Commit e2639ac1 authored by Ralf Jung's avatar Ralf Jung

prove the view shift invariant accessor

parent d44afeed
Pipeline #31170 passed with stage
in 22 minutes
......@@ -77,6 +77,17 @@ Proof.
by iApply "Hclose".
Lemma vs_inv_acc N E P :
inv N P ={E,E∖↑N}=> P R, R (R P ={E∖↑N,E}=> True).
(* FIXME: scope printing is weird, there are [%stdpp]. *)
iIntros (?) "!# #Hinv".
iMod (inv_acc with "Hinv") as "[$ Hclose]"; first done.
iModIntro. iExists ( P ={E N,E}= True)%I. iFrame.
iIntros "!# [Hclose HP]". iMod ("Hclose" with "HP"). done.
Lemma vs_alloc N P : P ={N}=> inv N P.
Proof. iIntros "!> HP". by iApply inv_alloc. Qed.
