 09 Jan, 2018 1 commit


Jonas Kastberg Hinrichsen authored

 18 Dec, 2017 1 commit


Jonas Kastberg Hinrichsen authored

 07 Dec, 2017 1 commit


Ralf Jung authored

 05 Dec, 2017 2 commits


Robbert Krebbers authored

Ralf Jung authored

 30 Nov, 2017 5 commits


Robbert Krebbers authored

Robbert Krebbers authored

Robbert Krebbers authored

Robbert Krebbers authored

Robbert Krebbers authored

 24 Nov, 2017 3 commits


Robbert Krebbers authored

Robbert Krebbers authored

Ralf Jung authored

 23 Nov, 2017 1 commit


Robbert Krebbers authored

 09 Nov, 2017 3 commits


David Swasey authored
This reverts commit 913059d2.

David Swasey authored

 08 Nov, 2017 3 commits


David Swasey authored

David Swasey authored

David Swasey authored

 05 Nov, 2017 1 commit


Robbert Krebbers authored

 01 Nov, 2017 2 commits


Robbert Krebbers authored
This solves issue #100: the proof mode notation is sometimes not printed. As Ralf discovered, the problem is that there are two overlapping notations: ```coq Notation "P ⊢ Q" := (uPred_entails P Q). ``` And the "proof mode" notation: ``` Notation "Γ '' □ Δ '' ∗ Q" := (of_envs (Envs Γ Δ) ⊢ Q%I). ``` These two notations overlap, so, when having a "proof mode" goal of the shape `of_envs (Envs Γ Δ) ⊢ Q%I`, how do we know which notation is Coq going to pick for pretty printing this goal? As we have seen, this choice depends on the import order (since both notations appear in different files), and as such, Coq sometimes (unintendedly) uses the first notation instead of the latter. The idea of this commit is to wrap `of_envs (Envs Γ Δ) ⊢ Q%I` into a definition so that there is no ambiguity for the pretty printer anymore.

Robbert Krebbers authored
This class, in combination with `TCForall`, turns out the useful in LambdaRust to express that lists of expressions are values.

 25 Sep, 2017 10 commits


Robbert Krebbers authored

Robbert Krebbers authored

Robbert Krebbers authored
This problem has been reported by Léon Gondelman. Before, when using, for example wp_alloc, in an expression like: ref (ref v) It would apply `tac_wp_alloc` to the outermost ref, after which it fails to establish that the argument `ref v` is a value. In this commit, other evaluation positions will be tried whenever it turn out that the argument of the construct is not a value. The same applies to store/cas/... I have implemented this by making use of the new `IntoVal` class.

Dan Frumin authored

Dan Frumin authored

Dan Frumin authored
This way `IntoLaterNEnvs` is ought to be computed less frequently

Dan Frumin authored

Robbert Krebbers authored
The tactic was doing something weird and only once used.

Robbert Krebbers authored
 Get rid of wp_finish, which was a hack.  Write the wp_ tactics for stateful steps in the same style as wp_pure, i.e. by taking the context into account.  Make use of the context K in wp_pure.

Dan Frumin authored
Instead of writing a separate tactic lemma for each pure reduction, there is a single tactic lemma for performing all of them. The instances of PureExec can be shared between WP tactics and, e.g. symbolic execution in the ghost threadpool

 09 Sep, 2017 1 commit


Robbert Krebbers authored

 28 Aug, 2017 1 commit


Robbert Krebbers authored
We now first iPoseProof the lemma and instantiate its premises before trying to search for the subterm where to apply. As a result, instantiation of the premises of the applied lemmas happens only once, instead of it being done for each subterm as obtained by reshape_expr.

 20 Jan, 2017 1 commit


Robbert Krebbers authored
wp_apply often results in an of_val that should be simplified.

 05 Jan, 2017 1 commit


Ralf Jung authored

 03 Jan, 2017 1 commit


Ralf Jung authored
This patch was created using find name *.v  xargs L 1 awk i inplace '{from = 0} /^From/{ from = 1; ever_from = 1} { if (from == 0 && seen == 0 && ever_from == 1) { print "Set Default Proof Using \"Type*\"."; seen = 1 } }1 ' and some minor manual editing

 12 Dec, 2016 2 commits


Robbert Krebbers authored
Also:  Remove the wp_strip_later hack.  Let wp_lam, wp_rec, wp_... initiate the proof mode.

Robbert Krebbers authored
I also renamed `iProof` into `iStartProof`, as it is supposed to be something internal, and not a substitute of Coq's `Proof` command (as originally intended).
