(* * Copyright 2014, General Dynamics C4 Systems * * This software may be distributed and modified according to the terms of * the GNU General Public License version 2. Note that NO WARRANTY is provided. * See "LICENSE_GPLv2.txt" for details. * * @TAG(GD_GPL) *) chapter "Proofs" (* * List of rules to make various images. * * Some rules have duplicate targets of the form: * * theories [condition = "MOO", quick_and_dirty] * "foo" * theories * "foo" * * The idea is that if the environment variable "MOO" is defined we * execute the first rule (doing the proof in quick-and-dirty mode), and * then find we need not take any action for the second. Otherwise, we * skip the first rule and only perform the second. *) (* * Refinement proof. *) session Refine = BaseRefine + description {* Refinement between Haskell and Abstract spec. *} theories [condition = "REFINE_QUICK_AND_DIRTY", quick_and_dirty] "refine/$L4V_ARCH/Refine" theories [condition = "SKIP_REFINE_PROOFS", quick_and_dirty, skip_proofs] "refine/$L4V_ARCH/Refine" theories "refine/$L4V_ARCH/Refine" theories [condition = "L4V_ARCH_IS_ARM"] "refine/$L4V_ARCH/Orphanage" session BaseRefine2 = BaseRefine + description {* Intermediate point in refinement proof. Useful for machines with small RAM. *} theories [condition = "SKIP_AINVS_PROOFS", quick_and_dirty, skip_proofs] "refine/$L4V_ARCH/Untyped_R" "refine/$L4V_ARCH/Schedule_R" theories "refine/$L4V_ARCH/Untyped_R" "refine/$L4V_ARCH/Schedule_R" session BaseRefine = AInvs + description {* Background theory and libraries for refinement proof. *} theories "refine/$L4V_ARCH/Include" session AInvs = ASpec + theories [condition = "SKIP_AINVS_PROOFS", quick_and_dirty, skip_proofs] "invariant-abstract/KernelInit_AI" "invariant-abstract/$L4V_ARCH/ArchDetSchedSchedule_AI" theories [condition = "AINVS_QUICK_AND_DIRTY", quick_and_dirty] "invariant-abstract/KernelInit_AI" "invariant-abstract/$L4V_ARCH/ArchDetSchedSchedule_AI" theories "invariant-abstract/KernelInit_AI" "invariant-abstract/$L4V_ARCH/ArchDetSchedSchedule_AI" (* * C Refinement proof. *) session CRefineSyscall = CBaseRefine + theories [condition = "CREFINE_QUICK_AND_DIRTY", quick_and_dirty] "crefine/$L4V_ARCH/Syscall_C" theories "crefine/$L4V_ARCH/Syscall_C" session CRefine = CBaseRefine + theories [condition = "CREFINE_QUICK_AND_DIRTY", quick_and_dirty] "crefine/$L4V_ARCH/Refine_C" theories "crefine/$L4V_ARCH/Refine_C" session CBaseRefine = CSpec + theories [condition = "SKIP_DUPLICATED_PROOFS", quick_and_dirty, skip_proofs] (* ../lib/clib/AutoCorres_C explains why L4VerifiedLinks is included here. *) "../tools/autocorres/L4VerifiedLinks" "crefine/$L4V_ARCH/Include_C" theories "../tools/autocorres/L4VerifiedLinks" "crefine/$L4V_ARCH/Include_C" session AutoCorresCRefine = CRefine + theories "crefine/$L4V_ARCH/AutoCorresTest" (* * CapDL Refinement *) session DBaseRefine = Refine + theories "drefine/Include_D" session DRefine = DBaseRefine + theories "drefine/Refine_D" session DPolicy = DRefine + theories "access-control/Dpolicy" (* * Infoflow and Access *) session Access in "access-control" = AInvs + theories "Syscall_AC" "ExampleSystem" session InfoFlow in "infoflow" = Access + theories "InfoFlow_Image_Toplevel" session InfoFlowCBase = CRefine + theories [condition = "SKIP_DUPLICATED_PROOFS", quick_and_dirty, skip_proofs] "infoflow/Include_IF_C" theories "infoflow/Include_IF_C" session InfoFlowC = InfoFlowCBase + theories "infoflow/Noninterference_Refinement" "infoflow/Example_Valid_StateH" (* * capDL *) session SepDSpec = DSpec + theories "sep-capDL/Frame_SD" session DSpecProofs in "capDL-api" = SepDSpec + theories "API_DP" (* * Static Separation Kernel Bisimilarity *) session Bisim in bisim = AInvs + theories "Syscall_S" files "document/root.tex" "document/build" "document/Makefile" (* * Separation Logic *) session SepTactics = Word_Lib + theories "../lib/Hoare_Sep_Tactics/Hoare_Sep_Tactics" session SepTacticsExamples = SepTactics + theories [quick_and_dirty] "capDL-api/Sep_Tactic_Examples" (* * Binary Verification Input Step *) session SimplExportAndRefine = CSpec + theories "asmrefine/SEL4SimplExport" "asmrefine/SEL4GraphRefine" session SimplExportOnly = CSpec + theories "asmrefine/SEL4SimplExport" (* * Libraries *) session AutoLevity = AutoLevity_Base + theories "../lib/autolevity_buckets/AutoLevity_Top" session AutoLevity_Base = Word_Lib + theories "../lib/autolevity_buckets/AutoLevity_Base"