Added edf_wc.v
Merge request reports
Activity
Resolved by Björn BrandenburgVery good, glad to see you got started without running into any issues.
Have a look at the proof of the
EDF_optimalitytheorem. The key part after some setup is the following:set sched' := edf_transform sched. ∃ sched'. split; last split. - by apply edf_schedule_is_valid. - by apply edf_schedule_meets_all_deadlines_wrt_arrivals. - by apply edf_transform_ensures_edf.Next steps:
-
There’s one theorem for each high-level property (validity, meeting of deadlines, being an EDF schedule) which are just applied to complete each branch of the proof. To prove your theorem, you can reuse all of these results. Please go ahead and do this, i.e., replace the
Admitted.with a mostly complete proof, admitting only individual missing branches. -
The key top-level property still missing is of course the fact that
edf_transform schedmaintains work conservation. Let’s call this theoremedf_transform_maintains_work_conservation(we prefer a verbose naming scheme in Prosa). Please state this theorem (with an admitted proof) and then complete the proof of your optimality + work-conservation theorem.
-
- Last reply by Björn Brandenburg
-
You are off to a good start. Now the real work starts: proving
edf_transform_maintains_work_conservationrequires diving into the "guts" of the EDF transformation. You will need to establish the preservation of work-conservation at two layers:- If you unfold
edf_transform, you'll findedf_transform_prefix. You'll need to establish the fact for this layer. For inspiration, have a look at the sectionEDFPrefixFactsin prosa.analysis.transform.edf_trans. - One layer below, you'll need to use
prefix_map_property_invarianceto get atmake_edf_at. This is the heart of the EDF transformation and its logic is the reason why work-conservation is maintained. - Specifically,
make_edf_atproceeds by swapping allocations in the given schedule, and uses the predicaterelevant_pstateto find candidates for swapping. To show work-conservation, you'll need to exploit that- (a)
make_edf_atonly swaps non-idle instants, and that - (b)
relevant_pstatealso skips idle allocations, somake_edf_atdoesn't affect where in the schedule idle times occur.
- (a)
Doing all of this one go is probably too much. So I would suggest to first focus on
- understanding the big picture (familiarize yourself with all definitions and get a good intuition for how the
make_edf_atswap works), - getting all required "scaffolding" (e.g., section setup) in place, and
- attacking the top layer (prove
edf_transform_maintains_work_conservationby means of a an admitted claim aboutedf_transform_prefix).
Before moving on to the other proofs, please touch base with me again.
- If you unfold
I'm done with the top layer lemma: edf_transform_maintains_work_conservation. I had to add the exists_extensionality file (which I guess might be helpful for other proofs so I put it in util) because I needed the lemma in the proof. For some reason, this lemma isn't in Coq's logic library nor is it a tactic in ssreflect even though its forall counterpart is there.
Should I get started with the next layer (proving edf_transform_prefix_maintains_work_conservation)?
Edited by LailaElbeheiry- Resolved by Björn Brandenburg
Awesome, good job! I'll try to catch up with you soon and look at the proof in detail. For context, I'm currently working with some colleagues towards a paper deadline, so I have very limited advising cycles.
- Last reply by Björn Brandenburg
