 19 Feb, 2015 1 commit


David Swasey authored
(I've seen ↓a before for validity, …)

 18 Feb, 2015 6 commits
 17 Feb, 2015 4 commits
 16 Feb, 2015 1 commit


David Swasey authored
Simplified adv, defining it with ownL. Proof of concept for a friendly interface that (if it works) lets the user set up an invariant and prove view shifts and atomic triples for primitive reductions, rather than work in the model. (It should work, but I have to merge my two proofs to make sure.)

 15 Feb, 2015 3 commits
 14 Feb, 2015 2 commits
 13 Feb, 2015 3 commits


David Swasey authored

Ralf Jung authored

Ralf Jung authored
improve n[] notation for nonexpansive maps: the proof of Proper is no longer required, it can be derived from nonexpansiveness

 11 Feb, 2015 3 commits
 09 Feb, 2015 3 commits
 05 Feb, 2015 8 commits


Ralf Jung authored

Ralf Jung authored
This reverts commit 608fe86e22b912d9d591cd2d0c4e2943b1abe6ce.

David Swasey authored

David Swasey authored

David Swasey authored

Ralf Jung authored

Ralf Jung authored

David Swasey authored

 04 Feb, 2015 5 commits


David Swasey authored

Ralf Jung authored

David Swasey authored
protocols where I want to prove something called robust safety. Ironically, to even state robust safety requires Hoare triples that don't imply safety. So Iris supports both {P} e {Q} (implying safety) and [P] e [Q] (not). I'll add a rule for forgetting about safety: {P} e {Q} — Unsafe [P] e [Q] some time soon. Aside: I'm an SSReflect weenie and know next to nothing about the usual Coq tactics. My proof script changes likely reflect that fact.

David Swasey authored

David Swasey authored

 03 Feb, 2015 1 commit


Ralf Jung authored
