Add impersonate combinators.

Author: gebner

lib/common/Pulse.Lib.Core.fsti

@@ -459,6 +459,23 @@ val on_star_eq l a b : squash (on l (a ** b) == on l a ** on l b)
 val on_on_eq l1 l2 a : squash (on l1 (on l2 a) == on l2 a)
 val on_loc_eq l1 l2 : squash (on l1 (loc l2) == pure (l1 == l2))
 
+inline_for_extraction
+[@@deprecated "impersonate_core is unsound; only use for model implementations";
+  extract_as (`(fun (#a:Type0) () () () (f: unit -> Dv a) -> f ()))]
+val impersonate_core #a
+  (l: loc_id) (pre: slprop) (post: a -> slprop)
+  (f: unit -> stt a pre (fun x -> post x))
+  : stt a (on l pre) (fun x -> on l (post x))
+
+inline_for_extraction
+[@@deprecated "atomic impersonate_core is unsound; only use for model implementations";
+  extract_as (`(fun (#a:Type0) () () () () () (f: unit -> Dv a) -> f ()))]
+val atomic_impersonate_core #a
+  (#[T.exact (`emp_inames)] is: inames) #obs
+  (l: loc_id) (pre: slprop) (post: a -> slprop)
+  (f: unit -> stt_atomic a #obs is pre (fun x -> post x))
+  : stt_atomic a #obs is (on l pre) (fun x -> on l (post x))
+
 val ghost_impersonate_core
   (#[T.exact (`emp_inames)] is: inames)
   (l: loc_id) (pre post: slprop)

lib/core/Pulse.Lib.Core.fst

@@ -202,6 +202,8 @@ let on_star_eq = Sep.on_star_eq
 let on_on_eq = Sep.on_on_eq
 let on_loc_eq = Sep.on_loc_eq
 
+let impersonate_core l pre post f = PulseCore.Action.impersonate_stt l (f ())
+let atomic_impersonate_core l pre post f = A.impersonate_atomic l (f ())
 let ghost_impersonate_core l pre post f = A.impersonate_ghost l (f ())
 
 //////////////////////////////////////////////////////////////////////////

lib/pulse/lib/Pulse.Lib.Send.fst

@@ -52,6 +52,79 @@ ghost fn placeless_on (l: loc_id) (p: slprop) : placeless (on l p) = l1 l2 {
   on_on_eq l2 l p; rewrite on l p as on l2 (on l p);
 }
 
+[@@deprecated "impersonate is unsound; only use for model implementations"]
+noextract inline_for_extraction
+fn impersonate
+    u#a (a: Type u#a)
+    (l: loc_id) (pre: slprop) (post: a -> slprop)
+    {| placeless pre, ((x:a) -> placeless (post x)) |}
+    (f: unit -> stt a (loc l ** pre) (fun x -> loc l ** post x))
+  requires pre
+  returns x: a
+  ensures post x
+{
+  on_loc_eq l l; rewrite pure (l == l) as on l (loc l);
+  placeless_on_intro pre l;
+  on_star_eq l (loc l) pre; rewrite on l (loc l) ** on l pre as on l (loc l ** pre);
+  let x = impersonate_core l (loc l ** pre) post fn _ {
+    let x = f ();
+    drop_ (loc l);
+    x
+  };
+  placeless_on_elim (post x) l;
+  x
+}
+
+[@@deprecated "atomic_impersonate is unsound; only use for model implementations"]
+noextract inline_for_extraction
+atomic fn atomic_impersonate
+    u#a (a: Type u#a)
+    (#[T.exact (`emp_inames)] is: inames)
+    (l: loc_id) (pre: slprop) (post: a -> slprop)
+    {| placeless pre, ((x:a) -> placeless (post x)) |}
+    (f: unit -> stt_atomic a is (loc l ** pre) (fun x -> loc l ** post x))
+  opens is
+  requires pre
+  returns x: a
+  ensures post x
+{
+  on_loc_eq l l; rewrite pure (l == l) as on l (loc l);
+  placeless_on_intro pre l;
+  on_star_eq l (loc l) pre; rewrite on l (loc l) ** on l pre as on l (loc l ** pre);
+  let x = atomic_impersonate_core #a #is #Observable l (loc l ** pre) post fn _ {
+    let x = f ();
+    drop_ (loc l);
+    x
+  };
+  placeless_on_elim (post x) l;
+  x
+}
+
+[@@deprecated "unobservable_impersonate is unsound; only use for model implementations"]
+noextract inline_for_extraction
+unobservable fn unobservable_impersonate
+    u#a (a: Type u#a)
+    (#[T.exact (`emp_inames)] is: inames)
+    (l: loc_id) (pre: slprop) (post: a -> slprop)
+    {| placeless pre, ((x:a) -> placeless (post x)) |}
+    (f: unit -> stt_atomic a #Neutral is (loc l ** pre) (fun x -> loc l ** post x))
+  opens is
+  requires pre
+  returns x: a
+  ensures post x
+{
+  on_loc_eq l l; rewrite pure (l == l) as on l (loc l);
+  placeless_on_intro pre l;
+  on_star_eq l (loc l) pre; rewrite on l (loc l) ** on l pre as on l (loc l ** pre);
+  let x = atomic_impersonate_core #a #is #Neutral l (loc l ** pre) post fn _ {
+    let x = f ();
+    drop_ (loc l);
+    x
+  };
+  placeless_on_elim (post x) l;
+  x
+}
+
 ghost fn ghost_impersonate
     (#[T.exact (`emp_inames)] is: inames)
     (l: loc_id) (pre post: slprop) {| placeless pre, placeless post |}

lib/pulse/lib/Pulse.Lib.Send.fsti

@@ -17,6 +17,7 @@
 module Pulse.Lib.Send
 open Pulse.Lib.Core
 open Pulse.Class.Duplicable
+open PulseCore.Observability
 open Pulse.Main
 module T = FStar.Tactics.V2
 #lang-pulse
@@ -31,6 +32,43 @@ irreducible let anywhere (l: loc_id) = ()
 type placeless (p: slprop) =
   is_send_across anywhere p
 
+[@@deprecated "impersonate is unsound; only use for model implementations"]
+noextract inline_for_extraction
+fn impersonate
+    u#a (a: Type u#a)
+    (l: loc_id) (pre: slprop) (post: a -> slprop)
+    {| placeless pre, ((x:a) -> placeless (post x)) |}
+    (f: unit -> stt a (loc l ** pre) (fun x -> loc l ** post x))
+  requires pre
+  returns x: a
+  ensures post x
+
+[@@deprecated "atomic_impersonate is unsound; only use for model implementations"]
+noextract inline_for_extraction
+atomic fn atomic_impersonate
+    u#a (a: Type u#a)
+    (#[T.exact (`emp_inames)] is: inames)
+    (l: loc_id) (pre: slprop) (post: a -> slprop)
+    {| placeless pre, ((x:a) -> placeless (post x)) |}
+    (f: unit -> stt_atomic a is (loc l ** pre) (fun x -> loc l ** post x))
+  opens is
+  requires pre
+  returns x: a
+  ensures post x
+
+[@@deprecated "unobservable_impersonate is unsound; only use for model implementations"]
+noextract inline_for_extraction
+unobservable fn unobservable_impersonate
+    u#a (a: Type u#a)
+    (#[T.exact (`emp_inames)] is: inames)
+    (l: loc_id) (pre: slprop) (post: a -> slprop)
+    {| placeless pre, ((x:a) -> placeless (post x)) |}
+    (f: unit -> stt_atomic a #Neutral is (loc l ** pre) (fun x -> loc l ** post x))
+  opens is
+  requires pre
+  returns x: a
+  ensures post x
+
 ghost fn ghost_impersonate
     (#[T.exact (`emp_inames)] is: inames)
     (l: loc_id) (pre post: slprop) {| placeless pre, placeless post |}