The rationale is that, just like the always lemmas about uPred and the frame-preserving updates for maps and iprdos, the versions with the ' are the "more specific" versions, hard-coding more assumptions in the shape of their conclusion.

thanks to Christian Doczkal <doczkal@ps.uni-saarland.de> for the Makefile snippet!

Also do some minor clean up.

tests.v is temporarily broken

Before they were not, for example:

  Check ('10 + '10 )%L.           (* prints ('10 + '10)%L *)
  Eval simpl in ('10 + '10 )%L.   (* prints (Lit 10 + Lit 10)%L *)

The notation added by this comment is ambigious, for example the
notation '10 + '10 is used for both:

  BinOp PlusOp (Lit (LitNat 10)) (Lit (LitNat 10))
  BinOp PlusOp (of_val (LitV (LitNat 10))) (of_val (LitV (LitNat 10)))

But fortunatelly, these terms are convertible.

Note that literals 'x are now parsed as values (as a LitV), but still
pretty printed when they appear as expressions (as a Lit).

globalC -> globalF
New notation: iPropG, iFunctorG

Introduce the notion of "Frame Shift Assertions", and use to prove the rules about inv and auth at once for pvs and wp

Yeah, the name is horrible... but on the plus side, I think it should be possible to show that atomic triples and atomic shifts are also frame shift assertions, and then we get all this stuff for them for free.

This reverts commit 24fa20e5.

Although these symmetric variants sometimes look "better", they
are really annoying and should IMHO never be used:

1.) For lemmas there is now a choice between >= and <=. Since there is
no longer a canonical choice, it is very easy to introduce a lot of
inconsistencies in statements of lemmas.

2.) For automation the situation becomes annoying, you have to built in
stuff for both >= and <=. That is very error-prone.

3.) For N and Z the notions x <= y and y >= x are not even convertible!
That means that done/by does not solve x <= y if you have y >= x and if
avoids you applying certain lemmas.