l4v icon indicating copy to clipboard operation
l4v copied to clipboard

Published 20 hours ago verified publisher icon seL4

Remove or alter use of `stateAssert`

Open michaelmcinerney opened this issue 7 months ago • 0 comments

stateAssert is currently used within the design spec to assert properties about the state. However, given that we do not translate the string associated with the Haskell assert into the design spec, our use of stateAssert offers no benefit over state_assert.

We should investigate replacing stateAssert with state_assert, which would require a change to the Haskell translator.

Alternatives include

  • having a global simp that turns stateAssert into state_assert and rewriting our corres_underlying/ccorres_underlying rules in terms of state_assert, or

  • providing lemmas statements for our existing corres_underlying/ccorres_underlying rules to use state_assert instead of stateAssert, for example ccorres_stateAssert[simplified stateAssert_def] or similar

michaelmcinerney avatar Jul 11 '24 01:07 michaelmcinerney