Skip to content
GitLab
Explore
Sign in
Primary navigation
Search or go to…
Project
A
Actris
Manage
Activity
Members
Labels
Plan
Issues
Issue boards
Milestones
Wiki
Code
Merge requests
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Snippets
Build
Pipelines
Jobs
Pipeline schedules
Artifacts
Deploy
Releases
Package Registry
Model registry
Operate
Environments
Terraform modules
Monitor
Incidents
Service Desk
Analyze
Value stream analytics
Contributor analytics
CI/CD analytics
Repository analytics
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
Community forum
Contribute to GitLab
Provide feedback
Terms and privacy
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
Dan Frumin
Actris
Commits
1e74dc55
Commit
1e74dc55
authored
4 years ago
by
Jonas Kastberg
Browse files
Options
Downloads
Patches
Plain Diff
Divided the double example into two parts
parent
c1f49f5f
No related branches found
Branches containing commit
No related tags found
No related merge requests found
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
theories/logrel/examples/double.v
+37
-12
37 additions, 12 deletions
theories/logrel/examples/double.v
with
37 additions
and
12 deletions
theories/logrel/examples/double.v
+
37
−
12
View file @
1e74dc55
(** This file contains
a
proof that the program
(** This file contains
two
proof
s
that the program
λ c, (recv c ||| recv c)
...
...
@@ -8,7 +8,11 @@ can be assigned the semantic type
This cannot be shown directly using the semantic typing rules, and therefore
manual proof is used to show that the program is semantically well-typed. This
demonstrates the extensibility of the type system. *)
demonstrates the extensibility of the type system.
The first proof uses a bare minimum weakest precondition for the program,
while the second proof uses a weakest precondition for full functional correctness.
*)
From
iris
.
algebra
Require
Import
frac
auth
excl
updates
.
From
iris
.
heap_lang
.
lib
Require
Export
par
spin_lock
.
From
actris
.
channel
Require
Import
proofmode
.
...
...
@@ -32,7 +36,6 @@ Definition prog : val := λ: "c",
Section
double
.
Context
`{
heapG
Σ
,
chanG
Σ
,
spawnG
Σ
}
.
Context
`{
!
inG
Σ
fracR
}
.
Context
`{
!
inG
Σ
(
exclR
unitO
),
inG
Σ
(
prodR
fracR
(
agreeR
(
optionO
valO
)))}
.
Definition
prog_prot
:
iProto
Σ
:=
(
<
?
(
x
:
Z
)
>
MSG
#
x
;
<
?
(
y
:
Z
)
>
MSG
#
y
;
END
)
%
proto
.
...
...
@@ -97,12 +100,33 @@ Section double.
-
iIntros
(??
[[
x1
->
]
[
x2
->
]])
"!>"
.
wp_pures
.
by
iApply
"HΦ"
.
Qed
.
Definition
prog_prot_fp
(
P
:
val
→
val
→
iProp
Σ
)
:
iProto
Σ
:=
Lemma
prog_typed
:
⊢
[]
⊨
prog
:
chan
(
<
??
>
TY
lty_int
;
<
??
>
TY
lty_int
;
END
)
⊸
lty_int
*
lty_int
.
Proof
.
iIntros
(
vs
)
"!> HΓ /="
.
iApply
wp_value
.
iFrame
"HΓ"
.
iIntros
(
c
)
"Hc"
.
iApply
(
wp_prog
with
"[Hc]"
)
.
{
iApply
(
iProto_mapsto_le
_
(
lsty_car
(
<
??
>
TY
lty_int
;
<
??
>
TY
lty_int
;
END
))
with
"Hc"
)
.
iIntros
"!> !>"
(
v1
)
.
iDestruct
1
as
%
[
x1
->
]
.
iExists
x1
.
iIntros
"!>"
(
v2
)
.
iDestruct
1
as
%
[
x2
->
]
.
iExists
x2
.
auto
.
}
iIntros
"!>"
(
k1
k2
_)
.
iExists
_,
_
.
iSplit
;
first
done
.
eauto
.
Qed
.
End
double
.
Section
double_fc
.
Context
`{
heapG
Σ
,
chanG
Σ
,
spawnG
Σ
}
.
Context
`{
!
inG
Σ
(
exclR
unitO
),
inG
Σ
(
prodR
fracR
(
agreeR
(
optionO
valO
)))}
.
Definition
prog_prot_fc
(
P
:
val
→
val
→
iProp
Σ
)
:
iProto
Σ
:=
(
<
?
(
v1
:
val
)
>
MSG
v1
;
<
?
(
v2
:
val
)
>
MSG
v2
{{
P
v1
v2
}};
END
)
%
proto
.
Definition
chan_inv_f
p
(
γ
γ1
γ2
:
gname
)
(
P
:
val
→
val
→
iProp
Σ
)
(
c
:
val
)
:
Definition
chan_inv_f
c
(
γ
γ1
γ2
:
gname
)
(
P
:
val
→
val
→
iProp
Σ
)
(
c
:
val
)
:
iProp
Σ
:=
(
own
γ
(
Excl
())
∗
c
↣
prog_prot_f
p
P
∨
(
own
γ
(
Excl
())
∗
c
↣
prog_prot_f
c
P
∨
(
∃
b
v1
,
own
(
if
b
:
bool
then
γ1
else
γ2
)
(
3
/
4
,
to_agree
(
Some
v1
))
%
Qp
∗
c
↣
<
?
(
v2
:
val
)
>
MSG
v2
{{
P
v1
v2
}};
END
)
∨
...
...
@@ -110,8 +134,8 @@ Section double.
own
γ1
(
1
/
4
,
to_agree
(
Some
v1
))
%
Qp
∗
own
γ2
(
1
/
4
,
to_agree
(
Some
v2
))
%
Qp
))
%
I
.
Lemma
wp_prog_f
p
P
c
:
{{{
▷
c
↣
prog_prot_f
p
P
}}}
Lemma
wp_prog_f
c
P
c
:
{{{
▷
c
↣
prog_prot_f
c
P
}}}
prog
c
{{{
v1
v2
,
RET
(
v1
,
v2
);
P
v1
v2
∨
P
v2
v1
}}}
.
Proof
.
...
...
@@ -120,7 +144,7 @@ Section double.
iMod
(
own_alloc
(
1
,
to_agree
None
)
%
Qp
)
as
(
γ1
)
"Hγ1"
;
[
done
|]
.
iMod
(
own_alloc
(
1
,
to_agree
None
)
%
Qp
)
as
(
γ2
)
"Hγ2"
;
[
done
|]
.
(* Create lock *)
wp_apply
(
newlock_spec
(
chan_inv_f
p
γ
γ1
γ2
P
c
)
with
"[Hγ Hc]"
)
.
wp_apply
(
newlock_spec
(
chan_inv_f
c
γ
γ1
γ2
P
c
)
with
"[Hγ Hc]"
)
.
{
iLeft
.
by
iFrame
.
}
iIntros
(
lk
γlk
)
"#Hlock"
.
wp_pures
.
(* Fork into two threads *)
...
...
@@ -187,13 +211,13 @@ Section double.
by
iDestruct
(
own_valid_2
with
"H1 H2"
)
as
%
[]
.
Qed
.
Lemma
prog_typed
:
Lemma
prog_typed
_fc
:
⊢
[]
⊨
prog
:
chan
(
<
??
>
TY
lty_int
;
<
??
>
TY
lty_int
;
END
)
⊸
lty_int
*
lty_int
.
Proof
.
iIntros
(
vs
)
"!> HΓ /="
.
iApply
wp_value
.
iSplitL
;
last
by
iApply
env_ltyped_nil
.
iIntros
(
c
)
"Hc"
.
iApply
(
wp_prog_f
p
(
λ
v1
v2
,
ltty_car
lty_int
v1
∗
ltty_car
lty_int
v2
)
%
I
with
"[Hc]"
)
.
iApply
(
wp_prog_f
c
(
λ
v1
v2
,
ltty_car
lty_int
v1
∗
ltty_car
lty_int
v2
)
%
I
with
"[Hc]"
)
.
{
iApply
(
iProto_mapsto_le
_
(
lsty_car
(
<
??
>
TY
lty_int
;
<
??
>
TY
lty_int
;
END
))
with
"Hc"
)
.
iIntros
"!> !>"
(
v1
)
.
iDestruct
1
as
%
[
x1
->
]
.
iExists
#
x1
.
iIntros
"!>"
(
v2
)
.
iDestruct
1
as
%
[
x2
->
]
.
iExists
#
x2
.
iSplitL
;
last
done
.
...
...
@@ -201,4 +225,5 @@ Section double.
iIntros
"!>"
(
v1
v2
[[[
k1
->
]
[
k2
->
]]|[[
k1
->
]
[
k2
->
]]]);
iExists
_,
_;
iSplit
;
by
eauto
.
Qed
.
End
double
.
End
double_fc
.
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment
