Preserve identifiers in binders where possible, analogous to the support
for destructing existentials in !479.

Fixes #336.

Tej Chajed authored Jul 21, 2020 and Robbert Krebbers committed Jul 21, 2020

When running `iDestruct "H" as (?) "H"`, use the name of the binder in
"H". For example, if "H" has type `∃ y, Φ y`,  we now use `y` as the
name of the variable after freshening. Previously the name was always
the equivalent of running `fresh H`.

The implementation achieves this by forwarding the desired identifier
name through the `IntoExist` typeclass. Identifiers are serialized in
Gallina by using them as the name of a function of type `ident_name :=
unit -> unit`.

Fixes #325.

Also added a tests for the various `iSpecialize` error cases involving
the `[%]` and `[//]` specialization patterns.

Fixes #307.

Notably this support relies on string to identifier conversion, which
works natively using Ltac2 in Coq 8.11+ and with a plugin
(https://github.com/ppedrot/coq-string-ident) in Coq 8.10. To use it,
you must replace intro_patterns.string_to_ident_hook with a real
implementation; see https://gitlab.mpi-sws.org/iris/string-ident for a
working implementation that works with Coq 8.11 (using Ltac2).

The syntax is %H (within a string intro pattern). This is technically
backwards-incompatible, because this was previously supported and parsed
as % and H separately. To restore the old behavior, separate with a
space, eg [% H].

- The error messages were wrong: the goal needs to be absorbing, not the hypothesis.
- The wrong failure number was used in `iAssumption`, which caused the error not
  to be propagated properly.

It was already marked as deprecated in `doc/proof_mode.md`.

- Rename `IPureElim` -> `iPure`, `IAlwaysElim` -> `IIntuitionistic`
- Drop `IAlwaysIntro` (it's just `IModalIntro`).

Make handling of `AddModal` in `tac_specialize_frame` consistent with that in `tac_specialize_assert`.

The result of `iSpecialize ("H" with "[H1 .. Hn]")` was always put in the
spatial context. This commit strenghtens this tactic by putting the result
in the intuitionistic context if the following conditions hold:

1. The hypothesis `H` is persistent.
2. All the hypotheses `H1 .. Hn` are intuitionistic (or similarly, in case
   `[-H1 .. Hn]` is used, if all remaining hypotheses are intuitionistic).
3. If the pattern `[> ..]` for adding a modality is not used.

Paolo G. Giarrusso authored Nov 22, 2019 and Robbert Krebbers committed Nov 22, 2019

When proving `foo` through a fixpoint, Coq's guardedness checker needs to see to
which arguments `foo` is applied. Opaque lemmas applied to `foo` itself prevent
that, so make them transparent.
* Make `IntoEmpValid` lemmas transparent.
* Expose application of `IntoEmpValid` instance to its argument.
* Add comment to `tac_pose_proof`

This MR brings back the type of `tac_pose_proof` to the one it had before !329.
Hence, this seems worth a comment.

Also, rewrite `iIntoEmpValid`. Now, instead of using Ltac to traverse
the type of the term and generate goals for the premises, we repeatedly
apply a series of lemmas. This has the advantage that it works up to
convertability, and we no longer need the `eval ...` hacks.

Fix issue pointed out by @tchajed in iris/iris!330 (comment 41322)

The general idea is to first import/export modules which are further
than the current one, and then import/export modules which are close
dependencies.

This commit tries to use the same order of imports for every file, and
describes the convention in ProofGuide.md. There is one exception,
where we do not follow said convention: in program_logic/weakestpre.v,
using that order would break printing of texan triples (??).

This commit closes issue #265.

Based on @Blaisorblade's suggestion.