Library Common
Require Export List.
Require Export ListSet.
Require Export Permutation.
Require Export Setoid.
Require Export Basic.
Require Export ListSet.
Require Export Permutation.
Require Export Setoid.
Require Export Basic.
Labels
We require that there be exactly two labels (left and right), as this is the default practice in many choreography languages.Section Labels.
Inductive Label : Type :=
| left : Label
| right : Label
.
Lemma eq_label_dec : forall (l l' : Label), { l = l' } + { l <> l' }.
Definition eqb_label (l l':Label) : bool :=
match l, l' with
| left, left => true
| right, right => true
| _, _ => false
end.
Lemma label_eqb_eq : forall (l l':Label), (eqb_label l l') = true <-> l = l'.
Lemma label_eqb_neq : forall (l l':Label), (eqb_label l l') = false <-> l <> l'.
Lemma label_eqb_refl : forall l, eqb_label l l = true.
Lemma label_eqb_sym : forall l l0, eqb_label l l0 = eqb_label l0 l.
Lemma label_eqb_trans : forall l l0 l1,
eqb_label l l0 = true -> eqb_label l0 l1 = true -> eqb_label l l1 = true.
Lemma label_eqb_ntrans : forall l l0 l1,
eqb_label l l0 = true -> eqb_label l0 l1 = false -> eqb_label l l1 = false.
End Labels.
Decidable types
Several structures need to be decidable. For some annoying reason, the standard library version does not work.Module Type DecType.
Parameter t : Type.
Parameter eq_dec : forall x y:t, {x = y} + {x <> y}.
End DecType.
Module DecidableType (Import M:DecType).
Definition eqb (x y:t) := if (eq_dec x y) then true else false.
Notation "x '=?' y" := (eqb x y).
Lemma eqb_eq : forall x y, (x =? y) = true <-> x = y.
Lemma eqb_neq : forall x y, (x =? y) = false <-> x <> y.
Lemma eqb_refl : forall x, (x =? x) = true.
Lemma eqb_sym : forall x y, (x =? y) = (y =? x).
Lemma eqb_trans : forall x y z,
(x =? y) = true -> (y =? z) = true -> (x =? z) = true.
Lemma eqb_ntrans : forall x y z,
(x =? y) = true -> (y =? z) = false -> (x =? z) = false.
Lemma eqb_ntrans' : forall x y z,
(x =? y) = false -> (y =? z) = true -> (x =? z) = false.
End DecidableType.
Module DecProd (A B:DecType) <: DecType.
Definition t : Type := A.t * B.t.
Lemma eq_dec : forall (p1 p2:t), {p1 = p2} + {p1 <> p2}.
End DecProd.
Local states
This is the state of a particular process. It maps the values in the process's local set of variables to values. The set of variables needs to be decidable.Module LState (V X : DecType).
Module Vdec := DecidableType V.
Module Xdec := DecidableType X.
Definition Value := V.t.
Definition Value_dec := Vdec.eqb.
Definition Var := X.t.
Definition Var_dec := Xdec.eqb.
Definition State := Var -> Value.
Definition eq_state (s s': State) : Prop := forall x, s x = s' x.
Lemma eq_state_neq : forall x s s', s x <> s' x -> ~ eq_state s s'.
Lemma eq_state_refl : reflexive _ eq_state.
Lemma eq_state_sym : symmetric _ eq_state.
Lemma eq_state_trans : transitive _ eq_state.
Add Parametric Relation : State eq_state
reflexivity proved by eq_state_refl
symmetry proved by eq_state_sym
transitivity proved by eq_state_trans
as eq_state_rel.
Definition update (s:State) (x:Var) (v:Value) : State :=
fun (y:Var) => if (Var_dec x y) then v else (s y).
Lemma update_read : forall s x v, update s x v x = v.
Lemma update_read'' : forall s x y v, x <> y ->
update s x v y = s y.
Lemma update_update : forall s x v w,
eq_state (update (update s x w) x v) (update s x v).
Lemma update_independent' : forall s x y v v', x <> y ->
eq_state (update (update s y v') x v) (update (update s x v) y v').
End LState.
Global states
These are states for a choreography, or for a network as a whole: they map each process name to its state. Note that all processes are required to use the same sets of variables and values.Module GState (P V X : DecType).
Module Import LSt := LState V X.
Module Pdec := DecidableType P.
Definition Pid := P.t.
Definition Pid_dec := Pdec.eqb.
Definition State := Pid -> LSt.State.
Equivalence of states
We now define equivalence up to a set of processes: we are often only interested in some of those.Definition eq_state (P : list Pid) (s: State) (s': State) : Prop :=
forall p, In p P -> LSt.eq_state (s p) (s' p).
Lemma eq_state_neq : forall p P (s s':State),
~LSt.eq_state (s p) (s' p) -> In p P -> ~ eq_state P s s'.
Lemma eq_state_nil : forall s s', eq_state nil s s'.
Lemma eq_state_cons : forall p P s s',
(LSt.eq_state (s p) (s' p)) -> eq_state P s s' -> eq_state (p::P) s s'.
Lemma eq_state_hd : forall p P s s',
eq_state (p::P) s s' -> LSt.eq_state (s p) (s' p).
Lemma eq_state_tl : forall p P s s',
eq_state (p::P) s s' -> eq_state P s s'.
Lemma eq_state_cons_iff : forall p P s s',
eq_state (p::P) s s' <-> (LSt.eq_state (s p) (s' p)) /\ eq_state P s s'.
Lemma eq_state_app : forall P P' s s',
eq_state P s s' -> eq_state P' s s' -> eq_state (P ++ P') s s'.
Lemma eq_state_split : forall P P' s s',
eq_state (P ++ P') s s' -> eq_state P s s' /\ eq_state P' s s'.
Lemma eq_state_refl : forall P, reflexive _ (eq_state P).
Lemma eq_state_sym : forall P, symmetric _ (eq_state P).
Lemma eq_state_trans : forall P, transitive _ (eq_state P).
Add Parametric Relation P : State (eq_state P)
reflexivity proved by (eq_state_refl P)
symmetry proved by (eq_state_sym P)
transitivity proved by (eq_state_trans P)
as eq_state_rel.
Definition update (s:State) (p:Pid) (x:Var) (v:Value) : State :=
fun (q:Pid) => if (Pid_dec p q) then (LSt.update (s p) x v)
else (s q).
Lemma update_read : forall s p x v, update s p x v p x = v.
Lemma update_read' : forall s p q x y v, p <> q ->
update s p x v q y = s q y.
Lemma update_read'' : forall s p q x y v, x <> y ->
update s p x v q y = s q y.
Lemma update_update : forall s p x v w P,
eq_state P (update (update s p x w) p x v) (update s p x v).
Lemma update_not_in : forall s p x v P,
~In p P -> eq_state P s (update s p x v).
Definition eq_state_ext (s s': State) : Prop :=
forall p, LSt.eq_state (s p) (s' p).
Lemma eq_state_ext_refl : forall s, eq_state_ext s s.
Lemma eq_state_ext_sym : forall s s', eq_state_ext s s' -> eq_state_ext s' s.
Lemma eq_state_ext_trans : forall s s' s'',
eq_state_ext s s' -> eq_state_ext s' s'' -> eq_state_ext s s''.
Lemma eq_state_ext_congr : forall s s' p x v,
eq_state_ext s s' -> eq_state_ext (update s p x v) (update s' p x v).
Lemma update_update_ext : forall s p x v1 v2,
eq_state_ext (update (update s p x v2) p x v1) (update s p x v1).
Lemma update_independent : forall s p q x y v v', p <> q ->
eq_state_ext (update (update s q y v') p x v) (update (update s p x v) q y v').
Lemma update_independent' : forall s p x y v v', x <> y ->
eq_state_ext (update (update s p y v') p x v) (update (update s p x v) p y v').
Ltac ESEr := apply eq_state_ext_refl.
Ltac ESEs := apply eq_state_ext_sym; auto.
Ltac ESEt x := apply eq_state_ext_trans with x; auto.
Ltac eESEt := eapply eq_state_ext_trans; eauto.
Ltac ESEc := apply eq_state_ext_congr.
End GState.
Evaluation
Evaluation is parameterized on the types of expressions and values. Decidability of expressions makes choreography equality decidable.Module Type Eval (Expression Vars Input Output : DecType).
Parameter eval : Expression.t -> (Vars.t -> Input.t) -> Output.t.
Parameter eval_wd : forall f f', (forall x, f x = f' x) ->
forall e, eval e f = eval e f'.
End Eval.
In both MC and SP, there are two modules of expressions - one
for values, one for Boolean expressions. Their shared properties
that depend on the state are proven in this module.
Module EvalState (Pid Expression Vars Input Output : DecType)
(Ev:Eval Expression Vars Input Output).
Module Export CSt := GState Pid Input Vars.
Expression evaluation on the state of a process
Consistency with state equivalence.
Lemma eval_eq : forall e s s' p, eq_state_ext s s' ->
eval_on_state e s p = eval_on_state e s' p.
Lemma eval_neq : forall e s p q x v, p <> q ->
eval_on_state e s p = eval_on_state e (update s q x v) p.
End EvalState.
Module Transitions (P V X R:DecType).
Module Export PSt := LState V X.
Module Export CSt := GState P V X.
Definition RecVar := R.t.
eval_on_state e s p = eval_on_state e s' p.
Lemma eval_neq : forall e s p q x v, p <> q ->
eval_on_state e s p = eval_on_state e (update s q x v) p.
End EvalState.
Module Transitions (P V X R:DecType).
Module Export PSt := LState V X.
Module Export CSt := GState P V X.
Definition RecVar := R.t.
Inductive TransitionLabel : Type :=
| L_Com (p:Pid) (v:Value) (q:Pid) : TransitionLabel
| L_Sel (p:Pid) (q:Pid) (l:Label) : TransitionLabel
| L_Tau (p:Pid) : TransitionLabel
.
Lemma TransitionLabel_eq_dec : forall (x y:TransitionLabel), {x=y}+{x<>y}.
The semantics uses a labeled transition system with more expressive labels.
Inductive RichLabel : Type :=
| R_Com (p:Pid) (v:Value) (q:Pid) (x:Var) : RichLabel
| R_Sel (p:Pid) (q:Pid) (l:Label) : RichLabel
| R_Cond (p:Pid) : RichLabel
| R_Call (X:RecVar) (p:Pid) : RichLabel
.
Lemma RichLabel_eq_dec : forall (x y:RichLabel), {x=y}+{x<>y}.
Definition tpn (t:RichLabel) : list Pid :=
match t with
| R_Com p v q _ => p::q::nil
| R_Sel p q l => p::q::nil
| R_Cond p => p::nil
| R_Call _ p => p::nil
end.
Definition forget (t:RichLabel) : TransitionLabel :=
match t with
| R_Com p v q _ => L_Com p v q
| R_Sel p q l => L_Sel p q l
| R_Cond p => L_Tau p
| R_Call _ p => L_Tau p
end.
Useful for rewriting in proofs.
Lemma forget_Com : forall x p v q, forget (R_Com p v q x) = L_Com p v q.
Lemma forget_Sel : forall p q l, forget (R_Sel p q l) = L_Sel p q l.
Lemma forget_Cond : forall p, forget (R_Cond p) = L_Tau p.
Lemma forget_Call : forall X p, forget (R_Call X p) = L_Tau p.
Lemma forget_Sel : forall p q l, forget (R_Sel p q l) = L_Sel p q l.
Lemma forget_Cond : forall p, forget (R_Cond p) = L_Tau p.
Lemma forget_Call : forall X p, forget (R_Call X p) = L_Tau p.
Disjointness between a process/list of processes and a label
- used for a lot of properties of the semantics, these lemmas
Definition disjoint_p_rl (p:Pid) (t:RichLabel) : Prop :=
match t with
| R_Com r _ s _ => p <> r /\ p <> s
| R_Sel r s _ => p <> r /\ p <> s
| R_Cond r => p <> r
| R_Call _ r => p <> r
end.
Fixpoint disjoint_ps_rl (ps:list Pid) (t:RichLabel) : Prop :=
match ps with
| nil => True
| p::ps' => disjoint_p_rl p t /\ disjoint_ps_rl ps' t
end.
Lemma disjoint_ps_rl_In p ps t :
In p ps -> disjoint_ps_rl ps t -> disjoint_p_rl p t.
Lemma disjoint_ps_Sel : forall p q l ps,
disjoint_ps_rl ps (R_Sel p q l) -> disjoint (p::q::nil) ps.
Lemma disjoint_ps_Com : forall p v q x ps,
disjoint_ps_rl ps (R_Com p v q x) -> disjoint (p::q::nil) ps.
Lemma disjoint_ps_Cond : forall p ps,
disjoint_ps_rl ps (R_Cond p) -> ~In p ps.
Lemma disjoint_ps_Call : forall p ps X,
disjoint_ps_rl ps (R_Call X p) -> ~In p ps.
Lemma disjoint_ps_char : forall ps tl,
(forall p, In p ps -> disjoint_p_rl p tl) -> disjoint_ps_rl ps tl.
Lemma disjoint_ps_remove : forall p ps tl, disjoint_ps_rl ps tl ->
disjoint_ps_rl (set_remove' P.eq_dec p ps) tl.
End Transitions.