Commit 19113634 authored by Zhen Zhang's avatar Zhen Zhang

Fix compilation

parent 424f4c25
......@@ -99,10 +99,10 @@ endif
VFILES:=atomic.v\
simple_sync.v\
flat.v\
atomic_pair.v\
atomic_sync.v\
treiber.v\
misc.v
misc.v\
evmap.v
ifneq ($(filter-out archclean clean cleanall printenv,$(MAKECMDGOALS)),)
-include $(addsuffix .d,$(VFILES))
......
......@@ -2,7 +2,7 @@
atomic.v
simple_sync.v
flat.v
atomic_pair.v
atomic_sync.v
treiber.v
misc.v
evmap.v
......@@ -3,7 +3,7 @@ From iris.heap_lang Require Export lang.
From iris.heap_lang Require Import proofmode notation.
From iris.heap_lang.lib Require Import spin_lock.
From iris.algebra Require Import dec_agree frac.
From iris_atomic Require Import atomic sync.
From iris_atomic Require Import atomic atomic_sync.
Import uPred.
Section atomic_pair.
......@@ -69,7 +69,7 @@ Section atomic_pair.
Qed.
Lemma pcas_atomic_spec:
heapN N heap_ctx WP sync (λ: <>, (ref #0, ref #0))%V pcas_seq {{ f, γ, gFrag γ (#0, #0) x, atomic_triple' α β f x γ }}.
heapN N heap_ctx WP sync (λ: <>, (ref #0, ref #0))%V pcas_seq {{ f, γ, gHalf γ (#0, #0) x, atomic_triple' α β f x γ }}.
Proof.
iIntros (HN) "#Hh".
iDestruct (atomic_spec with "[]") as "Hspec"=>//.
......@@ -79,16 +79,16 @@ Section atomic_pair.
wp_seq.
wp_alloc l1 as "Hl1".
wp_alloc l2 as "Hl2".
iVs (own_alloc (gFullR (#0, #0) gFragR (#0, #0))) as (γ) "[HgFull HgFrag]".
{ rewrite /gFragR /gFullR. split; first by simpl. simpl. by rewrite dec_agree_idemp. }
iVs (own_alloc (gFullR (#0, #0) gHalfR (#0, #0))) as (γ) "[HgFull HgHalf]".
{ rewrite /gHalfR /gFullR. split; first by simpl. simpl. by rewrite dec_agree_idemp. }
rewrite /ϕ.
iSpecialize ("HΦ" $! (#l1, #l2)%V γ).
rewrite /gFull /gFrag.
rewrite /gFull /gHalf.
iVsIntro.
iAssert (( (l0 l3 : loc) (x1 x2 : val),
(#l1, #l2)%V = (#l0, #l3)%V
(#0, #0)%V = (x1, x2)%V l0 x1 l3 x2))%I with "[Hl1 Hl2]" as "H'".
{ iExists l1, l2, #0, #0. iFrame. eauto. }
iApply ("HΦ" with "H' HgFull HgFrag").
iApply ("HΦ" with "H' HgFull HgHalf").
Qed.
End atomic_pair.
(* evmap.v -- generalized heap-like monoid *)
From iris.program_logic Require Export invariants weakestpre.
From iris.algebra Require Export auth frac gmap dec_agree.
From iris.proofmode Require Import tactics.
Section evmap.
Context (K A: Type) (Q: cmraT) `{Countable K, EqDecision A(* , CMRADiscrete Q *)}.
Definition evkR := prodR Q (dec_agreeR A).
Definition evmapR := gmapUR K evkR.
Definition evidenceR := authR evmapR.
Class evidenceG Σ := EvidenceG { evidence_G :> inG Σ evidenceR }.
Definition evidenceΣ : gFunctors := #[ GFunctor (constRF evidenceR) ].
Instance subG_evidenceΣ {Σ} : subG evidenceΣ Σ evidenceG Σ.
Proof. intros [?%subG_inG _]%subG_inv. split; apply _. Qed.
Lemma map_agree_eq m m' (hd: K) (p q: Q) (x y: A):
m !! hd = Some (p, DecAgree y)
m = {[hd := (q, DecAgree x)]} m' x = y.
Proof.
intros H1 H2.
destruct (decide (x = y)) as [->|Hneq]=>//.
exfalso.
subst. rewrite lookup_op lookup_singleton in H1.
destruct (m' !! hd) as [[b [c|]]|] eqn:Heqn; rewrite Heqn in H1; inversion H1=>//.
destruct (decide (x = c)) as [->|Hneq3]=>//.
- rewrite dec_agree_idemp in H3. by inversion H3.
- rewrite dec_agree_ne in H3=>//.
Qed.
Lemma map_agree_somebot m m' (hd: K) (p q: Q) (x: A):
m !! hd = Some (p, DecAgreeBot) m' !! hd = None
m = {[hd := (q, DecAgree x)]} m' False.
Proof.
intros H1 H2 H3. subst. rewrite lookup_op lookup_singleton in H1.
destruct (m' !! hd) as [[b [c|]]|] eqn:Heqn; rewrite Heqn in H1; inversion H1=>//.
Qed.
Lemma map_agree_none m m' (hd: K) (q: Q) (x: A):
m !! hd = None m = {[hd := (q, DecAgree x)]} m' False.
Proof.
intros H1 H2. subst. rewrite lookup_op lookup_singleton in H1.
destruct (m' !! hd)=>//.
Qed.
End evmap.
Section evmapR.
Context (K A: Type) `{Countable K, EqDecision A}.
Context `{!inG Σ (authR (evmapR K A unitR))}.
Definition ev γm (k : K) (v: A) := own γm ( {[ k := ((), DecAgree v) ]})%I.
Global Instance persistent_ev γm k v : PersistentP (ev γm k v).
Proof. apply _. Qed.
Lemma evmap_alloc γm m k v q:
m !! k = None q
own γm ( m) |=r=> own γm ( (<[ k := (q, DecAgree v) ]> m) {[ k := (q, DecAgree v) ]}).
Proof.
iIntros (??) "Hm".
iDestruct (own_update with "Hm") as "?"; last by iAssumption.
apply auth_update_alloc. apply alloc_singleton_local_update=>//.
Qed.
Lemma map_agree_none' γm (m: evmapR K A unitR) hd x:
m !! hd = None
own γm ( m) ev γm hd x False.
Proof.
iIntros (?) "[Hom Hev]".
iCombine "Hom" "Hev" as "Hauth".
iDestruct (own_valid with "Hauth") as %Hvalid. iPureIntro.
apply auth_valid_discrete_2 in Hvalid as [[af Compose%leibniz_equiv_iff] Valid].
eapply (map_agree_none _ _ _ m)=>//.
Qed.
Lemma map_agree_eq' γm m hd p x agy:
m !! hd = Some (p, agy)
ev γm hd x own γm ( m) DecAgree x = agy.
Proof.
iIntros (?) "[#Hev Hom]".
iCombine "Hom" "Hev" as "Hauth".
iDestruct (own_valid γm ( m {[hd := (_, DecAgree x)]})
with "[Hauth]") as %Hvalid=>//.
apply auth_valid_discrete_2 in Hvalid as [[af Compose%leibniz_equiv_iff] Valid].
destruct agy as [y|].
- iDestruct "Hauth" as "[? ?]". iFrame.
iPureIntro. apply f_equal.
eapply (map_agree_eq _ _ _ m)=>//.
- iAssert ( m)%I as "H"=>//. rewrite (gmap_validI m).
iDestruct ("H" $! hd) as "%".
exfalso. subst. rewrite H0 in H1.
by destruct H1 as [? ?].
Qed.
Lemma evmap_frag_agree_split γm p q1 q2 (a1 a2: A):
own γm ( {[p := (q1, DecAgree a1)]})
own γm ( {[p := (q2, DecAgree a2)]})
(a1 = a2).
Proof.
iIntros "[Ho Ho']".
destruct (decide (a1 = a2)) as [->|Hneq].
- by iFrame.
- iCombine "Ho" "Ho'" as "Ho".
rewrite -(@auth_frag_op (evmapR K A unitR) {[p := (q1, DecAgree a1)]} {[p := (q2, DecAgree a2)]}).
iDestruct (own_valid with "Ho") as %Hvalid.
exfalso.
rewrite op_singleton in Hvalid.
apply auth_valid_discrete in Hvalid. simpl in Hvalid.
apply singleton_valid in Hvalid.
destruct Hvalid as [_ Hvalid].
apply dec_agree_op_inv in Hvalid. inversion Hvalid. subst. auto.
Qed.
End evmapR.
This diff is collapsed.
Subproject commit 9c5a95d3b271f4e0d0c657964dfa386070d0b322
......@@ -49,171 +49,6 @@ Section excl.
Qed.
End excl.
Section pair.
Context `{EqDecision A, !inG Σ (prodR fracR (dec_agreeR A))}.
Lemma m_frag_agree γm (q1 q2: Qp) (a1 a2: A):
own γm (q1, DecAgree a1) own γm (q2, DecAgree a2)
|=r=> own γm ((q1 + q2)%Qp, DecAgree a1) (a1 = a2).
Proof.
iIntros "[Ho Ho']".
destruct (decide (a1 = a2)) as [->|Hneq].
- iSplitL=>//.
iCombine "Ho" "Ho'" as "Ho".
iDestruct (own_update with "Ho") as "?"; last by iAssumption.
by rewrite pair_op frac_op' dec_agree_idemp.
- iCombine "Ho" "Ho'" as "Ho".
iDestruct (own_valid with "Ho") as %Hvalid.
exfalso. destruct Hvalid as [_ Hvalid].
simpl in Hvalid. apply dec_agree_op_inv in Hvalid. inversion Hvalid. subst. auto.
Qed.
End pair.
Section evidence.
Context (K A: Type) `{Countable K, EqDecision A}.
Definition evkR := prodR fracR (dec_agreeR A).
Definition evmapR := gmapUR K evkR.
Definition evidenceR := authR evmapR.
Class evidenceG Σ := EvidenceG { evidence_G :> inG Σ evidenceR }.
Definition evidenceΣ : gFunctors := #[ GFunctor (constRF evidenceR) ].
Instance subG_evidenceΣ {Σ} : subG evidenceΣ Σ evidenceG Σ.
Proof. intros [?%subG_inG _]%subG_inv. split; apply _. Qed.
Lemma map_agree_eq m m' (hd: K) (p q: Qp) (x y: A):
m !! hd = Some (p, DecAgree y)
m = {[hd := (q, DecAgree x)]} m' x = y.
Proof.
intros H1 H2.
destruct (decide (x = y)) as [->|Hneq]=>//.
exfalso.
subst. rewrite lookup_op lookup_singleton in H1.
destruct (m' !! hd) as [[b [c|]]|] eqn:Heqn; rewrite Heqn in H1; inversion H1=>//.
destruct (decide (x = c)) as [->|Hneq3]=>//.
- rewrite dec_agree_idemp in H3. by inversion H3.
- rewrite dec_agree_ne in H3=>//.
Qed.
Lemma map_agree_somebot m m' (hd: K) (p q: Qp) (x: A):
m !! hd = Some (p, DecAgreeBot) m' !! hd = None
m = {[hd := (q, DecAgree x)]} m' False.
Proof.
intros H1 H2 H3. subst. rewrite lookup_op lookup_singleton in H1.
destruct (m' !! hd) as [[b [c|]]|] eqn:Heqn; rewrite Heqn in H1; inversion H1=>//.
Qed.
Lemma map_agree_none m m' (hd: K) (q: Qp) (x: A):
m !! hd = None m = {[hd := (q, DecAgree x)]} m' False.
Proof.
intros H1 H2. subst. rewrite lookup_op lookup_singleton in H1.
destruct (m' !! hd)=>//.
Qed.
Context `{!inG Σ (authR evmapR)}.
Definition ev γm (k : K) (v: A) := ( q, own γm ( {[ k := (q, DecAgree v) ]}))%I.
Lemma evmap_alloc γm m k v:
m !! k = None
own γm ( m) |=r=> own γm ( (<[ k := (1%Qp, DecAgree v) ]> m) {[ k := (1%Qp, DecAgree v) ]}).
Proof.
iIntros (?) "Hm".
iDestruct (own_update with "Hm") as "?"; last by iAssumption.
apply auth_update_alloc, alloc_local_update=>//.
Qed.
Lemma map_agree_none' γm m hd x:
m !! hd = None
own γm ( m) ev γm hd x False.
Proof.
iIntros (?) "[Hom Hev]". iDestruct "Hev" as (?) "Hfrag".
iCombine "Hom" "Hfrag" as "Hauth".
iDestruct (own_valid γm ( m {[hd := (_, DecAgree x)]})
with "[Hauth]") as %Hvalid=>//.
iPureIntro.
apply auth_valid_discrete_2 in Hvalid as [[af Compose%leibniz_equiv_iff] Valid].
eapply (map_agree_none m)=>//.
Qed.
Lemma map_agree_eq' γm m hd p x agy:
m !! hd = Some (p, agy)
own γm ( m) ev γm hd x own γm ( m) ev γm hd x DecAgree x = agy.
Proof.
iIntros (?) "[Hom Hev]". iDestruct "Hev" as (?) "Hfrag".
iCombine "Hom" "Hfrag" as "Hauth".
iDestruct (own_valid γm ( m {[hd := (_, DecAgree x)]})
with "[Hauth]") as %Hvalid=>//.
apply auth_valid_discrete_2 in Hvalid as [[af Compose%leibniz_equiv_iff] Valid].
destruct agy as [y|].
- iDestruct "Hauth" as "[? ?]". iFrame. iSplitL.
{ rewrite /ev. eauto. }
iPureIntro. destruct (decide (x = y)); try by subst.
exfalso. apply n. eapply (map_agree_eq m)=>//. (* XXX: Why it is uPred M *)
- iAssert ( m)%I as "H"=>//. rewrite (gmap_validI m).
iDestruct ("H" $! hd) as "%".
exfalso. subst. rewrite H0 in H2.
by destruct H2 as [? ?].
Qed.
Lemma pack_ev γm k v q:
own γm ( {[ k := (q, DecAgree v) ]}) ev γm k v.
Proof. iIntros "?". rewrite /ev. eauto. Qed.
Lemma dup_ev γm hd y:
ev γm hd y |=r=> ev γm hd y ev γm hd y.
Proof.
rewrite /ev. iIntros "Hev". iDestruct "Hev" as (q) "Hev".
iAssert (|=r=> own γm ( {[hd := ((q/2)%Qp, DecAgree y)]}
{[hd := ((q/2)%Qp, DecAgree y)]}))%I with "[Hev]" as "==>[Hev1 Hev2]".
{ iDestruct (own_update with "Hev") as "?"; last by iAssumption.
rewrite <- auth_frag_op.
by rewrite op_singleton pair_op dec_agree_idemp frac_op' Qp_div_2. }
iSplitL "Hev1"; eauto.
Qed.
Lemma evmap_frag_agree_split γm p q1 q2 (a1 a2: A):
own γm ( {[p := (q1, DecAgree a1)]})
own γm ( {[p := (q2, DecAgree a2)]})
|=r=> own γm ( {[p := (q1, DecAgree a1)]})
own γm ( {[p := (q2, DecAgree a1)]}) (a1 = a2).
Proof.
iIntros "[Ho Ho']".
destruct (decide (a1 = a2)) as [->|Hneq].
- by iFrame.
- iCombine "Ho" "Ho'" as "Ho".
iDestruct (own_valid with "Ho") as %Hvalid.
exfalso. rewrite <-(@auth_frag_op evmapR) in Hvalid.
rewrite op_singleton in Hvalid.
apply auth_valid_discrete in Hvalid. simpl in Hvalid.
apply singleton_valid in Hvalid.
destruct Hvalid as [_ Hvalid].
apply dec_agree_op_inv in Hvalid. inversion Hvalid. subst. auto.
Qed.
Lemma evmap_frag_agree γm p q1 q2 (a1 a2: A):
own γm ( {[p := (q1, DecAgree a1)]})
own γm ( {[p := (q2, DecAgree a2)]})
|=r=> own γm ( {[p := ((q1 + q2)%Qp, DecAgree a1)]}) (a1 = a2).
Proof.
iIntros "Hos".
iDestruct (evmap_frag_agree_split with "Hos") as "==>[Ho1 [Ho2 %]]".
iCombine "Ho1" "Ho2" as "Ho". iSplitL; auto.
iDestruct (own_update with "Ho") as "?"; last by iAssumption.
rewrite <-(@auth_frag_op evmapR {[p := (q1, DecAgree a1)]} {[p := (q2, DecAgree a1)]}).
by rewrite op_singleton pair_op frac_op' dec_agree_idemp.
Qed.
Lemma ev_agree γm k v1 v2:
ev γm k v1 ev γm k v2 |=r=> ev γm k v1 ev γm k v1 v1 = v2.
Proof.
iIntros "[Hev1 Hev2]".
iDestruct "Hev1" as (?) "Hev1". iDestruct "Hev2" as (?) "Hev2".
iDestruct (evmap_frag_agree_split with "[-]") as "==>[Hev1 [Hev2 %]]"; first iFrame.
subst. iSplitL "Hev1"; rewrite /ev; eauto.
Qed.
End evidence.
Section heap_extra.
Context `{heapG Σ}.
......@@ -246,3 +81,23 @@ Section big_op_later.
([ map] ky <[i:=x]> m, Φ k y) ⊣⊢ Φ i x [ map] ky m, Φ k y.
Proof. intros ?. rewrite big_sepM_insert=>//. apply later_sep. Qed.
End big_op_later.
Section pair.
Context `{EqDecision A, !inG Σ (prodR fracR (dec_agreeR A))}.
Lemma m_frag_agree γm (q1 q2: Qp) (a1 a2: A):
own γm (q1, DecAgree a1) own γm (q2, DecAgree a2)
|=r=> own γm ((q1 + q2)%Qp, DecAgree a1) (a1 = a2).
Proof.
iIntros "[Ho Ho']".
destruct (decide (a1 = a2)) as [->|Hneq].
- iSplitL=>//.
iCombine "Ho" "Ho'" as "Ho".
iDestruct (own_update with "Ho") as "?"; last by iAssumption.
by rewrite pair_op frac_op' dec_agree_idemp.
- iCombine "Ho" "Ho'" as "Ho".
iDestruct (own_valid with "Ho") as %Hvalid.
exfalso. destruct Hvalid as [_ Hvalid].
simpl in Hvalid. apply dec_agree_op_inv in Hvalid. inversion Hvalid. subst. auto.
Qed.
End pair.
......@@ -20,22 +20,6 @@ Global Opaque mk_sync.
Section syncer.
Context `{!heapG Σ, !lockG Σ} (N: namespace).
(* (* R synced f w.r.t f' *) *)
(* Definition synced (f' f: val) (R: iProp Σ): iProp Σ := *)
(* ( (x: expr) (v: val) (P: iProp Σ) (Q: val -> iProp Σ), *)
(* to_val x = Some v - *)
(* {{ R P }} f x {{ z, R Q z }} - *)
(* {{ P }} f' x {{ z, Q z }})%I. *)
(* Global Instance synced_persistent f f' R: PersistentP (synced f f' R). *)
(* Proof. apply _. Qed. *)
(* Global Opaque synced. *)
(* Definition is_syncer (R: iProp Σ) (s: val) : iProp Σ := *)
(* ( (f : val), WP s f {{ f', synced f' f R }})%I. *)
Lemma mk_sync_spec (R: iProp Σ) (f: val):
(Φ: val -> iProp Σ),
heapN N
......
From iris.program_logic Require Export weakestpre.
From iris.heap_lang Require Export lang.
From iris.heap_lang Require Import proofmode notation.
From iris.algebra Require Import auth upred gmap dec_agree upred_big_op.
From iris_atomic Require Import atomic misc.
From iris.algebra Require Import frac auth upred gmap dec_agree upred_big_op csum.
From iris_atomic Require Import atomic misc evmap.
Definition new_stack: val := λ: <>, ref (ref NONE).
......@@ -198,10 +198,8 @@ Section proof.
End proof.
Section defs.
Context `{heapG Σ, !evidenceG loc val Σ} (N: namespace).
Context `{heapG Σ, !evidenceG loc val unitR Σ} (N: namespace).
Context (R: val iProp Σ) (γ: gname) `{ x, TimelessP (R x)}.
Definition allocated hd := ( q v, hd {q} v)%I.
......@@ -231,10 +229,10 @@ Section defs.
iApply IHxs'=>//.
Qed.
Definition perR' hd v v' := (v = (1%Qp, DecAgree v') R v' allocated hd)%I.
Definition perR' hd v v' := (v = ((: unitR), DecAgree v') R v' allocated hd)%I.
Definition perR hd v := ( v', perR' hd v v')%I.
Definition allR := ( m, own γ ( m) [ map] hd v m, perR hd v)%I.
Definition allR := ( m : evmapR loc val unitR, own γ ( m) [ map] hd v m, perR hd v)%I.
Definition is_stack' xs s := ( hd: loc, s #hd is_list' hd xs allR)%I.
......@@ -251,10 +249,9 @@ Section defs.
- iIntros (hd) "(#? & Hs)".
simpl. iDestruct "Hs" as (q) "[Hhd Hhd']". iSplitL "Hhd"; eauto.
- iIntros (hd) "(#? & Hs)". simpl.
iDestruct "Hs" as (hd' q) "([Hhd Hhd'] & Hev & Hs')".
iDestruct "Hs" as (hd' q) "([Hhd Hhd'] & #Hev & Hs')".
iDestruct (IHxs' with "[Hs']") as "==>[Hs1 Hs2]"; first by iFrame.
iDestruct (dup_ev with "Hev") as "==>[Hev1 Hev2]".
iVsIntro. iSplitL "Hhd Hs1 Hev1"; iExists hd', (q / 2)%Qp; by iFrame.
iVsIntro. iSplitL "Hhd Hs1"; iExists hd', (q / 2)%Qp; by iFrame.
Qed.
Lemma extract_is_list: xs hd,
......@@ -277,7 +274,7 @@ Section defs.
End defs.
Section proofs.
Context `{heapG Σ, !evidenceG loc val Σ} (N: namespace).
Context `{heapG Σ, !evidenceG loc val unitR Σ} (N: namespace).
Context (R: val iProp Σ).
Lemma new_stack_spec' Φ RI:
......@@ -286,14 +283,14 @@ Lemma new_stack_spec' Φ RI:
WP new_stack #() {{ Φ }}.
Proof.
iIntros (HN) "(#Hh & HR & HΦ)".
iVs (own_alloc ( (: evmapR loc val) )) as (γ) "[Hm Hm']".
iVs (own_alloc ( (: evmapR loc val unitR) )) as (γ) "[Hm Hm']".
{ apply auth_valid_discrete_2. done. }
wp_seq. wp_bind (ref NONE)%E. wp_alloc l as "Hl".
wp_alloc s as "Hs".
iAssert (( xs : list val, is_stack' R γ xs s) RI)%I with "[-HΦ Hm']" as "Hinv".
{ iFrame. iExists [], l. iFrame. simpl. iSplitL "Hl".
- eauto.
- iExists . iFrame. by iApply (big_sepM_empty (fun hd v => perR R hd v)). }
- iExists . iSplitL. iFrame. by iApply (big_sepM_empty (fun hd v => perR R hd v)). }
iVs (inv_alloc N _ (( xs : list val, is_stack' R γ xs s) RI)%I with "[-HΦ Hm']") as "#?"; first eauto.
by iApply "HΦ".
Qed.
......@@ -362,22 +359,20 @@ Lemma new_stack_spec' Φ RI:
iApply (bogus_heap hd' 1%Qp q); first apply Qp_not_plus_q_ge_1.
iFrame "#". iFrame.
* iAssert (evs γ hd' x (allR R γ))%I
with "==>[Rx Hom HRm Hhd'1]" as "[Hox ?]".
with "==>[Rx Hom HRm Hhd'1]" as "[#Hox ?]".
{
iDestruct (evmap_alloc _ _ _ m with "[Hom]") as "==>[Hom Hox]"=>//.
iDestruct (dup_ev with "[Hox]") as "==>[Hox1 Hox2]".
{ rewrite /ev. eauto. }
iFrame.
iDestruct (big_sepM_insert_later (perR R) m) as "H"=>//.
iExists (<[hd' := (1%Qp, DecAgree x)]> m).
iSplitL "Hox".
{ rewrite /evs /ev. eauto. }
iExists (<[hd' := ((), DecAgree x)]> m).
iFrame. iApply "H". iFrame. iExists x.
iFrame. rewrite /allocated. iSplitR "Hhd'1"; auto.
}
iDestruct (dup_ev with "[Hox]") as "==>[Hox1 Hox2]"=>//.
iVs ("Hclose" with "[-Hox2]").
iVs ("Hclose" with "[-]").
{ iNext. iFrame. iExists (x::xs).
iExists hd'. iFrame.
iExists hd, (1/2)%Qp. iFrame.
iExists hd, (1/2)%Qp. by iFrame.
}
iVsIntro. iSplitL; last auto. by iExists hd'.
- iApply wp_wand_r. iSplitL "HRx Hpush".
......@@ -387,26 +382,26 @@ Lemma new_stack_spec' Φ RI:
Qed.
(* some helpers *)
Lemma access (γ: gname) (x: val) (xs: list val) m:
Lemma access (γ: gname) (x: val) (xs: list val) (m: evmapR loc val unitR) :
hd: loc,
x xs
([ map] hdv m, perR R hd v) own γ ( m)
is_list' γ hd xs
hd' q, ([ map] hdv delete hd' m, perR R hd v)
perR R hd' (q, DecAgree x) m !! hd' = Some (q, DecAgree x) own γ ( m).
hd', ([ map] hdv delete hd' m, perR R hd v)
perR R hd' ((: unitR), DecAgree x) m !! hd' = Some ((: unitR), DecAgree x) own γ ( m).
Proof.
induction xs as [|x' xs' IHxs'].
- iIntros (? Habsurd). inversion Habsurd.
- destruct (decide (x = x')) as [->|Hneq].
+ iIntros (hd _) "(HR & Hom & Hxs)".
simpl. iDestruct "Hxs" as (hd' q) "[Hhd [Hev Hxs']]".
simpl. iDestruct "Hxs" as (hd' q) "[Hhd [#Hev Hxs']]".
rewrite /ev. destruct (m !! hd) as [[q' [x|]]|] eqn:Heqn.
* iDestruct (big_sepM_delete_later (perR R) m with "HR") as "[Hp HRm]"=>//.
iDestruct (map_agree_eq' _ _ _ m with "[Hom Hev]") as "(Hom & Hev & %)"=>//; first iFrame.
subst. iExists hd, q'. inversion H0. subst. by iFrame.
iDestruct (map_agree_eq' _ _ _ m with "[Hom]") as %H'=>//; first iFrame=>//.
subst. iExists hd. inversion H'. subst. destruct q'. by iFrame.
* iDestruct (big_sepM_delete_later (perR R) m with "HR") as "[Hp HRm]"=>//.
iDestruct (map_agree_eq' _ _ _ m with "[Hom Hev]") as "(Hom & Hev & %)"=>//; first iFrame.
* iExFalso. iApply (map_agree_none' _ _ _ m)=>//. iFrame.
iDestruct (map_agree_eq' _ _ _ m with "[Hom]") as "%"=>//; first iFrame=>//.
* iExFalso. iApply (map_agree_none' _ _ _ m)=>//. iFrame=>//.
+ iIntros (hd ?).
assert (x xs'); first set_solver.
iIntros "(HRs & Hom & Hxs')".
......@@ -416,4 +411,3 @@ Lemma new_stack_spec' Φ RI:
Qed.
End proofs.
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment