Commit e9c6a8ea authored by Ralf Jung's avatar Ralf Jung
Browse files

strengthen auth and heap rules to only require the assertion under a later

Whenever clients get this stuff out of invariants, this is much more convenient for them, compared to applying timelessness themselves.
On the other hand, this makes the test proofs slightly more annoying, since they have to manually strip away that later. I am not sure if it is worth having separate lemmas (well, tactics, soon) for that.
Eventually, we should have a tactic which, given "... * P * ... |- ... * \later^n P * ...", automatically gets rid of the P.
parent 7c67bcc2
...@@ -97,7 +97,7 @@ Section heap. ...@@ -97,7 +97,7 @@ Section heap.
{ by rewrite -pvs_frame_r -(auth_empty E γ) left_id. } { by rewrite -pvs_frame_r -(auth_empty E γ) left_id. }
apply wp_strip_pvs, (auth_fsa (heap_inv HeapI) (wp_fsa (Alloc e))) apply wp_strip_pvs, (auth_fsa (heap_inv HeapI) (wp_fsa (Alloc e)))
with N γ ; simpl; eauto with I. with N γ ; simpl; eauto with I.
apply sep_mono_r, forall_intro=> h; apply wand_intro_l. rewrite -later_intro. apply sep_mono_r,forall_intro=> h; apply wand_intro_l.
rewrite -assoc left_id; apply const_elim_sep_l=> ?. rewrite -assoc left_id; apply const_elim_sep_l=> ?.
rewrite {1}[(ownP _)%I]pvs_timeless pvs_frame_r; apply wp_strip_pvs. rewrite {1}[(ownP _)%I]pvs_timeless pvs_frame_r; apply wp_strip_pvs.
rewrite /wp_fsa -(wp_alloc_pst _ (of_heap h)) //. rewrite /wp_fsa -(wp_alloc_pst _ (of_heap h)) //.
...@@ -116,13 +116,13 @@ Section heap. ...@@ -116,13 +116,13 @@ Section heap.
Lemma wp_load N E γ l v P Q : Lemma wp_load N E γ l v P Q :
nclose N E nclose N E
P heap_ctx HeapI γ N P heap_ctx HeapI γ N
P (heap_mapsto HeapI γ l v (heap_mapsto HeapI γ l v - Q v)) P ( heap_mapsto HeapI γ l v (heap_mapsto HeapI γ l v - Q v))
P wp E (Load (Loc l)) Q. P wp E (Load (Loc l)) Q.
Proof. Proof.
rewrite /heap_ctx /heap_inv /heap_mapsto=>HN ? HPQ. rewrite /heap_ctx /heap_inv /heap_mapsto=>HN ? HPQ.
apply (auth_fsa' (heap_inv HeapI) (wp_fsa _) id) apply (auth_fsa' (heap_inv HeapI) (wp_fsa _) id)
with N γ {[ l Excl v ]}; simpl; eauto with I. with N γ {[ l Excl v ]}; simpl; eauto with I.
rewrite HPQ{HPQ}; apply sep_mono_r, forall_intro=> h; apply wand_intro_l. rewrite HPQ{HPQ}. apply sep_mono_r, forall_intro=> h; apply wand_intro_l.
rewrite -assoc; apply const_elim_sep_l=> ?. rewrite -assoc; apply const_elim_sep_l=> ?.
rewrite {1}[(ownP _)%I]pvs_timeless pvs_frame_r; apply wp_strip_pvs. rewrite {1}[(ownP _)%I]pvs_timeless pvs_frame_r; apply wp_strip_pvs.
rewrite -(wp_load_pst _ (<[l:=v]>(of_heap h))) ?lookup_insert //. rewrite -(wp_load_pst _ (<[l:=v]>(of_heap h))) ?lookup_insert //.
...@@ -135,7 +135,7 @@ Section heap. ...@@ -135,7 +135,7 @@ Section heap.
Lemma wp_store N E γ l v' e v P Q : Lemma wp_store N E γ l v' e v P Q :
to_val e = Some v nclose N E to_val e = Some v nclose N E
P heap_ctx HeapI γ N P heap_ctx HeapI γ N
P (heap_mapsto HeapI γ l v' P ( heap_mapsto HeapI γ l v'
(heap_mapsto HeapI γ l v - Q (LitV LitUnit))) (heap_mapsto HeapI γ l v - Q (LitV LitUnit)))
P wp E (Store (Loc l) e) Q. P wp E (Store (Loc l) e) Q.
Proof. Proof.
...@@ -157,7 +157,7 @@ Section heap. ...@@ -157,7 +157,7 @@ Section heap.
to_val e1 = Some v1 to_val e2 = Some v2 v' v1 to_val e1 = Some v1 to_val e2 = Some v2 v' v1
nclose N E nclose N E
P heap_ctx HeapI γ N P heap_ctx HeapI γ N
P (heap_mapsto HeapI γ l v' P ( heap_mapsto HeapI γ l v'
(heap_mapsto HeapI γ l v' - Q (LitV (LitBool false)))) (heap_mapsto HeapI γ l v' - Q (LitV (LitBool false))))
P wp E (Cas (Loc l) e1 e2) Q. P wp E (Cas (Loc l) e1 e2) Q.
