1. 13 Sep, 2019 1 commit
    • Jacques-Henri Jourdan's avatar
      Reorder Requires so that we do not depend of Export bugs. · 43a1a90f
      Jacques-Henri Jourdan authored
      The general idea is to first import/export modules which are further
      than the current one, and then import/export modules which are close
      dependencies.
      
      This commit tries to use the same order of imports for every file, and
      describes the convention in ProofGuide.md. There is one exception,
      where we do not follow said convention: in program_logic/weakestpre.v,
      using that order would break printing of texan triples (??).
      43a1a90f
  2. 05 Mar, 2019 1 commit
  3. 20 Feb, 2019 1 commit
  4. 24 Jan, 2019 1 commit
  5. 11 Jan, 2019 1 commit
  6. 03 May, 2018 1 commit
  7. 02 May, 2018 1 commit
    • Ralf Jung's avatar
      Add support for ElimInv to introduce a binder from the accessor · b2711d60
      Ralf Jung authored
      If the accessor introduces a binder, the first Coq-level intro pattern of `iInv`
      is used for that binder unless the type of the binder is unit, in which case
      `iInv` removes it completely.  Binders on the closing view shift are not (yet)
      supported as they are harder to smoothly eliminate in the unit case.
      b2711d60
  8. 26 Apr, 2018 1 commit
  9. 25 Apr, 2018 2 commits
  10. 04 Apr, 2018 1 commit
  11. 03 Apr, 2018 2 commits
  12. 05 Mar, 2018 1 commit
  13. 01 Mar, 2018 3 commits
  14. 23 Feb, 2018 4 commits
  15. 21 Feb, 2018 1 commit
  16. 24 Jan, 2018 1 commit
  17. 11 Dec, 2017 1 commit
  18. 13 Nov, 2017 1 commit
    • Robbert Krebbers's avatar
      Improved treatment of anonymous hypotheses in the proof mode. · bb3584e7
      Robbert Krebbers authored
      The proof mode now explicitly keeps track of anonymous hypotheses (i.e.
      hypotheses that are introduced by the introduction pattern `?`). Consider:
      
        Lemma foo {M} (P Q R : uPred M) : P -∗ (Q ∗ R) -∗ Q ∗ P.
        Proof. iIntros "? [H ?]". iFrame "H". iFrame. Qed.
      
      After the `iIntros`, the goal will be:
      
        _ : P
        "H" : Q
        _ : R
        --------------------------------------∗
        Q ∗ P
      
      Anonymous hypotheses are displayed in a special way (`_ : P`). An important
      property of the new anonymous hypotheses is that it is no longer possible to
      refer to them by name, whereas before, anonymous hypotheses were given some
      arbitrary fresh name (typically prefixed by `~`).
      
      Note tactics can still operate on these anonymous hypotheses. For example, both
      `iFrame` and `iAssumption`, as well as the symbolic execution tactics, will
      use them. The only thing that is not possible is to refer to them yourself,
      for example, in an introduction, specialization or selection pattern.
      
      Advantages of the new approach:
      
      - Proofs become more robust as one cannot accidentally refer to anonymous
        hypotheses by their fresh name.
      - Fresh name generation becomes considerably easier. Since anonymous hypotheses
        are internally represented by natural numbers (of type `N`), we can just fold
        over the hypotheses and take the max plus one. This thus solve issue #101.
      bb3584e7
  19. 30 Oct, 2017 2 commits
  20. 25 Oct, 2017 2 commits
  21. 26 Sep, 2017 1 commit
    • Robbert Krebbers's avatar
      Fix issue #98. · e17ac4ad
      Robbert Krebbers authored
      We used to normalize the goal, and then checked whether it was of
      a certain shape. Since `uPred_valid P` normalized to `True ⊢ P`,
      there was no way of making a distinction between the two, hence
      `True ⊢ P` was treated as `uPred_valid P`.
      
      In this commit, I use type classes to check whether the goal is of
      a certain shape. Since we declared `uPred_valid` as `Typeclasses
      Opaque`, we can now make a distinction between `True ⊢ P` and
      `uPred_valid P`.
      e17ac4ad
  22. 17 Sep, 2017 1 commit
  23. 22 Mar, 2017 1 commit
  24. 11 Jan, 2017 1 commit
  25. 05 Jan, 2017 2 commits
  26. 04 Jan, 2017 1 commit
  27. 03 Jan, 2017 1 commit
  28. 09 Dec, 2016 1 commit
  29. 22 Nov, 2016 2 commits
    • Robbert Krebbers's avatar
      Make nclose an explicit coercion. · 274209c2
      Robbert Krebbers authored
      We do this by introducing a type class UpClose with notation ↑.
      
      The reason for this change is as follows: since `nclose : namespace
      → coPset` is declared as a coercion, the notation `nclose N ⊆ E` was
      pretty printed as `N ⊆ E`. However, `N ⊆ E` could not be typechecked
      because type checking goes from left to right, and as such would look
      for an instance `SubsetEq namespace`, which causes the right hand side
      to be ill-typed.
      274209c2
    • Ralf Jung's avatar
      new notation for pure assertions · 99cbb525
      Ralf Jung authored
      99cbb525