Commit 56b35361 authored by David Swasey's avatar David Swasey

Proved htUnsafe.

parent 473e5f3c
...@@ -14,7 +14,7 @@ ...@@ -14,7 +14,7 @@
# #
# This Makefile was generated by the command line : # This Makefile was generated by the command line :
# coq_makefile lib/ModuRes -R lib/ModuRes ModuRes core_lang.v iris_core.v iris_vs.v iris_wp.v lang.v masks.v world_prop.v -o Makefile # coq_makefile lib/ModuRes -R lib/ModuRes ModuRes core_lang.v iris_core.v iris_unsafe.v iris_vs.v iris_wp.v lang.v masks.v world_prop.v -o Makefile
# #
.DEFAULT_GOAL := all .DEFAULT_GOAL := all
...@@ -50,14 +50,14 @@ COQDOCLIBS?=-R lib/ModuRes ModuRes ...@@ -50,14 +50,14 @@ COQDOCLIBS?=-R lib/ModuRes ModuRes
OPT?= OPT?=
COQDEP?=$(COQBIN)coqdep -c COQDEP?="$(COQBIN)coqdep" -c
COQFLAGS?=-q $(OPT) $(COQLIBS) $(OTHERFLAGS) $(COQ_XML) COQFLAGS?=-q $(OPT) $(COQLIBS) $(OTHERFLAGS) $(COQ_XML)
COQCHKFLAGS?=-silent -o COQCHKFLAGS?=-silent -o
COQDOCFLAGS?=-interpolate -utf8 COQDOCFLAGS?=-interpolate -utf8
COQC?=$(COQBIN)coqc COQC?="$(COQBIN)coqc"
GALLINA?=$(COQBIN)gallina GALLINA?="$(COQBIN)gallina"
COQDOC?=$(COQBIN)coqdoc COQDOC?="$(COQBIN)coqdoc"
COQCHK?=$(COQBIN)coqchk COQCHK?="$(COQBIN)coqchk"
################## ##################
# # # #
...@@ -66,12 +66,12 @@ COQCHK?=$(COQBIN)coqchk ...@@ -66,12 +66,12 @@ COQCHK?=$(COQBIN)coqchk
################## ##################
ifdef USERINSTALL ifdef USERINSTALL
XDG_DATA_HOME?=$(HOME)/.local/share XDG_DATA_HOME?="$(HOME)/.local/share"
COQLIBINSTALL=$(XDG_DATA_HOME)/coq COQLIBINSTALL=$(XDG_DATA_HOME)/coq
COQDOCINSTALL=$(XDG_DATA_HOME)/doc/coq COQDOCINSTALL=$(XDG_DATA_HOME)/doc/coq
else else
COQLIBINSTALL=${COQLIB}user-contrib COQLIBINSTALL="${COQLIB}user-contrib"
COQDOCINSTALL=${DOCDIR}user-contrib COQDOCINSTALL="${DOCDIR}user-contrib"
endif endif
###################### ######################
...@@ -82,6 +82,7 @@ endif ...@@ -82,6 +82,7 @@ endif
VFILES:=core_lang.v\ VFILES:=core_lang.v\
iris_core.v\ iris_core.v\
iris_unsafe.v\
iris_vs.v\ iris_vs.v\
iris_wp.v\ iris_wp.v\
lang.v\ lang.v\
...@@ -175,12 +176,12 @@ install: ...@@ -175,12 +176,12 @@ install:
for i in $(VOFILESINC); do \ for i in $(VOFILESINC); do \
install -m 0644 $$i $(DSTROOT)$(COQLIBINSTALL)/ModuRes/`basename $$i`; \ install -m 0644 $$i $(DSTROOT)$(COQLIBINSTALL)/ModuRes/`basename $$i`; \
done done
(cd ./lib/ModuRes; $(MAKE) DSTROOT=$(DSTROOT) INSTALLDEFAULTROOT=$(INSTALLDEFAULTROOT)/./lib/ModuRes install) +cd ./lib/ModuRes && $(MAKE) DSTROOT="$(DSTROOT)" INSTALLDEFAULTROOT="$(INSTALLDEFAULTROOT)/./lib/ModuRes" install
install-doc: install-doc:
install -d $(DSTROOT)$(COQDOCINSTALL)/ModuRes/html install -d "$(DSTROOT)"$(COQDOCINSTALL)/ModuRes/html
for i in html/*; do \ for i in html/*; do \
install -m 0644 $$i $(DSTROOT)$(COQDOCINSTALL)/ModuRes/$$i;\ install -m 0644 $$i "$(DSTROOT)"$(COQDOCINSTALL)/ModuRes/$$i;\
done done
clean: clean:
...@@ -194,13 +195,13 @@ archclean: ...@@ -194,13 +195,13 @@ archclean:
(cd ./lib/ModuRes ; $(MAKE) archclean) (cd ./lib/ModuRes ; $(MAKE) archclean)
printenv: printenv:
@$(COQBIN)coqtop -config @"$(COQBIN)coqtop" -config
@echo CAMLC = $(CAMLC) @echo 'CAMLC = $(CAMLC)'
@echo CAMLOPTC = $(CAMLOPTC) @echo 'CAMLOPTC = $(CAMLOPTC)'
@echo PP = $(PP) @echo 'PP = $(PP)'
@echo COQFLAGS = $(COQFLAGS) @echo 'COQFLAGS = $(COQFLAGS)'
@echo COQLIBINSTALL = $(COQLIBINSTALL) @echo 'COQLIBINSTALL = $(COQLIBINSTALL)'
@echo COQDOCINSTALL = $(COQDOCINSTALL) @echo 'COQDOCINSTALL = $(COQDOCINSTALL)'
################### ###################
# # # #
...@@ -227,7 +228,7 @@ printenv: ...@@ -227,7 +228,7 @@ printenv:
$(COQDOC) $(COQDOCFLAGS) -latex -g $< -o $@ $(COQDOC) $(COQDOCFLAGS) -latex -g $< -o $@
%.g.html: %.v %.glob %.g.html: %.v %.glob
$(COQDOC)$(COQDOCFLAGS) -html -g $< -o $@ $(COQDOC) $(COQDOCFLAGS) -html -g $< -o $@
%.v.d: %.v %.v.d: %.v
$(COQDEP) -slash $(COQLIBS) "$<" > "$@" || ( RV=$$?; rm -f "$@"; exit $${RV} ) $(COQDEP) -slash $(COQLIBS) "$<" > "$@" || ( RV=$$?; rm -f "$@"; exit $${RV} )
......
...@@ -62,6 +62,8 @@ CONTENTS ...@@ -62,6 +62,8 @@ CONTENTS
* iris_wp.v defines weakest preconditions and proves the rules for * iris_wp.v defines weakest preconditions and proves the rules for
Hoare triples Hoare triples
* iris_unsafe.v proves rules for unsafe Hoare triples
The development uses ModuRes, a Coq library by Sieczkowski et al. to The development uses ModuRes, a Coq library by Sieczkowski et al. to
solve the recursive domain equation (see the paper for a reference) solve the recursive domain equation (see the paper for a reference)
......
Set Automatic Coercions Import.
Require Import ssreflect ssrfun ssrbool eqtype seq fintype.
Require Import core_lang masks iris_wp.
Require Import ModuRes.PCM ModuRes.UPred ModuRes.BI ModuRes.PreoMet ModuRes.Finmap.
Set Implicit Arguments.
Unset Strict Implicit.
Unset Printing Implicit Defensive.
(******************************************************************)
(** * Rules for unsafe triples **)
(******************************************************************)
Module RobustSafety (RL : PCM_T) (C : CORE_LANG).
Module Export Iris := IrisWP RL C.
Local Open Scope iris_scope.
Local Open Scope mask_scope.
Local Open Scope pcm_scope.
Local Open Scope bi_scope.
Local Open Scope lang_scope.
Implicit Types (P Q R : Props) (i : nat) (safe : bool) (m : mask) (e : expr) (φ : value -n> Props) (r : res) (w : Wld).
Lemma wpUnsafe m e φ : wp true m e φ wp false m e φ.
Proof.
move=> w n r He; move: n e φ w r He; elim/wf_nat_ind; move=> n IH e φ w r /unfold_wp He.
rewrite unfold_wp; move=> w' k s rf mf σ HSw HLt HD Hw.
move: {IH} (IH _ HLt) => IH.
move: {He HSw HLt HD Hw} (He _ _ _ _ _ _ HSw HLt HD Hw) => [HV [HS [HF _] ] ].
split; [done | clear HV; split; [clear HF | split; [clear HS | done] ] ].
- move=> σ' ei ei' K HK Hstep.
move: {HS HK Hstep} (HS _ _ _ _ HK Hstep) => [w'' [r' [s' [HSw' [He' Hw'] ] ] ] ].
exists w'' r' s'; split; [done | split; [exact: IH | done] ].
move=> e' K HK.
move: {HF HK} (HF _ _ HK) => [w'' [rfk [rret [s' [HSw' [Hk [He' Hw'] ] ] ] ] ] ].
exists w'' rfk rret s'; split; [done | split; [exact: IH | split; [exact: IH | done] ] ].
Qed.
Lemma htUnsafe m P e φ : ht true m P e φ ht false m P e φ.
Proof.
move=> w n rz He w' HSw n' r HLe Hr HP.
move: {He P w n rz HSw HLe Hr HP} (He _ HSw _ _ HLe Hr HP).
exact: wpUnsafe.
Qed.
End RobustSafety.
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment