Built with Alectryon, running Coq+SerAPI v8.20.0+0.20.0. Bubbles () indicate interactive fragments: hover for details, tap to reveal contents. Use Ctrl+↑Ctrl+↓ to navigate, Ctrl+🖱️ to focus. On Mac, use ⌘ instead of Ctrl.
Require Import prosa.util.epsilon.
[Loading ML file ssrmatching_plugin.cmxs (using legacy method) ... done]
[Loading ML file ssreflect_plugin.cmxs (using legacy method) ... done]
[Loading ML file ring_plugin.cmxs (using legacy method) ... done]
Serlib plugin: coq-elpi.elpi is not available: serlib support is missing.
Incremental checking for commands in this plugin will be impacted.
[Loading ML file coq-elpi.elpi ... done]
[Loading ML file zify_plugin.cmxs (using legacy method) ... done]
[Loading ML file micromega_core_plugin.cmxs (using legacy method) ... done]
[Loading ML file micromega_plugin.cmxs (using legacy method) ... done]
[Loading ML file btauto_plugin.cmxs (using legacy method) ... done]
Notation"_ + _" was already used in scope nat_scope.
[notation-overridden,parsing,default]
Notation"_ - _" was already used in scope nat_scope.
[notation-overridden,parsing,default]
Notation"_ <= _" was already used in scope nat_scope.
[notation-overridden,parsing,default]
Notation"_ < _" was already used in scope nat_scope.
[notation-overridden,parsing,default]
Notation"_ >= _" was already used in scope nat_scope.
[notation-overridden,parsing,default]
Notation"_ > _" was already used in scope nat_scope.
[notation-overridden,parsing,default]
Notation"_ <= _ <= _" was already used in scope
nat_scope. [notation-overridden,parsing,default]
Notation"_ < _ <= _" was already used in scope
nat_scope. [notation-overridden,parsing,default]
Notation"_ <= _ < _" was already used in scope
nat_scope. [notation-overridden,parsing,default]
Notation"_ < _ < _" was already used in scope
nat_scope. [notation-overridden,parsing,default]
Notation"_ * _" was already used in scope nat_scope.
[notation-overridden,parsing,default]
(** * Reduction of the search space for Abstract RTA *)(** In this file, we prove that in order to calculate the worst-case response time it is sufficient to consider only values of [A] that lie in the search space defined below. *)SectionAbstractRTAReduction.(** The response-time analysis we are presenting in this series of documents is based on searching over all possible values of [A], the relative arrival time of the job respective to the beginning of the busy interval. However, to obtain a practically useful response-time bound, we need to constrain the search space of values of [A]. In this section, we define an approach to reduce the search space. *)Context {Task : TaskType}.(** First, we provide a constructive notion of equivalent functions. *)SectionEquivalentFunctions.(** Consider an arbitrary type [T]... *)Context {T : eqType}.(** ...and two function from [nat] to [T]. *)Variablesf1f2 : nat -> T.(** Let [B] be an arbitrary constant. *)VariableB : nat.(** Then we say that [f1] and [f2] are equivalent at values less than [B] iff for any natural number [x] less than [B] [f1 x] is equal to [f2 x]. *)Definitionare_equivalent_at_values_less_than :=
forallx, x < B -> f1 x = f2 x.(** And vice versa, we say that [f1] and [f2] are not equivalent at values less than [B] iff there exists a natural number [x] less than [B] such that [f1 x] is not equal to [f2 x]. *)Definitionare_not_equivalent_at_values_less_than :=
existsx, x < B /\ f1 x <> f2 x.EndEquivalentFunctions.(** Let [tsk] be any task that is to be analyzed *)Variabletsk : Task.(** To ensure that the analysis procedure terminates, we assume an upper bound [B] on the values of [A] that must be checked. The existence of [B] follows from the assumption that the system is not overloaded (i.e., it has bounded utilization). *)VariableB : duration.(** Instead of searching for the maximum interference of each individual job, we assume a per-task interference bound function [IBF(A, x)] that is parameterized by the relative arrival time [A] of a potential job (see abstract_RTA.definitions.v file). *)Variableinterference_bound_function : duration -> duration -> duration.(** Recall the definition of [ε], which defines the neighborhood of a point in the timeline. Note that [ε = 1] under discrete time. *)(** To ensure that the search converges more quickly, we only check values of [A] in the interval <<[0, B)>> for which the interference bound function changes, i.e., every point [x] in which [interference_bound_function (A - ε, x)] is not equal to [interference_bound_function (A, x)]. *)Definitionis_in_search_spaceA :=
A = 0 \/
0 < A < B /\ are_not_equivalent_at_values_less_than
(interference_bound_function (A - ε)) (interference_bound_function A) B.(** In this section we prove that for every [A] there exists a smaller [A_sp] in the search space such that [interference_bound_function(A_sp,x)] is equal to [interference_bound_function(A, x)]. *)SectionExistenceOfRepresentative.(** Let [A] be any constant less than [B]. *)VariableA : duration.HypothesisH_A_less_than_B : A < B.(** We prove that there exists a constant [A_sp] such that: (a) [A_sp] is no greater than [A], (b) [interference_bound_function(A_sp, x)] is equal to [interference_bound_function(A, x)] and (c) [A_sp] is in the search space. In other words, either [A] is already inside the search space, or we can go to the "left" until we reach [A_sp], which will be inside the search space. *)
Task: TaskType tsk: Task B: duration interference_bound_function: duration ->
duration -> duration A: duration H_A_less_than_B: A < B
existsA_sp : nat,
A_sp <= A /\
are_equivalent_at_values_less_than
(interference_bound_function A)
(interference_bound_function A_sp) B /\
is_in_search_space A_sp
Task: TaskType tsk: Task B: duration interference_bound_function: duration ->
duration -> duration A: duration H_A_less_than_B: A < B
existsA_sp : nat,
A_sp <= A /\
are_equivalent_at_values_less_than
(interference_bound_function A)
(interference_bound_function A_sp) B /\
is_in_search_space A_sp
Task: TaskType tsk: Task B: duration interference_bound_function: duration ->
duration -> duration A: duration n: nat H_A_less_than_B: n.+1 < B IHn: n < B ->
existsA_sp : nat,
A_sp <= n /\
are_equivalent_at_values_less_than
(interference_bound_function n)
(interference_bound_function A_sp) B /\
is_in_search_space A_sp
all
(funt : duration =>
interference_bound_function n t ==
interference_bound_function n.+1 t) (iota 0 B) \/
has
(funt : duration =>
interference_bound_function n t
!= interference_bound_function n.+1 t) (iota 0 B)
Task: TaskType tsk: Task B: duration interference_bound_function: duration ->
duration -> duration A: duration n: nat H_A_less_than_B: n.+1 < B IHn: n < B ->
existsA_sp : nat,
A_sp <= n /\
are_equivalent_at_values_less_than
(interference_bound_function n)
(interference_bound_function A_sp) B /\
is_in_search_space A_sp ALT: all
(funt : duration =>
interference_bound_function n t ==
interference_bound_function n.+1 t)
(iota 0 B) \/
has
(funt : duration =>
interference_bound_function n t
!= interference_bound_function n.+1 t)
(iota 0 B)
Task: TaskType tsk: Task B: duration interference_bound_function: duration ->
duration -> duration A: duration n: nat H_A_less_than_B: n.+1 < B IHn: n < B ->
existsA_sp : nat,
A_sp <= n /\
are_equivalent_at_values_less_than
(interference_bound_function n)
(interference_bound_function A_sp) B /\
is_in_search_space A_sp
all
(funt : duration =>
interference_bound_function n t ==
interference_bound_function n.+1 t) (iota 0 B) \/
has
(funt : duration =>
interference_bound_function n t
!= interference_bound_function n.+1 t) (iota 0 B)
Task: TaskType tsk: Task B: duration interference_bound_function: duration ->
duration -> duration A: duration n: nat H_A_less_than_B: n.+1 < B IHn: n < B ->
existsA_sp : nat,
A_sp <= n /\
are_equivalent_at_values_less_than
(interference_bound_function n)
(interference_bound_function A_sp) B /\
is_in_search_space A_sp
all
(funt : duration =>
interference_bound_function n t ==
interference_bound_function n.+1 t) (iota 0 B)
|| has
(funt : duration =>
interference_bound_function n t
!= interference_bound_function n.+1 t)
(iota 0 B)
Task: TaskType tsk: Task B: duration interference_bound_function: duration ->
duration -> duration A: duration n: nat H_A_less_than_B: n.+1 < B IHn: n < B ->
existsA_sp : nat,
A_sp <= n /\
are_equivalent_at_values_less_than
(interference_bound_function n)
(interference_bound_function A_sp) B /\
is_in_search_space A_sp
~~
(~~
all
(funt : duration =>
interference_bound_function n t ==
interference_bound_function n.+1 t) (iota 0 B) &&
~~
has
(funt : duration =>
interference_bound_function n t
!= interference_bound_function n.+1 t) (iota 0 B))
Task: TaskType tsk: Task B: duration interference_bound_function: duration ->
duration -> duration A: duration n: nat H_A_less_than_B: n.+1 < B IHn: n < B ->
existsA_sp : nat,
A_sp <= n /\
are_equivalent_at_values_less_than
(interference_bound_function n)
(interference_bound_function A_sp) B /\
is_in_search_space A_sp CONTR: ~~
all
(funt : duration =>
interference_bound_function n t ==
interference_bound_function n.+1 t)
(iota 0 B) &&
~~
has
(funt : duration =>
interference_bound_function n t
!= interference_bound_function n.+1 t)
(iota 0 B)
False
Task: TaskType tsk: Task B: duration interference_bound_function: duration ->
duration -> duration A: duration n: nat H_A_less_than_B: n.+1 < B IHn: n < B ->
existsA_sp : nat,
A_sp <= n /\
are_equivalent_at_values_less_than
(interference_bound_function n)
(interference_bound_function A_sp) B /\
is_in_search_space A_sp NALL: ~~
all
(funt : duration =>
interference_bound_function n t ==
interference_bound_function n.+1 t)
(iota 0 B)
has
(funt : duration =>
interference_bound_function n t
!= interference_bound_function n.+1 t) (iota 0 B)
byrewrite -has_predC /predC in NALL.
Task: TaskType tsk: Task B: duration interference_bound_function: duration ->
duration -> duration A: duration n: nat H_A_less_than_B: n.+1 < B IHn: n < B ->
existsA_sp : nat,
A_sp <= n /\
are_equivalent_at_values_less_than
(interference_bound_function n)
(interference_bound_function A_sp) B /\
is_in_search_space A_sp ALT: all
(funt : duration =>
interference_bound_function n t ==
interference_bound_function n.+1 t)
(iota 0 B) \/
has
(funt : duration =>
interference_bound_function n t
!= interference_bound_function n.+1 t)
(iota 0 B)
Task: TaskType tsk: Task B: duration interference_bound_function: duration ->
duration -> duration A: duration n: nat H_A_less_than_B: n.+1 < B ASP: nat NEQ: ASP <= n EQ: are_equivalent_at_values_less_than
(interference_bound_function n)
(interference_bound_function ASP) B SP: is_in_search_space ASP ALT: exists2
x : Datatypes_nat__canonical__eqtype_Equality,
x \in iota 0 B &
interference_bound_function n x
!= interference_bound_function n.+1 x
Task: TaskType tsk: Task B: duration interference_bound_function: duration ->
duration -> duration A: duration n: nat H_A_less_than_B: n.+1 < B ASP: nat NEQ: ASP <= n EQ: are_equivalent_at_values_less_than
(interference_bound_function n)
(interference_bound_function ASP) B SP: is_in_search_space ASP ALT: {in iota 0 B,
forallx : Datatypes_nat__canonical__eqtype_Equality,
interference_bound_function n x ==
interference_bound_function n.+1 x}
are_equivalent_at_values_less_than
(interference_bound_function n.+1)
(interference_bound_function ASP) B
Task: TaskType tsk: Task B: duration interference_bound_function: duration ->
duration -> duration A: duration n: nat H_A_less_than_B: n.+1 < B ASP: nat NEQ: ASP <= n EQ: are_equivalent_at_values_less_than
(interference_bound_function n)
(interference_bound_function ASP) B SP: is_in_search_space ASP ALT: {in iota 0 B,
forallx : Datatypes_nat__canonical__eqtype_Equality,
interference_bound_function n x ==
interference_bound_function n.+1 x} x: nat LT: x < B
interference_bound_function n.+1 x =
interference_bound_function ASP x
Task: TaskType tsk: Task B: duration interference_bound_function: duration ->
duration -> duration A: duration n: nat H_A_less_than_B: n.+1 < B ASP: nat NEQ: ASP <= n EQ: are_equivalent_at_values_less_than
(interference_bound_function n)
(interference_bound_function ASP) B SP: is_in_search_space ASP ALT: {in iota 0 B,
forallx : Datatypes_nat__canonical__eqtype_Equality,
interference_bound_function n x ==
interference_bound_function n.+1 x} x: nat LT: x < B T: x \in iota 0 B ->
interference_bound_function n x ==
interference_bound_function n.+1 x
interference_bound_function n.+1 x =
interference_bound_function ASP x
Task: TaskType tsk: Task B: duration interference_bound_function: duration ->
duration -> duration A: duration n: nat H_A_less_than_B: n.+1 < B ASP: nat NEQ: ASP <= n EQ: are_equivalent_at_values_less_than
(interference_bound_function n)
(interference_bound_function ASP) B SP: is_in_search_space ASP ALT: {in iota 0 B,
forallx : Datatypes_nat__canonical__eqtype_Equality,
interference_bound_function n x ==
interference_bound_function n.+1 x} x: nat LT: x < B T: interference_bound_function n x ==
interference_bound_function n.+1 x
interference_bound_function n.+1 x =
interference_bound_function ASP x
bymove: T => /eqP<-; rewrite EQ.
Task: TaskType tsk: Task B: duration interference_bound_function: duration ->
duration -> duration A: duration n: nat H_A_less_than_B: n.+1 < B ASP: nat NEQ: ASP <= n EQ: are_equivalent_at_values_less_than
(interference_bound_function n)
(interference_bound_function ASP) B SP: is_in_search_space ASP ALT: exists2
x : Datatypes_nat__canonical__eqtype_Equality,
x \in iota 0 B &
interference_bound_function n x
!= interference_bound_function n.+1 x
Task: TaskType tsk: Task B: duration interference_bound_function: duration ->
duration -> duration A: duration n: nat H_A_less_than_B: n.+1 < B ASP: nat NEQ: ASP <= n EQ: are_equivalent_at_values_less_than
(interference_bound_function n)
(interference_bound_function ASP) B SP: is_in_search_space ASP ALT: exists2
x : Datatypes_nat__canonical__eqtype_Equality,
x \in iota 0 B &
interference_bound_function n x
!= interference_bound_function n.+1 x
Task: TaskType tsk: Task B: duration interference_bound_function: duration ->
duration -> duration A: duration n: nat H_A_less_than_B: n.+1 < B ASP: nat NEQ: ASP <= n EQ: are_equivalent_at_values_less_than
(interference_bound_function n)
(interference_bound_function ASP) B SP: is_in_search_space ASP ALT: exists2
x : Datatypes_nat__canonical__eqtype_Equality,
x \in iota 0 B &
interference_bound_function n x
!= interference_bound_function n.+1 x
is_in_search_space n.+1
Task: TaskType tsk: Task B: duration interference_bound_function: duration ->
duration -> duration A: duration n: nat H_A_less_than_B: n.+1 < B ASP: nat NEQ: ASP <= n EQ: are_equivalent_at_values_less_than
(interference_bound_function n)
(interference_bound_function ASP) B SP: is_in_search_space ASP ALT: exists2
x : Datatypes_nat__canonical__eqtype_Equality,
x \in iota 0 B &
interference_bound_function n x
!= interference_bound_function n.+1 x
0 < n.+1 < B /\
are_not_equivalent_at_values_less_than
(interference_bound_function (n.+1 - 1))
(interference_bound_function n.+1) B
Task: TaskType tsk: Task B: duration interference_bound_function: duration ->
duration -> duration A: duration n: nat H_A_less_than_B: n.+1 < B ASP: nat NEQ: ASP <= n EQ: are_equivalent_at_values_less_than
(interference_bound_function n)
(interference_bound_function ASP) B SP: is_in_search_space ASP ALT: exists2
x : Datatypes_nat__canonical__eqtype_Equality,
x \in iota 0 B &
interference_bound_function n x
!= interference_bound_function n.+1 x
are_not_equivalent_at_values_less_than
(interference_bound_function (n.+1 - 1))
(interference_bound_function n.+1) B
Task: TaskType tsk: Task B: duration interference_bound_function: duration ->
duration -> duration A: duration n: nat H_A_less_than_B: n.+1 < B ASP: nat NEQ: ASP <= n EQ: are_equivalent_at_values_less_than
(interference_bound_function n)
(interference_bound_function ASP) B SP: is_in_search_space ASP y: Datatypes_nat__canonical__eqtype_Equality IN: y \in iota 0 B N: interference_bound_function n y
!= interference_bound_function n.+1 y
are_not_equivalent_at_values_less_than
(interference_bound_function (n.+1 - 1))
(interference_bound_function n.+1) B
Task: TaskType tsk: Task B: duration interference_bound_function: duration ->
duration -> duration A: duration n: nat H_A_less_than_B: n.+1 < B ASP: nat NEQ: ASP <= n EQ: are_equivalent_at_values_less_than
(interference_bound_function n)
(interference_bound_function ASP) B SP: is_in_search_space ASP y: Datatypes_nat__canonical__eqtype_Equality IN: y \in iota 0 B N: interference_bound_function n y
!= interference_bound_function n.+1 y
y < B /\
interference_bound_function (n.+1 - 1) y <>
interference_bound_function n.+1 y
Task: TaskType tsk: Task B: duration interference_bound_function: duration ->
duration -> duration A: duration n: nat H_A_less_than_B: n.+1 < B ASP: nat NEQ: ASP <= n EQ: are_equivalent_at_values_less_than
(interference_bound_function n)
(interference_bound_function ASP) B SP: is_in_search_space ASP y: Datatypes_nat__canonical__eqtype_Equality N: interference_bound_function n y
!= interference_bound_function n.+1 y
0 <= y < B ->
y < B /\
interference_bound_function (n.+1 - 1) y <>
interference_bound_function n.+1 y
Task: TaskType tsk: Task B: duration interference_bound_function: duration ->
duration -> duration A: duration n: nat H_A_less_than_B: n.+1 < B ASP: nat NEQ: ASP <= n EQ: are_equivalent_at_values_less_than
(interference_bound_function n)
(interference_bound_function ASP) B SP: is_in_search_space ASP y: Datatypes_nat__canonical__eqtype_Equality N: interference_bound_function n y
!= interference_bound_function n.+1 y LT: y < B
y < B /\
interference_bound_function (n.+1 - 1) y <>
interference_bound_function n.+1 y
Task: TaskType tsk: Task B: duration interference_bound_function: duration ->
duration -> duration A: duration n: nat H_A_less_than_B: n.+1 < B ASP: nat NEQ: ASP <= n EQ: are_equivalent_at_values_less_than
(interference_bound_function n)
(interference_bound_function ASP) B SP: is_in_search_space ASP y: Datatypes_nat__canonical__eqtype_Equality N: interference_bound_function n y
!= interference_bound_function n.+1 y LT: y < B
interference_bound_function (n.+1 - 1) y <>
interference_bound_function n.+1 y
Task: TaskType tsk: Task B: duration interference_bound_function: duration ->
duration -> duration A: duration n: nat H_A_less_than_B: n.+1 < B ASP: nat NEQ: ASP <= n EQ: are_equivalent_at_values_less_than
(interference_bound_function n)
(interference_bound_function ASP) B SP: is_in_search_space ASP y: Datatypes_nat__canonical__eqtype_Equality N: interference_bound_function n y
!= interference_bound_function n.+1 y LT: y < B
interference_bound_function n y <>
interference_bound_function n.+1 y
Task: TaskType tsk: Task B: duration interference_bound_function: duration ->
duration -> duration A: duration n: nat H_A_less_than_B: n.+1 < B ASP: nat NEQ: ASP <= n EQ: are_equivalent_at_values_less_than
(interference_bound_function n)
(interference_bound_function ASP) B SP: is_in_search_space ASP y: Datatypes_nat__canonical__eqtype_Equality LT: y < B CONTR: interference_bound_function n y =
interference_bound_function n.+1 y
interference_bound_function n y ==
interference_bound_function n.+1 y
byrewrite CONTR.}Qed.EndExistenceOfRepresentative.(** In this section we prove that any solution of the response-time recurrence for a given point [A_sp] in the search space also gives a solution for any point A that shares the same interference bound. *)SectionFixpointSolutionForAnotherA.(** Suppose [A_sp + F_sp] is a "small" solution (i.e. less than [B]) of the response-time recurrence. *)VariablesA_spF_sp : duration.HypothesisH_less_than : A_sp + F_sp < B.HypothesisH_fixpoint : A_sp + F_sp >= interference_bound_function A_sp (A_sp + F_sp).(** Next, let [A] be any point such that: (a) [A_sp <= A <= A_sp + F_sp] and (b) [interference_bound_function(A, x)] is equal to [interference_bound_function(A_sp, x)] for all [x] less than [B]. *)VariableA : duration.HypothesisH_bounds_for_A : A_sp <= A <= A_sp + F_sp.HypothesisH_equivalent :
are_equivalent_at_values_less_than
(interference_bound_function A)
(interference_bound_function A_sp) B.(** We prove that there exists a constant [F] such that [A + F] is equal to [A_sp + F_sp] and [A + F] is a solution for the response-time recurrence for [A]. *)
existsF : nat,
A_sp + F_sp = A + F /\
F <= F_sp /\
interference_bound_function A (A + F) <= A + F
Task: TaskType tsk: Task B: duration interference_bound_function: duration ->
duration -> duration A_sp, F_sp: duration H_less_than: A_sp + F_sp < B H_fixpoint: interference_bound_function A_sp
(A_sp + F_sp) <= A_sp + F_sp A: duration H_bounds_for_A: A_sp <= A <= A_sp + F_sp H_equivalent: are_equivalent_at_values_less_than
(interference_bound_function A)
(interference_bound_function A_sp) B NEQ1: A_sp <= A NEQ2: A <= A_sp + F_sp
existsF : nat,
A_sp + F_sp = A + F /\
F <= F_sp /\
interference_bound_function A (A + F) <= A + F
Task: TaskType tsk: Task B: duration interference_bound_function: duration ->
duration -> duration A_sp, F_sp: duration X:= A_sp + F_sp: nat H_less_than: X < B H_fixpoint: interference_bound_function A_sp X <= X A: duration H_bounds_for_A: A_sp <= A <= X H_equivalent: are_equivalent_at_values_less_than
(interference_bound_function A)
(interference_bound_function A_sp) B NEQ1: A_sp <= A NEQ2: A <= X
existsF : nat,
X = A + F /\
F <= F_sp /\
interference_bound_function A (A + F) <= A + F
Task: TaskType tsk: Task B: duration interference_bound_function: duration ->
duration -> duration A_sp, F_sp: duration X:= A_sp + F_sp: nat H_less_than: X < B H_fixpoint: interference_bound_function A_sp X <= X A: duration H_bounds_for_A: A_sp <= A <= X H_equivalent: are_equivalent_at_values_less_than
(interference_bound_function A)
(interference_bound_function A_sp) B NEQ1: A_sp <= A NEQ2: A <= X
X = A + (X - A)
Task: TaskType tsk: Task B: duration interference_bound_function: duration ->
duration -> duration A_sp, F_sp: duration X:= A_sp + F_sp: nat H_less_than: X < B H_fixpoint: interference_bound_function A_sp X <= X A: duration H_bounds_for_A: A_sp <= A <= X H_equivalent: are_equivalent_at_values_less_than
(interference_bound_function A)
(interference_bound_function A_sp) B NEQ1: A_sp <= A NEQ2: A <= X
X - A <= F_sp
Task: TaskType tsk: Task B: duration interference_bound_function: duration ->
duration -> duration A_sp, F_sp: duration X:= A_sp + F_sp: nat H_less_than: X < B H_fixpoint: interference_bound_function A_sp X <= X A: duration H_bounds_for_A: A_sp <= A <= X H_equivalent: are_equivalent_at_values_less_than
(interference_bound_function A)
(interference_bound_function A_sp) B NEQ1: A_sp <= A NEQ2: A <= X
interference_bound_function A (A + (X - A)) <=
A + (X - A)
Task: TaskType tsk: Task B: duration interference_bound_function: duration ->
duration -> duration A_sp, F_sp: duration X:= A_sp + F_sp: nat H_less_than: X < B H_fixpoint: interference_bound_function A_sp X <= X A: duration H_bounds_for_A: A_sp <= A <= X H_equivalent: are_equivalent_at_values_less_than
(interference_bound_function A)
(interference_bound_function A_sp) B NEQ1: A_sp <= A NEQ2: A <= X
X = A + (X - A)
byrewrite subnKC.
Task: TaskType tsk: Task B: duration interference_bound_function: duration ->
duration -> duration A_sp, F_sp: duration X:= A_sp + F_sp: nat H_less_than: X < B H_fixpoint: interference_bound_function A_sp X <= X A: duration H_bounds_for_A: A_sp <= A <= X H_equivalent: are_equivalent_at_values_less_than
(interference_bound_function A)
(interference_bound_function A_sp) B NEQ1: A_sp <= A NEQ2: A <= X
X - A <= F_sp
byrewrite leq_subLR /X leq_add2r.
Task: TaskType tsk: Task B: duration interference_bound_function: duration ->
duration -> duration A_sp, F_sp: duration X:= A_sp + F_sp: nat H_less_than: X < B H_fixpoint: interference_bound_function A_sp X <= X A: duration H_bounds_for_A: A_sp <= A <= X H_equivalent: are_equivalent_at_values_less_than
(interference_bound_function A)
(interference_bound_function A_sp) B NEQ1: A_sp <= A NEQ2: A <= X
interference_bound_function A (A + (X - A)) <=
A + (X - A)
byrewrite subnKC // H_equivalent.Qed.EndFixpointSolutionForAnotherA.EndAbstractRTAReduction.(** In this section, we prove a simple lemma that allows one to switch IBFs inside of the [is_in_search_space] predicate. *)SectionSearchSpaceSwitch.(** Consider any type of tasks. *)Context {Task : TaskType}.(** Let [tsk] be any task that is to be analyzed. *)Variabletsk : Task.(** Similarly to the previous section, to ensure that the analysis procedure terminates, we assume an upper bound [B] on the values of [A] that must be checked. *)VariableB : duration.(** Given two IBFs [IBF1] and [IBF2] such that they are equal for all inputs, if an offset [A] is in the search space of [IBF1], then [A] is in the search space of [IBF2]. *)
Task: TaskType tsk: Task B: duration
forallIBF1IBF2 : nat -> duration -> duration,
(forall (A : nat) (Δ : duration),
A < B -> IBF1 A Δ = IBF2 A Δ) ->
forallA : nat,
is_in_search_space B IBF1 A ->
is_in_search_space B IBF2 A
Task: TaskType tsk: Task B: duration
forallIBF1IBF2 : nat -> duration -> duration,
(forall (A : nat) (Δ : duration),
A < B -> IBF1 A Δ = IBF2 A Δ) ->
forallA : nat,
is_in_search_space B IBF1 A ->
is_in_search_space B IBF2 A
Task: TaskType tsk: Task B: duration IBF1, IBF2: nat -> duration -> duration EQU: forall (A : nat) (Δ : duration),
A < B -> IBF1 A Δ = IBF2 A Δ A: nat NEQ: 0 < A < B NEQU: are_not_equivalent_at_values_less_than
(IBF1 (A - 1)) (IBF1 A) B
is_in_search_space B IBF2 A
Task: TaskType tsk: Task B: duration IBF1, IBF2: nat -> duration -> duration EQU: forall (A : nat) (Δ : duration),
A < B -> IBF1 A Δ = IBF2 A Δ A: nat NEQ: 0 < A < B NEQU: are_not_equivalent_at_values_less_than
(IBF1 (A - 1)) (IBF1 A) B
are_not_equivalent_at_values_less_than (IBF2 (A - 1))
(IBF2 A) B
Task: TaskType tsk: Task B: duration IBF1, IBF2: nat -> duration -> duration EQU: forall (A : nat) (Δ : duration),
A < B -> IBF1 A Δ = IBF2 A Δ A: nat NEQ: 0 < A < B x: nat LT: x < B NEQf: IBF1 (A - 1) x <> IBF1 A x
are_not_equivalent_at_values_less_than (IBF2 (A - 1))
(IBF2 A) B
Task: TaskType tsk: Task B: duration IBF1, IBF2: nat -> duration -> duration EQU: forall (A : nat) (Δ : duration),
A < B -> IBF1 A Δ = IBF2 A Δ A: nat NEQ: 0 < A < B x: nat LT: x < B NEQf: IBF1 (A - 1) x <> IBF1 A x
IBF2 (A - 1) x <> IBF2 A x
Task: TaskType tsk: Task B: duration IBF1, IBF2: nat -> duration -> duration EQU: forall (A : nat) (Δ : duration),
A < B -> IBF1 A Δ = IBF2 A Δ A: nat NEQ: 0 < A < B x: nat LT: x < B
IBF1 (A - 1) x <> IBF1 A x ->
IBF2 (A - 1) x <> IBF2 A x