Skip to content
GitLab
Explore
Sign in
Primary navigation
Search or go to…
Project
Iris
Manage
Activity
Members
Labels
Plan
Issues
Issue boards
Milestones
Wiki
Code
Merge requests
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Build
Pipelines
Jobs
Pipeline schedules
Artifacts
Deploy
Releases
Package Registry
Model registry
Operate
Environments
Terraform modules
Monitor
Incidents
Service Desk
Analyze
Value stream analytics
Contributor analytics
CI/CD analytics
Repository analytics
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
Community forum
Contribute to GitLab
Provide feedback
Terms and privacy
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
Ike Mulder
Iris
Commits
4a088c11
Commit
4a088c11
authored
9 years ago
by
Ralf Jung
Browse files
Options
Downloads
Patches
Plain Diff
seal auth_own
parent
2074187f
No related branches found
Branches containing commit
No related tags found
Tags containing commit
No related merge requests found
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
program_logic/auth.v
+29
-17
29 additions, 17 deletions
program_logic/auth.v
with
29 additions
and
17 deletions
program_logic/auth.v
+
29
−
17
View file @
4a088c11
...
...
@@ -14,16 +14,25 @@ Instance authGF_inGF (A : cmraT) `{inGF Λ Σ (authGF A)}
`{
CMRAIdentity
A
,
∀
a
:
A
,
Timeless
a
}
:
authG
Λ
Σ
A
.
Proof
.
split
;
try
apply
_
.
apply
:
inGF_inG
.
Qed
.
Section
definitions
.
Context
`{
authG
Λ
Σ
A
}
(
γ
:
gname
)
.
(* TODO: Once we switched to RAs, it is no longer necessary to remember that a
Definition
auth_own_def
`{
authG
Λ
Σ
A
}
(
γ
:
gname
)
(
a
:
A
)
:
iPropG
Λ
Σ
:=
own
γ
(
◯
a
)
.
(* Perform sealing *)
Module
Type
AuthOwnSig
.
Parameter
auth_own
:
∀
`{
authG
Λ
Σ
A
}
(
γ
:
gname
)
(
a
:
A
),
iPropG
Λ
Σ
.
Axiom
auth_own_eq
:
@
auth_own
=
@
auth_own_def
.
End
AuthOwnSig
.
Module
Export
AuthOwn
:
AuthOwnSig
.
Definition
auth_own
:=
@
auth_own_def
.
Definition
auth_own_eq
:=
Logic
.
eq_refl
(
@
auth_own
)
.
End
AuthOwn
.
(* TODO: Once we switched to RAs, it is no longer necessary to remember that a
is constantly valid. *)
Definition
auth_inv
(
φ
:
A
→
iPropG
Λ
Σ
)
:
iPropG
Λ
Σ
:=
(
∃
a
,
(
■
✓
a
∧
own
γ
(
●
a
))
★
φ
a
)
%
I
.
Definition
auth_own
(
a
:
A
)
:
iPropG
Λ
Σ
:=
own
γ
(
◯
a
)
.
Definition
auth_ctx
(
N
:
namespace
)
(
φ
:
A
→
iPropG
Λ
Σ
)
:
iPropG
Λ
Σ
:=
inv
N
(
auth_inv
φ
)
.
End
definitions
.
Definition
auth_inv
`{
authG
Λ
Σ
A
}
(
γ
:
gname
)
(
φ
:
A
→
iPropG
Λ
Σ
)
:
iPropG
Λ
Σ
:=
(
∃
a
,
(
■
✓
a
∧
own
γ
(
●
a
))
★
φ
a
)
%
I
.
Definition
auth_ctx
`{
authG
Λ
Σ
A
}
(
γ
:
gname
)
(
N
:
namespace
)
(
φ
:
A
→
iPropG
Λ
Σ
)
:
iPropG
Λ
Σ
:=
inv
N
(
auth_inv
γ
φ
)
.
Instance
:
Params
(
@
auth_inv
)
6
.
Instance
:
Params
(
@
auth_own
)
6
.
Instance
:
Params
(
@
auth_ctx
)
7
.
...
...
@@ -37,14 +46,17 @@ Section auth.
Implicit
Types
γ
:
gname
.
Global
Instance
auth_own_ne
n
γ
:
Proper
(
dist
n
==>
dist
n
)
(
auth_own
γ
)
.
Proof
.
by
rewrite
/
auth_own
=>
a
b
->
.
Qed
.
Proof
.
by
rewrite
auth_own_eq
/
auth_own
_def
=>
a
b
->
.
Qed
.
Global
Instance
auth_own_proper
γ
:
Proper
((
≡
)
==>
(
≡
))
(
auth_own
γ
)
.
Proof
.
by
rewrite
/
auth_own
=>
a
b
->
.
Qed
.
Proof
.
by
rewrite
auth_own_eq
/
auth_own_def
=>
a
b
->
.
Qed
.
Global
Instance
auth_own_timeless
γ
a
:
TimelessP
(
auth_own
γ
a
)
.
Proof
.
rewrite
auth_own_eq
.
apply
_
.
Qed
.
Lemma
auth_own_op
γ
a
b
:
auth_own
γ
(
a
⋅
b
)
≡
(
auth_own
γ
a
★
auth_own
γ
b
)
%
I
.
Proof
.
by
rewrite
/
auth_own
-
own_op
auth_frag_op
.
Qed
.
Proof
.
by
rewrite
auth_own_eq
/
auth_own
_def
-
own_op
auth_frag_op
.
Qed
.
Lemma
auth_own_valid
γ
a
:
auth_own
γ
a
⊑
✓
a
.
Proof
.
by
rewrite
/
auth_own
own_valid
auth_validI
.
Qed
.
Proof
.
by
rewrite
auth_own_eq
/
auth_own
_def
own_valid
auth_validI
.
Qed
.
Lemma
auth_alloc
E
N
a
:
✓
a
→
nclose
N
⊆
E
→
...
...
@@ -57,13 +69,13 @@ Section auth.
trans
(
▷
auth_inv
γ
φ
★
auth_own
γ
a
)
%
I
.
{
rewrite
/
auth_inv
-
(
exist_intro
a
)
later_sep
.
rewrite
const_equiv
//
left_id
.
ecancel
[
▷
φ
_]
%
I
.
by
rewrite
-
later_intro
/
auth_own
-
own_op
auth_both_op
.
}
by
rewrite
-
later_intro
auth_own
_eq
-
own_op
auth_both_op
.
}
rewrite
(
inv_alloc
N
)
/
auth_ctx
pvs_frame_r
.
apply
pvs_mono
.
by
rewrite
always_and_sep_l
.
Qed
.
Lemma
auth_empty
γ
E
:
True
⊑
(|
=
{
E
}=>
auth_own
γ
∅
)
.
Proof
.
by
rewrite
/
auth_own
-
own_update_empty
.
Qed
.
Proof
.
by
rewrite
auth_own
_eq
-
own_update_empty
.
Qed
.
Lemma
auth_opened
E
γ
a
:
(
▷
auth_inv
γ
φ
★
auth_own
γ
a
)
...
...
@@ -72,7 +84,7 @@ Section auth.
rewrite
/
auth_inv
.
rewrite
later_exist
sep_exist_r
.
apply
exist_elim
=>
b
.
rewrite
later_sep
[(
▷
(_
∧
_))
%
I
]
pvs_timeless
!
pvs_frame_r
.
apply
pvs_mono
.
rewrite
always_and_sep_l
-!
assoc
.
apply
const_elim_sep_l
=>
Hv
.
rewrite
/
auth_own
[(
▷
φ
_
★
_)
%
I
]
comm
assoc
-
own_op
.
rewrite
auth_own
_eq
[(
▷
φ
_
★
_)
%
I
]
comm
assoc
-
own_op
.
rewrite
own_valid_r
auth_validI
/=
and_elim_l
sep_exist_l
sep_exist_r
/=.
apply
exist_elim
=>
a'
.
rewrite
left_id
-
(
exist_intro
a'
)
.
...
...
@@ -88,7 +100,7 @@ Section auth.
(
▷
φ
(
L
a
⋅
a'
)
★
own
γ
(
●
(
a
⋅
a'
)
⋅
◯
a
))
⊑
(|
=
{
E
}=>
▷
auth_inv
γ
φ
★
auth_own
γ
(
L
a
))
.
Proof
.
intros
HL
Hv
.
rewrite
/
auth_inv
/
auth_own
-
(
exist_intro
(
L
a
⋅
a'
))
.
intros
HL
Hv
.
rewrite
/
auth_inv
auth_own
_eq
-
(
exist_intro
(
L
a
⋅
a'
))
.
(* TODO it would be really nice to use cancel here *)
rewrite
later_sep
[(_
★
▷
φ
_)
%
I
]
comm
-
assoc
.
rewrite
-
pvs_frame_l
.
apply
sep_mono
;
first
done
.
...
...
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment