Commit 843905d8 authored by Ralf Jung's avatar Ralf Jung

docs: give pvs and wp rules

parent 8930527a
\section{Language} \section{Language}
A \emph{language} $\Lang$ consists of a set \textdom{Exp} of \emph{expressions} (metavariable $\expr$), a set \textdom{Val} of \emph{values} (metavariable $\val$), and a set \textdom{State} of \emph{states} (metvariable $\state$) such that A \emph{language} $\Lang$ consists of a set \textdom{Expr} of \emph{expressions} (metavariable $\expr$), a set \textdom{Val} of \emph{values} (metavariable $\val$), and a set \textdom{State} of \emph{states} (metvariable $\state$) such that
\begin{itemize} \begin{itemize}
\item There exist functions $\ofval : \textdom{Val} \to \textdom{Expr}$ and $\toval : \textdom{Expr} \pfn \textdom{val}$ (notice the latter is partial), such that \item There exist functions $\ofval : \textdom{Val} \to \textdom{Expr}$ and $\toval : \textdom{Expr} \pfn \textdom{val}$ (notice the latter is partial), such that
\begin{mathpar} {\All \expr, \val. \toval(\expr) = \val \Ra \ofval(\val) = \expr} \and {\All\val. \toval(\ofval(\val)) = \val} \begin{mathpar} {\All \expr, \val. \toval(\expr) = \val \Ra \ofval(\val) = \expr} \and {\All\val. \toval(\ofval(\val)) = \val}
...@@ -24,6 +24,15 @@ In other words, atomic expression \emph{reduce in one step to a value}. ...@@ -24,6 +24,15 @@ In other words, atomic expression \emph{reduce in one step to a value}.
It does not matter whether they fork off an arbitrary expression. It does not matter whether they fork off an arbitrary expression.
\end{itemize} \end{itemize}
\begin{defn}[Context]
A function $\lctx : \textdom{Expr} \to \textdom{Expr}$ is a \emph{context} if the following conditions are satisfied
\begin{align*}
\All\expr.& \toval(\expr) = \bot \Ra \toval(\lctx(\expr)) = \bot \tagH{lang-ctx-not-val}\\
\All \expr_1, \state_1, \expr_2, \state_2, \expr'.& \expr_1, \state_1 \step \expr_2,\state_2,\expr' \Ra \lctx(\expr_1), \state_1 \step \lctx(\expr_2),\state_2,\expr' \tagH{lang-ctx-step}\\
\All \expr_1', \state_1, \expr_2, \state_2, \expr'.& \toval(\expr_1') = \bot \land \lctx(\expr_1'), \state_1 \step \expr_2,\state_2,\expr' \Ra \Exists\expr_2'. \expr_2 = \lctx(\expr_2') \land \expr_1', \state_1 \step \expr_2',\state_2,\expr' \tagH{lang-ctx-step-inv}
\end{align*}
\end{defn}
\subsection{The concurrent language} \subsection{The concurrent language}
For any language $\Lang$, we define the corresponding thread-pool semantics. For any language $\Lang$, we define the corresponding thread-pool semantics.
...@@ -116,11 +125,12 @@ Iris syntax is built up from a signature $\Sig$ and a countably infinite set $\t ...@@ -116,11 +125,12 @@ Iris syntax is built up from a signature $\Sig$ and a countably infinite set $\t
\always\prop \mid \always\prop \mid
{\later\prop} \mid {\later\prop} \mid
\pvs[\term][\term] \prop\mid \pvs[\term][\term] \prop\mid
\wpre{\term}{\pred}[\term] \wpre{\term}{\Ret\var.\term}[\term]
\end{align*} \end{align*}
Recursive predicates must be \emph{guarded}: in $\MU \var. \pred$, the variable $\var$ can only appear under the later $\later$ modality. Recursive predicates must be \emph{guarded}: in $\MU \var. \pred$, the variable $\var$ can only appear under the later $\later$ modality.
Note that $\always$ and $\later$ bind more tightly than $*$, $\wand$, $\land$, $\lor$, and $\Ra$. Note that $\always$ and $\later$ bind more tightly than $*$, $\wand$, $\land$, $\lor$, and $\Ra$.
We will write $\pvs[\term] \prop$ for $\pvs[\term][\term] \prop$.
\paragraph{Metavariable conventions.} \paragraph{Metavariable conventions.}
We introduce additional metavariables ranging over terms and generally let the choice of metavariable indicate the term's type: We introduce additional metavariables ranging over terms and generally let the choice of metavariable indicate the term's type:
...@@ -129,7 +139,7 @@ We introduce additional metavariables ranging over terms and generally let the c ...@@ -129,7 +139,7 @@ We introduce additional metavariables ranging over terms and generally let the c
\text{metavariable} & \text{type} \\\hline \text{metavariable} & \text{type} \\\hline
\term, \termB & \text{arbitrary} \\ \term, \termB & \text{arbitrary} \\
\val, \valB & \textsort{Val} \\ \val, \valB & \textsort{Val} \\
\expr & \textsort{Exp} \\ \expr & \textsort{Expr} \\
\state & \textsort{State} \\ \state & \textsort{State} \\
\end{array} \end{array}
\qquad\qquad \qquad\qquad
...@@ -267,11 +277,11 @@ In writing $\vctx, x:\type$, we presuppose that $x$ is not already declared in $ ...@@ -267,11 +277,11 @@ In writing $\vctx, x:\type$, we presuppose that $x$ is not already declared in $
} }
\and \and
\infer{ \infer{
\vctx \proves \wtt{\expr}{\textsort{Exp}} \and \vctx \proves \wtt{\expr}{\textsort{Expr}} \and
\vctx \proves \wtt{\pred}{\textsort{Val} \to \Prop} \and \vctx,\var:\textsort{Val} \proves \wtt{\term}{\Prop} \and
\vctx \proves \wtt{\mask}{\textsort{InvMask}} \vctx \proves \wtt{\mask}{\textsort{InvMask}}
}{ }{
\vctx \proves \wtt{\wpre{\expr}{\pred}[\mask]}{\Prop} \vctx \proves \wtt{\wpre{\expr}{\Ret\var.\term}[\mask]}{\Prop}
} }
\end{mathparpagebreakable} \end{mathparpagebreakable}
...@@ -456,13 +466,83 @@ This is entirely standard. ...@@ -456,13 +466,83 @@ This is entirely standard.
\always{\All x. \prop} &\Lra& \All x. \always{\prop} \\ \always{\All x. \prop} &\Lra& \All x. \always{\prop} \\
\always{\Exists x. \prop} &\Lra& \Exists x. \always{\prop} \\ \always{\Exists x. \prop} &\Lra& \Exists x. \always{\prop} \\
\end{array} \end{array}
\and
{ \term =_\type \term' \Ra \always \term =_\type \term'}
\and
{ \knowInv\iname\prop \Ra \always \knowInv\iname\prop}
\and
{ \ownGGhost{\munit(\melt)} \Ra \always \ownGGhost{\munit(\melt)}}
\end{mathpar} \end{mathpar}
\paragraph{Laws of primitive view shifts.} \paragraph{Laws of primitive view shifts.}
~\\\ralf{Add these.} \begin{mathpar}
\infer[pvs-intro]
{}{\prop \proves \pvs[\mask] \prop}
\infer[pvs-mono]
{\prop \proves \propB}
{\pvs[\mask_1][\mask_2] \prop \proves \pvs[\mask_1][\mask_2] \propB}
\infer[pvs-timeless]
{\timeless\prop}
{\later\prop \proves \pvs[\mask] \prop}
\infer[pvs-trans]
{\mask_2 \subseteq \mask_1 \cup \mask_3}
{\pvs[\mask_1][\mask_2] \pvs[\mask_2][\mask_3] \prop \proves \pvs[\mask_1][\mask_3] \prop}
\infer[pvs-mask-frame]
{}{\pvs[\mask_1][\mask_2] \prop \proves \pvs[\mask_1 \uplus \mask_f][\mask_2 \uplus \mask_f] \prop}
\infer[pvs-frame]
{}{\propB * \pvs[\mask_1][\mask_2]\prop \proves \pvs[\mask_1][\mask_2] \propB * \prop}
\infer[pvs-allocI]
{\text{$\mask$ is infinite}}
{\later\prop \proves \pvs[\mask] \Exists \iname \in \mask. \knowInv\iname\prop}
\infer[pvs-openI]
{}{\knowInv\iname\prop \proves \pvs[\set\iname][\emptyset] \later\prop}
\infer[pvs-closeI]
{}{\knowInv\iname\prop \land \later\prop \proves \pvs[\emptyset][\set\iname] \TRUE}
\infer[pvs-update]
{\melt \mupd \meltsB}
{\ownGGhost\melt \proves \pvs[\mask] \Exists\meltB\in\meltsB. \ownGGhost\meltB}
\end{mathpar}
\paragraph{Laws of weakest preconditions.} \paragraph{Laws of weakest preconditions.}
~\\\ralf{Add these.} \begin{mathpar}
\infer[wp-value]
{}{\prop[\val/\var] \proves \wpre{\val}{\Ret\var.\prop}[\mask]}
\infer[wp-mono]
{\mask_1 \subseteq \mask_2 \and \var:\textsort{val}\mid\prop \proves \propB}
{\wpre\expr{\Ret\var.\prop}[\mask_1] \proves \wpre\expr{\Ret\var.\propB}[\mask_2]}
\infer[pvs-wp]
{}{\pvs[\mask] \wpre\expr{\Ret\var.\prop}[\mask] \proves \wpre\expr{\Ret\var.\prop}[\mask]}
\infer[wp-pvs]
{}{\wpre\expr{\Ret\var.\pvs[\mask] \prop}[\mask] \proves \wpre\expr{\Ret\var.\prop}[\mask]}
\infer[wp-atomic]
{\mask_2 \subseteq \mask_1 \and \physatomic{\expr}}
{\pvs[\mask_1][\mask_2] \wpre\expr{\Ret\var. \pvs[\mask_2][\mask_1]\prop}[\mask_2]
\proves \wpre\expr{\Ret\var.\prop}[\mask_1]}
\infer[wp-frame]
{}{\propB * \wpre\expr{\Ret\var.\prop}[\mask] \proves \wpre\expr{\Ret\var.\propB*\prop}[\mask]}
\infer[wp-frame-step]
{\toval(\expr) = \bot}
{\later\propB * \wpre\expr{\Ret\var.\prop}[\mask] \proves \wpre\expr{\Ret\var.\propB*\prop}[\mask]}
\infer[wp-bind]
{\text{$\lctx$ is a context}}
{\wpre\expr{\Ret\var. \wpre{\lctx(\ofval(\var))}{\Ret\varB.\prop}[\mask]}[\mask] \proves \wpre{\lctx(\expr)}{\Ret\varB.\prop}[\mask]}
\end{mathpar}
\subsection{Lifting of operational semantics}\label{sec:lifting} \subsection{Lifting of operational semantics}\label{sec:lifting}
~\\\ralf{Add this.} ~\\\ralf{Add this.}
...@@ -504,7 +584,7 @@ This is entirely standard. ...@@ -504,7 +584,7 @@ This is entirely standard.
The adequacy statement reads as follows: The adequacy statement reads as follows:
\begin{align*} \begin{align*}
&\All \mask, \expr, \val, \pred, i, \state, \melt, \state', \tpool'. &\All \mask, \expr, \val, \pred, \state, \melt, \state', \tpool'.
\\&(\All n. \melt \in \mval_n) \Ra \\&(\All n. \melt \in \mval_n) \Ra
\\&( \ownPhys\state * \ownGGhost\melt \proves \wpre{\expr}{x.\; \pred(x)}[\mask]) \Ra \\&( \ownPhys\state * \ownGGhost\melt \proves \wpre{\expr}{x.\; \pred(x)}[\mask]) \Ra
\\&\cfg{\state}{[\expr]} \step^\ast \\&\cfg{\state}{[\expr]} \step^\ast
......
...@@ -21,6 +21,7 @@ ...@@ -21,6 +21,7 @@
\usepackage{tabu} \usepackage{tabu}
\usepackage{dashbox} \usepackage{dashbox}
\usepackage{tensor}
\usepackage{\basedir pftools} \usepackage{\basedir pftools}
...@@ -135,12 +136,6 @@ ...@@ -135,12 +136,6 @@
%% MATH SYMBOLS & NOTATION & IDENTIFIERS %% MATH SYMBOLS & NOTATION & IDENTIFIERS
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
% superscript to the left
\def\presuper#1#2%
{\mathop{}%
\mathopen{\vphantom{#2}}^{#1}%
\kern-\scriptspace%
#2}
\DeclareMathOperator*{\Sep}{\scalerel*{\ast}{\sum}} \DeclareMathOperator*{\Sep}{\scalerel*{\ast}{\sum}}
\newcommand{\bigast}{\Sep} \newcommand{\bigast}{\Sep}
...@@ -326,8 +321,8 @@ ...@@ -326,8 +321,8 @@
\newcommand{\gmapsto}{\hookrightarrow}% \newcommand{\gmapsto}{\hookrightarrow}%
\newcommand{\fgmapsto}[1][\mathrm{-}]{\xhookrightarrow{#1}}% \newcommand{\fgmapsto}[1][\mathrm{-}]{\xhookrightarrow{#1}}%
\NewDocumentCommand\wpre{m m o}% \NewDocumentCommand\wpre{m m O{}}%
{{#1} \spac \{#2\}_{#3}} {{#1} \spac \prescript{}{#3}{\kern-0.2ex\{#2\}}}
\newcommand{\later}{\mathord{\triangleright}} \newcommand{\later}{\mathord{\triangleright}}
\newcommand{\always}{\Box{}} \newcommand{\always}{\Box{}}
...@@ -347,7 +342,7 @@ ...@@ -347,7 +342,7 @@
\newcommand*{\ownGhost}[2]{\boxedassert[densely dashed]{#2}[#1]} \newcommand*{\ownGhost}[2]{\boxedassert[densely dashed]{#2}[#1]}
\newcommand*{\ownGGhost}[1]{\boxedassert[densely dashed]{#1}} \newcommand*{\ownGGhost}[1]{\boxedassert[densely dashed]{#1}}
\newcommand{\ownPhys}[1]{\lfloor#1\rfloor} \newcommand{\ownPhys}[1]{\textlog{Phy}(#1)}
%% View Shifts %% View Shifts
\NewDocumentCommand \vsGen {O{} m O{}}% \NewDocumentCommand \vsGen {O{} m O{}}%
...@@ -357,14 +352,14 @@ ...@@ -357,14 +352,14 @@
{#2}_{#1}% {#2}_{#1}%
}{% }{%
% Two masks % Two masks
\presuper{#1}{#2}^{#3} \tensor*[^{#1}]{#2}{^{#3}}
}% }%
}}% }}%
\NewDocumentCommand \vs {O{} O{}} {\vsGen[#1]{\Rrightarrow}[#2]} \NewDocumentCommand \vs {O{} O{}} {\vsGen[#1]{\Rrightarrow}[#2]}
\NewDocumentCommand \vsL {O{} O{}} {\vsGen[#1]{\Lleftarrow}[#2]} \NewDocumentCommand \vsL {O{} O{}} {\vsGen[#1]{\Lleftarrow}[#2]}
\NewDocumentCommand \vsE {O{} O{}} % \NewDocumentCommand \vsE {O{} O{}} %
{\vsGen[#1]{\Lleftarrow\!\!\!\Rrightarrow}[#2]} {\vsGen[#1]{\Lleftarrow\!\!\!\Rrightarrow}[#2]}
\NewDocumentCommand \pvs {O{} O{}} {\mathord{\vsGen[#1]{{\mid\kern-0.4ex\Rrightarrow}}[#2]}} \NewDocumentCommand \pvs {O{} O{}} {\mathord{\vsGen[#1]{{\mid\kern-0.4ex\Rrightarrow\kern-0.25ex}}[#2]\kern0.2ex}}
%% Hoare Triples %% Hoare Triples
...@@ -428,6 +423,7 @@ ...@@ -428,6 +423,7 @@
\newcommand{\valB}{w} \newcommand{\valB}{w}
\newcommand{\state}{\sigma} \newcommand{\state}{\sigma}
\newcommand{\step}{\ra} \newcommand{\step}{\ra}
\newcommand{\lctx}{K}
\newcommand{\toval}{\mathit{val}} \newcommand{\toval}{\mathit{val}}
\newcommand{\ofval}{\mathit{expr}} \newcommand{\ofval}{\mathit{expr}}
......
...@@ -97,20 +97,20 @@ Lemma ht_frame_r E P Φ R e : ...@@ -97,20 +97,20 @@ Lemma ht_frame_r E P Φ R e :
{{ P }} e @ E {{ Φ }} {{ P R }} e @ E {{ λ v, Φ v R }}. {{ P }} e @ E {{ Φ }} {{ P R }} e @ E {{ λ v, Φ v R }}.
Proof. setoid_rewrite (comm _ _ R); apply ht_frame_l. Qed. Proof. setoid_rewrite (comm _ _ R); apply ht_frame_l. Qed.
Lemma ht_frame_later_l E P R e Φ : Lemma ht_frame_step_l E P R e Φ :
to_val e = None to_val e = None
{{ P }} e @ E {{ Φ }} {{ R P }} e @ E {{ λ v, R Φ v }}. {{ P }} e @ E {{ Φ }} {{ R P }} e @ E {{ λ v, R Φ v }}.
Proof. Proof.
intros; apply always_intro', impl_intro_l. intros; apply always_intro', impl_intro_l.
rewrite always_and_sep_r -assoc (sep_and P) always_elim impl_elim_r. rewrite always_and_sep_r -assoc (sep_and P) always_elim impl_elim_r.
by rewrite wp_frame_later_l //; apply wp_mono=>v; rewrite pvs_frame_l. by rewrite wp_frame_step_l //; apply wp_mono=>v; rewrite pvs_frame_l.
Qed. Qed.
Lemma ht_frame_later_r E P Φ R e : Lemma ht_frame_step_r E P Φ R e :
to_val e = None to_val e = None
{{ P }} e @ E {{ Φ }} {{ P R }} e @ E {{ λ v, Φ v R }}. {{ P }} e @ E {{ Φ }} {{ P R }} e @ E {{ λ v, Φ v R }}.
Proof. Proof.
rewrite (comm _ _ ( R)%I); setoid_rewrite (comm _ _ R). rewrite (comm _ _ ( R)%I); setoid_rewrite (comm _ _ R).
apply ht_frame_later_l. apply ht_frame_step_l.
Qed. Qed.
End hoare. End hoare.
...@@ -182,7 +182,7 @@ Proof. ...@@ -182,7 +182,7 @@ Proof.
(comm _ rR) !assoc -(assoc _ _ rR). (comm _ rR) !assoc -(assoc _ _ rR).
- apply IH; eauto using uPred_weaken. - apply IH; eauto using uPred_weaken.
Qed. Qed.
Lemma wp_frame_later_r E e Φ R : Lemma wp_frame_step_r E e Φ R :
to_val e = None (#> e @ E {{ Φ }} R) #> e @ E {{ λ v, Φ v R }}. to_val e = None (#> e @ E {{ Φ }} R) #> e @ E {{ λ v, Φ v R }}.
Proof. Proof.
rewrite wp_eq. intros He; uPred.unseal; split; intros n r' Hvalid (r&rR&Hr&Hwp&?). rewrite wp_eq. intros He; uPred.unseal; split; intros n r' Hvalid (r&rR&Hr&Hwp&?).
...@@ -233,11 +233,11 @@ Lemma wp_value_pvs E Φ e v : ...@@ -233,11 +233,11 @@ Lemma wp_value_pvs E Φ e v :
Proof. intros. rewrite -wp_pvs. rewrite -wp_value //. Qed. Proof. intros. rewrite -wp_pvs. rewrite -wp_value //. Qed.
Lemma wp_frame_l E e Φ R : (R #> e @ E {{ Φ }}) #> e @ E {{ λ v, R Φ v }}. Lemma wp_frame_l E e Φ R : (R #> e @ E {{ Φ }}) #> e @ E {{ λ v, R Φ v }}.
Proof. setoid_rewrite (comm _ R); apply wp_frame_r. Qed. Proof. setoid_rewrite (comm _ R); apply wp_frame_r. Qed.
Lemma wp_frame_later_l E e Φ R : Lemma wp_frame_step_l E e Φ R :
to_val e = None ( R #> e @ E {{ Φ }}) #> e @ E {{ λ v, R Φ v }}. to_val e = None ( R #> e @ E {{ Φ }}) #> e @ E {{ λ v, R Φ v }}.
Proof. Proof.
rewrite (comm _ ( R)%I); setoid_rewrite (comm _ R). rewrite (comm _ ( R)%I); setoid_rewrite (comm _ R).
apply wp_frame_later_r. apply wp_frame_step_r.
Qed. Qed.
Lemma wp_always_l E e Φ R `{!AlwaysStable R} : Lemma wp_always_l E e Φ R `{!AlwaysStable R} :
(R #> e @ E {{ Φ }}) #> e @ E {{ λ v, R Φ v }}. (R #> e @ E {{ Φ }}) #> e @ E {{ λ v, R Φ v }}.
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment