Internalize list for own_dbmap_in_slice

Author: yunshengtw

src/program_proof/tulip/program/prelude.v

@@ -147,12 +147,13 @@ Proof. intros x y H. by destruct x, y. Defined.
 Section def.
   Context `{!heapGS Σ, !tulip_ghostG Σ}.
 
-  Definition own_dbmap_in_slice s (l : list dbmod) (m : dbmap) : iProp Σ :=
-    own_slice s (struct.t WriteEntry) (DfracOwn 1) l ∗ ⌜map_to_list m ≡ₚ l⌝.
+  Definition own_dbmap_in_slice s (m : dbmap) : iProp Σ :=
+    ∃ l : list dbmod,
+      own_slice s (struct.t WriteEntry) (DfracOwn 1) l ∗ ⌜map_to_list m ≡ₚ l⌝.
 
   Definition own_pwrs_slice (pwrsS : Slice.t) (c : ccommand) : iProp Σ :=
     match c with
-    | CmdCommit _ pwrs => (∃ pwrsL : list dbmod, own_dbmap_in_slice pwrsS pwrsL pwrs)
+    | CmdCommit _ pwrs => own_dbmap_in_slice pwrsS pwrs
     | _ => True
     end.
 

src/program_proof/tulip/program/replica/replica_acquire.v

@@ -6,21 +6,22 @@ From Perennial.program_proof.tulip.program.replica Require Import
 Section program.
   Context `{!heapGS Σ, !tulip_ghostG Σ}.
 
-  Theorem wp_Replica__acquire rp (tsW : u64) pwrsS pwrsL pwrs ptsm sptsm :
+  Theorem wp_Replica__acquire rp (tsW : u64) pwrsS pwrs ptsm sptsm :
     valid_wrs pwrs ->
     let ts := uint.nat tsW in
-    {{{ own_dbmap_in_slice pwrsS pwrsL pwrs ∗ own_replica_ptsm_sptsm rp ptsm sptsm }}}
+    {{{ own_dbmap_in_slice pwrsS pwrs ∗ own_replica_ptsm_sptsm rp ptsm sptsm }}}
       Replica__acquire #rp #tsW (to_val pwrsS)
     {{{ (acquired : bool), RET #acquired;
-        own_dbmap_in_slice pwrsS pwrsL pwrs ∗
+        own_dbmap_in_slice pwrsS pwrs ∗
         if acquired
         then own_replica_ptsm_sptsm rp (acquire ts pwrs ptsm) (acquire ts pwrs sptsm) ∗
              ⌜validated_ptsm ptsm pwrs⌝ ∗
              ⌜validated_sptsm sptsm ts pwrs⌝
         else own_replica_ptsm_sptsm rp ptsm sptsm
     }}}.
   Proof.
-    iIntros (Hvw ts Φ) "[[HpwrsS %HpwrsL] Hrp] HΦ".
+    iIntros (Hvw ts Φ) "[Hpwrs Hrp] HΦ".
+    iDestruct "Hpwrs" as (pwrsL) "[HpwrsS %HpwrsL]".
     wp_rec.
     iDestruct (own_replica_ptsm_sptsm_dom with "Hrp") as %[Hdomptsm Hdomsptsm].
 

src/program_proof/tulip/program/replica/replica_apply_commit.v

@@ -6,19 +6,19 @@ Section program.
   Context `{!heapGS Σ, !tulip_ghostG Σ}.
 
   Theorem wp_Replica__applyCommit
-    rp (tsW : u64) pwrsS pwrsL pwrs cloga gid rid γ α :
+    rp (tsW : u64) pwrsS pwrs cloga gid rid γ α :
     let ts := uint.nat tsW in
     let cloga' := cloga ++ [CmdCommit ts pwrs] in
     valid_pwrs gid pwrs ->
     group_histm_lbs_from_log γ gid cloga' -∗
     is_txn_log_lb γ gid cloga' -∗
     is_replica_idx rp γ α -∗
-    {{{ own_dbmap_in_slice pwrsS pwrsL pwrs ∗
+    {{{ own_dbmap_in_slice pwrsS pwrs ∗
         own_replica_with_cloga_no_lsna rp cloga gid rid γ α
     }}}
       Replica__applyCommit #rp #tsW (to_val pwrsS)
     {{{ RET #(); 
-        own_dbmap_in_slice pwrsS pwrsL pwrs ∗ 
+        own_dbmap_in_slice pwrsS pwrs ∗ 
         own_replica_with_cloga_no_lsna rp cloga' gid rid γ α
     }}}.
   Proof.

src/program_proof/tulip/program/replica/replica_commit.v

@@ -12,7 +12,7 @@ Section program.
     let ts := uint.nat tsW in
     safe_commit γ gid ts pwrs -∗
     is_replica rp gid rid γ -∗
-    {{{ ∃ l, own_dbmap_in_slice pwrsS l pwrs }}}
+    {{{ own_dbmap_in_slice pwrsS pwrs }}}
       Replica__Commit #rp #tsW (to_val pwrsS)
     {{{ (ok : bool), RET #ok; True }}}.
   Proof.
@@ -43,7 +43,6 @@ Section program.
     (*@                                                                         @*)
     iNamed "Hrp". iNamed "Htxnlog".
     wp_loadField.
-    iDestruct "Hpwrs" as (l) "Hpwrs".
     wp_apply (wp_TxnLog__SubmitCommit with "Htxnlog Hpwrs").
     iInv "Hinv" as "> HinvO" "HinvC".
     iNamed "HinvO".

src/program_proof/tulip/program/replica/replica_fast_prepare.v

@@ -8,13 +8,13 @@ Section program.
   Context `{!heapGS Σ, !tulip_ghostG Σ}.
 
   Theorem wp_Replica__fastPrepare
-    rp (tsW : u64) pwrsS pwrsL pwrs gid rid γ α :
+    rp (tsW : u64) pwrsS pwrs gid rid γ α :
     let ts := uint.nat tsW in
     gid ∈ gids_all ->
     rid ∈ rids_all ->
     safe_txn_pwrs γ gid ts pwrs -∗
     know_tulip_inv γ -∗
-    {{{ own_dbmap_in_slice pwrsS pwrsL pwrs ∗ own_replica rp gid rid γ α }}}
+    {{{ own_dbmap_in_slice pwrsS pwrs ∗ own_replica rp gid rid γ α }}}
       Replica__fastPrepare #rp #tsW (to_val pwrsS) slice.nil
     {{{ (res : rpres), RET #(rpres_to_u64 res);
         own_replica rp gid rid γ α ∗ fast_prepare_outcome γ gid rid ts res
@@ -274,11 +274,11 @@ Section program.
   Qed.
 
   Theorem wp_Replica__FastPrepare
-    rp (tsW : u64) pwrsS pwrsL pwrs gid rid γ :
+    rp (tsW : u64) pwrsS pwrs gid rid γ :
     let ts := uint.nat tsW in
     safe_txn_pwrs γ gid ts pwrs -∗
     is_replica rp gid rid γ -∗
-    {{{ own_dbmap_in_slice pwrsS pwrsL pwrs }}}
+    {{{ own_dbmap_in_slice pwrsS pwrs }}}
       Replica__FastPrepare #rp #tsW (to_val pwrsS) slice.nil
     {{{ (res : rpres), RET #(rpres_to_u64 res);
         fast_prepare_outcome γ gid rid ts res

src/program_proof/tulip/program/replica/replica_multiwrite.v

@@ -6,22 +6,23 @@ From Perennial.program_proof.tulip.program.index Require Import index.
 Section program.
   Context `{!heapGS Σ, !tulip_ghostG Σ}.
 
-  Theorem wp_Replica__multiwrite rp (tsW : u64) pwrsS pwrsL pwrs histm gid γ α :
+  Theorem wp_Replica__multiwrite rp (tsW : u64) pwrsS pwrs histm gid γ α :
     let ts := uint.nat tsW in
     let histm' := multiwrite ts pwrs histm in
     valid_pwrs gid pwrs ->
     dom histm = keys_all ->
     safe_extension ts pwrs histm ->
     ([∗ map] k ↦ h ∈ filter_group gid histm', is_repl_hist_lb γ k h) -∗
     is_replica_idx rp γ α -∗
-    {{{ own_dbmap_in_slice pwrsS pwrsL pwrs ∗ own_replica_histm rp histm α }}}
+    {{{ own_dbmap_in_slice pwrsS pwrs ∗ own_replica_histm rp histm α }}}
       Replica__multiwrite #rp #tsW (to_val pwrsS)
     {{{ RET #(); 
-        own_dbmap_in_slice pwrsS pwrsL pwrs ∗ own_replica_histm rp histm' α
+        own_dbmap_in_slice pwrsS pwrs ∗ own_replica_histm rp histm' α
     }}}.
   Proof.
     iIntros (ts histm' Hvw Hdomhistm Hlenhistm) "#Hrlbs #Hidx".
-    iIntros (Φ) "!> [[HpwrsS %Hpwrs] Hhistm] HΦ".
+    iIntros (Φ) "!> [Hpwrs Hhistm] HΦ".
+    iDestruct "Hpwrs" as (pwrsL) "[HpwrsS %HpwrsL]".
     wp_rec.
 
     (*@ func (rp *Replica) multiwrite(ts uint64, pwrs []tulip.WriteEntry) {     @*)
@@ -56,15 +57,15 @@ Section program.
       wp_loadField.
       (* Prove [k] in the domain of [pwrs] and in [keys_all]. *)
       apply elem_of_list_lookup_2 in Hi as Hpwrsv.
-      rewrite -Hpwrs elem_of_map_to_list in Hpwrsv.
+      rewrite -HpwrsL elem_of_map_to_list in Hpwrsv.
       apply elem_of_dom_2 in Hpwrsv as Hdompwrs.
       assert (Hvk : k ∈ keys_all).
       { clear -Hvw Hdompwrs. set_solver. }
       wp_apply (wp_Index__GetTuple with "Hidx"); first apply Hvk.
       iIntros (tpl) "#Htpl".
       (* Obtain proof that the current key [k] has not been written. *)
       pose proof (NoDup_fst_map_to_list pwrs) as Hnd.
-      rewrite Hpwrs in Hnd.
+      rewrite HpwrsL in Hnd.
       pose proof (list_lookup_fmap fst pwrsL (uint.nat i)) as Hk.
       rewrite Hi /= in Hk.
       pose proof (not_elem_of_take _ _ _ Hnd Hk) as Htake.
@@ -120,7 +121,7 @@ Section program.
     iDestruct ("HpwrsC" with "HpwrsS") as "HpwrsS".
     wp_pures.
     iApply "HΦ".
-    pose proof (list_to_map_flip _ _ Hpwrs) as Hltm.
+    pose proof (list_to_map_flip _ _ HpwrsL) as Hltm.
     rewrite -Hlenpwrs firstn_all -Hltm.
     by iFrame.
   Qed.

src/program_proof/tulip/program/replica/replica_release.v

@@ -5,16 +5,17 @@ From Perennial.program_proof.tulip.program.replica Require Import
 Section program.
   Context `{!heapGS Σ, !tulip_ghostG Σ}.
 
-  Theorem wp_Replica__release rp pwrsS pwrsL pwrs ptsm sptsm :
+  Theorem wp_Replica__release rp pwrsS pwrs ptsm sptsm :
     valid_wrs pwrs ->
-    {{{ own_dbmap_in_slice pwrsS pwrsL pwrs ∗ own_replica_ptsm_sptsm rp ptsm sptsm }}}
+    {{{ own_dbmap_in_slice pwrsS pwrs ∗ own_replica_ptsm_sptsm rp ptsm sptsm }}}
       Replica__release #rp (to_val pwrsS)
     {{{ RET #(); 
-        own_dbmap_in_slice pwrsS pwrsL pwrs ∗
+        own_dbmap_in_slice pwrsS pwrs ∗
         own_replica_ptsm_sptsm rp (release pwrs ptsm) sptsm
     }}}.
   Proof.
-    iIntros (Hvw Φ) "[[HpwrsS %Hpwrs] Hrp] HΦ".
+    iIntros (Hvw Φ) "[Hpwrs Hrp] HΦ".
+    iDestruct "Hpwrs" as (pwrsL) "[HpwrsS %HpwrsL]".
     wp_rec.
     iDestruct (own_replica_ptsm_sptsm_dom with "Hrp") as %[Hdomptsm Hdomsptsm].
 
@@ -45,22 +46,22 @@ Section program.
       iIntros "Hrp".
       iApply "HΦ".
       (* Obtain proof that the current key [k] has not been written. *)
-      pose proof (map_to_list_not_elem_of_take_key _ _ _ _ Hpwrs Hi) as Htake.
+      pose proof (map_to_list_not_elem_of_take_key _ _ _ _ HpwrsL Hi) as Htake.
       (* Adjust the goal. *)
       rewrite uint_nat_word_add_S; last by word.
       rewrite (take_S_r _ _ _ Hi) list_to_map_snoc; last apply Htake.
       set pwrs' := list_to_map _.
       rewrite /release setts_insert; last first.
       { apply elem_of_list_lookup_2 in Hi.
-        rewrite -Hpwrs in Hi.
+        rewrite -HpwrsL in Hi.
         apply elem_of_map_to_list, elem_of_dom_2 in Hi.
         clear -Hvw Hi Hdomptsm. set_solver.
       }
       done.
     }
     iIntros "[Hrp HpwrsS]".
     subst P. simpl.
-    pose proof (list_to_map_flip _ _ Hpwrs) as Hltm.
+    pose proof (list_to_map_flip _ _ HpwrsL) as Hltm.
     rewrite -Hlenpwrs firstn_all Hltm.
     iDestruct ("HpwrsC" with "HpwrsS") as "HpwrsS".
     wp_pures.

src/program_proof/tulip/program/replica/replica_repr.v

@@ -52,7 +52,7 @@ Section repr.
     ∃ (prepmP : loc) (prepmS : gmap u64 Slice.t) (prepm : gmap u64 dbmap),
       "HprepmP"  ∷ rp ↦[Replica :: "prepm"] #prepmP ∗
       "HprepmS"  ∷ own_map prepmP (DfracOwn 1) prepmS ∗
-      "Hprepm"   ∷ ([∗ map] s; m ∈ prepmS; prepm, ∃ l, own_dbmap_in_slice s l m) ∗
+      "Hprepm"   ∷ ([∗ map] s; m ∈ prepmS; prepm, own_dbmap_in_slice s m) ∗
       "%Hcpmabs" ∷ ⌜(kmap Z.of_nat cpm : gmap Z dbmap) = kmap uint.Z prepm⌝.
 
   Definition absrel_ptsm (ptsm : gmap dbkey nat) (ptsmM : gmap dbkey u64) :=

src/program_proof/tulip/program/replica/replica_request_session.v

@@ -44,9 +44,9 @@ Section decode.
       DecodeTxnRequest (to_val dataP)
     {{{ (pwrsP : Slice.t), RET (txnreq_to_val req pwrsP);
         match req with
-        | FastPrepareReq _ pwrs => (∃ pwrsL, own_dbmap_in_slice pwrsP pwrsL pwrs)
-        | ValidateReq _ _ pwrs => (∃ pwrsL, own_dbmap_in_slice pwrsP pwrsL pwrs)
-        | CommitReq _ pwrs => (∃ pwrsL, own_dbmap_in_slice pwrsP pwrsL pwrs)
+        | FastPrepareReq _ pwrs => own_dbmap_in_slice pwrsP pwrs
+        | ValidateReq _ _ pwrs => own_dbmap_in_slice pwrsP pwrs
+        | CommitReq _ pwrs => own_dbmap_in_slice pwrsP pwrs
         | _ => True
         end
     }}}.
@@ -211,20 +211,14 @@ Section program.
     iDestruct "Herr" as "%Hmsg".
     apply Henc in Hmsg as Hreq.
     destruct Hreq as (req & Hinreqs & Hreq). simpl in Hreq.
-    (* assert (∃ req, retdata = encode_txnreq req ∧ req ∈ reqs) as (req & Hreq & Hinreqs). *)
-    (* { specialize (Henc retdata). *)
-    (*   apply (elem_of_map_2 msg_data (D := gset (list u8))) in Hmsg. *)
-    (*   specialize (Henc Hmsg). *)
-    (*   by rewrite elem_of_map in Henc. *)
-    (* } *)
 
     (*@         req  := message.DecodeTxnRequest(ret.Data)                      @*)
     (*@         kind := req.Kind                                                @*)
     (*@         ts   := req.Timestamp                                           @*)
     (*@                                                                         @*)
     wp_apply (wp_DecodeTxnRequest with "Hretdata").
     { apply Hreq. }
-    iIntros (entsaP) "Hentsa".
+    iIntros (pwrsP) "Hpwrs".
     assert (Hrid : rid ∈ rids_all).
     { apply elem_of_dom_2 in Haddr. by rewrite Hdomaddrm in Haddr. }
     destruct req; wp_pures.
@@ -312,8 +306,6 @@ Section program.
       (*@             grove_ffi.Send(conn, data)                                  @*)
       (*@                                                                         @*)
       iDestruct (big_sepS_elem_of with "Hreqs") as "Hsafe"; first apply Hinreqs.
-      simpl.
-      iDestruct "Hentsa" as (pwrsL) "Hpwrs".
       wp_apply (wp_Replica__FastPrepare with "Hsafe Hrp Hpwrs").
       iIntros (res) "#Houtcome".
       wp_loadField.
@@ -376,7 +368,6 @@ Section program.
       (*@                                                                         @*)
       iDestruct (big_sepS_elem_of with "Hreqs") as "Hsafe"; first apply Hinreqs.
       simpl.
-      iDestruct "Hentsa" as (pwrsL) "Hpwrs".
       wp_apply (wp_Replica__Validate with "Hsafe Hrp Hpwrs").
       iIntros (res) "#Houtcome".
       wp_loadField.
@@ -627,7 +618,7 @@ Section program.
       (*@             }                                                           @*)
       (*@                                                                         @*)
       iDestruct (big_sepS_elem_of with "Hreqs") as "Hsafe"; first apply Hinreqs.
-      wp_apply (wp_Replica__Commit with "Hsafe Hrp Hentsa").
+      wp_apply (wp_Replica__Commit with "Hsafe Hrp Hpwrs").
       iIntros (ok) "_".
       wp_pures.
       destruct ok; wp_pures.

src/program_proof/tulip/program/replica/replica_validate.v

@@ -7,13 +7,13 @@ Section program.
   Context `{!heapGS Σ, !tulip_ghostG Σ}.
 
   Theorem wp_Replica__validate
-    rp (tsW : u64) pwrsS pwrsL pwrs gid rid γ α :
+    rp (tsW : u64) pwrsS pwrs gid rid γ α :
     let ts := uint.nat tsW in
     gid ∈ gids_all ->
     rid ∈ rids_all ->
     safe_txn_pwrs γ gid ts pwrs -∗
     know_tulip_inv γ -∗
-    {{{ own_dbmap_in_slice pwrsS pwrsL pwrs ∗ own_replica rp gid rid γ α }}}
+    {{{ own_dbmap_in_slice pwrsS pwrs ∗ own_replica rp gid rid γ α }}}
       Replica__validate #rp #tsW (to_val pwrsS) slice.nil
     {{{ (res : rpres), RET #(rpres_to_u64 res);
         own_replica rp gid rid γ α ∗ validate_outcome γ gid rid ts res
@@ -156,11 +156,11 @@ Section program.
   Qed.
 
   Theorem wp_Replica__Validate
-    rp (tsW rankW : u64) pwrsS pwrsL pwrs gid rid γ :
+    rp (tsW rankW : u64) pwrsS pwrs gid rid γ :
     let ts := uint.nat tsW in
     safe_txn_pwrs γ gid ts pwrs -∗
     is_replica rp gid rid γ -∗
-    {{{ own_dbmap_in_slice pwrsS pwrsL pwrs }}}
+    {{{ own_dbmap_in_slice pwrsS pwrs }}}
       Replica__Validate #rp #tsW #rankW (to_val pwrsS) slice.nil
     {{{ (res : rpres), RET #(rpres_to_u64 res);
         validate_outcome γ gid rid ts res