Commit c5e25a27 authored by Ralf Jung's avatar Ralf Jung

Merge branch 'master' into swasey/progress2

parents c056a95c adc0a095
...@@ -3,6 +3,7 @@ image: ralfjung/opam-ci:latest ...@@ -3,6 +3,7 @@ image: ralfjung/opam-ci:latest
stages: stages:
- build - build
- deploy - deploy
- build_more
variables: variables:
CPU_CORES: "9" CPU_CORES: "9"
...@@ -19,7 +20,6 @@ variables: ...@@ -19,7 +20,6 @@ variables:
- 'time make -k -j$CPU_CORES TIMED=y 2>&1 | tee build-log.txt' - 'time make -k -j$CPU_CORES TIMED=y 2>&1 | tee build-log.txt'
- 'if fgrep Axiom build-log.txt >/dev/null; then exit 1; fi' - 'if fgrep Axiom build-log.txt >/dev/null; then exit 1; fi'
- 'cat build-log.txt | egrep "[a-zA-Z0-9_/-]+ \((real|user): [0-9]" | tee build-time.txt' - 'cat build-log.txt | egrep "[a-zA-Z0-9_/-]+ \((real|user): [0-9]" | tee build-time.txt'
- 'if test -n "$VALIDATE" && (( RANDOM % 10 == 0 )); then make validate; fi'
cache: cache:
key: "$CI_JOB_NAME" key: "$CI_JOB_NAME"
paths: paths:
...@@ -52,6 +52,7 @@ reverse-deps: ...@@ -52,6 +52,7 @@ reverse-deps:
build-coq.8.7.dev: build-coq.8.7.dev:
<<: *template <<: *template
stage: build_more
variables: variables:
OPAM_PINS: "coq version 8.7.dev coq-mathcomp-ssreflect version dev" OPAM_PINS: "coq version 8.7.dev coq-mathcomp-ssreflect version dev"
except: except:
...@@ -68,7 +69,6 @@ build-coq.8.6.1: ...@@ -68,7 +69,6 @@ build-coq.8.6.1:
<<: *template <<: *template
variables: variables:
OPAM_PINS: "coq version 8.6.1 coq-mathcomp-ssreflect version 1.6.4" OPAM_PINS: "coq version 8.6.1 coq-mathcomp-ssreflect version 1.6.4"
VALIDATE: "1"
artifacts: artifacts:
paths: paths:
- build-time.txt - build-time.txt
......
...@@ -7,7 +7,7 @@ Coq development, but not every API-breaking change is listed. Changes marked ...@@ -7,7 +7,7 @@ Coq development, but not every API-breaking change is listed. Changes marked
Changes in and extensions of the theory: Changes in and extensions of the theory:
* [#] Add new modality: ■ ("plainly"). * Add new modality: ■ ("plainly").
* Camera morphisms have to be homomorphisms, not just monotone functions. * Camera morphisms have to be homomorphisms, not just monotone functions.
* Add a proof that `f` has a fixed point if `f^k` is contractive. * Add a proof that `f` has a fixed point if `f^k` is contractive.
* Constructions for least and greatest fixed points over monotone predicates * Constructions for least and greatest fixed points over monotone predicates
......
...@@ -14,7 +14,7 @@ theories/algebra/dra.v ...@@ -14,7 +14,7 @@ theories/algebra/dra.v
theories/algebra/cofe_solver.v theories/algebra/cofe_solver.v
theories/algebra/agree.v theories/algebra/agree.v
theories/algebra/excl.v theories/algebra/excl.v
theories/algebra/iprod.v theories/algebra/functions.v
theories/algebra/frac.v theories/algebra/frac.v
theories/algebra/csum.v theories/algebra/csum.v
theories/algebra/list.v theories/algebra/list.v
......
...@@ -37,7 +37,8 @@ Elements that cannot be distinguished by programs within $n$ steps remain indist ...@@ -37,7 +37,8 @@ Elements that cannot be distinguished by programs within $n$ steps remain indist
The category $\OFEs$ consists of OFEs as objects, and non-expansive functions as arrows. The category $\OFEs$ consists of OFEs as objects, and non-expansive functions as arrows.
\end{defn} \end{defn}
Note that $\OFEs$ is cartesian closed. In particular: Note that $\OFEs$ is bicartesian closed, \ie it has all sums, products and exponentials as well as an initial and a terminal object.
In particular:
\begin{defn} \begin{defn}
Given two OFEs $\ofe$ and $\ofeB$, the set of non-expansive functions $\set{f : \ofe \nfn \ofeB}$ is itself an OFE with Given two OFEs $\ofe$ and $\ofeB$, the set of non-expansive functions $\set{f : \ofe \nfn \ofeB}$ is itself an OFE with
\begin{align*} \begin{align*}
......
...@@ -32,18 +32,25 @@ Below, $\melt$ ranges over $\monoid$ and $i$ ranges over $\set{1,2}$. ...@@ -32,18 +32,25 @@ Below, $\melt$ ranges over $\monoid$ and $i$ ranges over $\set{1,2}$.
\begin{align*} \begin{align*}
\type \bnfdef{}& \type \bnfdef{}&
\sigtype \mid \sigtype \mid
0 \mid
1 \mid 1 \mid
\type + \type \mid
\type \times \type \mid \type \times \type \mid
\type \to \type \type \to \type
\\[0.4em] \\[0.4em]
\term, \prop, \pred \bnfdef{}& \term, \prop, \pred \bnfdef{}&
\var \mid \var \mid
\sigfn(\term_1, \dots, \term_n) \mid \sigfn(\term_1, \dots, \term_n) \mid
\textlog{abort}\; \term \mid
() \mid () \mid
(\term, \term) \mid (\term, \term) \mid
\pi_i\; \term \mid \pi_i\; \term \mid
\Lam \var:\type.\term \mid \Lam \var:\type.\term \mid
\term(\term) \mid \term(\term) \mid
\\&
\textlog{inj}_i\; \term \mid
\textlog{match}\; \term \;\textlog{with}\; \Ret\textlog{inj}_1\; \var. \term \mid \Ret\textlog{inj}_2\; \var. \term \;\textlog{end} \mid
%
\melt \mid \melt \mid
\mcore\term \mid \mcore\term \mid
\term \mtimes \term \mid \term \mtimes \term \mid
...@@ -63,12 +70,16 @@ Below, $\melt$ ranges over $\monoid$ and $i$ ranges over $\set{1,2}$. ...@@ -63,12 +70,16 @@ Below, $\melt$ ranges over $\monoid$ and $i$ ranges over $\set{1,2}$.
%\\& %\\&
\ownM{\term} \mid \mval(\term) \mid \ownM{\term} \mid \mval(\term) \mid
\always\prop \mid \always\prop \mid
\plainly\prop \mid
{\later\prop} \mid {\later\prop} \mid
\upd \prop \upd \prop
\end{align*} \end{align*}
Recursive predicates must be \emph{guarded}: in $\MU \var. \term$, the variable $\var$ can only appear under the later $\later$ modality. Well-typedness forces recursive definitions to be \emph{guarded}:
In $\MU \var. \term$, the variable $\var$ can only appear under the later $\later$ modality.
Furthermore, the type of the definition must be \emph{complete}.
The type $\Prop$ is complete, and if $\type$ is complete, then so is $\type' \to \type$.
Note that the modalities $\upd$, $\always$ and $\later$ bind more tightly than $*$, $\wand$, $\land$, $\lor$, and $\Ra$. Note that the modalities $\upd$, $\always$, $\plainly$ and $\later$ bind more tightly than $*$, $\wand$, $\land$, $\lor$, and $\Ra$.
\paragraph{Variable conventions.} \paragraph{Variable conventions.}
...@@ -105,7 +116,10 @@ In writing $\vctx, x:\type$, we presuppose that $x$ is not already declared in $ ...@@ -105,7 +116,10 @@ In writing $\vctx, x:\type$, we presuppose that $x$ is not already declared in $
}{ }{
\vctx \proves \wtt {\sigfn(\term_1, \dots, \term_n)} {\type_{n+1}} \vctx \proves \wtt {\sigfn(\term_1, \dots, \term_n)} {\type_{n+1}}
} }
%%% products %%% empty, unit, products, sums
\and
\infer{\vctx \proves \wtt\term{0}}
{\vctx \proves \wtt{\textlog{abort}\; \term}\type}
\and \and
\axiom{\vctx \proves \wtt{()}{1}} \axiom{\vctx \proves \wtt{()}{1}}
\and \and
...@@ -114,6 +128,14 @@ In writing $\vctx, x:\type$, we presuppose that $x$ is not already declared in $ ...@@ -114,6 +128,14 @@ In writing $\vctx, x:\type$, we presuppose that $x$ is not already declared in $
\and \and
\infer{\vctx \proves \wtt{\term}{\type_1 \times \type_2} \and i \in \{1, 2\}} \infer{\vctx \proves \wtt{\term}{\type_1 \times \type_2} \and i \in \{1, 2\}}
{\vctx \proves \wtt{\pi_i\,\term}{\type_i}} {\vctx \proves \wtt{\pi_i\,\term}{\type_i}}
\and
\infer{\vctx \proves \wtt\term{\type_i} \and i \in \{1, 2\}}
{\vctx \proves \wtt{\textlog{inj}_i\;\term}{\type_1 + \type_2}}
\and
\infer{\vctx \proves \wtt\term{\type_1 + \type_2} \and
\vctx, \var:\type_1 \proves \wtt{\term_1}\type \and
\vctx, \varB:\type_2 \proves \wtt{\term_2}\type}
{\vctx \proves \wtt{\textlog{match}\; \term \;\textlog{with}\; \Ret\textlog{inj}_1\; \var. \term_1 \mid \Ret\textlog{inj}_2\; \varB. \term_2 \;\textlog{end}}{\type}}
%%% functions %%% functions
\and \and
\infer{\vctx, x:\type \proves \wtt{\term}{\type'}} \infer{\vctx, x:\type \proves \wtt{\term}{\type'}}
...@@ -124,7 +146,7 @@ In writing $\vctx, x:\type$, we presuppose that $x$ is not already declared in $ ...@@ -124,7 +146,7 @@ In writing $\vctx, x:\type$, we presuppose that $x$ is not already declared in $
{\vctx \proves \wtt{\term(\termB)}{\type'}} {\vctx \proves \wtt{\term(\termB)}{\type'}}
%%% monoids %%% monoids
\and \and
\infer{}{\vctx \proves \wtt\munit{\textlog{M}}} \infer{}{\vctx \proves \wtt\melt{\textlog{M}}}
\and \and
\infer{\vctx \proves \wtt\melt{\textlog{M}}}{\vctx \proves \wtt{\mcore\melt}{\textlog{M}}} \infer{\vctx \proves \wtt\melt{\textlog{M}}}{\vctx \proves \wtt{\mcore\melt}{\textlog{M}}}
\and \and
...@@ -156,7 +178,8 @@ In writing $\vctx, x:\type$, we presuppose that $x$ is not already declared in $ ...@@ -156,7 +178,8 @@ In writing $\vctx, x:\type$, we presuppose that $x$ is not already declared in $
\and \and
\infer{ \infer{
\vctx, \var:\type \proves \wtt{\term}{\type} \and \vctx, \var:\type \proves \wtt{\term}{\type} \and
\text{$\var$ is guarded in $\term$} \text{$\var$ is guarded in $\term$} \and
\text{$\type$ is complete}
}{ }{
\vctx \proves \wtt{\MU \var:\type. \term}{\type} \vctx \proves \wtt{\MU \var:\type. \term}{\type}
} }
...@@ -175,6 +198,9 @@ In writing $\vctx, x:\type$, we presuppose that $x$ is not already declared in $ ...@@ -175,6 +198,9 @@ In writing $\vctx, x:\type$, we presuppose that $x$ is not already declared in $
\and \and
\infer{\vctx \proves \wtt{\prop}{\Prop}} \infer{\vctx \proves \wtt{\prop}{\Prop}}
{\vctx \proves \wtt{\always\prop}{\Prop}} {\vctx \proves \wtt{\always\prop}{\Prop}}
\and
\infer{\vctx \proves \wtt{\prop}{\Prop}}
{\vctx \proves \wtt{\plainly\prop}{\Prop}}
\and \and
\infer{\vctx \proves \wtt{\prop}{\Prop}} \infer{\vctx \proves \wtt{\prop}{\Prop}}
{\vctx \proves \wtt{\later\prop}{\Prop}} {\vctx \proves \wtt{\later\prop}{\Prop}}
...@@ -282,7 +308,7 @@ This is entirely standard. ...@@ -282,7 +308,7 @@ This is entirely standard.
% {} % {}
% {\pfctx \proves \mu\var: \type. \prop =_{\type} \prop[\mu\var: \type. \prop/\var]} % {\pfctx \proves \mu\var: \type. \prop =_{\type} \prop[\mu\var: \type. \prop/\var]}
\end{mathparpagebreakable} \end{mathparpagebreakable}
Furthermore, we have the usual $\eta$ and $\beta$ laws for projections, $\lambda$ and $\mu$. Furthermore, we have the usual $\eta$ and $\beta$ laws for projections, $\textlog{abort}$, sum elimination, $\lambda$ and $\mu$.
\paragraph{Laws of (affine) bunched implications.} \paragraph{Laws of (affine) bunched implications.}
...@@ -303,7 +329,30 @@ Furthermore, we have the usual $\eta$ and $\beta$ laws for projections, $\lambda ...@@ -303,7 +329,30 @@ Furthermore, we have the usual $\eta$ and $\beta$ laws for projections, $\lambda
{\prop \proves \propB \wand \propC} {\prop \proves \propB \wand \propC}
\end{mathpar} \end{mathpar}
\paragraph{Laws for the always modality.} \paragraph{Laws for the plainness modality.}
\begin{mathpar}
\infer[$\plainly$-mono]
{\prop \proves \propB}
{\plainly{\prop} \proves \plainly{\propB}}
\and
\infer[$\plainly$-E]{}
{\plainly\prop \proves \always\prop}
\and
\begin{array}[c]{rMcMl}
(\plainly P \Ra \plainly Q) &\proves& \plainly (\plainly P \Ra Q) \\
\plainly ( ( P \Ra Q) \land (Q \Ra P ) ) &\proves& P =_{\Prop} Q
\end{array}
\and
\begin{array}[c]{rMcMl}
\plainly{\prop} &\proves& \plainly\plainly\prop \\
\All x. \plainly{\prop} &\proves& \plainly{\All x. \prop} \\
\plainly{\Exists x. \prop} &\proves& \Exists x. \plainly{\prop}
\end{array}
%\and
%\infer[PropExt]{}{\plainly ( ( P \Ra Q) \land (Q \Ra P ) ) \proves P =_{\Prop} Q}
\end{mathpar}
\paragraph{Laws for the persistence modality.}
\begin{mathpar} \begin{mathpar}
\infer[$\always$-mono] \infer[$\always$-mono]
{\prop \proves \propB} {\prop \proves \propB}
...@@ -313,8 +362,7 @@ Furthermore, we have the usual $\eta$ and $\beta$ laws for projections, $\lambda ...@@ -313,8 +362,7 @@ Furthermore, we have the usual $\eta$ and $\beta$ laws for projections, $\lambda
{\always\prop \proves \prop} {\always\prop \proves \prop}
\and \and
\begin{array}[c]{rMcMl} \begin{array}[c]{rMcMl}
\TRUE &\proves& \always{\TRUE} \\ (\plainly P \Ra \always Q) &\proves& \always (\plainly P \Ra Q) \\
\always{(\prop \land \propB)} &\proves& \always{(\prop * \propB)} \\
\always{\prop} \land \propB &\proves& \always{\prop} * \propB \always{\prop} \land \propB &\proves& \always{\prop} * \propB
\end{array} \end{array}
\and \and
...@@ -332,7 +380,7 @@ Furthermore, we have the usual $\eta$ and $\beta$ laws for projections, $\lambda ...@@ -332,7 +380,7 @@ Furthermore, we have the usual $\eta$ and $\beta$ laws for projections, $\lambda
{\prop \proves \propB} {\prop \proves \propB}
{\later\prop \proves \later{\propB}} {\later\prop \proves \later{\propB}}
\and \and
\infer[L{\"o}b] \inferhref{L{\"o}b}{Loeb}
{} {}
{(\later\prop\Ra\prop) \proves \prop} {(\later\prop\Ra\prop) \proves \prop}
\and \and
...@@ -344,7 +392,8 @@ Furthermore, we have the usual $\eta$ and $\beta$ laws for projections, $\lambda ...@@ -344,7 +392,8 @@ Furthermore, we have the usual $\eta$ and $\beta$ laws for projections, $\lambda
\and \and
\begin{array}[c]{rMcMl} \begin{array}[c]{rMcMl}
\later{(\prop * \propB)} &\provesIff& \later\prop * \later\propB \\ \later{(\prop * \propB)} &\provesIff& \later\prop * \later\propB \\
\always{\later\prop} &\provesIff& \later\always{\prop} \always{\later\prop} &\provesIff& \later\always{\prop} \\
\plainly{\later\prop} &\provesIff& \later\plainly{\prop}
\end{array} \end{array}
\end{mathpar} \end{mathpar}
...@@ -393,6 +442,10 @@ Furthermore, we have the usual $\eta$ and $\beta$ laws for projections, $\lambda ...@@ -393,6 +442,10 @@ Furthermore, we have the usual $\eta$ and $\beta$ laws for projections, $\lambda
\inferH{upd-update} \inferH{upd-update}
{\melt \mupd \meltsB} {\melt \mupd \meltsB}
{\ownM\melt \proves \upd \Exists\meltB\in\meltsB. \ownM\meltB} {\ownM\melt \proves \upd \Exists\meltB\in\meltsB. \ownM\meltB}
\inferH{upd-plainly}
{}
{\upd\plainly\prop \proves \prop}
\end{mathpar} \end{mathpar}
The premise in \ruleref{upd-update} is a \emph{meta-level} side-condition that has to be proven about $a$ and $B$. The premise in \ruleref{upd-update} is a \emph{meta-level} side-condition that has to be proven about $a$ and $B$.
%\ralf{Trouble is, we don't actually have $\in$ inside the logic...} %\ralf{Trouble is, we don't actually have $\in$ inside the logic...}
...@@ -401,13 +454,14 @@ The premise in \ruleref{upd-update} is a \emph{meta-level} side-condition that h ...@@ -401,13 +454,14 @@ The premise in \ruleref{upd-update} is a \emph{meta-level} side-condition that h
The consistency statement of the logic reads as follows: For any $n$, we have The consistency statement of the logic reads as follows: For any $n$, we have
\begin{align*} \begin{align*}
\lnot(\TRUE \proves (\upd\later)^n\spac\FALSE) \lnot(\TRUE \proves (\later)^n\spac\FALSE)
\end{align*} \end{align*}
where $(\upd\later)^n$ is short for $\upd\later$ being nested $n$ times. where $(\later)^n$ is short for $\later$ being nested $n$ times.
The reason we want a stronger consistency than the usual $\lnot(\TRUE \proves \FALSE)$ is our modalities: it should be impossible to derive a contradiction below the modalities. The reason we want a stronger consistency than the usual $\lnot(\TRUE \proves \FALSE)$ is our modalities: it should be impossible to derive a contradiction below the modalities.
For $\always$, this follows from the elimination rule, but the other two modalities do not have an elimination rule. For $\always$ and $\plainly$, this follows from the elimination rules.
Hence we declare that it is impossible to derive a contradiction below any combination of these two modalities. For updates, we use the fact that $\upd\FALSE \proves \upd\plainly\FALSE \proves \FALSE$.
However, there is no elimination rule for $\later$, so we declare that it is impossible to derive a contradiction below any number of laters.
%%% Local Variables: %%% Local Variables:
......
...@@ -35,8 +35,13 @@ We collect here some important and frequently used derived proof rules. ...@@ -35,8 +35,13 @@ We collect here some important and frequently used derived proof rules.
\infer{} \infer{}
{\prop \proves \later\prop} {\prop \proves \later\prop}
\infer{}
{\TRUE \proves \plainly\TRUE}
\end{mathparpagebreakable} \end{mathparpagebreakable}
Noteworthy here is the fact that $\prop \proves \later\prop$ can be derived from Löb induction, and $\TRUE \proves \plainly\TRUE$ can be derived via $\plainly$ commuting with universal quantification ranging over the empty type $0$.
\subsection{Persistent assertions} \subsection{Persistent assertions}
We call an assertion $\prop$ \emph{persistent} if $\prop \proves \always\prop$. We call an assertion $\prop$ \emph{persistent} if $\prop \proves \always\prop$.
These are assertions that ``don't own anything'', so we can (and will) treat them like ``normal'' intuitionistic assertions. These are assertions that ``don't own anything'', so we can (and will) treat them like ``normal'' intuitionistic assertions.
......
...@@ -260,6 +260,7 @@ ...@@ -260,6 +260,7 @@
\newcommand{\later}{\mathop{{\triangleright}}} \newcommand{\later}{\mathop{{\triangleright}}}
\newcommand*{\lateropt}[1]{\mathop{{\later}^{#1}}} \newcommand*{\lateropt}[1]{\mathop{{\later}^{#1}}}
\newcommand{\always}{\mathop{\Box}} \newcommand{\always}{\mathop{\Box}}
\newcommand{\plainly}{\mathop{\blacksquare}}
%% Invariants and Ghost ownership %% Invariants and Ghost ownership
% PDS: Was 0pt inner, 2pt outer. % PDS: Was 0pt inner, 2pt outer.
......
...@@ -16,7 +16,7 @@ ...@@ -16,7 +16,7 @@
\input{setup} \input{setup}
\title{\bfseries The Iris 3.0 Documentation} \title{\bfseries The Iris 3.1 Documentation}
\author{\url{http://plv.mpi-sws.org/iris/}} \author{\url{http://plv.mpi-sws.org/iris/}}
......
...@@ -9,11 +9,13 @@ The semantic domains are interpreted as follows: ...@@ -9,11 +9,13 @@ The semantic domains are interpreted as follows:
\[ \[
\begin{array}[t]{@{}l@{\ }c@{\ }l@{}} \begin{array}[t]{@{}l@{\ }c@{\ }l@{}}
\Sem{\Prop} &\eqdef& \UPred(\monoid) \\ \Sem{\Prop} &\eqdef& \UPred(\monoid) \\
\Sem{\textlog{M}} &\eqdef& \monoid \Sem{\textlog{M}} &\eqdef& \monoid \\
\Sem{0} &\eqdef& \Delta \emptyset \\
\Sem{1} &\eqdef& \Delta \{ () \}
\end{array} \end{array}
\qquad\qquad \qquad\qquad
\begin{array}[t]{@{}l@{\ }c@{\ }l@{}} \begin{array}[t]{@{}l@{\ }c@{\ }l@{}}
\Sem{1} &\eqdef& \Delta \{ () \} \\ \Sem{\type + \type'} &\eqdef& \Sem{\type} + \Sem{\type} \\
\Sem{\type \times \type'} &\eqdef& \Sem{\type} \times \Sem{\type} \\ \Sem{\type \times \type'} &\eqdef& \Sem{\type} \times \Sem{\type} \\
\Sem{\type \to \type'} &\eqdef& \Sem{\type} \nfn \Sem{\type} \\ \Sem{\type \to \type'} &\eqdef& \Sem{\type} \nfn \Sem{\type} \\
\end{array} \end{array}
...@@ -54,10 +56,11 @@ We are thus going to define the assertions as mapping CMRA elements to sets of s ...@@ -54,10 +56,11 @@ We are thus going to define the assertions as mapping CMRA elements to sets of s
\Lam \melt. \setComp{n}{\begin{aligned} \Lam \melt. \setComp{n}{\begin{aligned}
\All m, \meltB.& m \leq n \land \melt\mtimes\meltB \in \mval_m \Ra {} \\ \All m, \meltB.& m \leq n \land \melt\mtimes\meltB \in \mval_m \Ra {} \\
& m \in \Sem{\vctx \proves \prop : \Prop}_\gamma(\meltB) \Ra {}\\& m \in \Sem{\vctx \proves \propB : \Prop}_\gamma(\melt\mtimes\meltB)\end{aligned}} \\ & m \in \Sem{\vctx \proves \prop : \Prop}_\gamma(\meltB) \Ra {}\\& m \in \Sem{\vctx \proves \propB : \Prop}_\gamma(\melt\mtimes\meltB)\end{aligned}} \\
\Sem{\vctx \proves \always{\prop} : \Prop}_\gamma &\eqdef \Lam\melt. \Sem{\vctx \proves \prop : \Prop}_\gamma(\mcore\melt) \\
\Sem{\vctx \proves \later{\prop} : \Prop}_\gamma &\eqdef \Lam\melt. \setComp{n}{n = 0 \lor n-1 \in \Sem{\vctx \proves \prop : \Prop}_\gamma(\melt)}\\
\Sem{\vctx \proves \ownM{\term} : \Prop}_\gamma &\eqdef \Lam\meltB. \setComp{n}{\Sem{\vctx \proves \term : \textlog{M}}_\gamma \mincl[n] \meltB} \\ \Sem{\vctx \proves \ownM{\term} : \Prop}_\gamma &\eqdef \Lam\meltB. \setComp{n}{\Sem{\vctx \proves \term : \textlog{M}}_\gamma \mincl[n] \meltB} \\
\Sem{\vctx \proves \mval(\term) : \Prop}_\gamma &\eqdef \Lam\any. \setComp{n}{\Sem{\vctx \proves \term : \textlog{M}}_\gamma \in \mval_n} \\ \Sem{\vctx \proves \mval(\term) : \Prop}_\gamma &\eqdef \Lam\any. \setComp{n}{\Sem{\vctx \proves \term : \textlog{M}}_\gamma \in \mval_n} \\
\Sem{\vctx \proves \always{\prop} : \Prop}_\gamma &\eqdef \Lam\melt. \Sem{\vctx \proves \prop : \Prop}_\gamma(\mcore\melt) \\
\Sem{\vctx \proves \plainly{\prop} : \Prop}_\gamma &\eqdef \Lam\melt. \Sem{\vctx \proves \prop : \Prop}_\gamma(\munit) \\
\Sem{\vctx \proves \later{\prop} : \Prop}_\gamma &\eqdef \Lam\melt. \setComp{n}{n = 0 \lor n-1 \in \Sem{\vctx \proves \prop : \Prop}_\gamma(\melt)}\\
\Sem{\vctx \proves \upd\prop : \Prop}_\gamma &\eqdef \Lam\melt. \setComp{n}{\begin{aligned} \Sem{\vctx \proves \upd\prop : \Prop}_\gamma &\eqdef \Lam\melt. \setComp{n}{\begin{aligned}
\All m, \melt'. & m \leq n \land (\melt \mtimes \melt') \in \mval_m \Ra {}\\& \Exists \meltB. (\meltB \mtimes \melt') \in \mval_m \land m \in \Sem{\vctx \proves \prop :\Prop}_\gamma(\meltB) \All m, \melt'. & m \leq n \land (\melt \mtimes \melt') \in \mval_m \Ra {}\\& \Exists \meltB. (\meltB \mtimes \melt') \in \mval_m \land m \in \Sem{\vctx \proves \prop :\Prop}_\gamma(\meltB)
\end{aligned} \end{aligned}
...@@ -79,9 +82,15 @@ For every definition, we have to show all the side-conditions: The maps have to ...@@ -79,9 +82,15 @@ For every definition, we have to show all the side-conditions: The maps have to
\Sem{\vctx \proves \MU \var:\type. \term : \type}_\gamma &\eqdef \Sem{\vctx \proves \MU \var:\type. \term : \type}_\gamma &\eqdef
\mathit{fix}(\Lam \termB : \Sem{\type}. \Sem{\vctx, x : \type \proves \term : \type}_{\mapinsert \var \termB \gamma}) \\ \mathit{fix}(\Lam \termB : \Sem{\type}. \Sem{\vctx, x : \type \proves \term : \type}_{\mapinsert \var \termB \gamma}) \\
~\\ ~\\
\Sem{\vctx \proves \textlog{abort}\;\term : \type}_\gamma &\eqdef \mathit{abort}_{\Sem\type}(\Sem{\vctx \proves \term:0}_\gamma) \\
\Sem{\vctx \proves () : 1}_\gamma &\eqdef () \\ \Sem{\vctx \proves () : 1}_\gamma &\eqdef () \\
\Sem{\vctx \proves (\term_1, \term_2) : \type_1 \times \type_2}_\gamma &\eqdef (\Sem{\vctx \proves \term_1 : \type_1}_\gamma, \Sem{\vctx \proves \term_2 : \type_2}_\gamma) \\ \Sem{\vctx \proves (\term_1, \term_2) : \type_1 \times \type_2}_\gamma &\eqdef (\Sem{\vctx \proves \term_1 : \type_1}_\gamma, \Sem{\vctx \proves \term_2 : \type_2}_\gamma) \\
\Sem{\vctx \proves \pi_i(\term) : \type_i}_\gamma &\eqdef \pi_i(\Sem{\vctx \proves \term : \type_1 \times \type_2}_\gamma) \\ \Sem{\vctx \proves \pi_i\; \term : \type_i}_\gamma &\eqdef \pi_i(\Sem{\vctx \proves \term : \type_1 \times \type_2}_\gamma) \\
\Sem{\vctx \proves \textlog{inj}_i\;\term : \type_1 + \type_2}_\gamma &\eqdef \mathit{inj}_i(\Sem{\vctx \proves \term : \type_i}_\gamma) \\
\Sem{\vctx \proves \textlog{match}\; \term \;\textlog{with}\; \Ret\textlog{inj}_1\; \var_1. \term_1 \mid \Ret\textlog{inj}_2\; \var_2. \term_2 \;\textlog{end} : \type }_\gamma &\eqdef
\Sem{\vctx, \var_i:\type_i \proves \term_i : \type}_{\mapinsert{\var_i}\termB \gamma} \\
&\qquad \text{where $\Sem{\vctx \proves \term : \type_1 + \type_2}_\gamma = \mathit{inj}_i(\termB)$}
\\
~\\ ~\\
\Sem{ \melt : \textlog{M} }_\gamma &\eqdef \melt \\ \Sem{ \melt : \textlog{M} }_\gamma &\eqdef \melt \\
\Sem{\vctx \proves \mcore\term : \textlog{M}}_\gamma &\eqdef \mcore{\Sem{\vctx \proves \term : \textlog{M}}_\gamma} \\ \Sem{\vctx \proves \mcore\term : \textlog{M}}_\gamma &\eqdef \mcore{\Sem{\vctx \proves \term : \textlog{M}}_\gamma} \\
...@@ -93,6 +102,7 @@ For every definition, we have to show all the side-conditions: The maps have to ...@@ -93,6 +102,7 @@ For every definition, we have to show all the side-conditions: The maps have to
An environment $\vctx$ is interpreted as the set of An environment $\vctx$ is interpreted as the set of
finite partial functions $\rho$, with $\dom(\rho) = \dom(\vctx)$ and finite partial functions $\rho$, with $\dom(\rho) = \dom(\vctx)$ and
$\rho(x)\in\Sem{\vctx(x)}$. $\rho(x)\in\Sem{\vctx(x)}$.
Above, $\mathit{fix}$ is the fixed-point on COFEs, and $\mathit{abort}_T$ is the unique function $\emptyset \to T$.
\paragraph{Logical entailment.} \paragraph{Logical entailment.}
We can now define \emph{semantic} logical entailment. We can now define \emph{semantic} logical entailment.
......
...@@ -10,7 +10,7 @@ build: [make "-j%{jobs}%"] ...@@ -10,7 +10,7 @@ build: [make "-j%{jobs}%"]
install: [make "install"] install: [make "install"]
remove: ["rm" "-rf" "%{lib}%/coq/user-contrib/iris"] remove: ["rm" "-rf" "%{lib}%/coq/user-contrib/iris"]
depends: [ depends: [
"coq" { >= "8.6.1" & < "8.8~" } "coq" { (>= "8.6.1" & < "8.8~") | (= "dev") }
"coq-mathcomp-ssreflect" { (>= "1.6.1" & < "1.7~") | (= "dev") } "coq-mathcomp-ssreflect" { (>= "1.6.1" & < "1.7~") | (= "dev") }
"coq-stdpp" { (= "dev.2017-11-22.1") | (= "dev") } "coq-stdpp" { (= "dev.2017-11-29.1") | (= "dev") }
] ]
...@@ -26,15 +26,17 @@ Proof. ...@@ -26,15 +26,17 @@ Proof.
Thus Ag(T) is not necessarily complete. Thus Ag(T) is not necessarily complete.
*) *)
Record agree (A : Type) : Type := Agree { Record agree (A : Type) : Type := {
agree_car : list A; agree_car : list A;
agree_not_nil : bool_decide (agree_car = []) = false agree_not_nil : bool_decide (agree_car = []) = false
}. }.
Arguments Agree {_} _ _.
Arguments agree_car {_} _. Arguments agree_car {_} _.
Arguments agree_not_nil {_} _. Arguments agree_not_nil {_} _.
Local Coercion agree_car : agree >-> list. Local Coercion agree_car : agree >-> list.
Definition to_agree {A} (a : A) : agree A :=
{| agree_car := [a]; agree_not_nil := eq_refl |}.
Lemma elem_of_agree {A} (x : agree A) : a, a agree_car x. Lemma elem_of_agree {A} (x : agree A) : a, a agree_car x.
Proof. destruct x as [[|a ?] ?]; set_solver+. Qed. Proof. destruct x as [[|a ?] ?]; set_solver+. Qed.
Lemma agree_eq {A} (x y : agree A) : agree_car x = agree_car y x = y. Lemma agree_eq {A} (x y : agree A) : agree_car x = agree_car y x = y.
...@@ -82,7 +84,7 @@ Instance agree_validN : ValidN (agree A) := λ n x, ...@@ -82,7 +84,7 @@ Instance agree_validN : ValidN (agree A) := λ n x,
Instance agree_valid : Valid (agree A) := λ x, n, {n} x. Instance agree_valid : Valid (agree A) := λ x, n, {n} x.
Program Instance agree_op : Op (agree A) := λ x y, Program Instance agree_op : Op (agree A) := λ x y,
Agree (agree_car x ++ agree_car y) _. {| agree_car := agree_car x ++ agree_car y |}.
Next Obligation. by intros [[|??]] y. Qed. Next Obligation. by intros [[|??]] y. Qed.
Instance agree_pcore : PCore (agree A) := Some. Instance agree_pcore : PCore (agree A) := Some.
...@@ -157,9 +159,6 @@ Proof. ...@@ -157,9 +159,6 @@ Proof.
apply discrete_iff_0; auto. apply discrete_iff_0; auto.
Qed. Qed.
Program Definition to_agree (a : A) : agree A :=
{| agree_car := [a]; agree_not_nil := eq_refl |}.
Global Instance to_agree_ne : NonExpansive to_agree. Global Instance to_agree_ne : NonExpansive to_agree.
Proof. Proof.
intros n a1 a2 Hx; split=> b /=; intros n a1 a2 Hx; split=> b /=;
...@@ -167,6 +166,15 @@ Proof. ...@@ -167,6 +166,15 @@ Proof.
Qed. Qed.
Global Instance to_agree_proper : Proper (() ==> ()) to_agree := ne_proper _. Global Instance to_agree_proper : Proper (() ==> ()) to_agree := ne_proper _.
Global Instance to_agree_discrete a : Discrete a Discrete (to_agree a).
Proof.
intros ? y [H H'] n; split.
- intros a' ->%elem_of_list_singleton. destruct (H a) as [b ?]; first by left.
exists b. by rewrite -discrete_iff_0.
- intros b Hb. destruct (H' b) as (b'&->%elem_of_list_singleton&?); auto.
exists a. by rewrite elem_of_list_singleton -discrete_iff_0.
Qed.
Global Instance to_agree_injN n : Inj (dist n) (dist n) (to_agree). Global Instance to_agree_injN n : Inj (dist n) (dist n) (to_agree).
Proof. Proof.
move=> a b [_] /=. setoid_rewrite elem_of_list_singleton. naive_solver. move=> a b [_] /=. setoid_rewrite elem_of_list_singleton. naive_solver.
......
...@@ -208,7 +208,7 @@ Lemma auth_frag_mono a b : a ≼ b → ◯ a ≼ ◯ b. ...@@ -208,7 +208,7 @@ Lemma auth_frag_mono a b : a ≼ b → ◯ a ≼ ◯ b.
Proof. intros [c ->]. rewrite auth_frag_op. apply cmra_included_l. Qed. Proof. intros [c ->]. rewrite auth_frag_op. apply cmra_included_l. Qed.
Global Instance auth_frag_sep_homomorphism : Global Instance auth_frag_sep_homomorphism :
MonoidHomomorphism op op () (Auth None). MonoidHomomorphism op op () (@Auth A None).
Proof. by split; [split; try apply _|]. Qed. Proof. by split; [split; try apply _|]. Qed.
Lemma auth_both_op a b : Auth (Excl' a) b a b. Lemma auth_both_op a b : Auth (Excl' a) b a b.
......
This diff is collapsed.
...@@ -93,7 +93,7 @@ Section frac_auth. ...@@ -93,7 +93,7 @@ Section frac_auth.
IsOp q q1 q2 IsOp a a1 a2 IsOp' (!{q} a) (!{q1} a1) (!{q2} a2). IsOp q q1 q2 IsOp a a1 a2 IsOp' (!{q} a)