 12 Dec, 2016 16 commits


Robbert Krebbers authored
Also:  Remove the wp_strip_later hack.  Let wp_lam, wp_rec, wp_... initiate the proof mode.


Ralf Jung authored

Robbert Krebbers authored

Robbert Krebbers authored
I also renamed `iProof` into `iStartProof`, as it is supposed to be something internal, and not a substitute of Coq's `Proof` command (as originally intended).

Ralf Jung authored

Ralf Jung authored

Ralf Jung authored

Ralf Jung authored

Ralf Jung authored

Ralf Jung authored
Fix a typo in constructions.tex x_1 should be a_1 See merge request !35

Ralf Jung authored

Ralf Jung authored

Ralf Jung authored

Ralf Jung authored

Ralf Jung authored

 11 Dec, 2016 1 commit


Dan Frumin authored

 09 Dec, 2016 21 commits


Ralf Jung authored

Ralf Jung authored
Really, *all* of our files contain proof rules

Ralf Jung authored
Use agree instead of dec_agree This demonstrates that a listbased agreement could work, and form an OFE. I didn't bother to prove all the functor laws. Man, this reasoning with about the lists is annoying^^. What I don't like about this is that uninjection (`agree_car`) is only nonexpansive for valid elements. I want to try using a different equivalence relation, maybe I can find one where this works. Cc @jjourdan @robbertkrebbers See merge request !22

Ralf Jung authored
Thanks to Robbert for fixing gen_heap

Robbert Krebbers authored

Robbert Krebbers authored

JacquesHenri Jourdan authored

JacquesHenri Jourdan authored

Ralf Jung authored

Robbert authored
State invariants in WP and the dead of heap_ctx. This merge request changes the WP construction so that it takes _state interpretation_ as its parameter (part of the `irisG` type class), instead of building in the authoritative ownership of the entire state. When instantiating WP with a concrete language, one can choose the state interpretation. For example, for `heap_lang` we directly use `auth (gmap loc (frac * dec_agree val))`, and avoid the indirection through an invariant managing ownership of the entire state. As a result, we no longer have to carry around `heap_ctx`. See merge request !25

JacquesHenri Jourdan authored

Robbert Krebbers authored

Robbert Krebbers authored

Robbert Krebbers authored

Robbert Krebbers authored

Robbert Krebbers authored

Robbert Krebbers authored

Robbert Krebbers authored

Robbert Krebbers authored
The WP construction now takes an invariant on states as a parameter (part of the irisG class) and no longer builds in the authoritative ownership of the entire state. When instantiating WP with a concrete language on can choose its state invariant. For example, for heap_lang we directly use `auth (gmap loc (frac * dec_agree val))`, and avoid the indirection through invariants entirely. As a result, we no longer have to carry `heap_ctx` around.

Robbert Krebbers authored
We typically use the _1 and _2 suffix to denote individual directions of a lemmas that is a biimplication.

Ralf Jung authored

 08 Dec, 2016 2 commits


Robbert Krebbers authored

Robbert Krebbers authored
case H; clear H would fail when H is dependent whereas destruct H would succeed on that, but just not clear it.
