Commit a90ab674 authored by Jacques-Henri Jourdan's avatar Jacques-Henri Jourdan
Browse files

Merge branch 'master' of gitlab.mpi-sws.org:FP/iris-coq

parents 7b619dd3 8fdf1509
...@@ -15,9 +15,8 @@ Coq development, but not every API-breaking change is listed. Changes marked ...@@ -15,9 +15,8 @@ Coq development, but not every API-breaking change is listed. Changes marked
* With invariants and the physical state being handled in the logic, there * With invariants and the physical state being handled in the logic, there
is no longer any reason to demand the CMRA unit to be discrete. is no longer any reason to demand the CMRA unit to be discrete.
* The language can now fork off multiple threads at once. * The language can now fork off multiple threads at once.
* [#] Local Updates (for the authoritative monoid) are now a 4-way relation * Local Updates (for the authoritative monoid) are now a 4-way relation
with syntax-directed lemmas proving them. [program_logic/auth] is gone, with syntax-directed lemmas proving them.
it doesn't actually simplify anything any more.
## Iris 2.0 ## Iris 2.0
......
...@@ -821,26 +821,25 @@ Proof. ...@@ -821,26 +821,25 @@ Proof.
split; intros n' x ? (x1&x2&?&?&?); exists x1,x2; cofe_subst x; split; intros n' x ? (x1&x2&?&?&?); exists x1,x2; cofe_subst x;
eauto 7 using cmra_validN_op_l, cmra_validN_op_r, uPred_in_entails. eauto 7 using cmra_validN_op_l, cmra_validN_op_r, uPred_in_entails.
Qed. Qed.
Global Instance True_sep : LeftId () True%I (@uPred_sep M). Lemma True_sep_1 P : P True P.
Proof. Proof.
intros P; unseal; split=> n x Hvalid; split. unseal; split; intros n x ??. exists (core x), x. by rewrite cmra_core_l.
- intros (x1&x2&?&_&?); cofe_subst; eauto using uPred_mono, cmra_includedN_r.
- by intros ?; exists (core x), x; rewrite cmra_core_l.
Qed. Qed.
Global Instance sep_comm : Comm () (@uPred_sep M). Lemma True_sep_2 P : True P P.
Proof. Proof.
by intros P Q; unseal; split=> n x ?; split; unseal; split; intros n x ? (x1&x2&?&_&?); cofe_subst;
intros (x1&x2&?&?&?); exists x2, x1; rewrite (comm op). eauto using uPred_mono, cmra_includedN_r.
Qed. Qed.
Global Instance sep_assoc : Assoc () (@uPred_sep M). Lemma sep_comm' P Q : P Q Q P.
Proof.
unseal; split; intros n x ? (x1&x2&?&?&?); exists x2, x1; by rewrite (comm op).
Qed.
Lemma sep_assoc' P Q R : (P Q) R P (Q R).
Proof. Proof.
intros P Q R; unseal; split=> n x ?; split. unseal; split; intros n x ? (x1&x2&Hx&(y1&y2&Hy&?&?)&?).
- intros (x1&x2&Hx&?&y1&y2&Hy&?&?); exists (x1 y1), y2; split_and?; auto. exists y1, (y2 x2); split_and?; auto.
+ by rewrite -(assoc op) -Hy -Hx. + by rewrite (assoc op) -Hy -Hx.
+ by exists x1, y1. + by exists y2, x2.
- intros (x1&x2&Hx&(y1&y2&Hy&?&?)&?); exists y1, (y2 x2); split_and?; auto.
+ by rewrite (assoc op) -Hy -Hx.
+ by exists y2, x2.
Qed. Qed.
Lemma wand_intro_r P Q R : (P Q R) P Q - R. Lemma wand_intro_r P Q R : (P Q R) P Q - R.
Proof. Proof.
...@@ -872,6 +871,15 @@ Qed. ...@@ -872,6 +871,15 @@ Qed.
Global Instance wand_mono' : Proper (flip () ==> () ==> ()) (@uPred_wand M). Global Instance wand_mono' : Proper (flip () ==> () ==> ()) (@uPred_wand M).
Proof. by intros P P' HP Q Q' HQ; apply wand_mono. Qed. Proof. by intros P P' HP Q Q' HQ; apply wand_mono. Qed.
Global Instance sep_comm : Comm () (@uPred_sep M).
Proof. intros P Q; apply (anti_symm _); auto using sep_comm'. Qed.
Global Instance sep_assoc : Assoc () (@uPred_sep M).
Proof.
intros P Q R; apply (anti_symm _); auto using sep_assoc'.
by rewrite !(comm _ P) !(comm _ _ R) sep_assoc'.
Qed.
Global Instance True_sep : LeftId () True%I (@uPred_sep M).
Proof. intros P; apply (anti_symm _); auto using True_sep_1, True_sep_2. Qed.
Global Instance sep_True : RightId () True%I (@uPred_sep M). Global Instance sep_True : RightId () True%I (@uPred_sep M).
Proof. by intros P; rewrite comm left_id. Qed. Proof. by intros P; rewrite comm left_id. Qed.
Lemma sep_elim_l P Q : P Q P. Lemma sep_elim_l P Q : P Q P.
......
...@@ -289,8 +289,8 @@ Furthermore, we have the usual $\eta$ and $\beta$ laws for projections, $\lambda ...@@ -289,8 +289,8 @@ Furthermore, we have the usual $\eta$ and $\beta$ laws for projections, $\lambda
\begin{mathpar} \begin{mathpar}
\begin{array}{rMcMl} \begin{array}{rMcMl}
\TRUE * \prop &\provesIff& \prop \\ \TRUE * \prop &\provesIff& \prop \\
\prop * \propB &\provesIff& \propB * \prop \\ \prop * \propB &\proves& \propB * \prop \\
(\prop * \propB) * \propC &\provesIff& \prop * (\propB * \propC) (\prop * \propB) * \propC &\proves& \prop * (\propB * \propC)
\end{array} \end{array}
\and \and
\infer[$*$-mono] \infer[$*$-mono]
...@@ -339,17 +339,17 @@ Furthermore, we have the usual $\eta$ and $\beta$ laws for projections, $\lambda ...@@ -339,17 +339,17 @@ Furthermore, we have the usual $\eta$ and $\beta$ laws for projections, $\lambda
\begin{array}[c]{rMcMl} \begin{array}[c]{rMcMl}
\All x. \later\prop &\proves& \later{\All x.\prop} \\ \All x. \later\prop &\proves& \later{\All x.\prop} \\
\later\Exists x. \prop &\proves& \later\FALSE \lor {\Exists x.\later\prop} \\ \later\Exists x. \prop &\proves& \later\FALSE \lor {\Exists x.\later\prop} \\
\later\prop &\proves& \later\FALSE \lor (\later\FALSE \Ra \prop) \\ \later\prop &\proves& \later\FALSE \lor (\later\FALSE \Ra \prop)
\end{array} \end{array}
\and \and
\begin{array}[c]{rMcMl} \begin{array}[c]{rMcMl}
\later{(\prop * \propB)} &\provesIff& \later\prop * \later\propB \\ \later{(\prop * \propB)} &\provesIff& \later\prop * \later\propB \\
\always{\later\prop} &\provesIff& \later\always{\prop} \\ \always{\later\prop} &\provesIff& \later\always{\prop}
\end{array} \end{array}
\end{mathpar} \end{mathpar}
\paragraph{Laws for ghosts and validity.} \paragraph{Laws for resources and validity.}
\begin{mathpar} \begin{mathpar}
\begin{array}{rMcMl} \begin{array}{rMcMl}
\ownM{\melt} * \ownM{\meltB} &\provesIff& \ownM{\melt \mtimes \meltB} \\ \ownM{\melt} * \ownM{\meltB} &\provesIff& \ownM{\melt \mtimes \meltB} \\
...@@ -357,14 +357,14 @@ Furthermore, we have the usual $\eta$ and $\beta$ laws for projections, $\lambda ...@@ -357,14 +357,14 @@ Furthermore, we have the usual $\eta$ and $\beta$ laws for projections, $\lambda
\TRUE &\proves& \ownM{\munit} \\ \TRUE &\proves& \ownM{\munit} \\
\later\ownM\melt &\proves& \Exists\meltB. \ownM\meltB \land \later(\melt = \meltB) \later\ownM\melt &\proves& \Exists\meltB. \ownM\meltB \land \later(\melt = \meltB)
\end{array} \end{array}
\and % \and
\infer[valid-intro] % \infer[valid-intro]
{\melt \in \mval} % {\melt \in \mval}
{\TRUE \vdash \mval(\melt)} % {\TRUE \vdash \mval(\melt)}
\and % \and
\infer[valid-elim] % \infer[valid-elim]
{\melt \notin \mval_0} % {\melt \notin \mval_0}
{\mval(\melt) \proves \FALSE} % {\mval(\melt) \proves \FALSE}
\and \and
\begin{array}{rMcMl} \begin{array}{rMcMl}
\ownM{\melt} &\proves& \mval(\melt) \\ \ownM{\melt} &\proves& \mval(\melt) \\
...@@ -376,24 +376,26 @@ Furthermore, we have the usual $\eta$ and $\beta$ laws for projections, $\lambda ...@@ -376,24 +376,26 @@ Furthermore, we have the usual $\eta$ and $\beta$ laws for projections, $\lambda
\paragraph{Laws for the resource update modality.} \paragraph{Laws for the resource update modality.}
\begin{mathpar} \begin{mathpar}
\infer[upd-mono] \inferH{upd-mono}
{\prop \proves \propB} {\prop \proves \propB}
{\upd\prop \proves \upd\propB} {\upd\prop \proves \upd\propB}
\infer[upd-intro] \inferH{upd-intro}
{}{\prop \proves \upd \prop} {}{\prop \proves \upd \prop}
\infer[upd-trans] \inferH{upd-trans}
{} {}
{\upd \upd \prop \proves \upd \prop} {\upd \upd \prop \proves \upd \prop}
\infer[upd-frame] \inferH{upd-frame}
{}{\propB * \upd\prop \proves \upd (\propB * \prop)} {}{\propB * \upd\prop \proves \upd (\propB * \prop)}
\inferH{upd-update} \inferH{upd-update}
{\melt \mupd \meltsB} {\melt \mupd \meltsB}
{\ownM\melt \proves \upd \Exists\meltB\in\meltsB. \ownM\meltB} {\ownM\melt \proves \upd \Exists\meltB\in\meltsB. \ownM\meltB}
\end{mathpar} \end{mathpar}
The premise in \ruleref{upd-update} is a \emph{meta-level} side-condition that has to be proven about $a$ and $B$.
\ralf{Trouble is, we don't actually have $\in$ inside the logic...}
\subsection{Consistency} \subsection{Consistency}
......
% !TEX root = ./appendix.tex
\section{COFE constructions} \section{COFE constructions}
\subsection{Next (type-level later)} \subsection{Next (type-level later)}
...@@ -254,126 +253,41 @@ We obtain the following frame-preserving update: ...@@ -254,126 +253,41 @@ We obtain the following frame-preserving update:
% \end{proof} % \end{proof}
% %\subsection{Disposable monoid} \subsection{Authoritative}
% % \label{sec:auth-cmra}
% %Given a monoid $M$, we construct a monoid where, having full ownership of an element $\melt$ of $M$, one can throw it away, transitioning to a dead element.
% %Let \dispm{M} be the monoid with carrier $\mcarp{M} \uplus \{ \disposed \}$ and multiplication
% %% The previous unit must remain the unit of the new monoid, as is is always duplicable and hence we could not transition to \disposed if it were not composable with \disposed
% %\begin{align*}
% % \melt \mtimes \meltB &\eqdef \melt \mtimes_M \meltB & \IF \melt \sep[M] \meltB \\
% % \disposed \mtimes \disposed &\eqdef \disposed \\
% % \munit_M \mtimes \disposed &\eqdef \disposed \mtimes \munit_M \eqdef \disposed
% %\end{align*}
% %The unit is the same as in $M$.
% %
% %The frame-preserving updates are
% %\begin{mathpar}
% % \inferH{DispUpd}
% % {a \in \mcarp{M} \setminus \{\munit_M\} \and a \mupd_M B}
% % {a \mupd B}
% % \and
% % \inferH{Dispose}
% % {a \in \mcarp{M} \setminus \{\munit_M\} \and \All b \in \mcarp{M}. a \sep b \Ra b = \munit_M}
% % {a \mupd \disposed}
% %\end{mathpar}
% %
% %\begin{proof}[Proof of \ruleref{DispUpd}]
% %Assume a frame $f$. If $f = \disposed$, then $a = \munit_M$, which is a contradiction.
% %Thus $f \in \mcarp{M}$ and we can use $a \mupd_M B$.
% %\end{proof}
% %
% %\begin{proof}[Proof of \ruleref{Dispose}]
% %The second premiss says that $a$ has no non-trivial frame in $M$. To show the update, assume a frame $f$ in $\dispm{M}$. Like above, we get $f \in \mcarp{M}$, and thus $f = \munit_M$. But $\disposed \sep \munit_M$ is trivial, so we are done.
% %\end{proof}
% \subsection{Authoritative monoid}\label{sec:auth}
% Given a monoid $M$, we construct a monoid modeling someone owning an \emph{authoritative} element $x$ of $M$, and others potentially owning fragments $\melt \le_M x$ of $x$.
% (If $M$ is an exclusive monoid, the construction is very similar to a half-ownership monoid with two asymmetric halves.)
% Let $\auth{M}$ be the monoid with carrier
% \[
% \setComp{ (x, \melt) }{ x \in \mcarp{\exm{\mcarp{M}}} \land \melt \in \mcarp{M} \land (x = \munit_{\exm{\mcarp{M}}} \lor \melt \leq_M x) }
% \]
% and multiplication
% \[
% (x, \melt) \mtimes (y, \meltB) \eqdef
% (x \mtimes y, \melt \mtimes \meltB) \quad \mbox{if } x \sep y \land \melt \sep \meltB \land (x \mtimes y = \munit_{\exm{\mcarp{M}}} \lor \melt \mtimes \meltB \leq_M x \mtimes y)
% \]
% Note that $(\munit_{\exm{\mcarp{M}}}, \munit_M)$ is the unit and asserts no ownership whatsoever, but $(\munit_{M}, \munit_M)$ asserts that the authoritative element is $\munit_M$.
% Let $x, \melt \in \mcarp M$.
% We write $\authfull x$ for full ownership $(x, \munit_M):\auth{M}$ and $\authfrag \melt$ for fragmental ownership $(\munit_{\exm{\mcarp{M}}}, \melt)$ and $\authfull x , \authfrag \melt$ for combined ownership $(x, \melt)$.
% If $x$ or $a$ is $\mzero_{M}$, then the sugar denotes $\mzero_{\auth{M}}$.
% \ralf{This needs syncing with the Coq development.}
% The frame-preserving update involves a rather unwieldy side-condition:
% \begin{mathpar}
% \inferH{AuthUpd}{
% \All\melt_\f\in\mcar{\monoid}. \melt\sep\meltB \land \melt\mtimes\melt_\f \le \meltB\mtimes\melt_\f \Ra \melt'\mtimes\melt_\f \le \melt'\mtimes\meltB \and
% \melt' \sep \meltB
% }{
% \authfull \melt \mtimes \meltB, \authfrag \melt \mupd \authfull \melt' \mtimes \meltB, \authfrag \melt'
% }
% \end{mathpar}
% We therefore derive two special cases.
% \paragraph{Local frame-preserving updates.}
% \newcommand\authupd{f}%
% Following~\cite{scsl}, we say that $\authupd: \mcar{M} \ra \mcar{M}$ is \emph{local} if
% \[
% \All a, b \in \mcar{M}. a \sep b \land \authupd(a) \neq \mzero \Ra \authupd(a \mtimes b) = \authupd(a) \mtimes b
% \]
% Then,
% \begin{mathpar}
% \inferH{AuthUpdLocal}
% {\text{$\authupd$ local} \and \authupd(\melt)\sep\meltB}
% {\authfull \melt \mtimes \meltB, \authfrag \melt \mupd \authfull \authupd(\melt) \mtimes \meltB, \authfrag \authupd(\melt)}
% \end{mathpar}
% \paragraph{Frame-preserving updates on cancellative monoids.}
% Frame-preserving updates are also possible if we assume $M$ cancellative: Given a CMRA $M$, we construct $\authm(M)$ modeling someone owning an \emph{authoritative} element $\melt$ of $M$, and others potentially owning fragments $\meltB \mincl \melt$ of $\melt$.
% \begin{mathpar} We assume that $M$ has a unit $\munit$, and hence its core is total.
% \inferH{AuthUpdCancel} (If $M$ is an exclusive monoid, the construction is very similar to a half-ownership monoid with two asymmetric halves.)
% {\text{$M$ cancellative} \and \melt'\sep\meltB} \begin{align*}
% {\authfull \melt \mtimes \meltB, \authfrag \melt \mupd \authfull \melt' \mtimes \meltB, \authfrag \melt'} \authm(M) \eqdef{}& \maybe{\exm(M)} \times M \\
% \end{mathpar} \mval_n \eqdef{}& \setComp{ (x, \meltB) \in \authm(M) }{ \meltB \in \mval_n \land (x = \mnocore \lor \Exists \melt. x = \exinj(\melt) \land \meltB \mincl_n \melt) } \\
(x_1, \meltB_1) \mtimes (x_2, \meltB_2) \eqdef{}& (x_1 \mtimes x_2, \meltB_2 \mtimes \meltB_2) \\
\mcore{(x, \meltB)} \eqdef{}& (\mnocore, \mcore\meltB) \\
(x_1, \meltB_1) \nequiv{n} (x_2, \meltB_2) \eqdef{}& x_1 \nequiv{n} x_2 \land \meltB_1 \nequiv{n} \meltB_2
\end{align*}
Note that $(\mnocore, \munit)$ is the unit and asserts no ownership whatsoever, but $(\exinj(\munit), \munit)$ asserts that the authoritative element is $\munit$.
% \subsection{Fractional heap monoid} Let $\melt, \meltB \in M$.
% \label{sec:fheapm} We write $\authfull \melt$ for full ownership $(\exinj(\melt), \munit)$ and $\authfrag \meltB$ for fragmental ownership $(\mnocore, \meltB)$ and $\authfull \melt , \authfrag \meltB$ for combined ownership $(\exinj(\melt), \meltB)$.
% By combining the fractional, finite partial function, and authoritative monoids, we construct two flavors of heaps with fractional permissions and mention their important frame-preserving updates. The frame-preserving update involves the notion of a \emph{local update}:
% Hereinafter, we assume the set $\textdom{Val}$ of values is countable. \newcommand\lupd{\stackrel{\mathrm l}{\mupd}}
\begin{defn}
It is possible to do a \emph{local update} from $\melt_1$ and $\meltB_1$ to $\melt_2$ and $\meltB_2$, written $(\melt_1, \meltB_1) \lupd (\melt_2, \meltB_2)$, if
\[ \All n, \maybe{\melt_\f}. x_1 \in \mval_n \land \melt_1 \nequiv{n} \meltB_1 \mtimes \maybe{\melt_\f} \Ra \melt_2 \in \mval_n \land \melt_2 \nequiv{n} \meltB_2 \mtimes \maybe{\melt_\f} \]
\end{defn}
In other words, the idea is that for every possible frame $\maybe{\melt_\f}$ completing $\meltB_1$ to $\melt_1$, the same frame also completes $\meltB_2$ to $\melt_2$.
% Given a set $Y$, define $\FHeap(Y) \eqdef \textdom{Val} \fpfn \fracm(Y)$ representing a fractional heap with codomain $Y$. We then obtain
% From \S\S\ref{sec:fracm} and~\ref{sec:fpfunm} we obtain the following frame-preserving updates as well as the fact that $\FHeap(Y)$ is cancellative. \begin{mathpar}
% \begin{mathpar} \inferH{auth-update}
% \axiomH{FHeapUpd}{h[x \mapsto (1, y)] \mupd h[x \mapsto (1, y')]} \and {(\melt_1, \meltB_1) \lupd (\melt_2, \meltB_2)}
% \axiomH{FHeapAlloc}{h \mupd \{\, h[x \mapsto (1, y)] \mid x \in \textdom{Val} \,\}} {\authfull \melt_1 , \authfrag \meltB_1 \mupd \authfull \melt_2 , \authfrag \meltB_2}
% \end{mathpar} \end{mathpar}
% We will write $qh$ with $h : \textsort{Val} \fpfn Y$ for the function in $\FHeap(Y)$ mapping every $x \in \dom(h)$ to $(q, h(x))$, and everything else to $\munit$.
% Define $\AFHeap(Y) \eqdef \auth{\FHeap(Y)}$ representing an authoritative fractional heap with codomain $Y$.
% We easily obtain the following frame-preserving updates.
% \begin{mathpar}
% \axiomH{AFHeapUpd}{
% (\authfull h[x \mapsto (1, y)], \authfrag [x \mapsto (1, y)]) \mupd (\authfull h[x \mapsto (1, y')], \authfrag [x \mapsto (1, y')])
% }
% \and
% \inferH{AFHeapAdd}{
% x \notin \dom(h)
% }{
% \authfull h \mupd (\authfull h[x \mapsto (q, y)], \authfrag [x \mapsto (q, y)])
% }
% \and
% \axiomH{AFHeapRemove}{
% (\authfull h[x \mapsto (q, y)], \authfrag [x \mapsto (q, y)]) \mupd \authfull h
% }
% \end{mathpar}
\subsection{STS with tokens} \subsection{STS with tokens}
\label{sec:stsmon} \label{sec:sts-cmra}
Given a state-transition system~(STS, \ie a directed graph) $(\STSS, {\stsstep} \subseteq \STSS \times \STSS)$, a set of tokens $\STST$, and a labeling $\STSL: \STSS \ra \wp(\STST)$ of \emph{protocol-owned} tokens for each state, we construct an RA modeling an authoritative current state and permitting transitions given a \emph{bound} on the current state and a set of \emph{locally-owned} tokens. Given a state-transition system~(STS, \ie a directed graph) $(\STSS, {\stsstep} \subseteq \STSS \times \STSS)$, a set of tokens $\STST$, and a labeling $\STSL: \STSS \ra \wp(\STST)$ of \emph{protocol-owned} tokens for each state, we construct an RA modeling an authoritative current state and permitting transitions given a \emph{bound} on the current state and a set of \emph{locally-owned} tokens.
......
...@@ -28,6 +28,8 @@ ...@@ -28,6 +28,8 @@
%% MATH SYMBOLS & NOTATION & IDENTIFIERS %% MATH SYMBOLS & NOTATION & IDENTIFIERS
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\newcommand{\nat}{\mathbb{N}}
\DeclareMathOperator*{\Sep}{\scalerel*{\ast}{\sum}} \DeclareMathOperator*{\Sep}{\scalerel*{\ast}{\sum}}
\newcommand*{\disj}[1][]{\mathrel{\#_{#1}}} \newcommand*{\disj}[1][]{\mathrel{\#_{#1}}}
\newcommand\pord{\sqsubseteq} \newcommand\pord{\sqsubseteq}
...@@ -35,7 +37,7 @@ ...@@ -35,7 +37,7 @@
\newcommand{\upclose}{\mathord{\uparrow}} \newcommand{\upclose}{\mathord{\uparrow}}
\newcommand{\ALT}{\ |\ } \newcommand{\ALT}{\ |\ }
\newcommand{\spac}{\:} % a space \newcommand{\spac}{\,} % a space
\def\All #1.{\forall #1.\spac}% \def\All #1.{\forall #1.\spac}%
\def\Exists #1.{\exists #1.\spac}% \def\Exists #1.{\exists #1.\spac}%
...@@ -80,6 +82,12 @@ ...@@ -80,6 +82,12 @@
\newcommand{\Func}{F} % functor \newcommand{\Func}{F} % functor
\newcommand{\subst}[3]{{#1}[{#3} / {#2}]}
\newcommand{\mapinsert}[3]{#3[#1:=#2]}
\newcommand{\nil}{\epsilon}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%% MODEL-SPECIFIC SYMBOLS & NOTATION & IDENTIFIERS %% MODEL-SPECIFIC SYMBOLS & NOTATION & IDENTIFIERS
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
...@@ -122,6 +130,10 @@ ...@@ -122,6 +130,10 @@
\newcommand{\iPreProp}{\textdom{iPreProp}} \newcommand{\iPreProp}{\textdom{iPreProp}}
\newcommand{\Wld}{\textdom{Wld}} \newcommand{\Wld}{\textdom{Wld}}
\newcommand{\Res}{\textdom{Res}} \newcommand{\Res}{\textdom{Res}}
\newcommand{\State}{\textdom{State}}
\newcommand{\Val}{\textdom{Val}}
\newcommand{\Loc}{\textdom{Loc}}
\newcommand{\Expr}{\textdom{Expr}}
\newcommand{\cofe}{T} \newcommand{\cofe}{T}
\newcommand{\cofeB}{U} \newcommand{\cofeB}{U}
...@@ -169,6 +181,7 @@ ...@@ -169,6 +181,7 @@
\newcommand{\sigax}{A} \newcommand{\sigax}{A}
\newcommand{\type}{\tau} \newcommand{\type}{\tau}
\newcommand{\typeB}{\sigma}
\newcommand{\var}{x} \newcommand{\var}{x}
\newcommand{\varB}{y} \newcommand{\varB}{y}
...@@ -184,9 +197,13 @@ ...@@ -184,9 +197,13 @@
\newcommand{\propB}{Q} \newcommand{\propB}{Q}
\newcommand{\propC}{R} \newcommand{\propC}{R}
\newcommand{\pred}{\varphi} % pure propositions
\newcommand{\predB}{\psi} \newcommand{\pprop}{\phi}
\newcommand{\predC}{\zeta} \newcommand{\ppropB}{\psi}
\newcommand{\pred}{\varPhi}
\newcommand{\predB}{\Psi}
\newcommand{\predC}{\Zeta}
\newcommand{\gname}{\gamma} \newcommand{\gname}{\gamma}
\newcommand{\iname}{\iota} \newcommand{\iname}{\iota}
...@@ -202,18 +219,19 @@ ...@@ -202,18 +219,19 @@
\newcommand{\proves}{\vdash} \newcommand{\proves}{\vdash}
\newcommand{\provesIff}{\mathrel{\dashv\vdash}} \newcommand{\provesIff}{\mathrel{\dashv\vdash}}
\newcommand{\wand}{\;{{\mbox{---}}\!\!{*}}\;} \newcommand{\wand}{\mathrel{-\!\!*}}
% oh my... I have to wrap the "-" in a \mathrm, otherwise all hell breaks lose... % oh my... I have to wrap the "-" in a \mathrm, otherwise all hell breaks lose...
\newcommand{\fmapsto}[1][\mathrm{-}]{\xmapsto{#1}} \newcommand{\fmapsto}[1][]{\xmapsto{#1}}
\newcommand{\gmapsto}{\hookrightarrow}% \newcommand{\gmapsto}{\hookrightarrow}%
\newcommand{\fgmapsto}[1][\mathrm{-}]{\xhookrightarrow{#1}}% \newcommand{\fgmapsto}[1][\mathrm{-}]{\xhookrightarrow{#1}}%
\NewDocumentCommand\wpre{m O{} m}% \NewDocumentCommand\wpre{m O{} m}%
{\textlog{wp}_{#2}\spac#1\spac{\{#3\}}} {\textlog{wp}_{#2}\spac#1\spac{\left\{#3\right\}}}
\newcommand{\later}{\mathord{\triangleright}} \newcommand{\later}{\mathop{\triangleright}}
\newcommand{\always}{\Box{}} \newcommand{\always}{\mathop{\Box}}
\newcommand{\pure}{\mathop{\blacksquare}}
%% Invariants and Ghost ownership %% Invariants and Ghost ownership
% PDS: Was 0pt inner, 2pt outer. % PDS: Was 0pt inner, 2pt outer.
...@@ -222,7 +240,7 @@ ...@@ -222,7 +240,7 @@
\NewDocumentCommand \boxedassert {O{} m o}{% \NewDocumentCommand \boxedassert {O{} m o}{%
\tikz[baseline=(m.base)]{ \tikz[baseline=(m.base)]{
% \node[rectangle, draw,inner sep=0.8pt,anchor=base,#1] (m) {${#2}\mathstrut$}; % \node[rectangle, draw,inner sep=0.8pt,anchor=base,#1] (m) {${#2}\mathstrut$};
\node[rectangle,inner sep=0.8pt,outer sep=0.2pt,anchor=base] (m) {${#2}\mathstrut$}; \node[rectangle,inner sep=0.8pt,outer sep=0.2pt,anchor=base] (m) {${\,#2\,}\mathstrut$};
\draw[#1,boxedassert_border] ($(m.south west) + (0,0.65pt)$) rectangle ($(m.north east) + (0, 0.7pt)$); \draw[#1,boxedassert_border] ($(m.south west) + (0,0.65pt)$) rectangle ($(m.north east) + (0, 0.7pt)$);
}\IfNoValueF{#3}{^{\,#3}}% }\IfNoValueF{#3}{^{\,#3}}%
} }
...@@ -256,7 +274,7 @@ ...@@ -256,7 +274,7 @@
\NewDocumentCommand \vsW {O{} O{}} {\vsGen[#1]{\vsWand}[#2]} \NewDocumentCommand \vsW {O{} O{}} {\vsGen[#1]{\vsWand}[#2]}
% for now, the update modality looks like a pvs without masks. % for now, the update modality looks like a pvs without masks.
\NewDocumentCommand \upd {} {\mathord{\mid\kern-0.4ex\Rrightarrow\kern-0.25ex}} \NewDocumentCommand \upd {} {\mathop{\mid\kern-0.4ex\Rrightarrow\kern-0.25ex}}
%% Hoare Triples %% Hoare Triples
...@@ -269,12 +287,8 @@ ...@@ -269,12 +287,8 @@
\setbox1=\hoarescalebox{#1}{\copy0}% \setbox1=\hoarescalebox{#1}{\copy0}%
\setbox2=\hoarescalebox{#2}{\copy0}% \setbox2=\hoarescalebox{#2}{\copy0}%
\copy1{#3}\copy2% \copy1{#3}\copy2%
\;{#4}\;% \; #4 \;%
\copy1{#5}\copy2} \copy1{#5}\copy2}
\NewDocumentCommand \hoare {m m m O{}}{
\triple\{\}{#1}{#2}{#3}%
_{#4}%
}
\newcommand{\bracket}[4][]{% \newcommand{\bracket}[4][]{%
\setbox0=\hbox{$\mathsurround=0pt{#1}{#4}\mathstrut$}% \setbox0=\hbox{$\mathsurround=0pt{#1}{#4}\mathstrut$}%
...@@ -284,6 +298,11 @@ ...@@ -284,6 +298,11 @@
% \curlybracket[other] x % \curlybracket[other] x
\newcommand{\curlybracket}[2][]{\bracket[{#1}]\{\}{#2}} \newcommand{\curlybracket}[2][]{\bracket[{#1}]\{\}{#2}}
\newcommand{\anglebracket}[2][]{\bracket[{#1}]\langle\rangle{#2}} \newcommand{\anglebracket}[2][]{\bracket[{#1}]\langle\rangle{#2}}
\NewDocumentCommand \hoare {m m m O{}}{
\curlybracket{#1}\spac #2 \spac \curlybracket{#3}_{#4}%
}
% \hoareV[t] pre c post [mask] % \hoareV[t] pre c post [mask]
\NewDocumentCommand \hoareV {O{c} m m m O{}}{ \NewDocumentCommand \hoareV {O{c} m m m O{}}{
{\begin{aligned}[#1] {\begin{aligned}[#1]
...@@ -321,7 +340,10 @@ ...@@ -321,7 +340,10 @@
\newcommand{\valB}{w} \newcommand{\valB}{w}
\newcommand{\state}{\sigma} \newcommand{\state}{\sigma}
\newcommand{\step}{\ra} \newcommand{\step}{\ra}
\newcommand{\hstep}{\ra_{\mathsf{h}}}
\newcommand{\tpstep}{\ra_{\mathsf{tp}}}
\newcommand{\lctx}{K} \newcommand{\lctx}{K}
\newcommand{\Lctx}{\textdom{Ctx}}
\newcommand{\toval}{\mathrm{expr\any to\any val}} \newcommand{\toval}{\mathrm{expr\any to\any val}}
\newcommand{\ofval}{\mathrm{val\any to\any expr}} \newcommand{\ofval}{\mathrm{val\any to\any expr}}
...@@ -333,6 +355,8 @@ ...@@ -333,6 +355,8 @@
\newcommand{\cfg}[2]{{#1};{#2}} \newcommand{\cfg}[2]{{#1};{#2}}
\def\fill#1[#2]{#1 {[}\, #2\,{]} }
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
% STANDARD DERIVED CONSTRUCTIONS % STANDARD DERIVED CONSTRUCTIONS
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
...@@ -383,12 +407,11 @@ ...@@ -383,12 +407,11 @@
\newcommand{\stsfstep}[1]{\xrightarrow{#1}} \newcommand{\stsfstep}[1]{\xrightarrow{#1}}
\newcommand{\stsftrans}[1]{\stsfstep{#1}^{*}} \newcommand{\stsftrans}[1]{\stsfstep{#1}^{*}}
\tikzstyle{sts} = [->,every node/.style={rectangle, rounded corners, draw, minimum size=1.2cm, align=center}] \tikzstyle{sts} = [->,every node/.style={rectangle, rounded corners, draw, minimum size=1.2cm, align=center}]
\tikzstyle{sts_arrows} = [arrows={->[scale=1.5]},every node/.style={font=\sffamily\small}] \tikzstyle{sts_arrows} = [arrows={->[scale=1.5]},every node/.style={font=\sffamily\small}]