@@ -67,7 +67,8 @@ Note that $\COFEs$ is cartesian closed.

...

@@ -67,7 +67,8 @@ Note that $\COFEs$ is cartesian closed.

\end{align*}

\end{align*}

\end{defn}

\end{defn}

\ralf{Copy the rest of the explanation from the paper, when that one is more polished.}

This is a natural generalization of RAs over COFEs.

All operations have to be non-expansive, and the validity predicate $\mval$ can now also depend on the step-index.

\paragraph{The division operator $\mdiv$.}

\paragraph{The division operator $\mdiv$.}

One way to describe $\mdiv$ is to say that it extracts the witness from the extension order: If $\melt\leq\meltB$, then $\melt\mdiv\meltB$ computes the difference between the two elements (\ruleref{cmra-div-op}).

One way to describe $\mdiv$ is to say that it extracts the witness from the extension order: If $\melt\leq\meltB$, then $\melt\mdiv\meltB$ computes the difference between the two elements (\ruleref{cmra-div-op}).

...

@@ -84,13 +85,13 @@ For every $n$, we obtain a proof that $\melt \mincl{n} \meltB$.

...

@@ -84,13 +85,13 @@ For every $n$, we obtain a proof that $\melt \mincl{n} \meltB$.

From this, we could extract a sequence of witnesses $(\meltC_m)_{m}$, and we need to arrive at a single witness $\meltC$ showing that $\melt\leq\meltB$.

From this, we could extract a sequence of witnesses $(\meltC_m)_{m}$, and we need to arrive at a single witness $\meltC$ showing that $\melt\leq\meltB$.

Without the division operator, there is no reason to believe that such a witness exists.

Without the division operator, there is no reason to believe that such a witness exists.

However, since we can use the division operator, and since we know that this operator is \emph{non-expansive}, we can pick $\meltC\eqdef\meltB\mdiv\melt$, and then we can prove that this is indeed the desired witness.

However, since we can use the division operator, and since we know that this operator is \emph{non-expansive}, we can pick $\meltC\eqdef\meltB\mdiv\melt$, and then we can prove that this is indeed the desired witness.

\ralf{The only reason we actually have division is that we are working constructively \emph{and}, at the same time, remain compatible with a classic interpretation of the existential. This is pretty silly.}

\ralf{The only reason we actually have division is that we are working constructively in an impredicative universe. This is pretty silly.}

@@ -204,7 +204,7 @@ We can derive some specialized forms of the lifting axioms for the operational s

...

@@ -204,7 +204,7 @@ We can derive some specialized forms of the lifting axioms for the operational s

\ralf{Add these.}

\ralf{Add these.}

\subsection{Global Functor and ghost ownership}

\subsection{Global functor and ghost ownership}

\ralf{Describe this.}

\ralf{Describe this.}

% \subsection{Global monoid}

% \subsection{Global monoid}

...

@@ -364,7 +364,7 @@ We can derive some specialized forms of the lifting axioms for the operational s

...

@@ -364,7 +364,7 @@ We can derive some specialized forms of the lifting axioms for the operational s

% \subsection{Ghost heap}

% \subsection{Ghost heap}

% \label{sec:ghostheap}%

% \label{sec:ghostheap}%

% FIXME use the finmap provided by the global ghost ownership, instead of adding our own

% We define a simple ghost heap with fractional permissions.

% We define a simple ghost heap with fractional permissions.

% Some modules require a few ghost names per module instance to properly manage ghost state, but would like to expose to clients a single logical name (avoiding clutter).

% Some modules require a few ghost names per module instance to properly manage ghost state, but would like to expose to clients a single logical name (avoiding clutter).