Library prosa.analysis.facts.behavior.completion
Require Export prosa.analysis.facts.behavior.service.
Require Export prosa.analysis.facts.behavior.arrivals.
Require Export prosa.analysis.definitions.schedule_prefix.
Require Export prosa.analysis.definitions.job_properties.
Require Export prosa.analysis.facts.behavior.arrivals.
Require Export prosa.analysis.definitions.schedule_prefix.
Require Export prosa.analysis.definitions.job_properties.
Consider any job type,...
...any kind of processor model,...
...and a given schedule.
Let j be any job that is to be scheduled.
We prove that after job j completes, it remains completed.
Lemma incompletion_monotonic:
∀ t t',
t ≤ t' →
~~ completed_by sched j t' →
~~ completed_by sched j t.
∀ t t',
t ≤ t' →
~~ completed_by sched j t' →
~~ completed_by sched j t.
We observe that being incomplete is the same as not having received
sufficient service yet...
Lemma less_service_than_cost_is_incomplete:
∀ t,
service sched j t < job_cost j
↔ ~~ completed_by sched j t.
∀ t,
service sched j t < job_cost j
↔ ~~ completed_by sched j t.
...which is also the same as having positive remaining cost.
Lemma incomplete_is_positive_remaining_cost:
∀ t,
~~ completed_by sched j t
↔ remaining_cost sched j t > 0.
∀ t,
~~ completed_by sched j t
↔ remaining_cost sched j t > 0.
Trivially, it follows that an incomplete job has a positive cost.
In the remainder of this section, we assume that schedules are
"well-formed": jobs are scheduled neither before their arrival
nor after their completion.
Hypothesis H_jobs_must_arrive_to_execute : jobs_must_arrive_to_execute sched.
Hypothesis H_completed_jobs : completed_jobs_dont_execute sched.
Hypothesis H_completed_jobs : completed_jobs_dont_execute sched.
Clearly, if a job is scheduled, its cost is positive.
To simplify subsequent proofs, we restate the assumption
H_completed_jobs as a trivial corollary.
We observe that a job that is completed at the instant of its
arrival has a cost of zero.
Lemma completed_on_arrival_implies_zero_cost :
completed_by sched j (job_arrival j) →
job_cost j = 0.
completed_by sched j (job_arrival j) →
job_cost j = 0.
Further, we note that if a job receives service at some time t, then its
remaining cost at this time is positive.
Lemma serviced_implies_positive_remaining_cost:
∀ t,
service_at sched j t > 0 →
remaining_cost sched j t > 0.
∀ t,
service_at sched j t > 0 →
remaining_cost sched j t > 0.
Consequently, if we have a have processor model where scheduled jobs
necessarily receive service, we can conclude that scheduled jobs have
remaining positive cost.
Assume a scheduled job always receives some positive service.
To simplify subsequent proofs, we restate the assumption
H_scheduled_implies_serviced as a trivial corollary.
Then a scheduled job has positive remaining cost.
Corollary scheduled_implies_positive_remaining_cost:
∀ t,
scheduled_at sched j t →
remaining_cost sched j t > 0.
∀ t,
scheduled_at sched j t →
remaining_cost sched j t > 0.
We also prove that a scheduled job cannot be completed...
... and that a completed job cannot be scheduled.
Job j cannot be pending before and at time 0.
In this section, we establish some facts that are really about service,
but are also related to completion and rely on some of the above lemmas.
Hence they are in this file rather than in the service facts file.
Consider any job type,...
...any kind of processor model,...
...and a given schedule.
Assume that completed jobs do not execute.
Let j be any job that is to be scheduled.
Assume that a scheduled job receives exactly one time unit of service.
To simplify subsequent proofs, we restate the assumption
H_unit_service as a trivial corollary.
To begin with, we establish that the cumulative service never exceeds a
job's total cost if service increases only by one at each step since
completed jobs don't execute.
This lets us conclude that service and remaining_cost are complements
of one another.
We show that the service received by job j in any interval is no larger
than its cost.
Lemma job_doesnt_complete_before_remaining_cost:
∀ t,
~~ completed_by sched j t →
~~ completed_by sched j (t + remaining_cost sched j t - 1).
Section GuaranteedService.
∀ t,
~~ completed_by sched j t →
~~ completed_by sched j (t + remaining_cost sched j t - 1).
Section GuaranteedService.
Assume a scheduled job always receives some positive service.
Assume that jobs are not released early.
To simplify subsequent proofs, we restate the assumption
H_jobs_must_arrive as a trivial corollary.
We show that if job j is scheduled, then it must be pending.
Lemma scheduled_implies_pending:
∀ t,
scheduled_at sched j t →
pending sched j t.
End GuaranteedService.
End ServiceAndCompletionFacts.
∀ t,
scheduled_at sched j t →
pending sched j t.
End GuaranteedService.
End ServiceAndCompletionFacts.
In this section, we establish facts that on jobs with non-zero costs that
must arrive to execute.
Consider any type of jobs with cost and arrival-time attributes,...
...any kind of processor model,...
...and a given schedule.
Let j be any job that is to be scheduled.
We assume that job j has positive cost, from which we can
infer that there always is a time in which j is pending, ...
...and that jobs must arrive to execute.
Then, we prove that the job with a positive cost
must be scheduled to be completed.
Lemma completed_implies_scheduled_before:
∀ t,
completed_by sched j t →
∃ t',
job_arrival j ≤ t' < t
∧ scheduled_at sched j t'.
∀ t,
completed_by sched j t →
∃ t',
job_arrival j ≤ t' < t
∧ scheduled_at sched j t'.
We also prove that the job is pending at the moment of its arrival.
Lemma job_pending_at_arrival:
pending sched j (job_arrival j).
End PositiveCost.
Section CompletedJobs.
pending sched j (job_arrival j).
End PositiveCost.
Section CompletedJobs.
Consider any kinds of jobs and any kind of processor state.
Consider any schedule...
...and suppose that jobs have a cost, an arrival time, and a notion of
readiness.
We observe that a given job is ready only if it is also incomplete...
...and lift this observation also to the level of whole schedules.
Lemma completed_jobs_are_not_ready:
jobs_must_be_ready_to_execute sched →
completed_jobs_dont_execute sched.
jobs_must_be_ready_to_execute sched →
completed_jobs_dont_execute sched.
Furthermore, in a valid schedule, completed jobs don't execute.
Corollary valid_schedule_implies_completed_jobs_dont_execute:
∀ arr_seq,
valid_schedule sched arr_seq →
completed_jobs_dont_execute sched.
∀ arr_seq,
valid_schedule sched arr_seq →
completed_jobs_dont_execute sched.
We further observe that completed jobs don't execute if scheduled jobs
always receive non-zero service and cumulative service never exceeds job
costs.
Lemma ideal_progress_completed_jobs:
ideal_progress_proc_model PState →
(∀ j t, service sched j t ≤ job_cost j) →
completed_jobs_dont_execute sched.
End CompletedJobs.
ideal_progress_proc_model PState →
(∀ j t, service sched j t ≤ job_cost j) →
completed_jobs_dont_execute sched.
End CompletedJobs.
We add the above lemma into a "Hint Database" basic_rt_facts, so Coq
will be able to apply it automatically.
Global Hint Resolve valid_schedule_implies_completed_jobs_dont_execute : basic_rt_facts.
Next, we relate the completion of jobs in schedules with identical prefixes.
Consider any processor model and any type of jobs with costs, arrival times, and a notion of readiness.
Context {Job: JobType} {PState: ProcessorState Job}.
Context {jc : JobCost Job} {ja : JobArrival Job} {jr : JobReady Job PState}.
Context {jc : JobCost Job} {ja : JobArrival Job} {jr : JobReady Job PState}.
If two schedules share a common prefix, then (in the prefix) jobs
complete in one schedule iff they complete in the other.
Lemma identical_prefix_completed_by:
∀ sched1 sched2 h,
identical_prefix sched1 sched2 h →
∀ j t,
t ≤ h →
completed_by sched1 j t = completed_by sched2 j t.
∀ sched1 sched2 h,
identical_prefix sched1 sched2 h →
∀ j t,
t ≤ h →
completed_by sched1 j t = completed_by sched2 j t.
For convenience, we restate the previous lemma in terms of pending.