Built with Alectryon, running Coq+SerAPI v8.20.0+0.20.0. Bubbles () indicate interactive fragments: hover for details, tap to reveal contents. Use Ctrl+↑ Ctrl+↓ to navigate, Ctrl+🖱️ to focus. On Mac, use instead of Ctrl.
[Loading ML file ssrmatching_plugin.cmxs (using legacy method) ... done]
[Loading ML file ssreflect_plugin.cmxs (using legacy method) ... done]
[Loading ML file ring_plugin.cmxs (using legacy method) ... done]
Serlib plugin: coq-elpi.elpi is not available: serlib support is missing.
Incremental checking for commands in this plugin will be impacted.
[Loading ML file coq-elpi.elpi ... done]
[Loading ML file zify_plugin.cmxs (using legacy method) ... done]
[Loading ML file micromega_core_plugin.cmxs (using legacy method) ... done]
[Loading ML file micromega_plugin.cmxs (using legacy method) ... done]
[Loading ML file btauto_plugin.cmxs (using legacy method) ... done]
Notation "_ + _" was already used in scope nat_scope.
[notation-overridden,parsing,default]
Notation "_ - _" was already used in scope nat_scope.
[notation-overridden,parsing,default]
Notation "_ <= _" was already used in scope nat_scope.
[notation-overridden,parsing,default]
Notation "_ < _" was already used in scope nat_scope.
[notation-overridden,parsing,default]
Notation "_ >= _" was already used in scope nat_scope.
[notation-overridden,parsing,default]
Notation "_ > _" was already used in scope nat_scope.
[notation-overridden,parsing,default]
Notation "_ <= _ <= _" was already used in scope
nat_scope. [notation-overridden,parsing,default]
Notation "_ < _ <= _" was already used in scope
nat_scope. [notation-overridden,parsing,default]
Notation "_ <= _ < _" was already used in scope
nat_scope. [notation-overridden,parsing,default]
Notation "_ < _ < _" was already used in scope
nat_scope. [notation-overridden,parsing,default]
Notation "_ * _" was already used in scope nat_scope.
[notation-overridden,parsing,default]

Require Export prosa.model.task.absolute_deadline.
Require Export prosa.model.task.preemption.parameters.

(** We first make some trivial observations about EDF priorities to avoid
    repeating these steps in subsequent proofs. *)
Section PriorityFacts.
  (** Consider any type of jobs with arrival times. *)
  Context `{Job : JobType} `{JobArrival Job}.

  (** First, consider the general case where jobs have arbitrary deadlines. *)
  Section JobDeadline.

    (** If jobs have arbitrary deadlines ... *)
    Context `{JobDeadline Job}.

    (** ... then [hep_job] is a statement about these deadlines. *)
    
Job: JobType
H: JobArrival Job
H0: JobDeadline Job
forall j j' : Job,
hep_job j j' = (job_deadline j <= job_deadline j')

    
Job: JobType
H: JobArrival Job
H0: JobDeadline Job
forall j j' : Job,
hep_job j j' = (job_deadline j <= job_deadline j')
 by move=> j j'; rewrite /hep_job /EDF. Qed.

  End JobDeadline.

  (** Second, consider the case where job (absolute) deadlines are derived from
      task (relative) deadlines. *)
  Section TaskDeadline.

    (** If the jobs stem from tasks with relative deadlines ... *)
    Context {Task : TaskType}.
    Context `{TaskDeadline Task}.
    Context `{JobTask Job Task}.

    (** ... then [hep_job] is a statement about job arrival times and relative
        deadlines. *)
    
Job: JobType
H: JobArrival Job
Task: TaskType
H0: TaskDeadline Task
H1: JobTask Job Task
forall j j' : Job,
hep_job j j' =
(job_arrival j + task_deadline (job_task j) <=
 job_arrival j' + task_deadline (job_task j'))

    
Job: JobType
H: JobArrival Job
Task: TaskType
H0: TaskDeadline Task
H1: JobTask Job Task
forall j j' : Job,
hep_job j j' =
(job_arrival j + task_deadline (job_task j) <=
 job_arrival j' + task_deadline (job_task j'))

      
Job: JobType
H: JobArrival Job
Task: TaskType
H0: TaskDeadline Task
H1: JobTask Job Task
j, j': Job
hep_job j j' =
(job_arrival j + task_deadline (job_task j) <=
 job_arrival j' + task_deadline (job_task j'))

      by rewrite hep_job_deadline /job_deadline/job_deadline_from_task_deadline.
    Qed.

      (** Furthermore, if we are looking at two jobs of the same task, then
          [hep_job] is a statement about their respective arrival times. *)
    
Job: JobType
H: JobArrival Job
Task: TaskType
H0: TaskDeadline Task
H1: JobTask Job Task
forall j j' : Job,
same_task j j' ->
hep_job j j' = (job_arrival j <= job_arrival j')

    
Job: JobType
H: JobArrival Job
Task: TaskType
H0: TaskDeadline Task
H1: JobTask Job Task
forall j j' : Job,
same_task j j' ->
hep_job j j' = (job_arrival j <= job_arrival j')

      by move=> j j' /eqP SAME; rewrite hep_job_task_deadline SAME leq_add2r.
    Qed.

    (** EDF respects the sequential-tasks hypothesis. *)
    
Job: JobType
H: JobArrival Job
Task: TaskType
H0: TaskDeadline Task
H1: JobTask Job Task
policy_respects_sequential_tasks (EDF Job)

    
Job: JobType
H: JobArrival Job
Task: TaskType
H0: TaskDeadline Task
H1: JobTask Job Task
policy_respects_sequential_tasks (EDF Job)

      by move => j j' /eqP TSK ?; rewrite hep_job_arrival_edf // /same_task TSK.
    Qed.
  End TaskDeadline.

End PriorityFacts.

(** We add the above lemma into a "Hint Database" basic_rt_facts, so Coq
    will be able to apply it automatically. *)
Global Hint Resolve EDF_respects_sequential_tasks : basic_rt_facts.

Require Export prosa.model.task.sequentiality.
Require Export prosa.analysis.facts.priority.inversion.
Require Export prosa.analysis.facts.priority.sequential.
Require Export prosa.analysis.facts.model.sequential.

(** In this section, we prove that the EDF priority policy implies that tasks
    are executed sequentially. *)
Section SequentialEDF.

  (** Consider any type of tasks ... *)
  Context {Task : TaskType}.
  Context `{TaskCost Task}.
  Context `{TaskDeadline Task}.

  (** ... with a bound on the maximum non-preemptive segment length.
      The bound is needed to ensure that, at any instant, it always
      exists a subsequent preemption time in which the scheduler can,
      if needed, switch to another higher-priority job. *)
  Context `{TaskMaxNonpreemptiveSegment Task}.

  (** Further, consider any type of jobs associated with these tasks. *)
  Context {Job : JobType}.
  Context `{JobTask Job Task}.
  Context `{Arrival : JobArrival Job}.
  Context `{Cost : JobCost Job}.

  (** Allow for any uniprocessor model. *)
  Context {PState : ProcessorState Job}.
  Hypothesis H_uniproc : uniprocessor_model PState.

  (** Consider any valid arrival sequence. *)
  Variable arr_seq : arrival_sequence Job.
  Hypothesis H_valid_arrivals : valid_arrival_sequence arr_seq.

  (** Next, consider any schedule of this arrival sequence, ... *)
  Variable sched : schedule PState.

  (** ... allow for any work-bearing notion of job readiness, ... *)
  Context `{@JobReady Job PState Cost Arrival}.
  Hypothesis H_job_ready : work_bearing_readiness arr_seq sched.

  (** ... and assume that the schedule is valid. *)
  Hypothesis H_sched_valid : valid_schedule sched arr_seq.

  (** In addition, we assume the existence of a function mapping jobs
      to their preemption points ... *)
  Context `{JobPreemptable Job}.

  (** ... and assume that it defines a valid preemption model with
      bounded non-preemptive segments. *)
  Hypothesis H_valid_preemption_model:
    valid_preemption_model arr_seq sched.

  (** Assume an EDF schedule. *)
  Hypothesis H_respects_policy :
    respects_JLFP_policy_at_preemption_point arr_seq sched (EDF Job).

  (** To prove sequentiality, we use lemma
      [early_hep_job_is_scheduled]. Clearly, under the EDF priority
      policy, jobs satisfy the conditions described by the lemma
      (i.e., given two jobs [j1] and [j2] from the same task, if [j1]
      arrives earlier than [j2], then [j1] always has a higher
      priority than job [j2], and hence completes before [j2]);
      therefore EDF implies sequential tasks. *)
  
Task: TaskType
H: TaskCost Task
H0: TaskDeadline Task
H1: TaskMaxNonpreemptiveSegment Task
Job: JobType
H2: JobTask Job Task
Arrival: JobArrival Job
Cost: JobCost Job
PState: ProcessorState Job
H_uniproc: uniprocessor_model PState
arr_seq: arrival_sequence Job
H_valid_arrivals: valid_arrival_sequence arr_seq
sched: schedule PState
H3: JobReady Job PState
H_job_ready: work_bearing_readiness arr_seq sched
H_sched_valid: valid_schedule sched arr_seq
H4: JobPreemptable Job
H_valid_preemption_model: valid_preemption_model
  arr_seq sched
H_respects_policy: respects_JLFP_policy_at_preemption_point
  arr_seq sched (EDF Job)
sequential_tasks arr_seq sched

  
Task: TaskType
H: TaskCost Task
H0: TaskDeadline Task
H1: TaskMaxNonpreemptiveSegment Task
Job: JobType
H2: JobTask Job Task
Arrival: JobArrival Job
Cost: JobCost Job
PState: ProcessorState Job
H_uniproc: uniprocessor_model PState
arr_seq: arrival_sequence Job
H_valid_arrivals: valid_arrival_sequence arr_seq
sched: schedule PState
H3: JobReady Job PState
H_job_ready: work_bearing_readiness arr_seq sched
H_sched_valid: valid_schedule sched arr_seq
H4: JobPreemptable Job
H_valid_preemption_model: valid_preemption_model
  arr_seq sched
H_respects_policy: respects_JLFP_policy_at_preemption_point
  arr_seq sched (EDF Job)
sequential_tasks arr_seq sched

    
Task: TaskType
H: TaskCost Task
H0: TaskDeadline Task
H1: TaskMaxNonpreemptiveSegment Task
Job: JobType
H2: JobTask Job Task
Arrival: JobArrival Job
Cost: JobCost Job
PState: ProcessorState Job
H_uniproc: uniprocessor_model PState
arr_seq: arrival_sequence Job
H_valid_arrivals: valid_arrival_sequence arr_seq
sched: schedule PState
H3: JobReady Job PState
H_job_ready: work_bearing_readiness arr_seq sched
H_sched_valid: valid_schedule sched arr_seq
H4: JobPreemptable Job
H_valid_preemption_model: valid_preemption_model
  arr_seq sched
H_respects_policy: respects_JLFP_policy_at_preemption_point
  arr_seq sched (EDF Job)
j1, j2: Job
t: instant
ARR1: arrives_in arr_seq j1
ARR2: arrives_in arr_seq j2
SAME: same_task j1 j2
LT: job_arrival j1 < job_arrival j2
scheduled_at sched j2 t -> completed_by sched j1 t

    
Task: TaskType
H: TaskCost Task
H0: TaskDeadline Task
H1: TaskMaxNonpreemptiveSegment Task
Job: JobType
H2: JobTask Job Task
Arrival: JobArrival Job
Cost: JobCost Job
PState: ProcessorState Job
H_uniproc: uniprocessor_model PState
arr_seq: arrival_sequence Job
H_valid_arrivals: valid_arrival_sequence arr_seq
sched: schedule PState
H3: JobReady Job PState
H_job_ready: work_bearing_readiness arr_seq sched
H_sched_valid: valid_schedule sched arr_seq
H4: JobPreemptable Job
H_valid_preemption_model: valid_preemption_model
  arr_seq sched
H_respects_policy: respects_JLFP_policy_at_preemption_point
  arr_seq sched (EDF Job)
j1, j2: Job
t: instant
ARR1: arrives_in arr_seq j1
ARR2: arrives_in arr_seq j2
SAME: same_task j1 j2
LT: job_arrival j1 < job_arrival j2
always_higher_priority j1 j2

    
Task: TaskType
H: TaskCost Task
H0: TaskDeadline Task
H1: TaskMaxNonpreemptiveSegment Task
Job: JobType
H2: JobTask Job Task
Arrival: JobArrival Job
Cost: JobCost Job
PState: ProcessorState Job
H_uniproc: uniprocessor_model PState
arr_seq: arrival_sequence Job
H_valid_arrivals: valid_arrival_sequence arr_seq
sched: schedule PState
H3: JobReady Job PState
H_job_ready: work_bearing_readiness arr_seq sched
H_sched_valid: valid_schedule sched arr_seq
H4: JobPreemptable Job
H_valid_preemption_model: valid_preemption_model
  arr_seq sched
H_respects_policy: respects_JLFP_policy_at_preemption_point
  arr_seq sched (EDF Job)
j1, j2: Job
t: instant
ARR1: arrives_in arr_seq j1
ARR2: arrives_in arr_seq j2
SAME: same_task j1 j2
LT: job_arrival j1 < job_arrival j2
(job_arrival j1 <= job_arrival j2) &&
~~ (job_arrival j2 <= job_arrival j1)
Task: TaskType
H: TaskCost Task
H0: TaskDeadline Task
H1: TaskMaxNonpreemptiveSegment Task
Job: JobType
H2: JobTask Job Task
Arrival: JobArrival Job
Cost: JobCost Job
PState: ProcessorState Job
H_uniproc: uniprocessor_model PState
arr_seq: arrival_sequence Job
H_valid_arrivals: valid_arrival_sequence arr_seq
sched: schedule PState
H3: JobReady Job PState
H_job_ready: work_bearing_readiness arr_seq sched
H_sched_valid: valid_schedule sched arr_seq
H4: JobPreemptable Job
H_valid_preemption_model: valid_preemption_model
  arr_seq sched
H_respects_policy: respects_JLFP_policy_at_preemption_point
  arr_seq sched (EDF Job)
j1, j2: Job
t: instant
ARR1: arrives_in arr_seq j1
ARR2: arrives_in arr_seq j2
SAME: same_task j1 j2
LT: job_arrival j1 < job_arrival j2
same_task j2 j1

    
Task: TaskType
H: TaskCost Task
H0: TaskDeadline Task
H1: TaskMaxNonpreemptiveSegment Task
Job: JobType
H2: JobTask Job Task
Arrival: JobArrival Job
Cost: JobCost Job
PState: ProcessorState Job
H_uniproc: uniprocessor_model PState
arr_seq: arrival_sequence Job
H_valid_arrivals: valid_arrival_sequence arr_seq
sched: schedule PState
H3: JobReady Job PState
H_job_ready: work_bearing_readiness arr_seq sched
H_sched_valid: valid_schedule sched arr_seq
H4: JobPreemptable Job
H_valid_preemption_model: valid_preemption_model
  arr_seq sched
H_respects_policy: respects_JLFP_policy_at_preemption_point
  arr_seq sched (EDF Job)
j1, j2: Job
t: instant
ARR1: arrives_in arr_seq j1
ARR2: arrives_in arr_seq j2
SAME: same_task j1 j2
LT: job_arrival j1 < job_arrival j2
(job_arrival j1 <= job_arrival j2) &&
~~ (job_arrival j2 <= job_arrival j1)
 by rewrite -ltnNge; apply/andP; split => //.
    
Task: TaskType
H: TaskCost Task
H0: TaskDeadline Task
H1: TaskMaxNonpreemptiveSegment Task
Job: JobType
H2: JobTask Job Task
Arrival: JobArrival Job
Cost: JobCost Job
PState: ProcessorState Job
H_uniproc: uniprocessor_model PState
arr_seq: arrival_sequence Job
H_valid_arrivals: valid_arrival_sequence arr_seq
sched: schedule PState
H3: JobReady Job PState
H_job_ready: work_bearing_readiness arr_seq sched
H_sched_valid: valid_schedule sched arr_seq
H4: JobPreemptable Job
H_valid_preemption_model: valid_preemption_model
  arr_seq sched
H_respects_policy: respects_JLFP_policy_at_preemption_point
  arr_seq sched (EDF Job)
j1, j2: Job
t: instant
ARR1: arrives_in arr_seq j1
ARR2: arrives_in arr_seq j2
SAME: same_task j1 j2
LT: job_arrival j1 < job_arrival j2
same_task j2 j1
 by rewrite same_task_sym.
  Qed.

End SequentialEDF.