12c9c2bc21
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems> |
||
|---|---|---|
| .. | ||
| wp | ||
| Fun_Pred_Syntax.thy | ||
| Less_Monad_Syntax.thy | ||
| MonadEq.thy | ||
| MonadEq_Lemmas.thy | ||
| Monad_Equations.thy | ||
| Monad_Lib.thy | ||
| More_NonDetMonadVCG.thy | ||
| No_Fail.thy | ||
| No_Throw.thy | ||
| NonDetMonad.thy | ||
| NonDetMonadLemmas.thy | ||
| NonDetMonadVCG.thy | ||
| OptionMonad.thy | ||
| OptionMonadND.thy | ||
| OptionMonadWP.thy | ||
| README.md | ||
| ROOT | ||
| Strengthen.thy | ||
| Strengthen_Demo.thy | ||
| TraceMonad.thy | ||
| TraceMonadLemmas.thy | ||
| TraceMonadVCG.thy | ||
| WhileLoopRules.thy | ||
| WhileLoopRulesCompleteness.thy | ||
| tests.xml | ||
README.md
Monad Definitions and Tactics
This session contains definitions of various monads useful in [AutoCorres] and the seL4 verification for the verification of C programs.
In particular, this session defines:
-
a nondeterministic state monad with failure to express stateful computation. There is a variation of this monad that also allows computation with exceptions (throw/catch).
-
a reader option monad to express computation that can depend on state and can fail, but does not change state. It can also be used to express projections from the state in preconditions and other state assertions.
-
a trace monad that stores a set of traces for expressing concurrent computation.
-
for each of these monads, weakest-precondition lemmas and corresponding tool setup.
-
for the nondeterministic state monad, additional concepts such as wellformedness with respect to failure (
empty_fail), absence of failure (no_fail), absence of exceptions (no_throw). See the respective theories for more details.
The directory wp/ contains proof methods to reason about these monads
in weakest-precondition style.