Commit 3dc789f2 authored by Ralf Jung's avatar Ralf Jung
Browse files

document some heap_lang design choices

parent 4ec14182
...@@ -12,8 +12,14 @@ Set Default Proof Using "Type". ...@@ -12,8 +12,14 @@ Set Default Proof Using "Type".
[b] are evaluated. With left-to-right evaluation, that triple is basically [b] are evaluated. With left-to-right evaluation, that triple is basically
useless the user let-expands [b]. useless the user let-expands [b].
*) - For prophecy variables, we annotate the reduction steps with an "observation"
and tweak adequacy such that WP knows all future observations. There is
another possible choice: Use non-deterministic choice when creating a prophecy
variable ([NewProph]), and when resolving it ([ResolveProph]) make the
program diverge unless the variable matches. That, however, requires an
erasure proof that this endless loop does not make specifications useless.
*)
Delimit Scope expr_scope with E. Delimit Scope expr_scope with E.
Delimit Scope val_scope with V. Delimit Scope val_scope with V.
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment