logically atomic triples: add private postcondition (!956) · Merge requests · Iris / Iris

Ralf Jung requested to merge ralf/atomic-private-post into master Jul 26, 2023

This is needed for examples!59.

The notation looks like this:

<<{ ∀∀ x, atomic_pre x }>> code @ ∅ <<{ ∃∃ y, atomic_post x y | z, RET val; private_post x y z }>>

To make this consistent with the triples without private postcondition, their notation changes as follows:

<<{ ∀∀ x, atomic_pre x }>> code @ ∅ <<{ ∃∃ y, atomic_post x y | z, RET val }>>

This also better reflects that the return value doesn't "happen" with the linearization point. However, it is a breaking change.

Fixes #473 (closed) by changing the parentheses.

Edited Sep 26, 2023 by Ralf Jung

logically atomic triples: add private postcondition