A stronger version of `cinv_open`.

This version allows one to either close or cancel the invariant after opening it.

A stronger version of `cinv_open`.
This version allows one to either close or cancel the invariant after opening it.
11eacd8b · Robbert Krebbers · b043f3a3 · 11eacd8b
Commit 11eacd8b authored May 23, 2018 by Robbert Krebbers
Hide whitespace changes
Inline Side-by-side

Showing with 21 additions and 11 deletions

theories/base_logic/lib/cancelable_invariants.v theories/base_logic/lib/cancelable_invariants.v +21 -11

No files found.
--- a/theories/base_logic/lib/cancelable_invariants.v
+++ b/theories/base_logic/lib/cancelable_invariants.v
@@ -70,6 +70,21 @@ Section proofs.
    iIntros "!>". iExists P. iSplit; last done. iIntros "!# !>"; iSplit; auto.
  Qed.

+  Lemma cinv_open_strong E N γ p P :
+    ↑N ⊆ E →
+    cinv N γ P -∗ cinv_own γ p ={E,E∖↑N}=∗
+    ▷ P ∗ cinv_own γ p ∗ (▷ P ∨ cinv_own γ 1 ={E∖↑N,E}=∗ True).
+  Proof.
+    iIntros (?) "#Hinv Hγ". iDestruct "Hinv" as (P') "[#HP' Hinv]".
+    iInv N as "[HP | >Hγ']" "Hclose".
+    - iIntros "!> {$Hγ}". iSplitL "HP".
+      + iNext. iApply "HP'". done.
+      + iIntros "[HP|Hγ]".
+        * iApply "Hclose". iLeft. iNext. by iApply "HP'".
+        * iApply "Hclose". iRight. by iNext.
+    - iDestruct (cinv_own_1_l with "Hγ' Hγ") as %[].
+  Qed.
+
  Lemma cinv_alloc E N P : ▷ P ={E}=∗ ∃ γ, cinv N γ P ∗ cinv_own γ 1.
  Proof.
    iIntros "HP". iMod (cinv_alloc_strong ∅ E N) as (γ _) "[Hγ Halloc]".
@@ -78,23 +93,18 @@ Section proofs.

  Lemma cinv_cancel E N γ P : ↑N ⊆ E → cinv N γ P -∗ cinv_own γ 1 ={E}=∗ ▷ P.
  Proof.
-    iIntros (?) "#Hinv Hγ". iDestruct "Hinv" as (P') "[#HP' Hinv]".
-    iInv N as "[HP|>Hγ']" "Hclose".
-    - iMod ("Hclose" with "[Hγ]") as "_"; first by eauto. iModIntro. iNext.
-      iApply "HP'". done.
-    - iDestruct (cinv_own_1_l with "Hγ Hγ'") as %[].
+    iIntros (?) "#Hinv Hγ".
+    iMod (cinv_open_strong with "Hinv Hγ") as "($ & Hγ & H)"; first done.
+    iApply "H". by iRight.
  Qed.

  Lemma cinv_open E N γ p P :
    ↑N ⊆ E →
    cinv N γ P -∗ cinv_own γ p ={E,E∖↑N}=∗ ▷ P ∗ cinv_own γ p ∗ (▷ P ={E∖↑N,E}=∗ True).
  Proof.
-    iIntros (?) "#Hinv Hγ". iDestruct "Hinv" as (P') "[#HP' Hinv]".
-    iInv N as "[HP | >Hγ']" "Hclose".
-    - iIntros "!> {$Hγ}". iSplitL "HP".
-      + iNext. iApply "HP'". done.
-      + iIntros "HP". iApply "Hclose". iLeft. iNext. by iApply "HP'".
-    - iDestruct (cinv_own_1_l with "Hγ' Hγ") as %[].
+    iIntros (?) "#Hinv Hγ".
+    iMod (cinv_open_strong with "Hinv Hγ") as "($ & $ & H)"; first done.
+    iIntros "!> HP". iApply "H"; auto.
  Qed.
 End proofs.