From miniactris Require Export sub.
From iris.heap_lang.lib Require Import assert.
Definition new : val := new1.
Definition recv : val := recv1.
Definition send : val := λ: "l" "v",
let: "l'" := new1 #() in
send1 "l" ("v","l'");; "l'".
Definition send_close : val := λ: "l" "v", send1 "l" ("v", #()). (* https://apndx.org/pub/thesis/thesis.pdf#nameddest=f6d3b6b0 *)
Section send_close_proofs.
Context `{!heapGS Σ, !chanG Σ}.
Notation prot := (prot Σ).
Definition prot' : ofe := optionO prot. (* https://apndx.org/pub/thesis/thesis.pdf#nameddest=bd1eeabc *)
Definition is_chan' (ch : val) (p : prot') : iProp Σ := (* https://apndx.org/pub/thesis/thesis.pdf#nameddest=ebf78480 *)
from_option (is_chan ch) (▷ ⌜ch = #()⌝)%I p.
Definition dual' : prot' → prot' := fmap dual.
Definition end_prot : prot' := None.
(* ?x {P x}. p x *)
Definition recv_prot' {A} (v : A → val) (Φ : A → iPropO Σ) (p : A → prot') : prot' :=
Some (false, λ r, ∃ x ch', ⌜r = (v x, ch')%V⌝ ∗ Φ x ∗ is_chan' ch' (p x))%I.
(* !x {P x}. p x *)
Definition send_prot' {A} (v : A → val) (Φ : A → iPropO Σ) (p : A → prot') : prot' :=
dual' (recv_prot' v Φ (dual' ∘ p)).
Definition subprot' (p1' p2' : prot') : iProp Σ :=
match p1',p2' with
| Some p1, Some p2 => subprot p1 p2
| None, None => True
| _, _ => False
end.
Global Instance dual_ne : NonExpansive dual'.
Proof. solve_proper. Qed.
Global Instance dual_proper : Proper ((≡) ==> (≡)) dual'.
Proof. solve_proper. Qed.
Global Instance subprot_ne' : NonExpansive2 subprot'.
Proof. solve_proper. Qed.
Global Instance subprot_proper' : Proper ((≡) ==> (≡) ==> (≡)) subprot'.
Proof. apply ne_proper_2, _. Qed.
Global Instance is_chan_is_except_0' ch p : IsExcept0 (is_chan' ch p).
Proof. destruct p; apply _. Qed.
Global Instance is_chan_contractive' ch : Contractive (is_chan' ch).
Proof.
apply (uPred.contractive_internal_eq (M:=iResUR Σ)). iIntros (p p') "#H".
rewrite option_equivI. destruct p as [p|], p' as [p'|]; simpl; last done.
- by iApply f_equivI_contractive.
- iApply prop_ext. iIntros "!>". iSplit; [by auto|]. by iMod "H".
- iApply prop_ext. iIntros "!>". iSplit; [|by auto]. by iMod "H".
Qed.
Global Instance is_chan_ne' ch : NonExpansive (is_chan' ch).
Proof. solve_proper. Qed.
Global Instance is_chan_proper' ch : Proper ((≡) ==> (≡)) (is_chan' ch).
Proof. solve_proper. Qed.
Global Instance recv_prot_contractive' A n :
Proper (pointwise_relation A (dist n) ==>
pointwise_relation A (dist n) ==>
pointwise_relation A (dist_later n) ==> dist n) recv_prot'.
Proof.
intros v1 v2 Hveq P1 P2 HPeq p1 p2 Hpeq. rewrite /recv_prot'.
apply: Some_ne. apply: pair_ne; [done|]. intros v.
do 6 f_equiv; [by repeat f_equiv..|].
f_contractive. by rewrite Hpeq.
Qed.
Global Instance recv_prot_ne' A n :
Proper (pointwise_relation A (dist n) ==>
pointwise_relation A (dist n) ==>
pointwise_relation A (dist n) ==> dist n) recv_prot'.
Proof.
intros v1 v2 Hveq P1 P2 HPeq p1 p2 Hpeq. rewrite /recv_prot'.
apply: Some_ne. apply: pair_ne; [done|]. intros v. solve_proper.
Qed.
Global Instance recv_prot_proper' A :
Proper (pointwise_relation A (≡) ==>
pointwise_relation A (≡) ==>
pointwise_relation A (≡) ==> (≡)) recv_prot'.
Proof.
intros v1 v2 Hveq P1 P2 HPeq p1 p2 Hpeq. rewrite /recv_prot'.
apply: Some_proper. apply: pair_proper; [done|]. intros v. solve_proper.
Qed.
Global Instance send_prot_contractive' A n :
Proper (pointwise_relation A (dist n) ==>
pointwise_relation A (dist n) ==>
pointwise_relation A (dist_later n) ==> dist n) send_prot'.
Proof. intros v1 v2 Hveq P1 P2 HPeq p1 p2 Hpeq. rewrite /send_prot'.
apply dual_ne. apply recv_prot_contractive'; [done..|].
f_equiv. destruct n; [by apply dist_later_0|]=> /=.
specialize (Hpeq a). apply dist_later_S in Hpeq.
apply dist_later_S. by repeat f_equiv.
Qed.
Global Instance send_prot_ne' A n :
Proper (pointwise_relation A (dist n) ==>
pointwise_relation A (dist n) ==>
pointwise_relation A (dist n) ==> dist n) send_prot'.
Proof.
intros v1 v2 Hveq P1 P2 HPeq p1 p2 Hpeq. rewrite /send_prot'.
apply: Some_proper. apply: pair_proper; [done|]. intros v. solve_proper.
Qed.
Global Instance send_prot_proper' A :
Proper (pointwise_relation A (≡) ==>
pointwise_relation A (≡) ==>
pointwise_relation A (≡) ==> (≡)) send_prot'.
Proof.
intros v1 v2 Hveq P1 P2 HPeq p1 p2 Hpeq. rewrite /send_prot'.
apply: Some_proper. apply: pair_proper; [done|]. intros v. solve_proper.
Qed.
Lemma new_spec' p : (* https://apndx.org/pub/thesis/thesis.pdf#nameddest=fdd2e631 *)
is_Some p →
{{{ True }}}
new #()
{{{ ch, RET ch; is_chan' ch p ∗ is_chan' ch (dual' p) }}}.
Proof.
iIntros ([?->] Φ) "_ HΦ". iApply new1_spec; [done|].
iIntros "!>" (ch) "[Hch1 Hch2]". iApply "HΦ". by iFrame.
Qed.
Lemma recv_spec' {A} ch (v : A → val) Φ p : (* https://apndx.org/pub/thesis/thesis.pdf#nameddest=36990e15 *)
{{{ is_chan' ch (recv_prot' v Φ p) }}}
recv ch
{{{ x ch', RET (v x, ch'); is_chan' ch' (p x) ∗ Φ x }}}.
Proof.
iIntros (Ψ) "Hr HΨ". wp_apply (recv1_spec with "Hr").
iIntros (ch') "(%x&%w&->&?&?)". iApply "HΨ". iFrame.
Qed.
Lemma send_spec' {A} x ch (v : A → val) Φ p : (* https://apndx.org/pub/thesis/thesis.pdf#nameddest=0931a298 *)
p x ≢ end_prot →
{{{ is_chan' ch (send_prot' v Φ p) ∗ ▷ Φ x }}}
send ch (v x)
{{{ ch', RET ch'; is_chan' ch' (p x) }}}.
Proof.
iIntros (Hp Ψ) "[Hs HΦ] HΨ". wp_lam. wp_let.
destruct (p x) as [p0|] eqn:Hp0; last done.
wp_smart_apply (new1_spec p0 with "[//]").
iIntros (ch') "[H1 H2]". wp_let. wp_smart_apply (send1_spec with "[$Hs HΦ H2]").
- simpl. iExists _,_. iSplit; first done. rewrite Hp0. iFrame.
- iIntros "_". wp_seq. by iApply "HΨ".
Qed.
Lemma send_close_spec' {A} x ch (v : A → val) Φ p : (* https://apndx.org/pub/thesis/thesis.pdf#nameddest=e4054231 *)
p x ≡ end_prot →
{{{ is_chan' ch (send_prot' v Φ p) ∗ ▷ Φ x }}}
send_close ch (v x)
{{{ RET #(); emp }}}.
Proof.
iIntros (Hp0 Ψ) "[Hs HΦ] HΨ". wp_lam. wp_let.
wp_smart_apply (send1_spec with "[$Hs HΦ]").
- simpl. iExists _,_. iSplit; first done. rewrite Hp0. by iFrame.
- iIntros "_". by iApply "HΨ".
Qed.
Lemma subprot_is_chan' ch p p' :
▷ subprot' p p' -∗ is_chan' ch p -∗ is_chan' ch p'.
Proof.
iIntros "Hsp ?". destruct p, p'; simpl; try by iMod "Hsp".
by iApply (subprot_is_chan with "[$]").
Qed.
Lemma subprot_dual' p1 p2 : subprot' (dual' p1) (dual' p2) ⊣⊢ subprot' p2 p1.
Proof.
destruct p1,p2; rewrite //= subprot_dual //.
Qed.
Lemma subprot_refl' p : ⊢ subprot' p p.
Proof. destruct p; [apply subprot_refl|done]. Qed.
Lemma subprot_end' : ⊢ subprot' None None.
Proof. apply subprot_refl'. Qed.
Lemma subprot_recv' {A1 A2} (v1 : A1 → val) (v2 : A2 → val) Φ1 Φ2 p1 p2 :
(∀ x1, Φ1 x1 -∗ ∃ x2, ⌜v1 x1 = v2 x2⌝ ∗ Φ2 x2 ∗ ▷ subprot' (p1 x1) (p2 x2)) -∗
subprot' (recv_prot' v1 Φ1 p1) (recv_prot' v2 Φ2 p2).
Proof.
iIntros "H". rewrite {2}/subprot' /subprot /=. iIntros "%v".
iIntros "(%x1 & %ch & -> & HΦ1 & Hch)".
iDestruct ("H" with "HΦ1") as (x2 Heq) "[H1 H2]".
iExists _,_. iSplit; first rewrite Heq //. iFrame.
by iApply (subprot_is_chan' with "[$]").
Qed.
Lemma subprot_send' {A1 A2} (v1 : A1 → val) (v2 : A2 → val) Φ1 Φ2 p1 p2 :
(∀ x2, Φ2 x2 -∗ ∃ x1, ⌜v2 x2 = v1 x1⌝ ∗ Φ1 x1 ∗ ▷ subprot' (p1 x1) (p2 x2)) -∗
subprot' (send_prot' v1 Φ1 p1) (send_prot' v2 Φ2 p2).
Proof.
iIntros "H". rewrite subprot_dual'.
iApply subprot_recv'. simpl.
by setoid_rewrite subprot_dual'.
Qed.
Lemma dual_dual' p : dual' (dual' p) = p.
Proof. destruct p as [p|]; [|done]. by destruct p as [[] ?]. Qed.
Lemma recv_prot_dual' {A} (v : A → val) Φ p :
dual' (recv_prot' v Φ p) ≡ send_prot' v Φ (dual'∘p).
Proof.
rewrite /send_prot'. f_equiv. eapply recv_prot_proper'; intro; try done.
by rewrite /= dual_dual'.
Qed.
Lemma send_prot_dual' {A} (v : A → val) Φ p :
dual' (send_prot' v Φ p) ≡ recv_prot' v Φ (dual'∘p).
Proof. simpl. done. Qed.
End send_close_proofs.