-
Notifications
You must be signed in to change notification settings - Fork 243
Cheap functors
Right now, if both Y.fsti and Y.fst exist, then fstar Y.fst will check the interleaving of Y.fst and Y.fsti (see F★ interfaces (split file, more complicated version)).
Assume the existence of Y.fst, I.fsti, F.fst, and M.fst. The proposal is as follows.
Y.fst:
module Y: I
// contents of module Y
Semantics: fstar Y.fst will check the interleaving of Y.fst and I.fsti.
Any reference to Y from another module will figure out that Y has been ascribed to I; such a reference "sees" I, not the implementation of Y. (JP: dubious)
F.fst:
module F(X: I)
X is a name, I is a reference to I.fsti.
Semantics: this is desugared to
module F
module X = I
M.fst:
module M = F(Y)
Semantics: this desugars to
module M
[Y/X]F // substitute Y for X in F
or more prosaically:
module M
module X = Y
// contents of F
module Y: K
(check that it implements the most precise interface)
Then, this just performs an interleaving, provided that (and this is unchecked) I, J and K are a succession of refinements:
module F(X: I)
module M = F(Y)
If we want to use multiple heap models, then each one of them has to define its own reference type. In particular, for hyperheaps, we would need to upgrade to a dependent pair of a reference and the region it lives in. This would be some non-trivial amount of work.