47119bf43e
The things that usually go wrong:
- wp fall through: add +, e.g.
apply (wp select_wp) -> apply (wp select_wp)+
- precondition: you can remove most hoare_pre, but wpc still needs it, and
sometimes the wp instance relies on being able to fit a rule to the
current non-schematic precondition. In that case, use "including no_pre"
to switch off the automatic hoare_pre application.
- very rarely there is a schematic postcondition that interferes with the
new trivial cleanup rules, because the rest of the script assumes some
specific state afterwards (shouldn't happen in a reasonable proof, but
not all proofs are reasonable..). In that case, (wp_once ...)+ should
emulate the old behaviour precisely.
|
||
|---|---|---|
| .. | ||
| adl-spec | ||
| cdl-refine | ||
| glue-proofs | ||
| glue-spec | ||
| Makefile | ||
| README | ||
| ROOT | ||
| tests.xml | ||
README
# # Copyright 2014, NICTA # # This software may be distributed and modified according to the terms of # the GNU General Public License version 2. Note that NO WARRANTY is provided. # See "LICENSE_GPLv2.txt" for details. # # @TAG(NICTA_GPL) # CAmkES is a component platform for seL4. This directory contains files related to a formal Isabelle model of CAmkES. adl-spec/ - Architectural model. glue-proofs/ - AutoCorres-based work (bottom-up approach to glue code). glue-spec/ - Behavioural model (top-down approach to glue code).