Commit d579dc8d authored by Ralf Jung's avatar Ralf Jung

bump Iris for comparison changes

parent 06edc222
Pipeline #17790 passed with stage
in 17 minutes and 34 seconds
...@@ -9,6 +9,6 @@ build: [make "-j%{jobs}%"] ...@@ -9,6 +9,6 @@ build: [make "-j%{jobs}%"]
install: [make "install"] install: [make "install"]
remove: ["rm" "-rf" "%{lib}%/coq/user-contrib/iris_examples"] remove: ["rm" "-rf" "%{lib}%/coq/user-contrib/iris_examples"]
depends: [ depends: [
"coq-iris" { (= "dev.2019-06-18.2.e039d7c7") | (= "dev") } "coq-iris" { (= "dev.2019-06-18.8.72595700") | (= "dev") }
"coq-autosubst" { = "dev.coq86" } "coq-autosubst" { = "dev.coq86" }
] ]
...@@ -36,9 +36,19 @@ Section stacks. ...@@ -36,9 +36,19 @@ Section stacks.
iIntros "H"; iDestruct "H" as (?) "[Hl Hl']"; iSplitL "Hl"; eauto. iIntros "H"; iDestruct "H" as (?) "[Hl Hl']"; iSplitL "Hl"; eauto.
Qed. Qed.
Definition is_list_pre (P : val iProp Σ) (F : val -d> iProp Σ) : Definition oloc_to_val (ol: option loc) : val :=
val -d> iProp Σ := λ v, match ol with
(v NONEV (l : loc) (h t : val), v SOMEV #l l {-} (h, t)%V P h F t)%I. | None => NONEV
| Some loc => SOMEV (#loc)
end.
Local Instance oloc_to_val_inj : Inj (=) (=) oloc_to_val.
Proof. intros [|][|]; simpl; congruence. Qed.
Definition is_list_pre (P : val iProp Σ) (F : option loc -d> iProp Σ) :
option loc -d> iProp Σ := λ v, match v with
| None => True
| Some l => (h : val) (t : option loc), l {-} (h, oloc_to_val t)%V P h F t
end%I.
Local Instance is_list_contr (P : val iProp Σ) : Contractive (is_list_pre P). Local Instance is_list_contr (P : val iProp Σ) : Contractive (is_list_pre P).
Proof. Proof.
...@@ -58,28 +68,22 @@ Section stacks. ...@@ -58,28 +68,22 @@ Section stacks.
rewrite is_list_eq. apply (fixpoint_unfold (is_list_pre P)). rewrite is_list_eq. apply (fixpoint_unfold (is_list_pre P)).
Qed. Qed.
(* TODO: shouldn't have to explicitly return is_list *) Lemma is_list_dup (P : val iProp Σ) v :
Lemma is_list_unboxed (P : val iProp Σ) v : is_list P v - is_list P v match v with
is_list P v - val_is_unboxed v is_list P v. | None => True
Proof. | Some l => h t, l {-} (h, oloc_to_val t)%V
iIntros "Hstack"; iSplit; last done; end.
iDestruct (is_list_unfold with "Hstack") as "[->|Hstack]";
last iDestruct "Hstack" as (l h t) "(-> & _)"; done.
Qed.
Lemma is_list_disj (P : val iProp Σ) v :
is_list P v - is_list P v (v NONEV (l : loc) h t, v SOMEV #l%V l {-} (h, t)%V).
Proof. Proof.
iIntros "Hstack". iIntros "Hstack". iDestruct (is_list_unfold with "Hstack") as "Hstack".
iDestruct (is_list_unfold with "Hstack") as "[%|Hstack]"; simplify_eq. destruct v as [l|].
- rewrite is_list_unfold; iSplitR; [iLeft|]; eauto. - iDestruct "Hstack" as (h t) "(Hl & Hlist)".
- iDestruct "Hstack" as (l h t) "(% & Hl & Hlist)". iDestruct (partial_mapsto_duplicable with "Hl") as "[Hl1 Hl2]".
iDestruct (partial_mapsto_duplicable with "Hl") as "[Hl1 Hl2]"; simplify_eq. rewrite (is_list_unfold _ (Some _)); iSplitR "Hl2"; iExists _, _; by iFrame.
rewrite (is_list_unfold _ (InjRV _)); iSplitR "Hl2"; iRight; iExists _, _, _; by iFrame. - rewrite is_list_unfold; iSplitR; eauto.
Qed. Qed.
Definition stack_inv P v := Definition stack_inv P v :=
( l v', v = #l l v' is_list P v')%I. ( l ol', v = #l l oloc_to_val ol' is_list P ol')%I.
Definition is_stack (P : val iProp Σ) v := Definition is_stack (P : val iProp Σ) v :=
inv N (stack_inv P v). inv N (stack_inv P v).
...@@ -92,8 +96,8 @@ Section stacks. ...@@ -92,8 +96,8 @@ Section stacks.
wp_lam. wp_lam.
wp_alloc as "Hl". wp_alloc as "Hl".
iMod (inv_alloc N (stack_inv P #) with "[Hl]") as "Hinv". iMod (inv_alloc N (stack_inv P #) with "[Hl]") as "Hinv".
{ iNext; iExists , NONEV; iFrame; { iNext; iExists , None; iFrame;
by iSplit; last (iApply is_list_unfold; iLeft). } by iSplit; last (iApply is_list_unfold). }
by iApply "Hpost". by iApply "Hpost".
Qed. Qed.
...@@ -109,17 +113,17 @@ Section stacks. ...@@ -109,17 +113,17 @@ Section stacks.
{ iNext; iExists _, _; by iFrame. } { iNext; iExists _, _; by iFrame. }
iModIntro. wp_let. wp_alloc ' as "Hl'". wp_pures. wp_bind (CAS _ _ _). iModIntro. wp_let. wp_alloc ' as "Hl'". wp_pures. wp_bind (CAS _ _ _).
iInv N as ('' v'') "(>% & >Hl & Hlist)" "Hclose"; simplify_eq. iInv N as ('' v'') "(>% & >Hl & Hlist)" "Hclose"; simplify_eq.
destruct (decide (v' = v'')) as [ -> |]. destruct (decide (v' = v'')) as [->|Hne].
- iDestruct (is_list_unboxed with "Hlist") as "[>% Hlist]". - wp_cas_suc. { destruct v''; left; done. }
wp_cas_suc.
iMod ("Hclose" with "[HP Hl Hl' Hlist]") as "_". iMod ("Hclose" with "[HP Hl Hl' Hlist]") as "_".
{ iNext; iExists _, (InjRV #'); iFrame; iSplit; first done; { iNext; iExists _, (Some '); iFrame; iSplit; first done;
rewrite (is_list_unfold _ (InjRV _)). iRight; iExists _, _, _; iFrame; eauto. } rewrite (is_list_unfold _ (Some _)). iExists _, _; iFrame; eauto. }
iModIntro. iModIntro.
wp_if. wp_if.
by iApply "HΦ". by iApply "HΦ".
- iDestruct (is_list_unboxed with "Hlist") as "[>% Hlist]". - wp_cas_fail.
wp_cas_fail. { destruct v', v''; simpl; congruence. }
{ destruct v''; left; done. }
iMod ("Hclose" with "[Hl Hlist]") as "_". iMod ("Hclose" with "[Hl Hlist]") as "_".
{ iNext; iExists _, _; by iFrame. } { iNext; iExists _, _; by iFrame. }
iModIntro. iModIntro.
...@@ -134,37 +138,36 @@ Section stacks. ...@@ -134,37 +138,36 @@ Section stacks.
iLöb as "IH". iLöb as "IH".
wp_lam. wp_bind (Load _). wp_lam. wp_bind (Load _).
iInv N as ( v') "(>% & Hl & Hlist)" "Hclose"; subst. iInv N as ( v') "(>% & Hl & Hlist)" "Hclose"; subst.
iDestruct (is_list_dup with "Hlist") as "[Hlist Hlist2]".
wp_load. wp_load.
iDestruct (is_list_disj with "Hlist") as "[Hlist Hdisj]".
iMod ("Hclose" with "[Hl Hlist]") as "_". iMod ("Hclose" with "[Hl Hlist]") as "_".
{ iNext; iExists _, _; by iFrame. } { iNext; iExists _, _; by iFrame. }
iModIntro. iModIntro.
iDestruct "Hdisj" as "[-> | Heq]". destruct v' as [l|]; last first.
- wp_match. - wp_match.
iApply "HΦ"; by iLeft. iApply "HΦ"; by iLeft.
- iDestruct "Heq" as (l h t) "[-> Hl]". - wp_match. wp_bind (Load _).
wp_match. wp_bind (Load _).
iInv N as (' v') "(>% & Hl' & Hlist)" "Hclose". simplify_eq. iInv N as (' v') "(>% & Hl' & Hlist)" "Hclose". simplify_eq.
iDestruct "Hl" as (q) "Hl". iDestruct "Hlist2" as (???) "Hl".
wp_load. wp_load.
iMod ("Hclose" with "[Hl' Hlist]") as "_". iMod ("Hclose" with "[Hl' Hlist]") as "_".
{ iNext; iExists _, _; by iFrame. } { iNext; iExists _, _; by iFrame. }
iModIntro. iModIntro.
wp_pures. wp_bind (CAS _ _ _). wp_pures. wp_bind (CAS _ _ _).
iInv N as ('' v'') "(>% & Hl' & Hlist)" "Hclose". simplify_eq. iInv N as ('' v'') "(>% & Hl' & Hlist)" "Hclose". simplify_eq.
destruct (decide (v'' = InjRV #l)) as [-> |]. destruct (decide (v'' = (Some l))) as [-> |].
* rewrite is_list_unfold. * rewrite is_list_unfold.
iDestruct "Hlist" as "[>% | H]"; first done. iDestruct "Hlist" as (h' t') "(Hl'' & HP & Hlist)".
iDestruct "H" as (''' h' t') "(>% & Hl'' & HP & Hlist)"; simplify_eq.
iDestruct "Hl''" as (q') "Hl''". iDestruct "Hl''" as (q') "Hl''".
simpl.
wp_cas_suc. wp_cas_suc.
iDestruct (mapsto_agree with "Hl'' Hl") as "%"; simplify_eq. iDestruct (mapsto_agree with "Hl'' Hl") as %[= <- <-%oloc_to_val_inj].
iMod ("Hclose" with "[Hl' Hlist]") as "_". iMod ("Hclose" with "[Hl' Hlist]") as "_".
{ iNext; iExists '', _; by iFrame. } { iNext; iExists '', _; by iFrame. }
iModIntro. iModIntro.
wp_pures. wp_pures.
iApply ("HΦ" with "[HP]"); iRight; iExists h; by iFrame. iApply ("HΦ" with "[HP]"); iRight; iExists _; by iFrame.
* wp_cas_fail. * wp_cas_fail. { destruct v''; simpl; congruence. }
iMod ("Hclose" with "[Hl' Hlist]") as "_". iMod ("Hclose" with "[Hl' Hlist]") as "_".
{ iNext; iExists '', _; by iFrame. } { iNext; iExists '', _; by iFrame. }
iModIntro. iModIntro.
......
...@@ -246,9 +246,19 @@ Section stack_works. ...@@ -246,9 +246,19 @@ Section stack_works.
iIntros "H"; iDestruct "H" as (?) "[Hl Hl']"; iSplitL "Hl"; eauto. iIntros "H"; iDestruct "H" as (?) "[Hl Hl']"; iSplitL "Hl"; eauto.
Qed. Qed.
Definition is_list_pre (P : val iProp Σ) (F : val -d> iProp Σ) : Definition oloc_to_val (ol: option loc) : val :=
val -d> iProp Σ := λ v, match ol with
(v NONEV (l : loc) (h t : val), v SOMEV #l l {-} (h, t)%V P h F t)%I. | None => NONEV
| Some loc => SOMEV (#loc)
end.
Local Instance oloc_to_val_inj : Inj (=) (=) oloc_to_val.
Proof. intros [|][|]; simpl; congruence. Qed.
Definition is_list_pre (P : val iProp Σ) (F : option loc -d> iProp Σ) :
option loc -d> iProp Σ := λ v, match v with
| None => True
| Some l => (h : val) (t : option loc), l {-} (h, oloc_to_val t)%V P h F t
end%I.
Local Instance is_list_contr (P : val iProp Σ) : Contractive (is_list_pre P). Local Instance is_list_contr (P : val iProp Σ) : Contractive (is_list_pre P).
Proof. Proof.
...@@ -268,27 +278,21 @@ Section stack_works. ...@@ -268,27 +278,21 @@ Section stack_works.
rewrite is_list_eq. apply (fixpoint_unfold (is_list_pre P)). rewrite is_list_eq. apply (fixpoint_unfold (is_list_pre P)).
Qed. Qed.
(* TODO: shouldn't have to explicitly return is_list *) Lemma is_list_dup (P : val iProp Σ) v :
Lemma is_list_unboxed (P : val iProp Σ) v : is_list P v - is_list P v match v with
is_list P v - val_is_unboxed v is_list P v. | None => True
Proof. | Some l => h t, l {-} (h, oloc_to_val t)%V
iIntros "Hstack"; iSplit; last done; end.
iDestruct (is_list_unfold with "Hstack") as "[->|Hstack]";
last iDestruct "Hstack" as (l h t) "(-> & _)"; done.
Qed.
Lemma is_list_disj (P : val iProp Σ) v :
is_list P v - is_list P v (v NONEV (l : loc) h t, v SOMEV #l%V l {-} (h, t)%V).
Proof. Proof.
iIntros "Hstack". iIntros "Hstack". iDestruct (is_list_unfold with "Hstack") as "Hstack".
iDestruct (is_list_unfold with "Hstack") as "[%|Hstack]"; simplify_eq. destruct v as [l|].
- rewrite is_list_unfold; iSplitR; [iLeft|]; eauto. - iDestruct "Hstack" as (h t) "(Hl & Hlist)".
- iDestruct "Hstack" as (l h t) "(% & Hl & Hlist)". iDestruct (partial_mapsto_duplicable with "Hl") as "[Hl1 Hl2]".
iDestruct (partial_mapsto_duplicable with "Hl") as "[Hl1 Hl2]"; simplify_eq. rewrite (is_list_unfold _ (Some _)); iSplitR "Hl2"; iExists _, _; by iFrame.
rewrite (is_list_unfold _ (InjRV _)); iSplitR "Hl2"; iRight; iExists _, _, _; by iFrame. - rewrite is_list_unfold; iSplitR; eauto.
Qed. Qed.
Definition stack_inv P l := ( v, l v is_list P v)%I. Definition stack_inv P l := ( v, l oloc_to_val v is_list P v)%I.
Definition is_stack P v := Definition is_stack P v :=
( mailbox l, v = (mailbox, #l)%V is_mailbox Nmailbox P mailbox inv N (stack_inv P l))%I. ( mailbox l, v = (mailbox, #l)%V is_mailbox Nmailbox P mailbox inv N (stack_inv P l))%I.
...@@ -302,7 +306,7 @@ Section stack_works. ...@@ -302,7 +306,7 @@ Section stack_works.
wp_apply mk_mailbox_works; first done. wp_apply mk_mailbox_works; first done.
iIntros (mailbox) "#Hmailbox". iIntros (mailbox) "#Hmailbox".
iMod (inv_alloc N _ (stack_inv P l) with "[Hl]") as "#Hinv". iMod (inv_alloc N _ (stack_inv P l) with "[Hl]") as "#Hinv".
{ by iNext; iExists _; iFrame; rewrite is_list_unfold; iLeft. } { iNext; iExists None; iFrame. rewrite is_list_unfold. done. }
wp_pures; iModIntro; iApply "Hpost"; iExists _, _; auto. wp_pures; iModIntro; iApply "Hpost"; iExists _, _; auto.
Qed. Qed.
...@@ -325,16 +329,16 @@ Section stack_works. ...@@ -325,16 +329,16 @@ Section stack_works.
wp_let. wp_alloc l' as "Hl'". wp_pures. wp_bind (CAS _ _ _). wp_let. wp_alloc l' as "Hl'". wp_pures. wp_bind (CAS _ _ _).
iInv N as (list) "(Hl & Hlist)" "Hclose". iInv N as (list) "(Hl & Hlist)" "Hclose".
destruct (decide (v'' = list)) as [ -> |]. destruct (decide (v'' = list)) as [ -> |].
* iDestruct (is_list_unboxed with "Hlist") as "[>% Hlist]". * wp_cas_suc. { destruct list; left; done. }
wp_cas_suc.
iMod ("Hclose" with "[HP Hl Hl' Hlist]") as "_". iMod ("Hclose" with "[HP Hl Hl' Hlist]") as "_".
{ iNext; iExists (SOMEV _); iFrame. { iNext; iExists (Some _); iFrame.
rewrite (is_list_unfold _ (InjRV _)). iRight; iExists _, _, _; iFrame; eauto. } rewrite (is_list_unfold _ (Some _)). iExists _, _; iFrame; eauto. }
iModIntro. iModIntro.
wp_if. wp_if.
by iApply "HΦ". by iApply "HΦ".
* iDestruct (is_list_unboxed with "Hlist") as "[>% Hlist]". * wp_cas_fail.
wp_cas_fail. { destruct list, v''; simpl; congruence. }
{ destruct list; left; done. }
iMod ("Hclose" with "[Hl Hlist]") as "_". iMod ("Hclose" with "[Hl Hlist]") as "_".
{ iNext; iExists _; by iFrame. } { iNext; iExists _; by iFrame. }
iModIntro. iModIntro.
...@@ -355,27 +359,25 @@ Section stack_works. ...@@ -355,27 +359,25 @@ Section stack_works.
- wp_match. wp_bind (Load _). - wp_match. wp_bind (Load _).
iInv N as (list) "[Hl Hlist]" "Hclose". iInv N as (list) "[Hl Hlist]" "Hclose".
wp_load. wp_load.
iDestruct (is_list_disj with "Hlist") as "[Hlist Hdisj]". iDestruct (is_list_dup with "Hlist") as "[Hlist Hlist2]".
iMod ("Hclose" with "[Hl Hlist]") as "_". iMod ("Hclose" with "[Hl Hlist]") as "_".
{ iNext; iExists _; by iFrame. } { iNext; iExists _; by iFrame. }
iModIntro. iModIntro.
iDestruct "Hdisj" as "[-> | Heq]". destruct list as [list|]; last first.
* wp_match. * wp_match.
iApply "HΦ"; by iLeft. iApply "HΦ"; by iLeft.
* iDestruct "Heq" as (l' h t) "[-> Hl']". * wp_match. wp_bind (Load _).
wp_match. wp_bind (Load _).
iInv N as (v') "[>Hl Hlist]" "Hclose". iInv N as (v') "[>Hl Hlist]" "Hclose".
iDestruct "Hl'" as (q) "Hl'". iDestruct "Hlist2" as (???) "Hl'".
wp_load. wp_load.
iMod ("Hclose" with "[Hl Hlist]") as "_". iMod ("Hclose" with "[Hl Hlist]") as "_".
{ iNext; iExists _; by iFrame. } { iNext; iExists _; by iFrame. }
iModIntro. iModIntro.
wp_let. wp_proj. wp_bind (CAS _ _ _). wp_pures. wp_let. wp_proj. wp_bind (CAS _ _ _). wp_pures.
iInv N as (v'') "[Hl Hlist]" "Hclose". iInv N as (v'') "[Hl Hlist]" "Hclose".
destruct (decide (v'' = InjRV #l')) as [-> |]. destruct (decide (v'' = Some list)) as [-> |].
+ rewrite is_list_unfold. + rewrite is_list_unfold.
iDestruct "Hlist" as "[>% | H]"; first done. iDestruct "Hlist" as (h' t') "(Hl'' & HP & Hlist)".
iDestruct "H" as (l'' h' t') "(>% & Hl'' & HP & Hlist)"; simplify_eq.
iDestruct "Hl''" as (q') "Hl''". iDestruct "Hl''" as (q') "Hl''".
wp_cas_suc. wp_cas_suc.
iDestruct (mapsto_agree with "Hl'' Hl'") as "%"; simplify_eq. iDestruct (mapsto_agree with "Hl'' Hl'") as "%"; simplify_eq.
...@@ -383,8 +385,8 @@ Section stack_works. ...@@ -383,8 +385,8 @@ Section stack_works.
{ iNext; iExists _; by iFrame. } { iNext; iExists _; by iFrame. }
iModIntro. iModIntro.
wp_pures. wp_pures.
iApply ("HΦ" with "[HP]"); iRight; iExists h; by iFrame. iApply ("HΦ" with "[HP]"); iRight; iExists _; by iFrame.
+ wp_cas_fail. + wp_cas_fail. { destruct v''; simpl; congruence. }
iMod ("Hclose" with "[Hl Hlist]") as "_". iMod ("Hclose" with "[Hl Hlist]") as "_".
{ iNext; iExists _; by iFrame. } { iNext; iExists _; by iFrame. }
iModIntro. iModIntro.
......
...@@ -44,47 +44,51 @@ Section stack_works. ...@@ -44,47 +44,51 @@ Section stack_works.
iApply (mapsto_agree with "H1 H2"). iApply (mapsto_agree with "H1 H2").
Qed. Qed.
Definition oloc_to_val (ol: option loc) : val :=
match ol with
| None => NONEV
| Some loc => SOMEV (#loc)
end.
Local Instance oloc_to_val_inj : Inj (=) (=) oloc_to_val.
Proof. intros [|][|]; simpl; congruence. Qed.
Fixpoint is_list xs v : iProp Σ := Fixpoint is_list xs v : iProp Σ :=
(match xs with (match xs, v with
| [] => v = NONEV | [], None => True
| x :: xs => l (t : val), v = SOMEV #l%V l {-} (x, t)%V is_list xs t | x :: xs, Some l => t, l {-} (x, oloc_to_val t)%V is_list xs t
| _, _ => False
end)%I. end)%I.
Lemma is_list_disj xs v : Lemma is_list_dup xs v :
is_list xs v - is_list xs v (v = NONEV l (h t : val), v = SOMEV #l l {-} (h, t)%V). is_list xs v - is_list xs v match v with
| None => True
| Some l => h t, l {-} (h, oloc_to_val t)%V
end.
Proof. Proof.
destruct xs; auto. destruct xs, v; simpl; auto; first by iIntros "[]".
iIntros "H"; iDestruct "H" as (l t) "(-> & Hl & Hstack)". iIntros "H"; iDestruct "H" as (t) "(Hl & Hstack)".
iDestruct (partial_mapsto_duplicable with "Hl") as "[Hl1 Hl2]". iDestruct (partial_mapsto_duplicable with "Hl") as "[Hl1 Hl2]".
iSplitR "Hl2"; first by (iExists _, _; iFrame). iRight; auto. iSplitR "Hl2"; first by (iExists _; iFrame). by iExists _, _.
Qed.
Lemma is_list_unboxed xs v :
is_list xs v - val_is_unboxed v is_list xs v.
Proof.
iIntros "Hlist"; iDestruct (is_list_disj with "Hlist") as "[$ Heq]".
iDestruct "Heq" as "[-> | H]"; first done; by iDestruct "H" as (? ? ?) "[-> ?]".
Qed. Qed.
Lemma is_list_empty xs : Lemma is_list_empty xs :
is_list xs (InjLV #()) - xs = []. is_list xs None - xs = [].
Proof. Proof.
destruct xs; iIntros "Hstack"; auto. destruct xs; iIntros "Hstack"; auto.
iDestruct "Hstack" as (? ?) "(% & H)"; discriminate.
Qed. Qed.
Lemma is_list_cons xs l h t : Lemma is_list_cons xs l h t :
l {-} (h, t)%V - l {-} (h, t)%V -
is_list xs (InjRV #l) - is_list xs (Some l) -
ys, xs = h :: ys. ys, xs = h :: ys.
Proof. Proof.
destruct xs; first by iIntros "? %". destruct xs; first by iIntros "? %".
iIntros "Hl Hstack"; iDestruct "Hstack" as (l' t') "(% & Hl' & Hrest)"; simplify_eq. iIntros "Hl Hstack"; iDestruct "Hstack" as (t') "(Hl' & Hrest)".
iDestruct (partial_mapsto_agree with "Hl Hl'") as "%"; simplify_eq; iExists _; auto. iDestruct (partial_mapsto_agree with "Hl Hl'") as "%"; simplify_eq; iExists _; auto.
Qed. Qed.
Definition stack_inv P l := Definition stack_inv P l :=
( v xs, l v is_list xs v P xs)%I. ( v xs, l oloc_to_val v is_list xs v P xs)%I.
Definition is_stack_pred P v := Definition is_stack_pred P v :=
( l, v = #l inv N (stack_inv P l))%I. ( l, v = #l inv N (stack_inv P l))%I.
...@@ -96,7 +100,7 @@ Section stack_works. ...@@ -96,7 +100,7 @@ Section stack_works.
rewrite -wp_fupd. rewrite -wp_fupd.
wp_lam. wp_alloc l as "Hl". wp_lam. wp_alloc l as "Hl".
iMod (inv_alloc N _ (stack_inv P l) with "[Hl HP]") as "#Hinv". iMod (inv_alloc N _ (stack_inv P l) with "[Hl HP]") as "#Hinv".
{ by iNext; iExists _, []; iFrame. } { iNext; iExists None, []; iFrame. }
iModIntro; iApply "HΦ"; iExists _; auto. iModIntro; iApply "HΦ"; iExists _; auto.
Qed. Qed.
...@@ -116,16 +120,17 @@ Section stack_works. ...@@ -116,16 +120,17 @@ Section stack_works.
iModIntro. iModIntro.
wp_let. wp_alloc l' as "Hl'". wp_pures. wp_bind (CAS _ _ _). wp_let. wp_alloc l' as "Hl'". wp_pures. wp_bind (CAS _ _ _).
iInv N as (list' xs) "(Hl & Hlist & HP)" "Hclose". iInv N as (list' xs) "(Hl & Hlist & HP)" "Hclose".
iDestruct (is_list_unboxed with "Hlist") as "[>% Hlist]".
destruct (decide (list = list')) as [ -> |]. destruct (decide (list = list')) as [ -> |].
- wp_cas_suc. - wp_cas_suc. { destruct list'; left; done. }
iMod ("Hupd" with "HP") as "[HP HΨ]". iMod ("Hupd" with "HP") as "[HP HΨ]".
iMod ("Hclose" with "[Hl Hl' HP Hlist]") as "_". iMod ("Hclose" with "[Hl Hl' HP Hlist]") as "_".
{ iNext; iExists (SOMEV _), (v :: xs); iFrame; iExists _, _; iFrame; auto. } { iNext; iExists (Some _), (v :: xs); iFrame; iExists _; iFrame; auto. }
iModIntro. iModIntro.
wp_if. wp_if.
by iApply ("HΦ" with "HΨ"). by iApply ("HΦ" with "HΨ").
- wp_cas_fail. - wp_cas_fail.
{ destruct list, list'; simpl; congruence. }
{ destruct list'; left; done. }
iMod ("Hclose" with "[Hl HP Hlist]"). iMod ("Hclose" with "[Hl HP Hlist]").
{ iExists _, _; iFrame. } { iExists _, _; iFrame. }
iModIntro. iModIntro.
...@@ -146,8 +151,8 @@ Section stack_works. ...@@ -146,8 +151,8 @@ Section stack_works.
wp_lam. wp_bind (Load _). wp_lam. wp_bind (Load _).
iInv N as (v xs) "(Hl & Hlist & HP)" "Hclose". iInv N as (v xs) "(Hl & Hlist & HP)" "Hclose".
wp_load. wp_load.
iDestruct (is_list_disj with "Hlist") as "[Hlist H]". iDestruct (is_list_dup with "Hlist") as "[Hlist H]".
iDestruct "H" as "[-> | HSome]". destruct v as [l'|]; last first.
- iDestruct (is_list_empty with "Hlist") as %->. - iDestruct (is_list_empty with "Hlist") as %->.
iDestruct "Hupd" as "[_ Hupdnil]". iDestruct "Hupd" as "[_ Hupdnil]".
iMod ("Hupdnil" with "HP") as "[HP HΨ]". iMod ("Hupdnil" with "HP") as "[HP HΨ]".
...@@ -156,7 +161,7 @@ Section stack_works. ...@@ -156,7 +161,7 @@ Section stack_works.
iModIntro. iModIntro.
wp_match. wp_match.
iApply ("HΦ" with "HΨ"). iApply ("HΦ" with "HΨ").
- iDestruct "HSome" as (l' h t) "[-> Hl']". - iDestruct "H" as (h t) "Hl'".
iMod ("Hclose" with "[Hlist Hl HP]") as "_". iMod ("Hclose" with "[Hlist Hl HP]") as "_".
{ iNext; iExists _, _; iFrame. } { iNext; iExists _, _; iFrame. }
iModIntro. iModIntro.
...@@ -169,13 +174,13 @@ Section stack_works. ...@@ -169,13 +174,13 @@ Section stack_works.
iModIntro. iModIntro.
wp_let. wp_proj. wp_bind (CAS _ _ _). wp_pures. wp_let. wp_proj. wp_bind (CAS _ _ _). wp_pures.
iInv N as (v' xs'') "(Hl & Hlist & HP)" "Hclose". iInv N as (v' xs'') "(Hl & Hlist & HP)" "Hclose".
destruct (decide (v' = (SOMEV #l'))) as [ -> |]. destruct (decide (v' = (Some l'))) as [ -> |].
* wp_cas_suc. * wp_cas_suc.
iDestruct (is_list_cons with "[Hl'] Hlist") as (ys) "%"; first by iExists _. iDestruct (is_list_cons with "[Hl'] Hlist") as (ys) "%"; first by iExists _.
simplify_eq. simplify_eq.
iDestruct "Hupd" as "[Hupdcons _]". iDestruct "Hupd" as "[Hupdcons _]".
iMod ("Hupdcons" with "HP") as "[HP HΨ]". iMod ("Hupdcons" with "HP") as "[HP HΨ]".
iDestruct "Hlist" as (l'' t') "(% & Hl'' & Hlist)"; simplify_eq. iDestruct "Hlist" as (t') "(Hl'' & Hlist)".
iDestruct "Hl''" as (q') "Hl''". iDestruct "Hl''" as (q') "Hl''".
iDestruct (mapsto_agree with "Hl' Hl''") as "%"; simplify_eq. iDestruct (mapsto_agree with "Hl' Hl''") as "%"; simplify_eq.
iMod ("Hclose" with "[Hlist Hl HP]") as "_". iMod ("Hclose" with "[Hlist Hl HP]") as "_".
...@@ -183,7 +188,7 @@ Section stack_works. ...@@ -183,7 +188,7 @@ Section stack_works.
iModIntro. iModIntro.
wp_pures. wp_pures.
iApply ("HΦ" with "HΨ"). iApply ("HΦ" with "HΨ").
* wp_cas_fail. * wp_cas_fail. { destruct v'; simpl; congruence. }
iMod ("Hclose" with "[Hlist Hl HP]") as "_". iMod ("Hclose" with "[Hlist Hl HP]") as "_".
{ iNext; iExists _, _; iFrame. } { iNext; iExists _, _; iFrame. }
iModIntro. iModIntro.
......
...@@ -267,47 +267,51 @@ Section proofs. ...@@ -267,47 +267,51 @@ Section proofs.
iApply (mapsto_agree with "H1 H2"). iApply (mapsto_agree with "H1 H2").
Qed. Qed.
Definition oloc_to_val (ol: option loc) : val :=
match ol with
| None => NONEV
| Some loc => SOMEV (#loc)
end.
Local Instance oloc_to_val_inj : Inj (=) (=) oloc_to_val.
Proof. intros [|][|]; simpl; congruence. Qed.
Fixpoint is_list xs v : iProp Σ := Fixpoint is_list xs v : iProp Σ :=
(match xs with (match xs, v with
| [] => v = NONEV | [], None => True
| x :: xs => l (t : val), v = SOMEV #l%V l {-} (x, t)%V is_list xs t | x :: xs, Some l => t, l {-} (x, oloc_to_val t)%V is_list xs t
| _, _ => False
end)%I. end)%I.