
}.
Context
`
{
JobCost
Job
}.
Context
`
{
JobDeadline
Job
}.
(** ... any given type of processor states. *)
Context
{
PState
:
eqType
}.
...
...
@@ 151,8 +148,8 @@ Section AllDeadlinesMet.
End
DeadlinesOfArrivals
.
(** We observe that the latter definition, assuming a schedule in
which all jobs come from the arrival sequence, implies the former
definition. *)
which all jobs come from the arrival sequence, implies the
former
definition. *)
Lemma
all_deadlines_met_in_valid_schedule
:
forall
arr_seq
sched
,
jobs_come_from_arrival_sequence
sched
arr_seq
>
...
...
analysis/definitions/task_schedule.v
View file @
49036f00
Require
Export
prosa
.
model
.
task
.
concept
.
Require
Export
prosa
.
model
.
processor
.
ideal
.
(** Due to historical reasons this file defines the notion of a schedule of
a task for the ideal uniprocessor model. This is not a fundamental limitation
and the notion can be further generalized to an arbitrary model. *)
(** Due to historical reasons this file defines the notion of a
schedule of a task for the ideal uniprocessor model. This is not
a fundamental limitation and the notion can be further generalized
to an arbitrary model. *)
Require
Export
prosa
.
model
.
processor
.
ideal
.
(** * Schedule of task *)
(** In this section we define properties of schedule of a task *)
...
...
@@ 22,29 +23,25 @@ Section ScheduleOfTask.
(** Let [sched] be any ideal uniprocessor schedule. *)
Variable
sched
:
schedule
(
ideal
.
processor_state
Job
).
Section
TaskProperties
.
(** Let [tsk] be any task. *)
Variable
tsk
:
Task
.
(** Next we define whether a task is scheduled at time [t], ... *)
Definition
task_scheduled_at
(
t
:
instant
)
:
=
if
sched
t
is
Some
j
then
job_task
j
==
tsk
else
false
.
(** Let [tsk] be any task. *)
Variable
tsk
:
Task
.
(** Next we define whether a task is scheduled at time [t], ... *)
Definition
task_scheduled_at
(
t
:
instant
)
:
=
if
sched
t
is
Some
j
then
job_task
j
==
tsk
else
false
.
(** ...which also corresponds to the instantaneous service it receives. *)
Definition
task_service_at
(
t
:
instant
)
:
=
task_scheduled_at
t
.
(** ...which also corresponds to the instantaneous service it receives. *)
Definition
task_service_at
(
t
:
instant
)
:
=
task_scheduled_at
t
.
(** Based on the notion of instantaneous service, we define the
(** Based on the notion of instantaneous service, we define the
cumulative service received by [tsk] during any interval [t1, t2)... *)
Definition
task_service_during
(
t1
t2
:
instant
)
:
=
\
sum_
(
t1
<=
t
<
t2
)
task_service_at
t
.
Definition
task_service_during
(
t1
t2
:
instant
)
:
=
\
sum_
(
t1
<=
t
<
t2
)
task_service_at
t
.
(** ...and the cumulative service received by [tsk] up to time t2,
(** ...and the cumulative service received by [tsk] up to time t2,
i.e., in the interval [0, t2). *)
Definition
task_service
(
t2
:
instant
)
:
=
task_service_during
0
t2
.
End
TaskProperties
.
Definition
task_service
(
t2
:
instant
)
:
=
task_service_during
0
t2
.
End
ScheduleOfTask
.
analysis/facts/behavior/arrivals.v
View file @
49036f00
This diff is collapsed.
Click to expand it.
analysis/facts/behavior/completion.v
View file @
49036f00
Require
Export
prosa
.
analysis
.
facts
.
behavior
.
service
.
Require
Export
prosa
.
analysis
.
facts
.
behavior
.
arrivals
.
(**
In this file, we establish basic facts about job completions.
*)
(**
* Completion
*)
(** In this file, we establish basic facts about job completions. *)
Section
CompletionFacts
.
(** Consider any job type,...*)
Context
{
Job
:
JobType
}.
Context
`
{
JobCost
Job
}.
...
...
@@ 35,8 +37,7 @@ Section CompletionFacts.
Lemma
less_service_than_cost_is_incomplete
:
forall
t
,
service
sched
j
t
<
job_cost
j
<>
~~
completed_by
sched
j
t
.
<>
~~
completed_by
sched
j
t
.
Proof
.
move
=>
t
.
by
split
;
rewrite
/
completed_by
;
[
rewrite

ltnNge
//

rewrite
ltnNge
//].
Qed
.
...
...
@@ 45,8 +46,7 @@ Section CompletionFacts.
Lemma
incomplete_is_positive_remaining_cost
:
forall
t
,
~~
completed_by
sched
j
t
<>
remaining_cost
sched
j
t
>
0
.
<>
remaining_cost
sched
j
t
>
0
.
Proof
.
move
=>
t
.
by
split
;
rewrite
/
remaining_cost

less_service_than_cost_is_incomplete
subn_gt0
//.
Qed
.
...
...
@@ 112,11 +112,10 @@ Section CompletionFacts.
End
CompletionFacts
.
Section
ServiceAndCompletionFacts
.
(** In this section, we establish some facts that are really about service,
but are also related to completion and rely on some of the above lemmas.
Hence they are in this file rather than in the service facts file. *)
(** In this section, we establish some facts that are really about service,
but are also related to completion and rely on some of the above lemmas.
Hence they are in this file rather than in the service facts file. *)
Section
ServiceAndCompletionFacts
.
(** Consider any job type,...*)
Context
{
Job
:
JobType
}.
...
...
@@ 133,7 +132,7 @@ Section ServiceAndCompletionFacts.
Hypothesis
H_completed_jobs
:
completed_jobs_dont_execute
sched
.
(** Let
j
be any job that is to be scheduled. *)
(** Let
[j]
be any job that is to be scheduled. *)
Variable
j
:
Job
.
(** Assume that a scheduled job receives exactly one time unit of service. *)
...
...
@@ 171,7 +170,7 @@ Section ServiceAndCompletionFacts.
by
apply
service_at_most_cost
.
Qed
.
(** We show that the service received by job
j
in any interval is no larger
(** We show that the service received by job
[j]
in any interval is no larger
than its cost. *)
Lemma
cumulative_service_le_job_cost
:
forall
t
t'
,
...
...
@@ 183,8 +182,8 @@ Section ServiceAndCompletionFacts.
rewrite
/
service
.
rewrite
(
service_during_cat
sched
j
0
t
t'
)
//
leq_addl
//.
Qed
.
(** If a job isn't complete at time
t, it can't be completed at time (
t +
remaining_cost j t  1
)
. *)
(** If a job isn't complete at time
[t], it can't be completed at time [
t +
remaining_cost j t  1
]
. *)
Lemma
job_doesnt_complete_before_remaining_cost
:
forall
t
,
~~
completed_by
sched
j
t
>
...
...
@@ 227,9 +226,9 @@ Section ServiceAndCompletionFacts.
End
ServiceAndCompletionFacts
.
(** In this section, we establish facts that on jobs with nonzero costs that
must arrive to execute. *)
Section
PositiveCost
.
(** In this section, we establish facts that on jobs with nonzero costs that
must arrive to execute. *)
(** Consider any type of jobs with cost and arrivaltime attributes,...*)
Context
{
Job
:
JobType
}.
...
...
@@ 243,11 +242,11 @@ Section PositiveCost.
(** ...and a given schedule. *)
Variable
sched
:
schedule
PState
.
(** Let
j
be any job that is to be scheduled. *)
(** Let
[j]
be any job that is to be scheduled. *)
Variable
j
:
Job
.
(** We assume that job
j
has positive cost, from which we can
infer that there always is a time in which
j
is pending, ... *)
(** We assume that job
[j]
has positive cost, from which we can
infer that there always is a time in which
[j]
is pending, ... *)
Hypothesis
H_positive_cost
:
job_cost
j
>
0
.
(** ...and that jobs must arrive to execute. *)
...
...
@@ 283,6 +282,7 @@ Section PositiveCost.
End
PositiveCost
.
Section
CompletedJobs
.
(** Consider any kinds of jobs and any kind of processor state. *)
Context
{
Job
:
JobType
}
{
PState
:
Type
}.
Context
`
{
ProcessorState
Job
PState
}.
...
...
analysis/facts/behavior/deadlines.v
View file @
49036f00
Require
Export
prosa
.
analysis
.
facts
.
behavior
.
completion
.
(** * Deadlines *)
(** In this file, we observe basic properties of the behavioral job
model w.r.t. deadlines. *)
Section
DeadlineFacts
.
(** Consider any given type of jobs with costs and deadlines... *)
Context
{
Job
:
JobType
}
`
{
JobCost
Job
}
`
{
JobDeadline
Job
}.
(** ... any given type of processor states. *)
Context
{
PState
:
eqType
}.
Context
`
{
ProcessorState
Job
PState
}.
...
...
analysis/facts/behavior/service.v
View file @
49036f00
...
...
@@ 2,15 +2,15 @@ Require Export prosa.util.all.
Require
Export
prosa
.
behavior
.
all
.
Require
Export
prosa
.
model
.
processor
.
platform_properties
.
From
mathcomp
Require
Import
ssrnat
ssrbool
fintype
.
(** * Service *)
(** In this file, we establish basic facts about the service received by
jobs. *)
Section
Composition
.
(** To begin with, we provide some simple but handy rewriting rules for
(** To begin with, we provide some simple but handy rewriting rules for
[service] and [service_during]. *)
Section
Composition
.
(** Consider any job type and any processor state. *)
Context
{
Job
:
JobType
}.
Context
{
PState
:
Type
}.
...
...
@@ 130,10 +130,9 @@ Section Composition.
End
Composition
.
(** As a common special case, we establish facts about schedules in which a
job receives either 1 or 0 service units at all times. *)
Section
UnitService
.
(** As a common special case, we establish facts about schedules in which a
job receives either 1 or 0 service units at all times. *)
(** Consider any job type and any processor state. *)
Context
{
Job
:
JobType
}.
...
...
@@ 146,7 +145,7 @@ Section UnitService.
(** ...and a given schedule. *)
Variable
sched
:
schedule
PState
.
(** Let
j
be any job that is to be scheduled. *)
(** Let
[j]
be any job that is to be scheduled. *)
Variable
j
:
Job
.
(** First, we prove that the instantaneous service cannot be greater than 1, ... *)
...
...
@@ 156,7 +155,7 @@ Section UnitService.
by
move
=>
t
;
rewrite
/
service_at
.
Qed
.
(** ...which implies that the cumulative service received by job
j
in any
(** ...which implies that the cumulative service received by job
[j]
in any
interval of length delta is at most delta. *)
Lemma
cumulative_service_le_delta
:
forall
t
delta
,
...
...
@@ 170,7 +169,7 @@ Section UnitService.
Section
ServiceIsAStepFunction
.
(** We show that the service received by any job
j
is a step function. *)
(** We show that the service received by any job
[j]
is a step function. *)
Lemma
service_is_a_step_function
:
is_step_function
(
service
sched
j
).
Proof
.
...
...
@@ 179,15 +178,15 @@ Section UnitService.
apply
service_at_most_one
.
Qed
.
(** Next, consider any time
t
... *)
(** Next, consider any time
[t]
... *)
Variable
t
:
instant
.
(** ...and let
s0
be any value less than the service received
by job
j by time t
. *)
(** ...and let
[s0]
be any value less than the service received
by job
[j] by time [t]
. *)
Variable
s0
:
duration
.
Hypothesis
H_less_than_s
:
s0
<
service
sched
j
t
.
(** Then, we show that there exists an earlier time
t0 where job j had s0
(** Then, we show that there exists an earlier time
[t0] where job [j] had [s0]
units of service. *)
Corollary
exists_intermediate_service
:
exists
t0
,
...
...
@@ 205,8 +204,8 @@ Section UnitService.
End
UnitService
.
(** We establish a basic fact about the monotonicity of service. *)
Section
Monotonicity
.
(** We establish a basic fact about the monotonicity of service. *)
(** Consider any job type and any processor model. *)
Context
{
Job
:
JobType
}.
...
...
@@ 231,8 +230,9 @@ Section Monotonicity.
End
Monotonicity
.
(** Consider any job type and any processor model. *)
Section
RelationToScheduled
.
(** Consider any job type and any processor model. *)
Context
{
Job
:
JobType
}.
Context
{
PState
:
Type
}.
Context
`
{
ProcessorState
Job
PState
}.
...
...
@@ 313,7 +313,7 @@ Section RelationToScheduled.
Qed
.
(** Thus, any job that receives some service during an interval must be
scheduled at some point during the interval... *)
scheduled at some point during the interval... *)
Corollary
cumulative_service_implies_scheduled
:
forall
t1
t2
,
service_during
sched
j
t1
t2
>
0
>
...
...
@@ 339,12 +339,12 @@ Section RelationToScheduled.
have
EX_SCHED
:
=
cumulative_service_implies_scheduled
0
t2
NONZERO
.
by
move
:
EX_SCHED
=>
[
t
[
TIMES
SCHED_AT
]]
;
exists
t
;
split
.
Qed
.
(** If we can assume that a scheduled job always receives service,
we can further prove the converse. *)
Section
GuaranteedService
.
(** If we can assume that a scheduled job always receives service, we can
further prove the converse. *)
(** Assume
j
always receives some positive service. *)
(** Assume
[j]
always receives some positive service. *)
Hypothesis
H_scheduled_implies_serviced
:
ideal_progress_proc_model
PState
.
(** In other words, not being scheduled is equivalent to receiving zero
...
...
@@ 406,9 +406,9 @@ Section RelationToScheduled.
End
GuaranteedService
.
(** Furthermore, if we know that jobs are not released early, then we can
narrow the interval during which they must have been scheduled. *)
Section
AfterArrival
.
(** Furthermore, if we know that jobs are not released early, then we can
narrow the interval during which they must have been scheduled. *)
Context
`
{
JobArrival
Job
}.
...
...
@@ 440,8 +440,8 @@ Section RelationToScheduled.
rewrite
/
has_arrived

ltnNge
//.
Qed
.
(** We show that job
j does not receive service at any time t
prior to its
arrival. *)
(** We show that job
[j] does not receive service at any time [t]
prior to its
arrival. *)
Lemma
service_before_job_arrival_zero
:
forall
t
,
t
<
job_arrival
j
>
...
...
@@ 492,17 +492,17 @@ Section RelationToScheduled.
End
AfterArrival
.
(** In this section, we prove some lemmas about time instants with same
service. *)
Section
TimesWithSameService
.
(** In this section, we prove some lemmas about time instants with same
service. *)
(** Consider any time instants
t1 and t2
... *)
(** Consider any time instants
[t1] and [t2]
... *)
Variable
t1
t2
:
instant
.
(** ...where
t1 is no later than t2
... *)
(** ...where
[t1] is no later than [t2]
... *)
Hypothesis
H_t1_le_t2
:
t1
<=
t2
.
(** ...and where job
j
has received the same amount of service. *)
(** ...and where job
[j]
has received the same amount of service. *)
Hypothesis
H_same_service
:
service
sched
j
t1
=
service
sched
j
t2
.
(** First, we observe that this means that the job receives no service
...
...
@@ 527,8 +527,8 @@ Section RelationToScheduled.
apply
IS_ZERO
.
apply
/
andP
;
split
=>
//.
Qed
.
(** We show that job
j receives service at some point t < t1 iff j receives
service at some point t' < t2
. *)
(** We show that job
[j] receives service at some point [t < t1]
iff [j] receives service at some point [t' < t2]
. *)
Lemma
same_service_implies_serviced_at_earlier_times
:
[
exists
t
:
'
I_t1
,
service_at
sched
j
t
>
0
]
=
[
exists
t'
:
'
I_t2
,
service_at
sched
j
t'
>
0
].
...
...
@@ 550,14 +550,15 @@ Section RelationToScheduled.
}
Qed
.
(** Then, under the assumption that scheduled jobs receives service,
we can translate this into a claim about scheduled_at. *)
we can translate this into a claim about scheduled_at. *)
(** Assume
j
always receives some positive service. *)
(** Assume
[j]
always receives some positive service. *)
Hypothesis
H_scheduled_implies_serviced
:
ideal_progress_proc_model
PState
.
(** We show that job
j is scheduled at some point t < t1 iff j
is scheduled
at some point
t' < t2
. *)
(** We show that job
[j] is scheduled at some point [t < t1] iff [j]
is scheduled
at some point
[t' < t2]
. *)
Lemma
same_service_implies_scheduled_at_earlier_times
:
[
exists
t
:
'
I_t1
,
scheduled_at
sched
j
t
]
=
[
exists
t'
:
'
I_t2
,
scheduled_at
sched
j
t'
].
...
...
analysis/facts/edf.v
View file @
49036f00
...
...
@@ 31,5 +31,4 @@ End PropertiesOfEDF.
(** We add the above lemma into a "Hint Database" basic_facts, so Coq
will be able to apply them automatically. *)
Hint
Resolve
EDF_respects_sequential_tasks
:
basic_facts
.
