Stronger spec for c_call

5e98b3d6 · Dan Frumin · 84f6294f · 5e98b3d6 · 5e98b3d6 · 5e98b3d6
Commit 5e98b3d6 authored Feb 01, 2019 by Dan Frumin
5 changed files
--- a/theories/c_translation/translation.v
+++ b/theories/c_translation/translation.v
@@ -539,7 +539,7 @@ Section proofs.
  Lemma cwp_call R Ψ1 Ψ2 Φ ef ea :
    CWP ef @ R {{ Ψ1 }} -∗
    CWP ea @ R {{ Ψ2 }} -∗
-    (∀ f a, Ψ1 f -∗ Ψ2 a -∗ U (R -∗ ▷ CWP f a {{ v, R ∗ Φ v }})) -∗
+    (∀ f a, Ψ1 f -∗ Ψ2 a -∗ R -∗ ▷ U (CWP f a {{ v, R ∗ Φ v }})) -∗
    CWP callᶜ ef ea @ R {{ Φ }}.
  Proof.
    iIntros "H1 H2 H".
@@ -550,8 +550,9 @@ Section proofs.
    iIntros "!>" (f a) "H1 H2 !>". iSpecialize ("H" with "H1 H2").
    cwp_pures. iApply cwp_atomic. iIntros "HR". iNext.
    iExists True%I. iSplitR; first done. cwp_pures.
+    iSpecialize ("H" with "HR").
    iApply cwp_bind. iApply cwp_mset_clear. iNext. iModIntro.
-    iSpecialize ("H" with "HR"). cwp_pures.
+    cwp_pures.
    iApply (cwp_wand with "H"); eauto.
  Qed.


--- a/theories/tests/fact.v
+++ b/theories/tests/fact.v
@@ -33,7 +33,7 @@ Section factorial_spec.
    iLöb as "IH" forall (n k Hk). iApply cwp_whileV; iNext.
    vcg. iIntros "**". case_bool_decide.
    + iLeft. iSplit; eauto. iModIntro. vcg.
-      iIntros "Hc Hr !> $ !>". iApply (inc_spec with "Hc"); iIntros "Hc".
+      iIntros "Hc Hr $ !> !>". iApply (inc_spec with "Hc"); iIntros "Hc".
      vcg_continue. iIntros "Hc Hr !>".
      assert (fact k * S k = fact (S k)) as -> by (simpl; lia).
      iApply ("IH" $! n (S k) with "[%] Hc Hr"). lia.

--- a/theories/tests/invoke.v
+++ b/theories/tests/invoke.v
@@ -10,7 +10,7 @@ Section tests_vcg.
    l ↦C #42 -∗
    CWP callᶜ (c_ret c_id) (∗ᶜ ♯ₗl) @ R {{ v, ⌜v = #42⌝ ∗ l ↦C #42 }}%I.
  Proof.
-    iIntros "Hl". vcg. iIntros "Hl !> $ !>".
+    iIntros "Hl". vcg. iIntros "Hl $ !> !>".
    cwp_lam. vcg. iIntros "Hl". vcg_continue. eauto.
  Qed.

@@ -22,7 +22,7 @@ Section tests_vcg.
  Lemma test_invoke_2 R :
    CWP callᶜ (c_ret plus_pair) (♯21 |||ᶜ ♯21) @ R {{ v, ⌜v = #42⌝ }}%I.
  Proof.
-    iIntros. vcg. iIntros "!> $ !>". cwp_lam. vcg. by vcg_continue.
+    iIntros. vcg. iIntros "$ !> !>". cwp_lam. vcg. by vcg_continue.
  Qed.

  Lemma test_invoke_3 (l : cloc) R :
@@ -30,7 +30,7 @@ Section tests_vcg.
    CWP callᶜ (c_ret plus_pair) (∗ᶜ ♯ₗl |||ᶜ ∗ᶜ ♯ₗl) @ R
      {{ v, ⌜v = #42⌝ ∗  l ↦C #21 }}%I.
  Proof.
-    iIntros. vcg. iIntros "Hl !> $ !>". cwp_lam. vcg.
+    iIntros. vcg. iIntros "Hl $ !> !>". cwp_lam. vcg.
    iIntros "Hl". vcg_continue; eauto.
  Qed.
 End tests_vcg.
--- a/theories/tests/par_inc.v
+++ b/theories/tests/par_inc.v
@@ -29,7 +29,7 @@ Section par_inc.
    iAssert (□ (own γ (◯!{1 / 2} 0%nat) -∗
      CWP callᶜ (c_ret inc) (c_ret (cloc_to_val cl)) @ par_inc_inv ∗ R
      {{ v, ⌜v = #1⌝ ∧ own γ (◯!{1 / 2} 1%nat) }}))%I as "#H".
-    { iIntros "!> Hγ'". vcg; iIntros "!> [HR $] !>". iDestruct "HR" as (n') "[Hl Hγ]".
+    { iIntros "!> Hγ'". vcg; iIntros "[HR $] !> !>". iDestruct "HR" as (n') "[Hl Hγ]".
      iApply cwp_fupd. iApply (inc_spec with "[$]"); iIntros "Hl".
      iMod (own_update_2 with "Hγ Hγ'") as "[Hγ Hγ']".
      { apply frac_auth_update, (nat_local_update _ _ (S n') 1); lia. }
@@ -43,4 +43,4 @@ Section par_inc.
      iDestruct 1 as (n') ">[Hl Hγ]". iCombine "Hγ1 Hγ2" as "Hγ'".
      iDestruct (own_valid_2 with "Hγ Hγ'") as %->%frac_auth_agreeL. iFrame; auto.
  Qed.
-End par_inc.
\ No newline at end of file
+End par_inc.
--- a/theories/vcgen/vcg.v
+++ b/theories/vcgen/vcg.v
@@ -123,9 +123,9 @@ Section vcg.

  Definition vcg_call (E : known_locs) (dv1 dv2 : dval)
      (m : denv) (R : iProp Σ) (Φ : known_locs → denv → dval → iProp Σ) : iProp Σ :=
-    (wand_denv_interp E m $ U (
-       R -∗
-       ▷ CWP (dval_interp E dv1) (dval_interp E dv2) {{ v, R ∗ vcg_continuation E Φ v }}))%I.
+    (wand_denv_interp E m
+       (R -∗
+        ▷ U (CWP (dval_interp E dv1) (dval_interp E dv2) {{ v, R ∗ vcg_continuation E Φ v }})))%I.

  Fixpoint vcg (E : known_locs) (n : nat) (m : denv) (de : dcexpr)
      (R : iProp Σ) (Φ : known_locs → denv → dval → iProp Σ) : iProp Σ :=
@@ -634,12 +634,12 @@ Section vcg_spec.
        iDestruct (forward_correct with "Hm") as "[Hm' H2]"; eauto.
        iApply (cwp_call with "[H Hm'] H2").
        { iApply ("IH" with "[] [] Hm' H"); eauto. }
-        iIntros (f a) "H [-> HmNew]";
-          iDestruct "H" as (E' dv m'' -> ???) "[Hm'' H]".
+        iIntros (f a) "H [-> HmNew]".
+        iDestruct "H" as (E' dv m'' -> ???) "[Hm'' H]".
        iDestruct (wand_denv_interp_spec with "H [Hm'' HmNew]") as "H".
        { iApply denv_merge_interp; eauto using denv_wf_mono.
          iFrame "Hm''". iApply (denv_interp_mono with "HmNew"); eauto. }
-        iIntros "!> HR". iSpecialize ("H" with "HR"); iModIntro.
+        iIntros "HR". iSpecialize ("H" with "HR"). iNext. iModIntro.
        rewrite (dval_interp_mono E E'); eauto.
        iApply (cwp_wand with "H"); iIntros (w) "[$ H]".
        by iApply vcg_continuation_mono.
@@ -651,7 +651,7 @@ Section vcg_spec.
        iDestruct (wand_denv_interp_spec with "H [Hm'' HmNew]") as "H".
        { iApply denv_merge_interp; eauto using denv_wf_mono.
          iFrame "Hm''". iApply (denv_interp_mono with "HmNew"); eauto. }
-        iIntros "!> HR". iSpecialize ("H" with "HR"); iModIntro.
+        iIntros "HR". iSpecialize ("H" with "HR"); iNext; iModIntro.
        rewrite (dval_interp_mono E E'); eauto.
        iApply (cwp_wand with "H"); iIntros (w) "[$ H]".
        by iApply vcg_continuation_mono.