Skip to content

Commit 8174912

Browse files
wilcoxjaywilcoxjay
committed
prove trace correctness on lockserv
1 parent 0d404bf commit 8174912

File tree

1 file changed

+37
-8
lines changed

1 file changed

+37
-8
lines changed

LockServ.v

Lines changed: 37 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -867,8 +867,10 @@ Section LockServ.
867867
match trace with
868868
| [] => True
869869
| (Client n, (inl Unlock)) :: tr' => match holder with
870-
| Some m => m = n /\ trace_mutual_exclusion' None tr'
871-
| _ => False
870+
| Some m => if fin_eq_dec _ n m
871+
then trace_mutual_exclusion' None tr'
872+
else trace_mutual_exclusion' holder tr'
873+
| _ => trace_mutual_exclusion' holder tr'
872874
end
873875
| (n, (inl _)) :: tr' => trace_mutual_exclusion' holder tr'
874876
| (Client n, (inr [Locked])) :: tr' => trace_mutual_exclusion' (Some n) tr'
@@ -1070,7 +1072,6 @@ Section LockServ.
10701072

10711073
Lemma trace_mutex'_unlock_extend :
10721074
forall tr h c,
1073-
last_holder' h tr = Some c ->
10741075
trace_mutual_exclusion' h tr ->
10751076
trace_mutual_exclusion' h (tr ++ [(Client c, inl Unlock)]).
10761077
Proof.
@@ -1079,17 +1080,38 @@ Section LockServ.
10791080

10801081
Lemma last_holder'_unlock_none :
10811082
forall tr h c,
1083+
last_holder' h tr = Some c ->
10821084
last_holder' h (tr ++ [(Client c, inl Unlock)]) = None.
10831085
Proof.
10841086
induction tr; intros; simpl in *; repeat break_match; intuition.
1087+
congruence.
10851088
Qed.
10861089

10871090
Lemma last_holder_unlock_none :
10881091
forall tr c,
1092+
last_holder tr = Some c ->
10891093
last_holder (tr ++ [(Client c, inl Unlock)]) = None.
10901094
Proof.
10911095
intros.
1092-
apply last_holder'_unlock_none.
1096+
apply last_holder'_unlock_none. auto.
1097+
Qed.
1098+
1099+
Lemma last_holder_some_unlock_inv :
1100+
forall tr h c n,
1101+
last_holder' h (tr ++ [(Client c, inl Unlock)]) = Some n ->
1102+
last_holder' h tr = Some n.
1103+
Proof.
1104+
induction tr; intros; simpl in *; repeat break_match; subst;
1105+
intuition; try congruence; eauto.
1106+
Qed.
1107+
1108+
Lemma last_holder'_neq_unlock_extend :
1109+
forall tr h n c,
1110+
last_holder' h tr = Some n ->
1111+
n <> c ->
1112+
last_holder' h (tr ++ [(Client c, inl Unlock)]) = Some n.
1113+
Proof.
1114+
induction tr; intros; simpl in *; repeat break_match; subst; try congruence; intuition.
10931115
Qed.
10941116

10951117
Lemma LockServ_mutual_exclusion_trace :
@@ -1159,16 +1181,23 @@ Section LockServ.
11591181
end.
11601182
apply last_holder'_input_extend; auto. congruence.
11611183
- apply trace_mutex'_unlock_extend; auto.
1162-
- rewrite last_holder_unlock_none in *. discriminate.
1184+
- rewrite last_holder_unlock_none in *; auto. discriminate.
11631185
- my_update_destruct; try find_inversion; rewrite_update.
11641186
+ discriminate.
11651187
+ assert (mutual_exclusion (nwState st))
11661188
by eauto using mutual_exclusion_invariant, reachable_intro.
11671189
unfold mutual_exclusion in *.
11681190
assert (c = n) by eauto. congruence.
1169-
- admit.
1170-
- admit.
1171-
- admit.
1191+
- apply trace_mutex'_unlock_extend. auto.
1192+
- rewrite update_nop.
1193+
find_apply_lem_hyp last_holder_some_unlock_inv.
1194+
auto.
1195+
- match goal with
1196+
| [ H : _ |- _ ] => rewrite update_nop in H
1197+
end.
1198+
assert (n <> c) by congruence.
1199+
find_apply_hyp_hyp.
1200+
apply last_holder'_neq_unlock_extend; auto.
11721201
- apply trace_mutual_exclusion'_extend_input; auto. congruence.
11731202
- rewrite update_nop_ext. find_apply_lem_hyp last_holder'_input_inv; try congruence.
11741203
auto.

0 commit comments

Comments
 (0)