Commit 14206553 by Robbert Krebbers

### Curry everything in heap_lang/lib and tests.

parent 925a9169
 ... @@ -9,7 +9,7 @@ Definition assert : val := ... @@ -9,7 +9,7 @@ Definition assert : val := Notation "'assert:' e" := (assert (λ: <>, e))%E (at level 99) : expr_scope. Notation "'assert:' e" := (assert (λ: <>, e))%E (at level 99) : expr_scope. Lemma wp_assert `{heapG Σ} E (Φ : val → iProp Σ) e `{!Closed [] e} : Lemma wp_assert `{heapG Σ} E (Φ : val → iProp Σ) e `{!Closed [] e} : WP e @ E {{ v, ⌜v = #true⌝ ∧ ▷ Φ #() }} ⊢ WP assert: e @ E {{ Φ }}. WP e @ E {{ v, ⌜v = #true⌝ ∧ ▷ Φ #() }} -∗ WP assert: e @ E {{ Φ }}. Proof. Proof. iIntros "HΦ". rewrite /assert. wp_let. wp_seq. iIntros "HΦ". rewrite /assert. wp_let. wp_seq. iApply (wp_wand with "HΦ"). iIntros (v) "[% ?]"; subst. by wp_if. iApply (wp_wand with "HΦ"). iIntros (v) "[% ?]"; subst. by wp_if. ... ...
 ... @@ -73,11 +73,11 @@ Proof. solve_proper. Qed. ... @@ -73,11 +73,11 @@ Proof. solve_proper. Qed. (** Helper lemmas *) (** Helper lemmas *) Lemma ress_split i i1 i2 Q R1 R2 P I : Lemma ress_split i i1 i2 Q R1 R2 P I : i ∈ I → i1 ∉ I → i2 ∉ I → i1 ≠ i2 → i ∈ I → i1 ∉ I → i2 ∉ I → i1 ≠ i2 → saved_prop_own i Q ∗ saved_prop_own i1 R1 ∗ saved_prop_own i2 R2 ∗ saved_prop_own i Q -∗ saved_prop_own i1 R1 -∗ saved_prop_own i2 R2 -∗ (Q -∗ R1 ∗ R2) ∗ ress P I (Q -∗ R1 ∗ R2) -∗ ress P I -∗ ⊢ ress P ({[i1;i2]} ∪ I ∖ {[i]}). ress P ({[i1;i2]} ∪ I ∖ {[i]}). Proof. Proof. iIntros (????) "(#HQ&#H1&#H2&HQR&H)"; iDestruct "H" as (Ψ) "[HPΨ HΨ]". iIntros (????) "#HQ #H1 #H2 HQR"; iDestruct 1 as (Ψ) "[HPΨ HΨ]". iDestruct (big_sepS_delete _ _ i with "HΨ") as "[#HΨi HΨ]"; first done. iDestruct (big_sepS_delete _ _ i with "HΨ") as "[#HΨi HΨ]"; first done. iExists (<[i1:=R1]> (<[i2:=R2]> Ψ)). iSplitL "HQR HPΨ". iExists (<[i1:=R1]> (<[i2:=R2]> Ψ)). iSplitL "HQR HPΨ". - iPoseProof (saved_prop_agree i Q (Ψ i) with "[#]") as "Heq"; first by iSplit. - iPoseProof (saved_prop_agree i Q (Ψ i) with "[#]") as "Heq"; first by iSplit. ... @@ -175,7 +175,7 @@ Proof. ... @@ -175,7 +175,7 @@ Proof. {[Change i1; Change i2 ]} with "[-]") as "Hγ". {[Change i1; Change i2 ]} with "[-]") as "Hγ". { iSplit; first by eauto using split_step. { iSplit; first by eauto using split_step. rewrite {2}/barrier_inv /=. iNext. iFrame "Hl". rewrite {2}/barrier_inv /=. iNext. iFrame "Hl". iApply (ress_split _ _ _ Q R1 R2); eauto. iFrame; auto. } by iApply (ress_split with "HQ Hi1 Hi2 HQR"). } iAssert (sts_ownS γ (i_states i1) {[Change i1]} iAssert (sts_ownS γ (i_states i1) {[Change i1]} ∗ sts_ownS γ (i_states i2) {[Change i2]})%I with ">[-]" as "[Hγ1 Hγ2]". ∗ sts_ownS γ (i_states i2) {[Change i2]})%I with ">[-]" as "[Hγ1 Hγ2]". { iApply sts_ownS_op; eauto using i_states_closed, low_states_closed. { iApply sts_ownS_op; eauto using i_states_closed, low_states_closed. ... @@ -190,8 +190,7 @@ Qed. ... @@ -190,8 +190,7 @@ Qed. Lemma recv_weaken l P1 P2 : (P1 -∗ P2) -∗ recv l P1 -∗ recv l P2. Lemma recv_weaken l P1 P2 : (P1 -∗ P2) -∗ recv l P1 -∗ recv l P2. Proof. Proof. rewrite /recv. rewrite /recv. iIntros "HP". iDestruct 1 as (γ P Q i) "(#Hctx&Hγ&Hi&HP1)". iIntros "HP HP1"; iDestruct "HP1" as (γ P Q i) "(#Hctx&Hγ&Hi&HP1)". iExists γ, P, Q, i. iFrame "Hctx Hγ Hi". iExists γ, P, Q, i. iFrame "Hctx Hγ Hi". iNext. iIntros "HQ". by iApply "HP"; iApply "HP1". iNext. iIntros "HQ". by iApply "HP"; iApply "HP1". Qed. Qed. ... ...
 ... @@ -14,7 +14,7 @@ Lemma barrier_spec (N : namespace) : ... @@ -14,7 +14,7 @@ Lemma barrier_spec (N : namespace) : (∀ l P, {{ send l P ∗ P }} signal #l {{ _, True }}) ∧ (∀ l P, {{ send l P ∗ P }} signal #l {{ _, True }}) ∧ (∀ l P, {{ recv l P }} wait #l {{ _, P }}) ∧ (∀ l P, {{ recv l P }} wait #l {{ _, P }}) ∧ (∀ l P Q, recv l (P ∗ Q) ={↑N}=> recv l P ∗ recv l Q) ∧ (∀ l P Q, recv l (P ∗ Q) ={↑N}=> recv l P ∗ recv l Q) ∧ (∀ l P Q, (P -∗ Q) ⊢ recv l P -∗ recv l Q). (∀ l P Q, (P -∗ Q) -∗ recv l P -∗ recv l Q). Proof. Proof. exists (λ l, CofeMor (recv N l)), (λ l, CofeMor (send N l)). exists (λ l, CofeMor (recv N l)), (λ l, CofeMor (send N l)). split_and?; simpl. split_and?; simpl. ... ...
 ... @@ -15,7 +15,7 @@ Structure lock Σ `{!heapG Σ} := Lock { ... @@ -15,7 +15,7 @@ Structure lock Σ `{!heapG Σ} := Lock { is_lock_ne N γ lk n: Proper (dist n ==> dist n) (is_lock N γ lk); is_lock_ne N γ lk n: Proper (dist n ==> dist n) (is_lock N γ lk); is_lock_persistent N γ lk R : PersistentP (is_lock N γ lk R); is_lock_persistent N γ lk R : PersistentP (is_lock N γ lk R); locked_timeless γ : TimelessP (locked γ); locked_timeless γ : TimelessP (locked γ); locked_exclusive γ : locked γ ∗ locked γ ⊢ False; locked_exclusive γ : locked γ -∗ locked γ -∗ False; (* -- operation specs -- *) (* -- operation specs -- *) newlock_spec N (R : iProp Σ) : newlock_spec N (R : iProp Σ) : {{{ R }}} newlock #() {{{ lk γ, RET lk; is_lock N γ lk R }}}; {{{ R }}} newlock #() {{{ lk γ, RET lk; is_lock N γ lk R }}}; ... ...
 ... @@ -21,11 +21,11 @@ Context `{!heapG Σ, !spawnG Σ}. ... @@ -21,11 +21,11 @@ Context `{!heapG Σ, !spawnG Σ}. This is why these are not Texan triples. *) This is why these are not Texan triples. *) Lemma par_spec (Ψ1 Ψ2 : val → iProp Σ) e (f1 f2 : val) (Φ : val → iProp Σ) : Lemma par_spec (Ψ1 Ψ2 : val → iProp Σ) e (f1 f2 : val) (Φ : val → iProp Σ) : to_val e = Some (f1,f2)%V → to_val e = Some (f1,f2)%V → (WP f1 #() {{ Ψ1 }} ∗ WP f2 #() {{ Ψ2 }} ∗ WP f1 #() {{ Ψ1 }} -∗ WP f2 #() {{ Ψ2 }} -∗ ▷ ∀ v1 v2, Ψ1 v1 ∗ Ψ2 v2 -∗ ▷ Φ (v1,v2)%V) (▷ ∀ v1 v2, Ψ1 v1 ∗ Ψ2 v2 -∗ ▷ Φ (v1,v2)%V) -∗ ⊢ WP par e {{ Φ }}. WP par e {{ Φ }}. Proof. Proof. iIntros (?) "(Hf1 & Hf2 & HΦ)". iIntros (?) "Hf1 Hf2 HΦ". rewrite /par. wp_value. wp_let. wp_proj. rewrite /par. wp_value. wp_let. wp_proj. wp_apply (spawn_spec parN with "Hf1"); try wp_done; try solve_ndisj. wp_apply (spawn_spec parN with "Hf1"); try wp_done; try solve_ndisj. iIntros (l) "Hl". wp_let. wp_proj. wp_bind (f2 _). iIntros (l) "Hl". wp_let. wp_proj. wp_bind (f2 _). ... @@ -36,11 +36,11 @@ Qed. ... @@ -36,11 +36,11 @@ Qed. Lemma wp_par (Ψ1 Ψ2 : val → iProp Σ) Lemma wp_par (Ψ1 Ψ2 : val → iProp Σ) (e1 e2 : expr) `{!Closed [] e1, Closed [] e2} (Φ : val → iProp Σ) : (e1 e2 : expr) `{!Closed [] e1, Closed [] e2} (Φ : val → iProp Σ) : (WP e1 {{ Ψ1 }} ∗ WP e2 {{ Ψ2 }} ∗ WP e1 {{ Ψ1 }} -∗ WP e2 {{ Ψ2 }} -∗ ∀ v1 v2, Ψ1 v1 ∗ Ψ2 v2 -∗ ▷ Φ (v1,v2)%V) (∀ v1 v2, Ψ1 v1 ∗ Ψ2 v2 -∗ ▷ Φ (v1,v2)%V) -∗ ⊢ WP e1 ||| e2 {{ Φ }}. WP e1 ||| e2 {{ Φ }}. Proof. Proof. iIntros "(H1 & H2 & H)". iApply (par_spec Ψ1 Ψ2 with "[- \$H]"); try wp_done. iIntros "H1 H2 H". iApply (par_spec Ψ1 Ψ2 with "[H1] [H2] [H]"); try wp_done. iSplitL "H1"; by wp_let. by wp_let. by wp_let. auto. Qed. Qed. End proof. End proof.
 ... @@ -30,8 +30,8 @@ Section proof. ... @@ -30,8 +30,8 @@ Section proof. Definition locked (γ : gname): iProp Σ := own γ (Excl ()). Definition locked (γ : gname): iProp Σ := own γ (Excl ()). Lemma locked_exclusive (γ : gname) : locked γ ∗ locked γ ⊢ False. Lemma locked_exclusive (γ : gname) : locked γ -∗ locked γ -∗ False. Proof. rewrite /locked -own_op own_valid. by iIntros (?). Qed. Proof. iIntros "H1 H2". by iDestruct (own_valid_2 with "H1 H2") as %?. Qed. Global Instance lock_inv_ne n γ l : Proper (dist n ==> dist n) (lock_inv γ l). Global Instance lock_inv_ne n γ l : Proper (dist n ==> dist n) (lock_inv γ l). Proof. solve_proper. Qed. Proof. solve_proper. Qed. ... ...
 ... @@ -46,11 +46,11 @@ Section proof. ... @@ -46,11 +46,11 @@ Section proof. Definition is_lock (γ : gname) (lk : val) (R : iProp Σ) : iProp Σ := Definition is_lock (γ : gname) (lk : val) (R : iProp Σ) : iProp Σ := (∃ lo ln : loc, (∃ lo ln : loc, ⌜lk = (#lo, #ln)%V⌝ ∧ inv N (lock_inv γ lo ln R))%I. ⌜lk = (#lo, #ln)%V⌝ ∗ inv N (lock_inv γ lo ln R))%I. Definition issued (γ : gname) (lk : val) (x : nat) (R : iProp Σ) : iProp Σ := Definition issued (γ : gname) (lk : val) (x : nat) (R : iProp Σ) : iProp Σ := (∃ lo ln: loc, (∃ lo ln: loc, ⌜lk = (#lo, #ln)%V⌝ ∧ inv N (lock_inv γ lo ln R) ∧ ⌜lk = (#lo, #ln)%V⌝ ∗ inv N (lock_inv γ lo ln R) ∗ own γ (◯ (∅, GSet {[ x ]})))%I. own γ (◯ (∅, GSet {[ x ]})))%I. Definition locked (γ : gname) : iProp Σ := (∃ o, own γ (◯ (Excl' o, ∅)))%I. Definition locked (γ : gname) : iProp Σ := (∃ o, own γ (◯ (Excl' o, ∅)))%I. ... @@ -65,10 +65,10 @@ Section proof. ... @@ -65,10 +65,10 @@ Section proof. Global Instance locked_timeless γ : TimelessP (locked γ). Global Instance locked_timeless γ : TimelessP (locked γ). Proof. apply _. Qed. Proof. apply _. Qed. Lemma locked_exclusive (γ : gname) : (locked γ ∗ locked γ ⊢ False)%I. Lemma locked_exclusive (γ : gname) : locked γ -∗ locked γ -∗ False. Proof. Proof. iIntros "[H1 H2]". iDestruct "H1" as (o1) "H1". iDestruct "H2" as (o2) "H2". iDestruct 1 as (o1) "H1". iDestruct 1 as (o2) "H2". iCombine "H1" "H2" as "H". iDestruct (own_valid with "H") as %[[] _]. iDestruct (own_valid_2 with "H1 H2") as %[[] _]. Qed. Qed. Lemma newlock_spec (R : iProp Σ) : Lemma newlock_spec (R : iProp Σ) : ... ...