Proof. Proof.
...@@ -178,7 +178,7 @@ Section heap. ...@@ -178,7 +178,7 @@ Section heap.
to_val e1 = Some v1 to_val e2 = Some v2 to_val e1 = Some v1 to_val e2 = Some v2
nclose N E nclose N E
P heap_ctx HeapI γ N P heap_ctx HeapI γ N
P (heap_mapsto HeapI γ l v1 P ( heap_mapsto HeapI γ l v1
(heap_mapsto HeapI γ l v2 - Q (LitV (LitBool true)))) (heap_mapsto HeapI γ l v2 - Q (LitV (LitBool true))))
P wp E (Cas (Loc l) e1 e2) Q. P wp E (Cas (Loc l) e1 e2) Q.
Proof. Proof.
......
...@@ -35,14 +35,14 @@ Section LiftingTests. ...@@ -35,14 +35,14 @@ Section LiftingTests.
rewrite -later_intro; apply forall_intro=>l; apply wand_intro_l. rewrite -later_intro; apply forall_intro=>l; apply wand_intro_l.
wp_rec. wp_rec.
wp_focus (! LocV l)%L. wp_focus (! LocV l)%L.
eapply wp_load; eauto with I; []. apply sep_mono_r. eapply wp_load; eauto with I; []. rewrite -later_intro. apply sep_mono_r.
rewrite -later_intro; apply wand_intro_l. rewrite -later_intro; apply wand_intro_l.
wp_bin_op. wp_bin_op.
wp_focus (_ <- _)%L. wp_focus (_ <- _)%L.
eapply wp_store; eauto with I; []. apply sep_mono_r. eapply wp_store; eauto with I; []. rewrite -later_intro. apply sep_mono_r.
rewrite -later_intro. apply wand_intro_l. rewrite -later_intro. apply wand_intro_l.
wp_rec. wp_rec.
eapply wp_load; eauto with I; []. apply sep_mono; first done. eapply wp_load; eauto with I; []. rewrite -later_intro. apply sep_mono_r.
rewrite -later_intro. apply wand_intro_l. rewrite -later_intro. apply wand_intro_l.
by apply const_intro. by apply const_intro.
Qed. Qed.
......
...@@ -100,7 +100,7 @@ Section auth. ...@@ -100,7 +100,7 @@ Section auth.
fsaV fsaV
nclose N E nclose N E
P auth_ctx AuthI γ N φ P auth_ctx AuthI γ N φ
P (auth_own AuthI γ a a', P ( auth_own AuthI γ a a',
(a a') φ (a a') - (a a') φ (a a') -
fsa (E nclose N) (λ x, L Lv (Hup : LocalUpdate Lv L), fsa (E nclose N) (λ x, L Lv (Hup : LocalUpdate Lv L),
(Lv a (L a a')) φ (L a a') (Lv a (L a a')) φ (L a a')
...@@ -110,6 +110,8 @@ Section auth. ...@@ -110,6 +110,8 @@ Section auth.
rewrite /auth_ctx=>? HN Hinv Hinner. rewrite /auth_ctx=>? HN Hinv Hinner.
eapply (inv_fsa fsa); eauto. rewrite Hinner=>{Hinner Hinv P HN}. eapply (inv_fsa fsa); eauto. rewrite Hinner=>{Hinner Hinv P HN}.
apply wand_intro_l. rewrite assoc. apply wand_intro_l. rewrite assoc.
rewrite (pvs_timeless (E N)) pvs_frame_l pvs_frame_r.
apply (fsa_strip_pvs fsa).
rewrite (auth_opened (E N)) !pvs_frame_r !sep_exist_r. rewrite (auth_opened (E N)) !pvs_frame_r !sep_exist_r.
apply (fsa_strip_pvs fsa). apply exist_elim=>a'. apply (fsa_strip_pvs fsa). apply exist_elim=>a'.
rewrite (forall_elim a'). rewrite [(_ _)%I]comm. rewrite (forall_elim a'). rewrite [(_ _)%I]comm.
...@@ -130,7 +132,7 @@ Section auth. ...@@ -130,7 +132,7 @@ Section auth.
fsaV fsaV
nclose N E nclose N E
P auth_ctx AuthI γ N φ P auth_ctx AuthI γ N φ
P (auth_own AuthI γ a ( a', P ( auth_own AuthI γ a ( a',
(a a') φ (a a') - (a a') φ (a a') -
fsa (E nclose N) (λ x, fsa (E nclose N) (λ x,
(Lv a (L a a')) φ (L a a') (Lv a (L a a')) φ (L a a')
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment