Revert before introduction of option Assert

This mostly reverts commit c2c58119be.
The theorems will be slightly different and should be way cleaner.

wp.v

@@ -476,98 +476,42 @@ Proof.
   intros F; exfalso; exact F.
 Qed.
 
-Theorem wp_correctness (instr: Instr):
+Theorem wp_correctness_provable (instr: Instr) :
-  forall post, ( |= [| wp instr post |] instr [| post |] ) % assert.
+  forall post, ( |- [| wp instr post |] instr [| post |] ) % assert.
 Proof.
-  induction instr; intros post.
+  induction instr; intros post; simpl.
-  * apply hoare_provability_implies_consequence.
+  * apply (H_skip post).
-    apply (H_skip post).
+  * apply (H_abort assertTop post).
-  * apply hoare_provability_implies_consequence.
+  * apply (H_assign post v e).
-    apply (H_abort assertTop post).
+  * remember (wp instr2 post) as mid eqn:midRel.
-  * apply hoare_provability_implies_consequence. apply (H_assign post v e).
-  * apply hoare_provability_implies_consequence.
-    remember (wp instr2 (Some post)) as mid eqn:midRel.
     remember (wp instr1 mid) as pre eqn:preRel.
-    simpl; rewrite <- midRel; rewrite <- preRel.
+    specialize IHinstr2 with post.
-    specialize IHinstr2 with (Some post0) as IHpost.
+    specialize IHinstr1 with mid.
-    specialize IHinstr1 with mid as IHmid.
+    rewrite <- midRel in IHinstr2.
-    rewrite <- midRel in IHpost; rewrite <- preRel in IHmid.
+    rewrite <- preRel in IHinstr1.
-    destruct mid as [mid0 | ] eqn:mid0Rel.
+    apply (H_seq pre mid post instr1 instr2).
-    destruct pre as [pre0 | ] eqn: pre0Rel.
+    assumption. assumption.
-    apply (H_seq pre0 mid0 post0).
+  * remember ((assertOfExpr e -> wp instr1 post)
-    apply IHmid. apply IHpost.
+              /\ (~ assertOfExpr e -> wp instr2 post)) % assert
-    + unfold whatever_or_none; trivial.
+      as pre eqn:preRel.
-    + destruct pre.
+    apply (H_if pre post e instr1 instr2).
-      - unfold provable_or_none in IHmid; unfold whatever_or_none in IHmid.
+    - apply (H_conseq
-        exfalso. apply IHmid.
+        (pre /\ assertOfExpr e)%assert post
-      - unfold whatever_or_none; trivial.
+        (wp instr1 post) post instr1
-  * apply hoare_provability_implies_consequence.
+        (IHinstr1 post)).
-    specialize IHinstr1 with (Some post0);
+      + rewrite preRel. unfold assertImplLogical.
-    specialize IHinstr2 with (Some post0).
+        intros mem. intros [ [disjunctIf disjunctElse] isIf].
-    destruct (wp instr1 (Some post0)) as [preIf | ] eqn:preIfRel;
+        apply (assertImplElim mem disjunctIf isIf).
-    destruct (wp instr2 (Some post0)) as [preElse | ] eqn:preElseRel.
+      + apply (assertImplSelf post).
-    remember ((assertOfExpr e -> preIf)
+    - apply (H_conseq
-              /\ (~ assertOfExpr e -> preElse)) % assert
+        (pre /\ ~ assertOfExpr e)%assert post
-              as pre0 eqn:pre0Rel.
+        (wp instr2 post) post instr2
-    assert (wp (ifelse e instr1 instr2) (Some post0) = (Some pre0)).
+        (IHinstr2 post)).
-    {
+      + rewrite preRel. unfold assertImplLogical.
-      rewrite pre0Rel; simpl; rewrite preIfRel; rewrite preElseRel; congruence.
+        intros mem. intros [ [disjunctIf disjunctElse] isElse].
-    }
+        apply (assertImplElim mem disjunctElse isElse).
-    {
+      + apply (assertImplSelf post).
-      rewrite H.
+  * 
-      apply (H_if pre0 post0 e instr1 instr2).
-      - apply (H_conseq
-          (pre0 /\ assertOfExpr e)%assert post0
-          preIf post0 instr1
-          IHinstr1).
-        + rewrite pre0Rel. unfold assertImplLogical.
-          intros mem [ [disjunctIf disjunctElse] isIf].
-          apply (assertImplElim mem disjunctIf isIf).
-        + apply (assertImplSelf post0).
-      - apply (H_conseq
-          (pre0 /\ ~ assertOfExpr e)%assert post0
-          preElse post0 instr2
-          IHinstr2).
-        + rewrite pre0Rel. unfold assertImplLogical.
-          intros mem [ [disjunctIf disjunctElse] isElse].
-          apply (assertImplElim mem disjunctElse isElse).
-        + apply (assertImplSelf post0).
-    }
-
-    - unfold provable_or_none; simpl; rewrite preElseRel;
-        rewrite preIfRel; trivial.
-    - unfold provable_or_none; simpl; rewrite preElseRel;
-        rewrite preIfRel; trivial.
-    - unfold provable_or_none; simpl; rewrite preElseRel;
-        rewrite preIfRel; trivial.
-  * unfold wp. apply preBottomIsCorrect.
-Qed.
-
-Lemma provable_opt_implies_provable {pre instr post} :
-  (|-opt [|Some pre|] instr [|Some post|])%assert
-  -> (|- [|pre|] instr [|post|])%assert.
-Proof.
-  intros prf.
-  unfold provable_or_none in prf; unfold whatever_or_none in prf. assumption.
-Qed.
-
-Theorem wp_correctness (instr: Instr) :
-  forall post, ( |=opt [| wp instr post |] instr [| post |] ) % assert.
-Proof.
-  intros post.
-  destruct post as [post0 | ] eqn:post0Rel.
-  remember (wp instr (Some post0)) as pre eqn:preRel.
-  destruct pre as [ pre0 | ] eqn:pre0Rel.
-  - unfold consequence_or_none; unfold whatever_or_none.
-    apply hoare_provability_implies_consequence.
-    apply provable_opt_implies_provable.
-    rewrite preRel.
-    apply wp_correctness_provable.
-  - unfold consequence_or_none; unfold whatever_or_none; trivial.
-  - unfold wp.
-    destruct instr; unfold consequence_or_none; unfold
-    whatever_or_none; trivial.
-Qed.
 
 (* vim: ts=2 sw=2
 *)