Commit 2950fca6 authored by Jacques-Henri Jourdan's avatar Jacques-Henri Jourdan

wp_pures.

parent 2b23e75f
...@@ -50,6 +50,8 @@ ...@@ -50,6 +50,8 @@
--------------------------------------∗ --------------------------------------∗
True True
"wp_nonclosed_value"
: string
The command has indeed failed with message: The command has indeed failed with message:
Ltac call to "wp_pure (open_constr)" failed. Ltac call to "wp_pure (open_constr)" failed.
Tactic failure: wp_pure: cannot find ?y in (Var "x") or Tactic failure: wp_pure: cannot find ?y in (Var "x") or
...@@ -116,4 +118,4 @@ Tactic failure: wp_pure: cannot find ?y in (Var "x") or ...@@ -116,4 +118,4 @@ Tactic failure: wp_pure: cannot find ?y in (Var "x") or
: string : string
The command has indeed failed with message: The command has indeed failed with message:
Ltac call to "wp_cas_suc" failed. Ltac call to "wp_cas_suc" failed.
Tactic failure: wp_cas_suc: cannot find 'CAS' in (Val #()). Tactic failure: wp_cas_suc: not a 'wp'.
...@@ -27,8 +27,8 @@ Section tests. ...@@ -27,8 +27,8 @@ Section tests.
Lemma heap_e_spec E : WP heap_e @ E {{ v, v = #2 }}%I. Lemma heap_e_spec E : WP heap_e @ E {{ v, v = #2 }}%I.
Proof. Proof.
iIntros "". rewrite /heap_e. Show. iIntros "". rewrite /heap_e. Show.
wp_alloc l as "?". wp_let. wp_load. Show. wp_alloc l as "?". wp_load. Show.
wp_op. wp_store. by wp_load. wp_store. by wp_load.
Qed. Qed.
Definition heap_e2 : expr := Definition heap_e2 : expr :=
...@@ -39,8 +39,8 @@ Section tests. ...@@ -39,8 +39,8 @@ Section tests.
Lemma heap_e2_spec E : WP heap_e2 @ E [{ v, v = #2 }]%I. Lemma heap_e2_spec E : WP heap_e2 @ E [{ v, v = #2 }]%I.
Proof. Proof.
iIntros "". rewrite /heap_e2. iIntros "". rewrite /heap_e2.
wp_alloc l as "Hl". Show. wp_let. wp_alloc l'. wp_let. wp_alloc l as "Hl". Show. wp_alloc l'.
wp_load. wp_op. wp_store. wp_load. done. wp_load. wp_store. wp_load. done.
Qed. Qed.
Definition heap_e3 : expr := Definition heap_e3 : expr :=
...@@ -60,8 +60,8 @@ Section tests. ...@@ -60,8 +60,8 @@ Section tests.
Lemma heap_e4_spec : WP heap_e4 [{ v, v = #1 }]%I. Lemma heap_e4_spec : WP heap_e4 [{ v, v = #1 }]%I.
Proof. Proof.
rewrite /heap_e4. wp_alloc l. wp_alloc l'. wp_let. rewrite /heap_e4. wp_alloc l. wp_alloc l'.
wp_alloc l''. wp_let. by repeat wp_load. wp_alloc l''. by repeat wp_load.
Qed. Qed.
Definition heap_e5 : expr := Definition heap_e5 : expr :=
...@@ -69,8 +69,8 @@ Section tests. ...@@ -69,8 +69,8 @@ Section tests.
Lemma heap_e5_spec E : WP heap_e5 @ E [{ v, v = #13 }]%I. Lemma heap_e5_spec E : WP heap_e5 @ E [{ v, v = #13 }]%I.
Proof. Proof.
rewrite /heap_e5. wp_alloc l. wp_alloc l'. wp_let. rewrite /heap_e5. wp_alloc l. wp_alloc l'.
wp_op. wp_load. wp_faa. do 2 wp_load. wp_op. done. wp_load. wp_faa. do 2 wp_load. by wp_pures.
Qed. Qed.
Definition heap_e6 : val := λ: "v", "v" = "v". Definition heap_e6 : val := λ: "v", "v" = "v".
...@@ -92,8 +92,7 @@ Section tests. ...@@ -92,8 +92,7 @@ Section tests.
Proof. Proof.
iIntros (Hn) "HΦ". iIntros (Hn) "HΦ".
iInduction (Z.gt_wf n2 n1) as [n1' _] "IH" forall (Hn). iInduction (Z.gt_wf n2 n1) as [n1' _] "IH" forall (Hn).
wp_rec. wp_let. wp_op. wp_let. wp_rec. wp_pures. case_bool_decide; wp_if.
wp_op; case_bool_decide; wp_if.
- iApply ("IH" with "[%] [%] HΦ"); omega. - iApply ("IH" with "[%] [%] HΦ"); omega.
- by assert (n1' = n2 - 1) as -> by omega. - by assert (n1' = n2 - 1) as -> by omega.
Qed. Qed.
...@@ -101,16 +100,15 @@ Section tests. ...@@ -101,16 +100,15 @@ Section tests.
Lemma Pred_spec n E Φ : Φ #(n - 1) - WP Pred #n @ E [{ Φ }]. Lemma Pred_spec n E Φ : Φ #(n - 1) - WP Pred #n @ E [{ Φ }].
Proof. Proof.
iIntros "HΦ". wp_lam. iIntros "HΦ". wp_lam.
wp_op. case_bool_decide; wp_if. wp_op. case_bool_decide.
- wp_op. wp_op. - wp_apply FindPred_spec; first omega. wp_pures.
wp_apply FindPred_spec; first omega. by replace (n - 1) with (- (-n + 2 - 1)) by omega.
wp_op. by replace (n - 1) with (- (-n + 2 - 1)) by omega.
- wp_apply FindPred_spec; eauto with omega. - wp_apply FindPred_spec; eauto with omega.
Qed. Qed.
Lemma Pred_user E : Lemma Pred_user E :
WP let: "x" := Pred #42 in Pred "x" @ E [{ v, v = #40 }]%I. WP let: "x" := Pred #42 in Pred "x" @ E [{ v, v = #40 }]%I.
Proof. iIntros "". wp_apply Pred_spec. wp_let. by wp_apply Pred_spec. Qed. Proof. iIntros "". wp_apply Pred_spec. by wp_apply Pred_spec. Qed.
Lemma wp_apply_evar e P : Lemma wp_apply_evar e P :
P - ( Q Φ, Q - WP e {{ Φ }}) - WP e {{ _, True }}. P - ( Q Φ, Q - WP e {{ Φ }}) - WP e {{ _, True }}.
...@@ -131,6 +129,7 @@ Section tests. ...@@ -131,6 +129,7 @@ Section tests.
WP Alloc #0 {{ _, True }}%I. WP Alloc #0 {{ _, True }}%I.
Proof. wp_alloc l as "_". Show. done. Qed. Proof. wp_alloc l as "_". Show. done. Qed.
Check "wp_nonclosed_value".
Lemma wp_nonclosed_value : Lemma wp_nonclosed_value :
WP let: "x" := #() in (λ: "y", "x")%V #() {{ _, True }}%I. WP let: "x" := #() in (λ: "y", "x")%V #() {{ _, True }}%I.
Proof. wp_let. wp_lam. Fail wp_pure _. Show. Abort. Proof. wp_let. wp_lam. Fail wp_pure _. Show. Abort.
......
...@@ -82,7 +82,7 @@ Section list_reverse. ...@@ -82,7 +82,7 @@ Section list_reverse.
destruct xs as [|x xs]; iSimplifyEq. destruct xs as [|x xs]; iSimplifyEq.
- (* nil *) by wp_match. - (* nil *) by wp_match.
- (* cons *) iDestruct "Hxs" as (l hd') "(% & Hx & Hxs)"; iSimplifyEq. - (* cons *) iDestruct "Hxs" as (l hd') "(% & Hx & Hxs)"; iSimplifyEq.
wp_match. wp_load. wp_proj. wp_let. wp_load. wp_proj. wp_let. wp_pair. wp_store. wp_match. wp_load. wp_load. wp_store.
rewrite reverse_cons -assoc. rewrite reverse_cons -assoc.
iApply ("IH" $! hd' (InjRV #l) xs (x :: ys) with "Hxs [Hx Hys]"). iApply ("IH" $! hd' (InjRV #l) xs (x :: ys) with "Hxs [Hx Hys]").
iExists l, acc; by iFrame. iExists l, acc; by iFrame.
......
...@@ -36,7 +36,7 @@ Proof. ...@@ -36,7 +36,7 @@ Proof.
iSimplifyEq; wp_rec; wp_let. iSimplifyEq; wp_rec; wp_let.
- Show. wp_match. by iApply "HΦ". - Show. wp_match. by iApply "HΦ".
- iDestruct "Hxs" as (l hd' ->) "[Hx Hxs]". - iDestruct "Hxs" as (l hd' ->) "[Hx Hxs]".
wp_match. wp_load. wp_proj. wp_let. wp_load. wp_proj. wp_let. wp_pair. wp_store. wp_load. wp_load. wp_store.
iApply ("IH" $! hd' (SOMEV #l) (x :: ys) with "Hxs [Hx Hys]"); simpl. iApply ("IH" $! hd' (SOMEV #l) (x :: ys) with "Hxs [Hx Hys]"); simpl.
{ iExists l, acc; by iFrame. } { iExists l, acc; by iFrame. }
iIntros (w). rewrite cons_middle assoc -reverse_cons. iApply "HΦ". iIntros (w). rewrite cons_middle assoc -reverse_cons. iApply "HΦ".
......
...@@ -43,12 +43,12 @@ Lemma wp_one_shot (Φ : val → iProp Σ) : ...@@ -43,12 +43,12 @@ Lemma wp_one_shot (Φ : val → iProp Σ) :
WP one_shot_example #() {{ Φ }}. WP one_shot_example #() {{ Φ }}.
Proof. Proof.
iIntros "Hf /=". pose proof (nroot .@ "N") as N. iIntros "Hf /=". pose proof (nroot .@ "N") as N.
rewrite -wp_fupd /one_shot_example /=. wp_lam. wp_inj. wp_alloc l as "Hl". wp_let. rewrite -wp_fupd. wp_lam. wp_alloc l as "Hl".
iMod (own_alloc Pending) as (γ) "Hγ"; first done. iMod (own_alloc Pending) as (γ) "Hγ"; first done.
iMod (inv_alloc N _ (one_shot_inv γ l) with "[Hl Hγ]") as "#HN". iMod (inv_alloc N _ (one_shot_inv γ l) with "[Hl Hγ]") as "#HN".
{ iNext. iLeft. by iSplitL "Hl". } { iNext. iLeft. by iSplitL "Hl". }
wp_closure. wp_closure. wp_pair. iModIntro. iApply "Hf"; iSplit. wp_pures. iModIntro. iApply "Hf"; iSplit.
- iIntros (n) "!#". wp_lam. wp_inj. wp_inj. - iIntros (n) "!#". wp_lam. wp_pures.
iInv N as ">[[Hl Hγ]|H]"; last iDestruct "H" as (m) "[Hl Hγ]". iInv N as ">[[Hl Hγ]|H]"; last iDestruct "H" as (m) "[Hl Hγ]".
+ iMod (own_update with "Hγ") as "Hγ". + iMod (own_update with "Hγ") as "Hγ".
{ by apply cmra_update_exclusive with (y:=Shot n). } { by apply cmra_update_exclusive with (y:=Shot n). }
...@@ -70,18 +70,17 @@ Proof. ...@@ -70,18 +70,17 @@ Proof.
+ Show. iSplit. iLeft; by iSplitL "Hl". eauto. + Show. iSplit. iLeft; by iSplitL "Hl". eauto.
+ iSplit. iRight; iExists m; by iSplitL "Hl". eauto. } + iSplit. iRight; iExists m; by iSplitL "Hl". eauto. }
iSplitL "Hinv"; first by eauto. iSplitL "Hinv"; first by eauto.
iModIntro. wp_let. wp_closure. iIntros "!#". wp_lam. iModIntro. wp_pures. iIntros "!#". wp_lam.
iDestruct "Hv" as "[%|Hv]"; last iDestruct "Hv" as (m) "[% Hγ']"; subst. iDestruct "Hv" as "[%|Hv]"; last iDestruct "Hv" as (m) "[% Hγ']";
{ by wp_match. } subst; wp_match; [done|].
wp_match. wp_bind (! _)%E. wp_bind (! _)%E.
iInv N as "[[Hl >Hγ]|H]"; last iDestruct "H" as (m') "[Hl Hγ]". iInv N as "[[Hl >Hγ]|H]"; last iDestruct "H" as (m') "[Hl Hγ]".
{ by iDestruct (own_valid_2 with "Hγ Hγ'") as %?. } { by iDestruct (own_valid_2 with "Hγ Hγ'") as %?. }
wp_load. Show. wp_load. Show.
iDestruct (own_valid_2 with "Hγ Hγ'") as %?%agree_op_invL'; subst. iDestruct (own_valid_2 with "Hγ Hγ'") as %?%agree_op_invL'; subst.
iModIntro. iSplitL "Hl". iModIntro. iSplitL "Hl".
{ iNext; iRight; by eauto. } { iNext; iRight; by eauto. }
wp_match. iApply wp_assert. wp_apply wp_assert. wp_pures. by case_bool_decide.
wp_op. by case_bool_decide.
Qed. Qed.
Lemma ht_one_shot (Φ : val iProp Σ) : Lemma ht_one_shot (Φ : val iProp Σ) :
...@@ -92,8 +91,7 @@ Lemma ht_one_shot (Φ : val → iProp Σ) : ...@@ -92,8 +91,7 @@ Lemma ht_one_shot (Φ : val → iProp Σ) :
}}. }}.
Proof. Proof.
iIntros "!# _". iApply wp_one_shot. iIntros (f1 f2) "[#Hf1 #Hf2]"; iSplit. iIntros "!# _". iApply wp_one_shot. iIntros (f1 f2) "[#Hf1 #Hf2]"; iSplit.
- iIntros (n) "!# _". wp_proj. iApply "Hf1". - iIntros (n) "!# _". wp_apply "Hf1".
- iIntros "!# _". wp_proj. - iIntros "!# _". wp_apply (wp_wand with "Hf2"). by iIntros (v) "#? !# _".
iApply (wp_wand with "Hf2"). by iIntros (v) "#? !# _".
Qed. Qed.
End proof. End proof.
...@@ -42,13 +42,11 @@ Proof. ...@@ -42,13 +42,11 @@ Proof.
iIntros (Φ) "[Hl Ht] HΦ". iIntros (Φ) "[Hl Ht] HΦ".
iInduction t as [n'|tl ? tr] "IH" forall (v l n Φ); simpl; wp_rec; wp_let. iInduction t as [n'|tl ? tr] "IH" forall (v l n Φ); simpl; wp_rec; wp_let.
- iDestruct "Ht" as "%"; subst. - iDestruct "Ht" as "%"; subst.
wp_match. wp_load. wp_op. wp_store. wp_load. wp_store.
by iApply ("HΦ" with "[$Hl]"). by iApply ("HΦ" with "[$Hl]").
- iDestruct "Ht" as (ll lr vl vr ->) "(Hll & Htl & Hlr & Htr)". - iDestruct "Ht" as (ll lr vl vr ->) "(Hll & Htl & Hlr & Htr)".
wp_match. wp_proj. wp_load. wp_load. wp_apply ("IH" with "Hl Htl"). iIntros "[Hl Htl]".
wp_apply ("IH" with "Hl Htl"). iIntros "[Hl Htl]". wp_load. wp_apply ("IH1" with "Hl Htr"). iIntros "[Hl Htr]".
wp_seq. wp_proj. wp_load.
wp_apply ("IH1" with "Hl Htr"). iIntros "[Hl Htr]".
iApply "HΦ". iSplitL "Hl". iApply "HΦ". iSplitL "Hl".
{ by replace (sum tl + sum tr + n) with (sum tr + (sum tl + n)) by omega. } { by replace (sum tl + sum tr + n) with (sum tr + (sum tl + n)) by omega. }
iExists ll, lr, vl, vr. by iFrame. iExists ll, lr, vl, vr. by iFrame.
...@@ -58,8 +56,8 @@ Lemma sum_wp `{!heapG Σ} v t : ...@@ -58,8 +56,8 @@ Lemma sum_wp `{!heapG Σ} v t :
[[{ is_tree v t }]] sum' v [[{ RET #(sum t); is_tree v t }]]. [[{ is_tree v t }]] sum' v [[{ RET #(sum t); is_tree v t }]].
Proof. Proof.
iIntros (Φ) "Ht HΦ". rewrite /sum' /=. iIntros (Φ) "Ht HΦ". rewrite /sum' /=.
wp_lam. wp_alloc l as "Hl". wp_let. wp_lam. wp_alloc l as "Hl".
wp_apply (sum_loop_wp with "[$Hl $Ht]"). wp_apply (sum_loop_wp with "[$Hl $Ht]").
rewrite Z.add_0_r. rewrite Z.add_0_r.
iIntros "[Hl Ht]". wp_seq. wp_load. by iApply "HΦ". iIntros "[Hl Ht]". wp_load. by iApply "HΦ".
Qed. Qed.
...@@ -10,15 +10,17 @@ Definition assert : val := ...@@ -10,15 +10,17 @@ Definition assert : val :=
Notation "'assert:' e" := (assert (λ: <>, e))%E (at level 99) : expr_scope. Notation "'assert:' e" := (assert (λ: <>, e))%E (at level 99) : expr_scope.
Lemma twp_assert `{heapG Σ} E (Φ : val iProp Σ) e : Lemma twp_assert `{heapG Σ} E (Φ : val iProp Σ) e :
WP e @ E [{ v, v = #true Φ #() }] - WP assert: e @ E [{ Φ }]. WP e @ E [{ v, v = #true Φ #() }] -
WP assert (LamV BAnon e)%V @ E [{ Φ }].
Proof. Proof.
iIntros "HΦ". rewrite /assert. wp_closure. wp_lam. wp_lam. iIntros "HΦ". wp_lam.
wp_apply (twp_wand with "HΦ"). iIntros (v) "[% ?]"; subst. by wp_if. wp_apply (twp_wand with "HΦ"). iIntros (v) "[% ?]"; subst. by wp_if.
Qed. Qed.
Lemma wp_assert `{heapG Σ} E (Φ : val iProp Σ) e : Lemma wp_assert `{heapG Σ} E (Φ : val iProp Σ) e :
WP e @ E {{ v, v = #true Φ #() }} - WP assert: e @ E {{ Φ }}. WP e @ E {{ v, v = #true Φ #() }} -
WP assert (LamV BAnon e)%V @ E {{ Φ }}.
Proof. Proof.
iIntros "HΦ". rewrite /assert. wp_closure. wp_lam. wp_lam. iIntros "HΦ". wp_lam.
wp_apply (wp_wand with "HΦ"). iIntros (v) "[% ?]"; subst. by wp_if. wp_apply (wp_wand with "HΦ"). iIntros (v) "[% ?]"; subst. by wp_if.
Qed. Qed.
...@@ -36,11 +36,11 @@ Section coinflip. ...@@ -36,11 +36,11 @@ Section coinflip.
Lemma rand_spec : Lemma rand_spec :
{{{ True }}} rand #() {{{ (b : bool), RET #b; True }}}. {{{ True }}} rand #() {{{ (b : bool), RET #b; True }}}.
Proof. Proof.
iIntros (Φ) "_ HP". wp_lam. wp_alloc l as "Hl". wp_let. iIntros (Φ) "_ HP". wp_lam. wp_alloc l as "Hl".
iMod (inv_alloc N _ ( (b: bool), l #b)%I with "[Hl]") as "#Hinv"; first by eauto. iMod (inv_alloc N _ ( (b: bool), l #b)%I with "[Hl]") as "#Hinv"; first by eauto.
wp_apply wp_fork. wp_apply wp_fork.
- iInv N as (b) ">Hl". wp_store. iModIntro. iSplitL; eauto. - iInv N as (b) ">Hl". wp_store. iModIntro. iSplitL; eauto.
- wp_seq. iInv N as (b) ">Hl". wp_load. iModIntro. iSplitL "Hl"; first by eauto. - wp_pures. iInv N as (b) ">Hl". wp_load. iModIntro. iSplitL "Hl"; first by eauto.
iApply "HP". done. iApply "HP". done.
Qed. Qed.
...@@ -82,8 +82,8 @@ Section coinflip. ...@@ -82,8 +82,8 @@ Section coinflip.
iDestruct "Hl" as (v') "Hl". iDestruct "Hl" as (v') "Hl".
wp_store. wp_store.
iMod ("Hclose" $! (val_to_bool v) with "[Hl]") as "HΦ"; first by eauto. iMod ("Hclose" $! (val_to_bool v) with "[Hl]") as "HΦ"; first by eauto.
iModIntro. wp_seq. wp_apply rand_spec; try done. iModIntro. wp_apply rand_spec; try done.
iIntros (b') "_". wp_let. iIntros (b') "_".
wp_apply (wp_resolve_proph with "Hp"). wp_apply (wp_resolve_proph with "Hp").
iIntros (->). wp_seq. done. iIntros (->). wp_seq. done.
Qed. Qed.
......
...@@ -49,7 +49,7 @@ Section mono_proof. ...@@ -49,7 +49,7 @@ Section mono_proof.
iDestruct "Hl" as (γ) "[#? Hγf]". iDestruct "Hl" as (γ) "[#? Hγf]".
wp_bind (! _)%E. iInv N as (c) ">[Hγ Hl]". wp_bind (! _)%E. iInv N as (c) ">[Hγ Hl]".
wp_load. iModIntro. iSplitL "Hl Hγ"; [iNext; iExists c; by iFrame|]. wp_load. iModIntro. iSplitL "Hl Hγ"; [iNext; iExists c; by iFrame|].
wp_let. wp_op. wp_pures.
wp_bind (CAS _ _ _). iInv N as (c') ">[Hγ Hl]". wp_bind (CAS _ _ _). iInv N as (c') ">[Hγ Hl]".
destruct (decide (c' = c)) as [->|]. destruct (decide (c' = c)) as [->|].
- iDestruct (own_valid_2 with "Hγ Hγf") - iDestruct (own_valid_2 with "Hγ Hγf")
...@@ -126,7 +126,7 @@ Section contrib_spec. ...@@ -126,7 +126,7 @@ Section contrib_spec.
iIntros (Φ) "[#? Hγf] HΦ". iLöb as "IH". wp_rec. iIntros (Φ) "[#? Hγf] HΦ". iLöb as "IH". wp_rec.
wp_bind (! _)%E. iInv N as (c) ">[Hγ Hl]". wp_bind (! _)%E. iInv N as (c) ">[Hγ Hl]".
wp_load. iModIntro. iSplitL "Hl Hγ"; [iNext; iExists c; by iFrame|]. wp_load. iModIntro. iSplitL "Hl Hγ"; [iNext; iExists c; by iFrame|].
wp_let. wp_op. wp_pures.
wp_bind (CAS _ _ _). iInv N as (c') ">[Hγ Hl]". wp_bind (CAS _ _ _). iInv N as (c') ">[Hγ Hl]".
destruct (decide (c' = c)) as [->|]. destruct (decide (c' = c)) as [->|].
- iMod (own_update_2 with "Hγ Hγf") as "[Hγ Hγf]". - iMod (own_update_2 with "Hγ Hγf") as "[Hγ Hγf]".
......
...@@ -30,7 +30,7 @@ Section increment. ...@@ -30,7 +30,7 @@ Section increment.
iIntros (x) "H↦". iAaccIntro with "H↦"; first by eauto with iFrame. iIntros (x) "H↦". iAaccIntro with "H↦"; first by eauto with iFrame.
iIntros "$ !> AU !> _". iIntros "$ !> AU !> _".
(* Now go on *) (* Now go on *)
wp_let. wp_op. wp_apply cas_spec; [done|iAccu|]. wp_apply cas_spec; [done|iAccu|].
(* Prove the atomic update for CAS *) (* Prove the atomic update for CAS *)
iAuIntro. iApply (aacc_aupd with "AU"); first done. iAuIntro. iApply (aacc_aupd with "AU"); first done.
iIntros (x') "H↦". iAaccIntro with "H↦"; first by eauto with iFrame. iIntros (x') "H↦". iAaccIntro with "H↦"; first by eauto with iFrame.
...@@ -58,8 +58,7 @@ Section increment. ...@@ -58,8 +58,7 @@ Section increment.
Proof. Proof.
iIntros "Hl". iApply wp_atomic_intro. iIntros (Φ) "AU". wp_lam. iIntros "Hl". iApply wp_atomic_intro. iIntros (Φ) "AU". wp_lam.
wp_apply (atomic_wp_seq $! (load_spec _) with "Hl"). wp_apply (atomic_wp_seq $! (load_spec _) with "Hl").
iIntros "Hl". wp_let. wp_op. iIntros "Hl". wp_apply store_spec; first by iAccu.
wp_apply store_spec; first by iAccu.
(* Prove the atomic update for store *) (* Prove the atomic update for store *)
iAuIntro. iApply (aacc_aupd_commit with "AU"); first done. iAuIntro. iApply (aacc_aupd_commit with "AU"); first done.
iIntros (x) "H↦". iIntros (x) "H↦".
...@@ -85,7 +84,7 @@ Section increment_client. ...@@ -85,7 +84,7 @@ Section increment_client.
Lemma incr_client_safe (x: Z): Lemma incr_client_safe (x: Z):
WP incr_client #x {{ _, True }}%I. WP incr_client #x {{ _, True }}%I.
Proof using Type*. Proof using Type*.
wp_lam. wp_alloc l as "Hl". wp_let. wp_lam. wp_alloc l as "Hl".
iMod (inv_alloc nroot _ (x':Z, l #x')%I with "[Hl]") as "#Hinv"; first eauto. iMod (inv_alloc nroot _ (x':Z, l #x')%I with "[Hl]") as "#Hinv"; first eauto.
(* FIXME: I am only using persistent stuff, so I should be allowed (* FIXME: I am only using persistent stuff, so I should be allowed
to move this to the persisten context even without the additional □. *) to move this to the persisten context even without the additional □. *)
...@@ -96,7 +95,7 @@ Section increment_client. ...@@ -96,7 +95,7 @@ Section increment_client.
(* The continuation: From after the atomic triple to the postcondition of the WP *) (* The continuation: From after the atomic triple to the postcondition of the WP *)
done. done.
} }
wp_apply wp_par. wp_apply par_spec; wp_pures.
- iAssumption. - iAssumption.
- iAssumption. - iAssumption.
- iIntros (??) "_ !>". done. - iIntros (??) "_ !>". done.
......
...@@ -26,13 +26,12 @@ Lemma par_spec (Ψ1 Ψ2 : val → iProp Σ) (f1 f2 : val) (Φ : val → iProp Σ ...@@ -26,13 +26,12 @@ Lemma par_spec (Ψ1 Ψ2 : val → iProp Σ) (f1 f2 : val) (Φ : val → iProp Σ
( v1 v2, Ψ1 v1 Ψ2 v2 - Φ (v1,v2)%V) - ( v1 v2, Ψ1 v1 Ψ2 v2 - Φ (v1,v2)%V) -
WP par f1 f2 {{ Φ }}. WP par f1 f2 {{ Φ }}.
Proof. Proof.
iIntros "Hf1 Hf2 HΦ". iIntros "Hf1 Hf2 HΦ". wp_lam. wp_let.
rewrite /par /=. wp_lam. wp_let.
wp_apply (spawn_spec parN with "Hf1"). wp_apply (spawn_spec parN with "Hf1").
iIntros (l) "Hl". wp_let. wp_bind (f2 _). iIntros (l) "Hl". wp_let. wp_bind (f2 _).
wp_apply (wp_wand with "Hf2"); iIntros (v) "H2". wp_let. wp_apply (wp_wand with "Hf2"); iIntros (v) "H2". wp_let.
wp_apply (join_spec with "[$Hl]"). iIntros (w) "H1". wp_apply (join_spec with "[$Hl]"). iIntros (w) "H1".
iSpecialize ("HΦ" with "[-]"); first by iSplitL "H1". wp_let. by wp_pair. iSpecialize ("HΦ" with "[-]"); first by iSplitL "H1". by wp_pures.
Qed. Qed.
Lemma wp_par (Ψ1 Ψ2 : val iProp Σ) (e1 e2 : expr) (Φ : val iProp Σ) : Lemma wp_par (Ψ1 Ψ2 : val iProp Σ) (e1 e2 : expr) (Φ : val iProp Σ) :
...@@ -40,7 +39,7 @@ Lemma wp_par (Ψ1 Ψ2 : val → iProp Σ) (e1 e2 : expr) (Φ : val → iProp Σ) ...@@ -40,7 +39,7 @@ Lemma wp_par (Ψ1 Ψ2 : val → iProp Σ) (e1 e2 : expr) (Φ : val → iProp Σ)
( v1 v2, Ψ1 v1 Ψ2 v2 - Φ (v1,v2)%V) - ( v1 v2, Ψ1 v1 Ψ2 v2 - Φ (v1,v2)%V) -
WP e1 ||| e2 {{ Φ }}. WP e1 ||| e2 {{ Φ }}.
Proof. Proof.
iIntros "H1 H2 H". do 2 wp_closure. iIntros "H1 H2 H".
iApply (par_spec Ψ1 Ψ2 with "[H1] [H2] [H]"); [by wp_lam..|auto]. wp_apply (par_spec Ψ1 Ψ2 with "[H1] [H2] [H]"); [by wp_lam..|auto].
Qed. Qed.
End proof. End proof.
...@@ -48,8 +48,8 @@ Lemma spawn_spec (Ψ : val → iProp Σ) e (f : val) : ...@@ -48,8 +48,8 @@ Lemma spawn_spec (Ψ : val → iProp Σ) e (f : val) :
IntoVal e f IntoVal e f
{{{ WP f #() {{ Ψ }} }}} spawn e {{{ l, RET #l; join_handle l Ψ }}}. {{{ WP f #() {{ Ψ }} }}} spawn e {{{ l, RET #l; join_handle l Ψ }}}.
Proof. Proof.
iIntros (<- Φ) "Hf HΦ". rewrite /spawn /=. iIntros (<- Φ) "Hf HΦ". rewrite /spawn /=. wp_lam.
wp_lam. wp_inj. wp_alloc l as "Hl". wp_let. wp_alloc l as "Hl".
iMod (own_alloc (Excl ())) as (γ) "Hγ"; first done. iMod (own_alloc (Excl ())) as (γ) "Hγ"; first done.
iMod (inv_alloc N _ (spawn_inv γ l Ψ) with "[Hl]") as "#?". iMod (inv_alloc N _ (spawn_inv γ l Ψ) with "[Hl]") as "#?".
{ iNext. iExists NONEV. iFrame; eauto. } { iNext. iExists NONEV. iFrame; eauto. }
...@@ -57,7 +57,7 @@ Proof. ...@@ -57,7 +57,7 @@ Proof.
- iNext. wp_bind (f _). iApply (wp_wand with "Hf"); iIntros (v) "Hv". - iNext. wp_bind (f _). iApply (wp_wand with "Hf"); iIntros (v) "Hv".
wp_inj. iInv N as (v') "[Hl _]". wp_inj. iInv N as (v') "[Hl _]".
wp_store. iSplitL; last done. iIntros "!> !>". iExists (SOMEV v). iFrame. eauto. wp_store. iSplitL; last done. iIntros "!> !>". iExists (SOMEV v). iFrame. eauto.
- wp_seq. iApply "HΦ". rewrite /join_handle. eauto. - wp_pures. iApply "HΦ". rewrite /join_handle. eauto.
Qed. Qed.
Lemma join_spec (Ψ : val iProp Σ) l : Lemma join_spec (Ψ : val iProp Σ) l :
...@@ -67,10 +67,10 @@ Proof. ...@@ -67,10 +67,10 @@ Proof.
iLöb as "IH". wp_rec. wp_bind (! _)%E. iInv N as (v) "[Hl Hinv]". iLöb as "IH". wp_rec. wp_bind (! _)%E. iInv N as (v) "[Hl Hinv]".
wp_load. iDestruct "Hinv" as "[%|Hinv]"; subst. wp_load. iDestruct "Hinv" as "[%|Hinv]"; subst.
- iModIntro. iSplitL "Hl"; [iNext; iExists _; iFrame; eauto|]. - iModIntro. iSplitL "Hl"; [iNext; iExists _; iFrame; eauto|].
wp_match. iApply ("IH" with "Hγ [HΦ]"). auto. wp_apply ("IH" with "Hγ [HΦ]"). auto.
- iDestruct "Hinv" as (v' ->) "[HΨ|Hγ']". - iDestruct "Hinv" as (v' ->) "[HΨ|Hγ']".
+ iModIntro. iSplitL "Hl Hγ"; [iNext; iExists _; iFrame; eauto|]. + iModIntro. iSplitL "Hl Hγ"; [iNext; iExists _; iFrame; eauto|].
wp_match. by iApply "HΦ". wp_pures. by iApply "HΦ".
+ iDestruct (own_valid_2 with "Hγ Hγ'") as %[]. + iDestruct (own_valid_2 with "Hγ Hγ'") as %[].
Qed. Qed.
End proof. End proof.
......
...@@ -73,33 +73,33 @@ Section proof. ...@@ -73,33 +73,33 @@ Section proof.
Lemma newlock_spec (R : iProp Σ) : Lemma newlock_spec (R : iProp Σ) :
{{{ R }}} newlock #() {{{ lk γ, RET lk; is_lock γ lk R }}}. {{{ R }}} newlock #() {{{ lk γ, RET lk; is_lock γ lk R }}}.
Proof. Proof.
iIntros (Φ) "HR HΦ". rewrite -wp_fupd /newlock /=. repeat wp_proj. iIntros (Φ) "HR HΦ". rewrite -wp_fupd. wp_lam.
wp_lam. wp_alloc ln as "Hln". wp_alloc lo as "Hlo". wp_alloc ln as "Hln". wp_alloc lo as "Hlo".
iMod (own_alloc ( (Excl' 0%nat, GSet ) (Excl' 0%nat, GSet ))) as (γ) "[Hγ Hγ']". iMod (own_alloc ( (Excl' 0%nat, GSet ) (Excl' 0%nat, GSet ))) as (γ) "[Hγ Hγ']".
{ by rewrite -auth_both_op. }