Commit c958e6ec by Dan Frumin

### [F_mu_ref_conc] simplify the refinement proof for the stack example

parent 10632f27
This diff is collapsed.
 ... ... @@ -28,6 +28,10 @@ Section Rules. by iIntros ([=]%auth_own_valid%singleton_valid%dec_agree_op_inv). Qed. (* stacklink Q := {((Loc l), nil) ∣ l ↦ˢᵗᵏ (InjL #()) } ∪ {((Loc l), cons y2 z2) ∣ ∃ y1 z1, l ↦ˢᵗᵏ (y1, z1) ∗ (y1, y2) ∈ Q ∗ ▷ stacklink Q (z1, z2) }*) Program Definition StackLink_pre (Q : D) : D -n> D := λne P v, (∃ l w, ⌜v.1 = LocV l⌝ ∗ l ↦ˢᵗᵏ w ∗ ((⌜w = InjLV UnitV⌝ ∧ ⌜v.2 = FoldV (InjLV UnitV)⌝) ∨ ... ... @@ -46,20 +50,23 @@ Section Rules. ((⌜w = InjLV UnitV⌝ ∧ ⌜v.2 = FoldV (InjLV UnitV)⌝) ∨ (∃ y1 z1 y2 z2, ⌜w = InjRV (PairV y1 (FoldV z1))⌝ ∗ ⌜v.2 = FoldV (InjRV (PairV y2 z2))⌝ ∗ Q (y1, y2) ∗ ▷ @StackLink Q (z1, z2))))%I. ∗ Q (y1, y2) ∗ ▷ StackLink Q (z1, z2))))%I. Proof. by rewrite {1}/StackLink fixpoint_unfold. Qed. Global Opaque StackLink. (* So that we can only use the unfold above. *) Global Instance StackLink_persistent (Q : D) v `{∀ vw, PersistentP (Q vw)} : PersistentP (StackLink Q v). Proof. Proof. iIntros "H". iLöb as "IH" forall (v). rewrite StackLink_unfold. iDestruct "H" as (l w) "[% [#Hl [#Hr|Hr]]]"; subst. { iExists l, w; iAlways; eauto. } iDestruct "Hr" as (y1 z1 y2 z2) "[#H1 [#H2 [#HQ H']]]". rewrite later_forall. iDestruct ("IH" with "* H'") as "#H''". iClear "H'". iAlways. eauto 20. iDestruct "H" as (l w) "[% [#Hl [[% %]|Hr]]]"; subst. { iExists l, _; iAlways; eauto. } iDestruct "Hr" as (y1 z1 y2 z2) "[% [% [#HQ Hrec]]]"; subst. rewrite later_forall. iSpecialize ("IH" \$! (z1, z2)). rewrite later_wand. iSpecialize ("IH" with "Hrec"). rewrite -always_later. iDestruct "IH" as "#IH". iAlways. iExists _,_; eauto 20. Qed. Lemma stackR_alloc (h : stackUR) (i : loc) (v : val) : ... ... @@ -79,7 +86,7 @@ Section Rules. stack_owns h ∗ l ↦ᵢ v ==∗ stack_owns (<[l := DecAgree v]> h) ∗ l ↦ˢᵗᵏ v. Proof. iIntros "[[Hown Hall] Hl]". iDestruct (own_valid with "Hown") as %Hvalid. iDestruct (own_valid with "Hown") as %Hvalid. destruct (h !! l) as [av|] eqn:?. { iDestruct (big_sepM_lookup with "Hall") as "Hl'"; first done. destruct av as [v'|]; last by iExFalso. ... ...
 From iris_logrel.F_mu_ref_conc Require Import lang. From iris.program_logic Require Import language. Set Default Proof Using "Type". Import lang. Coercion App : expr >-> Funclass. (* No scope for the values, does not conflict and scope is often not inferred properly. *) Notation "# l" := (LocV l%Z%V) (at level 8, format "# l"). Notation "# l" := (Loc l%Z%V) (at level 8, format "# l") : expr_scope. (** Syntax inspired by Coq/Ocaml. Constructions with higher precedence come first. *) Notation "( e1 , e2 , .. , en )" := (Pair .. (Pair e1 e2) .. en) : expr_scope. Notation "( e1 , e2 , .. , en )" := (PairV .. (PairV e1 e2) .. en) : val_scope. Notation "'case:' e0 'of' 'InjL' => e1 | 'InjR' => e2 'end'" := (Case e0 e1 e2) (e0, e1, e2 at level 200) : expr_scope. Notation "()" := Unit : expr_scope. Notation "()" := UnitV : val_scope. Notation "! e" := (Load e%E) (at level 9, right associativity) : expr_scope. Notation "'ref' e" := (Alloc e%E) (at level 30, right associativity) : expr_scope. (* The unicode ← is already part of the notation "_ ← _; _" for bind. *) Notation "e1 <- e2" := (Store e1%E e2%E) (at level 80) : expr_scope. Notation "'rec:' e" := (Rec e%E) (at level 102, e at level 200) : expr_scope. Notation "'rec:' e" := (locked (RecV e%E)) (at level 102, e at level 200) : val_scope. Notation "'if:' e1 'then' e2 'else' e3" := (If e1%E e2%E e3%E) (at level 200, e1, e2, e3 at level 200) : expr_scope. Notation "'Λ:' e" := (TLam e%E) (at level 102, e at level 200) : expr_scope. Notation "'Λ:' e" := (TLamV e%E) (at level 102, e at level 200) : val_scope.
 ... ... @@ -35,6 +35,7 @@ F_mu_ref_conc/soundness_unary.v F_mu_ref_conc/context_refinement.v F_mu_ref_conc/soundness_binary.v F_mu_ref_conc/tactics.v F_mu_ref_conc/notation.v F_mu_ref_conc/examples/lock.v F_mu_ref_conc/examples/counter.v F_mu_ref_conc/examples/stack/stack_rules.v ... ...
