Skip to content

GitLab

Commit 14468fc0 authored by Sophie Quinton's avatar Sophie Quinton
Browse files
Options

added a first version of the library for event streams

parent e61a702b
Pipeline #2139 skipped
Expand all Hide whitespace changes
Inline Side-by-side
Showing with 1912 additions and 0 deletions
model/event_streams/README.md 0 → 100644
View file @ 14468fc0
##thesis_lina_coq
This repository contains the main Coq proof spec
& proof development of the conversions event model functions.
## hierarchy
1. conversion_function.v:
contains the conversions of the event model definitions
and its conversion properties.
2. dmin.v
contains the definition of the construction of d_min
and its properties.
(Written by Pascal Fradet)
3. event_model.v
contains the definition of the event model.
4. eval_event_model.v
contains the evaluation of the event model.
5. next.v
contains the properties and proof of existence
of next occurrences in a trace.
(Written by Pascal Fradet)
6. trace_properties.v
contains trace properties.
7. types.v
contains the the types definition used
to define the event model.
8. tactics.v
contains useful tactics.
9. util.v
contains some useful added lemmas to make our proofs.
model/event_streams/conversion_function.v 0 → 100644
View file @ 14468fc0
Require Import Arith NPeano List Omega tactics types next event_model.
Require Import trace_properties util dmin.
Require Import Coq.Logic.ClassicalFacts.
Require Import List Coq.Logic.ConstructiveEpsilon Coq.Logic.Decidable Omega.
(* ########################################################### *)
(** * Conversion Functions *)
(* ########################################################### *)
Definition conversion_delta_eta (f: nb_occurrences -> duration)
: duration -> nb_occurrences :=
fun (dt : duration) => max_nb_occ_in_dt f dt.
Definition conversion_eta_delta (g: duration -> nb_occurrences)
: nb_occurrences -> duration :=
fun (k: nb_occurrences) => min_dt_with_k g k.
(* ########################################################### *)
(** * Conversion Properties *)
(* ########################################################### *)
(* Relation between eta and delta *)
Property eta_to_delta :
forall t dt k,
(eta t dt) = k -> lt (delta (first_occ_after t) k) dt.
intros.
Admitted.
(* Relation between delta and eta *)
Property delta_to_eta :
forall n k dt,
delta n k = dt -> eta (instant_of n) (dt+1) >= k.
intros.
Admitted.
(* Relation between eta and delta_min *)
Property delta_min_by_eta :
forall t dt (f : nb_occurrences -> duration),
delta_min f
-> lt (f (eta t dt)) dt.
Proof.
intros.
destruct H as [H H1].
assert (H2:
(eta t dt) = (eta t dt) -> lt (delta (first_occ_after t) (eta t dt)) dt)
by apply eta_to_delta.
assert (H3:
delta (first_occ_after t) (eta t dt) >= f (eta t dt)).
assert (H4: delta_min f). split. easy. easy.
apply H.
assert (H4: (f (eta t dt)) < dt).
assert(H5: delta (first_occ_after t) (eta t dt) >= f (eta t dt)) by apply H3.
assert(H6: eta t dt = eta t dt). easy.
assert(H7: delta (first_occ_after t) (eta t dt) < dt). apply H2. easy.
assert(H8: delta (first_occ_after t) (eta t dt) >= f (eta t dt)) by apply H.
assert(H9: f (eta t dt) < dt) by omega.
omega. easy.
Qed.
(* Relation between delta and eta_max *)
Property eta_max_by_delta :
forall n k (g : duration -> nb_occurrences),
eta_max g
-> g ((delta n k) + 1) >= k.
Proof.
intros.
destruct H as [H H1].
assert (H2:
delta n k = (delta n k) -> eta (instant_of n) ((delta n k) + 1) >= k)
by apply delta_to_eta.
assert (H3:
eta (instant_of n) ((delta n k) + 1) <= g ((delta n k) + 1)).
assert (H4: eta_max g). split. easy. easy.
apply H.
assert (H4: eta (instant_of n) ((delta n k) + 1) >= k).
apply H2. easy.
assert (H5: g ((delta n k) + 1) >= k) by omega.
omega.
Qed.
(* ########################################################### *)
(** * Conversion Proofs *)
(* ########################################################### *)
(* delta_eta_max respect the max_eta_trace property *)
Property conversion_delta_eta_max_eta_trace :
forall (f : nb_occurrences -> duration),
delta_min f
-> max_eta_trace (conversion_delta_eta f).
Proof.
intros.
unfold max_eta_trace.
intros.
unfold conversion_delta_eta.
(* delta_min is increasing *)
assert (H1: forall a, f a + 1 >= f a).
intros. omega.
assert (H2:
lt (f (max_nb_occ_in_dt f dt)) dt /\ le dt (f ((max_nb_occ_in_dt f dt) + 1 ))).
intros. apply max_nb_occ. easy.
destruct H2 as [H2 H3].
destruct H as [H H'].
assert (H4: (f (eta t dt)) < dt).
apply delta_min_by_eta. split. easy. easy.
assert (H5: f (eta t dt) < f (max_nb_occ_in_dt f dt + 1)) by omega.
assert (H6: eta t dt < max_nb_occ_in_dt f dt + 1).
assert (H7: f dt + 1 >= f dt /\
f (eta t dt) < f (max_nb_occ_in_dt f dt + 1)).
intros. split. easy. easy.
assert (H8: f dt + 1 >= f dt /\
f (eta t dt) < f (max_nb_occ_in_dt f dt + 1)
-> eta t dt < max_nb_occ_in_dt f dt + 1) by apply increasing_lt.
apply H8.
split. easy. easy.
omega.
Qed.
Property conversion_delta_eta_sub_additive :
forall (f : nb_occurrences -> duration),
delta_min f
-> subadditive (conversion_delta_eta f).
intros.
unfold subadditive.
intros.
(* eta_max (dt) = max {k | delta_min (k) < dt }*)
assert (H1: forall dt,
lt (f (max_nb_occ_in_dt f dt)) dt /\ le dt (f ((max_nb_occ_in_dt f dt) + 1 ))).
intros. apply max_nb_occ. easy.
unfold conversion_delta_eta.
(* eta_max (x) = max {k | delta_min (k) < x }*)
assert (H2: f (max_nb_occ_in_dt f x) < x /\ f (max_nb_occ_in_dt f x + 1) >= x)
by apply H1. destruct H2 as [H2 H2'].
(* eta_max (y) = max {k | delta_min (k) < y }*)
assert (H3: f (max_nb_occ_in_dt f y) < y /\ f (max_nb_occ_in_dt f y + 1) >= y)
by apply H1. destruct H3 as [H3 H3'].
(* delta_min (eta_max (x) + 1) + delta_min (eta_max (x) + 1) >= x + y*)
assert (H4: f (max_nb_occ_in_dt f x + 1) + f (max_nb_occ_in_dt f y + 1) >= x + y) by omega.
(* eta_max (x + y) = max {k | delta_min (k) < x + y } *)
assert (H5: f (max_nb_occ_in_dt f (x +y)) < (x +y)
/\ f (max_nb_occ_in_dt f (x +y) + 1) >= (x +y)) by apply H1.
destruct H5 as [H5 H5'].
(* delta_min (eta_max (x) + 1) + delta_min (eta_max (x) + 1) > delta_min (eta_max (x + y))*)
assert (H6: f (max_nb_occ_in_dt f x + 1) + f (max_nb_occ_in_dt f y + 1)
> f (max_nb_occ_in_dt f (x +y))) by omega.
destruct H as [H H'].
unfold pseudo_superadditive in H'.
assert (H7: f ((max_nb_occ_in_dt f x) + ((max_nb_occ_in_dt f y) + 1))
>= f (max_nb_occ_in_dt f x + 1) + f (max_nb_occ_in_dt f y + 1))
by apply H'.
assert (H8: f ((max_nb_occ_in_dt f x) + ((max_nb_occ_in_dt f y) + 1)) >
f (max_nb_occ_in_dt f (x + y))). omega.
(* delta_min is increasing *)
assert (H10: forall a, f a + 1 >= f a).
intros. omega.
assert (H11: (max_nb_occ_in_dt f x) + ((max_nb_occ_in_dt f y) + 1) >
max_nb_occ_in_dt f (x + y)).
assert (H12: f x + 1 >= f x /\
f ((max_nb_occ_in_dt f x) + ((max_nb_occ_in_dt f y) + 1)) >
f (max_nb_occ_in_dt f (x + y))).
intros. split. easy. easy.
assert (H13: f x + 1 >= f x /\
f ((max_nb_occ_in_dt f x) + ((max_nb_occ_in_dt f y) + 1)) >
f (max_nb_occ_in_dt f (x + y))
-> (max_nb_occ_in_dt f x) + ((max_nb_occ_in_dt f y) + 1) >
max_nb_occ_in_dt f (x + y)).
apply increasing_gt.
apply H13.
split. easy. easy.
omega.
Qed.
(* delta_eta_max is an eta_max *)
Property conversion_delta_min_eta_max:
forall (f : nb_occurrences -> duration),
delta_min f
-> eta_max (conversion_delta_eta f).
intros.
unfold eta_max.
split.
+ apply conversion_delta_eta_max_eta_trace. easy.
+ apply conversion_delta_eta_sub_additive. easy.
Qed.
(* eta_delta_min respect the min_delta_trace property *)
Property conversion_eta_delta_min_delta_trace :
forall (g: duration -> nb_occurrences),
eta_max g
-> min_delta_trace (conversion_eta_delta g).
Proof.
intros.
unfold min_delta_trace.
intros.
unfold conversion_eta_delta.
(* eta_max is increasing *)
assert (H1: forall a, g a + 1 >= g a).
intros. omega.
assert (H2:
lt (g (min_dt_with_k g k)) k /\ le k (g ((min_dt_with_k g k) + 1 ))).
intros. apply min_dt. easy.
destruct H2 as [H2 H3].
destruct H as [H H'].
assert (H4: g ((delta n k) + 1) >= k).
apply eta_max_by_delta. split. easy. easy.
assert (H5: g ((delta n k) + 1) > g (min_dt_with_k g k)) by omega.
assert (H6: (delta n k + 1) > min_dt_with_k g k).
assert (H7: g k + 1 >= g k /\
g ((delta n k) + 1) > g (min_dt_with_k g k)).
intros. split. easy. easy.
assert (H8: g k + 1 >= g k /\
g ((delta n k) + 1) > g (min_dt_with_k g k)
-> ((delta n k) + 1) > min_dt_with_k g k) by apply increasing_gt.
apply H8.
split. easy. easy.
omega.
Qed.
(* eta_delta_min respect is pseudo_superadditivity *)
Property conversion_eta_delta_min_superadditive:
forall (g: duration -> nb_occurrences),
eta_max g
-> pseudo_superadditive (conversion_eta_delta g).
Proof.
intros.
unfold pseudo_superadditive.
intros.
assert (H1: forall k,
lt (g (min_dt_with_k g k)) k /\ le k (g ((min_dt_with_k g k) + 1 ))).
intros. apply min_dt. easy.
unfold conversion_eta_delta.
assert (H2: lt (g (min_dt_with_k g (x+1))) (x+1) /\
le (x+1) (g ((min_dt_with_k g (x+1)) + 1 )))
by apply H1. destruct H2 as [H2 H2'].
assert (H3: lt (g (min_dt_with_k g (y+1))) (y+1) /\
le (y+1) (g ((min_dt_with_k g (y+1)) + 1 )))
by apply H1. destruct H3 as [H3 H3'].
assert (H4: lt (g (min_dt_with_k g (x+(y+1)))) (x+(y+1)) /\
le (x+(y+1)) (g ((min_dt_with_k g (x+(y+1))) + 1 )))
by apply H1. destruct H4 as [H4 H4'].
assert (H5: g (min_dt_with_k g (x+1)) + g (min_dt_with_k g (y+1)) <
x+y+1) by omega.
(* subadditivite de eta_max *)
assert (H6: g (min_dt_with_k g (x+1)) + g (min_dt_with_k g (y+1))
>= g (min_dt_with_k g (x+1) + min_dt_with_k g (y+1))).
destruct H as [H H']. apply H'.
assert (H7: g (min_dt_with_k g (x+1) + min_dt_with_k g (y+1))
< g (min_dt_with_k g (x + (y + 1)) + 1)) by omega.
(* eta_max is increasing *)
assert (H8: forall a, g a + 1 >= g a).
intros. omega.
assert (H9: min_dt_with_k g (x+1) + min_dt_with_k g (y+1)
< min_dt_with_k g (x + (y + 1)) + 1).
assert (H10 : g x + 1 >= g x /\
g (min_dt_with_k g (x+1) + min_dt_with_k g (y+1))
< g (min_dt_with_k g (x + (y + 1)) + 1)).
intros. split. easy. easy.
assert (H13: g x + 1 >= g x /\
g (min_dt_with_k g (x+1) + min_dt_with_k g (y+1))
< g (min_dt_with_k g (x + (y + 1)) + 1)
-> min_dt_with_k g (x+1) + min_dt_with_k g (y+1)
< min_dt_with_k g (x + (y + 1)) + 1).
apply increasing_gt.
apply H13.
split. easy. easy.
omega.
Qed.
(* eta_delta_min is an delta_min *)
Property conversion_eta_max_delta_min:
forall (g: duration -> nb_occurrences),
eta_max g
-> delta_min (conversion_eta_delta g).
Proof.
intros.
unfold eta_max.
split.
+ apply conversion_eta_delta_min_delta_trace. easy.
+ apply conversion_eta_delta_min_superadditive. easy.
Qed.
\ No newline at end of file
model/event_streams/dmin.v 0 → 100644
View file @ 14468fc0
This diff is collapsed.
model/event_streams/eval_event_model.v 0 → 100644
View file @ 14468fc0
Require Import Arith NPeano List Omega dmin tactics types next event_model.
(* ########################################################### *)
(** * Evaluations *)
(* ########################################################### *)
Definition sigma1 (t : instant) : nb_occurrences :=
match t with
| 0 => 0
| 1 => 0
| 2 => 1
| 3 => 2
| 4 => 1
| 5 => 1
| 9 => 3
| n => 4
end.
Check delta.
(*
Example test_delta : @delta sigma1 AE 1 3 = 1.
unfold delta.
simpl.
unfold instant_of.
assert (H : instant_after sigma1 AE 3 0 = 3).
-
unfold instant_after.
elim sigma1.
induction sigma1.
unfold instant_after_func.
simpl.
induction.
Eval compute in (@next sigma1 AE 1).
*)
\ No newline at end of file
model/event_streams/event_model.v 0 → 100644
View file @ 14468fc0
Require Import Arith NPeano List Omega dmin tactics next types.
Require Import Coq.Program.Wf.
(* ####################################################### *)
(** * The event load function and its properties *)
(* ####################################################### *)
(** The event load function *)
Fixpoint eta (t : instant) (dt : duration) : nb_occurrences :=
match dt with
| 0 => 0
| S dt' => sigma t + eta (S t) dt'
end.
Definition subadditive (f : nat -> nat) : Prop :=
forall (x y : nat), f (x + y) <= f x + f y.
Definition max_eta_trace (f : duration -> nb_occurrences) : Prop :=
forall t dt, eta t dt <= f dt.
(** The event load maximum function *)
Definition eta_max (f : duration -> nb_occurrences) : Prop :=
max_eta_trace f /\ subadditive f.
(* ########################################################### *)
(** * The event distance function and its properties *)
(* ########################################################### *)
(* compute the instant after an number of occurrence *)
Program Fixpoint instant_after (remaining : nb_occurrences) (curr : instant)
{measure remaining} : instant :=
match remaining with
| 0 => curr
| _ => instant_after (remaining - sigma (next curr)) (next (S curr))
end.
Obligation 1.
set (N := next_prop curr).
destruct N as [? [? ?]].
omega.
Defined.
(* return the instant of an id of occurrence *)
Definition instant_of (n : id_occurrence) : instant := instant_after n 0.
(** The event distance function *)
Definition delta (n : id_occurrence) (k : nb_occurrences) : duration :=
instant_of (n + k - 1) - instant_of n.
Definition superadditive (f : nat -> nat) : Prop :=
forall (x y : nat), f (x + y) >= f x + f y.
Definition pseudo_superadditive (f : nat -> nat) : Prop :=
forall (x y : nat), f (x + (y + 1)) >= f (x + 1) + f (y + 1).
Definition min_delta_trace (f : nb_occurrences -> duration) : Prop :=
forall n k, delta n k >= f k.
(** The event distance minimum function *)
Definition delta_min (f : nb_occurrences -> duration) : Prop :=
min_delta_trace f /\ pseudo_superadditive f.
model/event_streams/next.v 0 → 100644
View file @ 14468fc0
Require Import List Coq.Logic.ConstructiveEpsilon Coq.Logic.Decidable Omega.
Require Import dmin.
Require Import tactics types.
Require Import Arith NPeano List Omega.
(* There is no event at instants t,t+1,...,t+k-1 *)
Definition Zero_between t k := forall t', t+k > t' -> t' >= t -> sigma t' = 0.
(* Zero_between is a decidable property (check for k,...,0) *)
Lemma zero_between_dec : forall t k, {Zero_between t k} + {~Zero_between t k}.
Proof.
introv. induction k.
- left. unfold Zero_between. introv G1 G2. omega.
- destruct IHk as [G|G].
+ assert (G1:{sigma (t+k) > 0}+{~ sigma (t+k) > 0}) by apply gt_dec.
destruct G1 as [G1|G1].
* right. intro G2.
assert (Y1: t + S k > t + k) by omega.
assert (Y2: t + k >= t) by omega.
apply (G2 (t+k) Y1) in Y2. omega.
* left.
introv G2 G3.
set (X:=G t').
assert (Y:{t'=t+k}+{t'<>t+k}) by apply Nat.eq_dec.
destruct Y as [Y|Y].
subst.
assert (Z:sigma (t + k) > 0 \/ 0 = sigma (t + k)) by apply gt_0_eq.
destruct Z. omega. symmetry; easy.
assert (Z:t + k > t') by omega.
apply X; easy.
+ right. introv F. apply G.
unfold Zero_between in *.
introv X1 X2.
assert (Y:{t'=t+k}+{t'<>t+k}) by apply Nat.eq_dec.
destruct Y as [Y|Y].
* apply F in X2; try omega.
* apply F in X2; try omega. easy.
Qed.
(* Next-event t1 t2: t2 is the next instant after (or at) t1 with an event *)
Definition Next_event t1 t2 := Later_event t1 t2 /\ Zero_between t1 (t2-t1).
(* Next_event is decidable *)
Lemma next_event_dec : forall t1 t2, {Next_event t1 t2} + {~Next_event t1 t2}.
Proof.
introv.
assert (G1:{sigma t2 > 0}+{~ sigma t2 > 0}) by apply gt_dec.
assert (G2:{t2 >= t1}+{~ t2 >= t1}) by apply le_dec.
assert (G3:{Zero_between t1 (t2-t1)} + {~Zero_between t1 (t2-t1)}) by apply zero_between_dec.
destruct G1 as [G1|G1]; destruct G2 as [G2|G2]; destruct G3 as[G3|G3];
try (right; intro X; destruct X as [[X1 X2] X3]; easy).
left. repeat split; easy.
Qed.
(* later implies next i.e. there exists a closest instant such that ... *)
Definition later_imp_next : forall t1 t2, Later_event t1 t2
-> exists t, Next_event t1 t.
Proof.
introv X.
apply (exists_min t2 (fun t => t >= t1 /\ sigma t > 0)) in X; try easy.
- destruct X as [t [X1 X2]].
exists t. split. easy.
unfold Zero_between.
introv G1 G2.
assert (Y1: {t1 <= t} + {~ t1 <= t}) by apply le_dec.
assert (Y2: {sigma t' > 0} + {~ sigma t' > 0}) by apply gt_dec.
destruct Y1 as [Y1|Y1]; destruct Y2 as [Y2|Y2].
+ rewrite le_plus_minus_r in G1; try easy.
apply X2 in G1. tauto.
+ rewrite le_plus_minus_r in G1; try easy.
apply X2 in G1.
assert (Z:sigma t' > 0 \/ 0 = sigma t') by apply gt_0_eq.
destruct Z. omega. easy.
+ destruct X1. apply Y1 in H. false.
+ assert (Z:sigma t' > 0 \/ 0 = sigma t') by apply gt_0_eq.
destruct Z. omega. easy.
- intro t.
assert (G1:{sigma t > 0}+{~ sigma t > 0}) by apply gt_dec.
assert (G2:{t >= t1}+{~ t >= t1}) by apply le_dec.
destruct G1; destruct G2; try (right; intro Y; destruct Y; easy).
left. easy.
Qed.
(* There exists a next (closest) instant with an event *)
Lemma next_event_exists : forall t1, {t2:nat | Next_event t1 t2}.
Proof.
intros t1.
eapply constructive_indefinite_ground_description_nat.
- apply next_event_dec.
- assert (X:= AE_Events_occur t1).
destruct X as [t2 X]. eapply later_imp_next. exact X.
Qed.
(* The function next can be defined *)
Definition next : instant -> instant.
intro t1. destruct (next_event_exists t1) as [t2 _]. exact t2.
Defined.
(* Expected properties of next *)
Lemma next_prop : forall t, next t >= t /\ sigma (next t ) > 0
/\ forall t', next t > t' -> t' >= t -> sigma t' = 0.
Proof.
intros t. unfold next.
destruct (next_event_exists t) as [t1 [G1 G2]].
destruct G1. repeat split; try easy.
introv G0 G1.
apply G2 in G1.
- easy.
- omega.
Qed.
model/event_streams/tactics.v 0 → 100644
View file @ 14468fc0
This diff is collapsed.
model/event_streams/trace_properties.v 0 → 100644
View file @ 14468fc0
Require Import Arith NPeano List Omega dmin tactics types next event_model.
(* ############################################################ *)
(** * Properties between the instants and the ids of occurrence *)
(* ############################################################ *)
(* Compute the number of occurence happening before an instant *)
Program Fixpoint sum_occ_before (t : instant) (k : nb_occurrences) (curr : instant)
{measure t} : id_occurrence :=
match t with
| 0 => k + (sigma curr)