From 505205369b7b0beb3bd67b84fcbd576501be454d Mon Sep 17 00:00:00 2001
From: Jacques-Henri Jourdan <jacques-henri.jourdan@normalesup.org>
Date: Thu, 17 Nov 2016 13:20:20 +0100
Subject: [PATCH] Fractional typeclass.

---
 _CoqProject                            |   1 +
 base_logic/lib/cancelable_invariants.v |  17 ++--
 base_logic/lib/fractional.v            | 108 +++++++++++++++++++++++++
 heap_lang/heap.v                       |  55 ++++++-------
 heap_lang/proofmode.v                  |   4 -
 5 files changed, 140 insertions(+), 45 deletions(-)
 create mode 100644 base_logic/lib/fractional.v

diff --git a/_CoqProject b/_CoqProject
index 2def8bf45..eedd56c04 100644
--- a/_CoqProject
+++ b/_CoqProject
@@ -83,6 +83,7 @@ base_logic/lib/boxes.v
 base_logic/lib/thread_local.v
 base_logic/lib/cancelable_invariants.v
 base_logic/lib/counter_examples.v
+base_logic/lib/fractional.v
 program_logic/adequacy.v
 program_logic/lifting.v
 program_logic/weakestpre.v
diff --git a/base_logic/lib/cancelable_invariants.v b/base_logic/lib/cancelable_invariants.v
index e4231ef16..6ab787dd8 100644
--- a/base_logic/lib/cancelable_invariants.v
+++ b/base_logic/lib/cancelable_invariants.v
@@ -1,4 +1,4 @@
-From iris.base_logic.lib Require Export invariants.
+From iris.base_logic.lib Require Export invariants fractional.
 From iris.algebra Require Export frac.
 From iris.proofmode Require Import tactics.
 Import uPred.
@@ -31,12 +31,11 @@ Section proofs.
   Global Instance cinv_persistent N Î³ P : PersistentP (cinv N Î³ P).
   Proof. rewrite /cinv; apply _. Qed.
 
-  Lemma cinv_own_op Î³ q1 q2 :
-    cinv_own Î³ q1 âˆ— cinv_own Î³ q2 âŠ£âŠ¢ cinv_own Î³ (q1 + q2).
-  Proof. by rewrite /cinv_own own_op. Qed.
-
-  Lemma cinv_own_half Î³ q : cinv_own Î³ (q/2) âˆ— cinv_own Î³ (q/2) âŠ£âŠ¢ cinv_own Î³ q.
-  Proof. by rewrite cinv_own_op Qp_div_2. Qed.
+  Global Instance cinv_own_fractionnal Î³ : Fractional (cinv_own Î³).
+  Proof. intros ??. by rewrite -own_op. Qed.
+  Global Instance cinv_own_as_fractionnal Î³ q :
+    AsFractional (cinv_own Î³ q) (cinv_own Î³) q.
+  Proof. done. Qed.
 
   Lemma cinv_own_valid Î³ q1 q2 : cinv_own Î³ q1 âˆ— cinv_own Î³ q2 âŠ¢ âœ“ (q1 + q2)%Qp.
   Proof. rewrite /cinv_own -own_op own_valid. by iIntros "% !%". Qed.
@@ -56,7 +55,7 @@ Section proofs.
   Proof.
     rewrite /cinv. iIntros (?) "#Hinv HÎ³".
     iInv N as "[$|>HÎ³']" "Hclose"; first iApply "Hclose"; eauto.
-    iDestruct (cinv_own_1_l with "[HÎ³ HÎ³']") as %[]. by iFrame.
+    iDestruct (cinv_own_1_l with "[$HÎ³ $HÎ³']") as %[].
   Qed.
 
   Lemma cinv_open E N Î³ p P :
@@ -66,6 +65,6 @@ Section proofs.
     rewrite /cinv. iIntros (?) "#Hinv HÎ³".
     iInv N as "[$|>HÎ³']" "Hclose".
     - iIntros "!> {$HÎ³} HP". iApply "Hclose"; eauto.
-    - iDestruct (cinv_own_1_l with "[HÎ³ HÎ³']") as %[]. by iFrame.
+    - iDestruct (cinv_own_1_l with "[$HÎ³ $HÎ³']") as %[].
   Qed.
 End proofs.
diff --git a/base_logic/lib/fractional.v b/base_logic/lib/fractional.v
new file mode 100644
index 000000000..a2247bf43
--- /dev/null
+++ b/base_logic/lib/fractional.v
@@ -0,0 +1,108 @@
+From iris.base_logic Require Export derived.
+From iris.proofmode Require Import classes class_instances.
+
+Class Fractional {M} (Î¦ : Qp â†’ uPred M) :=
+  fractional p q : Î¦ (p + q)%Qp âŠ£âŠ¢ Î¦ p âˆ— Î¦ q.
+Class AsFractional {M} (P : uPred M) (Î¦ : Qp â†’ uPred M) (q : Qp) :=
+  as_fractional : P âŠ£âŠ¢ Î¦ q.
+
+Arguments fractional {_ _ _} _ _.
+
+Hint Mode AsFractional - + - - : typeclass_instances.
+Hint Mode AsFractional - - + + : typeclass_instances.
+
+Section fractional.
+  Context {M : ucmraT}.
+  Implicit Types P Q : uPred M.
+  Implicit Types Î¦ : Qp â†’ uPred M.
+  Implicit Types p q : Qp.
+
+  Lemma fractional_sep `{Fractional _ Î¦} p q :
+    Î¦ (p + q)%Qp âŠ¢ Î¦ p âˆ— Î¦ q.
+  Proof. by rewrite fractional. Qed.
+  Lemma sep_fractional `{Fractional _ Î¦} p q :
+    Î¦ p âˆ— Î¦ q âŠ¢ Î¦ (p + q)%Qp.
+  Proof. by rewrite fractional. Qed.
+  Lemma fractional_half_equiv `{Fractional _ Î¦} p :
+    Î¦ p âŠ£âŠ¢ Î¦ (p/2)%Qp âˆ— Î¦ (p/2)%Qp.
+  Proof. by rewrite -(fractional (p/2) (p/2)) Qp_div_2. Qed.
+  Lemma fractional_half `{Fractional _ Î¦} p :
+    Î¦ p âŠ¢ Î¦ (p/2)%Qp âˆ— Î¦ (p/2)%Qp.
+  Proof. by rewrite fractional_half_equiv. Qed.
+  Lemma half_fractional `{Fractional _ Î¦} p q :
+    Î¦ (p/2)%Qp âˆ— Î¦ (p/2)%Qp âŠ¢ Î¦ p.
+  Proof. by rewrite -fractional_half_equiv. Qed.
+
+  (** Mult instances *)
+
+  Global Instance mult_fractional_l Î¦ Î¨ p :
+    (âˆ€ q, AsFractional (Î¦ q) Î¨ (q * p)) â†’ Fractional Î¨ â†’ Fractional Î¦.
+  Proof. intros AF F q q'. by rewrite !AF Qp_mult_plus_distr_l F. Qed.
+  Global Instance mult_fractional_r Î¦ Î¨ p :
+    (âˆ€ q, AsFractional (Î¦ q) Î¨ (p * q)) â†’ Fractional Î¨ â†’ Fractional Î¦.
+  Proof. intros AF F q q'. by rewrite !AF Qp_mult_plus_distr_r F. Qed.
+
+  (* REMARK: These two instances do not work in either direction of the
+     search:
+       - In the forward direction, they make the search not terminate
+       - In the backward direction, the higher order unification of Î¦
+         with the goal does not work. *)
+  Instance mult_as_fractional_l P Î¦ p q :
+    AsFractional P Î¦ (q * p) â†’ AsFractional P (Î» q, Î¦ (q * p)%Qp) q.
+  Proof. done. Qed.
+  Instance mult_as_fractional_r P Î¦ p q :
+    AsFractional P Î¦ (p * q) â†’ AsFractional P (Î» q, Î¦ (p * q)%Qp) q.
+  Proof. done. Qed.
+
+  (** Proof mode instances *)
+
+  Global Instance from_sep_fractional_fwd P P1 P2 Î¦ q1 q2 :
+    AsFractional P Î¦ (q1 + q2) â†’ Fractional Î¦ â†’
+    AsFractional P1 Î¦ q1 â†’ AsFractional P2 Î¦ q2 â†’
+    FromSep P P1 P2.
+  Proof. by rewrite /FromSep=> -> -> -> ->. Qed.
+  Global Instance from_sep_fractional_bwd P P1 P2 Î¦ q1 q2 :
+    AsFractional P1 Î¦ q1 â†’ AsFractional P2 Î¦ q2 â†’ Fractional Î¦ â†’
+    AsFractional P Î¦ (q1 + q2) â†’
+    FromSep P P1 P2 | 10.
+  Proof. by rewrite /FromSep=> -> -> <- ->. Qed.
+
+  Global Instance from_sep_fractional_half_fwd P Q Î¦ q :
+    AsFractional P Î¦ q â†’ Fractional Î¦ â†’
+    AsFractional Q Î¦ (q/2) â†’
+    FromSep P Q Q | 10.
+  Proof. by rewrite /FromSep -{1}(Qp_div_2 q)=> -> -> ->. Qed.
+  Global Instance from_sep_fractional_half_bwd P Q Î¦ q :
+    AsFractional P Î¦ (q/2) â†’ Fractional Î¦ â†’
+    AsFractional Q Î¦ q â†’
+    FromSep Q P P.
+  Proof. rewrite /FromSep=> -> <- ->. by rewrite Qp_div_2. Qed.
+
+  Global Instance into_and_fractional P P1 P2 Î¦ q1 q2 :
+    AsFractional P Î¦ (q1 + q2) â†’ Fractional Î¦ â†’
+    AsFractional P1 Î¦ q1 â†’ AsFractional P2 Î¦ q2 â†’
+    IntoAnd false P P1 P2.
+  Proof. by rewrite /AsFractional /IntoAnd=>->->->->. Qed.
+  Global Instance into_and_fractional_half P Q Î¦ q :
+    AsFractional P Î¦ q â†’ Fractional Î¦ â†’
+    AsFractional Q Î¦ (q/2) â†’
+    IntoAnd false P Q Q | 100.
+  Proof. by rewrite /AsFractional /IntoAnd -{1}(Qp_div_2 q)=>->->->. Qed.
+
+  Global Instance frame_fractional_l R Q PP' QP' Î¦ r p p' :
+    AsFractional R Î¦ r â†’ AsFractional PP' Î¦ (p + p') â†’ Fractional Î¦ â†’
+    Frame R (Î¦ p) Q â†’ MakeSep Q (Î¦ p') QP' â†’ Frame R PP' QP'.
+  Proof. rewrite /Frame=>->->-><-<-. by rewrite assoc. Qed.
+  Global Instance frame_fractional_r R Q PP' PQ Î¦ r p p' :
+    AsFractional R Î¦ r â†’ AsFractional PP' Î¦ (p + p') â†’ Fractional Î¦ â†’
+    Frame R (Î¦ p') Q â†’ MakeSep (Î¦ p) Q PQ â†’ Frame R PP' PQ.
+  Proof.
+    rewrite /Frame=>->->-><-<-. rewrite !assoc. f_equiv. by rewrite comm. done.
+  Qed.
+  Global Instance frame_fractional_half P Q R Î¦ p:
+    AsFractional R Î¦ (p/2) â†’ AsFractional P Î¦ p â†’ Fractional Î¦ â†’
+    AsFractional Q Î¦ (p/2)%Qp â†’
+    Frame R P Q.
+  Proof. by rewrite /Frame -{2}(Qp_div_2 p)=>->->->->. Qed.
+
+End fractional.
diff --git a/heap_lang/heap.v b/heap_lang/heap.v
index 45b4c8b58..575c7b25c 100644
--- a/heap_lang/heap.v
+++ b/heap_lang/heap.v
@@ -1,7 +1,7 @@
 From iris.heap_lang Require Export lifting.
 From iris.algebra Require Import auth gmap frac dec_agree.
 From iris.base_logic.lib Require Export invariants.
-From iris.base_logic.lib Require Import wsat auth.
+From iris.base_logic.lib Require Import wsat auth fractional.
 From iris.proofmode Require Import tactics.
 Import uPred.
 (* TODO: The entire construction could be generalized to arbitrary languages that have
@@ -78,46 +78,34 @@ Section heap.
   Proof. rewrite /heap_ctx. apply _. Qed.
   Global Instance heap_mapsto_timeless l q v : TimelessP (l â†¦{q} v).
   Proof. rewrite heap_mapsto_eq /heap_mapsto_def. apply _. Qed.
-
-  Lemma heap_mapsto_op_eq l q1 q2 v : l â†¦{q1} v âˆ— l â†¦{q2} v âŠ£âŠ¢ l â†¦{q1+q2} v.
+  Global Instance heap_mapsto_fractional l v : Fractional (Î» q, l â†¦{q} v)%I.
   Proof.
+    unfold Fractional; intros.
     by rewrite heap_mapsto_eq -auth_own_op op_singleton pair_op dec_agree_idemp.
   Qed.
+  Global Instance heap_mapsto_as_fractional l q v :
+    AsFractional (l â†¦{q} v) (Î» q, l â†¦{q} v)%I q.
+  Proof. done. Qed.
 
-  Lemma heap_mapsto_op l q1 q2 v1 v2 :
-    l â†¦{q1} v1 âˆ— l â†¦{q2} v2 âŠ£âŠ¢ âŒœv1 = v2âŒ âˆ§ l â†¦{q1+q2} v1.
+  Lemma heap_mapsto_agree l q1 q2 v1 v2 :
+    l â†¦{q1} v1 âˆ— l â†¦{q2} v2 âŠ¢ âŒœv1 = v2âŒ.
   Proof.
-    destruct (decide (v1 = v2)) as [->|].
-    { by rewrite heap_mapsto_op_eq pure_True // left_id. }
-    apply (anti_symm (âŠ¢)); last by apply pure_elim_l.
-    rewrite heap_mapsto_eq -auth_own_op auth_own_valid discrete_valid.
-    eapply pure_elim; [done|] =>  /=.
-    rewrite op_singleton pair_op dec_agree_ne // singleton_valid. by intros [].
+    rewrite heap_mapsto_eq -auth_own_op auth_own_valid discrete_valid
+            op_singleton singleton_valid.
+    f_equiv. move=>[_ ] /=.
+    destruct (decide (v1 = v2)) as [->|?]; first done. by rewrite dec_agree_ne.
   Qed.
 
-  Lemma heap_mapsto_op_1 l q1 q2 v1 v2 :
-    l â†¦{q1} v1 âˆ— l â†¦{q2} v2 âŠ¢ âŒœv1 = v2âŒ âˆ§ l â†¦{q1+q2} v1.
-  Proof. by rewrite heap_mapsto_op. Qed.
-
-  Lemma heap_mapsto_op_half l q v1 v2 :
-    l â†¦{q/2} v1 âˆ— l â†¦{q/2} v2 âŠ£âŠ¢ âŒœv1 = v2âŒ âˆ§ l â†¦{q} v1.
-  Proof. by rewrite heap_mapsto_op Qp_div_2. Qed.
-
-  Lemma heap_mapsto_op_half_1 l q v1 v2 :
-    l â†¦{q/2} v1 âˆ— l â†¦{q/2} v2 âŠ¢ âŒœv1 = v2âŒ âˆ§ l â†¦{q} v1.
-  Proof. by rewrite heap_mapsto_op_half. Qed.
-
-  Lemma heap_ex_mapsto_op l q1 q2 : l â†¦{q1} - âˆ— l â†¦{q2} - âŠ£âŠ¢ l â†¦{q1+q2} -.
+  Global Instance heap_ex_mapsto_fractional l : Fractional (Î» q, l â†¦{q} -)%I.
   Proof.
-    iSplit.
+    intros p q. iSplit.
+    - iDestruct 1 as (v) "[H1 H2]". iSplitL "H1"; eauto.
     - iIntros "[H1 H2]". iDestruct "H1" as (v1) "H1". iDestruct "H2" as (v2) "H2".
-      iDestruct (heap_mapsto_op_1 with "[$H1 $H2]") as "[% ?]"; subst; eauto.
-    - iDestruct 1 as (v) "H". rewrite -heap_mapsto_op_eq.
-      iDestruct "H" as "[H1 H2]"; iSplitL "H1"; eauto.
+      iDestruct (heap_mapsto_agree with "[$H1 $H2]") as %->. iExists v2. by iFrame.
   Qed.
-
-  Lemma heap_ex_mapsto_op_half l q : l â†¦{q/2} - âˆ— l â†¦{q/2} - âŠ£âŠ¢ l â†¦{q} -.
-  Proof. by rewrite heap_ex_mapsto_op Qp_div_2. Qed.
+  Global Instance heap_ex_mapsto_as_fractional l q :
+    AsFractional (l â†¦{q} -) (Î» q, l â†¦{q} -)%I q.
+  Proof. done. Qed.
 
   Lemma heap_mapsto_valid l q v : l â†¦{q} v âŠ¢ âœ“ q.
   Proof.
@@ -126,7 +114,10 @@ Section heap.
   Qed.
   Lemma heap_mapsto_valid_2 l q1 q2 v1 v2 :
     l â†¦{q1} v1 âˆ— l â†¦{q2} v2 âŠ¢ âœ“ (q1 + q2)%Qp.
-  Proof. rewrite heap_mapsto_op heap_mapsto_valid. auto with I. Qed.
+  Proof.
+    iIntros "[H1 H2]". iDestruct (heap_mapsto_agree with "[$H1 $H2]") as %->.
+    iApply (heap_mapsto_valid l _ v2). by iFrame.
+  Qed.
 
   (** Weakest precondition *)
   Lemma wp_alloc E e v :
diff --git a/heap_lang/proofmode.v b/heap_lang/proofmode.v
index e0fba481b..06d8aed0e 100644
--- a/heap_lang/proofmode.v
+++ b/heap_lang/proofmode.v
@@ -12,10 +12,6 @@ Implicit Types P Q : iProp Î£.
 Implicit Types Î¦ : val â†’ iProp Î£.
 Implicit Types Î” : envs (iResUR Î£).
 
-Global Instance into_and_mapsto l q v :
-  IntoAnd false (l â†¦{q} v) (l â†¦{q/2} v) (l â†¦{q/2} v).
-Proof. by rewrite /IntoAnd heap_mapsto_op_eq Qp_div_2. Qed.
-
 Lemma tac_wp_alloc Î” Î”' E j e v Î¦ :
   to_val e = Some v â†’
   (Î” âŠ¢ heap_ctx) â†’ nclose heapN âŠ† E â†’
-- 
GitLab