Commit 6de81061 authored by David Swasey's avatar David Swasey

Added (optional) safety. It's optional for my work on security

protocols where I want to prove something called robust safety.
Ironically, to even state robust safety requires Hoare triples that
don't imply safety. So Iris supports both {P} e {Q} (implying safety)
and [P] e [Q] (not). I'll add a rule for forgetting about safety:

	{P} e {Q}
	— Unsafe
	[P] e [Q]

some time soon.

Aside: I'm an SSReflect weenie and know next to nothing about the
usual Coq tactics. My proof script changes likely reflect that fact.
parent 576860d0
This diff is collapsed.
Markdown is supported
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment