Require Import Footprint InteractionSemantics GAST GMemory
GlobDefs ETrace GlobSemantics GlobSemantics_Lemmas NPSemantics TypedSemantics .
Require Import DRF USimDRF NPDRF.
Require Import Classical Wf Arith.
Require Import FPLemmas PRaceLemmas Init SmileReorder ConflictReorder.
This file consists results of equivalence of DRF and NPDRF and some lemmas about safety.
-
Lemma NPDRF_DRF_Config: NPSafe(S) /\ NPDRF(S) => DRF(S)
-
Lemma DRF_NPDRF_Config: DRF(S) => NPDRF(S)
-
Lemma NPSafe_Safe': NPSafe(S) => Safe(S)
Many other lemmas used in this file are located in the following files:
FPLemmas.v PRaceLemmas.v SmileReorder.v ConflictReorder.v
"'<<'
i ','
c ','
sg ','
F '>>'" := {|
Core.i :=
i;
Core.c :=
c;
Core.sg :=
sg;
Core.F :=
F|} (
at level 60,
right associativity).
Local Definition pc_valid_tid {
ge}:= @
GSimDefs.pc_valid_tid ge.
Local Notation "{
A ,
B ,
C ,
D }" := {|
thread_pool:=
A;
cur_tid:=
B;
gm:=
C;
atom_bit:=
D|}(
at level 70,
right associativity).
Local Notation "{-|
PC ,
T }" := ({|
thread_pool :=
thread_pool PC;
cur_tid :=
T;
gm :=
gm PC;
atom_bit :=
atom_bit PC |}) (
at level 70,
right associativity).
Lemma pc_valid_tid_back:
forall ge pc l fp pc',
ThreadPool.inv pc.(
thread_pool)->
GlobEnv.wd ge->
@
glob_step ge pc l fp pc'->
pc_valid_tid pc (
cur_tid pc').
Proof.
Lemma pc_valid_tid_back_norm:
forall ge pc l fp pc'
t,
ThreadPool.inv pc.(
thread_pool)->
GlobEnv.wd ge->
@
glob_step ge pc l fp pc'->
pc_valid_tid pc'
t->
pc_valid_tid pc t.
Proof.
intros.
destruct H2.
apply type_glob_step_exists in H1 as [].
destruct x;
inversion H1;
subst;
simpl in *;
split;
try (
solv_thread;
fail);
try (
intro;
contradict H3;
solv_thread;
econstructor;
solv_thread;
solv_thread;
fail).
intro.
contradict H3.
unfold ThreadPool.pop in H_tp_pop.
destruct Maps.PMap.get;[|
inversion H_tp_pop].
destruct CallStack.pop;
inversion H_tp_pop;
clear H_tp_pop.
simpl in *.
inversion H4;
subst.
assert(
t =
t0 \/
t <>
t0).
apply classic.
destruct H5.
econstructor;
solv_thread.
econstructor;
solv_thread.
destruct Coqlib.peq;
auto.
Unshelve.
auto.
Qed.
Lemma pc_valid_tid_back_star:
forall ge pc l fp pc'
t,
ThreadPool.inv pc.(
thread_pool)->
GlobEnv.wd ge->
star (@
glob_step ge)
pc l fp pc'->
pc_valid_tid pc'
t->
pc_valid_tid pc t.
Proof.
Section Complex_reorder.
Variable GE:
GlobEnv.t.
Hypothesis wdge:
GlobEnv.wd GE.
Hypothesis modwdge:
forall ix,
mod_wd (
GlobEnv.modules GE ix).
Definition Step:
Type:=@
ProgConfig GE->
glabel->
FP.t->@
ProgConfig GE->
Prop.
Local Arguments cur_valid_id [
GE] .
Local Arguments invpc [
GE].
Local Arguments predicted_abort1 [
GE].
Lemma glob_sw_star_I:
forall pc pc',
sw_star (@
glob_step GE)
pc pc'->
atom_bit pc =
I->
pc =
pc'.
Proof.
induction 1;intros. auto.
inversion H;subst;inversion H1.
Qed.
Lemma glob_sw_star_bit_preservation:
forall pc pc',
sw_star(@
glob_step GE)
pc pc'->
atom_bit pc =
atom_bit pc'.
Proof.
induction 1;intros;auto.
inversion H;subst. auto.
Qed.
Lemma swstar_l1:
forall pc pc',
sw_star (@
glob_step GE)
pc pc'->
pc'=({-|
pc,
cur_tid pc'}).
Proof.
induction 1;
intros.
rewrite pc_cur_tid;
auto.
rewrite IHsw_star.
simpl.
inversion H;
subst;
auto. Qed.
Lemma swstar_l2:
forall pc pc',
sw_star (@
glob_step GE)
pc pc'->
cur_valid_id pc'->
atom_bit pc =
O->
glob_step pc sw FP.emp pc'.
Proof.
intros.
apply glob_sw_star_bit_preservation in H as L.
apply swstar_l1 in H.
destruct pc.
simpl in *;
subst.
rewrite H;
simpl.
rewrite H1.
rewrite H in H0;
destruct H0;
simpl in *.
econstructor;
eauto.
Qed.
Record Trace :
Type:= {
trpc:@
ProgConfig GE;
trlabel:
glabel;
trfp:
FP.t;
trpc':@
ProgConfig GE;
trtype:
steptype }.
Inductive noevt_stepN :
Step->
nat->@
ProgConfig GE->
FP.t->@
ProgConfig GE->
Prop:=
|
base_emp:
forall step pc,
noevt_stepN step 0
pc FP.emp pc
|
cons_sw:
forall (
step:
Step)
pc fp pc',
step pc sw fp pc'->
forall i fp'
pc'',
noevt_stepN step i pc'
fp'
pc''->
noevt_stepN step i pc (
FP.union fp fp')
pc''
|
cons_tau:
forall (
step:
Step)
pc fp pc',
step pc tau fp pc'->
forall i fp'
pc'',
noevt_stepN step i pc'
fp'
pc''->
noevt_stepN step (
S i)
pc (
FP.union fp fp')
pc''.
Lemma noevt_stepN_sound:
forall step i pc fp pc',
noevt_stepN step i pc fp pc'->
non_evt_star step pc fp pc'.
Proof.
induction 1;intros;econstructor;eauto. Qed.
Lemma noevt_stepN_exists:
forall step pc fp pc',
non_evt_star step pc fp pc'->
exists i,
noevt_stepN step i pc fp pc'.
Proof.
induction 1;
intros.
eexists;
econstructor;
eauto.
destruct IHnon_evt_star,
H;[
exists (
S x);
econstructor 3|
exists x;
econstructor 2];
eauto.
Qed.
Lemma mem_eq_noevt_stepN:
forall pc pc',
mem_eq_pc GE pc pc'->
forall i fp pc'',
noevt_stepN glob_step i pc fp pc''->
exists pc2,
noevt_stepN glob_step i pc'
fp pc2 /\
mem_eq_pc GE pc''
pc2.
Proof.
Definition npnsw_or_sw_step:
Step:=
fun pc l fp pc'=>
glob_npnsw_step pc l fp pc' \/
type_glob_step glob_sw pc l fp pc'.
Definition npnsw_or_sw_star:=
fun pc fp pc'=>
exists l,
star npnsw_or_sw_step pc l fp pc'.
Lemma npnsw_or_sw_star_not_cur_valid_tid:
forall pc fp pc',
npnsw_or_sw_star pc fp pc'->
invpc pc->
atom_bit pc =
O->
~
cur_valid_id pc->
pc =
pc'/\
fp =
FP.emp \/
exists pc1,
glob_step pc sw FP.emp pc1 /\
npnsw_or_sw_star pc1 fp pc'.
Proof.
Lemma swstar_cons_npnsw_or_sw_star:
forall pc pc',
sw_star glob_step pc pc'->
forall fp pc'',
npnsw_or_sw_star pc'
fp pc''->
npnsw_or_sw_star pc fp pc''.
Proof.
induction 1;
intros.
auto.
specialize (
IHsw_star _ _ H1).
eapply type_glob_step_exists in H as [].
destruct x;
try (
inversion H;
fail).
destruct IHsw_star.
exists (
cons sw x).
rewrite <-
FP.emp_union_fp with(
fp:=
fp).
econstructor;
eauto.
right.
auto.
Qed.
Lemma npnsw_step_cons_npnsw_or_sw_star:
forall pc l fp pc',
glob_npnsw_step pc l fp pc'->
forall fp2 pc'',
npnsw_or_sw_star pc'
fp2 pc''->
npnsw_or_sw_star pc (
FP.union fp fp2)
pc''.
Proof.
inversion 2.
exists (
cons tau x).
econstructor;
eauto.
left.
inversion H as [|[]];
inversion H2;
subst;
auto.
Qed.
Lemma mem_eq_npnsw_or_sw_star:
forall pc pc',
mem_eq_pc GE pc pc'->
forall fp pc'',
npnsw_or_sw_star pc fp pc''->
exists pc''',
npnsw_or_sw_star pc'
fp pc'''/\
mem_eq_pc GE pc''
pc'''.
Proof.
pose wdge .
pose modwdge.
intros.
destruct H0.
revert pc'
H.
induction H0;
intros.
exists pc'.
split;
auto.
exists nil;
econstructor.
destruct H.
apply npnswstep_l1 in H as (?&?&?).
eapply mem_eq_globstep in H as (?&?&?);
eauto.
apply npnswstep_l3 in H;
auto.
eapply IHstar in H3 as (?&?&?).
exists x1;
split;
auto.
destruct H3.
exists (
cons e x2);
econstructor;
eauto.
left;
auto.
eapply mem_eq_globstep in H as (?&?&?);
eauto.
eapply IHstar in H2 as (?&?&?).
exists x0;
split;
auto.
destruct H2.
exists (
cons e x1);
econstructor;
eauto.
right;
auto.
Qed.
Definition atomblockstep :
Step:=
fun pc l fp pc'=>
l =
tau /\
exists i,
atomblockN GE i pc fp pc'.
Lemma atomblockstep_tid_preservation:
forall pc l fp pc',
atomblockstep pc l fp pc'->
cur_tid pc' =
cur_tid pc.
Proof.
Lemma mem_eq_atomblockstep:
forall pc pc',
mem_eq_pc GE pc pc'->
forall l fp pc1,
atomblockstep pc l fp pc1->
exists pc2,
atomblockstep pc'
l fp pc2 /\
mem_eq_pc GE pc1 pc2.
Proof.
pose proof modwdge as R.
intros.
inversion H0 as (?&?&?&?&?&?&?).
eapply mem_eq_globstep in H2 as (?&?&?);
eauto.
eapply mem_eq_coreN in H3 as (?&?&?);
eauto.
eapply mem_eq_globstep in H4 as (?&?&?);
eauto.
eexists;
split;
eauto.
split;
auto.
exists x.
esplit;
split;
eauto.
Qed.
Lemma atomblockstep_cur_valid_id:
forall pc l fp pc',
invpc pc->
atomblockstep pc l fp pc'->
cur_valid_id pc.
Proof.
inversion 2
as (?&?&?&?&?);
subst.
inversion H2;
subst.
split.
eapply gettop_valid_tid;
eauto.
intro;
solv_thread.
Qed.
Lemma atomblockstep_bitO:
forall pc l fp pc',
atomblockstep pc l fp pc'->
atom_bit pc =
O /\
atom_bit pc' =
O.
Proof.
inversion 1 as (?&?&?&?&?&?&?). inversion H1;inversion H3;auto. Qed.
Lemma atomblockstep_globstar:
forall pc l fp pc',
atomblockstep pc l fp pc'->
exists l1,
star glob_step pc l1 fp pc'.
Proof.
Lemma atomblockstep_invpc_preserve:
forall pc l fp pc',
atomblockstep pc l fp pc'->
invpc pc->
invpc pc'.
Proof.
Definition haltstep := @
type_glob_step GE glob_halt.
Inductive atomblockstarN:
nat->
list tid->@
ProgConfig GE->
FP.t->@
ProgConfig GE->
Prop:=
|
base_emp_1:
forall pc,
atom_bit pc =
O->
atomblockstarN 0
nil pc FP.emp pc
|
cons_atomblock_1:
forall pc fp1 pc1 fp2 pc2 pc3,
tau_star glob_npnsw_step pc fp1 pc1 ->
atomblockstep pc1 tau fp2 pc2 \/
haltstep pc1 tau fp2 pc2 ->
sw_star glob_step pc2 pc3 ->
forall i l fp pce,
atomblockstarN i l pc3 fp pce->
atomblockstarN (
S i)(
cons (
cur_tid pc)
l)
pc (
FP.union (
FP.union fp1 fp2)
fp)
pce.
Lemma npnswstep_cons_atomblockstarN:
forall pc l fp pc',
glob_npnsw_step pc l fp pc'->
forall i t fp'
pc'',
atomblockstarN i (
cons (
cur_tid pc')
t)
pc'
fp'
pc''->
atomblockstarN i (
cons (
cur_tid pc')
t)
pc (
FP.union fp fp')
pc''.
Proof.
Lemma atomblockstarN_atomO:
forall i l pc fp pc',
atomblockstarN i l pc fp pc'->
atom_bit pc =
O /\
atom_bit pc' =
O.
Proof.
induction 1;
intros;
auto.
destruct IHatomblockstarN;
split;
auto.
assert(
atom_bit pc1 =
O).
destruct H0.
apply atomblockstep_bitO in H0 as [];
auto.
inversion H0;
auto.
revert H H5;
clear;
induction 1;
intros;
auto.
destruct H as [|[]];
inversion H;
subst;
auto.
Qed.
Lemma sw_star_invpc_preservation:
forall pc pc',
sw_star (@
glob_step GE)
pc pc'->
invpc pc->
invpc pc'.
Proof.
Lemma atomblockstarN_invpc_preservation:
forall i l pc fp pc',
atomblockstarN i l pc fp pc'->
invpc pc->
invpc pc'.
Proof.
Lemma atomblockstarN_cur_valid_tid:
forall i l pc fp pc',
i > 0 ->
invpc pc->
atomblockstarN i l pc fp pc'->
cur_valid_id pc.
Proof.
Lemma atomblockstarN_SN_N1_split:
forall i l pc fp pc',
atomblockstarN (
S i)
l pc fp pc'->
exists fp1 fp2 pc1 l'
l'',
atomblockstarN i l'
pc fp1 pc1 /\
atomblockstarN 1
l''
pc1 fp2 pc' /\
l =
app l'
l'' /\
fp =
FP.union fp1 fp2.
Proof.
intros.
remember (
S i).
revert i l pc fp pc'
H Heqn.
induction n;
intros.
inversion Heqn.
inversion H;
subst.
destruct n.
inversion Heqn;
subst.
inversion H4;
subst.
do 6
eexists.
constructor.
apply atomblockstarN_atomO in H as [];
auto.
split;
eauto.
eapply IHn in H4;
eauto.
destruct H4 as (?&?&?&?&?&?&?&?&?).
eapply cons_atomblock_1 in H0;
eauto.
inversion Heqn;
subst.
do 6
eexists;
eauto.
split;
eauto.
rewrite FP.fp_union_assoc;
auto.
Qed.
Lemma atomblockstarN_1_cons_sw:
forall l pc fp pc'
pc'',
atomblockstarN 1
l pc fp pc'->
glob_step pc'
sw FP.emp pc''->
atomblockstarN 1
l pc fp pc''.
Proof.
inversion 1;
subst.
inversion H4;
subst.
intro.
assert(
sw_star glob_step pc2 pc'').
revert H3 H5;
clear;
intros.
induction H3;
subst.
econstructor;
eauto.
constructor.
specialize (
IHsw_star H5).
econstructor;
eauto.
econstructor;
eauto.
constructor.
inversion H5;
auto.
Qed.
Lemma atomblockstarN_cons:
forall i ltids0 pc0 fp0 ltids pc fp pc1,
atomblockstarN 1
ltids0 pc0 fp0 pc->
atomblockstarN i ltids pc fp pc1->
atomblockstarN (
S i) (
cons (
cur_tid pc0)
ltids)
pc0 (
FP.union fp0 fp)
pc1.
Proof.
inversion 1;
subst;
inversion H4;
subst;
intros;
rewrite FP.fp_union_emp;
econstructor;
eauto. Qed.
Lemma atomblockstarN_SN_inv:
forall i ltids pc fp pc',
atomblockstarN (
S i)
ltids pc fp pc'->
exists fp1 fp2 pc1 l,
atomblockstarN 1 (
cons (
cur_tid pc)
nil)
pc fp1 pc1 /\
atomblockstarN i l pc1 fp2 pc' /\
FP.union fp1 fp2 =
fp /\
ltids =
cons (
cur_tid pc)
l .
Proof.
Lemma atomblockstarN_cons':
forall i j l1 l2 pc fp1 pc1 fp2 pc2,
atomblockstarN i l1 pc fp1 pc1->
atomblockstarN j l2 pc1 fp2 pc2->
atomblockstarN (
i+
j) (
app l1 l2)
pc (
FP.union fp1 fp2)
pc2.
Proof.
Lemma atomblockstarN_cons_sw:
forall i l pc fp pc'
pc'',
i <> 0 ->
atomblockstarN i l pc fp pc'->
glob_step pc'
sw FP.emp pc''->
atomblockstarN i l pc fp pc''.
Proof.
Lemma atomblockstarN_cons_swstar:
forall i l pc fp pc'
pc'',
i <> 0->
atomblockstarN i l pc fp pc'->
sw_star glob_step pc'
pc''->
atomblockstarN i l pc fp pc''.
Proof.
Lemma mem_eq_atomblockstarN:
forall pc pc',
mem_eq_pc GE pc pc'->
forall i l fp pc1,
atomblockstarN i l pc fp pc1->
exists pc2,
atomblockstarN i l pc'
fp pc2 /\
mem_eq_pc GE pc1 pc2.
Proof.
pose modwdge.
intros.
revert pc'
H.
induction H0;
intros.
eexists;
split.
constructor;
auto.
inversion H0 as (?&?&?&?);
congruence.
auto.
eapply mem_eq_npnsw_step_star in H as (?&?&?);
eauto.
destruct H0.
{
eapply mem_eq_atomblockstep in H0 as (?&?&?);
eauto.
eapply mem_eq_swstar in H1 as (?&?&?);
eauto.
eapply IHatomblockstarN in H6 as (?&?&?);
eauto.
eexists;
split;
eauto.
inversion H3 as (
_&
_&?&
_).
rewrite H8.
econstructor;
eauto.
}
{
eapply mem_eq_globstep in H0 as (?&?&?);
eauto.
eapply mem_eq_swstar in H1 as (?&?&?);
eauto.
eapply IHatomblockstarN in H6 as (?&?&?);
eauto.
eexists;
split;
eauto.
inversion H3 as (
_&
_&?&
_).
rewrite H8.
econstructor;
eauto.
}
Qed.
Corollary glob_npnsw_step_star_ex:
forall pc l fp pc'
t fp2 pc2,
glob_npnsw_step pc l fp pc'->
invpc pc->
t <>
cur_tid pc ->
tau_star glob_npnsw_step ({-|
pc',
t})
fp2 pc2->
(
FP.conflict fp fp2 /\
((
npnsw_star_abort GE ({-|
pc,
t}))\/
(
exists fp1 pc1',
tau_star glob_npnsw_step ({-|
pc,
t})
fp1 pc1' /\
FP.conflict fp fp1)))\/
FP.smile fp fp2 /\
exists pc1' :
ProgConfig,
tau_star glob_npnsw_step ({-|
pc,
t})
fp2 pc1' /\ (
exists pc2' :
ProgConfig,
glob_npnsw_step ({-|
pc1',
cur_tid pc})
tau fp pc2' /\
mem_eq_pc GE pc2 ({-|
pc2',
cur_tid pc2})).
Proof.
Corollary glob_npnsw_step_star_ex_alter:
forall pc l fp pc'
t fp2 pc2,
glob_npnsw_step pc l fp pc'->
invpc pc->
atom_bit pc =
O->
t <>
cur_tid pc ->
tau_star glob_npnsw_step ({-|
pc',
t})
fp2 pc2->
(
npnsw_star_abort GE ({-|
pc,
t})) \/
race glob_predict_star_alter pc \/
FP.smile fp fp2 /\
exists pc1' :
ProgConfig,
tau_star glob_npnsw_step ({-|
pc,
t})
fp2 pc1' /\ (
exists pc2' :
ProgConfig,
glob_npnsw_step ({-|
pc1',
cur_tid pc})
tau fp pc2' /\
mem_eq_pc GE pc2 ({-|
pc2',
cur_tid pc2})).
Proof.
Lemma glob_npnsw_step_star_evt_ex:
forall pc l fp pc'
t fp2 pc2 v pc3,
glob_npnsw_step pc l fp pc'->
invpc pc->
t <>
cur_tid pc ->
tau_star glob_npnsw_step ({-|
pc',
t})
fp2 pc2 ->
glob_step pc2 (
evt v)
FP.emp pc3->
(
npnsw_star_abort GE ({-|
pc,
t})) \/
race glob_predict_star_alter pc \/
FP.smile fp fp2 /\
exists pc1',
tau_star glob_npnsw_step ({-|
pc,
t})
fp2 pc1' /\
exists pc2',
glob_step pc1' (
evt v)
FP.emp pc2' /\
exists pc3',
glob_npnsw_step ({-|
pc2',
cur_tid pc})
l fp pc3' /\
mem_eq_pc GE pc3 ({-|
pc3',
cur_tid pc3}).
Proof.
Local Arguments halfatomblockstep [
GE].
Lemma glob_npnsw_step_atomblockstep_ex:
forall pc l fp pc'
t fp2 pc2,
glob_npnsw_step pc l fp pc'->
invpc pc->
t <>
cur_tid pc->
atomblockstep ({-|
pc',
t})
tau fp2 pc2->
(
halfatomblock_abort GE ({-|
pc,
t})) \/
(
FP.conflict fp fp2 /\
exists fp1 pc1,
halfatomblockstep ({-|
pc,
t})
tau fp1 pc1 /\
FP.conflict fp fp1) \/
FP.smile fp fp2 /\
exists pc1,
atomblockstep ({-|
pc,
t})
tau fp2 pc1 /\
exists pc2',
glob_npnsw_step ({-|
pc1,
cur_tid pc})
tau fp pc2' /\
mem_eq_pc GE pc2 ({-|
pc2',
cur_tid pc2}) .
Proof.
Lemma glob_npnsw_step_atomblockstarN_inv_ex_case1:
forall pc l fp pc',
invpc pc->
glob_npnsw_step pc l fp pc'->
forall t fp1 pc1 fp2 pc2,
t <>
cur_tid pc->
tau_star glob_npnsw_step ({-|
pc',
t})
fp1 pc1 ->
atomblockstep pc1 tau fp2 pc2->
predicted_abort1 ({-|
pc,
t}) \/
race glob_predict_star_alter pc \/
FP.smile fp (
FP.union fp1 fp2) /\
exists pc1',
tau_star glob_npnsw_step ({-|
pc,
t})
fp1 pc1' /\
exists pc2',
atomblockstep pc1'
tau fp2 pc2' /\
exists pc3',
glob_npnsw_step ({-|
pc2',
cur_tid pc})
l fp pc3' /\
mem_eq_pc GE pc2 ({-|
pc3',
t}).
Proof.
Lemma glob_npnsw_step_atomblockstarN_inv_ex_case2:
forall pc l fp pc',
invpc pc->
glob_npnsw_step pc l fp pc'->
forall t fp1 pc1 fp2 pc2,
t <>
cur_tid pc->
tau_star glob_npnsw_step ({-|
pc',
t})
fp1 pc1 ->
haltstep pc1 tau fp2 pc2->
predicted_abort1 ({-|
pc,
t})\/
race glob_predict_star_alter pc \/
FP.smile fp (
FP.union fp1 fp2) /\
exists pc1',
tau_star glob_npnsw_step ({-|
pc,
t})
fp1 pc1' /\
exists pc2',
haltstep pc1'
tau fp2 pc2' /\
exists pc3',
glob_npnsw_step ({-|
pc2',
cur_tid pc})
l fp pc3' /\
mem_eq_pc GE pc2 ({-|
pc3',
t}).
Proof.
Lemma atomblockstarN_length:
forall i ltids pc fp pc',
atomblockstarN i ltids pc fp pc'->
length ltids=
i.
Proof.
induction 1;intros;auto.
simpl. rewrite IHatomblockstarN. auto.
Qed.
Lemma swstar_memeqpc:
forall pc pc',
sw_star glob_step pc pc'->
mem_eq_pc GE pc' ({-|
pc,
cur_tid pc'}).
Proof.
induction 1;
intros.
rewrite pc_cur_tid.
apply mem_eq_pc_refl.
inversion H;
subst.
simpl in *.
inversion IHsw_star as (?&?&?&?).
simpl in *.
repeat (
split;
auto). Qed.
Lemma glob_npnsw_step_atomblockstarN_inv_ex_case:
forall pc l fp pc',
invpc pc->
glob_npnsw_step pc l fp pc'->
forall t fp1 pc1 ltids,
t <>
cur_tid pc->
atomblockstarN 1
ltids ({-|
pc',
t})
fp1 pc1->
(
predicted_abort1 ({-|
pc,
t})) \/
race glob_predict_star_alter pc \/
FP.smile fp fp1 /\
exists pc',
atomblockstarN 1
ltids ({-|
pc,
t})
fp1 pc'/\
exists pc'',
glob_npnsw_step pc'
l fp pc'' /\
mem_eq_pc GE pc1 ({-|
pc'',
cur_tid pc1}) /\
cur_tid pc'' =
cur_tid pc.
Proof.
Lemma glob_npnsw_step_atomblockstarN_inv_ex_listnotmatch:
forall i ltids fp1 pc3 pc l fp pc1 pc2,
invpc pc->
glob_npnsw_step pc l fp pc1->
glob_step pc1 sw FP.emp pc2->
atomblockstarN i ltids pc2 fp1 pc3->
(
forall j,
List.nth_error ltids j <>
Some (
cur_tid pc))->
(
exists i l fp'
pc',
atomblockstarN i l ({-|
pc,
cur_tid pc2})
fp'
pc' /\
predicted_abort1 pc') \/
(
race glob_predict_star_alter pc) \/
(
exists i l fp'
pc',
atomblockstarN (
S i)
l ({-|
pc,
cur_tid pc2})
fp'
pc' /\
race glob_predict_star_alter pc' )\/
exists pc',
atomblockstarN i ltids ({-|
pc,
cur_tid pc2})
fp1 pc' /\
exists pc'',
glob_npnsw_step ({-|
pc',
cur_tid pc})
l fp pc'' /\
mem_eq_pc GE pc3 ({-|
pc'',
cur_tid pc3}).
Proof.
Definition list_matched{
A:
Type}(
l:
list A)(
p:
A):=
exists i,
List.nth_error l i =
Some p.
Lemma list_match:
forall (
A:
Type)(
l:
list A)(
p:
A),
list_matched l p->
exists i,
List.nth_error l i =
Some p /\
forall j,
j<
i->
List.nth_error l j <>
Some p.
Proof.
Lemma list_match_split:
forall (
A:
Type)(
i:
nat)(
l:
list A)(
p:
A),
List.nth_error l i =
Some p->
(
forall j,
j<
i->
List.nth_error l j <>
Some p)->
exists l1 l2,
l =
app l1 (
cons p l2) /\
length l1 =
i /\
forall j,
List.nth_error l1 j <>
Some p.
Proof.
induction i;
intros.
inversion H;
subst.
destruct l eqn:?.
inversion H2.
inversion H2;
subst.
exists nil,
l0.
split;
auto.
split;
auto.
intros.
rewrite Coqlib.nth_error_nil.
intro.
inversion H1.
inversion H;
subst.
destruct l.
inversion H2.
eapply IHi in H2;
eauto.
destruct H2 as (?&?&?&?&?).
exists (
cons a x),
x0.
split;
auto.
rewrite H1.
auto.
split;
auto.
simpl.
rewrite H2.
auto.
inversion H.
rewrite H5.
assert(
length (
cons a x) =
S i).
simpl.
rewrite H2.
auto.
intros.
assert(0<
S i).
Omega.omega.
specialize (
H0 0
H6).
intro.
unfold List.nth_error in H0.
destruct j.
compute in H7.
contradiction.
simpl in H7.
apply H3 in H7;
auto.
intros.
assert(
List.nth_error (
cons a l) (
S j) =
List.nth_error l j).
auto.
rewrite <-
H3.
apply H0.
Omega.omega.
Qed.
Lemma nil_l1:
forall A l1 l2,
@
app A l1 l2 =
nil->
l1 =
nil /\
l2 =
nil.
Proof.
destruct l1 eqn:?,l2 eqn:?;auto;inversion 1. Qed.
Lemma atomblockstarN_ltid_split:
forall i ltids pc fp pc',
atomblockstarN i ltids pc fp pc'->
forall l1 l2,
ltids =
app l1 l2 ->
exists fp1 pc1 fp2,
atomblockstarN (
length l1)
l1 pc fp1 pc1 /\
atomblockstarN (
length l2)
l2 pc1 fp2 pc' /\
FP.union fp1 fp2 =
fp.
Proof.
intros.
apply atomblockstarN_atomO in H as ?.
destruct H1.
revert l1 l2 H0.
induction H;
intros.
symmetry in H0.
apply nil_l1 in H0 as [];
subst.
do 3
eexists;
split;
econstructor;
eauto.
constructor;
auto.
rewrite FP.emp_union_fp;
auto.
destruct l1 eqn:?.
{
destruct l2 eqn:?;
inversion H5;
subst.
exists FP.emp,
pc,(
FP.union (
FP.union fp1 fp2)
fp).
split;
constructor;
auto.
simpl.
econstructor 2;
eauto.
apply atomblockstarN_length in H4 as ?.
rewrite H6.
congruence.
}
{
inversion H5;
subst.
apply atomblockstarN_atomO in H4 as ?.
destruct H6 as (?&
_).
specialize (
IHatomblockstarN H6 H2 l0 l2)
as (?&?&?&?&?&?);
auto.
eapply cons_atomblock_1 in H7;
eauto.
do 3
eexists.
split;
eauto.
split;
eauto.
rewrite <-
H9.
rewrite FP.fp_union_assoc;
auto.
}
Qed.
Lemma glob_npnsw_step_atomblockstarN_inv_ex:
forall i ltids fp1 pc3 pc l fp pc1 pc2,
invpc pc->
glob_npnsw_step pc l fp pc1->
glob_step pc1 sw FP.emp pc2->
atomblockstarN i ltids pc2 fp1 pc3->
(
exists i l fp'
pc',
atomblockstarN i l ({-|
pc,
cur_tid pc2})
fp'
pc' /\
predicted_abort1 pc') \/
(
race glob_predict_star_alter pc) \/
(
exists i l fp'
pc',
atomblockstarN (
S i)
l ({-|
pc,
cur_tid pc2})
fp'
pc' /\
race glob_predict_star_alter pc' )\/
(
exists pc',
atomblockstarN i ltids ({-|
pc,
cur_tid pc2})
fp1 pc' /\
exists pc'',
glob_npnsw_step ({-|
pc',
cur_tid pc})
l fp pc'' /\
mem_eq_pc GE pc3 ({-|
pc'',
cur_tid pc3})) \/
exists pc',
atomblockstarN i ltids ({-|
pc,
cur_tid pc2}) (
FP.union fp1 fp)
pc' /\
mem_eq_pc GE pc3 ({-|
pc',
cur_tid pc3}).
Proof.
Lemma noevt_stepN_0:
forall pc fp pc',
noevt_stepN glob_step 0
pc fp pc'->
fp=
FP.emp /\
sw_star glob_step pc pc'.
Proof.
intros.
remember 0.
remember glob_step.
induction H.
split;
auto.
constructor.
specialize (
IHnoevt_stepN Heqn HeqP)
as [];
subst.
rewrite FP.fp_union_emp.
inversion H;
subst.
split;
auto.
eapply sw_star_cons;
eauto.
inversion Heqn.
Qed.
Lemma noevt_stepN_Si_inv:
forall i pc fp pc',
noevt_stepN glob_step (
S i)
pc fp pc'->
exists pc1,
sw_star glob_step pc pc1 /\
exists fp1 pc2,
glob_step pc1 tau fp1 pc2 /\
exists fp2,
noevt_stepN glob_step i pc2 fp2 pc'/\
FP.union fp1 fp2 =
fp.
Proof.
intros.
remember (
S i).
remember glob_step.
induction H.
inversion Heqn.
Hsimpl;
subst.
assert(
fp=
FP.emp).
inversion H;
auto.
subst.
eapply sw_star_cons in H;
eauto.
Esimpl;
eauto.
clear IHnoevt_stepN;
subst.
eexists;
split.
constructor.
inversion Heqn;
subst.
do 3
eexists;
eauto.
Qed.
Lemma noevt_stepN_IO:
forall i pc fp pc',
noevt_stepN glob_step i pc fp pc'->
atom_bit pc =
I ->
atom_bit pc' =
O->
exists pc1 fp1,
tau_star (
type_glob_step core)
pc fp1 pc1 /\
exists pc2,
type_glob_step extat pc1 tau FP.emp pc2 /\
exists j fp2,
noevt_stepN glob_step j pc2 fp2 pc' /\
j<
i /\
FP.union fp1 fp2 =
fp.
Proof.
induction i;
intros.
remember glob_step.
remember 0.
induction H.
rewrite H0 in H1;
inversion H1.
subst.
inversion H;
subst.
inversion H0.
inversion Heqn.
apply noevt_stepN_Si_inv in H .
Hsimpl.
eapply glob_sw_star_I in H;
eauto.
subst.
destruct (
atom_bit x1)
eqn:?.
{
exists x,
FP.emp;
split.
constructor.
apply type_glob_step_exists in H2 as [
j];
destruct j;
subst;
try(
inversion H;
subst;
simpl in *;
subst;
try inversion H0;
try inversion Heqb;
fail).
assert(
x0=
FP.emp).
inversion H;
auto.
subst.
Esimpl;
eauto.
}
{
apply type_glob_step_exists in H2 as [
j];
destruct j;
try(
inversion H;
subst;
inversion H0;
simpl in *;
subst;
try inversion Heqb;
fail).
eapply IHi in H3 as ?;
eauto;
Hsimpl.
eapply tau_star_cons in H;
eauto.
Esimpl;
eauto.
rewrite <-
H7.
rewrite FP.fp_union_assoc;
auto.
}
Qed.
Lemma swstar_noevt_stepN:
forall pc pc',
sw_star glob_step pc pc'->
noevt_stepN glob_step 0
pc FP.emp pc'.
Proof.
Lemma swstar_l3:
forall ge pc pc',
sw_star (@
glob_step ge)
pc pc'->
pc =
pc' \/
glob_step pc sw FP.emp pc'.
Proof.
induction 1;intros.
auto.
destruct IHsw_star.
subst;auto.
right;inversion H;subst;inversion H1;subst;econstructor;eauto.
Qed.
Lemma noevt_stepN_Si_sp:
forall i pc fp pc',
noevt_stepN glob_step (
S i)
pc fp pc'->
exists fp1 pc1,
noevt_stepN glob_step i pc fp1 pc1/\
exists fp2 pc2,
glob_step pc1 tau fp2 pc2 /\
sw_star glob_step pc2 pc' /\
FP.union fp1 fp2 =
fp.
Proof.
Lemma noevt_stepN_cons_taustep:
forall i pc fp pc'
fp'
pc'',
noevt_stepN glob_step i pc fp pc'->
glob_step pc'
tau fp'
pc''->
noevt_stepN glob_step (
S i)
pc (
FP.union fp fp')
pc''.
Proof.
Lemma noevt_stepN_OI:
forall i pc fp pc',
noevt_stepN glob_step i pc fp pc'->
atom_bit pc =
O->
atom_bit pc' =
I->
exists i1 fp1 pc1,
noevt_stepN glob_step i1 pc fp1 pc1 /\
exists pc2,
type_glob_step entat pc1 tau FP.emp pc2/\
exists i2 fp2,
tau_N (
type_glob_step core)
i2 pc2 fp2 pc'/\
i1+
i2+1=
i/\
FP.union fp1 fp2 =
fp.
Proof.
Lemma noevt_stepN_Si_inv2:
forall i pc fp pc',
invpc pc->
noevt_stepN glob_step (
S i)
pc fp pc'->
atom_bit pc =
O->
atom_bit pc' =
O ->
exists pc1,
sw_star glob_step pc pc1 /\
((
exists fp1 pc2 fp2 j,
glob_step pc1 tau fp1 pc2 /\
atom_bit pc2 =
atom_bit pc1 /\
noevt_stepN glob_step j pc2 fp2 pc' /\
j<=
i /\
FP.union fp1 fp2 =
fp) \/
(
exists fp1 pc2 fp2 j,
atomblockstep pc1 tau fp1 pc2/\
cur_valid_id pc2 /\
noevt_stepN glob_step j pc2 fp2 pc' /\
j<=
i /\
FP.union fp1 fp2 =
fp)).
Proof.
Lemma globstep_nothalted:
forall ge pc l fp pc',
@
glob_step ge pc l fp pc'->
l <>
sw->
~
ThreadPool.halted pc.(
thread_pool)
pc.(
cur_tid).
Proof.
intros.
intro.
inversion H;subst;solv_thread.
Qed.
Lemma npstep_nothalted:
forall ge pc l fp pc',
@
np_step ge pc l fp pc'->
~
ThreadPool.halted pc.(
thread_pool)
pc.(
cur_tid).
Proof.
intros;intro.
inversion H;subst;solv_thread.
Qed.
Lemma globstep_validtid:
forall ge pc l fp pc',
@
glob_step ge pc l fp pc'->
l <>
sw ->
ThreadPool.inv pc.(
thread_pool)->
ThreadPool.valid_tid pc.(
thread_pool)
pc.(
cur_tid).
Proof.
Lemma globstep_pc_valid_curtid:
forall ge pc l fp pc',
ThreadPool.inv pc.(
thread_pool)->
@
glob_step ge pc l fp pc'->
l <>
sw->
pc_valid_tid pc pc.(
cur_tid).
Proof.
Lemma noevt_stepN_cur_tid_not_valid_Si:
forall i pc fp pc',
invpc pc->
noevt_stepN glob_step i pc fp pc'->
i > 0 ->
~
cur_valid_id pc->
exists pc1,
glob_step pc sw FP.emp pc1 /\
cur_valid_id pc1 /\
noevt_stepN glob_step i pc1 fp pc'.
Proof.
pose wdge.
pose modwdge.
intros i pc fp pc'
R;
intros.
inversion H;
subst.
inversion H0.
assert(
fp0=
FP.emp).
inversion H2;
auto.
subst.
rewrite FP.emp_union_fp.
exists pc'0.
split;
auto.
split;
auto.
inversion H2;
subst;
split;
auto.
contradict H1.
eapply globstep_pc_valid_curtid;
eauto.
intro contra;
inversion contra.
Qed.
Lemma race_changetid:
forall pc,
race (@
glob_predict_star_alter GE )
pc->
forall t,
race glob_predict_star_alter ({-|
pc,
t}).
Proof.
inversion 1;subst.
intros.
econstructor;eauto.
inversion H1;subst;econstructor;eauto.
inversion H2;subst;econstructor;eauto.
Qed.
Lemma mem_eq_predict:
forall pc pc',
mem_eq_pc GE pc pc'->
forall t b fp,
glob_predict_star_alter pc t b fp->
glob_predict_star_alter pc'
t b fp.
Proof.
Lemma mem_eq_race:
forall pc pc',
mem_eq_pc GE pc pc'->
race glob_predict_star_alter pc ->
race glob_predict_star_alter pc'.
Proof.
inversion 2;
subst;
econstructor;
eauto;
eapply mem_eq_predict;
eauto. Qed.
Lemma non_evt_star_star{
State:
Type}:
forall step s fp s',
@
non_evt_star State step s fp s'->
exists l,
star step s l fp s'.
Proof.
induction 1.
eexists. constructor.
destruct IHnon_evt_star.
destruct H;eexists;econstructor;eauto.
Qed.
Lemma swstar_l:
forall pc pc',
sw_star glob_step pc pc'->
pc =
pc' \/ @
glob_step GE pc sw FP.emp pc' /\
cur_tid pc <>
cur_tid pc'.
Proof.
induction 1;
intros.
auto.
destruct IHsw_star.
subst.
assert(
cur_tid s1 =
cur_tid s3 \/ ~
cur_tid s1 =
cur_tid s3).
apply classic.
destruct H1;
auto.
inversion H;
subst.
left.
simpl in *;
congruence.
assert(
cur_tid s1 =
cur_tid s3 \/ ~
cur_tid s1 =
cur_tid s3).
apply classic.
assert(
glob_step s1 sw FP.emp s3).
inversion H;
subst;
inversion H1.
inversion H3;
subst;
auto.
econstructor;
eauto.
destruct H2.
inversion H3;
subst;
left;
eauto.
simpl in *;
auto.
congruence.
right;
eauto.
Qed.
Lemma atomblockstarN_pc_valid_tid_last:
forall i l fp pc pc',
forall (
v1:
ThreadPool.inv pc.(
thread_pool)),
atomblockstarN (
S i)
l pc fp pc'->
pc_valid_tid pc (
cur_tid pc').
Proof.
Lemma atomblockstarN_globstar:
forall i l fp pc pc',
atomblockstarN i l pc fp pc'->
exists l',
star glob_step pc l'
fp pc'.
Proof.
Lemma noevt_stepN_Si_to_atomblockstarN:
forall i pc fp pc',
noevt_stepN glob_step i pc fp pc'->
i>0->
atom_bit pc =
O ->
atom_bit pc' =
O->
invpc pc->
exists pc1,
sw_star glob_step pc pc1 /\
(
(
exists i l fp'
pc2,
atomblockstarN i l pc1 fp'
pc2 /\
predicted_abort1 pc2) \/
(
race glob_predict_star_alter pc1) \/
(
exists j l fp'
pc2,
atomblockstarN (
S j)
l pc1 fp'
pc2 /\
race glob_predict_star_alter pc2 )\/
(
exists j l fp'
pc2,
atomblockstarN j l pc1 fp'
pc2 /\
exists fp''
pc3,
npnsw_or_sw_star pc2 fp''
pc3 /\
mem_eq_pc GE pc' ({-|
pc3,
cur_tid pc'}) /\
FP.union fp'
fp'' =
fp)).
Proof.
pose wdge.
pose modwdge.
induction i using (
well_founded_induction lt_wf).
intros.
destruct i.
inversion H1.
clear H1.
rename H2 into H1.
rename H3 into H2.
rename H4 into H3.
apply noevt_stepN_Si_inv2 in H0 as ?;
auto.
destruct H4 as (?&?&?).
destruct H5.
{
destruct H5 as (?&?&?&?&?&?&?&?&
T1).
apply type_glob_step_exists in H5 as [].
apply glob_tau_no_atom_type in H5 as ?;
auto.
destruct H9.
{
eexists;
split;
eauto.
subst.
assert(
x0=
FP.emp).
inversion H5;
auto.
subst.
assert(
atomblockstarN 1 (
cons (
cur_tid x)
nil)
x (
FP.union (
FP.union FP.emp FP.emp)
FP.emp)
x1).
econstructor.
constructor.
right;
eauto.
constructor.
constructor.
inversion H5;
auto.
assert(
atom_bit x1 =
O).
inversion H5;
auto.
destruct x3.
{
apply noevt_stepN_0 in H7 as [].
right;
right;
right.
do 5
eexists;
eauto.
exists FP.emp,
pc'.
rewrite pc_cur_tid.
Esimpl.
eapply swstar_cons_npnsw_or_sw_star;
eauto.
econstructor;
constructor.
apply mem_eq_pc_refl.
subst.
repeat rewrite FP.fp_union_emp;
auto.
}
apply H in H7 as (?&?&?);
auto.
eapply atomblockstarN_cons_swstar in H9;
eauto.
destruct H11 as [|[|[]]].
{
left.
Hsimpl.
eapply atomblockstarN_cons'
in H11;
eauto.
Esimpl;
eauto.
}
{
right;
right;
left.
do 5
eexists;
eauto.
}
{
right;
right;
left.
destruct H11 as (?&?&?&?&?&?).
eapply atomblockstarN_cons in H11;
eauto.
do 5
eexists;
eauto.
}
{
right;
right;
right.
destruct H11 as (?&?&?&?&?&?).
eapply atomblockstarN_cons in H11;
eauto.
repeat rewrite FP.emp_union_fp in *.
do 5
eexists;
eauto.
}
Omega.omega.
Omega.omega.
apply swstar_l1 in H4.
apply type_glob_step_elim in H5.
eapply GE_mod_wd_tp_inv in H5;
eauto.
rewrite H4;
auto.
}
{
apply npnswstep_l3 in H5;
auto.
clear H9.
assert(
atom_bit x1 =
O).
apply swstar_l1 in H4.
rewrite H4 in H6.
simpl in H6.
congruence.
assert(
x3<
S i).
Omega.omega.
apply swstar_l1 in H4 as ?.
assert(
invpc x).
rewrite H11.
auto.
apply npnsw_step_thdpinv in H5 as ?;
auto.
destruct x3.
apply noevt_stepN_0 in H7 as [];
subst.
eexists;
split;
eauto.
right;
right;
right.
exists 0,
nil,
FP.emp,
x.
split.
constructor.
destruct H5 as [|[]];
inversion H5;
subst;
auto.
exists (
FP.union x0 FP.emp),
x1.
split.
exists (
cons tau nil).
eapply star_step;
eauto.
left;
eauto.
constructor.
apply swstar_memeqpc in H14;
auto.
eapply H in H7 as ?;
eauto.
destruct H14 as (?&?&?).
destruct H15 as [|[|[]]].
{
Hsimpl.
destruct x6.
{
inversion H15;
subst;
clear H15.
apply swstar_l in H14.
destruct H14.
subst.
eapply npnswstep_predicted_abort in H16;
eauto;
try congruence.
Esimpl;
eauto.
left;
Esimpl;
eauto.
constructor.
congruence.
destruct H14.
eapply npnswstep_sw_predicted_abort1 in H16;
eauto.
destruct H16.
Hsimpl.
assert(
sw_star glob_step pc ({-|
x,
x5})).
rewrite H11;
simpl.
rewrite H11 in H16;
simpl in H16.
econstructor 2;[|
constructor].
destruct pc,
H16;
simpl in *;
subst;
econstructor;
eauto.
Esimpl;
eauto.
left;
Esimpl;
eauto.
constructor.
rewrite H11;
simpl;
congruence.
Esimpl;
eauto.
}
apply swstar_l1 in H14 as ?.
assert(
invpc x5).
rewrite H17;
auto.
apply atomblockstarN_cur_valid_tid in H15 as ?;
auto;
try Omega.omega.
assert(
glob_step x1 sw FP.emp x5).
destruct x1,
x5,
H19;
simpl in *;
subst;
inversion H17;
subst;
rewrite H9;
econstructor;
eauto.
eapply glob_npnsw_step_atomblockstarN_inv_ex in H5 as ?;
try apply H15;
eauto.
destruct H21 as [|[|[|[]]]];
Hsimpl.
{
enough(
sw_star glob_step pc ({-|
x,
cur_tid x5})).
Esimpl;
eauto.
left;
Esimpl;
eauto.
assert(
pc_valid_tid x1 (
cur_tid x5)).
inversion H20;
subst;
split;
auto.
eapply npnswstep_pc_valid_tid_backwards_preservation in H5;
eauto.
rewrite H11 in *;
simpl in *.
econstructor 2;[|
constructor].
destruct pc,
H5;
simpl in *;
subst.
rewrite H1.
econstructor;
eauto.
}
{
enough(
sw_star glob_step pc ({-|
x,
cur_tid x5})).
Esimpl;
eauto.
right;
left.
inversion H21;
subst;
econstructor;
eauto.
inversion H24;
subst;[
econstructor|
econstructor 2];
eauto.
inversion H25;
subst;[
econstructor|
econstructor 2];
eauto.
assert(
pc_valid_tid x1 (
cur_tid x5)).
inversion H20;
subst;
split;
auto.
eapply npnswstep_pc_valid_tid_backwards_preservation in H5;
eauto.
rewrite H11 in *;
simpl in *.
econstructor 2;[|
constructor].
destruct pc,
H5;
simpl in *;
subst.
rewrite H1.
econstructor;
eauto.
}
{
enough(
sw_star glob_step pc ({-|
x,
cur_tid x5})).
Esimpl;
eauto.
right;
right;
left.
Esimpl;
eauto.
assert(
pc_valid_tid x1 (
cur_tid x5)).
inversion H20;
subst;
split;
auto.
eapply npnswstep_pc_valid_tid_backwards_preservation in H5;
eauto.
rewrite H11 in *;
simpl in *.
econstructor 2;[|
constructor].
destruct pc,
H5;
simpl in *;
subst.
rewrite H1.
econstructor;
eauto.
}
{
pose proof H23 as R1.
apply mem_eq_predicted_abort1 in H23;
auto.
assert(
sw_star glob_step pc ({-|
x,
cur_tid x5})).
assert(
pc_valid_tid x1 (
cur_tid x5)).
inversion H20;
subst;
split;
auto.
eapply npnswstep_pc_valid_tid_backwards_preservation in H5;
eauto.
rewrite H11 in *;
simpl in *.
econstructor 2;[|
constructor].
destruct pc,
H5;
simpl in *;
subst.
rewrite H1.
econstructor;
eauto.
assert(
cur_tid x11 =
cur_tid x9 \/
cur_tid x11 <>
cur_tid x9).
apply classic.
destruct H25.
{
rewrite <-
H25,
pc_cur_tid in H23.
enough(
invpc x10).
enough(
atom_bit x10 =
O).
eapply npnswstep_predicted_abort in H22;
eauto.
apply predicted_abort1_sw in H22 as ?;
auto.
assert(
glob_step x10 sw FP.emp ({-|
x10,
cur_tid x})).
destruct x10,
H28;
simpl in *;
subst;
econstructor;
eauto.
eapply atomblockstarN_cons_sw in H21;
eauto.
Esimpl;
eauto.
left;
Esimpl;
eauto.
apply atomblockstarN_atomO in H21 as [];
auto.
apply atomblockstarN_invpc_preservation in H21;
auto.
}
{
enough(
invpc x10).
enough(
atom_bit x10 =
O).
eapply npnswstep_sw_predicted_abort1 in H22 as ?;
try apply H23;
eauto.
destruct H28.
{
Hsimpl.
simpl in *.
assert(
glob_step x10 sw FP.emp ({-|
x10,
x12})).
destruct x10,
H28;
simpl in *;
subst;
econstructor;
eauto.
eapply atomblockstarN_cons_sw in H21;
eauto.
Esimpl;
eauto.
left;
Esimpl;
eauto.
}
{
assert(
race glob_predict_star_alter x10).
inversion H28;
subst;
econstructor;
eauto.
inversion H30;
subst;[
econstructor|
econstructor 2];
eauto.
inversion H31;
subst;[
econstructor|
econstructor 2];
eauto.
Esimpl;
eauto.
right;
right;
left;
Esimpl;
eauto.
}
apply atomblockstarN_atomO in H21 as ?.
apply atomblockstarN_pc_valid_tid_last in H15;
auto.
rewrite H17 in H15.
eapply npnswstep_pc_valid_tid_backwards_preservation in H5;
eauto.
rewrite H11 in H5.
apply npnswstep_l2 in H22 as ?.
simpl in H29;
rewrite H27 in H29.
enough(
pc_valid_tid x11 (
cur_tid x9)).
destruct x11,
H30;
simpl in *;
subst;
econstructor;
eauto.
rewrite H11 in H21.
simpl in H21.
apply predicted_abort1_sw in H16;
auto.
destruct R1;
Hsimpl;
simpl in *.
destruct H16.
split;
congruence.
apply npnsw_step_thdpinv in H22;
auto.
destruct R1.
simpl in *.
unfold invpc.
congruence.
apply atomblockstarN_atomO in H21 as [];
auto.
apply atomblockstarN_invpc_preservation in H21;
auto.
}
}
{
eapply mem_eq_predicted_abort1 in H22;
eauto.
enough(
sw_star glob_step pc ({-|
x,
cur_tid x5})).
apply predicted_abort1_sw in H22 as ?;
auto.
assert(
glob_step x10 sw FP.emp ({-|
x10,
cur_tid x9})).
apply atomblockstarN_atomO in H21 as [].
destruct x10,
H24;
simpl in *;
subst.
econstructor;
eauto.
eapply atomblockstarN_cons_sw in H21 as ?;
eauto.
Esimpl;
eauto.
left.
Esimpl;
eauto.
apply atomblockstarN_invpc_preservation in H21;
eauto.
assert(
pc_valid_tid x1 (
cur_tid x5)).
inversion H20;
subst;
split;
auto.
eapply npnswstep_pc_valid_tid_backwards_preservation in H5;
eauto.
rewrite H11 in *;
simpl in *.
econstructor 2;[|
constructor].
destruct pc,
H5;
simpl in *;
subst.
rewrite H1.
econstructor;
eauto.
}
}
{
apply swstar_l1 in H14.
rewrite H14 in H15.
apply race_changetid with (
t:=
cur_tid x1)
in H15.
simpl in H15.
rewrite pc_cur_tid in H15.
eapply npnsw_step_race_glob_predict_star_alter_cons_2 in H15;
eauto.
destruct H15;
eauto.
Hsimpl.
rewrite H11 in H15.
assert(
sw_star glob_step pc ({-|
x,
x6})).
rewrite H11.
simpl.
econstructor 2;[|
constructor].
destruct pc,
H15;
simpl in *;
subst.
econstructor;
eauto.
Esimpl;
eauto.
left.
Esimpl;
eauto.
constructor.
rewrite H11;
simpl;
congruence.
}
{
destruct H15 as (?&?&?&?&?&?).
apply swstar_l1 in H14 as ?.
assert(
invpc x5).
rewrite H17;
auto.
apply atomblockstarN_cur_valid_tid in H15 as ?;
auto;
try Omega.omega.
assert(
glob_step x1 sw FP.emp x5).
destruct x1,
x5,
H19;
simpl in *;
subst;
inversion H17;
subst;
rewrite H9;
econstructor;
eauto.
eapply glob_npnsw_step_atomblockstarN_inv_ex in H5 as ?;
eauto.
destruct H21 as [|[|[|[]]]].
{
Hsimpl.
enough(
sw_star glob_step pc ({-|
x,
cur_tid x5})).
Esimpl;
eauto.
left.
Esimpl;
eauto.
econstructor 2;[|
constructor].
enough(
pc_valid_tid pc (
cur_tid x5)).
destruct pc,
H23;
simpl in *;
subst.
rewrite H11;
econstructor;
eauto.
rewrite H11 in H5.
eapply npnswstep_pc_valid_tid_backwards_preservation in H5;
eauto.
rewrite H17 in H19.
auto.
}
{
eexists;
split;
eauto.
}
{
destruct H21 as (?&?&?&?&?&?).
assert(
glob_step x sw FP.emp ({-|
x,
cur_tid x5})).
apply atomblockstarN_atomO in H21 as ?;
auto.
destruct H23.
apply atomblockstarN_cur_valid_tid in H21;
auto.
destruct x,
H21;
simpl in *;
subst;
rewrite H23;
econstructor;
eauto.
Omega.omega.
assert(
sw_star glob_step pc ({-|
x,
cur_tid x5})).
revert H4 H23.
clear.
induction 1;
intros.
econstructor;
eauto.
constructor.
econstructor;
eauto.
exists ({-|
x,
cur_tid x5});
split;
auto.
right;
right;
left.
do 5
eexists;
eauto.
}
{
destruct H21 as (?&?&?&?&?).
eapply mem_eq_race in H16;
try apply H23.
eapply race_changetid with(
t:=
cur_tid x11)
in H16.
simpl in H16.
rewrite pc_cur_tid in H16.
eapply npnsw_step_race_glob_predict_star_alter_cons_2 in H22;
eauto.
assert(
glob_step x sw FP.emp ({-|
x,
cur_tid x5})).
apply atomblockstarN_atomO in H21 as ?;
auto.
destruct H24.
apply atomblockstarN_cur_valid_tid in H21;
auto.
destruct x,
H21;
simpl in *;
subst;
rewrite H24;
econstructor;
eauto.
Omega.omega.
assert(
sw_star glob_step pc ({-|
x,
cur_tid x5})).
revert H4 H24.
clear.
induction 1;
intros.
econstructor;
eauto.
constructor.
econstructor;
eauto.
destruct H22.
Focus 2.
{
apply race_changetid with(
t:=
cur_tid x10)
in H22.
simpl in H22.
rewrite pc_cur_tid in H22.
eexists;
split;
eauto.
right;
right;
left.
do 5
eexists;
eauto.
}
Unfocus.
Hsimpl.
simpl in *.
Esimpl;
eauto.
left.
assert(
glob_step x10 sw FP.emp ({-|
x10,
x12})).
apply atomblockstarN_atomO in H21 as [].
destruct x10,
H22;
simpl in *;
subst;
econstructor;
eauto.
eapply atomblockstarN_cons_sw in H21;
eauto.
Esimpl;
eauto.
simpl.
eapply atomblockstarN_invpc_preservation;
eauto.
}
{
destruct H21 as (?&?&?).
assert(
glob_step x sw FP.emp ({-|
x,
cur_tid x5})).
apply atomblockstarN_atomO in H21 as ?;
auto.
destruct H23.
apply atomblockstarN_cur_valid_tid in H21;
auto.
destruct x,
H21;
simpl in *;
subst;
rewrite H23;
econstructor;
eauto.
Omega.omega.
assert(
sw_star glob_step pc ({-|
x,
cur_tid x5})).
revert H4 H23.
clear.
induction 1;
intros.
econstructor;
eauto.
constructor.
econstructor;
eauto.
eapply mem_eq_race in H22;
eauto.
apply race_changetid with (
t:=
cur_tid x10)
in H22;
simpl in H22;
rewrite pc_cur_tid in H22.
eexists;
split;
eauto.
right;
right;
left.
do 5
eexists;
eauto.
}
}
{
destruct H15 as (?&?&?&?&?&?&?&?&?).
destruct x6.
{
inversion H15;
subst.
eexists;
split;
eauto.
right;
right;
right.
do 5
eexists.
constructor.
apply npnswstep_l2 in H5;
congruence.
eapply swstar_cons_npnsw_or_sw_star in H14;
eauto.
eapply npnsw_step_cons_npnsw_or_sw_star in H5;
eauto.
destruct H17.
rewrite <-
H19,
FP.emp_union_fp.
Esimpl;
eauto.
}
{
assert(
invpc x5).
apply swstar_l1 in H14 as ?.
rewrite H18;
auto.
apply atomblockstarN_cur_valid_tid in H15 as ?;
auto;
try Omega.omega.
apply swstar_l2 in H14;
auto.
eapply glob_npnsw_step_atomblockstarN_inv_ex in H5 as ?;
eauto.
destruct H20 as [|[|[|[]]]].
{
Hsimpl.
enough(
sw_star glob_step pc ({-|
x,
cur_tid x5})).
Esimpl;
eauto.
left;
Esimpl;
eauto.
rewrite H11 in *;
simpl in *.
econstructor 2;[|
constructor].
assert(
pc_valid_tid x1 (
cur_tid x5)).
inversion H14;
split;
auto.
eapply npnswstep_pc_valid_tid_backwards_preservation in H5;
eauto.
destruct pc,
H5;
simpl in *;
subst.
rewrite H9.
econstructor;
eauto.
}
{
eexists;
split;
eauto.
}
{
destruct H20 as (?&?&?&?&?&?).
apply atomblockstarN_cur_valid_tid in H20 as ?.
assert(
type_glob_step glob_sw x sw FP.emp ({-|
x,
cur_tid x5})).
destruct H22.
destruct x;
simpl in *;
subst.
rewrite H9.
econstructor;
eauto.
rewrite H11 in H23.
simpl in H23.
assert(
glob_step pc sw FP.emp ({-|
x,
cur_tid x5})).
rewrite H11.
destruct pc;
inversion H23;
subst.
econstructor;
eauto.
assert(
sw_star glob_step pc ({-|
x,
cur_tid x5})).
econstructor;
eauto.
constructor.
eexists;
split;
eauto.
right;
right;
left.
do 5
eexists;
eauto.
Omega.omega.
auto.
}
{
destruct H20 as (?&?&?&?&?).
apply atomblockstarN_cur_valid_tid in H20 as ?;
auto;
try Omega.omega.
assert(
type_glob_step glob_sw x sw FP.emp ({-|
x,
cur_tid x5})).
destruct H23.
destruct x;
simpl in *;
subst.
rewrite H9.
econstructor;
eauto.
rewrite H11 in H24.
simpl in H24.
assert(
glob_step pc sw FP.emp ({-|
x,
cur_tid x5})).
rewrite H11.
destruct pc;
inversion H24;
subst.
econstructor;
eauto.
assert(
sw_star glob_step pc ({-|
x,
cur_tid x5})).
econstructor;
eauto.
constructor.
eexists;
split;
eauto.
right;
right;
right.
do 5
eexists;
eauto.
assert(
L1:
invpc x12).
eapply atomblockstarN_invpc_preservation in H20;
eauto.
assert(
L2:
glob_step x12 sw FP.emp ({-|
x12,
cur_tid x})).
assert(
pc_valid_tid x12 (
cur_tid x)).
apply npnswstep_cur_valid_tid in H21;
auto.
apply atomblockstarN_atomO in H20 as [].
destruct x12,
H27;
simpl in *;
subst;
econstructor;
eauto.
assert(
cur_valid_id x9 \/~
cur_valid_id x9).
apply classic.
destruct H27.
{
assert(
cur_valid_id ({-|
x13,
cur_tid x9})).
inversion H22 as (?&?&?&?).
destruct H27.
split;
simpl in *;
subst;
congruence.
assert(
type_glob_step glob_sw x13 sw FP.emp ({-|
x13,
cur_tid x9})).
apply atomblockstarN_atomO in H20 as [].
eapply glob_npnsw_step_bitO_preserve in H21;
eauto.
destruct x13,
H28;
simpl in *;
subst;
econstructor;
eauto.
eapply mem_eq_npnsw_or_sw_star in H22 as (?&?&?);
eauto.
assert(
sw_star glob_step x13 ({-|
x13,
cur_tid x9})).
econstructor;
eauto.
eapply type_glob_step_elim;
eauto.
constructor.
eapply swstar_cons_npnsw_or_sw_star in H22;
eauto.
eapply npnsw_step_cons_npnsw_or_sw_star in H22;
eauto.
assert(
sw_star glob_step x12 ({-|
x12,
cur_tid x})).
econstructor;
eauto.
constructor.
eapply swstar_cons_npnsw_or_sw_star in H32;
try apply H22;
eauto.
do 2
eexists;
split;
eauto;
split.
destruct H17.
eapply mem_eq_pc_trans;
eauto.
apply mem_eq_pc_change;
auto.
destruct H17.
rewrite <-
T1.
rewrite <-
H33.
rewrite FP.union_comm_eq with(
fp1:=
x0).
rewrite FP.fp_union_assoc.
rewrite FP.union_comm_eq with (
fp1:=
x0).
auto.
}
{
eapply npnsw_or_sw_star_not_cur_valid_tid in H27;
eauto.
destruct H27.
{
subst.
assert(
npnsw_or_sw_star ({-|
x12,
cur_tid x})
x0 x13).
eexists.
rewrite <-
FP.fp_union_emp with(
fp:=
x0).
econstructor.
left.
eauto.
constructor.
assert(
sw_star glob_step x12 ({-|
x12,
cur_tid x})).
econstructor;
eauto.
constructor.
eapply swstar_cons_npnsw_or_sw_star in H28;
try apply H27;
eauto.
do 2
eexists;
split;
eauto;
split;
destruct H17,
H27;
subst.
eapply mem_eq_pc_trans;
eauto.
eapply mem_eq_pc_change in H22;
eauto.
rewrite FP.fp_union_emp.
rewrite FP.union_comm_eq;
auto.
}
{
destruct H27 as (?&?&?).
apply type_glob_step_exists in H27 as [].
destruct x15;
subst;
try(
inversion H27;
fail).
assert(
type_glob_step glob_sw ({-|
x9,
cur_tid x13})
sw FP.emp x14).
inversion H27;
subst.
econstructor;
eauto.
apply mem_eq_pc_change with(
t:=
cur_tid x13)
in H22 as ?.
simpl in H30.
rewrite pc_cur_tid in H30.
eapply mem_eq_globstep in H30 as (?&?&?);
eauto.
eapply mem_eq_npnsw_or_sw_star in H31 as (?&?&?);
eauto.
exists (
FP.union FP.emp (
FP.union x0 (
FP.union FP.emp x10))),
x16.
apply type_glob_step_exists in L2 as [].
destruct x17;
subst;
try(
inversion H33;
fail).
destruct H31.
split;
auto.
econstructor;
eauto.
econstructor;
eauto.
right;
eauto.
econstructor;
eauto.
left;
eauto.
econstructor;
eauto.
right;
eauto.
destruct H17;
subst;
split.
eapply mem_eq_pc_trans;
eauto.
eapply mem_eq_pc_change;
eauto.
repeat rewrite FP.emp_union_fp.
rewrite FP.union_comm_eq with(
fp1:=
x0) .
rewrite FP.fp_union_assoc.
rewrite FP.union_comm_eq with(
fp1:=
x0).
auto.
}
apply atomblockstarN_invpc_preservation in H15;
auto.
apply atomblockstarN_atomO in H15 as [];
auto.
}
}
{
destruct H20 as (?&?&?).
apply atomblockstarN_cur_valid_tid in H20 as ?;
auto;
try Omega.omega.
assert(
type_glob_step glob_sw x sw FP.emp ({-|
x,
cur_tid x5})).
destruct H22.
destruct x;
simpl in *;
subst.
rewrite H9.
econstructor;
eauto.
rewrite H11 in H22.
simpl in H22.
assert(
glob_step pc sw FP.emp ({-|
x,
cur_tid x5})).
rewrite H11.
destruct pc;
inversion H22;
simpl in *;
subst.
econstructor;
eauto.
assert(
sw_star glob_step pc ({-|
x,
cur_tid x5})).
econstructor;
eauto.
constructor.
eexists;
split;
eauto.
right;
right;
right.
do 5
eexists;
eauto.
assert(
cur_valid_id x9 \/~
cur_valid_id x9).
apply classic.
destruct H26.
{
assert(
pc_valid_tid x12 (
cur_tid x9)).
inversion H21 as (?&?&?&?).
destruct H26.
simpl in *;
subst;
split;
congruence.
assert(
type_glob_step glob_sw x12 sw FP.emp ({-|
x12,
cur_tid x9})).
apply atomblockstarN_atomO in H20 as [].
destruct x12,
H27;
simpl in *;
subst;
econstructor;
eauto.
eapply mem_eq_npnsw_or_sw_star in H21 as (?&?&?);
eauto.
destruct H21.
do 3
eexists.
eexists.
eapply star_step;
eauto.
right;
eauto.
destruct H17;
split.
eapply mem_eq_pc_trans;
eauto.
eapply mem_eq_pc_change;
eauto.
subst.
rewrite FP.emp_union_fp.
rewrite FP.fp_union_assoc .
rewrite FP.union_comm_eq with(
fp1:=
x8).
auto.
}
{
eapply npnsw_or_sw_star_not_cur_valid_tid in H26;
eauto.
destruct H26.
{
subst.
exists FP.emp,
x12.
split.
eexists.
constructor.
destruct H17,
H26;
subst;
split.
eapply mem_eq_pc_trans;
eauto.
eapply mem_eq_pc_change in H21;
eauto.
do 2
rewrite FP.fp_union_emp.
rewrite FP.union_comm_eq;
auto.
}
{
destruct H26 as (?&?&?).
apply type_glob_step_exists in H26 as [].
destruct x14;
subst;
try(
inversion H26;
fail).
apply mem_eq_pc_change with(
t:=
cur_tid x12)
in H21 as ?.
simpl in H28.
rewrite pc_cur_tid in H28.
assert(
type_glob_step glob_sw ({-|
x9,
cur_tid x12})
sw FP.emp x13).
inversion H26;
subst;
econstructor;
eauto.
eapply mem_eq_globstep in H29 as (?&?&?);
eauto.
eapply mem_eq_npnsw_or_sw_star in H30 as (?&?&?);
eauto.
destruct H30.
do 3
eexists.
esplit.
eapply star_step.
right;
eauto.
eauto.
destruct H17.
split.
eapply mem_eq_pc_trans;
eauto.
eapply mem_eq_pc_change in H31;
eauto.
rewrite FP.emp_union_fp.
subst.
rewrite FP.fp_union_assoc.
rewrite FP.union_comm_eq with(
fp1:=
x0);
auto.
}
apply atomblockstarN_invpc_preservation in H15;
auto.
apply atomblockstarN_atomO in H15 as [];
auto.
}
}
}
}
Omega.omega.
}
}
{
destruct H5 as (?&?&?&?&?&?&?&?).
destruct x3.
{
apply noevt_stepN_0 in H7 as [];
subst.
eexists;
split;
eauto.
right;
right;
right.
do 5
eexists;
eauto.
eapply cons_atomblock_1.
constructor.
left;
eauto.
eauto.
constructor.
auto.
do 3
eexists.
eexists.
constructor.
destruct H8.
split.
rewrite pc_cur_tid.
apply mem_eq_pc_refl.
repeat rewrite FP.emp_union_fp.
repeat rewrite FP.fp_union_emp in *;
auto.
}
{
apply swstar_l1 in H4 as ?.
rewrite H9 in H5.
apply atomblockstep_invpc_preserve in H5 as ?;
auto.
apply atomblockstep_bitO in H5 as ?.
destruct H11 as [
_].
assert(
atomblockstarN 1 (
cons (
cur_tid ({-|
pc,
cur_tid x}))
nil) ({-|
pc,
cur_tid x}) (
FP.union (
FP.union FP.emp x0)
FP.emp)
x1).
econstructor 2;
eauto.
constructor.
constructor.
constructor.
auto.
eapply H in H7;
eauto;
try Omega.omega.
destruct H7 as (?&?&?).
destruct H13 as [|[|[]]].
{
Hsimpl.
eapply atomblockstarN_cons_swstar in H12;
eauto.
eapply atomblockstarN_cons in H13;
eauto.
eexists;
split;
eauto.
rewrite <-
H9 in H13.
simpl in *.
left.
Esimpl;
eauto.
}
{
apply swstar_l1 in H7.
rewrite H7 in H13.
apply race_changetid with(
t:=
cur_tid x1)
in H13.
simpl in H13;
rewrite pc_cur_tid in H13.
eexists;
split;
eauto.
right;
right;
left.
do 5
eexists;
eauto.
rewrite H9;
eauto.
}
{
destruct H13 as (?&?&?&?&?&?).
eapply atomblockstarN_cons_swstar in H12;
eauto.
eapply atomblockstarN_cons in H13;
eauto.
eexists;
split;
eauto.
right;
right;
left.
do 5
eexists;
eauto.
rewrite H9;
eauto.
}
{
destruct H13 as (?&?&?&?&?&?&?&?&?).
eapply atomblockstarN_cons_swstar in H12;
eauto.
eapply atomblockstarN_cons in H13;
eauto.
eexists;
split;
eauto.
right;
right;
right.
destruct H15,
H8;
subst.
simpl in *.
rewrite H9;
eauto.
Esimpl;
eauto.
repeat rewrite FP.emp_union_fp.
rewrite FP.fp_union_emp.
rewrite FP.fp_union_assoc.
auto.
}
}
}
Qed.
Lemma noevt_stepN_Si_to_atomblockstarN2:
forall i pc fp pc',
noevt_stepN glob_step i pc fp pc'->
i>0->
atom_bit pc =
O->
invpc pc->
atom_bit pc' =
I ->
exists pc1,
sw_star glob_step pc pc1 /\
( (
exists i l fp'
pc2,
atomblockstarN i l pc1 fp'
pc2 /\
predicted_abort1 pc2) \/
(
exists j l fp'
pc2,
atomblockstarN j l pc1 fp'
pc2 /\
race glob_predict_star_alter pc2 )\/
(
exists j l fp'
pc2,
atomblockstarN j l pc1 fp'
pc2 /\
exists fp''
pc3,
npnsw_or_sw_star pc2 fp''
pc3 /\
exists fp'''
pc4,
halfatomblockstep pc3 tau fp'''
pc4 /\
mem_eq_pc GE pc'
pc4 /\
FP.union (
FP.union fp'
fp'')
fp''' =
fp)).
Proof.
Lemma globrace_equiv:
forall pc,
@
race GE glob_predict_star_alter pc ->
invpc pc->
star_race glob_predict pc.
Proof.
Definition evtstep:=@
type_glob_step GE efprint.
Inductive npnsw_or_sw_stepN:
nat->
list tid->@
ProgConfig GE->
FP.t->@
ProgConfig GE->
Prop:=
|
npnsworsw_emp:
forall pc,
atom_bit pc =
O ->
npnsw_or_sw_stepN 0
nil pc FP.emp pc
|
npnsworsw_consnpnsw:
forall pc l fp pc',
glob_npnsw_step pc l fp pc'->
forall i l'
fp'
pc'',
npnsw_or_sw_stepN i l'
pc'
fp'
pc''->
npnsw_or_sw_stepN (
S i)(
cons (
cur_tid pc)
l')
pc (
FP.union fp fp')
pc''
|
npnsworsw_conssw:
forall pc l fp pc',
type_glob_step glob_sw pc l fp pc'->
forall i l'
fp'
pc'',
npnsw_or_sw_stepN i l'
pc'
fp'
pc''->
npnsw_or_sw_stepN i l'
pc (
FP.union fp fp')
pc''.
Lemma npnsw_or_sw_stepN_exists:
forall pc fp pc',
npnsw_or_sw_star pc fp pc'->
atom_bit pc =
O->
exists i l,
npnsw_or_sw_stepN i l pc fp pc'.
Proof.
destruct 1.
induction H;
intro.
Esimpl.
constructor;
auto.
destruct H.
apply npnswstep_l2 in H as ?.
rewrite H2 in H1.
Hsimpl.
Esimpl.
econstructor 2;
eauto.
assert(
atom_bit s2 =
O).
inversion H;
auto.
Hsimpl.
Esimpl.
econstructor 3;
eauto.
Qed.
Lemma npnsw_or_sw_stepN_sound:
forall i l pc fp pc',
npnsw_or_sw_stepN i l pc fp pc'->
npnsw_or_sw_star pc fp pc'.
Proof.
induction 1;
intros.
exists nil;
constructor.
destruct IHnpnsw_or_sw_stepN.
exists (
cons l x).
econstructor;
eauto.
left;
auto.
destruct IHnpnsw_or_sw_stepN.
exists (
cons l x).
econstructor;
eauto.
right;
eauto. Qed.
Lemma npnsw_or_sw_stepN_bitO:
forall i l pc fp pc',
npnsw_or_sw_stepN i l pc fp pc'->
atom_bit pc =
O /\
atom_bit pc' =
O.
Proof.
induction 1;
intros;
auto;
destruct IHnpnsw_or_sw_stepN;
split;
auto.
apply npnswstep_l2 in H;
congruence.
inversion H;
auto. Qed.
Lemma npnsw_or_sw_stepN_0:
forall pc l fp pc',
npnsw_or_sw_stepN 0
l pc fp pc'->
l=
nil/\
fp=
FP.emp /\
sw_star glob_step pc pc'.
Proof.
remember 0.
induction 1;
intros.
Esimpl;
auto.
constructor.
inversion Heqn.
Hsimpl.
subst.
inversion H;
subst.
Esimpl;
auto.
econstructor;
eauto.
eapply type_glob_step_elim;
eauto.
Qed.
Lemma swstar_npnsw_or_sw_stepN:
forall pc pc',
sw_star glob_step pc pc' ->
atom_bit pc =
O ->
npnsw_or_sw_stepN 0
nil pc FP.emp pc'.
Proof.
Lemma npnsw_step_cons_npnsw_or_sw_stepN:
forall pc l fp pc'
i ltids fp'
pc'',
glob_npnsw_step pc l fp pc'->
npnsw_or_sw_stepN i ltids pc'
fp'
pc''->
npnsw_or_sw_stepN (
S i) (
cons (
cur_tid pc)
ltids)
pc (
FP.union fp fp')
pc''.
Proof.
intros. econstructor 2;eauto. Qed.
Lemma sw_star_cons_npnsw_or_sw_stepN:
forall pc pc'
i ltids fp pc'',
sw_star glob_step pc pc'->
npnsw_or_sw_stepN i ltids pc'
fp pc''->
npnsw_or_sw_stepN i ltids pc fp pc''.
Proof.
induction 1;
intros.
auto.
apply IHsw_star in H1.
rewrite <-
FP.emp_union_fp with (
fp:=
fp).
econstructor 3;
eauto.
inversion H;
subst;
econstructor;
eauto.
Qed.
Lemma npnsw_or_sw_stepN_cons1:
forall l1 l2 pc fp pc'
i fp'
pc'',
npnsw_or_sw_stepN 1
l1 pc fp pc'->
npnsw_or_sw_stepN i l2 pc'
fp'
pc''->
npnsw_or_sw_stepN (
S i)(
app l1 l2)
pc (
FP.union fp fp')
pc''.
Proof.
Lemma npnsw_or_sw_stepN_SN_split:
forall i ltids pc fp pc',
npnsw_or_sw_stepN (
S i)
ltids pc fp pc'->
exists l1 l2 fp1 fp2 pc1,
npnsw_or_sw_stepN 1
l1 pc fp1 pc1 /\
npnsw_or_sw_stepN i l2 pc1 fp2 pc' /\
FP.union fp1 fp2 =
fp /\
app l1 l2 =
ltids.
Proof.
Lemma npnsw_or_sw_stepN_cons:
forall i l1 l2 pc fp pc'
j fp'
pc'',
npnsw_or_sw_stepN i l1 pc fp pc'->
npnsw_or_sw_stepN j l2 pc'
fp'
pc''->
npnsw_or_sw_stepN (
i+
j)(
app l1 l2)
pc (
FP.union fp fp')
pc''.
Proof.
Lemma mem_eq_npnsw_or_sw_stepN:
forall pc pc1,
mem_eq_pc GE pc pc1->
forall i l fp pc',
npnsw_or_sw_stepN i l pc fp pc'->
exists pc1',
npnsw_or_sw_stepN i l pc1 fp pc1' /\
mem_eq_pc GE pc'
pc1'.
Proof.
intros.
revert pc1 H.
induction H0;
intros.
eexists;
split;[
constructor|
auto].
inversion H0 as (?&?&?&?);
congruence.
apply npnswstep_l1 in H;
Hsimpl.
eapply mem_eq_globstep in H1 as ?;
eauto;
Hsimpl.
apply npnswstep_l3 in H3;
auto.
eapply IHnpnsw_or_sw_stepN in H4 as ?;
Hsimpl.
eapply npnsw_step_cons_npnsw_or_sw_stepN in H5 as ?;
eauto.
inversion H1 as (
_&?&?&
_).
Esimpl;
eauto;
congruence.
eapply mem_eq_globstep in H as ?;
eauto;
Hsimpl.
eapply IHnpnsw_or_sw_stepN in H3 as ?;
Hsimpl.
eapply npnsworsw_conssw in H2 as ?;
eauto.
Qed.
Lemma npnsw_or_sw_stepN_1_inv:
forall l pc fp pc',
npnsw_or_sw_stepN 1
l pc fp pc'->
exists pc1,
sw_star glob_step pc pc1 /\
exists pc2,
glob_npnsw_step pc1 tau fp pc2 /\
sw_star glob_step pc2 pc' /\
l =
cons (
cur_tid pc1)
nil.
Proof.
Lemma sw_star_cons:
forall pc pc1 pc2,
sw_star glob_step pc pc1 ->
sw_star glob_step pc1 pc2->
sw_star (@
glob_step GE)
pc pc2.
Proof.
induction 1;intros;auto.
econstructor;eauto.
Qed.
Lemma npnsw_or_sw_stepN_inv1:
forall i ltids pc fp pc',
i>0->
npnsw_or_sw_stepN i ltids pc fp pc'->
exists pc1,
sw_star glob_step pc pc1 /\
exists pc2 fp1,
glob_npnsw_step pc1 tau fp1 pc2 /\
exists l2 fp2,
npnsw_or_sw_stepN (
i-1)
l2 pc2 fp2 pc' /\
FP.union fp1 fp2 =
fp /\
cons (
cur_tid pc1)
l2 =
ltids.
Proof.
Corollary cur_valid_id_case1 :
forall pc fp pc'
v pc'',
invpc pc->
tau_star glob_npnsw_step pc fp pc'->
glob_step pc' (
evt v)
FP.emp pc''->
@
cur_valid_id GE pc.
Proof.
Lemma npnsw_or_sw_stepN_pc_valid_tid_backwards_preservation:
forall i l pc fp pc'
t,
npnsw_or_sw_stepN i l pc fp pc'->
pc_valid_tid pc'
t->
pc_valid_tid pc t.
Proof.
Lemma npnsw_or_sw_stepN_thdpinv:
forall i l pc fp pc' ,
npnsw_or_sw_stepN i l pc fp pc'->
invpc pc->
invpc pc'.
Proof.
Lemma npnsw_or_sw_stepN_evt_ex:
forall i ltids pc fp pc',
invpc pc->
npnsw_or_sw_stepN i ltids pc fp pc'->
forall v fp'
pc''
pc''',
tau_star glob_npnsw_step pc'
fp'
pc''->
glob_step pc'' (
evt v)
FP.emp pc'''->
(
exists ix lx pc'
fpx,
npnsw_or_sw_stepN ix lx pc fpx pc' /\ (
race glob_predict_star_alter pc' \/
predicted_abort1 pc')) \/
sw_star glob_step pc ({-|
pc,
cur_tid pc'})/\
exists pc1 pc2 fp1 fp2 pc3 j l',
tau_star glob_npnsw_step ({-|
pc,
cur_tid pc'})
fp1 pc1 /\
glob_step pc1 (
evt v)
FP.emp pc2 /\
npnsw_or_sw_stepN j l'
pc2 fp2 pc3 /\
mem_eq_pc GE pc''' ({-|
pc3,
cur_tid pc'}) /\
j <=
i /\
FP.union fp1 fp2 =
FP.union fp fp'.
Proof.
pose wdge;
pose modwdge.
induction i;
intros.
{
apply npnsw_or_sw_stepN_bitO in H0 as ?.
apply npnsw_or_sw_stepN_0 in H0.
Hsimpl;
subst.
apply swstar_l1 in H6 as ?;
Hsimpl.
right.
rewrite <-
H0.
Esimpl;
eauto.
constructor.
inversion H2;
auto.
apply npnsw_taustar_tid_preservation in H1.
rewrite H1.
inversion H2;
subst.
apply mem_eq_pc_refl.
rewrite FP.union_comm_eq;
auto.
}
{
apply npnsw_or_sw_stepN_bitO in H0 as ?.
apply npnsw_or_sw_stepN_inv1 in H0;[|
Omega.omega].
Hsimpl;
subst.
assert(
S i - 1 =
i).
Omega.omega.
rewrite H7 in *;
clear H7.
apply sw_star_invpc_preservation in H0 as ?;
auto.
assert(
invpc x0).
apply npnswstep_l1 in H5;
Hsimpl.
apply type_glob_step_elim in H5.
eapply GE_mod_wd_tp_inv;
eauto.
eapply IHi in H6 as?;
eauto.
destruct H9;
Hsimpl.
{
eapply npnsw_step_cons_npnsw_or_sw_stepN in H9;
eauto.
eapply sw_star_cons_npnsw_or_sw_stepN in H9;
eauto.
left.
Esimpl;
eauto.
}
{
assert(
cur_tid x0 =
cur_tid pc' \/
cur_tid x0 <>
cur_tid pc').
apply classic.
destruct H16.
{
rewrite <-
H16,
pc_cur_tid in H10.
eapply tau_star_cons in H10;
eauto.
apply swstar_l1 in H0 as ?.
rewrite H17 in H10.
apply npnsw_step_tid_preservation in H5 as ?.
rewrite H18,
H16 in H10,
H17.
rewrite H17 in H0.
right.
Esimpl;
eauto.
rewrite <-
FP.fp_union_assoc.
rewrite H15.
rewrite FP.fp_union_assoc.
auto.
}
{
apply npnsw_step_tid_preservation in H5 as ?.
assert(
cur_tid x <>
cur_tid pc').
intro;
contradict H15;
congruence.
assert(
atom_bit x =
O).
apply swstar_l1 in H0.
rewrite H0.
auto.
eapply glob_npnsw_step_star_evt_ex in H5 as ?;
eauto.
destruct H20 as [|[]].
{
apply swstar_l1 in H0 as ?.
remember (
cur_tid x)
as t1.
rewrite H21 in *;
clear x H21 Heqt1;
simpl in *.
apply npnsw_step_thdpinv in H5 as ?;
auto.
apply npnsw_or_sw_stepN_thdpinv in H6 as ?;
auto.
eapply cur_valid_id_case1 in H1;
eauto.
eapply npnsw_or_sw_stepN_pc_valid_tid_backwards_preservation in H6;
eauto.
eapply npnswstep_pc_valid_tid_backwards_preservation in H5 as ?;
eauto.
assert(
sw_star glob_step pc ({-|
pc,
cur_tid pc'})).
econstructor 2;[|
constructor].
destruct pc,
H23;
simpl in *;
subst;
econstructor;
eauto.
apply swstar_npnsw_or_sw_stepN in H24 as ?;
auto.
left.
Esimpl;
eauto.
right.
econstructor 2;
eauto.
instantiate(1:=
pc).
destruct pc,
H23;
simpl in *;
subst;
econstructor;
eauto.
}
{
apply swstar_npnsw_or_sw_stepN in H0;
auto.
left;
Esimpl;
eauto.
}
{
Hsimpl.
eapply mem_eq_npnsw_or_sw_stepN in H24 as ?;
eauto.
Hsimpl.
eapply cur_valid_id_case1 in H21 as ?;
eauto.
apply swstar_l1 in H0 as ?.
rewrite H28 in *.
simpl in *.
assert(
glob_step pc sw FP.emp ({-|
pc,
cur_tid pc'})).
destruct pc,
H27;
simpl in *;
subst;
econstructor;
eauto.
assert(
sw_star glob_step pc ({-|
pc,
cur_tid pc'})).
econstructor;
eauto.
constructor.
right.
assert(
invpc x4).
apply npnsw_step_thdpinv in H5;
auto.
apply npnsw_taustar_thdpinv in H10;
auto.
assert(
invpc x5).
eapply GE_mod_wd_tp_inv;
eauto.
assert(
cur_valid_id x5).
revert H32 H11;
clear;
intros.
inversion H11;
subst;
split.
eapply gettop_valid_tid;
auto.
solv_thread.
intro;
solv_thread.
assert(
pc_valid_tid x13 (
cur_tid x5)).
destruct H33,
H24 as (?&?&?&?).
simpl in *;
subst;
split;
try congruence.
assert(
sw_star glob_step x13 ({-|
x13,
cur_tid x5})).
assert(
glob_step x13 sw FP.emp ({-|
x13,
cur_tid x5})).
apply npnsw_or_sw_stepN_bitO in H25 as [].
destruct x13,
H34;
simpl in *;
subst;
econstructor;
eauto.
econstructor;
eauto.
constructor.
eapply sw_star_cons_npnsw_or_sw_stepN in H25;
eauto.
eapply npnsw_step_cons_npnsw_or_sw_stepN in H25;
eauto.
apply npnsw_taustar_thdpinv in H21 as ?;
auto.
eapply GE_mod_wd_tp_inv in H36;
eauto.
apply npnswstep_cur_valid_tid in H23 as ?;
auto.
assert(
type_glob_step glob_sw x12 sw FP.emp ({-|
x12,
cur_tid x})).
inversion H22;
subst.
destruct H37.
econstructor;
eauto.
eapply npnsworsw_conssw in H25;
eauto.
Esimpl;
eauto.
eapply mem_eq_pc_trans;
eauto.
eapply mem_eq_pc_change;
eauto.
Omega.omega.
rewrite FP.emp_union_fp.
rewrite <-
FP.fp_union_assoc.
rewrite <-
H15.
rewrite FP.fp_union_assoc.
rewrite FP.union_comm_eq with (
fp1:=
x6).
rewrite FP.fp_union_assoc.
auto.
}
}
}
}
Qed.
Lemma predicted_abort1_O:
forall pc ,
predicted_abort1 pc ->
@
atom_bit GE pc =
O.
Proof.
Lemma npnsw_or_sw_stepN_race:
forall i l pc fp pc',
invpc pc->
npnsw_or_sw_stepN i l pc fp pc'->
race glob_predict_star_alter pc' \/ (
exists t,
predicted_abort1 ({-|
pc',
t}))->
race glob_predict_star_alter pc \/ (
exists t,
predicted_abort1 ({-|
pc,
t})).
Proof.
Lemma noevt_stepN_evtstep_inv:
forall i pc fp pc',
noevt_stepN glob_step i pc fp pc'->
atom_bit pc =
O ->
atom_bit pc' =
O->
invpc pc->
forall v pc'',
evtstep pc' (
evt v)
FP.emp pc''->
exists pc1,
sw_star glob_step pc pc1 /\
(
(
exists j l fp'
pc2,
atomblockstarN j l pc1 fp'
pc2 /\ (
race glob_predict_star_alter pc2 \/
predicted_abort1 pc2) )\/
(
exists j l fp'
pc2,
atomblockstarN j l pc1 fp'
pc2 /\
exists fp1 pc3,
tau_star glob_npnsw_step pc2 fp1 pc3 /\
exists pc4,
glob_step pc3 (
evt v)
FP.emp pc4 /\
cur_tid pc3 =
cur_tid pc' /\
exists fp''
pc5,
npnsw_or_sw_star pc4 fp''
pc5 /\
mem_eq_pc GE pc'' ({-|
pc5,
cur_tid pc''})/\
FP.union fp' (
FP.union fp1 fp'') =
fp)).
Proof.
Lemma npnsw_or_sw_star_non_evt_star:
forall pc fp pc',
npnsw_or_sw_star pc fp pc'->
non_evt_star glob_step pc fp pc'.
Proof.
Inductive Evt_gstar :
nat ->@
ProgConfig GE->
list glabel->
FP.t->@
ProgConfig GE->
Prop:=
|
starbase_nonevt:
forall i pc fp pc',
atom_bit pc =
O ->
atom_bit pc' =
O ->
noevt_stepN glob_step i pc fp pc'->
Evt_gstar 0
pc nil fp pc'
|
cons_evtstep:
forall i pc fp pc'
v pc''
k l fp'
pce,
atom_bit pc =
O->
atom_bit pc' =
O->
noevt_stepN glob_step i pc fp pc'->
glob_step pc' (
evt v)
FP.emp pc'' ->
Evt_gstar k pc''
l fp'
pce ->
Evt_gstar (
S k)
pc (
cons (
evt v)
l) (
FP.union fp fp')
pce.
Inductive Evt_gstar_alter :
nat ->@
ProgConfig GE->
list glabel->
FP.t->@
ProgConfig GE->
Prop:=
|
starbase_nonevt_alter:
forall i pc fp pc',
atom_bit pc =
O ->
atom_bit pc' =
O ->
noevt_stepN glob_step i pc fp pc'->
Evt_gstar_alter 0
pc nil fp pc'
|
cons_evtstep_alter:
forall i l pc fp pc'
v pc''
pc'''
k l'
fp'
fp''
pc''''
pce,
atomblockstarN i l pc fp pc'->
tau_star glob_npnsw_step pc'
fp'
pc''->
glob_step pc'' (
evt v)
FP.emp pc''' ->
sw_star glob_step pc'''
pc''''->
Evt_gstar_alter k pc''''
l'
fp''
pce ->
Evt_gstar_alter (
S k)
pc (
cons (
evt v)
l') (
FP.union (
FP.union fp fp')
fp'')
pce.
Lemma mem_eq_evt_gstar:
forall i pc l fp pc'
pc1,
mem_eq_pc GE pc pc1->
Evt_gstar i pc l fp pc'->
exists pc2,
Evt_gstar i pc1 l fp pc2/\
mem_eq_pc GE pc'
pc2.
Proof.
pose wdge;
pose modwdge.
induction i;
inversion 2;
subst.
eapply mem_eq_noevt_stepN in H3;
eauto;
Hsimpl.
Esimpl;
eauto.
econstructor;
eauto.
inversion H as (?&?&?&?);
congruence.
inversion H4 as (?&?&?&?);
congruence.
apply type_glob_step_exists in H5 as [
x ?];
destruct x;
subst;
try(
inversion H1;
fail).
eapply mem_eq_noevt_stepN in H4 as ?;
eauto;
Hsimpl.
eapply mem_eq_globstep in H7 as ?;
eauto;
Hsimpl.
apply type_glob_step_elim in H8.
eapply IHi in H6;
eauto;
Hsimpl.
Esimpl;
eauto.
eapply cons_evtstep in H5;
eauto.
inversion H as (?&?&?&?);
congruence.
inversion H7 as (?&?&?&?);
congruence.
Qed.
Lemma mem_eq_evt_gstar_alter:
forall i pc l fp pc'
pc1,
mem_eq_pc GE pc pc1->
Evt_gstar_alter i pc l fp pc'->
exists pc2,
Evt_gstar_alter i pc1 l fp pc2/\
mem_eq_pc GE pc'
pc2.
Proof.
Lemma non_evt_star_cons:
forall (
step:
Step)
s s'
s''
fp fp',
non_evt_star step s fp s' ->
non_evt_star step s'
fp'
s'' ->
non_evt_star step s (
FP.union fp fp')
s''.
Proof.
Lemma tau_star_non_evt_star:
forall (
step:
Step)
pc fp pc',
tau_star step pc fp pc'->
non_evt_star step pc fp pc'.
Proof.
induction 1;intros.
constructor.
econstructor;eauto.
Qed.
Lemma non_evt_star_cons_Evt_gstar:
forall pc fp pc',
atom_bit pc =
O ->
non_evt_star glob_step pc fp pc'->
forall j l'
fp1 pc2,
Evt_gstar j pc'
l'
fp1 pc2->
Evt_gstar j pc l' (
FP.union fp fp1)
pc2.
Proof.
Lemma Evt_gstar_sound:
forall i pc l fp pc',
Evt_gstar i pc l fp pc'->
exists l',
star glob_step pc l'
fp pc'.
Proof.
Lemma stepN_IO:
forall i pc l fp pc',
stepN GE glob_step i pc l fp pc'->
atom_bit pc =
I ->
atom_bit pc' =
O->
exists j l1 fp1 pc1,
stepN GE (
type_glob_step core)
j pc l1 fp1 pc1 /\
exists pc2,
type_glob_step extat pc1 tau FP.emp pc2 /\
exists l2 fp2,
stepN GE glob_step (
i-
j-1)
pc2 l2 fp2 pc' /\
FP.union fp1 fp2 =
fp.
Proof.
remember (
glob_step).
induction 1;
intros.
rewrite H in H0;
inversion H0.
Hsimpl;
subst.
destruct (
atom_bit pc')
eqn:?.
{
apply type_glob_step_exists in H0 as [].
destruct x;
subst;
try(
inversion H0;
subst;
simpl in *;
subst;
try inversion H1;
try inversion H2;
fail).
assert(
l=
tau /\
fp=
FP.emp).
inversion H0;
auto.
Hsimpl;
subst.
Esimpl;
eauto.
econstructor.
assert(
S i - 0 - 1 =
i).
Omega.omega.
rewrite H3;
eauto.
}
{
assert(
I=
I).
auto.
Hsimpl.
apply type_glob_step_exists in H0 as [].
destruct x6;
subst;
try(
inversion H0;
subst;
simpl in *;
subst;
try inversion H1;
try inversion Heqb;
fail).
eapply stepN_cons in H0;
eauto.
Esimpl;
eauto.
rewrite FP.fp_union_assoc;
auto.
}
Qed.
Lemma corestepN_nonevtstar:
forall i pc l fp pc',
stepN GE (
type_glob_step core)
i pc l fp pc'->
non_evt_star glob_step pc fp pc'.
Proof.
Lemma Evt_gstar_exists:
forall pc l fp pc',
atom_bit pc =
O ->
atom_bit pc' =
O ->
star glob_step pc l fp pc'->
exists i l',
Evt_gstar i pc l'
fp pc'.
Proof.
Lemma Evt_gstar_to_alter:
forall i pc l fp pc',
invpc pc->
Evt_gstar i pc l fp pc'->
exists pc0,
sw_star glob_step pc pc0 /\
((
exists j l1 fp1 pc1,
Evt_gstar_alter j pc0 l1 fp1 pc1 /\
exists k l2 fp2 pc2,
atomblockstarN k l2 pc1 fp2 pc2 /\
(
race glob_predict_star_alter pc2 \/
predicted_abort1 pc2)) \/
exists pc'',
Evt_gstar_alter i pc0 l fp pc'' /\
mem_eq_pc GE pc'
pc'').
Proof.
Lemma atomblockstep_np:
forall pc l0 fp pc',
invpc pc ->
atomblockstep pc l0 fp pc'->
exists pc1,
non_evt_star np_step pc fp pc1/\
np_step pc1 sw FP.emp pc'.
Proof.
Lemma npsw_swstar:
forall pc pc'
pc'',
@
np_step GE pc sw FP.emp pc'->
sw_star glob_step pc'
pc''->
np_step pc sw FP.emp pc''.
Proof.
induction 2;intros. auto.
apply IHsw_star.
inversion H;subst;inversion H0;subst;econstructor;eauto.
Qed.
Lemma npevt_swstar:
forall pc pc'
pc''
v,
@
np_step GE pc (
evt v)
FP.emp pc'->
sw_star glob_step pc'
pc''->
np_step pc (
evt v)
FP.emp pc''.
Proof.
induction 2;intros. auto.
apply IHsw_star.
inversion H;subst;inversion H0;subst;econstructor;eauto.
Qed.
Lemma haltstep_np:
forall pc l fp pc',
haltstep pc l fp pc'->
(
exists t,
np_step pc sw FP.emp ({-|
pc',
t})) \/
type_np_step allhalt pc tau FP.emp pc'.
Proof.
intros.
assert((
exists pc'',
glob_step pc'
sw FP.emp pc'') \/ ~(
exists pc'',
glob_step pc'
sw FP.emp pc'')).
apply classic.
destruct H0;
auto.
{
left.
destruct H0.
exists (
cur_tid x).
inversion H;
subst;
inversion H0;
subst.
econstructor;
eauto.
}
right.
inversion H;
subst.
econstructor;
eauto.
intros.
apply NNPP;
intro.
contradict H0.
eexists.
econstructor;
eauto.
Qed.
Lemma allhalt_swstar:
forall pc pc'
pc'',
@
type_np_step GE allhalt pc tau FP.emp pc'->
sw_star glob_step pc'
pc''->
pc' =
pc''.
Proof.
inversion 2;subst. auto.
inversion H;subst.
inversion H1;subst.
apply H_all_thread_halted in H_thread_valid.
contradiction.
Qed.
Lemma atomblockstar1_np:
forall l pc fp pc',
invpc pc ->
atomblockstarN 1
l pc fp pc'->
exists pc1,
non_evt_star np_step pc fp pc1/\
((
exists t,
np_step pc1 sw FP.emp ({-|
pc',
t}) ) \/
type_np_step allhalt pc1 tau FP.emp pc').
Proof.
Lemma atomblockstarN_np:
forall i l pc fp pc',
i > 0 ->
invpc pc ->
atomblockstarN i l pc fp pc'->
exists pc1,
non_evt_star np_step pc fp pc1/\
((
exists t,
np_step pc1 sw FP.emp ({-|
pc',
t})) \/
type_np_step allhalt pc1 tau FP.emp pc').
Proof.
Lemma evtstep_np:
forall pc v pc',
invpc pc->
@
glob_step GE pc (
evt v)
FP.emp pc'->
np_step pc (
evt v)
FP.emp pc'.
Proof.
Lemma noevt_stepN_np:
forall i pc fp pc',
noevt_stepN glob_step i pc fp pc'->
i>0->
atom_bit pc =
O ->
atom_bit pc' =
O->
invpc pc->
exists pc1,
sw_star glob_step pc pc1 /\
((
exists pc2,
npnsw_or_sw_star pc1 fp pc2 /\
mem_eq_pc GE pc' ({-|
pc2,
cur_tid pc'})) \/
(
exists j l fp'
pc2,
atomblockstarN j l pc1 fp'
pc2 /\ (
race glob_predict_star_alter pc2 \/
predicted_abort1 pc2))\/
(
exists l1 fp'
pc2,
star np_step pc1 l1 fp'
pc2 /\
exists pc3,((
exists t,
np_step pc2 sw FP.emp ({-|
pc3,
t})) \/
type_np_step allhalt pc2 tau FP.emp pc3)/\
exists fp''
pc4,
npnsw_or_sw_star pc3 fp''
pc4 /\
mem_eq_pc GE pc' ({-|
pc4,
cur_tid pc'}) /\
FP.union fp'
fp'' =
fp)).
Proof.
intros.
eapply noevt_stepN_Si_to_atomblockstarN in H;
eauto.
Hsimpl.
destruct H4 as [|[|[]]].
Hsimpl.
Esimpl;
eauto.
right;
left.
Esimpl;
eauto.
Esimpl;
eauto.
right;
left.
Esimpl;
eauto.
constructor;
auto.
inversion H4.
inversion H6;
auto.
Hsimpl.
Esimpl;
eauto.
right;
left;
Esimpl;
eauto.
Hsimpl.
destruct x0.
inversion H4;
subst.
Esimpl;
eauto.
left.
Esimpl;
eauto.
rewrite FP.emp_union_fp;
auto.
apply atomblockstarN_np in H4;
auto.
Hsimpl.
destruct H8.
{
Hsimpl.
Esimpl;
eauto.
right.
right.
apply non_evt_star_star in H4 as [].
Esimpl;
eauto.
}
{
Esimpl;
eauto.
right;
right.
apply non_evt_star_star in H4 as [].
Esimpl;
eauto.
}
Omega.omega.
erewrite swstar_l1;
eauto.
Qed.
Lemma predict_tid:
forall pc,
invpc pc ->
forall t fp,
glob_predict_star_alter pc t O fp->
fp<>
FP.emp->
@
pc_valid_tid GE pc t.
Proof.
Lemma race_tid_exists:
forall pc,
invpc pc->
race glob_predict_star_alter pc->
exists t,
@
pc_valid_tid GE pc t.
Proof.
intros.
inversion H0;
subst.
assert(
b1 =
O \/
b2 =
O).
destruct b1,
b2;
auto.
destruct H4;
contradiction.
destruct H6;
subst;
eexists;
eapply predict_tid;
eauto;
intro;
subst;
apply FP.emp_never_conflict in H5 as [];
contradiction.
Qed.
Lemma noevt_stepN_evt_np:
forall i pc fp pc'
v pc'',
noevt_stepN glob_step i pc fp pc'->
evtstep pc' (
evt v)
FP.emp pc'' ->
atom_bit pc =
O ->
atom_bit pc' =
O->
invpc pc->
exists pc1,
sw_star glob_step pc pc1 /\
((
exists j l fp'
pc2,
atomblockstarN j l pc1 fp'
pc2 /\ (
race glob_predict_star_alter pc2 \/
predicted_abort1 pc2))\/
(
exists l1 fp'
pc2,
star np_step pc1 l1 fp'
pc2 /\
exists pc3 ,
np_step pc2 (
evt v)
FP.emp pc3/\
exists fp''
pc4,
npnsw_or_sw_star pc3 fp''
pc4 /\
mem_eq_pc GE pc'' ({-|
pc4,
cur_tid pc''}) /\
FP.union fp'
fp'' =
fp)).
Proof.
Lemma allhalt_not_step:
forall pc pc',
@
type_np_step GE allhalt pc tau FP.emp pc'->
forall l fp pc'',
np_step pc'
l fp pc''->
False.
Proof.
Lemma allhalt_not_abort:
forall pc pc',
@
type_np_step GE allhalt pc tau FP.emp pc'->
predicted_abort1 pc'->
False.
Proof.
Lemma allhalt_not_abort2:
forall pc pc'
t
(
v1:
invpc pc),
@
type_np_step GE allhalt pc tau FP.emp pc'->
predicted_abort1 ({-|
pc',
t})->
False.
Proof.
Lemma npsw_predicted_abort:
forall pc fp pc'
t,
invpc pc->
np_step pc sw fp pc'->
@
predicted_abort1 GE ({-|
pc',
t})->
np_step pc sw fp ({-|
pc',
t}).
Proof.
Lemma npevt_predicted_abort:
forall pc fp pc'
t v,
invpc pc->
np_step pc (
evt v)
fp pc'->
@
predicted_abort1 GE ({-|
pc',
t})->
np_step pc (
evt v)
fp ({-|
pc',
t}).
Proof.
Lemma Evt_gstar_nprace:
forall i pc l fp pc',
invpc pc->
Evt_gstar i pc l fp pc'->
(
race glob_predict_star_alter pc' \/ (
exists t,
predicted_abort1 ({-|
pc',
t})))->
(
race glob_predict_star_alter pc \/ (
exists t,
predicted_abort1 ({-|
pc,
t}))) \/
exists pc1,
sw_star glob_step pc pc1/\
exists l1 fp1 pc2,
star np_step pc1 l1 fp1 pc2 /\
exists l2 pc3,
np_step pc2 l2 FP.emp pc3 /\
l2 <>
tau /\
(
race glob_predict_star_alter pc3 \/
predicted_abort1 pc3).
Proof.
pose wdge.
induction i;
intros.
{
inversion H0;
subst.
destruct i.
{
apply noevt_stepN_0 in H4 as ?.
Hsimpl.
subst.
apply swstar_l1 in H6.
rewrite H6 in H1.
destruct H1.
eapply race_changetid in H1;
simpl in H1;
erewrite pc_cur_tid in H1.
auto.
Hsimpl.
simpl in H1.
left.
eauto.
}
{
apply noevt_stepN_np in H4;
auto;[|
Omega.omega].
Hsimpl.
destruct H5 as [|[|]];
Hsimpl.
{
erewrite swstar_l1 with(
pc':=
x)
in H5;
eauto.
destruct H1.
eapply mem_eq_race in H6;
eauto.
eapply race_changetid in H6;
simpl in H6;
erewrite pc_cur_tid in H6.
eapply npnsw_or_sw_stepN_exists in H5;
auto;
Hsimpl.
eapply npnsw_or_sw_stepN_race in H5;
eauto.
destruct H5.
eapply race_changetid in H5;
simpl in H5;
erewrite pc_cur_tid in H5;
eauto.
Hsimpl.
eauto.
Hsimpl.
apply mem_eq_pc_change with(
t:=
x1)
in H6.
apply mem_eq_predicted_abort1 in H6;
eauto.
simpl in H6.
eapply npnsw_or_sw_stepN_exists in H5;
auto;
Hsimpl.
eapply npnsw_or_sw_stepN_race in H5;
eauto.
destruct H5.
eapply race_changetid in H5;
simpl in H5;
erewrite pc_cur_tid in H5;
eauto.
Hsimpl.
eauto.
}
{
destruct x0.
{
inversion H5;
subst.
destruct H6;
try erewrite swstar_l1 in H6;
eauto.
eapply race_changetid in H6;
simpl in H6;
erewrite pc_cur_tid in H6;
eauto.
}
{
apply atomblockstarN_np in H5;[|
Omega.omega|
erewrite swstar_l1;
eauto].
Hsimpl.
destruct H7.
{
Hsimpl.
right.
apply non_evt_star_star in H5 as [].
destruct H6.
Esimpl;
eauto.
intro contra;
inversion contra.
left;
eapply race_changetid;
eauto.
apply predicted_abort1_sw in H6 as ?;
auto.
assert(
sw_star glob_step ({-|
x3,
x5})
x3).
econstructor 2;[|
constructor].
apply predicted_abort1_O in H6.
destruct x3,
H8;
simpl in *;
subst;
econstructor;
eauto.
eapply npsw_swstar in H7;
eauto.
Esimpl;
eauto.
intro R;
inversion R.
apply swstar_l1 in H4.
rewrite H4 in *;
subst.
eapply star_cons_step in H7 as [];
eauto.
eapply thdp_inv_npstar in H7;
eauto.
}
{
destruct H6.
apply race_tid_exists in H6 as [?[]].
contradict H8;
inversion H7;
subst;
eauto.
apply swstar_l1 in H4.
rewrite H4 in *.
apply non_evt_star_star in H5 as [].
apply thdp_inv_npstar in H5;
auto.
apply type_step_elim in H7.
eapply thdp_inv_npstar;
eauto.
eapply star_step;[|
constructor];
eauto.
eapply allhalt_not_abort in H7;
eauto.
contradiction.
}
}
}
{
destruct H1.
eapply mem_eq_race in H8 as ?;
eauto.
eapply race_changetid in H10;
simpl in H10;
erewrite pc_cur_tid in H10.
assert(
atom_bit x3 =
O).
destruct H6;
Hsimpl.
destruct x6;
try contradiction;
inversion H6;
auto.
inversion H6;
auto.
eapply npnsw_or_sw_stepN_exists in H7;
auto;
Hsimpl.
assert(
L:
invpc x3).
apply swstar_l1 in H4.
rewrite H4 in *.
pose wdge.
apply thdp_inv_npstar in H5;
auto.
destruct H6;
Hsimpl.
assert(
invpc ({-|
x3,
x8})).
eapply thdp_inv_npstar;
eauto.
eapply star_step;[|
constructor];
eauto.
auto.
eapply thdp_inv_npstar;
eauto.
eapply star_step;[
eapply type_step_elim|
constructor];
eauto.
Hsimpl.
eapply npnsw_or_sw_stepN_race in H7;
eauto.
destruct H6,
H7.
{
Hsimpl.
apply race_changetid with(
t:=
x8)
in H7.
right;
Esimpl;
eauto.
intro contra;
inversion contra.
}
{
Hsimpl.
assert(
sw_star glob_step ({-|
x3,
x9}) ({-|
x3,
x8})).
econstructor 2;[|
constructor].
apply predicted_abort1_O in H7 as ?;
auto.
apply predicted_abort1_sw in H7;
auto.
destruct x3,
H7;
simpl in *;
subst;
econstructor;
eauto.
eapply npsw_swstar in H6;
eauto.
right.
Esimpl;
eauto.
intro R;
inversion R.
}
{
apply race_tid_exists in H7 as [?[]];
auto.
contradict H12;
inversion H6;
subst;
eauto.
}
{
Hsimpl.
assert(
sw_star glob_step x3 ({-|
x3,
x8})).
econstructor 2;[|
constructor].
apply predicted_abort1_O in H7 as ?;
auto.
apply predicted_abort1_sw in H7;
auto.
destruct x3,
H7;
simpl in *;
subst;
econstructor;
eauto.
eapply npsw_swstar in H12;
eauto.
right.
Esimpl;
eauto.
intro R;
inversion R.
eapply allhalt_not_abort2 in H6;
eauto.
contradiction.
apply swstar_l1 in H4.
rewrite H4 in H5.
eapply GE_mod_wd_npstar_tp_inv;
eauto.
}
Hsimpl.
apply mem_eq_pc_change with(
t:=
x6)
in H8 as?.
eapply mem_eq_predicted_abort1 in H10;
eauto.
simpl in *.
assert(
atom_bit x3 =
O).
destruct H6;
Hsimpl.
destruct x6;
try contradiction;
inversion H6;
auto.
inversion H6;
auto.
eapply npnsw_or_sw_stepN_exists in H7;
auto;
Hsimpl.
assert(
L:
invpc x3).
apply swstar_l1 in H4.
rewrite H4 in *.
apply thdp_inv_npstar in H5;
auto.
destruct H6;
Hsimpl.
assert(
invpc ({-|
x3,
x9})).
eapply thdp_inv_npstar;
eauto.
eapply star_step;[|
constructor];
eauto.
auto.
eapply thdp_inv_npstar;
eauto.
eapply star_step;[
eapply type_step_elim|
constructor];
eauto.
Hsimpl.
eapply npnsw_or_sw_stepN_race in H7;
eauto.
destruct H6,
H7.
{
Hsimpl.
apply race_changetid with(
t:=
x9)
in H7.
right;
Esimpl;
eauto.
intro contra;
inversion contra.
}
{
Hsimpl.
assert(
sw_star glob_step ({-|
x3,
x10}) ({-|
x3,
x9})).
econstructor 2;[|
constructor].
apply predicted_abort1_O in H7 as ?;
auto.
apply predicted_abort1_sw in H7;
auto.
destruct x3,
H7;
simpl in *;
subst;
econstructor;
eauto.
eapply npsw_swstar in H6;
eauto.
right.
Esimpl;
eauto.
intro R;
inversion R.
}
{
apply race_tid_exists in H7 as [?[]];
auto.
contradict H12;
inversion H6;
subst;
eauto.
}
{
Hsimpl.
assert(
sw_star glob_step x3 ({-|
x3,
x9})).
econstructor 2;[|
constructor].
apply predicted_abort1_O in H7 as ?;
auto.
apply predicted_abort1_sw in H7;
auto.
destruct x3,
H7;
simpl in *;
subst;
econstructor;
eauto.
eapply npsw_swstar in H12;
eauto.
right.
Esimpl;
eauto.
intro R;
inversion R.
eapply allhalt_not_abort2 in H6;
eauto.
contradiction.
apply swstar_l1 in H4.
rewrite H4 in H5.
eapply GE_mod_wd_npstar_tp_inv;
eauto.
}
}
}
}
{
inversion H0;
subst.
eapply type_glob_step_exists in H6 as [].
destruct x;
subst;
try(
inversion H2;
fail).
eapply noevt_stepN_evt_np in H5 as ?;
eauto.
Hsimpl.
destruct H8.
{
Hsimpl.
destruct x0.
{
inversion H8;
subst.
apply swstar_l1 in H6.
rewrite H6 in H9.
destruct H9.
eapply race_changetid with(
t:=
cur_tid pc)
in H9;
eauto.
left.
left.
rewrite <-
pc_cur_tid with(
pc:=
pc).
auto.
left;
right;
eauto.
}
{
erewrite swstar_l1 with(
pc':=
x)
in H8;
eauto.
apply atomblockstarN_np in H8;
auto;[|
Omega.omega].
Hsimpl.
destruct H10.
{
Hsimpl.
destruct H9.
apply race_changetid with(
t:=
x5)
in H9.
apply non_evt_star_star in H8 as [].
right.
Esimpl;
eauto.
erewrite <-
swstar_l1 in H8;
eauto.
intro R;
inversion R.
rewrite <-
pc_cur_tid in H9.
eapply npsw_predicted_abort in H10;
eauto.
simpl in *.
apply non_evt_star_star in H8 as [].
right;
Esimpl;
eauto.
erewrite <-
swstar_l1 in H8;
eauto.
intro R;
inversion R.
apply non_evt_star_star in H8 as [].
eapply thdp_inv_npstar in H8;
eauto.
}
{
destruct H9.
apply race_tid_exists in H9 as [?[]].
contradict H11.
inversion H10;
subst;
eauto.
apply non_evt_star_star in H8 as [].
apply thdp_inv_npstar in H8;
auto.
apply type_step_elim in H10.
eapply thdp_inv_npstar;
eauto.
eapply star_step;
eauto.
constructor.
eapply allhalt_not_abort in H10;
eauto.
contradiction.
}
}
}
{
assert(
P1:
cur_valid_id pc'').
assert(
invpc pc'').
apply noevt_stepN_sound in H5.
apply non_evt_star_star in H5 as [].
apply GE_mod_wd_star_tp_inv2 in H5;
auto.
apply type_glob_step_elim in H2.
eapply GE_mod_wd_tp_inv;
eauto.
revert H2 H9;
clear;
intros.
inversion H2;
subst.
split;[
eapply gettop_valid_tid|
intro];
solv_thread.
Hsimpl.
eapply mem_eq_evt_gstar in H11 as ?;
eauto.
Hsimpl.
assert(
race glob_predict_star_alter x6 \/
exists t,
predicted_abort1 ({-|
x6,
t})).
destruct H1.
eapply mem_eq_race in H14 as ?;
eauto.
Hsimpl.
apply mem_eq_pc_change with(
t:=
x7)
in H14;
eapply mem_eq_predicted_abort1 in H14;
eauto.
assert(
invpc x5).
eapply npnsw_or_sw_star_non_evt_star in H10.
apply non_evt_star_star in H10 as [].
eapply GE_mod_wd_star_tp_inv2 in H10;
eauto.
eapply star_cons_step in H9 as [];
eauto.
eapply thdp_inv_npstar;
eauto.
apply swstar_l1 in H6;
rewrite H6;
auto.
assert(
pc_valid_tid x5 (
cur_tid pc'')).
inversion H11 as (?&?&?&?);
destruct P1;
simpl in *;
subst;
split;
try congruence.
assert(
atom_bit x5=
O).
inversion H2;
subst.
inversion H11 as (?&?&?&?);
simpl in *;
subst.
auto.
assert(
glob_step x5 sw FP.emp ({-|
x5,
cur_tid pc''})).
destruct x5,
H17;
simpl in *;
subst;
econstructor;
eauto.
apply npnsw_or_sw_star_non_evt_star in H10 as ?.
assert(
non_evt_star glob_step x5 FP.emp ({-|
x5,
cur_tid pc''})).
rewrite <-
FP.fp_union_emp with(
fp:=
FP.emp).
econstructor.
right;
eauto.
constructor.
eapply non_evt_star_cons_Evt_gstar in H21;
eauto.
assert(
atom_bit x3 =
O).
inversion H9;
auto.
eapply non_evt_star_cons_Evt_gstar in H20;
eauto.
eapply IHi in H20 as ?;
eauto.
destruct H23;
Hsimpl.
{
destruct H23.
right;
Esimpl;
eauto.
intro R;
inversion R.
Hsimpl.
eapply npevt_predicted_abort in H9;
eauto.
right;
Esimpl;
eauto.
intro R;
inversion R.
apply swstar_l1 in H6;
rewrite H6 in H8;
eapply thdp_inv_npstar in H8;
eauto.
}
{
assert(
invpc x2).
eapply thdp_inv_npstar in H8;
eauto.
apply swstar_l1 in H6;
rewrite H6;
auto.
assert(
np_step x2 (
evt v)
FP.emp x7).
revert H23 H28 H9;
clear.
intro;
revert x2;
induction H23;
intros;
auto.
apply IHsw_star.
eauto.
inversion H9;
subst;
inversion H;
subst.
econstructor;
eauto.
eapply star_step in H24;
eauto.
eapply cons_star_star in H24;
eauto.
right;
Esimpl;
eauto.
}
eapply star_cons_step in H9 as [];
eauto.
eapply thdp_inv_npstar ;
eauto.
apply swstar_l1 in H6;
rewrite H6;
auto.
}
}
Qed.
Lemma globrace_equiv2:
forall pc,
@
race GE glob_predict_star_alter pc ->
invpc pc->
star_race glob_predict pc.
Proof.
Lemma abort_eq:
forall ge pc,
@
abort ge pc ->
ThreadPool.valid_tid pc.(
thread_pool)
pc.(
cur_tid) ->
np_abort pc.
Proof.
Lemma np_corestar_npstar:
forall pc fp pc',
tau_star (@
type_np_step GE core)
pc fp pc'->
tau_star np_step pc fp pc'.
Proof.
induction 1;
intros;
econstructor.
eapply type_step_elim.
eauto.
auto.
Qed.
Lemma globcorestar_npnswstar:
forall pc fp pc',
tau_star (@
type_glob_step GE core)
pc fp pc'->
tau_star glob_npnsw_step pc fp pc'.
Proof.
induction 1;intros;econstructor.
left;eauto. auto.
Qed.
Lemma predicted_abort1_not_npsafe:
forall pc,
invpc pc->
@
predicted_abort1 GE pc ->
~
safe_state np_step np_abort pc.
Proof.
Definition npdrfpc {
ge}(
pc:@
ProgConfig ge):
Prop:=
~
np_race_config pc /\ ~
np_star_race_config pc.
Lemma p_star_abort_np_star_abort:
forall pc
(
Hv:
cur_valid_id pc)
(
HDrf:
npdrfpc pc /\
forall t,
pc_valid_tid pc t->
npdrfpc ({-|
pc,
t})),
@
invpc GE pc->
atom_bit pc =
O->
forall l fp pc',
star glob_step pc l fp pc'->
predicted_abort1 pc'->
exists t l'
fp'
pc'',
star np_step ({-|
pc,
t})
l'
fp'
pc'' /\
pc_valid_tid pc t /\
np_abort pc''.
Proof.
Lemma p_star_race_np_star_race:
forall pc (
HSafe:
safe_state np_step np_abort pc /\
forall t,
pc_valid_tid pc t ->
safe_state np_step np_abort ({-|
pc,
t})),
invpc pc->
atom_bit pc =
O->
@
star_race_config GE pc->
np_race_config pc \/
exists pc',
sw_star glob_step pc pc'/\
np_star_race_config pc'.
Proof.
End Complex_reorder.
Section PRace_Proof.
Lemma Safe_eq:
forall ge pc,
safe_state np_step np_abort pc <->
@
np_safe_config ge pc.
Proof.
split.
intro.
{
revert pc H.
cofix.
intros.
econstructor.
eapply H.
constructor.
intros.
eapply Safe_eq.
eapply safe_succeed;
eauto.
econstructor 2;
eauto.
constructor.
}
{
intros.
unfold safe_state.
intros.
induction H0.
inversion H;
subst;
auto.
inversion H;
subst.
eauto.
}
Qed.
Lemma PRace_NPRace:
forall NL L p,
forall (
HSafe:
np_safe_prog p),
@
wd_langs NL L (
fst p)->
race_prog p ->
np_race_prog p.
Proof.
intros.
unfold race_prog in H0.
Hsimpl.
assert(
invpc x0 x1).
inversion H0;
subst.
eapply ThreadPool.init_inv;
eauto.
assert(
atom_bit x1 =
O).
inversion H0;
subst.
auto.
apply init_config_GE_wd in H0 as ?.
specialize (@
lang_wd_mod_wd _ _ _ _ _ _ _ H H0)
as ?.
apply p_star_race_np_star_race in H1;
auto.
destruct H1.
econstructor;
eauto.
Hsimpl.
assert(
x1 =
x3 \/
pc_valid_tid x1 (
cur_tid x3)).
revert H1 H2 H3 H4 H5;
clear;
intros.
induction H1;
auto.
apply GE_mod_wd_tp_inv in H as ?;
auto.
assert(
atom_bit s2 =
O).
inversion H;
auto.
Hsimpl.
destruct IHsw_star;
subst.
right.
inversion H;
split;
auto.
right.
inversion H;
subst.
destruct H7.
simpl in *;
subst.
split;
auto.
destruct H7.
subst.
econstructor 2;
eauto.
assert(
x2 =
cur_tid x1).
inversion H0;
auto.
subst.
eapply init_free in H7;
eauto.
econstructor 2;
eauto.
erewrite <-
swstar_l1;
eauto.
inversion HSafe;
subst.
eapply H6 in H0 as ?;
eauto.
split.
apply Safe_eq.
auto.
intros.
assert(
x2 =
cur_tid x1).
inversion H0;
auto.
subst.
eapply init_free in H0;
eauto.
eapply H6 in H0;
eauto.
apply Safe_eq;
auto.
Qed.
Definition drfpc {
ge}(
pc:@
ProgConfig ge):
Prop:=
~
star_race_config pc.
Lemma drf_drfpc:
forall NL L p gm ge pc t,
@
init_config NL L p gm ge pc t->
drf p ->
drfpc pc.
Proof.
Local Notation "{-|
PC ,
T }" := ({|
thread_pool :=
thread_pool PC;
cur_tid :=
T;
gm :=
gm PC;
atom_bit :=
atom_bit PC |}) (
at level 70,
right associativity).
Lemma NPDRF_config:
forall NL L p gm ge pc t,
npdrf p->
@
init_config NL L p gm ge pc t->
(
forall t,
GSimDefs.pc_valid_tid pc t->
npdrfpc ({-|
pc,
t})).
Proof.
intros.
assert(
t=
cur_tid pc).
inversion H0;
auto.
subst.
eapply init_free in H0;
eauto.
unfold npdrf in H.
unfold npdrfpc.
apply not_or_and.
intro.
contradict H.
destruct H2.
econstructor;
eauto.
econstructor 2;
eauto.
Qed.
Lemma NPSAFE_config:
forall NL L p gm ge pc t,
np_safe_prog p->
@
init_config NL L p gm ge pc t->
(
forall t,
GSimDefs.pc_valid_tid pc t->
np_safe_config ({-|
pc,
t})).
Proof.
intros.
assert(
t=
cur_tid pc).
inversion H0;
subst;
auto.
subst.
eapply init_free in H1;
eauto.
eapply H in H1;
eauto.
Qed.
Lemma NPDRF_DRF_Config:
forall NL L p gm ge pc t,
@
wd_langs NL L (
fst p) ->
init_config p gm ge pc t->
(
forall t,
GSimDefs.pc_valid_tid pc t->
np_safe_config ({-|
pc,
t}))->
(
forall t,
GSimDefs.pc_valid_tid pc t ->
npdrfpc ({-|
pc,
t}))->
drfpc pc.
Proof.
Lemma DRF_NPDRF_Config:
forall NL L p gm ge pc t,
@
wd_langs NL L (
fst p) ->
init_config p gm ge pc t ->
drfpc pc ->
npdrfpc pc.
Proof.
Lemma stepN_SN_split:
forall i ge l pc fp pc',
stepN ge glob_step (
S i)
pc l fp pc'->
exists l1 fp1 pc1 l2 fp2,
stepN ge glob_step i pc l1 fp1 pc1/\
glob_step pc1 l2 fp2 pc' /\
FP.union fp1 fp2 =
fp.
Proof.
induction i;
intros.
inversion H;
subst.
inversion H1;
subst.
Esimpl;
eauto.
constructor.
rewrite FP.union_comm_eq;
auto.
inversion H;
subst.
eapply IHi in H1;
eauto.
Hsimpl.
eapply stepN_cons in H3;
eauto.
Esimpl;
eauto.
rewrite <-
H2.
rewrite FP.fp_union_assoc;
auto.
Qed.
Lemma globstar_OI_split:
forall ge l pc fp pc',
star glob_step pc l fp pc'->
atom_bit pc =
O->
atom_bit pc' =
I->
exists l1 fp1 pc1 pc2 fp2,
star glob_step pc l1 fp1 pc1 /\
atom_bit pc1 =
O /\
type_glob_step entat pc1 tau FP.emp pc2 /\
tau_star (@
type_glob_step ge core)
pc2 fp2 pc' /\
FP.union fp1 fp2 =
fp.
Proof.
intros.
apply star_stepN in H as [].
revert ge l pc fp pc'
H H0 H1.
induction x;
intros.
inversion H;
subst.
rewrite H0 in H1;
inversion H1.
apply stepN_SN_split in H.
Hsimpl.
destruct (
atom_bit x2)
eqn:?.
{
apply type_glob_step_exists in H2 as [].
destruct x5;
try(
inversion H2;
subst;
simpl in *;
try rewrite H1 in Heqb;
inversion Heqb;
inversion H1;
fail).
assert(
x3 =
tau /\
x4 =
FP.emp).
inversion H2;
subst;
auto.
destruct H4;
subst.
Esimpl;
eauto.
eapply stepN_star;
eauto.
constructor.
}
{
eapply IHx in H;
eauto.
Hsimpl.
apply type_glob_step_exists in H2 as [].
apply corestar_tid_bit_preserve in H6 as ?.
destruct H8.
rewrite Heqb in H9.
destruct x10;
try(
inversion H2;
subst;
inversion Heqb;
inversion H9;
fail).
assert(
x3 =
tau).
inversion H2;
subst;
auto.
subst.
eapply tau_plus_1 with(
step:=
type_glob_step core)
in H2.
eapply tau_star_plus in H2;
eauto.
apply tau_plus2star in H2.
Esimpl;
eauto.
rewrite FP.fp_union_assoc;
auto.
inversion H2;
subst.
simpl in *;
subst.
inversion H1.
}
Qed.
Lemma star_abort_predicted_abort1:
forall ge pc l fp pc',
star glob_step pc l fp pc'->
cur_valid_id ge pc' ->
atom_bit pc =
O->
abort pc'->
exists l'
fp'
pc'',
star glob_step pc l'
fp'
pc''/\
predicted_abort1 ge pc''.
Proof.
intros.
destruct (
atom_bit pc')
eqn:?.
{
Esimpl;
eauto.
econstructor 2.
instantiate(1:=
pc').
destruct pc',
H0;
simpl in *;
subst;
econstructor;
eauto.
econstructor.
Esimpl;
eauto.
constructor.
}
{
apply globstar_OI_split in H;
auto.
Hsimpl.
Esimpl;
eauto.
econstructor;
eauto.
constructor.
unfold halfatomblock_abort,
halfatomblockstep.
Esimpl;
eauto.
}
Qed.
Lemma step_validid:
forall ge pc l fp pc',
GlobEnv.wd ge->
glob_step pc l fp pc'->
invpc ge pc->
ThreadPool.valid_tid pc.(
thread_pool)
pc.(
cur_tid) ->
ThreadPool.valid_tid pc'.(
thread_pool)
pc'.(
cur_tid).
Proof.
unfold invpc.
intros.
apply GE_mod_wd_tp_inv in H0 as ?;
auto.
inversion H0;
subst;
solv_thread;
solv_thread.
Qed.
Lemma star_validid:
forall ge pc l fp pc',
GlobEnv.wd ge->
star glob_step pc l fp pc'->
invpc ge pc->
ThreadPool.valid_tid pc.(
thread_pool)
pc.(
cur_tid) ->
ThreadPool.valid_tid pc'.(
thread_pool)
pc'.(
cur_tid).
Proof.
Lemma NPSafe_Safe':
forall NL L cus e,
@
wd_langs NL L cus ->
np_safe_prog (
cus,
e) ->
npdrf (
cus,
e) ->
safe_prog (
cus,
e).
Proof.
Lemma NPSafe_Safe_Config:
forall NL L cus e gm ge pc t,
@
wd_langs NL L cus ->
init_config (
cus,
e)
gm ge pc t->
(
forall t,
pc_valid_tid pc t->
np_safe_config ({-|
pc,
t}))->
(
forall t,
pc_valid_tid pc t->
npdrfpc ({-|
pc,
t}))->
safe_state glob_step abort pc.
Proof.
End PRace_Proof.