Module permission_bits_refine
Require Export permission_bits bits_refine.
Instance pbit_refine `{
Env K} :
Refine K (
env K) (
pbit K) := λ Γ α
f Δ1 Δ2 γ
b1 γ
b2,
tagged_tag γ
b1 ⊑{Γ,α,
f@Δ1↦Δ2}
tagged_tag γ
b2 ∧
tagged_perm γ
b1 =
tagged_perm γ
b2 ∧
sep_valid γ
b1 ∧
sep_valid γ
b2.
Section permission_bits.
Context `{
EnvSpec K}.
Implicit Types Γ :
env K.
Implicit Types Δ :
memenv K.
Implicit Types α :
bool.
Implicit Types b :
bit K.
Implicit Types bs :
list (
bit K).
Implicit Types γ :
perm.
Implicit Types γ
s :
list perm.
Implicit Types γ
b :
pbit K.
Implicit Types γ
bs :
list (
pbit K).
Lemma pbit_refine_valid_l Γ α
f Δ1 Δ2 γ
b1 γ
b2 :
✓ Γ → γ
b1 ⊑{Γ,α,
f@Δ1↦Δ2} γ
b2 → ✓{Γ,Δ1} γ
b1.
Proof.
destruct γb1, γb2; intros ? (?&?&?&?); split;
naive_solver eauto using bit_refine_valid_l.
Qed.
Lemma pbits_refine_valid_l Γ α
f Δ1 Δ2 γ
bs1 γ
bs2 :
✓ Γ → γ
bs1 ⊑{Γ,α,
f@Δ1↦Δ2}* γ
bs2 → ✓{Γ,Δ1}* γ
bs1.
Proof.
induction 2; eauto using pbit_refine_valid_l. Qed.
Lemma pbit_refine_valid_r Γ α
f Δ1 Δ2 γ
b1 γ
b2 :
✓ Γ → γ
b1 ⊑{Γ,α,
f@Δ1↦Δ2} γ
b2 → ✓{Γ,Δ2} γ
b2.
Proof.
destruct γb1, γb2; intros ? (?&?&?&?); split;
naive_solver eauto using bit_refine_valid_r.
Qed.
Lemma pbits_refine_valid_r Γ α
f Δ1 Δ2 γ
bs1 γ
bs2 :
✓ Γ → γ
bs1 ⊑{Γ,α,
f@Δ1↦Δ2}* γ
bs2 → ✓{Γ,Δ2}* γ
bs2.
Proof.
induction 2; eauto using pbit_refine_valid_r. Qed.
Lemma pbit_refine_id Γ α Δ γ
b : ✓{Γ,Δ} γ
b → γ
b ⊑{Γ,α@Δ} γ
b.
Proof.
intros (?&?&?); repeat split; eauto using bit_refine_id. Qed.
Lemma pbits_refine_id Γ α Δ γ
bs : ✓{Γ,Δ}* γ
bs → γ
bs ⊑{Γ,α@Δ}* γ
bs.
Proof.
induction 1; eauto using pbit_refine_id. Qed.
Lemma pbit_refine_compose Γ α1 α2
f1 f2 Δ1 Δ2 Δ3 γ
b1 γ
b2 γ
b3 :
✓ Γ → γ
b1 ⊑{Γ,α1,
f1@Δ1↦Δ2} γ
b2 → γ
b2 ⊑{Γ,α2,
f2@Δ2↦Δ3} γ
b3 →
γ
b1 ⊑{Γ,α1||α2,
f2 ◎
f1@Δ1↦Δ3} γ
b3.
Proof.
destruct γb1, γb2, γb3; intros ? (?&?&?) (?&?&?); split;
naive_solver eauto using bit_refine_compose.
Qed.
Lemma pbits_refine_compose Γ α1 α2
f1 f2 Δ1 Δ2 Δ3 γ
bs1 γ
bs2 γ
bs3 :
✓ Γ → γ
bs1 ⊑{Γ,α1,
f1@Δ1↦Δ2}* γ
bs2 → γ
bs2 ⊑{Γ,α2,
f2@Δ2↦Δ3}* γ
bs3 →
γ
bs1 ⊑{Γ,α1||α2,
f2 ◎
f1@Δ1↦Δ3}* γ
bs3.
Proof.
intros ? Hγbs. revert γbs3. induction Hγbs; intros;
decompose_Forall_hyps; eauto using pbit_refine_compose.
Qed.
Lemma pbit_refine_inverse Γ
f Δ1 Δ2 γ
b1 γ
b2 :
γ
b1 ⊑{Γ,
false,
f@Δ1↦Δ2} γ
b2 → γ
b2 ⊑{Γ,
false,
meminj_inverse f@Δ2↦Δ1} γ
b1.
Proof.
intros (?&?&?&?); split; eauto using bit_refine_inverse. Qed.
Lemma pbits_refine_inverse Γ
f Δ1 Δ2 γ
bs1 γ
bs2 :
γ
bs1 ⊑{Γ,
false,
f@Δ1↦Δ2}* γ
bs2 →
γ
bs2 ⊑{Γ,
false,
meminj_inverse f@Δ2↦Δ1}* γ
bs1.
Proof.
induction 1; eauto using pbit_refine_inverse. Qed.
Lemma pbit_refine_weaken Γ Γ' α α'
f f' Δ1 Δ2 Δ1' Δ2' γ
b1 γ
b2 :
✓ Γ → γ
b1 ⊑{Γ,α,
f@Δ1↦Δ2} γ
b2 → Γ ⊆ Γ' → (α → α') →
Δ1' ⊑{Γ',α',
f'} Δ2' → Δ1 ⇒ₘ Δ1' →
Δ2 ⇒ₘ Δ2' →
meminj_extend f f' Δ1 Δ2 → γ
b1 ⊑{Γ',α',
f'@Δ1'↦Δ2'} γ
b2.
Proof.
intros ? (?&?&[]&[]); repeat split; eauto using bit_refine_weaken. Qed.
Lemma pbits_refine_perm Γ α
f Δ1 Δ2 γ
bs1 γ
bs2 :
γ
bs1 ⊑{Γ,α,
f@Δ1↦Δ2}* γ
bs2 →
tagged_perm <$> γ
bs1 =
tagged_perm <$> γ
bs2.
Proof.
induction 1 as [|???? (?&?&?&?)]; f_equal'; auto. Qed.
Lemma pbits_refine_perm_1 Γ α
f Δ1 Δ2 γ γ
bs1 γ
bs2 :
γ
bs1 ⊑{Γ,α,
f@Δ1↦Δ2}* γ
bs2 →
Forall (λ γ
b,
tagged_perm γ
b = γ) γ
bs1 →
Forall (λ γ
b,
tagged_perm γ
b = γ) γ
bs2.
Proof.
induction 1 as [|[??] [??] ?? (?&?&?&?)]; intros;
decompose_Forall_hyps; constructor; auto.
Qed.
Lemma pbit_refine_unmapped Γ α
f Δ1 Δ2 γ
b1 γ
b2 :
sep_unmapped γ
b1 → γ
b1 ⊑{Γ,α,
f@Δ1↦Δ2} γ
b2 →
sep_unmapped γ
b2.
Proof.
destruct γb1, γb2; intros [??] (?&?&[??]&[??]); split; naive_solver. Qed.
Lemma pbits_refine_unmapped Γ α
f Δ1 Δ2 γ
bs1 γ
bs2 :
Forall sep_unmapped γ
bs1 → γ
bs1 ⊑{Γ,α,
f@Δ1↦Δ2}* γ
bs2 →
Forall sep_unmapped γ
bs2.
Proof.
induction 2; decompose_Forall_hyps; eauto using pbit_refine_unmapped.
Qed.
Lemma pbit_refine_mapped Γ α
f Δ1 Δ2 γ
b1 γ
b2 :
sep_unmapped γ
b2 → γ
b1 ⊑{Γ,α,
f@Δ1↦Δ2} γ
b2 →
sep_unmapped γ
b1.
Proof.
intros [??] (?&?&[??]&[??]); split; eauto with congruence. Qed.
Lemma pbits_refine_mapped Γ α
f Δ1 Δ2 γ
bs1 γ
bs2 :
Forall sep_unmapped γ
bs2 → γ
bs1 ⊑{Γ,α,
f@Δ1↦Δ2}* γ
bs2 →
Forall sep_unmapped γ
bs1.
Proof.
induction 2; decompose_Forall_hyps;
eauto using pbit_refine_mapped.
Qed.
Lemma pbit_refine_unshared Γ α
f Δ1 Δ2 γ
b1 γ
b2 :
sep_unshared γ
b1 → γ
b1 ⊑{Γ,α,
f@Δ1↦Δ2} γ
b2 →
sep_unshared γ
b2.
Proof.
destruct γb1, γb2; intros ? (?&?&[??]&[??]); naive_solver. Qed.
Lemma pbits_refine_unshared Γ α
f Δ1 Δ2 γ
bs1 γ
bs2 :
Forall sep_unshared γ
bs1 →
γ
bs1 ⊑{Γ,α,
f@Δ1↦Δ2}* γ
bs2 →
Forall sep_unshared γ
bs2.
Proof.
induction 2;decompose_Forall_hyps; eauto using pbit_refine_unshared. Qed.
Lemma pbit_refine_shared Γ α
f Δ1 Δ2 γ
b1 γ
b2 :
sep_unshared γ
b2 → γ
b1 ⊑{Γ,α,
f@Δ1↦Δ2} γ
b2 →
sep_unshared γ
b1.
Proof.
destruct γb1, γb2; intros ? (?&?&[??]&[??]); naive_solver. Qed.
Lemma pbits_refine_shared Γ α
f Δ1 Δ2 γ
bs1 γ
bs2 :
Forall sep_unshared γ
bs2 → γ
bs1 ⊑{Γ,α,
f@Δ1↦Δ2}* γ
bs2 →
Forall sep_unshared γ
bs1.
Proof.
induction 2; decompose_Forall_hyps; eauto using pbit_refine_shared. Qed.
Lemma pbit_empty_refine Γ α
f Δ1 Δ2 : (∅ :
pbit K) ⊑{Γ,α,
f@Δ1↦Δ2} ∅.
Proof.
repeat split; simpl; auto using BIndet_BIndet_refine, sep_empty_valid.
Qed.
Lemma PBit_refine Γ α
f Δ1 Δ2 γ
b1 b2 :
sep_valid γ → ¬
sep_unmapped γ →
b1 ⊑{Γ,α,
f@Δ1↦Δ2}
b2 →
PBit γ
b1 ⊑{Γ,α,
f@Δ1↦Δ2}
PBit γ
b2.
Proof.
repeat split; naive_solver eauto using BBit_refine. Qed.
Lemma PBits_refine Γ α
f Δ1 Δ2 γ
s bs1 bs2 :
Forall sep_valid γ
s →
Forall (
not ∘
sep_unmapped) γ
s →
bs1 ⊑{Γ,α,
f@Δ1↦Δ2}*
bs2 →
zip_with PBit γ
s bs1 ⊑{Γ,α,
f@Δ1↦Δ2}*
zip_with PBit γ
s bs2.
Proof.
intros Hγs Hγs' Hbs. revert γs Hγs Hγs'. induction Hbs; intros ? [|????] ?;
decompose_Forall_hyps; eauto using PBit_refine.
Qed.
Lemma PBit_BIndet_refine Γ α
f Δ1 Δ2 γ :
sep_valid γ →
PBit γ
BIndet ⊑{Γ,α,
f@Δ1↦Δ2}
PBit γ
BIndet.
Proof.
repeat split; auto using BIndet_BIndet_refine. Qed.
Lemma PBits_BIndet_refine Γ α
f Δ1 Δ2 γ
s :
Forall sep_valid γ
s →
flip PBit BIndet <$> γ
s ⊑{Γ,α,
f@Δ1↦Δ2}*
flip PBit BIndet <$> γ
s.
Proof.
induction 1; csimpl; auto using PBit_BIndet_refine. Qed.
Lemma PBit_BIndet_refine_l Γ Δ γ
b :
✓{Γ,Δ} γ
b →
PBit (
tagged_perm γ
b)
BIndet ⊑{Γ,
true@Δ} γ
b.
Proof.
intros (?&?&?); repeat split; naive_solver eauto using BIndet_refine.
Qed.
Lemma PBits_BIndet_refine_l Γ Δ γ
bs :
✓{Γ,Δ}* γ
bs →
flip PBit BIndet <$>
tagged_perm <$> γ
bs ⊑{Γ,
true@Δ}* γ
bs.
Proof.
induction 1; csimpl; eauto using PBit_BIndet_refine_l. Qed.
Lemma pbit_tag_refine Γ α
f Δ1 Δ2 γ
b1 γ
b2 :
γ
b1 ⊑{Γ,α,
f@Δ1↦Δ2} γ
b2 →
tagged_tag γ
b1 ⊑{Γ,α,
f@Δ1↦Δ2}
tagged_tag γ
b2.
Proof.
by intros []. Qed.
Lemma pbits_tag_refine Γ α
f Δ1 Δ2 γ
bs1 γ
bs2 :
γ
bs1 ⊑{Γ,α,
f@Δ1↦Δ2}* γ
bs2 →
tagged_tag <$> γ
bs1 ⊑{Γ,α,
f@Δ1↦Δ2}*
tagged_tag <$> γ
bs2.
Proof.
induction 1; constructor; auto using pbit_tag_refine. Qed.
Lemma pbit_unlock_refine Γ α
f Δ1 Δ2 γ
b1 γ
b2 :
γ
b1 ⊑{Γ,α,
f@Δ1↦Δ2} γ
b2 →
pbit_unlock γ
b1 ⊑{Γ,α,
f@Δ1↦Δ2}
pbit_unlock γ
b2.
Proof.
destruct γb1, γb2; intros (?&?&[??]&[??]); repeat split;
try naive_solver eauto using perm_unlock_valid, perm_unlock_mapped.
Qed.
Lemma pbit_lock_refine Γ α
f Δ1 Δ2 γ
b1 γ
b2 :
Some Writable ⊆
pbit_kind γ
b1 →
γ
b1 ⊑{Γ,α,
f@Δ1↦Δ2} γ
b2 →
pbit_lock γ
b1 ⊑{Γ,α,
f@Δ1↦Δ2}
pbit_lock γ
b2.
Proof.
destruct γb1, γb2; intros ? (?&?&[??]&[??]); repeat split;
try naive_solver eauto using perm_lock_mapped, perm_lock_valid.
Qed.
Lemma pbits_lock_refine Γ α
f Δ1 Δ2 γ
bs1 γ
bs2 :
Forall (λ γ
b,
Some Writable ⊆
pbit_kind γ
b) γ
bs1 →
γ
bs1 ⊑{Γ,α,
f@Δ1↦Δ2}* γ
bs2 →
pbit_lock <$> γ
bs1 ⊑{Γ,α,
f@Δ1↦Δ2}*
pbit_lock <$> γ
bs2.
Proof.
induction 2; decompose_Forall_hyps; auto using pbit_lock_refine. Qed.
Lemma pbit_indetify_refine Γ α
f Δ1 Δ2 γ
b1 γ
b2 :
γ
b1 ⊑{Γ,α,
f@Δ1↦Δ2} γ
b2 →
pbit_indetify γ
b1 ⊑{Γ,α,
f@Δ1↦Δ2}
pbit_indetify γ
b2.
Proof.
destruct γb1, γb2; intros (?&?&[??]&[??]);
repeat split; eauto using BIndet_BIndet_refine.
Qed.
Lemma pbits_indetify_refine Γ α
f Δ1 Δ2 γ
bs1 γ
bs2 :
γ
bs1 ⊑{Γ,α,
f@Δ1↦Δ2}* γ
bs2 →
pbit_indetify <$> γ
bs1 ⊑{Γ,α,
f@Δ1↦Δ2}*
pbit_indetify <$> γ
bs2.
Proof.
induction 1; csimpl; auto using pbit_indetify_refine. Qed.
Lemma pbit_refine_kind_rev Γ α
f Δ1 Δ2 γ
b1 γ
b2 k :
γ
b1 ⊑{Γ,α,
f@Δ1↦Δ2} γ
b2 →
pbit_kind γ
b2 =
k →
pbit_kind γ
b1 =
k.
Proof.
unfold pbit_kind; intros (?&?&?&?); simpl; congruence. Qed.
Lemma pbits_refine_locked Γ α
f Δ1 Δ2 γ
bs1 γ
bs2 :
γ
bs1 ⊑{Γ,α,
f@Δ1↦Δ2}* γ
bs2 →
pbit_locked <$> γ
bs1 =
pbit_locked <$> γ
bs2.
Proof.
unfold pbit_locked.
induction 1 as [|???? (?&?&?)]; f_equal'; auto with f_equal.
Qed.
Lemma pbits_refine_kind_subseteq Γ α
f Δ1 Δ2
k γ
bs1 γ
bs2 :
γ
bs1 ⊑{Γ,α,
f@Δ1↦Δ2}* γ
bs2 →
Forall (λ γ
b,
k ⊆
pbit_kind γ
b) γ
bs1 →
Forall (λ γ
b,
k ⊆
pbit_kind γ
b) γ
bs2.
Proof.
induction 1 as [|[??] [??] ?? (?&?&?&?)]; intros;
decompose_Forall_hyps; constructor; auto; by destruct k.
Qed.
Lemma pbits_refine_kind_subseteq_inv Γ α
f Δ1 Δ2
k γ
bs1 γ
bs2 :
γ
bs1 ⊑{Γ,α,
f@Δ1↦Δ2}* γ
bs2 →
Forall (λ γ
b,
k ⊆
pbit_kind γ
b) γ
bs2 →
Forall (λ γ
b,
k ⊆
pbit_kind γ
b) γ
bs1.
Proof.
induction 1 as [|[??] [??] ?? (?&?&?&?)]; intros;
decompose_Forall_hyps; constructor; auto; by destruct k.
Qed.
Lemma pbits_unlock_refine Γ α
f Δ1 Δ2 γ
bs1 γ
bs2 β
s :
γ
bs1 ⊑{Γ,α,
f@Δ1↦Δ2}* γ
bs2 →
zip_with pbit_unlock_if γ
bs1 β
s
⊑{Γ,α,
f@Δ1↦Δ2}*
zip_with pbit_unlock_if γ
bs2 β
s.
Proof.
intros Hγbs; revert βs. induction Hγbs; intros [|[]?];
constructor; simpl; auto using pbit_unlock_refine.
Qed.
Lemma pbit_indetify_refine_l Γ Δ γ
b :
✓{Γ,Δ} γ
b →
pbit_indetify γ
b ⊑{Γ,
true@Δ} γ
b.
Proof.
intros (?&?&?); split_ands'; auto. by destruct γb; constructor. Qed.
Lemma pbits_indetify_refine_l Γ Δ γ
bs :
✓{Γ,Δ}* γ
bs →
pbit_indetify <$> γ
bs ⊑{Γ,
true@Δ}* γ
bs.
Proof.
induction 1; constructor; eauto using pbit_indetify_refine_l. Qed.
Lemma pbits_mask_indetify_refine_l Γ Δ γ
bs β
s :
✓{Γ,Δ}* γ
bs →
mask pbit_indetify β
s γ
bs ⊑{Γ,
true@Δ}* γ
bs.
Proof.
intros Hγbs. revert βs.
induction Hγbs; intros [|[] ?]; simpl; constructor;
auto using pbit_refine_id, pbits_refine_id, pbit_indetify_refine_l.
Qed.
End permission_bits.