gmap.v 20.5 KB
Newer Older
1
From iris.algebra Require Export cmra.
2
From iris.prelude Require Export gmap.
3
From iris.algebra Require Import upred updates local_updates.
4

5 6
Section cofe.
Context `{Countable K} {A : cofeT}.
7
Implicit Types m : gmap K A.
8

9
Instance gmap_dist : Dist (gmap K A) := λ n m1 m2,
10
   i, m1 !! i {n} m2 !! i.
11
Program Definition gmap_chain (c : chain (gmap K A))
12
  (k : K) : chain (option A) := {| chain_car n := c n !! k |}.
13
Next Obligation. by intros c k n i ?; apply (chain_cauchy c). Qed.
14 15 16
Instance gmap_compl : Compl (gmap K A) := λ c,
  map_imap (λ i _, compl (gmap_chain c i)) (c 0).
Definition gmap_cofe_mixin : CofeMixin (gmap K A).
17 18
Proof.
  split.
19
  - intros m1 m2; split.
20 21
    + by intros Hm n k; apply equiv_dist.
    + intros Hm k; apply equiv_dist; intros n; apply Hm.
22
  - intros n; split.
23 24
    + by intros m k.
    + by intros m1 m2 ? k.
25
    + by intros m1 m2 m3 ?? k; trans (m2 !! k).
26
  - by intros n m1 m2 ? k; apply dist_S.
27
  - intros n c k; rewrite /compl /gmap_compl lookup_imap.
28
    feed inversion (λ H, chain_cauchy c 0 n H k); simpl; auto with lia.
29
    by rewrite conv_compl /=; apply reflexive_eq.
30
Qed.
31
Canonical Structure gmapC : cofeT := CofeT (gmap K A) gmap_cofe_mixin.
32
Global Instance gmap_discrete : Discrete A  Discrete gmapC.
33
Proof. intros ? m m' ? i. by apply (timeless _). Qed.
34
(* why doesn't this go automatic? *)
35
Global Instance gmapC_leibniz: LeibnizEquiv A  LeibnizEquiv gmapC.
36 37
Proof. intros; change (LeibnizEquiv (gmap K A)); apply _. Qed.

38
Global Instance lookup_ne n k :
39
  Proper (dist n ==> dist n) (lookup k : gmap K A  option A).
40
Proof. by intros m1 m2. Qed.
Robbert Krebbers's avatar
Robbert Krebbers committed
41 42
Global Instance lookup_proper k :
  Proper (() ==> ()) (lookup k : gmap K A  option A) := _.
43 44 45 46
Global Instance alter_ne f k n :
  Proper (dist n ==> dist n) f  Proper (dist n ==> dist n) (alter f k).
Proof.
  intros ? m m' Hm k'.
47
  by destruct (decide (k = k')); simplify_map_eq; rewrite (Hm k').
48
Qed.
49
Global Instance insert_ne i n :
50
  Proper (dist n ==> dist n ==> dist n) (insert (M:=gmap K A) i).
51
Proof.
52
  intros x y ? m m' ? j; destruct (decide (i = j)); simplify_map_eq;
53 54
    [by constructor|by apply lookup_ne].
Qed.
55
Global Instance singleton_ne i n :
56 57
  Proper (dist n ==> dist n) (singletonM i : A  gmap K A).
Proof. by intros ???; apply insert_ne. Qed.
58
Global Instance delete_ne i n :
59
  Proper (dist n ==> dist n) (delete (M:=gmap K A) i).
60
Proof.
61
  intros m m' ? j; destruct (decide (i = j)); simplify_map_eq;
62 63
    [by constructor|by apply lookup_ne].
Qed.
64

65
Global Instance gmap_empty_timeless : Timeless ( : gmap K A).
66 67 68 69
Proof.
  intros m Hm i; specialize (Hm i); rewrite lookup_empty in Hm |- *.
  inversion_clear Hm; constructor.
Qed.
70
Global Instance gmap_lookup_timeless m i : Timeless m  Timeless (m !! i).
71
Proof.
72
  intros ? [x|] Hx; [|by symmetry; apply: timeless].
73
  assert (m {0} <[i:=x]> m)
Robbert Krebbers's avatar
Robbert Krebbers committed
74 75
    by (by symmetry in Hx; inversion Hx; cofe_subst; rewrite insert_id).
  by rewrite (timeless m (<[i:=x]>m)) // lookup_insert.
76
Qed.
77
Global Instance gmap_insert_timeless m i x :
78 79
  Timeless x  Timeless m  Timeless (<[i:=x]>m).
Proof.
80
  intros ?? m' Hm j; destruct (decide (i = j)); simplify_map_eq.
81 82
  { by apply: timeless; rewrite -Hm lookup_insert. }
  by apply: timeless; rewrite -Hm lookup_insert_ne.
83
Qed.
84
Global Instance gmap_singleton_timeless i x :
85
  Timeless x  Timeless ({[ i := x ]} : gmap K A) := _.
86
End cofe.
87

88
Arguments gmapC _ {_ _} _.
89 90

(* CMRA *)
91 92
Section cmra.
Context `{Countable K} {A : cmraT}.
93
Implicit Types m : gmap K A.
94

95
Instance gmap_op : Op (gmap K A) := merge op.
Robbert Krebbers's avatar
Robbert Krebbers committed
96
Instance gmap_pcore : PCore (gmap K A) := λ m, Some (omap pcore m).
97 98
Instance gmap_valid : Valid (gmap K A) := λ m,  i,  (m !! i).
Instance gmap_validN : ValidN (gmap K A) := λ n m,  i, {n} (m !! i).
99

100
Lemma lookup_op m1 m2 i : (m1  m2) !! i = m1 !! i  m2 !! i.
101
Proof. by apply lookup_merge. Qed.
Ralf Jung's avatar
Ralf Jung committed
102
Lemma lookup_core m i : core m !! i = core (m !! i).
Robbert Krebbers's avatar
Robbert Krebbers committed
103
Proof. by apply lookup_omap. Qed.
104

105
Lemma lookup_included (m1 m2 : gmap K A) : m1  m2   i, m1 !! i  m2 !! i.
106
Proof.
Robbert Krebbers's avatar
Robbert Krebbers committed
107 108 109 110 111
  split; [by intros [m Hm] i; exists (m !! i); rewrite -lookup_op Hm|].
  revert m2. induction m1 as [|i x m Hi IH] using map_ind=> m2 Hm.
  { exists m2. by rewrite left_id. }
  destruct (IH (delete i m2)) as [m2' Hm2'].
  { intros j. move: (Hm j); destruct (decide (i = j)) as [->|].
112
    - intros _. rewrite Hi. apply: ucmra_unit_least.
Robbert Krebbers's avatar
Robbert Krebbers committed
113 114 115 116 117 118
    - rewrite lookup_insert_ne // lookup_delete_ne //. }
  destruct (Hm i) as [my Hi']; simplify_map_eq.
  exists (partial_alter (λ _, my) i m2')=>j; destruct (decide (i = j)) as [->|].
  - by rewrite Hi' lookup_op lookup_insert lookup_partial_alter.
  - move: (Hm2' j). by rewrite !lookup_op lookup_delete_ne //
      lookup_insert_ne // lookup_partial_alter_ne.
119
Qed.
120

121
Lemma gmap_cmra_mixin : CMRAMixin (gmap K A).
122
Proof.
Robbert Krebbers's avatar
Robbert Krebbers committed
123 124 125 126 127
  apply cmra_total_mixin.
  - eauto.
  - intros n m1 m2 m3 Hm i; by rewrite !lookup_op (Hm i).
  - intros n m1 m2 Hm i; by rewrite !lookup_core (Hm i).
  - intros n m1 m2 Hm ? i; by rewrite -(Hm i).
128 129 130
  - intros m; split.
    + by intros ? n i; apply cmra_valid_validN.
    + intros Hm i; apply cmra_valid_validN=> n; apply Hm.
131 132 133
  - intros n m Hm i; apply cmra_validN_S, Hm.
  - by intros m1 m2 m3 i; rewrite !lookup_op assoc.
  - by intros m1 m2 i; rewrite !lookup_op comm.
Robbert Krebbers's avatar
Robbert Krebbers committed
134 135 136
  - intros m i. by rewrite lookup_op lookup_core cmra_core_l.
  - intros m i. by rewrite !lookup_core cmra_core_idemp.
  - intros m1 m2; rewrite !lookup_included=> Hm i.
137
    rewrite !lookup_core. by apply cmra_core_mono.
138
  - intros n m1 m2 Hm i; apply cmra_validN_op_l with (m2 !! i).
Robbert Krebbers's avatar
Robbert Krebbers committed
139
    by rewrite -lookup_op.
140
  - intros n m. induction m as [|i x m Hi IH] using map_ind=> m1 m2 Hmv Hm.
141 142
    { exists . exists . (* FIXME: exists ∅, ∅. results in a TC loop in Coq 8.6 *)
      split_and!=> -i; symmetry; symmetry in Hm; move: Hm=> /(_ i);
143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164
        rewrite !lookup_op !lookup_empty ?dist_None op_None; intuition. }
    destruct (IH (delete i m1) (delete i m2)) as (m1'&m2'&Hm'&Hm1'&Hm2').
    { intros j; move: Hmv=> /(_ j). destruct (decide (i = j)) as [->|].
      + intros _. by rewrite Hi.
      + by rewrite lookup_insert_ne. }
    { intros j; move: Hm=> /(_ j); destruct (decide (i = j)) as [->|].
      + intros _. by rewrite lookup_op !lookup_delete Hi.
      + by rewrite !lookup_op lookup_insert_ne // !lookup_delete_ne. }
    destruct (cmra_extend n (Some x) (m1 !! i) (m2 !! i)) as (y1&y2&?&?&?).
    { move: Hmv=> /(_ i). by rewrite lookup_insert. } 
    { move: Hm=> /(_ i). by rewrite lookup_insert lookup_op. }
    exists (partial_alter (λ _, y1) i m1'), (partial_alter (λ _, y2) i m2').
    split_and!.
    + intros j. destruct (decide (i = j)) as [->|].
      * by rewrite lookup_insert lookup_op !lookup_partial_alter.
      * by rewrite lookup_insert_ne // Hm' !lookup_op !lookup_partial_alter_ne.
    + intros j. destruct (decide (i = j)) as [->|].
      * by rewrite lookup_partial_alter.
      * by rewrite lookup_partial_alter_ne // Hm1' lookup_delete_ne.
    + intros j. destruct (decide (i = j)) as [->|].
      * by rewrite lookup_partial_alter.
      * by rewrite lookup_partial_alter_ne // Hm2' lookup_delete_ne.
165
Qed.
166
Canonical Structure gmapR :=
167
  CMRAT (gmap K A) gmap_cofe_mixin gmap_cmra_mixin.
168 169 170 171 172

Global Instance gmap_cmra_discrete : CMRADiscrete A  CMRADiscrete gmapR.
Proof. split; [apply _|]. intros m ? i. by apply: cmra_discrete_valid. Qed.

Lemma gmap_ucmra_mixin : UCMRAMixin (gmap K A).
173 174
Proof.
  split.
175
  - by intros i; rewrite lookup_empty.
176
  - by intros m i; rewrite /= lookup_op lookup_empty (left_id_L None _).
Robbert Krebbers's avatar
Robbert Krebbers committed
177
  - constructor=> i. by rewrite lookup_omap lookup_empty.
178
Qed.
179 180
Canonical Structure gmapUR :=
  UCMRAT (gmap K A) gmap_cofe_mixin gmap_cmra_mixin gmap_ucmra_mixin.
181 182

(** Internalized properties *)
183
Lemma gmap_equivI {M} m1 m2 : m1  m2  ( i, m1 !! i  m2 !! i : uPred M).
184
Proof. by uPred.unseal. Qed.
185
Lemma gmap_validI {M} m :  m  ( i,  (m !! i) : uPred M).
186
Proof. by uPred.unseal. Qed.
187
End cmra.
188

189
Arguments gmapR _ {_ _} _.
190
Arguments gmapUR _ {_ _} _.
191 192

Section properties.
193
Context `{Countable K} {A : cmraT}.
Robbert Krebbers's avatar
Robbert Krebbers committed
194
Implicit Types m : gmap K A.
195
Implicit Types i : K.
196 197
Implicit Types x y : A.

198 199 200 201
Global Instance lookup_cmra_homomorphism :
  UCMRAHomomorphism (lookup i : gmap K A  option A).
Proof. split. split. apply _. intros m1 m2; by rewrite lookup_op. done. Qed.

202
Lemma lookup_opM m1 mm2 i : (m1 ? mm2) !! i = m1 !! i  (mm2 = (!! i)).
203
Proof. destruct mm2; by rewrite /= ?lookup_op ?right_id_L. Qed.
204

205
Lemma lookup_validN_Some n m i x : {n} m  m !! i {n} Some x  {n} x.
Robbert Krebbers's avatar
Robbert Krebbers committed
206
Proof. by move=> /(_ i) Hm Hi; move:Hm; rewrite Hi. Qed.
207
Lemma lookup_valid_Some m i x :  m  m !! i  Some x   x.
208
Proof. move=> Hm Hi. move:(Hm i). by rewrite Hi. Qed.
209

210
Lemma insert_validN n m i x : {n} x  {n} m  {n} <[i:=x]>m.
211
Proof. by intros ?? j; destruct (decide (i = j)); simplify_map_eq. Qed.
212
Lemma insert_valid m i x :  x   m   <[i:=x]>m.
213
Proof. by intros ?? j; destruct (decide (i = j)); simplify_map_eq. Qed.
214
Lemma singleton_validN n i x : {n} ({[ i := x ]} : gmap K A)  {n} x.
215
Proof.
216
  split; [|by intros; apply insert_validN, ucmra_unit_validN].
217
  by move=>/(_ i); simplify_map_eq.
218
Qed.
219 220
Lemma singleton_valid i x :  ({[ i := x ]} : gmap K A)   x.
Proof. rewrite !cmra_valid_validN. by setoid_rewrite singleton_validN. Qed.
221

222 223 224 225 226
Lemma delete_validN n m i : {n} m  {n} (delete i m).
Proof. intros Hm j; destruct (decide (i = j)); by simplify_map_eq. Qed.
Lemma delete_valid m i :  m   (delete i m).
Proof. intros Hm j; destruct (decide (i = j)); by simplify_map_eq. Qed.

227
Lemma insert_singleton_op m i x : m !! i = None  <[i:=x]> m = {[ i := x ]}  m.
228
Proof.
229 230 231
  intros Hi; apply map_eq=> j; destruct (decide (i = j)) as [->|].
  - by rewrite lookup_op lookup_insert lookup_singleton Hi right_id_L.
  - by rewrite lookup_op lookup_insert_ne // lookup_singleton_ne // left_id_L.
232 233
Qed.

Robbert Krebbers's avatar
Robbert Krebbers committed
234 235 236 237 238 239 240 241
Lemma core_singleton (i : K) (x : A) cx :
  pcore x = Some cx  core ({[ i := x ]} : gmap K A) = {[ i := cx ]}.
Proof. apply omap_singleton. Qed.
Lemma core_singleton' (i : K) (x : A) cx :
  pcore x  Some cx  core ({[ i := x ]} : gmap K A)  {[ i := cx ]}.
Proof.
  intros (cx'&?&->)%equiv_Some_inv_r'. by rewrite (core_singleton _ _ cx').
Qed.
242
Lemma op_singleton (i : K) (x y : A) :
243
  {[ i := x ]}  {[ i := y ]} = ({[ i := x  y ]} : gmap K A).
244
Proof. by apply (merge_singleton _ _ _ x y). Qed.
245 246 247
Global Instance singleton_cmra_homomorphism :
  CMRAHomomorphism (singletonM i : A  gmap K A).
Proof. split. apply _. intros. by rewrite op_singleton. Qed.
248

249
Global Instance gmap_persistent m : ( x : A, Persistent x)  Persistent m.
Robbert Krebbers's avatar
Robbert Krebbers committed
250 251 252 253
Proof.
  intros; apply persistent_total=> i.
  rewrite lookup_core. apply (persistent_core _).
Qed.
254
Global Instance gmap_singleton_persistent i (x : A) :
255
  Persistent x  Persistent {[ i := x ]}.
Robbert Krebbers's avatar
Robbert Krebbers committed
256
Proof. intros. by apply persistent_total, core_singleton'. Qed.
257

Robbert Krebbers's avatar
Robbert Krebbers committed
258
Lemma singleton_includedN n m i x :
259
  {[ i := x ]} {n} m   y, m !! i {n} Some y  Some x {n} Some y.
Robbert Krebbers's avatar
Robbert Krebbers committed
260 261
Proof.
  split.
262 263 264 265 266 267 268
  - move=> [m' /(_ i)]; rewrite lookup_op lookup_singleton=> Hi.
    exists (x ? m' !! i). rewrite -Some_op_opM.
    split. done. apply cmra_includedN_l.
  - intros (y&Hi&[mz Hy]). exists (partial_alter (λ _, mz) i m).
    intros j; destruct (decide (i = j)) as [->|].
    + by rewrite lookup_op lookup_singleton lookup_partial_alter Hi.
    + by rewrite lookup_op lookup_singleton_ne// lookup_partial_alter_ne// left_id.
269 270 271
Qed.
(* We do not have [x ≼ y ↔ ∀ n, x ≼{n} y], so we cannot use the previous lemma *)
Lemma singleton_included m i x :
272
  {[ i := x ]}  m   y, m !! i  Some y  Some x  Some y.
273 274 275
Proof.
  split.
  - move=> [m' /(_ i)]; rewrite lookup_op lookup_singleton.
276 277 278 279 280 281
    exists (x ? m' !! i). rewrite -Some_op_opM.
    split. done. apply cmra_included_l.
  - intros (y&Hi&[mz Hy]). exists (partial_alter (λ _, mz) i m).
    intros j; destruct (decide (i = j)) as [->|].
    + by rewrite lookup_op lookup_singleton lookup_partial_alter Hi.
    + by rewrite lookup_op lookup_singleton_ne// lookup_partial_alter_ne// left_id.
Robbert Krebbers's avatar
Robbert Krebbers committed
282 283
Qed.

284
Lemma insert_updateP (P : A  Prop) (Q : gmap K A  Prop) m i x :
285
  x ~~>: P  ( y, P y  Q (<[i:=y]>m))  <[i:=x]>m ~~>: Q.
286
Proof.
Robbert Krebbers's avatar
Robbert Krebbers committed
287 288
  intros Hx%option_updateP' HP; apply cmra_total_updateP=> n mf Hm.
  destruct (Hx n (Some (mf !! i))) as ([y|]&?&?); try done.
289
  { by generalize (Hm i); rewrite lookup_op; simplify_map_eq. }
290 291
  exists (<[i:=y]> m); split; first by auto.
  intros j; move: (Hm j)=>{Hm}; rewrite !lookup_op=>Hm.
292
  destruct (decide (i = j)); simplify_map_eq/=; auto.
293
Qed.
294
Lemma insert_updateP' (P : A  Prop) m i x :
295
  x ~~>: P  <[i:=x]>m ~~>: λ m',  y, m' = <[i:=y]>m  P y.
296 297 298
Proof. eauto using insert_updateP. Qed.
Lemma insert_update m i x y : x ~~> y  <[i:=x]>m ~~> <[i:=y]>m.
Proof. rewrite !cmra_update_updateP; eauto using insert_updateP with subst. Qed.
299

300
Lemma singleton_updateP (P : A  Prop) (Q : gmap K A  Prop) i x :
301
  x ~~>: P  ( y, P y  Q {[ i := y ]})  {[ i := x ]} ~~>: Q.
302 303
Proof. apply insert_updateP. Qed.
Lemma singleton_updateP' (P : A  Prop) i x :
304
  x ~~>: P  {[ i := x ]} ~~>: λ m,  y, m = {[ i := y ]}  P y.
305 306 307
Proof. apply insert_updateP'. Qed.
Lemma singleton_update i (x y : A) : x ~~> y  {[ i := x ]} ~~> {[ i := y ]}.
Proof. apply insert_update. Qed.
308

309
Lemma delete_update m i : m ~~> delete i m.
310
Proof.
311 312 313 314
  apply cmra_total_update=> n mf Hm j; destruct (decide (i = j)); subst.
  - move: (Hm j). rewrite !lookup_op lookup_delete left_id.
    apply cmra_validN_op_r.
  - move: (Hm j). by rewrite !lookup_op lookup_delete_ne.
315
Qed.
316

317 318 319 320 321 322 323 324 325 326 327
Lemma dom_op m1 m2 : dom (gset K) (m1  m2) = dom _ m1  dom _ m2.
Proof.
  apply elem_of_equiv_L=> i; rewrite elem_of_union !elem_of_dom.
  unfold is_Some; setoid_rewrite lookup_op.
  destruct (m1 !! i), (m2 !! i); naive_solver.
Qed.
Lemma dom_included m1 m2 : m1  m2  dom (gset K) m1  dom _ m2.
Proof.
  rewrite lookup_included=>? i; rewrite !elem_of_dom. by apply is_Some_included.
Qed.

328 329 330 331 332 333 334 335 336 337 338
Section freshness.
  Context `{Fresh K (gset K), !FreshSpec K (gset K)}.
  Lemma alloc_updateP_strong (Q : gmap K A  Prop) (I : gset K) m x :
     x  ( i, m !! i = None  i  I  Q (<[i:=x]>m))  m ~~>: Q.
  Proof.
    intros ? HQ. apply cmra_total_updateP.
    intros n mf Hm. set (i := fresh (I  dom (gset K) (m  mf))).
    assert (i  I  i  dom (gset K) m  i  dom (gset K) mf) as [?[??]].
    { rewrite -not_elem_of_union -dom_op -not_elem_of_union; apply is_fresh. }
    exists (<[i:=x]>m); split.
    { by apply HQ; last done; apply not_elem_of_dom. }
339 340
    rewrite insert_singleton_op; last by apply not_elem_of_dom.
    rewrite -assoc -insert_singleton_op;
341 342 343 344 345 346 347 348 349 350 351 352 353
      last by apply not_elem_of_dom; rewrite dom_op not_elem_of_union.
    by apply insert_validN; [apply cmra_valid_validN|].
  Qed.
  Lemma alloc_updateP (Q : gmap K A  Prop) m x :
     x  ( i, m !! i = None  Q (<[i:=x]>m))  m ~~>: Q.
  Proof. move=>??. eapply alloc_updateP_strong with (I:=); by eauto. Qed.
  Lemma alloc_updateP_strong' m x (I : gset K) :
     x  m ~~>: λ m',  i, i  I  m' = <[i:=x]>m  m !! i = None.
  Proof. eauto using alloc_updateP_strong. Qed.
  Lemma alloc_updateP' m x :
     x  m ~~>: λ m',  i, m' = <[i:=x]>m  m !! i = None.
  Proof. eauto using alloc_updateP. Qed.

354
  Lemma alloc_unit_singleton_updateP (P : A  Prop) (Q : gmap K A  Prop) u i :
355 356 357 358 359 360 361 362 363 364 365 366 367 368
     u  LeftId () u () 
    u ~~>: P  ( y, P y  Q {[ i := y ]})   ~~>: Q.
  Proof.
    intros ?? Hx HQ. apply cmra_total_updateP=> n gf Hg.
    destruct (Hx n (gf !! i)) as (y&?&Hy).
    { move:(Hg i). rewrite !left_id.
      case: (gf !! i)=>[x|]; rewrite /= ?left_id //.
      intros; by apply cmra_valid_validN. }
    exists {[ i := y ]}; split; first by auto.
    intros i'; destruct (decide (i' = i)) as [->|].
    - rewrite lookup_op lookup_singleton.
      move:Hy; case: (gf !! i)=>[x|]; rewrite /= ?right_id //.
    - move:(Hg i'). by rewrite !lookup_op lookup_singleton_ne // !left_id.
  Qed.
369
  Lemma alloc_unit_singleton_updateP' (P: A  Prop) u i :
370 371
     u  LeftId () u () 
    u ~~>: P   ~~>: λ m,  y, m = {[ i := y ]}  P y.
372
  Proof. eauto using alloc_unit_singleton_updateP. Qed.
373 374
  Lemma alloc_unit_singleton_update (u : A) i (y : A) :
     u  LeftId () u ()  u ~~> y  (:gmap K A) ~~> {[ i := y ]}.
375
  Proof.
376 377
    rewrite !cmra_update_updateP;
      eauto using alloc_unit_singleton_updateP with subst.
378 379 380 381
  Qed.
End freshness.

Lemma insert_local_update m i x y mf :
382
  x ~l~> y @ mf = (!! i)  <[i:=x]>m ~l~> <[i:=y]>m @ mf.
383
Proof.
384 385 386 387 388 389 390 391
  intros [Hxy Hxy']; split.
  - intros n Hm j. move: (Hm j). destruct (decide (i = j)); subst.
    + rewrite !lookup_opM !lookup_insert !Some_op_opM. apply Hxy.
    + by rewrite !lookup_opM !lookup_insert_ne.
  - intros n mf' Hm Hm' j. move: (Hm j) (Hm' j).
    destruct (decide (i = j)); subst.
    + rewrite !lookup_opM !lookup_insert !Some_op_opM !inj_iff. apply Hxy'.
    + by rewrite !lookup_opM !lookup_insert_ne.
392
Qed.
393

394
Lemma singleton_local_update i x y mf :
395
  x ~l~> y @ mf = (!! i)  {[ i := x ]} ~l~> {[ i := y ]} @ mf.
396
Proof. apply insert_local_update. Qed.
397

398 399 400 401 402 403 404 405 406 407 408 409
Lemma alloc_singleton_local_update m i x mf :
  (m ? mf) !! i = None   x  m ~l~> <[i:=x]> m @ mf.
Proof.
  rewrite lookup_opM op_None=> -[Hi Hif] ?.
  rewrite insert_singleton_op // comm. apply alloc_local_update.
  intros n Hm j. move: (Hm j). destruct (decide (i = j)); subst.
  - intros _; rewrite !lookup_opM lookup_op !lookup_singleton Hif Hi.
    by apply cmra_valid_validN.
  - by rewrite !lookup_opM lookup_op !lookup_singleton_ne // right_id.
Qed.

Lemma alloc_unit_singleton_local_update i x mf :
410
  mf = (!! i) = None   x  (:gmap K A) ~l~> {[ i := x ]} @ mf.
411
Proof.
412
  intros Hi; apply alloc_singleton_local_update. by rewrite lookup_opM Hi.
413
Qed.
414

415 416
Lemma delete_local_update m i x `{!Exclusive x} mf :
  m !! i = Some x  m ~l~> delete i m @ mf.
417
Proof.
418 419 420 421 422 423 424
  intros Hx; split; [intros n; apply delete_update|].
  intros n mf' Hm Hm' j. move: (Hm j) (Hm' j).
  destruct (decide (i = j)); subst.
  + rewrite !lookup_opM !lookup_delete Hx=> ? Hj.
    rewrite (exclusiveN_Some_l n x (mf = lookup j)) //.
    by rewrite (exclusiveN_Some_l n x (mf' = lookup j)) -?Hj.
  + by rewrite !lookup_opM !lookup_delete_ne.
425
Qed.
426 427
End properties.

428
(** Functor *)
429
Instance gmap_fmap_ne `{Countable K} {A B : cofeT} (f : A  B) n :
430 431
  Proper (dist n ==> dist n) f  Proper (dist n ==>dist n) (fmap (M:=gmap K) f).
Proof. by intros ? m m' Hm k; rewrite !lookup_fmap; apply option_fmap_ne. Qed.
432
Instance gmap_fmap_cmra_monotone `{Countable K} {A B : cmraT} (f : A  B)
433 434
  `{!CMRAMonotone f} : CMRAMonotone (fmap f : gmap K A  gmap K B).
Proof.
Robbert Krebbers's avatar
Robbert Krebbers committed
435
  split; try apply _.
436
  - by intros n m ? i; rewrite lookup_fmap; apply (cmra_monotone_validN _).
437
  - intros m1 m2; rewrite !lookup_included=> Hm i.
438
    by rewrite !lookup_fmap; apply: cmra_monotone.
439
Qed.
440 441 442 443
Definition gmapC_map `{Countable K} {A B} (f: A -n> B) :
  gmapC K A -n> gmapC K B := CofeMor (fmap f : gmapC K A  gmapC K B).
Instance gmapC_map_ne `{Countable K} {A B} n :
  Proper (dist n ==> dist n) (@gmapC_map K _ _ A B).
444 445 446 447
Proof.
  intros f g Hf m k; rewrite /= !lookup_fmap.
  destruct (_ !! k) eqn:?; simpl; constructor; apply Hf.
Qed.
Ralf Jung's avatar
Ralf Jung committed
448

449 450 451
Program Definition gmapCF K `{Countable K} (F : cFunctor) : cFunctor := {|
  cFunctor_car A B := gmapC K (cFunctor_car F A B);
  cFunctor_map A1 A2 B1 B2 fg := gmapC_map (cFunctor_map F fg)
Ralf Jung's avatar
Ralf Jung committed
452
|}.
453
Next Obligation.
454
  by intros K ?? F A1 A2 B1 B2 n f g Hfg; apply gmapC_map_ne, cFunctor_ne.
455
Qed.
Ralf Jung's avatar
Ralf Jung committed
456
Next Obligation.
457 458
  intros K ?? F A B x. rewrite /= -{2}(map_fmap_id x).
  apply map_fmap_setoid_ext=>y ??; apply cFunctor_id.
Ralf Jung's avatar
Ralf Jung committed
459 460
Qed.
Next Obligation.
461 462 463
  intros K ?? F A1 A2 A3 B1 B2 B3 f g f' g' x. rewrite /= -map_fmap_compose.
  apply map_fmap_setoid_ext=>y ??; apply cFunctor_compose.
Qed.
464 465
Instance gmapCF_contractive K `{Countable K} F :
  cFunctorContractive F  cFunctorContractive (gmapCF K F).
466
Proof.
467
  by intros ? A1 A2 B1 B2 n f g Hfg; apply gmapC_map_ne, cFunctor_contractive.
468 469
Qed.

470 471 472
Program Definition gmapURF K `{Countable K} (F : rFunctor) : urFunctor := {|
  urFunctor_car A B := gmapUR K (rFunctor_car F A B);
  urFunctor_map A1 A2 B1 B2 fg := gmapC_map (rFunctor_map F fg)
473
|}.
474
Next Obligation.
475
  by intros K ?? F A1 A2 B1 B2 n f g Hfg; apply gmapC_map_ne, rFunctor_ne.
476
Qed.
477 478 479 480 481 482 483
Next Obligation.
  intros K ?? F A B x. rewrite /= -{2}(map_fmap_id x).
  apply map_fmap_setoid_ext=>y ??; apply rFunctor_id.
Qed.
Next Obligation.
  intros K ?? F A1 A2 A3 B1 B2 B3 f g f' g' x. rewrite /= -map_fmap_compose.
  apply map_fmap_setoid_ext=>y ??; apply rFunctor_compose.
Ralf Jung's avatar
Ralf Jung committed
484
Qed.
485
Instance gmapRF_contractive K `{Countable K} F :
486
  rFunctorContractive F  urFunctorContractive (gmapURF K F).
487
Proof.
488
  by intros ? A1 A2 B1 B2 n f g Hfg; apply gmapC_map_ne, rFunctor_contractive.
489
Qed.