Module functions 

Auto-generated module

🤖 Generated with SplitRS

Functions

abadi_lamport_ty

AbadiLamport: Abadi-Lamport theorem: forward simulation ∧ backward simulation ⟹ refinement. Type: Prop

abstract_spec_ty

AbstractSpec: an abstract specification (set of allowed behaviors). Type: Type

angelic_pt_ty

AngelicPT: angelic predicate transformer (may-semantics, liberal). Type: Program → Prop → Prop

app

app2

app3

arrow

assertion_ty

Assertion: a predicate over program states. Type: State → Prop (State is a type parameter)

assign_rule_ty

AssignRule: {P[e/x]} x := e {P}. Type: Prop

atomic_triple_ty

AtomicTriple: a logically atomic triple ⟨P⟩ C ⟨Q⟩. Type: Prop → Program → Prop → Prop

backward_simulation_ty

BackwardSimulation: a relation witnessing backward simulation. Type: {A C : Type} → (C → A → Prop) → Prop

bi_abduction_ty

BiAbduction: given P and Q, find A and B such that P ∗ A ⊢ Q ∗ B. Type: HeapPred → HeapPred → Option (HeapPred × HeapPred)

bool_ty

build_env

Build a kernel environment with all program-logics axioms. (Alias for build_program_logics_env returning a Result.)

build_program_logics_env

Register all program logics axioms in the kernel environment.

bvar

cmra_core_ty

CMRACore: the core map γ : A → Option A (idempotent part). Type: {A : Type} → A → Option A

cmra_op_ty

CMRAOp: the partial composition operation of a CMRA. Type: {A : Type} → A → A → Option A

cmra_ty

CMRA: a Camera (generalized RA used in Iris). Type: Type → Prop

cmra_valid_ty

CMRAValid: validity predicate of a CMRA. Type: {A : Type} → A → Prop

concrete_impl_ty

ConcreteImpl: a concrete implementation. Type: Type

concurrent_triple_ty

ConcurrentTriple: {P} C {Q} for a concurrent program C. Type: HeapPred → ConcProgram → HeapPred → Prop

consequence_rule_ty

ConsequenceRule: P ⊢ P’, {P’} C {Q’}, Q’ ⊢ Q ⊢ {P} C {Q}. Type: Prop

counting_permission_ty

CountingPermission: a counting-based permission (multiset of capabilities). Type: Type

critical_section_rule_ty

CriticalSectionRule: resource invariant + lock/unlock rule. Type: Prop → Prop → Prop

cst

data_refinement_ty

DataRefinement: a concrete implementation refines an abstract spec. Type: AbstractSpec → ConcreteImpl → Prop

demonic_pt_ty

DemonicPT: demonic predicate transformer (must-semantics, conservative). Type: Program → Prop → Prop

emp_predicate_ty

EmpPredicate: the empty heap predicate emp. Type: HeapPred

fancy_update_ty

FancyUpdate: fancy update modality |={E1,E2}=> P. Type: NamespaceMask → NamespaceMask → IrisProp → IrisProp

fractional_permission_ty

FractionalPermission: a fractional permission q ∈ (0, 1]. Type: Type

fractional_points_to_ty

FractionalPointsTo: l ↦{q} v — fractional ownership of location l. Type: Nat → Nat → FractionalPermission → HeapPred

frame_preserving_update_ty

FramePreservingUpdate: a → b is frame-preserving if for all frames f valid (a⊗f) there exists b’ with b ⊗ f’ valid and b ≼ b’. Type: {A : Type} → A → A → Prop

frame_rule_ty

FrameRule: {P} C {Q} ⊢ {P ∗ R} C {Q ∗ R} when mod(C) ∩ fv(R) = ∅. Type: Prop → Prop → Prop → Prop

ghost_state_ty

GhostState: logical (ghost) state tracked in the Iris ghost heap. Type: {A : Type} → ResourceAlgebra A → IrisProp

ghost_update_ty

GhostUpdate: a ghost update modality |==> P (frame-preserving update). Type: IrisProp → IrisProp

guarantee_condition_ty

GuaranteeCondition: an action this thread promises not to violate. Type: State → State → Prop

heap_predicate_ty

HeapPredicate: a predicate over heaps (including ∗ and -∗ connectives). Type: Heap → Prop

hoare_logic_rules

Return a list of named Hoare logic proof rules.

hoare_triple_ty

HoareTriple: {P} C {Q} — partial Hoare triple. Type: Prop → Program → Prop → Prop

invariant_alloc_ty

InvariantAlloc: allocate a new invariant. Type: {P : IrisProp} → P ⊢ |==> ∃ N, inv(N, P)

invariant_open_ty

InvariantOpen: open an invariant for one step. Type: {N : Namespace} → {P Q E : IrisProp} → inv(N,P) ∗ (P -∗ ▷P ∗ Q) ⊢ Q

invariant_ty

Invariant: a persistent heap predicate protected by an Iris invariant. Type: Namespace → IrisProp → IrisProp

iris_agree_ty

IrisAgree: agreement resource: both owners agree on a value. Type: {V : Type} → V → IrisProp

iris_always_ty

IrisAlways: the always modality □P (persistent propositions). Type: IrisProp → IrisProp

iris_auth_ty

IrisAuth: authoritative element in the auth camera. Type: {A : Type} → A → IrisProp

iris_entails_ty

IrisEntails: Iris entailment P ⊢ Q. Type: IrisProp → IrisProp → Prop

iris_excl_ty

IrisExcl: exclusive ownership token Excl(v). Type: {V : Type} → V → IrisProp

iris_fragment_ty

IrisFragment: fragment element in the auth camera. Type: {A : Type} → A → IrisProp

iris_invariant_rules

Return the Iris proof rules for invariant access.

iris_later_ty

IrisLater: the later modality ▷P. Type: IrisProp → IrisProp

iris_prop_ty

IrisProp: a proposition in the Iris base logic (step-indexed). Type: Type

iris_sep_star_ty

IrisSepStar: separating conjunction in Iris. Type: IrisProp → IrisProp → IrisProp

iris_wand_ty

IrisWand: magic wand in Iris. Type: IrisProp → IrisProp → IrisProp

is_stable

Check stability: a predicate P (given as a set of states) is stable under rely R if for every transition (s → s’) in R, s ∈ P → s’ ∈ P.

list_ty

loop_invariant_ty

LoopInvariant: the invariant for a while loop. Type: (State → Prop)

loop_variant_ty

LoopVariant: the variant expression for a while loop (must decrease). Type: Type

mask_subset_ty

MaskSubset: mask inclusion E1 ⊆ E2. Type: NamespaceMask → NamespaceMask → Prop

namespace_mask_ty

NamespaceMask: the set of open invariants (mask E ⊆ Namespace). Type: Type

nat_ty

option_ty

ownership_transfer_ty

OwnershipTransfer: transferring ownership of a resource between threads. Type: HeapPred → HeapPred → Prop

parallel_composition_rule_ty

ParallelCompositionRule: {P1} C1 {Q1}, {P2} C2 {Q2} ⊢ {P1∗P2} C1||C2 {Q1∗Q2}. Type: Prop

permission_combine_ty

PermissionCombine: l↦{p1}v ∗ l↦{p2}v ⊢ l↦{p1+p2}v. Type: Prop

permission_split_ty

PermissionSplit: p = p1 + p2 justifies l↦{p}v ⊢ l↦{p1}v ∗ l↦{p2}v. Type: Prop

pi

points_to_ty

PointsTo: l ↦ v — the heap contains exactly location l with value v. Type: Nat → Nat → HeapPred

predicate_transformer_ty

PredicateTransformer: a monotone endofunction on predicates. Type: (Prop → Prop)

prop

ranking_function_ty

RankingFunction: a function from states to a well-founded set, decreasing on each loop iteration. Type: {S : Type} → (S → Nat) → Program → Prop

read_permission_ty

ReadPermission: a fraction q < 1, read-only. Type: FractionalPermission

refinement_mapping_ty

RefinementMapping: a coupling function between abstract and concrete states. Type: {A C : Type} → (C → A) → Prop

rely_condition_ty

RelyCondition: an action the environment may perform. Type: State → State → Prop

rely_guarantee_consequence_ty

RelyGuaranteeConsequence: consequence rule for R-G. Type: Prop

rely_guarantee_parallel_ty

RelyGuaranteeParallel: composition rule for rely-guarantee. Type: Prop

rely_guarantee_triple_ty

RelyGuaranteeTriple: (R, G) ⊢ {P} C {Q}. Type: (State → State → Prop) → (State → State → Prop) → Prop → Program → Prop → Prop

resource_algebra_ty

ResourceAlgebra: a CMRA (Canonical Metric Resource Algebra) — unital, partial monoid with a validity predicate and core map. Type: Type → Prop

sep_logic_triple_ty

SepLogicTriple: a Hoare triple in separation logic. Type: HeapPred → Program → HeapPred → Prop

sep_star_ty

SepStar: separating conjunction P ∗ Q. Type: HeapPred → HeapPred → HeapPred

sep_wand_ty

SepWand: separating implication (magic wand) P -∗ Q. Type: HeapPred → HeapPred → HeapPred

seq_rule_ty

SeqRule: {P} C1 {R}, {R} C2 {Q} ⊢ {P} C1;C2 {Q}. Type: Prop → Prop → Prop → Prop

shared_invariant_ty

SharedInvariant: a predicate protected by a lock or other synchronization mechanism. Type: (State → Prop) → Prop

simulation_relation_ty

SimulationRelation: a relation witnessing a simulation (forward simulation). Type: {A C : Type} → (A → C → Prop) → Prop

skip_rule_ty

SkipRule: {P} skip {P}. Type: {P : Prop} → HoareTriple P skip P

sp_ty

SP: strongest postcondition — sp(C, P) is the strongest Q such that {P} C {Q}. Type: Prop → Program → Prop

spatially_disjoint_ty

SpatiallyDisjoint: two heap predicates have disjoint footprints. Type: HeapPred → HeapPred → Prop

stability_condition_ty

StabilityCondition: P is stable under R if R-steps preserve P. Type: (State → Prop) → (State → State → Prop) → Prop

string_ty

termination_proof_ty

TerminationProof: a proof that program C terminates from every state satisfying P. Type: Prop → Program → Prop

thread_local_ty

ThreadLocal: a predicate about the local state of a single thread. Type: (State → Prop)

total_correctness_rule_ty

TotalCorrectnessRule: total correctness proof rule using a ranking function. Type: Prop

total_hoare_triple_ty

TotalHoareTriple: [P] C [Q] — total Hoare triple (guarantees termination). Type: Prop → Program → Prop → Prop

trace_inclusion_holds

Check (simple) trace inclusion: every trace of concrete is a trace of abstract_lts. We check by seeing if the concrete LTS’s reachable state-transitions are covered.

type0

verification_condition_ty

VerificationCondition: a formula that must be checked to validate a Hoare proof. Type: Prop

well_founded_order_ty

WellFoundedOrder: a well-founded order — every non-empty set has a minimal element. Type: {A : Type} → (A → A → Prop) → Prop

while_rule_ty

WhileRule: {I ∧ b} C {I} ⊢ {I} while b do C {I ∧ ¬b}. Type: Prop → Prop → Prop

wlp_ty

WLP: weakest liberal precondition (partial correctness, may diverge). Type: Program → Prop → Prop

wp_completeness_ty

WPCompleteness: if {P} C {Q} then P ⊢ wp(C, Q). Type: {P Q : Prop} → {C : Program} → HoareTriple P C Q → Prop

wp_rules

Return the weakest precondition calculus rules as strings.

wp_soundness_ty

WPSoundness: {wp(C,Q)} C {Q}. Type: {C : Program} → {Q : Prop} → HoareTriple (wp C Q) C Q

wp_ty

WP: weakest precondition transformer — wp(C, Q) is the weakest P such that {P} C {Q}. Type: Program → Prop → Prop

write_permission_ty

WritePermission: full (1) fractional permission, allows mutation. Type: FractionalPermission

Type Aliases

GuaranteeCondition

A guarantee condition: transitions this thread promises to only perform.