47119bf43e
The things that usually go wrong: - wp fall through: add +, e.g. apply (wp select_wp) -> apply (wp select_wp)+ - precondition: you can remove most hoare_pre, but wpc still needs it, and sometimes the wp instance relies on being able to fit a rule to the current non-schematic precondition. In that case, use "including no_pre" to switch off the automatic hoare_pre application. - very rarely there is a schematic postcondition that interferes with the new trivial cleanup rules, because the rest of the script assumes some specific state afterwards (shouldn't happen in a reasonable proof, but not all proofs are reasonable..). In that case, (wp_once ...)+ should emulate the old behaviour precisely. |
||
---|---|---|
.. | ||
adl-spec | ||
cdl-refine | ||
glue-proofs | ||
glue-spec | ||
Makefile | ||
README | ||
ROOT | ||
tests.xml |
README
# # Copyright 2014, NICTA # # This software may be distributed and modified according to the terms of # the GNU General Public License version 2. Note that NO WARRANTY is provided. # See "LICENSE_GPLv2.txt" for details. # # @TAG(NICTA_GPL) # CAmkES is a component platform for seL4. This directory contains files related to a formal Isabelle model of CAmkES. adl-spec/ - Architectural model. glue-proofs/ - AutoCorres-based work (bottom-up approach to glue code). glue-spec/ - Behavioural model (top-down approach to glue code).