Commit a5611628 authored by Robbert Krebbers's avatar Robbert Krebbers

Same for F_mu_ref.

parent 9ecad48f
......@@ -4,8 +4,9 @@ From iris_logrel.F_mu_ref Require Import rules.
From iris.algebra Require Export upred_big_op.
Section typed_interp.
Context {Σ : gFunctors} `{i : heapG Σ} {L : namespace}.
Implicit Types P Q R : iPropG lang Σ.
Context `{heapG Σ} (L : namespace).
Notation D := (valC -n> iPropG lang Σ).
Implicit Types Δ : listC D.
Local Tactic Notation "smart_wp_bind" uconstr(ctx) ident(v) constr(Hv) uconstr(Hp) :=
iApply (@wp_bind _ _ _ [ctx]);
......@@ -14,8 +15,7 @@ Section typed_interp.
Local Ltac value_case := iApply wp_value; [cbn; rewrite ?to_of_val; trivial|].
Lemma typed_interp N (Δ : varC -n> valC -n> iPropG lang Σ) Γ vs e τ
(HNLdisj : N L) (HΔ : x v, PersistentP (Δ x v)) :
Lemma typed_interp N Δ Γ vs e τ (HΔ : ctx_PersistentP Δ) (HNLdisj : N L) :
Γ ⊢ₜ e : τ
length Γ = length vs
heap_ctx N [] zip_with (λ τ, interp L τ Δ) Γ vs
......@@ -70,36 +70,30 @@ Section typed_interp.
smart_wp_bind (AppRCtx v) w "#Hw" IHHtyped2.
iApply wp_mono; [|iApply "Hv"]; auto.
- (* TLam *)
value_case. iIntros {τi} "! %".
iApply wp_TLam; iNext. simpl.
iApply (IHHtyped (extend_context_interp_fun1 τi Δ)); [rewrite map_length|]; trivial.
rewrite -zip_with_context_interp_subst. auto.
value_case.
iAlways; iIntros { τi } "%". iApply wp_TLam; iNext. simpl in *.
iApply (IHHtyped (τi :: Δ)). by rewrite fmap_length. iFrame "Hheap".
rewrite zip_with_fmap_l. by iApply context_interp_ren_S.
- (* TApp *)
smart_wp_bind TAppCtx v "#Hv" IHHtyped; cbn.
iApply wp_wand_r; iSplitL; [iApply ("Hv" $! (interp L τ' Δ)); iPureIntro; apply _|]; cbn.
iIntros {w} "?"; rewrite interp_subst; trivial.
iApply wp_wand_r; iSplitL; [iApply ("Hv" $! (interp L τ' Δ)); iPureIntro; apply _|].
iIntros {w} "?". by rewrite interp_subst.
- (* Fold *)
rewrite map_length in IHHtyped.
iApply (@wp_bind _ _ _ [FoldCtx]).
iApply wp_wand_l.
iSplitL; [|iApply (IHHtyped (extend_context_interp ((interp L (TRec τ)) Δ) Δ));
trivial].
+ iIntros {v} "#Hv".
value_case.
rewrite fixpoint_unfold; cbn.
iAlways; eauto.
+ rewrite zip_with_context_interp_subst; auto.
iApply wp_wand_l.
iSplitL; [|iApply (IHHtyped (interp L (TRec τ) Δ :: Δ)); trivial].
+ iIntros {v} "#Hv". value_case.
rewrite fixpoint_unfold /=. iAlways; eauto 10.
+ iFrame "Hheap". rewrite zip_with_fmap_l. by iApply context_interp_ren_S.
- (* Unfold *)
iApply (@wp_bind _ _ _ [UnfoldCtx]);
iApply wp_wand_l; iSplitL; [|iApply IHHtyped; auto].
iIntros {v}.
cbn [interp interp_rec cofe_mor_car].
rewrite fixpoint_unfold.
iIntros "#Hv"; cbn.
change (fixpoint _) with (interp L (TRec τ) Δ).
iDestruct "Hv" as {w} "[% #Hw]"; subst.
iIntros {v} "#Hv". rewrite /= fixpoint_unfold.
change (fixpoint _) with (interp L (TRec τ) Δ); simpl.
iDestruct "Hv" as {w} "#[% Hw]"; subst.
iApply wp_Fold; cbn; auto using to_of_val.
rewrite -interp_subst; auto.
iNext; iPvsIntro. by rewrite -interp_subst.
- (* Alloc *)
smart_wp_bind AllocCtx v "#Hv" IHHtyped; cbn. iClear "HΓ".
iApply wp_atomic; cbn; trivial; [rewrite to_of_val; auto|].
......
This diff is collapsed.
......@@ -2,49 +2,29 @@ From iris_logrel.F_mu_ref Require Export fundamental.
From iris.proofmode Require Import tactics pviewshifts.
From iris.program_logic Require Import ownership adequacy.
Section Soundness.
Section soundness.
Definition Σ := #[ auth.authGF heapUR ].
Lemma empty_env_subst e : e.[env_subst []] = e.
Proof. change (env_subst []) with (@ids expr _). by asimpl. Qed.
Definition free_type_context: varC -n> valC -n> iPropG lang Σ :=
λne x y, True%I.
Lemma wp_soundness e τ :
Lemma wp_soundness e τ σ :
[] ⊢ₜ e : τ
ownP WP e {{ v, H : heapG Σ,
interp (nroot .@ "Fμ,ref" .@ 1) τ free_type_context v}}.
ownP σ WP e {{ v, H : heapG Σ, interp (nroot .@ 1) τ [] v}}.
Proof.
iIntros {H1} "Hemp".
iPvs (heap_alloc (nroot .@ "Fμ,ref" .@ 2) with "Hemp")
iPvs (heap_alloc (nroot .@ 2) with "Hemp")
as {H} "[Hheap Hemp]"; first solve_ndisj.
iApply wp_wand_l. iSplitR.
{ iIntros {v} "HΦ". iExists H. iExact "HΦ". }
rewrite -(empty_env_subst e).
iApply (@typed_interp _ _ (nroot .@ "Fμ,ref" .@ 1)
(nroot .@ "Fμ,ref" .@ 2) _ _ []); eauto.
iApply (@typed_interp _ _ (nroot .@ 1) (nroot .@ 2)); eauto.
solve_ndisj.
Qed.
Local Arguments of_heap : simpl never.
Theorem Soundness e τ :
[] ⊢ₜ e : τ
e' thp h, rtc step ([e], (of_heap )) (e' :: thp, h)
¬ reducible e' h is_Some (to_val e').
Theorem soundness e τ e' thp σ σ' :
[] ⊢ₜ e : τ rtc step ([e], σ) (e' :: thp, σ')
is_Some (to_val e') reducible e' σ'.
Proof.
intros H1 e' thp h Hstp Hnr.
eapply wp_soundness in H1; eauto.
edestruct (@wp_adequacy_reducible lang (globalF Σ)
(λ v, ( H : heapG Σ,
@interp Σ H (nroot .@ "Fμ,ref" .@ 1)
τ free_type_context v)%I)
e e' (e' :: thp) h)
as [Ha|Ha]; eauto; try tauto.
- done.
- iIntros "[Hp Hg]". by iApply H1.
- by rewrite of_empty_heap in Hstp.
intros ??. eapply wp_adequacy_reducible; eauto using ucmra_unit_valid.
- iIntros "[??]". by iApply wp_soundness.
- constructor.
Qed.
End Soundness.
End soundness.
......@@ -33,28 +33,25 @@ Inductive typed (Γ : list type) : expr → type → Prop :=
| App_typed e1 e2 τ1 τ2 :
Γ ⊢ₜ e1 : TArrow τ1 τ2 Γ ⊢ₜ e2 : τ1 Γ ⊢ₜ App e1 e2 : τ2
| TLam_typed e τ :
map (λ t : type, t.[ren (+1)]) Γ ⊢ₜ e : τ Γ ⊢ₜ TLam e : TForall τ
subst (ren (+1)) <$> Γ ⊢ₜ e : τ Γ ⊢ₜ TLam e : TForall τ
| TApp_typed e τ τ' : Γ ⊢ₜ e : TForall τ Γ ⊢ₜ TApp e : τ.[τ'/]
| TFold e τ : map (λ t, t.[ren (+1)]) Γ ⊢ₜ e : τ Γ ⊢ₜ Fold e : TRec τ
| TFold e τ : subst (ren (+1)) <$> Γ ⊢ₜ e : τ Γ ⊢ₜ Fold e : TRec τ
| TUnfold e τ : Γ ⊢ₜ e : TRec τ Γ ⊢ₜ Unfold e : τ.[TRec τ/]
| TAlloc e τ : Γ ⊢ₜ e : τ Γ ⊢ₜ Alloc e : Tref τ
| TLoad e τ : Γ ⊢ₜ e : Tref τ Γ ⊢ₜ Load e : τ
| TStore e e' τ : Γ ⊢ₜ e : Tref τ Γ ⊢ₜ e' : τ Γ ⊢ₜ Store e e' : TUnit
where "Γ ⊢ₜ e : τ" := (typed Γ e τ).
Local Hint Extern 1 =>
match goal with
| H : context [length (map _ _)] |- _ => rewrite map_length in H
end : typed_subst_invariant.
Lemma typed_subst_invariant Γ e τ s1 s2 :
Γ ⊢ₜ e : τ ( x, x < length Γ s1 x = s2 x) e.[s1] = e.[s2].
Proof.
intros Htyped; revert s1 s2.
assert ( {A} `{Ids A} `{Rename A}
(s1 s2 : nat A) x, (x 0 s1 (pred x) = s2 (pred x)) up s1 x = up s2 x).
assert ( x Γ, x < length (subst (ren (+1)) <$> Γ) x < length Γ).
{ intros ??. by rewrite fmap_length. }
assert ( {A} `{Ids A} `{Rename A} (s1 s2 : nat A) x,
(x 0 s1 (pred x) = s2 (pred x)) up s1 x = up s2 x).
{ intros A H1 H2. rewrite /up=> s1 s2 [|x] //=; auto with f_equal omega. }
induction Htyped => s1 s2 Hs; f_equal/=; eauto using lookup_lt_Some with omega typed_subst_invariant.
induction Htyped => s1 s2 Hs; f_equal/=; eauto using lookup_lt_Some with omega.
Qed.
Definition env_subst (vs : list val) (x : var) : expr :=
......@@ -64,27 +61,11 @@ Lemma typed_subst_head_simpl Δ τ e w ws :
Δ ⊢ₜ e : τ length Δ = S (length ws)
e.[# w .: env_subst ws] = e.[env_subst (w :: ws)].
Proof.
intros H1 H2.
rewrite /env_subst. eapply typed_subst_invariant; eauto=> /= -[|x] ? //=.
destruct (lookup_lt_is_Some_2 ws x) as [v' Hv]; first omega; simpl.
by rewrite Hv.
intros H1 H2. rewrite /env_subst.
eapply typed_subst_invariant; eauto=> /= -[|x] ? //=.
destruct (lookup_lt_is_Some_2 ws x) as [v' ?]; first omega.
by simplify_option_eq.
Qed.
Local Opaque eq_nat_dec.
Lemma iter_up_subst_type (m : nat) (τ : type) (x : var) :
iter m up (τ .: ids) x =
if lt_dec x m then ids x else
if eq_nat_dec x m then τ.[ren (+m)] else ids (x - 1).
Proof.
revert x τ.
induction m; intros x τ; cbn.
- destruct x; cbn.
+ destruct eq_nat_dec; auto with omega.
asimpl; trivial.
+ destruct eq_nat_dec; auto with omega.
- destruct x; asimpl; trivial.
rewrite IHm.
repeat destruct lt_dec; repeat destruct eq_nat_dec;
asimpl; auto with omega.
Qed.
Lemma empty_env_subst e : e.[env_subst []] = e.
Proof. change (env_subst []) with (@ids expr _). by asimpl. Qed.
From iris.algebra Require Export base.
From iris.algebra Require Import upred.
From iris.program_logic Require Import weakestpre.
From iris.program_logic Require Import weakestpre invariants.
From Autosubst Require Export Autosubst.
Import uPred.
......@@ -35,6 +35,8 @@ Ltac properness :=
| |- (WP _ {{ _ }})%I (WP _ {{ _ }})%I => apply wp_proper =>?
| |- ( _)%I ( _)%I => apply later_proper
| |- ( _)%I ( _)%I => apply always_proper
| |- (_ _)%I (_ _)%I => apply sep_proper
| |- (inv _ _)%I (inv _ _)%I => apply (contractive_proper _)
end.
Ltac solve_proper_alt :=
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment