-
$\textcolor{purple}{\texttt{Fixpoint}}$ is_list(l : list Z) (v : val) : iProp$\Sigma$ . -
$\textcolor{purple}{\texttt{Fixpoint}}$ sum_list_coq(l : list Z) : Z. -
$\textcolor{purple}{\texttt{Definition}}$ sum_list: val.
Lemma sum_list_spec l v :
{{{ is_list l v }}} sum_list v
{{{ RET #(sum_list_coq l); is_list l v }}}.-
$\textcolor{purple}{\texttt{Definition}}$ inc_list: val.
Lemma inc_list_spec n l v :
{{{ is_list l v }}}
inc_list #n v
{{{ RET #(); is_list (map (Z.add n) l) v }}}.-
$\textcolor{purple}{\texttt{Definition}}$ is_lock(lk : val) (R : iProp$\Sigma$ ) : iProp$\Sigma$ .\
-
$\textcolor{purple}{\texttt{Definition}}$ newlock: val.
Lemma newlock_spec R:
{{{ R }}} newlock #() {{{ lk, RET lk; is_lock lk R }}}.-
$\textcolor{purple}{\texttt{Definition}}$ try_lock: val.
Lemma try_acquire_spec lk R :
{{{ is_lock lk R }}} try_acquire lk
{{{ b, RET #b; if b is true then R else True }}}.-
$\textcolor{purple}{\texttt{Definition}}$ acquire: val.
Lemma acquire_spec lk R :
{{{ is_lock lk R }}} acquire lk {{{ RET #(); R }}}.-
$\textcolor{purple}{\texttt{Definition}}$ release: val.
Lemma release_spec lk R :
{{{ is_lock lk R * R }}} release lk {{{ RET #(); True }}}.-
$\textcolor{purple}{\texttt{Definition}}$ lock_inv(l : loc) (R : iProp$\Sigma$ ) : iProp$\Sigma$ .
-
$\textcolor{purple}{\texttt{Definition}}$ parallel_inc_sum_locked(lock : val) : val.
One thread increases the given list by a given$n$ . A second thread stores the list sum in a variable$sum$ . Both threads acquire the same spinlock before executing their respective operation, and release it after. The function returns$sum$ .
-
$\textcolor{purple}{\texttt{Definition}}$ inc_sum_inv(n : Z) (l : list Z) (v : val) : iProp$\Sigma$ .
The function invariant states that there exists a list$l^\prime$ such that sum of$l$ is less than or equal to that of$l^\prime$ , and separately,$v$ points to$l^\prime$ .
Lemma sum_inc_eq_n_len : forall (l : list Z) n,
(sum_list_coq (map (Z.add n) l) = (n * length l) + sum_list_coq l)%Z.-
$\textcolor{magenta}{\texttt{Theorem}}$ parallel_inc_sum_locked_speclock l v (n : Z).
Pre-condition :is_lock lockwith resourceinc_sum_inv n l v, and separately,$n \geq 0$ .
Function call :parallel_inc_sum_locked lock #n v.
Post-condition: The function returns an integer$m$ such that the list sum of$l$ is less than or equal to$m$ .
- All definitions and lemmas for "Lists" was taken from
ex_02_sumlist.vdistributed in the course. - All definitions and lemmas for "Spinlock" was taken from
ex_03_spinlock.vdistributed in the course. - No external references used.