 26 Aug, 2016 1 commit


Zhen Zhang authored

 25 Aug, 2016 12 commits


Robbert Krebbers authored

Ralf Jung authored

Robbert Krebbers authored
NB: these scopes delimiters were already there before Janno's a0067662.

Robbert Krebbers authored

Robbert Krebbers authored

Janno authored

Robbert Krebbers authored

Robbert Krebbers authored

Robbert Krebbers authored
Following the time anology of later, the stepindex 0 corresponds does not correspond to 'now', but rather to the end of time (i.e. 'last').

Robbert Krebbers authored

Robbert Krebbers authored

Robbert Krebbers authored
Make names more consistent with the rest of the development, make definitions type classes opaque so that the proofmode does not unfold then, declare timeless, persistent and proper instances.

 24 Aug, 2016 15 commits


Robbert Krebbers authored

Robbert Krebbers authored

Robbert Krebbers authored

Robbert Krebbers authored

Ralf Jung authored

Ralf Jung authored

Ralf Jung authored

JacquesHenri Jourdan authored

Zhen Zhang authored

Zhen Zhang authored

Zhen Zhang authored
unfolded logically atomic triple The definition is a bit funky now to hack together something fast. See demo section for an example of application. cc @dreyer @jung @robbertkrebbers @jjourdan See merge request !7

Zhen Zhang authored

Robbert Krebbers authored

Robbert Krebbers authored
This is allowed as long as one of the conjuncts is thrown away (i.e. is a wildcard _ in the introduction pattern). It corresponds to the principle of "external choice" in linear logic.

Robbert Krebbers authored

 23 Aug, 2016 3 commits


Robbert Krebbers authored
Also, since do_head_step no longer has a purpose, I have removed it and just use a bunch of eauto hints.

Robbert Krebbers authored

Robbert Krebbers authored

 22 Aug, 2016 9 commits


Robbert Krebbers authored

Robbert Krebbers authored
This implements issue #3.

Robbert Krebbers authored
This is more consistent with CAS, which also can be used on any value. Note that being able to (atomically) test for equality of any value and being able to CAS on any value is not realistic. See the discussion at https://gitlab.mpisws.org/FP/iriscoq/issues/26, and in particular JH Jourdan's observation: I think indeed for heap_lang this is just too complicated. Anyway, the role of heap_lang is not to model any actual programming language, but rather to show that we can do proofs about certain programs. The fact that you can write unrealistic programs is not a problem, IMHO. The only thing which is important is that the program that we write are realistic (i.e., faithfully represents the algorithm we want to p This commit is based on a commit by Zhen Zhang who generalized equality to work on any literal (and not just integers).

Robbert Krebbers authored

Robbert Krebbers authored
Since [inG] ranges over [cmraT]s, using an [ucmraT]s results in [ucmra_cmraR] coercions that slow down type checking. This commit improves the compilation time of thread_local.v by 40%.

JacquesHenri Jourdan authored
By using the global ghost maps instead of our own ones.

Robbert Krebbers authored
The previous commit is not really necesarry anymore, but my proof for UIP of types with decidable equality is a bit more general, so I won't revert it.

Robbert Krebbers authored
This way we get rid of the (unused) axiom eq_rect_eq reported by coqchk.

Ralf Jung authored
