Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Impredicative invariants using indirection theory #250

Merged
merged 199 commits into from
Nov 13, 2024
Merged

Impredicative invariants using indirection theory #250

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
199 commits
Select commit Hold shift + click to select a range
188ab5f
starting on using indirection theory
nikswamy Oct 25, 2024
50a4c60
a bit more
nikswamy Oct 25, 2024
8182fbe
Proposed API for impredicative heap.
gebner Oct 25, 2024
9ed1a32
Use later-style with_invariants everywhere.
gebner Oct 26, 2024
92d0ca5
Remove new_invariant'
gebner Oct 26, 2024
a0612d6
Later in lock example.
gebner Oct 26, 2024
2a1ba20
Move Pulse lib to new-style invariants.
gebner Oct 26, 2024
be577e8
Migrate examples.
gebner Oct 26, 2024
76438e0
Postulate higher-order ghost state.
gebner Oct 26, 2024
3a2a313
Fix.
gebner Oct 26, 2024
d39ddc1
Port task pool.
gebner Oct 26, 2024
3e458c8
Check universe levels and implement knots.
gebner Oct 27, 2024
a5fda3c
Cleanup.
gebner Oct 27, 2024
4d06436
wip; indirection theory model
nikswamy Oct 27, 2024
7811c0e
avoid needless indirection in definition of ipred
nikswamy Oct 27, 2024
f574caf
Fix assume.
gebner Oct 28, 2024
66dc2e0
a couple of lemmas about strat & unstrat
nikswamy Oct 28, 2024
4c7cf26
Merge branch '_nik_indirection' of github.com:FStarLang/pulse into _n…
nikswamy Oct 28, 2024
07bb00f
Hereditary, later, age
gebner Oct 28, 2024
dbedf76
Merge branch '_nik_indirection' of github.com:FStarLang/pulse into _n…
nikswamy Oct 28, 2024
cd5b56c
setting up interfaces
nikswamy Oct 28, 2024
b68bbcb
Remove removed file.
gebner Oct 28, 2024
a0e0a74
Add core_of fun.
gebner Oct 28, 2024
8b0cef4
More slprops.
gebner Oct 29, 2024
f1f3a15
lift mem actions
nikswamy Oct 29, 2024
d888749
Checkpoint.
gebner Oct 29, 2024
770bdaf
Checkpoint.
gebner Oct 29, 2024
62334ee
Fix build.
gebner Oct 29, 2024
00b1804
timeless_later_credit
gebner Oct 29, 2024
ea1ae54
Fix.
gebner Oct 29, 2024
971be7e
Remove unused code.
gebner Oct 29, 2024
87c78f4
Fix admit
gebner Oct 29, 2024
2958d94
One less admit
gebner Oct 29, 2024
d0e797d
Simplify.
gebner Oct 29, 2024
c233b00
Remove admit.
gebner Oct 29, 2024
e975220
Support higher-order ghost state.
gebner Oct 29, 2024
4093d89
add requirements in Sep.fsti; restore actions
nikswamy Oct 29, 2024
e16ca7a
Merge branch '_nik_indirection' of github.com:FStarLang/pulse into _n…
nikswamy Oct 29, 2024
d10b7bd
implement a with_invariant actions
nikswamy Oct 29, 2024
86eb4d8
dup_inv and has_credits
nikswamy Oct 29, 2024
05bd259
more actions
nikswamy Oct 30, 2024
20f4b19
new_invariant
nikswamy Oct 30, 2024
b0137ab
kill some admits
nikswamy Oct 30, 2024
8e43ad6
nit
nikswamy Oct 30, 2024
bf89ca7
Fix interface.
gebner Oct 30, 2024
1212311
later elim
nikswamy Oct 30, 2024
99f541d
merging
nikswamy Oct 30, 2024
65a3a53
clear credits and istore_join_refl
nikswamy Oct 30, 2024
c7765a5
More implementation.
gebner Oct 30, 2024
748a397
Add a couple more lemmas.
gebner Oct 30, 2024
de61144
using revised mem_invariant_equiv
nikswamy Oct 30, 2024
a05c3bc
Merge branch '_nik_indirection' of github.com:FStarLang/pulse into _n…
nikswamy Oct 30, 2024
9092b9d
revise mem_invariant_age
nikswamy Oct 30, 2024
a381a82
killing admits
nikswamy Oct 31, 2024
93a9b9c
mem_invariant_equiv
gebner Oct 31, 2024
c55bdf2
Implement join_mem.
gebner Oct 31, 2024
fefef5e
fresh_inv
gebner Oct 31, 2024
04833e4
oops
gebner Oct 31, 2024
11a1cc1
Kill admit.
gebner Oct 31, 2024
5317634
Kill admit.
gebner Oct 31, 2024
4fb0e11
Kill admit.
gebner Oct 31, 2024
33c905d
simplify some proofs
nikswamy Oct 31, 2024
e7d1570
Merge branch '_nik_indirection' of github.com:FStarLang/pulse into _n…
nikswamy Oct 31, 2024
ca0c56a
restore Actions proofs with additional level constraints
nikswamy Oct 31, 2024
7b21213
Kill admit.
gebner Oct 31, 2024
8e545b4
Kill admit.
gebner Oct 31, 2024
f275339
Fix admit.
gebner Oct 31, 2024
bd69f68
More lemmas about equiv/later.
gebner Oct 31, 2024
241088b
Remove redundant high-water mark.
gebner Nov 1, 2024
1cfb294
Simplify.
gebner Nov 1, 2024
5e1b2a3
Retract extra precondition.
gebner Nov 1, 2024
d5b02c2
instantiated semantics and PulseCore.Actions
nikswamy Nov 1, 2024
8ac21db
Restore Atomic
nikswamy Nov 1, 2024
2dfc481
killing some admits in Pulse.Lib.Core
nikswamy Nov 1, 2024
e9c7880
extensionality for exists*
nikswamy Nov 1, 2024
302268b
define pulseheapsig; remove lift_exists_eq
nikswamy Nov 1, 2024
a397bea
kill some more admits
nikswamy Nov 1, 2024
5cfdfc5
remove old file
nikswamy Nov 1, 2024
afd5404
Add invariant_name_identifies_invariant
gebner Nov 1, 2024
42c3bbb
Fix assume.
gebner Nov 2, 2024
68b6bfa
wire up invariant_name_identifies_invariant
nikswamy Nov 2, 2024
cfed1dd
restore library with timeless instead of slprop2/storable etc.
nikswamy Nov 3, 2024
c363073
restore tests with timeless: still to be restored ConditionVar and Us…
nikswamy Nov 3, 2024
18b899a
Fix assume.
gebner Nov 4, 2024
f8cb112
equiv_timeless
gebner Nov 4, 2024
f35a34e
fix remaining admits about pulse_mem.(mem_invariant, join_mem, empty_…
nikswamy Nov 4, 2024
9419a67
Merge branch '_nik_indirection' of github.com:FStarLang/pulse into _n…
nikswamy Nov 4, 2024
67710ab
Simplify knot construction.
gebner Nov 5, 2024
23c0857
Simplify knots more.
gebner Nov 5, 2024
4a74aec
Save one char.
gebner Nov 5, 2024
7fb8c65
Get knots under 100 lines.
gebner Nov 5, 2024
61b1e6a
Simplify even more.
gebner Nov 5, 2024
8462e56
Rename down/up to pack/unpack.
gebner Nov 5, 2024
cccae33
Golf!!
gebner Nov 5, 2024
2d1f904
Oops.
gebner Nov 5, 2024
9ff38e9
equiv_star_congr
gebner Nov 5, 2024
865d574
Simplify.
gebner Nov 5, 2024
85d4cfa
More golfing.
gebner Nov 5, 2024
c1f1c2d
Save another two lines.
gebner Nov 5, 2024
ca02ab2
Save another four lines.
gebner Nov 5, 2024
8c46a35
Simplify pack/unpack.
gebner Nov 5, 2024
8789ea2
Fix line count.
gebner Nov 5, 2024
b82b9de
impredicative condition var without codes
nikswamy Nov 5, 2024
6260d73
tweaks
nikswamy Nov 5, 2024
ea760c9
Merge branch '_nik_indirection' of github.com:FStarLang/pulse into _n…
nikswamy Nov 5, 2024
00844a2
kill admit in ConditionVar
nikswamy Nov 5, 2024
f09c7a3
SLPropTable
nikswamy Nov 5, 2024
fdc90a1
factor out a module for ghost fractional tables
nikswamy Nov 5, 2024
84bc4bf
wiring up properties about timeless predicates
nikswamy Nov 6, 2024
e1775b3
Merge core and mem.
gebner Nov 6, 2024
251d098
Forgot two admits.
gebner Nov 6, 2024
0e320e6
Do not expose mem implementation.
gebner Nov 6, 2024
1844f7d
Strengthen invariants a bit.
gebner Nov 6, 2024
59b393c
Do not require knot to be erased.
gebner Nov 6, 2024
1b47ea2
some more timeless slprops
nikswamy Nov 6, 2024
8bea4d9
Merge branch '_nik_indirection' of github.com:FStarLang/pulse into _n…
nikswamy Nov 6, 2024
14abcf6
Rename pulse heap -> timeless heap.
gebner Nov 6, 2024
178dd48
Rename istore -> higher-order ghost store (hogs).
gebner Nov 6, 2024
60e640c
Rename world -> mem.
gebner Nov 6, 2024
84965db
write up properties about equiv
nikswamy Nov 6, 2024
93d5e1b
Merge branch '_nik_indirection' of github.com:FStarLang/pulse into _n…
nikswamy Nov 6, 2024
744d0aa
Remove Impl redirection.
gebner Nov 6, 2024
425c6bb
Merge branch '_nik_indirection' of github.com:FStarLang/pulse into _n…
nikswamy Nov 6, 2024
7b2b478
an interface to slprop_ref in Sep.fsti
nikswamy Nov 6, 2024
b1304e0
fix some typos in interface for slprop_ref, implement in Actions
nikswamy Nov 6, 2024
cfe2db4
slprop_refs
nikswamy Nov 6, 2024
57e7e70
some straggling examples; make test works with F* branch _nik_490_rev…
nikswamy Nov 7, 2024
a86062e
Merge branch '_nik_indirection' into _gebner_indirection_pool
nikswamy Nov 7, 2024
08ad2cf
Remove the other type in IT.
gebner Nov 7, 2024
036c47a
Implement slprop_pts_to
gebner Nov 7, 2024
2051385
restore NuPool and a couple of lemmas
nikswamy Nov 7, 2024
1de3f1b
Merge branch '_gebner_indirection_pool' into _nik_indirection
nikswamy Nov 7, 2024
ab6bc7b
NuPool.fsti: use pulse syntax
mtzguido Nov 7, 2024
da13759
quicksort over nupool
mtzguido Nov 7, 2024
51bb8a8
lib: pledge: fix and reimplement split_pledge
mtzguido Nov 7, 2024
714a417
fix examples
mtzguido Nov 7, 2024
7be435d
fix pool
mtzguido Nov 7, 2024
63e614a
a ghost split_pledge
mtzguido Nov 7, 2024
2466f41
nit
mtzguido Nov 7, 2024
a9f84a4
remove InvList
mtzguido Nov 7, 2024
cdfef59
Fix build.
gebner Nov 7, 2024
0f24809
simplify spin lock example
gebner Nov 8, 2024
ca5bcfc
Reduce imports.
gebner Nov 8, 2024
726127e
Remove comment with scary admit.
gebner Nov 8, 2024
5d45a5f
Implement extraction for later_credit_buy.
gebner Nov 8, 2024
9537c2b
anchored references
nikswamy Nov 8, 2024
2189abb
Merge branch '_nik_indirection' of github.com:FStarLang/pulse into _n…
nikswamy Nov 8, 2024
8ac6def
some cleanup on anchored refs
nikswamy Nov 8, 2024
0f5cccc
inames_live in Sep
nikswamy Nov 8, 2024
863ee20
inames_live and fresh_invariant
nikswamy Nov 8, 2024
53b2210
revise pledges to use fresh_invariant and inames_live
nikswamy Nov 9, 2024
12828d9
fix uses of pledge needing inames_live
nikswamy Nov 9, 2024
d9625f4
remove some straggling commented admits
nikswamy Nov 9, 2024
c84ec21
remove old file ConditionVarWithCodes.fsti
nikswamy Nov 9, 2024
547da18
An extraction pass for OCaml
mtzguido Nov 8, 2024
976d98a
snap
mtzguido Nov 9, 2024
d707d50
Quicksort: Do not use split_pledge
mtzguido Nov 8, 2024
bc13e30
Quicksort.Base: mark function ghost
mtzguido Nov 9, 2024
b54beee
Pulse.Lib.Dv: implement while and par
mtzguido Nov 9, 2024
03c5276
Quicksort.Task: use custom projections
mtzguido Nov 9, 2024
ce8d198
Extracting Quicksort.Task
mtzguido Nov 8, 2024
3199051
Use definitions from paper and hide knot implementation.
gebner Nov 9, 2024
c808ec9
Make star opaque.
gebner Nov 9, 2024
72aab48
Make mem_le opaque.
gebner Nov 9, 2024
323073c
Make slprop_ok opaque too.
gebner Nov 9, 2024
d930988
Robust pool wrapper
mtzguido Nov 10, 2024
ea1c46d
simplify S2.Lock a bit more
nikswamy Nov 10, 2024
46bd360
Remove comments.
gebner Nov 10, 2024
5cadb8b
revise later_credit_buy
nikswamy Nov 10, 2024
3b3fdce
Merge branch '_nik_indirection' of github.com:FStarLang/pulse into _n…
nikswamy Nov 10, 2024
940b57b
clean up a bit
nikswamy Nov 10, 2024
1e137be
some more cleanup
nikswamy Nov 10, 2024
2eaeae0
later_equiv
gebner Nov 11, 2024
4ed7d60
remove assumption
gebner Nov 11, 2024
d1ebfc5
DPE with assume global vars
aseemr Nov 11, 2024
44e8d62
moving global var to a separate module
aseemr Nov 11, 2024
ea2c67d
restore dpe extraction
aseemr Nov 11, 2024
53a0664
Hook up more lemmas.
gebner Nov 11, 2024
a344169
Merge remote-tracking branch 'origin/_aseem_dpe_gvar' into _nik_indir…
gebner Nov 11, 2024
d238f4c
Restore C extraction of DPE.
gebner Nov 11, 2024
af82593
Remove tokens.
gebner Nov 11, 2024
1bcb56a
fix dpe extraction
gebner Nov 11, 2024
90060b4
Remove codeable.
gebner Nov 11, 2024
864ff5e
Add implementation for Pulse.Class.PtsTo
gebner Nov 11, 2024
a77c68a
Remove later_elim_timeless action.
gebner Nov 12, 2024
83cdf86
Remove redundant interpret function
gebner Nov 12, 2024
0418467
Remove redundant precondition.
gebner Nov 12, 2024
d0fab5a
Use formulation from paper.
gebner Nov 12, 2024
560ffbe
remove BUY kind
gebner Nov 12, 2024
cf718b9
remove redundant postcondition
gebner Nov 12, 2024
83a996c
remove unused function
gebner Nov 12, 2024
78b4669
align notation with paper
gebner Nov 12, 2024
9579acf
Merge remote-tracking branch 'origin/_taramana_seq_match' into _nik_i…
nikswamy Nov 12, 2024
b3f2ac6
use unreachable
nikswamy Nov 12, 2024
72c289c
creating a global var requires a duplicable slprop
nikswamy Nov 12, 2024
8ca9319
remove todo comment
nikswamy Nov 12, 2024
0ebb069
Merge remote-tracking branch 'origin/main' into _nik_indirection
gebner Nov 12, 2024
575e0c0
Inline level_at_least_credits
gebner Nov 12, 2024
34282d8
Remove unused definition.
gebner Nov 12, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
477 changes: 268 additions & 209 deletions lib/pulse/core/PulseCore.Action.fst
View file
Open in desktop

Large diffs are not rendered by default.

171 changes: 114 additions & 57 deletions lib/pulse/core/PulseCore.Action.fsti
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,26 +19,24 @@ module PulseCore.Action
module S = FStar.Set
module I = PulseCore.InstantiatedSemantics
module PP = PulseCore.Preorder

module Sep = PulseCore.IndirectionTheorySep
open FStar.PCM
open FStar.Ghost

open PulseCore.InstantiatedSemantics

type reifiability =
| Ghost
| Reifiable
| Atomic

let ( ^^ ) (r1 r2 : reifiability) : reifiability =
if r1 = r2 then r1
else Reifiable
else Atomic

[@@ erasable]
val iref : Type0
val storable_iref (i:iref) : GTot bool
val deq_iref : FStar.GhostSet.decide_eq iref
let inames = FStar.GhostSet.set iref
let singleton (i:iref) : inames = GhostSet.singleton deq_iref i
let iref : Type0 = Sep.iref
let inames = Sep.inames
let singleton (i:iref) : inames = Sep.single i
let emp_inames : inames = GhostSet.empty

let join_inames (is1 is2 : inames) : inames =
Expand Down Expand Up @@ -86,13 +84,13 @@ val frame
(f:act a r opens pre post)
: act a r opens (pre ** frame) (fun x -> post x ** frame)

val lift_ghost_reifiable
val lift_ghost_atomic
(#a:Type)
(#pre:slprop)
(#post:a -> slprop)
(#opens:inames)
(f:act a Ghost opens pre post)
: act a Reifiable opens pre post
: act a Atomic opens pre post

val weaken
(#a:Type)
Expand Down Expand Up @@ -142,31 +140,18 @@ let add_inv (e:inames) (i:iref) : inames = GhostSet.union (singleton i) e
let mem_inv (e:inames) (i:iref) : GTot bool = GhostSet.mem i e

val inv (i:iref) (p:slprop) : slprop
val storable_inv (i:iref { storable_iref i }) (p:slprop3)
: Lemma (is_slprop3 (inv i p))
let live (i:iref) = exists* (p:slprop). inv i p

let rec all_live (ctx:list iref) =
match ctx with
| [] -> emp
| hd::tl -> live hd ** all_live tl

val dup_inv (i:iref) (p:slprop)
: act unit Ghost emp_inames (inv i p) (fun _ -> (inv i p) ** (inv i p))

val new_invariant (p:slprop3)
val new_invariant (p:slprop)
: act iref Ghost emp_inames p (fun i -> inv i p)

val new_storable_invariant (p:slprop2)
: act (i:iref{storable_iref i}) Ghost emp_inames p (fun i -> inv i p)

let fresh_wrt (i:iref)
(ctx:list iref)
: prop
= forall i'. List.Tot.memP i' ctx ==> i' =!= i
val fresh_invariant (ctx:inames) (p:slprop)
: act (i:iref { ~(GhostSet.mem i ctx) }) Ghost emp_inames (p ** Sep.inames_live ctx) (fun i -> inv i p ** Sep.inames_live ctx)

val fresh_invariant (ctx:list iref) (p:slprop3)
: act (i:iref { i `fresh_wrt` ctx }) Ghost emp_inames p (fun i -> inv i p)
val inames_live_inv (i:iref) (p:slprop)
: act unit Ghost emp_inames (inv i p) (fun _ -> inv i p ** Sep.inames_live (singleton i))

val with_invariant
(#a:Type)
Expand All @@ -176,30 +161,29 @@ val with_invariant
(#f_opens:inames)
(#p:slprop)
(i:iref { not (mem_inv f_opens i) })
(f:unit -> act a r f_opens (p ** fp) (fun x -> p ** fp' x))
(f:unit -> act a r f_opens (later p ** fp) (fun x -> later p ** fp' x))
: act a r (add_inv f_opens i) ((inv i p) ** fp) (fun x -> (inv i p) ** fp' x)

val distinct_invariants_have_distinct_names
(#p:slprop)
(#q:slprop)
(i j:iref)
(_:squash (p =!= q))
: act (squash (i =!= j))
Ghost
emp_inames
((inv i p) ** (inv j q))
(fun _ -> (inv i p) ** (inv j q))

val invariant_name_identifies_invariant
(p q:slprop)
(i:iref)
(j:iref { i == j })
: act (squash (p == q))
: act unit
Ghost
emp_inames
((inv i p) ** (inv j q))
(fun _ -> (inv i p) ** (inv j q))
(inv i p ** inv i q)
(fun _ -> inv i p ** inv i q ** later (equiv p q))

////////////////////////////////////////////////////////////////////////
// later and credits
////////////////////////////////////////////////////////////////////////
val later_intro (p:slprop)
: act unit Ghost emp_inames p (fun _ -> later p)

val later_elim (p:slprop)
: act unit Ghost emp_inames (later p ** later_credit 1) (fun _ -> p)

val buy (n:nat)
: stt unit emp (fun _ -> later_credit n)

////////////////////////////////////////////////////////////////////////
// References
Expand All @@ -215,7 +199,14 @@ let is_ref_null (#a:Type) (#p:FStar.PCM.pcm a) (r:ref a p)
: b:bool { b <==> r == ref_null p }
= is_core_ref_null r

val pts_to (#a:Type u#1) (#p:pcm a) (r:ref a p) (v:a) : slprop2
val pts_to (#a:Type u#1) (#p:pcm a) (r:ref a p) (v:a) : slprop

val timeless_pts_to
(#a:Type u#1)
(#p:pcm a)
(r:ref a p)
(v:a)
: Lemma (timeless (pts_to r v))

val pts_to_not_null (#a:Type) (#p:FStar.PCM.pcm a) (r:ref a p) (v:a)
: act (squash (not (is_ref_null r)))
Expand All @@ -229,7 +220,7 @@ val alloc
(#pcm:pcm a)
(x:a{pcm.refine x})
: act (ref a pcm)
Reifiable
Atomic
emp_inames
emp
(fun r -> pts_to r x)
Expand All @@ -243,7 +234,7 @@ val read
-> GTot (y:a{compatible p y v /\
FStar.PCM.frame_compatible p x v y})))
: act (v:a{compatible p x v /\ p.refine v})
Reifiable
Atomic
emp_inames
(pts_to r x)
(fun v -> pts_to r (f v))
Expand All @@ -255,7 +246,7 @@ val write
(x y:Ghost.erased a)
(f:FStar.PCM.frame_preserving_upd p x y)
: act unit
Reifiable
Atomic
emp_inames
(pts_to r x)
(fun _ -> pts_to r y)
Expand Down Expand Up @@ -288,7 +279,15 @@ val gather
// Big references
///////////////////////////////////////////////////////////////////

val big_pts_to (#a:Type u#2) (#p:pcm a) (r:ref a p) (v:a) : slprop3
val big_pts_to (#a:Type u#2) (#p:pcm a) (r:ref a p) (v:a) : slprop


val timeless_big_pts_to
(#a:Type u#2)
(#p:pcm a)
(r:ref a p)
(v:a)
: Lemma (timeless (big_pts_to r v))

val big_pts_to_not_null (#a:Type) (#p:FStar.PCM.pcm a) (r:ref a p) (v:a)
: act (squash (not (is_ref_null r)))
Expand All @@ -302,7 +301,7 @@ val big_alloc
(#pcm:pcm a)
(x:a{pcm.refine x})
: act (ref a pcm)
Reifiable
Atomic
emp_inames
emp
(fun r -> big_pts_to r x)
Expand All @@ -316,7 +315,7 @@ val big_read
-> GTot (y:a{compatible p y v /\
FStar.PCM.frame_compatible p x v y})))
: act (v:a{compatible p x v /\ p.refine v})
Reifiable
Atomic
emp_inames
(big_pts_to r x)
(fun v -> big_pts_to r (f v))
Expand All @@ -328,7 +327,7 @@ val big_write
(x y:Ghost.erased a)
(f:FStar.PCM.frame_preserving_upd p x y)
: act unit
Reifiable
Atomic
emp_inames
(big_pts_to r x)
(fun _ -> big_pts_to r y)
Expand Down Expand Up @@ -363,6 +362,14 @@ val big_gather

val nb_pts_to (#a:Type u#3) (#p:pcm a) (r:ref a p) (v:a) : slprop


val timeless_nb_pts_to
(#a:Type u#3)
(#p:pcm a)
(r:ref a p)
(v:a)
: Lemma (timeless (nb_pts_to r v))

val nb_pts_to_not_null (#a:Type) (#p:FStar.PCM.pcm a) (r:ref a p) (v:a)
: act (squash (not (is_ref_null r)))
Ghost
Expand All @@ -375,7 +382,7 @@ val nb_alloc
(#pcm:pcm a)
(x:a{pcm.refine x})
: act (ref a pcm)
Reifiable
Atomic
emp_inames
emp
(fun r -> nb_pts_to r x)
Expand All @@ -389,7 +396,7 @@ val nb_read
-> GTot (y:a{compatible p y v /\
FStar.PCM.frame_compatible p x v y})))
: act (v:a{compatible p x v /\ p.refine v})
Reifiable
Atomic
emp_inames
(nb_pts_to r x)
(fun v -> nb_pts_to r (f v))
Expand All @@ -401,7 +408,7 @@ val nb_write
(x y:Ghost.erased a)
(f:FStar.PCM.frame_preserving_upd p x y)
: act unit
Reifiable
Atomic
emp_inames
(nb_pts_to r x)
(fun _ -> nb_pts_to r y)
Expand Down Expand Up @@ -463,7 +470,14 @@ val drop (p:slprop)
[@@erasable]
val core_ghost_ref : Type u#0
let ghost_ref (#a:Type u#a) (p:pcm a) : Type u#0 = core_ghost_ref
val ghost_pts_to (#a:Type u#1) (#p:pcm a) (r:ghost_ref p) (v:a) : slprop2
val ghost_pts_to (#a:Type u#1) (#p:pcm a) (r:ghost_ref p) (v:a) : slprop

val timeless_ghost_pts_to
(#a:Type u#1)
(#p:pcm a)
(r:ghost_ref p)
(v:a)
: Lemma (timeless (ghost_pts_to r v))

val ghost_alloc
(#a:Type u#1)
Expand Down Expand Up @@ -515,7 +529,15 @@ val ghost_gather
(ghost_pts_to r v0 ** ghost_pts_to r v1)
(fun _ -> ghost_pts_to r (op pcm v0 v1))

val big_ghost_pts_to (#a:Type u#2) (#p:pcm a) (r:ghost_ref p) (v:a) : slprop3
val big_ghost_pts_to (#a:Type u#2) (#p:pcm a) (r:ghost_ref p) (v:a) : slprop


val timeless_big_ghost_pts_to
(#a:Type u#2)
(#p:pcm a)
(r:ghost_ref p)
(v:a)
: Lemma (timeless (big_ghost_pts_to r v))

val big_ghost_alloc
(#a:Type)
Expand Down Expand Up @@ -570,6 +592,14 @@ val big_ghost_gather
// Non-boxable ghost references
val nb_ghost_pts_to (#a:Type u#3) (#p:pcm a) (r:ghost_ref p) (v:a) : slprop


val timeless_nb_ghost_pts_to
(#a:Type u#3)
(#p:pcm a)
(r:ghost_ref p)
(v:a)
: Lemma (timeless (nb_ghost_pts_to r v))

val nb_ghost_alloc
(#a:Type)
(#pcm:pcm a)
Expand Down Expand Up @@ -632,3 +662,30 @@ val lift_erased
(#post:a -> slprop)
(f:erased (act a Ghost opens pre post))
: act a Ghost opens pre post

val equiv_refl (a:slprop)
: act unit Ghost emp_inames emp (fun _ -> equiv a a)

val equiv_dup (a b:slprop)
: act unit Ghost emp_inames (equiv a b) (fun _ -> equiv a b ** equiv a b)

val equiv_trans (a b c:slprop)
: act unit Ghost emp_inames (equiv a b ** equiv b c) (fun _ -> equiv a c)

val equiv_elim (a b:slprop)
: act unit Ghost emp_inames (a ** equiv a b) (fun _ -> b)

/// slprop_refs
[@@erasable]
val slprop_ref : Type0

val slprop_ref_pts_to (x: slprop_ref) (y: slprop) : slprop

val slprop_ref_alloc (y: slprop)
: act slprop_ref Ghost emp_inames emp fun x -> slprop_ref_pts_to x y

val slprop_ref_share (x:slprop_ref) (y:slprop)
: act unit Ghost emp_inames (slprop_ref_pts_to x y) fun _ -> slprop_ref_pts_to x y ** slprop_ref_pts_to x y

val slprop_ref_gather (x:slprop_ref) (y1 y2: slprop)
: act unit Ghost emp_inames (slprop_ref_pts_to x y1 ** slprop_ref_pts_to x y2) fun _ -> slprop_ref_pts_to x y1 ** later (I.equiv y1 y2)
Loading
Loading