Rodolphe Lepigre
Iris
Commits
8688ed6e
Commit
8688ed6e
authored
May 31, 2014
by
Filip Sieczkowski
Hoare triples defined.
iris.v
@@ 223,14 +223,14 @@ Module Iris (RP RL : PCM_T) (C : CORE_LANG RP).
setoid_rewrite
HLe
;
eassumption
.
Qed
.
Global
Instance
erasure_equiv
σ
m
r
s
:
Proper
(
equiv
==>
equiv
)
(
erasure
σ
m
r
s
).
Global
Instance
erasure_equiv
σ
:
Proper
(
meq
==>
eq
==>
eq
==>
equiv
==>
equiv
)
(
erasure
σ
).
Proof
.
intros
w1
w2
EQw
[
n
]
[]
;
[
reflexivity
].
intros
m1
m2
EQm
r
r'
EQr
s
s'
EQs
w1
w2
EQw
[
n
]
[]
;
[
reflexivity
]
;
subst
r'
s'
.
split
;
intros
[
HES
[
rs
[
HE
HM
]
]
]
;
(
split
;
[
tauto

clear
HES
;
exists
rs
]).

split
;
[
assumption

split
;
[
setoid_rewrite
<
EQw
;
apply
HM
,
Hm
]
].

split
;
[
assumption

intros
;
apply
EQm
in
Hm
;
split
;
[
setoid_rewrite
<
EQw
;
apply
HM
,
Hm
]
].
destruct
(
HM
_
Hm
)
as
[
HD
_
]
;
rewrite
HD
;
clear

EQw
.
rewrite
fdLookup_in
;
setoid_rewrite
EQw
;
rewrite
<
fdLookup_in
;
reflexivity
.

split
;
[
assumption

split
;
[
setoid_rewrite
EQw
;
apply
HM
,
Hm
]
].

split
;
[
assumption

intros
;
apply
EQm
in
Hm
;
split
;
[
setoid_rewrite
EQw
;
apply
HM
,
Hm
]
].
destruct
(
HM
_
Hm
)
as
[
HD
_
]
;
rewrite
HD
;
clear

EQw
.
rewrite
fdLookup_in
;
setoid_rewrite
<
EQw
;
rewrite
<
fdLookup_in
;
reflexivity
.
Qed
.
...
...
@@ 445,7 +445,21 @@ Module Iris (RP RL : PCM_T) (C : CORE_LANG RP).
Lemma
vsFrame
p
q
r
m1
m2
mf
(
HDisj
:
mf
#
m1
∪
m2
)
:
vs
m1
m2
p
q
⊑
vs
(
m1
∪
mf
)
(
m2
∪
mf
)
(
p
*
r
)
(
q
*
r
).
Proof
.
Admitted
.
intros
w'
n
r1
HVS
w
HSub
;
specialize
(
HVS
_
HSub
)
;
clear
w'
r1
HSub
.
intros
np
rpr
HLe
_
[
rp
[
rr
[
HR
[
Hp
Hr
]
]
]
]
w'
;
intros
.
assert
(
HS
:
1
⊑
rp
)
by
(
exists
rp
;
erewrite
comm
,
pcm_op_unit
by
apply
_;
reflexivity
).
specialize
(
HVS
_
_
HLe
HS
Hp
w'
s
(
rr
·
rf
)
(
mf
∪
mf0
)
σ
k
)
;
clear
HS
.
destruct
HVS
as
[
w''
[
rq
[
s'
[
HSub'
[
Hq
HEq
]
]
]
]
]
;
try
assumption
;
[
].

(* disjointness: possible lemma *)
clear

HD
HDisj
;
intros
i
[
[
Hmf

Hmf
]
Hm12
]
;
[
eapply
HDisj
;
now
eauto
].
eapply
HD
;
split
;
[
eassumption

tauto
].

rewrite
assoc
,
HR
;
eapply
erasure_equiv
,
HE
;
try
reflexivity
;
[].
clear
;
intros
i
;
tauto
.

exists
w''
(
rq
·
rr
)
s'
;
split
;
[
assumption

split
].
+
rewrite
HSub
,
HSub'
,
<
HLe0
in
Hr
;
exists
rq
rr
;
now
auto
.
+
rewrite
<
assoc
;
eapply
erasure_equiv
,
HEq
;
try
reflexivity
;
[].
clear
;
intros
i
;
tauto
.
Qed
.
Lemma
vsFalse
m1
m2
:
valid
(
vs
m1
m2
⊥
⊥
).
...
...
@@ 456,6 +470,198 @@ Module Iris (RP RL : PCM_T) (C : CORE_LANG RP).
(* XXX missing statements: NewInv, NewGhost, GhostUpd, VSTimeless *)
End
ViewShiftProps
.
Section
HoareTriples
.
(* Quadruples, really *)
Local
Open
Scope
mask_scope
.
Local
Open
Scope
pcm_scope
.
Local
Open
Scope
bi_scope
.
Local
Open
Scope
lang_scope
.
Local
Existing
Instance
eqRes
.
Global
Instance
expr_type
:
Setoid
expr
:
=
discreteType
.
Global
Instance
expr_metr
:
metric
expr
:
=
discreteMetric
.
Implicit
Types
(
P
Q
R
:
Props
)
(
i
:
nat
)
(
m
:
mask
)
(
e
:
expr
)
(
w
:
Wld
)
(
φ
:
value

n
>
Props
)
(
r
:
res
).
Local
Obligation
Tactic
:
=
intros
;
eauto
with
typeclass_instances
.
Definition
wpFP
m
(
WP
:
expr

n
>
(
value

n
>
Props
)

n
>
Props
)
e
φ
w
n
r
:
=
forall
w'
k
s
rf
σ
(
HSw
:
w
⊑
w'
)
(
HLt
:
k
<
n
)
(
HE
:
erasure
σ
m
(
r
·
rf
)
s
w'
@
S
k
),
(
forall
(
HV
:
is_value
e
),
exists
w''
r'
s'
,
w'
⊑
w''
/\
φ
(
exist
_
e
HV
)
w''
(
S
k
)
r'
/\
erasure
σ
m
(
r'
·
rf
)
s'
w''
@
S
k
)
/\
(
forall
σ
'
ei
ei'
K
(
HDec
:
e
=
K
[[
ei
]])
(
HStep
:
prim_step
(
ei
,
σ
)
(
ei'
,
σ
'
)),
exists
w''
r'
s'
,
w'
⊑
w''
/\
WP
(
K
[[
ei'
]])
φ
w''
k
r'
/\
erasure
σ
'
m
(
r'
·
rf
)
s'
w''
@
k
)
/\
(
forall
e'
K
(
HDec
:
e
=
K
[[
e'
]]),
exists
w''
rfk
rret
s'
,
w'
⊑
w''
/\
erasure
σ
m
(
rfk
·
rret
·
rf
)
s'
w''
@
k
/\
WP
(
K
[[
fork_ret
]])
φ
w''
k
rret
/\
WP
e'
(
umconst
⊤
)
w''
k
rfk
).
Program
Definition
wpF
m
:
(
expr

n
>
(
value

n
>
Props
)

n
>
Props
)

n
>
expr

n
>
(
value

n
>
Props
)

n
>
Props
:
=
n
[(
fun
WP
=>
n
[(
fun
e
=>
n
[(
fun
φ
=>
m
[(
fun
w
=>
mkUPred
(
wpFP
m
WP
e
φ
w
)
_
)])])])].
Next
Obligation
.
intros
n1
n2
r1
r2
HLe
[
rd
EQr
]
Hp
w'
k
s
rf
σ
HSw
HLt
HE
.
specialize
(
Hp
w'
k
s
(
rd
·
rf
)
σ
)
;
destruct
Hp
as
[
HV
[
HS
HF
]
]
;
[
assumption

now
eauto
with
arith

rewrite
assoc
,
(
comm
r1
),
EQr
;
assumption
].
split
;
[
clear
HS
HF

split
;
[
clear
HV
HF

clear
HV
HS
]
]
;
intros
.

specialize
(
HV
HV0
)
;
destruct
HV
as
[
w''
[
r'
[
s'
[
HSw'
[
H
φ
HE'
]
]
]
]
]
;
exists
w''
(
r'
·
rd
)
s'
;
split
;
[
assumption

split
;
[
rewrite
<
assoc
;
assumption
]
].
eapply
uni_pred
,
H
φ
;
[
reflexivity

eexists
;
rewrite
comm
;
reflexivity
].

specialize
(
HS
_
_
_
_
HDec
HStep
)
;
destruct
HS
as
[
w''
[
r'
[
s'
[
HSw'
[
HWP
HE'
]
]
]
]
]
;
exists
w''
(
r'
·
rd
)
s'
;
split
;
[
assumption

split
;
[
rewrite
<
assoc
;
assumption
]
].
eapply
uni_pred
,
HWP
;
[
reflexivity

eexists
;
rewrite
comm
;
reflexivity
].

specialize
(
HF
_
_
HDec
)
;
destruct
HF
as
[
w''
[
rfk
[
rret
[
s'
[
HSw'
[
HE'
[
HWR
HWF
]
]
]
]
]
]
]
;
exists
w''
rfk
(
rret
·
rd
)
s'
;
split
;
[
assumption

split
;
[
split
]
].
+
rewrite
assoc
in
HE'
;
rewrite
assoc
;
assumption
.
+
eapply
uni_pred
,
HWR
;
[
reflexivity

eexists
;
rewrite
comm
;
reflexivity
].
+
assumption
.
Qed
.
Next
Obligation
.
intros
w1
w2
EQw
n
r
;
simpl
.
split
;
intros
Hp
w'
;
intros
;
eapply
Hp
;
try
eassumption
.

rewrite
EQw
;
assumption
.

rewrite
<
EQw
;
assumption
.
Qed
.
Next
Obligation
.
intros
w1
w2
EQw
n'
r
HLt
;
simpl
;
destruct
n
as
[
n
]
;
[
now
inversion
HLt
]
;
split
;
intros
Hp
w2'
;
intros
.

symmetry
in
EQw
;
assert
(
EQw'
:
=
extend_dist
_
_
_
_
EQw
HSw
)
;
assert
(
HSw'
:
=
extend_sub
_
_
_
_
EQw
HSw
)
;
symmetry
in
EQw'
.
edestruct
(
Hp
(
extend
w2'
w1
))
as
[
HV
[
HS
HF
]
]
;
try
eassumption
;
[
eapply
erasure_dist
,
HE
;
[
eassumption

now
eauto
with
arith
]
].
split
;
[
clear
HS
HF

split
;
[
clear
HV
HF

clear
HV
HS
]
]
;
intros
.
+
specialize
(
HV
HV0
)
;
destruct
HV
as
[
w1''
[
r'
[
s'
[
HSw''
[
H
φ
HE'
]
]
]
]
].
assert
(
EQw''
:
=
extend_dist
_
_
_
_
EQw'
HSw''
)
;
symmetry
in
EQw''
;
assert
(
HSw'''
:
=
extend_sub
_
_
_
_
EQw'
HSw''
).
exists
(
extend
w1''
w2'
)
r'
s'
;
split
;
[
assumption
].
split
;
[
eapply
erasure_dist
,
HE'
;
[
eassumption

now
eauto
with
arith
]
].
eapply
(
met_morph_nonexp
_
_
(
φ
_
)),
H
φ
;
[
eassumption

now
eauto
with
arith
].
+
specialize
(
HS
_
_
_
_
HDec
HStep
)
;
destruct
HS
as
[
w1''
[
r'
[
s'
[
HSw''
[
HWP
HE'
]
]
]
]
].
assert
(
EQw''
:
=
extend_dist
_
_
_
_
EQw'
HSw''
)
;
symmetry
in
EQw''
;
assert
(
HSw'''
:
=
extend_sub
_
_
_
_
EQw'
HSw''
).
exists
(
extend
w1''
w2'
)
r'
s'
;
split
;
[
assumption
].
split
;
[
eapply
erasure_dist
,
HE'
;
[
eassumption

now
eauto
with
arith
]
].
eapply
(
met_morph_nonexp
_
_
(
WP
_
_
)),
HWP
;
[
eassumption

now
eauto
with
arith
].
+
specialize
(
HF
_
_
HDec
)
;
destruct
HF
as
[
w1''
[
rfk
[
rret
[
s'
[
HSw''
[
HE'
[
HWR
HWF
]
]
]
]
]
]
].
assert
(
EQw''
:
=
extend_dist
_
_
_
_
EQw'
HSw''
)
;
symmetry
in
EQw''
;
assert
(
HSw'''
:
=
extend_sub
_
_
_
_
EQw'
HSw''
).
exists
(
extend
w1''
w2'
)
rfk
rret
s'
;
split
;
[
assumption
].
split
;
[
eapply
erasure_dist
,
HE'
;
[
eassumption

now
eauto
with
arith
]
].
split
;
eapply
(
met_morph_nonexp
_
_
(
WP
_
_
))
;
try
eassumption
;
now
eauto
with
arith
.

assert
(
EQw'
:
=
extend_dist
_
_
_
_
EQw
HSw
)
;
assert
(
HSw'
:
=
extend_sub
_
_
_
_
EQw
HSw
)
;
symmetry
in
EQw'
.
edestruct
(
Hp
(
extend
w2'
w2
))
as
[
HV
[
HS
HF
]
]
;
try
eassumption
;
[
eapply
erasure_dist
,
HE
;
[
eassumption

now
eauto
with
arith
]
].
split
;
[
clear
HS
HF

split
;
[
clear
HV
HF

clear
HV
HS
]
]
;
intros
.
+
specialize
(
HV
HV0
)
;
destruct
HV
as
[
w1''
[
r'
[
s'
[
HSw''
[
H
φ
HE'
]
]
]
]
].
assert
(
EQw''
:
=
extend_dist
_
_
_
_
EQw'
HSw''
)
;
symmetry
in
EQw''
;
assert
(
HSw'''
:
=
extend_sub
_
_
_
_
EQw'
HSw''
).
exists
(
extend
w1''
w2'
)
r'
s'
;
split
;
[
assumption
].
split
;
[
eapply
erasure_dist
,
HE'
;
[
eassumption

now
eauto
with
arith
]
].
eapply
(
met_morph_nonexp
_
_
(
φ
_
)),
H
φ
;
[
eassumption

now
eauto
with
arith
].
+
specialize
(
HS
_
_
_
_
HDec
HStep
)
;
destruct
HS
as
[
w1''
[
r'
[
s'
[
HSw''
[
HWP
HE'
]
]
]
]
].
assert
(
EQw''
:
=
extend_dist
_
_
_
_
EQw'
HSw''
)
;
symmetry
in
EQw''
;
assert
(
HSw'''
:
=
extend_sub
_
_
_
_
EQw'
HSw''
).
exists
(
extend
w1''
w2'
)
r'
s'
;
split
;
[
assumption
].
split
;
[
eapply
erasure_dist
,
HE'
;
[
eassumption

now
eauto
with
arith
]
].
eapply
(
met_morph_nonexp
_
_
(
WP
_
_
)),
HWP
;
[
eassumption

now
eauto
with
arith
].
+
specialize
(
HF
_
_
HDec
)
;
destruct
HF
as
[
w1''
[
rfk
[
rret
[
s'
[
HSw''
[
HE'
[
HWR
HWF
]
]
]
]
]
]
].
assert
(
EQw''
:
=
extend_dist
_
_
_
_
EQw'
HSw''
)
;
symmetry
in
EQw''
;
assert
(
HSw'''
:
=
extend_sub
_
_
_
_
EQw'
HSw''
).
exists
(
extend
w1''
w2'
)
rfk
rret
s'
;
split
;
[
assumption
].
split
;
[
eapply
erasure_dist
,
HE'
;
[
eassumption

now
eauto
with
arith
]
].
split
;
eapply
(
met_morph_nonexp
_
_
(
WP
_
_
))
;
try
eassumption
;
now
eauto
with
arith
.
Qed
.
Next
Obligation
.
intros
w1
w2
Sw
n
r
;
simpl
;
intros
Hp
w'
;
intros
;
eapply
Hp
;
try
eassumption
.
etransitivity
;
eassumption
.
Qed
.
Next
Obligation
.
intros
φ
1
φ
2
EQ
φ
w
n
r
;
simpl
.
unfold
wpFP
;
setoid_rewrite
EQ
φ
;
reflexivity
.
Qed
.
Next
Obligation
.
intros
φ
1
φ
2
EQ
φ
w
k
r
HLt
;
simpl
;
destruct
n
as
[
n
]
;
[
now
inversion
HLt
].
split
;
intros
Hp
w'
;
intros
;
edestruct
Hp
as
[
HV
[
HS
HF
]
]
;
try
eassumption
;
[].

split
;
[
split
]
;
intros
.
+
clear
HS
HF
;
specialize
(
HV
HV0
)
;
destruct
HV
as
[
w''
[
r'
[
s'
[
HSw'
[
H
φ
HE'
]
]
]
]
].
exists
w''
r'
s'
;
split
;
[
assumption

split
;
[
assumption
]
].
apply
EQ
φ
,
H
φ
;
now
eauto
with
arith
.
+
clear
HV
HF
;
specialize
(
HS
_
_
_
_
HDec
HStep
)
;
destruct
HS
as
[
w''
[
r'
[
s'
[
HSw'
[
H
φ
HE'
]
]
]
]
].
exists
w''
r'
s'
;
split
;
[
assumption

split
;
[
assumption
]
].
eapply
(
met_morph_nonexp
_
_
(
WP
_
)),
H
φ
;
[
symmetry
;
eassumption

now
eauto
with
arith
].
+
clear
HV
HS
;
specialize
(
HF
_
_
HDec
)
;
destruct
HF
as
[
w''
[
rfk
[
rret
[
s'
[
HSw'
[
HE'
[
HWR
HWF
]
]
]
]
]
]
].
exists
w''
rfk
rret
s'
;
repeat
(
split
;
try
assumption
)
;
[].
eapply
(
met_morph_nonexp
_
_
(
WP
_
)),
HWR
;
[
symmetry
;
eassumption

now
eauto
with
arith
].

split
;
[
split
]
;
intros
.
+
clear
HS
HF
;
specialize
(
HV
HV0
)
;
destruct
HV
as
[
w''
[
r'
[
s'
[
HSw'
[
H
φ
HE'
]
]
]
]
].
exists
w''
r'
s'
;
split
;
[
assumption

split
;
[
assumption
]
].
apply
EQ
φ
,
H
φ
;
now
eauto
with
arith
.
+
clear
HV
HF
;
specialize
(
HS
_
_
_
_
HDec
HStep
)
;
destruct
HS
as
[
w''
[
r'
[
s'
[
HSw'
[
H
φ
HE'
]
]
]
]
].
exists
w''
r'
s'
;
split
;
[
assumption

split
;
[
assumption
]
].
eapply
(
met_morph_nonexp
_
_
(
WP
_
)),
H
φ
;
[
eassumption

now
eauto
with
arith
].
+
clear
HV
HS
;
specialize
(
HF
_
_
HDec
)
;
destruct
HF
as
[
w''
[
rfk
[
rret
[
s'
[
HSw'
[
HE'
[
HWR
HWF
]
]
]
]
]
]
].
exists
w''
rfk
rret
s'
;
repeat
(
split
;
try
assumption
)
;
[].
eapply
(
met_morph_nonexp
_
_
(
WP
_
)),
HWR
;
[
eassumption

now
eauto
with
arith
].
Qed
.
Next
Obligation
.
intros
e1
e2
EQe
φ
w
n
r
;
simpl
.
simpl
in
EQe
;
subst
e2
;
reflexivity
.
Qed
.
Next
Obligation
.
intros
e1
e2
EQe
φ
w
k
r
HLt
;
destruct
n
as
[
n
]
;
[
now
inversion
HLt

simpl
].
simpl
in
EQe
;
subst
e2
;
reflexivity
.
Qed
.
Next
Obligation
.
intros
WP1
WP2
EQWP
e
φ
w
n
r
;
simpl
.
unfold
wpFP
;
setoid_rewrite
EQWP
;
reflexivity
.
Qed
.
Next
Obligation
.
intros
WP1
WP2
EQWP
e
φ
w
k
r
HLt
;
destruct
n
as
[
n
]
;
[
now
inversion
HLt

simpl
].
split
;
intros
Hp
w'
;
intros
;
edestruct
Hp
as
[
HF
[
HS
HV
]
]
;
try
eassumption
;
[].

split
;
[
assumption

split
;
intros
].
+
clear
HF
HV
;
specialize
(
HS
_
_
_
_
HDec
HStep
)
;
destruct
HS
as
[
w''
[
r'
[
s'
[
HSw'
[
HWP
HE'
]
]
]
]
].
exists
w''
r'
s'
;
split
;
[
assumption

split
;
[
assumption
]
].
eapply
(
EQWP
_
_
_
),
HWP
;
now
eauto
with
arith
.
+
clear
HF
HS
;
specialize
(
HV
_
_
HDec
)
;
destruct
HV
as
[
w''
[
rfk
[
rret
[
s'
[
HSw'
[
HE'
[
HWR
HWF
]
]
]
]
]
]
].
exists
w''
rfk
rret
s'
;
split
;
[
assumption

split
;
[
assumption
]
].
split
;
eapply
EQWP
;
try
eassumption
;
now
eauto
with
arith
.

split
;
[
assumption

split
;
intros
].
+
clear
HF
HV
;
specialize
(
HS
_
_
_
_
HDec
HStep
)
;
destruct
HS
as
[
w''
[
r'
[
s'
[
HSw'
[
HWP
HE'
]
]
]
]
].
exists
w''
r'
s'
;
split
;
[
assumption

split
;
[
assumption
]
].
eapply
(
EQWP
_
_
_
),
HWP
;
now
eauto
with
arith
.
+
clear
HF
HS
;
specialize
(
HV
_
_
HDec
)
;
destruct
HV
as
[
w''
[
rfk
[
rret
[
s'
[
HSw'
[
HE'
[
HWR
HWF
]
]
]
]
]
]
].
exists
w''
rfk
rret
s'
;
split
;
[
assumption

split
;
[
assumption
]
].
split
;
eapply
EQWP
;
try
eassumption
;
now
eauto
with
arith
.
Qed
.
Instance
contr_wpF
m
:
contractive
(
wpF
m
).
Proof
.
intros
n
WP1
WP2
EQWP
e
φ
w
k
r
HLt
.
split
;
intros
Hp
w'
;
intros
;
edestruct
Hp
as
[
HV
[
HS
HF
]
]
;
try
eassumption
;
[].

split
;
[
assumption

split
;
intros
].
+
clear
HF
HV
;
specialize
(
HS
_
_
_
_
HDec
HStep
)
;
destruct
HS
as
[
w''
[
r'
[
s'
[
HSw'
[
HWP
HE'
]
]
]
]
].
exists
w''
r'
s'
;
split
;
[
assumption

split
;
[
assumption
]
].
eapply
EQWP
,
HWP
;
now
eauto
with
arith
.
+
clear
HV
HS
;
specialize
(
HF
_
_
HDec
)
;
destruct
HF
as
[
w''
[
rfk
[
rret
[
s'
[
HSw'
[
HE'
[
HWR
HWF
]
]
]
]
]
]
].
exists
w''
rfk
rret
s'
;
split
;
[
assumption

split
;
[
assumption
]
].
split
;
eapply
EQWP
;
try
eassumption
;
now
eauto
with
arith
.

split
;
[
assumption

split
;
intros
].
+
clear
HF
HV
;
specialize
(
HS
_
_
_
_
HDec
HStep
)
;
destruct
HS
as
[
w''
[
r'
[
s'
[
HSw'
[
HWP
HE'
]
]
]
]
].
exists
w''
r'
s'
;
split
;
[
assumption

split
;
[
assumption
]
].
eapply
EQWP
,
HWP
;
now
eauto
with
arith
.
+
clear
HV
HS
;
specialize
(
HF
_
_
HDec
)
;
destruct
HF
as
[
w''
[
rfk
[
rret
[
s'
[
HSw'
[
HE'
[
HWR
HWF
]
]
]
]
]
]
].
exists
w''
rfk
rret
s'
;
split
;
[
assumption

split
;
[
assumption
]
].
split
;
eapply
EQWP
;
try
eassumption
;
now
eauto
with
arith
.
Qed
.
Definition
wp
m
:
expr

n
>
(
value

n
>
Props
)

n
>
Props
:
=
fixp
(
wpF
m
)
(
umconst
(
umconst
⊤
)).
Definition
ht
m
P
e
φ
:
=
□
(
P
→
wp
m
e
φ
).
End
HoareTriples
.
End
Iris
.
