Library prosa.analysis.abstract.IBF.task
Require Export prosa.analysis.definitions.task_schedule.
Require Export prosa.analysis.facts.model.rbf.
Require Export prosa.analysis.facts.model.task_schedule.
Require Export prosa.analysis.facts.model.sequential.
Require Export prosa.analysis.abstract.abstract_rta.
Require Export prosa.analysis.facts.model.rbf.
Require Export prosa.analysis.facts.model.task_schedule.
Require Export prosa.analysis.facts.model.sequential.
Require Export prosa.analysis.abstract.abstract_rta.
In this section, we define a notion of task interference-bound
function task_IBF. Function task_IBF bounds interference that
excludes interference due to self-interference.
Consider any type of job associated with any type of tasks...
... with arrival times and costs.
Consider any kind of processor state model.
Consider any arrival sequence ...
... and any schedule of this arrival sequence.
Let tsk be any task that is to be analyzed.
Assume we are provided with abstract functions for interference
and interfering workload.
Next we introduce the notion of task interference.
Intuitively, task tsk incurs interference when some of the
jobs of task tsk incur interference. As a result, tsk cannot
make any progress.
More formally, consider a job j of task tsk. The task
experiences interference at time t if job j experiences
interference (interference j t = true) and task tsk is not
scheduled at time t.
Let us define a predicate stating that the task of a job j is
not scheduled at a time instant t.
We define task interference as conditional interference where
nonself is used as the predicate. This way, task_interference
j t is false if the interference experienced by a job j is
caused by a job of the same task.
Next, we define the cumulative task interference.
Consider an interference bound function task_IBF.
We say that task interference is bounded by task_IBF iff for
any job j of task tsk cumulative task interference within
the interval
[t1, t1 + R) is bounded by function task_IBF(tsk, A, R).
Definition task_interference_is_bounded_by :=
cond_interference_is_bounded_by
arr_seq sched tsk task_IBF (relative_arrival_time_of_job_is_A sched) nonself.
End TaskInterferenceBound.
cond_interference_is_bounded_by
arr_seq sched tsk task_IBF (relative_arrival_time_of_job_is_A sched) nonself.
End TaskInterferenceBound.
In the following section, we prove that, under certain assumptions
defined next, the fact that a function task_IBF tsk A R
satisfies hypothesis task_interference_is_bounded_by implies
that a function (task_rbf (A + ε) - task_cost tsk) + task_IBF tsk
A R satisfies job_interference_is_bounded_by. In other words,
the self-interference can be bounded by the term (task_rbf (A +
ε) - task_cost tsk), where A is the relative arrival time of a
job under analysis.
Consider any type of tasks ...
... and any type of jobs associated with these tasks.
Context {Job : JobType}.
Context `{JobTask Job Task}.
Context `{JobArrival Job}.
Context {jc : JobCost Job}.
Context `{JobTask Job Task}.
Context `{JobArrival Job}.
Context {jc : JobCost Job}.
Consider any kind of ideal uni-processor state model.
Context `{PState : ProcessorState Job}.
Hypothesis H_uniprocessor_proc_model : uniprocessor_model PState.
Hypothesis H_unit_service_proc_model : unit_service_proc_model PState.
Hypothesis H_uniprocessor_proc_model : uniprocessor_model PState.
Hypothesis H_unit_service_proc_model : unit_service_proc_model PState.
Consider any valid arrival sequence with consistent, non-duplicate arrivals...
Variable arr_seq : arrival_sequence Job.
Hypothesis H_valid_arrival_sequence : valid_arrival_sequence arr_seq.
Hypothesis H_valid_arrival_sequence : valid_arrival_sequence arr_seq.
... and any ideal schedule of this arrival sequence.
Variable sched : schedule PState.
Hypothesis H_jobs_come_from_arrival_sequence : jobs_come_from_arrival_sequence sched arr_seq.
Hypothesis H_jobs_come_from_arrival_sequence : jobs_come_from_arrival_sequence sched arr_seq.
... where jobs do not execute before their arrival nor after completion.
Hypothesis H_jobs_must_arrive_to_execute : jobs_must_arrive_to_execute sched.
Hypothesis H_completed_jobs_dont_execute : completed_jobs_dont_execute sched.
Hypothesis H_completed_jobs_dont_execute : completed_jobs_dont_execute sched.
Assume that the job costs are no larger than the task costs.
Consider an arbitrary task set.
Let tsk be any task in ts that is to be analyzed.
Let max_arrivals be a family of valid arrival curves, i.e.,
for any task tsk in ts, max_arrival tsk is (1) an arrival
bound of tsk, and (2) it is a monotonic function that equals
0 for the empty interval delta = 0.
Context `{MaxArrivals Task}.
Hypothesis H_valid_arrival_curve : valid_taskset_arrival_curve ts max_arrivals.
Hypothesis H_is_arrival_curve : taskset_respects_max_arrivals arr_seq ts.
Hypothesis H_valid_arrival_curve : valid_taskset_arrival_curve ts max_arrivals.
Hypothesis H_is_arrival_curve : taskset_respects_max_arrivals arr_seq ts.
Assume we are provided with abstract functions for interference
and interfering workload.
We assume that the schedule is work-conserving.
Let's define some local names for clarity.
When assuming sequential tasks, we need to introduce an
additional hypothesis to ensure that the values of interference
and workload remain consistent with the priority policy.
To understand why, let us consider a case where the sequential
task assumption does not hold, and then work
backwards. Consider a fully preemptive policy that assigns the
highest priority to the job that was released last. Then, if
there is a pending job j of a task tsk, it is not a part of
a busy interval of the next job j' of the same task. In this
case, both the interference and the interfering workload of job
j' will simply ignore job j. Thus, it is possible to have a
quiet time (for j') even though j is pending.
Now, assuming that our priority policy ensures that tasks are
sequential, the situation described above is impossible (job j
will always have a higher-or-equal priority than job j').
Hence, we need to rule our interference and interfering workload
instantiations that do not conform to the sequential tasks
assumption.
We ensure the consistency by assuming that, when a busy interval
of a job j of task tsk starts, both the cumulative task
workload and the task service must be equal within the interval
[0, t1). This implies that a busy interval for job j
cannot start if there is another pending job of the same task
tsk.
Definition interference_and_workload_consistent_with_sequential_tasks :=
∀ (j : Job) (t1 t2 : instant),
arrives_in arr_seq j →
job_of_task tsk j →
job_cost j > 0 →
busy_interval sched j t1 t2 →
task_workload_between arr_seq tsk 0 t1
= task_service_of_jobs_in sched tsk (arrivals_between 0 t1) 0 t1.
∀ (j : Job) (t1 t2 : instant),
arrives_in arr_seq j →
job_of_task tsk j →
job_cost j > 0 →
busy_interval sched j t1 t2 →
task_workload_between arr_seq tsk 0 t1
= task_service_of_jobs_in sched tsk (arrivals_between 0 t1) 0 t1.
To prove the reduction from task_IBF to job_IBF, we need to
ensure that the scheduling policy, interference, and interfering
workload all respect the sequential tasks hypothesis. For this,
we assume that (1) tasks are sequential and (2) functions
interference and interfering_workload are consistent with the
hypothesis of sequential tasks.
Hypothesis H_sequential_tasks : sequential_tasks arr_seq sched.
Hypothesis H_interference_and_workload_consistent_with_sequential_tasks :
interference_and_workload_consistent_with_sequential_tasks.
Hypothesis H_interference_and_workload_consistent_with_sequential_tasks :
interference_and_workload_consistent_with_sequential_tasks.
Next, we assume that task_IBF is a bound on interference
incurred by the task.
Variable task_IBF : duration → duration → duration.
Hypothesis H_task_interference_is_bounded :
task_interference_is_bounded_by arr_seq sched tsk task_IBF.
Hypothesis H_task_interference_is_bounded :
task_interference_is_bounded_by arr_seq sched tsk task_IBF.
Before proceed to the main proof, we first show a few simple
lemmas about the completion of jobs from the task considering
the busy interval of the job under consideration.
Variable j1 j2 : Job.
Hypothesis H_j1_arrives : arrives_in arr_seq j1.
Hypothesis H_j2_arrives : arrives_in arr_seq j2.
Hypothesis H_j1_from_tsk : job_of_task tsk j1.
Hypothesis H_j2_from_tsk : job_of_task tsk j2.
Hypothesis H_j1_cost_positive : job_cost_positive j1.
Hypothesis H_j1_arrives : arrives_in arr_seq j1.
Hypothesis H_j2_arrives : arrives_in arr_seq j2.
Hypothesis H_j1_from_tsk : job_of_task tsk j1.
Hypothesis H_j2_from_tsk : job_of_task tsk j2.
Hypothesis H_j1_cost_positive : job_cost_positive j1.
Consider the busy interval
[t1, t2) of job j1.
We prove that if a job from task tsk arrived before the
beginning of the busy interval, then it must be completed
before the beginning of the busy interval
Next we prove that if a job is pending after the beginning of
the busy interval
[t1, t2) then it arrives after t1.
Lemma arrives_after_beginning_of_busy_interval :
∀ t,
t1 ≤ t →
pending sched j2 t →
arrived_between j2 t1 t.+1.
End CompletionOfJobsFromSameTask.
∀ t,
t1 ≤ t →
pending sched j2 t →
arrived_between j2 t1 t.+1.
End CompletionOfJobsFromSameTask.
In this section we show that there exists a bound for cumulative
interference for any job of task tsk.
Variable j : Job.
Hypothesis H_j_arrives : arrives_in arr_seq j.
Hypothesis H_job_of_tsk : job_of_task tsk j.
Hypothesis H_job_cost_positive : job_cost_positive j.
Hypothesis H_j_arrives : arrives_in arr_seq j.
Hypothesis H_job_of_tsk : job_of_task tsk j.
Hypothesis H_job_cost_positive : job_cost_positive j.
Consider the busy interval
[t1, t2) of job j.
Consider an arbitrary time x ...
In this section, we show that the cumulative interference of
job j in the interval
[t1, t1 + x) is bounded by the sum
of the task workload in the interval [t1, t1 + A + ε) and
the cumulative interference of j's task in the interval
[t1, t1 + x). Note that the task workload is computed only
on the interval [t1, t1 + A + ε). Thanks to the hypothesis
about sequential tasks, jobs of task tsk that arrive after
t1 + A + ε cannot interfere with j.
We start by proving a simpler analog of the lemma that
states that at any time instant
Next we consider 4 cases.
t ∈ [t1, t1 + x) the sum
of interference j t and scheduled_at j t is no larger
than the sum of the service received by jobs of task tsk at
time t and task_iterference tsk t.
Consider an arbitrary time instant t ∈
[t1, t1 + x).
Assume the processor is idle at time t.
In case when the processor is idle, one can show that
interference j t = 1, service_at j t = 0. But since
interference doesn't come from a job of task tsk
task_interference tsk = 1. Which reduces to 1 ≤
1.
Lemma interference_plus_sched_le_serv_of_task_plus_task_interference_idle :
interference j t + service_at sched j t
≤ service_of_jobs_at sched (job_of_task tsk) (arrivals_between t1 (t1 + A + ε)) t
+ task_interference arr_seq sched j t.
End Case1.
Section Case2.
interference j t + service_at sched j t
≤ service_of_jobs_at sched (job_of_task tsk) (arrivals_between t1 (t1 + A + ε)) t
+ task_interference arr_seq sched j t.
End Case1.
Section Case2.
Variable j' : Job.
Hypothesis H_sched : scheduled_at sched j' t.
Hypothesis H_not_job_of_tsk : ~~ job_of_task tsk j'.
Hypothesis H_sched : scheduled_at sched j' t.
Hypothesis H_not_job_of_tsk : ~~ job_of_task tsk j'.
If a job j' from another task is scheduled at time
t, then interference j t = 1, served_at j t = 0. But
since interference doesn't come from a job of task tsk
task_interference tsk = 1. Which reduces to 1 ≤
1.
Lemma interference_plus_sched_le_serv_of_task_plus_task_interference_task:
interference j t + service_at sched j t
≤ service_of_jobs_at sched (job_of_task tsk) (arrivals_between t1 (t1 + A + ε)) t
+ task_interference arr_seq sched j t.
End Case2.
Section Case3.
interference j t + service_at sched j t
≤ service_of_jobs_at sched (job_of_task tsk) (arrivals_between t1 (t1 + A + ε)) t
+ task_interference arr_seq sched j t.
End Case2.
Section Case3.
Variable j' : Job.
Hypothesis H_sched : scheduled_at sched j' t.
Hypothesis H_not_job_of_tsk : job_of_task tsk j'.
Hypothesis H_serv : service_at sched j' t = 0.
Hypothesis H_sched : scheduled_at sched j' t.
Hypothesis H_not_job_of_tsk : job_of_task tsk j'.
Hypothesis H_serv : service_at sched j' t = 0.
If a job j' of task tsk is scheduled at time t,
then interference j t = 1, service_at j t =
0. Moreover, since interference comes from a job of the
same task task_interference tsk = 0. However, in this
case service_of_jobs of tsk = 1. Which reduces to 1 ≤
1.
Lemma interference_plus_sched_le_serv_of_task_plus_task_interference_job :
interference j t + service_at sched j t
≤ service_of_jobs_at sched (job_of_task tsk) (arrivals_between t1 (t1 + A + ε)) t
+ task_interference arr_seq sched j t.
End Case3.
Section Case4.
interference j t + service_at sched j t
≤ service_of_jobs_at sched (job_of_task tsk) (arrivals_between t1 (t1 + A + ε)) t
+ task_interference arr_seq sched j t.
End Case3.
Section Case4.
Before proceeding to the last case, let us note that the
sum of interference and the service of j at t always
equals to 1.
Variable j' : Job.
Hypothesis H_sched : scheduled_at sched j' t.
Hypothesis H_not_job_of_tsk : job_of_task tsk j'.
Hypothesis H_serv : service_at sched j' t = 1.
Hypothesis H_sched : scheduled_at sched j' t.
Hypothesis H_not_job_of_tsk : job_of_task tsk j'.
Hypothesis H_serv : service_at sched j' t = 1.
If job j' is served at time t, then service_of_jobs
of tsk = 1. With the fact that interference +
service_at = 1, we get the inequality to 1 ≤ 1.
Lemma interference_plus_sched_le_serv_of_task_plus_task_interference_j :
interference j t + service_at sched j t
≤ service_of_jobs_at sched (job_of_task tsk) (arrivals_between t1 (t1 + A + ε)) t
+ task_interference arr_seq sched j t.
End Case4.
interference j t + service_at sched j t
≤ service_of_jobs_at sched (job_of_task tsk) (arrivals_between t1 (t1 + A + ε)) t
+ task_interference arr_seq sched j t.
End Case4.
We use the above case analysis to prove that any time
instant
t ∈ [t1, t1 + x) the sum of interference j t
and scheduled_at j t is no larger than the sum of the
service received by jobs of task tsk at time t and
task_iterference tsk t.
Lemma interference_plus_sched_le_serv_of_task_plus_task_interference:
interference j t + service_at sched j t
≤ service_of_jobs_at sched (job_of_task tsk) (arrivals_between t1 (t1 + A + ε)) t
+ task_interference arr_seq sched j t.
End CaseAnalysis.
interference j t + service_at sched j t
≤ service_of_jobs_at sched (job_of_task tsk) (arrivals_between t1 (t1 + A + ε)) t
+ task_interference arr_seq sched j t.
End CaseAnalysis.
Next we prove cumulative version of the lemma above.
Lemma cumul_interference_plus_sched_le_serv_of_task_plus_cumul_task_interference:
cumulative_interference j t1 (t1 + x)
≤ (task_service_of_jobs_in sched tsk (arrivals_between t1 (t1 + A + ε)) t1 (t1 + x)
- service_during sched j t1 (t1 + x)) + cumul_task_interference arr_seq sched j t1 (t1 + x).
cumulative_interference j t1 (t1 + x)
≤ (task_service_of_jobs_in sched tsk (arrivals_between t1 (t1 + A + ε)) t1 (t1 + x)
- service_during sched j t1 (t1 + x)) + cumul_task_interference arr_seq sched j t1 (t1 + x).
As the next step, the service terms in the inequality above
can be upper-bound by the workload terms.
Lemma serv_of_task_le_workload_of_task_plus:
task_service_of_jobs_in sched tsk (arrivals_between t1 (t1 + A + ε)) t1 (t1 + x)
- service_during sched j t1 (t1 + x) + cumul_task_interference arr_seq sched j t1 (t1 + x)
≤ (task_workload_between arr_seq tsk t1 (t1 + A + ε) - job_cost j)
+ cumul_task_interference arr_seq sched j t1 (t1 + x).
task_service_of_jobs_in sched tsk (arrivals_between t1 (t1 + A + ε)) t1 (t1 + x)
- service_during sched j t1 (t1 + x) + cumul_task_interference arr_seq sched j t1 (t1 + x)
≤ (task_workload_between arr_seq tsk t1 (t1 + A + ε) - job_cost j)
+ cumul_task_interference arr_seq sched j t1 (t1 + x).
Finally, we show that the cumulative interference of job j
in the interval
[t1, t1 + x) is bounded by the sum of
the task workload in the interval t1, t1 + A + ε) and the
cumulative interference of [j]'s task in the interval <<[t1,
t1 + x)>>.
Lemma cumulative_job_interference_le_task_interference_bound:
cumulative_interference j t1 (t1 + x)
≤ (task_workload_between arr_seq tsk t1 (t1 + A + ε) - job_cost j)
+ cumul_task_interference arr_seq sched j t1 (t1 + x).
End TaskInterferenceBoundsInterference.
cumulative_interference j t1 (t1 + x)
≤ (task_workload_between arr_seq tsk t1 (t1 + A + ε) - job_cost j)
+ cumul_task_interference arr_seq sched j t1 (t1 + x).
End TaskInterferenceBoundsInterference.
We use the lemmas above to obtain the bound on interference
in terms of task_rbf and task_interference.
Lemma cumulative_job_interference_bound :
cumulative_interference j t1 (t1 + x)
≤ (task_rbf (A + ε) - task_cost tsk) + cumul_task_interference arr_seq sched j t1 (t1 + x).
End BoundOfCumulativeJobInterference.
cumulative_interference j t1 (t1 + x)
≤ (task_rbf (A + ε) - task_cost tsk) + cumul_task_interference arr_seq sched j t1 (t1 + x).
End BoundOfCumulativeJobInterference.
Finally, we show that one can construct a job IBF from the given task IBF.