GitLab

The performance gain seems neglectable, unfortunatelly...

This better seals off their definition. Although it did not give
much of a speedup, I think it is conceptually nicer.

This avoids ambiguity with P and Q that we were using before for both
uPreds/iProps and indexed uPreds/iProps.

It is doing much more than just dealing with ∈, it solves all kinds
of goals involving set operations (including ≡ and ⊆).

simplify_equality        => simplify_eq
simplify_equality'       => simplify_eq/=
simplify_map_equality    => simplify_map_eq
simplify_map_equality'   => simplify_map_eq/=
simplify_option_equality => simplify_option_eq
simplify_list_equality   => simplify_list_eq
f_equal'                 => f_equal/=

The /= suffixes (meaning: do simpl) are inspired by ssreflect.

Also, make our redefinition of done more robust under different
orders of Importing modules.

The rationale is that, just like the always lemmas about uPred and the frame-preserving updates for maps and iprdos, the versions with the ' are the "more specific" versions, hard-coding more assumptions in the shape of their conclusion.

Also do some minor clean up.

Introduce the notion of "Frame Shift Assertions", and use to prove the rules about inv and auth at once for pvs and wp

Yeah, the name is horrible... but on the plus side, I think it should be possible to show that atomic triples and atomic shifts are also frame shift assertions, and then we get all this stuff for them for free.

This way we avoid many one-off indexes and no longer need special cases for
index 0 in many definitions. For example, the definition of the distance
relation on option and excl has become much easier. Also, uPreds no longer need
to hold at index 0.

In order to make this change possible, we had to change the notions of
"contractive functions" and "chains" slightly.

Thanks to Aleš Bizjak and Amin Timany for suggesting this change and to help
with the proofs.

Notable changes:
* I am now using the same names for the fields of the language record and the
  instances in heap_lang. In order to deal with shadowing, I have put all
  definitions in heap_lang.v in a module.
* Instead of defining evaluation contexts recursively, these are now defined
  using lists. This way we can easily reuse operations on lists. For example,
  composition of evaluation contexts is just appending lists. Also, it allowed
  me to simplify the rather complicated proof of step_by_val as induction on
  the shape of contexts no longer results in a blow-up of the number of cases.
* Use better automation to prove all lemmas of heap_lang.
* I have introduced tactics to invert steps and to do steps. These tactics
  greatly helped simplifying boring parts of lifting lemmas.

This way we can more easily state lemmas for concrete languages for
arbitrary global functors.

Instead, we have just a construction to create a CMRA from a RA. This
construction is also slightly generalized, it now works for RAs over any
timeless COFE instead of just the discrete COFE.

Also:
* Put tactics and big_ops for CMRAs in a separate file.
* Valid is now a derived notion (as the limit of validN), so it does not have
  to be defined by hand for each CMRA.

Todo:
Make the constructions DRA -> CMRA and RA -> CMRA more uniform.