Merge branch 'master' of gitlab.mpi-sws.org:FP/iris-coq

8bfac1ad · Ralf Jung · 6c6f5755 · 126d54c3 · 8bfac1ad · 8bfac1ad
Commit 8bfac1ad authored Oct 06, 2016 by Ralf Jung
43 changed files
--- a/_CoqProject
+++ b/_CoqProject
@@ -116,15 +116,11 @@ tests/list_reverse.v
 tests/tree_sum.v
 tests/counter.v
 proofmode/coq_tactics.v
-proofmode/pviewshifts.v
 proofmode/environments.v
 proofmode/intro_patterns.v
 proofmode/spec_patterns.v
 proofmode/sel_patterns.v
 proofmode/tactics.v
 proofmode/notation.v
-proofmode/invariants.v
-proofmode/weakestpre.v
-proofmode/ghost_ownership.v
 proofmode/classes.v
 proofmode/class_instances.v
--- a/algebra/auth.v
+++ b/algebra/auth.v
 From iris.algebra Require Export excl local_updates.
 From iris.algebra Require Import upred updates.
+From iris.proofmode Require Import class_instances.
 Local Arguments valid _ _ !_ /.
 Local Arguments validN _ _ _ !_ /.

@@ -224,6 +225,14 @@ End cmra.
 Arguments authR : clear implicits.
 Arguments authUR : clear implicits.

+(* Proof mode class instances *)
+Instance from_op_auth_frag {A : ucmraT} (a b1 b2 : A) :
+  FromOp a b1 b2 → FromOp (◯ a) (◯ b1) (◯ b2).
+Proof. done. Qed.
+Instance into_op_auth_frag {A : ucmraT} (a b1 b2 : A) :
+  IntoOp a b1 b2 → IntoOp (◯ a) (◯ b1) (◯ b2).
+Proof. done. Qed.
+
 (* Functor *)
 Definition auth_map {A B} (f : A → B) (x : auth A) : auth B :=
  Auth (excl_map f <$> authoritative x) (f (auth_own x)).

--- a/algebra/cmra.v
+++ b/algebra/cmra.v
@@ -1208,8 +1208,8 @@ Section option.

  Lemma Some_included x y : Some x ≼ Some y ↔ x ≡ y ∨ x ≼ y.
  Proof. rewrite option_included; naive_solver. Qed.
-  Lemma Some_included' `{CMRATotal A} x y : Some x ≼ Some y ↔ x ≡ y ∨ x ≼ y.
-  Proof. rewrite Some_included; naive_solver. Qed.
+  Lemma Some_included' `{CMRATotal A} x y : Some x ≼ Some y ↔ x ≼ y.
+  Proof. rewrite Some_included. split. by intros [->|?]. eauto. Qed.
  Lemma is_Some_included mx my : mx ≼ my → is_Some mx → is_Some my.
  Proof. rewrite -!not_eq_None_Some option_included. naive_solver. Qed.
 End option.

--- a/algebra/cofe.v
+++ b/algebra/cofe.v
@@ -450,6 +450,36 @@ Proof.
    by apply prodC_map_ne; apply cFunctor_contractive.
 Qed.

+Instance compose_ne {A} {B B' : cofeT} (f : B -n> B') n :
+  Proper (dist n ==> dist n) (compose f : (A -c> B) → A -c> B').
+Proof. intros g g' Hf x; simpl. by rewrite (Hf x). Qed.
+
+Definition cofe_funC_map {A B B'} (f : B -n> B') : (A -c> B) -n> (A -c> B') :=
+  @CofeMor (_ -c> _) (_ -c> _) (compose f) _.
+Instance cofe_funC_map_ne {A B B'} n :
+  Proper (dist n ==> dist n) (@cofe_funC_map A B B').
+Proof. intros f f' Hf g x. apply Hf. Qed.
+
+Program Definition cofe_funCF (T : Type) (F : cFunctor) : cFunctor := {|
+  cFunctor_car A B := cofe_funC T (cFunctor_car F A B);
+  cFunctor_map A1 A2 B1 B2 fg := cofe_funC_map (cFunctor_map F fg)
+|}.
+Next Obligation.
+  intros ?? A1 A2 B1 B2 n ???; by apply cofe_funC_map_ne; apply cFunctor_ne.
+Qed.
+Next Obligation. intros F1 F2 A B ??. by rewrite /= /compose /= !cFunctor_id. Qed.
+Next Obligation.
+  intros T F A1 A2 A3 B1 B2 B3 f g f' g' ??; simpl.
+  by rewrite !cFunctor_compose.
+Qed.
+
+Instance cofe_funCF_contractive (T : Type) (F : cFunctor) :
+  cFunctorContractive F → cFunctorContractive (cofe_funCF T F).
+Proof.
+  intros ?? A1 A2 B1 B2 n ???;
+    by apply cofe_funC_map_ne; apply cFunctor_contractive.
+Qed.
+
 Program Definition cofe_morCF (F1 F2 : cFunctor) : cFunctor := {|
  cFunctor_car A B := cFunctor_car F1 B A -n> cFunctor_car F2 A B;
  cFunctor_map A1 A2 B1 B2 fg :=
@@ -759,6 +789,7 @@ Qed.

 (** Notation for writing functors *)
 Notation "∙" := idCF : cFunctor_scope.
+Notation "T -c> F" := (cofe_funCF T%type F%CF) : cFunctor_scope.
 Notation "F1 -n> F2" := (cofe_morCF F1%CF F2%CF) : cFunctor_scope.
 Notation "F1 * F2" := (prodCF F1%CF F2%CF) : cFunctor_scope.
 Notation "F1 + F2" := (sumCF F1%CF F2%CF) : cFunctor_scope.

--- a/algebra/frac.v
+++ b/algebra/frac.v
@@ -35,6 +35,3 @@ Global Instance frac_full_exclusive : Exclusive 1%Qp.
 Proof.
  move=> y /Qcle_not_lt [] /=. by rewrite -{1}(Qcplus_0_r 1) -Qcplus_lt_mono_l.
 Qed.
-
-Lemma invalid_plus_q: ∀ (q: Qp), ¬ ✓ (1 + q)%Qp.
-Proof. intros q H. by apply (Qp_ge_1 q). Qed.
--- a/algebra/upred.v
+++ b/algebra/upred.v
@@ -1361,6 +1361,12 @@ Lemma option_validI {A : cmraT} (mx : option A) :
  ✓ mx ⊣⊢ match mx with Some x => ✓ x | None => True end.
 Proof. uPred.unseal. by destruct mx. Qed.

+(* Functions *)
+Lemma cofe_funC_equivI {A B} (f g : A -c> B) : f ≡ g ⊣⊢ ∀ x, f x ≡ g x.
+Proof. by uPred.unseal. Qed.
+Lemma cofe_moreC_equivI {A B : cofeT} (f g : A -n> B) : f ≡ g ⊣⊢ ∀ x, f x ≡ g x.
+Proof. by uPred.unseal. Qed.
+
 (* Timeless instances *)
 Global Instance pure_timeless φ : TimelessP (■ φ : uPred M)%I.
 Proof.

--- a/heap_lang/adequacy.v
+++ b/heap_lang/adequacy.v
@@ -2,7 +2,7 @@ From iris.program_logic Require Export weakestpre adequacy.
 From iris.heap_lang Require Export heap.
 From iris.program_logic Require Import auth ownership.
 From iris.heap_lang Require Import proofmode notation.
-From iris.proofmode Require Import tactics weakestpre.
+From iris.proofmode Require Import tactics.

 Definition heapΣ : gFunctors := #[authΣ heapUR; irisΣ heap_lang].


--- a/heap_lang/heap.v
+++ b/heap_lang/heap.v
@@ -2,7 +2,7 @@ From iris.heap_lang Require Export lifting.
 From iris.algebra Require Import upred_big_op gmap frac dec_agree.
 From iris.program_logic Require Export invariants ghost_ownership.
 From iris.program_logic Require Import ownership auth.
-From iris.proofmode Require Import weakestpre.
+From iris.proofmode Require Import tactics.
 Import uPred.
 (* TODO: The entire construction could be generalized to arbitrary languages that have
   a finmap as their state. Or maybe even beyond "as their state", i.e. arbitrary

--- a/heap_lang/lib/counter.v
+++ b/heap_lang/lib/counter.v
 From iris.program_logic Require Export weakestpre.
 From iris.heap_lang Require Export lang.
-From iris.proofmode Require Import invariants tactics.
+From iris.proofmode Require Import tactics.
 From iris.program_logic Require Import auth.
 From iris.heap_lang Require Import proofmode notation.


--- a/heap_lang/lib/spawn.v
+++ b/heap_lang/lib/spawn.v
 From iris.program_logic Require Export weakestpre.
 From iris.heap_lang Require Export lang.
-From iris.proofmode Require Import invariants tactics.
+From iris.proofmode Require Import tactics.
 From iris.heap_lang Require Import proofmode notation.
 From iris.algebra Require Import excl.


--- a/heap_lang/lib/spin_lock.v
+++ b/heap_lang/lib/spin_lock.v
 From iris.program_logic Require Export weakestpre.
 From iris.heap_lang Require Export lang.
-From iris.proofmode Require Import invariants tactics.
+From iris.proofmode Require Import tactics.
 From iris.heap_lang Require Import proofmode notation.
 From iris.algebra Require Import excl.
 From iris.heap_lang.lib Require Import lock.

--- a/heap_lang/lib/ticket_lock.v
+++ b/heap_lang/lib/ticket_lock.v
 From iris.program_logic Require Export weakestpre.
 From iris.heap_lang Require Export lang.
-From iris.proofmode Require Import invariants.
+From iris.proofmode Require Import tactics.
 From iris.heap_lang Require Import proofmode notation.
 From iris.algebra Require Import auth gset.
 From iris.heap_lang.lib Require Export lock.

--- a/heap_lang/lifting.v
+++ b/heap_lang/lifting.v
@@ -2,7 +2,7 @@ From iris.program_logic Require Export weakestpre.
 From iris.program_logic Require Import ownership ectx_lifting. (* for ownP *)
 From iris.heap_lang Require Export lang.
 From iris.heap_lang Require Import tactics.
-From iris.proofmode Require Import weakestpre.
+From iris.proofmode Require Import tactics.
 From iris.prelude Require Import fin_maps.
 Import uPred.


--- a/heap_lang/proofmode.v
+++ b/heap_lang/proofmode.v
+From iris.program_logic Require Export weakestpre.
 From iris.proofmode Require Import coq_tactics.
-From iris.proofmode Require Export weakestpre.
+From iris.proofmode Require Export tactics.
 From iris.heap_lang Require Export wp_tactics heap.
 Import uPred.


--- a/prelude/numbers.v
+++ b/prelude/numbers.v
@@ -567,9 +567,12 @@ Proof.
  apply Qp_eq; simpl. ring.
 Qed.

-Lemma Qp_ge_1 (q: Qp): ¬ ((1 + q)%Qp ≤ 1%Qp)%Qc.
+Lemma Qp_not_plus_q_ge_1 (q: Qp): ¬ ((1 + q)%Qp ≤ 1%Qp)%Qc.
 Proof.
  intros Hle.
  apply (Qcplus_le_mono_l q 0 1) in Hle.
-  apply Qcle_ngt in Hle. by destruct q.
+  apply Qcle_ngt in Hle. apply Hle, Qp_prf.
 Qed.
+
+Lemma Qp_ge_0 (q: Qp): (0 ≤ q)%Qc.
+Proof. apply Qclt_le_weak, Qp_prf. Qed.
--- a/program_logic/adequacy.v
+++ b/program_logic/adequacy.v
 From iris.program_logic Require Export weakestpre.
 From iris.algebra Require Import gmap auth agree gset coPset upred_big_op.
 From iris.program_logic Require Import ownership.
-From iris.proofmode Require Import tactics weakestpre.
+From iris.proofmode Require Import tactics.
 Import uPred.

 Record adequate {Λ} (e1 : expr Λ) (σ1 : state Λ) (φ : val Λ → Prop) := {

--- a/program_logic/auth.v
+++ b/program_logic/auth.v
-From iris.program_logic Require Export pviewshifts.
+From iris.program_logic Require Export invariants.
 From iris.algebra Require Export auth.
 From iris.algebra Require Import gmap.
-From iris.proofmode Require Import invariants.
+From iris.proofmode Require Import tactics.
 Import uPred.

 (* The CMRA we need. *)

--- a/program_logic/boxes.v
+++ b/program_logic/boxes.v
-From iris.program_logic Require Export pviewshifts.
+From iris.program_logic Require Export invariants.
 From iris.algebra Require Import auth gmap agree upred_big_op.
-From iris.proofmode Require Import tactics invariants.
+From iris.proofmode Require Import tactics.
 Import uPred.

 (** The CMRAs we need. *)

--- a/program_logic/cancelable_invariants.v
+++ b/program_logic/cancelable_invariants.v
 From iris.program_logic Require Export invariants.
 From iris.algebra Require Export frac.
-From iris.proofmode Require Import invariants tactics.
+From iris.proofmode Require Import tactics.
 Import uPred.

 Class cinvG Σ := cinv_inG :> inG Σ fracR.

--- a/program_logic/ectx_lifting.v
+++ b/program_logic/ectx_lifting.v
 (** Some derived lemmas for ectx-based languages *)
 From iris.program_logic Require Export ectx_language weakestpre lifting.
 From iris.program_logic Require Import ownership.
-From iris.proofmode Require Import weakestpre.
+From iris.proofmode Require Import tactics.

 Section wp.
 Context {expr val ectx state} {Λ : EctxLanguage expr val ectx state}.

--- a/program_logic/ghost_ownership.v
+++ b/program_logic/ghost_ownership.v
 From iris.program_logic Require Export model.
 From iris.algebra Require Import iprod gmap.
+From iris.proofmode Require Import classes.
 Import uPred.

 (** The class [inG Σ A] expresses that the CMRA [A] is in the list of functors
@@ -145,3 +146,16 @@ Proof.
  - apply cmra_transport_valid, ucmra_unit_valid.
  - intros x; destruct inG_prf. by rewrite left_id.
 Qed.
+
+(** Proofmode class instances *)
+Section proofmode_classes.
+  Context `{inG Σ A}.
+  Implicit Types a b : A.
+
+  Global Instance into_and_own p γ a b1 b2 :
+    IntoOp a b1 b2 → IntoAnd p (own γ a) (own γ b1) (own γ b2).
+  Proof. intros. apply mk_into_and_sep. by rewrite (into_op a) own_op. Qed.
+  Global Instance from_sep_own γ a b1 b2 :
+    FromOp a b1 b2 → FromSep (own γ a) (own γ b1) (own γ b2).
+  Proof. intros. by rewrite /FromSep -own_op from_op. Qed.
+End proofmode_classes.
--- a/program_logic/hoare.v
+++ b/program_logic/hoare.v
 From iris.program_logic Require Export weakestpre viewshifts.
-From iris.proofmode Require Import weakestpre.
+From iris.proofmode Require Import tactics.

 Definition ht `{irisG Λ Σ} (E : coPset) (P : iProp Σ)
    (e : expr Λ) (Φ : val Λ → iProp Σ) : iProp Σ :=

--- a/program_logic/invariants.v
+++ b/program_logic/invariants.v
@@ -2,7 +2,7 @@ From iris.program_logic Require Export pviewshifts.
 From iris.program_logic Require Export namespaces.
 From iris.program_logic Require Import ownership.
 From iris.algebra Require Import gmap.
-From iris.proofmode Require Import pviewshifts.
+From iris.proofmode Require Import tactics coq_tactics intro_patterns.
 Import uPred.

 (** Derived forms and lemmas about them. *)
@@ -61,3 +61,29 @@ Proof.
  iIntros "!==> {$HP} HP". iApply "Hclose"; auto.
 Qed.
 End inv.
+
+Tactic Notation "iInvCore" constr(N) "as" tactic(tac) constr(Hclose) :=
+  let Htmp := iFresh in
+  let patback := intro_pat.parse_one Hclose in
+  let pat := constr:(IList [[IName Htmp; patback]]) in
+  iVs (inv_open _ N with "[#]") as pat;
+    [idtac|iAssumption || fail "iInv: invariant" N "not found"|idtac];
+    [solve_ndisj || match goal with |- ?P => fail "iInv: cannot solve" P end
+    |tac Htmp].
+
+Tactic Notation "iInv" constr(N) "as" constr(pat) constr(Hclose) :=
+   iInvCore N as (fun H => iDestruct H as pat) Hclose.
+Tactic Notation "iInv" constr(N) "as" "(" simple_intropattern(x1) ")"
+    constr(pat) constr(Hclose) :=
+   iInvCore N as (fun H => iDestruct H as (x1) pat) Hclose.
+Tactic Notation "iInv" constr(N) "as" "(" simple_intropattern(x1)
+    simple_intropattern(x2) ")" constr(pat) constr(Hclose) :=
+   iInvCore N as (fun H => iDestruct H as (x1 x2) pat) Hclose.
+Tactic Notation "iInv" constr(N) "as" "(" simple_intropattern(x1)
+    simple_intropattern(x2) simple_intropattern(x3) ")"
+    constr(pat) constr(Hclose) :=
+   iInvCore N as (fun H => iDestruct H as (x1 x2 x3) pat) Hclose.
+Tactic Notation "iInv" constr(N) "as" "(" simple_intropattern(x1)
+    simple_intropattern(x2) simple_intropattern(x3) simple_intropattern(x4) ")"
+    constr(pat) constr(Hclose) :=
+   iInvCore N as (fun H => iDestruct H as (x1 x2 x3 x4) pat) Hclose.
--- a/program_logic/lifting.v
+++ b/program_logic/lifting.v
 From iris.program_logic Require Export weakestpre.
 From iris.program_logic Require Import ownership.
 From iris.algebra Require Export upred_big_op.
-From iris.proofmode Require Import pviewshifts.
+From iris.proofmode Require Import tactics.

 Section lifting.
 Context `{irisG Λ Σ}.

--- a/program_logic/ownership.v
+++ b/program_logic/ownership.v
 From iris.program_logic Require Export iris.
 From iris.algebra Require Import gmap auth agree gset coPset upred_big_op.
-From iris.proofmode Require Import ghost_ownership tactics.
+From iris.proofmode Require Import tactics.

 Definition invariant_unfold {Σ} (P : iProp Σ) : agree (later (iPreProp Σ)) :=
  to_agree (Next (iProp_unfold P)).

--- a/program_logic/pviewshifts.v
+++ b/program_logic/pviewshifts.v
 From iris.program_logic Require Export iris.
 From iris.program_logic Require Import ownership.
 From iris.algebra Require Import upred_big_op gmap.
-From iris.proofmode Require Import tactics.
+From iris.proofmode Require Import tactics classes.
 Import uPred.

 Program Definition pvs_def `{irisG Λ Σ}
@@ -136,3 +136,54 @@ Proof.
  intros P1 P2 HP Q1 Q2 HQ. by rewrite HP HQ -pvs_sep.
 Qed.
 End pvs.
+
+(** Proofmode class instances *)
+Section proofmode_classes.
+  Context `{irisG Λ Σ}.
+  Implicit Types P Q : iProp Σ.
+
+  Global Instance from_pure_pvs E P φ : FromPure P φ → FromPure (|={E}=> P) φ.
+  Proof. rewrite /FromPure. intros <-. apply pvs_intro. Qed.
+
+  Global Instance from_assumption_pvs E p P Q :
+    FromAssumption p P (|=r=> Q) → FromAssumption p P (|={E}=> Q)%I.
+  Proof. rewrite /FromAssumption=>->. apply rvs_pvs. Qed.
+
+  Global Instance into_wand_pvs E1 E2 R P Q :
+    IntoWand R P Q → IntoWand R (|={E1,E2}=> P) (|={E1,E2}=> Q) | 100.
+  Proof. rewrite /IntoWand=>->. apply wand_intro_l. by rewrite pvs_wand_r. Qed.
+
+  Global Instance from_sep_pvs E P Q1 Q2 :
+    FromSep P Q1 Q2 → FromSep (|={E}=> P) (|={E}=> Q1) (|={E}=> Q2).
+  Proof. rewrite /FromSep=><-. apply pvs_sep. Qed.
+
+  Global Instance or_split_pvs E1 E2 P Q1 Q2 :
+    FromOr P Q1 Q2 → FromOr (|={E1,E2}=> P) (|={E1,E2}=> Q1) (|={E1,E2}=> Q2).
+  Proof. rewrite /FromOr=><-. apply or_elim; apply pvs_mono; auto with I. Qed.
+
+  Global Instance exists_split_pvs {A} E1 E2 P (Φ : A → iProp Σ) :
+    FromExist P Φ → FromExist (|={E1,E2}=> P) (λ a, |={E1,E2}=> Φ a)%I.
+  Proof.
+    rewrite /FromExist=><-. apply exist_elim=> a. by rewrite -(exist_intro a).
+  Qed.
+
+  Global Instance frame_pvs E1 E2 R P Q :
+    Frame R P Q → Frame R (|={E1,E2}=> P) (|={E1,E2}=> Q).
+  Proof. rewrite /Frame=><-. by rewrite pvs_frame_l. Qed.
+
+  Global Instance is_except_last_pvs E1 E2 P : IsExceptLast (|={E1,E2}=> P).
+  Proof. by rewrite /IsExceptLast except_last_pvs. Qed.
+
+  Global Instance from_vs_pvs E P : FromVs (|={E}=> P) P.
+  Proof. by rewrite /FromVs -rvs_pvs. Qed.
+
+  Global Instance elim_vs_rvs_pvs E1 E2 P Q :
+    ElimVs (|=r=> P) P (|={E1,E2}=> Q) (|={E1,E2}=> Q).
+  Proof. by rewrite /ElimVs (rvs_pvs E1) pvs_frame_r wand_elim_r pvs_trans. Qed.
+  Global Instance elim_vs_pvs_pvs E1 E2 E3 P Q :
+    ElimVs (|={E1,E2}=> P) P (|={E1,E3}=> Q) (|={E2,E3}=> Q).
+  Proof. by rewrite /ElimVs pvs_frame_r wand_elim_r pvs_trans. Qed.
+End proofmode_classes.
+
+Hint Extern 2 (coq_tactics.of_envs _ ⊢ _) =>
+  match goal with |- _ ⊢ |={_}=> _ => iVsIntro end.
--- a/program_logic/sts.v
+++ b/program_logic/sts.v
-From iris.program_logic Require Export pviewshifts.
+From iris.program_logic Require Export invariants.
 From iris.algebra Require Export sts.
-From iris.proofmode Require Import invariants.
+From iris.proofmode Require Import tactics.
 Import uPred.

 (** The CMRA we need. *)

--- a/program_logic/thread_local.v
+++ b/program_logic/thread_local.v
+From iris.program_logic Require Export invariants.
 From iris.algebra Require Export gmap gset coPset.
-From iris.proofmode Require Import invariants tactics.
+From iris.proofmode Require Import tactics.
 Import uPred.

 Definition tlN : namespace := nroot .@ "tl".

--- a/program_logic/viewshifts.v
+++ b/program_logic/viewshifts.v
-From iris.program_logic Require Export pviewshifts.
-From iris.proofmode Require Import pviewshifts invariants.
+From iris.program_logic Require Export invariants.
+From iris.proofmode Require Import tactics.

 Definition vs `{irisG Λ Σ} (E1 E2 : coPset) (P Q : iProp Σ) : iProp Σ :=
  (□ (P → |={E1,E2}=> Q))%I.

--- a/program_logic/weakestpre.v
+++ b/program_logic/weakestpre.v
@@ -2,7 +2,7 @@ From iris.program_logic Require Export pviewshifts.
 From iris.program_logic Require Import ownership.
 From iris.algebra Require Import upred_big_op.
 From iris.prelude Require Export coPset.
-From iris.proofmode Require Import tactics pviewshifts.
+From iris.proofmode Require Import tactics classes.
 Import uPred.

 Definition wp_pre `{irisG Λ Σ}
@@ -211,3 +211,32 @@ Lemma wp_wand_r E e Φ Ψ :
  WP e @ E {{ Φ }} ★ (∀ v, Φ v -★ Ψ v) ⊢ WP e @ E {{ Ψ }}.
 Proof. by rewrite comm wp_wand_l. Qed.
 End wp.
+
+(** Proofmode class instances *)
+Section proofmode_classes.
+  Context `{irisG Λ Σ}.
+  Implicit Types P Q : iProp Σ.
+  Implicit Types Φ : val Λ → iProp Σ.
+
+  Global Instance frame_wp E e R Φ Ψ :
+    (∀ v, Frame R (Φ v) (Ψ v)) → Frame R (WP e @ E {{ Φ }}) (WP e @ E {{ Ψ }}).
+  Proof. rewrite /Frame=> HR. rewrite wp_frame_l. apply wp_mono, HR. Qed.
+
+  Global Instance is_except_last_wp E e Φ : IsExceptLast (WP e @ E {{ Φ }}).
+  Proof. by rewrite /IsExceptLast -{2}pvs_wp -except_last_pvs -pvs_intro. Qed.
+
+  Global Instance elim_vs_rvs_wp E e P Φ :
+    ElimVs (|=r=> P) P (WP e @ E {{ Φ }}) (WP e @ E {{ Φ }}).
+  Proof. by rewrite /ElimVs (rvs_pvs E) pvs_frame_r wand_elim_r pvs_wp. Qed.
+
+  Global Instance elim_vs_pvs_wp E e P Φ :
+    ElimVs (|={E}=> P) P (WP e @ E {{ Φ }}) (WP e @ E {{ Φ }}).
+  Proof. by rewrite /ElimVs pvs_frame_r wand_elim_r pvs_wp. Qed.
+
+  (* lower precedence, if possible, it should always pick elim_vs_pvs_wp *)
+  Global Instance elim_vs_pvs_wp_atomic E1 E2 e P Φ :
+    atomic e →
+    ElimVs (|={E1,E2}=> P) P
+           (WP e @ E1 {{ Φ }}) (WP e @ E2 {{ v, |={E2,E1}=> Φ v }})%I | 100.
+  Proof. intros. by rewrite /ElimVs pvs_frame_r wand_elim_r wp_atomic. Qed.
+End proofmode_classes.
--- a/proofmode/class_instances.v
+++ b/proofmode/class_instances.v
@@ -132,6 +132,10 @@ Proof. rewrite /FromAnd=> <-. by rewrite later_and. Qed.
 (* FromSep *)
 Global Instance from_sep_sep P1 P2 : FromSep (P1 ★ P2) P1 P2 | 100.
 Proof. done. Qed.
+Global Instance from_sep_ownM (a b1 b2 : M) :
+  FromOp a b1 b2 →
+  FromSep (uPred_ownM a) (uPred_ownM b1) (uPred_ownM b2).
+Proof. intros. by rewrite /FromSep -ownM_op from_op. Qed.
 Global Instance from_sep_always P Q1 Q2 :
  FromSep P Q1 Q2 → FromSep (□ P) (□ Q1) (□ Q2).
 Proof. rewrite /FromSep=> <-. by rewrite always_sep. Qed.
@@ -142,9 +146,6 @@ Global Instance from_sep_rvs P Q1 Q2 :
  FromSep P Q1 Q2 → FromSep (|=r=> P) (|=r=> Q1) (|=r=> Q2).
 Proof. rewrite /FromSep=><-. apply rvs_sep. Qed.

-Global Instance from_sep_ownM (a b : M) :
-  FromSep (uPred_ownM (a ⋅ b)) (uPred_ownM a) (uPred_ownM b) | 99.
-Proof. by rewrite /FromSep ownM_op. Qed.
 Global Instance from_sep_big_sepM
    `{Countable K} {A} (Φ Ψ1 Ψ2 : K → A → uPred M) m :
  (∀ k x, FromSep (Φ k x) (Ψ1 k x) (Ψ2 k x)) →
@@ -160,6 +161,20 @@ Proof.
  rewrite /FromSep=> ?. rewrite -big_sepS_sepS. by apply big_sepS_mono.
 Qed.

+(* FromOp *)
+Global Instance from_op_op {A : cmraT} (a b : A) : FromOp (a ⋅ b) a b.
+Proof. by rewrite /FromOp. Qed.
+Global Instance from_op_persistent {A : cmraT} (a : A) :
+  Persistent a → FromOp a a a.
+Proof. intros. by rewrite /FromOp -(persistent_dup a). Qed.
+Global Instance from_op_pair {A B : cmraT} (a b1 b2 : A) (a' b1' b2' : B) :
+  FromOp a b1 b2 → FromOp a' b1' b2' →
+  FromOp (a,a') (b1,b1') (b2,b2').
+Proof. by constructor. Qed.
+Global Instance from_op_Some {A : cmraT} (a : A) b1 b2 :
+  FromOp a b1 b2 → FromOp (Some a) (Some b1) (Some b2).
+Proof. by constructor. Qed.
+
 (* IntoOp *)
 Global Instance into_op_op {A : cmraT} (a b : A) : IntoOp (a ⋅ b) a b.
 Proof. by rewrite /IntoOp. Qed.

--- a/proofmode/classes.v
+++ b/proofmode/classes.v
@@ -39,6 +39,9 @@ Global Arguments into_and : clear implicits.
 Lemma mk_into_and_sep p P Q1 Q2 : (P ⊢ Q1 ★ Q2) → IntoAnd p P Q1 Q2.
 Proof. rewrite /IntoAnd=>->. destruct p; auto using sep_and. Qed.

+Class FromOp {A : cmraT} (a b1 b2 : A) := from_op : b1 ⋅ b2 ≡ a.
+Global Arguments from_op {_} _ _ _ {_}.
+
 Class IntoOp {A : cmraT} (a b1 b2 : A) := into_op : a ≡ b1 ⋅ b2.
 Global Arguments into_op {_} _ _ _ {_}.

@@ -70,5 +73,8 @@ Global Arguments from_vs : clear implicits.

 Class ElimVs (P P' : uPred M) (Q Q' : uPred M) :=
  elim_vs : P ★ (P' -★ Q') ⊢ Q.
-Arguments elim_vs _ _ _ _ {_}.