par.v 1.79 KB
Newer Older
1
From iris.heap_lang Require Export spawn.
Robbert Krebbers's avatar
Robbert Krebbers committed
2
From iris.heap_lang Require Import proofmode notation.
3
Set Default Proof Using "Type".
Ralf Jung's avatar
Ralf Jung committed
4
Import uPred.
5

6 7
Definition parN : namespace := nroot .@ "par".

8
Definition par : val :=
9
  λ: "fs",
10 11 12
    let: "handle" := spawn (Fst "fs") in
    let: "v2" := Snd "fs" #() in
    let: "v1" := join "handle" in
13
    ("v1", "v2").
14
Notation "e1 ||| e2" := (par (Pair (λ: <>, e1) (λ: <>, e2)))%E : expr_scope.
15

16
Section proof.
17
Local Set Default Proof Using "Type*".
18
Context `{!heapG Σ, !spawnG Σ}.
19

20 21 22 23
(* Notice that this allows us to strip a later *after* the two Ψ have been
   brought together.  That is strictly stronger than first stripping a later
   and then merging them, as demonstrated by [tests/joining_existentials.v].
   This is why these are not Texan triples. *)
24
Lemma par_spec (Ψ1 Ψ2 : val  iProp Σ) e (f1 f2 : val) (Φ : val  iProp Σ) :
25
  to_val e = Some (f1,f2)%V 
26 27 28
  WP f1 #() {{ Ψ1 }} - WP f2 #() {{ Ψ2 }} -
  (  v1 v2, Ψ1 v1  Ψ2 v2 -  Φ (v1,v2)%V) -
  WP par e {{ Φ }}.
29
Proof.
Robbert Krebbers's avatar
Robbert Krebbers committed
30 31
  iIntros (<-%of_to_val) "Hf1 Hf2 HΦ".
  rewrite /par /=. wp_let. wp_proj.
32
  wp_apply (spawn_spec parN with "Hf1"); try wp_done; try solve_ndisj.
33
  iIntros (l) "Hl". wp_let. wp_proj. wp_bind (f2 _).
Robbert Krebbers's avatar
Robbert Krebbers committed
34
  iApply (wp_wand with "Hf2"); iIntros (v) "H2". wp_let.
Ralf Jung's avatar
Ralf Jung committed
35
  wp_apply (join_spec with "[$Hl]"). iIntros (w) "H1".
36
  iSpecialize ("HΦ" with "[-]"); first by iSplitL "H1". by wp_let.
Ralf Jung's avatar
Ralf Jung committed
37
Qed.
38

39 40
Lemma wp_par (Ψ1 Ψ2 : val  iProp Σ)
    (e1 e2 : expr) `{!Closed [] e1, Closed [] e2} (Φ : val  iProp Σ) :
41 42 43
  WP e1 {{ Ψ1 }} - WP e2 {{ Ψ2 }} -
  ( v1 v2, Ψ1 v1  Ψ2 v2 -  Φ (v1,v2)%V) -
  WP e1 ||| e2 {{ Φ }}.
Ralf Jung's avatar
Ralf Jung committed
44
Proof.
45 46
  iIntros "H1 H2 H". iApply (par_spec Ψ1 Ψ2 with "[H1] [H2] [H]"); try wp_done.
  by wp_let. by wp_let. auto.
Ralf Jung's avatar
Ralf Jung committed
47 48
Qed.
End proof.