Skip to content
GitLab
Explore
Sign in
Primary navigation
Search or go to…
Project
Iris
Manage
Activity
Members
Labels
Plan
Issues
Issue boards
Milestones
Wiki
Code
Merge requests
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Build
Pipelines
Jobs
Pipeline schedules
Artifacts
Deploy
Releases
Package Registry
Model registry
Operate
Terraform modules
Monitor
Service Desk
Analyze
Value stream analytics
Contributor analytics
CI/CD analytics
Repository analytics
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
Community forum
Contribute to GitLab
Provide feedback
Terms and privacy
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
Pierre Roux
Iris
Commits
e5c727d8
Commit
e5c727d8
authored
6 years ago
by
Ralf Jung
Browse files
Options
Downloads
Patches
Plain Diff
apply feedback
parent
38dbbf59
No related branches found
Branches containing commit
No related tags found
Tags containing commit
No related merge requests found
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
HeapLang.md
+15
-14
15 additions, 14 deletions
HeapLang.md
with
15 additions
and
14 deletions
HeapLang.md
+
15
−
14
View file @
e5c727d8
...
...
@@ -9,10 +9,11 @@ language for simple examples.
HeapLang is a lambda-calculus with operations to allocate individual locations,
`load`
,
`store`
,
`CAS`
(compare-and-swap) and
`FAA`
(fetch-and-add). Moreover,
it has a
`fork`
construct to spawn new threads. In terms of values, we have
integers, booleans, unit, heap locations as well as (binary) sums and products.
integers, booleans, unit, heap locations
,
as well as (binary) sums and products.
Functions are the only binders, so the sum elimination (
`Case`
) expects both
branches to be of function type and passes them the data component of the sum.
Recursive functions are the only binders, so the sum elimination (
`Case`
)
expects both branches to be of function type and passes them the data component
of the sum.
For technical reasons, the only terms that are considered values are those that
begin with the
`Val`
expression former. This means that, for example,
`Pair
...
...
@@ -20,8 +21,8 @@ begin with the `Val` expression former. This means that, for example, `Pair
This leads to some administrative redexes, and to a distinction between "value
pairs", "value sums", "value closures" and their "expression" counterparts.
However, this also makes values
very
syntactically uniform, which we exploit in
the
definition of substitution which just skips over
`Val`
terms, because values
However, this also makes values syntactically uniform, which we exploit in
the
definition of substitution which just skips over
`Val`
terms, because values
should be closed and hence not affected by substitution. As a consequence, we
can entirely avoid even talking about "closed terms", that notion just does not
have to come up anywhere. We also exploit this when writing specifications,
...
...
@@ -47,7 +48,7 @@ eagerly.
## Tactics
HeapLang coms with a bunch of tactics that facilitate stepping through HeaLang
HeapLang com
e
s with a bunch of tactics that facilitate stepping through Hea
p
Lang
programs as part of proving a weakest precondition. All of these tactics assume
that the current goal is of the shape
`WP e @ E {{ Q }}`
.
...
...
@@ -72,22 +73,22 @@ Tactics to take one or more pure program steps:
Tactics for the heap:
-
`wp_alloc l as "H"`
: Reduce an allocation instruction and call the new
location
`l`
(in the Coq context) and the
assertion that we own it
`H`
(in the
location
`l`
(in the Coq context) and the
points-to assertion
`H`
(in the
spatial context). You can leave away the
`as "H"`
to introduce it as an
anonymous assertion, i.e., that is equivalent to
`as "?"`
.
-
`wp_load`
: Reduce a load operation. This automatically finds the
necessary
ownership
in the spatial context, and fails if it cannot be found.
-
`wp_store`
: Reduce a store operation. This automatically finds the
necessary
ownership
in the spatial context, and fails if it cannot be found.
-
`wp_load`
: Reduce a load operation. This automatically finds the
points-to
assertion
in the spatial context, and fails if it cannot be found.
-
`wp_store`
: Reduce a store operation. This automatically finds the
points-to
assertion
in the spatial context, and fails if it cannot be found.
-
`wp_cas_suc`
,
`wp_cas_fail`
: Reduce a succeeding/failing CAS. This
automatically finds the
necessary ownership
. It also automatically tries to
automatically finds the
points-to assertion
. It also automatically tries to
solve the (in)equality to show that the CAS succeeds/fails, and opens a new
goal if it cannot prove this goal.
-
`wp_cas as H1 | H2`
: Reduce a CAS, performing a case distinction over whether
it succeeds or fails. This automatically finds the
necessary ownership
. The
it succeeds or fails. This automatically finds the
points-to assertion
. The
proof of equality in the first new subgoal will be called
`H1`
, and the proof
of the inequality in the second new subgoal will be called
`H2`
.
-
`wp_faa`
: Reduce a FAA. This automatically finds the
necessary ownership
.
-
`wp_faa`
: Reduce a FAA. This automatically finds the
points-to assertion
.
Further tactics:
...
...
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment
