 07 Apr, 2017 1 commit


JacquesHenri Jourdan authored

 24 Mar, 2017 1 commit


Robbert Krebbers authored
Instead, I have introduced a type class `Monoid` that is used by the big operators: Class Monoid {M : ofeT} (o : M → M → M) := { monoid_unit : M; monoid_ne : NonExpansive2 o; monoid_assoc : Assoc (≡) o; monoid_comm : Comm (≡) o; monoid_left_id : LeftId (≡) monoid_unit o; monoid_right_id : RightId (≡) monoid_unit o; }. Note that the operation is an argument because we want to have multiple monoids over the same type (for example, on `uPred`s we have monoids for `∗`, `∧`, and `∨`). However, we do bundle the unit because:  If we would not, the unit would appear explicitly in an implicit argument of the big operators, which confuses rewrite. By bundling the unit in the `Monoid` class it is hidden, and hence rewrite won't even see it.  The unit is unique. We could in principle have big ops over setoids instead of OFEs. However, since we do not have a canonical structure for bundled setoids, I did not go that way.

 09 Feb, 2017 3 commits


Robbert Krebbers authored

Robbert Krebbers authored

Robbert Krebbers authored

 27 Jan, 2017 1 commit


Ralf Jung authored

 05 Jan, 2017 1 commit


Ralf Jung authored

 03 Jan, 2017 1 commit


Ralf Jung authored
This patch was created using find name *.v  xargs L 1 awk i inplace '{from = 0} /^From/{ from = 1; ever_from = 1} { if (from == 0 && seen == 0 && ever_from == 1) { print "Set Default Proof Using \"Type*\"."; seen = 1 } }1 ' and some minor manual editing

 09 Dec, 2016 2 commits
 29 Nov, 2016 2 commits


Robbert Krebbers authored

Robbert Krebbers authored
The rewrite auth_validN_eq was not performed in the hypothesis. It used to work in 8.5 because of magic.

 28 Nov, 2016 2 commits


Robbert Krebbers authored
Also, use explicit unfolding lemmas for auth_valid and auth_validN. The `Arguments valid _ _ !_ /` hack did not really work when one has to deal with the valid instance of the cmra, which underneath also includes a `cmra_valid`. Declaring a similar Arguments for `cmra_valid` is a bad idea, it will also end up unfold stuff for the exclusive and option CMRA.

Ralf Jung authored
Proof was done by Hai & me

 25 Nov, 2016 1 commit


Robbert Krebbers authored

 22 Nov, 2016 1 commit


Ralf Jung authored
Use COFEs only for the recursive domain equation solver

 25 Oct, 2016 1 commit


Robbert Krebbers authored

 06 Oct, 2016 1 commit


Robbert Krebbers authored

 05 Oct, 2016 1 commit


Robbert Krebbers authored

 03 Oct, 2016 1 commit


Robbert Krebbers authored

 28 Sep, 2016 1 commit


Robbert Krebbers authored
This allows us to factor out properties about connectives that commute with the big operators.

 20 Sep, 2016 1 commit


Robbert Krebbers authored

 09 Sep, 2016 1 commit


Robbert Krebbers authored

 01 Sep, 2016 1 commit


Robbert Krebbers authored

 20 Aug, 2016 1 commit


Robbert Krebbers authored
This requirement was useful in Iris 2.0: in order to ensure that ownership of the physical state was timeless, we required the ghost CMRA to have a timeless unit. To avoid having additional type class parameters, or having to extend the algebraic hierarchy, we required the units of any CMRA to be timeless. In Iris 3.0, this issue no longer applies: ownership of the physical state is ghost ownership in the global CMRA, whose unit is always timeless. Thanks to Jeehoon Kang for spotting this unnecessary requirement.

 14 Aug, 2016 1 commit


Robbert Krebbers authored
This is more consistent with the definition of the extension order, which is also defined in terms of an existential.

 04 Aug, 2016 1 commit


Robbert Krebbers authored

 28 Jul, 2016 1 commit


Robbert Krebbers authored

 27 Jul, 2016 1 commit


Robbert Krebbers authored

 25 Jul, 2016 2 commits


Ralf Jung authored

Robbert Krebbers authored

 03 Jul, 2016 1 commit


Robbert Krebbers authored

 16 Jun, 2016 2 commits


Robbert Krebbers authored
This is to avoid confusion with ghost_ownership.own.

Robbert Krebbers authored

 15 Jun, 2016 1 commit


Robbert Krebbers authored

 31 May, 2016 1 commit


Robbert Krebbers authored
be the same as
↔ . This is a fairly intrusive change, but at least makes notations more consistent, and often shorter because fewer parentheses are needed. Note that viewshifts already had the same precedence as →.

 30 May, 2016 1 commit


Robbert Krebbers authored

 28 May, 2016 1 commit


Robbert Krebbers authored
Based on an idea and WIP commits of JH. Jourdan: the core of a CMRA A is now a partial function A → option A. TODO: define sum CMRA TODO: remove one shot CMRA and define it in terms of sum

 27 May, 2016 1 commit


Robbert Krebbers authored

 25 May, 2016 1 commit


Robbert Krebbers authored
 Make the carrier argument of the constructors for the canonical structures cofeT and cmraT explicit. This way we make sure the carrier is properly exposed, instead of some alias of the carrier.  Make derived constructions (such as discreteC and discreteR) notations instead of definitions. This is yet again to make sure that the carrier is properly exposed.  Turn DRA into a canonical structure (it used to be a type class). This fixes some issues, notably it fixes some broken rewrites in algebra/sts and it makes canonical structures work properly with dec_agree.
