diff --git a/CHANGELOG.md b/CHANGELOG.md
index fcf3fe79a1ec3519a288c2db638d26c283b7371b..2ad4c79049417177c77fc533d1b1c5c03e95d29a 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -19,6 +19,9 @@ Coq development, but not every API-breaking change is listed. Changes marked
* Renaming and moving things around: uPred and the rest of the base logic are
in `base_logic`, while `program_logic` is for everything involving the
general Iris notion of a language.
+* Changed notation for embedding Coq assertions into Iris. The new notation
+ is ⌜φâŒ. Also removed `=` and `⊥` from the Iris scope.
+ (The old notations are provided in `base_logic.deprecated`.)
* With invariants and the physical state being handled in the logic, there
is no longer any reason to demand the CMRA unit to be discrete.
* The language can now fork off multiple threads at once.
diff --git a/_CoqProject b/_CoqProject
index 419e8982165db35e68851f2430f61ca38b03f356..2def8bf45928256ba05e84333c694af0c032892b 100644
--- a/_CoqProject
+++ b/_CoqProject
@@ -68,6 +68,7 @@ base_logic/big_op.v
base_logic/hlist.v
base_logic/soundness.v
base_logic/double_negation.v
+base_logic/deprecated.v
base_logic/lib/iprop.v
base_logic/lib/own.v
base_logic/lib/saved_prop.v
diff --git a/base_logic/big_op.v b/base_logic/big_op.v
index 5ac30fc76e235916ebd900675e70c7afd082aaab..be9ae4df854446d2b7b6963d8a3d301e62043a33 100644
--- a/base_logic/big_op.v
+++ b/base_logic/big_op.v
@@ -252,7 +252,7 @@ Section list.
Lemma big_sepL_forall Φ l :
(∀ k x, PersistentP (Φ k x)) →
- ([∗ list] k↦x ∈ l, Φ k x) ⊣⊢ (∀ k x, l !! k = Some x → Φ k x).
+ ([∗ list] k↦x ∈ l, Φ k x) ⊣⊢ (∀ k x, ⌜l !! k = Some x⌠→ Φ k x).
Proof.
intros HΦ. apply (anti_symm _).
{ apply forall_intro=> k; apply forall_intro=> x.
@@ -265,7 +265,7 @@ Section list.
Qed.
Lemma big_sepL_impl Φ Ψ l :
- □ (∀ k x, l !! k = Some x → Φ k x → Ψ k x) ∧ ([∗ list] k↦x ∈ l, Φ k x)
+ □ (∀ k x, ⌜l !! k = Some x⌠→ Φ k x → Ψ k x) ∧ ([∗ list] k↦x ∈ l, Φ k x)
⊢ [∗ list] k↦x ∈ l, Ψ k x.
Proof.
rewrite always_and_sep_l. do 2 setoid_rewrite always_forall.
@@ -376,7 +376,7 @@ Section gmap.
Lemma big_sepM_forall Φ m :
(∀ k x, PersistentP (Φ k x)) →
- ([∗ map] k↦x ∈ m, Φ k x) ⊣⊢ (∀ k x, m !! k = Some x → Φ k x).
+ ([∗ map] k↦x ∈ m, Φ k x) ⊣⊢ (∀ k x, ⌜m !! k = Some x⌠→ Φ k x).
Proof.
intros. apply (anti_symm _).
{ apply forall_intro=> k; apply forall_intro=> x.
@@ -392,7 +392,7 @@ Section gmap.
Qed.
Lemma big_sepM_impl Φ Ψ m :
- □ (∀ k x, m !! k = Some x → Φ k x → Ψ k x) ∧ ([∗ map] k↦x ∈ m, Φ k x)
+ □ (∀ k x, ⌜m !! k = Some x⌠→ Φ k x → Ψ k x) ∧ ([∗ map] k↦x ∈ m, Φ k x)
⊢ [∗ map] k↦x ∈ m, Ψ k x.
Proof.
rewrite always_and_sep_l. do 2 setoid_rewrite always_forall.
@@ -473,7 +473,7 @@ Section gset.
Proof. apply: big_opS_singleton. Qed.
Lemma big_sepS_filter (P : A → Prop) `{∀ x, Decision (P x)} Φ X :
- ([∗ set] y ∈ filter P X, Φ y) ⊣⊢ ([∗ set] y ∈ X, ■P y → Φ y).
+ ([∗ set] y ∈ filter P X, Φ y) ⊣⊢ ([∗ set] y ∈ X, ⌜P y⌠→ Φ y).
Proof.
induction X as [|x X ? IH] using collection_ind_L.
{ by rewrite filter_empty_L !big_sepS_empty. }
@@ -500,7 +500,7 @@ Section gset.
Proof. apply (big_opS_commute _). Qed.
Lemma big_sepS_forall Φ X :
- (∀ x, PersistentP (Φ x)) → ([∗ set] x ∈ X, Φ x) ⊣⊢ (∀ x, ■(x ∈ X) → Φ x).
+ (∀ x, PersistentP (Φ x)) → ([∗ set] x ∈ X, Φ x) ⊣⊢ (∀ x, ⌜x ∈ X⌠→ Φ x).
Proof.
intros. apply (anti_symm _).
{ apply forall_intro=> x.
@@ -514,7 +514,7 @@ Section gset.
Qed.
Lemma big_sepS_impl Φ Ψ X :
- □ (∀ x, ■(x ∈ X) → Φ x → Ψ x) ∧ ([∗ set] x ∈ X, Φ x) ⊢ [∗ set] x ∈ X, Ψ x.
+ □ (∀ x, ⌜x ∈ X⌠→ Φ x → Ψ x) ∧ ([∗ set] x ∈ X, Φ x) ⊢ [∗ set] x ∈ X, Ψ x.
Proof.
rewrite always_and_sep_l always_forall.
setoid_rewrite always_impl; setoid_rewrite always_pure.
diff --git a/base_logic/deprecated.v b/base_logic/deprecated.v
new file mode 100644
index 0000000000000000000000000000000000000000..01ac005776b55ffc2a947e9a4ffe2bac17b9b9ce
--- /dev/null
+++ b/base_logic/deprecated.v
@@ -0,0 +1,11 @@
+From iris.base_logic Require Import primitive.
+
+(* Deprecated 2016-11-22. Use ⌜φ⌠instead. *)
+Notation "■φ" := (uPred_pure φ%C%type)
+ (at level 20, right associativity, only parsing) : uPred_scope.
+
+(* Deprecated 2016-11-22. Use ⌜x = y⌠instead. *)
+Notation "x = y" := (uPred_pure (x%C%type = y%C%type)) (only parsing) : uPred_scope.
+
+(* Deprecated 2016-11-22. Use ⌜x ⊥ y ⌠instead. *)
+Notation "x ⊥ y" := (uPred_pure (x%C%type ⊥ y%C%type)) (only parsing) : uPred_scope.
diff --git a/base_logic/derived.v b/base_logic/derived.v
index b822512b4897c48ff6a9e73718a3613d92a98137..0f4de13f4355ab08f2a44fe2b0d19e49d5c1f703 100644
--- a/base_logic/derived.v
+++ b/base_logic/derived.v
@@ -212,53 +212,53 @@ Proof.
- apply or_elim; apply exist_elim=> a; rewrite -(exist_intro a); auto.
Qed.
-Lemma pure_mono φ1 φ2 : (φ1 → φ2) → ■φ1 ⊢ ■φ2.
+Lemma pure_mono φ1 φ2 : (φ1 → φ2) → ⌜φ1⌠⊢ ⌜φ2âŒ.
Proof. intros; apply pure_elim with φ1; eauto. Qed.
Global Instance pure_mono' : Proper (impl ==> (⊢)) (@uPred_pure M).
Proof. intros φ1 φ2; apply pure_mono. Qed.
-Lemma pure_iff φ1 φ2 : (φ1 ↔ φ2) → ■φ1 ⊣⊢ ■φ2.
+Lemma pure_iff φ1 φ2 : (φ1 ↔ φ2) → ⌜φ1⌠⊣⊢ ⌜φ2âŒ.
Proof. intros [??]; apply (anti_symm _); auto using pure_mono. Qed.
-Lemma pure_intro_l φ Q R : φ → (■φ ∧ Q ⊢ R) → Q ⊢ R.
+Lemma pure_intro_l φ Q R : φ → (⌜φ⌠∧ Q ⊢ R) → Q ⊢ R.
Proof. intros ? <-; auto using pure_intro. Qed.
-Lemma pure_intro_r φ Q R : φ → (Q ∧ ■φ ⊢ R) → Q ⊢ R.
+Lemma pure_intro_r φ Q R : φ → (Q ∧ ⌜φ⌠⊢ R) → Q ⊢ R.
Proof. intros ? <-; auto. Qed.
-Lemma pure_intro_impl φ Q R : φ → (Q ⊢ ■φ → R) → Q ⊢ R.
+Lemma pure_intro_impl φ Q R : φ → (Q ⊢ ⌜φ⌠→ R) → Q ⊢ R.
Proof. intros ? ->. eauto using pure_intro_l, impl_elim_r. Qed.
-Lemma pure_elim_l φ Q R : (φ → Q ⊢ R) → ■φ ∧ Q ⊢ R.
+Lemma pure_elim_l φ Q R : (φ → Q ⊢ R) → ⌜φ⌠∧ Q ⊢ R.
Proof. intros; apply pure_elim with φ; eauto. Qed.
-Lemma pure_elim_r φ Q R : (φ → Q ⊢ R) → Q ∧ ■φ ⊢ R.
+Lemma pure_elim_r φ Q R : (φ → Q ⊢ R) → Q ∧ ⌜φ⌠⊢ R.
Proof. intros; apply pure_elim with φ; eauto. Qed.
-Lemma pure_True (φ : Prop) : φ → ■φ ⊣⊢ True.
+Lemma pure_True (φ : Prop) : φ → ⌜φ⌠⊣⊢ True.
Proof. intros; apply (anti_symm _); auto. Qed.
-Lemma pure_False (φ : Prop) : ¬φ → ■φ ⊣⊢ False.
+Lemma pure_False (φ : Prop) : ¬φ → ⌜φ⌠⊣⊢ False.
Proof. intros; apply (anti_symm _); eauto using pure_elim. Qed.
-Lemma pure_and φ1 φ2 : ■(φ1 ∧ φ2) ⊣⊢ ■φ1 ∧ ■φ2.
+Lemma pure_and φ1 φ2 : ⌜φ1 ∧ φ2⌠⊣⊢ ⌜φ1⌠∧ ⌜φ2âŒ.
Proof.
apply (anti_symm _).
- eapply pure_elim=> // -[??]; auto.
- eapply (pure_elim φ1); [auto|]=> ?. eapply (pure_elim φ2); auto.
Qed.
-Lemma pure_or φ1 φ2 : ■(φ1 ∨ φ2) ⊣⊢ ■φ1 ∨ ■φ2.
+Lemma pure_or φ1 φ2 : ⌜φ1 ∨ φ2⌠⊣⊢ ⌜φ1⌠∨ ⌜φ2âŒ.
Proof.
apply (anti_symm _).
- eapply pure_elim=> // -[?|?]; auto.
- apply or_elim; eapply pure_elim; eauto.
Qed.
-Lemma pure_impl φ1 φ2 : ■(φ1 → φ2) ⊣⊢ (■φ1 → ■φ2).
+Lemma pure_impl φ1 φ2 : ⌜φ1 → φ2⌠⊣⊢ (⌜φ1⌠→ ⌜φ2âŒ).
Proof.
apply (anti_symm _).
- apply impl_intro_l. rewrite -pure_and. apply pure_mono. naive_solver.
- rewrite -pure_forall_2. apply forall_intro=> ?.
by rewrite -(left_id True uPred_and (_→_))%I (pure_True φ1) // impl_elim_r.
Qed.
-Lemma pure_forall {A} (φ : A → Prop) : ■(∀ x, φ x) ⊣⊢ ∀ x, ■φ x.
+Lemma pure_forall {A} (φ : A → Prop) : ⌜∀ x, φ x⌠⊣⊢ ∀ x, ⌜φ xâŒ.
Proof.
apply (anti_symm _); auto using pure_forall_2.
apply forall_intro=> x. eauto using pure_mono.
Qed.
-Lemma pure_exist {A} (φ : A → Prop) : ■(∃ x, φ x) ⊣⊢ ∃ x, ■φ x.
+Lemma pure_exist {A} (φ : A → Prop) : ⌜∃ x, φ x⌠⊣⊢ ∃ x, ⌜φ xâŒ.
Proof.
apply (anti_symm _).
- eapply pure_elim=> // -[x ?]. rewrite -(exist_intro x); auto.
@@ -273,13 +273,13 @@ Proof. by intros ->. Qed.
Lemma internal_eq_sym {A : ofeT} (a b : A) : a ≡ b ⊢ b ≡ a.
Proof. apply (internal_eq_rewrite a b (λ b, b ≡ a)%I); auto. solve_proper. Qed.
-Lemma pure_impl_forall φ P : (■φ → P) ⊣⊢ (∀ _ : φ, P).
+Lemma pure_impl_forall φ P : (⌜φ⌠→ P) ⊣⊢ (∀ _ : φ, P).
Proof.
apply (anti_symm _).
- apply forall_intro=> ?. by rewrite pure_True // left_id.
- apply impl_intro_l, pure_elim_l=> Hφ. by rewrite (forall_elim Hφ).
Qed.
-Lemma pure_alt φ : ■φ ⊣⊢ ∃ _ : φ, True.
+Lemma pure_alt φ : ⌜φ⌠⊣⊢ ∃ _ : φ, True.
Proof.
apply (anti_symm _).
- eapply pure_elim; eauto=> H. rewrite -(exist_intro H); auto.
@@ -406,9 +406,9 @@ Lemma sep_and P Q : (P ∗ Q) ⊢ (P ∧ Q).
Proof. auto. Qed.
Lemma impl_wand P Q : (P → Q) ⊢ P -∗ Q.
Proof. apply wand_intro_r, impl_elim with P; auto. Qed.
-Lemma pure_elim_sep_l φ Q R : (φ → Q ⊢ R) → ■φ ∗ Q ⊢ R.
+Lemma pure_elim_sep_l φ Q R : (φ → Q ⊢ R) → ⌜φ⌠∗ Q ⊢ R.
Proof. intros; apply pure_elim with φ; eauto. Qed.
-Lemma pure_elim_sep_r φ Q R : (φ → Q ⊢ R) → Q ∗ ■φ ⊢ R.
+Lemma pure_elim_sep_r φ Q R : (φ → Q ⊢ R) → Q ∗ ⌜φ⌠⊢ R.
Proof. intros; apply pure_elim with φ; eauto. Qed.
Global Instance sep_False : LeftAbsorb (⊣⊢) False%I (@uPred_sep M).
@@ -452,7 +452,7 @@ Proof. intros P Q; apply always_mono. Qed.
Lemma always_intro' P Q : (□ P ⊢ Q) → □ P ⊢ □ Q.
Proof. intros <-. apply always_idemp. Qed.
-Lemma always_pure φ : □ ■φ ⊣⊢ ■φ.
+Lemma always_pure φ : â–¡ ⌜φ⌠⊣⊢ ⌜φâŒ.
Proof. apply (anti_symm _); auto using always_pure_2. Qed.
Lemma always_forall {A} (Ψ : A → uPred M) : (□ ∀ a, Ψ a) ⊣⊢ (∀ a, □ Ψ a).
Proof.
@@ -560,7 +560,7 @@ Proof. destruct p; simpl; auto using always_elim. Qed.
Lemma always_elim_if p P : □ P ⊢ □?p P.
Proof. destruct p; simpl; auto using always_elim. Qed.
-Lemma always_if_pure p φ : □?p ■φ ⊣⊢ ■φ.
+Lemma always_if_pure p φ : â–¡?p ⌜φ⌠⊣⊢ ⌜φâŒ.
Proof. destruct p; simpl; auto using always_pure. Qed.
Lemma always_if_and p P Q : □?p (P ∧ Q) ⊣⊢ □?p P ∧ □?p Q.
Proof. destruct p; simpl; auto using always_and. Qed.
@@ -663,7 +663,7 @@ Proof.
Qed.
(* Timeless instances *)
-Global Instance pure_timeless φ : TimelessP (■φ : uPred M)%I.
+Global Instance pure_timeless φ : TimelessP (⌜φ⌠: uPred M)%I.
Proof.
rewrite /TimelessP pure_alt later_exist_false. by setoid_rewrite later_True.
Qed.
@@ -725,7 +725,7 @@ Proof.
Qed.
(* Persistence *)
-Global Instance pure_persistent φ : PersistentP (■φ : uPred M)%I.
+Global Instance pure_persistent φ : PersistentP (⌜φ⌠: uPred M)%I.
Proof. by rewrite /PersistentP always_pure. Qed.
Global Instance always_persistent P : PersistentP (â–¡ P).
Proof. by intros; apply always_intro'. Qed.
diff --git a/base_logic/double_negation.v b/base_logic/double_negation.v
index e73d0d078b5527b42375e43f06413deb1f88d96b..52ae21612b3605693fddf51f66caf3250b67a327 100644
--- a/base_logic/double_negation.v
+++ b/base_logic/double_negation.v
@@ -36,7 +36,7 @@ Implicit Types x : M.
Import uPred.
(* Helper lemmas about iterated later modalities *)
-Lemma laterN_big n a x φ: ✓{n} x → a ≤ n → (▷^a (■φ))%I n x → φ.
+Lemma laterN_big n a x φ: ✓{n} x → a ≤ n → (â–·^a ⌜φâŒ)%I n x → φ.
Proof.
induction 2 as [| ?? IHle].
- induction a; repeat (rewrite //= || uPred.unseal).
@@ -46,7 +46,7 @@ Proof.
eapply uPred_closed; eauto using cmra_validN_S.
Qed.
-Lemma laterN_small n a x φ: ✓{n} x → n < a → (▷^a (■φ))%I n x.
+Lemma laterN_small n a x φ: ✓{n} x → n < a → (â–·^a ⌜φâŒ)%I n x.
Proof.
induction 2.
- induction n as [| n IHn]; [| move: IHn];
@@ -85,7 +85,7 @@ Proof.
by rewrite -assoc wand_elim_r wand_elim_l.
Qed.
Lemma nnupd_ownM_updateP x (Φ : M → Prop) :
- x ~~>: Φ → uPred_ownM x =n=> ∃ y, ■Φ y ∧ uPred_ownM y.
+ x ~~>: Φ → uPred_ownM x =n=> ∃ y, ⌜Φ y⌠∧ uPred_ownM y.
Proof.
intros Hbupd. split. rewrite /uPred_nnupd. repeat uPred.unseal.
intros n y ? Hown a.
@@ -306,7 +306,7 @@ End classical.
we establish adequacy without axioms? Unfortunately not, because adequacy for
nnupd would imply double negation elimination, which is classical: *)
-Lemma nnupd_dne φ: True ⊢ (|=n=> (■(¬¬ φ → φ)): uPred M)%I.
+Lemma nnupd_dne φ: True ⊢ (|=n=> ⌜¬¬ φ → φâŒ: uPred M)%I.
Proof.
rewrite /uPred_nnupd. apply forall_intro=>n.
apply wand_intro_l. rewrite ?right_id.
@@ -358,9 +358,9 @@ Proof.
eapply IHn; eauto.
Qed.
-Lemma adequacy φ n : (True ⊢ Nat.iter n (λ P, |=n=> ▷ P) (■φ)) → ¬¬ φ.
+Lemma adequacy φ n : (True ⊢ Nat.iter n (λ P, |=n=> â–· P) ⌜φâŒ) → ¬¬ φ.
Proof.
- cut (∀ x, ✓{S n} x → Nat.iter n (λ P, |=n=> ▷ P)%I (■φ)%I (S n) x → ¬¬φ).
+ cut (∀ x, ✓{S n} x → Nat.iter n (λ P, |=n=> â–· P)%I ⌜φâŒ%I (S n) x → ¬¬φ).
{ intros help H. eapply (help ∅); eauto using ucmra_unit_validN.
eapply H; try unseal; eauto using ucmra_unit_validN. red; rewrite //=. }
destruct n.
diff --git a/base_logic/lib/auth.v b/base_logic/lib/auth.v
index c0dbaff19c5930a7d02abb007d236c0dcc98ff31..30054193777ee2356abffd6e09498ff36b177dbb 100644
--- a/base_logic/lib/auth.v
+++ b/base_logic/lib/auth.v
@@ -92,7 +92,7 @@ Section auth.
Proof. intros a1 a2. apply auth_own_mono. Qed.
Lemma auth_alloc_strong N E t (G : gset gname) :
- ✓ (f t) → ▷ φ t ={E}=∗ ∃ γ, ■(γ ∉ G) ∧ auth_ctx γ N f φ ∧ auth_own γ (f t).
+ ✓ (f t) → ▷ φ t ={E}=∗ ∃ γ, ⌜γ ∉ G⌠∧ auth_ctx γ N f φ ∧ auth_own γ (f t).
Proof.
iIntros (?) "Hφ". rewrite /auth_own /auth_ctx.
iMod (own_alloc_strong (Auth (Excl' (f t)) (f t)) G) as (γ) "[% Hγ]"; first done.
@@ -114,8 +114,8 @@ Section auth.
Lemma auth_acc E γ a :
▷ auth_inv γ f φ ∗ auth_own γ a ={E}=∗ ∃ t,
- ■(a ≼ f t) ∗ ▷ φ t ∗ ∀ u b,
- ■((f t, a) ~l~> (f u, b)) ∗ ▷ φ u ={E}=∗ ▷ auth_inv γ f φ ∗ auth_own γ b.
+ ⌜a ≼ f t⌠∗ ▷ φ t ∗ ∀ u b,
+ ⌜(f t, a) ~l~> (f u, b)⌠∗ ▷ φ u ={E}=∗ ▷ auth_inv γ f φ ∗ auth_own γ b.
Proof.
iIntros "[Hinv Hγf]". rewrite /auth_inv /auth_own.
iDestruct "Hinv" as (t) "[>Hγa Hφ]".
@@ -130,8 +130,8 @@ Section auth.
Lemma auth_open E N γ a :
nclose N ⊆ E →
auth_ctx γ N f φ ∗ auth_own γ a ={E,E∖N}=∗ ∃ t,
- ■(a ≼ f t) ∗ ▷ φ t ∗ ∀ u b,
- ■((f t, a) ~l~> (f u, b)) ∗ ▷ φ u ={E∖N,E}=∗ auth_own γ b.
+ ⌜a ≼ f t⌠∗ ▷ φ t ∗ ∀ u b,
+ ⌜(f t, a) ~l~> (f u, b)⌠∗ ▷ φ u ={E∖N,E}=∗ auth_own γ b.
Proof.
iIntros (?) "[#? Hγf]". rewrite /auth_ctx. iInv N as "Hinv" "Hclose".
(* The following is essentially a very trivial composition of the accessors
diff --git a/base_logic/lib/boxes.v b/base_logic/lib/boxes.v
index 0327ca20bd13e06d4258791a63419c1c5c8b7ab1..cd2f1f8fc336fd54dfde1e83003e418c0501947d 100644
--- a/base_logic/lib/boxes.v
+++ b/base_logic/lib/boxes.v
@@ -55,7 +55,7 @@ Global Instance slice_persistent γ P : PersistentP (slice N γ P).
Proof. apply _. Qed.
Lemma box_own_auth_agree γ b1 b2 :
- box_own_auth γ (◠Excl' b1) ∗ box_own_auth γ (◯ Excl' b2) ⊢ b1 = b2.
+ box_own_auth γ (â— Excl' b1) ∗ box_own_auth γ (â—¯ Excl' b2) ⊢ ⌜b1 = b2âŒ.
Proof.
rewrite /box_own_prop -own_op own_valid prod_validI /= and_elim_l.
by iDestruct 1 as % [[[] [=]%leibniz_equiv] ?]%auth_valid_discrete.
@@ -86,7 +86,7 @@ Proof.
Qed.
Lemma box_insert E f P Q :
- ▷ box N f P ={E}=∗ ∃ γ, f !! γ = None ∗
+ ▷ box N f P ={E}=∗ ∃ γ, ⌜f !! γ = None⌠∗
slice N γ Q ∗ ▷ box N (<[γ:=false]> f) (Q ∗ P).
Proof.
iDestruct 1 as (Φ) "[#HeqP Hf]".
diff --git a/base_logic/lib/fancy_updates.v b/base_logic/lib/fancy_updates.v
index e36059cc4c08c9d1d85757312c78cc8ae49f6e5d..2db972b93352cac1a706246b152681ff2a18009e 100644
--- a/base_logic/lib/fancy_updates.v
+++ b/base_logic/lib/fancy_updates.v
@@ -69,7 +69,7 @@ Proof.
Qed.
Lemma fupd_mask_frame_r' E1 E2 Ef P :
- E1 ⊥ Ef → (|={E1,E2}=> E2 ⊥ Ef → P) ={E1 ∪ Ef,E2 ∪ Ef}=∗ P.
+ E1 ⊥ Ef → (|={E1,E2}=> ⌜E2 ⊥ Ef⌠→ P) ={E1 ∪ Ef,E2 ∪ Ef}=∗ P.
Proof.
intros. rewrite fupd_eq /fupd_def ownE_op //. iIntros "Hvs (Hw & HE1 &HEf)".
iMod ("Hvs" with "[Hw HE1]") as ">($ & HE2 & HP)"; first by iFrame.
diff --git a/base_logic/lib/invariants.v b/base_logic/lib/invariants.v
index 4fd9016fa1256379955df8c8da6cd80b63b01930..14e4fff3123d852eeabc03428f71acab1a487c63 100644
--- a/base_logic/lib/invariants.v
+++ b/base_logic/lib/invariants.v
@@ -6,7 +6,7 @@ Import uPred.
(** Derived forms and lemmas about them. *)
Definition inv_def `{invG Σ} (N : namespace) (P : iProp Σ) : iProp Σ :=
- (∃ i, ■(i ∈ nclose N) ∧ ownI i P)%I.
+ (∃ i, ⌜i ∈ nclose N⌠∧ ownI i P)%I.
Definition inv_aux : { x | x = @inv_def }. by eexists. Qed.
Definition inv {Σ i} := proj1_sig inv_aux Σ i.
Definition inv_eq : @inv = @inv_def := proj2_sig inv_aux.
diff --git a/base_logic/lib/own.v b/base_logic/lib/own.v
index 1e320bcaf1b8f5230118b8b21cc545aa71b623dc..161ec78952eda4be74797330ec7e1a4783876809 100644
--- a/base_logic/lib/own.v
+++ b/base_logic/lib/own.v
@@ -86,10 +86,10 @@ Proof. rewrite !own_eq /own_def; apply _. Qed.
(* TODO: This also holds if we just have ✓ a at the current step-idx, as Iris
assertion. However, the map_updateP_alloc does not suffice to show this. *)
Lemma own_alloc_strong a (G : gset gname) :
- ✓ a → True ==∗ ∃ γ, ■(γ ∉ G) ∧ own γ a.
+ ✓ a → True ==∗ ∃ γ, ⌜γ ∉ G⌠∧ own γ a.
Proof.
intros Ha.
- rewrite -(bupd_mono (∃ m, ■(∃ γ, γ ∉ G ∧ m = iRes_singleton γ a) ∧ uPred_ownM m)%I).
+ rewrite -(bupd_mono (∃ m, ⌜∃ γ, γ ∉ G ∧ m = iRes_singleton γ a⌠∧ uPred_ownM m)%I).
- rewrite ownM_empty.
eapply bupd_ownM_updateP, (iprod_singleton_updateP_empty (inG_id _));
first (eapply alloc_updateP_strong', cmra_transport_valid, Ha);
@@ -104,10 +104,10 @@ Proof.
Qed.
(** ** Frame preserving updates *)
-Lemma own_updateP P γ a : a ~~>: P → own γ a ==∗ ∃ a', ■P a' ∧ own γ a'.
+Lemma own_updateP P γ a : a ~~>: P → own γ a ==∗ ∃ a', ⌜P a'⌠∧ own γ a'.
Proof.
intros Ha. rewrite !own_eq.
- rewrite -(bupd_mono (∃ m, ■(∃ a', m = iRes_singleton γ a' ∧ P a') ∧ uPred_ownM m)%I).
+ rewrite -(bupd_mono (∃ m, ⌜∃ a', m = iRes_singleton γ a' ∧ P a'⌠∧ uPred_ownM m)%I).
- eapply bupd_ownM_updateP, iprod_singleton_updateP;
first by (eapply singleton_updateP', cmra_transport_updateP', Ha).
naive_solver.
diff --git a/base_logic/lib/saved_prop.v b/base_logic/lib/saved_prop.v
index 533fd52e2bc97a43f6caec84ed3f2fd0dfe65a9f..a61912f876c630784fe22b4a5db17771db6ad1f4 100644
--- a/base_logic/lib/saved_prop.v
+++ b/base_logic/lib/saved_prop.v
@@ -26,7 +26,7 @@ Section saved_prop.
Proof. rewrite /saved_prop_own; apply _. Qed.
Lemma saved_prop_alloc_strong x (G : gset gname) :
- True ==∗ ∃ γ, ■(γ ∉ G) ∧ saved_prop_own γ x.
+ True ==∗ ∃ γ, ⌜γ ∉ G⌠∧ saved_prop_own γ x.
Proof. by apply own_alloc_strong. Qed.
Lemma saved_prop_alloc x : True ==∗ ∃ γ, saved_prop_own γ x.
diff --git a/base_logic/lib/sts.v b/base_logic/lib/sts.v
index 6ba8f98fba41d23b64ab0e227aef8c9d7c435030..15299e9bef424db149d36d7b06d6f14638a342cc 100644
--- a/base_logic/lib/sts.v
+++ b/base_logic/lib/sts.v
@@ -94,8 +94,8 @@ Section sts.
Lemma sts_accS E γ S T :
▷ sts_inv γ φ ∗ sts_ownS γ S T ={E}=∗ ∃ s,
- ■(s ∈ S) ∗ ▷ φ s ∗ ∀ s' T',
- ■sts.steps (s, T) (s', T') ∗ ▷ φ s' ={E}=∗ ▷ sts_inv γ φ ∗ sts_own γ s' T'.
+ ⌜s ∈ S⌠∗ ▷ φ s ∗ ∀ s' T',
+ ⌜sts.steps (s, T) (s', T')⌠∗ ▷ φ s' ={E}=∗ ▷ sts_inv γ φ ∗ sts_own γ s' T'.
Proof.
iIntros "[Hinv Hγf]". rewrite /sts_ownS /sts_inv /sts_own.
iDestruct "Hinv" as (s) "[>Hγ Hφ]".
@@ -112,15 +112,15 @@ Section sts.
Lemma sts_acc E γ s0 T :
▷ sts_inv γ φ ∗ sts_own γ s0 T ={E}=∗ ∃ s,
- ■sts.frame_steps T s0 s ∗ ▷ φ s ∗ ∀ s' T',
- ■sts.steps (s, T) (s', T') ∗ ▷ φ s' ={E}=∗ ▷ sts_inv γ φ ∗ sts_own γ s' T'.
+ ⌜sts.frame_steps T s0 s⌠∗ ▷ φ s ∗ ∀ s' T',
+ ⌜sts.steps (s, T) (s', T')⌠∗ ▷ φ s' ={E}=∗ ▷ sts_inv γ φ ∗ sts_own γ s' T'.
Proof. by apply sts_accS. Qed.
Lemma sts_openS E N γ S T :
nclose N ⊆ E →
sts_ctx γ N φ ∗ sts_ownS γ S T ={E,E∖N}=∗ ∃ s,
- ■(s ∈ S) ∗ ▷ φ s ∗ ∀ s' T',
- ■sts.steps (s, T) (s', T') ∗ ▷ φ s' ={E∖N,E}=∗ sts_own γ s' T'.
+ ⌜s ∈ S⌠∗ ▷ φ s ∗ ∀ s' T',
+ ⌜sts.steps (s, T) (s', T')⌠∗ ▷ φ s' ={E∖N,E}=∗ sts_own γ s' T'.
Proof.
iIntros (?) "[#? Hγf]". rewrite /sts_ctx. iInv N as "Hinv" "Hclose".
(* The following is essentially a very trivial composition of the accessors
@@ -137,7 +137,7 @@ Section sts.
Lemma sts_open E N γ s0 T :
nclose N ⊆ E →
sts_ctx γ N φ ∗ sts_own γ s0 T ={E,E∖N}=∗ ∃ s,
- ■(sts.frame_steps T s0 s) ∗ ▷ φ s ∗ ∀ s' T',
- ■(sts.steps (s, T) (s', T')) ∗ ▷ φ s' ={E∖N,E}=∗ sts_own γ s' T'.
+ ⌜sts.frame_steps T s0 s⌠∗ ▷ φ s ∗ ∀ s' T',
+ ⌜sts.steps (s, T) (s', T')⌠∗ ▷ φ s' ={E∖N,E}=∗ sts_own γ s' T'.
Proof. by apply sts_openS. Qed.
End sts.
diff --git a/base_logic/lib/thread_local.v b/base_logic/lib/thread_local.v
index 57b65ac024bd952136c410547ae715a989776ea6..c97d31f212753a15bf3c74d536a1d454b0038a72 100644
--- a/base_logic/lib/thread_local.v
+++ b/base_logic/lib/thread_local.v
@@ -16,7 +16,7 @@ Section defs.
own tid (CoPset E, ∅).
Definition tl_inv (tid : thread_id) (N : namespace) (P : iProp Σ) : iProp Σ :=
- (∃ i, ■(i ∈ nclose N) ∧
+ (∃ i, ⌜i ∈ nclose N⌠∧
inv tlN (P ∗ own tid (∅, GSet {[i]}) ∨ tl_own tid {[i]}))%I.
End defs.
@@ -40,7 +40,7 @@ Section proofs.
Lemma tl_alloc : True ==∗ ∃ tid, tl_own tid ⊤.
Proof. by apply own_alloc. Qed.
- Lemma tl_own_disjoint tid E1 E2 : tl_own tid E1 ∗ tl_own tid E2 ⊢ ■(E1 ⊥ E2).
+ Lemma tl_own_disjoint tid E1 E2 : tl_own tid E1 ∗ tl_own tid E2 ⊢ ⌜E1 ⊥ E2âŒ.
Proof.
rewrite /tl_own -own_op own_valid -coPset_disj_valid_op. by iIntros ([? _]).
Qed.
diff --git a/base_logic/lib/wsat.v b/base_logic/lib/wsat.v
index d3498adb6348c2ff5ff9dc5fcabf8ac0667d885e..b75702333615083123601d5df3705813a176ef9e 100644
--- a/base_logic/lib/wsat.v
+++ b/base_logic/lib/wsat.v
@@ -56,9 +56,9 @@ Lemma ownE_empty : True ==∗ ownE ∅.
Proof. by rewrite (own_empty (coPset_disjUR) enabled_name). Qed.
Lemma ownE_op E1 E2 : E1 ⊥ E2 → ownE (E1 ∪ E2) ⊣⊢ ownE E1 ∗ ownE E2.
Proof. intros. by rewrite /ownE -own_op coPset_disj_union. Qed.
-Lemma ownE_disjoint E1 E2 : ownE E1 ∗ ownE E2 ⊢ E1 ⊥ E2.
+Lemma ownE_disjoint E1 E2 : ownE E1 ∗ ownE E2 ⊢ ⌜E1 ⊥ E2âŒ.
Proof. rewrite /ownE -own_op own_valid. by iIntros (?%coPset_disj_valid_op). Qed.
-Lemma ownE_op' E1 E2 : E1 ⊥ E2 ∧ ownE (E1 ∪ E2) ⊣⊢ ownE E1 ∗ ownE E2.
+Lemma ownE_op' E1 E2 : ⌜E1 ⊥ E2⌠∧ ownE (E1 ∪ E2) ⊣⊢ ownE E1 ∗ ownE E2.
Proof.
iSplit; [iIntros "[% ?]"; by iApply ownE_op|].
iIntros "HE". iDestruct (ownE_disjoint with "HE") as %?.
@@ -71,9 +71,9 @@ Lemma ownD_empty : True ==∗ ownD ∅.
Proof. by rewrite (own_empty (gset_disjUR positive) disabled_name). Qed.
Lemma ownD_op E1 E2 : E1 ⊥ E2 → ownD (E1 ∪ E2) ⊣⊢ ownD E1 ∗ ownD E2.
Proof. intros. by rewrite /ownD -own_op gset_disj_union. Qed.
-Lemma ownD_disjoint E1 E2 : ownD E1 ∗ ownD E2 ⊢ E1 ⊥ E2.
+Lemma ownD_disjoint E1 E2 : ownD E1 ∗ ownD E2 ⊢ ⌜E1 ⊥ E2âŒ.
Proof. rewrite /ownD -own_op own_valid. by iIntros (?%gset_disj_valid_op). Qed.
-Lemma ownD_op' E1 E2 : E1 ⊥ E2 ∧ ownD (E1 ∪ E2) ⊣⊢ ownD E1 ∗ ownD E2.
+Lemma ownD_op' E1 E2 : ⌜E1 ⊥ E2⌠∧ ownD (E1 ∪ E2) ⊣⊢ ownD E1 ∗ ownD E2.
Proof.
iSplit; [iIntros "[% ?]"; by iApply ownD_op|].
iIntros "HE". iDestruct (ownD_disjoint with "HE") as %?.
@@ -85,7 +85,7 @@ Proof. rewrite ownD_disjoint. iIntros (?); set_solver. Qed.
Lemma invariant_lookup (I : gmap positive (iProp Σ)) i P :
own invariant_name (◠(invariant_unfold <$> I : gmap _ _)) ∗
own invariant_name (◯ {[i := invariant_unfold P]}) ⊢
- ∃ Q, I !! i = Some Q ∗ ▷ (Q ≡ P).
+ ∃ Q, ⌜I !! i = Some Q⌠∗ ▷ (Q ≡ P).
Proof.
rewrite -own_op own_valid auth_validI /=. iIntros "[#HI #HvI]".
iDestruct "HI" as (I') "HI". rewrite gmap_equivI gmap_validI.
@@ -123,7 +123,7 @@ Qed.
Lemma ownI_alloc φ P :
(∀ E : gset positive, ∃ i, i ∉ E ∧ φ i) →
- wsat ∗ ▷ P ==∗ ∃ i, ■(φ i) ∗ wsat ∗ ownI i P.
+ wsat ∗ ▷ P ==∗ ∃ i, ⌜φ i⌠∗ wsat ∗ ownI i P.
Proof.
iIntros (Hfresh) "[Hw HP]". iDestruct "Hw" as (I) "[? HI]".
iMod (own_empty (gset_disjUR positive) disabled_name) as "HE".
diff --git a/base_logic/primitive.v b/base_logic/primitive.v
index 0b26e7a38203145652cf817b00f9c1a0c6e3b579..c6c7565ea08058271ff1020a76661acd6439955b 100644
--- a/base_logic/primitive.v
+++ b/base_logic/primitive.v
@@ -155,10 +155,9 @@ Definition uPred_bupd_aux : { x | x = @uPred_bupd_def }. by eexists. Qed.
Definition uPred_bupd {M} := proj1_sig uPred_bupd_aux M.
Definition uPred_bupd_eq : @uPred_bupd = @uPred_bupd_def := proj2_sig uPred_bupd_aux.
-Notation "■φ" := (uPred_pure φ%C%type)
- (at level 20, right associativity) : uPred_scope.
-Notation "x = y" := (uPred_pure (x%C%type = y%C%type)) : uPred_scope.
-Notation "x ⊥ y" := (uPred_pure (x%C%type ⊥ y%C%type)) : uPred_scope.
+(* Latest notation *)
+Notation "'⌜' φ 'âŒ'" := (uPred_pure φ%C%type)
+ (at level 1, φ at level 200, format "⌜ φ âŒ") : uPred_scope.
Notation "'False'" := (uPred_pure False) : uPred_scope.
Notation "'True'" := (uPred_pure True) : uPred_scope.
Infix "∧" := uPred_and : uPred_scope.
@@ -317,13 +316,13 @@ Qed.
Global Instance bupd_proper : Proper ((≡) ==> (≡)) (@uPred_bupd M) := ne_proper _.
(** Introduction and elimination rules *)
-Lemma pure_intro φ P : φ → P ⊢ ■φ.
+Lemma pure_intro φ P : φ → P ⊢ ⌜φâŒ.
Proof. by intros ?; unseal; split. Qed.
-Lemma pure_elim φ Q R : (Q ⊢ ■φ) → (φ → Q ⊢ R) → Q ⊢ R.
+Lemma pure_elim φ Q R : (Q ⊢ ⌜φâŒ) → (φ → Q ⊢ R) → Q ⊢ R.
Proof.
unseal; intros HQP HQR; split=> n x ??; apply HQR; first eapply HQP; eauto.
Qed.
-Lemma pure_forall_2 {A} (φ : A → Prop) : (∀ x : A, ■φ x) ⊢ ■(∀ x : A, φ x).
+Lemma pure_forall_2 {A} (φ : A → Prop) : (∀ x : A, ⌜φ xâŒ) ⊢ ⌜∀ x : A, φ xâŒ.
Proof. by unseal. Qed.
Lemma and_elim_l P Q : P ∧ Q ⊢ P.
@@ -426,7 +425,7 @@ Qed.
Lemma always_idemp P : □ P ⊢ □ □ P.
Proof. unseal; split=> n x ?? /=. by rewrite cmra_core_idemp. Qed.
-Lemma always_pure_2 φ : ■φ ⊢ □ ■φ.
+Lemma always_pure_2 φ : ⌜φ⌠⊢ â–¡ ⌜φâŒ.
Proof. by unseal. Qed.
Lemma always_forall_2 {A} (Ψ : A → uPred M) : (∀ a, □ Ψ a) ⊢ (□ ∀ a, Ψ a).
Proof. by unseal. Qed.
@@ -542,7 +541,7 @@ Proof.
apply uPred_closed with n; eauto 3 using cmra_validN_op_l, cmra_validN_op_r.
Qed.
Lemma bupd_ownM_updateP x (Φ : M → Prop) :
- x ~~>: Φ → uPred_ownM x ==∗ ∃ y, ■Φ y ∧ uPred_ownM y.
+ x ~~>: Φ → uPred_ownM x ==∗ ∃ y, ⌜Φ y⌠∧ uPred_ownM y.
Proof.
unseal=> Hup; split=> n x2 ? [x3 Hx] k yf ??.
destruct (Hup k (Some (x3 â‹… yf))) as (y&?&?); simpl in *.
@@ -562,9 +561,9 @@ Lemma later_equivI {A : ofeT} (x y : A) : Next x ≡ Next y ⊣⊢ ▷ (x ≡ y)
Proof. by unseal. Qed.
(* Discrete *)
-Lemma discrete_valid {A : cmraT} `{!CMRADiscrete A} (a : A) : ✓ a ⊣⊢ ■✓ a.
+Lemma discrete_valid {A : cmraT} `{!CMRADiscrete A} (a : A) : ✓ a ⊣⊢ ⌜✓ aâŒ.
Proof. unseal; split=> n x _. by rewrite /= -cmra_discrete_valid_iff. Qed.
-Lemma timeless_eq {A : ofeT} (a b : A) : Timeless a → a ≡ b ⊣⊢ ■(a ≡ b).
+Lemma timeless_eq {A : ofeT} (a b : A) : Timeless a → a ≡ b ⊣⊢ ⌜a ≡ bâŒ.
Proof.
unseal=> ?. apply (anti_symm (⊢)); split=> n x ?; by apply (timeless_iff n).
Qed.
diff --git a/heap_lang/adequacy.v b/heap_lang/adequacy.v
index 01aecda22ec0f9c94b1f160ec847a275b79e5afa..1e33e4054ccc349e7887bdbd503629740cde1801 100644
--- a/heap_lang/adequacy.v
+++ b/heap_lang/adequacy.v
@@ -16,7 +16,7 @@ Instance subG_heapPreG {Σ} : subG heapΣ Σ → heapPreG Σ.
Proof. intros [? ?]%subG_inv. split; apply _. Qed.
Definition heap_adequacy Σ `{heapPreG Σ} e σ φ :
- (∀ `{heapG Σ}, heap_ctx ⊢ WP e {{ v, ■φ v }}) →
+ (∀ `{heapG Σ}, heap_ctx ⊢ WP e {{ v, ⌜φ v⌠}}) →
adequate e σ φ.
Proof.
intros Hwp; eapply (wp_adequacy Σ); iIntros (?) "Hσ".
diff --git a/heap_lang/heap.v b/heap_lang/heap.v
index a2b7d204328e0821cfcd6cba454eb7e0163303ef..45b4c8b584b9b61b0902afa127babf279fcc875e 100644
--- a/heap_lang/heap.v
+++ b/heap_lang/heap.v
@@ -85,7 +85,7 @@ Section heap.
Qed.
Lemma heap_mapsto_op l q1 q2 v1 v2 :
- l ↦{q1} v1 ∗ l ↦{q2} v2 ⊣⊢ v1 = v2 ∧ l ↦{q1+q2} v1.
+ l ↦{q1} v1 ∗ l ↦{q2} v2 ⊣⊢ ⌜v1 = v2⌠∧ l ↦{q1+q2} v1.
Proof.
destruct (decide (v1 = v2)) as [->|].
{ by rewrite heap_mapsto_op_eq pure_True // left_id. }
@@ -96,15 +96,15 @@ Section heap.
Qed.
Lemma heap_mapsto_op_1 l q1 q2 v1 v2 :
- l ↦{q1} v1 ∗ l ↦{q2} v2 ⊢ v1 = v2 ∧ l ↦{q1+q2} v1.
+ l ↦{q1} v1 ∗ l ↦{q2} v2 ⊢ ⌜v1 = v2⌠∧ l ↦{q1+q2} v1.
Proof. by rewrite heap_mapsto_op. Qed.
Lemma heap_mapsto_op_half l q v1 v2 :
- l ↦{q/2} v1 ∗ l ↦{q/2} v2 ⊣⊢ v1 = v2 ∧ l ↦{q} v1.
+ l ↦{q/2} v1 ∗ l ↦{q/2} v2 ⊣⊢ ⌜v1 = v2⌠∧ l ↦{q} v1.
Proof. by rewrite heap_mapsto_op Qp_div_2. Qed.
Lemma heap_mapsto_op_half_1 l q v1 v2 :
- l ↦{q/2} v1 ∗ l ↦{q/2} v2 ⊢ v1 = v2 ∧ l ↦{q} v1.
+ l ↦{q/2} v1 ∗ l ↦{q/2} v2 ⊢ ⌜v1 = v2⌠∧ l ↦{q} v1.
Proof. by rewrite heap_mapsto_op_half. Qed.
Lemma heap_ex_mapsto_op l q1 q2 : l ↦{q1} - ∗ l ↦{q2} - ⊣⊢ l ↦{q1+q2} -.
diff --git a/heap_lang/lib/assert.v b/heap_lang/lib/assert.v
index b222b908ddd29472e2f3aee7fadea1be89368a2e..547f961589011b808f2ad2867c196fda6c693380 100644
--- a/heap_lang/lib/assert.v
+++ b/heap_lang/lib/assert.v
@@ -10,7 +10,7 @@ Notation "'assert:' e" := (assert (λ: <>, e))%E (at level 99) : expr_scope.
Global Opaque assert.
Lemma wp_assert `{heapG Σ} E (Φ : val → iProp Σ) e `{!Closed [] e} :
- WP e @ E {{ v, v = #true ∧ ▷ Φ #() }} ⊢ WP assert: e @ E {{ Φ }}.
+ WP e @ E {{ v, ⌜v = #true⌠∧ ▷ Φ #() }} ⊢ WP assert: e @ E {{ Φ }}.
Proof.
iIntros "HΦ". rewrite /assert. wp_let. wp_seq.
iApply (wp_wand with "HΦ"). iIntros (v) "[% ?]"; subst. by wp_if.
diff --git a/heap_lang/lib/barrier/proof.v b/heap_lang/lib/barrier/proof.v
index dc9ed307b6aa2212aa61569e557a5d0596feb89d..a859f60734b32d319834deb779d400dd33a47709 100644
--- a/heap_lang/lib/barrier/proof.v
+++ b/heap_lang/lib/barrier/proof.v
@@ -38,7 +38,7 @@ Definition barrier_inv (l : loc) (P : iProp Σ) (s : state) : iProp Σ :=
(l ↦ s ∗ ress (state_to_prop s P) (state_I s))%I.
Definition barrier_ctx (γ : gname) (l : loc) (P : iProp Σ) : iProp Σ :=
- (■(heapN ⊥ N) ∗ heap_ctx ∗ sts_ctx γ N (barrier_inv l P))%I.
+ (⌜heapN ⊥ N⌠∗ heap_ctx ∗ sts_ctx γ N (barrier_inv l P))%I.
Definition send (l : loc) (P : iProp Σ) : iProp Σ :=
(∃ γ, barrier_ctx γ l P ∗ sts_ownS γ low_states {[ Send ]})%I.
diff --git a/heap_lang/lib/barrier/specification.v b/heap_lang/lib/barrier/specification.v
index 914f97751df9f9ee99336578456ca4534a6d02d7..d5f581970f0c530587a1fd943592057712b5e436 100644
--- a/heap_lang/lib/barrier/specification.v
+++ b/heap_lang/lib/barrier/specification.v
@@ -11,7 +11,7 @@ Lemma barrier_spec (N : namespace) :
heapN ⊥ N →
∃ recv send : loc → iProp Σ -n> iProp Σ,
(∀ P, heap_ctx ⊢ {{ True }} newbarrier #()
- {{ v, ∃ l : loc, v = #l ∗ recv l P ∗ send l P }}) ∧
+ {{ v, ∃ l : loc, ⌜v = #l⌠∗ recv l P ∗ send l P }}) ∧
(∀ l P, {{ send l P ∗ P }} signal #l {{ _, True }}) ∧
(∀ l P, {{ recv l P }} wait #l {{ _, P }}) ∧
(∀ l P Q, recv l (P ∗ Q) ={N}=> recv l P ∗ recv l Q) ∧
diff --git a/heap_lang/lib/counter.v b/heap_lang/lib/counter.v
index 8746e2b59466f94d7dd5c7b451342db0628a75b4..941ae644e63957e44b543b27efa22a42422477cf 100644
--- a/heap_lang/lib/counter.v
+++ b/heap_lang/lib/counter.v
@@ -26,7 +26,7 @@ Section mono_proof.
(∃ n, own γ (◠(n : mnat)) ∗ l ↦ #n)%I.
Definition mcounter (l : loc) (n : nat) : iProp Σ :=
- (∃ γ, heapN ⊥ N ∧ heap_ctx ∧
+ (∃ γ, ⌜heapN ⊥ N⌠∧ heap_ctx ∧
inv N (mcounter_inv γ l) ∧ own γ (◯ (n : mnat)))%I.
(** The main proofs. *)
@@ -70,7 +70,7 @@ Section mono_proof.
Qed.
Lemma read_mono_spec l j :
- {{{ mcounter l j }}} read #l {{{ i, RET #i; ■(j ≤ i)%nat ∧ mcounter l i }}}.
+ {{{ mcounter l j }}} read #l {{{ i, RET #i; ⌜j ≤ iâŒ%nat ∧ mcounter l i }}}.
Proof.
iIntros (ϕ) "Hc HΦ". iDestruct "Hc" as (γ) "(% & #? & #Hinv & Hγf)".
rewrite /read /=. wp_let. iInv N as (c) ">[Hγ Hl]" "Hclose". wp_load.
@@ -99,7 +99,7 @@ Section contrib_spec.
(∃ n, own γ (◠Some (1%Qp, n)) ∗ l ↦ #n)%I.
Definition ccounter_ctx (γ : gname) (l : loc) : iProp Σ :=
- (heapN ⊥ N ∧ heap_ctx ∧ inv N (ccounter_inv γ l))%I.
+ (⌜heapN ⊥ N⌠∧ heap_ctx ∧ inv N (ccounter_inv γ l))%I.
Definition ccounter (γ : gname) (q : frac) (n : nat) : iProp Σ :=
own γ (◯ Some (q, n)).
@@ -145,7 +145,7 @@ Section contrib_spec.
Lemma read_contrib_spec γ l q n :
{{{ ccounter_ctx γ l ∗ ccounter γ q n }}} read #l
- {{{ c, RET #c; ■(n ≤ c)%nat ∧ ccounter γ q n }}}.
+ {{{ c, RET #c; ⌜n ≤ câŒ%nat ∧ ccounter γ q n }}}.
Proof.
iIntros (Φ) "(#(%&?&?) & Hγf) HΦ".
rewrite /read /=. wp_let. iInv N as (c) ">[Hγ Hl]" "Hclose". wp_load.
diff --git a/heap_lang/lib/spawn.v b/heap_lang/lib/spawn.v
index 8e2e167888eff87cd512bddc4f039b7e03a0c9ce..17c44630afcac7feefd5c13ff4b03a07efd62a03 100644
--- a/heap_lang/lib/spawn.v
+++ b/heap_lang/lib/spawn.v
@@ -29,11 +29,11 @@ Section proof.
Context `{!heapG Σ, !spawnG Σ} (N : namespace).
Definition spawn_inv (γ : gname) (l : loc) (Ψ : val → iProp Σ) : iProp Σ :=
- (∃ lv, l ↦ lv ∗ (lv = NONEV ∨
- ∃ v, lv = SOMEV v ∗ (Ψ v ∨ own γ (Excl ()))))%I.
+ (∃ lv, l ↦ lv ∗ (⌜lv = NONEV⌠∨
+ ∃ v, ⌜lv = SOMEV v⌠∗ (Ψ v ∨ own γ (Excl ()))))%I.
Definition join_handle (l : loc) (Ψ : val → iProp Σ) : iProp Σ :=
- (heapN ⊥ N ∗ ∃ γ, heap_ctx ∗ own γ (Excl ()) ∗
+ (⌜heapN ⊥ N⌠∗ ∃ γ, heap_ctx ∗ own γ (Excl ()) ∗
inv N (spawn_inv γ l Ψ))%I.
Typeclasses Opaque join_handle.
diff --git a/heap_lang/lib/spin_lock.v b/heap_lang/lib/spin_lock.v
index d462f46a3e5b285e6b0a832758d8d143c0b10ce0..896caade9b443561c74bb15dde8cd87c44ba57dd 100644
--- a/heap_lang/lib/spin_lock.v
+++ b/heap_lang/lib/spin_lock.v
@@ -27,7 +27,7 @@ Section proof.
(∃ b : bool, l ↦ #b ∗ if b then True else own γ (Excl ()) ∗ R)%I.
Definition is_lock (γ : gname) (lk : val) (R : iProp Σ) : iProp Σ :=
- (∃ l: loc, heapN ⊥ N ∧ heap_ctx ∧ lk = #l ∧ inv N (lock_inv γ l R))%I.
+ (∃ l: loc, ⌜heapN ⊥ N⌠∧ heap_ctx ∧ ⌜lk = #l⌠∧ inv N (lock_inv γ l R))%I.
Definition locked (γ : gname): iProp Σ := own γ (Excl ()).
diff --git a/heap_lang/lib/ticket_lock.v b/heap_lang/lib/ticket_lock.v
index 99543759d826294673a2ecd36f16875e8b3106ae..194b3da1f38fd94331f7b3b3a84c5b6d45409b98 100644
--- a/heap_lang/lib/ticket_lock.v
+++ b/heap_lang/lib/ticket_lock.v
@@ -47,13 +47,13 @@ Section proof.
Definition is_lock (γ : gname) (lk : val) (R : iProp Σ) : iProp Σ :=
(∃ lo ln : loc,
- heapN ⊥ N ∧ heap_ctx ∧
- lk = (#lo, #ln)%V ∧ inv N (lock_inv γ lo ln R))%I.
+ ⌜heapN ⊥ N⌠∧ heap_ctx ∧
+ ⌜lk = (#lo, #ln)%V⌠∧ inv N (lock_inv γ lo ln R))%I.
Definition issued (γ : gname) (lk : val) (x : nat) (R : iProp Σ) : iProp Σ :=
(∃ lo ln: loc,
- heapN ⊥ N ∧ heap_ctx ∧
- lk = (#lo, #ln)%V ∧ inv N (lock_inv γ lo ln R) ∧
+ ⌜heapN ⊥ N⌠∧ heap_ctx ∧
+ ⌜lk = (#lo, #ln)%V⌠∧ inv N (lock_inv γ lo ln R) ∧
own γ (◯ (∅, GSet {[ x ]})))%I.
Definition locked (γ : gname) : iProp Σ := (∃ o, own γ (◯ (Excl' o, ∅)))%I.
diff --git a/heap_lang/lifting.v b/heap_lang/lifting.v
index 94a59db529c9896f69512be64f8daf5962eba93a..fbdde12b2e48fe0f023ad5605583392f6289b0d8 100644
--- a/heap_lang/lifting.v
+++ b/heap_lang/lifting.v
@@ -48,7 +48,7 @@ Proof. exact: weakestpre.wp_bind. Qed.
(** Base axioms for core primitives of the language: Stateful reductions. *)
Lemma wp_alloc_pst E σ v :
{{{ ▷ ownP σ }}} Alloc (of_val v) @ E
- {{{ l, RET LitV (LitLoc l); σ !! l = None ∧ ownP (<[l:=v]>σ) }}}.
+ {{{ l, RET LitV (LitLoc l); ⌜σ !! l = None⌠∧ ownP (<[l:=v]>σ) }}}.
Proof.
iIntros (Φ) "HP HΦ".
iApply (wp_lift_atomic_head_step (Alloc (of_val v)) σ); eauto.
diff --git a/program_logic/adequacy.v b/program_logic/adequacy.v
index c30f339bfc96606493c2b5e64885cea242e5025b..b789b798b695c46d81870e35ba05d638a8ff0b69 100644
--- a/program_logic/adequacy.v
+++ b/program_logic/adequacy.v
@@ -111,7 +111,7 @@ Qed.
Lemma wptp_step e1 t1 t2 σ1 σ2 Φ :
step (e1 :: t1,σ1) (t2, σ2) →
world σ1 ∗ WP e1 {{ Φ }} ∗ wptp t1
- ==∗ ∃ e2 t2', t2 = e2 :: t2' ∗ ▷ |==> ◇ (world σ2 ∗ WP e2 {{ Φ }} ∗ wptp t2').
+ ==∗ ∃ e2 t2', ⌜t2 = e2 :: t2'⌠∗ ▷ |==> ◇ (world σ2 ∗ WP e2 {{ Φ }} ∗ wptp t2').
Proof.
iIntros (Hstep) "(HW & He & Ht)".
destruct Hstep as [e1' σ1' e2' σ2' efs [|? t1'] t2' ?? Hstep]; simplify_eq/=.
@@ -127,7 +127,7 @@ Lemma wptp_steps n e1 t1 t2 σ1 σ2 Φ :
nsteps step n (e1 :: t1, σ1) (t2, σ2) →
world σ1 ∗ WP e1 {{ Φ }} ∗ wptp t1 ⊢
Nat.iter (S n) (λ P, |==> ▷ P) (∃ e2 t2',
- t2 = e2 :: t2' ∗ world σ2 ∗ WP e2 {{ Φ }} ∗ wptp t2').
+ ⌜t2 = e2 :: t2'⌠∗ world σ2 ∗ WP e2 {{ Φ }} ∗ wptp t2').
Proof.
revert e1 t1 t2 σ1 σ2; simpl; induction n as [|n IH]=> e1 t1 t2 σ1 σ2 /=.
{ inversion_clear 1; iIntros "?"; eauto 10. }
@@ -148,8 +148,8 @@ Qed.
Lemma wptp_result n e1 t1 v2 t2 σ1 σ2 φ :
nsteps step n (e1 :: t1, σ1) (of_val v2 :: t2, σ2) →
- world σ1 ∗ WP e1 {{ v, ■φ v }} ∗ wptp t1 ⊢
- Nat.iter (S (S n)) (λ P, |==> ▷ P) (■φ v2).
+ world σ1 ∗ WP e1 {{ v, ⌜φ v⌠}} ∗ wptp t1 ⊢
+ Nat.iter (S (S n)) (λ P, |==> â–· P) ⌜φ v2âŒ.
Proof.
intros. rewrite wptp_steps //.
rewrite (Nat_iter_S_r (S n)). apply bupd_iter_mono.
@@ -159,7 +159,7 @@ Proof.
Qed.
Lemma wp_safe e σ Φ :
- world σ ∗ WP e {{ Φ }} ==∗ ▷ ■(is_Some (to_val e) ∨ reducible e σ).
+ world σ ∗ WP e {{ Φ }} ==∗ â–· ⌜is_Some (to_val e) ∨ reducible e σâŒ.
Proof.
rewrite wp_unfold /wp_pre. iIntros "[(Hw&HE&Hσ) [H|[_ H]]]".
{ iDestruct "H" as (v) "[% _]"; eauto 10. }
@@ -170,7 +170,7 @@ Qed.
Lemma wptp_safe n e1 e2 t1 t2 σ1 σ2 Φ :
nsteps step n (e1 :: t1, σ1) (t2, σ2) → e2 ∈ t2 →
world σ1 ∗ WP e1 {{ Φ }} ∗ wptp t1 ⊢
- Nat.iter (S (S n)) (λ P, |==> ▷ P) (■(is_Some (to_val e2) ∨ reducible e2 σ2)).
+ Nat.iter (S (S n)) (λ P, |==> â–· P) ⌜is_Some (to_val e2) ∨ reducible e2 σ2âŒ.
Proof.
intros ? He2. rewrite wptp_steps //; rewrite (Nat_iter_S_r (S n)). apply bupd_iter_mono.
iDestruct 1 as (e2' t2') "(% & Hw & H & Htp)"; simplify_eq.
@@ -180,9 +180,9 @@ Qed.
Lemma wptp_invariance n e1 e2 t1 t2 σ1 σ2 I φ Φ :
nsteps step n (e1 :: t1, σ1) (t2, σ2) →
- (I ={⊤,∅}=∗ ∃ σ', ownP σ' ∧ ■φ σ') →
+ (I ={⊤,∅}=∗ ∃ σ', ownP σ' ∧ ⌜φ σ'âŒ) →
I ∗ world σ1 ∗ WP e1 {{ Φ }} ∗ wptp t1 ⊢
- Nat.iter (S (S n)) (λ P, |==> ▷ P) (■φ σ2).
+ Nat.iter (S (S n)) (λ P, |==> â–· P) ⌜φ σ2âŒ.
Proof.
intros ? HI. rewrite wptp_steps //.
rewrite (Nat_iter_S_r (S n)) bupd_iter_frame_l. apply bupd_iter_mono.
@@ -196,7 +196,7 @@ Qed.
End adequacy.
Theorem wp_adequacy Σ `{irisPreG Λ Σ} e σ φ :
- (∀ `{irisG Λ Σ}, ownP σ ⊢ WP e {{ v, ■φ v }}) →
+ (∀ `{irisG Λ Σ}, ownP σ ⊢ WP e {{ v, ⌜φ v⌠}}) →
adequate e σ φ.
Proof.
intros Hwp; split.
@@ -214,7 +214,7 @@ Qed.
Theorem wp_invariance Σ `{irisPreG Λ Σ} e σ1 t2 σ2 I φ Φ :
(∀ `{irisG Λ Σ}, ownP σ1 ={⊤}=∗ I ∗ WP e {{ Φ }}) →
- (∀ `{irisG Λ Σ}, I ={⊤,∅}=∗ ∃ σ', ownP σ' ∧ ■φ σ') →
+ (∀ `{irisG Λ Σ}, I ={⊤,∅}=∗ ∃ σ', ownP σ' ∧ ⌜φ σ'âŒ) →
rtc step ([e], σ1) (t2, σ2) →
φ σ2.
Proof.
diff --git a/program_logic/ectx_lifting.v b/program_logic/ectx_lifting.v
index a35324f53db2e7074b72c877a4ec0af57b6f0ffd..e075f00b74512e03f9b6a48486c29740aece01a8 100644
--- a/program_logic/ectx_lifting.v
+++ b/program_logic/ectx_lifting.v
@@ -16,8 +16,8 @@ Lemma wp_ectx_bind {E e} K Φ :
Proof. apply: weakestpre.wp_bind. Qed.
Lemma wp_lift_head_step E Φ e1 :
- (|={E,∅}=> ∃ σ1, ■head_reducible e1 σ1 ∗ ▷ ownP σ1 ∗
- ▷ ∀ e2 σ2 efs, ■head_step e1 σ1 e2 σ2 efs ∗ ownP σ2
+ (|={E,∅}=> ∃ σ1, ⌜head_reducible e1 σ1⌠∗ ▷ ownP σ1 ∗
+ ▷ ∀ e2 σ2 efs, ⌜head_step e1 σ1 e2 σ2 efs⌠∗ ownP σ2
={∅,E}=∗ WP e2 @ E {{ Φ }} ∗ [∗ list] ef ∈ efs, WP ef {{ _, True }})
⊢ WP e1 @ E {{ Φ }}.
Proof.
@@ -30,7 +30,7 @@ Qed.
Lemma wp_lift_pure_head_step E Φ e1 :
(∀ σ1, head_reducible e1 σ1) →
(∀ σ1 e2 σ2 efs, head_step e1 σ1 e2 σ2 efs → σ1 = σ2) →
- (▷ ∀ e2 efs σ, ■head_step e1 σ e2 σ efs →
+ (▷ ∀ e2 efs σ, ⌜head_step e1 σ e2 σ efs⌠→
WP e2 @ E {{ Φ }} ∗ [∗ list] ef ∈ efs, WP ef {{ _, True }})
⊢ WP e1 @ E {{ Φ }}.
Proof.
@@ -42,7 +42,7 @@ Lemma wp_lift_atomic_head_step {E Φ} e1 σ1 :
atomic e1 →
head_reducible e1 σ1 →
▷ ownP σ1 ∗ ▷ (∀ v2 σ2 efs,
- ■head_step e1 σ1 (of_val v2) σ2 efs ∧ ownP σ2 -∗
+ ⌜head_step e1 σ1 (of_val v2) σ2 efs⌠∧ ownP σ2 -∗
Φ v2 ∗ [∗ list] ef ∈ efs, WP ef {{ _, True }})
⊢ WP e1 @ E {{ Φ }}.
Proof.
diff --git a/program_logic/hoare.v b/program_logic/hoare.v
index 0f8b104df742cb9e160d8ec4bde0466ccb60865b..8c18831da0a8cf313b986ba48daf53ece7838504 100644
--- a/program_logic/hoare.v
+++ b/program_logic/hoare.v
@@ -56,7 +56,7 @@ Proof. solve_proper. Qed.
Lemma ht_alt E P Φ e : (P ⊢ WP e @ E {{ Φ }}) → {{ P }} e @ E {{ Φ }}.
Proof. iIntros (Hwp) "!# HP". by iApply Hwp. Qed.
-Lemma ht_val E v : {{ True }} of_val v @ E {{ v', v = v' }}.
+Lemma ht_val E v : {{ True }} of_val v @ E {{ v', ⌜v = v'⌠}}.
Proof. iIntros "!# _". by iApply wp_value'. Qed.
Lemma ht_vs E P P' Φ Φ' e :
diff --git a/program_logic/lifting.v b/program_logic/lifting.v
index 4e4f84916a4babc9c3c640b6515e5aae5f1592f3..cac55e4840730cd8580322683392c8a82dd29a1e 100644
--- a/program_logic/lifting.v
+++ b/program_logic/lifting.v
@@ -11,8 +11,8 @@ Implicit Types P Q : iProp Σ.
Implicit Types Φ : val Λ → iProp Σ.
Lemma wp_lift_step E Φ e1 :
- (|={E,∅}=> ∃ σ1, ■reducible e1 σ1 ∗ ▷ ownP σ1 ∗
- ▷ ∀ e2 σ2 efs, ■prim_step e1 σ1 e2 σ2 efs ∗ ownP σ2
+ (|={E,∅}=> ∃ σ1, ⌜reducible e1 σ1⌠∗ ▷ ownP σ1 ∗
+ ▷ ∀ e2 σ2 efs, ⌜prim_step e1 σ1 e2 σ2 efs⌠∗ ownP σ2
={∅,E}=∗ WP e2 @ E {{ Φ }} ∗ [∗ list] ef ∈ efs, WP ef {{ _, True }})
⊢ WP e1 @ E {{ Φ }}.
Proof.
@@ -31,7 +31,7 @@ Qed.
Lemma wp_lift_pure_step `{Inhabited (state Λ)} E Φ e1 :
(∀ σ1, reducible e1 σ1) →
(∀ σ1 e2 σ2 efs, prim_step e1 σ1 e2 σ2 efs → σ1 = σ2) →
- (▷ ∀ e2 efs σ, ■prim_step e1 σ e2 σ efs →
+ (▷ ∀ e2 efs σ, ⌜prim_step e1 σ e2 σ efs⌠→
WP e2 @ E {{ Φ }} ∗ [∗ list] ef ∈ efs, WP ef {{ _, True }})
⊢ WP e1 @ E {{ Φ }}.
Proof.
@@ -47,7 +47,7 @@ Qed.
Lemma wp_lift_atomic_step {E Φ} e1 σ1 :
atomic e1 →
reducible e1 σ1 →
- (▷ ownP σ1 ∗ ▷ ∀ v2 σ2 efs, ■prim_step e1 σ1 (of_val v2) σ2 efs ∗ ownP σ2 -∗
+ (▷ ownP σ1 ∗ ▷ ∀ v2 σ2 efs, ⌜prim_step e1 σ1 (of_val v2) σ2 efs⌠∗ ownP σ2 -∗
Φ v2 ∗ [∗ list] ef ∈ efs, WP ef {{ _, True }})
⊢ WP e1 @ E {{ Φ }}.
Proof.
diff --git a/program_logic/weakestpre.v b/program_logic/weakestpre.v
index 5e665c9282b505b8d0bbc14c6f8a22d036d8ee54..cac72d01bb2e7004d3a3404b853db3ae7efb3aa5 100644
--- a/program_logic/weakestpre.v
+++ b/program_logic/weakestpre.v
@@ -26,11 +26,11 @@ Definition wp_pre `{irisG Λ Σ}
(wp : coPset -c> expr Λ -c> (val Λ -c> iProp Σ) -c> iProp Σ) :
coPset -c> expr Λ -c> (val Λ -c> iProp Σ) -c> iProp Σ := λ E e1 Φ, (
(* value case *)
- (∃ v, to_val e1 = Some v ∧ |={E}=> Φ v) ∨
+ (∃ v, ⌜to_val e1 = Some v⌠∧ |={E}=> Φ v) ∨
(* step case *)
- (to_val e1 = None ∧ ∀ σ1,
- ownP_auth σ1 ={E,∅}=∗ ■reducible e1 σ1 ∗
- ▷ ∀ e2 σ2 efs, ■prim_step e1 σ1 e2 σ2 efs ={∅,E}=∗
+ (⌜to_val e1 = None⌠∧ ∀ σ1,
+ ownP_auth σ1 ={E,∅}=∗ ⌜reducible e1 σ1⌠∗
+ ▷ ∀ e2 σ2 efs, ⌜prim_step e1 σ1 e2 σ2 efs⌠={∅,E}=∗
ownP_auth σ2 ∗ wp E e2 Φ ∗
[∗ list] ef ∈ efs, wp ⊤ ef (λ _, True)))%I.
@@ -119,7 +119,7 @@ Proof. rewrite /ownP -own_op own_valid. by iIntros (?). Qed.
Global Instance ownP_timeless σ : TimelessP (@ownP (state Λ) Σ _ σ).
Proof. rewrite /ownP; apply _. Qed.
-Lemma ownP_agree σ1 σ2 : ownP_auth σ1 ∗ ownP σ2 ⊢ σ1 = σ2.
+Lemma ownP_agree σ1 σ2 : ownP_auth σ1 ∗ ownP σ2 ⊢ ⌜σ1 = σ2âŒ.
Proof.
rewrite /ownP /ownP_auth -own_op own_valid -auth_both_op.
by iIntros ([[[] [=]%leibniz_equiv] _]%auth_valid_discrete).
diff --git a/proofmode/class_instances.v b/proofmode/class_instances.v
index e184e233ff1b26ba8585f16608d6e5d3f2842720..5edcb5d02a6c483c55d385bae46f1b4000f67ffa 100644
--- a/proofmode/class_instances.v
+++ b/proofmode/class_instances.v
@@ -21,7 +21,7 @@ Global Instance from_assumption_bupd p P Q :
Proof. rewrite /FromAssumption=>->. apply bupd_intro. Qed.
(* IntoPure *)
-Global Instance into_pure_pure φ : @IntoPure M (■φ) φ.
+Global Instance into_pure_pure φ : @IntoPure M ⌜φ⌠φ.
Proof. done. Qed.
Global Instance into_pure_eq {A : ofeT} (a b : A) :
Timeless a → @IntoPure M (a ≡ b) (a ≡ b).
@@ -31,7 +31,7 @@ Global Instance into_pure_cmra_valid `{CMRADiscrete A} (a : A) :
Proof. by rewrite /IntoPure discrete_valid. Qed.
(* FromPure *)
-Global Instance from_pure_pure φ : @FromPure M (■φ) φ.
+Global Instance from_pure_pure φ : @FromPure M ⌜φ⌠φ.
Proof. done. Qed.
Global Instance from_pure_internal_eq {A : ofeT} (a b : A) :
@FromPure M (a ≡ b) (a ≡ b).
@@ -240,7 +240,7 @@ Qed.
(* Frame *)
Global Instance frame_here R : Frame R R True.
Proof. by rewrite /Frame right_id. Qed.
-Global Instance frame_here_pure φ Q : FromPure Q φ → Frame (■φ) Q True.
+Global Instance frame_here_pure φ Q : FromPure Q φ → Frame ⌜φ⌠Q True.
Proof. rewrite /FromPure /Frame=> ->. by rewrite right_id. Qed.
Class MakeSep (P Q PQ : uPred M) := make_sep : P ∗ Q ⊣⊢ PQ.
diff --git a/proofmode/classes.v b/proofmode/classes.v
index c17d464bee33ba18d7d2a407057cee8c07b7529a..c9b0bccb9cc92daaf86fcf07ba838d5edf7e527b 100644
--- a/proofmode/classes.v
+++ b/proofmode/classes.v
@@ -8,10 +8,10 @@ Implicit Types P Q : uPred M.
Class FromAssumption (p : bool) (P Q : uPred M) := from_assumption : □?p P ⊢ Q.
Global Arguments from_assumption _ _ _ {_}.
-Class IntoPure (P : uPred M) (φ : Prop) := into_pure : P ⊢ ■φ.
+Class IntoPure (P : uPred M) (φ : Prop) := into_pure : P ⊢ ⌜φâŒ.
Global Arguments into_pure : clear implicits.
-Class FromPure (P : uPred M) (φ : Prop) := from_pure : ■φ ⊢ P.
+Class FromPure (P : uPred M) (φ : Prop) := from_pure : ⌜φ⌠⊢ P.
Global Arguments from_pure : clear implicits.
Class IntoPersistentP (P Q : uPred M) := into_persistentP : P ⊢ □ Q.
diff --git a/proofmode/coq_tactics.v b/proofmode/coq_tactics.v
index 234fa9086b9f79c84657371fe43d96988b56d0e4..5fef411c249465694f2e9e2d160b4feca67ad15e 100644
--- a/proofmode/coq_tactics.v
+++ b/proofmode/coq_tactics.v
@@ -19,7 +19,7 @@ Record envs_wf {M} (Δ : envs M) := {
}.
Coercion of_envs {M} (Δ : envs M) : uPred M :=
- (■envs_wf Δ ∗ □ [∗] env_persistent Δ ∗ [∗] env_spatial Δ)%I.
+ (⌜envs_wf Δ⌠∗ □ [∗] env_persistent Δ ∗ [∗] env_spatial Δ)%I.
Instance: Params (@of_envs) 1.
Record envs_Forall2 {M} (R : relation (uPred M)) (Δ1 Δ2 : envs M) : Prop := {
@@ -110,7 +110,7 @@ Implicit Types Δ : envs M.
Implicit Types P Q : uPred M.
Lemma of_envs_def Δ :
- of_envs Δ = (■envs_wf Δ ∗ □ [∗] env_persistent Δ ∗ [∗] env_spatial Δ)%I.
+ of_envs Δ = (⌜envs_wf Δ⌠∗ □ [∗] env_persistent Δ ∗ [∗] env_spatial Δ)%I.
Proof. done. Qed.
Lemma envs_lookup_delete_Some Δ Δ' i p P :
@@ -397,7 +397,7 @@ Proof.
rewrite (into_pure P); by apply pure_elim_sep_l.
Qed.
-Lemma tac_pure_revert Δ φ Q : (Δ ⊢ ■φ → Q) → (φ → Δ ⊢ Q).
+Lemma tac_pure_revert Δ φ Q : (Δ ⊢ ⌜φ⌠→ Q) → (φ → Δ ⊢ Q).
Proof. intros HΔ ?. by rewrite HΔ pure_True // left_id. Qed.
(** * Later *)
@@ -476,7 +476,7 @@ Proof.
by rewrite right_id {1}(into_persistentP P) always_and_sep_l wand_elim_r.
Qed.
Lemma tac_pure_impl_intro Δ (φ ψ : Prop) :
- (φ → Δ ⊢ ■ψ) → Δ ⊢ ■(φ → ψ).
+ (φ → Δ ⊢ ⌜ψâŒ) → Δ ⊢ ⌜φ → ψâŒ.
Proof. intros. rewrite pure_impl. by apply impl_intro_l, pure_elim_l. Qed.
Lemma tac_impl_intro_pure Δ P φ Q : IntoPure P φ → (φ → Δ ⊢ Q) → Δ ⊢ P → Q.
Proof.
@@ -744,8 +744,8 @@ Qed.
(** * Framing *)
Lemma tac_frame_pure Δ (φ : Prop) P Q :
- φ → Frame (■φ) P Q → (Δ ⊢ Q) → Δ ⊢ P.
-Proof. intros ?? ->. by rewrite -(frame (■φ) P) pure_True // left_id. Qed.
+ φ → Frame ⌜φ⌠P Q → (Δ ⊢ Q) → Δ ⊢ P.
+Proof. intros ?? ->. by rewrite -(frame ⌜φ⌠P) pure_True // left_id. Qed.
Lemma tac_frame Δ Δ' i p R P Q :
envs_lookup_delete i Δ = Some (p, R, Δ') → Frame R P Q →
@@ -781,7 +781,7 @@ Lemma tac_forall_intro {A} Δ (Φ : A → uPred M) : (∀ a, Δ ⊢ Φ a) → Δ
Proof. apply forall_intro. Qed.
Lemma tac_pure_forall_intro {A} Δ (φ : A → Prop) :
- (∀ a, Δ ⊢ ■φ a) → Δ ⊢ ■∀ a, φ a.
+ (∀ a, Δ ⊢ ⌜φ aâŒ) → Δ ⊢ ⌜∀ a, φ aâŒ.
Proof. intros. rewrite pure_forall. by apply forall_intro. Qed.
Class ForallSpecialize {As} (xs : hlist As)
diff --git a/proofmode/tactics.v b/proofmode/tactics.v
index 831e049dd5b7cf5ca6449d9dcc6becb1ed3cf9ad..00c6b395a5ee5627aeb3a50cf79d2702a1c15e4e 100644
--- a/proofmode/tactics.v
+++ b/proofmode/tactics.v
@@ -1148,7 +1148,7 @@ Tactic Notation "iRewrite" "-" open_constr(lem) "in" constr(H) :=
iRewriteCore true lem in H.
Ltac iSimplifyEq := repeat (
- iMatchGoal ltac:(fun H P => match P with (_ = _)%I => iDestruct H as %? end)
+ iMatchGoal ltac:(fun H P => match P with (⌜_ = _âŒ)%I => iDestruct H as %? end)
|| simplify_eq/=).
(** * Update modality *)
diff --git a/tests/barrier_client.v b/tests/barrier_client.v
index a4b7e564d5d291461cd37d232a4fd8d3894cdb0e..6b60585dc9f43e65c0640038cd9185781543c2ed 100644
--- a/tests/barrier_client.v
+++ b/tests/barrier_client.v
@@ -17,7 +17,7 @@ Section client.
Context `{!heapG Σ, !barrierG Σ, !spawnG Σ} (N : namespace).
Definition y_inv (q : Qp) (l : loc) : iProp Σ :=
- (∃ f : val, l ↦{q} f ∗ □ ∀ n : Z, WP f #n {{ v, v = #(n + 42) }})%I.
+ (∃ f : val, l ↦{q} f ∗ □ ∀ n : Z, WP f #n {{ v, ⌜v = #(n + 42)⌠}})%I.
Lemma y_inv_split q l : y_inv q l ⊢ (y_inv (q/2) l ∗ y_inv (q/2) l).
Proof.
diff --git a/tests/counter.v b/tests/counter.v
index 053a5b7ba48c395bbf6a38ed204c6996f226b59b..9bc8d14b9a54f82eaffde6ea6c98516ef64dbbd8 100644
--- a/tests/counter.v
+++ b/tests/counter.v
@@ -85,7 +85,7 @@ Definition I (γ : gname) (l : loc) : iProp Σ :=
(∃ c : nat, l ↦ #c ∗ own γ (Auth c))%I.
Definition C (l : loc) (n : nat) : iProp Σ :=
- (∃ N γ, heapN ⊥ N ∧ heap_ctx ∧ inv N (I γ l) ∧ own γ (Frag n))%I.
+ (∃ N γ, ⌜heapN ⊥ N⌠∧ heap_ctx ∧ inv N (I γ l) ∧ own γ (Frag n))%I.
(** The main proofs. *)
Global Instance C_persistent l n : PersistentP (C l n).
@@ -93,7 +93,7 @@ Proof. apply _. Qed.
Lemma newcounter_spec N :
heapN ⊥ N →
- heap_ctx ⊢ {{ True }} newcounter #() {{ v, ∃ l, v = #l ∧ C l 0 }}.
+ heap_ctx ⊢ {{ True }} newcounter #() {{ v, ∃ l, ⌜v = #l⌠∧ C l 0 }}.
Proof.
iIntros (?) "#Hh !# _ /=". rewrite -wp_fupd /newcounter /=. wp_seq. wp_alloc l as "Hl".
iMod (own_alloc (Auth 0)) as (γ) "Hγ"; first done.
@@ -104,7 +104,7 @@ Proof.
Qed.
Lemma incr_spec l n :
- {{ C l n }} incr #l {{ v, v = #() ∧ C l (S n) }}.
+ {{ C l n }} incr #l {{ v, ⌜v = #()⌠∧ C l (S n) }}.
Proof.
iIntros "!# Hl /=". iLöb as "IH". wp_rec.
iDestruct "Hl" as (N γ) "(% & #Hh & #Hinv & Hγf)".
@@ -126,7 +126,7 @@ Proof.
Qed.
Lemma read_spec l n :
- {{ C l n }} read #l {{ v, ∃ m : nat, ■(v = #m ∧ n ≤ m) ∧ C l m }}.
+ {{ C l n }} read #l {{ v, ∃ m : nat, ⌜v = #m ∧ n ≤ m⌠∧ C l m }}.
Proof.
iIntros "!# Hl /=". iDestruct "Hl" as (N γ) "(% & #Hh & #Hinv & Hγf)".
rewrite /read /=. wp_let. iInv N as (c) "[Hl Hγ]" "Hclose". wp_load.
diff --git a/tests/heap_lang.v b/tests/heap_lang.v
index 4cd2dd065c4d698c85de78cea753d0904c4db8fa..3f6f8c7fef2bd7525268dc8502952804016cbbfc 100644
--- a/tests/heap_lang.v
+++ b/tests/heap_lang.v
@@ -12,7 +12,7 @@ Section LiftingTests.
Definition heap_e : expr :=
let: "x" := ref #1 in "x" <- !"x" + #1 ;; !"x".
Lemma heap_e_spec E :
- nclose heapN ⊆ E → heap_ctx ⊢ WP heap_e @ E {{ v, v = #2 }}.
+ nclose heapN ⊆ E → heap_ctx ⊢ WP heap_e @ E {{ v, ⌜v = #2⌠}}.
Proof.
iIntros (HN) "#?". rewrite /heap_e.
wp_alloc l. wp_let. wp_load. wp_op. wp_store. by wp_load.
@@ -23,7 +23,7 @@ Section LiftingTests.
let: "y" := ref #1 in
"x" <- !"x" + #1 ;; !"x".
Lemma heap_e2_spec E :
- nclose heapN ⊆ E → heap_ctx ⊢ WP heap_e2 @ E {{ v, v = #2 }}.
+ nclose heapN ⊆ E → heap_ctx ⊢ WP heap_e2 @ E {{ v, ⌜v = #2⌠}}.
Proof.
iIntros (HN) "#?". rewrite /heap_e2.
wp_alloc l. wp_let. wp_alloc l'. wp_let.
@@ -59,7 +59,7 @@ Section LiftingTests.
Qed.
Lemma Pred_user E :
- True ⊢ WP let: "x" := Pred #42 in Pred "x" @ E {{ v, v = #40 }}.
+ True ⊢ WP let: "x" := Pred #42 in Pred "x" @ E {{ v, ⌜v = #40⌠}}.
Proof. iIntros "". wp_apply Pred_spec. wp_let. by wp_apply Pred_spec. Qed.
End LiftingTests.
diff --git a/tests/list_reverse.v b/tests/list_reverse.v
index 5af0d7fab958603044af441939d79362c606aeef..64565e93fa8e9047cf8fe087829c52ed5851227c 100644
--- a/tests/list_reverse.v
+++ b/tests/list_reverse.v
@@ -10,8 +10,8 @@ Implicit Types l : loc.
Fixpoint is_list (hd : val) (xs : list val) : iProp Σ :=
match xs with
- | [] => hd = NONEV
- | x :: xs => ∃ l hd', hd = SOMEV #l ∗ l ↦ (x,hd') ∗ is_list hd' xs
+ | [] => ⌜hd = NONEVâŒ
+ | x :: xs => ∃ l hd', ⌜hd = SOMEV #l⌠∗ l ↦ (x,hd') ∗ is_list hd' xs
end%I.
Definition rev : val :=
diff --git a/tests/one_shot.v b/tests/one_shot.v
index aa97d00877c7167919a90d0de650db3000fdd044..04c0354c25c0dd4cbb80bd02e53500108dabba7e 100644
--- a/tests/one_shot.v
+++ b/tests/one_shot.v
@@ -37,7 +37,7 @@ Definition one_shot_inv (γ : gname) (l : loc) : iProp Σ :=
Lemma wp_one_shot (Φ : val → iProp Σ) :
heap_ctx ∗ (∀ f1 f2 : val,
- (∀ n : Z, □ WP f1 #n {{ w, w = #true ∨ w = #false }}) ∗
+ (∀ n : Z, □ WP f1 #n {{ w, ⌜w = #true⌠∨ ⌜w = #false⌠}}) ∗
□ WP f2 #() {{ g, □ WP g #() {{ _, True }} }} -∗ Φ (f1,f2)%V)
⊢ WP one_shot_example #() {{ Φ }}.
Proof.
@@ -57,14 +57,14 @@ Proof.
rewrite /one_shot_inv; eauto 10.
- iIntros "!#". wp_seq. wp_bind (! _)%E.
iInv N as ">Hγ" "Hclose".
- iAssert (∃ v, l ↦ v ∗ ((v = NONEV ∗ own γ Pending) ∨
- ∃ n : Z, v = SOMEV #n ∗ own γ (Shot n)))%I with "[Hγ]" as "Hv".
+ iAssert (∃ v, l ↦ v ∗ ((⌜v = NONEV⌠∗ own γ Pending) ∨
+ ∃ n : Z, ⌜v = SOMEV #n⌠∗ own γ (Shot n)))%I with "[Hγ]" as "Hv".
{ iDestruct "Hγ" as "[[Hl Hγ]|Hl]"; last iDestruct "Hl" as (m) "[Hl Hγ]".
+ iExists NONEV. iFrame. eauto.
+ iExists (SOMEV #m). iFrame. eauto. }
iDestruct "Hv" as (v) "[Hl Hv]". wp_load.
- iAssert (one_shot_inv γ l ∗ (v = NONEV ∨ ∃ n : Z,
- v = SOMEV #n ∗ own γ (Shot n)))%I with "[Hl Hv]" as "[Hinv #Hv]".
+ iAssert (one_shot_inv γ l ∗ (⌜v = NONEV⌠∨ ∃ n : Z,
+ ⌜v = SOMEV #n⌠∗ own γ (Shot n)))%I with "[Hl Hv]" as "[Hinv #Hv]".
{ iDestruct "Hv" as "[[% ?]|Hv]"; last iDestruct "Hv" as (m) "[% ?]"; subst.
+ iSplit. iLeft; by iSplitL "Hl". eauto.
+ iSplit. iRight; iExists m; by iSplitL "Hl". eauto. }
@@ -86,7 +86,7 @@ Qed.
Lemma ht_one_shot (Φ : val → iProp Σ) :
heap_ctx ⊢ {{ True }} one_shot_example #()
{{ ff,
- (∀ n : Z, {{ True }} Fst ff #n {{ w, w = #true ∨ w = #false }}) ∗
+ (∀ n : Z, {{ True }} Fst ff #n {{ w, ⌜w = #true⌠∨ ⌜w = #false⌠}}) ∗
{{ True }} Snd ff #() {{ g, {{ True }} g #() {{ _, True }} }}
}}.
Proof.
diff --git a/tests/proofmode.v b/tests/proofmode.v
index 97bec6d8bde135a52fb75557725bd0e9086d2a8e..ab97cc55d2f2881e54f3c06830b98a33f72e6f7f 100644
--- a/tests/proofmode.v
+++ b/tests/proofmode.v
@@ -2,7 +2,7 @@ From iris.proofmode Require Import tactics.
From iris.base_logic.lib Require Import invariants.
Lemma demo_0 {M : ucmraT} (P Q : uPred M) :
- □ (P ∨ Q) ⊢ (∀ x, x = 0 ∨ x = 1) → (Q ∨ P).
+ â–¡ (P ∨ Q) ⊢ (∀ x, ⌜x = 0⌠∨ ⌜x = 1âŒ) → (Q ∨ P).
Proof.
iIntros "#H #H2".
(* should remove the disjunction "H" *)
@@ -17,8 +17,8 @@ Lemma demo_1 (M : ucmraT) (P1 P2 P3 : nat → uPred M) :
□ (uPred_ownM (a ⋅ b) -∗
(∃ y1 y2 c, P1 ((x + y1) + y2) ∧ True ∧ □ uPred_ownM c) -∗
□ ▷ (∀ z, P2 z ∨ True → P2 z) -∗
- ▷ (∀ n m : nat, P1 n → □ ((True ∧ P2 n) → □ (n = n ↔ P3 n))) -∗
- ▷ (x = 0) ∨ ∃ x z, ▷ P3 (x + z) ∗ uPred_ownM b ∗ uPred_ownM (core b)).
+ ▷ (∀ n m : nat, P1 n → □ ((True ∧ P2 n) → □ (⌜n = n⌠↔ P3 n))) -∗
+ ▷ ⌜x = 0⌠∨ ∃ x z, ▷ P3 (x + z) ∗ uPred_ownM b ∗ uPred_ownM (core b)).
Proof.
iIntros (i [|j] a b ?) "!# [Ha Hb] H1 #H2 H3"; setoid_subst.
{ iLeft. by iNext. }
@@ -38,7 +38,7 @@ Qed.
Lemma demo_2 (M : ucmraT) (P1 P2 P3 P4 Q : uPred M) (P5 : nat → uPredC M):
P2 ∗ (P3 ∗ Q) ∗ True ∗ P1 ∗ P2 ∗ (P4 ∗ (∃ x:nat, P5 x ∨ P3)) ∗ True
- ⊢ P1 -∗ (True ∗ True) -∗ (((P2 ∧ False ∨ P2 ∧ 0 = 0) ∗ P3) ∗ Q ∗ P1 ∗ True) ∧
+ ⊢ P1 -∗ (True ∗ True) -∗ (((P2 ∧ False ∨ P2 ∧ ⌜0 = 0âŒ) ∗ P3) ∗ Q ∗ P1 ∗ True) ∧
(P2 ∨ False) ∧ (False → P5 0).
Proof.
(* Intro-patterns do something :) *)
@@ -54,7 +54,7 @@ Proof.
Qed.
Lemma demo_3 (M : ucmraT) (P1 P2 P3 : uPred M) :
- P1 ∗ P2 ∗ P3 ⊢ ▷ P1 ∗ ▷ (P2 ∗ ∃ x, (P3 ∧ x = 0) ∨ P3).
+ P1 ∗ P2 ∗ P3 ⊢ â–· P1 ∗ â–· (P2 ∗ ∃ x, (P3 ∧ ⌜x = 0âŒ) ∨ P3).
Proof. iIntros "($ & $ & H)". iFrame "H". iNext. by iExists 0. Qed.
Definition foo {M} (P : uPred M) := (P → P)%I.
@@ -74,7 +74,7 @@ Qed.
Lemma demo_6 (M : ucmraT) (P Q : uPred M) :
True ⊢ ∀ x y z : nat,
- x = plus 0 x → y = 0 → z = 0 → P → □ Q → foo (x ≡ x).
+ ⌜x = plus 0 x⌠→ ⌜y = 0⌠→ ⌜z = 0⌠→ P → □ Q → foo (x ≡ x).
Proof.
iIntros (a) "*".
iIntros "#Hfoo **".
@@ -102,5 +102,5 @@ Section iris.
End iris.
Lemma demo_9 (M : ucmraT) (x y z : M) :
- ✓ x → ■(y ≡ z) ⊢ (✓ x ∧ ✓ x ∧ y ≡ z : uPred M).
+ ✓ x → ⌜y ≡ z⌠⊢ (✓ x ∧ ✓ x ∧ y ≡ z : uPred M).
Proof. iIntros (Hv) "Hxy". by iFrame (Hv Hv) "Hxy". Qed.
diff --git a/tests/tree_sum.v b/tests/tree_sum.v
index ff0978afdc3a9bed68ad9ae2b1e10050f47436bb..8e3b9b9c4fabc88f574429062169fb5135f65376 100644
--- a/tests/tree_sum.v
+++ b/tests/tree_sum.v
@@ -9,10 +9,10 @@ Inductive tree :=
Fixpoint is_tree `{!heapG Σ} (v : val) (t : tree) : iProp Σ :=
match t with
- | leaf n => v = InjLV #n
+ | leaf n => ⌜v = InjLV #nâŒ
| node tl tr =>
∃ (ll lr : loc) (vl vr : val),
- v = InjRV (#ll,#lr) ∗ ll ↦ vl ∗ is_tree vl tl ∗ lr ↦ vr ∗ is_tree vr tr
+ ⌜v = InjRV (#ll,#lr)⌠∗ ll ↦ vl ∗ is_tree vl tl ∗ lr ↦ vr ∗ is_tree vr tr
end%I.
Fixpoint sum (t : tree) : Z :=