-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathMoverTypes.v
131 lines (114 loc) · 4.95 KB
/
MoverTypes.v
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
Require Import Coqlib.
Require Import Maps.
Require Import GenSem.
Require Import Constants.
Require Import CommonLib.
Require Import RData.
Require Import EventReplay.
Open Local Scope Z_scope.
Section MoverDefinitions.
Inductive IsLeftMover (lvl: Z) (e: Event) : Prop :=
| LEFT_MOVER
(MoveT: forall st0 st0' st0'' e' ret ret'
(Hcidne: match e with EVT c _ => c end <> match e' with EVT c' _ => c' end)
(Hstep_e': ereplay lvl st0 e' = Some (st0', ret'))
(Hstep_e: ereplay lvl st0' e = Some (st0'', ret)),
exists st0'x, ereplay lvl st0 e = Some (st0'x, ret) /\
ereplay lvl st0'x e' = Some (st0'', ret'))
(MoveF: forall st0 st0' e' ret'
(Hcidne: match e with EVT c _ => c end <> match e' with EVT c' _ => c' end)
(Hstep_e': ereplay lvl st0 e' = Some (st0', ret'))
(Hstep_e: ereplay lvl st0' e = None),
ereplay lvl st0 e = None):
IsLeftMover lvl e.
Inductive IsRightMover (lvl: Z) (e: Event) : Prop :=
| RIGHT_MOVER
(Move: forall st0 st0' st0'' e' ret ret'
(Hcidne: match e with EVT c _ => c end <> match e' with EVT c' _ => c' end)
(Hstep_e': ereplay lvl st0 e = Some (st0', ret))
(Hstep_e: ereplay lvl st0' e' = Some (st0'', ret')),
exists st0'x, ereplay lvl st0 e' = Some (st0'x, ret') /\
ereplay lvl st0'x e = Some (st0'', ret)):
IsRightMover lvl e.
Inductive other_cpu_events: Log -> Prop :=
| other_cpu_nil: other_cpu_events nil
| other_cpu_cons:
forall e l (Hother_cpu_e: match e with EVT c _ => c end <> CPU_ID)
(Hother_cpu_l: other_cpu_events l),
other_cpu_events (e :: l).
Definition left_event_dec:
forall lvl e, {IsLeftMover lvl e} + {~IsLeftMover lvl e}.
Proof. intros. eapply prop_dec. Qed.
Definition right_event_dec:
forall lvl e, {IsRightMover lvl e} + {~IsRightMover lvl e}.
Proof. intros. eapply prop_dec. Qed.
Inductive RightLog (lvl: Z) : Log -> Prop :=
| RightLogNil: RightLog lvl nil
| RightLogOracle (l: Log) (o: Oracle): RightLog lvl (o l ++ l)
| RightLogMover (l: Log) (e: Event)
(is_right_mover: IsRightMover lvl e)
(is_right_log: RightLog lvl l): RightLog lvl (e :: l).
Inductive ValidOracle (lvl: Z) (orc: Oracle) :=
| VALID_ORACLE
(* oracle only emit valid events *)
(Hsucc: forall l st (Hrep: Repl lvl l = Some st), exists st', Repl lvl ((orc l) ++ l) = Some st')
(* oracle return events from other CPUs *)
(Hother_cpu: forall l, other_cpu_events (orc l))
(* if current log is invalid, the oracle will return empty list *)
(Hfailnil: forall l (Hrep: Repl lvl l = None), orc l = nil)
(* oracle will return nil if it has been queried*)
(* Log :: O :: O = Log :: O *)
(Hdouble_query_nil: forall l, orc (orc l ++ l) = nil)
(Hright_log_nil: forall l, RightLog lvl l -> orc l = nil):
ValidOracle lvl orc.
End MoverDefinitions.
Section MoverOracleProperties.
Lemma replay_some_ind:
forall lvl e l s em,
replay lvl (e :: l) em = Some s ->
exists s' v, replay lvl l em = Some s' /\ ereplay lvl s' e = Some (s, v).
Proof.
intros.
unfold replay in H; simpl in H.
repeat (simpl_hyp H; contra).
repeat eexists. inv H. eassumption. inv H. eassumption.
Qed.
Lemma replay_some_ind2:
forall lvl l1 l2 s em,
replay lvl (l1 ++ l2) em = Some s ->
exists s', replay lvl l2 em = Some s' /\ replay lvl l1 s' = Some s.
Proof.
intros until l2.
induction l1; intros.
repeat eexists. eassumption. simpl.
rewrite <- app_comm_cons in H.
repeat (simpl_hyp H; contra).
simpl in H.
repeat (simpl_hyp H; contra).
pose proof (IHl1 _ _ C).
destruct H0 as (? & ? & ?).
repeat eexists. eassumption.
grewrite. inv H. reflexivity.
Qed.
Lemma replay_simpl_cons:
forall lvl e l st, replay lvl (e :: l) st = match replay lvl l st with
| Some st' => match ereplay lvl st' e with
| Some (st'', _) => Some st''
| _ => None
end
| _ => None
end.
Proof.
intros. reflexivity.
Qed.
Lemma replay_simpl_app:
forall lvl l1 l2 st, replay lvl (l1 ++ l2) st = match replay lvl l2 st with
| Some st' => replay lvl l1 st'
| _ => None
end.
Proof.
induction l1. simpl. intros. destruct (replay lvl l2 st); reflexivity.
intros. rewrite <- app_comm_cons. simpl. rewrite IHl1.
destruct (replay lvl l2 st); reflexivity.
Qed.
End MoverOracleProperties.