lifting.v 6.42 KB
Newer Older
1
From iris.program_logic Require Export weakestpre.
2
From iris.program_logic Require Import wsat ectx_lifting. (* for ownP *)
3
From iris.heap_lang Require Export lang.
4
From iris.heap_lang Require Import tactics.
5
From iris.proofmode Require Import tactics.
6
From iris.prelude Require Import fin_maps.
7
Import uPred.
8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29

(** The tactic [inv_head_step] performs inversion on hypotheses of the shape
[head_step]. The tactic will discharge head-reductions starting from values, and
simplifies hypothesis related to conversions from and to values, and finite map
operations. This tactic is slightly ad-hoc and tuned for proving our lifting
lemmas. *)
Ltac inv_head_step :=
  repeat match goal with
  | _ => progress simplify_map_eq/= (* simplify memory stuff *)
  | H : to_val _ = Some _ |- _ => apply of_to_val in H
  | H : head_step ?e _ _ _ _ |- _ =>
     try (is_var e; fail 1); (* inversion yields many goals if [e] is a variable
     and can thus better be avoided. *)
     inversion H; subst; clear H
  end.

Local Hint Extern 0 (atomic _) => solve_atomic.
Local Hint Extern 0 (head_reducible _ _) => eexists _, _, _; simpl.

Local Hint Constructors head_step.
Local Hint Resolve alloc_fresh.
Local Hint Resolve to_of_val.
30

31
Section lifting.
32 33 34
Context `{irisG heap_lang Σ}.
Implicit Types P Q : iProp Σ.
Implicit Types Φ : val  iProp Σ.
35
Implicit Types efs : list expr.
36
Implicit Types σ : state.
Ralf Jung's avatar
Ralf Jung committed
37

38
(** Bind. This bundles some arguments that wp_ectx_bind leaves as indices. *)
39
Lemma wp_bind {E e} K Φ :
40
  WP e @ E {{ v, WP fill K (of_val v) @ E {{ Φ }} }}  WP fill K e @ E {{ Φ }}.
41
Proof. exact: wp_ectx_bind. Qed.
Ralf Jung's avatar
Ralf Jung committed
42

43
Lemma wp_bind_ctxi {E e} Ki Φ :
Ralf Jung's avatar
Ralf Jung committed
44 45 46 47
  WP e @ E {{ v, WP fill_item Ki (of_val v) @ E {{ Φ }} }} 
     WP fill_item Ki e @ E {{ Φ }}.
Proof. exact: weakestpre.wp_bind. Qed.

48
(** Base axioms for core primitives of the language: Stateful reductions. *)
49
Lemma wp_alloc_pst E σ v Φ :
50
   ownP σ   ( l, σ !! l = None  ownP (<[l:=v]>σ) ={E}= Φ (LitV (LitLoc l)))
51
   WP Alloc (of_val v) @ E {{ Φ }}.
52
Proof.
53
  iIntros "[HP HΦ]".
54
  iApply (wp_lift_atomic_head_step (Alloc (of_val v)) σ); eauto.
55
  iFrame "HP". iNext. iIntros (v2 σ2 ef) "[% HP]". inv_head_step.
56
  match goal with H: _ = of_val v2 |- _ => apply (inj of_val (LitV _)) in H end.
57
  subst v2. iSplit. iApply "HΦ"; by iSplit. by iApply big_sepL_nil.
58
Qed.
59

60
Lemma wp_load_pst E σ l v Φ :
Ralf Jung's avatar
Ralf Jung committed
61
  σ !! l = Some v 
62
   ownP σ   (ownP σ ={E}= Φ v)  WP Load (Lit (LitLoc l)) @ E {{ Φ }}.
Ralf Jung's avatar
Ralf Jung committed
63
Proof.
64
  intros. rewrite -(wp_lift_atomic_det_head_step' σ v σ); eauto 10.
65
  intros; inv_head_step; eauto 10.
Ralf Jung's avatar
Ralf Jung committed
66
Qed.
67

68 69
Lemma wp_store_pst E σ l v v' Φ :
  σ !! l = Some v' 
70
   ownP σ   (ownP (<[l:=v]>σ) ={E}= Φ (LitV LitUnit))
71
   WP Store (Lit (LitLoc l)) (of_val v) @ E {{ Φ }}.
Ralf Jung's avatar
Ralf Jung committed
72
Proof.
73
  intros. rewrite-(wp_lift_atomic_det_head_step' σ (LitV LitUnit) (<[l:=v]>σ)); eauto.
74
  intros; inv_head_step; eauto.
Ralf Jung's avatar
Ralf Jung committed
75
Qed.
76

77 78
Lemma wp_cas_fail_pst E σ l v1 v2 v' Φ :
  σ !! l = Some v'  v'  v1 
79
   ownP σ   (ownP σ ={E}= Φ (LitV $ LitBool false))
80
   WP CAS (Lit (LitLoc l)) (of_val v1) (of_val v2) @ E {{ Φ }}.
Ralf Jung's avatar
Ralf Jung committed
81
Proof.
82
  intros. rewrite -(wp_lift_atomic_det_head_step' σ (LitV $ LitBool false) σ); eauto.
83
  intros; inv_head_step; eauto.
Ralf Jung's avatar
Ralf Jung committed
84
Qed.
85

86 87
Lemma wp_cas_suc_pst E σ l v1 v2 Φ :
  σ !! l = Some v1 
88
   ownP σ   (ownP (<[l:=v2]>σ) ={E}= Φ (LitV $ LitBool true))
89
   WP CAS (Lit (LitLoc l)) (of_val v1) (of_val v2) @ E {{ Φ }}.
Ralf Jung's avatar
Ralf Jung committed
90
Proof.
91 92
  intros. rewrite -(wp_lift_atomic_det_head_step' σ (LitV $ LitBool true)
    (<[l:=v2]>σ)); eauto 10.
93
  intros; inv_head_step; eauto.
Ralf Jung's avatar
Ralf Jung committed
94 95
Qed.

96
(** Base axioms for core primitives of the language: Stateless reductions *)
97
Lemma wp_fork E e Φ :
98
   (|={E}=> Φ (LitV LitUnit))   WP e {{ _, True }}  WP Fork e @ E {{ Φ }}.
99
Proof.
100
  rewrite -(wp_lift_pure_det_head_step (Fork e) (Lit LitUnit) [e]) //=; eauto.
101
  - by rewrite later_sep -(wp_value_pvs _ _ (Lit _)) // big_sepL_singleton.
102
  - intros; inv_head_step; eauto.
103
Qed.
104

105
Lemma wp_rec E f x erec e1 e2 Φ :
106
  e1 = Rec f x erec 
107
  is_Some (to_val e2) 
108
  Closed (f :b: x :b: []) erec 
Robbert Krebbers's avatar
Robbert Krebbers committed
109
   WP subst' x e2 (subst' f e1 erec) @ E {{ Φ }}  WP App e1 e2 @ E {{ Φ }}.
110
Proof.
111 112
  intros -> [v2 ?] ?. rewrite -(wp_lift_pure_det_head_step' (App _ _)
    (subst' x e2 (subst' f (Rec f x erec) erec))); eauto.
113
  intros; inv_head_step; eauto.
114
Qed.
115

116 117 118 119
Lemma wp_un_op E op e v v' Φ :
  to_val e = Some v 
  un_op_eval op v = Some v' 
   (|={E}=> Φ v')  WP UnOp op e @ E {{ Φ }}.
120
Proof.
121 122
  intros. rewrite -(wp_lift_pure_det_head_step' (UnOp op _) (of_val v'))
    -?wp_value_pvs'; eauto.
123
  intros; inv_head_step; eauto.
Ralf Jung's avatar
Ralf Jung committed
124
Qed.
125

126 127 128 129
Lemma wp_bin_op E op e1 e2 v1 v2 v' Φ :
  to_val e1 = Some v1  to_val e2 = Some v2 
  bin_op_eval op v1 v2 = Some v' 
   (|={E}=> Φ v')  WP BinOp op e1 e2 @ E {{ Φ }}.
Ralf Jung's avatar
Ralf Jung committed
130
Proof.
131 132
  intros. rewrite -(wp_lift_pure_det_head_step' (BinOp op _ _) (of_val v'))
    -?wp_value_pvs'; eauto.
133
  intros; inv_head_step; eauto.
Ralf Jung's avatar
Ralf Jung committed
134
Qed.
135

136
Lemma wp_if_true E e1 e2 Φ :
137
   WP e1 @ E {{ Φ }}  WP If (Lit (LitBool true)) e1 e2 @ E {{ Φ }}.
Ralf Jung's avatar
Ralf Jung committed
138
Proof.
139
  rewrite -(wp_lift_pure_det_head_step' (If _ _ _) e1); eauto.
140
  intros; inv_head_step; eauto.
141 142
Qed.

143
Lemma wp_if_false E e1 e2 Φ :
144
   WP e2 @ E {{ Φ }}  WP If (Lit (LitBool false)) e1 e2 @ E {{ Φ }}.
145
Proof.
146
  rewrite -(wp_lift_pure_det_head_step' (If _ _ _) e2); eauto.
147
  intros; inv_head_step; eauto.
148
Qed.
149

150 151
Lemma wp_fst E e1 v1 e2 Φ :
  to_val e1 = Some v1  is_Some (to_val e2) 
152
   (|={E}=> Φ v1)  WP Fst (Pair e1 e2) @ E {{ Φ }}.
Ralf Jung's avatar
Ralf Jung committed
153
Proof.
154 155
  intros ? [v2 ?].
  rewrite -(wp_lift_pure_det_head_step' (Fst _) e1) -?wp_value_pvs; eauto.
156
  intros; inv_head_step; eauto.
Ralf Jung's avatar
Ralf Jung committed
157
Qed.
158

159 160
Lemma wp_snd E e1 e2 v2 Φ :
  is_Some (to_val e1)  to_val e2 = Some v2 
161
   (|={E}=> Φ v2)  WP Snd (Pair e1 e2) @ E {{ Φ }}.
Ralf Jung's avatar
Ralf Jung committed
162
Proof.
163 164
  intros [v1 ?] ?.
  rewrite -(wp_lift_pure_det_head_step' (Snd _) e2) -?wp_value_pvs; eauto.
165
  intros; inv_head_step; eauto.
Ralf Jung's avatar
Ralf Jung committed
166
Qed.
167

168 169
Lemma wp_case_inl E e0 e1 e2 Φ :
  is_Some (to_val e0) 
170
   WP App e1 e0 @ E {{ Φ }}  WP Case (InjL e0) e1 e2 @ E {{ Φ }}.
Ralf Jung's avatar
Ralf Jung committed
171
Proof.
172 173
  intros [v0 ?].
  rewrite -(wp_lift_pure_det_head_step' (Case _ _ _) (App e1 e0)); eauto.
174
  intros; inv_head_step; eauto.
Ralf Jung's avatar
Ralf Jung committed
175
Qed.
176

177 178
Lemma wp_case_inr E e0 e1 e2 Φ :
  is_Some (to_val e0) 
179
   WP App e2 e0 @ E {{ Φ }}  WP Case (InjR e0) e1 e2 @ E {{ Φ }}.
Ralf Jung's avatar
Ralf Jung committed
180
Proof.
181 182
  intros [v0 ?].
  rewrite -(wp_lift_pure_det_head_step' (Case _ _ _) (App e2 e0)); eauto.
183
  intros; inv_head_step; eauto.
Ralf Jung's avatar
Ralf Jung committed
184
Qed.
185
End lifting.