From 8f5438b85330d2964ae2dd1e27f929d56f895f29 Mon Sep 17 00:00:00 2001 From: Robbert Krebbers Date: Thu, 16 Nov 2017 11:40:48 +0100 Subject: [PATCH] Make invariants closed under logical equivalence. This partially solves #112. --- theories/base_logic/lib/invariants.v | 30 +++++++++++++++++++--------- 1 file changed, 21 insertions(+), 9 deletions(-) diff --git a/theories/base_logic/lib/invariants.v b/theories/base_logic/lib/invariants.v index 8b140f72..60f89f26 100644 --- a/theories/base_logic/lib/invariants.v +++ b/theories/base_logic/lib/invariants.v @@ -7,7 +7,7 @@ Import uPred. (** Derived forms and lemmas about them. *) Definition inv_def `{invG Σ} (N : namespace) (P : iProp Σ) : iProp Σ := - (∃ i, ⌜i ∈ (↑N:coPset)⌝ ∧ ownI i P)%I. + (∃ i P', ⌜i ∈ (↑N:coPset)⌝ ∧ ▷ □ (P' ↔ P) ∧ ownI i P')%I. Definition inv_aux : seal (@inv_def). by eexists. Qed. Definition inv {Σ i} := unseal inv_aux Σ i. Definition inv_eq : @inv = @inv_def := seal_eq inv_aux. @@ -21,19 +21,25 @@ Implicit Types N : namespace. Implicit Types P Q R : iProp Σ. Global Instance inv_contractive N : Contractive (inv N). -Proof. - rewrite inv_eq=> n ???. apply exist_ne=>i. by apply and_ne, ownI_contractive. -Qed. +Proof. rewrite inv_eq. solve_contractive. Qed. Global Instance inv_ne N : NonExpansive (inv N). Proof. apply contractive_ne, _. Qed. -Global Instance inv_Proper N : Proper ((⊣⊢) ==> (⊣⊢)) (inv N). +Global Instance inv_proper N : Proper ((⊣⊢) ==> (⊣⊢)) (inv N). Proof. apply ne_proper, _. Qed. Global Instance inv_persistent N P : Persistent (inv N P). Proof. rewrite inv_eq /inv; apply _. Qed. +Lemma inv_iff N P Q : ▷ □ (P ↔ Q) -∗ inv N P -∗ inv N Q. +Proof. + iIntros "#HPQ". rewrite inv_eq. iDestruct 1 as (i P') "(?&#HP&?)". + iExists i, P'. iFrame. iNext; iAlways; iSplit. + - iIntros "HP'". iApply "HPQ". by iApply "HP". + - iIntros "HQ". iApply "HP". by iApply "HPQ". +Qed. + Lemma fresh_inv_name (E : gset positive) N : ∃ i, i ∉ E ∧ i ∈ (↑N:coPset). Proof. exists (coPpick (↑ N ∖ coPset.of_gset E)). @@ -48,6 +54,7 @@ Proof. rewrite inv_eq /inv_def fupd_eq /fupd_def. iIntros "HP [Hw \$]". iMod (ownI_alloc (∈ (↑N : coPset)) P with "[\$HP \$Hw]") as (i ?) "[\$ ?]"; auto using fresh_inv_name. + do 2 iModIntro. iExists i, P. rewrite -(iff_refl True). auto. Qed. Lemma inv_alloc_open N E P : @@ -61,7 +68,9 @@ Proof. { rewrite -?ownE_op; [|set_solver..]. rewrite assoc_L -!union_difference_L //. set_solver. } do 2 iModIntro. iFrame "HE\N". iSplitL "Hw HEi"; first by iApply "Hw". - iSplitL "Hi"; first by eauto. iIntros "HP [Hw HE\N]". + iSplitL "Hi". + { iExists i, P. rewrite -(iff_refl True). auto. } + iIntros "HP [Hw HE\N]". iDestruct (ownI_close with "[\$Hw \$Hi \$HP \$HD]") as "[\$ HEi]". do 2 iModIntro. iSplitL; [|done]. iCombine "HEi" "HEN\i" as "HEN"; iCombine "HEN" "HE\N" as "HE". @@ -72,13 +81,16 @@ Qed. Lemma inv_open E N P : ↑N ⊆ E → inv N P ={E,E∖↑N}=∗ ▷ P ∗ (▷ P ={E∖↑N,E}=∗ True). Proof. - rewrite inv_eq /inv_def fupd_eq /fupd_def; iDestruct 1 as (i) "[Hi #HiP]". + rewrite inv_eq /inv_def fupd_eq /fupd_def. + iDestruct 1 as (i P') "(Hi & #HP' & #HiP)". iDestruct "Hi" as % ?%elem_of_subseteq_singleton. rewrite {1 4}(union_difference_L (↑ N) E) // ownE_op; last set_solver. rewrite {1 5}(union_difference_L {[ i ]} (↑ N)) // ownE_op; last set_solver. iIntros "(Hw & [HE \$] & \$) !> !>". - iDestruct (ownI_open i P with "[\$Hw \$HE \$HiP]") as "(\$ & \$ & HD)". - iIntros "HP [Hw \$] !> !>". iApply ownI_close; by iFrame. + iDestruct (ownI_open i with "[\$Hw \$HE \$HiP]") as "(\$ & HP & HD)". + iDestruct ("HP'" with "HP") as "\$". + iIntros "HP [Hw \$] !> !>". iApply (ownI_close _ P'). iFrame "HD Hw HiP". + iApply "HP'". iFrame. Qed. Lemma inv_open_timeless E N P `{!Timeless P} : -- GitLab