-
Notifications
You must be signed in to change notification settings - Fork 0
/
TypeSoundness.v
314 lines (277 loc) · 10.3 KB
/
TypeSoundness.v
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
From Coq Require Import
ssreflect
.
From ExtensibleCompiler.Theory Require Import
Algebra
Environment
Eval
Functor
IndexedAlgebra
IndexedFunctor
IndexedProofAlgebra
IndexedSubFunctor
ProofAlgebra
ProgramAlgebra
SubFunctor
Types
UniversalProperty
.
From ExtensibleCompiler.Semantics.Static Require Import
TypeOf
.
Local Open Scope SubFunctor.
Record TypedExpr (* cf. WFValue_i *)
T E
`{Functor T} `{Functor E}
: Set
:= MkTypedExpr (* cf. mk_WFValue_i *)
{
type : WellFormedValue T;
expr : WellFormedValue E;
}.
Arguments type {T E _ _} _.
Arguments expr {T E _ _} _.
(**
We will try and use [TypedValue] when we mean for the expression to only be a
value, though the type system does not guarantee it and this is just an alias.
*)
Definition TypedValue := TypedExpr.
Arguments TypedValue T E {_ _}.
(**
In MTC, this is parameterized by some indexed relation. In practice I don't
think I am using it yet, so leaving it hardcoded until it becomes necessary.
*)
Definition WellTyped {T E}
`{Functor T} `{Functor E}
(WT : (TypedExpr T E)-indexedPropFunctor)
t e
: Prop
:= IndexedFix WT {| type := t; expr := e |}.
(**
This is the most abstract statement of the type soundness of evaluation.
Instead of explicitly calling recursively [evalL] and [typeOfL], this is
abstracted over the operation to run recursively, namely [recEval] and
[recTypeOf].
*)
Definition AbstractSoundnessStatement (* cf. eval_alg_Soundness_P *)
{T E F V}
`{Functor T} `{Functor E} `{Functor F} `{Functor V}
(WT : (TypedExpr T V)-indexedPropFunctor)
(*WellFormedEnvironment : Environment (ValueFix V) -> Prop*)
`{eval__E : forall {R}, MixinAlgebra E R (EvalResult V)}
`{typeOf__F : forall {R}, MixinAlgebra F R (TypeOfResult T)}
(recEval : WellFormedValue E -> EvalResult V)
(recTypeOf : WellFormedValue F -> TypeOfResult T)
(e : Fix E * Fix F)
(RFUP_e : FoldUP' (fst e) /\ FoldUP' (snd e))
: Prop
:=
forall
(* Commenting those out temporarily to see where they are needed! *)
(* recEvalProj : forall (e : WellFormedValue L), *)
(* recEval e *)
(* = *)
(* recEval (reverseFoldWrapFix (reverseFoldUnwrapFix (proj1_sig e))) *)
(* *)
(* recTypeOfProj : forall (e : WellFormedValue L'), *)
(* recTypeOf e *)
(* = *)
(* recTypeOf (reverseFoldWrapFix (reverseFoldUnwrapFix (proj1_sig e))) *)
(* *)
Gamma
(IH : forall (Gamma : Environment (ValueFix V))
(*WF__Gamma : WellFormedEnvironment Gamma*)
(a : WellFormedValue E * WellFormedValue F),
(forall (tau : TypeFix T),
typeOf__F recTypeOf (unwrapUP' (proj1_sig (snd a))) = Some tau ->
WellTyped WT tau (eval__E recEval (unwrapUP' (proj1_sig (fst a))) Gamma)
) ->
forall (tau : TypeFix T),
recTypeOf (snd a) = Some tau ->
WellTyped WT tau (recEval (wrapUP' (unwrapUP' (proj1_sig (fst a)))) Gamma)
)
,
forall (tau : TypeFix T),
typeOf__F recTypeOf (unwrapUP' (snd e)) = Some tau ->
WellTyped WT tau (eval__E recEval (unwrapUP' (fst e)) Gamma).
Variant ForSoundness := .
Definition Soundness__ProofAlgebra
{T E V}
`{Functor T} `{Functor E} `{Functor V}
(WT : (TypedExpr T V)-indexedPropFunctor)
`{Eval__E : forall R, ProgramAlgebra ForEval E R (EvalResult V)}
`{TypeOf__E : forall R, ProgramAlgebra ForTypeOf E R (TypeOfResult T)}
:= forall recEval recTypeOf,
ProofAlgebra ForSoundness
E
(sig
(UniversalPropertyP2
(AbstractSoundnessStatement
(eval__E := fun _ => programAlgebra)
(typeOf__F := fun _ => programAlgebra)
WT
recEval recTypeOf
))).
Lemma Soundness
{T E V}
`{Functor T} `{Functor E} `{Functor V}
(WT : (TypedExpr T V)-indexedPropFunctor)
`{Eval__E : forall R, ProgramAlgebra ForEval E R (EvalResult V)}
`{! WellFormedMendlerProgramAlgebra Eval__E}
`{TypeOf__E : forall R, ProgramAlgebra ForTypeOf E R (TypeOfResult T)}
`{! WellFormedMendlerProgramAlgebra TypeOf__E}
(soundness__ProofAlgebra : Soundness__ProofAlgebra WT)
(WF_eval_Soundness_alg_F :
forall recEval recTypeOf,
WellFormedProofAlgebra2 (soundness__ProofAlgebra recEval recTypeOf)
)
: forall (e : WellFormedValue E) Gamma (tau : TypeFix T),
typeOf (proj1_sig e) = Some tau ->
WellTyped WT tau (eval (proj1_sig e) Gamma).
Proof.
move => e Gamma tau TO.
rewrite <- (wrapUP'_unwrapUP' (proj1_sig e) (proj2_sig e)).
rewrite /= / eval / mendlerFold / wrapF.
rewrite wellFormedMendlerProgramAlgebra / mendlerFold.
pose proof (
Induction2
(PA := soundness__ProofAlgebra (fun e => eval (proj1_sig e)) (fun e => typeOf (proj1_sig e)))
_
(proj2_sig e)
).
elim (
Induction2
(PA := soundness__ProofAlgebra (fun e => eval (proj1_sig e)) (fun e => typeOf (proj1_sig e)))
_
(proj2_sig e)
) => e' E'.
apply : E'.
(* Missing: one premise *)
(* Missing: one premise *)
{
move => Gamma' a IH tau1 TY1.
rewrite / eval / mendlerFold /= / wrapF.
rewrite wellFormedMendlerProgramAlgebra.
rewrite / mendlerFold.
apply : IH.
{
rewrite <- (wrapUP'_unwrapUP' (proj1_sig (snd a)) (proj2_sig (snd a))) in TY1.
rewrite /= in TY1.
rewrite / typeOf / mendlerFold / wrapF in TY1.
erewrite wellFormedMendlerProgramAlgebra in TY1 => //.
}
}
{
rewrite <- (wrapF_unwrapF (proj1_sig e) (proj2_sig e)) in TO.
rewrite / typeOf / mendlerFold / wrapF /= in TO.
rewrite / programAlgebra'.
erewrite <- wellFormedMendlerProgramAlgebra => //.
rewrite /= / unwrapUP'.
erewrite Fusion.
{
eapply TO.
}
{
move => a.
do 2 rewrite fmapFusion => //.
}
}
Qed.
(**
A more concise version of [AbstractSoundnessStatement], to be used in client
files.
*)
Definition AbstractSoundnessStatement'
{T E V}
`{Functor T} `{Functor E} `{Functor V}
(WT : (TypedExpr T V)-indexedPropFunctor)
`{Eval__E : forall R, ProgramAlgebra ForEval E R (EvalResult V)}
`{TypeOf__E : forall R, ProgramAlgebra ForTypeOf E R (TypeOfResult T)}
(recEval : WellFormedValue E -> EvalResult V)
(recTypeOf : WellFormedValue E -> TypeOfResult T)
:=
(AbstractSoundnessStatement
WT
(eval__E := fun _ => programAlgebra)
(typeOf__F := fun _ => programAlgebra)
recEval recTypeOf
).
(**
A nicer version of [AbstractSoundnessStatement], to be used in client files.
*)
Definition SoundnessStatement
{T E V}
`{Functor T} `{Functor E} `{Functor V}
(WT : (TypedExpr T V)-indexedPropFunctor)
`{Eval__E : forall R, ProgramAlgebra ForEval E R (EvalResult V)}
`{TypeOf__E : forall R, ProgramAlgebra ForTypeOf E R (TypeOfResult T)}
(recEval : WellFormedValue E -> EvalResult V)
(recTypeOf : WellFormedValue E -> TypeOfResult T)
(e : Fix E)
(RFUP_e : FoldUP' e)
: Prop
:=
forall Gamma (tau : TypeFix T),
typeOf e = Some tau ->
WellTyped WT tau (eval e Gamma).
(**
The [WellTyped] predicates are indexed by a [TypedExpr], which is a pair of a
[WellFormed] type and a [WellFormed] expression. Recall that [WellFormed] is a
dependent pair of an extensible term, and a proof that it satisfies the
universal property of folds.
Unfortunately, we do not have an automatic means of proof irrelevance with
respect to that proof. This means that if we have a [TypedExpr] like:
[{| type := exist tau1 UP'__tau1; expr := exist e1 UP'__e1 |}]
and we are trying to prove:
[{| type := exist tau2 UP'__tau2; expr := exist e2 UP'__e2 |}]
it does not suffice to show that [tau1 = tau2] and [e1 = e2], as the [TypedExpr]
are not convertible unless [UP'__tau1 = UP'__tau2] and [UP'__e1 = UP'__e2] .
[WellTypedProj1Type] is an extensible property of [WellTyped] properties,
capturing those that are well-formed in the sense that they are preserved as
long as the first projection of their type is preserved.
[WellTypedProj1Expr] is an extensible property of [WellTyped] properties,
capturing those that are well-formed in the sense that they are preserved as
long as the first projection of their expression is preserved.
All [WellTyped] properties will satisfy both of these properties, so that we can
combine them to move [WellTyped]-ness across equal types or expressions.
*)
Definition PropertyStatement__WellTypedProj1Type
{T V}
`{Functor T} `{Functor V}
(WT : (TypedExpr T V)-indexedPropFunctor)
(te : TypedExpr T V)
:= forall tau' UP',
tau' = proj1_sig (type te) ->
WellTyped WT (exist _ tau' UP') (expr te).
Variant ForWellTypedProj1Type := .
Definition wellTypedProj1Type
{T V}
`{Functor T} `{Functor V}
(WT : (TypedExpr T V)-indexedPropFunctor)
`{! IndexedFunctor (TypedExpr T V) WT}
`{A : ! IndexedProofAlgebra
ForWellTypedProj1Type
WT
(PropertyStatement__WellTypedProj1Type WT)
}
:= ifold (indexedProofAlgebra' A).
Definition PropertyStatement__WellTypedProj1Expr
{T V}
`{Functor T} `{Functor V}
(WT : (TypedExpr T V)-indexedPropFunctor)
(te : TypedExpr T V)
:= forall e' UP',
e' = proj1_sig (expr te) ->
WellTyped WT (type te) (exist _ e' UP').
Variant ForWellTypedProj1Expr := .
Definition wellTypedProj1Expr
{T V}
`{Functor T} `{Functor V}
(WT : (TypedExpr T V)-indexedPropFunctor)
`{! IndexedFunctor (TypedExpr T V) WT}
`{A : ! IndexedProofAlgebra
ForWellTypedProj1Expr
WT
(PropertyStatement__WellTypedProj1Expr WT)
}
:= ifold (indexedProofAlgebra' A).