Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
T
tutorialpopl18
Project overview
Project overview
Details
Activity
Releases
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Shabnam Ghasemirad
tutorialpopl18
Commits
16a8dd51
Commit
16a8dd51
authored
Oct 27, 2019
by
Shabnam Ghasemirad
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Proof almost finished
parent
033b99da
Changes
1
Hide whitespace changes
Inline
Sidebyside
Showing
1 changed file
with
110 additions
and
35 deletions
+110
35
exercises/queuespec.v
exercises/queuespec.v
+110
35
No files found.
exercises/queuespec.v
View file @
16a8dd51
...
...
@@ 64,26 +64,84 @@ Section MSQueue.
Context
(
P
:
Z
→
iProp
Σ
).
Fixpoint
link_inv
(
L
:
list
(
loc
*
Z
)
)
:
iProp
Σ
:
=
Fixpoint
link_inv
'
(
L
:
list
(
loc
*
Z
))
(
next_link
:
base_lit
)
:
iProp
Σ
:
=
(
match
L
with

[]
=>
True

(
h
,
d
)
::
L'
=>
match
L'
with

[]
=>
h
↦
#
0

(
l
,
v
)
::
L''
=>
h
↦
#
l
∗
link_inv
L'
end

[(
h
,
_
)]
=>
h
↦
#
next_link

(
h
,
_
)
::
((
l
,
_
)
::
_
)
as
L'
=>
h
↦
#
l
∗
link_inv'
L'
next_link
end
)%
I
.
Definition
link_inv
(
L
:
list
(
loc
*
Z
))
:
iProp
Σ
:
=
link_inv'
L
0
.
Lemma
tail_recursive_expansion
(
L
:
list
(
loc
*
Z
))
:
L
=
[]
∨
(
∃
L'
t
v
,
L
=
L'
++
[(
t
,
v
)]).
Proof
.
induction
L
as
[(
t'
,
v'
)]
;
auto
.
right
.
destruct
IHL
.

rewrite
H
.
by
exists
nil
,
t'
,
v'
.

destruct
H
as
[
L'
[
t
[
v
]]].
rewrite
H
.
by
exists
((
t'
,
v'
)
::
L'
),
t
,
v
.
Qed
.
Lemma
link_inv_expand
(
L
L'
:
list
(
loc
*
Z
))
(
l
:
loc
)
(
v
:
Z
)
(
nl
:
base_lit
)
:
(
link_inv'
L
nl
→
⌜
L
=
L'
++
[(
l
,
v
)]
⌝
→
link_inv'
L'
l
∗
l
↦
#
nl
)%
I
.
Proof
.
iInduction
L'
as
[[
l'
v'
]
L'
]
"IH"
forall
(
L
)
;
iIntros
"H %"
.

iSplitR
.
done
.
rewrite
app_nil_l
in
a
.
by
rewrite
a
.

rewrite
a
.
replace
(((
l'
,
v'
)
::
L'
)
++
[(
l
,
v
)])
with
((
l'
,
v'
)
::
(
L'
++
[(
l
,
v
)]))
by
done
.
destruct
L'
as
[[
l''
v''
]
L'
].
+
rewrite
app_nil_l
.
iDestruct
"H"
as
"(Hl & Hr)"
.
iFrame
.
+
iDestruct
"H"
as
"(H & H2)"
.
iDestruct
(
"IH"
with
"[H2]"
)
as
"IH'"
.
(*iApply "H2".*)
admit
.
iFrame
.
by
iApply
"IH'"
.
Admitted
.
Lemma
link_inv_expand_rev
(
L
L'
:
list
(
loc
*
Z
))
(
l
:
loc
)
(
v
:
Z
)
(
nl
:
base_lit
)
:
(
link_inv'
L'
l
∗
l
↦
#
nl
→
⌜
L
=
L'
++
[(
l
,
v
)]
⌝
→
link_inv'
L
nl
)%
I
.
Proof
.
iInduction
L'
as
[[
l'
v'
]
L'
]
"IH"
forall
(
L
)
;
iIntros
"H %"
;
rewrite
a
.

rewrite
app_nil_l
.
by
iDestruct
"H"
as
"(_ & H)"
.

replace
(((
l'
,
v'
)
::
L'
)
++
[(
l
,
v
)])
with
((
l'
,
v'
)
::
(
L'
++
[(
l
,
v
)]))
by
done
.
destruct
L'
as
[[
l''
v''
]
L'
].
+
by
rewrite
app_nil_l
.
+
iDestruct
"H"
as
"((H & H2) & H3)"
.
iDestruct
(
"IH"
with
"[H2 H3]"
)
as
"IH'"
.
iFrame
.
iFrame
.
by
iApply
"IH'"
.
Qed
.
Fixpoint
value_inv
(
Lin
:
list
(
loc
*
Z
))
:
iProp
Σ
:
=
(
match
Lin
with

[]
=>
True

(
l
,
v
)
::
L'
=>
(
l
+
ₗ
1
)
↦
#
v
∗
P
(
v
)
∗
value_inv
L'

[]
=>
True

(
l
,
v
)
::
L'
=>
(
l
+
ₗ
1
)
↦
#
v
∗
P
(
v
)
∗
value_inv
L'
end
)%
I
.
Lemma
value_inv_rev_expand
(
L
L'
:
list
(
loc
*
Z
))
(
l
:
loc
)
(
v
:
Z
)
:
(
value_inv
L
→
⌜
L
=
L'
++
[(
l
,
v
)]
⌝
→
value_inv
L'
∗
(
l
+
ₗ
1
)
↦
#
v
∗
P
(
v
))%
I
.
Proof
.
iInduction
L'
as
[[
l'
v'
]
L''
]
"IH"
forall
(
L
).

iIntros
"H %"
.
iSplitR
.
done
.
rewrite
app_nil_l
in
a
.
rewrite
a
.
iDestruct
"H"
as
"(H1 & H2 & _)"
.
iFrame
.

iIntros
"H %"
.
rewrite
a
.
replace
(((
l'
,
v'
)
::
L''
)
++
[(
l
,
v
)])
with
((
l'
,
v'
)
::
(
L''
++
[(
l
,
v
)]))
by
done
.
iDestruct
"H"
as
"(Hl & HPv & Hr)"
.
iFrame
.
iDestruct
(
"IH"
with
"Hr"
)
as
"IH'"
.
by
iApply
"IH'"
.
Qed
.
Lemma
value_inv_rev_expand_rev
(
L
L'
:
list
(
loc
*
Z
))
(
l
:
loc
)
(
v
:
Z
)
:
(
value_inv
L'
∗
(
l
+
ₗ
1
)
↦
#
v
∗
P
(
v
)
→
⌜
L
=
L'
++
[(
l
,
v
)]
⌝
→
value_inv
L
)%
I
.
Proof
.
iInduction
L'
as
[[
l'
v'
]
L''
]
"IH"
forall
(
L
)
;
iIntros
"H %"
;
rewrite
a
.

rewrite
app_nil_l
.
iDestruct
"H"
as
"(_ & H1 & H2)"
.
iFrame
.

replace
(((
l'
,
v'
)
::
L''
)
++
[(
l
,
v
)])
with
((
l'
,
v'
)
::
(
L''
++
[(
l
,
v
)]))
by
done
.
iDestruct
"H"
as
"((H & H2 & H3) & H4 & H5)"
.
iDestruct
(
"IH"
with
"[H3 H4 H5]"
)
as
"IH'"
.
iFrame
.
iFrame
.
by
iApply
"IH'"
.
Qed
.
Definition
queue_inv_s
(
q
:
loc
)
(
γ
c
γ
p
:
gname
)
:
iProp
Σ
:
=
(
∃
(
h
t
:
loc
)
(
Lout
:
list
(
loc
*
Z
)),
q
↦
{
1
/
2
}
#
h
∗
(
q
+
ₗ
1
)
↦
{
1
/
2
}
#
t
∗
own
γ
c
(
●
(
Excl'
(
Lout
)))
∗
(
∃
(
Lin
Lout_rest
:
list
(
loc
*
Z
))
(
d
:
Z
),
⌜
Lout
=
Lout_rest
++
[(
h
,
d
)]
⌝
∗
own
γ
p
(
●
{
1
/
2
}
(
ListSome
(
Lout
++
Lin
)
:
my_master_cmra
))
∗
link_inv
([(
h
,
d
)]
++
Lin
)
∗
value_inv
Lin
)
⌜
Lout
=
Lout_rest
++
[(
h
,
d
)]
⌝
∗
own
γ
p
(
●
{
1
/
2
}
(
ListSome
(
Lout
++
Lin
)
:
my_master_cmra
))
∗
link_inv
([(
h
,
d
)]
++
Lin
)
∗
value_inv
Lin
)
)%
I
.
Definition
queueN
:
namespace
:
=
nroot
.@
"queue"
.
...
...
@@ 112,7 +170,8 @@ Section MSQueue.
iDestruct
"Hh"
as
"[Hhq Hhc]"
.
iDestruct
"Ht"
as
"(Htq & Htp)"
.
iMod
(
inv_alloc
queueN
_
(
queue_inv_s
q
γ
c
γ
p
)
with
"[Hhq Htq Hl Hγc● Hγp●1]"
)
as
"#Hinv"
.
{
iNext
.
iExists
_
,
_
,
_
.
iFrame
.
iExists
_
,
nil
,
0
.
iFrame
.
rewrite
app_nil_l
.
rewrite
app_nil_r
.
rewrite
loc_add_0
.
by
iFrame
.
}
{
iNext
.
iExists
_
,
_
,
_
.
iFrame
.
iExists
_
,
nil
,
0
.
iFrame
.
rewrite
app_nil_l
.
rewrite
app_nil_r
.
rewrite
loc_add_0
.
by
iFrame
.
}
iModIntro
.
iApply
"Post"
.
iExists
γ
c
,
γ
p
.
iSplitL
"Hinv"
.
iExists
q
.
eauto
.
...
...
@@ 158,37 +217,53 @@ Section MSQueue.
Proof
.
intros
.
iIntros
"(#Hq & Hp & Px) Post"
.
iDestruct
"Hq"
as
(
l
>)
"#Hinv"
.
iDestruct
"Hp"
as
(
t
vt
L
)
"[Htp Hγp●2]"
.
iDestruct
"Hp"
as
(
t
'
tv'
L
)
"[Htp Hγp●2]"
.
wp_lam
.
wp_let
.
wp_alloc
n
as
"(Hnl & Hnd)"
.
lia
.
rewrite
big_sepL_singleton
.
wp_let
.
wp_op
.
wp_store
.
wp_op
.
wp_load
.
wp_let
.
wp_op
.
wp_bind
(
_
<
_
)%
E
.
iInv
queueN
as
(
h
t
'
Lout
)
"(>Hhq & >Htq & >Hγc● & HL)"
"Hclose"
.
iInv
queueN
as
(
h
t
Lout
)
"(>Hhq & >Htq & >Hγc● & HL)"
"Hclose"
.
iDestruct
(
mapsto_agree
with
"Htp Htq"
)
as
%?.
symmetry
in
H
.
simplify_eq
.
iDestruct
"HL"
as
(
Lin
Lout_rest
d
)
"(>H & >Hγp●1 & Hl & Hv)"
.
iDestruct
"H"
as
%
H1
.
destruct
Lin
as
[[
l'
v
]
L'
]
eqn
:
HL
.

rewrite
app_nil_r
.
iDestruct
(
own_lat_auth_frac_agree
_
_
_
_
_
_
with
"[Hγp●1 Hγp●2]"
)
as
%
H2
.
iCombine
"Hγp●1"
"Hγp●2"
as
"Hγp●"
.
iFrame
.
rewrite
H1
in
H2
.
apply
app_inj_tail
in
H2
as
[
H2
H3
].
inversion
H3
.
simplify_eq
.
rewrite
app_nil_r
.
iDestruct
"Hl"
as
">Htl"
.
unfold
link_inv
.
rewrite
loc_add_0
.
wp_store
.
iClear
"Hv"
.
iCombine
"Hγp●1"
"Hγp●2"
as
"Hγp●"
.
iMod
(@
own_lat_auth_update
(
leibnizO
(
loc
*
Z
))
_
_
_
_
_
_
(
Lout_rest
++
[(
h
,
d
)]
++
[(
n
,
x
)])
_
with
"Hγp●"
)
as
"[[Hγp●1 Hγp●2] _]"
.
iMod
(
"Hclose"
with
"[Hhq Htq Htl Hnl Hnd Hγc● Hγp●1 Px]"
)
as
"_"
.
{
iNext
.
iExists
_
,
_
,
_
.
iFrame
.
iExists
_
,
Lout_rest
,
d
.
rewrite
app_assoc
.
iFrame
.
rewrite
loc_add_0
.
by
iFrame
.
}
iModIntro
.
wp_seq
.
wp_op
.
wp_bind
(
_
<
_
)%
E
.
iInv
queueN
as
(
h'
t
Lout'
)
"(>Hhq & >Htq & >Hγc● & HL)"
"Hclose"
.
iDestruct
(
mapsto_agree
with
"Htp Htq"
)
as
%?.
simplify_eq
.
iCombine
"Htp"
"Htq"
as
"Ht"
.
wp_store
.
iDestruct
"Ht"
as
"[Htp Htq]"
.
iMod
(
"Hclose"
with
"[Hhq Htq Hγc● HL]"
)
as
"_"
.
{
iNext
.
iExists
_
,
_
,
_
.
iFrame
.
}
iModIntro
.
wp_seq
.
iApply
"Post"
.
iSplitL
.
rewrite
app_assoc
.
iExists
_
,
x
,
(
Lout_rest
++
[(
t
,
d
)]).
iFrame
.
by
iLeft
.

admit
.
Admitted
.
iDestruct
"HL"
as
(
Lin
Lout_rest
d
)
"(>H1 & >Hγp●1 & Hl & Hv)"
.
iDestruct
"H1"
as
%
H1
.
assert
(
H2
:
∃
L_rest
t
tv
,
[(
h
,
d
)]
++
Lin
=
L_rest
++
[(
t
,
tv
)]).
{
destruct
(
tail_recursive_expansion
Lin
).
rewrite
H
.
by
exists
nil
,
h
,
d
.
destruct
H
as
[
L'
[
t
[
v
]]].
rewrite
H
.
by
exists
([(
h
,
d
)]
++
L'
),
t
,
v
.
}
destruct
H2
as
[
L_rest
[
t
[
tv
]]].
iDestruct
(
own_lat_auth_frac_agree
_
_
_
_
_
_
with
"[Hγp●1 Hγp●2]"
)
as
%
H3
.
{
iCombine
"Hγp●1"
"Hγp●2"
as
"Hγp●"
.
iFrame
.
}
rewrite
H1
in
H3
.
rewrite
<
app_assoc
in
H3
.
rewrite
H
in
H3
.
rewrite
app_assoc
in
H3
.
apply
app_inj_tail
in
H3
as
[
H2
H3
].
inversion
H3
.
simplify_eq
.
rewrite
<
app_assoc
.
rewrite
<
app_assoc
.
rewrite
H
.
iCombine
"Hγp●1"
"Hγp●2"
as
"Hγp●"
.
iAssert
(
▷
(
link_inv'
L_rest
t
∗
t
↦
#
0
))%
I
with
"[Hl]"
as
"Ht"
.
{
destruct
L_rest
as
[[
l'
v
]
L'
]
eqn
:
HL
.

rewrite
app_nil_l
in
H
.
inversion
H
.
rewrite
app_nil_l
.
iFrame
.

iDestruct
(
link_inv_expand
with
"Hl"
)
as
"Hl"
.
by
iApply
"Hl"
.
}
iDestruct
"Ht"
as
"[Hl Ht]"
.
rewrite
loc_add_0
.
wp_store
.
iMod
(@
own_lat_auth_update
(
leibnizO
(
loc
*
Z
))
_
_
_
_
_
_
(
Lout_rest
++
[(
h
,
d
)]
++
Lin
++
[(
n
,
x
)])
_
with
"Hγp●"
)
as
"[[Hγp●1 Hγp●2] _]"
.
iMod
(
"Hclose"
with
"[Hhq Htq Ht Hl Hv Hnl Hnd Hγc● Hγp●1 Px]"
)
as
"_"
.
{
iNext
.
iExists
_
,
_
,
_
.
iFrame
.
iExists
(
Lin
++
[(
n
,
x
)]),
Lout_rest
,
d
.
rewrite
app_assoc
.
iFrame
.
rewrite
app_assoc
.
rewrite
H
.
rewrite
loc_add_0
.
iDestruct
(
value_inv_rev_expand_rev
(
Lin
++
[(
n
,
x
)])
Lin
n
x
)
as
"Hvalue"
.
iDestruct
(
"Hvalue"
with
"[Hv Hnd Px]"
)
as
"Hv"
.
by
iFrame
.
iDestruct
(
link_inv_expand_rev
((
L_rest
++
[(
t
,
tv
)])
++
[(
n
,
x
)])
(
L_rest
++
[(
t
,
tv
)])
n
x
0
)
as
"Hlink"
.
iDestruct
(
link_inv_expand_rev
(
L_rest
++
[(
t
,
tv
)])
L_rest
t
tv
n
)
as
"Hlink'"
.
iDestruct
(
"Hlink'"
with
"[Hl Ht]"
)
as
"Hl"
.
iFrame
.
iDestruct
(
"Hlink"
with
"[Hl Hnl]"
)
as
"Hl"
.
iFrame
.
by
iApply
"Hl"
.
iSplitR
.
done
.
iSplitL
"Hl"
.
by
iApply
"Hl"
.
by
iApply
"Hv"
.
}
iModIntro
.
wp_seq
.
wp_op
.
wp_bind
(
_
<
_
)%
E
.
iInv
queueN
as
(
h'
t'
Lout'
)
"(>Hhq & >Htq & >Hγc● & HL)"
"Hclose"
.
iDestruct
(
mapsto_agree
with
"Htp Htq"
)
as
%?.
simplify_eq
.
iCombine
"Htp"
"Htq"
as
"Ht"
.
wp_store
.
iDestruct
"Ht"
as
"[Htp Htq]"
.
iMod
(
"Hclose"
with
"[Hhq Htq Hγc● HL]"
)
as
"_"
.
{
iNext
.
iExists
_
,
_
,
_
.
iFrame
.
}
iModIntro
.
wp_seq
.
iApply
"Post"
.
iSplitL
.
rewrite
app_assoc
.
iExists
_
,
x
,
(
Lout_rest
++
[(
h
,
d
)]
++
Lin
).
rewrite
app_assoc
.
rewrite
app_assoc
.
iFrame
.
by
iLeft
.
Admitted
.
Lemma
tryDeq_spec
q
γ
c
γ
p
:
{{{
Queue
q
γ
c
γ
p
∗
Consumer
q
γ
c
}}}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment