LibSepMinimalAppendix - Minimalistic Soundness Proof
Set Implicit Arguments.
From SLF Require Export LibString LibCore.
From SLF Require Export LibSepTLCbuffer LibSepFmap.
Module Fmap := LibSepFmap.
From SLF Require Export LibString LibCore.
From SLF Require Export LibSepTLCbuffer LibSepFmap.
Module Fmap := LibSepFmap.
Variables are defined as strings, var_eq denotes boolean comparison.
Locations are defined as natural numbers.
Primitive operations include memory operations, as well as addition and
division to illustrate a total and a partial arithmetic operations.
The grammar of closed values (assumed to contain no free variables)
includes values of ground types, primitive operations, and closures.
The grammar of terms includes closed values, variables, functions,
applications, let-binding and conditional.
with trm : Type :=
| trm_val : val → trm
| trm_var : var → trm
| trm_fix : var → var → trm → trm
| trm_app : trm → trm → trm
| trm_let : var → trm → trm → trm
| trm_if : trm → trm → trm → trm.
Coercions are used to improve conciseness in the statment of evaluation
The type of values is inhabited (useful for finite map operations).
A heap, a.k.a. heap, consists of a finite map from location to values.
Finite maps are formalized in the file LibSepFmap.v. (We purposely do not
use TLC's finite map library to avoid complications with typeclasses.)
Implicit types associate meta-variable with types.
Implicit Types Q : val→heap→Prop.
Automation for Heap Equality and Heap Disjointness
Extensionality Axioms
We bind a few more meta-variables.
Core heap predicates, and their associated notations:
- \[] denotes the empty heap predicate
- \[P] denotes a pure fact
- p ~~> v denotes a singleton heap
- H1 \* H2 denotes the separating conjunction
- Q1 \*+ H2 denotes the separating conjunction extending a postcondition
- \∃ x, H denotes an existential
- \∀ x, H denotes a universal.
Declare Scope hprop_scope.
Open Scope hprop_scope.
Open Scope hprop_scope.
Entailment for heap predicates, written H1 ==> H2.
Entailment defines an order on heap predicates
Additional, symmetric results, useful for tactics
Basic Tactics for Simplifying Entailments
#[global] Hint Rewrite hstar_assoc hstar_hempty_l hstar_hempty_r : hstar.
xchange helps rewriting in entailments.
Bonus: Example Proof
let n = !p in
let m = n+1 in
p := m
Open Scope string_scope.
Specification of the function incr.
Verification of incr, applying the reasoning rules by hand.
