1 files changed, 143 insertions, 0 deletions
diff --git a/theories/nix/wp.v b/theories/nix/wp.v
new file mode 100644
index 0000000..0eca6e1
--- /dev/null
+++ b/theories/nix/wp.v
@@ -0,0 +1,143 @@
+From mininix Require Export nix.operational_props.
+From stdpp Require Import options.
+Definition wp (μ : mode) (e : expr) (Φ : expr → Prop) : Prop :=
+  ∃ e', e -{μ}->* e' ∧ final μ e' ∧ Φ e'.
+Lemma Lit_wp μ Φ bl :
+  base_lit_ok bl →
+  Φ (ELit bl) →
+  wp μ (ELit bl) Φ.
+Proof. exists (ELit bl). by repeat constructor. Qed.
+Lemma Abs_wp μ Φ x e :
+  Φ (EAbs x e) →
+  wp μ (EAbs x e) Φ.
+Proof. exists (EAbs x e). by repeat constructor. Qed.
+Lemma AbsMatch_wp μ Φ ms strict e :
+  Φ (EAbsMatch ms strict e) →
+  wp μ (EAbsMatch ms strict e) Φ.
+Proof. exists (EAbsMatch ms strict e). by repeat constructor. Qed.
+Lemma LetAttr_no_recs_wp μ Φ k αs e :
+  no_recs αs →
+  wp μ (subst ((k,.) ∘ attr_expr <$> αs) e) Φ →
+  wp μ (ELetAttr k (EAttr αs) e) Φ.
+Proof.
+  intros Hαs (e' & Hsteps & ? & HΦ). exists e'. split; [|done].
+  etrans; [|apply Hsteps]. apply rtc_once. by constructor.
+Qed.
+Lemma BinOp_wp μ Φ op e1 e2 :
+  wp SHALLOW e1 (λ e1', ∃ Φop,
+    sem_bin_op op e1' Φop ∧ 
+    wp SHALLOW e2 (λ e2', ∃ e', Φop e2' e' ∧ wp μ e' Φ)) →
+  wp μ (EBinOp op e1 e2) Φ.
+Proof.
+  intros (e1' & Hsteps1 & ? & Φop & Hop1 & e2' & Hsteps2 & ?
+          & e' & Hop2 & e'' & Hsteps & ? & HΦ).
+  exists e''. split; [|done].
+  etrans; [by apply SBinOpL_rtc|].
+  etrans; [by eapply SBinOpR_rtc|].
+  eapply rtc_l; [by econstructor|]. done.
+Qed.
+Lemma Id_wp μ Φ x k e :
+  wp μ e Φ →
+  wp μ (EId x (Some (k,e))) Φ.
+Proof.
+  intros (e' & Hsteps & ? & HΦ). exists e'. split; [|done].
+  etrans; [|apply Hsteps]. apply rtc_once. constructor.
+Qed.
+Lemma App_wp μ Φ e1 e2 :
+  wp SHALLOW e1 (λ e1', wp μ (EApp e1' e2) Φ) ↔
+  wp μ (EApp e1 e2) Φ.
+Proof.
+  split.
+  - intros (e1' & Hsteps1 & ? & e' & Hsteps2 & ? & HΦ).
+    exists e'; split; [|done]. etrans; [|apply Hsteps2].
+    by apply SAppL_rtc.
+  - intros (e' & Hsteps & Hfinal & HΦ).
+    cut (∃ e1', e1 -{SHALLOW}->* e1' ∧ final SHALLOW e1' ∧ EApp e1' e2 -{μ}->* e').
+    { intros (e1'&?&?&?). exists e1'. split_and!; [done..|]. by exists e'. }
+    clear Φ HΦ. apply rtc_nsteps in Hsteps as [n Hsteps].
+    revert e1 Hsteps. induction n as [|n IH]; intros e1 Hsteps.
+    { inv Hsteps. inv Hfinal. }
+    inv Hsteps. inv H0.
+    + eexists; split_and!; [done|by constructor|].
+      eapply rtc_l; [by constructor|by eapply rtc_nsteps_2].
+    + eexists; split_and!; [done|by constructor|].
+      eapply rtc_l; [by constructor|by eapply rtc_nsteps_2].
+    + eexists; split_and!; [done|by constructor|].
+      eapply rtc_l; [by constructor|by eapply rtc_nsteps_2].
+    + inv H2.
+      * apply IH in H1 as (e'' & Hsteps & ? & ?).
+        exists e''; split; [|done]. by eapply rtc_l.
+      * eexists; split_and!; [done|by constructor|].
+        eapply rtc_l; [by eapply SAppR|]. by eapply rtc_nsteps_2.
+Qed.
+Lemma Attr_wp_shallow Φ αs :
+  Φ (EAttr (AttrN ∘ from_attr (subst (indirects αs)) id <$> αs)) →
+  wp SHALLOW (EAttr αs) Φ.
+Proof.
+  eexists (EAttr (AttrN ∘ _ <$> αs)); split_and!; [ |by constructor|done].
+  destruct (decide (no_recs αs)); [|apply rtc_once; by constructor].
+  apply reflexive_eq; f_equal. apply map_eq=> x. rewrite lookup_fmap.
+  destruct (αs !! x) as [[? e]|] eqn:?; f_equal/=.
+  by assert (τ = NONREC) as -> by eauto using no_recs_lookup.
+Qed.
+Lemma β_wp μ Φ x e1 e2 :
+  wp μ (subst {[x:=(ABS, e2)]} e1) Φ →
+  wp μ (EApp (EAbs x e1) e2) Φ.
+Proof.
+  intros (e' & Hsteps & ? & ?). exists e'. split; [|done].
+  eapply rtc_l; [|done]. by constructor.
+Qed.
+Lemma βMatch_wp μ Φ ms strict e1 αs βs :
+  no_recs αs →
+  matches (attr_expr <$> αs) ms strict βs →
+  wp μ (subst (indirects βs) e1) Φ →
+  wp μ (EApp (EAbsMatch ms strict e1) (EAttr αs)) Φ.
+Proof.
+  intros ?? (e' & Hsteps & ? & ?). exists e'. split; [|done].
+  eapply rtc_l; [|done]. by constructor.
+Qed.
+Lemma Functor_wp μ Φ αs e1 e2 :
+  no_recs αs →
+  αs !! "__functor" = Some (AttrN e1) →
+  wp μ (EApp (EApp e1 (EAttr αs)) e2) Φ →
+  wp μ (EApp (EAttr αs) e2) Φ.
+Proof.
+  intros ?? (e' & Hsteps & ? & ?). exists e'. split; [|done].
+  eapply rtc_l; [|done]. by constructor.
+Qed.
+Lemma If_wp μ Φ e1 e2 e3 :
+  wp SHALLOW e1 (λ e1', ∃ b : bool,
+    e1' = ELit (LitBool b) ∧ wp μ (if b then e2 else e3) Φ) →
+  wp μ (EIf e1 e2 e3) Φ.
+Proof.
+  intros (e1' & Hsteps & ? & b & -> & e' & Hsteps' & ? & HΦ).
+  exists e'; split; [|done]. etrans; [by apply SIf_rtc|].
+  eapply rtc_l; [|done]. destruct b; constructor.
+Qed.
+Lemma wp_mono μ e Φ Ψ :
+  wp μ e Φ →
+  (∀ e', Φ e' → Ψ e') →
+  wp μ e Ψ.
+Proof. intros (e' & ? & ? & ?) ?. exists e'. naive_solver. Qed.
+Lemma union_kinded_abs {A} mkv (v2 : A) :
+  union_kinded (pair WITH <$> mkv) (Some (ABS, v2)) = Some (ABS, v2).
+Proof. by destruct mkv. Qed.
+Lemma union_kinded_with {A} (v : A) mkv2 :
+  union_kinded (Some (WITH, v)) (pair WITH <$> mkv2) = Some (WITH, v).
+Proof. by destruct mkv2. Qed.

diff --git a/theories/nix/wp.v b/theories/nix/wp.v new file mode 100644 index 0000000..0eca6e1 --- /dev/null +++ b/theories/nix/wp.v
@@ -0,0 +1,143 @@
	1	From mininix Require Export nix.operational_props.
	2	From stdpp Require Import options.
	3
	4	Definition wp (μ : mode) (e : expr) (Φ : expr → Prop) : Prop :=
	5	∃ e', e -{μ}->* e' ∧ final μ e' ∧ Φ e'.
	6
	7	Lemma Lit_wp μ Φ bl :
	8	base_lit_ok bl →
	9	Φ (ELit bl) →
	10	wp μ (ELit bl) Φ.
	11	Proof. exists (ELit bl). by repeat constructor. Qed.
	12
	13	Lemma Abs_wp μ Φ x e :
	14	Φ (EAbs x e) →
	15	wp μ (EAbs x e) Φ.
	16	Proof. exists (EAbs x e). by repeat constructor. Qed.
	17
	18	Lemma AbsMatch_wp μ Φ ms strict e :
	19	Φ (EAbsMatch ms strict e) →
	20	wp μ (EAbsMatch ms strict e) Φ.
	21	Proof. exists (EAbsMatch ms strict e). by repeat constructor. Qed.
	22
	23	Lemma LetAttr_no_recs_wp μ Φ k αs e :
	24	no_recs αs →
	25	wp μ (subst ((k,.) ∘ attr_expr <$> αs) e) Φ →
	26	wp μ (ELetAttr k (EAttr αs) e) Φ.
	27	Proof.
	28	intros Hαs (e' & Hsteps & ? & HΦ). exists e'. split; [\|done].
	29	etrans; [\|apply Hsteps]. apply rtc_once. by constructor.
	30	Qed.
	31
	32	Lemma BinOp_wp μ Φ op e1 e2 :
	33	wp SHALLOW e1 (λ e1', ∃ Φop,
	34	sem_bin_op op e1' Φop ∧
	35	wp SHALLOW e2 (λ e2', ∃ e', Φop e2' e' ∧ wp μ e' Φ)) →
	36	wp μ (EBinOp op e1 e2) Φ.
	37	Proof.
	38	intros (e1' & Hsteps1 & ? & Φop & Hop1 & e2' & Hsteps2 & ?
	39	& e' & Hop2 & e'' & Hsteps & ? & HΦ).
	40	exists e''. split; [\|done].
	41	etrans; [by apply SBinOpL_rtc\|].
	42	etrans; [by eapply SBinOpR_rtc\|].
	43	eapply rtc_l; [by econstructor\|]. done.
	44	Qed.
	45
	46	Lemma Id_wp μ Φ x k e :
	47	wp μ e Φ →
	48	wp μ (EId x (Some (k,e))) Φ.
	49	Proof.
	50	intros (e' & Hsteps & ? & HΦ). exists e'. split; [\|done].
	51	etrans; [\|apply Hsteps]. apply rtc_once. constructor.
	52	Qed.
	53
	54	Lemma App_wp μ Φ e1 e2 :
	55	wp SHALLOW e1 (λ e1', wp μ (EApp e1' e2) Φ) ↔
	56	wp μ (EApp e1 e2) Φ.
	57	Proof.
	58	split.
	59	- intros (e1' & Hsteps1 & ? & e' & Hsteps2 & ? & HΦ).
	60	exists e'; split; [\|done]. etrans; [\|apply Hsteps2].
	61	by apply SAppL_rtc.
	62	- intros (e' & Hsteps & Hfinal & HΦ).
	63	cut (∃ e1', e1 -{SHALLOW}->* e1' ∧ final SHALLOW e1' ∧ EApp e1' e2 -{μ}->* e').
	64	{ intros (e1'&?&?&?). exists e1'. split_and!; [done..\|]. by exists e'. }
	65	clear Φ HΦ. apply rtc_nsteps in Hsteps as [n Hsteps].
	66	revert e1 Hsteps. induction n as [\|n IH]; intros e1 Hsteps.
	67	{ inv Hsteps. inv Hfinal. }
	68	inv Hsteps. inv H0.
	69	+ eexists; split_and!; [done\|by constructor\|].
	70	eapply rtc_l; [by constructor\|by eapply rtc_nsteps_2].
	71	+ eexists; split_and!; [done\|by constructor\|].
	72	eapply rtc_l; [by constructor\|by eapply rtc_nsteps_2].
	73	+ eexists; split_and!; [done\|by constructor\|].
	74	eapply rtc_l; [by constructor\|by eapply rtc_nsteps_2].
	75	+ inv H2.
	76	* apply IH in H1 as (e'' & Hsteps & ? & ?).
	77	exists e''; split; [\|done]. by eapply rtc_l.
	78	* eexists; split_and!; [done\|by constructor\|].
	79	eapply rtc_l; [by eapply SAppR\|]. by eapply rtc_nsteps_2.
	80	Qed.
	81
	82	Lemma Attr_wp_shallow Φ αs :
	83	Φ (EAttr (AttrN ∘ from_attr (subst (indirects αs)) id <$> αs)) →
	84	wp SHALLOW (EAttr αs) Φ.
	85	Proof.
	86	eexists (EAttr (AttrN ∘ _ <$> αs)); split_and!; [ \|by constructor\|done].
	87	destruct (decide (no_recs αs)); [\|apply rtc_once; by constructor].
	88	apply reflexive_eq; f_equal. apply map_eq=> x. rewrite lookup_fmap.
	89	destruct (αs !! x) as [[? e]\|] eqn:?; f_equal/=.
	90	by assert (τ = NONREC) as -> by eauto using no_recs_lookup.
	91	Qed.
	92
	93	Lemma β_wp μ Φ x e1 e2 :
	94	wp μ (subst {[x:=(ABS, e2)]} e1) Φ →
	95	wp μ (EApp (EAbs x e1) e2) Φ.
	96	Proof.
	97	intros (e' & Hsteps & ? & ?). exists e'. split; [\|done].
	98	eapply rtc_l; [\|done]. by constructor.
	99	Qed.
	100
	101	Lemma βMatch_wp μ Φ ms strict e1 αs βs :
	102	no_recs αs →
	103	matches (attr_expr <$> αs) ms strict βs →
	104	wp μ (subst (indirects βs) e1) Φ →
	105	wp μ (EApp (EAbsMatch ms strict e1) (EAttr αs)) Φ.
	106	Proof.
	107	intros ?? (e' & Hsteps & ? & ?). exists e'. split; [\|done].
	108	eapply rtc_l; [\|done]. by constructor.
	109	Qed.
	110
	111	Lemma Functor_wp μ Φ αs e1 e2 :
	112	no_recs αs →
	113	αs !! "__functor" = Some (AttrN e1) →
	114	wp μ (EApp (EApp e1 (EAttr αs)) e2) Φ →
	115	wp μ (EApp (EAttr αs) e2) Φ.
	116	Proof.
	117	intros ?? (e' & Hsteps & ? & ?). exists e'. split; [\|done].
	118	eapply rtc_l; [\|done]. by constructor.
	119	Qed.
	120
	121	Lemma If_wp μ Φ e1 e2 e3 :
	122	wp SHALLOW e1 (λ e1', ∃ b : bool,
	123	e1' = ELit (LitBool b) ∧ wp μ (if b then e2 else e3) Φ) →
	124	wp μ (EIf e1 e2 e3) Φ.
	125	Proof.
	126	intros (e1' & Hsteps & ? & b & -> & e' & Hsteps' & ? & HΦ).
	127	exists e'; split; [\|done]. etrans; [by apply SIf_rtc\|].
	128	eapply rtc_l; [\|done]. destruct b; constructor.
	129	Qed.
	130
	131	Lemma wp_mono μ e Φ Ψ :
	132	wp μ e Φ →
	133	(∀ e', Φ e' → Ψ e') →
	134	wp μ e Ψ.
	135	Proof. intros (e' & ? & ? & ?) ?. exists e'. naive_solver. Qed.
	136
	137	Lemma union_kinded_abs {A} mkv (v2 : A) :
	138	union_kinded (pair WITH <$> mkv) (Some (ABS, v2)) = Some (ABS, v2).
	139	Proof. by destruct mkv. Qed.
	140
	141	Lemma union_kinded_with {A} (v : A) mkv2 :
	142	union_kinded (Some (WITH, v)) (pair WITH <$> mkv2) = Some (WITH, v).
	143	Proof. by destruct mkv2. Qed.