 20 Apr, 2018 1 commit


Also, remove the inconsistency that `wp_expr_eval` succeeds on a goal that is not a WP.

 19 Mar, 2018 1 commit


 20 Feb, 2018 1 commit


We now use the `Maybe` prefix as also used for `Frame`: it indicates whether progress has been made by stripping of a later or not.

 23 Jan, 2018 1 commit


This is to make sure that e.g. `//` in `iEval (rewrite .. // ..)` does not immediately close the goal by reflexivity.

 13 Jan, 2018 1 commit


 31 Dec, 2017 2 commits


 07 Dec, 2017 1 commit


 05 Dec, 2017 2 commits


 30 Nov, 2017 5 commits


 24 Nov, 2017 3 commits


 23 Nov, 2017 1 commit


 09 Nov, 2017 3 commits


David Swasey authored
This reverts commit 913059d2.

 08 Nov, 2017 3 commits


 05 Nov, 2017 1 commit


 01 Nov, 2017 2 commits


This solves issue #100: the proof mode notation is sometimes not printed. As Ralf discovered, the problem is that there are two overlapping notations: ```coq Notation "P ⊢ Q" := (uPred_entails P Q). ``` And the "proof mode" notation: ``` Notation "Γ '' □ Δ '' ∗ Q" := (of_envs (Envs Γ Δ) ⊢ Q%I). ``` These two notations overlap, so, when having a "proof mode" goal of the shape `of_envs (Envs Γ Δ) ⊢ Q%I`, how do we know which notation is Coq going to pick for pretty printing this goal? As we have seen, this choice depends on the import order (since both notations appear in different files), and as such, Coq sometimes (unintendedly) uses the first notation instead of the latter. The idea of this commit is to wrap `of_envs (Envs Γ Δ) ⊢ Q%I` into a definition so that there is no ambiguity for the pretty printer anymore.

This class, in combination with `TCForall`, turns out the useful in LambdaRust to express that lists of expressions are values.

 25 Sep, 2017 10 commits


This problem has been reported by Léon Gondelman. Before, when using, for example wp_alloc, in an expression like: ref (ref v) It would apply `tac_wp_alloc` to the outermost ref, after which it fails to establish that the argument `ref v` is a value. In this commit, other evaluation positions will be tried whenever it turn out that the argument of the construct is not a value. The same applies to store/cas/... I have implemented this by making use of the new `IntoVal` class.

This way `IntoLaterNEnvs` is ought to be computed less frequently

The tactic was doing something weird and only once used.

 Get rid of wp_finish, which was a hack.  Write the wp_ tactics for stateful steps in the same style as wp_pure, i.e. by taking the context into account.  Make use of the context K in wp_pure.

Instead of writing a separate tactic lemma for each pure reduction, there is a single tactic lemma for performing all of them. The instances of PureExec can be shared between WP tactics and, e.g. symbolic execution in the ghost threadpool

 09 Sep, 2017 1 commit


 28 Aug, 2017 1 commit


We now first iPoseProof the lemma and instantiate its premises before trying to search for the subterm where to apply. As a result, instantiation of the premises of the applied lemmas happens only once, instead of it being done for each subterm as obtained by reshape_expr.
