Named propositions
From sys_verif.program_proof Require Import prelude empty_ffi.Named propositions
We used named propositions in Iris, which have the syntax "H" :: P where P: iProp Ξ£. The name in a named proposition has no effect on its meaning; it's only a convenience for using the proposition.
The basic idea is that a proposition "HP" :: P β "HQ" :: Q is like P β Q, except that if you used the iNamed to destruct it, it "knows" to name the conjuncts "HP" and "HQ". Putting the names in the definitions has three advantages:
- The names are often easier to come up with right next to the statements in the definition rather than when you're destructing something.
- If you destruct the same definition several times in different proofs, it's convenient to right the names once and nice to have consistency across proofs.
- If a definition changes its easier to add some new names for the new conjuncts and update the proofs compared to changing all the
iDestructcalls.
Named propositions are typically used in three places:
- In definitions (especially representation predicates), to name each conjunct.
- In loop invariants, again to name the conjuncts.
- After
iApply struct_fields_split, the resulting hypothesis internally uses named propositions to automatically name the conjuncts according to the field names.
The names are actually Iris intro patterns. We tend to use this power in only two ways: plain old "HP" is an intro pattern that just names the conjunct, and "%H" is an intro pattern that produces the Coq hypothesis H rather than a separation logic hypothesis.
See the documentation in the source code at named_props.v for more details on the API.
You may see a use of iNamed 1, which is just iIntros "Hfresh"; iNamed "Hfresh"; if the goal is foo -β ... it applied the named struct to foo after introducing it. (This syntax may seem mysterious but it mirrors a Coq feature where destruct 1 will destruct the first premise if the goal is P β ....)
Section goose.
Context `{!heapGS Ξ£}.
Lemma simple_inamed (P Q: iProp Ξ£) :
("HP" β· P β "HQ" β· Q) -β P.
Proof.
iIntros "H". iNamed "H".Goal diff
Ξ£ : gFunctors
heapGS0 : heapGS Ξ£
P, Q : iProp Ξ£
============================
"H" : "HP" β· P β "HQ" β· Q
"HP" : P
"HQ" : Q
--------------------------------------β
P iExact "HP".
Qed.
Definition own_foo l: iProp Ξ£ :=
β (p r: w64),
"HP" :: l β¦[uint64T] #p β
"HR" :: (l +β 2) β¦[uint64T] #r β
"%Hbound" :: βuint.Z p < uint.Z rβ.
Lemma own_foo_read_P l :
own_foo l -β β (p: w64), l β¦[uint64T] #p.
Proof.
iIntros "H".
iNamed "H".Goal diff
Ξ£ : gFunctors
heapGS0 : heapGS Ξ£
l : loc
p, r : w64
Hbound : uint.Z p < uint.Z r
============================
"H" : own_foo l
"HP" : l β¦[uint64T] #p
"HR" : (l +β 2) β¦[uint64T] #r
--------------------------------------β
β p : w64, l β¦[uint64T] #p
β p0 : w64, l β¦[uint64T] #p0 iFrame.
Qed.
End goose.