diff --git a/_CoqProject b/_CoqProject
index a65f4b69b5474ce8ea8abe10f29b8900dcf6ab74..d145890abf658d8a48f826ba0921d19f3c2c0460 100644
--- a/_CoqProject
+++ b/_CoqProject
@@ -1,7 +1,8 @@
-Q theories actris
-arg -w -arg -notation-overridden,-redundant-canonical-projection,-several-object-files
theories/utils/auth_excl.v
-theories/utils/list.v
+theories/utils/flist.v
+theories/utils/llist.v
theories/utils/compare.v
theories/utils/contribution.v
theories/channel/channel.v
diff --git a/theories/channel/channel.v b/theories/channel/channel.v
index 28ed36277807d2aef3e9d7fd15d7bd72c51251a5..3bbacfbc1f93ab1d861ece33986a063dc2b0f44b 100644
--- a/theories/channel/channel.v
+++ b/theories/channel/channel.v
@@ -1,7 +1,7 @@
From iris.heap_lang Require Import proofmode notation.
From iris.heap_lang.lib Require Import spin_lock.
From iris.algebra Require Import excl auth list.
-From actris.utils Require Import auth_excl list.
+From actris.utils Require Import auth_excl llist.
Set Default Proof Using "Type".
Inductive side := Left | Right.
@@ -11,8 +11,8 @@ Definition side_elim {A} (s : side) (l r : A) : A :=
Definition new_chan : val :=
λ: <>,
- let: "l" := ref (lnil #()) in
- let: "r" := ref (lnil #()) in
+ let: "l" := lnil #() in
+ let: "r" := lnil #() in
let: "lk" := newlock #() in
((("l","r"),"lk"), (("r","l"),"lk")).
@@ -21,7 +21,7 @@ Definition send : val :=
let: "lk" := Snd "c" in
acquire "lk";;
let: "l" := Fst (Fst "c") in
- "l" <- lsnoc !"l" "v";;
+ lsnoc "l" "v";;
release "lk".
Definition try_recv : val :=
@@ -29,11 +29,7 @@ Definition try_recv : val :=
let: "lk" := Snd "c" in
acquire "lk";;
let: "l" := Snd (Fst "c") in
- let: "ret" :=
- match: !"l" with
- SOME "p" => "l" <- Snd "p";; SOME (Fst "p")
- | NONE => NONE
- end in
+ let: "ret" := if: lisnil "l" then NONE else SOME (lpop "l") in
release "lk";; "ret".
Definition recv : val :=
@@ -52,27 +48,32 @@ Definition chanΣ : gFunctors :=
Instance subG_chanΣ {Σ} : subG chanΣ Σ → chanG Σ.
Proof. solve_inG. Qed.
+(** MOVE TO IRIS *)
+Global Instance fst_atomic a v1 v2 : Atomic a (Fst (v1,v2)%V).
+Proof.
+ apply strongly_atomic_atomic, ectx_language_atomic;
+ [inversion 1; naive_solver
+ |apply ectxi_language_sub_redexes_are_values; intros [] **; naive_solver].
+Qed.
+
Section channel.
Context `{!heapG Σ, !chanG Σ} (N : namespace).
- Definition is_list_ref (l : val) (xs : list val) : iProp Σ :=
- (∃ l' : loc, ⌜l = #l'⌠∧ l' ↦ llist xs)%I.
-
Record chan_name := Chan_name {
chan_lock_name : gname;
chan_l_name : gname;
chan_r_name : gname
}.
- Definition chan_inv (γ : chan_name) (l r : val) : iProp Σ :=
+ Definition chan_inv (γ : chan_name) (l r : loc) : iProp Σ :=
(∃ ls rs,
- is_list_ref l ls ∗ own (chan_l_name γ) (◠to_auth_excl ls) ∗
- is_list_ref r rs ∗ own (chan_r_name γ) (◠to_auth_excl rs))%I.
+ llist l ls ∗ own (chan_l_name γ) (◠to_auth_excl ls) ∗
+ llist r rs ∗ own (chan_r_name γ) (◠to_auth_excl rs))%I.
Typeclasses Opaque chan_inv.
Definition is_chan (γ : chan_name) (c1 c2 : val) : iProp Σ :=
- (∃ l r lk : val,
- ⌜ c1 = ((l, r), lk)%V ∧ c2 = ((r, l), lk)%V ⌠∗
+ (∃ (l r : loc) (lk : val),
+ ⌜ c1 = ((#l, #r), lk)%V ∧ c2 = ((#r, #l), lk)%V ⌠∗
is_lock N (chan_lock_name γ) lk (chan_inv γ l r))%I.
Global Instance is_chan_persistent : Persistent (is_chan γ c1 c2).
@@ -91,20 +92,15 @@ Section channel.
Proof.
iIntros (Φ) "_ HΦ". rewrite /is_chan /chan_own.
wp_lam.
- wp_apply (lnil_spec with "[//]"); iIntros (ls). wp_alloc l as "Hl".
- wp_apply (lnil_spec with "[//]"); iIntros (rs). wp_alloc r as "Hr".
+ wp_apply (lnil_spec with "[//]"); iIntros (l) "Hl".
+ wp_apply (lnil_spec with "[//]"); iIntros (r) "Hr".
iMod (own_alloc (◠(to_auth_excl []) ⋅ ◯ (to_auth_excl []))) as (lsγ) "[Hls Hls']".
{ by apply auth_both_valid. }
iMod (own_alloc (◠(to_auth_excl []) ⋅ ◯ (to_auth_excl []))) as (rsγ) "[Hrs Hrs']".
{ by apply auth_both_valid. }
- iAssert (is_list_ref #l []) with "[Hl]" as "Hl".
- { rewrite /is_list_ref; eauto. }
- iAssert (is_list_ref #r []) with "[Hr]" as "Hr".
- { rewrite /is_list_ref; eauto. }
wp_apply (newlock_spec N (∃ ls rs,
- is_list_ref #l ls ∗ own lsγ (◠to_auth_excl ls) ∗
- is_list_ref #r rs ∗ own rsγ (◠to_auth_excl rs))%I
- with "[Hl Hr Hls Hrs]").
+ llist l ls ∗ own lsγ (◠to_auth_excl ls) ∗
+ llist r rs ∗ own rsγ (◠to_auth_excl rs))%I with "[Hl Hr Hls Hrs]").
{ eauto 10 with iFrame. }
iIntros (lk γlk) "#Hlk". wp_pures.
iApply ("HΦ" $! _ _ (Chan_name γlk lsγ rsγ)); simpl.
@@ -113,9 +109,9 @@ Section channel.
Lemma chan_inv_alt s γ l r :
chan_inv γ l r ⊣⊢ ∃ ls rs,
- is_list_ref (side_elim s l r) ls ∗
+ llist (side_elim s l r) ls ∗
own (side_elim s chan_l_name chan_r_name γ) (◠to_auth_excl ls) ∗
- is_list_ref (side_elim s r l) rs ∗
+ llist (side_elim s r l) rs ∗
own (side_elim s chan_r_name chan_l_name γ) (◠to_auth_excl rs).
Proof.
destruct s; rewrite /chan_inv //=.
@@ -131,24 +127,20 @@ Section channel.
Proof.
iIntros "Hc HΦ". wp_lam; wp_pures.
iDestruct "Hc" as (l r lk [-> ->]) "#Hlock"; wp_pures.
- assert (side_elim s (l, r, lk)%V (r, l, lk)%V =
- ((side_elim s l r, side_elim s r l), lk)%V) as -> by (by destruct s).
+ assert (side_elim s (#l, #r, lk)%V (#r, #l, lk)%V =
+ ((#(side_elim s l r), #(side_elim s r l)), lk)%V) as -> by (by destruct s).
wp_apply (acquire_spec with "Hlock"); iIntros "[Hlocked Hinv]".
- wp_pures.
iDestruct (chan_inv_alt s with "Hinv") as
- (vs ws) "(Href & Hvs & Href' & Hws)".
- iDestruct "Href" as (ll Hslr) "Hll". rewrite Hslr.
- wp_load.
- wp_apply (lsnoc_spec with "[//]"); iIntros (_).
- wp_bind (_ <- _)%E.
+ (vs ws) "(Hll & Hvs & Href' & Hws)".
+ wp_seq. wp_bind (Fst (_,_)%V)%E.
iMod "HΦ" as (vs') "[Hchan HΦ]".
iDestruct (excl_eq with "Hvs Hchan") as %<-%leibniz_equiv.
iMod (excl_update _ _ _ (vs ++ [v]) with "Hvs Hchan") as "[Hvs Hchan]".
- wp_store. iMod ("HΦ" with "Hchan") as "HΦ".
- iModIntro.
+ wp_pures. iMod ("HΦ" with "Hchan") as "HΦ"; iModIntro.
+ wp_apply (lsnoc_spec with "Hll"); iIntros "Hll".
wp_apply (release_spec with "[-HΦ $Hlock $Hlocked]"); last eauto.
iApply (chan_inv_alt s).
- rewrite /is_list_ref. eauto 20 with iFrame.
+ rewrite /llist. eauto 20 with iFrame.
Qed.
Lemma try_recv_spec Φ E γ c1 c2 s :
@@ -162,28 +154,27 @@ Section channel.
Proof.
iIntros "Hc HΦ". wp_lam; wp_pures.
iDestruct "Hc" as (l r lk [-> ->]) "#Hlock"; wp_pures.
- assert (side_elim s (r, l, lk)%V (l, r, lk)%V =
- ((side_elim s r l, side_elim s l r), lk)%V) as -> by (by destruct s).
+ assert (side_elim s (#r, #l, lk)%V (#l, #r, lk)%V =
+ ((#(side_elim s r l), #(side_elim s l r)), lk)%V) as -> by (by destruct s).
wp_apply (acquire_spec with "Hlock"); iIntros "[Hlocked Hinv]".
- wp_pures.
iDestruct (chan_inv_alt s with "Hinv")
- as (vs ws) "(Href & Hvs & Href' & Hws)".
- iDestruct "Href" as (ll Hslr) "Hll". rewrite Hslr.
- wp_bind (! _)%E. destruct vs as [|v vs]; simpl.
- - iDestruct "HΦ" as "[>HΦ _]". wp_load. iMod "HΦ"; iModIntro.
+ as (vs ws) "(Hll & Hvs & Href' & Hws)".
+ wp_seq. wp_bind (Fst (_,_)%V)%E. destruct vs as [|v vs]; simpl.
+ - iDestruct "HΦ" as "[>HΦ _]". wp_pures. iMod "HΦ"; iModIntro.
+ wp_apply (lisnil_spec with "Hll"); iIntros "Hll". wp_pures.
wp_apply (release_spec with "[-HΦ $Hlocked $Hlock]").
{ iApply (chan_inv_alt s).
- rewrite /is_list_ref. eauto 10 with iFrame. }
+ rewrite /llist. eauto 10 with iFrame. }
iIntros (_). by wp_pures.
- iDestruct "HΦ" as "[_ >HΦ]". iDestruct "HΦ" as (vs') "[Hvs' HΦ]".
iDestruct (excl_eq with "Hvs Hvs'") as %<-%leibniz_equiv.
iMod (excl_update _ _ _ vs with "Hvs Hvs'") as "[Hvs Hvs']".
- wp_load.
- iMod ("HΦ" with "[//] Hvs'") as "HΦ"; iModIntro.
- wp_store; wp_pures.
+ wp_pures. iMod ("HΦ" with "[//] Hvs'") as "HΦ"; iModIntro.
+ wp_apply (lisnil_spec with "Hll"); iIntros "Hll".
+ wp_apply (lpop_spec with "Hll"); iIntros "Hll".
wp_apply (release_spec with "[-HΦ $Hlocked $Hlock]").
{ iApply (chan_inv_alt s).
- rewrite /is_list_ref. eauto 10 with iFrame. }
+ rewrite /llist. eauto 10 with iFrame. }
iIntros (_). by wp_pures.
Qed.
diff --git a/theories/examples/loop_sort.v b/theories/examples/loop_sort.v
index 04aa8cceb54a03b225355ee0d3f2ba9202c883e9..65b80fcc0eeea0620de437622fffb0af21d3cb1d 100644
--- a/theories/examples/loop_sort.v
+++ b/theories/examples/loop_sort.v
@@ -1,7 +1,6 @@
From stdpp Require Import sorting.
From actris.channel Require Import proto_channel.
From iris.heap_lang Require Import proofmode notation.
-From actris.utils Require Import list.
From actris.examples Require Import sort.
Definition loop_sort_service : val :=
diff --git a/theories/examples/map.v b/theories/examples/map.v
index 1282c31b77499f84db064be6e1761efe7ea7da8a..1d62b9dfe87adec8efcc8a888c9eb91f421a761d 100644
--- a/theories/examples/map.v
+++ b/theories/examples/map.v
@@ -1,6 +1,6 @@
From actris.channel Require Import proto_channel proofmode.
From iris.heap_lang Require Import proofmode notation lib.spin_lock.
-From actris.utils Require Import list contribution.
+From actris.utils Require Import llist contribution.
From iris.algebra Require Import gmultiset.
Definition map_worker : val :=
@@ -30,22 +30,25 @@ Definition start_map_service : val := λ: "n" "map",
Definition par_map_server : val :=
rec: "go" "n" "c" "xs" "ys" :=
- if: "n" = #0 then "ys" else
+ if: "n" = #0 then #() else
if: recv "c" then (* send item to map_worker *)
if: lisnil "xs" then
send "c" #false;;
"go" ("n" - #1) "c" "xs" "ys"
else
send "c" #true;;
- send "c" (lhead "xs");;
- "go" "n" "c" (ltail "xs") "ys"
+ send "c" (lpop "xs");;
+ "go" "n" "c" "xs" "ys"
else (* receive item from map_worker *)
let: "zs" := recv "c" in
- "go" "n" "c" "xs" (lapp "zs" "ys").
+ lprep "ys" "zs";;
+ "go" "n" "c" "xs" "ys".
Definition par_map : val := λ: "n" "map" "xs",
let: "c" := start_map_service "n" "map" in
- par_map_server "n" "c" "xs" (lnil #()).
+ let: "ys" := lnil #() in
+ par_map_server "n" "c" "xs" "ys";;
+ "ys".
Class mapG Σ A `{Countable A} := {
map_contributionG :> contributionG Σ (gmultisetUR A);
@@ -62,7 +65,7 @@ Section map.
Definition map_spec (vmap : val) : iProp Σ := (∀ x v,
{{{ IA x v }}}
vmap v
- {{{ ws, RET (llist ws); [∗ list] y;w ∈ map x;ws, IB y w }}})%I.
+ {{{ l ws, RET #l; llist l ws ∗ [∗ list] y;w ∈ map x;ws, IB y w }}})%I.
Definition map_worker_protocol_aux (rec : nat -d> gmultiset A -d> iProto Σ) :
nat -d> gmultiset A -d> iProto Σ := λ i X,
@@ -72,7 +75,7 @@ Section map.
<+>
rec (pred i) X
) <{⌜ i ≠1 ∨ X = ∅ âŒ}&>
- <?> x ws, MSG llist ws {{ ⌜ x ∈ X ⌠∧ [∗ list] y;w ∈ map x;ws, IB y w }};
+ <?> x (l : loc) ws, MSG #l {{ ⌜ x ∈ X ⌠∗ llist l ws ∗ [∗ list] y;w ∈ map x;ws, IB y w }};
rec i (X ∖ {[ x ]}))%proto.
Instance map_worker_protocol_aux_contractive : Contractive map_worker_protocol_aux.
Proof. solve_proper_prepare. f_equiv. solve_proto_contractive. Qed.
@@ -109,7 +112,7 @@ Section map.
rewrite left_id_L.
wp_apply (release_spec with "[$Hlk $Hl Hc Hs]").
{ iExists (S i), _. iFrame. }
- clear dependent i X. iIntros "Hu". wp_apply ("Hmap" with "HI"); iIntros (w) "HI".
+ clear dependent i X. iIntros "Hu". wp_apply ("Hmap" with "HI"); iIntros (l ws) "HI".
wp_apply (acquire_spec with "[$Hlk $Hu]"); iIntros "[Hl H]".
iDestruct "H" as (i X) "[Hs Hc]".
iDestruct (@server_agree with "Hs Hγ")
@@ -156,38 +159,39 @@ Section map.
wp_apply (start_map_workers_spec with "Hf [$Hlk $Hγs]"); auto.
Qed.
- Lemma par_map_server_spec n c vs xs ws X ys :
+ Lemma par_map_server_spec n c l k vs xs ws X ys :
(n = 0 → X = ∅ ∧ xs = []) →
{{{
+ llist l vs ∗ llist k ws ∗
c ↣ map_worker_protocol n X @ N ∗
([∗ list] x;v ∈ xs;vs, IA x v) ∗ ([∗ list] y;w ∈ ys;ws, IB y w)
}}}
- par_map_server #n c (llist vs) (llist ws)
- {{{ ys' ws', RET (llist ws');
- ⌜ys' ≡ₚ (xs ++ elements X) ≫= map⌠∗ [∗ list] y;w ∈ ys' ++ ys;ws', IB y w
+ par_map_server #n c #l #k
+ {{{ ys' ws', RET #();
+ ⌜ys' ≡ₚ (xs ++ elements X) ≫= map⌠∗
+ llist k ws' ∗ [∗ list] y;w ∈ ys' ++ ys;ws', IB y w
}}}.
Proof.
- iIntros (Hn Φ) "(Hc & HIA & HIB) HΦ".
- iLöb as "IH" forall (n vs xs ws X ys Hn Φ); wp_rec; wp_pures; simpl.
+ iIntros (Hn Φ) "(Hl & Hk & Hc & HIA & HIB) HΦ".
+ iLöb as "IH" forall (n l vs xs ws X ys Hn Φ); wp_rec; wp_pures; simpl.
case_bool_decide; wp_pures; simplify_eq/=.
{ destruct Hn as [-> ->]; first lia.
- iApply ("HΦ" $! []); simpl; auto. }
+ iApply ("HΦ" $! []); simpl; auto with iFrame. }
destruct n as [|n]=> //=. wp_branch as %?|%_; wp_pures.
- - wp_apply (lisnil_spec with "[//]"); iIntros (_).
+ - wp_apply (lisnil_spec with "Hl"); iIntros "Hl".
destruct vs as [|v vs], xs as [|x xs]; csimpl; try done; wp_pures.
+ wp_select. wp_pures. rewrite Nat2Z.inj_succ Z.sub_1_r Z.pred_succ.
- iApply ("IH" with "[%] Hc [//] [$] HΦ"); naive_solver.
+ iApply ("IH" with "[%] Hl Hk Hc [//] [$] HΦ"); naive_solver.
+ iDestruct "HIA" as "[HIAx HIA]". wp_select.
- wp_apply (lhead_spec with "[//]"); iIntros (_).
+ wp_apply (lpop_spec with "Hl"); iIntros "Hl".
wp_send with "[$HIAx]".
- wp_apply (ltail_spec with "[//]"); iIntros (_).
- wp_apply ("IH" with "[] Hc HIA HIB"); first done.
+ wp_apply ("IH" with "[] Hl Hk Hc HIA HIB"); first done.
iIntros (ys' ws').
rewrite gmultiset_elements_disj_union gmultiset_elements_singleton.
rewrite assoc_L -(comm _ [x]). iApply "HΦ".
- - wp_recv (x w) as (Hx) "HIBx".
- wp_apply (lapp_spec with "[//]"); iIntros (_).
- wp_apply ("IH" $! _ _ _ _ _ (_ ++ _) with "[] Hc HIA [HIBx HIB]"); first done.
+ - wp_recv (x l' w) as (Hx) "[Hl' HIBx]".
+ wp_apply (lprep_spec with "[$Hk $Hl']"); iIntros "[Hk _]".
+ wp_apply ("IH" $! _ _ _ _ _ _ (_ ++ _) with "[] Hl Hk Hc HIA [HIBx HIB]"); first done.
{ simpl; iFrame. }
iIntros (ys' ws'); iDestruct 1 as (Hys) "HIB"; simplify_eq/=.
iApply ("HΦ" $! (ys' ++ map x)). iSplit.
@@ -198,17 +202,18 @@ Section map.
+ by rewrite -assoc_L.
Qed.
- Lemma par_map_spec n vmap vs xs :
+ Lemma par_map_spec n vmap l vs xs :
0 < n →
map_spec vmap -∗
- {{{ [∗ list] x;v ∈ xs;vs, IA x v }}}
- par_map #n vmap (llist vs)
- {{{ ys ws, RET (llist ws); ⌜ys ≡ₚ xs ≫= map⌠∗ [∗ list] y;w ∈ ys;ws, IB y w }}}.
+ {{{ llist l vs ∗ [∗ list] x;v ∈ xs;vs, IA x v }}}
+ par_map #n vmap #l
+ {{{ k ys ws, RET #k; ⌜ys ≡ₚ xs ≫= map⌠∗ llist k ws ∗ [∗ list] y;w ∈ ys;ws, IB y w }}}.
Proof.
- iIntros (?) "#Hmap !>"; iIntros (Φ) "HI HΦ". wp_lam; wp_pures.
+ iIntros (?) "#Hmap !>"; iIntros (Φ) "[Hl HI] HΦ". wp_lam; wp_pures.
wp_apply (start_map_service_spec with "Hmap [//]"); iIntros (c) "Hc".
- wp_pures. wp_apply (lnil_spec with "[//]"); iIntros (_).
- wp_apply (par_map_server_spec _ _ _ _ [] ∅ [] with "[$Hc $HI //]"); first lia.
- iIntros (ys ws). rewrite /= gmultiset_elements_empty !right_id_L . iApply "HΦ".
+ wp_pures. wp_apply (lnil_spec with "[//]"); iIntros (k) "Hk".
+ wp_apply (par_map_server_spec _ _ _ _ _ _ [] ∅ [] with "[$Hl $Hk $Hc $HI //]"); first lia.
+ iIntros (ys ws) "H". rewrite /= gmultiset_elements_empty !right_id_L .
+ wp_pures. by iApply "HΦ".
Qed.
End map.
diff --git a/theories/examples/map_reduce.v b/theories/examples/map_reduce.v
index 56176cc67f9c97b8f4467f7c4e48953facc6502f..359c30f34290393f075e03afd5f4b6151e7eefd2 100644
--- a/theories/examples/map_reduce.v
+++ b/theories/examples/map_reduce.v
@@ -1,7 +1,7 @@
From stdpp Require Import sorting.
From actris.channel Require Import proto_channel proofmode.
From iris.heap_lang Require Import proofmode notation.
-From actris.utils Require Import list compare contribution.
+From actris.utils Require Import llist compare contribution.
From actris.examples Require Import map sort_elem sort_elem_client.
From iris.algebra Require Import gmultiset.
From Coq Require Import SetoidPermutation.
@@ -40,8 +40,8 @@ Definition par_map_reduce_map_server : val :=
"go" ("n" - #1) "cmap" "csort" "xs"
else
send "cmap" #true;;
- send "cmap" (lhead "xs");;
- "go" "n" "cmap" "csort" (ltail "xs")
+ send "cmap" (lpop "xs");;
+ "go" "n" "cmap" "csort" "xs"
else (* receive item from mapper *)
let: "zs" := recv "cmap" in
send_all "csort" "zs";;
@@ -49,15 +49,15 @@ Definition par_map_reduce_map_server : val :=
Definition par_map_reduce_collect : val :=
rec: "go" "csort" "i" "ys" :=
- if: ~recv "csort" then (("i", "ys"), NONE) else
+ if: ~recv "csort" then NONE else
let: "jy" := recv "csort" in
let: "j" := Fst "jy" in let: "y" := Snd "jy" in
- if: "i" = "j" then "go" "csort" "j" (lcons "y" "ys") else
- (("i", "ys"), SOME ("j", "y")).
+ if: "i" = "j" then lcons "y" "ys";; "go" "csort" "j" "ys" else
+ SOME ("j", "y").
Definition par_map_reduce_reduce_server : val :=
rec: "go" "n" "csort" "cred" "acc" "zs" :=
- if: "n" = #0 then "zs" else
+ if: "n" = #0 then #() else
if: recv "cred" then (* Send item to mapper *)
match: "acc" with
NONE =>
@@ -65,15 +65,16 @@ Definition par_map_reduce_reduce_server : val :=
send "cred" #false;; "go" ("n" - #1) "csort" "cred" NONE "zs"
| SOME "acc" =>
(* Read subsequent items with the same key *)
- let: "grp" := par_map_reduce_collect "csort"
- (Fst "acc") (lcons (Snd "acc") (lnil #())) in
+ let: "ys" := lcons (Snd "acc") (lnil #()) in
+ let: "new_acc" := par_map_reduce_collect "csort" (Fst "acc") "ys" in
send "cred" #true;;
- send "cred" (Fst "grp");;
- "go" "n" "csort" "cred" (Snd "grp") "zs"
+ send "cred" (Fst "acc", "ys");;
+ "go" "n" "csort" "cred" "new_acc" "zs"
end
else (* receive item from mapper *)
let: "zs'" := recv "cred" in
- "go" "n" "csort" "cred" "acc" (lapp "zs'" "zs").
+ lprep "zs" "zs'";;
+ "go" "n" "csort" "cred" "acc" "zs".
Definition cmpZfst : val := λ: "x" "y", Fst "x" ≤ Fst "y".
@@ -86,7 +87,8 @@ Definition par_map_reduce : val := λ: "n" "map" "red" "xs",
(* We need the first sorted element in the loop to compare subsequent elements *)
if: ~recv "csort" then lnil #() else (* Handle the empty case *)
let: "jy" := recv "csort" in
- par_map_reduce_reduce_server "n" "csort" "cred" (SOME "jy") (lnil #()).
+ let: "zs" := lnil #() in
+ par_map_reduce_reduce_server "n" "csort" "cred" (SOME "jy") "zs";; "zs".
(** Properties about the functional version *)
@@ -220,7 +222,8 @@ Section mapper.
Definition IZB (iy : Z * B) (w : val) : iProp Σ :=
(∃ w', ⌜ w = (#iy.1, w')%V ⌠∧ IB iy.1 iy.2 w')%I.
Definition IZBs (iys : Z * list B) (w : val) : iProp Σ :=
- (∃ ws, ⌜ w = (#iys.1, llist ws)%V ⌠∧ [∗ list] y;w'∈iys.2;ws, IB iys.1 y w')%I.
+ (∃ (l : loc) ws,
+ ⌜ w = (#iys.1, #l)%V ⌠∗ llist l ws ∗ [∗ list] y;w'∈iys.2;ws, IB iys.1 y w')%I.
Definition RZB : relation (Z * B) := prod_relation (≤)%Z (λ _ _ : B, True).
Instance RZB_dec : RelDecision RZB.
@@ -238,42 +241,42 @@ Section mapper.
repeat case_bool_decide=> //; unfold RZB, prod_relation in *; naive_solver.
Qed.
- Lemma par_map_reduce_map_server_spec n cmap csort vs xs X ys :
+ Lemma par_map_reduce_map_server_spec n cmap csort l vs xs X ys :
(n = 0 → X = ∅ ∧ xs = []) →
{{{
+ llist l vs ∗
cmap ↣ map_worker_protocol IA IZB map n (X : gmultiset A) @ N ∗
csort ↣ sort_elem_head_protocol IZB RZB ys @ N ∗
([∗ list] x;v ∈ xs;vs, IA x v)
}}}
- par_map_reduce_map_server #n cmap csort (llist vs)
+ par_map_reduce_map_server #n cmap csort #l
{{{ ys', RET #();
⌜ys' ≡ₚ (xs ++ elements X) ≫= map⌠∗
csort ↣ sort_elem_head_protocol IZB RZB (ys ++ ys') @ N
}}}.
Proof.
- iIntros (Hn Φ) "(Hcmap & Hcsort & HIA) HΦ".
+ iIntros (Hn Φ) "(Hl & Hcmap & Hcsort & HIA) HΦ".
iLöb as "IH" forall (n vs xs X ys Hn Φ); wp_rec; wp_pures; simpl.
case_bool_decide; wp_pures; simplify_eq/=.
{ destruct Hn as [-> ->]; first lia.
iApply ("HΦ" $! []). rewrite right_id_L. auto. }
destruct n as [|n]=> //=. wp_branch as %?|%_; wp_pures.
- - wp_apply (lisnil_spec with "[//]"); iIntros (_).
+ - wp_apply (lisnil_spec with "Hl"); iIntros "Hl".
destruct vs as [|v vs], xs as [|x xs]; csimpl; try done; wp_pures.
+ wp_select. wp_pures. rewrite Nat2Z.inj_succ Z.sub_1_r Z.pred_succ.
- iApply ("IH" $! _ _ [] with "[%] Hcmap Hcsort [//] HΦ"); naive_solver.
+ iApply ("IH" $! _ _ [] with "[%] Hl Hcmap Hcsort [//] HΦ"); naive_solver.
+ iDestruct "HIA" as "[HIAx HIA]". wp_select.
- wp_apply (lhead_spec with "[//]"); iIntros (_).
+ wp_apply (lpop_spec with "Hl"); iIntros "Hl".
wp_send with "[$HIAx]".
- wp_apply (ltail_spec with "[//]"); iIntros (_).
- wp_apply ("IH" with "[%] Hcmap Hcsort HIA"); first done.
+ wp_apply ("IH" with "[%] Hl Hcmap Hcsort HIA"); first done.
iIntros (ys').
rewrite gmultiset_elements_disj_union gmultiset_elements_singleton.
rewrite assoc_L -(comm _ [x]). iApply "HΦ".
- - wp_recv (x w) as (Hx) "HIBfx".
+ - wp_recv (x k ws) as (Hx) "[Hk HIBfx]".
rewrite -(right_id END%proto _ (sort_elem_head_protocol _ _ _)).
- wp_apply (send_all_spec with "[$Hcsort $HIBfx]"); iIntros "Hcsort".
+ wp_apply (send_all_spec with "[$Hk $Hcsort $HIBfx]"); iIntros "Hcsort".
rewrite right_id.
- wp_apply ("IH" with "[] Hcmap Hcsort HIA"); first done.
+ wp_apply ("IH" with "[] Hl Hcmap Hcsort HIA"); first done.
iIntros (ys'). iDestruct 1 as (Hys) "Hcsort"; simplify_eq/=.
rewrite -assoc_L. iApply ("HΦ" $! (map x ++ ys') with "[$Hcsort]").
iPureIntro. rewrite (gmultiset_disj_union_difference {[ x ]} X)
@@ -282,37 +285,39 @@ Section mapper.
by rewrite gmultiset_elements_singleton assoc_L bind_app -Hys /= right_id_L comm.
Qed.
- Lemma par_map_reduce_collect_spec csort iys iys_sorted i ys ws :
+ Lemma par_map_reduce_collect_spec csort iys iys_sorted i l ys ws :
let acc := from_option (λ '(i,y,w), [(i,y)]) [] in
let accv := from_option (λ '(i,y,w), SOMEV (#(i:Z),w)) NONEV in
ys ≠[] →
Sorted RZB (iys_sorted ++ ((i,) <$> ys)) →
i ∉ iys_sorted.*1 →
{{{
+ llist l (reverse ws) ∗
csort ↣ sort_elem_tail_protocol IZB RZB iys (iys_sorted ++ ((i,) <$> ys)) @ N ∗
[∗ list] y;w ∈ ys;ws, IB i y w
}}}
- par_map_reduce_collect csort #i (llist (reverse ws))
- {{{ ys' ws' miy, RET ((#i,llist (reverse ws')),accv miy);
+ par_map_reduce_collect csort #i #l
+ {{{ ys' ws' miy, RET accv miy;
⌜ Sorted RZB ((iys_sorted ++ ((i,) <$> ys ++ ys')) ++ acc miy) ⌠∗
⌜ from_option (λ '(j,_,_), i ≠j ∧ j ∉ iys_sorted.*1)
(iys_sorted ++ ((i,) <$> ys ++ ys') ≡ₚ iys) miy ⌠∗
+ llist l (reverse ws') ∗
csort ↣ from_option (λ _, sort_elem_tail_protocol IZB RZB iys
((iys_sorted ++ ((i,) <$> ys ++ ys')) ++ acc miy)) END%proto miy @ N ∗
([∗ list] y;w ∈ ys ++ ys';ws', IB i y w) ∗
from_option (λ '(i,y,w), IB i y w) True miy
}}}.
Proof.
- iIntros (acc accv Hys Hsort Hi Φ) "[Hcsort HIB] HΦ".
+ iIntros (acc accv Hys Hsort Hi Φ) "(Hl & Hcsort & HIB) HΦ".
iLöb as "IH" forall (ys ws Hys Hsort Hi Φ); wp_rec; wp_pures; simpl.
wp_branch as %_|%Hperm; last first; wp_pures.
- { iApply ("HΦ" $! [] _ None with "[$Hcsort HIB]"); simpl.
- iEval (rewrite !right_id_L); auto. }
+ { iApply ("HΦ" $! [] _ None with "[$Hl $Hcsort HIB]"); simpl.
+ iEval (rewrite !right_id_L); auto with iFrame. }
wp_recv ([j y] ?) as (Htl w ->) "HIBy /=". wp_pures. rewrite -assoc_L.
case_bool_decide as Hij; simplify_eq/=; wp_pures.
- - wp_apply (lcons_spec with "[//]"); iIntros (_).
+ - wp_apply (lcons_spec with "Hl"); iIntros "Hl".
rewrite -reverse_snoc. wp_apply ("IH" $! (ys ++ [y])
- with "[%] [%] [//] [Hcsort] [HIB HIBy] [HΦ]"); try iClear "IH".
+ with "[%] [%] [//] Hl [Hcsort] [HIB HIBy] [HΦ]"); try iClear "IH".
+ intros ?; discriminate_list.
+ rewrite fmap_app /= assoc_L. by apply Sorted_snoc.
+ by rewrite fmap_app /= assoc_L.
@@ -333,47 +338,48 @@ Section mapper.
eapply elem_of_StronglySorted_app; set_solver.
Qed.
- Lemma par_map_reduce_reduce_server_spec n iys iys_sorted miy zs ws Y csort cred :
+ Lemma par_map_reduce_reduce_server_spec n iys iys_sorted miy zs l ws Y csort cred :
let acc := from_option (λ '(i,y,w), [(i,y)]) [] in
let accv := from_option (λ '(i,y,w), SOMEV (#(i:Z),w)) NONEV in
(n = 0 → miy = None ∧ Y = ∅) →
from_option (λ '(i,_,_), i ∉ iys_sorted.*1) (iys_sorted ≡ₚ iys) miy →
Sorted RZB (iys_sorted ++ acc miy) →
{{{
+ llist l ws ∗
csort ↣ from_option (λ _, sort_elem_tail_protocol IZB RZB iys
(iys_sorted ++ acc miy)) END%proto miy @ N ∗
cred ↣ map_worker_protocol IZBs IC (curry red) n (Y : gmultiset (Z * list B)) @ N ∗
from_option (λ '(i,y,w), IB i y w) True miy ∗
([∗ list] z;w ∈ zs;ws, IC z w)
}}}
- par_map_reduce_reduce_server #n csort cred (accv miy) (llist ws)
- {{{ zs' ws', RET (llist ws');
+ par_map_reduce_reduce_server #n csort cred (accv miy) #l
+ {{{ zs' ws', RET #();
⌜ (group iys_sorted ≫= curry red) ++ zs' ≡ₚ (group iys ++ elements Y) ≫= curry red ⌠∗
- [∗ list] z;w ∈ zs' ++ zs;ws', IC z w
+ llist l ws' ∗ [∗ list] z;w ∈ zs' ++ zs;ws', IC z w
}}}.
Proof.
- iIntros (acc accv Hn Hmiy Hsort Φ) "(Hcsort & Hcred & HIB & HIC) HΦ".
+ iIntros (acc accv Hn Hmiy Hsort Φ) "(Hl & Hcsort & Hcred & HIB & HIC) HΦ".
iLöb as "IH" forall (n iys_sorted miy zs ws Y Hn Hmiy Hsort Φ); wp_rec; wp_pures; simpl.
case_bool_decide; wp_pures; simplify_eq/=.
{ destruct Hn as [-> ->]; first lia.
- iApply ("HΦ" $! [] with "[$HIC]"); iPureIntro; simpl.
+ iApply ("HΦ" $! [] with "[$Hl $HIC]"); iPureIntro; simpl.
by rewrite gmultiset_elements_empty !right_id_L Hmiy. }
destruct n as [|n]=> //=. wp_branch as %?|%_; wp_pures.
- destruct miy as [[[i y] w]|]; simplify_eq/=; wp_pures; last first.
+ wp_select. wp_pures. rewrite Nat2Z.inj_succ Z.sub_1_r Z.pred_succ.
iApply ("IH" $! _ _ None
- with "[%] [%] [%] Hcsort Hcred [] HIC HΦ"); naive_solver.
- + wp_apply (lnil_spec with "[//]"); iIntros (_).
- wp_apply (lcons_spec with "[//]"); iIntros (_).
- wp_apply (par_map_reduce_collect_spec _ _ _ _ [_] [_]
- with "[$Hcsort HIB]"); try done.
+ with "[%] [%] [%] Hl Hcsort Hcred [] HIC HΦ"); naive_solver.
+ + wp_apply (lnil_spec with "[//]"); iIntros (k) "Hk".
+ wp_apply (lcons_spec with "Hk"); iIntros "Hk".
+ wp_apply (par_map_reduce_collect_spec _ _ _ _ _ [_] [_]
+ with "[$Hk $Hcsort HIB]"); try done.
{ simpl; iFrame. }
iIntros (ys' ws'' miy).
- iDestruct 1 as (? Hmiy') "(Hcsort & HIB & HIC')"; csimpl.
- wp_select; wp_pures. wp_send ((i, reverse (y :: ys'))) with "[HIB]".
- { iExists (reverse ws''); rewrite /= big_sepL2_reverse; auto. }
+ iDestruct 1 as (? Hmiy') "(Hk & Hcsort & HIB & HIC')"; csimpl.
+ wp_select; wp_pures. wp_send ((i, reverse (y :: ys'))) with "[HIB Hk]".
+ { iExists k, (reverse ws''); rewrite /= big_sepL2_reverse; auto with iFrame. }
wp_pures. iApply ("IH" $! _ (_ ++ _) miy
- with "[%] [%] [//] Hcsort Hcred HIC' HIC"); first done.
+ with "[%] [%] [//] Hl Hcsort Hcred HIC' HIC"); first done.
{ destruct miy as [[[i' y'] w']|]; set_solver +Hmiy'. }
iIntros "!>" (zs' ws'''). iDestruct 1 as (Hperm) "HIC".
iApply ("HΦ" with "[$HIC]"); iPureIntro; move: Hperm.
@@ -381,10 +387,10 @@ Section mapper.
rewrite group_snoc // reverse_Permutation.
rewrite !bind_app /= right_id_L -!assoc_L -(comm _ zs') !assoc_L.
apply (inj (++ _)).
- - wp_recv ([i ys] ws') as (Hy) "HICi".
- wp_apply (lapp_spec with "[//]"); iIntros (_).
+ - wp_recv ([i ys] k ws') as (Hy) "[Hk HICi]".
+ wp_apply (lprep_spec with "[$Hl $Hk]"); iIntros "[Hl _]".
wp_apply ("IH" $! _ _ _ (_ ++ _)
- with "[ ] [//] [//] Hcsort Hcred HIB [HIC HICi]"); first done.
+ with "[ ] [//] [//] Hl Hcsort Hcred HIB [HIC HICi]"); first done.
{ simpl; iFrame. }
iIntros (zs' ws''); iDestruct 1 as (Hzs) "HIC"; simplify_eq/=.
iApply ("HΦ" $! (zs' ++ red i ys)). iSplit; last by rewrite -assoc_L.
@@ -395,36 +401,37 @@ Section mapper.
by rewrite right_id_L !assoc_L.
Qed.
- Lemma par_map_reduce_spec n vmap vred vs xs :
+ Lemma par_map_reduce_spec n vmap vred l vs xs :
0 < n →
map_spec IA IZB map vmap -∗
map_spec IZBs IC (curry red) vred -∗
- {{{ [∗ list] x;v ∈ xs;vs, IA x v }}}
- par_map_reduce #n vmap vred (llist vs)
- {{{ zs ws, RET (llist ws);
- ⌜zs ≡ₚ map_reduce map red xs⌠∗ [∗ list] z;w ∈ zs;ws, IC z w
+ {{{ llist l vs ∗ [∗ list] x;v ∈ xs;vs, IA x v }}}
+ par_map_reduce #n vmap vred #l
+ {{{ k zs ws, RET #k;
+ ⌜zs ≡ₚ map_reduce map red xs⌠∗ llist k ws ∗ [∗ list] z;w ∈ zs;ws, IC z w
}}}.
Proof.
- iIntros (?) "#Hmap #Hred !>"; iIntros (Φ) "HI HΦ". wp_lam; wp_pures.
+ iIntros (?) "#Hmap #Hred !>"; iIntros (Φ) "[Hl HI] HΦ". wp_lam; wp_pures.
wp_apply (start_map_service_spec with "Hmap [//]"); iIntros (cmap) "Hcmap".
wp_apply (start_chan_proto_spec N (sort_elem_protocol IZB RZB <++> END)%proto);
iIntros (csort) "Hcsort".
{ wp_apply (sort_elem_service_spec N with "[] Hcsort"); last by auto.
iApply RZB_cmp_spec. }
rewrite right_id.
- wp_apply (par_map_reduce_map_server_spec with "[$Hcmap $Hcsort $HI]"); first lia.
+ wp_apply (par_map_reduce_map_server_spec with "[$Hl $Hcmap $Hcsort $HI]"); first lia.
iIntros (iys). rewrite gmultiset_elements_empty right_id_L.
iDestruct 1 as (Hiys) "Hcsort /=". wp_select; wp_pures; simpl.
wp_apply (start_map_service_spec with "Hred [//]"); iIntros (cred) "Hcred".
wp_branch as %_|%Hnil; last first.
- { wp_pures. wp_apply (lnil_spec with "[//]"); iIntros (_).
- iApply ("HΦ" $! []); simpl. iSplit; [iPureIntro|done].
+ { wp_pures. wp_apply (lnil_spec with "[//]"); iIntros (k) "Hk".
+ iApply ("HΦ" $! k []); simpl. iFrame. iSplit; [iPureIntro|done].
by rewrite /map_reduce /= -Hiys -Hnil. }
wp_recv ([i y] ?) as (_ w ->) "HIB /="; wp_pures.
- wp_apply (lnil_spec with "[//]"); iIntros (_).
- wp_apply (par_map_reduce_reduce_server_spec _ _ [] (Some (i, y, w)) [] []
- with "[$Hcsort $Hcred $HIB]"); simpl; auto; [lia|set_solver|].
+ wp_apply (lnil_spec with "[//]"); iIntros (k) "Hk".
+ wp_apply (par_map_reduce_reduce_server_spec _ _ [] (Some (i, y, w)) [] _ []
+ with "[$Hk $Hcsort $Hcred $HIB]"); simpl; auto; [lia|set_solver|].
iIntros (zs ws). rewrite /= gmultiset_elements_empty !right_id.
- iDestruct 1 as (Hzs) "HIC". iApply ("HΦ" with "[$HIC]"). by rewrite Hzs Hiys.
+ iDestruct 1 as (Hzs) "[Hk HIC]". wp_pures.
+ iApply ("HΦ" with "[$Hk $HIC]"). by rewrite Hzs Hiys.
Qed.
End mapper.
diff --git a/theories/examples/sort.v b/theories/examples/sort.v
index 6d29875fdb3537c5e1048ed3ab1f2726ee8f5920..df9977e8864e2033e11018dfc52511c5a47d712c 100644
--- a/theories/examples/sort.v
+++ b/theories/examples/sort.v
@@ -1,9 +1,9 @@
From stdpp Require Import sorting.
From actris.channel Require Import proto_channel proofmode.
From iris.heap_lang Require Import proofmode notation.
-From actris.utils Require Import list compare.
+From actris.utils Require Export llist compare.
-Definition lmerge : val :=
+Definition lmerge : val. (*
rec: "go" "cmp" "ys" "zs" :=
if: lisnil "ys" then "zs" else
if: lisnil "zs" then "ys" else
@@ -12,21 +12,20 @@ Definition lmerge : val :=
if: "cmp" "y" "z"
then lcons "y" ("go" "cmp" (ltail "ys") "zs")
else lcons "z" ("go" "cmp" "ys" (ltail "zs")).
+*) Admitted.
Definition sort_service : val :=
rec: "go" "c" :=
let: "cmp" := recv "c" in
let: "xs" := recv "c" in
- if: llength !"xs" ≤ #1 then send "c" #() else
- let: "ys_zs" := lsplit !"xs" in
- let: "ys" := ref (Fst "ys_zs") in
- let: "zs" := ref (Snd "ys_zs") in
+ if: llength "xs" ≤ #1 then send "c" #() else
+ let: "zs" := lsplit "xs" in
let: "cy" := start_chan "go" in
let: "cz" := start_chan "go" in
- send "cy" "cmp";; send "cy" "ys";;
+ send "cy" "cmp";; send "cy" "xs";;
send "cz" "cmp";; send "cz" "zs";;
recv "cy";; recv "cz";;
- "xs" <- lmerge "cmp" !"ys" !"zs";;
+ lmerge "cmp" "xs" "zs";;
send "c" #().
Section sort.
@@ -37,19 +36,22 @@ Section sort.
`{!RelDecision R, !Total R} (cmp : val),
MSG cmp {{ cmp_spec I R cmp }};
<!> (xs : list A) (l : loc) (vs : list val),
- MSG #l {{ l ↦ llist vs ∗ [∗ list] x;v ∈ xs;vs, I x v }};
+ MSG #l {{ llist l vs ∗ [∗ list] x;v ∈ xs;vs, I x v }};
<?> (xs' : list A) (vs' : list val),
MSG #() {{ ⌜ Sorted R xs' ⌠∗ ⌜ xs' ≡ₚ xs ⌠∗
- l ↦ llist vs' ∗ [∗ list] x;v ∈ xs';vs', I x v }};
+ llist l vs' ∗ [∗ list] x;v ∈ xs';vs', I x v }};
END)%proto.
Lemma lmerge_spec {A} (I : A → val → iProp Σ) (R : A → A → Prop)
- `{!RelDecision R, !Total R} (cmp : val) xs1 xs2 vs1 vs2 :
+ `{!RelDecision R, !Total R} (cmp : val) l1 l2 xs1 xs2 vs1 vs2 :
cmp_spec I R cmp -∗
- {{{ ([∗ list] x;v ∈ xs1;vs1, I x v) ∗ ([∗ list] x;v ∈ xs2;vs2, I x v) }}}
- lmerge cmp (llist vs1) (llist vs2)
- {{{ ws, RET llist ws; [∗ list] x;v ∈ list_merge R xs1 xs2;ws, I x v }}}.
- Proof.
+ {{{
+ llist l1 vs1 ∗ llist l2 vs2 ∗
+ ([∗ list] x;v ∈ xs1;vs1, I x v) ∗ ([∗ list] x;v ∈ xs2;vs2, I x v)
+ }}}
+ lmerge cmp #l1 #l2
+ {{{ ws, RET #(); llist l1 ws ∗ [∗ list] x;v ∈ list_merge R xs1 xs2;ws, I x v }}}.
+ Proof. (*
iIntros "#Hcmp" (Ψ) "!> [HI1 HI2] HΨ". iLöb as "IH" forall (xs1 xs2 vs1 vs2 Ψ).
wp_lam. wp_apply (lisnil_spec with "[//]"); iIntros (_).
destruct xs1 as [|x1 xs1], vs1 as [|v1 vs1]; simpl; done || wp_pures.
@@ -74,7 +76,7 @@ Section sort.
iIntros (ws) "HI".
wp_apply (lcons_spec with "[//]"); iIntros (_).
iApply "HΨ". iFrame.
- Qed.
+ Qed. *) Admitted.
Lemma sort_service_spec p c :
{{{ c ↣ iProto_dual sort_protocol <++> p @ N }}}
@@ -85,14 +87,14 @@ Section sort.
wp_lam.
wp_recv (A I R ?? cmp) as "#Hcmp".
wp_recv (xs l vs) as "[Hl HI]".
- wp_load. wp_apply (llength_spec with "[//]"); iIntros (_).
+ wp_apply (llength_spec with "Hl"); iIntros "Hl".
iDestruct (big_sepL2_length with "HI") as %<-.
wp_op; case_bool_decide as Hlen; wp_if.
{ assert (Sorted R xs).
{ destruct xs as [|x1 [|x2 xs]]; simpl in *; eauto with lia. }
wp_send with "[$Hl $HI]"; first by auto. by iApply "HΨ". }
- wp_load. wp_apply (lsplit_spec with "[//]"); iIntros (vs1 vs2 ->).
- wp_alloc l1 as "Hl1"; wp_alloc l2 as "Hl2".
+ wp_apply (lsplit_spec with "Hl"); iIntros (l2 vs1 vs2);
+ iDestruct 1 as (->) "[Hl1 Hl2]".
iDestruct (big_sepL2_app_inv_r with "HI") as (xs1 xs2 ->) "[HI1 HI2]".
wp_apply (start_chan_proto_spec N sort_protocol); iIntros (cy) "Hcy".
{ rewrite -{2}(right_id END%proto _ (iProto_dual _)).
@@ -106,9 +108,7 @@ Section sort.
wp_send with "[$Hl2 $HI2]".
wp_recv (ys1 ws1) as (??) "[Hl1 HI1]".
wp_recv (ys2 ws2) as (??) "[Hl2 HI2]".
- do 2 wp_load.
- wp_apply (lmerge_spec with "Hcmp [$HI1 $HI2]"). iIntros (ws) "HI".
- wp_store.
+ wp_apply (lmerge_spec with "Hcmp [$Hl1 $Hl2 $HI1 $HI2]"); iIntros (ws) "[Hl HI]".
wp_send ((list_merge R ys1 ys2) ws) with "[$Hl $HI]".
- iSplit; iPureIntro.
+ by apply (Sorted_list_merge _).
diff --git a/theories/examples/sort_client.v b/theories/examples/sort_client.v
index 1353293c81f7ef6cdd03f83e8dad6eeca2412980..095c5dae108088c69d9e959f58e657f10a9ac087 100644
--- a/theories/examples/sort_client.v
+++ b/theories/examples/sort_client.v
@@ -1,7 +1,6 @@
From stdpp Require Import sorting.
From actris.channel Require Import proto_channel proofmode.
From iris.heap_lang Require Import proofmode notation.
-From actris.utils Require Import list compare.
From actris.examples Require Import sort.
Definition sort_client : val := λ: "cmp" "xs",
@@ -15,10 +14,10 @@ Section sort_client.
Lemma sort_client_spec {A} (I : A → val → iProp Σ) R
`{!RelDecision R, !Total R} cmp l (vs : list val) (xs : list A) :
cmp_spec I R cmp -∗
- {{{ l ↦ llist vs ∗ [∗ list] x;v ∈ xs;vs, I x v }}}
+ {{{ llist l vs ∗ [∗ list] x;v ∈ xs;vs, I x v }}}
sort_client cmp #l
{{{ ys ws, RET #(); ⌜Sorted R ys⌠∗ ⌜ys ≡ₚ xs⌠∗
- l ↦ llist ws ∗ [∗ list] y;w ∈ ys;ws, I y w }}}.
+ llist l ws ∗ [∗ list] y;w ∈ ys;ws, I y w }}}.
Proof.
iIntros "#Hcmp !>" (Φ) "Hl HΦ". wp_lam.
wp_apply (start_chan_proto_spec N sort_protocol); iIntros (c) "Hc".
@@ -31,9 +30,9 @@ Section sort_client.
Qed.
Lemma sort_client_Zle_spec l (xs : list Z) :
- {{{ l ↦ llist (LitV ∘ LitInt <$> xs) }}}
+ {{{ llist l (LitV ∘ LitInt <$> xs) }}}
sort_client cmpZ #l
- {{{ ys, RET #(); ⌜Sorted (≤) ys⌠∗ ⌜ ys ≡ₚ xs⌠∗ l ↦ llist (LitV ∘ LitInt <$> ys) }}}.
+ {{{ ys, RET #(); ⌜Sorted (≤) ys⌠∗ ⌜ ys ≡ₚ xs⌠∗ llist l (LitV ∘ LitInt <$> ys) }}}.
Proof.
iIntros (Φ) "Hl HΦ".
iApply (sort_client_spec IZ (≤) _ _ (LitV ∘ LitInt <$> xs) xs with "[] [Hl] [HΦ]").
diff --git a/theories/examples/sort_elem.v b/theories/examples/sort_elem.v
index 171a70742a0dd4899e450453032df738bfa1c966..5b257ce5fc3e54ad12ae0093540082a97aa7d573 100644
--- a/theories/examples/sort_elem.v
+++ b/theories/examples/sort_elem.v
@@ -2,7 +2,7 @@ From stdpp Require Import sorting.
From actris.channel Require Import proto_channel proofmode.
From iris.heap_lang Require Import proofmode notation.
From iris.heap_lang Require Import assert.
-From actris.utils Require Import list compare.
+From actris.utils Require Import compare.
Definition cont := true.
Definition stop := false.
diff --git a/theories/examples/sort_elem_client.v b/theories/examples/sort_elem_client.v
index 7662c6cedbb3800bc0ba62fbf42400803e088544..bb2145e61018d33ec2828196a9f04f8e7f51e436 100644
--- a/theories/examples/sort_elem_client.v
+++ b/theories/examples/sort_elem_client.v
@@ -2,21 +2,18 @@ From stdpp Require Import sorting.
From actris.channel Require Import proto_channel proofmode.
From iris.heap_lang Require Import proofmode notation.
From iris.heap_lang Require Import assert.
-From actris.utils Require Import list compare.
+From actris.utils Require Import llist compare.
From actris.examples Require Import sort_elem.
Definition send_all : val :=
rec: "go" "c" "xs" :=
- match: "xs" with
- SOME "p" => send "c" #cont;; send "c" (Fst "p");; "go" "c" (Snd "p")
- | NONE => #()
- end.
+ if: lisnil "xs" then #() else
+ send "c" #cont;; send "c" (lpop "xs");; "go" "c" "xs".
Definition recv_all : val :=
rec: "go" "c" :=
- if: recv "c"
- then let: "x" := recv "c" in lcons "x" ("go" "c")
- else lnil #().
+ if: ~recv "c" then lnil #() else
+ let: "x" := recv "c" in lcons "x" ("go" "c").
Definition sort_elem_client : val :=
λ: "cmp" "xs",
@@ -30,26 +27,28 @@ Section sort_elem_client.
Context `{!heapG Σ, !proto_chanG Σ} (N : namespace).
Context {A} (I : A → val → iProp Σ) (R : relation A) `{!RelDecision R, !Total R}.
- Lemma send_all_spec c p xs' xs vs :
- {{{ c ↣ sort_elem_head_protocol I R xs' <++> p @ N ∗ [∗ list] x;v ∈ xs;vs, I x v }}}
- send_all c (llist vs)
+ Lemma send_all_spec c p xs' l xs vs :
+ {{{ llist l vs ∗ c ↣ sort_elem_head_protocol I R xs' <++> p @ N ∗ [∗ list] x;v ∈ xs;vs, I x v }}}
+ send_all c #l
{{{ RET #(); c ↣ sort_elem_head_protocol I R (xs' ++ xs) <++> p @ N }}}.
Proof.
- iIntros (Φ) "[Hc HI] HΦ".
+ iIntros (Φ) "(Hl & Hc & HI) HΦ".
iInduction xs as [|x xs] "IH" forall (xs' vs); destruct vs as [|v vs]=>//.
- { wp_lam; wp_pures. iApply "HΦ". rewrite right_id_L. iFrame. }
- iDestruct "HI" as "[HIxv HI]". wp_lam; wp_pures.
- wp_select. wp_send with "[$HIxv]". wp_apply ("IH" with "Hc HI").
- by rewrite -assoc_L.
+ { wp_lam. wp_apply (lisnil_spec with "Hl"); iIntros "Hl"; wp_pures.
+ iApply "HΦ". rewrite right_id_L. iFrame. }
+ iDestruct "HI" as "[HIxv HI]". wp_lam.
+ wp_apply (lisnil_spec with "Hl"); iIntros "Hl". wp_select.
+ wp_apply (lpop_spec with "Hl"); iIntros "Hl".
+ wp_send with "[$HIxv]". wp_apply ("IH" with "Hl Hc HI"). by rewrite -assoc_L.
Qed.
Lemma recv_all_spec c p xs ys' :
Sorted R ys' →
{{{ c ↣ sort_elem_tail_protocol I R xs ys' <++> p @ N }}}
recv_all c
- {{{ ys ws, RET (llist ws);
+ {{{ l ys ws, RET #l;
⌜Sorted R (ys' ++ ys)⌠∗ ⌜ys' ++ ys ≡ₚ xs⌠∗
- c ↣ p @ N ∗ [∗ list] y;w ∈ ys;ws, I y w
+ llist l ws ∗ c ↣ p @ N ∗ [∗ list] y;w ∈ ys;ws, I y w
}}}.
Proof.
iIntros (Hsort Φ) "Hc HΦ".
@@ -57,30 +56,32 @@ Section sort_elem_client.
wp_lam. wp_branch as %_ | %Hperm; wp_pures.
- wp_recv (y v) as (Htl) "HIxv".
wp_apply ("IH" with "[] Hc"); first by auto using Sorted_snoc.
- iIntros (ys ws). rewrite -!assoc_L. iDestruct 1 as (??) "[Hc HI]".
- wp_apply (lcons_spec with "[//]"); iIntros (_).
- iApply ("HΦ" $! (y :: ys)). simpl; iFrame; auto.
- - wp_apply (lnil_spec with "[//]"); iIntros (_).
- iApply ("HΦ" $! [] []); rewrite /= right_id_L; by iFrame.
+ iIntros (l ys ws). rewrite -!assoc_L. iDestruct 1 as (??) "(Hl & Hc & HI)".
+ wp_apply (lcons_spec with "Hl"); iIntros "Hl".
+ iApply ("HΦ" $! _ (y :: ys)); simpl; eauto with iFrame.
+ - wp_apply (lnil_spec with "[//]"); iIntros (l) "Hl".
+ iApply ("HΦ" $! _ [] []); rewrite /= right_id_L; by iFrame.
Qed.
- Lemma sort_client_spec cmp vs xs :
+ Lemma sort_client_spec cmp l vs xs :
cmp_spec I R cmp -∗
- {{{ [∗ list] x;v ∈ xs;vs, I x v }}}
- sort_elem_client cmp (llist vs)
- {{{ ys ws, RET (llist ws); ⌜Sorted R ys⌠∗ ⌜ys ≡ₚ xs⌠∗
- [∗ list] y;w ∈ ys;ws, I y w }}}.
+ {{{ llist l vs ∗ [∗ list] x;v ∈ xs;vs, I x v }}}
+ sort_elem_client cmp #l
+ {{{ k ys ws, RET #k;
+ ⌜Sorted R ys⌠∗ ⌜ys ≡ₚ xs⌠∗
+ llist k ws ∗ [∗ list] y;w ∈ ys;ws, I y w
+ }}}.
Proof.
- iIntros "#Hcmp !>" (Φ) "HI HΦ". wp_lam.
+ iIntros "#Hcmp !>" (Φ) "[Hl HI] HΦ". wp_lam.
wp_apply (start_chan_proto_spec N (sort_elem_top_protocol <++> END)%proto);
iIntros (c) "Hc".
{ wp_apply (sort_elem_service_top_spec N with "Hc"); auto. }
rewrite /sort_elem_top_protocol.
wp_send (A I R) with "[$Hcmp]".
- wp_apply (send_all_spec with "[$HI $Hc]"); iIntros "Hc".
+ wp_apply (send_all_spec with "[$Hl $HI $Hc]"); iIntros "Hc".
wp_select.
wp_apply (recv_all_spec _ _ _ [] with "[$Hc]"); auto.
- iIntros (ys ws) "/=". iDestruct 1 as (??) "[_ HI]".
- iApply "HΦ"; auto.
+ iIntros (k ys ws) "/=". iDestruct 1 as (??) "(Hk & _ & HI)".
+ iApply "HΦ"; auto with iFrame.
Qed.
End sort_elem_client.
diff --git a/theories/utils/list.v b/theories/utils/flist.v
similarity index 51%
rename from theories/utils/list.v
rename to theories/utils/flist.v
index 26885df64e52c0041e2d9bb2d65596cd327eebe8..48c301e7800bdb2aae681fba80976fc8dc140da4 100644
--- a/theories/utils/list.v
+++ b/theories/utils/flist.v
@@ -2,76 +2,76 @@ From iris.heap_lang Require Export proofmode notation.
From iris.heap_lang Require Import assert.
(** Immutable ML-style functional lists *)
-Fixpoint llist (vs : list val) : val :=
+Fixpoint flist (vs : list val) : val :=
match vs with
| [] => NONEV
- | v :: vs => SOMEV (v,llist vs)
+ | v :: vs => SOMEV (v,flist vs)
end%V.
-Arguments llist : simpl never.
+Arguments flist : simpl never.
-Definition lnil : val := λ: <>, NONEV.
-Definition lcons : val := λ: "x" "l", SOME ("x", "l").
+Definition fnil : val := λ: <>, NONEV.
+Definition fcons : val := λ: "x" "l", SOME ("x", "l").
-Definition lisnil : val := λ: "l",
+Definition fisnil : val := λ: "l",
match: "l" with
SOME "p" => #false
| NONE => #true
end.
-Definition lhead : val := λ: "l",
+Definition fhead : val := λ: "l",
match: "l" with
SOME "p" => Fst "p"
| NONE => assert: #false
end.
-Definition ltail : val := λ: "l",
+Definition ftail : val := λ: "l",
match: "l" with
SOME "p" => Snd "p"
| NONE => assert: #false
end.
-Definition llookup : val :=
+Definition flookup : val :=
rec: "go" "n" "l" :=
- if: "n" = #0 then lhead "l" else
- let: "l" := ltail "l" in "go" ("n" - #1) "l".
+ if: "n" = #0 then fhead "l" else
+ let: "l" := ftail "l" in "go" ("n" - #1) "l".
-Definition linsert : val :=
+Definition finsert : val :=
rec: "go" "n" "x" "l" :=
- if: "n" = #0 then let: "l" := ltail "l" in lcons "x" "l" else
- let: "k" := ltail "l" in
+ if: "n" = #0 then let: "l" := ftail "l" in fcons "x" "l" else
+ let: "k" := ftail "l" in
let: "k" := "go" ("n" - #1) "x" "k" in
- lcons (lhead "l") "k".
+ fcons (fhead "l") "k".
-Definition lreplicate : val :=
+Definition freplicate : val :=
rec: "go" "n" "x" :=
- if: "n" = #0 then lnil #() else
- let: "l" := "go" ("n" - #1) "x" in lcons "x" "l".
+ if: "n" = #0 then fnil #() else
+ let: "l" := "go" ("n" - #1) "x" in fcons "x" "l".
-Definition llength : val :=
+Definition flength : val :=
rec: "go" "l" :=
match: "l" with
NONE => #0
| SOME "p" => #1 + "go" (Snd "p")
end.
-Definition lapp : val :=
+Definition fapp : val :=
rec: "go" "l" "k" :=
match: "l" with
NONE => "k"
- | SOME "p" => lcons (Fst "p") ("go" (Snd "p") "k")
+ | SOME "p" => fcons (Fst "p") ("go" (Snd "p") "k")
end.
-Definition lsnoc : val := λ: "l" "x", lapp "l" (lcons "x" (lnil #())).
+Definition fsnoc : val := λ: "l" "x", fapp "l" (fcons "x" (fnil #())).
-Definition ltake : val :=
+Definition ftake : val :=
rec: "go" "l" "n" :=
if: "n" ≤ #0 then NONEV else
match: "l" with
NONE => NONEV
- | SOME "l" => lcons (Fst "l") ("go" (Snd "l") ("n"-#1))
+ | SOME "l" => fcons (Fst "l") ("go" (Snd "l") ("n"-#1))
end.
-Definition ldrop : val :=
+Definition fdrop : val :=
rec: "go" "l" "n" :=
if: "n" ≤ #0 then "l" else
match: "l" with
@@ -79,9 +79,9 @@ Definition ldrop : val :=
| SOME "l" => "go" (Snd "l") ("n"-#1)
end.
-Definition lsplit_at : val := λ: "l" "n", (ltake "l" "n", ldrop "l" "n").
+Definition fsplit_at : val := λ: "l" "n", (ftake "l" "n", fdrop "l" "n").
-Definition lsplit : val := λ: "l", lsplit_at "l" (llength "l" `quot` #2).
+Definition fsplit : val := λ: "l", fsplit_at "l" (flength "l" `quot` #2).
Section lists.
Context `{heapG Σ}.
@@ -89,70 +89,70 @@ Implicit Types i : nat.
Implicit Types v : val.
Implicit Types vs : list val.
-Lemma lnil_spec :
- {{{ True }}} lnil #() {{{ RET llist []; True }}}.
+Lemma fnil_spec :
+ {{{ True }}} fnil #() {{{ RET flist []; True }}}.
Proof. iIntros (Φ _) "HΦ". wp_lam. by iApply "HΦ". Qed.
-Lemma lcons_spec v vs :
- {{{ True }}} lcons v (llist vs) {{{ RET llist (v :: vs); True }}}.
+Lemma fcons_spec v vs :
+ {{{ True }}} fcons v (flist vs) {{{ RET flist (v :: vs); True }}}.
Proof. iIntros (Φ _) "HΦ". wp_lam. wp_pures. by iApply "HΦ". Qed.
-Lemma lisnil_spec vs:
+Lemma fisnil_spec vs:
{{{ True }}}
- lisnil (llist vs)
+ fisnil (flist vs)
{{{ RET #(if vs is [] then true else false); True }}}.
Proof. iIntros (Φ _) "HΦ". wp_lam. destruct vs; wp_pures; by iApply "HΦ". Qed.
-Lemma lhead_spec v vs :
- {{{ True }}} lhead (llist (v :: vs)) {{{ RET v; True }}}.
+Lemma fhead_spec v vs :
+ {{{ True }}} fhead (flist (v :: vs)) {{{ RET v; True }}}.
Proof. iIntros (Φ _) "HΦ". wp_lam. wp_pures. by iApply "HΦ". Qed.
-Lemma ltail_spec v vs :
- {{{ True }}} ltail (llist (v :: vs)) {{{ RET llist vs; True }}}.
+Lemma ftail_spec v vs :
+ {{{ True }}} ftail (flist (v :: vs)) {{{ RET flist vs; True }}}.
Proof. iIntros (Φ _) "HΦ". wp_lam. wp_pures. by iApply "HΦ". Qed.
-Lemma llookup_spec i vs v :
+Lemma flookup_spec i vs v :
vs !! i = Some v →
- {{{ True }}} llookup #i (llist vs) {{{ RET v; True }}}.
+ {{{ True }}} flookup #i (flist vs) {{{ RET v; True }}}.
Proof.
iIntros (Hi Φ _) "HΦ".
iInduction vs as [|v' vs] "IH" forall (i Hi);
destruct i as [|i]=> //; simplify_eq/=.
- { wp_lam. wp_pures. by iApply (lhead_spec with "[//]"). }
+ { wp_lam. wp_pures. by iApply (fhead_spec with "[//]"). }
wp_lam. wp_pures.
- wp_apply (ltail_spec with "[//]"); iIntros (_). wp_let.
+ wp_apply (ftail_spec with "[//]"); iIntros (_). wp_let.
wp_op. rewrite Nat2Z.inj_succ -Z.add_1_l Z.add_simpl_l. by iApply "IH".
Qed.
-Lemma linsert_spec i vs v :
+Lemma finsert_spec i vs v :
is_Some (vs !! i) →
- {{{ True }}} linsert #i v (llist vs) {{{ RET llist (<[i:=v]>vs); True }}}.
+ {{{ True }}} finsert #i v (flist vs) {{{ RET flist (<[i:=v]>vs); True }}}.
Proof.
iIntros ([w Hi] Φ _) "HΦ".
iInduction vs as [|v' vs] "IH" forall (i Hi Φ);
destruct i as [|i]=> //; simplify_eq/=.
- { wp_lam. wp_pures. wp_apply (ltail_spec with "[//]"); iIntros (_).
- wp_let. by iApply (lcons_spec with "[//]"). }
+ { wp_lam. wp_pures. wp_apply (ftail_spec with "[//]"); iIntros (_).
+ wp_let. by iApply (fcons_spec with "[//]"). }
wp_lam; wp_pures.
- wp_apply (ltail_spec with "[//]"); iIntros (_). wp_let.
+ wp_apply (ftail_spec with "[//]"); iIntros (_). wp_let.
wp_op. rewrite Nat2Z.inj_succ -Z.add_1_l Z.add_simpl_l.
wp_apply ("IH" with "[//]"); iIntros (_).
- wp_apply (lhead_spec with "[//]"); iIntros "_".
- by wp_apply (lcons_spec with "[//]").
+ wp_apply (fhead_spec with "[//]"); iIntros "_".
+ by wp_apply (fcons_spec with "[//]").
Qed.
-Lemma lreplicate_spec i v :
- {{{ True }}} lreplicate #i v {{{ RET llist (replicate i v); True }}}.
+Lemma freplicate_spec i v :
+ {{{ True }}} freplicate #i v {{{ RET flist (replicate i v); True }}}.
Proof.
iIntros (Φ _) "HΦ". iInduction i as [|i] "IH" forall (Φ); simpl.
- { wp_lam; wp_pures. iApply (lnil_spec with "[//]"); auto. }
+ { wp_lam; wp_pures. iApply (fnil_spec with "[//]"); auto. }
wp_lam; wp_pures.
rewrite Nat2Z.inj_succ -Z.add_1_l Z.add_simpl_l.
- wp_apply "IH"; iIntros (_). wp_let. by iApply (lcons_spec with "[//]").
+ wp_apply "IH"; iIntros (_). wp_let. by iApply (fcons_spec with "[//]").
Qed.
-Lemma llength_spec vs :
- {{{ True }}} llength (llist vs) {{{ RET #(length vs); True }}}.
+Lemma flength_spec vs :
+ {{{ True }}} flength (flist vs) {{{ RET #(length vs); True }}}.
Proof.
iIntros (Φ _) "HΦ".
iInduction vs as [|v' vs] "IH" forall (Φ); simplify_eq/=.
@@ -162,25 +162,25 @@ Proof.
rewrite (Nat2Z.inj_add 1). by iApply "HΦ".
Qed.
-Lemma lapp_spec vs1 vs2 :
- {{{ True }}} lapp (llist vs1) (llist vs2) {{{ RET (llist (vs1 ++ vs2)); True }}}.
+Lemma fapp_spec vs1 vs2 :
+ {{{ True }}} fapp (flist vs1) (flist vs2) {{{ RET (flist (vs1 ++ vs2)); True }}}.
Proof.
iIntros (Φ _) "HΦ".
iInduction vs1 as [|v1 vs1] "IH" forall (Φ); simpl.
{ wp_rec. wp_pures. by iApply "HΦ". }
- wp_rec. wp_pures. wp_apply "IH". iIntros (_). by wp_apply lcons_spec.
+ wp_rec. wp_pures. wp_apply "IH". iIntros (_). by wp_apply fcons_spec.
Qed.
-Lemma lsnoc_spec vs v :
- {{{ True }}} lsnoc (llist vs) v {{{ RET (llist (vs ++ [v])); True }}}.
+Lemma fsnoc_spec vs v :
+ {{{ True }}} fsnoc (flist vs) v {{{ RET (flist (vs ++ [v])); True }}}.
Proof.
- iIntros (Φ _) "HΦ". wp_lam. wp_apply (lnil_spec with "[//]"); iIntros (_).
- wp_apply (lcons_spec with "[//]"); iIntros (_).
- wp_apply (lapp_spec with "[//]"); iIntros (_). by iApply "HΦ".
+ iIntros (Φ _) "HΦ". wp_lam. wp_apply (fnil_spec with "[//]"); iIntros (_).
+ wp_apply (fcons_spec with "[//]"); iIntros (_).
+ wp_apply (fapp_spec with "[//]"); iIntros (_). by iApply "HΦ".
Qed.
-Lemma ltake_spec vs (n : nat) :
- {{{ True }}} ltake (llist vs) #n {{{ RET llist (take n vs); True }}}.
+Lemma ftake_spec vs (n : nat) :
+ {{{ True }}} ftake (flist vs) #n {{{ RET flist (take n vs); True }}}.
Proof.
iIntros (Φ _) "HΦ".
iInduction vs as [|x' vs] "IH" forall (n Φ).
@@ -189,11 +189,11 @@ Proof.
- wp_rec; destruct n as [|n]; wp_pures; first by iApply "HΦ".
rewrite Nat2Z.inj_succ Z.sub_1_r Z.pred_succ.
wp_apply "IH"; iIntros (_).
- wp_apply (lcons_spec with "[//]"); iIntros (_). by iApply "HΦ".
+ wp_apply (fcons_spec with "[//]"); iIntros (_). by iApply "HΦ".
Qed.
-Lemma ldrop_spec vs (n : nat) :
- {{{ True }}} ldrop (llist vs) #n {{{ RET llist (drop n vs); True }}}.
+Lemma fdrop_spec vs (n : nat) :
+ {{{ True }}} fdrop (flist vs) #n {{{ RET flist (drop n vs); True }}}.
Proof.
iIntros (Φ _) "HΦ".
iInduction vs as [|x' vs] "IH" forall (n Φ).
@@ -204,26 +204,26 @@ Proof.
wp_apply "IH"; iIntros (_). by iApply "HΦ".
Qed.
-Lemma lsplit_at_spec vs (n : nat) :
+Lemma fsplit_at_spec vs (n : nat) :
{{{ True }}}
- lsplit_at (llist vs) #n
- {{{ RET (llist (take n vs), llist (drop n vs)); True }}}.
+ fsplit_at (flist vs) #n
+ {{{ RET (flist (take n vs), flist (drop n vs)); True }}}.
Proof.
iIntros (Φ _) "HΦ". wp_lam.
- wp_apply (ldrop_spec with "[//]"); iIntros (_).
- wp_apply (ltake_spec with "[//]"); iIntros (_).
+ wp_apply (fdrop_spec with "[//]"); iIntros (_).
+ wp_apply (ftake_spec with "[//]"); iIntros (_).
wp_pures. by iApply "HΦ".
Qed.
-Lemma lsplit_spec vs :
+Lemma fsplit_spec vs :
{{{ True }}}
- lsplit (llist vs)
- {{{ ws1 ws2, RET (llist ws1, llist ws2); ⌜ vs = ws1 ++ ws2 ⌠}}}.
+ fsplit (flist vs)
+ {{{ ws1 ws2, RET (flist ws1, flist ws2); ⌜ vs = ws1 ++ ws2 ⌠}}}.
Proof.
iIntros (Φ _) "HΦ". wp_lam.
- wp_apply (llength_spec with "[//]"); iIntros (_). wp_pures.
+ wp_apply (flength_spec with "[//]"); iIntros (_). wp_pures.
rewrite Z.quot_div_nonneg; [|lia..]. rewrite -(Z2Nat_inj_div _ 2).
- wp_apply (lsplit_at_spec with "[//]"); iIntros (_).
+ wp_apply (fsplit_at_spec with "[//]"); iIntros (_).
iApply "HΦ". by rewrite take_drop.
Qed.
End lists.