Mercurial Mercurial > hg > regexp / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | gz | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
some small improvements
authorurbanc
Tue, 17 Apr 2012 15:37:03 +0000
changeset 344 27270b4bffba
parent 343 1687f868dd5e
child 345 73a415af3bcd
some small improvements
prio/Paper/Paper.thy file | annotate | diff | comparison | revisions
prio/Paper/document/root.bib file | annotate | diff | comparison | revisions
prio/paper.pdf file | annotate | diff | comparison | revisions 
--- a/prio/Paper/Paper.thy	Mon Apr 16 15:16:02 2012 +0000
+++ b/prio/Paper/Paper.thy	Tue Apr 17 15:37:03 2012 +0000
@@ -54,10 +54,9 @@
   \emph{Priority Inversion}. Suppose three threads having priorities
   $H$(igh), $M$(edium) and $L$(ow). We would expect that the thread
   $H$ blocks any other thread with lower priority and the thread itself cannot
-  be blocked indefinitely by any thread with lower priority. Alas, in a naive
+  be blocked indefinitely by threads with lower priority. Alas, in a naive
   implementation of resource locking and priorities this property can
-  be violated. Even worse, $H$ can be delayed indefinitely by
-  threads with lower priorities. For this let $L$ be in the
+  be violated. For this let $L$ be in the
   possession of a lock for a resource that $H$ also needs. $H$ must
   therefore wait for $L$ to exit the critical section and release this
   lock. The problem is that $L$ might in turn be blocked by any
@@ -93,7 +92,7 @@
   implemented. This includes VxWorks (a proprietary real-time OS used
   in the Mars Pathfinder mission, in Boeing's 787 Dreamliner, Honda's
   ASIMO robot, etc.), but also the POSIX 1003.1c Standard realised for
-  example in libraries for FreeBSD, Solaris and Linux. ({\bf ??? Is this True?})
+  example in libraries for FreeBSD, Solaris and Linux. 
 
   One advantage of PIP is that increasing the priority of a thread
   can be dynamically calculated by the scheduler. This is in contrast
@@ -124,7 +123,7 @@
   and also a few high-level descriptions of implementations (e.g.~in
   the textbook \cite[Section 5.6.5]{Vahalia96}), but they help little
   with actual implementations. That this is a problem in practice is
-  proved by an email from Baker, who wrote on 13 July 2009 on the Linux
+  proved by an email by Baker, who wrote on 13 July 2009 on the Linux
   Kernel mailing list:
 
   \begin{quote}
@@ -1082,8 +1081,8 @@
   The first property is again telling us we do not need to change the @{text RAG}. 
   The second shows that the @{term cp}-values of all threads other than @{text th} 
   are unchanged. The reason is that @{text th} is running; therefore it is not in 
-  the @{term dependants} relation of any thread. This in turn means that the 
-  change of its priority cannot affect the threads.
+  the @{term dependants} relation of any other thread. This in turn means that the 
+  change of its priority cannot affect other threads.
 
   %The second
   %however states that only threads that are \emph{not} dependants of @{text th} have their
@@ -1205,6 +1204,8 @@
   this section closely inform an implementation of PIP, namely whether the
   @{text RAG} needs to be reconfigured or current precedences need to
   be recalculated for an event. This information is provided by the lemmas we proved.
+  We confirmened that our observations translate into practice by implementing
+  a PIP-scheduler on top of PINTOS, a small operating system for teaching purposes \cite{PINTOS}. 
 *}
 
 section {* Conclusion *}
@@ -1237,8 +1238,8 @@
   email from Baker we cited in the Introduction. We achieved also this
   goal: The formalisation gives the first author enough data to enable
   his undergraduate students to implement PIP (as part of their OS course)
-  on top of PINTOS, a small operating system for teaching
-  purposes. A byproduct of our formalisation effort is that nearly all
+  on top of PINTOS, a simple instructional operating system for the x86 
+  architecture \cite{PINTOS}. A byproduct of our formalisation effort is that nearly all
   design choices for the PIP scheduler are backed up with a proved
   lemma. We were also able to establish the property that the choice of
   the next thread which takes over a lock is irrelevant for the correctness
@@ -1275,7 +1276,12 @@
   PVS of the Priority Ceiling Protocol done by Dutertre
   \cite{dutertre99b}---another solution to the Priority Inversion
   problem, which however needs static analysis of programs in order to
-  avoid it. {\bf ??? mention model-checking approaches}
+  avoid it. There have been earlier formal investigations
+  into PIP \cite{Faria08,Jahier09,Wellings07}, but they employ model
+  checking techniques. In this way they are limited to validating
+  one particular implementation. In contrast, our paper is a good 
+  witness for one of the major reasons to be interested in machine checked 
+  reasoning: gaining deeper understanding of the subject matter.
 
   Our formalisation
   consists of around 210 lemmas and overall 6950 lines of readable Isabelle/Isar
@@ -1286,13 +1292,6 @@
   can be downloaded from
   \url{http://www.inf.kcl.ac.uk/staff/urbanc/pip.html}.
 
-  {\bf ??? say:
-  So this paper is a good witness for one
-of the major reasons to be interested in machine checked reasoning:
-gaining deeper understanding of the subject matter.
-  }
-
-
   \bibliographystyle{plain}
   \bibliography{root}
 *}
--- a/prio/Paper/document/root.bib	Mon Apr 16 15:16:02 2012 +0000
+++ b/prio/Paper/document/root.bib	Tue Apr 17 15:37:03 2012 +0000
@@ -1,3 +1,9 @@
+
+@Misc{PINTOS,
+  title = {\url{http://www.stanford.edu/class/cs140/projects/}},
+}
+
+
 @inproceedings{Haftmann08,
   author    = {F.~Haftmann and M.~Wenzel},
   title     = {{L}ocal {T}heory {S}pecifications in {I}sabelle/{I}sar},
Binary file prio/paper.pdf has changed
regexp