diff --git a/proof/infoflow/refine/ADT_IF_Refine_C.thy b/proof/infoflow/refine/ADT_IF_Refine_C.thy index ec9dff489cc..60d409bff2e 100644 --- a/proof/infoflow/refine/ADT_IF_Refine_C.thy +++ b/proof/infoflow/refine/ADT_IF_Refine_C.thy @@ -193,23 +193,20 @@ lemma handleInterrupt_no_fail: lemma handleEvent_Interrupt_no_fail: "no_fail (invs' and ex_abs einvs) (handleEvent Interrupt)" apply (simp add: handleEvent_def) - apply (rule no_fail_pre) apply wp - apply (rule handleInterrupt_no_fail) - apply (simp add: crunch_simps) - apply (rule_tac Q="\r s. ex_abs (einvs) s \ invs' s \ - (\irq. r = Some irq - \ intStateIRQTable (ksInterruptState s) irq \ irqstate.IRQInactive)" - in hoare_strengthen_post) - apply (rule hoare_vcg_conj_lift) - apply (rule corres_ex_abs_lift) - apply (rule dmo_getActiveIRQ_corres) - apply wp - apply simp - apply wp - apply simp - apply (rule doMachineOp_getActiveIRQ_IRQ_active) - apply clarsimp + apply (rule handleInterrupt_no_fail) + apply (simp add: crunch_simps) + apply (rule_tac Q="\r s. ex_abs (einvs) s \ invs' s \ + (\irq. r = Some irq + \ intStateIRQTable (ksInterruptState s) irq \ irqstate.IRQInactive)" + in hoare_strengthen_post) + apply (rule hoare_vcg_conj_lift) + apply (rule corres_ex_abs_lift) + apply (rule dmo_getActiveIRQ_corres) + apply wpsimp + apply (wpsimp wp: doMachineOp_getActiveIRQ_IRQ_active) + apply clarsimp + apply wpsimp apply (clarsimp simp: invs'_def valid_state'_def) done diff --git a/tools/autocorres/tests/examples/FactorialTest.thy b/tools/autocorres/tests/examples/FactorialTest.thy index de0314c599f..0cad8e41309 100644 --- a/tools/autocorres/tests/examples/FactorialTest.thy +++ b/tools/autocorres/tests/examples/FactorialTest.thy @@ -47,7 +47,7 @@ proof (induct n arbitrary: m rule: less_induct) show "no_ofail (\_. unat x < m) (factorial' m x)" apply (subst factorial'.simps) - apply (wp induct_asm ovalid_post_triv) + apply (wpsimp wp: induct_asm ovalid_post_triv) apply unat_arith done qed