Hint
Resolve
EDF_respects_sequential_tasks
:
basic_facts
.
analysis/facts/model/ideal_schedule.v
View file @
49036f00
From
mathcomp
Require
Import
all_ssreflect
.
Require
Export
prosa
.
util
.
all
.
Require
Export
prosa
.
model
.
processor
.
platform_properties
.
Require
Export
prosa
.
analysis
.
facts
.
behavior
.
service
.
...
...
@@ 87,33 +86,6 @@ Section ScheduleClass.
End
ScheduleClass
.
(** * Automation *)
(** We add the above lemmas into a "Hint Database" basic_facts, so Coq
will be able to apply them automatically. *)
Hint
Resolve
ideal_proc_model_is_a_uniprocessor_model
ideal_proc_model_ensures_ideal_progress
ideal_proc_model_provides_unit_service
:
basic_facts
.
(** We also provide tactics for case analysis on ideal processor state. *)
(** The first tactic generates two subgoals: one with idle processor and
the other with processor executing a job named [JobName]. *)
Ltac
ideal_proc_model_sched_case_analysis
sched
t
JobName
:
=
let
Idle
:
=
fresh
"Idle"
in
let
Sched
:
=
fresh
"Sched_"
JobName
in
destruct
(
ideal_proc_model_sched_case_analysis
sched
t
)
as
[
Idle

[
JobName
Sched
]].
(** The second tactic is similar to the first, but it additionally generates
two equalities: [sched t = None] and [sched t = Some j]. *)
Ltac
ideal_proc_model_sched_case_analysis_eq
sched
t
JobName
:
=
let
Idle
:
=
fresh
"Idle"
in
let
IdleEq
:
=
fresh
"Eq"
Idle
in
let
Sched
:
=
fresh
"Sched_"
JobName
in
let
SchedEq
:
=
fresh
"Eq"
Sched
in
destruct
(
ideal_proc_model_sched_case_analysis
sched
t
)
as
[
Idle

[
JobName
Sched
]]
;
[
move
:
(
Idle
)
=>
/
eqP
IdleEq
;
rewrite
?IdleEq

move
:
(
Sched
)
;
simpl
;
move
=>
/
eqP
SchedEq
;
rewrite
?SchedEq
].
(** * Incremental Service in Ideal Schedule *)
(** In the following section we prove a few facts about service in ideal schedule. *)
(* Note that these lemmas can be generalized to an arbitrary scheduler. *)
...
...
@@ 220,3 +192,30 @@ Section IncrementalService.
Qed
.
End
IncrementalService
.
(** * Automation *)
(** We add the above lemmas into a "Hint Database" basic_facts, so Coq
will be able to apply them automatically. *)
Hint
Resolve
ideal_proc_model_is_a_uniprocessor_model
ideal_proc_model_ensures_ideal_progress
ideal_proc_model_provides_unit_service
:
basic_facts
.
(** We also provide tactics for case analysis on ideal processor state. *)
(** The first tactic generates two subgoals: one with idle processor and
the other with processor executing a job named [JobName]. *)
Ltac
ideal_proc_model_sched_case_analysis
sched
t
JobName
:
=
let
Idle
:
=
fresh
"Idle"
in
let
Sched
:
=
fresh
"Sched_"
JobName
in
destruct
(
ideal_proc_model_sched_case_analysis
sched
t
)
as
[
Idle

[
JobName
Sched
]].
(** The second tactic is similar to the first, but it additionally generates
two equalities: [sched t = None] and [sched t = Some j]. *)
Ltac
ideal_proc_model_sched_case_analysis_eq
sched
t
JobName
:
=
let
Idle
:
=
fresh
"Idle"
in
let
IdleEq
:
=
fresh
"Eq"
Idle
in
let
Sched
:
=
fresh
"Sched_"
JobName
in
let
SchedEq
:
=
fresh
"Eq"
Sched
in
destruct
(
ideal_proc_model_sched_case_analysis
sched
t
)
as
[
Idle

[
JobName
Sched
]]
;
[
move
:
(
Idle
)
=>
/
eqP
IdleEq
;
rewrite
?IdleEq

move
:
(
Sched
)
;
simpl
;
move
=>
/
eqP
SchedEq
;
rewrite
?SchedEq
].
\ No newline at end of file
analysis/facts/model/sequential.v
View file @
49036f00
Require
Export
prosa
.
model
.
task
.
sequentiality
.
Section
ExecutionOrder
.
(** Consider any type of job associated with any type of tasks... *)
Context
{
Job
:
JobType
}.
Context
{
Task
:
TaskType
}.
...
...
@@ 22,7 +23,7 @@ Section ExecutionOrder.
(** A simple corollary of this hypothesis is that the scheduler
executes a job with the earliest arrival time. *)
executes a job with the earliest arrival time. *)
Corollary
scheduler_executes_job_with_earliest_arrival
:
forall
j1
j2
t
,
same_task
j1
j2
>
...
...
analysis/facts/model/workload.v
View file @
49036f00
Require
Export
prosa
.
model
.
aggregate
.
workload
.
Require
Export
prosa
.
analysis
.
facts
.
behavior
.
arrivals
.
From
mathcomp
Require
Import
ssreflect
ssrbool
eqtype
ssrnat
seq
fintype
bigop
.
(** * Lemmas about Workload of Sets of Jobs *)
(** In this file, we establish basic facts about the workload of sets of jobs. *)
Section
WorkloadFacts
.
...
...
analysis/facts/preemption/job/limited.v
View file @
49036f00
...
...
@@ 4,7 +4,8 @@ Require Export prosa.analysis.facts.behavior.all.
Require
Export
prosa
.
analysis
.
facts
.
model
.
sequential
.
Require
Export
prosa
.
analysis
.
facts
.
model
.
ideal_schedule
.
(** *)
(** Throughout this file, we assume the job model with limited
preemption points. *)
Require
Import
prosa
.
model
.
preemption
.
limited_preemptive
.
(** * Platform for Models with Limited Preemptions *)
...
...
analysis/facts/preemption/job/nonpreemptive.v
View file @
49036f00
...
...
@@ 3,6 +3,7 @@ Require Export prosa.analysis.facts.model.ideal_schedule.
Require
Export
prosa
.
analysis
.
definitions
.
job_properties
.
Require
Export
prosa
.
model
.
schedule
.
nonpreemptive
.
(** Furthermore, we assume the fully nonpreemptive job model. *)
Require
Import
prosa
.
model
.
preemption
.
fully_nonpreemptive
.
(** * Platform for Fully NonPreemptive model *)
...
...
analysis/facts/preemption/job/preemptive.v
View file @
49036f00
Require
Export
prosa
.
model
.
task
.
preemption
.
parameters
.
(** Furthermore, we assume the fully preemptive job model. *)
Require
Import
prosa
.
model
.
preemption
.
fully_preemptive
.
(** * Preemptions in Fully Preemptive Model *)
...
...
analysis/facts/preemption/rtc_threshold/floating.v
View file @
49036f00
Require
Import
prosa
.
model
.
preemption
.
limited_preemptive
.
Require
Import
prosa
.
model
.
task
.
preemption
.
floating_nonpreemptive
.
Require
Export
prosa
.
analysis
.
facts
.
preemption
.
task
.
floating
.
Require
Export
prosa
.
analysis
.
facts
.
preemption
.
rtc_threshold
.
job_preemptable
.
(** Furthermore, we assume the task model with floating nonpreemptive regions. *)
Require
Import
prosa
.
model
.
preemption
.
limited_preemptive
.
Require
Import
prosa
.
model
.
task
.
preemption
.
floating_nonpreemptive
.
(** * Task's Run to Completion Threshold *)
(** In this section, we instantiate function [task run to completion
threshold] for the model with floating nonpreemptive regions. *)
...
...
analysis/facts/preemption/rtc_threshold/limited.v
View file @
49036f00
Require
Export
prosa
.
analysis
.
facts
.
preemption
.
task
.
limited
.
Require
Export
prosa
.
analysis
.
facts
.
preemption
.
rtc_threshold
.
job_preemptable
.
(** Furthermore, we assume the task model with fixed preemption points. *)
Require
Import
prosa
.
model
.
preemption
.
limited_preemptive
.
Require
Import
prosa
.
model
.
task
.
preemption
.
limited_preemptive
.
...
...
analysis/facts/preemption/rtc_threshold/nonpreemptive.v
View file @
49036f00
Require
Export
prosa
.
analysis
.
facts
.
preemption
.
job
.
nonpreemptive
.
(** Furthermore, we assume the fully nonpreemptive task model. *)
Require
Import
prosa
.
model
.
preemption
.
fully_nonpreemptive
.
Require
Import
prosa
.
model
.
task
.
preemption
.
fully_nonpreemptive
.