With recent efforts to build foundational certified software systems,two different approaches have been proposed to certify thread context switching.One is to certify both threads and context switching in a single logic system,and the other certifies threads and context switching at different abstraction levels.The former requires heavyweight extensions in the logic system to support first-class code pointers and recursive specifications.Moreover,the specification for context switching is very complex.The latter supports simpler and more natural specifications,but it requires the contexts of threads to be abstracted away completely when threads are certified.As a result,the conventional implementation of context switching used in most systems needs to be revised to make the abstraction work.In this paper,we extend the second approach to certify the conventional implementation,where the clear abstraction for threads is unavailable since both threads and context switching hold pointers of thread contexts.To solve this problem,we allow the program specifications for threads to refer to pointers of thread contexts.Thread contexts are treated as opaque structures,whose contents are unspecified and should never be accessed by the code of threads.Therefore,the advantage of avoiding the direct support of first-class code pointers is still preserved in our method.Besides,our new approach is also more lightweight.Instead of using two different logics to certify threads and context switching,we employ only one program logic with two different specifications for the context switching.One is used to certify the implementation itself,and the more abstract one is used as an interface between threads and context switching at a higher abstraction level.The consistency between the two specifications are enforced by the global program invariant.