2014-07-14 19:32:44 +00:00
|
|
|
(*
|
|
|
|
* Copyright 2014, General Dynamics C4 Systems
|
|
|
|
*
|
2020-03-09 06:18:30 +00:00
|
|
|
* SPDX-License-Identifier: GPL-2.0-only
|
2014-07-14 19:32:44 +00:00
|
|
|
*)
|
|
|
|
|
|
|
|
chapter "Proofs"
|
|
|
|
|
|
|
|
(*
|
|
|
|
* List of rules to make various images.
|
|
|
|
*
|
|
|
|
* Some rules have duplicate targets of the form:
|
|
|
|
*
|
|
|
|
* theories [condition = "MOO", quick_and_dirty]
|
|
|
|
* "foo"
|
|
|
|
* theories
|
|
|
|
* "foo"
|
|
|
|
*
|
|
|
|
* The idea is that if the environment variable "MOO" is defined we
|
|
|
|
* execute the first rule (doing the proof in quick-and-dirty mode), and
|
|
|
|
* then find we need not take any action for the second. Otherwise, we
|
|
|
|
* skip the first rule and only perform the second.
|
|
|
|
*)
|
|
|
|
|
|
|
|
(*
|
|
|
|
* Refinement proof.
|
|
|
|
*)
|
|
|
|
|
2020-03-27 12:31:51 +00:00
|
|
|
session Refine in "refine" = BaseRefine +
|
2019-06-05 10:18:48 +00:00
|
|
|
description \<open>Refinement between Haskell and Abstract spec.\<close>
|
2018-06-13 07:55:36 +00:00
|
|
|
sessions
|
|
|
|
Lib
|
|
|
|
CorresK
|
|
|
|
AInvs
|
2020-03-27 12:31:51 +00:00
|
|
|
directories
|
|
|
|
"$L4V_ARCH"
|
2017-03-13 03:55:36 +00:00
|
|
|
theories [condition = "REFINE_QUICK_AND_DIRTY", quick_and_dirty]
|
2020-03-27 12:31:51 +00:00
|
|
|
"$L4V_ARCH/Refine"
|
|
|
|
"$L4V_ARCH/RAB_FN"
|
|
|
|
"$L4V_ARCH/EmptyFail_H"
|
2021-06-26 08:13:22 +00:00
|
|
|
"$L4V_ARCH/Init_R"
|
2017-08-08 02:19:43 +00:00
|
|
|
theories [condition = "SKIP_REFINE_PROOFS", quick_and_dirty, skip_proofs]
|
2020-03-27 12:31:51 +00:00
|
|
|
"$L4V_ARCH/Refine"
|
|
|
|
"$L4V_ARCH/RAB_FN"
|
|
|
|
"$L4V_ARCH/EmptyFail_H"
|
2021-06-26 08:13:22 +00:00
|
|
|
"$L4V_ARCH/Init_R"
|
2014-07-14 19:32:44 +00:00
|
|
|
theories
|
2020-03-27 12:31:51 +00:00
|
|
|
"$L4V_ARCH/Refine"
|
|
|
|
"$L4V_ARCH/RAB_FN"
|
|
|
|
"$L4V_ARCH/EmptyFail_H"
|
2021-06-26 08:13:22 +00:00
|
|
|
"$L4V_ARCH/Init_R"
|
2018-10-02 06:44:47 +00:00
|
|
|
|
|
|
|
(*
|
|
|
|
* This theory is in a separate session because the proofs currently
|
|
|
|
* only work for ARM.
|
|
|
|
*)
|
2020-03-27 12:31:51 +00:00
|
|
|
session RefineOrphanage in "refine/$L4V_ARCH/orphanage" = Refine +
|
2019-06-05 10:18:48 +00:00
|
|
|
description \<open>Proof that the kernel does not orphan threads.\<close>
|
2023-05-25 05:12:09 +00:00
|
|
|
theories [condition = "REFINE_QUICK_AND_DIRTY", quick_and_dirty]
|
|
|
|
"Orphanage"
|
2018-10-03 00:28:38 +00:00
|
|
|
theories
|
2020-03-27 12:31:51 +00:00
|
|
|
"Orphanage"
|
2017-03-25 12:00:56 +00:00
|
|
|
|
2020-03-27 12:31:51 +00:00
|
|
|
session BaseRefine in "refine/base" = AInvs +
|
2019-06-05 10:18:48 +00:00
|
|
|
description \<open>Background theory and libraries for refinement proof.\<close>
|
2018-06-19 18:42:46 +00:00
|
|
|
sessions
|
|
|
|
Lib
|
|
|
|
CorresK
|
2014-07-14 19:32:44 +00:00
|
|
|
theories
|
2020-03-27 12:31:51 +00:00
|
|
|
"Include"
|
2014-07-14 19:32:44 +00:00
|
|
|
|
2020-03-19 11:01:22 +00:00
|
|
|
session AInvs in "invariant-abstract" = ASpec +
|
2020-03-21 10:54:54 +00:00
|
|
|
directories
|
|
|
|
"$L4V_ARCH"
|
2017-08-08 06:11:20 +00:00
|
|
|
theories [condition = "SKIP_AINVS_PROOFS", quick_and_dirty, skip_proofs]
|
2020-03-19 11:01:22 +00:00
|
|
|
"KernelInit_AI"
|
|
|
|
"$L4V_ARCH/ArchDetSchedSchedule_AI"
|
2017-08-08 06:11:20 +00:00
|
|
|
theories [condition = "AINVS_QUICK_AND_DIRTY", quick_and_dirty]
|
2020-03-19 11:01:22 +00:00
|
|
|
"KernelInit_AI"
|
|
|
|
"$L4V_ARCH/ArchDetSchedSchedule_AI"
|
2014-07-14 19:32:44 +00:00
|
|
|
theories
|
2020-03-19 11:01:22 +00:00
|
|
|
"KernelInit_AI"
|
|
|
|
"$L4V_ARCH/ArchDetSchedSchedule_AI"
|
2014-07-14 19:32:44 +00:00
|
|
|
|
|
|
|
(*
|
|
|
|
* C Refinement proof.
|
|
|
|
*)
|
|
|
|
|
2020-03-29 07:48:37 +00:00
|
|
|
session CRefineSyscall in "crefine/intermediate" = CBaseRefine +
|
|
|
|
sessions
|
|
|
|
CRefine
|
2017-04-16 06:36:47 +00:00
|
|
|
theories [condition = "CREFINE_QUICK_AND_DIRTY", quick_and_dirty]
|
2020-03-29 07:48:37 +00:00
|
|
|
"Intermediate_C"
|
2014-09-18 10:12:43 +00:00
|
|
|
theories
|
2020-03-29 07:48:37 +00:00
|
|
|
"Intermediate_C"
|
2014-09-18 10:12:43 +00:00
|
|
|
|
2020-03-29 04:42:08 +00:00
|
|
|
session CRefine in "crefine" = CBaseRefine +
|
|
|
|
directories
|
|
|
|
"lib"
|
|
|
|
"$L4V_ARCH"
|
2017-04-12 22:31:27 +00:00
|
|
|
theories [condition = "CREFINE_QUICK_AND_DIRTY", quick_and_dirty]
|
2020-03-19 11:01:22 +00:00
|
|
|
"Refine_C"
|
2014-07-14 19:32:44 +00:00
|
|
|
theories
|
2020-03-19 11:01:22 +00:00
|
|
|
"Refine_C"
|
2014-07-14 19:32:44 +00:00
|
|
|
|
2020-03-29 04:42:08 +00:00
|
|
|
session CBaseRefine in "crefine/base" = CSpec +
|
2018-06-13 07:55:36 +00:00
|
|
|
sessions
|
|
|
|
CLib
|
|
|
|
Refine
|
|
|
|
AutoCorres
|
2017-08-08 06:11:20 +00:00
|
|
|
theories [condition = "SKIP_DUPLICATED_PROOFS", quick_and_dirty, skip_proofs]
|
2018-06-30 14:20:11 +00:00
|
|
|
(* crefine/lib/AutoCorres_C explains why L4VerifiedLinks is included here. *)
|
2020-03-29 04:42:08 +00:00
|
|
|
"L4VerifiedLinks"
|
2020-03-19 11:01:22 +00:00
|
|
|
"Include_C"
|
2014-07-14 19:32:44 +00:00
|
|
|
theories
|
2020-03-29 04:42:08 +00:00
|
|
|
"L4VerifiedLinks"
|
2020-03-19 11:01:22 +00:00
|
|
|
"Include_C"
|
2014-07-14 19:32:44 +00:00
|
|
|
|
2020-03-29 03:47:58 +00:00
|
|
|
session AutoCorresCRefine in "crefine/autocorres-test" = CRefine +
|
2017-11-08 05:30:06 +00:00
|
|
|
theories
|
2020-03-29 03:47:58 +00:00
|
|
|
"AutoCorresTest"
|
2014-07-14 19:32:44 +00:00
|
|
|
|
|
|
|
(*
|
|
|
|
* CapDL Refinement
|
|
|
|
*)
|
|
|
|
|
2020-03-19 11:01:22 +00:00
|
|
|
session DBaseRefine in "drefine/base" = AInvs +
|
2018-06-13 07:55:36 +00:00
|
|
|
sessions
|
|
|
|
DSpec
|
2014-07-14 19:32:44 +00:00
|
|
|
theories
|
2020-03-19 11:01:22 +00:00
|
|
|
"Include_D"
|
2014-07-14 19:32:44 +00:00
|
|
|
|
2020-03-19 11:01:22 +00:00
|
|
|
session DRefine in "drefine" = DBaseRefine +
|
2014-07-14 19:32:44 +00:00
|
|
|
theories
|
2020-03-19 11:01:22 +00:00
|
|
|
"Refine_D"
|
2014-07-14 19:32:44 +00:00
|
|
|
|
2020-03-19 11:01:22 +00:00
|
|
|
session DPolicy in "dpolicy" = DRefine +
|
2018-06-13 07:55:36 +00:00
|
|
|
sessions
|
|
|
|
Access
|
2014-07-14 19:32:44 +00:00
|
|
|
theories
|
2020-03-19 11:01:22 +00:00
|
|
|
"Dpolicy"
|
2014-07-14 19:32:44 +00:00
|
|
|
|
|
|
|
(*
|
|
|
|
* Infoflow and Access
|
|
|
|
*)
|
|
|
|
|
|
|
|
session Access in "access-control" = AInvs +
|
2021-04-27 03:19:02 +00:00
|
|
|
directories
|
|
|
|
"$L4V_ARCH"
|
2014-07-14 19:32:44 +00:00
|
|
|
theories
|
2021-04-27 03:19:02 +00:00
|
|
|
"ArchADT_AC"
|
2014-07-14 19:32:44 +00:00
|
|
|
"ExampleSystem"
|
|
|
|
|
|
|
|
session InfoFlow in "infoflow" = Access +
|
2021-09-15 07:08:36 +00:00
|
|
|
directories
|
|
|
|
"$L4V_ARCH"
|
2014-07-14 19:32:44 +00:00
|
|
|
theories
|
2017-11-24 11:27:04 +00:00
|
|
|
"InfoFlow_Image_Toplevel"
|
2014-07-14 19:32:44 +00:00
|
|
|
|
2020-03-30 09:35:21 +00:00
|
|
|
session InfoFlowCBase in "infoflow/refine/base" = CRefine +
|
2018-06-13 07:55:36 +00:00
|
|
|
sessions
|
|
|
|
Refine
|
|
|
|
Access
|
|
|
|
InfoFlow
|
2017-08-08 06:11:20 +00:00
|
|
|
theories [condition = "SKIP_DUPLICATED_PROOFS", quick_and_dirty, skip_proofs]
|
2020-03-30 09:35:21 +00:00
|
|
|
"Include_IF_C"
|
2016-11-15 06:14:36 +00:00
|
|
|
theories
|
2020-03-30 09:35:21 +00:00
|
|
|
"Include_IF_C"
|
2016-11-15 06:14:36 +00:00
|
|
|
|
2020-03-30 09:35:21 +00:00
|
|
|
session InfoFlowC in "infoflow/refine" = InfoFlowCBase +
|
2021-09-15 07:08:36 +00:00
|
|
|
directories
|
|
|
|
"$L4V_ARCH"
|
2014-07-14 19:32:44 +00:00
|
|
|
theories
|
2020-03-30 09:35:21 +00:00
|
|
|
"Noninterference_Refinement"
|
|
|
|
"Example_Valid_StateH"
|
2014-07-14 19:32:44 +00:00
|
|
|
|
|
|
|
(*
|
|
|
|
* capDL
|
|
|
|
*)
|
|
|
|
|
2020-03-19 11:01:22 +00:00
|
|
|
session SepDSpec in "sep-capDL" = DSpec +
|
2018-06-13 07:55:36 +00:00
|
|
|
sessions
|
|
|
|
Sep_Algebra
|
|
|
|
SepTactics
|
2014-07-14 19:32:44 +00:00
|
|
|
theories
|
2020-03-19 11:01:22 +00:00
|
|
|
"Frame_SD"
|
2014-07-14 19:32:44 +00:00
|
|
|
|
|
|
|
session DSpecProofs in "capDL-api" = SepDSpec +
|
2019-01-08 06:19:22 +00:00
|
|
|
sessions
|
|
|
|
AInvs
|
2014-07-14 19:32:44 +00:00
|
|
|
theories
|
2020-03-19 11:01:22 +00:00
|
|
|
"Sep_Tactic_Examples"
|
2014-07-24 09:56:24 +00:00
|
|
|
"API_DP"
|
2014-07-14 19:32:44 +00:00
|
|
|
|
2014-08-13 12:08:46 +00:00
|
|
|
(*
|
|
|
|
* Static Separation Kernel Bisimilarity
|
|
|
|
*)
|
|
|
|
|
|
|
|
session Bisim in bisim = AInvs +
|
2018-06-13 07:55:36 +00:00
|
|
|
sessions
|
|
|
|
ASepSpec
|
2014-08-13 12:08:46 +00:00
|
|
|
theories
|
|
|
|
"Syscall_S"
|
2018-06-23 07:59:24 +00:00
|
|
|
document_files
|
|
|
|
"root.tex"
|
|
|
|
"build"
|
|
|
|
"Makefile"
|
2014-07-14 19:32:44 +00:00
|
|
|
|
|
|
|
|
2014-09-05 09:08:11 +00:00
|
|
|
(*
|
|
|
|
* Binary Verification Input Step
|
|
|
|
*)
|
2020-03-31 01:34:51 +00:00
|
|
|
session SimplExportAndRefine in "asmrefine" = SimplExport +
|
2020-03-30 03:44:40 +00:00
|
|
|
sessions
|
|
|
|
SimplExport
|
2014-09-05 09:08:11 +00:00
|
|
|
theories
|
2020-03-19 11:01:22 +00:00
|
|
|
"SEL4GraphRefine"
|
2014-09-05 09:08:11 +00:00
|
|
|
|
2020-03-29 03:47:58 +00:00
|
|
|
session SimplExport in "asmrefine/export" = CSpec +
|
2020-11-30 03:54:57 +00:00
|
|
|
directories
|
|
|
|
"$L4V_ARCH"
|
2015-05-22 03:55:35 +00:00
|
|
|
theories
|
2020-03-29 03:47:58 +00:00
|
|
|
"SEL4SimplExport"
|