Implementation Issues

• Translating C
  • Enabled by kernel C code structure
  • 90% is straightforward
  • Requires moderate understanding of kernel
• Independent Models
  • Required to reduce state space
  • Well-separated kernel interfaces help
  • Requires precise understanding of kernel