Commit 52beec17 authored by Ralf Jung's avatar Ralf Jung

remove failing part of coin_flip; remove atomic_snapshot

Snapshot will re-appear in iris-examples eventually
parent 8eea9afe
......@@ -98,8 +98,6 @@ theories/heap_lang/lib/coin_flip.v
theories/heap_lang/lib/counter.v
theories/heap_lang/lib/atomic_heap.v
theories/heap_lang/lib/increment.v
theories/heap_lang/lib/atomic_snapshot.v
theories/heap_lang/lib/atomic_snapshot_spec.v
theories/proofmode/base.v
theories/proofmode/tokens.v
theories/proofmode/coq_tactics.v
......
This diff is collapsed.
From iris.algebra Require Import excl auth list.
From iris.heap_lang Require Export lifting notation.
From iris.base_logic.lib Require Export invariants.
From iris.program_logic Require Export atomic.
From iris.proofmode Require Import tactics.
From iris.heap_lang Require Import proofmode notation par.
From iris.bi.lib Require Import fractional.
Set Default Proof Using "Type".
(** Specifying snapshots with histories
Implementing atomic pair snapshot data structure from Sergey et al. (ESOP 2015) *)
Section atomic_snapshot_spec.
Record atomic_snapshot {Σ} `{!heapG Σ} := AtomicSnapshot {
newPair : val;
writeX : val;
writeY : val;
readPair : val;
(* other data *)
name: Type;
(* predicates *)
is_pair (N : namespace) (γ : name) (p : val) : iProp Σ;
pair_content (γ : name) (a: val * val) : iProp Σ;
(* predicate properties *)
is_pair_persistent N γ p : Persistent (is_pair N γ p);
pair_content_timeless γ a : Timeless (pair_content γ a);
pair_content_exclusive γ a1 a2 :
pair_content γ a1 - pair_content γ a2 - False;
(* specs *)
newPair_spec N (e : expr) (v1 v2 : val) :
IntoVal e (v1, v2) ->
{{{ True }}} newPair e {{{ γ p, RET p; is_pair N γ p pair_content γ (v1, v2) }}};
writeX_spec N e (v: val) p γ :
IntoVal e v ->
is_pair N γ p -
<<< v1 v2 : val, pair_content γ (v1, v2) >>>
writeX (p, e)
@ ∖↑N
<<< pair_content γ (v, v2), RET #() >>>;
writeY_spec N e (v: val) p γ:
IntoVal e v ->
is_pair N γ p -
<<< v1 v2 : val, pair_content γ (v1, v2) >>>
writeY (p, e)
@ ∖↑N
<<< pair_content γ (v1, v), RET #() >>>;
readPair_spec N γ p :
is_pair N γ p -
<<< v1 v2 : val, pair_content γ (v1, v2) >>>
readPair p
@ ∖↑N
<<< pair_content γ (v1, v2), RET (v1, v2) >>>;
}.
End atomic_snapshot_spec.
......@@ -16,19 +16,21 @@ Definition rand: val :=
Fork ("y" <- #true) ;;
!"y".
Definition earlyChoice: val :=
λ: "x",
let: "r" := rand #() in
"x" <- #0 ;;
"r".
Section coinflip.
Definition earlyChoice: val :=
λ: "x",
let: "r" := rand #() in
"x" <- #0 ;;
"r".
Definition lateChoice: val :=
λ: "x",
"x" <- #0 ;;
rand #().
Definition lateChoice: val :=
λ: "x",
let: "p" := new prophecy in
"x" <- #0 ;;
let: "r" := rand #() in
resolve "p" to "r" ;;
"r".
Section coinflip.
Context `{!heapG Σ} (N: namespace).
Lemma rand_spec :
......@@ -60,49 +62,15 @@ Section coinflip.
iModIntro. wp_seq. done.
Qed.
(* lateChoice can currently not be proved in Iris *)
Lemma lateChoice_spec (x: loc) :
<<< x - >>>
lateChoice #x
@
<<< (b: bool), x #0, RET #b >>>.
Proof using N.
iApply wp_atomic_intro. iIntros (Φ) "AU". wp_lam.
wp_bind (_ <- _)%E.
iMod "AU" as "[Hl [_ Hclose]]".
iDestruct "Hl" as (v) "Hl".
wp_store.
(* now we have to "predict" the value of b, which is the result of calling rand.
but we can't know at this point what that value is. *)
iMod ("Hclose" $! true with "[Hl]") as "AU"; first by eauto.
iModIntro. wp_seq.
iApply rand_spec; first done.
iIntros (b) "!> _".
Abort.
End coinflip.
Section coinflip_with_prophecy.
Context `{!heapG Σ} (N: namespace).
Definition val_to_bool v : bool :=
match v with
| Some (LitV (LitBool b)) => b
| _ => true
end.
Definition lateChoice_proph: val :=
λ: "x",
let: "p" := new prophecy in
"x" <- #0 ;;
let: "r" := rand #() in
resolve "p" to "r" ;;
"r".
Lemma lateChoice_proph_spec (x: loc) :
Lemma lateChoice_spec (x: loc) :
<<< x - >>>
lateChoice_proph #x
lateChoice #x
@
<<< (b: bool), x #0, RET #b >>>.
Proof using N.
......@@ -121,4 +89,4 @@ Section coinflip_with_prophecy.
iNext. iIntros (->). wp_seq. done.
Qed.
End coinflip_with_prophecy.
End coinflip.
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment