From iris.base_logic.lib Require Export invariants.From iris.proofmode Require

1. From iris.base_logic.lib Require Export invariants.
2. From iris.proofmode Require Import tactics.
3. From iris.heap_lang Require Import proofmode notation lang.
4. From iris.program_logic Require Export weakestpre atomic.
5.  
6. Section getAndSetProof.
7.  
8. Context `{heapG} (N: namespace).
9.  
10. Definition getAndSet : val :=
11. λ: "l" "v",
12. let: "p" := NewProph in
13. let: "g" := ref #() in
14. (rec: "getAndSet" "l" "v" "o" := let: "r" := Resolve (CmpXchg "l" "o" "v") "p" "g" in
15. if: Snd "r"
16. then "o"
17. else "getAndSet" "l" "v" (Fst "r"))
18. "l" "v" #0.
19.  
20. Theorem getAndSet_spec : forall (ℓ: loc) v, val_is_unboxed v ->
21. inv N (∃ v, ℓ ↦{1/2} v ∧ ⌜val_is_unboxed v⌝) -∗
22. <<< ∀ k, ℓ ↦{1/2} k >>>
23. getAndSet #ℓ v @ ⊤ ∖ ↑N
24. <<< ℓ ↦{1/2} v, RET k >>>.
25. Proof.
26. iIntros (ℓ v v_unboxed) "#HInv".
27. iIntros (Φ) "AU".
28. wp_lam.
29. wp_let.
30. wp_bind NewProph.
31. wp_apply wp_new_proph; auto.
32. iIntros (pvs p) "HProph".
33. remember #0 as o.
34. assert (val_is_unboxed o) as o_unboxed by (subst; done).
35. clear Heqo.
36. wp_let.
37. wp_bind (ref _)%E.
38. wp_alloc lg_ghost as "Hghost".
39. wp_let.
40. iLöb as "IH" forall (o pvs o_unboxed).
41. wp_pures.
42. wp_bind (Resolve _ _ _)%E.
43. iInv N as "Hℓ" "HClose".
44. iDestruct "Hℓ" as (trueVal) ">[Hℓ %]".
45. destruct pvs.
46. - iMod "AU" as (k) "[HAU [_ HCloseAU]]".
47. iDestruct (mapsto_combine with "HAU Hℓ") as "[Hℓ <-]".
48. replace (1 / 2 + 1 / 2)%Qp with 1%Qp by (rewrite Qp_half_half; done).
49. destruct (decide (o = k)); subst.
50. * wp_apply (wp_resolve_cmpxchg_suc with "[HProph Hℓ]"); auto.
51. + left; done.
52. + iFrame.
53. + iIntros "Hpvs'".
54. iDestruct "Hpvs'" as (pvs') "[% _]".
55. discriminate.
56. * wp_apply (wp_resolve_cmpxchg_fail with "[HProph Hℓ]"); eauto with iFrame.
57. + right; done.
58. + iIntros "Hpvs'". iDestruct "Hpvs'" as (pvs') "[% _]".
59. discriminate.
60. - destruct (decide (p0 = ((o, #true)%V, #lg_ghost))).
61. * subst.
62. iMod "AU" as (k) "[HAU [_ HCloseAU]]".
63. iDestruct (mapsto_combine with "HAU Hℓ") as "[Hℓ <-]".
64. replace (1 / 2 + 1 / 2)%Qp with 1%Qp by (rewrite Qp_half_half; done).
65. destruct (decide (o = k)); subst.
66. 2: {
67. wp_apply (wp_resolve_cmpxchg_fail with "[HProph Hℓ]"); eauto with iFrame.
68. + right; done.
69. + iIntros "Hpvs'". iDestruct "Hpvs'" as (pvs') "[% _]".
70. discriminate.
71. }
72. wp_apply (wp_resolve_cmpxchg_suc with "[HProph Hℓ]"); eauto with iFrame.
73. { right; done. }
74. iIntros "Hpvs'". iDestruct "Hpvs'" as (pvs') "[% [HProph Hℓ]]".
75. replace (ℓ ↦ v)%I with (ℓ ↦{1/2 + 1/2} v)%I by (rewrite Qp_half_half; done).
76. inversion H1; subst. clear H1.
77. iDestruct "Hℓ" as "[Hℓ1 Hℓ2]".
78. iMod ("HCloseAU" with "Hℓ1") as "HΦ".
79. iModIntro.
80. iMod ("HClose" with "[Hℓ2]") as "_"; first by (eauto with iFrame).
81. iModIntro.
82. wp_pures.
83. auto.
84. * destruct (decide (o = trueVal)).
85. {
86. iMod "AU" as (k) "[HAU [_ HCloseAU]]".
87. iDestruct (mapsto_combine with "HAU Hℓ") as "[Hℓ <-]".
88. replace (1 / 2 + 1 / 2)%Qp with 1%Qp by (rewrite Qp_half_half; done).
89. wp_apply (wp_resolve_cmpxchg_suc with "[HProph Hℓ]"); eauto with iFrame.
90. { right; done. }
91. { subst; iFrame. }
92. iIntros "Hpvs'". iDestruct "Hpvs'" as (pvs') "[% [HProph Hℓ]]".
93. inversion H1.
94. subst.
95. contradiction.
96. }
97. wp_apply (wp_resolve_cmpxchg_fail with "[HProph Hℓ]"); eauto with iFrame.
98. { right; done. }
99. iIntros "Hpvs'". iDestruct "Hpvs'" as (pvs') "[% [HProph Hℓ]]".
100. iMod ("HClose" with "[Hℓ]") as "_"; first by auto.
101. iModIntro.
102. wp_let.
103. wp_proj.
104. wp_if.
105. wp_proj.
106. iSpecialize ("IH" $! trueVal pvs' H0).
107. clear.
108. iSpecialize ("IH" with "AU HProph Hghost").
109. (* ???? *)
110. Abort.
111.  
112. End getAndSetProof.