Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
P
PROSA  Formally Proven Schedulability Analysis
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
1
Issues
1
List
Boards
Labels
Service Desk
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Operations
Operations
Incidents
Environments
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Vedant Chavda
PROSA  Formally Proven Schedulability Analysis
Commits
8636a89c
Commit
8636a89c
authored
Oct 23, 2019
by
Sergey Bozhko
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Add notion of busy interval
parent
8f027e0e
Changes
12
Expand all
Hide whitespace changes
Inline
Sidebyside
Showing
12 changed files
with
1425 additions
and
175 deletions
+1425
175
classic/util/minmax.v
classic/util/minmax.v
+1
123
classic/util/nat.v
classic/util/nat.v
+0
7
classic/util/sum.v
classic/util/sum.v
+1
43
restructuring/analysis/definitions/busy_interval.v
restructuring/analysis/definitions/busy_interval.v
+94
0
restructuring/analysis/definitions/no_carry_in.v
restructuring/analysis/definitions/no_carry_in.v
+37
0
restructuring/analysis/definitions/priority_inversion.v
restructuring/analysis/definitions/priority_inversion.v
+86
0
restructuring/analysis/facts/busy_interval_exists.v
restructuring/analysis/facts/busy_interval_exists.v
+703
0
restructuring/analysis/facts/no_carry_in_exists.v
restructuring/analysis/facts/no_carry_in_exists.v
+318
0
util/all.v
util/all.v
+1
0
util/minmax.v
util/minmax.v
+128
0
util/nat.v
util/nat.v
+7
0
util/sum.v
util/sum.v
+49
2
No files found.
classic/util/minmax.v
View file @
8636a89c
Require
Export
rt
.
util
.
minmax
.
Require
Import
rt
.
classic
.
util
.
tactics
rt
.
classic
.
util
.
notation
rt
.
classic
.
util
.
sorting
rt
.
classic
.
util
.
nat
rt
.
classic
.
util
.
list
.
From
mathcomp
Require
Import
ssreflect
ssrbool
eqtype
ssrnat
seq
fintype
bigop
.
...
...
@@ 512,129 +513,6 @@ Section MinMaxSeq.
End
MinMaxSeq
.
(* Additional lemmas about max. *)
Section
ExtraLemmas
.
Lemma
leq_bigmax_cond_seq
(
T
:
eqType
)
(
P
:
pred
T
)
(
r
:
seq
T
)
F
i0
:
i0
\
in
r
>
P
i0
>
F
i0
<=
\
max_
(
i
<
r

P
i
)
F
i
.
Proof
.
intros
IN0
Pi0
;
by
rewrite
(
big_rem
i0
)
//=
Pi0
leq_maxl
.
Qed
.
Lemma
bigmax_sup_seq
:
forall
(
T
:
eqType
)
(
i
:
T
)
r
(
P
:
pred
T
)
m
F
,
i
\
in
r
>
P
i
>
m
<=
F
i
>
m
<=
\
max_
(
i
<
r

P
i
)
F
i
.
Proof
.
intros
.
induction
r
.

by
rewrite
in_nil
in
H
.
move
:
H
;
rewrite
in_cons
;
move
=>
/
orP
[/
eqP
EQA

IN
].
{
clear
IHr
;
subst
a
.
rewrite
(
big_rem
i
)
//=
;
last
by
rewrite
in_cons
;
apply
/
orP
;
left
.
apply
leq_trans
with
(
F
i
)
;
first
by
done
.
by
rewrite
H0
leq_maxl
.
}
{
apply
leq_trans
with
(
\
max_
(
i0
<
r

P
i0
)
F
i0
)
;
first
by
apply
IHr
.
rewrite
[
in
X
in
_
<=
X
](
big_rem
a
)
//=
;
last
by
rewrite
in_cons
;
apply
/
orP
;
left
.
have
Ob
:
a
==
a
;
first
by
done
.
by
rewrite
Ob
leq_maxr
.
}
Qed
.
Lemma
bigmax_leq_seqP
(
T
:
eqType
)
(
P
:
pred
T
)
(
r
:
seq
T
)
F
m
:
reflect
(
forall
i
,
i
\
in
r
>
P
i
>
F
i
<=
m
)
(
\
max_
(
i
<
r

P
i
)
F
i
<=
m
).
Proof
.
apply
:
(
iffP
idP
)
=>
leFm
=>
[
i
IINR
Pi
]
;
first
by
apply
:
leq_trans
leFm
;
apply
leq_bigmax_cond_seq
.
rewrite
big_seq_cond
;
elim
/
big_ind
:
_
=>
//
m1
m2
.
by
intros
;
rewrite
geq_max
;
apply
/
andP
;
split
.
by
move
:
m2
=>
/
andP
[
M1IN
Pm1
]
;
apply
:
leFm
.
Qed
.
Lemma
leq_big_max
(
T
:
eqType
)
(
P
:
pred
T
)
(
r
:
seq
T
)
F1
F2
:
(
forall
i
,
i
\
in
r
>
P
i
>
F1
i
<=
F2
i
)
>
\
max_
(
i
<
r

P
i
)
F1
i
<=
\
max_
(
i
<
r

P
i
)
F2
i
.
Proof
.
intros
;
apply
/
bigmax_leq_seqP
;
intros
.
specialize
(
H
i
)
;
feed_n
2
H
;
try
(
done
).
rewrite
(
big_rem
i
)
//=
;
rewrite
H1
.
by
apply
leq_trans
with
(
F2
i
)
;
[

rewrite
leq_maxl
].
Qed
.
Lemma
bigmax_ord_ltn_identity
n
:
n
>
0
>
\
max_
(
i
<
n
)
i
<
n
.
Proof
.
intros
LT
.
destruct
n
;
first
by
rewrite
ltn0
in
LT
.
clear
LT
.
induction
n
;
first
by
rewrite
big_ord_recr
/=
big_ord0
maxn0
.
rewrite
big_ord_recr
/=.
unfold
maxn
at
1
;
desf
.
by
apply
leq_trans
with
(
n
:
=
n
.+
1
).
Qed
.
Lemma
bigmax_ltn_ord
n
(
P
:
pred
nat
)
(
i0
:
'
I_n
)
:
P
i0
>
\
max_
(
i
<
n

P
i
)
i
<
n
.
Proof
.
intros
LT
.
destruct
n
;
first
by
destruct
i0
as
[
i0
P0
]
;
move
:
(
P0
)
=>
P0'
;
rewrite
ltn0
in
P0'
.
rewrite
big_mkcond
.
apply
leq_ltn_trans
with
(
n
:
=
\
max_
(
i
<
n
.+
1
)
i
).
{
apply
/
bigmax_leqP
;
ins
.
destruct
(
P
i
)
;
last
by
done
.
by
apply
leq_bigmax_cond
.
}
by
apply
bigmax_ord_ltn_identity
.
Qed
.
Lemma
bigmax_pred
n
(
P
:
pred
nat
)
(
i0
:
'
I_n
)
:
P
(
i0
)
>
P
(
\
max_
(
i
<
n

P
i
)
i
).
Proof
.
intros
PRED
.
induction
n
.
{
destruct
i0
as
[
i0
P0
].
by
move
:
(
P0
)
=>
P1
;
rewrite
ltn0
in
P1
.
}
rewrite
big_mkcond
big_ord_recr
/=
;
desf
.
{
destruct
n
;
first
by
rewrite
big_ord0
maxn0
.
unfold
maxn
at
1
;
desf
.
exfalso
.
apply
negbT
in
Heq0
;
move
:
Heq0
=>
/
negP
BUG
.
apply
BUG
.
apply
leq_ltn_trans
with
(
n
:
=
\
max_
(
i
<
n
.+
1
)
i
).
{
apply
/
bigmax_leqP
;
ins
.
destruct
(
P
i
)
;
last
by
done
.
by
apply
leq_bigmax_cond
.
}
by
apply
bigmax_ord_ltn_identity
.
}
{
rewrite
maxn0
.
rewrite

big_mkcond
/=.
have
LT
:
i0
<
n
.
{
rewrite
ltn_neqAle
;
apply
/
andP
;
split
;
last
by
rewrite

ltnS
;
apply
ltn_ord
.
apply
/
negP
;
move
=>
/
eqP
BUG
.
by
rewrite

BUG
PRED
in
Heq
.
}
by
rewrite
(
IHn
(
Ordinal
LT
)).
}
Qed
.
End
ExtraLemmas
.
Section
Kmin
.
Context
{
T1
T2
:
eqType
}.
...
...
classic/util/nat.v
View file @
8636a89c
...
...
@@ 11,13 +11,6 @@ Section NatLemmas.
by
destruct
b1
,
b2
;
rewrite
?addn0
?add0n
?addn1
?orTb
?orbT
?orbF
?orFb
.
Qed
.
Lemma
subh2
:
forall
m1
m2
n1
n2
,
m1
>=
m2
>
n1
>=
n2
>
(
m1
+
n1
)

(
m2
+
n2
)
=
m1

m2
+
(
n1

n2
).
Proof
.
by
ins
;
ssromega
.
Qed
.
Lemma
subh4
:
forall
m
n
p
,
...
...
classic/util/sum.v
View file @
8636a89c
...
...
@@ 120,51 +120,9 @@ Section ExtraLemmas.
End
ExtraLemmas
.
(* Lemmas about arithmetic with sums. *)
Section
SumArithmetic
.
Lemma
sum_seq_diff
:
forall
(
T
:
eqType
)
(
rs
:
seq
T
)
(
F
G
:
T
>
nat
),
(
forall
i
:
T
,
i
\
in
rs
>
G
i
<=
F
i
)
>
\
sum_
(
i
<
rs
)
(
F
i

G
i
)
=
\
sum_
(
i
<
rs
)
F
i

\
sum_
(
i
<
rs
)
G
i
.
Proof
.
intros
.
induction
rs
;
first
by
rewrite
!
big_nil
subn0
.
rewrite
!
big_cons
subh2
.

apply
/
eqP
;
rewrite
eqn_add2l
;
apply
/
eqP
;
apply
IHrs
.
by
intros
;
apply
H
;
rewrite
in_cons
;
apply
/
orP
;
right
.

by
apply
H
;
rewrite
in_cons
;
apply
/
orP
;
left
.

rewrite
big_seq_cond
[
in
X
in
_
<=
X
]
big_seq_cond
.
rewrite
leq_sum
//
;
move
=>
i
/
andP
[
IN
_
].
by
apply
H
;
rewrite
in_cons
;
apply
/
orP
;
right
.
Qed
.
Lemma
sum_diff
:
forall
n
F
G
,
(
forall
i
(
LT
:
i
<
n
),
F
i
>=
G
i
)
>
\
sum_
(
0
<=
i
<
n
)
(
F
i

G
i
)
=
(
\
sum_
(
0
<=
i
<
n
)
(
F
i
))

(
\
sum_
(
0
<=
i
<
n
)
(
G
i
)).
Proof
.
intros
n
F
G
ALL
.
rewrite
sum_seq_diff
;
first
by
done
.
move
=>
i
;
rewrite
mem_index_iota
;
move
=>
/
andP
[
_
LT
].
by
apply
ALL
.
Qed
.
Lemma
sum_pred_diff
:
forall
(
T
:
eqType
)
(
rs
:
seq
T
)
(
P
:
T
>
bool
)
(
F
:
T
>
nat
),
\
sum_
(
r
<
rs

P
r
)
F
r
=
\
sum_
(
r
<
rs
)
F
r

\
sum_
(
r
<
rs

~~
P
r
)
F
r
.
Proof
.
clear
;
intros
.
induction
rs
;
first
by
rewrite
!
big_nil
subn0
.
rewrite
!
big_cons
!
IHrs
;
clear
IHrs
.
case
(
P
a
)
;
simpl
;
last
by
rewrite
subnDl
.
rewrite
addnBA
;
first
by
done
.
rewrite
big_mkcond
leq_sum
//.
intros
t
_
.
by
case
(
P
t
).
Qed
.
Lemma
telescoping_sum
:
forall
(
T
:
Type
)
(
F
:
T
>
nat
)
r
(
x0
:
T
),
...
...
restructuring/analysis/definitions/busy_interval.v
0 → 100644
View file @
8636a89c
From
rt
.
util
Require
Export
all
.
From
rt
.
restructuring
.
behavior
Require
Export
all
.
From
rt
.
restructuring
.
analysis
.
basic_facts
Require
Export
all
.
From
rt
.
restructuring
.
model
Require
Export
job
task
.
From
rt
.
restructuring
.
model
.
schedule
Require
Export
work_conserving
.
From
mathcomp
Require
Import
ssreflect
ssrbool
eqtype
ssrnat
seq
fintype
bigop
.
(** * Busy Interval for JLFPmodels *)
(** In this file we define the notion of busy intervals for uniprocessor for JLFP schedulers. *)
Section
BusyIntervalJLFP
.
(** Consider any type of jobs. *)
Context
{
Job
:
JobType
}.
Context
`
{
JobArrival
Job
}.
Context
`
{
JobCost
Job
}.
(** Consider any arrival sequence with consistent arrivals. *)
Variable
arr_seq
:
arrival_sequence
Job
.
Hypothesis
H_arrival_times_are_consistent
:
consistent_arrival_times
arr_seq
.
(** Next, consider any ideal uniprocessor schedule of this arrival sequence. *)
Variable
sched
:
schedule
(
ideal
.
processor_state
Job
).
(** Assume a given JLFP policy. *)
Variable
higher_eq_priority
:
JLFP_policy
Job
.
(** In this section, we define the notion of a busy interval. *)
Section
BusyInterval
.
(** Consider any job j. *)
Variable
j
:
Job
.
Hypothesis
H_from_arrival_sequence
:
arrives_in
arr_seq
j
.
(** We say that t is a quiet time for j iff every higherpriority job from
the arrival sequence that arrived before t has completed by that time. *)
Definition
quiet_time
(
t
:
instant
)
:
=
forall
(
j_hp
:
Job
),
arrives_in
arr_seq
j_hp
>
higher_eq_priority
j_hp
j
>
arrived_before
j_hp
t
>
completed_by
sched
j_hp
t
.
(** Based on the definition of quiet time, we say that interval
[t1, t_busy) is a (potentially unbounded) busyinterval prefix
iff the interval starts with a quiet time where a higher or equal
priority job is released and remains nonquiet. We also require
job j to be released in the interval. *)
Definition
busy_interval_prefix
(
t1
t_busy
:
instant
)
:
=
t1
<
t_busy
/\
quiet_time
t1
/\
(
forall
t
,
t1
<
t
<
t_busy
>
~
quiet_time
t
)
/\
t1
<=
job_arrival
j
<
t_busy
.
(** Next, we say that an interval [t1, t2) is a busy interval iff
[t1, t2) is a busyinterval prefix and t2 is a quiet time. *)
Definition
busy_interval
(
t1
t2
:
instant
)
:
=
busy_interval_prefix
t1
t2
/\
quiet_time
t2
.
End
BusyInterval
.
(** In this section we define the computational
version of the notion of quiet time. *)
Section
DecidableQuietTime
.
(** We say that t is a quiet time for j iff every higherpriority job from
the arrival sequence that arrived before t has completed by that time. *)
Definition
quiet_time_dec
(
j
:
Job
)
(
t
:
instant
)
:
=
all
(
fun
j_hp
=>
higher_eq_priority
j_hp
j
==>
(
completed_by
sched
j_hp
t
))
(
arrivals_before
arr_seq
t
).
(** We also show that the computational and propositional definitions are equivalent. *)
Lemma
quiet_time_P
:
forall
j
t
,
reflect
(
quiet_time
j
t
)
(
quiet_time_dec
j
t
).
Proof
.
intros
;
apply
/
introP
.

intros
QT
s
ARRs
HPs
BEFs
.
move
:
QT
=>
/
allP
QT
.
specialize
(
QT
s
)
;
feed
QT
.
eapply
arrived_between_implies_in_arrivals
;
eauto
2
.
by
move
:
QT
=>
/
implyP
Q
;
apply
Q
in
HPs
.

move
=>
/
negP
DEC
;
intros
QT
;
apply
:
DEC
.
apply
/
allP
;
intros
s
ARRs
.
apply
/
implyP
;
intros
HPs
.
apply
QT
;
try
done
.
+
by
apply
in_arrivals_implies_arrived
in
ARRs
.
+
by
eapply
in_arrivals_implies_arrived_between
in
ARRs
;
eauto
2
.
Qed
.
End
DecidableQuietTime
.
End
BusyIntervalJLFP
.
\ No newline at end of file
restructuring/analysis/definitions/no_carry_in.v
0 → 100644
View file @
8636a89c
From
rt
.
util
Require
Export
all
.
From
rt
.
restructuring
.
behavior
Require
Export
all
.
From
rt
.
restructuring
.
analysis
.
basic_facts
Require
Export
all
.
From
rt
.
restructuring
Require
Export
model
.
job
model
.
task
.
From
mathcomp
Require
Import
ssreflect
ssrbool
eqtype
ssrnat
seq
fintype
bigop
.
(** * No CarryIn *)
(** In this module we define the notion of no carryin time for uniprocessor schedulers. *)
Section
NoCarryIn
.
(** Consider any type of tasks ... *)
Context
{
Task
:
TaskType
}.
Context
`
{
TaskCost
Task
}.
(** ... and any type of jobs associated with these tasks. *)
Context
{
Job
:
JobType
}.
Context
`
{
JobTask
Job
Task
}.
Context
`
{
JobArrival
Job
}.
Context
`
{
JobCost
Job
}.
(** Consider any arrival sequence with consistent arrivals. *)
Variable
arr_seq
:
arrival_sequence
Job
.
Hypothesis
H_arrival_times_are_consistent
:
consistent_arrival_times
arr_seq
.
(** Next, consider any ideal uniprocessor schedule of this arrival sequence. *)
Variable
sched
:
schedule
(
ideal
.
processor_state
Job
).
(** The processor has no carryin at time t iff every job (regardless of priority)
from the arrival sequence released before t has completed by that time. *)
Definition
no_carry_in
(
t
:
instant
)
:
=
forall
j_o
,
arrives_in
arr_seq
j_o
>
arrived_before
j_o
t
>
completed_by
sched
j_o
t
.
End
NoCarryIn
.
restructuring/analysis/definitions/priority_inversion.v
0 → 100644
View file @
8636a89c
From
rt
.
util
Require
Export
all
.
From
rt
.
restructuring
.
behavior
Require
Export
all
.
From
rt
.
restructuring
.
analysis
.
basic_facts
Require
Export
all
.
From
rt
.
restructuring
Require
Export
model
.
job
model
.
task
.
From
rt
.
restructuring
.
model
.
schedule
Require
Export
work_conserving
priority_based
.
priorities
.
From
rt
.
restructuring
.
analysis
.
definitions
Require
Export
busy_interval
.
From
mathcomp
Require
Import
ssreflect
ssrbool
eqtype
ssrnat
seq
fintype
bigop
.
(** * Cumulative Priority Inversion for JLFPmodels *)
(** In this module we define the notion of cumulative priority inversion for uniprocessor for JLFP schedulers. *)
Section
CumulativePriorityInversion
.
(** Consider any type of tasks ... *)
Context
{
Task
:
TaskType
}.
Context
`
{
TaskCost
Task
}.
(** ... and any type of jobs associated with these tasks. *)
Context
{
Job
:
JobType
}.
Context
`
{
JobTask
Job
Task
}.
Context
`
{
JobArrival
Job
}.
Context
`
{
JobCost
Job
}.
(** Consider any arrival sequence with consistent arrivals. *)
Variable
arr_seq
:
arrival_sequence
Job
.
Hypothesis
H_arrival_times_are_consistent
:
consistent_arrival_times
arr_seq
.
(** Next, consider any ideal uniprocessor schedule of this arrival sequence. *)
Variable
sched
:
schedule
(
ideal
.
processor_state
Job
).
(** Assume a given JLFP policy. *)
Variable
higher_eq_priority
:
JLFP_policy
Job
.
(** In this section, we define a notion of bounded priority inversion experienced by a job. *)
Section
JobPriorityInversionBound
.
(** Consider an arbitrary task [tsk]. *)
Variable
tsk
:
Task
.
(** Consider any job j of tsk. *)
Variable
j
:
Job
.
Hypothesis
H_from_arrival_sequence
:
arrives_in
arr_seq
j
.
Hypothesis
H_job_task
:
job_of_task
tsk
j
.
(** We say that the job incurs priority inversion if it has higher
priority than the scheduled job. Note that this definition
implicitly assumes that the scheduler is
workconserving. Therefore, it cannot be applied to models
with jitter or selfsuspensions. *)
Definition
is_priority_inversion
(
t
:
instant
)
:
=
if
sched
t
is
Some
jlp
then
~~
higher_eq_priority
jlp
j
else
false
.
(** Then we compute the cumulative priority inversion incurred by
a job within some time interval [t1, t2). *)
Definition
cumulative_priority_inversion
(
t1
t2
:
instant
)
:
=
\
sum_
(
t1
<=
t
<
t2
)
is_priority_inversion
t
.
(** We say that priority inversion of job j is bounded by a constant B iff cumulative
priority inversion within any busy inverval prefix is bounded by B. *)
Definition
priority_inversion_of_job_is_bounded_by
(
B
:
duration
)
:
=
forall
(
t1
t2
:
instant
),
busy_interval_prefix
arr_seq
sched
higher_eq_priority
j
t1
t2
>
cumulative_priority_inversion
t1
t2
<=
B
.
End
JobPriorityInversionBound
.
(** In this section, we define a notion of the bounded priority inversion for task. *)
Section
TaskPriorityInversionBound
.
(** Consider an arbitrary task tsk. *)
Variable
tsk
:
Task
.
(** We say that task tsk has bounded priority inversion if all
its jobs have bounded cumulative priority inversion. *)
Definition
priority_inversion_is_bounded_by
(
B
:
duration
)
:
=
forall
(
j
:
Job
),
arrives_in
arr_seq
j
>
job_task
j
=
tsk
>
job_cost
j
>
0
>
priority_inversion_of_job_is_bounded_by
j
B
.
End
TaskPriorityInversionBound
.
End
CumulativePriorityInversion
.
restructuring/analysis/facts/busy_interval_exists.v
0 → 100644
View file @
8636a89c
This diff is collapsed.
Click to expand it.
restructuring/analysis/facts/no_carry_in_exists.v
0 → 100644
View file @
8636a89c
This diff is collapsed.
Click to expand it.
util/all.v
View file @
8636a89c
...
...
@@ 12,5 +12,6 @@ Require Export rt.util.step_function.
Require
Export
rt
.
util
.
epsilon
.
Require
Export
rt
.
util
.
search_arg
.
Require
Export
rt
.
util
.
rel
.
Require
Export
rt
.
util
.
minmax
.
Require
Export
rt
.
util
.
nondecreasing
.
Require
Export
rt
.
util
.
rewrite_facilities
.
util/minmax.v
0 → 100644
View file @
8636a89c
Require
Import
rt
.
util
.
tactics
rt
.
util
.
notation
rt
.
util
.
nat
rt
.
util
.
list
.
From
mathcomp
Require
Import
ssreflect
ssrbool
eqtype
ssrnat
seq
fintype
bigop
.
(* Additional lemmas about max. *)
Section
ExtraLemmas
.
Lemma
leq_bigmax_cond_seq
(
T
:
eqType
)
(
P
:
pred
T
)
(
r
:
seq
T
)
F
i0
:
i0
\
in
r
>
P
i0
>
F
i0
<=
\
max_
(
i
<
r

P
i
)
F
i
.
Proof
.
intros
IN0
Pi0
;
by
rewrite
(
big_rem
i0
)
//=
Pi0
leq_maxl
.
Qed
.
Lemma
bigmax_sup_seq
:
forall
(
T
:
eqType
)
(
i
:
T
)
r
(
P
:
pred
T
)
m
F
,
i
\
in
r
>
P
i
>
m
<=
F
i
>
m
<=
\
max_
(
i
<
r

P
i
)
F
i
.
Proof
.
intros
.
induction
r
.

by
rewrite
in_nil
in
H
.
move
:
H
;
rewrite
in_cons
;
move
=>
/
orP
[/
eqP
EQA

IN
].
{
clear
IHr
;
subst
a
.
rewrite
(
big_rem
i
)
//=
;
last
by
rewrite
in_cons
;
apply
/
orP
;
left
.
apply
leq_trans
with
(
F
i
)
;
first
by
done
.
by
rewrite
H0
leq_maxl
.
}
{
apply
leq_trans
with
(
\
max_
(
i0
<
r

P
i0
)
F
i0
)
;
first
by
apply
IHr
.
rewrite
[
in
X
in
_
<=
X
](
big_rem
a
)
//=
;
last
by
rewrite
in_cons
;
apply
/
orP
;
left
.
have
Ob
:
a
==
a
;
first
by
done
.
by
rewrite
Ob
leq_maxr
.
}
Qed
.
Lemma
bigmax_leq_seqP
(
T
:
eqType
)
(
P
:
pred
T
)
(
r
:
seq
T
)
F
m
:
reflect
(
forall
i
,
i
\
in
r
>
P
i
>
F
i
<=
m
)
(
\
max_
(
i
<
r

P
i
)
F
i
<=
m
).
Proof
.
apply
:
(
iffP
idP
)
=>
leFm
=>
[
i
IINR
Pi
]
;
first
by
apply
:
leq_trans
leFm
;
apply
leq_bigmax_cond_seq
.
rewrite
big_seq_cond
;
elim
/
big_ind
:
_
=>
//
m1
m2
.
by
intros
;
rewrite
geq_max
;
apply
/
andP
;
split
.
by
move
:
m2
=>
/
andP
[
M1IN
Pm1
]
;
apply
:
leFm
.
Qed
.
Lemma
leq_big_max
(
T
:
eqType
)
(
P
:
pred
T
)
(
r
:
seq
T
)
F1
F2
:
(
forall
i
,
i
\
in
r
>
P
i
>
F1
i
<=
F2
i
)
>
\
max_
(
i
<
r

P
i
)
F1
i
<=
\
max_
(
i
<
r

P
i
)
F2
i
.
Proof
.
intros
;
apply
/
bigmax_leq_seqP
;
intros
.
specialize
(
H
i
)
;
feed_n
2
H
;
try
(
done
).
rewrite
(
big_rem
i
)
//=
;
rewrite
H1
.
by
apply
leq_trans
with
(
F2
i
)
;
[

rewrite
leq_maxl
].
Qed
.
Lemma
bigmax_ord_ltn_identity
n
:
n
>
0
>
\
max_
(
i
<
n
)
i
<
n
.
Proof
.
intros
LT
.
destruct
n
;
first
by
rewrite
ltn0
in
LT
.
clear
LT
.
induction
n
;
first
by
rewrite
big_ord_recr
/=
big_ord0
maxn0
.
rewrite
big_ord_recr
/=.
by
unfold
maxn
at
1
;
rewrite
IHn
.
Qed
.
Lemma
bigmax_ltn_ord
n
(
P
:
pred
nat
)
(
i0
:
'
I_n
)
:
P
i0
>
\
max_
(
i
<
n

P
i
)
i
<
n
.
Proof
.
intros
LT
.
destruct
n
;
first
by
destruct
i0
as
[
i0
P0
]
;
move
:
(
P0
)
=>
P0'
;
rewrite
ltn0
in
P0'
.
rewrite
big_mkcond
.
apply
leq_ltn_trans
with
(
n
:
=
\
max_
(
i
<
n
.+
1
)
i
).
{
apply
/
bigmax_leqP
;
ins
.
destruct
(
P
i
)
;
last
by
done
.
by
apply
leq_bigmax_cond
.
}
by
apply
bigmax_ord_ltn_identity
.
Qed
.
Lemma
bigmax_pred
n
(
P
:
pred
nat
)
(
i0
:
'
I_n
)
:
P
(
i0
)
>
P
(
\
max_
(
i
<
n

P
i
)
i
).
Proof
.
intros
PRED
.
induction
n
.
{
destruct
i0
as
[
i0
P0
].
by
move
:
(
P0
)
=>
P1
;
rewrite
ltn0
in
P1
.
}
rewrite
big_mkcond
big_ord_recr
/=.
destruct
(
P
n
)
eqn
:
Pn
.
{
destruct
n
;
first
by
rewrite
big_ord0
maxn0
.
unfold
maxn
at
1
.
destruct
(
\
max_
(
i
<
n
.+
1
)
(
match
P
(@
nat_of_ord
(
S
n
)
i
)
return
nat
with

true
=>
@
nat_of_ord
(
S
n
)
i

false
=>
O
end
)
<
n
.+
1
)
eqn
:
Pi
;
first
by
rewrite
Pi
.
exfalso
.
apply
negbT
in
Pi
;
move
:
Pi
=>
/
negP
BUG
.
apply
BUG
.
apply
leq_ltn_trans
with
(
n
:
=
\
max_
(
i
<
n
.+
1
)
i
).
{
apply
/
bigmax_leqP
;
ins
.
destruct
(
P
i
)
;
last
by
done
.
by
apply
leq_bigmax_cond
.
}
by
apply
bigmax_ord_ltn_identity
.
}
{
rewrite
maxn0
.
rewrite

big_mkcond
/=.
have
LT
:
i0
<
n
.
{
rewrite
ltn_neqAle
;
apply
/
andP
;
split
;
last
by
rewrite

ltnS
;
apply
ltn_ord
.
apply
/
negP
;
move
=>
/
eqP
BUG
.
by
rewrite

BUG
PRED
in
Pn
.
}
by
rewrite
(
IHn
(
Ordinal
LT
)).
}
Qed
.
End
ExtraLemmas
.
\ No newline at end of file
util/nat.v
View file @
8636a89c
...
...
@@ 9,6 +9,13 @@ Section NatLemmas.
m
>=
n
>
m

n
+
p
=
m
+
p

n
.
Proof
.
by
ins
;
ssromega
.
Qed
.
Lemma
subh2
:
forall
m1
m2
n1
n2
,
m1
>=
m2
>
n1
>=
n2
>
(
m1
+
n1
)

(
m2
+
n2
)
=
m1

m2
+
(
n1

n2
).
Proof
.
by
ins
;
ssromega
.
Qed
.
Lemma
subh3
:
forall
m
n
p
,
...
...
util/sum.v
View file @
8636a89c
From
rt
.
util
Require
Import
tactics
notation
nat
ssromega
.
From
rt
.
util
Require
Import
tactics
notation
nat
ssromega
.
From
mathcomp
Require
Import
ssreflect
ssrbool
eqtype
ssrnat
seq
fintype
bigop
path
.