 05 Mar, 2019 1 commit


Ralf Jung authored

 29 Oct, 2018 2 commits


JacquesHenri Jourdan authored

JacquesHenri Jourdan authored
We add a specific constructor to the type of expressions for injecting values in expressions. The advantage are :  Values can be assumed to be always closed when performing substitutions (even though they could contain free variables, but it turns out it does not cause any problem in the proofs in practice). This means that we no longer need the `Closed` typeclass and everything that comes with it (all the reflectionbased machinery contained in tactics.v is no longer necessary). I have not measured anything, but I guess this would have a significant performance impact.  There is only one constructor for values. As a result, the AsVal and IntoVal typeclasses are no longer necessary: an expression which is a value will always unify with `Val _`, and therefore lemmas can be stated using this constructor. Of course, this means that there are two ways of writing such a thing as "The pair of integers 1 and 2": Either by using the value constructor applied to the pair represented as a value, or by using the expression pair constructor. So we add reduction rules that transform reduced pair, injection and closure expressions into values. At first, this seems weird, because of the redundancy. But in fact, this has some meaning, since the machine migth actually be doing something to e.g., allocate the pair or the closure. These additional steps of computation show up in the proofs, and some additional wp_* tactics need to be called.

 03 Jul, 2018 1 commit


Ralf Jung authored
With a pretty proof by Robbert

 01 Jun, 2018 2 commits


Ralf Jung authored

Robbert Krebbers authored

 17 May, 2018 1 commit


Ralf Jung authored
move test suite out of theories/ so it does not get installed; also check output of test suite so that we can test printing

 07 Dec, 2017 1 commit


Ralf Jung authored

 05 Dec, 2017 1 commit


Ralf Jung authored

 09 Nov, 2017 3 commits


David Swasey authored
This reverts commit 913059d2.

David Swasey authored
I saw no need for `stuckness_flip`: strong atomicity always works, while weak atomicity works only for expressions that are not stuck. Since this seemed unclear, I split lemma `wp_atomic'` up into `wp_strong_atomic` (parametric in the WP's `s`) and `wp_weak_atomic` (not). The proof mode instance is stated in terms of the derived rule `wp_atomic` (parametric in `s`).

 08 Nov, 2017 2 commits


David Swasey authored

David Swasey authored

 04 Nov, 2017 1 commit


Robbert Krebbers authored

 25 Oct, 2017 3 commits


Robbert Krebbers authored

Robbert Krebbers authored

Robbert Krebbers authored
Rename `UCMRA` → `Ucmra` Rename `CMRA` → `Cmra` Rename `OFE` → `Ofe` (`Ofe` was already used partially, but many occurences were missing) Rename `STS` → `Sts` Rename `DRA` → `Dra`

 17 Sep, 2017 1 commit


Robbert Krebbers authored
For obsolete reasons, that no longer seem to apply, we used ∅ as the unit.

 09 Feb, 2017 1 commit


Robbert Krebbers authored

 17 Jan, 2017 1 commit


Robbert Krebbers authored
