Library prosa.analysis.facts.model.workload

Require Export prosa.model.aggregate.workload.
Require Export prosa.analysis.facts.behavior.arrivals.
Require Export prosa.analysis.definitions.request_bound_function.
Require Export prosa.analysis.facts.model.task_arrivals.

Lemmas about Workload of Sets of Jobs

In this file, we establish basic facts about the workload of sets of jobs.

Section WorkloadFacts.

Consider any type of tasks ...

Context {Task : TaskType}.
Context `{TaskCost Task}.

... and any type of jobs associated with these tasks.

  Context {Job : JobType}.
  Context `{JobTask Job Task}.
  Context `{JobArrival Job}.
  Context `{JobCost Job}.

To begin with, we establish an auxiliary rewriting lemma that allows us to introduce a filter on the considered set of jobs, provided the filter predicate P2 is implied by the job-selection predicate P1.

  Lemma workload_of_jobs_filter :
    ∀ (P1 P2 : pred Job) (jobs : seq Job),
      (∀ j, j \in jobs → P1 j → P2 j ) →
      workload_of_jobs P1 jobs = workload_of_jobs P1 [seq j <- jobs | P2 j ].

We establish that if the predicate P1 implies the predicate P2, then the cumulative workload of jobs that respect P1 is bounded by the cumulative workload of jobs that respect P2.

  Lemma workload_of_jobs_weaken :
    ∀ (P1 P2 : pred Job) (jobs : seq Job),
      (∀ j, P1 j → P2 j ) →
      workload_of_jobs P1 jobs ≤ workload_of_jobs P2 jobs.

The cumulative workload of jobs from an empty sequence is always zero.

Lemma workload_of_jobs0 :
∀ (P : pred Job), workload_of_jobs P [::] = 0.

The workload of a set of jobs can be equivalently rewritten as sum over their tasks.

  Lemma workload_of_jobs_partitioned_by_tasks :
    ∀ {P : pred Job} (Q : pred Task) {js : seq Job} (ts : seq Task),
      {in js , ∀ j, (job_task j ) \in ts } →
      {in js , ∀ j, P j → Q (job_task j)} →
      uniq js →
      uniq ts →
      let P_and_job_of tsk_o j := P j && (job_task j == tsk_o ) in
      workload_of_jobs P js
      = \sum_(tsk_o <- ts | Q tsk_o ) workload_of_jobs (P_and_job_of tsk_o) js.

In this section we state a lemma about splitting the workload among tasks of different priority relative to a job j.

Section WorkloadPartitioningByPriority.

Consider any JLFP policy.

Context `{JLFP_policy Job}.

Consider the workload of all the jobs that have priority higher-than-or-equal-to the priority of j. This workload can be split by task into the workload of higher-or-equal priority jobs from the task of j and higher-or-equal priority jobs from all tasks except for the task of j.

    Lemma workload_of_other_jobs_split :
      ∀ jobs j,
        workload_of_jobs (another_hep_job ^~j) jobs =
          workload_of_jobs (another_task_hep_job ^~j) jobs
          + workload_of_jobs (another_hep_job_of_same_task ^~j) jobs.

  End WorkloadPartitioningByPriority.

Consider any arrival sequence with consistent arrivals.

Variable arr_seq : arrival_sequence Job.
Hypothesis H_consistent : consistent_arrival_times arr_seq.

In this section, we prove a few useful properties regarding the predicate of workload_of_jobs.

Section PredicateProperties.

Consider a sequence of jobs jobs.

Variable jobs : seq Job.

First, we show that workload of jobs for an unsatisfiable predicate is equal to 0.

Lemma workload_of_jobs_pred0 :
workload_of_jobs pred0 jobs = 0.

Next, consider two arbitrary predicates P and P'.

Variable P P' : pred Job.

We show that workload_of_jobs conditioned on P can be split into two summands: (1) workload_of_jobs conditioned on P ∧ P' and (2) workload_of_jobs conditioned on P ∧ ~~ P'.

    Lemma workload_of_jobs_case_on_pred :
      workload_of_jobs P jobs =
        workload_of_jobs (fun j ⇒ P j && P' j) jobs + workload_of_jobs (fun j ⇒ P j && ~~ P' j) jobs.

We show that if P is indistinguishable from P' on set jobs, then workload_of_jobs conditioned on P is equal to workload_of_jobs conditioned on P'.

    Lemma workload_of_jobs_equiv_pred :
      {in jobs , P =1 P'} →
      workload_of_jobs P jobs = workload_of_jobs P' jobs.

  End PredicateProperties.

In this section, we bound the workload of jobs of a particular task by the task's RBF.

Section WorkloadRBF.

Consider an arbitrary task.

Variable tsk : Task.

Consider a valid arrival curve that is respected by the task tsk.

Context `{MaxArrivals Task}.
Hypothesis H_task_repsects_max_arrivals : respects_max_arrivals arr_seq tsk (max_arrivals tsk).

Suppose all arrivals have WCET-compliant job costs.

Hypothesis H_valid_job_cost : arrivals_have_valid_job_costs arr_seq.

Consider an instant t1 and a duration Δ.

Variable t1 : instant.
Variable Δ : duration.

We prove that the workload of jobs of a task tsk in any interval is bound by the request bound function of the task in that interval.

    Lemma workload_le_rbf :
      workload_of_jobs (job_of_task tsk) (arrivals_between arr_seq t1 (t1 + Δ))
      ≤ task_request_bound_function tsk Δ.

For convenience, we combine the preceding bound with workload_of_jobs_weaken, as the two are often used together.

    Corollary workload_le_rbf' :
      ∀ P,
        workload_of_jobs (fun j ⇒ (P j ) && (job_task j == tsk ))
          (arrivals_between arr_seq t1 (t1 + Δ))
        ≤ task_request_bound_function tsk Δ.

  End WorkloadRBF.

In this section, we prove one equality about the workload of a job.

Section WorkloadOfJob.

Assume there are no duplicates in the arrival sequence.

Hypothesis H_arrival_sequence_is_a_set : arrival_sequence_uniq arr_seq.

We prove that the workload of a job in an interval

[t1,

t2)>> is equal to the cost of the job if the job's arrival is in the interval and 0 otherwise.

    Lemma workload_of_job_eq_job_arrival :
      ∀ (j : Job) (t1 t2 : instant),
        arrives_in arr_seq j →
        workload_of_job arr_seq j t1 t2
        = if t1 ≤ job_arrival j < t2 then job_cost j else 0.

  End WorkloadOfJob.

In the following section, we relate three types of workload: workload of a job j, workload of higher-or-equal priority jobs distinct from j, and workload of higher-or-equal priority jobs.

Section HEPWorkload.

Consider a JLFP policy that indicates a higher-or-equal priority relation and assume that the relation is reflexive.

Context {JLFP : JLFP_policy Job}.
Hypothesis H_priority_is_reflexive : reflexive_job_priorities JLFP.

We prove that the sum of the workload of a job j and the workload of higher-or-equal priority jobs distinct from j is equal to the workload of higher-or-equal priority jobs.

    Lemma workload_job_and_ahep_eq_workload_hep :
      ∀ (j : Job) (t1 t2 : instant),
        workload_of_job arr_seq j t1 t2 + workload_of_other_hep_jobs arr_seq j t1 t2
        = workload_of_hep_jobs arr_seq j t1 t2.

  End HEPWorkload.

If at some point in time t the predicate P by which we select jobs from the set of arrivals in an interval [t1, t2) becomes certainly false, then we may disregard all jobs arriving at time t or later.

  Lemma workload_of_jobs_nil_tail :
    ∀ {P t1 t2 t},
      t ≤ t2 →
      (∀ j, j \in (arrivals_between arr_seq t1 t2 ) → job_arrival j ≥ t → ~~ P j ) →
      workload_of_jobs P (arrivals_between arr_seq t1 t2)
      = workload_of_jobs P (arrivals_between arr_seq t1 t).

For simplicity, let's define a local name.

Let arrivals_between := arrivals_between arr_seq.

We observe that the cumulative workload of all jobs arriving in a time interval [t1, t2) and respecting a predicate P can be split into two parts.

   Lemma workload_of_jobs_cat:
    ∀ t t1 t2 P,
      t1 ≤ t ≤ t2 →
      workload_of_jobs P (arrivals_between t1 t2) =
      workload_of_jobs P (arrivals_between t1 t) + workload_of_jobs P (arrivals_between t t2).

As a corollary, we prove that the workload in any range [t1,t3) always bounds the workload in any sub-range [t1,t2).

    Corollary workload_of_jobs_reduce_range :
      ∀ t1 t2 t3 P,
        t1 ≤ t2 →
        t2 ≤ t3 →
        workload_of_jobs P (arrivals_between t1 t2)
        ≤ workload_of_jobs P (arrivals_between t1 t3).

Consider a job j ...

Variable j : Job.

... and a duplicate-free sequence of jobs jobs.

Variable jobs : seq Job.
Hypothesis H_jobs_uniq : uniq jobs.

Further, assume that j is contained in jobs.

Hypothesis H_j_in_jobs : j \in jobs.

To help with rewriting, we prove that the workload of jobs minus the job cost of j is equal to the workload of all jobs except j.

  Lemma workload_minus_job_cost' :
    ∀ P,
      workload_of_jobs (fun jhp : Job ⇒ P jhp && (jhp != j )) jobs
      = workload_of_jobs P jobs - (if P j then job_cost j else 0).

Next, we specialize the above lemma to the trivial predicate predT.

  Corollary workload_minus_job_cost :
    workload_of_jobs (fun jhp : Job ⇒ jhp != j) jobs =
    workload_of_jobs predT jobs - job_cost j.

In this section, we prove the relation between two different ways of constraining workload_of_jobs to only those jobs that arrive prior to a given time.

Section Subset.

Assume that arrival times are consistent and that arrivals are unique.

Hypothesis H_valid_arrival_sequence : valid_arrival_sequence arr_seq.

Consider a time interval [t1, t2) and a time instant t.

Variable t1 t2 t : instant.
Hypothesis H_t1_le_t2 : t1 ≤ t2.

Let P be an arbitrary predicate on jobs.

Variable P : pred Job.

Consider the window [t1,t2). We prove that the total workload of the jobs arriving in this window before some t is the same as the workload of the jobs arriving in [t1,t). Note that we only require t1 to be less-or-equal than t2. Consequently, the interval [t1,t) may be empty.

    Lemma workload_equal_subset :
      workload_of_jobs (fun j ⇒ (job_arrival j ≤ t ) && P j) (arrivals_between t1 t2)
      ≤ workload_of_jobs (fun j ⇒ P j) (arrivals_between t1 (t + ε)).

  End Subset.

End WorkloadFacts.