(* * Copyright 2014, General Dynamics C4 Systems * * SPDX-License-Identifier: GPL-2.0-only *) chapter "Proofs" (* * List of rules to make various images. * * Some rules have duplicate targets of the form: * * theories [condition = "MOO", quick_and_dirty] * "foo" * theories * "foo" * * The idea is that if the environment variable "MOO" is defined we * execute the first rule (doing the proof in quick-and-dirty mode), and * then find we need not take any action for the second. Otherwise, we * skip the first rule and only perform the second. *) (* * Refinement proof. *) session Refine in "refine/$L4V_ARCH" = BaseRefine + description \Refinement between Haskell and Abstract spec.\ sessions Lib CorresK AInvs theories [condition = "REFINE_QUICK_AND_DIRTY", quick_and_dirty] "Refine" "RAB_FN" "EmptyFail_H" theories [condition = "SKIP_REFINE_PROOFS", quick_and_dirty, skip_proofs] "Refine" "RAB_FN" "EmptyFail_H" theories "Refine" "RAB_FN" "EmptyFail_H" (* * This theory is in a separate session because the proofs currently * only work for ARM. *) session RefineOrphanage in "orphanage" = Refine + description \Proof that the kernel does not orphan threads.\ theories "refine/$L4V_ARCH/Orphanage" (* FIXME isa session BaseRefine2 = BaseRefine + description \Intermediate point in refinement proof. Useful for machines with small RAM.\ theories [condition = "SKIP_AINVS_PROOFS", quick_and_dirty, skip_proofs] "refine/$L4V_ARCH/Untyped_R" "refine/$L4V_ARCH/Schedule_R" theories "refine/$L4V_ARCH/Untyped_R" "refine/$L4V_ARCH/Schedule_R" *) session BaseRefine in "refine" = AInvs + description \Background theory and libraries for refinement proof.\ sessions Lib CorresK theories "$L4V_ARCH/Include" session AInvs in "invariant-abstract" = ASpec + directories "$L4V_ARCH" theories [condition = "SKIP_AINVS_PROOFS", quick_and_dirty, skip_proofs] "KernelInit_AI" "$L4V_ARCH/ArchDetSchedSchedule_AI" theories [condition = "AINVS_QUICK_AND_DIRTY", quick_and_dirty] "KernelInit_AI" "$L4V_ARCH/ArchDetSchedSchedule_AI" theories "KernelInit_AI" "$L4V_ARCH/ArchDetSchedSchedule_AI" (* * C Refinement proof. *) (* FIXME isa session CRefineSyscall = CBaseRefine + theories [condition = "CREFINE_QUICK_AND_DIRTY", quick_and_dirty] "crefine/$L4V_ARCH/Syscall_C" theories "crefine/$L4V_ARCH/Syscall_C" *) session CRefine in "crefine/$L4V_ARCH" = CBaseRefine + theories [condition = "CREFINE_QUICK_AND_DIRTY", quick_and_dirty] "Refine_C" theories "Refine_C" session CBaseRefine in "crefine" = CSpec + sessions CLib Refine AutoCorres theories [condition = "SKIP_DUPLICATED_PROOFS", quick_and_dirty, skip_proofs] (* crefine/lib/AutoCorres_C explains why L4VerifiedLinks is included here. *) "lib/L4VerifiedLinks" "Include_C" theories "lib/L4VerifiedLinks" "Include_C" (* FIXME isa session AutoCorresCRefine = CRefine + theories "crefine/$L4V_ARCH/AutoCorresTest" *) (* * CapDL Refinement *) session DBaseRefine in "drefine/base" = AInvs + sessions DSpec theories "Include_D" session DRefine in "drefine" = DBaseRefine + theories "Refine_D" session DPolicy in "dpolicy" = DRefine + sessions Access theories "Dpolicy" (* * Infoflow and Access *) session Access in "access-control" = AInvs + theories "ADT_AC" "ExampleSystem" session InfoFlow in "infoflow" = Access + theories "InfoFlow_Image_Toplevel" session InfoFlowCBase in "infoflow/tools" = CRefine + sessions Refine Access InfoFlow theories [condition = "SKIP_DUPLICATED_PROOFS", quick_and_dirty, skip_proofs] "../Include_IF_C" theories "../Include_IF_C" session InfoFlowC = InfoFlowCBase + theories "infoflow/Noninterference_Refinement" "infoflow/Example_Valid_StateH" (* * capDL *) session SepDSpec in "sep-capDL" = DSpec + sessions Sep_Algebra SepTactics theories "Frame_SD" session DSpecProofs in "capDL-api" = SepDSpec + sessions AInvs theories "Sep_Tactic_Examples" "API_DP" (* * Static Separation Kernel Bisimilarity *) session Bisim in bisim = AInvs + sessions ASepSpec theories "Syscall_S" document_files "root.tex" "build" "Makefile" (* * Binary Verification Input Step *) session SimplExportAndRefine in "asmrefine" = CSpec + theories "SEL4SimplExport" "SEL4GraphRefine" (* FIXME isa session SimplExportOnly = CSpec + theories "asmrefine/SEL4SimplExport" *) (* * Libraries *) (* unused: session AutoLevity = AutoLevity_Base + theories "../lib/autolevity_buckets/AutoLevity_Top" session AutoLevity_Base = Word_Lib + theories "../lib/autolevity_buckets/AutoLevity_Base" *)