Commit d48b2c6a authored by Ralf Jung's avatar Ralf Jung
Browse files

cancellable invariants

parent 82aa84a7
......@@ -202,7 +202,7 @@ We define an RA structure on the rational numbers in $(0, 1]$ as follows:
\fracm \eqdef{}& \fracinj(\mathbb{Q} \cap (0, 1]) \mid \mundef \\
\mvalFull(\melt) \eqdef{}& \melt \neq \mundef \\
\fracinj(x) \mtimes \fracinj(y) \eqdef{}& \fracinj(x + y) \quad \text{if $x + y \leq 1$} \\
\fracinj(q_1) \mtimes \fracinj(q_2) \eqdef{}& \fracinj(q_1 + q_2) \quad \text{if $q_1 + q_2 \leq 1$} \\
\mcore{\fracinj(x)} \eqdef{}& \bot \\
\mcore{\mundef} \eqdef{}& \mundef
\section{Derived Constructions}
\subsection{Cancellable Invariants}
Iris invariants as described in \Sref{sec:invariants} are persistent---once established, they hold forever.
However, based on them, it is possible to \emph{encode} a form of invariants that can be ``cancelled'' again.
First, we need some ghost state:
\textmon{CInvTok} \eqdef{}& \fracm
Now we define:
\CInvTok{\gname}{q} \eqdef{}& \ownGhost\gname{q} \\
\CInv{\gname}{\namesp}{\prop} \eqdef{}& \knowInv\namesp{\prop \lor \ownGhost\gname{1}}
It is then straight-forward to prove:
{\later\prop \vs[\bot] \Exists \gname. \CInvTok\gname{1} * \always\CInv\gname\namesp\prop}
{\CInv\gname\namesp\prop \proves \Acc[\namesp][\emptyset]{\CInvTok\gname{q}}{\later\prop}}
{\CInv\gname\namesp\prop \proves \CInvTok\gname{1} \vs[\namesp] \later\prop}
Cancellable invariants are useful, for example, when reasoning about data structures that will be deallocated: Every reference to the data structure comes with a fraction of the token, and when all fractions have been gathered, \ruleref{CInv-cancel} is used to cancel the invariant, after which the data structure can be deallocated.
\subsection{Non-atomic (``Thread-Local'') Invariants}
Sometimes it is necessary to maintain invariants that we need to open non-atomically.
......@@ -40,16 +70,16 @@ To simplify this construction,we piggy-back into ``normal'' invariants.
We easily obtain:
{\TRUE \vs[\bot] \Exists\pid. \NaTok\pid}
{\NaTokE\pid{\mask_1 \uplus \mask_2} \Lra \NaTokE\pid{\mask_1} * \NaTokE\pid{\mask_2}}
{\later\prop \vs[\namesp] \always\NaInv\pid\namesp\prop}
{\NaInv\pid\namesp\prop \proves \Acc[\namesp]{\NaTokE\pid\namesp}{\later\prop}}
from which we can derive
......@@ -409,6 +409,7 @@
% Fraction
% Exclusive
......@@ -452,6 +453,10 @@
%% Stored Propositions
\newcommand{\mapstoprop}{\mathrel{\kern-0.5ex\tikz[baseline=(m)]{\node at (0,0) (m){}; \draw[line cap=round] (0,0.16) -- (0,-0.004);}\kern-1.5ex\Ra}}
%% Cancellable invariants
%% Non-atomic invariants
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment