Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
I
Iron
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
CI / CD Analytics
Repository Analytics
Value Stream Analytics
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Iris
Iron
Commits
ffbf81d9
Commit
ffbf81d9
authored
Feb 16, 2020
by
Robbert Krebbers
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Rename `_open` > `_acc` to be consistent with Iris.
parent
d308a9ec
Pipeline
#24435
passed with stage
in 25 minutes and 36 seconds
Changes
9
Pipelines
6
Hide whitespace changes
Inline
Sidebyside
Showing
9 changed files
with
33 additions
and
33 deletions
+33
33
README.md
README.md
+4
4
theories/heap_lang/lib/dynamic_inv_dealloc_lifted.v
theories/heap_lang/lib/dynamic_inv_dealloc_lifted.v
+2
2
theories/heap_lang/lib/message_passing.v
theories/heap_lang/lib/message_passing.v
+4
4
theories/heap_lang/lib/queue.v
theories/heap_lang/lib/queue.v
+5
5
theories/heap_lang/lib/resource_transfer_fork.v
theories/heap_lang/lib/resource_transfer_fork.v
+4
4
theories/heap_lang/lib/resource_transfer_par.v
theories/heap_lang/lib/resource_transfer_par.v
+4
4
theories/heap_lang/lib/spin_lock.v
theories/heap_lang/lib/spin_lock.v
+2
2
theories/heap_lang/lib/spin_lock_track.v
theories/heap_lang/lib/spin_lock_track.v
+4
4
theories/iron_logic/fcinv.v
theories/iron_logic/fcinv.v
+4
4
No files found.
README.md
View file @
ffbf81d9
...
...
@@ 149,7 +149,7 @@ There is a correspondence between the invariant rules presented in the
paper with Hoare triples and those in the formalization.

`TINVALLOC`
and
`LTINVALLOC`
follow from
`fcinv_alloc_named`
.

`TINVOPEN`
and
`LTINVOPEN`
follow from
`fcinv_
open
`
.

`TINVOPEN`
and
`LTINVOPEN`
follow from
`fcinv_
acc
`
.

`TINVDEALLOC`
and
`LTINVDEALLOC`
follow from
`fcinv_cancel`
.
All of these theorems are proven in
`theories/iron_logic/fcinv.v`
.
...
...
@@ 184,11 +184,11 @@ is discussed above, we also provide an explicit table for convenience.

`HOAREFORKEMP`
/
`HOAREFORKTRUE`

`wp_fork`

`iron/theories/heap_lang/lifting.v`


`INVDUP`

`inv_persistent`

`iron/theories/heap_lang/lifting.v`


`INVALLOC`

`inv_alloc`

`iriscoq/theories/base_logic/lib/invariants.v`


`INVOPEN`

`inv_
open
`

`iriscoq/theories/base_logic/lib/invariants.v`


`INVOPEN`

`inv_
acc
`

`iriscoq/theories/base_logic/lib/invariants.v`


`TINVSPLIT`

`fcinv_own_fractional`

`iron/theories/iron_logic/fcinv.v`


`TINVDUP`

`fcinv_persistent`

`iron/theories/iron_logic/fcinv.v`


`TINVALLOC`

`fcinv_alloc_named`

`iron/theories/iron_logic/fcinv.v`


`TINVOPEN`

`fcinv_
open
`

`iron/theories/iron_logic/fcinv.v`


`TINVOPEN`

`fcinv_
acc
`

`iron/theories/iron_logic/fcinv.v`


`TINVDEALLOC`

`fcinv_cancel`

`iron/theories/iron_logic/fcinv.v`

 Uniform with respect to fractions 
`Uniform`

`iron/theories/iron_logic/iron.v`


`HOARECONS`

`ht_vs`

`iriscoq/theories/program_logic/hoare.v`

...
...
@@ 218,7 +218,7 @@ is discussed above, we also provide an explicit table for convenience.

`LTINVSPLIT`

`fcinv_own_fractional`

`iron/theories/iron_logic/fcinv.v`


`LTINVDUP`

`fcinv_persistent`

`iron/theories/iron_logic/fcinv.v`


`LTINVALLOC`

`fcinv_alloc_named`

`iron/theories/iron_logic/fcinv.v`


`LTINVOPEN`

`fcinv_
open
`

`iron/theories/iron_logic/fcinv.v`


`LTINVOPEN`

`fcinv_
acc
`

`iron/theories/iron_logic/fcinv.v`


`LTINVDEALLOC`

`fcinv_cancel`

`iron/theories/iron_logic/fcinv.v`

 Definition of Hoare triples 
`iron_wp`

`iron/theories/iron_logic/weakestpre.v`

 Theorem 5.1 
`heap_basic_adequacy`

`iron/theories/heap_lang/adequacy.v`

...
...
theories/heap_lang/lib/dynamic_inv_dealloc_lifted.v
View file @
ffbf81d9
...
...
@@ 9,7 +9,7 @@ Section special.
Implicit
Types
P
:
ironProp
Σ
.
Definition
special
P
Ψ
γ
:
=
(
P
∨
Ψ
γ
∗
fcinv_own
γ
(
1
/
2
)
∗
fcinv_cancel_own
γ
(
1
/
2
))%
I
.
Lemma
fcinv_
open
_special
E
N
γ
P
`
{!
Uniform
P
}
Ψ
`
{!
Uniform
(
Ψ
γ
)}
`
{!
ExistPerm
(
Ψ
γ
)}
:
Lemma
fcinv_
acc
_special
E
N
γ
P
`
{!
Uniform
P
}
Ψ
`
{!
Uniform
(
Ψ
γ
)}
`
{!
ExistPerm
(
Ψ
γ
)}
:
↑
N
⊆
E
→
fcinv
N
γ
(
special
P
Ψ
γ
)

∗
fcinv_own
γ
(
1
/
2
)

∗
fcinv_cancel_own
γ
(
1
/
2
)
={
E
,
E
∖↑
N
}=
∗
(
▷
P
∗
(
Ψ
γ
={
E
∖↑
N
,
E
}=
∗
emp
)
∨
▷
(
Ψ
γ
)
∗
(
emp
={
E
∖↑
N
,
E
}=
∗
emp
)).
...
...
@@ 134,7 +134,7 @@ Section proof.
iIntros
"#Hinv !#"
(
Φ
)
"[Hcinv Hcancel] Hcont"
.
wp_let
.
wp_bind
(
FAA
_
_
).
iMod
(
fcinv_
open
_special
with
"Hinv Hcinv Hcancel"
)
as
"[[Hpt Hclose]  [Hpt Hclose]]"
;
first
done
.
iMod
(
fcinv_
acc
_special
with
"Hinv Hcinv Hcancel"
)
as
"[[Hpt Hclose]  [Hpt Hclose]]"
;
first
done
.

wp_apply
(
iron_wp_faa
with
"Hpt"
).
iIntros
"Hpt"
.
iMod
(
"Hclose"
with
"[$Hpt]"
)
as
"_"
.
...
...
theories/heap_lang/lib/message_passing.v
View file @
ffbf81d9
...
...
@@ 154,7 +154,7 @@ Section proofs.
iIntros
(
Φ
)
"(#Hdestruct & [#Hinv [Hbag1 Hbag2]] & Hinv_own & Hinv_cancel & Hcancel1 & Hcancel2 & Hown) HΦ"
.
iL
ö
b
as
"IH"
.
wp_rec
.
repeat
wp_let
.
wp_bind
(!
_
)%
E
.
iMod
(
fcinv_
open
_strong
_
(
N
.@
"sts"
)
with
"Hinv Hinv_own"
)
as
"(Hinv' & Hinv_own & Hclose)"
;
auto
.
iMod
(
fcinv_
acc
_strong
_
(
N
.@
"sts"
)
with
"Hinv Hinv_own"
)
as
"(Hinv' & Hinv_own & Hclose)"
;
auto
.
iDestruct
"Hinv'"
as
"[H1  [H2  [H3  H4]]]"
.

iDestruct
"H1"
as
"[>Hx Hrest]"
.
wp_load
.
...
...
@@ 171,7 +171,7 @@ Section proofs.
wp_if
.
wp_bind
(
Load
_
).
iMod
(
fcinv_
open
_strong
_
(
N
.@
"sts"
)
with
"Hinv Hinv_own"
)
as
"(Hinv' & Hinv_own & Hclose)"
;
auto
.
iMod
(
fcinv_
acc
_strong
_
(
N
.@
"sts"
)
with
"Hinv Hinv_own"
)
as
"(Hinv' & Hinv_own & Hclose)"
;
auto
.
iDestruct
"Hinv'"
as
"[H1  [H2  [H3  H4]]]"
.
+
iDestruct
"H1"
as
"(>Hx & >Hy & Hrest)"
.
wp_load
.
...
...
@@ 303,7 +303,7 @@ Section proofs.
iIntros
(
Φ
)
"Hend HΦ"
.
iDestruct
"Hend"
as
(
q_en
q_de
x_alive
y_alive
>)
"(Hxalive & Hremove & Hinsert & Hinv_own & #(Hinv & Hbag1 & Hbag2))"
.
wp_lam
.
wp_proj
.
wp_let
.
iMod
(
fcinv_
open
_strong
_
(
N
.@
"sts"
)
with
"Hinv Hinv_own"
)
as
"(Hinv' & Hinv_own & Hclose)"
;
auto
.
iMod
(
fcinv_
acc
_strong
_
(
N
.@
"sts"
)
with
"Hinv Hinv_own"
)
as
"(Hinv' & Hinv_own & Hclose)"
;
auto
.
iDestruct
"Hinv'"
as
"[H1  [H2  [H3  H4 ]]]"
.

iDestruct
"H1"
as
"(Hx & Hy & Hchoice)"
.
wp_store
.
...
...
@@ 328,7 +328,7 @@ Section proofs.
iIntros
(
Φ
)
"Hend HΦ"
.
iDestruct
"Hend"
as
(
q_en
q_de
x_alive
y_alive
>)
"(Hyalive & Hremove & Hinsert & Hinv_own & #(Hinv & Hbag1 & Hbag2))"
.
wp_lam
.
wp_proj
.
wp_let
.
iMod
(
fcinv_
open
_strong
_
(
N
.@
"sts"
)
with
"Hinv Hinv_own"
)
as
"[Hinv' [Hinv_own Hclose]]"
;
auto
.
iMod
(
fcinv_
acc
_strong
_
(
N
.@
"sts"
)
with
"Hinv Hinv_own"
)
as
"[Hinv' [Hinv_own Hclose]]"
;
auto
.
iDestruct
"Hinv'"
as
"[H1  [H2  [H3  H4]]]"
.

iDestruct
"H1"
as
"(Hx & Hy & Hchoice)"
.
wp_store
.
...
...
theories/heap_lang/lib/queue.v
View file @
ffbf81d9
...
...
@@ 242,7 +242,7 @@ Section queue_spec.
iDestruct
"Hh"
as
(??
?%
eq_sym
)
"(Hγinv & Hlhptr & Hγd)"
;
simplify_eq
.
iDestruct
"Hlhptr"
as
(
l
)
"Hlhptr"
.
wp_lam
;
wp_proj
;
wp_let
.
wp_load
;
wp_let
.
wp_bind
(!
_
)%
E
.
iMod
(
fcinv_
open
_
N
with
"[$] Hγinv"
)
as
"(H & Hγinv & Hclose)"
;
first
done
.
iMod
(
fcinv_
acc
_
N
with
"[$] Hγinv"
)
as
"(H & Hγinv & Hclose)"
;
first
done
.
iDestruct
"H"
as
(
lh
lt
vs
)
"(>Hvs & >Hlhptr' & >Hγe & Hlist & >Hlt)"
.
iDestruct
(
mapsto_agree
with
"Hlhptr Hlhptr'"
)
as
%>
;
simpl
.
destruct
vs
as
[
v
vs'
].
...
...
@@ 258,7 +258,7 @@ Section queue_spec.
{
iExists
lh
,
lt
,
(
v
::
vs'
).
iNext
.
iFrame
"Hvs Hlhptr' Hlt Hγe"
.
iExists
l'
.
auto
with
iFrame
.
}
clear
vs'
.
iModIntro
.
wp_match
.
wp_proj
.
wp_let
.
wp_bind
(
_
<
_
)%
E
.
iMod
(
fcinv_
open
_
N
with
"[$] Hγinv"
)
as
"(H & Hγinv & Hclose)"
;
first
done
.
iMod
(
fcinv_
acc
_
N
with
"[$] Hγinv"
)
as
"(H & Hγinv & Hclose)"
;
first
done
.
iDestruct
"H"
as
(
lh'
lt'
vs
)
"(>Hvs & >Hlhptr' & >Hγe & Hlist & >Hlt)"
.
iDestruct
(
mapsto_agree
with
"Hlhptr Hlhptr'"
)
as
%?%
eq_sym
;
simplify_eq
.
destruct
vs
as
[
v'
vs'
].
...
...
@@ 291,7 +291,7 @@ Section queue_spec.
"(Hγinv & Hγe' & Hltptr)"
;
simplify_eq
.
do
2
wp_lam
.
wp_proj
;
wp_let
.
wp_load
;
wp_let
.
wp_alloc
ltn
as
"Hltn"
;
wp_let
.
wp_bind
(
_
<
_
)%
E
.
iMod
(
fcinv_
open
_
N
with
"[$] Hγinv"
)
as
"(H & Hγinv & Hclose)"
;
first
done
.
iMod
(
fcinv_
acc
_
N
with
"[$] Hγinv"
)
as
"(H & Hγinv & Hclose)"
;
first
done
.
iDestruct
"H"
as
(
lh
lt'
vs
)
"(>Hvs & >Hlhptr' & >Hγe & Hlist & >Hlt')"
.
iDestruct
(
own_valid_2
with
"Hγe Hγe'"
)
as
%[<%
Excl_included
%
leibniz_equiv
_
]%
auth_both_valid
.
...
...
@@ 438,7 +438,7 @@ Section queue_bag_spec.
wp_apply
(
enqueue_spec
(
N
.@
"queue"
)
_
_
_
_
(
queue_bag_queue_name
γ
)
with
"[] Henqueue"
)
;
eauto
;
first
by
solve_ndisj
.
iIntros
(
vs
)
"Hbag"
.
iMod
(
fcinv_
open
_
(
N
.@
"inv"
)
with
"[$] Hown_inv"
)
iMod
(
fcinv_
acc
_
(
N
.@
"inv"
)
with
"[$] Hown_inv"
)
as
"(H & Hown_inv & Hclose)"
;
first
by
solve_ndisj
.
iDestruct
"H"
as
(
xs
)
"[>Hqueue_contents Hall]"
.
iDestruct
(
queue_own_agree
with
"Hbag Hqueue_contents"
)
as
%>.
...
...
@@ 460,7 +460,7 @@ Section queue_bag_spec.
iIntros
(?
Φ
)
"([#Hqueue #Hinv] & Hdequeue & Hown_inv) HΦ"
.
wp_apply
(
dequeue_spec
(
N
.@
"queue"
)
with
"[] Hdequeue"
)
;
eauto
;
first
by
solve_ndisj
.
iIntros
(
vs
)
"Hbag"
.
iMod
(
fcinv_
open
_
(
N
.@
"inv"
)
with
"[$] Hown_inv"
)
iMod
(
fcinv_
acc
_
(
N
.@
"inv"
)
with
"[$] Hown_inv"
)
as
"(H & Hinv_own & Hclose)"
;
first
by
solve_ndisj
.
iDestruct
"H"
as
(
xs
)
"[>Hqueue_contents Hall]"
.
iDestruct
(
queue_own_agree
with
"Hbag Hqueue_contents"
)
as
%>.
...
...
theories/heap_lang/lib/resource_transfer_fork.v
View file @
ffbf81d9
...
...
@@ 43,7 +43,7 @@ Section proof1.
{
iNext
.
iLeft
.
iFrame
.
}
wp_apply
(
iron_wp_fork
with
"[Ht₁ Hcown₁ HΦ]"
).

iNext
.
do
2
wp_lam
.
wp_alloc
k
as
"Hk"
.
wp_let
.
iMod
(
fcinv_
open
_strong
_
N
with
"[$] [$]"
)
as
"(HInv & [Hcown₁ Hclose])"
;
first
done
.
iMod
(
fcinv_
acc
_strong
_
N
with
"[$] [$]"
)
as
"(HInv & [Hcown₁ Hclose])"
;
first
done
.
iDestruct
"HInv"
as
">[[Hs₁ Hl]  [[Hs₂ H]  [Hs₃ H]]]"
.
+
wp_store
.
iDestruct
(
transfer_combine
₁
with
"Ht₁ Hs₁"
)
as
"Hs₂"
.
iMod
(
"Hclose"
with
"[Hcown₁ Hl Hk Hs₂]"
)
as
"_"
.
...
...
@@ 52,7 +52,7 @@ Section proof1.
+
iDestruct
(
transfer_incompat
₁
with
"Ht₁ Hs₂"
)
as
%[].
+
iDestruct
(
transfer_incompat
₂
with
"Ht₁ Hs₃"
)
as
%[].

iL
ö
b
as
"IH"
.
wp_rec
.
wp_bind
(!
_
)%
E
.
iMod
(
fcinv_
open
_strong
_
N
with
"[$] [$]"
)
as
"(HInv & Hcown₂ & Hclose)"
;
first
done
.
iMod
(
fcinv_
acc
_strong
_
N
with
"[$] [$]"
)
as
"(HInv & Hcown₂ & Hclose)"
;
first
done
.
iDestruct
"HInv"
as
">[[Hs₁ Hl]  [[Hs₂ H]  [Hs₃ H]]]"
;
last
by
iDestruct
(
transfer_incompat
₃
with
"Ht₂ Hs₃"
)
as
%[].
+
wp_load
.
iMod
(
"Hclose"
with
"[Hl Hs₁]"
).
...
...
@@ 93,14 +93,14 @@ Section proof2.
{
iExists
NONEV
;
eauto
with
iFrame
.
}
wp_apply
(
iron_wp_fork
with
"[Hγ HΦ]"
).

iIntros
"!>"
.
do
2
wp_lam
.
wp_alloc
k
as
"Hk"
.
wp_let
.
iMod
(
fcinv_
open
_strong
_
N
with
"[$] [$]"
)
as
"(Hinv & Hγ & Hclose)"
;
first
done
.
iMod
(
fcinv_
acc
_strong
_
N
with
"[$] [$]"
)
as
"(Hinv & Hγ & Hclose)"
;
first
done
.
iDestruct
"Hinv"
as
(
v
)
">[Hl [>Hinv]]"
.
+
wp_store
.
iApply
"HΦ"
.
iApply
"Hclose"
.
iLeft
.
iExists
(
SOMEV
(#
k
)).
auto
10
with
iFrame
.
+
iDestruct
"Hinv"
as
(
k'
)
"(_&?&Hγ')"
.
by
iDestruct
(
fcinv_own_valid
with
"Hγ Hγ'"
)
as
%[].

iL
ö
b
as
"IH"
;
wp_rec
.
wp_bind
(!
_
)%
E
.
iMod
(
fcinv_
open
_strong
_
N
with
"[$] [$]"
)
as
"(Hinv & Hγ & Hclose)"
;
first
done
.
iMod
(
fcinv_
acc
_strong
_
N
with
"[$] [$]"
)
as
"(Hinv & Hγ & Hclose)"
;
first
done
.
iDestruct
"Hinv"
as
(
v
)
">[Hl [>Hinv]]"
.
+
wp_load
.
iMod
(
"Hclose"
with
"[Hl]"
).
{
iLeft
.
iExists
NONEV
.
eauto
10
with
iFrame
.
}
...
...
theories/heap_lang/lib/resource_transfer_par.v
View file @
ffbf81d9
...
...
@@ 45,14 +45,14 @@ Section proof1.
wp_apply
(
par_spec
(
λ
_
,
fcinv_own
γ
inv
(
1
/
2
))%
I
(
λ
_
,
fcinv_own
γ
inv
(
1
/
2
)
∗
<
affine
>
⎡
t
₃
γ
⎤
)%
I
with
"[Ht₁ Hcown₁] [Ht₂ Hcown₂]"
).

do
2
wp_lam
.
wp_alloc
k
as
"Hk"
.
wp_let
.
iMod
(
fcinv_
open
_
N
with
"[$] [$]"
)
as
"(HInv & $ & Hclose)"
;
first
done
.
iMod
(
fcinv_
acc
_
N
with
"[$] [$]"
)
as
"(HInv & $ & Hclose)"
;
first
done
.
iDestruct
"HInv"
as
">[[Hs₁ Hl]  [[Hs₂ H]  [Hs₃ H]]]"
.
+
wp_store
.
iDestruct
(
transfer_combine
₁
with
"Ht₁ Hs₁"
)
as
"Hs₂"
.
iApply
"Hclose"
.
iNext
.
iRight
.
iLeft
.
eauto
with
iFrame
.
+
iDestruct
(
transfer_incompat
₁
with
"Ht₁ Hs₂"
)
as
%[].
+
iDestruct
(
transfer_incompat
₂
with
"Ht₁ Hs₃"
)
as
%[].

wp_lam
.
iL
ö
b
as
"IH"
;
wp_rec
.
wp_bind
(!
_
)%
E
.
iMod
(
fcinv_
open
_
N
with
"[$] [$]"
)
as
"(HInv & Hγ & Hclose)"
;
first
done
.
iMod
(
fcinv_
acc
_
N
with
"[$] [$]"
)
as
"(HInv & Hγ & Hclose)"
;
first
done
.
iDestruct
"HInv"
as
">[[Hs₁ Hl]  [[Hs₂ H]  [Hs₃ H]]]"
;
last
(
iDestruct
(
transfer_incompat
₃
with
"Ht₂ Hs₃"
)
as
%[]).
+
wp_load
.
iMod
(
"Hclose"
with
"[Hl Hs₁]"
).
...
...
@@ 94,13 +94,13 @@ Section proof2.
{
iExists
NONEV
;
eauto
with
iFrame
.
}
wp_apply
(
par_spec
(
λ
_
,
emp
)%
I
(
λ
_
,
l
↦
)%
I
with
"[Hγ] [Hγc Hγ']"
).

do
2
wp_lam
.
wp_alloc
k
as
"Hk"
.
wp_let
.
iMod
(
fcinv_
open
_strong
_
N
with
"[$] [$]"
)
as
"(Hinv & Hγ & Hclose)"
;
first
done
.
iMod
(
fcinv_
acc
_strong
_
N
with
"[$] [$]"
)
as
"(Hinv & Hγ & Hclose)"
;
first
done
.
iDestruct
"Hinv"
as
(
v
)
">[Hl [>Hinv]]"
.
+
wp_store
.
iApply
"Hclose"
.
iLeft
.
iExists
(
SOMEV
(#
k
)).
auto
10
with
iFrame
.
+
iDestruct
"Hinv"
as
(
k'
)
"(_&?&Hγ')"
.
by
iDestruct
(
fcinv_own_valid
with
"Hγ Hγ'"
)
as
%[].

wp_lam
.
iL
ö
b
as
"IH"
;
wp_rec
.
wp_bind
(!
_
)%
E
.
iMod
(
fcinv_
open
_strong
_
N
with
"[$] [$]"
)
as
"(Hinv & Hγ & Hclose)"
;
first
done
.
iMod
(
fcinv_
acc
_strong
_
N
with
"[$] [$]"
)
as
"(Hinv & Hγ & Hclose)"
;
first
done
.
iDestruct
"Hinv"
as
(
v
)
">[Hl [>Hinv]]"
.
+
wp_load
.
iMod
(
"Hclose"
with
"[Hl]"
).
{
iLeft
.
iExists
NONEV
.
eauto
10
with
iFrame
.
}
...
...
theories/heap_lang/lib/spin_lock.v
View file @
ffbf81d9
...
...
@@ 96,7 +96,7 @@ Section proof.
{{{
b
,
RET
#
b
;
is_lock
N
γ
lk
p
R
∗
if
b
is
true
then
locked
γ
∗
R
else
emp
}}}.
Proof
.
iIntros
(
Φ
)
"Hl HΦ"
.
iDestruct
"Hl"
as
(
l
>)
"(#? & Hγinvc & Hγinv)"
.
wp_lam
.
iMod
(
fcinv_
open
_
N
with
"[$] [$]"
)
as
"(Hinv & Hγinv & Hclose)"
;
first
done
.
iMod
(
fcinv_
acc
_
N
with
"[$] [$]"
)
as
"(Hinv & Hγinv & Hclose)"
;
first
done
.
iDestruct
"Hinv"
as
([])
"[>Hl H]"
.

wp_cas_fail
.
iMod
(
"Hclose"
with
"[Hl]"
)
;
first
(
iNext
;
iExists
true
;
eauto
).
iModIntro
.
iApply
(
"HΦ"
$!
false
).
iSplit
;
last
done
.
...
...
@@ 124,7 +124,7 @@ Section proof.
Proof
.
iIntros
(
Φ
)
"(Hlock & Hγ & HR) HΦ"
.
iDestruct
"Hlock"
as
(
l
>)
"(#? & Hγinvc & Hγinv)"
.
wp_let
.
iMod
(
fcinv_
open
_
N
with
"[$] [$]"
)
as
"(Hinv & Hγinv & Hclose)"
;
first
done
.
iMod
(
fcinv_
acc
_
N
with
"[$] [$]"
)
as
"(Hinv & Hγinv & Hclose)"
;
first
done
.
iDestruct
"Hinv"
as
([])
"[Hl Hinv]"
.

wp_store
.
iMod
(
"Hclose"
with
"[HR Hl Hγ]"
).
{
iNext
.
iExists
false
;
iFrame
.
}
...
...
theories/heap_lang/lib/spin_lock_track.v
View file @
ffbf81d9
...
...
@@ 110,7 +110,7 @@ Section proof.
{{{
b
,
RET
#
b
;
if
b
is
true
then
locked
γ
p
∗
R
else
unlocked
γ
p
}}}.
Proof
.
iIntros
(
Φ
)
"[Hl [Hγinv HC]] HΦ"
.
iDestruct
"Hl"
as
(
l
>)
"#?"
.
wp_lam
.
iMod
(
fcinv_
open
_strong
_
N
with
"[$] [$]"
)
as
"(Hinv & Hγinv & Hclose)"
;
first
done
.
iMod
(
fcinv_
acc
_strong
_
N
with
"[$] [$]"
)
as
"(Hinv & Hγinv & Hclose)"
;
first
done
.
iDestruct
"Hinv"
as
([])
"[>Hl H]"
.

wp_cas_fail
.
iMod
(
"Hclose"
with
"[Hl H]"
).
{
iLeft
.
iModIntro
.
iExists
true
.
iFrame
.
}
...
...
@@ 139,7 +139,7 @@ Section proof.
Proof
.
iIntros
(
Φ
)
"(Hlock & [Hγinv [HC Hγf]] & HR) HΦ"
.
iDestruct
"Hlock"
as
(
l
>)
"#?"
.
wp_let
.
iMod
(
fcinv_
open
_
N
with
"[$] [$]"
)
as
"(Hinv & Hγinv & Hclose)"
;
first
done
.
iMod
(
fcinv_
acc
_
N
with
"[$] [$]"
)
as
"(Hinv & Hγinv & Hclose)"
;
first
done
.
iDestruct
"Hinv"
as
([])
"[Hl Hinv]"
.

wp_store
.
iDestruct
"Hinv"
as
(
p'
)
"[Hγ Hγinv']"
.
iDestruct
(
own_valid_2
with
"Hγ Hγf"
)
...
...
@@ 158,7 +158,7 @@ Section proof.
{{{
is_lock
N
γ
lk
R
∗
unlocked
γ
1
}}}
free
lk
{{{
RET
#()
;
R
}}}.
Proof
.
iIntros
(
Φ
)
"(Hlock & Hunlkd & Hγc) HΦ"
.
iDestruct
"Hlock"
as
(
l
>)
"#?"
.
wp_lam
.
iMod
(
fcinv_
open
_strong
_
N
with
"[$] [$]"
)
as
"(Hinv & Hγinv & Hclose)"
;
first
done
.
iMod
(
fcinv_
acc
_strong
_
N
with
"[$] [$]"
)
as
"(Hinv & Hγinv & Hclose)"
;
first
done
.
iDestruct
"Hinv"
as
([])
"[>Hl H]"
.

iDestruct
"H"
as
(
p
)
">[_ Hγinv']"
.
by
iDestruct
(
fcinv_own_valid
with
"Hγinv Hγinv'"
)
as
%?%(
exclusive_l
_
).
...
...
@@ 195,7 +195,7 @@ Section adequacy_proofs.
iApply
(
Hspec
with
"[$Hunlocked //]"
).
iIntros
"!>"
(
_
)
"[Hown Hcancel]"
.
iDestruct
"Hlock"
as
(
l
)
"[% #Hinv]"
;
simplify_eq
.
iMod
(
fcinv_
open
_strong
with
"Hinv Hown"
)
as
"(Hlock_inv & Hown & ?)"
;
first
done
.
iMod
(
fcinv_
acc
_strong
with
"Hinv Hown"
)
as
"(Hlock_inv & Hown & ?)"
;
first
done
.
iDestruct
"Hlock_inv"
as
([])
"[>Hl H]"
.

iDestruct
"H"
as
(
p
)
"[? >Hown']"
.
by
iDestruct
(
fcinv_own_valid
with
"Hown Hown'"
)
as
%
Hcontra
%
Qp_not_plus_q_ge_1
.
...
...
theories/iron_logic/fcinv.v
View file @
ffbf81d9
...
...
@@ 139,7 +139,7 @@ Proof.
rewrite
Some_op_opM
/=.
eauto
with
iFrame
.
Qed
.
Lemma
fcinv_
open
_strong
E
N
γ
p
P
`
{!
Uniform
P
}
:
Lemma
fcinv_
acc
_strong
E
N
γ
p
P
`
{!
Uniform
P
}
:
↑
N
⊆
E
→
fcinv
N
γ
P

∗
fcinv_own
γ
p
={
E
,
E
∖↑
N
}=
∗
...
...
@@ 197,17 +197,17 @@ Lemma fcinv_cancel E N γ P `{!Uniform P} :
fcinv_own
γ
1
={
E
}=
∗
▷
P
.
Proof
.
iIntros
(?)
"#? Hγc Hγ"
.
iMod
(
fcinv_
open
_strong
with
"[$] [$]"
)
as
"($ & Hγ & Hclose)"
;
first
done
.
iMod
(
fcinv_
acc
_strong
with
"[$] [$]"
)
as
"($ & Hγ & Hclose)"
;
first
done
.
iApply
"Hclose"
;
iRight
;
iFrame
.
Qed
.
Lemma
fcinv_
open
E
N
γ
p
P
`
{!
Uniform
P
}
:
Lemma
fcinv_
acc
E
N
γ
p
P
`
{!
Uniform
P
}
:
↑
N
⊆
E
→
fcinv
N
γ
P

∗
fcinv_own
γ
p
={
E
,
E
∖↑
N
}=
∗
▷
P
∗
fcinv_own
γ
p
∗
(
▷
P
={
E
∖↑
N
,
E
}=
∗
emp
).
Proof
.
iIntros
(?)
"#? Hγ"
.
iMod
(
fcinv_
open
_strong
with
"[$] [$]"
)
as
"($ & $ & Hclose)"
;
first
done
.
iMod
(
fcinv_
acc
_strong
with
"[$] [$]"
)
as
"($ & $ & Hclose)"
;
first
done
.
iIntros
"!> HP"
.
iApply
"Hclose"
;
auto
.
Qed
.
End
fcinv
.
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment