Commit 4d8c4ac8 authored by Robbert Krebbers's avatar Robbert Krebbers

More introduction patterns.

Also make those for introduction and elimination more symmetric:

  !%   pure introduction         %        pure elimination
  !#   always introduction       #        always elimination
  !>   later introduction        > pat    timeless later elimination
  !==> view shift introduction   ==> pat  view shift elimination
parent 1f589858
...@@ -93,14 +93,14 @@ Rewriting ...@@ -93,14 +93,14 @@ Rewriting
Iris Iris
---- ----
- `iPvsIntro` : introduction of a primitive view shift. Generates a goal if - `iVsIntro` : introduction of a raw or primitive view shift.
the masks are not syntactically equal. - `iVs pm_trm as (x1 ... xn) "ipat"` : run a raw or primitive view shift
- `iPvs pm_trm as (x1 ... xn) "ipat"` : runs a primitive view shift `pm_trm`. `pm_trm` (if the goal permits, i.e. it is a raw or primitive view shift, or
a weakest precondition).
- `iInv N as (x1 ... xn) "ipat"` : open the invariant `N`. - `iInv N as (x1 ... xn) "ipat"` : open the invariant `N`.
- `iInv> N as (x1 ... xn) "ipat"` : open the invariant `N` and establish that - `iTimeless "H"` : strip a later of a timeless hypothesis `H` (if the goal
it is timeless so no laters have to be added. permits, i.e. it is a later, True now, raw or primitive view shift, or a
- `iTimeless "H"` : strip a later of a timeless hypotheses `H` in case the weakest precondition).
conclusion is a primitive view shifts or weakest precondition.
Miscellaneous Miscellaneous
------------- -------------
...@@ -123,20 +123,24 @@ introduction patterns: ...@@ -123,20 +123,24 @@ introduction patterns:
- `?` : create an anonymous hypothesis. - `?` : create an anonymous hypothesis.
- `_` : remove the hypothesis. - `_` : remove the hypothesis.
- `$` : frame the hypothesis in the goal. - `$` : frame the hypothesis in the goal.
- `# ipat` : move the hypothesis to the persistent context.
- `%` : move the hypothesis to the pure Coq context (anonymously).
- `[ipat ipat]` : (separating) conjunction elimination. - `[ipat ipat]` : (separating) conjunction elimination.
- `[ipat|ipat]` : disjunction elimination. - `[ipat|ipat]` : disjunction elimination.
- `[]` : false elimination. - `[]` : false elimination.
- `%` : move the hypothesis to the pure Coq context (anonymously).
- `# ipat` : move the hypothesis to the persistent context.
- `> ipat` : remove a later of a timeless hypothesis (if the goal permits).
- `==> ipat` : run a view shift (if the goal permits).
Apart from this, there are the following introduction patterns that can only Apart from this, there are the following introduction patterns that can only
appear at the top level: appear at the top level:
- `!` : introduce a box (provided that the spatial context is empty).
- `>` : introduce a later (which strips laters from all hypotheses).
- `{H1 ... Hn}` : clear `H1 ... Hn`. - `{H1 ... Hn}` : clear `H1 ... Hn`.
- `{$H1 ... $Hn}` : frame `H1 ... Hn` (this pattern can be mixed with the - `{$H1 ... $Hn}` : frame `H1 ... Hn` (this pattern can be mixed with the
previous pattern, e.g., `{$H1 H2 $H3}`). previous pattern, e.g., `{$H1 H2 $H3}`).
- `!%` : introduce a pure goal (and leave the proof mode).
- `!#` : introduce an always modality (given that the spatial context is empty).
- `!>` : introduce a later (which strips laters from all hypotheses).
- `!==>` : introduce a view shift.
- `/=` : perform `simpl`. - `/=` : perform `simpl`.
- `*` : introduce all universal quantifiers. - `*` : introduce all universal quantifiers.
- `**` : introduce all universal quantifiers, as well as all arrows and wands. - `**` : introduce all universal quantifiers, as well as all arrows and wands.
...@@ -147,7 +151,7 @@ For example, given: ...@@ -147,7 +151,7 @@ For example, given:
You can write You can write
iIntros (x) "% ! $ [[] | #[HQ HR]] /= >". iIntros (x) "% !# $ [[] | #[HQ HR]] /= !>".
which results in: which results in:
...@@ -173,7 +177,7 @@ so called specification patterns to express this splitting: ...@@ -173,7 +177,7 @@ so called specification patterns to express this splitting:
- `[H1 ... Hn]` : generate a goal with the spatial hypotheses `H1 ... Hn` and - `[H1 ... Hn]` : generate a goal with the spatial hypotheses `H1 ... Hn` and
all persistent hypotheses. The hypotheses `H1 ... Hn` will be consumed. all persistent hypotheses. The hypotheses `H1 ... Hn` will be consumed.
- `[-H1 ... Hn]` : negated form of the above pattern - `[-H1 ... Hn]` : negated form of the above pattern
- `=>[H1 ... Hn]` : same as the above pattern, but can only be used if the goal - `==>[H1 ... Hn]` : same as the above pattern, but can only be used if the goal
is a primitive view shift, in which case the view shift will be kept in the is a primitive view shift, in which case the view shift will be kept in the
goal of the premise too. goal of the premise too.
- `[#]` : This pattern can be used when eliminating `P -★ Q` when either `P` or - `[#]` : This pattern can be used when eliminating `P -★ Q` when either `P` or
......
...@@ -164,7 +164,7 @@ Section heap. ...@@ -164,7 +164,7 @@ Section heap.
iVs (auth_open with "[Hh]") as (h) "[Hv [Hh Hclose]]"; eauto. iVs (auth_open with "[Hh]") as (h) "[Hv [Hh Hclose]]"; eauto.
rewrite left_id /heap_inv. iDestruct "Hv" as %?. rewrite left_id /heap_inv. iDestruct "Hv" as %?.
iApply wp_alloc_pst. iFrame "Hh". iNext. iApply wp_alloc_pst. iFrame "Hh". iNext.
iIntros (l) "[% Hh]"; iVsIntro. iIntros (l) "[% Hh] !==>".
iVs ("Hclose" $! {[ l := (1%Qp, DecAgree v) ]} with "[Hh]"). iVs ("Hclose" $! {[ l := (1%Qp, DecAgree v) ]} with "[Hh]").
{ rewrite -of_heap_insert -(insert_singleton_op h); last by apply of_heap_None. { rewrite -of_heap_insert -(insert_singleton_op h); last by apply of_heap_None.
iFrame "Hh". iPureIntro. iFrame "Hh". iPureIntro.
...@@ -183,7 +183,7 @@ Section heap. ...@@ -183,7 +183,7 @@ Section heap.
rewrite /heap_inv. rewrite /heap_inv.
iApply (wp_load_pst _ (<[l:=v]>(of_heap h)));first by rewrite lookup_insert. iApply (wp_load_pst _ (<[l:=v]>(of_heap h)));first by rewrite lookup_insert.
rewrite of_heap_singleton_op //. iFrame "Hl". rewrite of_heap_singleton_op //. iFrame "Hl".
iIntros "> Hown". iVsIntro. iVs ("Hclose" with "* [Hown]"). iIntros "!> Hown !==>". iVs ("Hclose" with "* [Hown]").
{ iSplit; first done. rewrite of_heap_singleton_op //. by iFrame. } { iSplit; first done. rewrite of_heap_singleton_op //. by iFrame. }
by iApply "HΦ". by iApply "HΦ".
Qed. Qed.
...@@ -199,7 +199,7 @@ Section heap. ...@@ -199,7 +199,7 @@ Section heap.
rewrite /heap_inv. rewrite /heap_inv.
iApply (wp_store_pst _ (<[l:=v']>(of_heap h))); rewrite ?lookup_insert //. iApply (wp_store_pst _ (<[l:=v']>(of_heap h))); rewrite ?lookup_insert //.
rewrite insert_insert !of_heap_singleton_op; eauto. iFrame "Hl". rewrite insert_insert !of_heap_singleton_op; eauto. iFrame "Hl".
iIntros "> Hl". iVsIntro. iIntros "!> Hl !==>".
iVs ("Hclose" $! {[l := (1%Qp, DecAgree v)]} with "[Hl]"). iVs ("Hclose" $! {[l := (1%Qp, DecAgree v)]} with "[Hl]").
{ iSplit. { iSplit.
- iPureIntro; by apply singleton_local_update, exclusive_local_update. - iPureIntro; by apply singleton_local_update, exclusive_local_update.
...@@ -218,7 +218,7 @@ Section heap. ...@@ -218,7 +218,7 @@ Section heap.
rewrite /heap_inv. rewrite /heap_inv.
iApply (wp_cas_fail_pst _ (<[l:=v']>(of_heap h))); rewrite ?lookup_insert //. iApply (wp_cas_fail_pst _ (<[l:=v']>(of_heap h))); rewrite ?lookup_insert //.
rewrite of_heap_singleton_op //. iFrame "Hl". rewrite of_heap_singleton_op //. iFrame "Hl".
iIntros "> Hown". iVsIntro. iVs ("Hclose" with "* [Hown]"). iIntros "!> Hown !==>". iVs ("Hclose" with "* [Hown]").
{ iSplit; first done. rewrite of_heap_singleton_op //. by iFrame. } { iSplit; first done. rewrite of_heap_singleton_op //. by iFrame. }
by iApply "HΦ". by iApply "HΦ".
Qed. Qed.
...@@ -234,7 +234,7 @@ Section heap. ...@@ -234,7 +234,7 @@ Section heap.
rewrite /heap_inv. rewrite /heap_inv.
iApply (wp_cas_suc_pst _ (<[l:=v1]>(of_heap h))); rewrite ?lookup_insert //. iApply (wp_cas_suc_pst _ (<[l:=v1]>(of_heap h))); rewrite ?lookup_insert //.
rewrite insert_insert !of_heap_singleton_op; eauto. iFrame "Hl". rewrite insert_insert !of_heap_singleton_op; eauto. iFrame "Hl".
iIntros "> Hl". iVsIntro. iIntros "!> Hl !==>".
iVs ("Hclose" $! {[l := (1%Qp, DecAgree v2)]} with "[Hl]"). iVs ("Hclose" $! {[l := (1%Qp, DecAgree v2)]} with "[Hl]").
{ iSplit. { iSplit.
- iPureIntro; by apply singleton_local_update, exclusive_local_update. - iPureIntro; by apply singleton_local_update, exclusive_local_update.
......
...@@ -96,7 +96,7 @@ Lemma newbarrier_spec (P : iProp Σ) (Φ : val → iProp Σ) : ...@@ -96,7 +96,7 @@ Lemma newbarrier_spec (P : iProp Σ) (Φ : val → iProp Σ) :
Proof. Proof.
iIntros (HN) "[#? HΦ]". iIntros (HN) "[#? HΦ]".
rewrite /newbarrier. wp_seq. wp_alloc l as "Hl". rewrite /newbarrier. wp_seq. wp_alloc l as "Hl".
iApply ("HΦ" with "|==>[-]"). iApply ("HΦ" with "==>[-]").
iVs (saved_prop_alloc (F:=idCF) P) as (γ) "#?". iVs (saved_prop_alloc (F:=idCF) P) as (γ) "#?".
iVs (sts_alloc (barrier_inv l P) _ N (State Low {[ γ ]}) with "[-]") iVs (sts_alloc (barrier_inv l P) _ N (State Low {[ γ ]}) with "[-]")
as (γ') "[#? Hγ']"; eauto. as (γ') "[#? Hγ']"; eauto.
...@@ -105,7 +105,7 @@ Proof. ...@@ -105,7 +105,7 @@ Proof.
iAssert (barrier_ctx γ' l P)%I as "#?". iAssert (barrier_ctx γ' l P)%I as "#?".
{ rewrite /barrier_ctx. by repeat iSplit. } { rewrite /barrier_ctx. by repeat iSplit. }
iAssert (sts_ownS γ' (i_states γ) {[Change γ]} iAssert (sts_ownS γ' (i_states γ) {[Change γ]}
sts_ownS γ' low_states {[Send]})%I with "|==>[-]" as "[Hr Hs]". sts_ownS γ' low_states {[Send]})%I with "==>[-]" as "[Hr Hs]".
{ iApply sts_ownS_op; eauto using i_states_closed, low_states_closed. { iApply sts_ownS_op; eauto using i_states_closed, low_states_closed.
- set_solver. - set_solver.
- iApply (sts_own_weaken with "Hγ'"); - iApply (sts_own_weaken with "Hγ'");
...@@ -128,7 +128,7 @@ Proof. ...@@ -128,7 +128,7 @@ Proof.
iSplit; [iPureIntro; by eauto using signal_step|]. iSplit; [iPureIntro; by eauto using signal_step|].
iNext. rewrite {2}/barrier_inv /ress /=; iFrame "Hl". iNext. rewrite {2}/barrier_inv /ress /=; iFrame "Hl".
iDestruct "Hr" as (Ψ) "[Hr Hsp]"; iExists Ψ; iFrame "Hsp". iDestruct "Hr" as (Ψ) "[Hr Hsp]"; iExists Ψ; iFrame "Hsp".
iIntros "> _"; by iApply "Hr". iIntros "!> _"; by iApply "Hr".
Qed. Qed.
Lemma wait_spec l P (Φ : val iProp Σ) : Lemma wait_spec l P (Φ : val iProp Σ) :
...@@ -142,7 +142,7 @@ Proof. ...@@ -142,7 +142,7 @@ Proof.
wp_load. destruct p. wp_load. destruct p.
- iVs ("Hclose" $! (State Low I) {[ Change i ]} with "[Hl Hr]") as "Hγ". - iVs ("Hclose" $! (State Low I) {[ Change i ]} with "[Hl Hr]") as "Hγ".
{ iSplit; first done. iNext. rewrite {2}/barrier_inv /=. by iFrame. } { iSplit; first done. iNext. rewrite {2}/barrier_inv /=. by iFrame. }
iAssert (sts_ownS γ (i_states i) {[Change i]})%I with "|==>[Hγ]" as "Hγ". iAssert (sts_ownS γ (i_states i) {[Change i]})%I with "==>[Hγ]" as "Hγ".
{ iApply (sts_own_weaken with "Hγ"); eauto using i_states_closed. } { iApply (sts_own_weaken with "Hγ"); eauto using i_states_closed. }
iVsIntro. wp_op=> ?; simplify_eq; wp_if. iVsIntro. wp_op=> ?; simplify_eq; wp_if.
iApply ("IH" with "Hγ [HQR] HΦ"). auto. iApply ("IH" with "Hγ [HQR] HΦ"). auto.
...@@ -177,7 +177,7 @@ Proof. ...@@ -177,7 +177,7 @@ Proof.
iNext. rewrite {2}/barrier_inv /=. iFrame "Hl". iNext. rewrite {2}/barrier_inv /=. iFrame "Hl".
iApply (ress_split _ _ _ Q R1 R2); eauto. iFrame; auto. } iApply (ress_split _ _ _ Q R1 R2); eauto. iFrame; auto. }
iAssert (sts_ownS γ (i_states i1) {[Change i1]} iAssert (sts_ownS γ (i_states i1) {[Change i1]}
sts_ownS γ (i_states i2) {[Change i2]})%I with "|==>[-]" as "[Hγ1 Hγ2]". sts_ownS γ (i_states i2) {[Change i2]})%I with "==>[-]" as "[Hγ1 Hγ2]".
{ iApply sts_ownS_op; eauto using i_states_closed, low_states_closed. { iApply sts_ownS_op; eauto using i_states_closed, low_states_closed.
- abstract set_solver. - abstract set_solver.
- iApply (sts_own_weaken with "Hγ"); - iApply (sts_own_weaken with "Hγ");
...@@ -193,7 +193,7 @@ Proof. ...@@ -193,7 +193,7 @@ Proof.
rewrite /recv. rewrite /recv.
iIntros "HP HP1"; iDestruct "HP1" as (γ P Q i) "(#Hctx&Hγ&Hi&HP1)". iIntros "HP HP1"; iDestruct "HP1" as (γ P Q i) "(#Hctx&Hγ&Hi&HP1)".
iExists γ, P, Q, i. iFrame "Hctx Hγ Hi". iExists γ, P, Q, i. iFrame "Hctx Hγ Hi".
iIntros "> HQ". by iApply "HP"; iApply "HP1". iIntros "!> HQ". by iApply "HP"; iApply "HP1".
Qed. Qed.
Lemma recv_mono l P1 P2 : (P1 P2) recv l P1 recv l P2. Lemma recv_mono l P1 P2 : (P1 P2) recv l P1 recv l P2.
......
...@@ -20,9 +20,9 @@ Proof. ...@@ -20,9 +20,9 @@ Proof.
intros HN. intros HN.
exists (λ l, CofeMor (recv N l)), (λ l, CofeMor (send N l)). exists (λ l, CofeMor (recv N l)), (λ l, CofeMor (send N l)).
split_and?; simpl. split_and?; simpl.
- iIntros (P) "#? ! _". iApply (newbarrier_spec _ P); eauto. - iIntros (P) "#? !# _". iApply (newbarrier_spec _ P); eauto.
- iIntros (l P) "! [Hl HP]". by iApply signal_spec; iFrame "Hl HP". - iIntros (l P) "!# [Hl HP]". by iApply signal_spec; iFrame "Hl HP".
- iIntros (l P) "! Hl". iApply wait_spec; iFrame "Hl"; eauto. - iIntros (l P) "!# Hl". iApply wait_spec; iFrame "Hl"; eauto.
- intros; by apply recv_split. - intros; by apply recv_split.
- apply recv_weaken. - apply recv_weaken.
Qed. Qed.
......
...@@ -52,7 +52,7 @@ Proof. ...@@ -52,7 +52,7 @@ Proof.
wp_seq. wp_alloc l as "Hl". wp_seq. wp_alloc l as "Hl".
iVs (own_alloc (Excl ())) as (γ) "Hγ"; first done. iVs (own_alloc (Excl ())) as (γ) "Hγ"; first done.
iVs (inv_alloc N _ (lock_inv γ l R) with "[-HΦ]") as "#?". iVs (inv_alloc N _ (lock_inv γ l R) with "[-HΦ]") as "#?".
{ iIntros ">". iExists false. by iFrame. } { iIntros "!>". iExists false. by iFrame. }
iVsIntro. iApply "HΦ". iExists γ; eauto. iVsIntro. iApply "HΦ". iExists γ; eauto.
Qed. Qed.
......
...@@ -97,9 +97,8 @@ Section auth. ...@@ -97,9 +97,8 @@ Section auth.
(a af) φ (a af) b, (a af) φ (a af) b,
(a ~l~> b @ Some af) φ (b af) ={EN,E}= auth_own γ b. (a ~l~> b @ Some af) φ (b af) ={EN,E}= auth_own γ b.
Proof. Proof.
iIntros (?) "(#? & Hγf)". rewrite /auth_ctx /auth_own. iIntros (?) "(#? & >Hγf)". rewrite /auth_ctx /auth_own.
iInv N as (a') "[Hγ Hφ]" "Hclose". iInv N as (a') "[>Hγ Hφ]" "Hclose". iCombine "Hγ" "Hγf" as "Hγ".
iTimeless "Hγ"; iTimeless "Hγf"; iCombine "Hγ" "Hγf" as "Hγ".
iDestruct (own_valid with "#Hγ") as % [[af Ha'] ?]%auth_valid_discrete. iDestruct (own_valid with "#Hγ") as % [[af Ha'] ?]%auth_valid_discrete.
simpl in Ha'; rewrite ->(left_id _ _) in Ha'; setoid_subst. simpl in Ha'; rewrite ->(left_id _ _) in Ha'; setoid_subst.
iVsIntro. iExists af; iFrame "Hφ"; iSplit; first done. iVsIntro. iExists af; iFrame "Hφ"; iSplit; first done.
......
...@@ -76,7 +76,7 @@ Lemma box_own_agree γ Q1 Q2 : ...@@ -76,7 +76,7 @@ Lemma box_own_agree γ Q1 Q2 :
Proof. Proof.
rewrite /box_own_prop -own_op own_valid prod_validI /= and_elim_r. rewrite /box_own_prop -own_op own_valid prod_validI /= and_elim_r.
rewrite option_validI /= agree_validI agree_equivI later_equivI /=. rewrite option_validI /= agree_validI agree_equivI later_equivI /=.
iIntros "#HQ >". rewrite -{2}(iProp_fold_unfold Q1). iIntros "#HQ !>". rewrite -{2}(iProp_fold_unfold Q1).
iRewrite "HQ". by rewrite iProp_fold_unfold. iRewrite "HQ". by rewrite iProp_fold_unfold.
Qed. Qed.
...@@ -131,10 +131,10 @@ Lemma box_fill f γ P Q : ...@@ -131,10 +131,10 @@ Lemma box_fill f γ P Q :
slice N γ Q Q box N f P ={N}=> box N (<[γ:=true]> f) P. slice N γ Q Q box N f P ={N}=> box N (<[γ:=true]> f) P.
Proof. Proof.
iIntros (?) "(#Hinv & HQ & H)"; iDestruct "H" as (Φ) "[#HeqP Hf]". iIntros (?) "(#Hinv & HQ & H)"; iDestruct "H" as (Φ) "[#HeqP Hf]".
iInv N as (b') "(Hγ & #HγQ & _)" "Hclose". iTimeless "Hγ". iInv N as (b') "(>Hγ & #HγQ & _)" "Hclose".
iDestruct (big_sepM_later _ f with "Hf") as "Hf". iDestruct (big_sepM_later _ f with "Hf") as "Hf".
iDestruct (big_sepM_delete _ f _ false with "Hf") iDestruct (big_sepM_delete _ f _ false with "Hf")
as "[[Hγ' #[HγΦ Hinv']] ?]"; first done; iTimeless "Hγ'". as "[[>Hγ' #[HγΦ Hinv']] ?]"; first done.
iVs (box_own_auth_update γ b' false true with "[Hγ Hγ']") iVs (box_own_auth_update γ b' false true with "[Hγ Hγ']")
as "[Hγ Hγ']"; first by iFrame. as "[Hγ Hγ']"; first by iFrame.
iVs ("Hclose" with "[Hγ HQ]"); first (iNext; iExists true; by iFrame). iVs ("Hclose" with "[Hγ HQ]"); first (iNext; iExists true; by iFrame).
...@@ -149,12 +149,12 @@ Lemma box_empty f P Q γ : ...@@ -149,12 +149,12 @@ Lemma box_empty f P Q γ :
slice N γ Q box N f P ={N}=> Q box N (<[γ:=false]> f) P. slice N γ Q box N f P ={N}=> Q box N (<[γ:=false]> f) P.
Proof. Proof.
iIntros (?) "[#Hinv H]"; iDestruct "H" as (Φ) "[#HeqP Hf]". iIntros (?) "[#Hinv H]"; iDestruct "H" as (Φ) "[#HeqP Hf]".
iInv N as (b) "(Hγ & #HγQ & HQ)" "Hclose"; iTimeless "Hγ". iInv N as (b) "(>Hγ & #HγQ & HQ)" "Hclose".
iDestruct (big_sepM_later _ f with "Hf") as "Hf". iDestruct (big_sepM_later _ f with "Hf") as "Hf".
iDestruct (big_sepM_delete _ f with "Hf") iDestruct (big_sepM_delete _ f with "Hf")
as "[[Hγ' #[HγΦ Hinv']] ?]"; first done; iTimeless "Hγ'". as "[[>Hγ' #[HγΦ Hinv']] ?]"; first done.
iDestruct (box_own_auth_agree γ b true with "[#]") iDestruct (box_own_auth_agree γ b true with "[#]")
as "%"; subst; first by iFrame. as %?; subst; first by iFrame.
iFrame "HQ". iFrame "HQ".
iVs (box_own_auth_update γ with "[Hγ Hγ']") as "[Hγ Hγ']"; first by iFrame. iVs (box_own_auth_update γ with "[Hγ Hγ']") as "[Hγ Hγ']"; first by iFrame.
iVs ("Hclose" with "[Hγ]"); first (iNext; iExists false; by repeat iSplit). iVs ("Hclose" with "[Hγ]"); first (iNext; iExists false; by repeat iSplit).
...@@ -173,7 +173,7 @@ Proof. ...@@ -173,7 +173,7 @@ Proof.
rewrite big_sepM_fmap; iApply (pvs_big_sepM _ _ f). rewrite big_sepM_fmap; iApply (pvs_big_sepM _ _ f).
iApply (big_sepM_impl _ _ f); iFrame "Hf". iApply (big_sepM_impl _ _ f); iFrame "Hf".
iAlways; iIntros (γ b' ?) "[(Hγ' & #$ & #$) HΦ]". iAlways; iIntros (γ b' ?) "[(Hγ' & #$ & #$) HΦ]".
iInv N as (b) "[Hγ _]" "Hclose"; iTimeless "Hγ". iInv N as (b) "[>Hγ _]" "Hclose".
iVs (box_own_auth_update γ with "[Hγ Hγ']") as "[Hγ $]"; first by iFrame. iVs (box_own_auth_update γ with "[Hγ Hγ']") as "[Hγ $]"; first by iFrame.
iApply "Hclose". iNext; iExists true. by iFrame. iApply "Hclose". iNext; iExists true. by iFrame.
Qed. Qed.
...@@ -184,11 +184,11 @@ Lemma box_empty_all f P Q : ...@@ -184,11 +184,11 @@ Lemma box_empty_all f P Q :
Proof. Proof.
iDestruct 1 as (Φ) "[#HeqP Hf]". iDestruct 1 as (Φ) "[#HeqP Hf]".
iAssert ([ map] γ↦b f, Φ γ box_own_auth γ ( Excl' false) iAssert ([ map] γ↦b f, Φ γ box_own_auth γ ( Excl' false)
box_own_prop γ (Φ γ) inv N (slice_inv γ (Φ γ)))%I with "|==>[Hf]" as "[HΦ ?]". box_own_prop γ (Φ γ) inv N (slice_inv γ (Φ γ)))%I with "==>[Hf]" as "[HΦ ?]".
{ iApply (pvs_big_sepM _ _ f); iApply (big_sepM_impl _ _ f); iFrame "Hf". { iApply (pvs_big_sepM _ _ f); iApply (big_sepM_impl _ _ f); iFrame "Hf".
iAlways; iIntros (γ b ?) "(Hγ' & #$ & #$)". iAlways; iIntros (γ b ?) "(Hγ' & #$ & #$)".
assert (true = b) as <- by eauto. assert (true = b) as <- by eauto.
iInv N as (b) "(Hγ & _ & HΦ)" "Hclose"; iTimeless "Hγ". iInv N as (b) "(>Hγ & _ & HΦ)" "Hclose".
iDestruct (box_own_auth_agree γ b true with "[#]") iDestruct (box_own_auth_agree γ b true with "[#]")
as "%"; subst; first by iFrame. as "%"; subst; first by iFrame.
iVs (box_own_auth_update γ true true false with "[Hγ Hγ']") iVs (box_own_auth_update γ true true false with "[Hγ Hγ']")
......
...@@ -21,7 +21,7 @@ Section savedprop. ...@@ -21,7 +21,7 @@ Section savedprop.
Proof. Proof.
iIntros "#[H1 H2]". iIntros "#[H1 H2]".
iAssert P as "#HP". iAssert P as "#HP".
{ iApply "H2". iIntros "! #HP". by iApply ("H1" with "[#]"). } { iApply "H2". iIntros "!# #HP". by iApply ("H1" with "[#]"). }
by iApply ("H1" with "[#]"). by iApply ("H1" with "[#]").
Qed. Qed.
...@@ -29,7 +29,7 @@ Section savedprop. ...@@ -29,7 +29,7 @@ Section savedprop.
Definition A (i : sprop) : iProp := P, saved i P P. Definition A (i : sprop) : iProp := P, saved i P P.
Lemma saved_is_A i P `{!PersistentP P} : saved i P (A i P). Lemma saved_is_A i P `{!PersistentP P} : saved i P (A i P).
Proof. Proof.
iIntros "#HS !". iSplit. iIntros "#HS !#". iSplit.
- iDestruct 1 as (Q) "[#HSQ HQ]". - iDestruct 1 as (Q) "[#HSQ HQ]".
iApply (sprop_agree i P Q with "[]"); eauto. iApply (sprop_agree i P Q with "[]"); eauto.
- iIntros "#HP". iExists P. by iSplit. - iIntros "#HP". iExists P. by iSplit.
...@@ -39,7 +39,7 @@ Section savedprop. ...@@ -39,7 +39,7 @@ Section savedprop.
implies that assertion with name [i] is equivalent to its own negation. *) implies that assertion with name [i] is equivalent to its own negation. *)
Definition Q i := saved i (¬ A i). Definition Q i := saved i (¬ A i).
Lemma Q_self_contradiction i : Q i (A i ¬ A i). Lemma Q_self_contradiction i : Q i (A i ¬ A i).
Proof. iIntros "#HQ !". by iApply (saved_is_A i (¬A i)). Qed. Proof. iIntros "#HQ !#". by iApply (saved_is_A i (¬A i)). Qed.
(* We can obtain such a [Q i]. *) (* We can obtain such a [Q i]. *)
Lemma make_Q : True =r=> i, Q i. Lemma make_Q : True =r=> i, Q i.
......
...@@ -53,16 +53,16 @@ Global Instance ht_mono' E : ...@@ -53,16 +53,16 @@ Global Instance ht_mono' E :
Proof. solve_proper. Qed. Proof. solve_proper. Qed.
Lemma ht_alt E P Φ e : (P WP e @ E {{ Φ }}) {{ P }} e @ E {{ Φ }}. Lemma ht_alt E P Φ e : (P WP e @ E {{ Φ }}) {{ P }} e @ E {{ Φ }}.
Proof. iIntros (Hwp) "! HP". by iApply Hwp. Qed. Proof. iIntros (Hwp) "!# HP". by iApply Hwp. Qed.
Lemma ht_val E v : {{ True }} of_val v @ E {{ v', v = v' }}. Lemma ht_val E v : {{ True }} of_val v @ E {{ v', v = v' }}.
Proof. iIntros "! _". by iApply wp_value'. Qed. Proof. iIntros "!# _". by iApply wp_value'. Qed.
Lemma ht_vs E P P' Φ Φ' e : Lemma ht_vs E P P' Φ Φ' e :
(P ={E}= P') {{ P' }} e @ E {{ Φ' }} ( v, Φ' v ={E}= Φ v) (P ={E}= P') {{ P' }} e @ E {{ Φ' }} ( v, Φ' v ={E}= Φ v)
{{ P }} e @ E {{ Φ }}. {{ P }} e @ E {{ Φ }}.
Proof. Proof.
iIntros "(#Hvs&#Hwp&#HΦ) ! HP". iVs ("Hvs" with "HP") as "HP". iIntros "(#Hvs & #Hwp & #HΦ) !# HP". iVs ("Hvs" with "HP") as "HP".
iApply wp_pvs; iApply wp_wand_r; iSplitL; [by iApply "Hwp"|]. iApply wp_pvs; iApply wp_wand_r; iSplitL; [by iApply "Hwp"|].
iIntros (v) "Hv". by iApply "HΦ". iIntros (v) "Hv". by iApply "HΦ".
Qed. Qed.
...@@ -72,7 +72,7 @@ Lemma ht_atomic E1 E2 P P' Φ Φ' e : ...@@ -72,7 +72,7 @@ Lemma ht_atomic E1 E2 P P' Φ Φ' e :
(P ={E1,E2}= P') {{ P' }} e @ E2 {{ Φ' }} ( v, Φ' v ={E2,E1}= Φ v) (P ={E1,E2}= P') {{ P' }} e @ E2 {{ Φ' }} ( v, Φ' v ={E2,E1}= Φ v)
{{ P }} e @ E1 {{ Φ }}. {{ P }} e @ E1 {{ Φ }}.
Proof. Proof.
iIntros (?) "(#Hvs&#Hwp&#HΦ) ! HP". iApply (wp_atomic _ E2); auto. iIntros (?) "(#Hvs & #Hwp & #HΦ) !# HP". iApply (wp_atomic _ E2); auto.
iVs ("Hvs" with "HP") as "HP". iVsIntro. iVs ("Hvs" with "HP") as "HP". iVsIntro.
iApply wp_wand_r; iSplitL; [by iApply "Hwp"|]. iApply wp_wand_r; iSplitL; [by iApply "Hwp"|].
iIntros (v) "Hv". by iApply "HΦ". iIntros (v) "Hv". by iApply "HΦ".
...@@ -82,7 +82,7 @@ Lemma ht_bind `{LanguageCtx Λ K} E P Φ Φ' e : ...@@ -82,7 +82,7 @@ Lemma ht_bind `{LanguageCtx Λ K} E P Φ Φ' e :
{{ P }} e @ E {{ Φ }} ( v, {{ Φ v }} K (of_val v) @ E {{ Φ' }}) {{ P }} e @ E {{ Φ }} ( v, {{ Φ v }} K (of_val v) @ E {{ Φ' }})
{{ P }} K e @ E {{ Φ' }}. {{ P }} K e @ E {{ Φ' }}.
Proof. Proof.
iIntros "(#Hwpe&#HwpK) ! HP". iApply wp_bind. iIntros "[#Hwpe #HwpK] !# HP". iApply wp_bind.
iApply wp_wand_r; iSplitL; [by iApply "Hwpe"|]. iApply wp_wand_r; iSplitL; [by iApply "Hwpe"|].
iIntros (v) "Hv". by iApply "HwpK". iIntros (v) "Hv". by iApply "HwpK".
Qed. Qed.
...@@ -90,24 +90,24 @@ Qed. ...@@ -90,24 +90,24 @@ Qed.
Lemma ht_mask_weaken E1 E2 P Φ e : Lemma ht_mask_weaken E1 E2 P Φ e :
E1 E2 {{ P }} e @ E1 {{ Φ }} {{ P }} e @ E2 {{ Φ }}. E1 E2 {{ P }} e @ E1 {{ Φ }} {{ P }} e @ E2 {{ Φ }}.
Proof. Proof.
iIntros (?) "#Hwp ! HP". iApply (wp_mask_mono E1 E2); try done. iIntros (?) "#Hwp !# HP". iApply (wp_mask_mono E1 E2); try done.
by iApply "Hwp". by iApply "Hwp".
Qed. Qed.
Lemma ht_frame_l E P Φ R e : Lemma ht_frame_l E P Φ R e :
{{ P }} e @ E {{ Φ }} {{ R P }} e @ E {{ v, R Φ v }}. {{ P }} e @ E {{ Φ }} {{ R P }} e @ E {{ v, R Φ v }}.
Proof. iIntros "#Hwp ! [$ HP]". by iApply "Hwp". Qed. Proof. iIntros "#Hwp !# [$ HP]". by iApply "Hwp". Qed.
Lemma ht_frame_r E P Φ R e : Lemma ht_frame_r E P Φ R e :
{{ P }} e @ E {{ Φ }} {{ P R }} e @ E {{ v, Φ v R }}. {{ P }} e @ E {{ Φ }} {{ P R }} e @ E {{ v, Φ v R }}.
Proof. iIntros "#Hwp ! [HP $]". by iApply "Hwp". Qed. Proof. iIntros "#Hwp !# [HP $]". by iApply "Hwp". Qed.
Lemma ht_frame_step_l E1 E2 P R1 R2 e Φ : Lemma ht_frame_step_l E1 E2 P R1 R2 e Φ :
to_val e = None E2 E1 to_val e = None E2 E1
(R1 ={E1,E2}= |={E2,E1}=> R2) {{ P }} e @ E2 {{ Φ }} (R1 ={E1,E2}= |={E2,E1}=> R2) {{ P }} e @ E2 {{ Φ }}
{{ R1 P }} e @ E1 {{ λ v, R2 Φ v }}. {{ R1 P }} e @ E1 {{ λ v, R2 Φ v }}.
Proof. Proof.
iIntros (??) "[#Hvs #Hwp] ! [HR HP]". iIntros (??) "[#Hvs #Hwp] !# [HR HP]".
iApply (wp_frame_step_l E1 E2); try done. iApply (wp_frame_step_l E1 E2); try done.
iSplitL "HR"; [by iApply "Hvs"|by iApply "Hwp"]. iSplitL "HR"; [by iApply "Hvs"|by iApply "Hwp"].
Qed. Qed.
...@@ -117,7 +117,7 @@ Lemma ht_frame_step_r E1 E2 P R1 R2 e Φ : ...@@ -117,7 +117,7 @@ Lemma ht_frame_step_r E1 E2 P R1 R2 e Φ :
(R1 ={E1,E2}= |={E2,E1}=> R2) {{ P }} e @ E2 {{ Φ }} (R1 ={E1,E2}= |={E2,E1}=> R2) {{ P }} e @ E2 {{ Φ }}
{{ P R1 }} e @ E1 {{ λ v, Φ v R2 }}. {{ P R1 }} e @ E1 {{ λ v, Φ v R2 }}.
Proof. Proof.
iIntros (??) "[#Hvs #Hwp] ! [HP HR]". iIntros (??) "[#Hvs #Hwp] !# [HP HR]".
iApply (wp_frame_step_r E1 E2); try done. iApply (wp_frame_step_r E1 E2); try done.
iSplitR "HR"; [by iApply "Hwp"|by iApply "Hvs"]. iSplitR "HR"; [by iApply "Hwp"|by iApply "Hvs"].
Qed. Qed.
...@@ -126,7 +126,7 @@ Lemma ht_frame_step_l' E P R e Φ : ...@@ -126,7 +126,7 @@ Lemma ht_frame_step_l' E P R e Φ :
to_val e = None to_val e = None
{{ P }} e @ E {{ Φ }} {{ R P }} e @ E {{ v, R Φ v }}. {{ P }} e @ E {{ Φ }} {{ R P }} e @ E {{ v, R Φ v }}.
Proof. Proof.
iIntros (?) "#Hwp ! [HR HP]". iIntros (?) "#Hwp !# [HR HP]".
iApply wp_frame_step_l'; try done. iFrame "HR". by iApply "Hwp". iApply wp_frame_step_l'; try done. iFrame "HR". by iApply "Hwp".
Qed. Qed.
...@@ -134,7 +134,7 @@ Lemma ht_frame_step_r' E P Φ R e : ...@@ -134,7 +134,7 @@ Lemma ht_frame_step_r' E P Φ R e :
to_val e = None to_val e = None