Library prosa.analysis.abstract.restricted_supply.iw_instantiation

Require Export prosa.analysis.facts.interference.
Require Export prosa.analysis.abstract.IBF.supply_task.
Require Export prosa.analysis.facts.busy_interval.service_inversion.

JLFP Instantiation of Interference and Interfering Workload for Restricted-Supply Uniprocessor

In this module we instantiate functions Interference and Interfering Workload for the restricted-supply uni-processor schedulers with an arbitrary JLFP-policy that satisfies the sequential-tasks hypothesis. We also prove equivalence of Interference and Interfering Workload to the more conventional notions of service or workload.

Section JLFPInstantiation.

Consider any type of tasks ...

Context {Task : TaskType}.
Context `{TaskCost Task}.

... and any type of jobs associated with these tasks.

  Context {Job : JobType}.
  Context `{JobTask Job Task}.
  Context `{JobArrival Job}.
  Context `{JobCost Job}.

Consider any kind of fully supply-consuming unit-supply uniprocessor model.

  Context `{PState : ProcessorState Job}.
  Hypothesis H_uniprocessor_proc_model : uniprocessor_model PState.
  Hypothesis H_unit_supply_proc_model : unit_supply_proc_model PState.
  Hypothesis H_consumed_supply_proc_model : fully_consuming_proc_model PState.

Consider any valid arrival sequence with consistent arrivals...

Variable arr_seq : arrival_sequence Job.
Hypothesis H_valid_arrival_sequence : valid_arrival_sequence arr_seq.

... and any valid uni-processor schedule of this arrival sequence...

  Variable sched : schedule PState.
  Hypothesis H_jobs_come_from_arrival_sequence :
    jobs_come_from_arrival_sequence sched arr_seq.

... where jobs do not execute before their arrival or after completion.

Hypothesis H_jobs_must_arrive_to_execute : jobs_must_arrive_to_execute sched.
Hypothesis H_completed_jobs_dont_execute : completed_jobs_dont_execute sched.

Consider a JLFP-policy that indicates a higher-or-equal priority relation, and assume that this relation is reflexive and transitive.

Context {JLFP : JLFP_policy Job}.
Hypothesis H_priority_is_reflexive : reflexive_job_priorities JLFP.

Let tsk be any task.

Variable tsk : Task.

Interference and Interfering Workload

In the following, we introduce definitions of interference and interfering workload.

Instantiation of Interference

We say that job j incurs interference at time t iff it cannot execute due to (1) the lack of supply at time t, (2) due to service inversion (i.e., a lower-priority job receiving service at t), or higher-or-equal-priority job receiving service.

  #[local] Instance rs_jlfp_interference : Interference Job :=
    {
      interference (j : Job) (t : instant) :=
        is_blackout sched t
        || service_inversion arr_seq sched j t
        || another_hep_job_interference arr_seq sched j t
    }.

Instantiation of Interfering Workload

The interfering workload, in turn, is defined as the sum of the blackout predicate, service inversion predicate, and interfering workload of jobs with higher or equal priority.

  #[local] Instance rs_jlfp_interfering_workload : InterferingWorkload Job :=
    {
      interfering_workload (j : Job) (t : instant) :=
        is_blackout sched t
        + service_inversion arr_seq sched j t
        + other_hep_jobs_interfering_workload arr_seq j t
    }.

Equivalences

In this section we prove useful equivalences between the definitions obtained by instantiation of definitions from the Abstract RTA module (interference and interfering workload) and definitions corresponding to the conventional concepts.

As it was mentioned previously, instantiated functions of interference and interfering workload usually do not have any useful lemmas about them. However, it is possible to prove their equivalence to the more conventional notions like service or workload. Next we prove the equivalence between the instantiations and conventional notions.

Section Equivalences.

We prove that we can split cumulative interference into three parts: (1) blackout time, (2) cumulative service inversion, and (3) cumulative interference from jobs with higher or equal priority.

    Lemma cumulative_interference_split :
      ∀ j t1 t2,
        cumulative_interference j t1 t2
        = blackout_during sched t1 t2
          + cumulative_service_inversion arr_seq sched j t1 t2
          + cumulative_another_hep_job_interference arr_seq sched j t1 t2.

Similarly, we prove that we can split cumulative interfering workload into three parts: (1) blackout time, (2) cumulative service inversion, and (3) cumulative interfering workload from jobs with higher or equal priority.

    Lemma cumulative_interfering_workload_split :
      ∀ j t1 t2,
        cumulative_interfering_workload j t1 t2 =
          blackout_during sched t1 t2
          + cumulative_service_inversion arr_seq sched j t1 t2
          + cumulative_other_hep_jobs_interfering_workload arr_seq j t1 t2.

Let [t1, t2) be a time interval and let j be any job of task tsk that is not completed by time t2. Then cumulative interference received due jobs of other tasks executing can be bounded by the sum of the cumulative service inversion of job j and the cumulative interference incurred by task tsk due to other tasks.

    Lemma cumulative_task_interference_split :
      ∀ j t1 t2,
        arrives_in arr_seq j →
        job_of_task tsk j →
        ~~ completed_by sched j t2 →
        cumul_cond_interference (nonself_intra arr_seq sched) j t1 t2
        ≤ cumulative_service_inversion arr_seq sched j t1 t2
          + cumulative_another_task_hep_job_interference arr_seq sched j t1 t2.

We also show that the cumulative intra-supply interference can be split into the sum of the cumulative service inversion and cumulative interference incurred by the job due to other higher-or-equal priority jobs.

    Lemma cumulative_intra_interference_split :
      ∀ j t1 t2,
        cumul_cond_interference (fun (_j : Job) (t : instant) ⇒ has_supply sched t) j t1 t2
        ≤ cumulative_service_inversion arr_seq sched j t1 t2
          + cumulative_another_hep_job_interference arr_seq sched j t1 t2.

In this section, we prove that the (abstract) cumulative interfering workload due to other higher-or-equal priority jobs is equal to the conventional workload (from other higher-or-equal priority jobs).

Section InstantiatedWorkloadEquivalence.

Let [t1, t2) be any time interval.

Variables t1 t2 : instant.

Consider any job j of tsk.

      Variable j : Job.
      Hypothesis H_j_arrives : arrives_in arr_seq j.
      Hypothesis H_job_of_tsk : job_of_task tsk j.

The cumulative interfering workload (w.r.t. j) due to other higher-or-equal priority jobs is equal to the conventional workload from other higher-or-equal priority jobs.

      Lemma cumulative_iw_hep_eq_workload_of_ohep :
        cumulative_other_hep_jobs_interfering_workload arr_seq j t1 t2
        = workload_of_other_hep_jobs arr_seq j t1 t2.
    End InstantiatedWorkloadEquivalence.

In this section we prove that the abstract definition of busy interval is equivalent to the conventional, concrete definition of busy interval for JLFP scheduling.

Section BusyIntervalEquivalence.

In order to avoid confusion, we denote the notion of a quiet time in the classical sense as quiet_time_cl, and the notion of quiet time in the abstract sense as quiet_time_ab.

Let quiet_time_cl := classical.quiet_time arr_seq sched.
Let quiet_time_ab := abstract.definitions.quiet_time sched.

Same for the two notions of a busy interval prefix ...

Let busy_interval_prefix_cl := classical.busy_interval_prefix arr_seq sched.
Let busy_interval_prefix_ab := abstract.definitions.busy_interval_prefix sched.

... and the two notions of a busy interval.

Let busy_interval_cl := classical.busy_interval arr_seq sched.
Let busy_interval_ab := abstract.definitions.busy_interval sched.

Consider any job j of tsk.

Variable j : Job.
Hypothesis H_j_arrives : arrives_in arr_seq j.

To show the equivalence of the notions of busy intervals, we first show that the notions of quiet time are also equivalent.

First, we show that the classical notion of quiet time implies the abstract notion of quiet time.

Lemma quiet_time_cl_implies_quiet_time_ab :
∀ t, quiet_time_cl j t → quiet_time_ab j t.

And vice versa, the abstract notion of quiet time implies the classical notion of quiet time.

Lemma quiet_time_ab_implies_quiet_time_cl :
∀ t, quiet_time_ab j t → quiet_time_cl j t.

The equivalence trivially follows from the lemmas above.

      Corollary instantiated_quiet_time_equivalent_quiet_time :
        ∀ t,
          quiet_time_cl j t ↔ quiet_time_ab j t.

Based on that, we prove that the concept of a busy-interval prefix obtained by instantiating the abstract definition of busy-interval prefix coincides with the conventional definition of busy-interval prefix.

Lemma instantiated_busy_interval_prefix_equivalent_busy_interval_prefix :
∀ t1 t2, busy_interval_prefix_cl j t1 t2 ↔ busy_interval_prefix_ab j t1 t2.

Similarly, we prove that the concept of busy interval obtained by instantiating the abstract definition of busy interval coincides with the conventional definition of busy interval.

Lemma instantiated_busy_interval_equivalent_busy_interval :
∀ t1 t2, busy_interval_cl j t1 t2 ↔ busy_interval_ab j t1 t2.

For the sake of proof automation, we note the frequently needed special case of an abstract busy window implying the existence of a classic quiet time.

      Fact abstract_busy_interval_classic_quiet_time :
        ∀ t1 t2,
          busy_interval_ab j t1 t2 → quiet_time_cl j t1.

Also for automation, we note a similar fact about classic busy-window prefixes.

      Fact abstract_busy_interval_classic_busy_interval_prefix :
        ∀ t1 t2,
          busy_interval_ab j t1 t2 → busy_interval_prefix_cl j t1 t2.

    End BusyIntervalEquivalence.

  End Equivalences.

In this section we prove some properties about the interference and interfering workload as defined in this file.

Section I_IW_correctness.

Consider work-bearing readiness.

Context `{!JobReady Job PState}.
Hypothesis H_work_bearing_readiness : work_bearing_readiness arr_seq sched.

Assume that the schedule is valid and work-conserving.

Hypothesis H_sched_valid : valid_schedule sched arr_seq.

Note that we differentiate between abstract and classical notions of work-conserving schedule ...

Let work_conserving_ab := definitions.work_conserving arr_seq sched.
Let work_conserving_cl := work_conserving.work_conserving arr_seq sched.

... as well as notions of busy interval prefix.

Let busy_interval_prefix_ab := definitions.busy_interval_prefix sched.
Let busy_interval_prefix_cl := classical.busy_interval_prefix arr_seq sched.

We assume that the schedule is a work-conserving schedule in the classical sense, and later prove that the hypothesis about abstract work-conservation also holds.

Hypothesis H_work_conserving : work_conserving_cl.

In this section, we prove the correctness of interference inside the busy interval, i.e., we prove that if interference for a job is false then the job is scheduled and vice versa. This property is referred to as abstract work conservation.

Section Abstract_Work_Conservation.

Consider a job j that is in the arrival sequence and has a positive job cost.

      Variable j : Job.
      Hypothesis H_arrives : arrives_in arr_seq j.
      Hypothesis H_job_cost_positive : 0 < job_cost j.

Let the busy interval of the job be [t1, t2).

Variable t1 t2 : instant.
Hypothesis H_busy_interval_prefix : busy_interval_prefix_ab j t1 t2.

Consider a time t inside the busy interval of the job.

Variable t : instant.
Hypothesis H_t_in_busy_interval : t1 ≤ t < t2.

First, we note that, similarly to the ideal uni-processor case, there is no idle time inside of a busy interval. That is, there is a job scheduled at time t.

Local Lemma busy_implies_not_idle :
∃ j , scheduled_at sched j t.

We then prove that if interference is false at a time t then the job is scheduled.

Lemma not_interference_implies_scheduled :
~~ interference j t → receives_service_at sched j t.

Conversely, if the job is scheduled at t then interference is false.

      Lemma scheduled_implies_no_interference :
        receives_service_at sched j t → ~~ interference j t.

    End Abstract_Work_Conservation.

Using the above two lemmas, we can prove that abstract work conservation always holds for these instantiations of interference (I) and interfering workload (W).

Corollary instantiated_i_and_w_are_coherent_with_schedule :
work_conserving_ab.

Next, in order to prove that these definitions of interference and interfering workload are consistent with sequential tasks, we need to assume that the policy under consideration respects sequential tasks.

Hypothesis H_policy_respects_sequential_tasks : policy_respects_sequential_tasks JLFP.

We prove that these definitions of interference and interfering workload are consistent with sequential tasks.

Lemma instantiated_interference_and_workload_consistent_with_sequential_tasks :
interference_and_workload_consistent_with_sequential_tasks arr_seq sched tsk.

Finally, we show that cumulative interference (I) never exceeds cumulative interfering workload (W).

    Lemma instantiated_i_and_w_no_speculative_execution :
      no_speculative_execution.

  End I_IW_correctness.

End JLFPInstantiation.