Commit 27426fec authored by Jonas Kastberg's avatar Jonas Kastberg Committed by Robbert

Added a stronger version of cinv_open_strong

parent 1bb62ee3
......@@ -9,6 +9,8 @@ Coq development, but not every API-breaking change is listed. Changes marked
* [#] Redefine invariants as "semantic invariants" so that they support
splitting and other forms of weakening.
* Updated the strong variant of the opening lemma for cancellable invariants
to match that of regular invariants, where you can pick the mask at a later time.
**Changes in Coq:**
......
......@@ -81,17 +81,24 @@ Section proofs.
Lemma cinv_open_strong E N γ p P :
N E
cinv N γ P - cinv_own γ p ={E,E∖↑N}=
P cinv_own γ p ( P cinv_own γ 1 ={E∖↑N,E}= True).
cinv N γ P - (cinv_own γ p ={E,E∖↑N}=
P cinv_own γ p ( E' : coPset, P cinv_own γ 1 ={E',N E'}= True)).
Proof.
iIntros (?) "#Hinv Hγ". iDestruct "Hinv" as (P') "[#HP' Hinv]".
iInv N as "[HP | >Hγ']" "Hclose".
- iIntros "!> {$Hγ}". iSplitL "HP".
+ iNext. iApply "HP'". done.
+ iIntros "[HP|Hγ]".
* iApply "Hclose". iLeft. iNext. by iApply "HP'".
* iApply "Hclose". iRight. by iNext.
- iDestruct (cinv_own_1_l with "Hγ' Hγ") as %[].
iIntros (?) "Hinv Hown".
unfold cinv. iDestruct "Hinv" as (P') "[#HP' Hinv]".
iPoseProof (inv_open ( N) N (P cinv_own γ 1) with "[Hinv]") as "H"; first done.
{ iApply inv_iff=> //.
iModIntro. iModIntro.
iSplit; iIntros "[H | $]"; iDestruct ("HP'" with "H") as "$". }
rewrite difference_diag_L.
iPoseProof (fupd_mask_frame_r _ _ (E N) with "H") as "H"; first set_solver.
rewrite left_id_L -union_difference_L //. iMod "H" as "[[$ | >HP] H]".
- iFrame "Hown". iModIntro.
iIntros (E') "HP".
iPoseProof (fupd_mask_frame_r _ _ E' with "(H [HP])") as "H"; first set_solver.
{ iDestruct "HP" as "[HP | Hown]"; eauto. }
by rewrite left_id_L.
- iDestruct (cinv_own_1_l with "HP Hown") as %[].
Qed.
Lemma cinv_alloc E N P : P ={E}= γ, cinv N γ P cinv_own γ 1.
......@@ -104,6 +111,7 @@ Section proofs.
Proof.
iIntros (?) "#Hinv Hγ".
iMod (cinv_open_strong with "Hinv Hγ") as "($ & Hγ & H)"; first done.
rewrite {2}(union_difference_L (N) E)=> //.
iApply "H". by iRight.
Qed.
......@@ -113,7 +121,9 @@ Section proofs.
Proof.
iIntros (?) "#Hinv Hγ".
iMod (cinv_open_strong with "Hinv Hγ") as "($ & $ & H)"; first done.
iIntros "!> HP". iApply "H"; auto.
iIntros "!> HP".
rewrite {2}(union_difference_L (N) E)=> //.
iApply "H". by iLeft.
Qed.
Global Instance into_inv_cinv N γ P : IntoInv (cinv N γ P) N := {}.
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment