diff --git a/algebra/agree.v b/algebra/agree.v
index 8e73f6bb842cfa2409b623c86366371994dac45e..1d28662f412bc4e3d71e627cd6be0544fbbd0821 100644
--- a/algebra/agree.v
+++ b/algebra/agree.v
@@ -1,121 +1,317 @@
From iris.algebra Require Export cmra.
+From iris.algebra Require Import list.
From iris.base_logic Require Import base_logic.
-Local Hint Extern 10 (_ ≤ _) => omega.
+Local Arguments validN _ _ _ !_ /.
+Local Arguments valid _ _ !_ /.
+Local Arguments op _ _ _ !_ /.
+Local Arguments pcore _ _ !_ /.
Record agree (A : Type) : Type := Agree {
- agree_car : nat → A;
- agree_is_valid : nat → Prop;
- agree_valid_S n : agree_is_valid (S n) → agree_is_valid n
+ agree_car : A;
+ agree_with : list A;
}.
-Arguments Agree {_} _ _ _.
-Arguments agree_car {_} _ _.
-Arguments agree_is_valid {_} _ _.
+Arguments Agree {_} _ _.
+Arguments agree_car {_} _.
+Arguments agree_with {_} _.
+
+(* Some theory about set-inclusion on lists and lists of which all elements are equal.
+ TODO: Move this elsewhere. *)
+Definition list_setincl `(R : relation A) (al bl : list A) :=
+ ∀ a, a ∈ al → ∃ b, b ∈ bl ∧ R a b.
+Definition list_setequiv `(R : relation A) (al bl : list A) :=
+ list_setincl R al bl ∧ list_setincl R bl al.
+(* list_agrees is carefully written such that, when applied to a singleton, it is convertible to True. This makes working with agreement much more pleasant. *)
+Definition list_agrees `(R : relation A) (al : list A) :=
+ match al with
+ | [] => True
+ | [a] => True
+ | a :: al => ∀ b, b ∈ al → R a b
+ end.
+
+Lemma list_agrees_alt `(R : relation A) `{Equivalence _ R} al :
+ list_agrees R al ↔ (∀ a b, a ∈ al → b ∈ al → R a b).
+Proof.
+ destruct al as [|a [|b al]].
+ - split; last done. intros _ ? ? []%elem_of_nil.
+ - split; last done. intros _ ? ? ->%elem_of_list_singleton ->%elem_of_list_singleton. done.
+ - simpl. split.
+ + intros Hl a' b' [->|Ha']%elem_of_cons.
+ * intros [->|Hb']%elem_of_cons; first done. auto.
+ * intros [->|Hb']%elem_of_cons; first by (symmetry; auto).
+ trans a; last by auto. symmetry. auto.
+ + intros Hl b' Hb'. apply Hl; set_solver.
+Qed.
+
+Section list_theory.
+ Context `(R: relation A) `{Equivalence A R}.
+
+ Global Instance: PreOrder (list_setincl R).
+ Proof.
+ split.
+ - intros al a Ha. set_solver.
+ - intros al bl cl Hab Hbc a Ha. destruct (Hab _ Ha) as (b & Hb & Rab).
+ destruct (Hbc _ Hb) as (c & Hc & Rbc). exists c. split; first done.
+ by trans b.
+ Qed.
+
+ Global Instance: Equivalence (list_setequiv R).
+ Proof.
+ split.
+ - by split.
+ - intros ?? [??]. split; auto.
+ - intros ??? [??] [??]. split; etrans; done.
+ Qed.
+
+ Global Instance list_setincl_subrel `(R' : relation A) :
+ subrelation R R' → subrelation (list_setincl R) (list_setincl R').
+ Proof.
+ intros HRR' al bl Hab. intros a Ha. destruct (Hab _ Ha) as (b & Hb & HR).
+ exists b. split; first done. exact: HRR'.
+ Qed.
+
+ Global Instance list_setequiv_subrel `(R' : relation A) :
+ subrelation R R' → subrelation (list_setequiv R) (list_setequiv R').
+ Proof. intros HRR' ?? [??]. split; exact: list_setincl_subrel. Qed.
+
+ Global Instance list_setincl_perm : subrelation (≡ₚ) (list_setincl R).
+ Proof.
+ intros al bl Hab a Ha. exists a. split; last done.
+ by rewrite -Hab.
+ Qed.
+
+ Global Instance list_setincl_app l :
+ Proper (list_setincl R ==> list_setincl R) (app l).
+ Proof.
+ intros al bl Hab a [Ha|Ha]%elem_of_app.
+ - exists a. split; last done. apply elem_of_app. by left.
+ - destruct (Hab _ Ha) as (b & Hb & HR). exists b. split; last done.
+ apply elem_of_app. by right.
+ Qed.
+
+ Global Instance list_setequiv_app l :
+ Proper (list_setequiv R ==> list_setequiv R) (app l).
+ Proof. intros al bl [??]. split; apply list_setincl_app; done. Qed.
+
+ Global Instance: subrelation (≡ₚ) (flip (list_setincl R)).
+ Proof. intros ???. apply list_setincl_perm. done. Qed.
+
+ Global Instance list_agrees_setincl :
+ Proper (flip (list_setincl R) ==> impl) (list_agrees R).
+ Proof.
+ move=> al bl /= Hab /list_agrees_alt Hal. apply (list_agrees_alt _) => a b Ha Hb.
+ destruct (Hab _ Ha) as (a' & Ha' & HRa).
+ destruct (Hab _ Hb) as (b' & Hb' & HRb).
+ trans a'; first done. etrans; last done.
+ eapply Hal; done.
+ Qed.
+
+ Global Instance list_agrees_setequiv :
+ Proper (list_setequiv R ==> iff) (list_agrees R).
+ Proof.
+ intros ?? [??]. split; by apply: list_agrees_setincl.
+ Qed.
+
+ Lemma list_setincl_contains al bl :
+ (∀ x, x ∈ al → x ∈ bl) → list_setincl R al bl.
+ Proof. intros Hin a Ha. exists a. split; last done. naive_solver. Qed.
+
+ Lemma list_setequiv_equiv al bl :
+ (∀ x, x ∈ al ↔ x ∈ bl) → list_setequiv R al bl.
+ Proof.
+ intros Hin. split; apply list_setincl_contains; naive_solver.
+ Qed.
+
+ Lemma list_agrees_contains al bl :
+ (∀ x, x ∈ bl → x ∈ al) →
+ list_agrees R al → list_agrees R bl.
+ Proof. intros ?. by eapply (list_agrees_setincl _),list_setincl_contains. Qed.
+
+ Lemma list_agrees_equiv al bl :
+ (∀ x, x ∈ bl ↔ x ∈ al) →
+ list_agrees R al ↔ list_agrees R bl.
+ Proof. intros ?. by eapply (list_agrees_setequiv _), list_setequiv_equiv. Qed.
+
+ Lemma list_setincl_singleton a b :
+ R a b → list_setincl R [a] [b].
+ Proof.
+ intros HR c ->%elem_of_list_singleton. exists b. split; last done.
+ apply elem_of_list_singleton. done.
+ Qed.
+
+ Lemma list_setincl_singleton_rev a b :
+ list_setincl R [a] [b] → R a b.
+ Proof.
+ intros Hl. destruct (Hl a) as (? & ->%elem_of_list_singleton & HR); last done.
+ by apply elem_of_list_singleton.
+ Qed.
+
+ Lemma list_setequiv_singleton a b :
+ R a b → list_setequiv R [a] [b].
+ Proof. intros ?. split; by apply list_setincl_singleton. Qed.
+
+ Lemma list_agrees_iff_setincl al a :
+ a ∈ al → list_agrees R al ↔ list_setincl R al [a].
+ Proof.
+ intros Hin. split.
+ - move=>/list_agrees_alt Hl b Hb. exists a. split; first set_solver+. exact: Hl.
+ - intros Hl. apply (list_agrees_alt _)=> b c Hb Hc.
+ destruct (Hl _ Hb) as (? & ->%elem_of_list_singleton & ?).
+ destruct (Hl _ Hc) as (? & ->%elem_of_list_singleton & ?).
+ by trans a.
+ Qed.
+
+ Lemma list_setincl_singleton_in al a :
+ a ∈ al → list_setincl R [a] al.
+ Proof.
+ intros Hin b ->%elem_of_list_singleton. exists a. split; done.
+ Qed.
+
+ Global Instance list_setincl_ext : subrelation (Forall2 R) (list_setincl R).
+ Proof.
+ move=>al bl. induction 1.
+ - intros ? []%elem_of_nil.
+ - intros a [->|Ha]%elem_of_cons.
+ + eexists. split; first constructor. done.
+ + destruct (IHForall2 _ Ha) as (b & ? & ?).
+ exists b. split; first by constructor. done.
+ Qed.
+
+ Global Instance list_setequiv_ext : subrelation (Forall2 R) (list_setequiv R).
+ Proof.
+ move=>al bl ?. split; apply list_setincl_ext; done.
+ Qed.
+
+ Lemma list_agrees_subrel `(R' : relation A) `{Equivalence _ R'} :
+ subrelation R R' → ∀ l, list_agrees R l → list_agrees R' l.
+ Proof. move=> HR l /list_agrees_alt Hl. apply (list_agrees_alt _)=> a b Ha Hb. by apply HR, Hl. Qed.
+
+ Section fmap.
+ Context `(R' : relation B) (f : A → B) {Hf: Proper (R ==> R') f}.
+
+ Global Instance list_setincl_fmap :
+ Proper (list_setincl R ==> list_setincl R') (fmap f).
+ Proof.
+ intros al bl Hab a' (a & -> & Ha)%elem_of_list_fmap.
+ destruct (Hab _ Ha) as (b & Hb & HR). exists (f b).
+ split; first eapply elem_of_list_fmap; eauto.
+ Qed.
+
+ Global Instance list_setequiv_fmap :
+ Proper (list_setequiv R ==> list_setequiv R') (fmap f).
+ Proof. intros ?? [??]. split; apply list_setincl_fmap; done. Qed.
+
+ Lemma list_agrees_fmap `{Equivalence _ R'} al :
+ list_agrees R al → list_agrees R' (f <$> al).
+ Proof.
+ move=> /list_agrees_alt Hl. apply <-(list_agrees_alt R')=> a' b'.
+ intros (a & -> & Ha)%elem_of_list_fmap (b & -> & Hb)%elem_of_list_fmap.
+ apply Hf. exact: Hl.
+ Qed.
+
+ End fmap.
+
+End list_theory.
Section agree.
Context {A : ofeT}.
-Instance agree_validN : ValidN (agree A) := λ n x,
- agree_is_valid x n ∧ ∀ n', n' ≤ n → agree_car x n ≡{n'}≡ agree_car x n'.
-Instance agree_valid : Valid (agree A) := λ x, ∀ n, ✓{n} x.
+Definition agree_list (x : agree A) := agree_car x :: agree_with x.
-Lemma agree_valid_le n n' (x : agree A) :
- agree_is_valid x n → n' ≤ n → agree_is_valid x n'.
-Proof. induction 2; eauto using agree_valid_S. Qed.
+Instance agree_validN : ValidN (agree A) := λ n x,
+ list_agrees (dist n) (agree_list x).
+Instance agree_valid : Valid (agree A) := λ x,
+ list_agrees (equiv) (agree_list x).
-Instance agree_equiv : Equiv (agree A) := λ x y,
- (∀ n, agree_is_valid x n ↔ agree_is_valid y n) ∧
- (∀ n, agree_is_valid x n → agree_car x n ≡{n}≡ agree_car y n).
Instance agree_dist : Dist (agree A) := λ n x y,
- (∀ n', n' ≤ n → agree_is_valid x n' ↔ agree_is_valid y n') ∧
- (∀ n', n' ≤ n → agree_is_valid x n' → agree_car x n' ≡{n'}≡ agree_car y n').
+ list_setequiv (dist n) (agree_list x) (agree_list y).
+Instance agree_equiv : Equiv (agree A) := λ x y,
+ ∀ n, list_setequiv (dist n) (agree_list x) (agree_list y).
+
+Definition agree_dist_incl n (x y : agree A) :=
+ list_setincl (dist n) (agree_list x) (agree_list y).
+
Definition agree_ofe_mixin : OfeMixin (agree A).
Proof.
split.
- - intros x y; split.
- + by intros Hxy n; split; intros; apply Hxy.
- + by intros Hxy; split; intros; apply Hxy with n.
- - split.
- + by split.
- + by intros x y Hxy; split; intros; symmetry; apply Hxy; auto; apply Hxy.
- + intros x y z Hxy Hyz; split; intros n'; intros.
- * trans (agree_is_valid y n'). by apply Hxy. by apply Hyz.
- * trans (agree_car y n'). by apply Hxy. by apply Hyz, Hxy.
- - intros n x y Hxy; split; intros; apply Hxy; auto.
+ - intros x y; split; intros Hxy; done.
+ - split; rewrite /dist /agree_dist; intros ? *.
+ + reflexivity.
+ + by symmetry.
+ + intros. etrans; eassumption.
+ - intros ???. apply list_setequiv_subrel=>??. apply dist_S.
Qed.
Canonical Structure agreeC := OfeT (agree A) agree_ofe_mixin.
-Program Definition agree_compl : Compl agreeC := λ c,
- {| agree_car n := agree_car (c n) n;
- agree_is_valid n := agree_is_valid (c n) n |}.
-Next Obligation.
- intros c n ?. apply (chain_cauchy c n (S n)), agree_valid_S; auto.
-Qed.
-Global Program Instance agree_cofe : Cofe agreeC :=
- {| compl := agree_compl |}.
-Next Obligation.
- intros n c; apply and_wlog_r; intros;
- symmetry; apply (chain_cauchy c); naive_solver.
-Qed.
-
Program Instance agree_op : Op (agree A) := λ x y,
{| agree_car := agree_car x;
- agree_is_valid n := agree_is_valid x n ∧ agree_is_valid y n ∧ x ≡{n}≡ y |}.
-Next Obligation. naive_solver eauto using agree_valid_S, dist_S. Qed.
+ agree_with := agree_with x ++ agree_car y :: agree_with y |}.
Instance agree_pcore : PCore (agree A) := Some.
Instance: Comm (≡) (@op (agree A) _).
-Proof. intros x y; split; [naive_solver|by intros n (?&?&Hxy); apply Hxy]. Qed.
+Proof. intros x y n. apply: list_setequiv_equiv. set_solver. Qed.
+
Lemma agree_idemp (x : agree A) : x ⋅ x ≡ x.
-Proof. split; naive_solver. Qed.
+Proof. intros n. apply: list_setequiv_equiv. set_solver. Qed.
+
Instance: ∀ n : nat, Proper (dist n ==> impl) (@validN (agree A) _ n).
Proof.
- intros n x y Hxy [? Hx]; split; [by apply Hxy|intros n' ?].
- rewrite -(proj2 Hxy n') -1?(Hx n'); eauto using agree_valid_le.
- symmetry. by apply dist_le with n; try apply Hxy.
+ intros n x y. rewrite /dist /validN /agree_dist /agree_validN.
+ by intros ->.
Qed.
+Instance: ∀ n : nat, Proper (equiv ==> iff) (@validN (agree A) _ n).
+Proof.
+ intros n ???. assert (x ≡{n}≡ y) as Hxy by by apply equiv_dist.
+ split; rewrite Hxy; done.
+Qed.
+
Instance: ∀ x : agree A, Proper (dist n ==> dist n) (op x).
Proof.
- intros n x y1 y2 [Hy' Hy]; split; [|done].
- split; intros (?&?&Hxy); repeat (intro || split);
- try apply Hy'; eauto using agree_valid_le.
- - etrans; [apply Hxy|apply Hy]; eauto using agree_valid_le.
- - etrans; [apply Hxy|symmetry; apply Hy, Hy'];
- eauto using agree_valid_le.
+ intros n x y1 y2. rewrite /dist /agree_dist /agree_list /=.
+ rewrite !app_comm_cons. apply: list_setequiv_app.
Qed.
Instance: Proper (dist n ==> dist n ==> dist n) (@op (agree A) _).
Proof. by intros n x1 x2 Hx y1 y2 Hy; rewrite Hy !(comm _ _ y2) Hx. Qed.
Instance: Proper ((≡) ==> (≡) ==> (≡)) op := ne_proper_2 _.
Instance: Assoc (≡) (@op (agree A) _).
-Proof.
- intros x y z; split; simpl; intuition;
- repeat match goal with H : agree_is_valid _ _ |- _ => clear H end;
- by cofe_subst; rewrite !agree_idemp.
-Qed.
+Proof. intros x y z n. apply: list_setequiv_equiv. set_solver. Qed.
Lemma agree_included (x y : agree A) : x ≼ y ↔ y ≡ x ⋅ y.
Proof.
split; [|by intros ?; exists y].
by intros [z Hz]; rewrite Hz assoc agree_idemp.
Qed.
-Lemma agree_op_inv n (x1 x2 : agree A) : ✓{n} (x1 ⋅ x2) → x1 ≡{n}≡ x2.
-Proof. intros Hxy; apply Hxy. Qed.
+Lemma agree_op_inv_inclN n x1 x2 : ✓{n} (x1 ⋅ x2) → agree_dist_incl n x1 x2.
+Proof.
+ rewrite /validN /= => /list_agrees_alt Hv a /elem_of_cons Ha. exists (agree_car x2).
+ split; first by constructor. eapply Hv.
+ - simpl. destruct Ha as [->|Ha]; set_solver.
+ - simpl. set_solver+.
+Qed.
+Lemma agree_op_invN n (x1 x2 : agree A) : ✓{n} (x1 ⋅ x2) → x1 ≡{n}≡ x2.
+Proof.
+ intros Hxy. split; apply agree_op_inv_inclN; first done. by rewrite comm.
+Qed.
+
Lemma agree_valid_includedN n (x y : agree A) : ✓{n} y → x ≼{n} y → x ≡{n}≡ y.
Proof.
move=> Hval [z Hy]; move: Hval; rewrite Hy.
- by move=> /agree_op_inv->; rewrite agree_idemp.
+ by move=> /agree_op_invN->; rewrite agree_idemp.
Qed.
Definition agree_cmra_mixin : CMRAMixin (agree A).
Proof.
apply cmra_total_mixin; try apply _ || by eauto.
- - intros n x [? Hx]; split; [by apply agree_valid_S|intros n' ?].
- rewrite -(Hx n'); last auto.
- symmetry; apply dist_le with n; try apply Hx; auto.
+ - move=>x. split.
+ + move=>/list_agrees_alt Hx n. apply (list_agrees_alt _)=> a b Ha Hb.
+ apply equiv_dist, Hx; done.
+ + intros Hx. apply (list_agrees_alt _)=> a b Ha Hb.
+ apply equiv_dist=>n. eapply (list_agrees_alt _); first (by apply Hx); done.
+ - intros n x. apply (list_agrees_subrel _ _)=>??. apply dist_S.
- intros x. apply agree_idemp.
- - by intros n x y [(?&?&?) ?].
+ - intros ??? Hl. apply: list_agrees_contains Hl. set_solver.
- intros n x y1 y2 Hval Hx; exists x, x; simpl; split.
+ by rewrite agree_idemp.
- + by move: Hval; rewrite Hx; move=> /agree_op_inv->; rewrite agree_idemp.
+ + by move: Hval; rewrite Hx; move=> /agree_op_invN->; rewrite agree_idemp.
Qed.
Canonical Structure agreeR : cmraT :=
CMRAT (agree A) agree_ofe_mixin agree_cmra_mixin.
@@ -125,60 +321,114 @@ Proof. rewrite /CMRATotal; eauto. Qed.
Global Instance agree_persistent (x : agree A) : Persistent x.
Proof. by constructor. Qed.
-Program Definition to_agree (x : A) : agree A :=
- {| agree_car n := x; agree_is_valid n := True |}.
-Solve Obligations with done.
+Lemma agree_op_inv (x1 x2 : agree A) : ✓ (x1 ⋅ x2) → x1 ≡ x2.
+Proof.
+ intros ?. apply equiv_dist=>n. by apply agree_op_invN, cmra_valid_validN.
+Qed.
+
+Global Instance agree_discrete :
+ Discrete A → CMRADiscrete agreeR.
+Proof.
+ intros HD. split.
+ - intros x y Hxy n. eapply list_setequiv_subrel; last exact Hxy. clear -HD.
+ intros x y ?. apply equiv_dist, HD. done.
+ - rewrite /valid /cmra_valid /agree_valid /validN /cmra_validN /agree_validN /=.
+ move=> x. apply (list_agrees_subrel _ _). clear -HD.
+ intros x y. apply HD.
+Qed.
+
+Definition to_agree (x : A) : agree A :=
+ {| agree_car := x; agree_with := [] |}.
Global Instance to_agree_ne n : Proper (dist n ==> dist n) to_agree.
-Proof. intros x1 x2 Hx; split; naive_solver eauto using @dist_le. Qed.
+Proof.
+ intros x1 x2 Hx; rewrite /= /dist /agree_dist /=.
+ exact: list_setequiv_singleton.
+Qed.
Global Instance to_agree_proper : Proper ((≡) ==> (≡)) to_agree := ne_proper _.
-Global Instance to_agree_inj n : Inj (dist n) (dist n) (to_agree).
-Proof. by intros x y [_ Hxy]; apply Hxy. Qed.
+Global Instance to_agree_injN n : Inj (dist n) (dist n) (to_agree).
+Proof. intros a b [Hxy%list_setincl_singleton_rev _]. done. Qed.
+Global Instance to_agree_inj : Inj (≡) (≡) (to_agree).
+Proof.
+ intros a b ?. apply equiv_dist=>n. apply to_agree_injN. by apply equiv_dist.
+Qed.
Lemma to_agree_uninj n (x : agree A) : ✓{n} x → ∃ y : A, to_agree y ≡{n}≡ x.
Proof.
- intros [??]. exists (agree_car x n).
- split; naive_solver eauto using agree_valid_le.
+ intros Hl. exists (agree_car x). rewrite /dist /agree_dist /=.
+ split.
+ - apply: list_setincl_singleton_in. set_solver+.
+ - apply (list_agrees_iff_setincl _); first set_solver+. done.
+Qed.
+
+Lemma to_agree_included (a b : A) : to_agree a ≼ to_agree b ↔ a ≡ b.
+Proof.
+ split.
+ - intros (x & Heq). apply equiv_dist=>n. destruct (Heq n) as [_ Hincl].
+ (* TODO: This could become a generic lemma about list_setincl. *)
+ destruct (Hincl a) as (? & ->%elem_of_list_singleton & ?); first set_solver+.
+ done.
+ - intros Hab. rewrite Hab. eexists. symmetry. eapply agree_idemp.
+Qed.
+
+Lemma to_agree_comp_valid (a b : A) : ✓ (to_agree a ⋅ to_agree b) ↔ a ≡ b.
+Proof.
+ split.
+ - (* TODO: can this be derived from other stuff? Otherwise, should probably become sth. generic about list_agrees. *)
+ intros Hv. apply Hv; simpl; set_solver.
+ - intros ->. rewrite agree_idemp. done.
Qed.
(** Internalized properties *)
Lemma agree_equivI {M} a b : to_agree a ≡ to_agree b ⊣⊢ (a ≡ b : uPred M).
Proof.
- uPred.unseal. do 2 split. by intros [? Hv]; apply (Hv n). apply: to_agree_ne.
+ uPred.unseal. do 2 split.
+ - intros Hx. exact: to_agree_injN.
+ - intros Hx. exact: to_agree_ne.
Qed.
Lemma agree_validI {M} x y : ✓ (x ⋅ y) ⊢ (x ≡ y : uPred M).
-Proof. uPred.unseal; split=> r n _ ?; by apply: agree_op_inv. Qed.
+Proof. uPred.unseal; split=> r n _ ?; by apply: agree_op_invN. Qed.
End agree.
Arguments agreeC : clear implicits.
Arguments agreeR : clear implicits.
Program Definition agree_map {A B} (f : A → B) (x : agree A) : agree B :=
- {| agree_car n := f (agree_car x n); agree_is_valid := agree_is_valid x;
- agree_valid_S := agree_valid_S _ x |}.
+ {| agree_car := f (agree_car x); agree_with := f <$> (agree_with x) |}.
Lemma agree_map_id {A} (x : agree A) : agree_map id x = x.
-Proof. by destruct x. Qed.
+Proof. rewrite /agree_map /= list_fmap_id. by destruct x. Qed.
Lemma agree_map_compose {A B C} (f : A → B) (g : B → C) (x : agree A) :
agree_map (g ∘ f) x = agree_map g (agree_map f x).
-Proof. done. Qed.
+Proof. rewrite /agree_map /= list_fmap_compose. done. Qed.
Section agree_map.
Context {A B : ofeT} (f : A → B) `{Hf: ∀ n, Proper (dist n ==> dist n) f}.
Instance agree_map_ne n : Proper (dist n ==> dist n) (agree_map f).
- Proof. by intros x1 x2 Hx; split; simpl; intros; [apply Hx|apply Hf, Hx]. Qed.
+ Proof.
+ intros x y Hxy.
+ change (list_setequiv (dist n)(f <$> (agree_list x))(f <$> (agree_list y))).
+ eapply list_setequiv_fmap; last exact Hxy. apply _.
+ Qed.
Instance agree_map_proper : Proper ((≡) ==> (≡)) (agree_map f) := ne_proper _.
+
Lemma agree_map_ext (g : A → B) x :
(∀ x, f x ≡ g x) → agree_map f x ≡ agree_map g x.
- Proof. by intros Hfg; split; simpl; intros; rewrite ?Hfg. Qed.
+ Proof.
+ intros Hfg n. apply: list_setequiv_ext.
+ change (f <$> (agree_list x) ≡{n}≡ g <$> (agree_list x)).
+ apply list_fmap_ext_ne=>y. by apply equiv_dist.
+ Qed.
+
Global Instance agree_map_monotone : CMRAMonotone (agree_map f).
Proof.
split; first apply _.
- - by intros n x [? Hx]; split; simpl; [|by intros n' ?; rewrite Hx].
+ - intros n x. rewrite /cmra_validN /validN /= /agree_validN /= => ?.
+ change (list_agrees (dist n) (f <$> agree_list x)).
+ eapply (list_agrees_fmap _ _ _); done.
- intros x y; rewrite !agree_included=> ->.
- split; last done; split; simpl; last tauto.
- by intros (?&?&Hxy); repeat split; intros;
- try apply Hxy; try apply Hf; eauto using @agree_valid_le.
+ rewrite /equiv /agree_equiv /agree_map /agree_op /agree_list /=.
+ rewrite !fmap_app=>n. apply: list_setequiv_equiv. set_solver+.
Qed.
End agree_map.
@@ -186,8 +436,9 @@ Definition agreeC_map {A B} (f : A -n> B) : agreeC A -n> agreeC B :=
CofeMor (agree_map f : agreeC A → agreeC B).
Instance agreeC_map_ne A B n : Proper (dist n ==> dist n) (@agreeC_map A B).
Proof.
- intros f g Hfg x; split; simpl; intros; first done.
- by apply dist_le with n; try apply Hfg.
+ intros f g Hfg x. apply: list_setequiv_ext.
+ change (f <$> (agree_list x) ≡{n}≡ g <$> (agree_list x)).
+ apply list_fmap_ext_ne. done.
Qed.
Program Definition agreeRF (F : cFunctor) : rFunctor := {|