GitLab

This allows us to factor out properties about connectives that
commute with the big operators.

This way we can use uPred_valid for validity of uPreds, which
more sense.

Annoyingly, this requires one to prove the following in the model:

  (∀ x : A, ■ φ x) ⊢ ■ (∀ x : A, φ x)

Thanks to Ranald Clouston for suggesting the axiom:

  ▷ P ⊢ ▷ False ∨ (▷ False → P)

This axiom is used to prove timeless of implication, wand and forall.

Timelessness of the pure and ownM connectives is still proven in the model, but
we first state the property in a way that it does not involved derived notions
(like the except_last modality).

It is unused, and ownM_empty is stronger.

For that we need a slightly stronger property for distributing a later
over an existential quantifier.

Following the time anology of later, the step-index 0 corresponds does
not correspond to 'now', but rather to the end of time (i.e. 'last').

This is more consistent with the definition of the extension order, which
is also defined in terms of an existential.

It is not non-expansive, so not a function we should use.

This commit reverts cdce49a7, which turns out to be no longer useful,
and which I thus no longer wish to maintain.

And make it Typeclasses Opaque to ensure that we indeed do not do
so using the proof mode.

Prove some properties about it, and define timeless in terms of it,
and factor this notion out of raw view shifts.

show that even \later^n False is inconsistent (for any fixed n); properly use pvs in counter_examples

This is more consistent with the proofmode, where we also call it pure.