Commit 14206553 authored by Robbert Krebbers's avatar Robbert Krebbers

Curry everything in heap_lang/lib and tests.

parent 925a9169
......@@ -9,7 +9,7 @@ Definition assert : val :=
Notation "'assert:' e" := (assert (λ: <>, e))%E (at level 99) : expr_scope.
Lemma wp_assert `{heapG Σ} E (Φ : val iProp Σ) e `{!Closed [] e} :
WP e @ E {{ v, v = #true Φ #() }} WP assert: e @ E {{ Φ }}.
WP e @ E {{ v, v = #true Φ #() }} - WP assert: e @ E {{ Φ }}.
Proof.
iIntros "HΦ". rewrite /assert. wp_let. wp_seq.
iApply (wp_wand with "HΦ"). iIntros (v) "[% ?]"; subst. by wp_if.
......
......@@ -73,11 +73,11 @@ Proof. solve_proper. Qed.
(** Helper lemmas *)
Lemma ress_split i i1 i2 Q R1 R2 P I :
i I i1 I i2 I i1 i2
saved_prop_own i Q saved_prop_own i1 R1 saved_prop_own i2 R2
(Q - R1 R2) ress P I
ress P ({[i1;i2]} I {[i]}).
saved_prop_own i Q - saved_prop_own i1 R1 - saved_prop_own i2 R2 -
(Q - R1 R2) - ress P I -
ress P ({[i1;i2]} I {[i]}).
Proof.
iIntros (????) "(#HQ&#H1&#H2&HQR&H)"; iDestruct "H" as (Ψ) "[HPΨ HΨ]".
iIntros (????) "#HQ #H1 #H2 HQR"; iDestruct 1 as (Ψ) "[HPΨ HΨ]".
iDestruct (big_sepS_delete _ _ i with "HΨ") as "[#HΨi HΨ]"; first done.
iExists (<[i1:=R1]> (<[i2:=R2]> Ψ)). iSplitL "HQR HPΨ".
- iPoseProof (saved_prop_agree i Q (Ψ i) with "[#]") as "Heq"; first by iSplit.
......@@ -175,7 +175,7 @@ Proof.
{[Change i1; Change i2 ]} with "[-]") as "Hγ".
{ iSplit; first by eauto using split_step.
rewrite {2}/barrier_inv /=. iNext. iFrame "Hl".
iApply (ress_split _ _ _ Q R1 R2); eauto. iFrame; auto. }
by iApply (ress_split with "HQ Hi1 Hi2 HQR"). }
iAssert (sts_ownS γ (i_states i1) {[Change i1]}
sts_ownS γ (i_states i2) {[Change i2]})%I with ">[-]" as "[Hγ1 Hγ2]".
{ iApply sts_ownS_op; eauto using i_states_closed, low_states_closed.
......@@ -190,8 +190,7 @@ Qed.
Lemma recv_weaken l P1 P2 : (P1 - P2) - recv l P1 - recv l P2.
Proof.
rewrite /recv.
iIntros "HP HP1"; iDestruct "HP1" as (γ P Q i) "(#Hctx&Hγ&Hi&HP1)".
rewrite /recv. iIntros "HP". iDestruct 1 as (γ P Q i) "(#Hctx&Hγ&Hi&HP1)".
iExists γ, P, Q, i. iFrame "Hctx Hγ Hi".
iNext. iIntros "HQ". by iApply "HP"; iApply "HP1".
Qed.
......
......@@ -14,7 +14,7 @@ Lemma barrier_spec (N : namespace) :
( l P, {{ send l P P }} signal #l {{ _, True }})
( l P, {{ recv l P }} wait #l {{ _, P }})
( l P Q, recv l (P Q) ={N}=> recv l P recv l Q)
( l P Q, (P - Q) recv l P - recv l Q).
( l P Q, (P - Q) - recv l P - recv l Q).
Proof.
exists (λ l, CofeMor (recv N l)), (λ l, CofeMor (send N l)).
split_and?; simpl.
......
......@@ -15,7 +15,7 @@ Structure lock Σ `{!heapG Σ} := Lock {
is_lock_ne N γ lk n: Proper (dist n ==> dist n) (is_lock N γ lk);
is_lock_persistent N γ lk R : PersistentP (is_lock N γ lk R);
locked_timeless γ : TimelessP (locked γ);
locked_exclusive γ : locked γ locked γ False;
locked_exclusive γ : locked γ - locked γ - False;
(* -- operation specs -- *)
newlock_spec N (R : iProp Σ) :
{{{ R }}} newlock #() {{{ lk γ, RET lk; is_lock N γ lk R }}};
......
......@@ -21,11 +21,11 @@ Context `{!heapG Σ, !spawnG Σ}.
This is why these are not Texan triples. *)
Lemma par_spec (Ψ1 Ψ2 : val iProp Σ) e (f1 f2 : val) (Φ : val iProp Σ) :
to_val e = Some (f1,f2)%V
(WP f1 #() {{ Ψ1 }} WP f2 #() {{ Ψ2 }}
v1 v2, Ψ1 v1 Ψ2 v2 - Φ (v1,v2)%V)
WP par e {{ Φ }}.
WP f1 #() {{ Ψ1 }} - WP f2 #() {{ Ψ2 }} -
( v1 v2, Ψ1 v1 Ψ2 v2 - Φ (v1,v2)%V) -
WP par e {{ Φ }}.
Proof.
iIntros (?) "(Hf1 & Hf2 & HΦ)".
iIntros (?) "Hf1 Hf2 HΦ".
rewrite /par. wp_value. wp_let. wp_proj.
wp_apply (spawn_spec parN with "Hf1"); try wp_done; try solve_ndisj.
iIntros (l) "Hl". wp_let. wp_proj. wp_bind (f2 _).
......@@ -36,11 +36,11 @@ Qed.
Lemma wp_par (Ψ1 Ψ2 : val iProp Σ)
(e1 e2 : expr) `{!Closed [] e1, Closed [] e2} (Φ : val iProp Σ) :
(WP e1 {{ Ψ1 }} WP e2 {{ Ψ2 }}
v1 v2, Ψ1 v1 Ψ2 v2 - Φ (v1,v2)%V)
WP e1 ||| e2 {{ Φ }}.
WP e1 {{ Ψ1 }} - WP e2 {{ Ψ2 }} -
( v1 v2, Ψ1 v1 Ψ2 v2 - Φ (v1,v2)%V) -
WP e1 ||| e2 {{ Φ }}.
Proof.
iIntros "(H1 & H2 & H)". iApply (par_spec Ψ1 Ψ2 with "[- $H]"); try wp_done.
iSplitL "H1"; by wp_let.
iIntros "H1 H2 H". iApply (par_spec Ψ1 Ψ2 with "[H1] [H2] [H]"); try wp_done.
by wp_let. by wp_let. auto.
Qed.
End proof.
......@@ -30,8 +30,8 @@ Section proof.
Definition locked (γ : gname): iProp Σ := own γ (Excl ()).
Lemma locked_exclusive (γ : gname) : locked γ locked γ False.
Proof. rewrite /locked -own_op own_valid. by iIntros (?). Qed.
Lemma locked_exclusive (γ : gname) : locked γ - locked γ - False.
Proof. iIntros "H1 H2". by iDestruct (own_valid_2 with "H1 H2") as %?. Qed.
Global Instance lock_inv_ne n γ l : Proper (dist n ==> dist n) (lock_inv γ l).
Proof. solve_proper. Qed.
......
......@@ -46,11 +46,11 @@ Section proof.
Definition is_lock (γ : gname) (lk : val) (R : iProp Σ) : iProp Σ :=
( lo ln : loc,
lk = (#lo, #ln)%V inv N (lock_inv γ lo ln R))%I.
lk = (#lo, #ln)%V inv N (lock_inv γ lo ln R))%I.
Definition issued (γ : gname) (lk : val) (x : nat) (R : iProp Σ) : iProp Σ :=
( lo ln: loc,
lk = (#lo, #ln)%V inv N (lock_inv γ lo ln R)
lk = (#lo, #ln)%V inv N (lock_inv γ lo ln R)
own γ ( (, GSet {[ x ]})))%I.
Definition locked (γ : gname) : iProp Σ := ( o, own γ ( (Excl' o, )))%I.
......@@ -65,10 +65,10 @@ Section proof.
Global Instance locked_timeless γ : TimelessP (locked γ).
Proof. apply _. Qed.
Lemma locked_exclusive (γ : gname) : (locked γ locked γ False)%I.
Lemma locked_exclusive (γ : gname) : locked γ - locked γ - False.
Proof.
iIntros "[H1 H2]". iDestruct "H1" as (o1) "H1". iDestruct "H2" as (o2) "H2".
iCombine "H1" "H2" as "H". iDestruct (own_valid with "H") as %[[] _].
iDestruct 1 as (o1) "H1". iDestruct 1 as (o2) "H2".
iDestruct (own_valid_2 with "H1 H2") as %[[] _].
Qed.
Lemma newlock_spec (R : iProp Σ) :
......
......@@ -18,39 +18,38 @@ Section client.
Definition y_inv (q : Qp) (l : loc) : iProp Σ :=
( f : val, l {q} f n : Z, WP f #n {{ v, v = #(n + 42) }})%I.
Lemma y_inv_split q l : y_inv q l (y_inv (q/2) l y_inv (q/2) l).
Lemma y_inv_split q l : y_inv q l - (y_inv (q/2) l y_inv (q/2) l).
Proof.
iDestruct 1 as (f) "[[Hl1 Hl2] #Hf]".
iSplitL "Hl1"; iExists f; by iSplitL; try iAlways.
Qed.
Lemma worker_safe q (n : Z) (b y : loc) :
recv N b (y_inv q y) WP worker n #b #y {{ _, True }}.
recv N b (y_inv q y) - WP worker n #b #y {{ _, True }}.
Proof.
iIntros "Hrecv". wp_lam. wp_let.
wp_apply (wait_spec with "[- $Hrecv]"). iDestruct 1 as (f) "[Hy #Hf]".
wp_apply (wait_spec with "Hrecv"). iDestruct 1 as (f) "[Hy #Hf]".
wp_seq. wp_load.
iApply (wp_wand with "[]"). iApply "Hf". by iIntros (v) "_".
Qed.
Lemma client_safe : True WP client {{ _, True }}.
Lemma client_safe : WP client {{ _, True }}%I.
Proof.
iIntros ""; rewrite /client. wp_alloc y as "Hy". wp_let.
wp_apply (newbarrier_spec N (y_inv 1 y)).
iIntros (l) "[Hr Hs]". wp_let.
iApply (wp_par (λ _, True%I) (λ _, True%I)). iSplitL "Hy Hs".
iApply (wp_par (λ _, True%I) (λ _, True%I) with "[Hy Hs] [Hr]"); last auto.
- (* The original thread, the sender. *)
wp_store. iApply (signal_spec with "[-]"); last by iNext; auto.
iSplitR "Hy"; first by eauto.
iExists _; iSplitL; [done|]. iAlways; iIntros (n). wp_let. by wp_op.
- (* The two spawned threads, the waiters. *)
iSplitL; [|by iIntros (_ _) "_ !>"].
iDestruct (recv_weaken with "[] Hr") as "Hr".
{ iIntros "Hy". by iApply (y_inv_split with "Hy"). }
iMod (recv_split with "Hr") as "[H1 H2]"; first done.
iApply (wp_par (λ _, True%I) (λ _, True%I)).
iSplitL "H1"; [|iSplitL "H2"; [|by iIntros (_ _) "_ !>"]];
by iApply worker_safe.
iApply (wp_par (λ _, True%I) (λ _, True%I) with "[H1] [H2]"); last auto.
+ by iApply worker_safe.
+ by iApply worker_safe.
Qed.
End client.
......@@ -60,8 +59,7 @@ Let Σ : gFunctors := #[ heapΣ ; barrierΣ ; spawnΣ ].
Lemma client_adequate σ : adequate client σ (λ _, True).
Proof.
apply (heap_adequacy Σ)=> ?.
apply (client_safe (nroot .@ "barrier")); auto with ndisj.
apply (heap_adequacy Σ)=> ?. apply (client_safe (nroot .@ "barrier")).
Qed.
End ClosedProofs.
......
......@@ -12,7 +12,7 @@ Section LiftingTests.
Definition heap_e : expr :=
let: "x" := ref #1 in "x" <- !"x" + #1 ;; !"x".
Lemma heap_e_spec E : True WP heap_e @ E {{ v, v = #2 }}.
Lemma heap_e_spec E : WP heap_e @ E {{ v, v = #2 }}%I.
Proof.
iIntros "". rewrite /heap_e.
wp_alloc l. wp_let. wp_load. wp_op. wp_store. by wp_load.
......@@ -23,7 +23,7 @@ Section LiftingTests.
let: "y" := ref #1 in
"x" <- !"x" + #1 ;; !"x".
Lemma heap_e2_spec E : True WP heap_e2 @ E {{ v, v = #2 }}.
Lemma heap_e2_spec E : WP heap_e2 @ E {{ v, v = #2 }}%I.
Proof.
iIntros "". rewrite /heap_e2.
wp_alloc l. wp_let. wp_alloc l'. wp_let.
......@@ -40,7 +40,7 @@ Section LiftingTests.
Lemma FindPred_spec n1 n2 E Φ :
n1 < n2
Φ #(n2 - 1) WP FindPred #n2 #n1 @ E {{ Φ }}.
Φ #(n2 - 1) - WP FindPred #n2 #n1 @ E {{ Φ }}.
Proof.
iIntros (Hn) "HΦ". iLöb as "IH" forall (n1 Hn).
wp_rec. wp_let. wp_op. wp_let. wp_op=> ?; wp_if.
......@@ -48,7 +48,7 @@ Section LiftingTests.
- by assert (n1 = n2 - 1) as -> by omega.
Qed.
Lemma Pred_spec n E Φ : Φ #(n - 1) WP Pred #n @ E {{ Φ }}.
Lemma Pred_spec n E Φ : Φ #(n - 1) - WP Pred #n @ E {{ Φ }}.
Proof.
iIntros "HΦ". wp_lam. wp_op=> ?; wp_if.
- wp_op. wp_op.
......@@ -62,5 +62,5 @@ Section LiftingTests.
Proof. iIntros "". wp_apply Pred_spec. wp_let. by wp_apply Pred_spec. Qed.
End LiftingTests.
Lemma heap_e_adequate σ : adequate heap_e σ (λ v, v = #2).
Lemma heap_e_adequate σ : adequate heap_e σ (= #2).
Proof. eapply (heap_adequacy heapΣ)=> ?. by apply heap_e_spec. Qed.
......@@ -31,29 +31,28 @@ Definition barrier_res γ (Φ : X → iProp Σ) : iProp Σ :=
( x, own γ (Shot x) Φ x)%I.
Lemma worker_spec e γ l (Φ Ψ : X iProp Σ) `{!Closed [] e} :
recv N l (barrier_res γ Φ) ( x, {{ Φ x }} e {{ _, Ψ x }})
WP wait #l ;; e {{ _, barrier_res γ Ψ }}.
recv N l (barrier_res γ Φ) - ( x, {{ Φ x }} e {{ _, Ψ x }}) -
WP wait #l ;; e {{ _, barrier_res γ Ψ }}.
Proof.
iIntros "[Hl #He]". wp_apply (wait_spec with "[- $Hl]"); simpl.
iIntros "Hl #He". wp_apply (wait_spec with "[- $Hl]"); simpl.
iDestruct 1 as (x) "[#Hγ Hx]".
wp_seq. iApply (wp_wand with "[Hx]"); [by iApply "He"|].
iIntros (v) "?"; iExists x; by iSplit.
Qed.
Context (P : iProp Σ) (Φ Φ1 Φ2 Ψ Ψ1 Ψ2 : X -n> iProp Σ).
Context {Φ_split : x, Φ x (Φ1 x Φ2 x)}.
Context {Ψ_join : x, (Ψ1 x Ψ2 x) Ψ x}.
Context {Φ_split : x, Φ x - (Φ1 x Φ2 x)}.
Context {Ψ_join : x, Ψ1 x - Ψ2 x - Ψ x}.
Lemma P_res_split γ : barrier_res γ Φ barrier_res γ Φ1 barrier_res γ Φ2.
Lemma P_res_split γ : barrier_res γ Φ - barrier_res γ Φ1 barrier_res γ Φ2.
Proof.
iDestruct 1 as (x) "[#Hγ Hx]".
iDestruct (Φ_split with "Hx") as "[H1 H2]". by iSplitL "H1"; iExists x; iSplit.
Qed.
Lemma Q_res_join γ : barrier_res γ Ψ1 barrier_res γ Ψ2 barrier_res γ Ψ.
Lemma Q_res_join γ : barrier_res γ Ψ1 - barrier_res γ Ψ2 - barrier_res γ Ψ.
Proof.
iIntros "[Hγ Hγ']";
iDestruct "Hγ" as (x) "[#Hγ Hx]"; iDestruct "Hγ'" as (x') "[#Hγ' Hx']".
iDestruct 1 as (x) "[#Hγ Hx]"; iDestruct 1 as (x') "[#Hγ' Hx']".
iAssert ( (x x'))%I as "Hxx".
{ iCombine "Hγ" "Hγ'" as "Hγ2". iClear "Hγ Hγ'".
rewrite own_valid csum_validI /= agree_validI agree_equivI uPred.later_equivI /=.
......@@ -62,23 +61,22 @@ Proof.
{ by split; intro; simpl; symmetry; apply iProp_fold_unfold. }
rewrite !cFunctor_compose. iNext. by iRewrite "Hγ2". }
iNext. iRewrite -"Hxx" in "Hx'".
iExists x; iFrame "Hγ". iApply Ψ_join; by iSplitL "Hx".
iExists x; iFrame "Hγ". iApply (Ψ_join with "Hx Hx'").
Qed.
Lemma client_spec_new eM eW1 eW2 `{!Closed [] eM, !Closed [] eW1, !Closed [] eW2} :
P
{{ P }} eM {{ _, x, Φ x }}
( x, {{ Φ1 x }} eW1 {{ _, Ψ1 x }})
( x, {{ Φ2 x }} eW2 {{ _, Ψ2 x }})
WP client eM eW1 eW2 {{ _, γ, barrier_res γ Ψ }}.
P -
{{ P }} eM {{ _, x, Φ x }} -
( x, {{ Φ1 x }} eW1 {{ _, Ψ1 x }}) -
( x, {{ Φ2 x }} eW2 {{ _, Ψ2 x }}) -
WP client eM eW1 eW2 {{ _, γ, barrier_res γ Ψ }}.
Proof.
iIntros "/= (HP & #He & #He1 & #He2)"; rewrite /client.
iIntros "/= HP #He #He1 #He2"; rewrite /client.
iMod (own_alloc (Pending : one_shotR Σ F)) as (γ) "Hγ"; first done.
wp_apply (newbarrier_spec N (barrier_res γ Φ)); auto.
iIntros (l) "[Hr Hs]".
set (workers_post (v : val) := (barrier_res γ Ψ1 barrier_res γ Ψ2)%I).
wp_let. wp_apply (wp_par (λ _, True)%I workers_post).
iSplitL "HP Hs Hγ"; [|iSplitL "Hr"].
wp_let. wp_apply (wp_par (λ _, True)%I workers_post with "[HP Hs Hγ] [Hr]").
- wp_bind eM. iApply (wp_wand with "[HP]"); [by iApply "He"|].
iIntros (v) "HP"; iDestruct "HP" as (x) "HP". wp_let.
iMod (own_update with "Hγ") as "Hx".
......@@ -87,11 +85,11 @@ Proof.
iExists x; auto.
- iDestruct (recv_weaken with "[] Hr") as "Hr"; first by iApply P_res_split.
iMod (recv_split with "Hr") as "[H1 H2]"; first done.
wp_apply (wp_par (λ _, barrier_res γ Ψ1)%I (λ _, barrier_res γ Ψ2)%I).
iSplitL "H1"; [|iSplitL "H2"].
+ iApply worker_spec; auto.
+ iApply worker_spec; auto.
wp_apply (wp_par (λ _, barrier_res γ Ψ1)%I
(λ _, barrier_res γ Ψ2)%I with "[H1] [H2]").
+ iApply (worker_spec with "H1"); auto.
+ iApply (worker_spec with "H2"); auto.
+ auto.
- iIntros (_ v) "[_ H]". iDestruct (Q_res_join with "H") as "?". auto.
- iIntros (_ v) "[_ [H1 H2]]". iDestruct (Q_res_join with "H1 H2") as "?". auto.
Qed.
End proof.
......@@ -26,11 +26,11 @@ Definition rev : val :=
end.
Lemma rev_acc_wp hd acc xs ys (Φ : val iProp Σ) :
is_list hd xs is_list acc ys
( w, is_list w (reverse xs ++ ys) - Φ w)
WP rev hd acc {{ Φ }}.
is_list hd xs - is_list acc ys -
( w, is_list w (reverse xs ++ ys) - Φ w) -
WP rev hd acc {{ Φ }}.
Proof.
iIntros "(Hxs & Hys & HΦ)".
iIntros "Hxs Hys HΦ".
iLöb as "IH" forall (hd acc xs ys Φ). wp_rec. wp_let.
destruct xs as [|x xs]; iSimplifyEq.
- wp_match. by iApply "HΦ".
......@@ -42,11 +42,11 @@ Proof.
Qed.
Lemma rev_wp hd xs (Φ : val iProp Σ) :
is_list hd xs ( w, is_list w (reverse xs) - Φ w)
WP rev hd (InjL #()) {{ Φ }}.
is_list hd xs - ( w, is_list w (reverse xs) - Φ w) -
WP rev hd (InjL #()) {{ Φ }}.
Proof.
iIntros "[Hxs HΦ]".
iApply (rev_acc_wp hd NONEV xs [] with "[- $Hxs]").
iSplit; first done. iIntros (w). rewrite right_id_L. iApply "HΦ".
iIntros "Hxs HΦ".
iApply (rev_acc_wp hd NONEV xs [] with "Hxs [%]")=> //.
iIntros (w). rewrite right_id_L. iApply "HΦ".
Qed.
End list_reverse.
......@@ -2,7 +2,7 @@ From iris.proofmode Require Import tactics.
From iris.base_logic.lib Require Import invariants.
Lemma demo_0 {M : ucmraT} (P Q : uPred M) :
(P Q) ( x, x = 0 x = 1) (Q P).
(P Q) - ( x, x = 0 x = 1) (Q P).
Proof.
iIntros "#H #H2".
(* should remove the disjunction "H" *)
......@@ -37,8 +37,9 @@ Proof.
Qed.
Lemma demo_2 (M : ucmraT) (P1 P2 P3 P4 Q : uPred M) (P5 : nat uPredC M):
P2 (P3 Q) True P1 P2 (P4 ( x:nat, P5 x P3)) True
P1 - (True True) - (((P2 False P2 0 = 0) P3) Q P1 True)
P2 (P3 Q) True P1 P2 (P4 ( x:nat, P5 x P3)) True -
P1 - (True True) -
(((P2 False P2 0 = 0) P3) Q P1 True)
(P2 False) (False P5 0).
Proof.
(* Intro-patterns do something :) *)
......@@ -54,17 +55,17 @@ Proof.
Qed.
Lemma demo_3 (M : ucmraT) (P1 P2 P3 : uPred M) :
P1 P2 P3 P1 (P2 x, (P3 x = 0) P3).
P1 P2 P3 - P1 (P2 x, (P3 x = 0) P3).
Proof. iIntros "($ & $ & H)". iFrame "H". iNext. by iExists 0. Qed.
Definition foo {M} (P : uPred M) := (P P)%I.
Definition bar {M} : uPred M := ( P, foo P)%I.
Lemma demo_4 (M : ucmraT) : True @bar M.
Lemma demo_4 (M : ucmraT) : True - @bar M.
Proof. iIntros. iIntros (P) "HP". done. Qed.
Lemma demo_5 (M : ucmraT) (x y : M) (P : uPred M) :
( z, P z y) (P - (x,x) (y,x)).
( z, P z y) - (P - (x,x) (y,x)).
Proof.
iIntros "H1 H2".
iRewrite (uPred.internal_eq_sym x x with "[#]"); first done.
......@@ -73,15 +74,15 @@ Proof.
Qed.
Lemma demo_6 (M : ucmraT) (P Q : uPred M) :
True x y z : nat,
x = plus 0 x y = 0 z = 0 P Q foo (x x).
( x y z : nat,
x = plus 0 x y = 0 z = 0 P Q foo (x x))%I.
Proof.
iIntros (a) "*".
iIntros "#Hfoo **".
by iIntros "# _".
Qed.
Lemma demo_7 (M : ucmraT) (P Q1 Q2 : uPred M) : P (Q1 Q2) P Q1.
Lemma demo_7 (M : ucmraT) (P Q1 Q2 : uPred M) : P (Q1 Q2) - P Q1.
Proof. iIntros "[H1 [H2 _]]". by iFrame. Qed.
Section iris.
......@@ -91,7 +92,7 @@ Section iris.
Lemma demo_8 N E P Q R :
N E
(True - P - inv N Q - True - R) P - Q ={E}= R.
(True - P - inv N Q - True - R) - P - Q ={E}= R.
Proof.
iIntros (?) "H HP HQ".
iApply ("H" with "[#] HP >[HQ] >").
......@@ -102,5 +103,5 @@ Section iris.
End iris.
Lemma demo_9 (M : ucmraT) (x y z : M) :
x y z ( x x y z : uPred M).
x y z - ( x x y z : uPred M).
Proof. iIntros (Hv) "Hxy". by iFrame (Hv Hv) "Hxy". Qed.
......@@ -34,10 +34,10 @@ Definition sum' : val := λ: "t",
!"l".
Lemma sum_loop_wp `{!heapG Σ} v t l (n : Z) (Φ : val iProp Σ) :
l #n is_tree v t (l #(sum t + n) - is_tree v t - Φ #())
WP sum_loop v #l {{ Φ }}.
l #n - is_tree v t - (l #(sum t + n) - is_tree v t - Φ #()) -
WP sum_loop v #l {{ Φ }}.
Proof.
iIntros "(Hl & Ht & HΦ)".
iIntros "Hl Ht HΦ".
iLöb as "IH" forall (v t l n Φ). wp_rec. wp_let.
destruct t as [n'|tl tr]; simpl in *.
- iDestruct "Ht" as "%"; subst.
......@@ -54,11 +54,11 @@ Proof.
Qed.
Lemma sum_wp `{!heapG Σ} v t Φ :
is_tree v t (is_tree v t - Φ #(sum t)) WP sum' v {{ Φ }}.
is_tree v t - (is_tree v t - Φ #(sum t)) - WP sum' v {{ Φ }}.
Proof.
iIntros "[Ht HΦ]". rewrite /sum' /=.
iIntros "Ht HΦ". rewrite /sum' /=.
wp_let. wp_alloc l as "Hl". wp_let.
wp_apply (sum_loop_wp with "[- $Ht $Hl]").
wp_apply (sum_loop_wp with "Hl Ht").
rewrite Z.add_0_r.
iIntros "Hl Ht". wp_seq. wp_load. by iApply "HΦ".
Qed.
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment