Require Import Footprint InteractionSemantics GAST GMemory
GlobDefs ETrace GlobSemantics GlobSemantics_Lemmas NPSemantics TypedSemantics .
Require Import DRF USimDRF NPDRF.
Require Import Classical Wf Arith ListDom.
Require Import FPLemmas PRaceLemmas Init SmileReorder ConflictReorder Init DRFLemmas SimEtr.
Local Notation "'<<'
i ','
c ','
sg ','
F '>>'" := {|
Core.i :=
i;
Core.c :=
c;
Core.sg :=
sg;
Core.F :=
F|} (
at level 60,
right associativity).
Local Definition pc_valid_tid {
ge}:= @
GSimDefs.pc_valid_tid ge.
Local Notation "{
A ,
B ,
C ,
D }" := {|
thread_pool:=
A;
cur_tid:=
B;
gm:=
C;
atom_bit:=
D|}(
at level 70,
right associativity).
Local Notation "{-|
PC ,
T }" := ({|
thread_pool :=
thread_pool PC;
cur_tid :=
T;
gm :=
gm PC;
atom_bit :=
atom_bit PC |}) (
at level 70,
right associativity).
This file consists of proofs and results on np-semantics and p-semantics:
- NP(S) refine P(S)
- DRF(S)/\Safe(S)/\WD_langs(S) -> P(S) refine NP(S)
Section Refinement.
Hypothesis init_free:
forall NL (
L:@
langs NL)(
p:
prog L)
gm ge pc t,
init_config p gm ge pc pc.(
cur_tid) ->
pc_valid_tid pc t->
init_config p gm ge ({-|
pc,
t})
t.
Definition p_np_config_refine {
ge:
GlobEnv.t}(
s:@
ProgConfig ge):
Prop:=
forall B,
Etr np_step np_abort final_state s B->
Etr glob_step abort final_state s B.
Definition p_np_prog_refine {
NL:
nat}{
L:@
langs NL}(
P:@
prog NL L):
Prop:=
forall gm ge pc,
init_config P gm ge pc pc.(
cur_tid) ->
p_np_config_refine pc.
Definition np_p_config_refine_weak {
ge:
GlobEnv.t}(
s:@
ProgConfig ge):
Prop:=
forall B,
Etr glob_step abort final_state s B->
exists t,
Etr np_step np_abort final_state ({-|
s,
t})
B /\
pc_valid_tid s t.
Definition np_p_prog_refine_weak {
NL:
nat}{
L:@
langs NL}(
P:@
prog NL L):
Prop:=
forall gm ge pc,
init_config P gm ge pc pc.(
cur_tid)->
np_p_config_refine_weak pc.
Lemma threadpool_spawn_domadd:
forall ge t mid c sg ,
let t' := @
ThreadPool.spawn ge t mid c sg in
ThreadPool.next_tid t' =
BinPos.Psucc (
ThreadPool.next_tid t).
Proof.
Lemma threadpool_init_domeq:
forall e ge1 ge2 t1 t2,
@
ThreadPool.init ge1 e t1->
@
ThreadPool.init ge2 e t2->
t1.(
ThreadPool.next_tid) =
t2.(
ThreadPool.next_tid).
Proof.
Lemma threadpool_init_domeq':
forall e ge1 ge2 t1 t2,
@
ThreadPool.init ge1 e t1->
@
ThreadPool.init ge2 e t2->
(
forall t,
ThreadPool.valid_tid t1 t<->
ThreadPool.valid_tid t2 t).
Proof.
Lemma switchable_glob_config_refine:
forall ge pc t,
@
pc_valid_tid ge pc pc.(
cur_tid)->
atom_bit pc =
O ->
forall B,
Etr glob_step abort final_state pc B->
Etr glob_step abort final_state ({-|
pc,
t})
B.
Proof.
Lemma Etr_cons_globsw:
forall ge pc pc',
@
glob_step ge pc sw FP.emp pc'->
forall B,
Etr glob_step abort final_state pc'
B->
Etr glob_step abort final_state pc B.
Proof.
Lemma init_pair_valid_tid:
forall NL L sc tc e sgm sge spc tgm tge tpc i i',
@
init_config NL L (
sc,
e)
sgm sge spc i->
@
init_config NL L (
tc,
e)
tgm tge tpc i'->
forall j,
pc_valid_tid spc j->
pc_valid_tid tpc j.
Proof.
Lemma P_NP_Refine_adjusted:
forall NL L scus tcus e,
@
np_prog_refine NL L (
scus,
e)(
tcus,
e)->
np_p_prog_refine_weak (
tcus,
e)->
p_np_prog_refine (
scus,
e)->
prog_refine (
scus,
e)(
tcus,
e).
Proof.
Lemma tau_np_p:
forall ge pc fp pc',
@
np_step ge pc tau fp pc'->
glob_step pc tau fp pc'.
Proof.
intros.
inversion H;subst.
econstructor;eauto.
econstructor 2;eauto.
econstructor 3;eauto.
econstructor 4;eauto.
econstructor 5;eauto.
Qed.
Lemma sw_np_p:
forall ge pc fp pc',
@
np_step ge pc sw fp pc'->
exists pc'',
glob_step pc tau fp pc'' /\
glob_step pc''
sw FP.emp pc'.
Proof.
intros.
inversion H;
subst.
exists ({
thdp',
t,
gm,
O}).
split.
econstructor 4;
eauto.
econstructor;
eauto.
exists ({
thdp',
t,
gm,
O}).
split.
econstructor 6;
eauto.
econstructor;
eauto.
Qed.
Lemma non_evt_star_equiv:
forall ge pc fp state',
non_evt_star (@
np_step ge)
pc fp state'->
non_evt_star glob_step pc fp state'.
Proof.
induction 1;
intros.
econstructor.
destruct H.
apply tau_np_p in H.
econstructor;
eauto.
apply sw_np_p in H as (?&?&?).
econstructor;
eauto.
rewrite <-
FP.emp_union_fp with(
fp:=
fp2).
econstructor;
eauto.
Qed.
Inductive non_evt_starN {
State:
Type}:(
State->
glabel->
FP.t->
State->
Prop)->
nat->
State->
FP.t->
State->
Prop:=
|
ne_star_refl:
forall step s,
@
non_evt_starN State step 0
s FP.emp s
|
ne_star_step:
forall step n s1 fp1 s2 fp2 s3,
step s1 tau fp1 s2 \/
step s1 sw fp1 s2 ->
@
non_evt_starN State step n s2 fp2 s3 ->
non_evt_starN step (
S n)
s1 (
FP.union fp1 fp2)
s3.
Lemma non_evt_star_N_equiv{
State:
Type}:
forall step s fp s',
@
non_evt_star State step s fp s' <->
exists n,
non_evt_starN step n s fp s'.
Proof.
split;
intros.
induction H.
exists 0;
constructor.
destruct IHnon_evt_star.
exists (
S x).
econstructor;
eauto.
destruct H.
induction H;
econstructor;
eauto.
Qed.
Lemma mem_eq_non_evt_starN:
forall ge pc pc',
(
forall ix,
mod_wd (
GlobEnv.modules ge ix))->
mem_eq_pc ge pc pc'->
forall i fp pc2,
non_evt_starN glob_step i pc fp pc2->
exists pc'',
non_evt_starN glob_step i pc'
fp pc'' /\
mem_eq_pc ge pc2 pc''.
Proof.
intros ge pc pc'
wd;
intros.
revert ge pc pc'
pc2 fp wd H H0.
induction i;
intros;
inversion H0;
subst.
eexists;
split;
eauto.
constructor.
assert(
exists l,
glob_step pc l fp1 s2 /\ (
l =
tau \/
l =
sw)).
destruct H2;
eauto.
destruct H1 as (?&?&?).
apply type_glob_step_exists in H1 as [].
eapply mem_eq_globstep in H1 as (?&?&?);
eauto.
eapply IHi in H4 as (?&?&?);
eauto.
eexists;
split;
eauto.
econstructor;
eauto.
destruct H3;
subst;
eapply type_glob_step_elim in H1;
eauto.
Qed.
Lemma non_evt_star_Sn_split{
State:
Type}:
forall step n s fp s',
@
non_evt_starN State step (
S n)
s fp s'->
exists fp1 fp2 s1,
non_evt_starN step n s fp1 s1 /\
(
step s1 tau fp2 s' \/
step s1 sw fp2 s') /\
FP.union fp1 fp2 =
fp.
Proof.
induction n;
intros.
exists FP.emp ,
fp,
s.
split.
constructor.
split.
inversion H;
subst.
inversion H3;
subst.
rewrite FP.fp_union_emp.
auto.
rewrite (
FP.emp_union_fp fp);
auto.
inversion H;
clear H;
subst.
apply IHn in H3.
destruct H3 as (?&?&?&?&?&?).
exists (
FP.union fp1 x),
x0,
x1.
split.
econstructor;
eauto.
split.
assumption.
rewrite <-
H2.
rewrite FP.fp_union_assoc.
reflexivity.
Qed.
Lemma non_evt_star_thdp_inv:
forall ge pc fp pc',
GlobEnv.wd ge->
ThreadPool.inv pc.(
thread_pool)->
non_evt_star (@
np_step ge)
pc fp pc'->
ThreadPool.inv pc'.(
thread_pool).
Proof.
Lemma no_npstep_no_globstep:
forall ge pc,
ThreadPool.inv pc.(
thread_pool)->
(
forall l fp pc',~ @
np_step ge pc l fp pc')->
(
forall l'
fp'
pc'',
glob_step pc l'
fp'
pc''->
l'=
sw).
Proof.
intros ge pc invthdp ? ? ? ? ?.
assert(~
exists l fp pc',
np_step pc l fp pc').
repeat (
apply all_not_not_ex;
intro);
eauto.
destruct l';
auto;
contradict H1.
eapply type_glob_step_exists in H0 as [];
eauto.
destruct x eqn:?;
try (
inversion H0;
subst;
fail);
try (
exists tau,
fp',
pc'';
eapply type_step_elim with(
t:=
x);
inversion H0;
subst;
econstructor;
eauto).
exists sw,
fp',
pc''.
inversion H0;
subst.
econstructor;
eauto.
eapply gettop_valid_tid in H_tp_core;
eauto.
eapply valid_tid_preserve;
eauto.
intro.
solv_thread.
inversion H0;
subst.
assert((
forall t',
ThreadPool.valid_tid thdp'
t'->
ThreadPool.halted thdp'
t') \/ ~ (
forall t',
ThreadPool.valid_tid thdp'
t'->
ThreadPool.halted thdp'
t')).
apply classic.
destruct H1.
exists tau,
FP.emp,({
thdp',
t,
gm,
O}).
econstructor 5;
eauto.
apply not_all_ex_not in H1 as [].
apply not_imply_elim2 in H1 as L1.
apply not_imply_elim in H1.
exists sw,
FP.emp,({
thdp',
x,
gm,
O}).
econstructor;
eauto.
exists (
evt v),
fp',
pc''.
inversion H0;
subst;
econstructor;
eauto.
eapply gettop_valid_tid in H_tp_core;
eauto.
eapply valid_tid_preserve;
eauto.
intro;
solv_thread.
Qed.
Lemma init_abort_np_p:
forall NL L P gm ge pc t,
@
init_config NL L P gm ge pc t->
np_abort pc->
abort pc.
Proof.
Definition np_accepted {
ge}(
pc:@
ProgConfig ge):
Prop:=
exists NL L P gm pc0,
@
init_config NL L P gm ge pc0 pc0.(
cur_tid) /\
exists l fp,
star np_step pc0 l fp pc.
Lemma np_accepted_inv_thdp:
forall ge pc,
@
np_accepted ge pc->
ThreadPool.inv pc.(
thread_pool).
Proof.
Fixpoint add(
l:
list glabel)(
l':
glabel):
list glabel:=
match l with
|
nil =>
cons l'
nil
|
cons x y =>
cons x (
add y l')
end.
Lemma star_npstep_inv:
forall ge pc l fp pc',
star (@
np_step ge)
pc l fp pc'->
(
pc =
pc' /\
l =
nil /\
fp=
FP.emp) \/
(
exists pc''
l'
fp'
l''
fp'',
star np_step pc l'
fp'
pc'' /\
np_step pc''
l''
fp''
pc' /\
l =
add l'
l'' /\
fp =
FP.union fp'
fp'').
Proof.
induction 1.
left;
auto.
destruct IHstar.
destruct H1 as (?&?&?);
subst.
right.
do 6
eexists.
constructor.
split;
eauto.
rewrite FP.union_comm_eq;
auto.
destruct H1 as (?&?&?&?&?&?&?&?&?).
right.
do 6
eexists.
econstructor 2;
eauto.
split;
eauto.
split.
rewrite H3;
auto.
rewrite <-
FP.fp_union_assoc.
rewrite H4;
auto.
Qed.
Lemma star_abort_np_p:
forall ge pc,
@
np_accepted ge pc->
np_abort pc->
abort pc.
Proof.
intros.
apply np_accepted_inv_thdp in H as inv1.
pose proof H as L1.
destruct H as (
NL&
L&
P&
gm&
pc0&
init&
l&
fp&
star1).
apply star_npstep_inv in star1.
destruct star1.
destruct H as (?&?&?);
subst.
eapply init_abort_np_p;
eauto.
destruct H as (
pc''&
l'&
fp'&
l''&
fp''&
star1&
step1&
_).
split.
intro.
apply type_step_exists in step1 as [
x step1].
destruct x;
try(
inversion step1;
subst;
simpl in *;
try contradiction;
solv_thread;
solv_thread;
fail).
destruct H0;
contradict H0.
econstructor;
eauto;
intros.
inversion step1;
subst;
auto.
eapply no_npstep_no_globstep;
eauto.
destruct H0;
auto.
Qed.
Lemma sw_diverge:
forall State step s s',
@
silent_diverge State step s'->
step s sw FP.emp s'->
silent_diverge step s.
Proof.
intros.
inversion H;subst.
econstructor;eauto.
econstructor;eauto.
Qed.
Inductive lstep{
ge}:@
Step ge->@
Step ge:=
|
build:
forall step s0 s1 fp s2,
sw_star step s0 s1->
step s1 tau fp s2 ->
lstep step s0 tau fp s2.
Lemma sw_star_lstep_lemma{
ge}:
forall (
step:@
Step ge)
s s',
sw_star (
lstep step)
s s'->
s=
s'.
Proof.
induction 1;auto. inversion H. Qed.
Inductive tau_plus'{
ge}:@
Step ge->@
Step ge:=
|
plus'
_1:
forall (
step:
Step ge)
s fp s',
step s tau fp s'->
tau_plus'
step s tau fp s'
|
plus'
_cons:
forall (
step:
Step ge)
s fp s'
fp'
s'',
step s tau fp s'->
tau_plus'
step s'
tau fp'
s''->
tau_plus'
step s tau (
FP.union fp fp')
s''.
Lemma sw_star_tau_plus'
_lemma{
ge}:
forall (
step:@
Step ge)
s s',
sw_star (
tau_plus'
step)
s s'->
s=
s'.
Proof.
induction 1;auto. inversion H. Qed.
Lemma silent_diverge_lstep_equiv{
ge}:
forall (
step:@
Step ge)
s,
silent_diverge step s<->
silent_diverge (
lstep step)
s.
Proof.
split;
revert step s;
cofix;
intros.
inversion H;
subst.
econstructor;
eauto.
constructor.
econstructor;
eauto.
inversion H;
subst.
apply sw_star_lstep_lemma in H0;
subst.
inversion H1;
subst.
econstructor;
eauto.
Qed.
Lemma sw_lstep_cons{
ge}:
forall (
step:@
Step ge)
s s'
fp s'',
step s sw FP.emp s'->
lstep step s'
tau fp s''->
lstep step s tau fp s''.
Proof.
intros.
inversion H0;subst.
econstructor. econstructor 2. eauto. eauto. eauto.
Qed.
Lemma lnpstep_taupluslglobstep{
ge}:
forall s fp s',
lstep (@
np_step ge)
s tau fp s'->
tau_plus' (
lstep glob_step)
s tau fp s'.
Proof.
inversion 1;
subst.
clear H.
induction H0.
apply tau_np_p in H1.
econstructor.
econstructor.
constructor.
eauto.
specialize (
IHsw_star H1).
apply sw_np_p in H as (?&?&?).
assert(
lstep glob_step s1 tau FP.emp x).
econstructor;[
constructor|
eauto].
inversion IHsw_star;
subst;
eapply sw_lstep_cons in H4;
eauto.
rewrite<-
FP.emp_union_fp with(
fp:=
fp).
econstructor 2;
eauto.
constructor;
auto.
rewrite <-
FP.emp_union_fp with (
fp:=(
FP.union fp0 fp')).
econstructor 2.
eauto.
econstructor 2;
eauto.
Qed.
Lemma silent_diverge_lstep_npstep_tauplus_lstep_pstep{
ge}:
forall s,
silent_diverge (
lstep (@
np_step ge))
s->
silent_diverge (
tau_plus'(
lstep glob_step))
s.
Proof.
Lemma tauplus'
_diverge_inv{
ge}:
forall (
step:@
Step ge)
s,
silent_diverge (
tau_plus'
step)
s ->
exists s'
fp,
step s tau fp s' /\
silent_diverge (
tau_plus'
step)
s'.
Proof.
inversion 1;subst.
apply sw_star_tau_plus'_lemma in H0;subst.
inversion H1;subst. eauto.
exists s'0,fp. split;auto.
econstructor;eauto. constructor.
Qed.
Lemma tau_plus'
_diverge_lemma{
ge}:
forall (
step:@
Step ge)
s,
silent_diverge (
tau_plus'
step)
s->
silent_diverge step s.
Proof.
cofix.
intros.
apply tauplus'_diverge_inv in H.
destruct H as (?&?&?&?).
econstructor. constructor. eauto. auto.
Qed.
Lemma silent_diverge_np_p{
ge}:
forall pc,
silent_diverge (@
np_step ge)
pc ->
silent_diverge glob_step pc.
Proof.
Lemma Etr_p_sw{
ge}:
forall pc B t,
Etr (@
glob_step ge)
abort final_state pc B->
glob_step ({-|
pc,
t})
sw FP.emp pc ->
Etr glob_step abort final_state ({-|
pc,
t})
B.
Proof.
intros.
case B eqn:?.
{
inversion H.
econstructor;
eauto.
instantiate (1:=(
FP.union FP.emp fp)).
econstructor;
eauto.
}
{
inversion H.
econstructor;
eauto.
instantiate (1:=(
FP.union FP.emp fp)).
econstructor;
eauto.
}
{
inversion H.
econstructor;
eauto.
inversion H1;
subst.
econstructor;
eauto.
econstructor;
eauto.
}
{
inversion H;
subst.
econstructor 4
with(
fp:=(
FP.union FP.emp fp)).
econstructor;
eauto.
eauto.
eauto.
}
Qed.
Lemma np_evtstep_inv:
forall ge pc v pc',
@
np_step ge pc (
evt v)
FP.emp pc'->
glob_step pc (
evt v)
FP.emp ({-|
pc',
cur_tid pc}) /\
glob_step ({-|
pc',
cur_tid pc})
sw FP.emp pc'.
Proof.
inversion 1;subst;split;econstructor;eauto. Qed.
Lemma np_accepted_add_step:
forall ge pc l fp pc',
@
np_accepted ge pc->
np_step pc l fp pc'->
np_accepted pc'.
Proof.
intros.
destruct H as (?&?&?&?&?&?&?&?&?).
do 6
eexists;
eauto.
eapply cons_star_step in H0;
eauto.
Qed.
Lemma np_accepted_add_star:
forall ge pc l fp pc',
@
np_accepted ge pc->
star np_step pc l fp pc'->
np_accepted pc'.
Proof.
Lemma Etr_np_p_done:
forall ge pc,
Etr (@
np_step ge)
np_abort final_state pc Behav_done->
Etr glob_step abort final_state pc Behav_done.
Proof.
Lemma Etr_np_p_diverge:
forall ge pc,
Etr (@
np_step ge)
np_abort final_state pc Behav_diverge->
Etr glob_step abort final_state pc Behav_diverge.
Proof.
Lemma Etr_np_p_abort:
forall ge pc,
@
np_accepted ge pc->
Etr (@
np_step ge)
np_abort final_state pc Behav_abort->
Etr glob_step abort final_state pc Behav_abort.
Proof.
Lemma Etr_np_cons_inv:
forall ge pc v b,
np_accepted pc->
Etr (@
np_step ge)
np_abort final_state pc (
Behav_cons v b)->
exists fp pc'
pc'',
non_evt_star np_step pc fp pc'/\
np_step pc' (
evt v)
FP.emp pc'' /\
Etr np_step np_abort final_state pc''
b /\
np_accepted pc''.
Proof.
Inductive limited_etr {
ge}:
nat->@
Step ge->(@
ProgConfig ge->
Prop)->(@
ProgConfig ge->
Prop)-> @
ProgConfig ge->
behav->
Prop:=
|
done_0:
forall step abort final pc,
Etr step abort final pc Behav_done->
limited_etr 0
step abort final pc Behav_done
|
abort_0:
forall step abort final pc,
Etr step abort final pc Behav_abort->
limited_etr 0
step abort final pc Behav_abort
|
diverge_0:
forall step abort final pc,
Etr step abort final pc Behav_diverge->
limited_etr 0
step abort final pc Behav_diverge
|
cons':
forall step abort final pc fp pc'
pc''
v i b,
limited_etr i step abort final pc''
b->
non_evt_star step pc fp pc'->
step pc' (
evt v)
FP.emp pc'' ->
limited_etr (
S i)
step abort final pc (
Behav_cons v b).
Lemma limited_etr_npetr:
forall ge i pc b,
@
limited_etr ge i np_step np_abort final_state pc b->
Etr np_step np_abort final_state pc b.
Proof.
induction i;intros.
inversion H;subst;auto.
inversion H;subst.
econstructor;eauto.
Qed.
Lemma Etr_np_p_limited:
forall ge i pc b,
@
np_accepted ge pc->
limited_etr i np_step np_abort final_state pc b->
Etr glob_step abort final_state pc b.
Proof.
CoInductive inf_etr {
ge}(
step:@
Step ge)(
abort final:@
ProgConfig ge->
Prop):@
ProgConfig ge->
behav->
Prop:=
|
build_infetr:
forall pc fp pc'
v pc''
b,
inf_etr step abort final pc''
b->
non_evt_star step pc fp pc'->
step pc' (
evt v)
FP.emp pc'' ->
inf_etr step abort final pc (
Behav_cons v b).
Definition inf_etr_alt {
ge}(
step:@
Step ge)(
abort final:@
ProgConfig ge->
Prop)(
pc:@
ProgConfig ge)(
b:
behav):
Prop:=
Etr step abort final pc b /\ ~
exists i,
limited_etr i step abort final pc b.
Lemma inf_etr_alt_inv:
forall ge step abort final pc b,
@
inf_etr_alt ge step abort final pc b->
exists fp pc'
pc''
v b',
b =
Behav_cons v b' /\
non_evt_star step pc fp pc' /\
step pc' (
evt v)
FP.emp pc'' /\
inf_etr_alt step abort final pc''
b'.
Proof.
destruct 1.
inversion H;
subst;
try (
contradict H0;
exists 0;
econstructor;
eauto;
fail).
exists fp,
state',
state'',
v,
B'.
unfold inf_etr_alt.
repeat try match goal with H:
_|-
_/\
_=>
split end;
auto.
intro L;
contradict H0;
destruct L;
eexists;
econstructor;
eauto.
Qed.
Lemma inf_etr_alt_sound:
forall ge step abort final pc b,
@
inf_etr_alt ge step abort final pc b->
inf_etr step abort final pc b.
Proof.
cofix.
intros.
apply inf_etr_alt_inv in H as (
fp&
pc'&
pc''&
v&
b'&
eq&
nstar1&
step1&
inf').
subst.
econstructor;
eauto.
Qed.
CoInductive inf_etr_alt2 {
ge}(
step:@
Step ge)(
abort final:@
ProgConfig ge->
Prop):@
ProgConfig ge->
behav->
Prop:=
|
build_infetr':
forall pc fp pc'
v pc''
pc'''
b,
inf_etr_alt2 step abort final pc'''
b->
non_evt_star step pc fp pc'->
step pc' (
evt v)
FP.emp pc'' ->
step pc''
sw FP.emp pc''' ->
inf_etr_alt2 step abort final pc (
Behav_cons v b).
Lemma sw_step_non_evt_star:
forall ge (
step:@
Step ge)
s s',
step s sw FP.emp s'->
non_evt_star step s FP.emp s'.
Proof.
Lemma non_evt_star_cons_inf_etr_alt2:
forall ge (
step:@
Step ge)
s fp s'
b abort final,
non_evt_star step s fp s'->
inf_etr_alt2 step abort final s'
b->
inf_etr_alt2 step abort final s b.
Proof.
Lemma inf_etr_alt2_p:
forall ge a f pc b,
GlobEnv.wd ge->
invpc ge pc->
inf_etr glob_step a f pc b->
@
inf_etr_alt2 ge glob_step a f pc b.
Proof.
Lemma inf_etr_alt2_sound:
forall ge step abort final pc b,
@
inf_etr_alt2 ge step abort final pc b->
inf_etr step abort final pc b.
Proof.
Lemma np_inf_etr_glob_inf_etr_alt2:
forall ge pc b,
@
inf_etr ge np_step np_abort final_state pc b->
inf_etr_alt2 glob_step abort final_state pc b.
Proof.
Lemma inf_etr_np_p:
forall ge pc b,
@
inf_etr ge np_step np_abort final_state pc b->
inf_etr glob_step abort final_state pc b.
Proof.
Lemma inf_etr_etr:
forall ge step abort final pc b,
@
inf_etr ge step abort final pc b->
Etr step abort final pc b.
Proof.
cofix.
intros.
inversion H;subst.
econstructor;eauto.
Qed.
Lemma Etr_np_p:
forall ge pc b,
@
np_accepted ge pc->
Etr np_step np_abort final_state pc b->
Etr glob_step abort final_state pc b.
Proof.
Lemma p_np_refine{
NL}{
L}:
forall P,@
p_np_prog_refine NL L P.
Proof.
Definition drf_pc{
ge:
GlobEnv.t} (
pc:@
ProgConfig ge):=
exists NL L p gm,
drfpc pc /\ @
init_config NL L p gm ge pc pc.(
cur_tid) /\
wd_langs (
fst p) /\
safe_state glob_step abort pc.
Definition drf_pc_glob {
ge}(
pc:@
ProgConfig ge):=
atom_bit pc =
O /\
exists pc0 l fp,
drf_pc pc0 /\
star glob_step pc0 l fp pc.
Lemma drf_pc_glob_cons:
forall ge pc l fp pc',
@
drf_pc_glob ge pc->
star glob_step pc l fp pc'->
atom_bit pc' =
O ->
drf_pc_glob pc'.
Proof.
Lemma drf_pc_glob_l1:
forall ge pc,
@
drf_pc_glob ge pc->
ThreadPool.inv pc.(
thread_pool)/\
GlobEnv.wd ge.
Proof.
Lemma drf_pc_glob_l2:
forall ge pc,
@
drf_pc_glob ge pc->
(
forall ix,
mod_wd (
GlobEnv.modules ge ix)).
Proof.
unfold drf_pc_glob;
intros.
destruct H as (?&?&?&?&?&?).
destruct H0 as (?&?&?&?&?&?&?).
eapply lang_wd_mod_wd;
eauto.
Hsimpl;
eauto.
Qed.
Lemma stepN_SN_split_weak:
forall i ge pc l fp pc',
stepN ge glob_step (
S i)
pc l fp pc'->
exists l1 fp1 pc1,
stepN ge glob_step i pc l1 fp1 pc1 /\
exists l2 fp2,
glob_step pc1 l2 fp2 pc'.
Proof.
induction i;
intros.
exists nil,
FP.emp,
pc.
split.
constructor.
inversion H;
subst.
inversion H1;
subst.
eauto.
inversion H;
subst.
eapply IHi in H1 as (?&?&?&?&?&?&?).
eapply stepN_cons in H3;
eauto.
repeat eexists;
eauto.
Qed.
Lemma valid_tid_preserve':
forall ge pc l fp pc',
GlobEnv.wd ge->
ThreadPool.inv pc.(
thread_pool)->
@
glob_step ge pc l fp pc'->
ThreadPool.valid_tid pc'.(
thread_pool)
pc'.(
cur_tid) \/
ThreadPool.halted pc'.(
thread_pool)
pc'.(
cur_tid).
Proof.
intros.
eapply GE_mod_wd_tp_inv in H0 as ?;
eauto.
inversion H1;
subst;
simpl;
try(
left;
auto;
eapply gettop_valid_tid;
solv_thread;
solv_thread;
fail);
try (
right;
auto;
fail).
Qed.
Lemma pc_glob_l3:
forall NL L p gm ge pc0 pc l fp,
@
init_config NL L p gm ge pc0 pc0.(
cur_tid)->
star glob_step pc0 l fp pc->
ThreadPool.valid_tid pc.(
thread_pool)
pc.(
cur_tid)\/
ThreadPool.halted pc.(
thread_pool)
pc.(
cur_tid).
Proof.
Definition non_evt_thrd_globstar (
ge:
GlobEnv.t)(
pc:@
ProgConfig ge)(
fp:
FP.t)(
pc':@
ProgConfig ge):
Prop:=
exists i l fp1 pc1,
atomblockstarN ge i l pc fp1 pc1 /\
exists fp2,
tau_star glob_npnsw_step pc1 fp2 pc' /\
FP.union fp1 fp2 =
fp.
Lemma atomblockstep_star:
forall ge pc fp pc'
l0,
atomblockstep ge pc l0 fp pc'->
exists l,
star glob_step pc l fp pc'.
Proof.
Lemma swstar_star:
forall ge pc pc',
sw_star (@
glob_step ge)
pc pc'->
exists l,
star glob_step pc l FP.emp pc'.
Proof.
induction 1;
intros.
eexists;
econstructor.
destruct IHsw_star.
eapply star_step in H1;
eauto.
rewrite FP.fp_union_emp in H1.
eauto.
Qed.
Lemma atomblockstarN_star:
forall ge i l pc fp pc',
atomblockstarN ge i l pc fp pc'->
exists l',
star glob_step pc l'
fp pc'.
Proof.
Lemma non_evt_thrd_globstar_star:
forall ge pc fp pc',
@
non_evt_thrd_globstar ge pc fp pc'->
exists l,
star glob_step pc l fp pc'.
Proof.
Lemma pc_valid_tid_nonevtstar_cons_evtstep:
forall ge pc fp pc'
v pc'',
drf_pc_glob pc->
non_evt_star (@
glob_step ge)
pc fp pc'->
glob_step pc' (
evt v)
FP.emp pc''->
pc_valid_tid pc (
cur_tid pc'').
Proof.
Definition drf_pc_glob_weak (
ge:
GlobEnv.t)(
pc:@
ProgConfig ge):=
exists p l fp,
drf_pc p /\
star glob_step p l fp pc.
Lemma drf_pc_glob_weaken:
forall ge pc,
drf_pc_glob pc->
drf_pc_glob_weak ge pc.
Proof.
destruct 1;auto. Qed.
Lemma drf_pc_glob_strengthen:
forall ge pc,
drf_pc_glob_weak ge pc ->
atom_bit pc =
O->
drf_pc_glob pc.
Proof.
destruct 1 as (?&?&?&?&?);intro;split;eauto. Qed.
Lemma non_evt_star_IO:
forall ge pc fp pc',
non_evt_star (@
glob_step ge)
pc fp pc'->
atom_bit pc =
I->
atom_bit pc' =
O->
exists fp1 pc1,
tau_star (
type_glob_step core)
pc fp1 pc1 /\
exists pc2,
type_glob_step extat pc1 tau FP.emp pc2 /\
exists fp2,
non_evt_star glob_step pc2 fp2 pc' /\
FP.union fp1 fp2 =
fp.
Proof.
induction 1;
intros.
rewrite H in H0;
inversion H0.
destruct H.
destruct (
atom_bit s2)
eqn:?.
apply type_glob_step_exists in H as [].
destruct x;
try(
inversion H;
simpl in *;
subst;
simpl in *;
subst;
inversion H1;
inversion Heqb;
fail);
auto.
assert(
fp1=
FP.emp).
inversion H;
auto.
subst.
exists FP.emp,
s1.
split.
constructor.
exists s2.
split;
auto.
exists fp2.
split;
auto.
assert(
I=
I).
auto.
specialize (
IHnon_evt_star H3 H2)
as (?&?&?&?&?&?&?&?).
exists (
FP.union fp1 x),
x0.
split.
econstructor;
eauto.
inversion H;
subst;
simpl in *;
subst;
inversion H1;
try inversion Heqb;
econstructor;
eauto.
eexists;
split;
eauto.
eexists;
split;
eauto.
rewrite <-
H7.
rewrite FP.fp_union_assoc;
auto.
inversion H;
subst.
inversion H1.
Qed.
Lemma non_evt_starN_IO:
forall ge i pc fp pc',
non_evt_starN (@
glob_step ge)
i pc fp pc'->
atom_bit pc =
I->
atom_bit pc' =
O->
exists j fp1 pc1,
tau_N (
type_glob_step core)
j pc fp1 pc1 /\
j <=
i /\
exists pc2,
type_glob_step extat pc1 tau FP.emp pc2 /\
exists fp2,
non_evt_starN glob_step (
i-
j-1)
pc2 fp2 pc' /\
FP.union fp1 fp2 =
fp.
Proof.
induction i;
intros;
inversion H;
subst.
rewrite H0 in H1.
inversion H1.
destruct H3.
destruct (
atom_bit s2)
eqn:?.
apply type_glob_step_exists in H2 as [].
destruct x;
try(
inversion H2;
simpl in *;
subst;
simpl in *;
subst;
inversion H0;
inversion Heqb;
fail);
auto.
inversion H2;
subst.
simpl in *;
subst.
inversion Heqb.
assert(
fp1=
FP.emp).
inversion H2;
auto.
subst.
exists 0,
FP.emp,
pc.
split.
constructor.
split.
Omega.omega.
exists s2.
split;
auto.
exists fp2.
split;
auto.
simpl.
assert(
i-0=
i).
Omega.omega.
rewrite H3;
auto.
specialize (
IHi _ _ _ H5 Heqb H1)
as (?&?&?&?&?&?&?&?&?&?).
exists (
S x),(
FP.union fp1 x0),
x1.
split.
econstructor;
eauto.
inversion H2;
subst;
inversion H0;
inversion Heqb.
econstructor;
eauto.
split.
Omega.omega.
eexists;
split;
eauto.
eexists;
split;
eauto.
rewrite <-
H8.
rewrite FP.fp_union_assoc;
auto.
inversion H2;
subst.
inversion H0.
Qed.
Lemma tau_star_IO:
forall ge pc fp pc',
tau_star (@
glob_step ge)
pc fp pc'->
atom_bit pc =
I->
atom_bit pc' =
O->
exists fp1 pc1,
tau_star (
type_glob_step core)
pc fp1 pc1/\
exists pc2,
type_glob_step extat pc1 tau FP.emp pc2/\
exists fp2,
tau_star glob_step pc2 fp2 pc'/\
FP.union fp1 fp2=
fp.
Proof.
induction 1;
intros.
rewrite H in H0;
inversion H0.
destruct (
atom_bit s')
eqn:?.
apply type_glob_step_exists in H as [].
destruct x;
try(
inversion H;
simpl in *;
subst;
simpl in *;
subst;
inversion H1;
inversion Heqb;
fail);
auto.
assert(
fp=
FP.emp).
inversion H;
auto.
subst.
exists FP.emp,
s.
split.
constructor.
exists s'.
split;
auto.
exists fp'.
split;
auto.
assert(
I=
I).
auto.
specialize (
IHtau_star H3 H2)
as (?&?&?&?&?&?&?&?).
exists (
FP.union fp x),
x0.
split.
econstructor;
eauto.
apply type_glob_step_exists in H as [].
destruct x3;
inversion H;
subst;
inversion Heqb;
inversion H1;
auto.
eexists;
split;
eauto.
eexists;
split;
eauto.
rewrite <-
H7.
rewrite FP.fp_union_assoc;
auto.
Qed.
Lemma tau_N_IO:
forall i ge pc fp pc',
tau_N (@
glob_step ge)
i pc fp pc'->
atom_bit pc =
I->
atom_bit pc' =
O->
exists j fp1 pc1,
tau_N (
type_glob_step core)
j pc fp1 pc1/\
j <
i /\
exists pc2,
type_glob_step extat pc1 tau FP.emp pc2/\
exists fp2,
tau_N glob_step (
i-
j-1)
pc2 fp2 pc'/\
FP.union fp1 fp2=
fp.
Proof.
induction i;
intros.
inversion H;
subst.
rewrite H0 in H1.
inversion H1.
inversion H;
subst.
destruct (
atom_bit s')
eqn:?.
apply type_glob_step_exists in H3 as [].
destruct x;
try(
inversion H2;
simpl in *;
subst;
simpl in *;
subst;
inversion H0;
inversion Heqb;
fail);
auto.
inversion H2;
subst;
simpl in *;
subst.
inversion Heqb.
assert(
fp0=
FP.emp).
inversion H2;
auto.
subst.
exists 0,
FP.emp,
pc.
split.
constructor.
split.
Omega.omega.
exists s'.
split;
auto.
exists fp'.
split;
auto.
assert(
S i - 0 - 1 =
i).
Omega.omega.
rewrite H3;
auto.
specialize (
IHi _ _ _ _ H4 Heqb H1)
as (?&?&?&?&?&?&?&?&?&?).
apply type_glob_step_exists in H3 as [].
destruct x4;
try(
inversion H3;
simpl in *;
subst;
simpl in *;
subst;
inversion H0;
inversion Heqb;
fail);
auto.
exists (
S x),(
FP.union fp0 x0),
x1.
split.
econstructor;
eauto.
split.
Omega.omega.
eexists;
split;
eauto.
eexists;
split;
eauto.
rewrite <-
H8.
rewrite FP.fp_union_assoc;
auto.
Qed.
Lemma drf_pc_glob_stepfpsmile:
forall ge pc fp pc'
t fp'
pc'',
@
drf_pc_glob ge pc->
glob_step pc tau fp pc'->
t <>
cur_tid pc->
glob_step ({-|
pc',
t})
tau fp'
pc''->
FP.smile fp fp'.
Proof.
Lemma type_glob_step_atomOpreserve:
forall ge i pc l fp pce,
@
type_glob_step ge i pc l fp pce->
atom_bit pce =
atom_bit pc->
forall GE pc'
l'
fp'
pc'',
@
type_glob_step GE i pc'
l'
fp'
pc''->
atom_bit pc'' =
atom_bit pc'.
Proof.
intros;destruct i;inversion H;simpl in *;subst;inversion H0;inversion H1;subst;auto. Qed.
Lemma tid_change_bit_eq:
forall ge (
pc:@
ProgConfig ge)
t,
atom_bit ({-|
pc,
t}) =
atom_bit pc.
Proof.
destruct pc;auto. Qed.
Lemma drf_pc_glob_taustep_ex:
forall ge pc fp pc'
t fp'
pc'',
drf_pc_glob pc->
glob_step pc tau fp pc'->
t <>
cur_tid pc->
glob_step ({-|
pc',
t})
tau fp'
pc''->
atom_bit pc' =
O ->
atom_bit pc'' =
O->
exists pc1,
glob_step ({-|
pc,
t})
tau fp'
pc1/\
atom_bit pc1 =
O /\
exists pc2,
glob_step ({-|
pc1,
cur_tid pc})
tau fp pc2 /\
mem_eq_pc ge pc'' ({-|
pc2,
t}) /\
drf_pc_glob pc2.
Proof.
Lemma drf_pc_glob_taustep_halfatomblock_fpsmile:
forall ge pc fp pc'
t pc1 fp2 pc2,
@
drf_pc_glob ge pc->
glob_step pc tau fp pc'->
t <>
cur_tid pc->
type_glob_step entat ({-|
pc',
t})
tau FP.emp pc1 ->
tau_star (
type_glob_step core)
pc1 fp2 pc2->
FP.smile fp fp2.
Proof.
Lemma drf_pc_glob_taustep_atomblock_ex:
forall ge pc fp pc'
t pc1 i fp2 pc2 pc3,
@
drf_pc_glob ge pc->
glob_step pc tau fp pc'->
atom_bit pc' =
O->
t <>
cur_tid pc->
type_glob_step entat ({-|
pc',
t})
tau FP.emp pc1->
tau_N (
type_glob_step core)
i pc1 fp2 pc2->
type_glob_step extat pc2 tau FP.emp pc3->
exists pc1',
type_glob_step entat ({-|
pc,
t})
tau FP.emp pc1'/\
exists pc2',
tau_N (
type_glob_step core)
i pc1'
fp2 pc2'/\
exists pc3',
type_glob_step extat pc2'
tau FP.emp pc3'/\
exists pc4',
glob_step ({-|
pc3',
cur_tid pc})
tau fp pc4' /\
mem_eq_pc ge pc3 ({-|
pc4',
cur_tid pc3}) /\
drf_pc_glob pc3'.
Proof.
Lemma drf_pc_glob_taustep_taustar_ex:
forall x ge pc fp pc'
t fp2 pc'',
@
drf_pc_glob ge pc->
glob_step pc tau fp pc'->
atom_bit pc' =
O ->
tau_N glob_step x ({-|
pc',
t})
fp2 pc''->
atom_bit pc'' =
O->
t <>
cur_tid pc->
exists pc1,
tau_N glob_step x ({-|
pc,
t})
fp2 pc1 /\
atom_bit pc1 =
O /\
exists pc2,
glob_step ({-|
pc1,
cur_tid pc})
tau fp pc2 /\
atom_bit pc2 =
O /\
mem_eq_pc ge pc'' ({-|
pc2,
t})/\
drf_pc_glob pc2.
Proof.
induction x using (
well_founded_induction lt_wf);
intros.
specialize (
drf_pc_glob_l2 _ _ H0)
as modwdge.
apply drf_pc_glob_l1 in H0 as L1.
destruct L1 as [
invpc wdge].
inversion H3;
subst.
{
exists ({-|
pc,
t}).
split.
constructor.
split.
inversion H0.
destruct pc;
simpl in*;
auto.
exists pc'.
simpl.
rewrite pc_cur_tid.
split;
auto.
split;
auto.
split;[
apply mem_eq_pc_refl|].
eapply drf_pc_glob_cons;
eauto.
eapply star_step;
eauto.
constructor.
}
{
destruct (
atom_bit s')
eqn:?.
{
eapply drf_pc_glob_taustep_ex in H1 as L1;
eauto.
destruct L1 as (?&?&?&?&?&?&?).
eapply mem_eq_glob_tauN in H11 as L1;
eauto.
destruct L1 as (?&?&?).
assert(
n<
S n).
auto.
assert(
R1:
drf_pc_glob x).
assert(
glob_step pc sw FP.emp ({-|
pc,
t})).
apply globstep_pc_valid_curtid in H8;
auto.
destruct H0,
pc,
H8;
simpl in *;
subst;
econstructor;
eauto.
intro contra;
inversion contra.
eapply drf_pc_glob_cons in H0;
eauto.
do 2 (
eapply star_step;
eauto).
constructor.
inversion H12 as (?&
_).
assert(
atom_bit x1 =
O).
destruct H14 as (?&?&?&?).
congruence.
assert(
R2:
drf_pc_glob ({-|
x,
cur_tid pc})).
assert(
glob_step x sw FP.emp ({-|
x,
cur_tid pc})).
apply globstep_pc_valid_curtid in H10;
auto.
destruct x,
H10;
simpl in *;
subst;
econstructor;
eauto.
apply drf_pc_glob_l1 in R1 as [];
auto.
intro contra;
inversion contra.
eapply drf_pc_glob_cons;
eauto.
eapply star_step;
eauto.
constructor.
specialize (
H n H15 _ _ _ _ _ _ _ R2 H10 H16 H13 H17 H5).
destruct H as (?&?&?&?&?&?&?&?&?&?&?&?&?).
simpl in *.
assert(
cur_tid x =
t).
inversion H8;
auto.
subst.
rewrite pc_cur_tid in H.
exists x2.
split;
econstructor;
eauto.
eexists;
split;
eauto.
split;
auto.
split;
auto.
eapply mem_eq_pc_trans;
eauto.
apply tauN_taustar in H.
apply tau_star_to_star in H as [].
eapply drf_pc_glob_cons in H;
eauto.
apply drf_pc_glob_l1 in H as L.
destruct L.
apply globstep_pc_valid_curtid in H19 as L1;
auto.
assert(
glob_step x2 sw FP.emp ({-|
x2,
cur_tid pc})).
destruct x2,
L1;
simpl in *;
subst;
econstructor;
eauto.
eapply drf_pc_glob_cons in H;
eauto.
eapply star_step.
eauto.
eapply star_step;
eauto.
constructor.
intro contra;
inversion contra.
}
{
apply type_glob_step_exists in H6 as [].
destruct x;
try(
inversion H6;
subst;
simpl in *;
subst;
inversion H2;
inversion Heqb;
fail).
inversion H6;
subst.
simpl in *.
rewrite H2 in Heqb;
inversion Heqb.
eapply tau_N_IO in H7 ;
eauto.
destruct H7 as (?&
fp1&
pc1&
star1&?&
pc2&
extstep&
fp2&
star2&
fpunion).
assert(
tau_star (
type_glob_step core)
s'
fp1 pc1).
eapply tau_star_tau_N_equiv;
eauto.
assert(
fp0=
FP.emp).
inversion H6;
auto.
rewrite H9 in *;
clear H9.
eapply drf_pc_glob_taustep_atomblock_ex in H1 as L;
eauto.
destruct L as (
pc1'&
ent1'&
pc2'&
star1'&
pc3'&
ext1'&
pc4'&
step'&
eq'&
drf').
assert(
n-
x-1<
S n).
Omega.omega.
assert(
drf_pc_glob ({-|
pc3',
cur_tid pc})).
assert(
glob_step pc3'
sw FP.emp ({-|
pc3',
cur_tid pc})).
apply globstep_pc_valid_curtid in step'
as [].
destruct drf',
pc3';
simpl in *;
subst;
econstructor;
eauto.
apply drf_pc_glob_l1 in drf'
as [];
auto.
intro contra;
inversion contra.
eapply drf_pc_glob_cons;
eauto.
eapply star_step;
eauto.
constructor.
inversion drf';
auto.
inversion eq'
as (
_&?&
_&
_).
assert(
atom_bit pc2 =
O).
inversion extstep;
auto.
rewrite H12 in H11;
symmetry in H11;
simpl in H11.
eapply mem_eq_glob_tauN in eq'
as L2;
eauto.
destruct L2 as (?&?&?).
assert(
cur_tid pc2 =
t ).
assert(
cur_tid s' =
t).
inversion H6;
auto.
assert(
cur_tid pc1=
t).
revert star1 H15;
clear;
intros.
induction star1;
auto.
apply IHstar1.
rewrite <-
H15.
inversion H;
auto.
inversion extstep;
subst;
auto.
rewrite H15 in *;
clear H15.
eapply H in H13 as L;
eauto.
destruct L as (?&?&?&?&?&?&?&?).
simpl in *.
exists x1;
split.
{
apply type_glob_step_elim in ent1'.
eapply tau_N_S;
eauto.
apply type_glob_step_elim in ext1'.
assert(
cur_tid pc3' =
t).
assert(
cur_tid pc1' =
t).
inversion ent1';
auto.
assert(
cur_tid pc2' =
t).
revert star1'
H21;
clear;
intros.
induction star1';
auto.
eapply IHstar1'.
inversion H;
subst;
auto.
inversion ext1';
subst;
auto.
rewrite <-
H21 in H15.
rewrite pc_cur_tid in H15.
eapply tau_N_S in H15;
eauto.
assert(
S(
n-
x-1) =
n-
x).
Omega.omega.
rewrite H22 in H15.
assert(
n=
x+(
n-
x)).
Omega.omega.
rewrite H23.
rewrite<-
fpunion.
apply coretauN_globtauN in star1'.
rewrite FP.emp_union_fp in H15.
eapply tau_N_cons;
eauto.
}
split;
auto.
esplit;
split;
eauto.
split;
auto.
split;
auto.
eapply mem_eq_pc_trans;
eauto.
inversion H14 as (?&?&?&?).
congruence.
}
}
Qed.
Lemma globstep_conflict_corestep:
forall ge pc l fp pc'
fp'',
@
glob_step ge pc l fp pc'->
FP.conflict fp fp''->
type_glob_step core pc tau fp pc'.
Proof.
intros.
apply FP.emp_never_conflict in H0 as [].
inversion H;
subst;
try contradiction.
econstructor;
eauto. Qed.
Lemma drf_pc_l4:
forall ge pc,
@
drf_pc_glob ge pc->
forall l fp pc',
star glob_step pc l fp pc'->
race glob_predict_star_alter pc'->
False.
Proof.
Lemma predicted_abort1_star_abort:
forall ge pc,
predicted_abort1 ge pc ->
exists l fp pc',
star glob_step pc l fp pc'/\
abort pc'.
Proof.
Lemma swstar_globstar:
forall ge pc pc',
sw_star (@
glob_step ge)
pc pc'->
exists l fp,
star glob_step pc l fp pc'.
Proof.
induction 1;intros. Esimpl;auto. constructor.
Hsimpl. Esimpl;eauto. econstructor 2;eauto.
Qed.
Lemma drf_pc_non_evt_star_evt_step_inv:
forall ge pc fp pc'
pc''
v,
drf_pc_glob pc ->
non_evt_star glob_step pc fp pc'->
glob_step pc' (
evt v)
FP.emp pc'' ->
exists t,
pc_valid_tid pc t /\
exists fp1 pc1,
non_evt_thrd_globstar ge ({-|
pc,
t})
fp1 pc1 /\
cur_tid pc1 =
cur_tid pc' /\
exists pc2,
glob_step pc1 (
evt v)
FP.emp pc2 /\
exists fp2 pc3,
non_evt_star glob_step pc2 fp2 pc3 /\
mem_eq_pc ge pc''
pc3.
Proof.
Lemma non_evt_thrd_globstar_np_nonevt_star:
forall ge pc fp pc',
(
forall ix,
mod_wd (
GlobEnv.modules ge ix))->
non_evt_thrd_globstar ge pc fp pc'->
pc_valid_tid pc' (
cur_tid pc')->
ThreadPool.inv pc.(
thread_pool)->
GlobEnv.wd ge->
non_evt_star np_step pc fp pc'.
Proof.
Lemma final_state_step:
forall ge x pc l fp pc',
invpc ge pc' ->
@
type_glob_step ge x pc l fp pc'->
final_state pc'->
x =
glob_halt.
Proof.
inversion 3;
subst.
assert(
x=
glob_halt \/
x <>
glob_halt).
destruct x eqn:?;
auto;
right;
intro R;
inversion R.
destruct H2;
subst;
auto.
assert(~
ThreadPool.halted pc'.(
thread_pool)
pc'.(
cur_tid)).
clear H3.
destruct x;
subst;
inversion H0;
subst;
intro;
solv_thread;
solv_thread.
contradict H_not_halted.
econstructor;
eauto.
unfold CallStack.is_emp.
auto.
contradict H4;
apply H3.
destruct x;
subst;
try contradiction;
inversion H0;
subst;
auto;
eapply gettop_valid_tid;
auto;
solv_thread;
solv_thread.
Qed.
Lemma final_state_npnsw_or_sw_star:
forall ge pc fp pc',
invpc ge pc->
GlobEnv.wd ge->
npnsw_or_sw_star ge pc fp pc'->
final_state pc'->
pc =
pc' /\
fp =
FP.emp.
Proof.
Lemma final_state_atom:
forall ge pc l fp pc',
GlobEnv.wd ge ->@
invpc ge pc->
atom_bit pc =
O->
star glob_step pc l fp pc'->
@
final_state ge pc'->
atom_bit pc' =
O.
Proof.
Lemma non_evt_star_done_inv:
forall ge pc,
@
drf_pc_glob ge pc->
forall fp pc',
non_evt_star glob_step pc fp pc'->
final_state pc'->
final_state pc \/
(
exists pc1,
sw_star glob_step pc pc1 /\
exists i l fp1 pc2,
atomblockstarN ge i l pc1 fp1 pc2 /\
mem_eq_pc ge pc' ({-|
pc2,
cur_tid pc'})).
Proof.
Lemma Etr_p_np_done:
forall ge pc,
drf_pc_glob pc ->
Etr (@
glob_step ge)
abort final_state pc Behav_done->
Etr np_step np_abort final_state pc Behav_done \/
exists t,
Etr np_step np_abort final_state ({-|
pc,
t})
Behav_done /\
pc_valid_tid pc t .
Proof.
Lemma np_p_abort_equiv:
forall NL L p gm ge pc0 l fp pc,
@
init_config NL L p gm ge pc0 pc0.(
cur_tid) /\
star glob_step pc0 l fp pc ->
@
abort ge pc->
np_abort pc.
Proof.
Lemma npnsw_abort_preserve:
forall ge pc l fp pc',
@
drf_pc_glob ge pc ->
forall t,
t <>
cur_tid pc->
glob_npnsw_step ({-|
pc,
t})
l fp pc'->
abort ({-|
pc',
cur_tid pc})->
abort pc.
Proof.
Lemma drf_pc_glob_cons_npnsw:
forall ge pc l fp pc'
t,
@
drf_pc_glob ge pc ->
glob_npnsw_step ({-|
pc,
t})
l fp pc'->
drf_pc_glob ({-|
pc,
t}) /\
drf_pc_glob pc'.
Proof.
Lemma drf_pc_glob_cons_validid:
forall ge pc t,
@
drf_pc_glob ge pc->
pc_valid_tid pc t->
drf_pc_glob ({-|
pc,
t}).
Proof.
Lemma npnsw_step_taustar_ex:
forall ge pc l fp pc',
@
drf_pc_glob ge pc ->
forall t,
t<>
cur_tid pc->
glob_npnsw_step ({-|
pc,
t})
l fp pc'->
forall fp'
pc'',
tau_star glob_step ({-|
pc',
cur_tid pc})
fp'
pc''->
exists pc1 pc2,
tau_star glob_step pc fp'
pc1 /\
glob_npnsw_step (
changepc ge pc1 t O)
l fp pc2 /\
mem_eq_pc ge pc'' (
changepc ge pc2 (
cur_tid pc'') (
atom_bit pc'')).
Proof.
intros.
apply tau_star_tau_N_equiv in H2 as [].
revert pc l fp pc'
t fp'
pc''
H H0 H1 H2.
induction x using (
well_founded_induction lt_wf);
intros.
destruct x.
inversion H3;
clear H3;
subst.
Esimpl;
eauto.
constructor.
eapply npnswstep_changebitO in H2.
simpl in H2.
eauto.
unfold changepc;
simpl.
apply mem_eq_pc_refl.
apply drf_pc_glob_l1 in H0 as ?;
destruct H4 as [
inv1 wdge].
specialize (
drf_pc_glob_l2 _ _ H0)
as modwdge.
assert(
atom_bit pc' =
O).
inversion H0.
apply npnsw_step_O_preservation in H2;
auto.
inversion H3;
clear H3;
subst.
destruct (
atom_bit s')
eqn:?.
{
apply type_glob_step_exists in H6 as [].
apply npnswstep_l1 in H2;
Hsimpl.
eapply globstep_reorder_rule_alter in H3 as ?;
eauto.
destruct H6 as [|[]];
Hsimpl.
{
rewrite pc_cur_tid in H6.
destruct H0.
Hsimpl.
destruct H8;
Hsimpl.
contradict H6.
eapply H12;
eauto.
}
{
apply FP.emp_never_conflict in H8 as L;
destruct L.
destruct H5 as [|[]];
subst;
try(
inversion H2;
subst;
contradiction).
assert(
l=
tau).
inversion H2;
auto.
subst.
assert(
race glob_predict pc).
econstructor 1
with(
b1:=
O)(
b2:=
O);
eauto.
econstructor;
eauto.
inversion H0;
auto.
econstructor;
eauto.
inversion H0;
auto.
left;
intro L;
inversion L.
apply predict_race_to_star in H5.
apply predict_star_race_to_alter in H5.
eapply drf_pc_l4 in H5;
eauto.
contradiction.
constructor.
}
{
eapply mem_eq_glob_tauN in H10 ;
eauto.
Hsimpl.
rewrite pc_cur_tid in H8.
assert(
atom_bit x2 =
O).
inversion H0 as (?&
_).
assert(
atom_bit ({-|
pc',
cur_tid pc}) =
atom_bit s').
simpl;
congruence.
eapply type_glob_step_atomOpreserve in H8;
try apply H3;
eauto.
congruence.
apply npnswstep_l3 in H9;
auto.
assert(
T1:
drf_pc_glob x2).
eapply drf_pc_glob_cons;
eauto.
apply type_glob_step_elim in H8.
eapply star_step;
eauto.
constructor.
assert(
cur_tid pc =
cur_tid x2).
inversion H8;
auto.
assert(
cur_tid s' =
cur_tid pc).
inversion H3;
auto.
rewrite H14,
H13 in H10.
rewrite H13 in *.
eapply H in H9 as ?;
eauto.
Hsimpl.
Esimpl;
eauto.
econstructor;
eauto.
eapply type_glob_step_elim;
eauto.
eapply mem_eq_pc_trans;
eauto.
inversion H11 as (?&?&?&?);
congruence.
}
apply npnswstep_l3 in H2;
auto.
apply npnswstep_l2 in H2;
auto.
congruence.
intro R.
subst.
destruct H5 as [|[]];
subst;
inversion H2.
intro R;
inversion R.
}
{
apply type_glob_step_exists in H6 as [].
destruct x0;
try(
inversion H3;
subst;
simpl in *;
subst;
try inversion Heqb;
try inversion H4;
fail).
inversion H3;
subst;
simpl in *;
subst.
rewrite Heqb in H4;
inversion H4.
apply npnswstep_l2 in H2 as ?.
simpl in H5.
apply npnswstep_taustep in H2 as?;
subst.
apply npnswstep_l1 in H2;
Hsimpl.
assert(
fp0=
FP.emp).
inversion H3;
auto.
subst.
eapply atomblock_open_reorderstep1 in H2 as ?;
eauto;[|
intro R;
inversion R].
Hsimpl.
assert(
mem_eq_pc ge s' (
changepc ge x2 (
cur_tid s')
I)).
split;
auto.
split;
auto.
split;
auto.
simpl.
rewrite H11;
apply GMem.eq'
_refl.
eapply mem_eq_glob_tauN in H12 as ?;
eauto.
Hsimpl.
destruct x.
{
inversion H13;
subst.
Esimpl;
eauto.
econstructor 2.
eapply type_glob_step_elim in H8.
rewrite pc_cur_tid in H8;
eauto.
constructor.
eapply npnswstep_l3 in H9;
eauto.
eapply mem_eq_pc_change in H14;
erewrite pc_cur_tid in H14.
simpl in H14.
unfold changepc.
inversion H14 as (?&?&?&?).
simpl in *;
subst;
auto.
rewrite H16;
auto.
}
{
apply tauN_I_split in H13;
auto.
destruct H13.
{
apply tauN_taustar in H13.
eapply atomblock_open_reorder_corestar in H13 as ?;
try apply H9;
eauto.
Hsimpl.
assert(
mem_eq_pc ge x3 (
changepc ge x5 (
cur_tid x3)(
atom_bit x3))).
split;
auto.
Esimpl;
auto.
simpl.
apply GMem.eq'
_sym;
auto.
apply npnswstep_l3 in H16;
auto.
apply core_tau_star_tau_star in H15.
assert((
changepc ge x1 (
cur_tid s')
I) =
x1).
inversion H8;
subst.
unfold changepc;
simpl.
inversion H3;
subst.
simpl.
auto.
rewrite H20 in H15.
apply type_glob_step_elim in H8.
rewrite pc_cur_tid in H8.
eapply tau_star_cons in H15;
eauto.
Esimpl;
eauto.
eapply mem_eq_pc_trans;
eauto.
inversion H14 as (?&?&?&?).
congruence.
apply npnswstep_l3 in H9;
auto.
apply npnswstep_l2 in H9.
auto.
intro R;
inversion R.
inversion H3;
auto.
apply NNPP.
intro.
apply smile_conflict in H15.
apply FP.conflict_sym in H15.
eapply taustar_fpconflict_split in H13;
eauto.
Hsimpl.
eapply atomblock_open_reorder_corestar in H13 as ?;
try apply H9;
eauto.
Hsimpl.
apply corestar_tid_bit_preserve in H13 as T2.
destruct T2;
simpl in *.
assert(
mem_eq_pc ge x6 (
changepc ge x9 (
cur_tid s')
I)).
split;
auto.
Esimpl;
auto.
simpl.
apply GMem.eq'
_sym;
auto.
eapply mem_eq_corestep in H27 ;
eauto;
Hsimpl.
apply FP.emp_never_conflict in H18 as ?.
destruct H29.
destruct x0;
try(
inversion H22;
subst;
contradiction).
assert(
type_glob_step core (
changepc ge x8 t I)
tau fp (
changepc ge x9 t I)).
inversion H22;
subst;
econstructor;
eauto.
rewrite <-
pc_cur_tid with(
pc:=(
changepc ge x8 t I))
in H31.
assert(
changepc ge x9 (
cur_tid s')
I = ({-|
changepc ge x9 t I,
cur_tid s'})).
auto.
rewrite H32 in H27.
eapply corestep_conflict in H18 as ?;
eauto.
destruct H33 as [|].
{
simpl in H33.
assert(
x8 = ({
thread_pool x8,
cur_tid s',
gm x8,
I})).
apply corestar_tid_bit_preserve in H21 as [].
simpl in *.
destruct x8;
simpl in *;
subst;
congruence.
rewrite <-
H34 in H33;
clear H34.
assert(
cur_tid s' =
cur_tid pc).
inversion H3;
auto.
assert((
changepc ge x1 (
cur_tid s')
I) =
x1).
rewrite H34.
inversion H8;
subst.
auto.
rewrite H35 in H21.
rewrite pc_cur_tid in H8.
apply type_glob_step_elim in H8 as ?.
apply corestar_globstar in H21.
apply tau_star_to_star in H21 as [].
eapply star_step in H36;
eauto.
unfold drf_pc_glob,
drf_pc in H0;
Hsimpl.
eapply cons_star_star in H36;
eauto.
eapply H41 in H36;
eauto.
}
Hsimpl.
apply corestar_tid_bit_preserve in H21 as ?.
destruct H35.
simpl in H35,
H36,
H33.
assert(
x8 = ({
thread_pool x8,
cur_tid s',
gm x8,
I})).
destruct x8;
simpl in *;
subst;
auto.
rewrite <-
H37 in H33.
assert(
changepc ge x1 (
cur_tid s')
I =
x1).
assert(
cur_tid s' =
cur_tid pc).
inversion H3;
auto.
rewrite H38 in *.
destruct x1;
unfold changepc;
simpl;
f_equal.
inversion H8;
auto.
inversion H8;
auto.
rewrite H38 in *.
apply tau_plus_1 in H33.
apply tau_plus2star in H33.
eapply tau_star_star in H33;
eauto.
assert(
FP.conflict fp (
FP.union x4 x0)).
eapply conflict_union_ano in H34;
eauto.
rewrite FP.union_comm_eq;
eauto.
assert(
race glob_predict pc).
econstructor 1;
try apply H39.
eauto.
econstructor 1;
eauto.
inversion H0;
auto.
econstructor 2;
eauto.
left;
intro T;
inversion T.
apply predict_race_to_star in H40;
apply predict_star_race_to_alter in H40.
eapply drf_pc_l4;
eauto.
constructor.
simpl.
inversion H3;
auto.
simpl.
apply type_glob_step_elim in H8.
apply GE_mod_wd_tp_inv in H8;
auto.
apply core_tau_star_tau_star in H21.
apply tau_star_to_star in H21 as [].
eapply GE_mod_wd_star_tp_inv2 in H21;
eauto.
apply npnswstep_l3 in H9;
auto.
apply npnswstep_l2 in H9;
auto.
intro R;
inversion R.
inversion H3;
subst.
intro.
simpl in *;
subst.
contradiction.
apply type_glob_step_elim in H8.
apply GE_mod_wd_tp_inv in H8;
auto.
apply type_glob_step_elim in H8.
apply GE_mod_wd_tp_inv in H8;
auto.
}
{
Hsimpl.
assert(
FP.smile fp x6 \/ ~
FP.smile fp x6).
apply classic.
destruct H19.
{
eapply atomblock_open_reorder_core_tauN in H13 as ?;
eauto.
Hsimpl.
assert(
mem_eq_pc ge x4 (
changepc ge x11 (
cur_tid pc)
I)).
split;
auto.
split;
auto.
inversion H15;
auto.
split;
auto.
simpl.
apply tauN_taustar in H13.
apply corestar_tid_bit_preserve in H13 as [].
simpl in *.
inversion H3;
subst.
simpl in *;
subst.
congruence.
simpl.
apply GMem.eq'
_sym;
auto.
eapply mem_eq_globstep in H24 as ?;
eauto.
Hsimpl.
eapply atomblock_open_reorderstep2 in H25 as ?;
eauto.
Hsimpl.
assert(
mem_eq_pc ge x12 ({-|
x14, (
cur_tid pc)})).
split;
auto.
split;
auto.
simpl.
apply npnswstep_l3 in H28;
auto.
apply npnswstep_l2 in H28.
rewrite <-
H28;
simpl.
inversion H25;
auto.
split;
auto.
inversion H25;
auto.
rewrite <-
H30.
simpl.
apply GMem.eq'
_refl.
apply mem_eq_pc_trans with(
p1:=
x7)
in H31 as ?;
auto.
eapply mem_eq_glob_tauN in H32 as ?;
eauto.
Hsimpl.
apply npnswstep_l3 in H28 as ?;
auto.
assert(
cur_tid x13 =
cur_tid pc).
inversion H27;
auto.
assert(
atom_bit x13 =
O).
inversion H27;
auto.
assert(
changepc ge x13 t O = ({-|
x13,
t})).
unfold changepc.
f_equal.
auto.
rewrite H38 in *.
rewrite <-
H36 in H33.
eapply H in H33 as ?;
eauto.
Hsimpl.
Esimpl;
eauto.
assert(
changepc ge x1 (
cur_tid s')
I =
x1).
unfold changepc.
inversion H3;
subst;
simpl in *;
subst.
inversion H8;
subst;
simpl in *;
subst.
auto.
rewrite H42 in *.
apply tauN_taustar in H20.
apply corestar_tid_bit_preserve in H20 as R;
destruct R.
assert(
changepc ge x10 (
cur_tid pc)
I =
x10).
destruct x1;
simpl in *;
subst.
inversion H42;
subst.
destruct x10;
simpl in *;
subst;
auto.
unfold changepc.
simpl.
f_equal.
inversion H3;
auto.
rewrite H45 in *.
apply type_glob_step_elim in H8.
apply core_tau_star_tau_star in H20 as H20.
eapply tau_star_cons in H8;
eauto.
rewrite pc_cur_tid in H8.
eapply type_glob_step_elim in H27.
eapply tau_star_cons in H39;
try apply H27;
eauto.
eapply tau_star_star in H39;
eauto.
repeat rewrite FP.emp_union_fp in H39.
rewrite FP.emp_union_fp.
congruence.
eapply mem_eq_pc_trans;
eauto.
eapply mem_eq_pc_trans;
eauto.
eapply mem_eq_pc_trans with(
p1:=
pc'')
in H34;
eauto.
inversion H34 as (?&?&?&?).
congruence.
Omega.omega.
assert(
changepc ge x1 (
cur_tid s')
I =
x1).
unfold changepc.
inversion H3;
subst;
simpl in *;
subst.
inversion H8;
subst;
simpl in *;
subst.
auto.
rewrite H39 in *.
apply tauN_taustar in H20.
apply corestar_tid_bit_preserve in H20 as R;
destruct R.
assert(
changepc ge x10 (
cur_tid pc)
I =
x10).
destruct x1;
simpl in *;
subst.
inversion H39;
subst.
destruct x10;
simpl in *;
subst;
auto.
unfold changepc.
simpl.
f_equal.
inversion H3;
auto.
rewrite H42 in *.
apply type_glob_step_elim in H8.
apply core_tau_star_tau_star in H20 as H20.
eapply tau_star_cons in H8;
eauto.
rewrite pc_cur_tid in H8.
eapply type_glob_step_elim in H27.
apply tau_star_to_star in H8 as [].
eapply star_cons_step in H27 as [];
eauto.
eapply drf_pc_glob_cons;
eauto.
rewrite H36;
auto.
apply npnswstep_l3 in H21;
auto.
apply npnswstep_l2 in H21;
auto.
intro R;
inversion R.
apply npnswstep_l3 in H9;
auto.
apply npnswstep_l2 in H9;
auto.
intro R;
inversion R.
inversion H3;
subst;
auto.
apply type_glob_step_elim in H8;
eapply GE_mod_wd_tp_inv in H8;
eauto.
}
{
apply smile_conflict in H19.
clear H15 H16 H17 H18 x3 H14 x8 x9.
apply tauN_taustar in H13.
apply FP.emp_never_conflict in H19 as ?.
destruct H14 as [?
_].
destruct x0;
try(
inversion H9;
subst;
contradiction).
apply FP.conflict_sym in H19.
eapply taustar_fpconflict_split in H19;
eauto.
clear x4 H13.
Hsimpl.
eapply atomblock_open_reorder_corestar in H13 as ?;
eauto.
Hsimpl.
assert(
changepc ge x1 (
cur_tid s')
I =
x1).
inversion H8;
subst.
unfold changepc.
f_equal.
inversion H3;
auto.
rewrite H24 in *.
assert(
mem_eq_pc ge x4 (
changepc ge x10 (
cur_tid s')
I)).
split;
auto.
apply corestar_tid_bit_preserve in H13 as[];
subst.
split;
auto.
split;
auto.
apply GMem.eq'
_sym;
auto.
eapply mem_eq_globstep in H25 as ?;
eauto.
Hsimpl.
assert(
type_glob_step core (
changepc ge x9 t I)
tau fp (
changepc ge x10 t I)).
inversion H21;
subst;
econstructor;
eauto.
assert(
changepc ge x10 (
cur_tid s')
I = ({-|
changepc ge x10 t I,
cur_tid s'})).
auto.
rewrite H29 in H26;
clear H29.
rewrite <-
pc_cur_tid with(
pc:=(
changepc ge x9 t I))
in H28.
eapply corestep_conflict in H26 as ?;
eauto;
simpl;
auto.
destruct H29.
{
simpl in *.
assert(
cur_tid s' =
cur_tid pc).
inversion H3;
auto.
rewrite H30 in *.
assert(
cur_tid x1 =
cur_tid pc).
destruct x1;
simpl in H24.
inversion H24;
auto.
apply corestar_tid_bit_preserve in H20 as ?.
Hsimpl.
rewrite <-
H31,
H32 in H29.
assert(
atom_bit x1 =
I).
inversion H24;
auto.
rewrite <-
H34,
H33 in H29.
rewrite pc_cur_tid in H29.
rewrite pc_cur_tid in H8.
apply type_glob_step_elim in H8 as ?.
apply corestar_globstar in H20 as ?.
eapply tau_star_to_star in H36 as [].
eapply star_step in H35;
eauto.
unfold drf_pc_glob,
drf_pc in H0;
Hsimpl.
contradict H29;
eapply cons_star_star in H35;
eauto.
}
Hsimpl.
simpl in H29.
assert(
cur_tid s' =
cur_tid pc).
inversion H3;
auto.
apply corestar_tid_bit_preserve in H20 as ?.
rewrite <-
H24 in H32.
simpl in H32.
assert(({
thread_pool x9,
cur_tid s',
gm x9,
I}) =
x9).
destruct x9,
H32;
simpl in *;
subst;
auto.
f_equal;
try congruence.
rewrite H33 in *.
apply tau_plus_1 in H29.
apply tau_plus2star in H29.
eapply tau_star_star in H29;
eauto.
assert(
race glob_predict pc).
econstructor.
eauto.
econstructor.
eauto.
inversion H0;
auto.
econstructor 2.
eauto.
eapply H29.
left.
intro R;
inversion R.
rewrite FP.union_comm_eq.
eapply conflict_union_ano;
auto.
apply predict_race_to_star in H34.
apply predict_star_race_to_alter in H34.
eapply drf_pc_l4 in H34;
eauto.
contradiction.
constructor.
inversion H3;
auto.
apply type_glob_step_elim in H8.
apply GE_mod_wd_tp_inv in H8;
auto.
apply core_tau_star_star in H20 as [].
apply GE_mod_wd_star_tp_inv2 in H20;
auto.
inversion H9;
auto.
intro R;
inversion R.
inversion H3;
auto.
apply type_glob_step_elim in H8.
apply GE_mod_wd_tp_inv in H8;
auto.
}
}
}
}
Qed.
Lemma tau_N_OI:
forall i ge pc fp pc',
tau_N (@
glob_step ge)
i pc fp pc'->
atom_bit pc =
O->
atom_bit pc' =
I->
exists j fp1 pc1,
tau_N glob_step j pc fp1 pc1 /\
j<
i /\
exists pc2,
type_glob_step entat pc1 tau FP.emp pc2 /\
exists k fp2,
tau_N (
type_glob_step core)
k pc2 fp2 pc'/\
FP.union fp1 fp2 =
fp /\
j+
k+1=
i.
Proof.
induction i;
intros.
inversion H;
subst.
rewrite H0 in H1;
inversion H1.
assert(
S i =
i + 1).
Omega.omega.
rewrite H2 in H.
clear H2.
apply tau_N_split in H.
Hsimpl.
inversion H2;
subst;
clear H2.
inversion H6;
subst;
clear H6.
destruct (
atom_bit x)
eqn:?.
apply type_glob_step_exists in H5 as [].
destruct x1;
try(
inversion H2;
subst;
simpl in *;
subst;
inversion Heqb;
inversion H1;
fail).
assert(
fp0=
FP.emp).
inversion H2;
auto.
subst.
Esimpl;
eauto.
rewrite FP.emp_union_fp.
constructor.
Omega.omega.
eapply IHi in H;
eauto.
Hsimpl.
apply type_glob_step_exists in H5 as [].
destruct x7;
try(
inversion H5;
subst;
simpl in *;
subst;
inversion Heqb;
inversion H1;
fail).
pose proof @
tau_N_O _ (
type_glob_step core)
pc'.
eapply tau_N_S in H5;
eauto.
eapply tau_N_cons in H5;
eauto.
Esimpl;
eauto.
rewrite FP.fp_union_emp.
rewrite <-
H6,
FP.fp_union_assoc.
auto.
rewrite <-
H7.
Omega.omega.
Qed.
Lemma npnsw_or_sw_stepN_validid:
forall ge i l pc fp pc',
invpc ge pc->
GlobEnv.wd ge->
@
npnsw_or_sw_stepN ge i l pc fp pc'->
(
pc =
pc' \/
pc_valid_tid pc pc'.(
cur_tid )).
Proof.
Lemma mem_eq_abort:
forall ge pc pc',
(
forall ix,
mod_wd (
GlobEnv.modules ge ix))->
mem_eq_pc ge pc pc'->
abort pc'->
abort pc.
Proof.
Lemma npnswstep_halfatomblock_abort:
forall ge pc l fp pc'
t fp'
pc'',
drf_pc_glob pc->
glob_npnsw_step pc l fp pc'->
t <>
cur_tid pc ->
halfatomblockstep ge ({-|
pc',
t})
tau fp'
pc''->
abort pc''->
exists pc1,
halfatomblockstep ge({-|
pc,
t})
tau fp'
pc1/\
abort pc1.
Proof.
Lemma drf_pc_glob_l3:
forall ge pc,
drf_pc_glob pc->
exists NL L p gm pc0 t l fp,
@
init_config NL L p gm ge pc0 t /\
drfpc pc0 /\
star glob_step pc0 l fp pc.
Proof.
Lemma init_star_abort_validid:
forall NL L p gm ge pc t l fp pc',
@
init_config NL L p gm ge pc t ->
star glob_step pc l fp pc'->
abort pc'->
cur_valid_id ge pc'.
Proof.
Lemma drf_pc_glob_weak_abort_validid:
forall ge pc,
@
drf_pc_glob_weak ge pc ->
abort pc ->
ThreadPool.valid_tid pc.(
thread_pool)
pc.(
cur_tid).
Proof.
Lemma corestar_globstar:
forall ge pc fp pc',
tau_star (@
type_glob_step ge core)
pc fp pc'->
tau_star glob_step pc fp pc'.
Proof.
Lemma corestar_npstar:
forall ge pc fp pc',
tau_star (@
type_glob_step ge core)
pc fp pc'->
non_evt_star np_step pc fp pc'.
Proof.
Lemma abort_eq:
forall ge pc,
@
abort ge pc ->
ThreadPool.valid_tid pc.(
thread_pool)
pc.(
cur_tid) ->
np_abort pc.
Proof.
Lemma Etr_p_np_abort:
forall ge pc,
@
drf_pc_glob ge pc->
Etr glob_step abort final_state pc Behav_abort->
Etr np_step np_abort final_state pc Behav_abort \/
exists t,
Etr np_step np_abort final_state ({-|
pc,
t})
Behav_abort /\
pc_valid_tid pc t .
Proof.
Lemma silent_diverge_cons_glob_non_evt_star:
forall ge pc fp pc',
non_evt_star (@
glob_step ge)
pc fp pc'->
silent_diverge glob_step pc'->
silent_diverge glob_step pc.
Proof.
induction 1;
intros.
auto.
apply IHnon_evt_star in H1.
destruct H.
econstructor.
constructor.
eauto.
eauto.
inversion H1;
subst.
assert(
fp1=
FP.emp).
inversion H;
auto.
subst.
eapply sw_star_cons in H2;
eauto.
econstructor;
eauto.
econstructor;
eauto.
constructor.
Qed.
Section silent_diverge.
Variable GE:
GlobEnv.t.
Hypothesis wdge:
GlobEnv.wd GE.
Hypothesis modwdge:
forall ix,
mod_wd (
GlobEnv.modules GE ix).
Local Arguments cur_valid_id [
GE].
Local Arguments changepc [
GE].
Local Arguments mem_eq_pc [
GE].
Local Arguments ProgConfig [
GE].
Local Arguments noevt_stepN [
GE].
Local Arguments Sdiverge [
GE].
Local Arguments Pdiverge [
GE].
Definition psilent_diverge :=
silent_diverge (@
glob_step GE).
Definition npsilent_diverge :=
silent_diverge (@
np_step GE).
Lemma noevt_stepN_cons:
forall i pc fp pc'
j fp'
pc'',
noevt_stepN (@
glob_step GE)
i pc fp pc'->
noevt_stepN glob_step j pc'
fp'
pc''->
noevt_stepN glob_step (
i+
j)
pc (
FP.union fp fp')
pc''.
Proof.
Lemma psilent_diverge_inv:
forall pc,
psilent_diverge pc->
exists i fp pc',
noevt_stepN glob_step (
S i)
pc fp pc' /\
psilent_diverge pc'.
Proof.
Lemma psilent_diverge_O_inv1:
forall pc,
psilent_diverge pc->
(
exists i fp pc',
atom_bit pc' =
O /\
noevt_stepN glob_step (
S i)
pc fp pc' /\
psilent_diverge pc' )
\/
(~ (
exists i fp pc',
atom_bit pc' =
O /\
noevt_stepN glob_step (
S i)
pc fp pc' /\
psilent_diverge pc')).
Proof.
Definition I_psilent_diverge :=
fun pc =>
@
atom_bit GE pc =
I /\
psilent_diverge pc /\
~ (
exists i fp pc',
atom_bit pc' =
O /\
noevt_stepN glob_step (
S i)
pc fp pc' /\
psilent_diverge pc').
Lemma psilent_diverge_foreverI_inv1:
forall pc,
atom_bit pc =
O->
psilent_diverge pc ->
(~ (
exists i fp pc',
atom_bit pc' =
O /\
noevt_stepN glob_step (
S i)
pc fp pc' /\
psilent_diverge pc')) ->
exists pc1 fp pc2,
sw_star glob_step pc pc1 /\
glob_step pc1 tau fp pc2 /\
I_psilent_diverge pc2.
Proof.
Lemma I_psilent_diverge_inv:
forall pc,
I_psilent_diverge pc ->
exists fp pc',
type_np_step core pc tau fp pc'/\
I_psilent_diverge pc'.
Proof.
CoInductive core_Idiverge:@
ProgConfig GE->
Prop:=
cons_core_Idiv:
forall pc fp pc',
atom_bit pc =
I->
type_np_step core pc tau fp pc'->
core_Idiverge pc'->
core_Idiverge pc.
Lemma core_Idiverge_I_psilent_diverge_exists:
forall pc,
I_psilent_diverge pc->
core_Idiverge pc.
Proof.
cofix.
intros.
apply I_psilent_diverge_inv in H as ?;
Hsimpl.
econstructor;
eauto.
inversion H;
subst;
auto.
Qed.
Lemma sw_step_I_psilent_diverge:
forall pc pc',
glob_step pc sw FP.emp pc'->
core_Idiverge pc'->
core_Idiverge ({-|
pc,
cur_tid pc'}).
Proof.
intros;inversion H;subst;auto. Qed.
Lemma core_Idiverge_npsilent_diverge:
forall pc,
core_Idiverge pc ->
npsilent_diverge pc.
Proof.
cofix.
inversion 1;
subst.
apply type_step_elim in H1.
econstructor;
eauto.
constructor.
apply core_Idiverge_npsilent_diverge in H2.
auto.
Qed.
Definition O_psilent_diverge:=
fun pc =>
atom_bit pc =
O /\
psilent_diverge pc /\
~ (
exists i fp pc',
noevt_stepN glob_step (
S i)
pc fp pc' /\
I_psilent_diverge pc').
Lemma psilent_diverge_inv2:
forall pc,
atom_bit pc =
O ->
psilent_diverge pc ->
O_psilent_diverge pc \/ (
exists i fp pc',
noevt_stepN glob_step (
S i)
pc fp pc' /\
I_psilent_diverge pc').
Proof.
Ltac unfolds :=
unfold O_psilent_diverge,
I_psilent_diverge,
psilent_diverge,
npsilent_diverge in *.
Lemma O_psilent_diverge_inv:
forall pc,
O_psilent_diverge pc ->
exists i fp pc',
noevt_stepN glob_step (
S i)
pc fp pc'/\
O_psilent_diverge pc'.
Proof.
Lemma O_globtaustep:
forall pc fp pc',
glob_step pc tau fp pc'->
atom_bit pc =
atom_bit pc' ->
glob_npnsw_step pc tau fp pc' \/
haltstep GE pc tau fp pc'.
Proof.
intros.
apply type_glob_step_exists in H as [].
destruct x;
try(
inversion H;
subst;
inversion H0;
fail).
left;
left;
auto.
left;
right;
auto.
left;
right;
auto.
right;
auto.
Qed.
Lemma atomblockstep_noevtstar:
forall pc fp pc',
atomblockstep GE pc tau fp pc'->
non_evt_star glob_step pc fp pc'.
Proof.
Lemma O_psilent_diverge_inv':
forall pc,
ThreadPool.inv pc.(
thread_pool)->
O_psilent_diverge pc ->
exists pc'
fp pc'',
sw_star glob_step pc pc'/\
(
glob_npnsw_step pc'
tau fp pc'' \/
haltstep GE pc'
tau fp pc'' \/
atomblockstep GE pc'
tau fp pc'') /\
O_psilent_diverge pc'' /\
ThreadPool.inv pc''.(
thread_pool).
Proof.
CoInductive Odiverge:@
ProgConfig GE->
Prop:=
|
cons_Otau:
forall pc fp pc'
pc'',
ThreadPool.inv pc.(
thread_pool)->
glob_step pc sw FP.emp pc'->
glob_npnsw_step pc'
tau fp pc'' ->
Odiverge pc''->
Odiverge pc
|
cons_block:
forall pc fp pc'
pc'',
ThreadPool.inv pc.(
thread_pool)->
glob_step pc sw FP.emp pc'->
atomblockstarN GE 1 (
cons (
cur_tid pc')
nil)
pc'
fp pc''->
Odiverge pc''->
Odiverge pc.
Lemma Odiverge_O:
forall pc,
Odiverge pc ->
atom_bit pc =
O /\
ThreadPool.inv pc.(
thread_pool).
Proof.
split;inversion H;subst;auto;inversion H1;auto. Qed.
Lemma non_evt_star_cons_Odiverge:
forall pc fp pc',
non_evt_star glob_step pc fp pc'->
atom_bit pc =
O ->
ThreadPool.inv pc.(
thread_pool)->
Odiverge pc'->
Odiverge pc.
Proof.
intros pc fp pc'
H.
apply noevt_stepN_exists in H as [].
revert pc fp pc'
H.
induction x using(
well_founded_induction lt_wf);
intros.
destruct x.
{
apply noevt_stepN_0 in H0 as [];
subst.
inversion H3;
subst.
apply swstar_l1 in H4.
rewrite H4 in H5.
econstructor;
eauto.
inversion H5;
subst.
destruct pc.
simpl in *;
subst;
econstructor;
eauto.
apply swstar_l1 in H4.
rewrite H4 in H5.
econstructor 2;
eauto.
inversion H5;
subst.
destruct pc;
simpl in *;
subst.
econstructor;
eauto.
}
{
edestruct Odiverge_O;
eauto.
apply noevt_stepN_Si_inv2 in H0;
auto.
Hsimpl.
destruct H6;
Hsimpl.
{
apply swstar_l1 in H0 as ?.
rewrite H11 in H7;
simpl in H7.
rewrite H1 in H7.
apply GE_mod_wd_tp_inv in H6 as ?;
auto;[|
rewrite H11;
auto].
eapply H in H8;
eauto;[|
Omega.omega].
assert(
invpc GE x0).
rewrite H11;
auto.
apply O_globtaustep in H6.
destruct H6.
econstructor;
eauto.
apply npnsw_step_cur_valid_id in H6;
auto.
rewrite H11 in H6;
destruct pc,
H6;
simpl in *;
subst.
rewrite H11.
econstructor;
eauto.
assert(
glob_step pc sw FP.emp x0).
rewrite H11 in *.
apply type_glob_step_cur_valid_id in H6;
auto;
try congruence.
destruct pc,
H6;
simpl in *;
subst;
econstructor;
eauto.
econstructor 2.
auto.
eauto.
econstructor.
constructor.
right;
eauto.
constructor.
constructor.
inversion H6;
auto.
auto.
rewrite H11.
simpl.
congruence.
}
{
apply swstar_l1 in H0 as ?.
assert(
glob_step pc sw FP.emp x0).
unfold atomblockstep,
atomblockN in H6.
Hsimpl.
apply type_glob_step_cur_valid_id in H12;
auto;
try congruence.
rewrite H11 in H12;
destruct pc,
H12;
simpl in *;
subst.
rewrite H11.
econstructor;
eauto.
rewrite H11;
auto.
assert(
atom_bit x2 =
O).
unfold atomblockstep,
atomblockN in H6;
Hsimpl.
inversion H15;
subst;
auto.
apply atomblockstep_invpc_preserve in H6 as ?;
auto;[|
rewrite H11;
auto].
eapply H in H8;
eauto;[|
Omega.omega].
econstructor 2;
try apply H8;
eauto.
econstructor 2;
eauto.
constructor.
constructor.
constructor.
auto.
}
}
Qed.
Lemma O_psilent_diverge_Odiverge:
forall pc,
ThreadPool.inv pc.(
thread_pool)->
O_psilent_diverge pc->
Odiverge pc.
Proof.
Definition neverIdiverge (
pc:@
ProgConfig GE):
Prop:=
Odiverge pc /\
~ (
exists fp pc'
fp'
pc'',
non_evt_star glob_step pc fp pc' /\
atomblockstarN GE 1 (
cons(
cur_tid pc')
nil)
pc'
fp'
pc'' /\
Odiverge pc'').
Definition will_neverIdiverge (
pc:@
ProgConfig GE):
Prop:=
Odiverge pc /\
exists fp pc',
non_evt_star glob_step pc fp pc' /\
neverIdiverge pc'.
CoInductive npnswdiverge:@
ProgConfig GE->
Prop:=
|
cons_npnsw_div:
forall pc fp pc'
pc'',
ThreadPool.inv pc.(
thread_pool)->
glob_step pc sw FP.emp pc'->
glob_npnsw_step pc'
tau fp pc'' ->
npnswdiverge pc''->
npnswdiverge pc.
Lemma Odiverge_neverIdiverge_npnswdiverge:
forall pc,
neverIdiverge pc ->
npnswdiverge pc.
Proof.
cofix.
intros.
destruct H.
inversion H;
subst.
econstructor;
eauto.
apply Odiverge_neverIdiverge_npnswdiverge.
split;
auto.
intro;
contradict H0.
Hsimpl.
apply npnswstep_l1 in H3 as [?[]].
apply type_glob_step_elim in H3.
eapply ETrace.ne_star_step in H0;
eauto.
eapply ETrace.ne_star_step in H0;
eauto.
Esimpl;
eauto.
contradict H0.
Esimpl;
eauto.
econstructor 2.
eauto.
constructor.
Qed.
Lemma npnsw_taustar_non_evt_star:
forall pc fp pc',
tau_star glob_npnsw_step pc fp pc'->
non_evt_star (@
glob_step GE)
pc fp pc'.
Proof.
Lemma atomblockstarN_non_evt_star:
forall i l pc fp pc',
atomblockstarN GE i l pc fp pc'->
non_evt_star glob_step pc fp pc'.
Proof.
Lemma Odiverge_not_will_neverIdiverge_inv:
forall pc,
Odiverge pc ->
~
will_neverIdiverge pc ->
exists fp pc'
fp'
pc'',
npnsw_or_sw_star GE pc fp pc' /\
atomblockstarN GE 1 (
cons (
cur_tid pc')
nil)
pc'
fp'
pc'' /\
Odiverge pc'' /\
~
will_neverIdiverge pc''.
Proof.
CoInductive blockdiverge:@
ProgConfig GE->
Prop:=
cons_npnsw_or_sw_star_block:
forall pc fp pc'
fp'
pc'',
atom_bit pc =
O ->
ThreadPool.inv pc.(
thread_pool)->
npnsw_or_sw_star GE pc fp pc'->
atomblockstarN GE 1 (
cons (
cur_tid pc')
nil)
pc'
fp'
pc'' ->
blockdiverge pc''->
blockdiverge pc.
Lemma Odiverge_not_will_neverIdiverge_atomblockdiverge:
forall pc,
Odiverge pc ->
~
will_neverIdiverge pc ->
blockdiverge pc.
Proof.
Lemma psilent_diverge_case:
forall pc,
atom_bit pc =
O ->
ThreadPool.inv pc.(
thread_pool)->
psilent_diverge pc ->
(
exists i fp pc',
noevt_stepN glob_step (
S i)
pc fp pc' /\
core_Idiverge pc') \/
(
exists fp pc',
non_evt_star glob_step pc fp pc' /\
npnswdiverge pc')\/
blockdiverge pc.
Proof.
End silent_diverge.
Section diverge_proof.
Lemma noevt_stepN_Si_Iinv_drfsafe:
forall ge pc i fp pc',
@
drf_pc_glob ge pc ->
noevt_stepN ge glob_step (
S i)
pc fp pc'->
atom_bit pc' =
I->
exists i l fp1 fp2 pc0 pc1 pc2 pc3 t pc4 fp3,
sw_star glob_step pc pc0 /\
atomblockstarN ge i l pc0 fp1 pc1 /\
npnsw_or_sw_star ge pc1 fp2 pc2 /\
type_glob_step entat ({-|
pc2,
t})
tau FP.emp pc3 /\
tau_star (
type_glob_step core)
pc3 fp3 pc4 /\
mem_eq_pc ge pc'
pc4.
Proof.
intros.
apply drf_pc_glob_l1 in H as ?.
destruct H2 as [
v1 wdge].
specialize (
drf_pc_glob_l2 _ _ H)
as modwdge.
inversion H as [
O1 _].
eapply noevt_stepN_OI in H0;
eauto.
Hsimpl.
destruct x.
{
apply noevt_stepN_0 in H0 as [];
subst.
apply swstar_l1 in H6.
apply tauN_taustar in H3.
exists 0,
nil,
FP.emp,
FP.emp,
pc,
pc,
pc,
x2,(
cur_tid x1),
pc',
x4.
rewrite<-
H6.
Esimpl;
eauto;
try (
constructor;
auto;
fail).
econstructor;
constructor.
apply mem_eq_pc_refl.
}
{
assert(
L1:
invpc ge x1).
apply noevt_stepN_sound in H0.
apply non_evt_star_star in H0 as [].
eapply GE_mod_wd_star_tp_inv2 in H0;
eauto.
assert(
atom_bit x1 =
O).
inversion H2;
auto.
apply noevt_stepN_Si_to_atomblockstarN in H0;
auto;[|
Omega.omega].
Hsimpl.
destruct H7 as [|[|[]]].
{
revert v1 wdge modwdge H H0 H7.
clear.
intros.
unfold drf_pc_glob,
drf_pc in H.
Hsimpl.
apply atomblockstarN_star in H2 as ?.
Hsimpl.
apply swstar_globstar in H0;
Hsimpl.
eapply cons_star_star in H8;
eauto.
eapply cons_star_star in H8;
eauto.
apply predicted_abort1_star_abort in H3;
Hsimpl.
eapply cons_star_star in H3;
eauto.
eapply H7 in H3;
eauto.
contradiction.
}
{
unfold drf_pc_glob,
drf_pc in H.
Hsimpl.
unfold drfpc in H8.
contradict H8.
rewrite (
swstar_l1 _ _ _ H0)
in H7.
eapply race_changetid with(
t:=
cur_tid pc)
in H7;
simpl in H7;
rewrite pc_cur_tid in H7.
apply globrace_equiv in H7;
auto.
pose proof predict_equiv.
eapply predict_equiv_to_star_race_equiv in H7;
eauto.
apply star_race_equiv in H7.
unfold star_race_config in H7.
Hsimpl.
eapply cons_star_star in H7;
try apply H9.
unfold star_race_config;
Esimpl;
eauto.
}
{
unfold drf_pc_glob,
drf_pc,
drfpc in H;
Hsimpl.
contradict H8.
apply globrace_equiv in H9;
auto.
pose proof predict_equiv.
eapply predict_equiv_to_star_race_equiv in H9;
eauto.
apply star_race_equiv in H9.
unfold star_race_config in H9.
Hsimpl.
apply atomblockstarN_star in H7 as [].
apply swstar_globstar in H0;
Hsimpl.
do 3 (
eapply cons_star_star in H9;
eauto).
unfold star_race_config.
Esimpl;
eauto.
apply atomblockstarN_invpc_preservation in H7;
auto.
rewrite (
swstar_l1 _ _ _ H0);
auto.
}
{
Hsimpl.
apply type_glob_step_cur_valid_id in H2 as ?;
try congruence.
eapply mem_eq_globstep in H9 as ?;
eauto.
Hsimpl.
eapply mem_eq_coreN in H13 ;
eauto;
Hsimpl.
apply tauN_taustar in H13.
Esimpl;
eauto.
}
}
Qed.
Lemma noevt_stepN_Si_Oinv_drfsafe:
forall ge pc i fp pc',
@
drf_pc_glob ge pc ->
noevt_stepN ge glob_step (
S i)
pc fp pc'->
atom_bit pc' =
O->
exists i l fp1 fp2 pc0 pc1 pc2,
sw_star glob_step pc pc0 /\
atomblockstarN ge i l pc0 fp1 pc1 /\
npnsw_or_sw_star ge pc1 fp2 pc2 /\
mem_eq_pc ge pc' ({-|
pc2,
cur_tid pc'}).
Proof.
Lemma glob_npnsw_step_atomblockstarN_inv_ex_drfsafe:
forall ge pc l fp pc',
drf_pc_glob pc ->
glob_npnsw_step pc l fp pc'->
forall t fp1 pc1 ltids,
t <>
cur_tid pc->
atomblockstarN ge 1
ltids ({-|
pc',
t})
fp1 pc1->
FP.smile fp fp1 /\
exists pc',
atomblockstarN ge 1
ltids ({-|
pc,
t})
fp1 pc'/\
exists pc'',
glob_npnsw_step pc'
l fp pc'' /\
mem_eq_pc ge pc1 ({-|
pc'',
cur_tid pc1}) /\
cur_tid pc'' =
cur_tid pc.
Proof.
Lemma npnsw_or_sw_star_atomblockstarN_ex_drfsafe:
forall i l ge pc fp pc'
fp'
pc''
ltids (
drfsafe:
drf_pc_glob pc),
npnsw_or_sw_stepN ge i l pc fp pc'->
atomblockstarN ge 1
ltids pc'
fp'
pc''->
exists fp1 pc1,
atomblockstarN ge 1
ltids ({-|
pc,
cur_tid pc'})
fp1 pc1 /\
exists fp2 pc2,
npnsw_or_sw_star ge pc1 fp2 pc2 /\
mem_eq_pc ge ({-|
pc'',
cur_tid pc2})
pc2.
Proof.
CoInductive blockdiverge_tid{
ge:
GlobEnv.t} :@
ProgConfig ge->
tid->
Prop:=
|
cons_blockdiverge_tid:
forall pc fp pc'
fp'
pc''
t,
atom_bit pc =
O->
ThreadPool.inv pc.(
thread_pool)->
npnsw_or_sw_star ge pc fp pc'->
atomblockstarN ge 1 (
cur_tid pc'::
nil)
pc'
fp'
pc''->
blockdiverge_tid pc''
t->
blockdiverge_tid pc (
cur_tid pc').
Lemma blockdiverge_tid_exists_lemma:
forall ge pc fp pc'
fp'
pc'',
atom_bit pc =
O->
ThreadPool.inv pc.(
thread_pool)->
npnsw_or_sw_star ge pc fp pc'->
atomblockstarN ge 1 (
cur_tid pc'::
nil)
pc'
fp'
pc''->
blockdiverge ge pc'' ->
blockdiverge_tid pc (
cur_tid pc').
Proof.
cofix.
intros.
inversion H3;subst.
econstructor;eauto.
Qed.
Lemma blockdiverge_tid_exists:
forall ge pc,
blockdiverge ge pc->
exists t,
blockdiverge_tid pc t.
Proof.
Lemma non_evt_star_cons_step:
forall ge pc fp pc'
fp'
pc'',
non_evt_star np_step pc fp pc'->
non_evt_plus np_step pc'
fp'
pc''->
non_evt_plus (@
np_step ge)
pc (
FP.union fp fp')
pc''.
Proof.
Lemma atomblockstarN_NP_drfsafe:
forall ge l pc fp pc'
t,
drf_pc_glob pc ->
atomblockstarN ge 1
l pc fp pc'->
blockdiverge_tid pc'
t->
exists pc1,
non_evt_star np_step pc fp pc1/\
((
exists t,
np_step pc1 sw FP.emp ({-|
pc',
t}) )).
Proof.
intros.
apply drf_pc_glob_l1 in H as ?.
Hsimpl.
specialize (
drf_pc_glob_l2 _ _ H)
as ?.
apply atomblockstar1_np in H0;
auto.
Hsimpl.
destruct H5;
eauto.
inversion H1;
subst.
inversion H8;
subst.
inversion H11;
subst.
{
apply atomblockstarN_cur_valid_tid in H9;
auto.
inversion H5;
subst.
destruct H9 as [
L R].
eapply H_all_thread_halted in L;
eauto.
contradiction.
}
{
destruct H12.
apply npnsw_step_cur_valid_id in H12;
auto.
inversion H5;
subst.
destruct H12 as [
L R].
eapply H_all_thread_halted in L;
eauto.
contradiction.
inversion H12;
subst.
inversion H5;
subst.
eapply H_all_thread_halted in H_thread_valid.
contradiction.
}
Qed.
Lemma npnsw_or_sw_star_cons_blockdiverge:
forall ge pc fp pc'
t,
ThreadPool.inv pc.(
thread_pool)->
atom_bit pc =
O->
npnsw_or_sw_star ge pc fp pc' ->
blockdiverge_tid pc'
t->
blockdiverge_tid pc t.
Proof.
Lemma mem_eq_blockdiverge_tid:
forall ge pc pc'
t (
wdge:
GlobEnv.wd ge)(
modwdge:
forall ix,
mod_wd (
GlobEnv.modules ge ix)),
mem_eq_pc ge pc pc'->
blockdiverge_tid pc t->
blockdiverge_tid pc'
t.
Proof.
Lemma blockdiverge_changetid:
forall ge pc t (
wdge:
GlobEnv.wd ge),
blockdiverge_tid pc t->
forall i,
@
blockdiverge_tid ge ({-|
pc,
i})
t.
Proof.
Lemma blockdiverge_valid_tid:
forall ge pc t,
ThreadPool.inv pc.(
thread_pool)->
GlobEnv.wd ge->
blockdiverge_tid pc t->
@
pc_valid_tid ge pc t.
Proof.
Lemma blockdiverge_tid_npdiverge:
forall ge pc t,
drf_pc_glob pc ->
blockdiverge_tid pc t ->
Pdiverge ge ({-|
pc,
t}).
Proof.
Lemma blockdiverge_npsilent_diverge:
forall ge pc,
drf_pc_glob pc ->
blockdiverge ge pc->
exists t,
npsilent_diverge ge ({-|
pc,
t}) /\
pc_valid_tid pc t.
Proof.
Lemma npnsw_or_sw_stepN_last_valid:
forall i l ge pc fp pc' (
wdge:
GlobEnv.wd ge),
ThreadPool.inv pc.(
thread_pool)->
npnsw_or_sw_stepN ge (
S i)
l pc fp pc'->
cur_valid_id ge pc'.
Proof.
Lemma npnsw_cons_npnsw_or_sw_stepN_sw:
forall ge pc fp pc'
t fp'
pc''
i l,
GlobEnv.wd ge->
ThreadPool.inv pc.(
thread_pool)->
atom_bit pc =
O->
@
glob_npnsw_step ge pc tau fp pc'->
npnsw_or_sw_stepN ge (
S i)
l ({-|
pc',
t})
fp'
pc''->
npnsw_or_sw_stepN ge (
S (
S i)) (
cons (
cur_tid pc)
l)
pc (
FP.union fp fp')
pc''.
Proof.
Lemma npnsw_or_sw_star_div:
forall k lt ge pc fp pc' ,
drf_pc_glob pc->
npnsw_or_sw_stepN ge k lt pc fp pc' ->
exists i l fp1 pc1 fp2 pc2,
tau_star glob_npnsw_step ({-|
pc,
cur_tid pc'})
fp1 pc1 /\
npnsw_or_sw_stepN ge i l pc1 fp2 pc2 /\
mem_eq_pc ge pc'
pc2 /\
~
list_matched l (
cur_tid pc').
Proof.
induction k;
intros.
apply npnsw_or_sw_stepN_0 in H0;
Hsimpl;
subst.
Esimpl.
constructor.
constructor.
inversion H;
auto.
rewrite (
swstar_l1 _ _ _ H2);
apply mem_eq_pc_refl.
unfold list_matched;
intro;
Hsimpl.
rewrite Coqlib.nth_error_nil in H0.
inversion H0.
pose proof drf_pc_glob_l1 _ _ H as [
v1 wdge1].
pose proof drf_pc_glob_l2 _ _ H as modwdge.
apply npnsw_or_sw_stepN_last_valid in H0 as L';
auto.
apply npnsw_or_sw_stepN_sound in H0 as L.
apply npnsw_or_sw_star_non_evt_star in L.
apply non_evt_star_star in L as [?
L].
eapply pc_valid_tid_back_star in L;
eauto.
clear x.
apply npnsw_or_sw_stepN_inv1 in H0;[|
Omega.omega].
Hsimpl.
enough(
drf_pc_glob x0).
assert(
S k -1 =
k).
Omega.omega.
rewrite H6 in H2.
clear H6.
eapply IHk in H2 as ?;
eauto.
Hsimpl.
assert(
cur_tid x0 =
cur_tid pc' \/
cur_tid x0 <>
cur_tid pc').
apply classic.
destruct H10.
+
rewrite <-
H10,
pc_cur_tid in H6.
eapply tau_star_cons in H6;
eauto.
apply npnsw_step_tid_preservation in H1 as ?.
rewrite (
swstar_l1 _ _ _ H0),
H11,
H10 in H6.
Esimpl;
eauto.
+
enough(
FP.smile x1 x6).
pose proof H1 as L0.
rewrite <-
pc_cur_tid with(
pc:=
x)
in H1 ;
eapply npnswstep_star_reorder in H1;
try apply H6;
eauto.
Hsimpl.
eapply mem_eq_npnsw_or_sw_stepN in H13 as ?;
eauto.
Hsimpl.
destruct x4.
{
apply npnsw_or_sw_stepN_0 in H14 as ?;
Hsimpl;
subst.
apply npnsw_taustar_tid_preservation in H6 as ?.
simpl in H3.
rewrite <-
H3 in *.
apply npnsw_or_sw_stepN_sound in H2.
apply swstar_l1 in H0.
apply npnsw_step_tid_preservation in L0 as ?.
apply npnsw_step_cur_valid_id in L0 as ?;[|
rewrite H0];
auto.
eapply npnsw_step_pc_valid_tid_preservation in L0 as ?;
eauto.
apply drf_pc_glob_l1 in H5 as?.
Hsimpl.
rewrite H4 in H17.
assert(
pc_valid_tid x (
cur_tid pc')).
rewrite H0;
auto.
assert(
atom_bit x11 =
O).
apply npnsw_taustar_O_preservation in H1.
apply npnsw_step_O_preservation in H12;
auto.
rewrite H0;
inversion H;
auto.
eapply npnsw_taustar_pc_valid_tid_preservation in H1 as ?;
eauto.
eapply npnsw_step_pc_valid_tid_preservation in H12 as ?;
eauto.
assert(
type_glob_step glob_sw x11 sw FP.emp ({-|
x11,
cur_tid pc'})).
destruct x11,
H24;
simpl in *;
subst;
econstructor;
eauto.
eapply npnsworsw_conssw in H14;
eauto.
eapply npnsworsw_consnpnsw in H14;
eauto.
simpl in *.
eapply npnsw_taustar_pc_valid_tid_preservation in H1 as ?;
try apply H16;
eauto.
assert(
atom_bit x10 =
O).
apply npnsw_taustar_O_preservation in H1;
auto.
rewrite H0.
inversion H;
auto.
assert(
type_glob_step glob_sw x10 sw FP.emp ({-|
x10,
cur_tid x})).
destruct x10,
H26;
simpl in *;
subst;
econstructor;
eauto.
eapply npnsworsw_conssw in H14;
eauto.
rewrite H0 in H1;
simpl in H1.
Esimpl;
eauto.
eapply mem_eq_pc_trans;
eauto.
unfold list_matched.
intro;
Hsimpl.
destruct x4.
simpl in H29.
inversion H29.
congruence.
simpl in H29.
rewrite Coqlib.nth_error_nil in H29.
inversion H29.
}
enough (
npnsw_or_sw_stepN ge (
S (
S x4))(
cons (
cur_tid x)
x5)
x10 (
FP.union x1 x8)
x12).
rewrite (
swstar_l1 _ _ _ H0)
in H1;
simpl in H1.
Esimpl;
try apply H16;
eauto.
eapply mem_eq_pc_trans;
eauto.
intro;
contradict H9.
unfold list_matched in *.
Hsimpl.
destruct x13.
simpl in H9.
inversion H9;
subst.
apply npnsw_step_tid_preservation in L0.
congruence.
simpl in H9.
eauto.
assert(
atom_bit pc =
O).
inversion H;
auto.
rewrite (
swstar_l1 _ _ _ H0)
in H1.
apply npnsw_taustar_O_preservation in H1 as ?;
auto.
apply npnsw_taustar_thdpinv in H1 as ?;
auto.
eapply npnsw_cons_npnsw_or_sw_stepN_sw in H14;
try apply H12;
eauto.
simpl in H14.
enough(
type_glob_step glob_sw x10 sw FP.emp ({-|
x10,
cur_tid x})).
eapply npnsworsw_conssw in H14;
eauto.
rewrite FP.emp_union_fp in H14;
auto.
apply npnsw_step_cur_valid_id in H12;
auto.
destruct x10,
H12;
simpl in *;
subst.
econstructor;
eauto.
intro;
try congruence.
apply npnsw_step_tid_preservation in H1;
simpl in H1.
congruence.
rewrite (
swstar_l1 _ _ _ H0);
auto.
apply NNPP;
intro.
apply smile_conflict in H11.
rewrite <-
pc_cur_tid with(
pc:=
x)
in H1;
eapply npnswstep_star_conflict in H1 as ?;
eauto.
destruct H12.
unfold npnsw_star_abort in H12.
Hsimpl.
rewrite (
swstar_l1 _ _ _ H0)
in H12.
simpl in H12.
inversion H as [?
_].
assert(
glob_step pc sw FP.emp ({-|
pc,
cur_tid pc'})).
destruct pc,
L.
simpl in *;
subst.
econstructor;
eauto.
apply npnsw_taustar_to_taustar in H12.
apply tau_star_to_star in H12 as [].
eapply star_step in H15;
eauto.
unfold drf_pc_glob,
drf_pc in H;
Hsimpl.
eapply cons_star_star in H15;
eauto.
eapply H20 in H15;
eauto.
Hsimpl.
rewrite (
swstar_l1 _ _ _ H0)
in H12.
simpl in H12.
rewrite (
swstar_l1 _ _ _ H0)
in H1;
simpl in H1.
apply npnsw_step_tid_preservation in H1 as ?.
assert(
atom_bit pc =
O).
inversion H;
subst;
auto.
assert(
race glob_predict_star_alter pc).
econstructor.
eauto.
econstructor.
rewrite <-
H14;
simpl.
econstructor 2;[|
constructor];
eauto.
auto.
apply npnsw_step_O_preservation in H1;
auto.
econstructor;
eauto.
apply npnsw_taustar_O_preservation in H12;
auto.
left;
intro R;
inversion R.
rewrite FP.fp_union_emp;
auto.
apply globrace_equiv2 in H16;
auto.
unfold star_race in H16;
Hsimpl.
pose predict_equiv.
eapply predict_equiv_race_equiv in H17;
eauto.
apply race_equiv in H17.
unfold drf_pc_glob,
drf_pc,
drfpc in H.
Hsimpl.
contradict H18.
unfold star_race_config.
eapply cons_star_star in H16;
eauto.
apply npnsw_step_tid_preservation in H1;
simpl in H1.
congruence.
rewrite (
swstar_l1 _ _ _ H0);
auto.
apply swstar_globstar in H0 as ?;
Hsimpl.
apply npnswstep_l1 in H1 as ?.
Hsimpl.
apply type_glob_step_elim in H6.
eapply star_cons_step in H6 as [];
eauto.
eapply drf_pc_glob_cons;
eauto.
apply npnsw_step_O_preservation in H1;
auto.
rewrite (
swstar_l1 _ _ _ H0).
inversion H;
auto.
Qed.
Lemma npnsw_or_sw_stepN_last_valid_alt:
forall i l ge pc fp pc' (
wdge:
GlobEnv.wd ge),
ThreadPool.inv pc.(
thread_pool)->
npnsw_or_sw_stepN ge (
S i)
l pc fp pc'->
pc_valid_tid pc (
cur_tid pc').
Proof.
Lemma thread_sim_refl:
forall ge pc,
thread_sim ge pc pc.
Proof.
unfold thread_sim;
intros;
Hsimpl;
Esimpl;
eauto. Qed.
Lemma thread_sim_comm:
forall ge pc pc',
thread_sim ge pc pc'->
thread_sim ge pc'
pc.
Proof.
unfold thread_sim;
intros;
Hsimpl;
Esimpl;
congruence. Qed.
Lemma thread_sim_trans:
forall ge pc pc1 pc2,
thread_sim ge pc pc1->
thread_sim ge pc1 pc2 ->
thread_sim ge pc pc2.
Proof.
unfold thread_sim;
intros;
Hsimpl;
Esimpl;
try congruence. Qed.
Lemma thread_sim_preserve:
forall ge x pc pc'
t fp pc1,
thread_sim ge ({-|
pc,
t})
pc'->
cur_tid pc <>
t->
type_glob_step x pc tau fp pc1->
x =
core \/
x =
call \/
x =
ret ->
thread_sim ge ({-|
pc1,
t})
pc'.
Proof.
unfold thread_sim,
getcurcs;
simpl;
intros;
Hsimpl.
destruct H2 as [|[]];
subst;
inversion H1;
subst;
simpl in *;
subst;
Esimpl;
eauto;
solv_thread;
solv_thread;
auto.
destruct Coqlib.peq;
try contradiction;
auto.
Qed.
Lemma thread_sim_preserve2:
forall ge x pc pc'
t fp pc1,
thread_sim ge pc ({-|
pc',
t})->
cur_tid pc' <>
t->
type_glob_step x pc'
tau fp pc1->
x =
core \/
x =
call \/
x =
ret ->
thread_sim ge pc ({-|
pc1,
t}).
Proof.
unfold thread_sim,
getcurcs;
simpl;
intros;
Hsimpl.
destruct H2 as [|[]];
subst;
inversion H1;
subst;
simpl in *;
subst;
Esimpl;
eauto;
solv_thread;
solv_thread;
auto.
destruct Coqlib.peq;
try contradiction;
auto.
Qed.
Lemma npnsw_or_sw_stepN_thread_sim:
forall i l ge pc fp pc'
t,
GlobEnv.wd ge->
(
forall ix,
mod_wd (
GlobEnv.modules ge ix))->
ThreadPool.inv pc.(
thread_pool)->
npnsw_or_sw_stepN ge i l pc fp pc'->
~
list_matched l t->
thread_sim ge ({-|
pc,
t}) ({-|
pc',
t}).
Proof.
Lemma npnsw_or_sw_stepN_atomO:
forall i l ge pc fp pc',
npnsw_or_sw_stepN ge i l pc fp pc'->
atom_bit pc =
O /\
atom_bit pc' =
O.
Proof.
induction 1;auto.
destruct IHnpnsw_or_sw_stepN;split;auto.
destruct H as [|[]];inversion H;subst;auto.
Hsimpl;Esimpl;eauto. inversion H;auto.
Qed.
Lemma npnsw_or_sw_stepN_i_1_split:
forall i l ge pc fp pc',
npnsw_or_sw_stepN ge (
S i)
l pc fp pc'->
exists l1 fp1 pc1 l2 fp2,
npnsw_or_sw_stepN ge i l1 pc fp1 pc1 /\
npnsw_or_sw_stepN ge 1
l2 pc1 fp2 pc' /\
app l1 l2 =
l /\
FP.union fp1 fp2 =
fp.
Proof.
Lemma drf_pc_glob_safe:
forall ge pc ,
@
drf_pc_glob ge pc->
safe_state glob_step abort pc.
Proof.
Lemma drf_pc_glob_drf:
forall ge pc,
@
drf_pc_glob ge pc ->
~
race glob_predict_star_alter pc.
Proof.
Lemma npnsw_step_halfatomblockstep_ex:
forall ge pc l fp pc'
t fp2 pc2,
drf_pc_glob pc->
glob_npnsw_step pc l fp pc'->
invpc ge pc ->
t <>
cur_tid pc->
halfatomblockstep ge ({-|
pc',
t})
tau fp2 pc2->
FP.smile fp fp2 /\
exists pc1,
halfatomblockstep ge ({-|
pc,
t})
tau fp2 pc1 .
Proof.
Lemma npnsw_star_halfatomblockstep_ex:
forall ge pc fp pc'
t fp2 pc2,
drf_pc_glob pc->
tau_star glob_npnsw_step pc fp pc'->
invpc ge pc ->
t <>
cur_tid pc->
halfatomblockstep ge ({-|
pc',
t})
tau fp2 pc2->
FP.smile fp fp2 /\
exists pc1,
halfatomblockstep ge ({-|
pc,
t})
tau fp2 pc1.
Proof.
Lemma drfsafe_npnsw_step_fpsmile:
forall ge pc fp pc'
t fp2 pc2,
@
drf_pc_glob ge pc->
glob_npnsw_step pc tau fp pc'->
t <>
cur_tid pc->
glob_npnsw_step ({-|
pc',
t})
tau fp2 pc2->
FP.smile fp fp2 /\
exists pc1,
glob_npnsw_step ({-|
pc,
t})
tau fp2 pc1 /\
exists pc2',
glob_npnsw_step ({-|
pc1,
cur_tid pc})
tau fp pc2' /\
mem_eq_pc ge pc2 ({-|
pc2',
cur_tid pc2}).
Proof.
Lemma drfsafe_npnsw_or_sw_stepN_npnswstep_fpsmile:
forall i l ge pc fp pc'
fp'
t pc'',
drf_pc_glob pc ->
npnsw_or_sw_stepN ge i l pc fp pc'->
~
list_matched l t->
glob_npnsw_step ({-|
pc',
t})
tau fp'
pc''->
FP.smile fp fp' /\
exists pc1,
glob_npnsw_step ({-|
pc,
t})
tau fp'
pc1 /\
exists pc2,
npnsw_or_sw_stepN ge i l pc1 fp pc2 /\
mem_eq_pc ge pc''
pc2.
Proof.
Lemma drfsafe_npnsw_or_sw_stepN_halfatomblockstep_fpsmile:
forall i l ge pc fp pc'
fp'
t pc'',
drf_pc_glob pc ->
npnsw_or_sw_stepN ge i l pc fp pc'->
~
list_matched l t->
halfatomblockstep ge ({-|
pc',
t})
tau fp'
pc''->
FP.smile fp fp'.
Proof.
Lemma halfatomblockstep_cons:
forall ge pc fp pc'
fp'
pc'',
halfatomblockstep ge pc tau fp pc'->
type_glob_step core pc'
tau fp'
pc''->
halfatomblockstep ge pc tau (
FP.union fp fp')
pc''.
Proof.
Lemma drfsafe_npnsw_or_sw_stepN_thread_sim:
forall i l ge pc fp pc'
t ,
drf_pc_glob pc ->
npnsw_or_sw_stepN ge i l pc fp pc'->
~
list_matched l t->
thread_sim ge ({-|
pc,
t}) ({-|
pc',
t}).
Proof.
Lemma GPre_trans:
forall ge m1 m2 m3 fp t,
GPre ge m1 m2 fp t->
GPre ge m2 m3 fp t->
GPre ge m1 m3 fp t.
Proof.
unfold GPre.
intros.
Hsimpl.
split.
eapply MemPre_trans;
eauto.
unfold GlobalFreelistEq in *;
Hsimpl.
intros.
specialize (
H1 _ _ H3).
specialize (
H2 _ _ H3).
split;
intro.
apply H1;
apply H2;
auto.
apply H2;
apply H1;
auto.
Qed.
Lemma GPre_refl:
forall ge m fp t,
GPre ge m m fp t.
Proof.
Lemma list_not_matched_split:
forall A l a b,
@
list_matched A l b ->
list_matched (
cons a l)
b.
Proof.
Lemma drfsafe_npnsw_or_sw_stepN_fpsmile_GPre:
forall i l ge pc fp pc'
t fp0,
drf_pc_glob pc ->
npnsw_or_sw_stepN ge i l pc fp pc'->
~
list_matched l t->
FP.smile fp fp0->
GPre ge pc.(
gm)
pc'.(
gm)
fp0 t.
Proof.
Lemma thread_sim_coreIdiverge:
forall ge pc pc' (
inv1:
ThreadPool.inv pc.(
thread_pool))(
inv2 :
ThreadPool.inv pc'.(
thread_pool)),
GlobEnv.wd ge->
(
forall ix,
mod_wd (
GlobEnv.modules ge ix))->
thread_sim ge pc pc'->
(
forall fp pc1,
tau_star (
type_glob_step core)
pc fp pc1->
GPre ge pc.(
gm)
pc'.(
gm)
fp pc.(
cur_tid))->
core_Idiverge ge pc->
core_Idiverge ge pc'.
Proof.
Lemma mem_eq_coreIdiverge:
forall ge pc pc' (
H_modwdge:
forall ix,
mod_wd (
GlobEnv.modules ge ix)),
mem_eq_pc ge pc pc'->
core_Idiverge ge pc->
core_Idiverge ge pc'.
Proof.
Lemma silent_diverge_cons_np_non_evt_star:
forall (
ge :
GlobEnv.t) (
pc : @
ProgConfig ge) (
fp :
FP.t) (
pc' :
ProgConfig),
non_evt_star np_step pc fp pc' ->
silent_diverge np_step pc' ->
silent_diverge np_step pc.
Proof.
induction 1. auto.
intros.
destruct H.
econstructor;eauto. constructor.
Hsimpl.
inversion IHnon_evt_star;subst.
econstructor;try apply H3;eauto.
econstructor 2;eauto. inversion H;subst;econstructor;eauto.
Qed.
Lemma core_Idiverge_cons_corestar:
forall ge pc fp pc',
tau_star (
type_glob_step core)
pc fp pc'->
core_Idiverge ge pc'->
core_Idiverge ge pc.
Proof.
induction 1;
intros.
auto.
Hsimpl.
econstructor.
inversion IHtau_star;
subst.
inversion H;
subst;
simpl in *;
subst.
auto.
apply core_step_equiv;
eauto.
auto.
Qed.
Lemma case_coreIdiverge:
forall ge pc i fp pc',
drf_pc_glob pc->
noevt_stepN ge glob_step (
S i)
pc fp pc' ->
core_Idiverge ge pc' ->
npsilent_diverge ge pc \/
exists t,
npsilent_diverge ge ({-|
pc,
t}) /\
pc_valid_tid pc t.
Proof.
intros.
assert(
atom_bit pc' =
I).
inversion H1;
subst;
auto.
apply noevt_stepN_Si_Iinv_drfsafe in H0;
auto.
Hsimpl.
apply atomblockstarN_atomO in H3 as R;
destruct R.
eapply npnsw_or_sw_stepN_exists in H4 as [?[]];
auto.
assert(
drf_pc_glob x4).
apply atomblockstarN_globstar in H3 as [].
apply swstar_globstar in H0.
Hsimpl.
eapply cons_star_star in H3;
eauto.
eapply drf_pc_glob_cons;
eauto.
pose proof drf_pc_glob_l1 _ _ H10 as [
v1 wdge].
pose proof drf_pc_glob_l2 _ _ H10 as modwdge.
eapply npnsw_or_sw_stepN_thdpinv in H4 as ?;
eauto.
apply type_glob_step_cur_valid_id in H5 as ?;
auto;
try congruence.
assert(
npnsw_or_sw_stepN ge 0
nil x5 (
FP.union FP.emp FP.emp) ({-|
x5,
x7})).
assert(
atom_bit x5 =
O).
inversion H5;
auto.
econstructor 3;
eauto;[
destruct x5,
H12;
simpl in *;
subst|
constructor;
auto].
econstructor;
eauto.
eapply npnsw_or_sw_stepN_cons in H13;
eauto.
rewrite FP.fp_union_emp in H13.
eapply npnsw_or_sw_star_div in H13 as ?;
auto.
Hsimpl.
simpl in *.
pose proof H16 as R.
eapply mem_eq_globstep in H16;
eauto;
Hsimpl.
eapply mem_eq_corestar in H18;
eauto;
Hsimpl.
eapply mem_eq_coreIdiverge in H7 as ?;
eauto.
eapply mem_eq_coreIdiverge in H20;
eauto.
destruct x12.
{
apply npnsw_or_sw_stepN_0 in H15.
Hsimpl;
subst.
rewrite (
swstar_l1 _ _ _ H22)
in H16.
assert(
cur_tid x17 =
x7).
destruct R;
Hsimpl.
simpl in *;
congruence.
apply npnsw_taustar_tid_preservation in H14 as ?.
simpl in H21.
try rewrite H15,
H21,
pc_cur_tid in H16.
apply npnsw_taustar_thdpinv in H14 as?;
auto.
apply type_glob_step_cur_valid_id in H16 as ?;
auto;
try congruence.
eapply npnsw_taustar_pc_valid_tid_backwards_preservation in H14 as ?;
eauto.
assert(
sw_star glob_step x4 ({-|
x4,
x7})).
econstructor 2;[|
constructor].
destruct x4,
H25.
simpl in *;
subst.
econstructor;
eauto.
apply corestar_npstar in H18 as ?.
apply entat_step_equiv in H16 as ?.
apply type_step_elim in H28.
eapply ETrace.ne_star_step in H27;
eauto.
apply glob_npnsw_star_to_np_taustar in H14.
apply tau_star_non_evt_star in H14.
eapply non_evt_star_cons in H27;
eauto.
apply core_Idiverge_npsilent_diverge in H20.
destruct x.
{
inversion H3;
subst.
right.
exists (
cur_tid x15).
rewrite (
swstar_l1 _ _ _ H0)
in H25,
H27;
simpl in H25,
H27.
split;[|
auto].
eapply silent_diverge_cons_np_non_evt_star;
eauto.
}
{
apply atomblockstarN_cur_valid_tid in H3 as T1;
auto;
try congruence.
eapply atomblockstarN_cons_swstar in H3;
eauto.
eapply atomblockstarN_np in H3;
eauto.
Hsimpl.
destruct H29.
Hsimpl.
simpl in H29.
assert(
sw_star glob_step ({-|
x4,
x13})({-|
x4,
x7})).
econstructor 2;[|
constructor].
destruct x4,
H25,
H10.
simpl in *;
subst.
econstructor;
eauto.
eapply npsw_swstar in H29;
eauto.
assert(
non_evt_star np_step x12 (
FP.union FP.emp FP.emp) ({-|
x4,
x7})).
econstructor 2;
eauto.
constructor.
eapply non_evt_star_cons in H31;
eauto.
eapply non_evt_star_cons in H27;
eauto.
apply swstar_l1 in H0.
rewrite H0 in *.
right.
exists (
cur_tid x3).
split;
auto.
eapply silent_diverge_cons_np_non_evt_star;
eauto.
inversion H29;
subst.
destruct H25.
apply H_all_thread_halted in H21.
contradiction.
Omega.omega.
rewrite (
swstar_l1 _ _ _ H0).
apply drf_pc_glob_l1 in H as [];
auto.
Omega.omega.
rewrite (
swstar_l1 _ _ _ H0).
apply drf_pc_glob_l1 in H as [];
auto.
}
}
{
assert(
pc_valid_tid x4 x7).
apply npnsw_or_sw_stepN_sound in H4;
apply npnsw_or_sw_star_non_evt_star in H4;
apply non_evt_star_star in H4 as[].
eapply pc_valid_tid_back_star;
eauto.
apply npnsw_taustar_thdpinv in H14 as ?;
auto.
eapply npnsw_taustar_pc_valid_tid_preservation in H14 as ?;
eauto.
assert(
drf_pc_glob x15).
eapply npnsw_taustar_to_taustar in H14;
auto.
apply tau_star_to_star in H14 as [].
assert(
glob_step x4 sw FP.emp ({-|
x4,
x7})).
destruct x4,
H10,
H21;
simpl in *;
subst.
econstructor;
eauto.
eapply star_step in H24;
eauto.
eapply drf_pc_glob_cons;
eauto.
apply npnsw_or_sw_stepN_atomO in H15 as [];
auto.
eapply npnsw_or_sw_stepN_thread_sim in H15 as Sim1;
eauto.
assert(
forall fp pc',
halfatomblockstep ge x17 tau fp pc'->
FP.smile fp x16).
intros.
assert(
cur_tid x17 =
x7).
destruct R;
Hsimpl;
auto.
rewrite <-
pc_cur_tid with(
pc:=
x17),
H26 in H25.
eapply drfsafe_npnsw_or_sw_stepN_halfatomblockstep_fpsmile in H15 as ?;
eauto.
apply fpsmile_sym;
auto.
assert(
halfatomblockstep ge x17 tau x9 x19).
unfold halfatomblockstep;
Esimpl;
eauto.
eapply H25 in H26 as ?;
eauto.
apply thread_sim_comm in Sim1.
assert(
cur_tid x17 =
x7).
inversion R;
subst;
Hsimpl;
auto.
rewrite <-
H28,
pc_cur_tid in Sim1.
pose proof empsmile x16.
apply fpsmile_sym in H29.
eapply drfsafe_npnsw_or_sw_stepN_fpsmile_GPre in H29;
try apply H15 ;
eauto.
apply GPre_comm in H29.
assert(
ThreadPool.inv x17.(
thread_pool)).
destruct R.
Hsimpl.
rewrite <-
H30.
auto.
rewrite <-
H28 in H29.
eapply entatstep_Glocality in Sim1 as ?;
eauto;
simpl.
Hsimpl.
apply core_Idiverge_cons_corestar in H18;
auto.
apply type_glob_step_elim in H31 as ?.
apply GE_mod_wd_tp_inv in H34;
auto.
Coqlib.exploit thread_sim_coreIdiverge;
try apply H33;
eauto.
apply type_glob_step_elim in H16;
apply GE_mod_wd_tp_inv in H16;
auto.
intros.
assert(
halfatomblockstep ge x17 tau fp0 pc1).
unfold halfatomblockstep;
Esimpl;
eauto.
apply H25 in H36.
apply fpsmile_sym in H36.
eapply drfsafe_npnsw_or_sw_stepN_fpsmile_GPre in H15;
try apply H36;
eauto.
assert(
gm x15 =
gm x20).
inversion H31;
auto.
assert(
gm x18 =
gm x17).
inversion H16;
auto.
assert(
cur_tid x18 =
x7).
inversion H16;
subst.
econstructor.
rewrite <-
H37,
H38,
H39.
apply GPre_comm.
auto.
intro.
apply core_Idiverge_npsilent_diverge in H35.
apply entat_step_equiv in H31.
apply type_step_elim in H31.
apply npnsw_taustar_tid_preservation in H14 as ?;
auto.
simpl in H36.
rewrite H28,
H36,
pc_cur_tid in H31.
assert(
non_evt_star np_step x20 FP.emp x20).
constructor.
eapply ETrace.ne_star_step in H37;
eauto.
destruct x.
{
inversion H3;
subst.
apply swstar_l1 in H0.
rewrite H0 in *;
simpl in *.
right.
exists (
cur_tid x15).
split;
auto.
apply glob_npnsw_star_to_np_taustar in H14.
apply tau_star_non_evt_star in H14.
eapply non_evt_star_cons in H37;
eauto.
eapply silent_diverge_cons_np_non_evt_star;
eauto.
}
{
apply atomblockstarN_np in H3;
auto.
Hsimpl.
destruct H38.
Hsimpl.
assert(
sw_star glob_step ({-|
x4,
x22}) ({-|
x4,
x7})).
econstructor 2;[|
constructor].
destruct x4,
H21.
simpl in *;
subst.
econstructor;
eauto.
eapply npsw_swstar in H39;
eauto.
apply glob_npnsw_star_to_np_taustar in H14;
apply tau_star_non_evt_star in H14.
eapply non_evt_star_cons in H37;
eauto.
eapply ETrace.ne_star_step in H37;
eauto.
eapply non_evt_star_cons in H37;
eauto.
eapply silent_diverge_cons_np_non_evt_star in H35;
try apply H37.
apply swstar_l in H0 as [];
subst;
Hsimpl;
auto.
right.
exists (
cur_tid x3).
split;
auto.
inversion H0;
subst;
simpl;
auto.
inversion H0;
subst;
split;
auto.
inversion H38;
subst.
destruct H21.
apply H_all_thread_halted in H21;
contradiction.
Omega.omega.
rewrite (
swstar_l1 _ _ _ H0).
apply drf_pc_glob_l1 in H as [];
auto.
}
}
Qed.
CoInductive AO_psilent_diverge{
ge}:
tid->@
ProgConfig ge->
Prop:=
AO_mk:
forall pc fp pc1 fp1 pc2,
npnsw_or_sw_star ge pc fp pc1 ->
glob_npnsw_step pc1 tau fp1 pc2 ->
AO_psilent_diverge (
cur_tid pc1)
pc2 ->
AO_psilent_diverge (
cur_tid pc1)
pc.
Lemma AO_psilent_diverge_valid_t:
forall ge pc t,
@
drf_pc_glob ge pc ->
AO_psilent_diverge t pc->
pc_valid_tid pc t.
Proof.
Lemma npnsw_or_sw_stepN_pc_valid_tid_preserve:
forall i l ge pc fp pc'
t (
wdge:
GlobEnv.wd ge)(
v1:
invpc ge pc),
@
npnsw_or_sw_stepN ge i l pc fp pc'->
pc_valid_tid pc t->
pc_valid_tid pc'
t.
Proof.
Lemma npnsw_star_cons_npnsw_or_sw_star:
forall (
GE :
GlobEnv.t) (
pc :
ProgConfig)
(
fp :
FP.t) (
pc' :
ProgConfig),
tau_star glob_npnsw_step pc fp pc' ->
forall (
fp2 :
FP.t) (
pc'' :
ProgConfig),
npnsw_or_sw_star GE pc'
fp2 pc'' ->
npnsw_or_sw_star GE pc (
FP.union fp fp2)
pc''.
Proof.
Lemma mem_eq_AO_psilent_diverge:
forall ge pc pc'
t,
GlobEnv.wd ge->
(
forall ix,
mod_wd (
GlobEnv.modules ge ix))->
ThreadPool.inv pc.(
thread_pool)->
mem_eq_pc ge pc pc'->
AO_psilent_diverge t pc ->
AO_psilent_diverge t pc'.
Proof.
Lemma AO_psilent_diverge_cons_npnsw_or_sw_star:
forall ge pc fp pc'
t,
npnsw_or_sw_star ge pc fp pc'->
AO_psilent_diverge t pc'->
AO_psilent_diverge t pc.
Proof.
destruct 1.
induction H.
auto.
intros.
Hsimpl.
inversion IHstar;
subst.
destruct H2.
eapply star_step in H;
eauto.
econstructor;
eauto.
eexists;
eauto.
Qed.
Lemma drf_safe_AO_psilent_diverge_inv:
forall ge pc t,
@
drf_pc_glob ge pc ->
AO_psilent_diverge t pc ->
(
exists fp pc1 ,
drf_pc_glob pc1 /\
glob_npnsw_step ({-|
pc,
t})
tau fp pc1 /\
AO_psilent_diverge t pc1).
Proof.
Definition no_rep (
l:
list tid):
Prop:=
forall i j,
i <>
j ->
i <
length l ->
j <
length l ->
List.nth_error l i <>
List.nth_error l j.
Definition pcvalid{
ge}(
pc:@
ProgConfig ge)(
l:
list tid):
Prop:=
forall t,
List.In t l ->
pc_valid_tid pc t.
Definition isdone {
ge}(
pc:@
ProgConfig ge)(
t:
list tid):
Prop:=
forall fp pc'
fp'
pc'',
npnsw_or_sw_star ge pc fp pc'->
glob_npnsw_step pc'
tau fp'
pc'' ->
npnswdiverge ge pc'' ->
~
List.In (
cur_tid pc')
t.
Lemma notalldone:
forall ge pc lt,
drf_pc_glob pc->
npnswdiverge ge pc ->
isdone pc lt->
(
forall t,
pc_valid_tid pc t->
list_matched lt t)
->
False.
Proof.
Lemma npnsw_or_sw_star_cons:
forall ge pc fp pc'
fp'
pc'',
npnsw_or_sw_star ge pc fp pc'->
npnsw_or_sw_star ge pc'
fp'
pc''->
npnsw_or_sw_star ge pc (
FP.union fp fp')
pc''.
Proof.
Definition willdone :=
fun ge pc lt t=> (
exists fp pc1,
tau_star glob_npnsw_step ({-|
pc,
t})
fp pc1 /\
npnswdiverge ge ({-|
pc1,
cur_tid pc}) /\
isdone pc1 (
cons t lt)).
Lemma isdone_nil:
forall ge pc , @
isdone ge pc nil.
Proof.
Lemma isdone_app:
forall ge pc t t',
@
isdone ge pc t->
@
isdone ge pc t'->
@
isdone ge pc (
app t t').
Proof.
unfold isdone;
intros.
specialize (
H _ _ _ _ H1 H2 H3).
specialize (
H0 _ _ _ _ H1 H2 H3).
intro.
apply List.in_app_iff in H4 as [];
contradiction.
Qed.
Lemma mem_eq_npnswstep:
forall ge pc pc'
fp pc1 (
modwdge:
forall ix,
mod_wd (
GlobEnv.modules ge ix)),
mem_eq_pc ge pc pc'->
glob_npnsw_step pc tau fp pc1 ->
exists pc2,
mem_eq_pc ge pc1 pc2 /\
glob_npnsw_step pc'
tau fp pc2.
Proof.
Lemma drf_pc_glob_cons_npnsw_star:
forall (
ge :
GlobEnv.t) (
pc :
ProgConfig)(
fp :
FP.t) (
pc' :
ProgConfig) ,
@
drf_pc_glob ge pc ->
tau_star glob_npnsw_step pc fp pc' ->
drf_pc_glob pc'.
Proof.
Lemma mem_eq_npnswdiverge:
forall ge pc pc'
t (
modwdge:
forall ix ,
mod_wd (
GlobEnv.modules ge ix))(
wdge:
GlobEnv.wd ge),
ThreadPool.inv pc.(
thread_pool)->
mem_eq_pc ge pc ({-|
pc',
t}) ->
npnswdiverge ge pc ->
npnswdiverge ge pc'.
Proof.
Lemma npnsw_or_sw_star_cons_npnsw_diverge:
forall i l ge pc fp pc'(
wdge:
GlobEnv.wd ge),
ThreadPool.inv pc.(
thread_pool)->
atom_bit pc =
O->
npnsw_or_sw_stepN ge i l pc fp pc'->
npnswdiverge ge pc'->
npnswdiverge ge pc.
Proof.
Lemma npnswdiverge_notdone:
forall ge pc pc'
fp lt,
drf_pc_glob pc->
glob_npnsw_step pc tau fp pc'->
npnswdiverge ge pc'->
isdone pc lt ->
~
willdone ge pc lt (
cur_tid pc)->
exists fp1 pc1,
tau_plus glob_npnsw_step pc'
fp1 pc1/\
npnswdiverge ge pc1/\
isdone pc'
lt /\
~
willdone ge pc'
lt (
cur_tid pc').
Proof.
Lemma npnswdiverge_notdone_tbc:
forall ge pc pc'
fp lt,
drf_pc_glob pc->
tau_plus glob_npnsw_step pc fp pc'->
npnswdiverge ge pc'->
isdone pc lt ->
~
willdone ge pc lt (
cur_tid pc)->
exists fp1 pc1,
glob_npnsw_step pc tau fp1 pc1/\
npnswdiverge ge pc1/\
isdone pc lt /\
~
willdone ge pc lt (
cur_tid pc).
Proof.
Lemma npnsw_tauplus_nonevtplus_np:
forall ge pc fp pc',
tau_plus glob_npnsw_step pc fp pc'->
tau_plus (@
np_step ge)
pc fp pc'.
Proof.
CoInductive npnsw_diverge'{
ge}:@
ProgConfig ge->
Prop:=
mk_npnsw_diverge':
forall pc fp pc',
atom_bit pc =
O ->
glob_npnsw_step pc tau fp pc'->
npnsw_diverge'
pc'->
npnsw_diverge'
pc.
Lemma npnswdiverge_cur_tid_not_done_forever:
forall ge pc pc'
fp lt,
drf_pc_glob pc->
glob_npnsw_step pc tau fp pc'->
npnswdiverge ge pc'->
isdone pc lt ->
~
willdone ge pc lt (
cur_tid pc)->
npnsw_diverge'
pc.
Proof.
Lemma cur_not_done:
forall ge pc pc'
fp lt,
drf_pc_glob pc->
glob_npnsw_step pc tau fp pc'->
npnswdiverge ge pc'->
isdone pc lt ->
~
List.In (
cur_tid pc)
lt.
Proof.
intros.
eapply H2;eauto. econstructor. constructor.
Qed.
Lemma norep_split:
forall l t,
no_rep (
cons t l)->
no_rep l.
Proof.
unfold no_rep;
intros.
assert(
S i <
length(
t::
l)).
simpl.
Omega.omega.
assert(
S j <
length(
t::
l)).
simpl;
Omega.omega.
eapply H in H3;
try apply H4;
eauto.
Qed.
Lemma norep_cons:
forall l t,
~
List.In t l ->
no_rep l->
no_rep (
cons t l).
Proof.
unfold no_rep;
intros.
destruct i,
j;
simpl in *.
contradiction.
intro.
contradict H.
eapply List.nth_error_In.
eauto.
intro.
contradict H.
eapply List.nth_error_In;
eauto.
eapply H0;
eauto;
Omega.omega.
Qed.
Lemma if_will_cur_done:
forall ge pc lt,
drf_pc_glob pc->
cur_valid_id ge pc ->
isdone pc lt ->
pcvalid pc lt->
no_rep lt ->
~
List.In (
cur_tid pc)
lt ->
willdone ge pc lt (
cur_tid pc)->
exists fp pc',
drf_pc_glob pc'/\
cur_valid_id ge pc' /\
cur_tid pc =
cur_tid pc' /\
tau_star glob_npnsw_step pc fp pc'/\
npnswdiverge ge pc' /\
isdone pc' (
cons (
cur_tid pc)
lt) /\
pcvalid pc' (
cons (
cur_tid pc)
lt) /\
no_rep (
cons (
cur_tid pc)
lt).
Proof.
Lemma if_will_cur_done_tbc:
forall ge pc lt,
drf_pc_glob pc ->
npnswdiverge ge pc ->
isdone pc (
cons (
cur_tid pc)
lt) ->
pcvalid pc (
cons (
cur_tid pc)
lt) ->
no_rep (
cons (
cur_tid pc)
lt)->
exists fp pc1 pc2,
glob_step pc sw FP.emp pc1 /\
glob_npnsw_step pc1 tau fp pc2 /\
~
List.In (
cur_tid pc2) (
cons (
cur_tid pc)
lt) /\
drf_pc_glob pc1 /\
cur_valid_id ge pc1/\
npnswdiverge ge pc1/\
npnswdiverge ge pc2/\
isdone pc1 (
cons (
cur_tid pc)
lt)/\
pcvalid pc1 (
cons (
cur_tid pc)
lt)/\
no_rep (
cons (
cur_tid pc)
lt).
Proof.
intros.
inversion H0;
subst.
Esimpl;
eauto.
apply npnsw_step_tid_preservation in H6 as ?.
rewrite <-
H8.
eapply H1;
eauto.
econstructor.
econstructor 2;[|
constructor].
right.
inversion H5;
subst;
econstructor;
eauto.
eapply drf_pc_glob_cons;
eauto.
econstructor 2;[|
constructor];
eauto.
inversion H5;
auto.
eapply npnsw_step_cur_valid_id in H6;
eauto.
inversion H5;
subst;
auto.
econstructor;
eauto.
inversion H5;
subst;
auto.
inversion H5;
subst;
econstructor;
eauto.
unfold isdone.
intros.
eapply swstar_cons_npnsw_or_sw_star in H8;
eauto.
econstructor 2;
eauto.
constructor.
unfold pcvalid.
intros.
eapply H2 in H8.
inversion H5;
subst.
destruct H8;
split;
auto.
Qed.
Lemma if_will_cur_done_tbc2:
forall ge pc lt,
drf_pc_glob pc->
cur_valid_id ge pc ->
isdone pc lt ->
pcvalid pc lt->
no_rep lt ->
~
List.In (
cur_tid pc)
lt ->
willdone ge pc lt (
cur_tid pc)->
exists fp fp2 pc'
pc1 pc2,
tau_star glob_npnsw_step pc fp pc'/\
glob_step pc'
sw FP.emp pc1 /\
glob_npnsw_step pc1 tau fp2 pc2 /\
~
List.In (
cur_tid pc2) (
cons (
cur_tid pc)
lt) /\
drf_pc_glob pc1 /\
cur_valid_id ge pc1/\
npnswdiverge ge pc1/\
npnswdiverge ge pc2/\
isdone pc1 (
cons (
cur_tid pc)
lt)/\
pcvalid pc1 (
cons (
cur_tid pc)
lt)/\
no_rep (
cons (
cur_tid pc)
lt).
Proof.
Definition thread_nums {
ge}(
pc:@
ProgConfig ge):
nat:=
BinPos.Pos.to_nat pc.(
thread_pool).(
ThreadPool.next_tid).
Lemma thread_nums_preserve:
forall ge pc l fp pc',
star (@
glob_step ge)
pc l fp pc'->
thread_nums pc' =
thread_nums pc.
Proof.
induction 1;
intros.
auto.
unfold thread_nums.
inversion H;
subst;
auto;
solv_thread.
Qed.
Lemma norep_nodup:
forall l,
no_rep l ->
List.NoDup l.
Proof.
Lemma maxi:
forall ge pc lt,
@
pcvalid ge pc lt->
no_rep lt ->
length lt <
thread_nums pc.
Proof.
Lemma if_will_cur_done_tbc3:
forall i ge pc lt fp pc',
drf_pc_glob pc->
cur_valid_id ge pc ->
glob_npnsw_step pc tau fp pc'->
npnswdiverge ge pc'->
isdone pc lt ->
pcvalid pc lt->
no_rep lt ->
~
List.In (
cur_tid pc)
lt ->
i =
thread_nums pc -
length lt ->
exists fp1 pc1 lt'
fp2 pc2,
drf_pc_glob pc1/\
npnswdiverge ge pc2 /\
npnsw_or_sw_star ge pc fp1 pc1 /\
glob_npnsw_step pc1 tau fp2 pc2 /\
isdone pc1 lt'/\
~
willdone ge pc1 lt' (
cur_tid pc1).
Proof.
Lemma npnswdiverge_will_forever:
forall ge pc fp pc',
drf_pc_glob pc->
cur_valid_id ge pc ->
glob_npnsw_step pc tau fp pc'->
npnswdiverge ge pc'->
exists fp1 pc1 ,
drf_pc_glob pc1 /\
npnsw_or_sw_star ge pc fp1 pc1 /\
npnsw_diverge'
pc1.
Proof.
Lemma npnswdiverge_AO_psilent_diverge:
forall ge pc fp1 pc1,
drf_pc_glob pc1->
npnsw_or_sw_star ge pc fp1 pc1 ->
npnsw_diverge'
pc1->
AO_psilent_diverge (
cur_tid pc1)
pc.
Proof.
End diverge_proof.
Lemma AO_psilent_diverge_exists:
forall ge pc,
drf_pc_glob pc->
npnswdiverge ge pc->
exists t,
AO_psilent_diverge t pc.
Proof.
Lemma npnswdiverge_npdiverge:
forall ge pc,
drf_pc_glob pc->
npnswdiverge ge pc ->
exists t,
pc_valid_tid pc t /\
npsilent_diverge ge ({-|
pc,
t}).
Proof.
Lemma Etr_p_np_diverge:
forall ge pc,
drf_pc_glob pc->
Etr (@
glob_step ge)
abort final_state pc Behav_diverge->
Etr np_step np_abort final_state pc Behav_diverge \/
exists t,
Etr np_step np_abort final_state ({-|
pc,
t})
Behav_diverge /\
pc_valid_tid pc t .
Proof.
Lemma limited_etr_p_cons_non_evt_star:
forall ge i pc b,
limited_etr i (@
glob_step ge)
abort final_state pc b->
forall pc0 fp,
non_evt_star glob_step pc0 fp pc->
limited_etr i glob_step abort final_state pc0 b.
Proof.
Lemma glob_evt_step_sw:
forall ge pc v pc',
@
glob_step ge pc (
evt v)
FP.emp pc'->
ThreadPool.inv pc.(
thread_pool)->
GlobEnv.wd ge->
glob_step pc'
sw FP.emp pc'.
Proof.
Lemma glob_evt_step_np:
forall ge pc v pc',
@
glob_step ge pc (
evt v)
FP.emp pc'->
ThreadPool.inv pc.(
thread_pool)->
GlobEnv.wd ge->
np_step pc (
evt v)
FP.emp pc'.
Proof.
intros.
eapply glob_evt_step_sw in H as L1;
eauto.
inversion H;
subst.
inversion L1;
subst.
econstructor;
eauto.
Qed.
Definition mod_wd_ge (
ge:
GlobEnv.t):
Prop:=
forall ix,
mod_wd (
GlobEnv.modules ge ix).
Lemma mem_eq_pc_limited_etr_p:
forall i ge pc pc'
b,
mod_wd_ge ge->
mem_eq_pc ge pc pc'->
limited_etr i glob_step abort final_state pc b->
limited_etr i glob_step abort final_state pc'
b.
Proof.
Lemma limited_etr_p_np_base:
forall ge pc B,
drf_pc_glob pc->
limited_etr 0 (@
glob_step ge)
abort final_state pc B->
(
limited_etr 0
np_step np_abort final_state pc B) \/ (
exists t,
limited_etr 0
np_step np_abort final_state ({-|
pc,
t})
B /\
pc_valid_tid pc t ) .
Proof.
inversion 2;
subst.
eapply Etr_p_np_done in H1;
eauto.
destruct H1.
left.
econstructor;
eauto.
right.
destruct H1 as (?&?&?).
exists x;
split;
auto.
econstructor;
eauto.
eapply Etr_p_np_abort in H1;
eauto.
destruct H1.
left.
econstructor;
eauto.
right.
destruct H1 as (?&?&?).
exists x;
split;
auto.
econstructor;
eauto.
eapply Etr_p_np_diverge in H1;
eauto.
destruct H1.
left.
econstructor;
eauto.
right.
destruct H1 as (?&?&?).
exists x;
split;
auto.
econstructor;
eauto.
Qed.
Lemma limited_etr_p_np_ind:
forall i ge pc B,
drf_pc_glob pc->
atom_bit pc =
O->
limited_etr (
S i) (@
glob_step ge)
abort final_state pc B->
exists t,
limited_etr (
S i)
np_step np_abort final_state ({-|
pc,
t})
B /\
pc_valid_tid pc t.
Proof.
Lemma limited_etr_p_np:
forall i ge pc B,
drf_pc_glob pc ->
atom_bit pc =
O->
limited_etr i (@
glob_step ge)
abort final_state pc B->
(
limited_etr i np_step np_abort final_state pc B) \/
(
exists t,
limited_etr i np_step np_abort final_state ({-|
pc,
t})
B /\
pc_valid_tid pc t).
Proof.
CoInductive glob_inf_etr {
ge}:@
ProgConfig ge->
behav->
Prop:=
|
build_inf_etr_glob:
forall pc b,
glob_inf_etr pc b->
forall pc0 pc01 fp0 pc1 v,
glob_step pc0 sw FP.emp pc01 ->
non_evt_thrd_globstar ge pc01 fp0 pc1 ->
glob_step pc1 (
evt v)
FP.emp pc ->
glob_inf_etr pc0 (
Behav_cons v b).
Lemma mem_eq_inf_etr:
forall ge,
(
forall ix,
mod_wd (
GlobEnv.modules ge ix))->
forall a f pc b,
inf_etr_alt2 (@
glob_step ge)
a f pc b->
forall pc',
mem_eq_pc ge pc pc'->
inf_etr_alt2 glob_step a f pc'
b.
Proof.
Lemma inf_etr_glob_inf_etr:
forall ge ab fn pc b,
drf_pc_glob pc->
inf_etr_alt2 (@
glob_step ge)
ab fn pc b->
glob_inf_etr pc b.
Proof.
CoInductive glob_inf_etr_2 {
ge}:@
ProgConfig ge->
behav->
Prop:=
|
build_inf_etr_glob2:
forall pc b,
glob_inf_etr_2 pc b->
forall pc0 fp0 pc1 v pc2,
non_evt_thrd_globstar ge pc0 fp0 pc1 ->
glob_step pc1 (
evt v)
FP.emp pc2 ->
glob_step pc2 sw FP.emp pc ->
glob_inf_etr_2 pc0 (
Behav_cons v b).
Lemma glob_inf_etr_l1:
forall ge pc pc',
@
glob_step ge pc sw FP.emp pc'->
forall b,
glob_inf_etr_2 pc'
b->
glob_inf_etr pc b.
Proof.
cofix;intros.
inversion H0;subst.
econstructor;try eapply glob_inf_etr_l1;eauto.
Qed.
Lemma glob_inf_etr_l2:
forall ge pc0 fp0 pc1 v pc2 b,
non_evt_thrd_globstar ge pc0 fp0 pc1 ->
glob_step pc1 (
evt v)
FP.emp pc2 ->
glob_inf_etr pc2 b->
glob_inf_etr_2 pc0 (
Behav_cons v b).
Proof.
cofix.
intros.
inversion H1;subst.
econstructor;try eapply glob_inf_etr_l2; eauto.
Qed.
Lemma glob_inf_etr_l3:
forall ge pc b,
@
glob_inf_etr ge pc b->
exists pc',
glob_step pc sw FP.emp pc' /\
glob_inf_etr_2 pc'
b.
Proof.
Lemma non_evt_thrd_globstar_inv_preserve:
forall ge pc fp pc',
GlobEnv.wd ge->
@
non_evt_thrd_globstar ge pc fp pc'->
invpc ge pc->
invpc ge pc'.
Proof.
Lemma glob_inf_etr_np:
forall ge pc pc'
b,
GlobEnv.wd ge ->
(
forall ix,
mod_wd (
GlobEnv.modules ge ix))->
invpc ge pc->
@
glob_step ge pc sw FP.emp pc'->
glob_inf_etr_2 pc'
b->
inf_etr np_step np_abort final_state pc'
b.
Proof.
Lemma config_refine_alt:
forall sge spc tge tpc t,
@
config_refine tge sge tpc spc->
atom_bit tpc =
O->
pc_valid_tid tpc t->
config_refine ({-|
tpc,
t})
spc.
Proof.
Lemma init_pair_config_refine:
forall NL L sc tc e sgm sge spc tgm tge tpc i i',
@
init_config NL L (
sc,
e)
sgm sge spc i->
@
init_config NL L (
tc,
e)
tgm tge tpc i'->
config_refine ({-|
tpc,
i})
spc->
config_refine tpc spc.
Proof.
Lemma np_p_config_refine_weak_proof{
NL L}:
forall P (
H:
True),
wd_langs (
fst P) ->
forall (
gm :
gmem) (
ge :
GlobEnv.t) (
pc :
ProgConfig),
@
init_config NL L P gm ge pc (
cur_tid pc) ->
forall (
B :
behav) (
HSafe:
safe_state glob_step abort pc)(
Hdrf:
drfpc pc),
Etr glob_step abort final_state pc B ->
exists t :
tid,
Etr np_step np_abort final_state ({-|
pc,
t})
B /\
pc_valid_tid pc t.
Proof.
Lemma np_p_refine_weak {
NL}{
L}:
forall P,
wd_langs (
fst P)->
safe_prog P->
drf P->
@
np_p_prog_refine_weak NL L P.
Proof.
Lemma DRF_NP_Refine_Config_Proof:
forall NL L mu su tu e sgm sge spc st tgm tge tpc tt,
@
wd_langs NL L su ->
@
wd_langs NL L tu ->
(
forall t :
tid,
DRFLemmas.pc_valid_tid tpc t ->
np_safe_config ({-|
tpc,
t})) ->
InitRel mu sge tge sgm tgm->
init_config (
su,
e)
sgm sge spc st->
init_config (
tu,
e)
tgm tge tpc tt->
drf (
su,
e)->
drfpc tpc->
np_prog_refine (
su,
e)(
tu,
e)->
config_refine tpc spc.
Proof.
np_p_equiv defines the equivalence of preemptive-semantics and non-preemptive smeantics.
- Etr is the event trace of the configuration pc, where B means the behavior of the configuration,
- the configuration in non-preemptive should be able to start in any valid thread, otherwise it may not have the same behavior as in preemptive semantics.
Definition np_p_equiv {
NL}{
L} (
p:
prog L):=
forall m ge pc t,
@
init_config NL L p m ge pc t ->
forall B,
Etr glob_step abort final_state pc B <->
exists t,
Etr np_step np_abort final_state ({-|
pc,
t})
B /\
pc_valid_tid pc t.
Semantics Equivalence(Lemma 7):
If the program is safe and data-race-free, and the languages of the program are well-defined, then we have the equivalence of P and NP.
Lemma NP_P_Equiv{
NL}{
L}:
forall P,
wd_langs (
fst P)->
safe_prog P->
drf P->
@
np_p_equiv NL L P.
Proof.
End Refinement.