Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
What's new
7
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Open sidebar
Rodolphe Lepigre
Iris
Commits
a1ae9e52
Commit
a1ae9e52
authored
Jun 06, 2014
by
Filip Sieczkowski
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
The lemma about ghost state update.
parent
594a1dd0
Changes
1
Show whitespace changes
Inline
Sidebyside
Showing
1 changed file
with
123 additions
and
27 deletions
+123
27
iris.v
iris.v
+123
27
No files found.
iris.v
View file @
a1ae9e52
...
...
@@ 149,19 +149,29 @@ Module Iris (RP RL : PCM_T) (C : CORE_LANG RP).
Definition
ownRL
(
r
:
RL
.
res
)
:
Props
:
=
ownR
(
pcm_unit
_
,
r
).
(** Proper ghost state: ownership of logical w/ possibility of undefined **)
Definition
ownL
(
r
:
option
RL
.
res
)
:
Props
:
=
match
r
with

Some
r
=>
ownRL
r

None
=>
⊥
end
.
Lemma
ores_equiv_eq
(
r1
r2
:
option
res
)
(
HEq
:
r1
==
r2
)
:
r1
=
r2
.
Lemma
ores_equiv_eq
T
`
{
pcmT
:
PCM
T
}
(
r1
r2
:
option
T
)
(
HEq
:
r1
==
r2
)
:
r1
=
r2
.
Proof
.
destruct
r1
as
[
r1
]
;
destruct
r2
as
[
r2
]
;
try
contradiction
;
simpl
in
HEq
;
subst
;
reflexivity
.
Qed
.
Instance
logR_metr
:
metric
RL
.
res
:
=
discreteMetric
.
Instance
logR_cmetr
:
cmetric
RL
.
res
:
=
discreteCMetric
.
(** Proper ghost state: ownership of logical w/ possibility of undefined **)
Program
Definition
ownL
:
(
option
RL
.
res
)

n
>
Props
:
=
n
[(
fun
r
=>
match
r
with

Some
r
=>
ownRL
r

None
=>
⊥
end
)].
Next
Obligation
.
intros
r1
r2
EQr
;
apply
ores_equiv_eq
in
EQr
;
now
rewrite
EQr
.
Qed
.
Next
Obligation
.
intros
r1
r2
EQr
;
destruct
n
as
[
n
]
;
[
apply
dist_bound
].
destruct
r1
as
[
r1
]
;
destruct
r2
as
[
r2
]
;
try
contradiction
;
simpl
in
EQr
;
subst
;
reflexivity
.
Qed
.
(** Lemmas about box **)
Lemma
box_intro
p
q
(
Hpq
:
□
p
⊑
q
)
:
□
p
⊑
□
q
.
...
...
@@ 177,18 +187,23 @@ Module Iris (RP RL : PCM_T) (C : CORE_LANG RP).
exists
r
;
now
erewrite
comm
,
pcm_op_unit
by
apply
_
.
Qed
.
Lemma
box_top
:
⊤
==
□
⊤
.
Proof
.
intros
w
n
r
;
simpl
;
unfold
const
;
reflexivity
.
Qed
.
(** Ghost state ownership **)
Lemma
ownL_sc
(
u
t
:
option
RL
.
res
)
:
ownL
(
u
·
t
)%
pcm
==
ownL
u
*
ownL
t
.
Proof
.
intros
w
n
r
;
split
;
[
intros
Hut

intros
[
r1
[
r2
[
EQr
[
Hu
Ht
]
]
]
]
].

destruct
(
u
·
t
)%
pcm
as
[
ut
]
eqn
:
EQut
;
[
contradiction
].
do
1
3
red
in
Hut
;
rewrite
<
Hut
.
do
1
5
red
in
Hut
;
rewrite
<
Hut
.
destruct
u
as
[
u
]
;
[
now
erewrite
pcm_op_zero
in
EQut
by
apply
_
].
assert
(
HT
:
=
comm
(
Some
u
)
t
)
;
rewrite
EQut
in
HT
.
destruct
t
as
[
t
]
;
[
now
erewrite
pcm_op_zero
in
HT
by
apply
_
]
;
clear
HT
.
exists
(
pcm_unit
RP
.
res
,
u
)
(
pcm_unit
RP
.
res
,
t
).
split
;
[
unfold
pcm_op
,
res_op
,
pcm_op_prod

split
;
do
1
3
red
;
reflexivity
].
split
;
[
unfold
pcm_op
,
res_op
,
pcm_op_prod

split
;
do
1
5
red
;
reflexivity
].
now
erewrite
pcm_op_unit
,
EQut
by
apply
_
.

destruct
u
as
[
u
]
;
[
contradiction
]
;
destruct
t
as
[
t
]
;
[
contradiction
].
destruct
Hu
as
[
ru
EQu
]
;
destruct
Ht
as
[
rt
EQt
].
...
...
@@ 302,6 +317,13 @@ Module Iris (RP RL : PCM_T) (C : CORE_LANG RP).
apply
HR
;
[
reflexivity

assumption
].
Qed
.
Lemma
erasure_not_empty
σ
m
r
s
w
k
(
HN
:
r
·
s
==
0
)
:
~
erasure
σ
m
r
s
w
(
S
k
)
tt
.
Proof
.
intros
[
HD
_
]
;
apply
ores_equiv_eq
in
HN
;
setoid_rewrite
HN
in
HD
.
now
apply
erase_state_nonzero
in
HD
.
Qed
.
End
Erasure
.
Notation
" p @ k "
:
=
((
p
:
UPred
())
k
tt
)
(
at
level
60
,
no
associativity
).
...
...
@@ 311,13 +333,6 @@ Module Iris (RP RL : PCM_T) (C : CORE_LANG RP).
Local
Open
Scope
pcm_scope
.
Local
Obligation
Tactic
:
=
intros
.
Lemma
erasure_not_empty
σ
m
r
s
w
k
(
HN
:
r
·
s
==
0
)
:
~
erasure
σ
m
r
s
w
@
S
k
.
Proof
.
intros
[
HD
_
]
;
apply
ores_equiv_eq
in
HN
;
setoid_rewrite
HN
in
HD
.
now
apply
erase_state_nonzero
in
HD
.
Qed
.
Program
Definition
preVS
(
m1
m2
:
mask
)
(
p
:
Props
)
(
w
:
Wld
)
:
UPred
res
:
=
mkUPred
(
fun
n
r
=>
forall
w1
rf
s
mf
σ
k
(
HSub
:
w
⊑
w1
)
(
HLe
:
k
<
n
)
(
HD
:
mf
#
m1
∪
m2
)
...
...
@@ 450,7 +465,7 @@ Qed.
destruct
HE
as
[
HES
[
rs
[
HE
HM
]
]
].
exists
w'
(
pcm_unit
_
)
(
Some
r
·
s
)
;
split
;
[
reflexivity

split
;
[
exact
I
]
].
assert
(
HR'
:
Some
r
·
rf
·
s
=
rf
·
(
Some
r
·
s
))
by
(
apply
ores_equiv_eq
;
rewrite
assoc
,
(
comm
rf
)
;
reflexivity
).
by
(
e
apply
ores_equiv_eq
;
rewrite
assoc
,
(
comm
rf
)
;
reflexivity
).
setoid_rewrite
HR'
in
HES
;
erewrite
pcm_op_unit
by
apply
_
.
split
;
[
assumption
].
remember
(
match
rs
i
with
Some
ri
=>
ri

None
=>
pcm_unit
_
end
)
as
ri
eqn
:
EQri
.
...
...
@@ 481,7 +496,7 @@ Qed.
[
erewrite
pcm_op_unit
in
EQR
by
apply
_;
discriminate
].
contradiction
(
erase_state_nonzero
σ
)
;
clear

HE
HES
EQrsi
EQR
.
assert
(
HH
:
rf
·
(
Some
r
·
s
)
=
0
)
;
[
clear
HES

rewrite
HH
in
HES
;
assumption
].
apply
ores_equiv_eq
;
rewrite
<
HE
,
erase_remove
by
eassumption
.
e
apply
ores_equiv_eq
;
rewrite
<
HE
,
erase_remove
by
eassumption
.
rewrite
(
assoc
(
Some
r
)),
(
comm
(
Some
r
)),
EQR
,
comm
.
erewrite
!
pcm_op_zero
by
apply
_;
reflexivity
.
Qed
.
...
...
@@ 542,13 +557,96 @@ Qed.
clear
;
intros
i
;
tauto
.
Qed
.
(* XXX: extra lemma *)
Lemma
valid_iff
p
:
valid
p
<>
(
⊤
⊑
p
).
Proof
.
split
;
intros
Hp
.

intros
w
n
r
_;
apply
Hp
.

intros
w
n
r
;
apply
Hp
;
exact
I
.
Qed
.
Lemma
vsFalse
m1
m2
:
valid
(
vs
m1
m2
⊥
⊥
).
Proof
.
intros
pw
nn
r
w
_;
clear
r
pw
.
intros
n
r
_
_
HB
;
contradiction
.
rewrite
valid_iff
,
box_top
.
unfold
vs
;
apply
box_intro
.
rewrite
<
and_impl
,
and_projR
.
apply
bot_false
.
Qed
.
Instance
LP_optres
(
P
:
option
RL
.
res
>
Prop
)
:
LimitPreserving
P
.
Proof
.
intros
σ
σ
c
HPc
;
simpl
;
unfold
option_compl
.
generalize
(@
eq_refl
_
(
σ
1
%
nat
)).
pattern
(
σ
1
%
nat
)
at
1
3
;
destruct
(
σ
1
%
nat
)
;
[
intros
HE
;
rewrite
HE
;
apply
HPc
].
intros
HE
;
simpl
;
unfold
discreteCompl
,
unSome
.
generalize
(@
eq_refl
_
(
σ
2
))
;
pattern
(
σ
2
)
at
1
3
;
destruct
(
σ
2
).
+
intros
HE'
;
rewrite
HE'
;
apply
HPc
.
+
intros
HE'
;
exfalso
;
specialize
(
σ
c
1
1
2
)%
nat
.
rewrite
<
HE
,
<
HE'
in
σ
c
;
contradiction
σ
c
;
auto
with
arith
.
Qed
.
Definition
ownLP
(
P
:
option
RL
.
res
>
Prop
)
:
{
s
:
option
RL
.
res

P
s
}

n
>
Props
:
=
ownL
<
M
<
inclM
.
Lemma
pcm_op_split
rp1
rp2
rp
sp1
sp2
sp
:
Some
(
rp1
,
sp1
)
·
Some
(
rp2
,
sp2
)
==
Some
(
rp
,
sp
)
<>
Some
rp1
·
Some
rp2
==
Some
rp
/\
Some
sp1
·
Some
sp2
==
Some
sp
.
Proof
.
unfold
pcm_op
at
1
,
res_op
at
2
,
pcm_op_prod
at
1
.
destruct
(
Some
rp1
·
Some
rp2
)
as
[
rp'
]
;
[
simpl
;
tauto
].
destruct
(
Some
sp1
·
Some
sp2
)
as
[
sp'
]
;
[
simpl
;
tauto
].
simpl
;
split
;
[
intros
[
EQ1
EQ2
]
;
subst
;
reflexivity
].
intros
EQ
;
inversion
EQ
;
tauto
.
Qed
.
Lemma
vsGhostUpd
m
rl
(
P
:
option
RL
.
res
>
Prop
)
(
HU
:
forall
rf
(
HD
:
rl
·
rf
<>
None
),
exists
sl
,
P
sl
/\
sl
·
rf
<>
None
)
:
valid
(
vs
m
m
(
ownL
rl
)
(
xist
(
ownLP
P
))).
Proof
.
unfold
ownLP
;
intros
_
_
_
w
_
n
[
rp'
rl'
]
_
_
HG
w'
;
intros
.
destruct
rl
as
[
rl
]
;
simpl
in
HG
;
[
contradiction
].
destruct
HG
as
[
[
rdp
rdl
]
EQr
]
;
rewrite
pcm_op_split
in
EQr
;
destruct
EQr
as
[
EQrp
EQrl
].
erewrite
comm
,
pcm_op_unit
in
EQrp
by
apply
_;
simpl
in
EQrp
;
subst
rp'
.
destruct
(
Some
(
rdp
,
rl'
)
·
rf
·
s
)
as
[
t
]
eqn
:
EQt
;
[
destruct
HE
as
[
HES
_
]
;
setoid_rewrite
EQt
in
HES
;
contradiction
(
erase_state_nonzero
σ
)
].
assert
(
EQt'
:
Some
(
rdp
,
rl'
)
·
rf
·
s
==
Some
t
)
by
(
rewrite
EQt
;
reflexivity
).
clear
EQt
;
rename
EQt'
into
EQt
.
destruct
rf
as
[
[
rfp
rfl
]
]
;
[
now
erewrite
(
comm
_
0
),
!
pcm_op_zero
in
EQt
by
apply
_
].
destruct
s
as
[
[
sp
sl
]
]
;
[
now
erewrite
(
comm
_
0
),
pcm_op_zero
in
EQt
by
apply
_
].
destruct
(
Some
(
rdp
,
rl'
)
·
Some
(
rfp
,
rfl
))
as
[
[
rdfp
rdfl
]
]
eqn
:
EQdf
;
setoid_rewrite
EQdf
in
EQt
;
[
now
erewrite
pcm_op_zero
in
EQt
by
apply
_
].
destruct
(
HU
(
Some
rdl
·
Some
rfl
·
Some
sl
))
as
[
rsl
[
HPrsl
HCrsl
]
].

intros
HEq
;
destruct
t
as
[
tp
tl
]
;
apply
pcm_op_split
in
EQt
;
destruct
EQt
as
[
_
EQt
].
assert
(
HT
:
Some
(
rdp
,
rl'
)
·
Some
(
rfp
,
rfl
)
==
Some
(
rdfp
,
rdfl
))
by
(
rewrite
EQdf
;
reflexivity
)
;
clear
EQdf
.
apply
pcm_op_split
in
HT
;
destruct
HT
as
[
_
EQdf
].
now
rewrite
<
EQdf
,
<
EQrl
,
(
comm
(
Some
rdl
)),
<
(
assoc
(
Some
rl
)),
<
assoc
,
HEq
in
EQt
.

destruct
(
rsl
·
Some
rdl
)
as
[
rsl'
]
eqn
:
EQrsl
;
[
contradiction
HCrsl
;
eapply
ores_equiv_eq
;
now
erewrite
!
assoc
,
EQrsl
,
!
pcm_op_zero
by
apply
_
].
exists
w'
(
rdp
,
rsl'
)
(
Some
(
sp
,
sl
))
;
split
;
[
reflexivity

split
].
+
exists
(
exist
_
rsl
HPrsl
)
;
destruct
rsl
as
[
rsl
]
;
[
simpl

now
erewrite
pcm_op_zero
in
EQrsl
by
apply
_
].
exists
(
rdp
,
rdl
)
;
rewrite
pcm_op_split
.
split
;
[
now
erewrite
comm
,
pcm_op_unit
by
apply
_

now
rewrite
comm
,
EQrsl
].
+
destruct
HE
as
[
HES
HEL
]
;
split
;
[
assumption
]
;
clear
HEL
.
assert
(
HT
:
=
ores_equiv_eq
_
_
_
EQt
)
;
setoid_rewrite
EQdf
in
HES
;
setoid_rewrite
HT
in
HES
;
clear
HT
;
destruct
t
as
[
tp
tl
].
destruct
(
rsl
·
(
Some
rdl
·
Some
rfl
·
Some
sl
))
as
[
tl'
]
eqn
:
EQtl
;
[
now
contradiction
HCrsl
]
;
clear
HCrsl
.
assert
(
HT
:
Some
(
rdp
,
rsl'
)
·
Some
(
rfp
,
rfl
)
·
Some
(
sp
,
sl
)
=
Some
(
tp
,
tl'
))
;
[
setoid_rewrite
HT
;
apply
HES
].
rewrite
<
EQdf
,
<
assoc
in
EQt
;
clear
EQdf
;
eapply
ores_equiv_eq
;
rewrite
<
assoc
.
destruct
(
Some
(
rfp
,
rfl
)
·
Some
(
sp
,
sl
))
as
[
[
up
ul
]
]
eqn
:
EQu
;
setoid_rewrite
EQu
in
EQt
;
[
now
erewrite
comm
,
pcm_op_zero
in
EQt
by
apply
_
].
apply
pcm_op_split
in
EQt
;
destruct
EQt
as
[
EQt
_
]
;
apply
pcm_op_split
;
split
;
[
assumption
].
assert
(
HT
:
Some
rfl
·
Some
sl
==
Some
ul
)
;
[
now
rewrite
<
EQrsl
,
<
EQtl
,
<
HT
,
!
assoc
].
apply
(
proj2
(
A
:
=
Some
rfp
·
Some
sp
==
Some
up
)),
pcm_op_split
.
now
erewrite
EQu
.
Qed
.
(* The above proof is rather ugly in the way it handles the monoid elements,
but it works *)
Global
Instance
nat_type
:
Setoid
nat
:
=
discreteType
.
Global
Instance
nat_metr
:
metric
nat
:
=
discreteMetric
.
Global
Instance
nat_cmetr
:
cmetric
nat
:
=
discreteCMetric
.
...
...
@@ 583,10 +681,6 @@ Qed.
apply
Le
.
le_n_S
,
SS_last_le
;
assumption
.
Qed
.
(* XXX: move up to definitions *)
Definition
injProp
(
P
:
Prop
)
:
Props
:
=
pcmconst
(
up_cr
(
const
P
)).
Instance
LP_mask
m
:
LimitPreserving
m
.
Proof
.
intros
σ
σ
c
Hp
;
apply
Hp
.
...
...
@@ 609,7 +703,7 @@ Qed.
unfold
proj1_sig
;
rewrite
fdUpdate_eq
;
reflexivity
.

erewrite
pcm_op_unit
by
apply
_
.
assert
(
HR
:
rf
·
(
Some
r
·
s
)
=
Some
r
·
rf
·
s
)
by
(
apply
ores_equiv_eq
;
rewrite
assoc
,
(
comm
rf
)
;
reflexivity
).
by
(
e
apply
ores_equiv_eq
;
rewrite
assoc
,
(
comm
rf
)
;
reflexivity
).
destruct
HE
as
[
HES
[
rs
[
HE
HM
]
]
].
split
;
[
setoid_rewrite
HR
;
assumption

clear
HR
].
assert
(
HRi
:
rs
i
=
None
).
...
...
@@ 626,7 +720,9 @@ Qed.
apply
HM
;
assumption
.
Qed
.
(* XXX missing statements: NewGhost, GhostUpd, VSTimeless *)
(* XXX missing statements: GhostUpd, VSTimeless *)
End
ViewShiftProps
.
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment