fin_maps.v 15.3 KB
Newer Older
1
2
From algebra Require Export cmra option.
From prelude Require Export gmap.
3
From algebra Require Import functor upred.
4

5
6
Section cofe.
Context `{Countable K} {A : cofeT}.
7
Implicit Types m : gmap K A.
8

9
Instance map_dist : Dist (gmap K A) := λ n m1 m2,
10
   i, m1 !! i {n} m2 !! i.
11
Program Definition map_chain (c : chain (gmap K A))
12
  (k : K) : chain (option A) := {| chain_car n := c n !! k |}.
13
14
Next Obligation. by intros c k n i ?; apply (chain_cauchy c). Qed.
Instance map_compl : Compl (gmap K A) := λ c,
15
  map_imap (λ i _, compl (map_chain c i)) (c 1).
16
Definition map_cofe_mixin : CofeMixin (gmap K A).
17
18
Proof.
  split.
19
  - intros m1 m2; split.
20
21
    + by intros Hm n k; apply equiv_dist.
    + intros Hm k; apply equiv_dist; intros n; apply Hm.
22
  - intros n; split.
23
24
    + by intros m k.
    + by intros m1 m2 ? k.
25
    + by intros m1 m2 m3 ?? k; trans (m2 !! k).
26
  - by intros n m1 m2 ? k; apply dist_S.
Robbert Krebbers's avatar
Robbert Krebbers committed
27
  - intros n c k; rewrite /compl /map_compl lookup_imap.
28
29
    feed inversion (λ H, chain_cauchy c 0 (S n) H k); simpl; auto with lia.
    by rewrite conv_compl /=; apply reflexive_eq.
30
Qed.
31
32
Canonical Structure mapC : cofeT := CofeT map_cofe_mixin.

33
34
35
36
(* why doesn't this go automatic? *)
Global Instance mapC_leibniz: LeibnizEquiv A  LeibnizEquiv mapC.
Proof. intros; change (LeibnizEquiv (gmap K A)); apply _. Qed.

37
Global Instance lookup_ne n k :
38
  Proper (dist n ==> dist n) (lookup k : gmap K A  option A).
39
Proof. by intros m1 m2. Qed.
Robbert Krebbers's avatar
Robbert Krebbers committed
40
41
Global Instance lookup_proper k :
  Proper (() ==> ()) (lookup k : gmap K A  option A) := _.
42
43
44
45
Global Instance alter_ne f k n :
  Proper (dist n ==> dist n) f  Proper (dist n ==> dist n) (alter f k).
Proof.
  intros ? m m' Hm k'.
46
  by destruct (decide (k = k')); simplify_map_eq; rewrite (Hm k').
47
Qed.
48
Global Instance insert_ne i n :
49
  Proper (dist n ==> dist n ==> dist n) (insert (M:=gmap K A) i).
50
Proof.
51
  intros x y ? m m' ? j; destruct (decide (i = j)); simplify_map_eq;
52
53
    [by constructor|by apply lookup_ne].
Qed.
54
Global Instance singleton_ne i n :
55
56
  Proper (dist n ==> dist n) (singletonM i : A  gmap K A).
Proof. by intros ???; apply insert_ne. Qed.
57
Global Instance delete_ne i n :
58
  Proper (dist n ==> dist n) (delete (M:=gmap K A) i).
59
Proof.
60
  intros m m' ? j; destruct (decide (i = j)); simplify_map_eq;
61
62
    [by constructor|by apply lookup_ne].
Qed.
63

Robbert Krebbers's avatar
Robbert Krebbers committed
64
Global Instance map_timeless `{ a : A, Timeless a} m : Timeless m.
65
Proof. by intros m' ? i; apply: timeless. Qed.
66

67
Instance map_empty_timeless : Timeless ( : gmap K A).
68
69
70
71
Proof.
  intros m Hm i; specialize (Hm i); rewrite lookup_empty in Hm |- *.
  inversion_clear Hm; constructor.
Qed.
72
Global Instance map_lookup_timeless m i : Timeless m  Timeless (m !! i).
73
Proof.
74
  intros ? [x|] Hx; [|by symmetry; apply: timeless].
75
  assert (m {0} <[i:=x]> m)
Robbert Krebbers's avatar
Robbert Krebbers committed
76
77
    by (by symmetry in Hx; inversion Hx; cofe_subst; rewrite insert_id).
  by rewrite (timeless m (<[i:=x]>m)) // lookup_insert.
78
Qed.
79
Global Instance map_insert_timeless m i x :
80
81
  Timeless x  Timeless m  Timeless (<[i:=x]>m).
Proof.
82
  intros ?? m' Hm j; destruct (decide (i = j)); simplify_map_eq.
83
84
  { by apply: timeless; rewrite -Hm lookup_insert. }
  by apply: timeless; rewrite -Hm lookup_insert_ne.
85
Qed.
86
Global Instance map_singleton_timeless i x :
87
  Timeless x  Timeless ({[ i := x ]} : gmap K A) := _.
88
End cofe.
89

90
Arguments mapC _ {_ _} _.
91
92

(* CMRA *)
93
94
Section cmra.
Context `{Countable K} {A : cmraT}.
95
Implicit Types m : gmap K A.
96
97
98

Instance map_op : Op (gmap K A) := merge op.
Instance map_unit : Unit (gmap K A) := fmap unit.
99
Instance map_validN : ValidN (gmap K A) := λ n m,  i, {n} (m !! i).
100
Instance map_minus : Minus (gmap K A) := merge minus.
101

102
Lemma lookup_op m1 m2 i : (m1  m2) !! i = m1 !! i  m2 !! i.
103
Proof. by apply lookup_merge. Qed.
104
Lemma lookup_minus m1 m2 i : (m1  m2) !! i = m1 !! i  m2 !! i.
105
Proof. by apply lookup_merge. Qed.
106
Lemma lookup_unit m i : unit m !! i = unit (m !! i).
107
Proof. by apply lookup_fmap. Qed.
108

109
110
Lemma map_valid_spec m :  m   i,  (m !! i).
Proof. split; intros Hm ??; apply Hm. Qed.
111
Lemma map_included_spec (m1 m2 : gmap K A) : m1  m2   i, m1 !! i  m2 !! i.
112
113
Proof.
  split.
114
115
  - by intros [m Hm]; intros i; exists (m !! i); rewrite -lookup_op Hm.
  - intros Hm; exists (m2  m1); intros i.
116
    by rewrite lookup_op lookup_minus cmra_op_minus'.
117
Qed.
118
Lemma map_includedN_spec (m1 m2 : gmap K A) n :
119
120
121
  m1 {n} m2   i, m1 !! i {n} m2 !! i.
Proof.
  split.
122
123
  - by intros [m Hm]; intros i; exists (m !! i); rewrite -lookup_op Hm.
  - intros Hm; exists (m2  m1); intros i.
Robbert Krebbers's avatar
Robbert Krebbers committed
124
    by rewrite lookup_op lookup_minus cmra_op_minus.
125
Qed.
126

127
Definition map_cmra_mixin : CMRAMixin (gmap K A).
128
129
Proof.
  split.
130
131
132
133
134
135
136
137
138
139
  - by intros n m1 m2 m3 Hm i; rewrite !lookup_op (Hm i).
  - by intros n m1 m2 Hm i; rewrite !lookup_unit (Hm i).
  - by intros n m1 m2 Hm ? i; rewrite -(Hm i).
  - by intros n m1 m1' Hm1 m2 m2' Hm2 i; rewrite !lookup_minus (Hm1 i) (Hm2 i).
  - intros n m Hm i; apply cmra_validN_S, Hm.
  - by intros m1 m2 m3 i; rewrite !lookup_op assoc.
  - by intros m1 m2 i; rewrite !lookup_op comm.
  - by intros m i; rewrite lookup_op !lookup_unit cmra_unit_l.
  - by intros m i; rewrite !lookup_unit cmra_unit_idemp.
  - intros n x y; rewrite !map_includedN_spec; intros Hm i.
140
    by rewrite !lookup_unit; apply cmra_unit_preservingN.
141
  - intros n m1 m2 Hm i; apply cmra_validN_op_l with (m2 !! i).
Robbert Krebbers's avatar
Robbert Krebbers committed
142
    by rewrite -lookup_op.
Robbert Krebbers's avatar
Robbert Krebbers committed
143
  - intros n x y; rewrite map_includedN_spec=> ? i.
Robbert Krebbers's avatar
Robbert Krebbers committed
144
    by rewrite lookup_op lookup_minus cmra_op_minus.
145
Qed.
146
Definition map_cmra_extend_mixin : CMRAExtendMixin (gmap K A).
147
148
Proof.
  intros n m m1 m2 Hm Hm12.
149
  assert ( i, m !! i {n} m1 !! i  m2 !! i) as Hm12'
Robbert Krebbers's avatar
Robbert Krebbers committed
150
    by (by intros i; rewrite -lookup_op).
151
152
153
  set (f i := cmra_extend_op n (m !! i) (m1 !! i) (m2 !! i) (Hm i) (Hm12' i)).
  set (f_proj i := proj1_sig (f i)).
  exists (map_imap (λ i _, (f_proj i).1) m, map_imap (λ i _, (f_proj i).2) m);
Robbert Krebbers's avatar
Robbert Krebbers committed
154
    repeat split; intros i; rewrite /= ?lookup_op !lookup_imap.
155
  - destruct (m !! i) as [x|] eqn:Hx; rewrite !Hx /=; [|constructor].
Robbert Krebbers's avatar
Robbert Krebbers committed
156
    rewrite -Hx; apply (proj2_sig (f i)).
157
  - destruct (m !! i) as [x|] eqn:Hx; rewrite /=; [apply (proj2_sig (f i))|].
158
    pose proof (Hm12' i) as Hm12''; rewrite Hx in Hm12''.
159
    by symmetry; apply option_op_positive_dist_l with (m2 !! i).
160
  - destruct (m !! i) as [x|] eqn:Hx; simpl; [apply (proj2_sig (f i))|].
161
    pose proof (Hm12' i) as Hm12''; rewrite Hx in Hm12''.
162
    by symmetry; apply option_op_positive_dist_r with (m1 !! i).
163
Qed.
164
165
Canonical Structure mapRA : cmraT :=
  CMRAT map_cofe_mixin map_cmra_mixin map_cmra_extend_mixin.
166
167
168
Global Instance map_cmra_identity : CMRAIdentity mapRA.
Proof.
  split.
169
170
171
  - by intros ? n; rewrite lookup_empty.
  - by intros m i; rewrite /= lookup_op lookup_empty (left_id_L None _).
  - apply map_empty_timeless.
172
Qed.
173
174
Global Instance mapRA_leibniz : LeibnizEquiv A  LeibnizEquiv mapRA.
Proof. intros; change (LeibnizEquiv (gmap K A)); apply _. Qed.
175
176
177
178
179
180

(** Internalized properties *)
Lemma map_equivI {M} m1 m2 : (m1  m2)%I  ( i, m1 !! i  m2 !! i : uPred M)%I.
Proof. done. Qed.
Lemma map_validI {M} m : ( m)%I  ( i,  (m !! i) : uPred M)%I.
Proof. done. Qed.
181
End cmra.
182

183
184
185
Arguments mapRA _ {_ _} _.

Section properties.
186
Context `{Countable K} {A : cmraT}.
Robbert Krebbers's avatar
Robbert Krebbers committed
187
Implicit Types m : gmap K A.
188
189
Implicit Types i : K.
Implicit Types a : A.
190

191
Lemma map_lookup_validN n m i x : {n} m  m !! i {n} Some x  {n} x.
Robbert Krebbers's avatar
Robbert Krebbers committed
192
Proof. by move=> /(_ i) Hm Hi; move:Hm; rewrite Hi. Qed.
193
194
Lemma map_lookup_valid m i x :  m  m !! i  Some x   x.
Proof. move=>Hm Hi n. move:(Hm n i). by rewrite Hi. Qed.
195
Lemma map_insert_validN n m i x : {n} x  {n} m  {n} <[i:=x]>m.
196
Proof. by intros ?? j; destruct (decide (i = j)); simplify_map_eq. Qed.
197
198
Lemma map_insert_valid m i x :  x   m   <[i:=x]>m.
Proof. intros ?? n j; apply map_insert_validN; auto. Qed.
199
Lemma map_singleton_validN n i x : {n} ({[ i := x ]} : gmap K A)  {n} x.
200
201
Proof.
  split; [|by intros; apply map_insert_validN, cmra_empty_valid].
202
  by move=>/(_ i); simplify_map_eq.
203
Qed.
204
Lemma map_singleton_valid i x :  ({[ i := x ]} : gmap K A)   x.
205
206
Proof. split; intros ? n; eapply map_singleton_validN; eauto. Qed.

207
Lemma map_insert_singleton_opN n m i x :
208
  m !! i = None  m !! i {n} Some (unit x)  <[i:=x]> m {n} {[ i := x ]}  m.
209
Proof.
210
211
212
213
  intros Hi j; destruct (decide (i = j)) as [->|];
    [|by rewrite lookup_op lookup_insert_ne // lookup_singleton_ne // left_id].
  rewrite lookup_op lookup_insert lookup_singleton.
  by destruct Hi as [->| ->]; constructor; rewrite ?cmra_unit_r.
214
Qed.
215
Lemma map_insert_singleton_op m i x :
216
  m !! i = None  m !! i  Some (unit x)  <[i:=x]> m  {[ i := x ]}  m.
217
Proof.
218
  rewrite !equiv_dist; naive_solver eauto using map_insert_singleton_opN.
219
220
Qed.

221
Lemma map_unit_singleton (i : K) (x : A) :
222
  unit ({[ i := x ]} : gmap K A) = {[ i := unit x ]}.
223
224
Proof. apply map_fmap_singleton. Qed.
Lemma map_op_singleton (i : K) (x y : A) :
225
  {[ i := x ]}  {[ i := y ]} = ({[ i := x  y ]} : gmap K A).
226
Proof. by apply (merge_singleton _ _ _ x y). Qed.
227

Robbert Krebbers's avatar
Robbert Krebbers committed
228
Lemma singleton_includedN n m i x :
229
  {[ i := x ]} {n} m   y, m !! i {n} Some y  x  y.
Robbert Krebbers's avatar
Robbert Krebbers committed
230
231
232
  (* not m !! i = Some y  x {n} y to deal with n = 0 *)
Proof.
  split.
233
  - move=> [m' /(_ i)]; rewrite lookup_op lookup_singleton=> Hm.
Robbert Krebbers's avatar
Robbert Krebbers committed
234
    destruct (m' !! i) as [y|];
235
      [exists (x  y)|exists x]; eauto using cmra_included_l.
236
  - intros (y&Hi&?); rewrite map_includedN_spec=>j.
237
    destruct (decide (i = j)); simplify_map_eq.
Robbert Krebbers's avatar
Robbert Krebbers committed
238
239
240
    + by rewrite Hi; apply Some_Some_includedN, cmra_included_includedN.
    + apply None_includedN.
Qed.
241
Lemma map_dom_op m1 m2 : dom (gset K) (m1  m2)  dom _ m1  dom _ m2.
242
Proof.
Robbert Krebbers's avatar
Robbert Krebbers committed
243
  apply elem_of_equiv; intros i; rewrite elem_of_union !elem_of_dom.
244
245
246
  unfold is_Some; setoid_rewrite lookup_op.
  destruct (m1 !! i), (m2 !! i); naive_solver.
Qed.
Robbert Krebbers's avatar
Robbert Krebbers committed
247

248
Lemma map_insert_updateP (P : A  Prop) (Q : gmap K A  Prop) m i x :
249
  x ~~>: P  ( y, P y  Q (<[i:=y]>m))  <[i:=x]>m ~~>: Q.
250
Proof.
Robbert Krebbers's avatar
Robbert Krebbers committed
251
252
  intros Hx%option_updateP' HP n mf Hm.
  destruct (Hx n (mf !! i)) as ([y|]&?&?); try done.
253
  { by generalize (Hm i); rewrite lookup_op; simplify_map_eq. }
254
255
  exists (<[i:=y]> m); split; first by auto.
  intros j; move: (Hm j)=>{Hm}; rewrite !lookup_op=>Hm.
256
  destruct (decide (i = j)); simplify_map_eq/=; auto.
257
Qed.
258
Lemma map_insert_updateP' (P : A  Prop) m i x :
259
  x ~~>: P  <[i:=x]>m ~~>: λ m',  y, m' = <[i:=y]>m  P y.
260
Proof. eauto using map_insert_updateP. Qed.
261
Lemma map_insert_update m i x y : x ~~> y  <[i:=x]>m ~~> <[i:=y]>m.
262
Proof.
263
  rewrite !cmra_update_updateP; eauto using map_insert_updateP with subst.
264
265
Qed.

266
Lemma map_singleton_updateP (P : A  Prop) (Q : gmap K A  Prop) i x :
267
  x ~~>: P  ( y, P y  Q {[ i := y ]})  {[ i := x ]} ~~>: Q.
268
269
Proof. apply map_insert_updateP. Qed.
Lemma map_singleton_updateP' (P : A  Prop) i x :
270
  x ~~>: P  {[ i := x ]} ~~>: λ m,  y, m = {[ i := y ]}  P y.
271
Proof. apply map_insert_updateP'. Qed.
272
Lemma map_singleton_update i (x y : A) : x ~~> y  {[ i := x ]} ~~> {[ i := y ]}.
273
Proof. apply map_insert_update. Qed.
274

275
Lemma map_singleton_updateP_empty `{Empty A, !CMRAIdentity A}
Robbert Krebbers's avatar
Robbert Krebbers committed
276
    (P : A  Prop) (Q : gmap K A  Prop) i :
277
   ~~>: P  ( y, P y  Q {[ i := y ]})   ~~>: Q.
Robbert Krebbers's avatar
Robbert Krebbers committed
278
Proof.
Robbert Krebbers's avatar
Robbert Krebbers committed
279
280
  intros Hx HQ n gf Hg.
  destruct (Hx n (from_option  (gf !! i))) as (y&?&Hy).
Robbert Krebbers's avatar
Robbert Krebbers committed
281
282
  { move:(Hg i). rewrite !left_id.
    case _: (gf !! i); simpl; auto using cmra_empty_valid. }
283
  exists {[ i := y ]}; split; first by auto.
Robbert Krebbers's avatar
Robbert Krebbers committed
284
285
286
287
288
  intros i'; destruct (decide (i' = i)) as [->|].
  - rewrite lookup_op lookup_singleton.
    move:Hy; case _: (gf !! i); first done.
    by rewrite right_id.
  - move:(Hg i'). by rewrite !lookup_op lookup_singleton_ne // !left_id.
289
Qed.
Robbert Krebbers's avatar
Robbert Krebbers committed
290
Lemma map_singleton_updateP_empty' `{Empty A, !CMRAIdentity A} (P: A  Prop) i :
291
   ~~>: P   ~~>: λ m,  y, m = {[ i := y ]}  P y.
292
293
Proof. eauto using map_singleton_updateP_empty. Qed.

294
Section freshness.
Robbert Krebbers's avatar
Robbert Krebbers committed
295
Context `{Fresh K (gset K), !FreshSpec K (gset K)}.
296
297
Lemma map_updateP_alloc_strong (Q : gmap K A  Prop) (I : gset K) m x :
   x  ( i, m !! i = None  i  I  Q (<[i:=x]>m))  m ~~>: Q.
298
Proof.
Robbert Krebbers's avatar
Robbert Krebbers committed
299
  intros ? HQ n mf Hm. set (i := fresh (I  dom (gset K) (m  mf))).
300
301
  assert (i  I  i  dom (gset K) m  i  dom (gset K) mf) as [?[??]].
  { rewrite -not_elem_of_union -map_dom_op -not_elem_of_union; apply is_fresh. }
302
303
304
305
306
  exists (<[i:=x]>m); split.
  { by apply HQ; last done; apply not_elem_of_dom. }
  rewrite map_insert_singleton_opN; last by left; apply not_elem_of_dom.
  rewrite -assoc -map_insert_singleton_opN;
    last by left; apply not_elem_of_dom; rewrite map_dom_op not_elem_of_union.
307
  by apply map_insert_validN; [apply cmra_valid_validN|].
308
Qed.
309
310
311
312
313
314
Lemma map_updateP_alloc (Q : gmap K A  Prop) m x :
   x  ( i, m !! i = None  Q (<[i:=x]>m))  m ~~>: Q.
Proof. move=>??. eapply map_updateP_alloc_strong with (I:=); by eauto. Qed.
Lemma map_updateP_alloc_strong' m x (I : gset K) :
   x  m ~~>: λ m',  i, i  I  m' = <[i:=x]>m  m !! i = None.
Proof. eauto using map_updateP_alloc_strong. Qed.
315
Lemma map_updateP_alloc' m x :
316
   x  m ~~>: λ m',  i, m' = <[i:=x]>m  m !! i = None.
317
Proof. eauto using map_updateP_alloc. Qed.
318
319
End freshness.

320
321
322
323
324
325
(* Allocation is a local update: Just use composition with a singleton map. *)
(* Deallocation is *not* a local update. The trouble is that if we
   own {[ i  x ]}, then the frame could always own "unit x", and prevent
   deallocation. *)

(* Applying a local update at a position we own is a local update. *)
326
327
Global Instance map_alter_update `{!LocalUpdate Lv L} i :
  LocalUpdate (λ m,  x, m !! i = Some x  Lv x) (alter L i).
328
Proof.
329
330
331
332
  split; first apply _.
  intros n m1 m2 (x&Hix&?) Hm j; destruct (decide (i = j)) as [->|].
  - rewrite lookup_alter !lookup_op lookup_alter Hix /=.
    move: (Hm j); rewrite lookup_op Hix.
333
    case: (m2 !! j)=>[y|] //=; constructor. by apply (local_updateN L).
334
  - by rewrite lookup_op !lookup_alter_ne // lookup_op.
335
Qed.
336
337
End properties.

338
(** Functor *)
339
340
341
342
343
344
345
Instance map_fmap_ne `{Countable K} {A B : cofeT} (f : A  B) n :
  Proper (dist n ==> dist n) f  Proper (dist n ==>dist n) (fmap (M:=gmap K) f).
Proof. by intros ? m m' Hm k; rewrite !lookup_fmap; apply option_fmap_ne. Qed.
Instance map_fmap_cmra_monotone `{Countable K} {A B : cmraT} (f : A  B)
  `{!CMRAMonotone f} : CMRAMonotone (fmap f : gmap K A  gmap K B).
Proof.
  split.
346
  - intros m1 m2 n; rewrite !map_includedN_spec; intros Hm i.
347
    by rewrite !lookup_fmap; apply: includedN_preserving.
348
  - by intros n m ? i; rewrite lookup_fmap; apply validN_preserving.
349
Qed.
350
351
352
353
354
355
356
357
Definition mapC_map `{Countable K} {A B} (f: A -n> B) : mapC K A -n> mapC K B :=
  CofeMor (fmap f : mapC K A  mapC K B).
Instance mapC_map_ne `{Countable K} {A B} n :
  Proper (dist n ==> dist n) (@mapC_map K _ _ A B).
Proof.
  intros f g Hf m k; rewrite /= !lookup_fmap.
  destruct (_ !! k) eqn:?; simpl; constructor; apply Hf.
Qed.
Ralf Jung's avatar
Ralf Jung committed
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372

Program Definition mapF K `{Countable K} (Σ : iFunctor) : iFunctor := {|
  ifunctor_car := mapRA K  Σ; ifunctor_map A B := mapC_map  ifunctor_map Σ
|}.
Next Obligation.
  by intros K ?? Σ A B n f g Hfg; apply mapC_map_ne, ifunctor_map_ne.
Qed.
Next Obligation.
  intros K ?? Σ A x. rewrite /= -{2}(map_fmap_id x).
  apply map_fmap_setoid_ext=> ? y _; apply ifunctor_map_id.
Qed.
Next Obligation.
  intros K ?? Σ A B C f g x. rewrite /= -map_fmap_compose.
  apply map_fmap_setoid_ext=> ? y _; apply ifunctor_map_compose.
Qed.