- 01 Nov, 2017 2 commits
-
-
Robbert Krebbers authored
This class, in combination with `TCForall`, turns out the useful in LambdaRust to express that lists of expressions are values.
-
Robbert Krebbers authored
-
- 04 Oct, 2017 2 commits
-
-
Robbert Krebbers authored
-
Robbert Krebbers authored
-
- 26 Sep, 2017 1 commit
-
-
Robbert Krebbers authored
We used to normalize the goal, and then checked whether it was of a certain shape. Since `uPred_valid P` normalized to `True ⊢ P`, there was no way of making a distinction between the two, hence `True ⊢ P` was treated as `uPred_valid P`. In this commit, I use type classes to check whether the goal is of a certain shape. Since we declared `uPred_valid` as `Typeclasses Opaque`, we can now make a distinction between `True ⊢ P` and `uPred_valid P`.
-
- 25 Sep, 2017 4 commits
-
-
Dan Frumin authored -
Dan Frumin authored
-
Dan Frumin authored
-
Dan Frumin authored
Instead of writing a separate tactic lemma for each pure reduction, there is a single tactic lemma for performing all of them. The instances of PureExec can be shared between WP tactics and, e.g. symbolic execution in the ghost threadpool
-
- 24 Mar, 2017 1 commit
-
-
Robbert Krebbers authored
-
- 09 Mar, 2017 1 commit
-
-
Ralf Jung authored
-
- 06 Feb, 2017 1 commit
-
-
Ralf Jung authored
-
- 05 Jan, 2017 1 commit
-
-
Ralf Jung authored
-
- 03 Jan, 2017 1 commit
-
-
Ralf Jung authored
This patch was created using find -name *.v | xargs -L 1 awk -i inplace '{from = 0} /^From/{ from = 1; ever_from = 1} { if (from == 0 && seen == 0 && ever_from == 1) { print "Set Default Proof Using \"Type*\"."; seen = 1 } }1 ' and some minor manual editing
-
- 22 Dec, 2016 1 commit
-
-
Ralf Jung authored
-
- 20 Dec, 2016 1 commit
-
-
Ralf Jung authored
-
- 12 Dec, 2016 1 commit
-
-
Ralf Jung authored
-
- 09 Dec, 2016 6 commits
-
-
Ralf Jung authored
-
Ralf Jung authored
Really, *all* of our files contain proof rules
-
Robbert Krebbers authored
-
Robbert Krebbers authored
-
Robbert Krebbers authored
-
Robbert Krebbers authored
The WP construction now takes an invariant on states as a parameter (part of the irisG class) and no longer builds in the authoritative ownership of the entire state. When instantiating WP with a concrete language on can choose its state invariant. For example, for heap_lang we directly use `auth (gmap loc (frac * dec_agree val))`, and avoid the indirection through invariants entirely. As a result, we no longer have to carry `heap_ctx` around.
-
- 08 Dec, 2016 2 commits
- 06 Dec, 2016 3 commits
-
-
Robbert Krebbers authored
-
Ralf Jung authored
-
Ralf Jung authored
-
- 22 Nov, 2016 1 commit
-
-
Ralf Jung authored
-
- 08 Nov, 2016 1 commit
-
-
Robbert Krebbers authored
-
- 03 Nov, 2016 1 commit
-
-
Robbert Krebbers authored
The old choice for ★ was a arbitrary: the precedence of the ASCII asterisk * was fixed at a wrong level in Coq, so we had to pick another symbol. The ★ was a random choice from a unicode chart. The new symbol ∗ (as proposed by David Swasey) corresponds better to conventional practise and matches the symbol we use on paper.
-
- 01 Nov, 2016 3 commits
- 28 Oct, 2016 1 commit
-
-
Robbert Krebbers authored
-
- 25 Oct, 2016 1 commit
-
-
Robbert Krebbers authored
And also rename the corresponding proof mode tactics.
-
- 16 Oct, 2016 1 commit
-
-
Jacques-Henri Jourdan authored
This fact is deduced from reducibility. Unfortunately, this sometimes depends on the type of states being inhabited, so that this additional hypothesis sometimes appear.
-
- 12 Oct, 2016 1 commit
-
-
Ralf Jung authored
rename program_logic.{ownership -> wsat}. It really is about world satisfaction and invariants more than about ownership.
-
- 05 Oct, 2016 1 commit
-
-
Robbert Krebbers authored
-
- 30 Aug, 2016 1 commit
-
-
Robbert Krebbers authored
-
