Commit a9be1e26 by Robbert Krebbers

Rename solve_elem_of into set_solver.

```It is doing much more than just dealing with ∈, it solves all kinds
of goals involving set operations (including ≡ and ⊆).```
parent 65ab1289
 ... @@ -46,16 +46,16 @@ Definition up_set (S : states sts) (T : tokens sts) : states sts := ... @@ -46,16 +46,16 @@ Definition up_set (S : states sts) (T : tokens sts) : states sts := (** Tactic setup *) (** Tactic setup *) Hint Resolve Step. Hint Resolve Step. Hint Extern 10 (equiv (A:=set _) _ _) => solve_elem_of : sts. Hint Extern 10 (equiv (A:=set _) _ _) => set_solver : sts. Hint Extern 10 (¬equiv (A:=set _) _ _) => solve_elem_of : sts. Hint Extern 10 (¬equiv (A:=set _) _ _) => set_solver : sts. Hint Extern 10 (_ ∈ _) => solve_elem_of : sts. Hint Extern 10 (_ ∈ _) => set_solver : sts. Hint Extern 10 (_ ⊆ _) => solve_elem_of : sts. Hint Extern 10 (_ ⊆ _) => set_solver : sts. (** ** Setoids *) (** ** Setoids *) Instance framestep_mono : Proper (flip (⊆) ==> (=) ==> (=) ==> impl) frame_step. Instance framestep_mono : Proper (flip (⊆) ==> (=) ==> (=) ==> impl) frame_step. Proof. Proof. intros ?? HT ?? <- ?? <-; destruct 1; econstructor; intros ?? HT ?? <- ?? <-; destruct 1; econstructor; eauto with sts; solve_elem_of. eauto with sts; set_solver. Qed. Qed. Global Instance framestep_proper : Proper ((≡) ==> (=) ==> (=) ==> iff) frame_step. Global Instance framestep_proper : Proper ((≡) ==> (=) ==> (=) ==> iff) frame_step. Proof. by intros ?? [??] ??????; split; apply framestep_mono. Qed. Proof. by intros ?? [??] ??????; split; apply framestep_mono. Qed. ... @@ -84,7 +84,7 @@ Proof. by intros S1 S2 [??] T1 T2 [??]; split; apply up_set_preserving. Qed. ... @@ -84,7 +84,7 @@ Proof. by intros S1 S2 [??] T1 T2 [??]; split; apply up_set_preserving. Qed. (** ** Properties of closure under frame steps *) (** ** Properties of closure under frame steps *) Lemma closed_disjoint' S T s : closed S T → s ∈ S → tok s ∩ T ≡ ∅. Lemma closed_disjoint' S T s : closed S T → s ∈ S → tok s ∩ T ≡ ∅. Proof. intros [_ ? _]; solve_elem_of. Qed. Proof. intros [_ ? _]; set_solver. Qed. Lemma closed_steps S T s1 s2 : Lemma closed_steps S T s1 s2 : closed S T → s1 ∈ S → rtc (frame_step T) s1 s2 → s2 ∈ S. closed S T → s1 ∈ S → rtc (frame_step T) s1 s2 → s2 ∈ S. Proof. induction 3; eauto using closed_step. Qed. Proof. induction 3; eauto using closed_step. Qed. ... @@ -92,7 +92,7 @@ Lemma closed_op T1 T2 S1 S2 : ... @@ -92,7 +92,7 @@ Lemma closed_op T1 T2 S1 S2 : closed S1 T1 → closed S2 T2 → closed S1 T1 → closed S2 T2 → T1 ∩ T2 ≡ ∅ → S1 ∩ S2 ≢ ∅ → closed (S1 ∩ S2) (T1 ∪ T2). T1 ∩ T2 ≡ ∅ → S1 ∩ S2 ≢ ∅ → closed (S1 ∩ S2) (T1 ∪ T2). Proof. Proof. intros [_ ? Hstep1] [_ ? Hstep2] ?; split; [done|solve_elem_of|]. intros [_ ? Hstep1] [_ ? Hstep2] ?; split; [done|set_solver|]. intros s3 s4; rewrite !elem_of_intersection; intros [??] [T3 T4 ?]; split. intros s3 s4; rewrite !elem_of_intersection; intros [??] [T3 T4 ?]; split. - apply Hstep1 with s3, Frame_step with T3 T4; auto with sts. - apply Hstep1 with s3, Frame_step with T3 T4; auto with sts. - apply Hstep2 with s3, Frame_step with T3 T4; auto with sts. - apply Hstep2 with s3, Frame_step with T3 T4; auto with sts. ... @@ -103,7 +103,7 @@ Lemma step_closed s1 s2 T1 T2 S Tf : ... @@ -103,7 +103,7 @@ Lemma step_closed s1 s2 T1 T2 S Tf : Proof. Proof. inversion_clear 1 as [???? HR Hs1 Hs2]; intros [?? Hstep]??; split_ands; auto. inversion_clear 1 as [???? HR Hs1 Hs2]; intros [?? Hstep]??; split_ands; auto. - eapply Hstep with s1, Frame_step with T1 T2; auto with sts. - eapply Hstep with s1, Frame_step with T1 T2; auto with sts. - solve_elem_of -Hstep Hs1 Hs2. - set_solver -Hstep Hs1 Hs2. Qed. Qed. (** ** Properties of the closure operators *) (** ** Properties of the closure operators *) ... @@ -117,7 +117,7 @@ Lemma closed_up_set S T : ... @@ -117,7 +117,7 @@ Lemma closed_up_set S T : (∀ s, s ∈ S → tok s ∩ T ⊆ ∅) → S ≢ ∅ → closed (up_set S T) T. (∀ s, s ∈ S → tok s ∩ T ⊆ ∅) → S ≢ ∅ → closed (up_set S T) T. Proof. Proof. intros HS Hne; unfold up_set; split. intros HS Hne; unfold up_set; split. - assert (∀ s, s ∈ up s T) by eauto using elem_of_up. solve_elem_of. - assert (∀ s, s ∈ up s T) by eauto using elem_of_up. set_solver. - intros s; rewrite !elem_of_bind; intros (s'&Hstep&Hs'). - intros s; rewrite !elem_of_bind; intros (s'&Hstep&Hs'). specialize (HS s' Hs'); clear Hs' Hne S. specialize (HS s' Hs'); clear Hs' Hne S. induction Hstep as [s|s1 s2 s3 [T1 T2 ? Hstep] ? IH]; first done. induction Hstep as [s|s1 s2 s3 [T1 T2 ? Hstep] ? IH]; first done. ... @@ -130,7 +130,7 @@ Proof. eauto using closed_up_set with sts. Qed. ... @@ -130,7 +130,7 @@ Proof. eauto using closed_up_set with sts. Qed. Lemma closed_up s T : tok s ∩ T ≡ ∅ → closed (up s T) T. Lemma closed_up s T : tok s ∩ T ≡ ∅ → closed (up s T) T. Proof. Proof. intros; rewrite -(collection_bind_singleton (λ s, up s T) s). intros; rewrite -(collection_bind_singleton (λ s, up s T) s). apply closed_up_set; solve_elem_of. apply closed_up_set; set_solver. Qed. Qed. Lemma closed_up_empty s : closed (up s ∅) ∅. Lemma closed_up_empty s : closed (up s ∅) ∅. Proof. eauto using closed_up with sts. Qed. Proof. eauto using closed_up with sts. Qed. ... @@ -198,10 +198,10 @@ Instance sts_minus : Minus (car sts) := λ x1 x2, ... @@ -198,10 +198,10 @@ Instance sts_minus : Minus (car sts) := λ x1 x2, | auth s T1, auth _ T2 => frag (up s (T1 ∖ T2)) (T1 ∖ T2) | auth s T1, auth _ T2 => frag (up s (T1 ∖ T2)) (T1 ∖ T2) end. end. Hint Extern 10 (equiv (A:=set _) _ _) => solve_elem_of : sts. Hint Extern 10 (equiv (A:=set _) _ _) => set_solver : sts. Hint Extern 10 (¬equiv (A:=set _) _ _) => solve_elem_of : sts. Hint Extern 10 (¬equiv (A:=set _) _ _) => set_solver : sts. Hint Extern 10 (_ ∈ _) => solve_elem_of : sts. Hint Extern 10 (_ ∈ _) => set_solver : sts. Hint Extern 10 (_ ⊆ _) => solve_elem_of : sts. Hint Extern 10 (_ ⊆ _) => set_solver : sts. Instance sts_equivalence: Equivalence ((≡) : relation (car sts)). Instance sts_equivalence: Equivalence ((≡) : relation (car sts)). Proof. Proof. split. split. ... @@ -220,7 +220,7 @@ Proof. ... @@ -220,7 +220,7 @@ Proof. - by do 2 destruct 1; constructor; setoid_subst. - by do 2 destruct 1; constructor; setoid_subst. - assert (∀ T T' S s, - assert (∀ T T' S s, closed S T → s ∈ S → tok s ∩ T' ≡ ∅ → tok s ∩ (T ∪ T') ≡ ∅). closed S T → s ∈ S → tok s ∩ T' ≡ ∅ → tok s ∩ (T ∪ T') ≡ ∅). { intros S T T' s [??]; solve_elem_of. } { intros S T T' s [??]; set_solver. } destruct 3; simpl in *; auto using closed_op with sts. destruct 3; simpl in *; auto using closed_op with sts. - intros []; simpl; eauto using closed_up, closed_up_set, closed_ne with sts. - intros []; simpl; eauto using closed_up, closed_up_set, closed_ne with sts. - intros ???? (z&Hy&?&Hxz); destruct Hxz; inversion Hy;clear Hy; setoid_subst; - intros ???? (z&Hy&?&Hxz); destruct Hxz; inversion Hy;clear Hy; setoid_subst; ... @@ -233,7 +233,7 @@ Proof. ... @@ -233,7 +233,7 @@ Proof. - destruct 3; constructor; auto with sts. - destruct 3; constructor; auto with sts. - intros [|S T]; constructor; auto using elem_of_up with sts. - intros [|S T]; constructor; auto using elem_of_up with sts. assert (S ⊆ up_set S ∅ ∧ S ≢ ∅) by eauto using subseteq_up_set, closed_ne. assert (S ⊆ up_set S ∅ ∧ S ≢ ∅) by eauto using subseteq_up_set, closed_ne. solve_elem_of. set_solver. - intros [|S T]; constructor; auto with sts. - intros [|S T]; constructor; auto with sts. assert (S ⊆ up_set S ∅); auto using subseteq_up_set with sts. assert (S ⊆ up_set S ∅); auto using subseteq_up_set with sts. - intros [s T|S T]; constructor; auto with sts. - intros [s T|S T]; constructor; auto with sts. ... @@ -241,7 +241,7 @@ Proof. ... @@ -241,7 +241,7 @@ Proof. + rewrite (up_closed (up_set _ _)); + rewrite (up_closed (up_set _ _)); eauto using closed_up_set, closed_ne with sts. eauto using closed_up_set, closed_ne with sts. - intros x y ?? (z&Hy&?&Hxz); exists (unit (x ⋅ y)); split_ands. - intros x y ?? (z&Hy&?&Hxz); exists (unit (x ⋅ y)); split_ands. + destruct Hxz;inversion_clear Hy;constructor;unfold up_set; solve_elem_of. + destruct Hxz;inversion_clear Hy;constructor;unfold up_set; set_solver. + destruct Hxz; inversion_clear Hy; simpl; + destruct Hxz; inversion_clear Hy; simpl; auto using closed_up_set_empty, closed_up_empty with sts. auto using closed_up_set_empty, closed_up_empty with sts. + destruct Hxz; inversion_clear Hy; constructor; + destruct Hxz; inversion_clear Hy; constructor; ... @@ -324,9 +324,9 @@ Proof. by move=> /(_ 0) [? [? Hdisj]]; inversion Hdisj. Qed. ... @@ -324,9 +324,9 @@ Proof. by move=> /(_ 0) [? [? Hdisj]]; inversion Hdisj. Qed. Lemma sts_op_auth_frag s S T : Lemma sts_op_auth_frag s S T : s ∈ S → closed S T → sts_auth s ∅ ⋅ sts_frag S T ≡ sts_auth s T. s ∈ S → closed S T → sts_auth s ∅ ⋅ sts_frag S T ≡ sts_auth s T. Proof. Proof. intros; split; [split|constructor; solve_elem_of]; simpl. intros; split; [split|constructor; set_solver]; simpl. - intros (?&?&?); by apply closed_disjoint' with S. - intros (?&?&?); by apply closed_disjoint' with S. - intros; split_ands. solve_elem_of+. done. constructor; solve_elem_of. - intros; split_ands. set_solver+. done. constructor; set_solver. Qed. Qed. Lemma sts_op_auth_frag_up s T : Lemma sts_op_auth_frag_up s T : tok s ∩ T ≡ ∅ → sts_auth s ∅ ⋅ sts_frag_up s T ≡ sts_auth s T. tok s ∩ T ≡ ∅ → sts_auth s ∅ ⋅ sts_frag_up s T ≡ sts_auth s T. ... @@ -339,7 +339,7 @@ Proof. ... @@ -339,7 +339,7 @@ Proof. intros HT HS1 HS2. rewrite /sts_frag. intros HT HS1 HS2. rewrite /sts_frag. (* FIXME why does rewrite not work?? *) (* FIXME why does rewrite not work?? *) etransitivity; last eapply to_validity_op; try done; []. etransitivity; last eapply to_validity_op; try done; []. intros Hval. constructor; last solve_elem_of. eapply closed_ne, Hval. intros Hval. constructor; last set_solver. eapply closed_ne, Hval. Qed. Qed. (** Frame preserving updates *) (** Frame preserving updates *) ... @@ -356,8 +356,8 @@ Lemma sts_update_frag S1 S2 T : ... @@ -356,8 +356,8 @@ Lemma sts_update_frag S1 S2 T : Proof. Proof. rewrite /sts_frag=> HS Hcl. apply validity_update. rewrite /sts_frag=> HS Hcl. apply validity_update. inversion 3 as [|? S ? Tf|]; simplify_eq/=. inversion 3 as [|? S ? Tf|]; simplify_eq/=. - split; first done. constructor; [solve_elem_of|done]. - split; first done. constructor; [set_solver|done]. - split; first done. constructor; solve_elem_of. - split; first done. constructor; set_solver. Qed. Qed. Lemma sts_update_frag_up s1 S2 T : Lemma sts_update_frag_up s1 S2 T : ... @@ -388,16 +388,16 @@ when we have RAs back *) ... @@ -388,16 +388,16 @@ when we have RAs back *) + move=>s /elem_of_intersection [HS1 Hscl]. apply HS. split; first done. + move=>s /elem_of_intersection [HS1 Hscl]. apply HS. split; first done. destruct Hscl as [s' [Hsup Hs']]. destruct Hscl as [s' [Hsup Hs']]. eapply closed_steps; last (hnf in Hsup; eexact Hsup); first done. eapply closed_steps; last (hnf in Hsup; eexact Hsup); first done. solve_elem_of +HS Hs'. set_solver +HS Hs'. - intros (Hcl1 & Tf & Htk & Hf & Hs). - intros (Hcl1 & Tf & Htk & Hf & Hs). exists (sts_frag (up_set S2 Tf) Tf). exists (sts_frag (up_set S2 Tf) Tf). split; first split; simpl;[|done|]. split; first split; simpl;[|done|]. + intros _. split_ands; first done. + intros _. split_ands; first done. * apply closed_up_set; last by eapply closed_ne. * apply closed_up_set; last by eapply closed_ne. move=>s Hs2. move:(closed_disjoint _ _ Hcl2 _ Hs2). move=>s Hs2. move:(closed_disjoint _ _ Hcl2 _ Hs2). solve_elem_of +Htk. set_solver +Htk. * constructor; last done. rewrite -Hs. by eapply closed_ne. * constructor; last done. rewrite -Hs. by eapply closed_ne. + intros _. constructor; [ solve_elem_of +Htk | done]. + intros _. constructor; [ set_solver +Htk | done]. Qed. Qed. Lemma sts_frag_included' S1 S2 T : Lemma sts_frag_included' S1 S2 T : ... @@ -405,6 +405,6 @@ Lemma sts_frag_included' S1 S2 T : ... @@ -405,6 +405,6 @@ Lemma sts_frag_included' S1 S2 T : sts_frag S1 T ≼ sts_frag S2 T. sts_frag S1 T ≼ sts_frag S2 T. Proof. Proof. intros. apply sts_frag_included; split_ands; auto. intros. apply sts_frag_included; split_ands; auto. exists ∅; split_ands; done || solve_elem_of+. exists ∅; split_ands; done || set_solver+. Qed. Qed. End stsRA. End stsRA.
 ... @@ -178,8 +178,8 @@ Section gset. ... @@ -178,8 +178,8 @@ Section gset. Lemma big_sepS_delete P X x : Lemma big_sepS_delete P X x : x ∈ X → (Π★{set X} P)%I ≡ (P x ★ Π★{set X ∖ {[ x ]}} P)%I. x ∈ X → (Π★{set X} P)%I ≡ (P x ★ Π★{set X ∖ {[ x ]}} P)%I. Proof. Proof. intros. rewrite -big_sepS_insert; last solve_elem_of. intros. rewrite -big_sepS_insert; last set_solver. by rewrite -union_difference_L; last solve_elem_of. by rewrite -union_difference_L; last set_solver. Qed. Qed. Lemma big_sepS_singleton P x : (Π★{set {[ x ]}} P)%I ≡ (P x)%I. Lemma big_sepS_singleton P x : (Π★{set {[ x ]}} P)%I ≡ (P x)%I. Proof. intros. by rewrite /uPred_big_sepS elements_singleton /= right_id. Qed. Proof. intros. by rewrite /uPred_big_sepS elements_singleton /= right_id. Qed. ... ...
 ... @@ -57,11 +57,11 @@ Module barrier_proto. ... @@ -57,11 +57,11 @@ Module barrier_proto. rewrite /= /tok /=. rewrite /= /tok /=. intros. apply dec_stable. intros. apply dec_stable. assert (Change i ∉ change_tokens I1) as HI1 assert (Change i ∉ change_tokens I1) as HI1 by (rewrite mkSet_not_elem_of; solve_elem_of +Hs1). by (rewrite mkSet_not_elem_of; set_solver +Hs1). assert (Change i ∉ change_tokens I2) as HI2. assert (Change i ∉ change_tokens I2) as HI2. { destruct p. { destruct p. - solve_elem_of +Htok Hdisj HI1. - set_solver +Htok Hdisj HI1. - solve_elem_of +Htok Hdisj HI1 / discriminate. } - set_solver +Htok Hdisj HI1 / discriminate. } done. done. Qed. Qed. ... @@ -74,13 +74,13 @@ Module barrier_proto. ... @@ -74,13 +74,13 @@ Module barrier_proto. split. split. - apply (non_empty_inhabited(State Low ∅)). by rewrite !mkSet_elem_of /=. - apply (non_empty_inhabited(State Low ∅)). by rewrite !mkSet_elem_of /=. - move=>[p I]. rewrite /= /tok !mkSet_elem_of /= =>HI. - move=>[p I]. rewrite /= /tok !mkSet_elem_of /= =>HI. destruct p; last done. solve_elem_of. destruct p; last done. set_solver. - move=>s1 s2. rewrite !mkSet_elem_of /==> Hs1 Hstep. - move=>s1 s2. rewrite !mkSet_elem_of /==> Hs1 Hstep. inversion_clear Hstep as [T1 T2 Hdisj Hstep']. inversion_clear Hstep as [T1 T2 Hdisj Hstep']. inversion_clear Hstep' as [? ? ? ? Htrans _ _ Htok]. inversion_clear Hstep' as [? ? ? ? Htrans _ _ Htok]. destruct Htrans; move:Hs1 Hdisj Htok =>/=; destruct Htrans; move:Hs1 Hdisj Htok =>/=; first by destruct p. first by destruct p. rewrite /= /tok /=. intros. solve_elem_of +Hdisj Htok. rewrite /= /tok /=. intros. set_solver +Hdisj Htok. Qed. Qed. End barrier_proto. End barrier_proto. ... @@ -162,23 +162,23 @@ Section proof. ... @@ -162,23 +162,23 @@ Section proof. { rewrite -later_intro. apply wand_intro_l. by rewrite right_id. } { rewrite -later_intro. apply wand_intro_l. by rewrite right_id. } rewrite (sts_own_weaken ⊤ _ _ (i_states i ∩ low_states) _ ({[ Change i ]} ∪ {[ Send ]})). rewrite (sts_own_weaken ⊤ _ _ (i_states i ∩ low_states) _ ({[ Change i ]} ∪ {[ Send ]})). + apply pvs_mono. rewrite sts_ownS_op; first done. + apply pvs_mono. rewrite sts_ownS_op; first done. * solve_elem_of. * set_solver. * apply i_states_closed. * apply i_states_closed. * apply low_states_closed. * apply low_states_closed. + rewrite /= /tok /=. apply elem_of_equiv=>t. rewrite elem_of_difference elem_of_union. + rewrite /= /tok /=. apply elem_of_equiv=>t. rewrite elem_of_difference elem_of_union. rewrite !mkSet_elem_of /change_tokens. rewrite !mkSet_elem_of /change_tokens. (* TODO: destruct t; solve_elem_of does not work. What is the best way to do on? *) (* TODO: destruct t; set_solver does not work. What is the best way to do on? *) destruct t as [i'|]; last by naive_solver. split. destruct t as [i'|]; last by naive_solver. split. * move=>[_ Hn]. left. destruct (decide (i = i')); first by subst i. * move=>[_ Hn]. left. destruct (decide (i = i')); first by subst i. exfalso. apply Hn. left. solve_elem_of. exfalso. apply Hn. left. set_solver. * move=>[[EQ]|?]; last discriminate. solve_elem_of. * move=>[[EQ]|?]; last discriminate. set_solver. + apply elem_of_intersection. rewrite !mkSet_elem_of /=. solve_elem_of. + apply elem_of_intersection. rewrite !mkSet_elem_of /=. set_solver. + apply sts.closed_op. + apply sts.closed_op. * apply i_states_closed. * apply i_states_closed. * apply low_states_closed. * apply low_states_closed. * solve_elem_of. * set_solver. * apply (non_empty_inhabited (State Low {[ i ]})). apply elem_of_intersection. * apply (non_empty_inhabited (State Low {[ i ]})). apply elem_of_intersection. rewrite !mkSet_elem_of /=. solve_elem_of. rewrite !mkSet_elem_of /=. set_solver. Qed. Qed. Lemma signal_spec l P (Q : val → iProp) : Lemma signal_spec l P (Q : val → iProp) : ... @@ -199,7 +199,7 @@ Section proof. ... @@ -199,7 +199,7 @@ Section proof. erewrite later_sep. apply sep_mono_r. apply later_intro. } erewrite later_sep. apply sep_mono_r. apply later_intro. } apply wand_intro_l. rewrite -(exist_intro (State High I)). apply wand_intro_l. rewrite -(exist_intro (State High I)). rewrite -(exist_intro ∅). rewrite const_equiv /=; last first. rewrite -(exist_intro ∅). rewrite const_equiv /=; last first. { constructor; first constructor; rewrite /= /tok /=; solve_elem_of. } { constructor; first constructor; rewrite /= /tok /=; set_solver. } rewrite left_id -later_intro {2}/barrier_inv -!assoc. apply sep_mono_r. rewrite left_id -later_intro {2}/barrier_inv -!assoc. apply sep_mono_r. rewrite !assoc [(_ ★ P)%I]comm !assoc -2!assoc. rewrite !assoc [(_ ★ P)%I]comm !assoc -2!assoc. apply sep_mono; last first. apply sep_mono; last first. ... ...
This diff is collapsed.
 ... @@ -41,7 +41,7 @@ Qed. ... @@ -41,7 +41,7 @@ Qed. Lemma elements_singleton x : elements {[ x ]} = [x]. Lemma elements_singleton x : elements {[ x ]} = [x]. Proof. Proof. apply Permutation_singleton. by rewrite <-(right_id ∅ (∪) {[x]}), apply Permutation_singleton. by rewrite <-(right_id ∅ (∪) {[x]}), elements_union_singleton, elements_empty by solve_elem_of. elements_union_singleton, elements_empty by set_solver. Qed. Qed. Lemma elements_contains X Y : X ⊆ Y → elements X `contains` elements Y. Lemma elements_contains X Y : X ⊆ Y → elements X `contains` elements Y. Proof. Proof. ... @@ -90,7 +90,7 @@ Proof. ... @@ -90,7 +90,7 @@ Proof. intros E. destruct (size_pos_elem_of X); auto with lia. intros E. destruct (size_pos_elem_of X); auto with lia. exists x. apply elem_of_equiv. split. exists x. apply elem_of_equiv. split. - rewrite elem_of_singleton. eauto using size_singleton_inv. - rewrite elem_of_singleton. eauto using size_singleton_inv. - solve_elem_of. - set_solver. Qed. Qed. Lemma size_union X Y : X ∩ Y ≡ ∅ → size (X ∪ Y) = size X + size Y. Lemma size_union X Y : X ∩ Y ≡ ∅ → size (X ∪ Y) = size X + size Y. Proof. Proof. ... @@ -98,7 +98,7 @@ Proof. ... @@ -98,7 +98,7 @@ Proof. apply Permutation_length, NoDup_Permutation. apply Permutation_length, NoDup_Permutation. - apply NoDup_elements. - apply NoDup_elements. - apply NoDup_app; repeat split; try apply NoDup_elements. - apply NoDup_app; repeat split; try apply NoDup_elements. intros x; rewrite !elem_of_elements; solve_elem_of. intros x; rewrite !elem_of_elements; set_solver. - intros. by rewrite elem_of_app, !elem_of_elements, elem_of_union. - intros. by rewrite elem_of_app, !elem_of_elements, elem_of_union. Qed. Qed. Instance elem_of_dec_slow (x : A) (X : C) : Decision (x ∈ X) | 100. Instance elem_of_dec_slow (x : A) (X : C) : Decision (x ∈ X) | 100. ... @@ -121,15 +121,15 @@ Next Obligation. ... @@ -121,15 +121,15 @@ Next Obligation. Qed. Qed. Lemma size_union_alt X Y : size (X ∪ Y) = size X + size (Y ∖ X). Lemma size_union_alt X Y : size (X ∪ Y) = size X + size (Y ∖ X). Proof. Proof. rewrite <-size_union by solve_elem_of. rewrite <-size_union by set_solver. setoid_replace (Y ∖ X) with ((Y ∪ X) ∖ X) by solve_elem_of. setoid_replace (Y ∖ X) with ((Y ∪ X) ∖ X) by set_solver. rewrite <-union_difference, (comm (∪)); solve_elem_of. rewrite <-union_difference, (comm (∪)); set_solver. Qed. Qed. Lemma subseteq_size X Y : X ⊆ Y → size X ≤ size Y. Lemma subseteq_size X Y : X ⊆ Y → size X ≤ size Y. Proof. intros. rewrite (union_difference X Y), size_union_alt by done. lia. Qed. Proof. intros. rewrite (union_difference X Y), size_union_alt by done. lia. Qed. Lemma subset_size X Y : X ⊂ Y → size X < size Y. Lemma subset_size X Y : X ⊂ Y → size X < size Y. Proof. Proof. intros. rewrite (union_difference X Y) by solve_elem_of. intros. rewrite (union_difference X Y) by set_solver. rewrite size_union_alt, difference_twice. rewrite size_union_alt, difference_twice. cut (size (Y ∖ X) ≠ 0); [lia |]. cut (size (Y ∖ X) ≠ 0); [lia |]. by apply size_non_empty_iff, non_empty_difference. by apply size_non_empty_iff, non_empty_difference. ... @@ -143,8 +143,8 @@ Proof. ... @@ -143,8 +143,8 @@ Proof. intros ? Hemp Hadd. apply well_founded_induction with (⊂). intros ? Hemp Hadd. apply well_founded_induction with (⊂). { apply collection_wf. } { apply collection_wf. } intros X IH. destruct (collection_choose_or_empty X) as [[x ?]|HX]. intros X IH. destruct (collection_choose_or_empty X) as [[x ?]|HX]. - rewrite (union_difference {[ x ]} X) by solve_elem_of. - rewrite (union_difference {[ x ]} X) by set_solver. apply Hadd. solve_elem_of. apply IH; solve_elem_of. apply Hadd. set_solver. apply IH; set_solver. - by rewrite HX. - by rewrite HX. Qed. Qed. Lemma collection_fold_ind {B} (P : B → C → Prop) (f : A → B → B) (b : B) : Lemma collection_fold_ind {B} (P : B → C → Prop) (f : A → B → B) (b : B) : ... @@ -158,10 +158,10 @@ Proof. ... @@ -158,10 +158,10 @@ Proof. symmetry. apply elem_of_elements. } symmetry. apply elem_of_elements. } induction 1 as [|x l ?? IH]; simpl. induction 1 as [|x l ?? IH]; simpl. - intros X HX. setoid_rewrite elem_of_nil in HX. - intros X HX. setoid_rewrite elem_of_nil in HX. rewrite equiv_empty. done. solve_elem_of. rewrite equiv_empty. done. set_solver. - intros X HX. setoid_rewrite elem_of_cons in HX. - intros X HX. setoid_rewrite elem_of_cons in HX. rewrite (union_difference {[ x ]} X) by solve_elem_of. rewrite (union_difference {[ x ]} X) by set_solver. apply Hadd. solve_elem_of. apply IH. solve_elem_of. apply Hadd. set_solver. apply IH. set_solver. Qed. Qed. Lemma collection_fold_proper {B} (R : relation B) `{!Equivalence R} Lemma collection_fold_proper {B} (R : relation B) `{!Equivalence R} (f : A → B → B) (b : B) `{!Proper ((=) ==> R ==> R) f} (f : A → B → B) (b : B) `{!Proper ((=) ==> R ==> R) f} ... ...
 ... @@ -36,13 +36,13 @@ Proof. ... @@ -36,13 +36,13 @@ Proof. Qed. Qed. Lemma dom_empty {A} : dom D (@empty (M A) _) ≡ ∅. Lemma dom_empty {A} : dom D (@empty (M A) _) ≡ ∅. Proof. Proof. split; intro; [|solve_elem_of]. split; intro; [|set_solver]. rewrite elem_of_dom, lookup_empty. by inversion 1. rewrite elem_of_dom, lookup_empty. by inversion 1. Qed. Qed. Lemma dom_empty_inv {A} (m : M A) : dom D m ≡ ∅ → m = ∅. Lemma dom_empty_inv {A} (m : M A) : dom D m ≡ ∅ → m = ∅. Proof. Proof. intros E. apply map_empty. intros. apply not_elem_of_dom. intros E. apply map_empty. intros. apply not_elem_of_dom. rewrite E. solve_elem_of. rewrite E. set_solver. Qed. Qed. Lemma dom_alter {A} f (m : M A) i : dom D (alter f i m) ≡ dom D m. Lemma dom_alter {A} f (m : M A) i : dom D (alter f i m) ≡ dom D m. Proof. Proof. ... @@ -54,19 +54,19 @@ Lemma dom_insert {A} (m : M A) i x : dom D (<[i:=x]>m) ≡ {[ i ]} ∪ dom D m. ... @@ -54,19 +54,19 @@ Lemma dom_insert {A} (m : M A) i x : dom D (<[i:=x]>m) ≡ {[ i ]} ∪ dom D m. Proof. Proof. apply elem_of_equiv. intros j. rewrite elem_of_union, !elem_of_dom. apply elem_of_equiv. intros j. rewrite elem_of_union, !elem_of_dom. unfold is_Some. setoid_rewrite lookup_insert_Some. unfold is_Some. setoid_rewrite lookup_insert_Some. destruct (decide (i = j)); solve_elem_of. destruct (decide (i = j)); set_solver. Qed. Qed. Lemma dom_insert_subseteq {A} (m : M A) i x : dom D m ⊆ dom D (<[i:=x]>m). Lemma dom_insert_subseteq {A} (m : M A) i x : dom D m ⊆ dom D (<[i:=x]>m). Proof. rewrite (dom_insert _). solve_elem_of. Qed. Proof. rewrite (dom_insert _). set_solver. Qed. Lemma dom_insert_subseteq_compat_l {A} (m : M A) i x X : Lemma dom_insert_subseteq_compat_l {A} (m : M A) i x X : X ⊆ dom D m → X ⊆ dom D (<[i:=x]>m). X ⊆ dom D m → X ⊆ dom D (<[i:=x]>m). Proof. intros. transitivity (dom D m); eauto using dom_insert_subseteq. Qed. Proof. intros. transitivity (dom D m); eauto using dom_insert_subseteq. Qed. Lemma dom_singleton {A} (i : K) (x : A) : dom D {[i := x]} ≡ {[ i ]}. Lemma dom_singleton {A} (i : K) (x : A) : dom D {[i := x]} ≡ {[ i ]}. Proof. rewrite <-insert_empty, dom_insert, dom_empty; solve_elem_of. Qed. Proof. rewrite <-insert_empty, dom_insert, dom_empty; set_solver. Qed. Lemma dom_delete {A} (m : M A) i : dom D (delete i m) ≡ dom D m ∖ {[ i ]}. Lemma dom_delete {A} (m : M A) i : dom D (delete i m) ≡ dom D m ∖ {[ i ]}. Proof. Proof. apply elem_of_equiv. intros j. rewrite elem_of_difference, !elem_of_dom. apply elem_of_equiv. intros j. rewrite elem_of_difference, !elem_of_dom. unfold is_Some. setoid_rewrite lookup_delete_Some. solve_elem_of. unfold is_Some. setoid_rewrite lookup_delete_Some. set_solver. Qed. Qed. Lemma delete_partial_alter_dom {A} (m : M A) i f : Lemma delete_partial_alter_dom {A} (m : M A) i f : i ∉ dom D m → delete i (partial_alter f i m) = m. i ∉ dom D m → delete i (partial_alter f i m) = m. ... ...
 ... @@ -155,7 +155,7 @@ Proof. ... @@ -155,7 +155,7 @@ Proof. - revert x. induction l as [|y l IH]; intros x; simpl. - revert x. induction l as [|y l IH]; intros x; simpl. { by rewrite elem_of_empty. } { by rewrite elem_of_empty. } rewrite elem_of_union, elem_of_singleton. intros [->|]; [left|right]; eauto. rewrite elem_of_union, elem_of_singleton. intros [->|]; [left|right]; eauto. - induction 1; solve_elem_of. - induction 1; set_solver. Qed. Qed. Lemma NoDup_remove_dups_fast l : NoDup (remove_dups_fast l). Lemma NoDup_remove_dups_fast l : NoDup (remove_dups_fast l). Proof. Proof. ... ...
 From program_logic Require Export hoare. From program_logic Require Export hoare. From program_logic Require Import wsat ownership. From program_logic Require Import wsat ownership. Local Hint Extern 10