Replace nat with time + clean-up code

266c9014 · Felipe Cerqueira · 179ca8e4 · 266c9014 · 266c9014 · 266c9014
Commit 266c9014 authored Mar 02, 2016 by Felipe Cerqueira
--- a/Makefile
+++ b/Makefile
@@ -14,7 +14,7 @@

 #
 # This Makefile was generated by the command line :
-# coq_makefile -R . rt ./util/ssromega.v ./util/lemmas.v ./util/Vbase.v ./util/divround.v ./implementation/basic/bertogna_edf_example.v ./implementation/basic/task.v ./implementation/basic/schedule.v ./implementation/basic/job.v ./implementation/basic/arrival_sequence.v ./implementation/jitter/bertogna_edf_example.v ./implementation/jitter/task.v ./implementation/jitter/schedule.v ./implementation/jitter/job.v ./implementation/jitter/arrival_sequence.v ./analysis/basic/bertogna_fp_theory.v ./analysis/basic/interference_bound_edf.v ./analysis/basic/interference_bound_fp.v ./analysis/basic/interference_bound.v ./analysis/basic/bertogna_edf_comp.v ./analysis/basic/bertogna_fp_comp.v ./analysis/basic/bertogna_edf_theory.v ./analysis/basic/workload_bound.v ./analysis/parallel/bertogna_fp_theory.v ./analysis/parallel/interference_bound_edf.v ./analysis/parallel/interference_bound_fp.v ./analysis/parallel/interference_bound.v ./analysis/parallel/bertogna_edf_comp.v ./analysis/parallel/bertogna_fp_comp.v ./analysis/parallel/bertogna_edf_theory.v ./analysis/parallel/workload_bound.v ./analysis/jitter/bertogna_fp_theory.v ./analysis/jitter/interference_bound_edf.v ./analysis/jitter/interference_bound_fp.v ./analysis/jitter/interference_bound.v ./analysis/jitter/bertogna_edf_comp.v ./analysis/jitter/bertogna_fp_comp.v ./analysis/jitter/bertogna_edf_theory.v ./analysis/jitter/workload_bound.v ./model/basic/schedulability.v ./model/basic/task.v ./model/basic/task_arrival.v ./model/basic/platform.v ./model/basic/schedule.v ./model/basic/priority.v ./model/basic/interference_edf.v ./model/basic/interference.v ./model/basic/workload.v ./model/basic/job.v ./model/basic/arrival_sequence.v ./model/basic/response_time.v ./model/basic/platform_fp.v ./model/jitter/schedulability.v ./model/jitter/task.v ./model/jitter/task_arrival.v ./model/jitter/platform.v ./model/jitter/schedule.v ./model/jitter/priority.v ./model/jitter/interference_edf.v ./model/jitter/interference.v ./model/jitter/workload.v ./model/jitter/job.v ./model/jitter/arrival_sequence.v ./model/jitter/response_time.v ./model/jitter/platform_fp.v -o Makefile 
+# coq_makefile -R . rt ./util/ssromega.v ./util/lemmas.v ./util/Vbase.v ./util/divround.v ./implementation/basic/bertogna_edf_example.v ./implementation/basic/task.v ./implementation/basic/schedule.v ./implementation/basic/job.v ./implementation/basic/arrival_sequence.v ./implementation/jitter/bertogna_edf_example.v ./implementation/jitter/task.v ./implementation/jitter/schedule.v ./implementation/jitter/job.v ./implementation/jitter/arrival_sequence.v ./analysis/basic/bertogna_fp_theory.v ./analysis/basic/interference_bound_edf.v ./analysis/basic/interference_bound_fp.v ./analysis/basic/interference_bound.v ./analysis/basic/bertogna_edf_comp.v ./analysis/basic/bertogna_fp_comp.v ./analysis/basic/bertogna_edf_theory.v ./analysis/basic/workload_bound.v ./analysis/parallel/bertogna_fp_theory.v ./analysis/parallel/interference_bound_edf.v ./analysis/parallel/interference_bound_fp.v ./analysis/parallel/interference_bound.v ./analysis/parallel/bertogna_edf_comp.v ./analysis/parallel/bertogna_fp_comp.v ./analysis/parallel/bertogna_edf_theory.v ./analysis/parallel/workload_bound.v ./analysis/jitter/bertogna_fp_theory.v ./analysis/jitter/interference_bound_edf.v ./analysis/jitter/interference_bound_fp.v ./analysis/jitter/interference_bound.v ./analysis/jitter/bertogna_edf_comp.v ./analysis/jitter/bertogna_fp_comp.v ./analysis/jitter/bertogna_edf_theory.v ./analysis/jitter/workload_bound.v ./model/basic/time.v ./model/basic/schedulability.v ./model/basic/task.v ./model/basic/task_arrival.v ./model/basic/platform.v ./model/basic/schedule.v ./model/basic/priority.v ./model/basic/interference_edf.v ./model/basic/interference.v ./model/basic/workload.v ./model/basic/job.v ./model/basic/arrival_sequence.v ./model/basic/response_time.v ./model/basic/platform_fp.v ./model/jitter/time.v ./model/jitter/schedulability.v ./model/jitter/task.v ./model/jitter/task_arrival.v ./model/jitter/platform.v ./model/jitter/schedule.v ./model/jitter/priority.v ./model/jitter/interference_edf.v ./model/jitter/interference.v ./model/jitter/workload.v ./model/jitter/job.v ./model/jitter/arrival_sequence.v ./model/jitter/response_time.v ./model/jitter/platform_fp.v -o Makefile 
 #

 .DEFAULT_GOAL := all
@@ -118,6 +118,7 @@ VFILES:=util/ssromega.v\
  analysis/jitter/bertogna_fp_comp.v\
  analysis/jitter/bertogna_edf_theory.v\
  analysis/jitter/workload_bound.v\
+  model/basic/time.v\
  model/basic/schedulability.v\
  model/basic/task.v\
  model/basic/task_arrival.v\
@@ -131,6 +132,7 @@ VFILES:=util/ssromega.v\
  model/basic/arrival_sequence.v\
  model/basic/response_time.v\
  model/basic/platform_fp.v\
+  model/jitter/time.v\
  model/jitter/schedulability.v\
  model/jitter/task.v\
  model/jitter/task_arrival.v\

--- a/analysis/basic/bertogna_edf_comp.v
+++ b/analysis/basic/bertogna_edf_comp.v
@@ -7,22 +7,22 @@ Module ResponseTimeIterationEDF.

  Import ResponseTimeAnalysisEDF.

-  (* In this section, we define the algorithm of Bertogna and Cirinei's
+  (* In this section, we define the algorithm for Bertogna and Cirinei's
     response-time analysis for EDF scheduling. *)
  Section Analysis.
    
    Context {sporadic_task: eqType}.
-    Variable task_cost: sporadic_task -> nat.
-    Variable task_period: sporadic_task -> nat.
-    Variable task_deadline: sporadic_task -> nat.
+    Variable task_cost: sporadic_task -> time.
+    Variable task_period: sporadic_task -> time.
+    Variable task_deadline: sporadic_task -> time.

-    (* During the iterations of the algorithm, we pass around pairs
+    (* As input for each iteration of the algorithm, we consider pairs
       of tasks and computed response-time bounds. *)
-    Let task_with_response_time := (sporadic_task * nat)%type.
+    Let task_with_response_time := (sporadic_task * time)%type.
    
    Context {Job: eqType}.
-    Variable job_cost: Job -> nat.
-    Variable job_deadline: Job -> nat.
+    Variable job_cost: Job -> time.
+    Variable job_deadline: Job -> time.
    Variable job_task: Job -> sporadic_task.

    (* Consider a platform with num_cpus processors. *)  
@@ -66,16 +66,15 @@ Module ResponseTimeIterationEDF.
    Definition edf_rta_iteration (rt_bounds: seq task_with_response_time) :=
      map (update_bound rt_bounds) rt_bounds.

-    (* To ensure that the procedure converges, we run the iteration a
-       "sufficient" number of times: task_deadline tsk - task_cost tsk + 1.
-       This corresponds to the time complexity of the procedure. *)
+    (* To ensure that the procedure converges, we stop the iteration
+       after a "sufficient" number of times, which corresponds to
+       the time complexity of the procedure. *)
    Let max_steps (ts: taskset_of sporadic_task) :=
      \sum_(tsk <- ts) (task_deadline tsk - task_cost tsk) + 1.

-    (* This yields the following definition for the RTA. At the end of
-       the iteration, we check if all computed response-time bounds
-       are less than or equal to the deadline, in which case they are
-       valid. *)
+    (* This yields the following definition for the RTA. At the end
+       we check if all computed response-time bounds are less than
+       or equal to the deadline, in which case they are valid. *)
    Definition edf_claimed_bounds (ts: taskset_of sporadic_task) :=
      let R_values := iter (max_steps ts) edf_rta_iteration (initial_state ts) in
        if (all R_le_deadline R_values) then
@@ -368,7 +367,7 @@ Module ResponseTimeIterationEDF.
          rewrite (nth_map p0);
            last by rewrite size_zip 2!size_map SIZE minnn in LTi.
          unfold update_bound, edf_response_time_bound; desf; simpl.
-          rename s into tsk_i, s0 into tsk_i', n into R_i, n0 into R_i', Heq into EQ, Heq0 into EQ'.
+          rename s into tsk_i, s0 into tsk_i', t into R_i, t0 into R_i', Heq into EQ, Heq0 into EQ'.
          assert (EQtsk: tsk_i = tsk_i').
          {
            destruct p0 as [tsk0 R0], p0' as [tsk0' R0']; simpl in H2; subst.
@@ -481,7 +480,9 @@ Module ResponseTimeIterationEDF.
                by rewrite in_cons; apply/orP; right; rewrite mem_nth.
              }
              unfold is_valid_sporadic_task in *.
-              destruct (nth elem x1' j) as [tsk_j R_j], (nth elem x2' j) as [tsk_j' R_j'].
+              destruct (nth elem x1' j) as [tsk_j R_j] eqn:SUBST1,
+                       (nth elem x2' j) as [tsk_j' R_j'] eqn:SUBST2.
+              rewrite SUBST1 SUBST2 in LEj; clear SUBST1 SUBST2.
              simpl in FSTeq; rewrite -FSTeq; simpl in LEj; simpl in VALIDj; des.
              by apply interference_bound_edf_monotonic.
            }
@@ -658,7 +659,7 @@ Module ResponseTimeIterationEDF.
              unfold update_bound; destruct i; simpl.
              rewrite subh1; first by rewrite -addnBA // subnn addn0.
              apply (edf_claimed_bounds_ge_cost ts step.+1).
-              by rewrite iterS; apply/mapP; exists (s, n).
+              by rewrite iterS; apply/mapP; exists (s, t).
            }
            rewrite -2!big_seq_cond.
           

--- a/analysis/basic/bertogna_edf_theory.v
+++ b/analysis/basic/bertogna_edf_theory.v
@@ -18,13 +18,13 @@ Module ResponseTimeAnalysisEDF.
  Section ResponseTimeBound.

    Context {sporadic_task: eqType}.
-    Variable task_cost: sporadic_task -> nat.
-    Variable task_period: sporadic_task -> nat.
-    Variable task_deadline: sporadic_task -> nat.
+    Variable task_cost: sporadic_task -> time.
+    Variable task_period: sporadic_task -> time.
+    Variable task_deadline: sporadic_task -> time.
    
    Context {Job: eqType}.
-    Variable job_cost: Job -> nat.
-    Variable job_deadline: Job -> nat.
+    Variable job_cost: Job -> time.
+    Variable job_deadline: Job -> time.
    Variable job_task: Job -> sporadic_task.
    
    (* Assume any job arrival sequence... *)
@@ -56,28 +56,30 @@ Module ResponseTimeAnalysisEDF.
      num_cpus > 0.

    (* Assume that we have a task set where all tasks have valid
-       parameters and restricted deadlines. *)
+       parameters and restricted deadlines, ... *)
    Variable ts: taskset_of sporadic_task.
-    Hypothesis H_all_jobs_from_taskset:
-      forall (j: JobIn arr_seq), job_task j \in ts.
    Hypothesis H_valid_task_parameters:
      valid_sporadic_taskset task_cost task_period task_deadline ts.
    Hypothesis H_restricted_deadlines:
      forall tsk, tsk \in ts -> task_deadline tsk <= task_period tsk.

+    (* ... and that all jobs in the arrival sequence come from the task set. *)
+    Hypothesis H_all_jobs_from_taskset:
+      forall (j: JobIn arr_seq), job_task j \in ts.
+    
    Let no_deadline_is_missed_by_tsk (tsk: sporadic_task) :=
      task_misses_no_deadline job_cost job_deadline job_task sched tsk.
    Let response_time_bounded_by (tsk: sporadic_task) :=
      is_response_time_bound_of_task job_cost job_task tsk sched.

-    (* Assume a known response-time bound R is known...  *)
+    (* Assume that a response-time bound R is known...  *)
    Let task_with_response_time := (sporadic_task * time)%type.
    Variable rt_bounds: seq task_with_response_time.

-    (* ...for any task in the task set. *)
+    (* ...for any task in the task set, ... *)
    Hypothesis H_rt_bounds_contains_all_tasks: unzip1 rt_bounds = ts.

-    (* Also, assume that R is a fixed-point of the response-time recurrence, ... *)
+    (* ... such that R is a fixed-point of the response-time recurrence, ... *)
    Let I (tsk: sporadic_task) (delta: time) :=
      total_interference_bound_edf task_cost task_period task_deadline tsk rt_bounds delta.
    Hypothesis H_response_time_is_fixed_point :
@@ -94,10 +96,9 @@ Module ResponseTimeAnalysisEDF.
    Hypothesis H_work_conserving: work_conserving job_cost sched.
    Hypothesis H_edf_policy: enforces_JLDP_policy job_cost sched (EDF job_deadline).
    
-    (* Assume that the task set has no duplicates. Otherwise, counting
-       the number of tasks that have some property does not make sense
-       (for example, for stating the global scheduling invariant as
-        using number of scheduled interfering tasks = number of cpus). *)
+    (* Assume that the task set has no duplicates. This is required to
+       avoid problems when counting tasks (for example, when stating
+       that the number of interfering tasks is at most num_cpus). *)
    Hypothesis H_ts_is_a_set : uniq ts.

    (* In order to prove that R is a response-time bound, we first present some lemmas. *)
@@ -108,14 +109,14 @@ Module ResponseTimeAnalysisEDF.
      Variable R: time.
      Hypothesis H_tsk_R_in_rt_bounds: (tsk, R) \in rt_bounds.

-      (* Consider any job j of tsk. *)
+      (* Consider any job j of tsk ... *)
      Variable j: JobIn arr_seq.
      Hypothesis H_job_of_tsk: job_task j = tsk.

-      (* Assume that job j did not complete on time, ... *)
+      (* ... that did not complete on time, ... *)
      Hypothesis H_j_not_completed: ~~ completed job_cost sched j (job_arrival j + R).

-      (* and that it is the first job not to satisfy its response-time bound. *)
+      (* ... and that is the first job not to satisfy its response-time bound. *)
      Hypothesis H_all_previous_jobs_completed_on_time :
        forall (j_other: JobIn arr_seq) tsk_other R_other,
          job_task j_other = tsk_other ->
@@ -154,13 +155,13 @@ Module ResponseTimeAnalysisEDF.
        Variable R_other: time.
        Hypothesis H_response_time_of_tsk_other: (tsk_other, R_other) \in rt_bounds.

-        (* Note that tsk_other is in task set ts ...*)
+        (* Note that tsk_other is in the task set, ...*)
        Lemma bertogna_edf_tsk_other_in_ts: tsk_other \in ts.
        Proof.
          by rewrite -H_rt_bounds_contains_all_tasks; apply/mapP; exists (tsk_other, R_other).
        Qed.

-        (* Also, R_other is larger than the cost of tsk_other. *)
+        (* ... and R_other is larger than the cost of tsk_other. *)
        Lemma bertogna_edf_R_other_ge_cost :
          R_other >= task_cost tsk_other.
        Proof.
@@ -193,7 +194,7 @@ Module ResponseTimeAnalysisEDF.
            | by ins; apply BEFOREok with (tsk_other := tsk_other)].
        Qed.

-        (* Recall that the edf-specific interference bound also holds. *)
+        (* Recall that the edf-specific interference bound also holds for tsk_other. *)
        Lemma bertogna_edf_specific_bound_holds :
          x tsk_other <= edf_specific_bound tsk_other R_other.
        Proof.
@@ -210,7 +211,6 @@ Module ResponseTimeAnalysisEDF.
      (* Next we prove some lemmas that help to derive a contradiction.*)
      Section DerivingContradiction.

-        
      (* 0) Since job j did not complete by its response time bound, it follows that
            the total interference X >= R - e_k + 1. *)
      Lemma bertogna_edf_too_much_interference : X >= R - task_cost tsk + 1.

--- a/analysis/basic/bertogna_fp_comp.v
+++ b/analysis/basic/bertogna_fp_comp.v
@@ -12,17 +12,17 @@ Module ResponseTimeIterationFP.
  Section Analysis.
    
    Context {sporadic_task: eqType}.
-    Variable task_cost: sporadic_task -> nat.
-    Variable task_period: sporadic_task -> nat.
-    Variable task_deadline: sporadic_task -> nat.
+    Variable task_cost: sporadic_task -> time.
+    Variable task_period: sporadic_task -> time.
+    Variable task_deadline: sporadic_task -> time.

-    (* During the iterations of the algorithm, we pass around pairs
+    (* As input for each iteration of the algorithm, we consider pairs
       of tasks and computed response-time bounds. *)
-    Let task_with_response_time := (sporadic_task * nat)%type.
+    Let task_with_response_time := (sporadic_task * time)%type.
    
    Context {Job: eqType}.
-    Variable job_cost: Job -> nat.
-    Variable job_deadline: Job -> nat.
+    Variable job_cost: Job -> time.
+    Variable job_deadline: Job -> time.
    Variable job_task: Job -> sporadic_task.

    (* Consider a platform with num_cpus processors, ... *)
@@ -177,7 +177,7 @@ Module ResponseTimeIterationFP.
      Qed.
      
      (* If the analysis suceeds, the computed response-time bounds are no larger
-         than the deadline. *)
+         than the deadlines ... *)
      Lemma fp_claimed_bounds_le_deadline :
        forall ts' rt_bounds tsk R,
          fp_claimed_bounds ts' = Some rt_bounds ->
@@ -215,8 +215,7 @@ Module ResponseTimeIterationFP.
        }
      Qed.
      
-      (* If the analysis succeeds, the computed response-time bounds are no smaller
-         than the task cost. *)
+      (* ... and no smaller than the task costs. *)
      Lemma fp_claimed_bounds_ge_cost :
        forall ts' rt_bounds tsk R,
          fp_claimed_bounds ts' = Some rt_bounds ->
@@ -412,7 +411,7 @@ Module ResponseTimeIterationFP.
        }
      Qed.

-      (* If the iteration converged at an earlier step, then it remains stable. *)
+      (* If the iteration converged at an earlier step, it remains as a fixed point. *)
      Lemma bertogna_fp_comp_f_converges_early :
        (exists k, k <= max_steps tsk /\ f k = f k.+1) ->
        f (max_steps tsk) = f (max_steps tsk).+1.
@@ -517,10 +516,9 @@ Module ResponseTimeIterationFP.
      Variable ts: taskset_of sporadic_task.
      
      (* Assume that higher_priority is a total strict order (<).
-         TODO: it doesn't have to be total over the entire domain, but
-         only within the task set.
-         But to weaken the hypothesis, we need to re-prove some lemmas
-         from ssreflect. *)
+         TODO: it doesn't have to be total over the universe of tasks,
+         but only within the task set. However, to weaken this hypothesis
+         we need to re-prove some lemmas from ssreflect. *)
      Hypothesis H_irreflexive: irreflexive higher_priority.
      Hypothesis H_transitive: transitive higher_priority.
      Hypothesis H_unique_priorities: antisymmetric higher_priority.
@@ -547,7 +545,7 @@ Module ResponseTimeIterationFP.
      Hypothesis H_all_jobs_from_taskset:
        forall (j: JobIn arr_seq), job_task j \in ts.
      
-      (* ...they have valid parameters,...*)
+      (* ...jobs have valid parameters,...*)
      Hypothesis H_valid_job_parameters:
        forall (j: JobIn arr_seq),
          valid_sporadic_job task_cost task_deadline job_cost job_deadline job_task j.
@@ -587,8 +585,8 @@ Module ResponseTimeIterationFP.
      (* In the following theorem, we prove that any response-time bound contained
         in fp_claimed_bounds is safe. The proof follows by induction on the task set:

-           Induction hypothesis: all higher-priority tasks have safe response-time bounds.
-           Inductive step: We prove that the response-time bound of the current task is safe.
+           Induction hypothesis: assume all higher-priority tasks have safe response-time bounds.
+           Inductive step: we prove that the response-time bound of the current task is safe.

         Note that the inductive step is a direct application of the main Theorem from
         bertogna_fp_theory.v. *)

--- a/analysis/basic/bertogna_fp_theory.v
+++ b/analysis/basic/bertogna_fp_theory.v
@@ -15,13 +15,13 @@ Module ResponseTimeAnalysisFP.
  Section ResponseTimeBound.

    Context {sporadic_task: eqType}.
-    Variable task_cost: sporadic_task -> nat.
-    Variable task_period: sporadic_task -> nat.
-    Variable task_deadline: sporadic_task -> nat.
+    Variable task_cost: sporadic_task -> time.
+    Variable task_period: sporadic_task -> time.
+    Variable task_deadline: sporadic_task -> time.
    
    Context {Job: eqType}.
-    Variable job_cost: Job -> nat.
-    Variable job_deadline: Job -> nat.
+    Variable job_cost: Job -> time.
+    Variable job_deadline: Job -> time.
    Variable job_task: Job -> sporadic_task.
    
    (* Assume any job arrival sequence... *)
@@ -52,8 +52,9 @@ Module ResponseTimeAnalysisFP.
    Hypothesis H_at_least_one_cpu :
      num_cpus > 0.

-    (* Assume that we have a task set (with no duplicates) where all jobs
-       come from the task set and all tasks have valid parameters and restricted deadlines. *)
+    (* Consider a task set ts with no duplicates where all jobs
+       come from the task set and all tasks have valid parameters
+       and restricted deadlines. *)
    Variable ts: taskset_of sporadic_task.
    Hypothesis H_ts_is_a_set: uniq ts.
    Hypothesis H_all_jobs_from_taskset:
@@ -72,24 +73,21 @@ Module ResponseTimeAnalysisFP.
    Let is_response_time_bound (tsk: sporadic_task) :=
      is_response_time_bound_of_task job_cost job_task tsk sched.

-    (* Assume a known response-time bound for any interfering task *)
-    Let task_with_response_time := (sporadic_task * time)%type.
-    Variable hp_bounds: seq task_with_response_time.
-    
-    (* For FP scheduling, assume there exists a fixed task priority. *)
+    (* Assume a given FP policy. *)
    Variable higher_eq_priority: FP_policy sporadic_task.
-
    Let can_interfere_with_tsk := fp_can_interfere_with higher_eq_priority tsk.
-    
-    (* Assume that hp_bounds has exactly the tasks that interfere with tsk,... *)
-    Hypothesis H_hp_bounds_has_interfering_tasks:
-      [seq tsk_hp <- ts | can_interfere_with_tsk tsk_hp] = unzip1 hp_bounds.

-    (* ...and that all values in the pairs contain valid response-time bounds *)
+    (* Assume a response-time bound is known... *)
+    Let task_with_response_time := (sporadic_task * time)%type.
+    Variable hp_bounds: seq task_with_response_time.
    Hypothesis H_response_time_of_interfering_tasks_is_known:
      forall hp_tsk R,
        (hp_tsk, R) \in hp_bounds ->
        is_response_time_bound_of_task job_cost job_task hp_tsk sched R.
+    
+    (* ... for any task in ts that interferes with tsk. *)
+    Hypothesis H_hp_bounds_has_interfering_tasks:
+      [seq tsk_hp <- ts | can_interfere_with_tsk tsk_hp] = unzip1 hp_bounds.

    (* Assume that the response-time bounds are larger than task costs. *)
    Hypothesis H_response_time_bounds_ge_cost:
@@ -169,7 +167,7 @@ Module ResponseTimeAnalysisFP.
            by apply/mapP; exists (tsk_other, R_other).
        Qed.

-        (*... and interferes with task tsk. *)
+        (*... and interferes with tsk. *)
        Lemma bertogna_fp_tsk_other_interferes: can_interfere_with_tsk tsk_other.
          Proof.
            rename H_hp_bounds_has_interfering_tasks into UNZIP,

--- a/analysis/basic/interference_bound.v
+++ b/analysis/basic/interference_bound.v
@@ -11,9 +11,9 @@ Module InterferenceBoundGeneric.
    Import Schedule WorkloadBound.
    
    Context {sporadic_task: eqType}.
-    Variable task_cost: sporadic_task -> nat.
-    Variable task_period: sporadic_task -> nat.
-    Variable task_deadline: sporadic_task -> nat.
+    Variable task_cost: sporadic_task -> time.
+    Variable task_period: sporadic_task -> time.
+    Variable task_deadline: sporadic_task -> time.
    
    (* Let tsk be the task to be analyzed. *)
    Variable tsk: sporadic_task.

--- a/analysis/basic/interference_bound_edf.v
+++ b/analysis/basic/interference_bound_edf.v
@@ -19,9 +19,9 @@ Module InterferenceBoundEDF.
  Section SpecificBoundDef.
    
    Context {sporadic_task: eqType}.
-    Variable task_cost: sporadic_task -> nat.
-    Variable task_period: sporadic_task -> nat.
-    Variable task_deadline: sporadic_task -> nat.
+    Variable task_cost: sporadic_task -> time.
+    Variable task_period: sporadic_task -> time.
+    Variable task_deadline: sporadic_task -> time.
    
    (* Let tsk be the task to be analyzed. *)
    Variable tsk: sporadic_task.
@@ -29,7 +29,7 @@ Module InterferenceBoundEDF.
    (* Consider the interference incurred by tsk in a window of length delta... *)
    Variable delta: time.

-    (* due to a different task tsk_other, with response-time bound R_other. *)
+    (* ... due to a different task tsk_other, with response-time bound R_other. *)
    Variable tsk_other: sporadic_task.
    Variable R_other: time.

@@ -50,9 +50,9 @@ Module InterferenceBoundEDF.
  Section TotalInterferenceBoundEDF.

    Context {sporadic_task: eqType}.
-    Variable task_cost: sporadic_task -> nat.
-    Variable task_period: sporadic_task -> nat.
-    Variable task_deadline: sporadic_task -> nat.
+    Variable task_cost: sporadic_task -> time.
+    Variable task_period: sporadic_task -> time.
+    Variable task_deadline: sporadic_task -> time.
    
    (* Let tsk be the task to be analyzed. *)
    Variable tsk: sporadic_task.
@@ -78,7 +78,7 @@ Module InterferenceBoundEDF.
      (* ... with and EDF-specific interference bound, ... *)
      Let edf_specific_bound := edf_specific_interference_bound task_cost task_period task_deadline tsk tsk_other R_other.

-      (* Bertogna and Cirinei define the following interference bound
+      (* ... Bertogna and Cirinei define the following interference bound
         under EDF scheduling. *)
      Definition interference_bound_edf :=
        minn basic_interference_bound edf_specific_bound.
@@ -105,13 +105,13 @@ Module InterferenceBoundEDF.
    Import Schedule Interference Platform SporadicTaskset.
    
    Context {sporadic_task: eqType}.
-    Variable task_cost: sporadic_task -> nat.
-    Variable task_period: sporadic_task -> nat.
-    Variable task_deadline: sporadic_task -> nat.
+    Variable task_cost: sporadic_task -> time.
+    Variable task_period: sporadic_task -> time.
+    Variable task_deadline: sporadic_task -> time.
    
    Context {Job: eqType}.
-    Variable job_cost: Job -> nat.
-    Variable job_deadline: Job -> nat.
+    Variable job_cost: Job -> time.
+    Variable job_deadline: Job -> time.
    Variable job_task: Job -> sporadic_task.
    
    (* Assume any job arrival sequence... *)
@@ -142,8 +142,8 @@ Module InterferenceBoundEDF.
    Hypothesis H_at_least_one_cpu :
      num_cpus > 0.

-    (* Assume that we have a task set where all tasks have valid
-       parameters and restricted deadlines. *)
+    (* Consider a task set ts where all jobs come from the task set
+       and tasks have valid parameters and restricted deadlines. *)
    Variable ts: taskset_of sporadic_task.
    Hypothesis all_jobs_from_taskset:
      forall (j: JobIn arr_seq), job_task j \in ts.
@@ -166,7 +166,7 @@ Module InterferenceBoundEDF.
    Variable tsk_i: sporadic_task.
    Hypothesis H_tsk_i_in_task_set: tsk_i \in ts.
    
-    (* and j_i one of its jobs. *)
+    (* ... and j_i one of its jobs. *)
    Variable j_i: JobIn arr_seq.
    Hypothesis H_job_of_tsk_i: job_task j_i = tsk_i.

@@ -224,8 +224,7 @@ Module InterferenceBoundEDF.
      Let earlier_arrival := fun (x y: JobIn arr_seq) => job_arrival x <= job_arrival y.
      Let sorted_jobs := (sort earlier_arrival interfering_jobs).

-      (* Now we proceed with the proof.
-         The first step consists in simplifying the sum corresponding to the workload. *)
+      (* Now we proceed with the proof. The first step consists in simplifying the sum corresponding to the workload. *)
      Section SimplifyJobSequence.

        (* Use the alternative definition of task interference, based on
@@ -292,7 +291,7 @@ Module InterferenceBoundEDF.
          by destruct sorted_jobs; simpl in *; [by rewrite ltn0 in LT | by apply/pathP].
        Qed.

-        (* Also, for any job of task tsk_k, the interference is bounded by the task cost. *)
+        (* Finally, for any job of task tsk_k, the interference is bounded by the task cost. *)
        Lemma interference_bound_edf_interference_le_task_cost :
          forall j,
            j \in interfering_jobs ->
@@ -1122,9 +1121,9 @@ Module InterferenceBoundEDF.
  Section MonotonicitySpecificBound.

    Context {sporadic_task: eqType}.
-    Variable task_cost: sporadic_task -> nat.
-    Variable task_period: sporadic_task -> nat.
-    Variable task_deadline: sporadic_task -> nat.
+    Variable task_cost: sporadic_task -> time.
+    Variable task_period: sporadic_task -> time.
+    Variable task_deadline: sporadic_task -> time.
    
    Variable tsk tsk_other: sporadic_task.
    Hypothesis H_period_positive: task_period tsk_other > 0.

--- a/analysis/basic/interference_bound_fp.v
+++ b/analysis/basic/interference_bound_fp.v
@@ -13,9 +13,9 @@ Module InterferenceBoundFP.
    Section Definitions.
    
    Context {sporadic_task: eqType}.
-    Variable task_cost: sporadic_task -> nat.
-    Variable task_period: sporadic_task -> nat.
-    Variable task_deadline: sporadic_task -> nat.
+    Variable task_cost: sporadic_task -> time.
+    Variable task_period: sporadic_task -> time.
+    Variable task_deadline: sporadic_task -> time.
    
    (* Let tsk be the task to be analyzed. *)
    Variable tsk: sporadic_task.

--- a/analysis/basic/workload_bound.v
+++ b/analysis/basic/workload_bound.v
@@ -12,18 +12,20 @@ Module WorkloadBound.
  Section WorkloadBoundDef.

    Context {sporadic_task: eqType}.
-    Variable task_cost: sporadic_task -> nat.
-    Variable task_period: sporadic_task -> nat.
-    
+    Variable task_cost: sporadic_task -> time.
+    Variable task_period: sporadic_task -> time.
+
+    (* Consider any task tsk with response-time bound R_tsk,
+       that is scheduled in an interval of length delta. *)
    Variable tsk: sporadic_task.
-    Variable R_tsk: time. (* Known response-time bound for the task *)
-    Variable delta: time. (* Length of the interval *)
+    Variable R_tsk: time.
+    Variable delta: time.
    
-    (* Bound on the number of jobs that execute completely in the interval *)
+    (* Based on the number of jobs that execute completely in the interval, ... *)
    Definition max_jobs :=
      div_floor (delta + R_tsk - task_cost tsk) (task_period tsk).

-    (* Bertogna and Cirinei's bound on the workload of a task in an interval of length delta *)
+    (* ... Bertogna and Cirinei's workload bound is defined as follows. *)
    Definition W :=
      let e_k := (task_cost tsk) in
      let p_k := (task_period tsk) in            
@@ -34,13 +36,13 @@ Module WorkloadBound.
  Section BasicLemmas.

    Context {sporadic_task: eqType}.
-    Variable task_cost: sporadic_task -> nat.
-    Variable task_period: sporadic_task -> nat.
+    Variable task_cost: sporadic_task -> time.
+    Variable task_period: sporadic_task -> time.

    (* Let tsk be any task...*)
    Variable tsk: sporadic_task.

-    (* ...with period > 0. *)
+    (* ... with period > 0. *)
    Hypothesis H_period_positive: task_period tsk > 0.

    (* Let R1 <= R2 be two response-time bounds that
@@ -115,14 +117,14 @@ Module WorkloadBound.
  Section ProofWorkloadBound.
 
    Context {sporadic_task: eqType}.
-    Variable task_cost: sporadic_task -> nat.
-    Variable task_period: sporadic_task -> nat.
-    Variable task_deadline: sporadic_task -> nat.
+    Variable task_cost: sporadic_task -> time.
+    Variable task_period: sporadic_task -> time.
+    Variable task_deadline: sporadic_task -> time.
    
    Context {Job: eqType}.
-    Variable job_cost: Job -> nat.
+    Variable job_cost: Job -> time.
    Variable job_task: Job -> sporadic_task.
-    Variable job_deadline: Job -> nat.
+    Variable job_deadline: Job -> time.

    Variable arr_seq: arrival_sequence Job.