Commit 06c3dc56 by Dan Frumin

### Adapt the specs according to a_fill

parent 4e5128c0
 ... ... @@ -45,11 +45,11 @@ Notation "e1 ;;;; e2" := (a_seq_bind e1 (λ: <>, e2))%E (at level 80, right associativity). Definition a_if : val := λ: "cnd" "e1" "e2", a_bind (λ: "c", if: "c" then "e1" else "e2") "cnd". a_bind (λ: "c", if: "c" then "e1" #() else "e2" #()) "cnd". Definition a_while: val := rec: "while" "cnd" "bdy" := a_if "cnd" ("bdy" ;;;; "while" "cnd" "bdy") (a_ret #()). a_if ("cnd" #()) ("bdy" ;;;; "while" "cnd" "bdy"). Section proofs. Context `{locking_heapG Σ, heapG Σ, flockG Σ, spawnG Σ}. ... ... @@ -86,7 +86,7 @@ Section proofs. { rewrite -big_sepM_insert_override; eauto. } Qed. Lemma a_fill R Ψ Φ K e : Lemma a_fill K R Ψ Φ e : awp e R Ψ -∗ (∀ v : val, awp v R Ψ -∗ awp (fill K (of_val v)) R Φ) -∗ awp (fill K e) R Φ. ... ... @@ -101,24 +101,26 @@ Section proofs. awp (a_seq_bind e1 e2) R Φ. Proof. iIntros ([v2 <-%of_to_val]) "H". iApply (a_fill _ _ _ [AppRCtx a_seq_bind; AppLCtx v2] with "H"). iApply (a_fill [AppRCtx a_seq_bind; AppLCtx v2] with "H"). iIntros (v) "H /=". rewrite /a_seq_bind. awp_lam. awp_lam. iApply awp_bind. iApply (awp_wand with "H"). iIntros (w) "H". awp_lam. iApply awp_bind. iApply a_seq_spec. iUnlock. by awp_lam. Qed. Lemma a_load_spec R (l : loc) (v : val) Φ : l ↦U v -∗ (l ↦U v -∗ Φ v) -∗ awp (a_load (a_ret #l)) R Φ. Lemma a_load_spec R Φ Ψ e : awp e R (λ v, ∃ l : loc, ⌜v = #l⌝ ∧ Ψ l) -∗ (∀ (l : loc), Ψ l -∗ (∃ v, l ↦U v ∗ (l ↦U v -∗ Φ v))) -∗ awp (a_load e) R Φ. Proof. unfold a_load. iIntros "Hv HΦ". rewrite /a_ret. do 2 awp_lam. iIntros "He HΦ". iApply (a_fill [AppRCtx a_load] with "He"). iIntros (v) "Hv /=". awp_lam. iApply awp_bind. iApply awp_value. awp_let. iApply (awp_wand with "Hv"). clear v. iIntros (v). iDestruct 1 as (l ->) "HΨ". awp_lam. iDestruct ("HΦ" with "HΨ") as (v) "[Hv HΦ]". iApply awp_atomic_env. iIntros (env) "Henv HR". rewrite {2}/env_inv. ... ... @@ -140,17 +142,18 @@ Section proofs. - by iApply "HΦ". Qed. Lemma a_alloc_spec R (ev : expr) (v : val) Φ : IntoVal ev v → (∀ l, l ↦U v -∗ Φ #l) -∗ awp (a_alloc (a_ret ev)) R Φ. Lemma a_alloc_spec R Φ Ψ e : awp e R Ψ -∗ (∀ v l, Ψ v -∗ l ↦U v -∗ Φ #l) -∗ awp (a_alloc e) R Φ. Proof. intros <-%of_to_val. unfold a_alloc. iIntros "HΦ". rewrite /a_ret. do 2 awp_lam. iApply awp_bind. iApply awp_value. awp_let. iIntros "He HΦ". iApply (a_fill [AppRCtx a_alloc] with "He"). iIntros (v) "Hv /=". awp_lam. iApply awp_bind. iApply (awp_wand with "Hv"). clear v. iIntros (v) "HΨ". awp_lam. iApply awp_atomic_env. iIntros (env) "Henv HR". rewrite {2}/env_inv. ... ... @@ -165,11 +168,11 @@ Section proofs. by iDestruct (mapsto_valid_2 l with "Hl Hl'") as %[]. } iDestruct "Hl" as "[Hl Hl']". iMod (locking_heap_alloc σ l ULvl v with "Hl' Hσ") as "[Hσ Hl']"; eauto. iModIntro. iFrame "HR". iSplitR "HΦ Hl'". iModIntro. iFrame "HR". iSplitR "HΦ HΨ Hl'". - iExists X,(<[l:=ULvl]>σ). iFrame. iSplit. + rewrite big_sepM_insert; eauto. iFrame. eauto. + iPureIntro. by rewrite locked_locs_alloc_unlocked. - by iApply "HΦ". - iApply ("HΦ" with "HΨ Hl'"). Qed. Lemma a_store_spec R Φ Ψ1 Ψ2 e1 e2 : ... ... @@ -180,10 +183,10 @@ Section proofs. awp (a_store e1 e2) R Φ. Proof. iIntros "H1 H2 HΦ". iApply (a_fill _ _ _ [AppRCtx a_store; AppLCtx e2] with "H1"). iApply (a_fill [AppRCtx a_store; AppLCtx e2] with "H1"). iIntros (v) "H1 /=". rewrite /a_store. awp_lam. iApply (a_fill _ _ _ [AppRCtx (LamV "x2" ( iApply (a_fill [AppRCtx (LamV "x2" ( (a_bind (λ: "vv", a_atomic_env (λ: "env", (mset_add (Fst "vv")) "env";; Fst "vv" <- Snd "vv";; Snd "vv"))) ((a_par v) "x2") )%E)] with "H2"). simpl. iIntros (v2) "H2". awp_lam. ... ... @@ -229,35 +232,49 @@ iDestruct ("HΦ" with "H1 H2") as (v) "[Hv HΦ]". revert Hlocks. rewrite /correct_locks /set_Forall. set_solver. - iApply "HΦ". iFrame. Qed. Lemma a_if_true_spec R (e1 e2 : val) Φ : awp e1 R Φ -∗ awp (a_if (a_ret #true) e1 e2) R Φ. Lemma a_if_spec R Φ Ψ (e e1 e2 : expr) `{Closed [] e1} `{Closed [] e2} : awp e R Ψ -∗ (∀ v, Ψ v -∗ (⌜v = #true⌝ ∧ awp e1 R Φ) ∨ (⌜v = #false⌝ ∧ awp e2 R Φ)) -∗ awp (a_if e (λ: <>, e1) (λ: <>, e2))%E R Φ. Proof. iIntros "HΦ". do 4 awp_lam. iApply awp_bind. iApply awp_value. awp_lam. by awp_if_true. iIntros "He HΦ". iApply (a_fill [AppRCtx a_if; AppLCtx (λ: <>, e1); AppLCtx (λ: <>, e2)] with "He"). iIntros (v) "Hv /=". do 3 awp_lam. iApply awp_bind. iApply (awp_wand with "Hv"). clear v. iIntros (v) "HΨ". awp_lam. iDestruct ("HΦ" with "HΨ") as "[[% H] | [% H]]"; simplify_eq/=; by do 2 (awp_pure _). Qed. Lemma a_if_false_spec R (e1 e2 : val) Φ : awp e2 R Φ -∗ awp (a_if (a_ret #false) e1 e2) R Φ. Lemma a_if_true_spec R (e1 e2 : val) `{Closed [] e1, Closed [] e2} Φ : awp e1 R Φ -∗ awp (a_if (a_ret #true) (λ: <>, e1) (λ: <>, e2))%E R Φ. Proof. iIntros "HΦ". do 4 awp_lam. iApply awp_bind. iApply awp_value. awp_lam. by awp_if_false. iApply (a_if_spec _ _ (λ v, ⌜v = #true⌝)%I). { iApply awp_ret. iApply wp_value. eauto. } iIntros (? ->). iLeft. eauto. Qed. Lemma a_if_spec R (e e1 e2 : val) Φ: awp e R (λ cnd, (⌜cnd = #true⌝ ∧ awp e1 R Φ) ∨ (⌜cnd = #false⌝ ∧ awp e2 R Φ)) -∗ awp (a_if e e1 e2) R Φ. Lemma a_if_false_spec R (e1 e2 : val) `{Closed [] e1, Closed [] e2} Φ : awp e2 R Φ -∗ awp (a_if (a_ret #false) (λ: <>, e1) (λ: <>, e2))%E R Φ. Proof. iIntros "HΦ". do 3 awp_lam. iApply awp_bind. iApply (awp_wand with "HΦ"). iIntros (v) "[[% H] | [% H]]"; subst; by repeat awp_pure _. iIntros "HΦ". iApply (a_if_spec _ _ (λ v, ⌜v = #false⌝)%I). { iApply awp_ret. iApply wp_value. eauto. } iIntros (? ->). iRight. eauto. Qed. Lemma a_while_spec (cnd bdy : val) R Φ : ▷ awp (a_if (cnd #()) (bdy ;;;; (a_while cnd bdy))) R Φ -∗ awp (a_while cnd bdy) R Φ. Proof. iIntros "HAWP". rewrite {2}/a_while. awp_lam. awp_lam. rewrite /a_while. iApply "HAWP". Qed. End proofs.