 05 Aug, 2016 2 commits


Robbert Krebbers authored
Also make those for introduction and elimination more symmetric: !% pure introduction % pure elimination !# always introduction # always elimination !> later introduction > pat timeless later elimination !==> view shift introduction ==> pat view shift elimination

Robbert Krebbers authored
This commit features:  A simpler model. The recursive domain equation no longer involves a triple containing invariants, physical state and ghost state, but just ghost state. Invariants and physical state are encoded using (higherorder) ghost state.  (Primitive) view shifts are formalized in the logic and all properties about it are proven in the logic instead of the model. Instead, the core logic features only a notion of raw view shifts which internalizing performing frame preserving updates.  A better behaved notion of mask changing view shifts. In particular, we no longer have sideconditions on transitivity of view shifts, and we have a rule for introduction of mask changing view shifts ={E1,E2}=> P with E2 ⊆ E1 which allows to postpone performing a view shift.  The weakest precondition connective is formalized in the logic using Banach's fixpoint. All properties about the connective are proven in the logic instead of directly in the model.  Adequacy is proven in the logic and uses a primitive form of adequacy for uPred that only involves raw views shifts and laters. Some remarks:  I have removed binary view shifts. I did not see a way to describe all rules of the new mask changing view shifts using those.  There is no longer the need for the notion of "frame shifting assertions" and these are thus removed. The rules for Hoare triples are thus also stated in terms of primitive view shifts. TODO:  Maybe rename primitive view shift into something more sensible  Figure out a way to deal with closed proofs (see the commented out stuff in tests/heap_lang and tests/barrier_client).

 28 Jul, 2016 1 commit


Robbert Krebbers authored
The new implementation ensures that type class arguments are only infered in the very end. This avoids the need for the inG hack in a0348d7c.

 20 Jul, 2016 1 commit


Robbert Krebbers authored
Both ndot and nclose involve encodings of countable types, and conversion should thus never unfold these definitions.

 13 Jul, 2016 1 commit


Robbert Krebbers authored
The intropattern {H} also meant clear (both in ssreflect, and the logic part of the introduction pattern).

 17 Jun, 2016 2 commits


Robbert Krebbers authored

Robbert Krebbers authored
Fixes issue #20.

 16 Jun, 2016 1 commit


Robbert Krebbers authored
This introduces n hypotheses and destructs the nth one.

 01 Jun, 2016 2 commits


Robbert Krebbers authored

Robbert Krebbers authored

 31 May, 2016 2 commits


Robbert Krebbers authored
be the same as
↔ . This is a fairly intrusive change, but at least makes notations more consistent, and often shorter because fewer parentheses are needed. Note that viewshifts already had the same precedence as →. 
Robbert Krebbers authored
It used to be: (P ={E}=> Q) := (True ⊢ (P → ={E}=> Q)) Now it is: (P ={E}=> Q) := (P ⊢ ={E}=> Q)

 25 May, 2016 1 commit


Ralf Jung authored
The good news is, this one works without FSAs, and it can be applied around the "view shift with a step"thing. Furthermore, the FSA lemma can be derived from the new one. The bad news is, the FSA lemma proof doesn't even get shorter in doing this change.

 07 May, 2016 1 commit


Robbert Krebbers authored

 19 Apr, 2016 1 commit


Robbert Krebbers authored
That way, we do not have useless type annotations of the form "v : language.val heap_lang" cluttering about any goal. Note, that we could decide to eta expand everywhere (as we do for ∀ and ∃), and use the notation "WP e {{ Q }}" for "wp e ⊤ (λ _, Q)".

 11 Apr, 2016 1 commit


Robbert Krebbers authored

 16 Mar, 2016 1 commit


Robbert Krebbers authored

 15 Mar, 2016 2 commits


Robbert Krebbers authored

Robbert Krebbers authored

 11 Mar, 2016 2 commits


Ralf Jung authored

Robbert Krebbers authored

 10 Mar, 2016 3 commits


Ralf Jung authored

Ralf Jung authored

Robbert Krebbers authored
Thanks to Amin Timany for the suggestion.

 07 Mar, 2016 1 commit


Ralf Jung authored
Add both nonexpansive and contractive functors, and bundle them for the general Iris instance as well as the global functor construction This allows us to move the \later in the userdefined functor to any place we want. In particular, we can now have "\later (iProp > iProp)" in the ghost CMRA.

 05 Mar, 2016 1 commit


Ralf Jung authored

 04 Mar, 2016 1 commit


Ralf Jung authored

 02 Mar, 2016 1 commit


Robbert Krebbers authored
This cleans up some adhoc stuff and prepares for a generalization of saved propositions.

 19 Feb, 2016 2 commits


Robbert Krebbers authored

Robbert Krebbers authored

 18 Feb, 2016 2 commits


Ralf Jung authored

Robbert Krebbers authored
This avoids ambiguity with P and Q that we were using before for both uPreds/iProps and indexed uPreds/iProps.

 17 Feb, 2016 1 commit


Robbert Krebbers authored
It is doing much more than just dealing with ∈, it solves all kinds of goals involving set operations (including ≡ and ⊆).

 16 Feb, 2016 3 commits


Robbert Krebbers authored
Now that there is more of it, it deserves its own place :).

Robbert Krebbers authored
Also, put stuff in a section.

Ralf Jung authored

 14 Feb, 2016 1 commit


Ralf Jung authored

 13 Feb, 2016 3 commits


Robbert Krebbers authored

Robbert Krebbers authored
Also, make our redefinition of done more robust under different orders of Importing modules.

Ralf Jung authored
change statement of invopen lemmas such that they do not force the invariant, and the 'inner step', to appear right next to each other
