Commit 82267806 authored by Xiaojie GUO's avatar Xiaojie GUO Committed by Felipe Cerqueira

Add TDMA policy and RTA for TDMA

parent 11fb68b6
......@@ -5,3 +5,8 @@
*.aux
Makefile*
_CoqProject
*.crashcoqide
*.v#
*.cache
*~
*.orig
This diff is collapsed.
This diff is collapsed.
(* Require Import Extraction. *) (* Required for Coq 8.7 *)
Require Import rt.analysis.uni.basic.tdma_wcrt_analysis.
From mathcomp Require Import ssreflect ssrbool ssrnat eqtype seq bigop div.
Set Implicit Arguments.
CoInductive Task_T :Type:=
build_task: nat->nat->nat->nat ->
Task_T.
Definition get_slot(tsk:Task_T):=
match tsk with
| build_task x _ _ _ => x end.
Definition get_cost (tsk:Task_T):=
match tsk with
| build_task _ x _ _ => x end.
Definition get_D (tsk:Task_T):=
match tsk with
| build_task _ _ x _ => x end.
Definition get_P (tsk:Task_T):=
match tsk with
| build_task _ _ _ x => x end.
Definition task_eq (t1 t2: Task_T) :=
(get_slot t1 == get_slot t2)&&
(get_cost t1 == get_cost t2)&&
(get_D t1 == get_D t2)&&
(get_P t1 == get_P t2) .
Fixpoint In (a:Task_T) (l:list Task_T) : Prop :=
match l with
| nil => False
| b :: m => a=b \/ In a m
end.
Definition schedulable_tsk T tsk:=
let bound := WCRT_OneJobTDMA.WCRT_formula T (get_slot tsk) (get_cost tsk) in
if (bound <= get_D tsk)&& (bound <= get_P tsk) then true else false .
Fixpoint schedulability_test T (l: list Task_T):=
match l with
|nil => true
|x::s=> (schedulable_tsk T x) && (schedulability_test T s)
end.
Theorem schedulability_test_valid T TL:
schedulability_test T TL
<-> (forall tsk, In tsk TL ->schedulable_tsk T tsk) .
Proof.
induction TL;split;auto.
- intros STL tsk IN. rewrite /= in IN. move:IN=> [EQ |IN];
rewrite /= in STL; move/andP in STL.
+ rewrite EQ;apply STL.
+ apply IHTL. apply STL. assumption.
- intro ALL. apply/andP;split.
+ apply ALL. simpl;by left.
+ apply IHTL;intros tsk IN;apply ALL;simpl;by right.
Qed.
Definition cycle l:=
(foldr plus 0 (map get_slot l)).
Definition schedulability_tdma (l: list Task_T):=
schedulability_test (cycle l) l.
Theorem schedulability_tdma_valid task_list:
schedulability_tdma task_list
<-> (forall tsk, In tsk task_list ->schedulable_tsk (cycle task_list) tsk) .
Proof.
rewrite /schedulability_tdma. apply schedulability_test_valid.
Qed.
(*Eval compute in cycle [:: build_task(2,3,4,4);(6,2,5,6)].
Eval compute in WCRT_OneJobTDMA.WCRT_formula 4 2 3.
Eval compute in schedulability_tdma [::(2,3,7,7);(1,2,6,6)]. *)
(*Extract Inductive unit => "unit" [ "()" ].
Extract Inductive bool =>"bool" [ "true" "false" ].
Extract Inductive nat => int [ "0" "Pervasives.succ" ]
"(fun fO fS n -> if n=0 then fO () else fS (n-1))".
Extract Inductive list => "list" [ "[]" "(::)" ].
Extract Constant eqn => "(=)".
Extract Constant addn => "(+)".
Extract Constant subn => "fun n m -> Pervasives.max 0 (n-m)".
Extract Constant muln => "( * )".
Extract Inlined Constant leq => "(<=)".
Recursive Extraction schedulability_tdma.
Extraction "schedulability_tdma.ml" schedulability_tdma. *)
\ No newline at end of file
Require Import rt.util.all rt.util.find_seq
Arith.
Require Import rt.model.arrival.basic.job
rt.model.arrival.basic.arrival_sequence
rt.model.schedule.uni.basic.platform_tdma
rt.model.arrival.basic.task rt.model.policy_tdma.
Require Import rt.model.schedule.uni.schedule rt.model.schedule.uni.schedulability.
Require Import rt.model.priority
rt.analysis.uni.basic.tdma_rta_theory
rt.model.schedule.uni.transformation.construction.
Require Import rt.implementation.job rt.implementation.task
rt.implementation.arrival_sequence
rt.implementation.uni.basic.schedule.
From mathcomp Require Import ssreflect ssrbool ssrnat eqtype seq bigop div.
Set Bullet Behavior "Strict Subproofs".
Module ConcreteSchedulerTDMA.
Import Job ArrivalSequence UniprocessorSchedule SporadicTaskset Schedulability Priority
ResponseTimeAnalysisTDMA PolicyTDMA ScheduleConstruction Platform_TDMA.
Import ConcreteJob ConcreteTask ConcreteArrivalSequence ConcreteScheduler BigOp.
Section ImplementationTDMA.
Context {Task: eqType}.
Context {Job: eqType}.
Variable job_arrival: Job -> time.
Variable job_cost: Job -> time.
Variable job_task: Job -> Task.
Variable arr_seq: arrival_sequence Job.
Variable ts: {set Task}.
Variable time_slot: TDMA_slot Task.
Variable slot_order: TDMA_slot_order Task.
Hypothesis H_arrival_times_are_consistent:
arrival_times_are_consistent job_arrival arr_seq.
Section JobSchedule.
Variable sched: schedule Job.
Variable t:time.
Let is_pending := pending job_arrival job_cost sched.
Definition pending_jobs:=
[seq j <- jobs_arrived_up_to arr_seq t | is_pending j t].
Let job_in_time_slot:=
fun job => Task_in_time_slot ts slot_order (job_task job) time_slot t.
Definition job_to_schedule :=
findP job_in_time_slot pending_jobs.
Section Lemmas.
Hypothesis arr_seq_is_a_set:
arrival_sequence_is_a_set arr_seq.
Lemma pending_jobs_uniq:
uniq pending_jobs.
Proof.
apply filter_uniq
, arrivals_uniq with (job_arrival0:=job_arrival);auto.
Qed.
Lemma respects_FIFO:
forall j j', j \in pending_jobs -> j' \in pending_jobs ->
find (fun job => job==j') pending_jobs
< find (fun job => job==j) pending_jobs ->
job_arrival j' <= job_arrival j.
Proof.
rewrite /job_to_schedule /pending_jobs /jobs_arrived_up_to
/jobs_arrived_between. intros*.
repeat rewrite mem_filter.
move=> /andP [PENJ JIN] /andP [PENJ' J'IN] LEQ.
apply mem_bigcat_nat_exists in JIN.
apply mem_bigcat_nat_exists in J'IN.
destruct JIN as [arrj [JIN _]].
destruct J'IN as [arrj' [J'IN _]].
have ARRJ: job_arrival j = arrj by eauto.
have ARRJ': job_arrival j' = arrj' by eauto.
have JLT: arrj' <= t by move:PENJ'=>/andP [HAD _]; eauto.
destruct (leqP arrj' arrj) as [G|G]. eauto.
apply mem_bigcat_nat with (m:=0) (n:=arrj.+1) in JIN;auto.
apply mem_bigcat_nat with (m:=arrj.+1) (n:=t.+1) in J'IN;auto.
have BIGJ: j \in [seq j <- \big[cat/[::]]_(0 <= i < arrj.+1)
jobs_arriving_at arr_seq i | is_pending j t]
by rewrite mem_filter;apply /andP.
have BIGJ': j' \in [seq j <- \big[cat/[::]]_(arrj.+1 <= i < t.+1)
jobs_arriving_at arr_seq i | is_pending j t]
by rewrite mem_filter;apply /andP.
rewrite ->big_cat_nat with (n:=arrj.+1) in LEQ;try ssromega.
rewrite filter_cat find_cat /=in LEQ.
rewrite find_cat /= in LEQ.
have F: (has (fun job : Job => job == j')
[seq j <- \big[cat/[::]]_(0 <= i < arrj.+1)
jobs_arriving_at arr_seq i
| is_pending j t]) = false .
apply find_uniq with (l2:=
[seq j <- \big[cat/[::]]_(arrj.+1 <= i < t.+1)
jobs_arriving_at arr_seq i
| is_pending j t]);auto.
rewrite -filter_cat -big_cat_nat;auto. apply pending_jobs_uniq.
ssromega.
have TT: (has (fun job : Job => job == j)
[seq j <- \big[cat/[::]]_(0 <= i < arrj.+1)
jobs_arriving_at arr_seq i
| is_pending j t]) = true. apply /hasP. by exists j.
have FI: find (fun job : Job => job == j)
[seq j <- \big[cat/[::]]_(0 <= t < arrj.+1)
jobs_arriving_at arr_seq t
| is_pending j t] < size (
[seq j <- \big[cat/[::]]_(0 <= t < arrj.+1)
jobs_arriving_at arr_seq t
| is_pending j t]). by rewrite -has_find.
rewrite F TT in LEQ. ssromega.
Qed.
Lemma pending_job_in_penging_list:
forall j, arrives_in arr_seq j ->
pending job_arrival job_cost sched j t ->
j \in pending_jobs.
Proof.
intros* ARRJ PEN.
rewrite mem_filter. apply /andP. split.
apply PEN. rewrite /jobs_arrived_up_to.
apply arrived_between_implies_in_arrivals with (job_arrival0:=job_arrival).
apply H_arrival_times_are_consistent. auto.
rewrite /arrived_between. simpl.
rewrite /pending in PEN. move:PEN=>/andP [ARRED _].
rewrite /has_arrived in ARRED. auto.
Qed.
Lemma pendinglist_jobs_in_arr_seq:
forall j, j \in pending_jobs ->
arrives_in arr_seq j.
Proof.
intros* JIN.
rewrite mem_filter in JIN. move /andP in JIN.
destruct JIN as [PEN ARR]. rewrite /jobs_arrived_up_to in ARR.
by apply in_arrivals_implies_arrived with (t1:= 0)(t2:= t.+1).
Qed.
End Lemmas.
End JobSchedule.
Section SchedulerTDMA.
Let empty_schedule : schedule Job := fun t => None.
Definition scheduler_tdma:=
build_schedule_from_prefixes job_to_schedule empty_schedule.
Lemma scheduler_depends_only_on_prefix:
forall sched1 sched2 t,
(forall t0, t0 < t -> sched1 t0 = sched2 t0) ->
job_to_schedule sched1 t = job_to_schedule sched2 t.
Proof.
intros * ALL.
rewrite /job_to_schedule. f_equal.
apply eq_in_filter.
intros j ARR.
apply in_arrivals_implies_arrived_before
with (job_arrival0 := job_arrival) in ARR.
rewrite /arrived_before ltnS in ARR.
rewrite /pending /has_arrived ARR. repeat rewrite andTb; f_equal.
rewrite /completed_by; f_equal.
apply eq_big_nat. intros.
by rewrite /service_at /scheduled_at ALL.
assumption.
Qed.
Lemma scheduler_uses_construction_function:
forall t, scheduler_tdma t = job_to_schedule scheduler_tdma t.
Proof.
intro t. apply prefix_dependent_schedule_construction.
apply scheduler_depends_only_on_prefix.
Qed.
End SchedulerTDMA.
Let sched:=
scheduler_tdma.
Theorem scheduler_jobs_must_arrive_to_execute:
jobs_must_arrive_to_execute job_arrival sched.
Proof.
move => j t /eqP SCHED.
rewrite /sched scheduler_uses_construction_function /job_to_schedule in SCHED.
apply findP_in_seq in SCHED. move:SCHED => [IN PEN].
rewrite mem_filter in PEN.
by move: PEN => /andP [/andP [ARR _] _].
Qed.
Theorem scheduler_completed_jobs_dont_execute:
completed_jobs_dont_execute job_cost sched.
Proof.
intros j t.
induction t;
first by rewrite /service /service_during big_geq //.
rewrite /service /service_during big_nat_recr //=.
rewrite leq_eqVlt in IHt; move: IHt => /orP [/eqP EQ | LT]; last first.
{
apply: leq_trans LT; rewrite -addn1.
by apply leq_add; last by apply leq_b1.
}
rewrite -[job_cost _]addn0; apply leq_add; first by rewrite -EQ.
rewrite leqn0 eqb0 /scheduled_at.
rewrite /sched scheduler_uses_construction_function //.
rewrite /job_to_schedule.
apply/eqP; intro FIND.
apply findP_in_seq in FIND. move:FIND => [IN PEN].
by rewrite mem_filter /pending /completed_by -EQ eq_refl andbF andFb in PEN.
Qed.
End ImplementationTDMA.
End ConcreteSchedulerTDMA.
\ No newline at end of file
Require Import rt.util.all rt.util.find_seq
.
Require Import rt.model.arrival.basic.job
rt.model.arrival.basic.arrival_sequence
rt.model.schedule.uni.basic.platform_tdma
rt.model.arrival.basic.task rt.model.policy_tdma.
Require Import rt.model.schedule.uni.schedule rt.model.schedule.uni.schedulability.
Require Import rt.model.priority
rt.analysis.uni.basic.tdma_rta_theory
rt.analysis.uni.basic.tdma_wcrt_analysis.
Require Import rt.implementation.job rt.implementation.task
rt.implementation.arrival_sequence
rt.implementation.uni.basic.schedule_tdma.
From mathcomp Require Import ssreflect ssrbool ssrnat eqtype seq bigop div.
Set Bullet Behavior "Strict Subproofs".
Module ResponseTimeAnalysisExemple.
Import Job ArrivalSequence UniprocessorSchedule SporadicTaskset Schedulability Priority
ResponseTimeAnalysisTDMA PolicyTDMA Platform_TDMA.
Import ConcreteJob ConcreteTask ConcreteArrivalSequence BigOp
ConcreteSchedulerTDMA WCRT_OneJobTDMA.
Section ExampleTDMA.
Context {Job: eqType}.
Let tsk1 := {| task_id := 1; task_cost := 1; task_period := 16; task_deadline := 15|}.
Let tsk2 := {| task_id := 2; task_cost := 1; task_period := 8; task_deadline := 5|}.
Let tsk3 := {| task_id := 3; task_cost := 1; task_period := 9; task_deadline := 6|}.
Let time_slot1 := 1.
Let time_slot2 := 4.
Let time_slot3 := 3.
Program Let ts := Build_set [:: tsk1; tsk2; tsk3] _.
Let slot_seq := [::(tsk1,time_slot1);(tsk2,time_slot2);(tsk3,time_slot3)].
Fact ts_has_valid_parameters:
valid_sporadic_taskset task_cost task_period task_deadline ts.
Proof.
intros tsk tskIN.
repeat (move: tskIN => /orP [/eqP EQ | tskIN]; subst; compute); by done.
Qed.
Let arr_seq := periodic_arrival_sequence ts.
Fact job_arrival_times_are_consistent:
arrival_times_are_consistent job_arrival arr_seq.
Proof.
apply periodic_arrivals_are_consistent.
Qed.
Definition time_slot task:=
if task \in (map fst slot_seq) then
let n:= find (fun tsk => tsk==task)(map fst slot_seq) in
nth n (map snd slot_seq) n else 0.
Fact valid_time_slots:
forall tsk, tsk \in ts ->
is_valid_time_slot tsk time_slot.
Proof.
apply/allP. by cbn.
Qed.
Definition slot_order task1 task2:=
task_id task1 >= task_id task2.
Let sched:=
scheduler_tdma job_arrival job_cost job_task arr_seq ts time_slot slot_order.
Let job_in_time_slot t j:=
Task_in_time_slot ts slot_order (job_task j) time_slot t.
Fact slot_order_total:
slot_order_is_total_over_task_set ts slot_order.
Proof.
intros t1 t2 IN1 IN2. rewrite /slot_order.
case LEQ: (_ <= _);first by left.
right;move/negP /negP in LEQ;rewrite -ltnNge in LEQ;auto.
Qed.
Fact slot_order_transitive:
slot_order_is_transitive slot_order.
Proof.
rewrite /slot_order.
intros t1 t2 t3 IN1 IN2. ssromega.
Qed.
Fact slot_order_antisymmetric:
slot_order_is_antisymmetric_over_task_set ts slot_order.
Proof.
intros x y IN1 IN2. rewrite /slot_order. intros O1 O2.
have EQ: task_id x = task_id y by ssromega.
case (x==y)eqn:XY;move/eqP in XY;auto.
repeat (move:IN2=> /orP [/eqP TSK2 |IN2]); repeat (move:IN1=>/orP [/eqP TSK1|IN1];subst);compute ;try done.
Qed.
Fact respects_TDMA_policy:
Respects_TDMA_policy job_arrival job_cost job_task arr_seq sched ts time_slot slot_order.
Proof.
intros j t ARRJ.
split.
- rewrite /sched_implies_in_slot /scheduled_at /sched scheduler_uses_construction_function /job_to_schedule.
move => /eqP FUN. unfold job_in_time_slot.
apply findP_in_seq in FUN.
by destruct FUN as [ TskInSlot _].
apply job_arrival_times_are_consistent.
- rewrite /backlogged_implies_not_in_slot_or_other_job_sched /backlogged /scheduled_at /sched scheduler_uses_construction_function /job_to_schedule.
move => /andP [PEN NOSCHED]. have NSJ:= NOSCHED.
apply findP_notSome_in_seq in NOSCHED.
destruct NOSCHED as [NOIN |EXIST].
+ by left.
+ case (Task_in_time_slot ts slot_order (job_task j) time_slot t) eqn:INSLOT;last by left.
right. destruct EXIST as [y SOMEY]. exists y. have FIND:=SOMEY. apply findP_in_seq in SOMEY.
move:SOMEY => [SLOTY YIN]. have ARRY: arrives_in arr_seq y
by apply pendinglist_jobs_in_arr_seq in YIN.
have SAMETSK: job_task j = job_task y.
have EQ:Task_in_time_slot ts slot_order (job_task y) time_slot t =
Task_in_time_slot ts slot_order (job_task j) time_slot t by rewrite INSLOT.
apply task_in_time_slot_uniq with (ts0:= ts) (t0:=t) (slot_order:=slot_order) (task_time_slot:=time_slot);auto.
intros;by apply slot_order_total.
by apply slot_order_antisymmetric.
by apply slot_order_transitive.
by apply periodic_arrivals_all_jobs_from_taskset.
by apply valid_time_slots,periodic_arrivals_all_jobs_from_taskset.
by apply periodic_arrivals_all_jobs_from_taskset.
by apply valid_time_slots ,periodic_arrivals_all_jobs_from_taskset.
split;auto.
* split;case (y==j)eqn:YJ;move/eqP in YJ;try by rewrite FIND YJ in NSJ;move/eqP in NSJ;auto.
apply pending_job_in_penging_list with (arr_seq0:=arr_seq) in PEN;auto
;last apply job_arrival_times_are_consistent.
apply findP_FIFO with (y0:=j) in FIND;auto. fold sched in FIND.
apply (respects_FIFO ) in FIND;auto.
apply periodic_arrivals_are_sporadic with (ts:=ts) in FIND;auto.
have PERIODY:task_period (job_task y)>0 by
apply ts_has_valid_parameters,periodic_arrivals_all_jobs_from_taskset. ssromega.
apply job_arrival_times_are_consistent.
apply periodic_arrivals_is_a_set,ts_has_valid_parameters.
split;auto.
by apply/eqP.
+ apply pending_job_in_penging_list;trivial.
* by apply job_arrival_times_are_consistent.
+ by apply job_arrival_times_are_consistent.
Qed.
Fact job_cost_le_task_cost:
forall j : concrete_job_eqType,
arrives_in arr_seq j ->
job_cost_le_task_cost task_cost job_cost job_task j.
Proof.
intros JOB ARR.
apply periodic_arrivals_valid_job_parameters in ARR.
apply ARR. by apply ts_has_valid_parameters.
Qed.
Let tdma_claimed_bound task:=
WCRT task_cost time_slot ts task.
Let tdma_valid_bound task := is_valid_tdma_bound task_deadline task (tdma_claimed_bound task).
Fact valid_tdma_bounds:
forall tsk, tsk \in ts ->
tdma_valid_bound tsk = true.
Proof.
apply/allP.
rewrite /tdma_valid_bound /tdma_claimed_bound /WCRT /TDMA_cycle.
rewrite bigopE. by compute.
Qed.
Fact WCRT_le_period:
forall tsk, tsk \in ts ->
WCRT task_cost time_slot ts tsk <= task_period tsk.
Proof.
apply/allP.
rewrite /tdma_valid_bound /tdma_claimed_bound /WCRT /TDMA_cycle.
rewrite bigopE. by compute.
Qed.
Let no_deadline_missed_by :=
task_misses_no_deadline job_arrival job_cost job_deadline job_task arr_seq sched.
Theorem ts_is_schedulable_by_tdma :
forall tsk, tsk \in ts ->
no_deadline_missed_by tsk.
Proof.
intros tsk tskIN.
have VALID_JOB := periodic_arrivals_valid_job_parameters ts ts_has_valid_parameters.
apply taskset_schedulable_by_tdma with (task_deadline:=task_deadline)(task_period:=task_period)
(tsk0:=tsk)(ts0:=ts)(task_cost:=task_cost)
(task_time_slot:=time_slot) (slot_order:= slot_order)
(arr_seq0:=arr_seq).
- apply job_arrival_times_are_consistent.
- apply periodic_arrivals_are_sporadic.
- apply scheduler_jobs_must_arrive_to_execute.
apply job_arrival_times_are_consistent.
- apply scheduler_completed_jobs_dont_execute.
apply job_arrival_times_are_consistent.
- assumption.
- by apply WCRT_le_period.
- by apply respects_TDMA_policy.
- by apply valid_time_slots.
- assumption.
- by apply job_cost_le_task_cost.
- apply valid_tdma_bounds;auto.
Qed.
End ExampleTDMA.
End ResponseTimeAnalysisExemple.
Require Import rt.util.all.
Require Import rt.model.time
rt.model.arrival.basic.task
rt.model.arrival.basic.job.
From mathcomp Require Import ssreflect ssrbool ssrfun eqtype ssrnat seq fintype bigop div.
Module PolicyTDMA.
Import Time.
(** In this section, we define the TDMA policy.*)
Section TDMA.
(* The TDMA policy is based on two properties.
(1) Each task has a fixed, reserved time slot for execution;
(2) These time slots are ordered in sequence to form a TDMA cycle, which repeats along the timeline.
An example of TDMA schedule is illustrated in the following.
______________________________
| s1 | s2 |s3| s1 | s2 |s3|...
--------------------------------------------->
0 t
*)
Variable Task: eqType.
(* With each task, we associate the duration of the corresponding TDMA slot. *)
Definition TDMA_slot:= Task -> duration.
(* Moreover, within each TDMA cycle, task slots are ordered according to some relation. *)
Definition TDMA_slot_order:= rel Task.
End TDMA.
(** In this section, we define the properties of TDMA and prove some basic lemmas. *)
Section PropertiesTDMA.
Context {Task:eqType}.
(* Consider any task set ts... *)
Variable ts: {set Task}.
(* ...and any slot order (i.e, slot_order slot1 slot2 means that slot1 comes before slot2 in a TDMA cycle). *)
Variable slot_order: TDMA_slot_order Task.
(* First, we define the properties of a valid time slot order. *)
Section Relation.
(* Time slot order must transitive... *)
Definition slot_order_is_transitive:= transitive slot_order.
(* ..., totally ordered over the task set... *)
Definition slot_order_is_total_over_task_set :=
total_over_list slot_order ts.
(* ... and antisymmetric over task set. *)
Definition slot_order_is_antisymmetric_over_task_set :=
antisymmetric_over_list slot_order ts.
End Relation.
(* Next, we define some properties of task time slots *)
Section TimeSlot.
(* Consider any task in task set ts*)
Variable task: Task.
Hypothesis H_task_in_ts: task \in ts.
(* Consider any TDMA slot assignment for these tasks *)
Variable task_time_slot: TDMA_slot Task.
(* A valid time slot must be positive *)
Definition is_valid_time_slot:=
task_time_slot task > 0.
(* We define the TDMA cycle as the sum of all the tasks' time slots *)
Definition TDMA_cycle:=
\sum_(tsk <- ts) task_time_slot tsk.
(* We define the function returning the slot offset for each task:
i.e., the distance between the start of the TDMA cycle and
the start of the task time slot *)
Definition Task_slot_offset:=
\sum_(prev_task <- ts | slot_order prev_task task && (prev_task != task)) task_time_slot prev_task.
(* The following function tests whether a task is in its time slot at instant t *)
Definition Task_in_time_slot (t:time):=
((t + TDMA_cycle - (Task_slot_offset)%% TDMA_cycle) %% TDMA_cycle)
< (task_time_slot task).
Section BasicLemmas.
(* Assume task_time_slot is valid time slot*)
Hypothesis time_slot_positive:
is_valid_time_slot.
(* Obviously, the TDMA cycle is greater or equal than any task time slot which is
in TDMA cycle *)
Lemma TDMA_cycle_ge_each_time_slot:
TDMA_cycle >= task_time_slot task.
Proof.
rewrite /TDMA_cycle (big_rem task) //.
apply:leq_trans; last by exact: leq_addr.
by apply leqnn.
Qed.
(* Thus, a TDMA cycle is always positive *)
Lemma TDMA_cycle_positive:
TDMA_cycle > 0.
Proof.