Commit c9c9b1e1 authored by Glen Mével's avatar Glen Mével
Browse files

ICFP21 paper: move figure for LA triples in its own file

parent 18718a54
\begin{figure}
\begin{mathpar}
%
\infer[\rulenamelahoare]{% using the rule names from \cite{iris-15}
\lahoare <x> {P} {e} {Q}
}{%
\Forall x. \hoare {P} {e} {Q}
}
\and
\infer[\rulenamelainv]{%
\lahoare <x> {\later I \isep P} {e} {\later I \isep Q}
}{%
\knowInv{}{I} \vdash \lahoare <x> {P} {e} {Q}
}
%
\end{mathpar}
\Description{Selected rules for logically atomic triples.}
\caption{Selected rules for logically atomic triples}
\label{fig:hlog:latriples}
\end{figure}
...@@ -723,6 +723,12 @@ ...@@ -723,6 +723,12 @@
\newcommand{\cassuccesssc}{\RULE{\namecassuccesssc}} \newcommand{\cassuccesssc}{\RULE{\namecassuccesssc}}
\newcommand{\casfailuresc}{\RULE{\namecasfailuresc}} \newcommand{\casfailuresc}{\RULE{\namecasfailuresc}}
\newcommand{\rulenamelahoare}{LAHoare} % rule names from \cite{iris-15}
\newcommand{\rulenamelainv}{LAInv}% rule names from \cite{iris-15}
\newcommand{\rulelahoare}{\RULE{\rulenamelahoare}}
\newcommand{\rulelainv}{\RULE{\rulenamelainv}}
% Suffix for the names of the derived rules. % Suffix for the names of the derived rules.
\newcommand{\SC}{SC} \newcommand{\SC}{SC}
......
...@@ -444,7 +444,7 @@ When desired, this atomic update gives access to the precondition~$P$ for some v ...@@ -444,7 +444,7 @@ When desired, this atomic update gives access to the precondition~$P$ for some v
Crucially, the \emph{masks} $\emptyset$ and $\top$ annotating the \emph{fancy updates} $\pvs[\top][\emptyset]$ and $\pvs[\emptyset][\top]$ require that the atomic update be used during one atomic step only, as required. Crucially, the \emph{masks} $\emptyset$ and $\top$ annotating the \emph{fancy updates} $\pvs[\top][\emptyset]$ and $\pvs[\emptyset][\top]$ require that the atomic update be used during one atomic step only, as required.
Using the invariant rules of Iris~\cite{iris}, it is easy to show that atomic updates can be used to open and close invariants. Using the invariant rules of Iris~\cite{iris}, it is easy to show that atomic updates can be used to open and close invariants.
The rule \RULE{LAInv} follows as a corollary, and \RULE{LAHoare} is immediate. Rule~\rulelainv follows as a corollary, rule~\rulelahoare is immediate.
\subsection{Proof of \tryenqueue} \subsection{Proof of \tryenqueue}
......
...@@ -59,41 +59,22 @@ Yet these operations are ``atomic'' in some empirical sense. ...@@ -59,41 +59,22 @@ Yet these operations are ``atomic'' in some empirical sense.
The concept of logical atomicity~\cite[\S7]{jacobs2011expressive,jung-slides-2019,iris-15} aims at addressing that difficulty. The concept of logical atomicity~\cite[\S7]{jacobs2011expressive,jung-slides-2019,iris-15} aims at addressing that difficulty.
To use it, we substitute ordinary Hoare triples with \emph{logically atomic triples}. To use it, we substitute ordinary Hoare triples with \emph{logically atomic triples}.
Two important reasoning rules for logically atomic triples are given in \fref{fig:latriples}.% Two important reasoning rules for logically atomic triples are given in \fref{fig:hlog:latriples}.%
\footnote{% \footnote{%
Following Iris notations, $\knowInv{}{I}$ is an invariant whose content is the assertion~$I$, and $\later$ is a step-indexing modality, a technicality of Iris that we can ignore in this paper. Following Iris notations, $\knowInv{}{I}$ is an invariant whose content is the assertion~$I$, and $\later$ is a step-indexing modality, a technicality of Iris that we can ignore in this paper.
} }
A logically atomic triple is denoted with angle brackets~$\anglebracket{\ldots}$. A logically atomic triple is denoted with angle brackets~$\anglebracket{\ldots}$.
Just like an ordinary triple, it specifies a program fragment with a precondition and a postcondition. Just like an ordinary triple, it specifies a program fragment with a precondition and a postcondition.
In fact, as witnessed by rule \RULE{LAHoare}, one can deduce an ordinary Hoare triple from a logically atomic triple. In fact, as witnessed by rule \rulelahoare, one can deduce an ordinary Hoare triple from a logically atomic triple.
The core difference is that, thanks to rule \RULE{LAInv}, invariants can be opened around a logically atomic triple, regardless of the number of execution steps of the program fragment: in a sense, when a function is specified using a logically atomic triple, one states that said function behaves as if it were atomic. The core difference is that, thanks to rule \rulelainv, invariants can be opened around a logically atomic triple, regardless of the number of execution steps of the program fragment: in a sense, when a function is specified using a logically atomic triple, one states that said function behaves as if it were atomic.
% %
The definition of logically atomic triples is further discussed in~\sref{sec:queue:proof:la} The definition of logically atomic triples is further discussed in~\sref{sec:queue:proof:la}
and given with detail in previous work~\cite[\S7]{jung-slides-2019,iris-15}. and given with detail in previous work~\cite[\S7]{jung-slides-2019,iris-15}.
We now try to give an intuition of that concept: We now try to give an intuition of that concept:
a logically atomic triple $\lahoare{P}{e}{Q}$ states, roughly, that the expression $e$ contains an atomic instruction, called the \emph{commit point}, which has $P$ as a precondition and $Q$ as a postcondition. a logically atomic triple $\lahoare{P}{e}{Q}$ states, roughly, that the expression~$e$ contains an atomic instruction, called the \emph{commit point}, which has $P$ as a precondition and $Q$ as a postcondition.
Because it is atomic, invariants can be opened around that commit point. Because it is atomic, invariants can be opened around that commit point.
%
\begin{figure} \input{figure-hlog-latriples}
\begin{mathpar}
%
\infer[LAHoare]{% using the rule names from \cite{iris-15}
\lahoare <x> {P} {e} {Q}
}{%
\Forall x. \hoare {P} {e} {Q}
}
\and
\infer[LAInv]{% using the rule names from \cite{iris-15}
\lahoare <x> {\later I \isep P} {e} {\later I \isep Q}
}{%
\knowInv{}{I} \vdash \lahoare <x> {P} {e} {Q}
}
%
\end{mathpar}
\Description{Selected rules for logically atomic triples.}
\caption{Selected rules for logically atomic triples}
\label{fig:latriples}
\end{figure}
Using logically atomic triples, the specification can be written as shown Using logically atomic triples, the specification can be written as shown
in~\fref{fig:queue:spec:sc}. in~\fref{fig:queue:spec:sc}.
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment