Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
What's new
10
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Open sidebar
Simon Friis Vindum
examples
Commits
ab73c379
Commit
ab73c379
authored
Mar 25, 2020
by
Simon Friis Vindum
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Advance dequeue proof when queue is nonempty
parent
62a67970
Changes
1
Hide whitespace changes
Inline
Sidebyside
Showing
1 changed file
with
49 additions
and
7 deletions
+49
7
theories/logrel/F_mu_ref_conc/examples/queue/refinement.v
theories/logrel/F_mu_ref_conc/examples/queue/refinement.v
+49
7
No files found.
theories/logrel/F_mu_ref_conc/examples/queue/refinement.v
View file @
ab73c379
...
...
@@ 172,7 +172,7 @@ Section Queue_refinement.
rewrite
with_lock_of_val
.
iApply
wp_pure_step_later
;
auto
.
iNext
.
asimpl
.
iApply
(
wp_bind
(
fill
[
LetInCtx
_
])).
iInv
queueN
as
(
ℓ
q
ℓ
'
xs
xs
'
)
"(>> & isMSQ & >> & Hsq & lofal & Hlink & >%)"
"Hclose"
.
iInv
queueN
as
(
ℓ
q
ℓ
'
xs
xs
ₛ
)
"(>> & isMSQ & >> & Hsq & lofal & Hlink & >%)"
"Hclose"
.
iDestruct
"isMSQ"
as
(
ℓ
sentinel
v
ℓ
hdPt
ℓ
hd
q
p
)
"(qPts & [sentinelPts sentinelPts'] & [hdPts hdPts'] & isNodeList)"
.
iApply
(
wp_load
with
"qPts"
).
iNext
.
iIntros
"qPts"
.
...
...
@@ 210,10 +210,10 @@ Section Queue_refinement.
iApply
wp_value
.
simpl
.
iApply
(
wp_load
with
"[$hdPts]"
).
iNext
.
iIntros
"hdPts"
.
simpl
.
destruct
xs
as
[
x
xs'
'
]
;
simpl
.
destruct
xs
as
[
x
xs'
]
;
simpl
.
(* xs is the empty list *)
+
assert
(
xs
'
=
[])
as
>.
{
destruct
xs
'
.
done
.
inversion
H3
.
}
+
assert
(
xs
ₛ
=
[])
as
>.
{
destruct
xs
ₛ
.
done
.
inversion
H3
.
}
simpl
.
(* FIXME: Hnodes should tell us something useful in this case. *)
(* iApply (wp_load with "[$]"). *)
...
...
@@ 228,7 +228,9 @@ Section Queue_refinement.
(* iApply wp_value. *)
admit
.
(* xs is not the empty list *)
+
iDestruct
"Hnodes"
as
(
ℓ
hd'
ℓ
tail'
)
"(hdPts' & tailPts' & Hnodes')"
.
+
destruct
xs
ₛ
as
[
x
ₛ
xs
ₛ
'
].
{
inversion
H3
.
}
iDestruct
"Hnodes"
as
(
ℓ
hd'
ℓ
tail'
)
"(hdPts' & tailPts' & Hnodes')"
.
iApply
(
wp_load
with
"[$hdPts']"
).
iNext
.
iIntros
"hdPts'"
.
simpl
.
iApply
wp_pure_step_later
;
auto
.
iNext
.
...
...
@@ 242,8 +244,48 @@ Section Queue_refinement.
iApply
wp_value
.
simpl
.
iApply
(
wp_load
with
"hdPts"
).
iNext
.
iIntros
"hdPts"
.
simpl
.
(* FIXME: Here we must open the queue invariant again. *)
admit
.
rename
ℓ
q
into
ℓ
q'
.
iInv
queueN
as
(
ℓ
q
ℓ
'
2
xs2
xs'2
)
"(>> & isMSQ & >> & Hsq & lofal & Hlink & >%)"
"Hclose"
.
(* clear. *)
iDestruct
"isMSQ"
as
(
ℓ
sentinel2
v2
ℓ
hdPt2
ℓ
hd2
q2
p2
)
"(qPts & sentinelPts' & hdPts2 & isNodeList)"
.
destruct
(
decide
(
ℓ
sentinel2
=
ℓ
sentinel
))
as
[
Hneq
]
;
subst
.
*
(* The queue still points to the same sentinel that we read earlierthe CAS succeeds *)
iApply
(
wp_cas_suc
with
"qPts"
)
;
auto
.
iNext
.
iIntros
"qPts"
.
(* We have opened the queue invariant twice. Since the queue pointer
still points to the same sentinel a lot of the existential variables
we receieved the first time around are equal to the ones we have now.
Establishing this is critical. *)
iAssert
(
⌜
v
=
v2
⌝
)%
I
as
%<.
{
iDestruct
(
mapsto_agree
with
"sentinelPts sentinelPts'"
)
as
%[=>].
done
.
}
iAssert
(
⌜ℓ
hdPt
=
ℓ
hdPt2
⌝
)%
I
as
%<.
{
iDestruct
(
mapsto_agree
with
"sentinelPts sentinelPts'"
)
as
%[=>].
done
.
}
iAssert
(
⌜ℓ
hd
=
ℓ
hd2
⌝
)%
I
as
%<.
{
iDestruct
(
mapsto_agree
with
"hdPts hdPts2"
)
as
%[=>].
done
.
}
(* xs2 is not necessarily equal to xs, but it still has xs as a
prefix. And since we know that xs is a cons xs2 must also be a cons
with the same element. *)
destruct
xs2
as
[
x2'
xs2'
]
;
simpl
.
{
iDestruct
(
mapsto_agree
with
"isNodeList hdPts'"
)
as
%[=>].
}
iDestruct
"isNodeList"
as
(
ℓ
tail
ℓ
next
)
"[hdPts'' isNodeList']"
.
iAssert
(
⌜
x
=
x2'
⌝
)%
I
as
%<.
{
iDestruct
(
mapsto_agree
with
"hdPts' hdPts''"
)
as
%[=<].
done
.
}
(* We must now reestablish the invariant. *)
iMod
(
"Hclose"
with
"[qPts lofal Hlink Hsq isNodeList']"
)
as
"_"
.
{
iNext
.
rewrite
/
invariant
.
iExists
_
,
_
,
xs'
,
xs
ₛ
'
.
iFrame
.
iSplit
;
auto
.
iSplit
;
auto
.
rewrite
/
isMSQueue
.
iExists
_
,
_
,
_
,
_
,
_
,
_
.
iFrame
.
}
*
iApply
(
wp_load
with
"qPts"
).
iNext
.
iIntros
"qPts"
.
admit
.

(* enqueue *)
iIntros
([
v1
v2
])
"!> #Hrel"
.
clear
j
K
.
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment