Commit cbc5b184 authored by Robbert Krebbers's avatar Robbert Krebbers
Browse files

Merge branch 'master' into gen_proofmode

parents 6a0e1c76 7298dd39
...@@ -3,6 +3,7 @@ image: ralfjung/opam-ci:latest ...@@ -3,6 +3,7 @@ image: ralfjung/opam-ci:latest
stages: stages:
- build - build
- deploy - deploy
- build_more
variables: variables:
CPU_CORES: "9" CPU_CORES: "9"
...@@ -19,7 +20,6 @@ variables: ...@@ -19,7 +20,6 @@ variables:
- 'time make -k -j$CPU_CORES TIMED=y 2>&1 | tee build-log.txt' - 'time make -k -j$CPU_CORES TIMED=y 2>&1 | tee build-log.txt'
- 'if fgrep Axiom build-log.txt >/dev/null; then exit 1; fi' - 'if fgrep Axiom build-log.txt >/dev/null; then exit 1; fi'
- 'cat build-log.txt | egrep "[a-zA-Z0-9_/-]+ \((real|user): [0-9]" | tee build-time.txt' - 'cat build-log.txt | egrep "[a-zA-Z0-9_/-]+ \((real|user): [0-9]" | tee build-time.txt'
- 'if test -n "$VALIDATE" && (( RANDOM % 10 == 0 )); then make validate; fi'
cache: cache:
key: "$CI_JOB_NAME" key: "$CI_JOB_NAME"
paths: paths:
...@@ -42,6 +42,7 @@ opam: ...@@ -42,6 +42,7 @@ opam:
build-coq.8.7.dev: build-coq.8.7.dev:
<<: *template <<: *template
stage: build_more
variables: variables:
OPAM_PINS: "coq version 8.7.dev" OPAM_PINS: "coq version 8.7.dev"
artifacts: artifacts:
......
...@@ -37,7 +37,8 @@ Elements that cannot be distinguished by programs within $n$ steps remain indist ...@@ -37,7 +37,8 @@ Elements that cannot be distinguished by programs within $n$ steps remain indist
The category $\OFEs$ consists of OFEs as objects, and non-expansive functions as arrows. The category $\OFEs$ consists of OFEs as objects, and non-expansive functions as arrows.
\end{defn} \end{defn}
Note that $\OFEs$ is cartesian closed. In particular: Note that $\OFEs$ is bicartesian closed, \ie it has all sums, products and exponentials as well as an initial and a terminal object.
In particular:
\begin{defn} \begin{defn}
Given two OFEs $\ofe$ and $\ofeB$, the set of non-expansive functions $\set{f : \ofe \nfn \ofeB}$ is itself an OFE with Given two OFEs $\ofe$ and $\ofeB$, the set of non-expansive functions $\set{f : \ofe \nfn \ofeB}$ is itself an OFE with
\begin{align*} \begin{align*}
......
...@@ -32,18 +32,25 @@ Below, $\melt$ ranges over $\monoid$ and $i$ ranges over $\set{1,2}$. ...@@ -32,18 +32,25 @@ Below, $\melt$ ranges over $\monoid$ and $i$ ranges over $\set{1,2}$.
\begin{align*} \begin{align*}
\type \bnfdef{}& \type \bnfdef{}&
\sigtype \mid \sigtype \mid
0 \mid
1 \mid 1 \mid
\type + \type \mid
\type \times \type \mid \type \times \type \mid
\type \to \type \type \to \type
\\[0.4em] \\[0.4em]
\term, \prop, \pred \bnfdef{}& \term, \prop, \pred \bnfdef{}&
\var \mid \var \mid
\sigfn(\term_1, \dots, \term_n) \mid \sigfn(\term_1, \dots, \term_n) \mid
\textlog{abort}\; \term \mid
() \mid () \mid
(\term, \term) \mid (\term, \term) \mid
\pi_i\; \term \mid \pi_i\; \term \mid
\Lam \var:\type.\term \mid \Lam \var:\type.\term \mid
\term(\term) \mid \term(\term) \mid
\\&
\textlog{inj}_i\; \term \mid
\textlog{match}\; \term \;\textlog{with}\; \Ret\textlog{inj}_1\; \var. \term \mid \Ret\textlog{inj}_2\; \var. \term \;\textlog{end} \mid
%
\melt \mid \melt \mid
\mcore\term \mid \mcore\term \mid
\term \mtimes \term \mid \term \mtimes \term \mid
...@@ -67,7 +74,10 @@ Below, $\melt$ ranges over $\monoid$ and $i$ ranges over $\set{1,2}$. ...@@ -67,7 +74,10 @@ Below, $\melt$ ranges over $\monoid$ and $i$ ranges over $\set{1,2}$.
{\later\prop} \mid {\later\prop} \mid
\upd \prop \upd \prop
\end{align*} \end{align*}
Recursive predicates must be \emph{guarded}: in $\MU \var. \term$, the variable $\var$ can only appear under the later $\later$ modality. Well-typedness forces recursive definitions to be \emph{guarded}:
In $\MU \var. \term$, the variable $\var$ can only appear under the later $\later$ modality.
Furthermore, the type of the definition must be \emph{complete}.
The type $\Prop$ is complete, and if $\type$ is complete, then so is $\type' \to \type$.
Note that the modalities $\upd$, $\always$, $\plainly$ and $\later$ bind more tightly than $*$, $\wand$, $\land$, $\lor$, and $\Ra$. Note that the modalities $\upd$, $\always$, $\plainly$ and $\later$ bind more tightly than $*$, $\wand$, $\land$, $\lor$, and $\Ra$.
...@@ -106,7 +116,10 @@ In writing $\vctx, x:\type$, we presuppose that $x$ is not already declared in $ ...@@ -106,7 +116,10 @@ In writing $\vctx, x:\type$, we presuppose that $x$ is not already declared in $
}{ }{
\vctx \proves \wtt {\sigfn(\term_1, \dots, \term_n)} {\type_{n+1}} \vctx \proves \wtt {\sigfn(\term_1, \dots, \term_n)} {\type_{n+1}}
} }
%%% products %%% empty, unit, products, sums
\and
\infer{\vctx \proves \wtt\term{0}}
{\vctx \proves \wtt{\textlog{abort}\; \term}\type}
\and \and
\axiom{\vctx \proves \wtt{()}{1}} \axiom{\vctx \proves \wtt{()}{1}}
\and \and
...@@ -115,6 +128,14 @@ In writing $\vctx, x:\type$, we presuppose that $x$ is not already declared in $ ...@@ -115,6 +128,14 @@ In writing $\vctx, x:\type$, we presuppose that $x$ is not already declared in $
\and \and
\infer{\vctx \proves \wtt{\term}{\type_1 \times \type_2} \and i \in \{1, 2\}} \infer{\vctx \proves \wtt{\term}{\type_1 \times \type_2} \and i \in \{1, 2\}}
{\vctx \proves \wtt{\pi_i\,\term}{\type_i}} {\vctx \proves \wtt{\pi_i\,\term}{\type_i}}
\and
\infer{\vctx \proves \wtt\term{\type_i} \and i \in \{1, 2\}}
{\vctx \proves \wtt{\textlog{inj}_i\;\term}{\type_1 + \type_2}}
\and
\infer{\vctx \proves \wtt\term{\type_1 + \type_2} \and
\vctx, \var:\type_1 \proves \wtt{\term_1}\type \and
\vctx, \varB:\type_2 \proves \wtt{\term_2}\type}
{\vctx \proves \wtt{\textlog{match}\; \term \;\textlog{with}\; \Ret\textlog{inj}_1\; \var. \term_1 \mid \Ret\textlog{inj}_2\; \varB. \term_2 \;\textlog{end}}{\type}}
%%% functions %%% functions
\and \and
\infer{\vctx, x:\type \proves \wtt{\term}{\type'}} \infer{\vctx, x:\type \proves \wtt{\term}{\type'}}
...@@ -125,7 +146,7 @@ In writing $\vctx, x:\type$, we presuppose that $x$ is not already declared in $ ...@@ -125,7 +146,7 @@ In writing $\vctx, x:\type$, we presuppose that $x$ is not already declared in $
{\vctx \proves \wtt{\term(\termB)}{\type'}} {\vctx \proves \wtt{\term(\termB)}{\type'}}
%%% monoids %%% monoids
\and \and
\infer{}{\vctx \proves \wtt\munit{\textlog{M}}} \infer{}{\vctx \proves \wtt\melt{\textlog{M}}}
\and \and
\infer{\vctx \proves \wtt\melt{\textlog{M}}}{\vctx \proves \wtt{\mcore\melt}{\textlog{M}}} \infer{\vctx \proves \wtt\melt{\textlog{M}}}{\vctx \proves \wtt{\mcore\melt}{\textlog{M}}}
\and \and
...@@ -157,7 +178,8 @@ In writing $\vctx, x:\type$, we presuppose that $x$ is not already declared in $ ...@@ -157,7 +178,8 @@ In writing $\vctx, x:\type$, we presuppose that $x$ is not already declared in $
\and \and
\infer{ \infer{
\vctx, \var:\type \proves \wtt{\term}{\type} \and \vctx, \var:\type \proves \wtt{\term}{\type} \and
\text{$\var$ is guarded in $\term$} \text{$\var$ is guarded in $\term$} \and
\text{$\type$ is complete}
}{ }{
\vctx \proves \wtt{\MU \var:\type. \term}{\type} \vctx \proves \wtt{\MU \var:\type. \term}{\type}
} }
...@@ -286,7 +308,7 @@ This is entirely standard. ...@@ -286,7 +308,7 @@ This is entirely standard.
% {} % {}
% {\pfctx \proves \mu\var: \type. \prop =_{\type} \prop[\mu\var: \type. \prop/\var]} % {\pfctx \proves \mu\var: \type. \prop =_{\type} \prop[\mu\var: \type. \prop/\var]}
\end{mathparpagebreakable} \end{mathparpagebreakable}
Furthermore, we have the usual $\eta$ and $\beta$ laws for projections, $\lambda$ and $\mu$. Furthermore, we have the usual $\eta$ and $\beta$ laws for projections, $\textlog{abort}$, sum elimination, $\lambda$ and $\mu$.
\paragraph{Laws of (affine) bunched implications.} \paragraph{Laws of (affine) bunched implications.}
...@@ -317,8 +339,8 @@ Furthermore, we have the usual $\eta$ and $\beta$ laws for projections, $\lambda ...@@ -317,8 +339,8 @@ Furthermore, we have the usual $\eta$ and $\beta$ laws for projections, $\lambda
{\plainly\prop \proves \always\prop} {\plainly\prop \proves \always\prop}
\and \and
\begin{array}[c]{rMcMl} \begin{array}[c]{rMcMl}
\TRUE &\proves& \plainly{\TRUE} \\ (\plainly P \Ra \plainly Q) &\proves& \plainly (\plainly P \Ra Q) \\
(\plainly P \Ra \plainly Q) &\proves& \plainly (\plainly P \Ra Q) \plainly ( ( P \Ra Q) \land (Q \Ra P ) ) &\proves& P =_{\Prop} Q
\end{array} \end{array}
\and \and
\begin{array}[c]{rMcMl} \begin{array}[c]{rMcMl}
...@@ -326,8 +348,8 @@ Furthermore, we have the usual $\eta$ and $\beta$ laws for projections, $\lambda ...@@ -326,8 +348,8 @@ Furthermore, we have the usual $\eta$ and $\beta$ laws for projections, $\lambda
\All x. \plainly{\prop} &\proves& \plainly{\All x. \prop} \\ \All x. \plainly{\prop} &\proves& \plainly{\All x. \prop} \\
\plainly{\Exists x. \prop} &\proves& \Exists x. \plainly{\prop} \plainly{\Exists x. \prop} &\proves& \Exists x. \plainly{\prop}
\end{array} \end{array}
\and %\and
\infer[PropExt]{}{\plainly ( ( P \Ra Q) \land (Q \Ra P ) ) \proves P =_{\Prop} Q} %\infer[PropExt]{}{\plainly ( ( P \Ra Q) \land (Q \Ra P ) ) \proves P =_{\Prop} Q}
\end{mathpar} \end{mathpar}
\paragraph{Laws for the persistence modality.} \paragraph{Laws for the persistence modality.}
...@@ -340,8 +362,8 @@ Furthermore, we have the usual $\eta$ and $\beta$ laws for projections, $\lambda ...@@ -340,8 +362,8 @@ Furthermore, we have the usual $\eta$ and $\beta$ laws for projections, $\lambda
{\always\prop \proves \prop} {\always\prop \proves \prop}
\and \and
\begin{array}[c]{rMcMl} \begin{array}[c]{rMcMl}
\always{\prop} \land \propB &\proves& \always{\prop} * \propB \\ (\plainly P \Ra \always Q) &\proves& \always (\plainly P \Ra Q) \\
(\plainly P \Ra \always Q) &\proves& \always (\plainly P \Ra Q) \always{\prop} \land \propB &\proves& \always{\prop} * \propB
\end{array} \end{array}
\and \and
\begin{array}[c]{rMcMl} \begin{array}[c]{rMcMl}
...@@ -358,7 +380,7 @@ Furthermore, we have the usual $\eta$ and $\beta$ laws for projections, $\lambda ...@@ -358,7 +380,7 @@ Furthermore, we have the usual $\eta$ and $\beta$ laws for projections, $\lambda
{\prop \proves \propB} {\prop \proves \propB}
{\later\prop \proves \later{\propB}} {\later\prop \proves \later{\propB}}
\and \and
\infer[L{\"o}b] \inferhref{L{\"o}b}{Loeb}
{} {}
{(\later\prop\Ra\prop) \proves \prop} {(\later\prop\Ra\prop) \proves \prop}
\and \and
......
...@@ -35,8 +35,13 @@ We collect here some important and frequently used derived proof rules. ...@@ -35,8 +35,13 @@ We collect here some important and frequently used derived proof rules.
\infer{} \infer{}
{\prop \proves \later\prop} {\prop \proves \later\prop}
\infer{}
{\TRUE \proves \plainly\TRUE}
\end{mathparpagebreakable} \end{mathparpagebreakable}
Noteworthy here is the fact that $\prop \proves \later\prop$ can be derived from Löb induction, and $\TRUE \proves \plainly\TRUE$ can be derived via $\plainly$ commuting with universal quantification ranging over the empty type $0$.
\subsection{Persistent assertions} \subsection{Persistent assertions}
We call an assertion $\prop$ \emph{persistent} if $\prop \proves \always\prop$. We call an assertion $\prop$ \emph{persistent} if $\prop \proves \always\prop$.
These are assertions that ``don't own anything'', so we can (and will) treat them like ``normal'' intuitionistic assertions. These are assertions that ``don't own anything'', so we can (and will) treat them like ``normal'' intuitionistic assertions.
......
...@@ -9,11 +9,13 @@ The semantic domains are interpreted as follows: ...@@ -9,11 +9,13 @@ The semantic domains are interpreted as follows:
\[ \[
\begin{array}[t]{@{}l@{\ }c@{\ }l@{}} \begin{array}[t]{@{}l@{\ }c@{\ }l@{}}
\Sem{\Prop} &\eqdef& \UPred(\monoid) \\ \Sem{\Prop} &\eqdef& \UPred(\monoid) \\
\Sem{\textlog{M}} &\eqdef& \monoid \Sem{\textlog{M}} &\eqdef& \monoid \\
\Sem{0} &\eqdef& \Delta \emptyset \\
\Sem{1} &\eqdef& \Delta \{ () \}
\end{array} \end{array}
\qquad\qquad \qquad\qquad
\begin{array}[t]{@{}l@{\ }c@{\ }l@{}} \begin{array}[t]{@{}l@{\ }c@{\ }l@{}}
\Sem{1} &\eqdef& \Delta \{ () \} \\ \Sem{\type + \type'} &\eqdef& \Sem{\type} + \Sem{\type} \\
\Sem{\type \times \type'} &\eqdef& \Sem{\type} \times \Sem{\type} \\ \Sem{\type \times \type'} &\eqdef& \Sem{\type} \times \Sem{\type} \\
\Sem{\type \to \type'} &\eqdef& \Sem{\type} \nfn \Sem{\type} \\ \Sem{\type \to \type'} &\eqdef& \Sem{\type} \nfn \Sem{\type} \\
\end{array} \end{array}
...@@ -80,9 +82,15 @@ For every definition, we have to show all the side-conditions: The maps have to ...@@ -80,9 +82,15 @@ For every definition, we have to show all the side-conditions: The maps have to
\Sem{\vctx \proves \MU \var:\type. \term : \type}_\gamma &\eqdef \Sem{\vctx \proves \MU \var:\type. \term : \type}_\gamma &\eqdef
\mathit{fix}(\Lam \termB : \Sem{\type}. \Sem{\vctx, x : \type \proves \term : \type}_{\mapinsert \var \termB \gamma}) \\ \mathit{fix}(\Lam \termB : \Sem{\type}. \Sem{\vctx, x : \type \proves \term : \type}_{\mapinsert \var \termB \gamma}) \\
~\\ ~\\
\Sem{\vctx \proves \textlog{abort}\;\term : \type}_\gamma &\eqdef \mathit{abort}_{\Sem\type}(\Sem{\vctx \proves \term:0}_\gamma) \\
\Sem{\vctx \proves () : 1}_\gamma &\eqdef () \\ \Sem{\vctx \proves () : 1}_\gamma &\eqdef () \\
\Sem{\vctx \proves (\term_1, \term_2) : \type_1 \times \type_2}_\gamma &\eqdef (\Sem{\vctx \proves \term_1 : \type_1}_\gamma, \Sem{\vctx \proves \term_2 : \type_2}_\gamma) \\ \Sem{\vctx \proves (\term_1, \term_2) : \type_1 \times \type_2}_\gamma &\eqdef (\Sem{\vctx \proves \term_1 : \type_1}_\gamma, \Sem{\vctx \proves \term_2 : \type_2}_\gamma) \\
\Sem{\vctx \proves \pi_i(\term) : \type_i}_\gamma &\eqdef \pi_i(\Sem{\vctx \proves \term : \type_1 \times \type_2}_\gamma) \\ \Sem{\vctx \proves \pi_i\; \term : \type_i}_\gamma &\eqdef \pi_i(\Sem{\vctx \proves \term : \type_1 \times \type_2}_\gamma) \\
\Sem{\vctx \proves \textlog{inj}_i\;\term : \type_1 + \type_2}_\gamma &\eqdef \mathit{inj}_i(\Sem{\vctx \proves \term : \type_i}_\gamma) \\
\Sem{\vctx \proves \textlog{match}\; \term \;\textlog{with}\; \Ret\textlog{inj}_1\; \var_1. \term_1 \mid \Ret\textlog{inj}_2\; \var_2. \term_2 \;\textlog{end} : \type }_\gamma &\eqdef
\Sem{\vctx, \var_i:\type_i \proves \term_i : \type}_{\mapinsert{\var_i}\termB \gamma} \\
&\qquad \text{where $\Sem{\vctx \proves \term : \type_1 + \type_2}_\gamma = \mathit{inj}_i(\termB)$}
\\
~\\ ~\\
\Sem{ \melt : \textlog{M} }_\gamma &\eqdef \melt \\ \Sem{ \melt : \textlog{M} }_\gamma &\eqdef \melt \\
\Sem{\vctx \proves \mcore\term : \textlog{M}}_\gamma &\eqdef \mcore{\Sem{\vctx \proves \term : \textlog{M}}_\gamma} \\ \Sem{\vctx \proves \mcore\term : \textlog{M}}_\gamma &\eqdef \mcore{\Sem{\vctx \proves \term : \textlog{M}}_\gamma} \\
...@@ -94,6 +102,7 @@ For every definition, we have to show all the side-conditions: The maps have to ...@@ -94,6 +102,7 @@ For every definition, we have to show all the side-conditions: The maps have to
An environment $\vctx$ is interpreted as the set of An environment $\vctx$ is interpreted as the set of
finite partial functions $\rho$, with $\dom(\rho) = \dom(\vctx)$ and finite partial functions $\rho$, with $\dom(\rho) = \dom(\vctx)$ and
$\rho(x)\in\Sem{\vctx(x)}$. $\rho(x)\in\Sem{\vctx(x)}$.
Above, $\mathit{fix}$ is the fixed-point on COFEs, and $\mathit{abort}_T$ is the unique function $\emptyset \to T$.
\paragraph{Logical entailment.} \paragraph{Logical entailment.}
We can now define \emph{semantic} logical entailment. We can now define \emph{semantic} logical entailment.
......
...@@ -10,6 +10,6 @@ build: [make "-j%{jobs}%"] ...@@ -10,6 +10,6 @@ build: [make "-j%{jobs}%"]
install: [make "install"] install: [make "install"]
remove: ["rm" "-rf" "%{lib}%/coq/user-contrib/iris"] remove: ["rm" "-rf" "%{lib}%/coq/user-contrib/iris"]
depends: [ depends: [
"coq" { >= "8.7.dev" & < "8.8~" } "coq" { >= "8.7.dev" & < "8.8~" | (= "dev") }
"coq-stdpp" { (= "dev.2017-11-22.1") | (= "dev") } "coq-stdpp" { (= "dev.2017-11-29.1") | (= "dev") }
] ]
...@@ -555,11 +555,15 @@ Proof. ...@@ -555,11 +555,15 @@ Proof.
split; first by rewrite cmra_valid_validN. split; first by rewrite cmra_valid_validN.
eauto using cmra_discrete_valid, cmra_validN_le with lia. eauto using cmra_discrete_valid, cmra_validN_le with lia.
Qed. Qed.
Lemma cmra_discrete_valid_iff_0 `{CmraDiscrete A} n x : {0} x {n} x.
Proof. by rewrite -!cmra_discrete_valid_iff. Qed.
Lemma cmra_discrete_included_iff `{OfeDiscrete A} n x y : x y x {n} y. Lemma cmra_discrete_included_iff `{OfeDiscrete A} n x y : x y x {n} y.
Proof. Proof.
split; first by apply cmra_included_includedN. split; first by apply cmra_included_includedN.
intros [z ->%(discrete_iff _ _)]; eauto using cmra_included_l. intros [z ->%(discrete_iff _ _)]; eauto using cmra_included_l.
Qed. Qed.
Lemma cmra_discrete_included_iff_0 `{OfeDiscrete A} n x y : x {0} y x {n} y.
Proof. by rewrite -!cmra_discrete_included_iff. Qed.
(** Cancelable elements *) (** Cancelable elements *)
Global Instance cancelable_proper : Proper (equiv ==> iff) (@Cancelable A). Global Instance cancelable_proper : Proper (equiv ==> iff) (@Cancelable A).
...@@ -1231,92 +1235,93 @@ Qed. ...@@ -1231,92 +1235,93 @@ Qed.
(** ** CMRA for the option type *) (** ** CMRA for the option type *)
Section option. Section option.
Context {A : cmraT}. Context {A : cmraT}.
Implicit Types x y : A. Implicit Types a b : A.
Implicit Types ma mb : option A.
Local Arguments core _ _ !_ /. Local Arguments core _ _ !_ /.
Local Arguments pcore _ _ !_ /. Local Arguments pcore _ _ !_ /.
Instance option_valid : Valid (option A) := λ mx, Instance option_valid : Valid (option A) := λ ma,
match mx with Some x => x | None => True end. match ma with Some a => a | None => True end.
Instance option_validN : ValidN (option A) := λ n mx, Instance option_validN : ValidN (option A) := λ n ma,
match mx with Some x => {n} x | None => True end. match ma with Some a => {n} a | None => True end.
Instance option_pcore : PCore (option A) := λ mx, Some (mx = pcore). Instance option_pcore : PCore (option A) := λ ma, Some (ma = pcore).
Arguments option_pcore !_ /. Arguments option_pcore !_ /.
Instance option_op : Op (option A) := union_with (λ x y, Some (x y)). Instance option_op : Op (option A) := union_with (λ a b, Some (a b)).
Definition Some_valid x : Some x x := reflexivity _. Definition Some_valid a : Some a a := reflexivity _.
Definition Some_validN x n : {n} Some x {n} x := reflexivity _. Definition Some_validN a n : {n} Some a {n} a := reflexivity _.
Definition Some_op x y : Some (x y) = Some x Some y := eq_refl. Definition Some_op a b : Some (a b) = Some a Some b := eq_refl.
Lemma Some_core `{CmraTotal A} x : Some (core x) = core (Some x). Lemma Some_core `{CmraTotal A} a : Some (core a) = core (Some a).
Proof. rewrite /core /=. by destruct (cmra_total x) as [? ->]. Qed. Proof. rewrite /core /=. by destruct (cmra_total a) as [? ->]. Qed.
Lemma Some_op_opM x my : Some x my = Some (x ? my). Lemma Some_op_opM a ma : Some a ma = Some (a ? ma).
Proof. by destruct my. Qed. Proof. by destruct ma. Qed.
Lemma option_included (mx my : option A) : Lemma option_included ma mb :
mx my mx = None x y, mx = Some x my = Some y (x y x y). ma mb ma = None a b, ma = Some a mb = Some b (a b a b).
Proof. Proof.
split. split.
- intros [mz Hmz]. - intros [mc Hmc].
destruct mx as [x|]; [right|by left]. destruct ma as [a|]; [right|by left].
destruct my as [y|]; [exists x, y|destruct mz; inversion_clear Hmz]. destruct mb as [b|]; [exists a, b|destruct mc; inversion_clear Hmc].
destruct mz as [z|]; inversion_clear Hmz; split_and?; auto; destruct mc as [c|]; inversion_clear Hmc; split_and?; auto;
setoid_subst; eauto using cmra_included_l. setoid_subst; eauto using cmra_included_l.
- intros [->|(x&y&->&->&[Hz|[z Hz]])]. - intros [->|(a&b&->&->&[Hc|[c Hc]])].
+ exists my. by destruct my. + exists mb. by destruct mb.
+ exists None; by constructor. + exists None; by constructor.
+ exists (Some z); by constructor. + exists (Some c); by constructor.
Qed. Qed.
Lemma option_includedN n (mx my : option A) : Lemma option_includedN n ma mb :
mx {n} my mx = None x y, mx = Some x my = Some y (x {n} y x {n} y). ma {n} mb ma = None x y, ma = Some x mb = Some y (x {n} y x {n} y).
Proof. Proof.
split. split.
- intros [mz Hmz]. - intros [mc Hmc].
destruct mx as [x|]; [right|by left]. destruct ma as [a|]; [right|by left].
destruct my as [y|]; [exists x, y|destruct mz; inversion_clear Hmz]. destruct mb as [b|]; [exists a, b|destruct mc; inversion_clear Hmc].
destruct mz as [z|]; inversion_clear Hmz; split_and?; auto; destruct mc as [c|]; inversion_clear Hmc; split_and?; auto;
ofe_subst; eauto using cmra_includedN_l. ofe_subst; eauto using cmra_includedN_l.
- intros [->|(x&y&->&->&[Hz|[z Hz]])]. - intros [->|(a&y&->&->&[Hc|[c Hc]])].
+ exists my. by destruct my. + exists mb. by destruct mb.
+ exists None; by constructor. + exists None; by constructor.
+ exists (Some z); by constructor. + exists (Some c); by constructor.
Qed. Qed.
Lemma option_cmra_mixin : CmraMixin (option A). Lemma option_cmra_mixin : CmraMixin (option A).
Proof. Proof.
apply cmra_total_mixin. apply cmra_total_mixin.
- eauto. - eauto.
- by intros [x|] n; destruct 1; constructor; ofe_subst. - by intros [a|] n; destruct 1; constructor; ofe_subst.
- destruct 1; by ofe_subst. - destruct 1; by ofe_subst.
- by destruct 1; rewrite /validN /option_validN //=; ofe_subst. - by destruct 1; rewrite /validN /option_validN //=; ofe_subst.
- intros [x|]; [apply cmra_valid_validN|done]. - intros [a|]; [apply cmra_valid_validN|done].
- intros n [x|]; unfold validN, option_validN; eauto using cmra_validN_S. - intros n [a|]; unfold validN, option_validN; eauto using cmra_validN_S.
- intros [x|] [y|] [z|]; constructor; rewrite ?assoc; auto. - intros [a|] [b|] [c|]; constructor; rewrite ?assoc; auto.
- intros [x|] [y|]; constructor; rewrite 1?comm; auto. - intros [a|] [b|]; constructor; rewrite 1?comm; auto.
- intros [x|]; simpl; auto. - intros [a|]; simpl; auto.
destruct (pcore x) as [cx|] eqn:?; constructor; eauto using cmra_pcore_l. destruct (pcore a) as [ca|] eqn:?; constructor; eauto using cmra_pcore_l.
- intros [x|]; simpl; auto. - intros [a|]; simpl; auto.
destruct (pcore x) as [cx|] eqn:?; simpl; eauto using cmra_pcore_idemp. destruct (pcore a) as [ca|] eqn:?; simpl; eauto using cmra_pcore_idemp.
- intros mx my; setoid_rewrite option_included. - intros ma mb; setoid_rewrite option_included.
intros [->|(x&y&->&->&[?|?])]; simpl; eauto. intros [->|(a&b&->&->&[?|?])]; simpl; eauto.
+ destruct (pcore x) as [cx|] eqn:?; eauto. + destruct (pcore a) as [ca|] eqn:?; eauto.
destruct (cmra_pcore_proper x y cx) as (?&?&?); eauto 10. destruct (cmra_pcore_proper a b ca) as (?&?&?); eauto 10.
+ destruct (pcore x) as [cx|] eqn:?; eauto. + destruct (pcore a) as [ca|] eqn:?; eauto.
destruct (cmra_pcore_mono x y cx) as (?&?&?); eauto 10. destruct (cmra_pcore_mono a b ca) as (?&?&?); eauto 10.
- intros n [x|] [y|]; rewrite /validN /option_validN /=; - intros n [a|] [b|]; rewrite /validN /option_validN /=;
eauto using cmra_validN_op_l. eauto using cmra_validN_op_l.
- intros n mx my1 my2. - intros n ma mb1 mb2.
destruct mx as [x|], my1 as [y1|], my2 as [y2|]; intros Hx Hx'; destruct ma as [a|], mb1 as [b1|], mb2 as [b2|]; intros Hx Hx';
inversion_clear Hx'; auto. inversion_clear Hx'; auto.
+ destruct (cmra_extend n x y1 y2) as (z1&z2&?&?&?); auto. + destruct (cmra_extend n a b1 b2) as (c1&c2&?&?&?); auto.
by exists (Some z1), (Some z2); repeat constructor. by exists (Some c1), (Some c2); repeat constructor.
+ by exists (Some x), None; repeat constructor. + by exists (Some a), None; repeat constructor.
+ by exists None, (Some x); repeat constructor. + by exists None, (Some a); repeat constructor.
+ exists None, None; repeat constructor. + exists None, None; repeat constructor.
Qed. Qed.
Canonical Structure optionR := CmraT (option A) option_cmra_mixin. Canonical Structure optionR := CmraT (option A) option_cmra_mixin.
Global Instance option_cmra_discrete : CmraDiscrete A CmraDiscrete optionR. Global Instance option_cmra_discrete : CmraDiscrete A CmraDiscrete optionR.
Proof. split; [apply _|]. by intros [x|]; [apply (cmra_discrete_valid x)|]. Qed. Proof. split; [apply _|]. by intros [a|]; [apply (cmra_discrete_valid a)|]. Qed.
Instance option_unit : Unit (option A) := None. Instance option_unit : Unit (option A) := None.
Lemma option_ucmra_mixin : UcmraMixin optionR. Lemma option_ucmra_mixin : UcmraMixin optionR.
...@@ -1324,61 +1329,63 @@ Section option. ...@@ -1324,61 +1329,63 @@ Section option.
Canonical Structure optionUR := UcmraT (option A) option_ucmra_mixin. Canonical Structure optionUR := UcmraT (option A) option_ucmra_mixin.
(** Misc *) (** Misc *)
Lemma op_None mx my : mx my = None mx = None my = None. Lemma op_None ma mb : ma mb = None ma = None mb = None.
Proof. destruct mx, my; naive_solver. Qed. Proof. destruct ma, mb; naive_solver. Qed.
Lemma op_is_Some mx my : is_Some (mx my) is_Some mx is_Some my. Lemma op_is_Some ma mb : is_Some (ma mb) is_Some ma is_Some mb.
Proof. rewrite -!not_eq_None_Some op_None. destruct mx, my; naive_solver. Qed. Proof. rewrite -!not_eq_None_Some op_None. destruct ma, mb;