adbrucker
/
lh-l4v
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
lh-l4v/proof/bisim
History
Corey Lewis 02116815be proof+autocorres: update for select_wp and alternative_wp 
Signed-off-by: Corey Lewis <corey.lewis@proofcraft.systems>
 		2023-08-09 16:42:01 +10:00
..
document license: provide documentation under CC-BY-SA-4.0 2020-03-16 14:19:15 +08:00
README.md READMEs: use run_tests consistently in READMEs (#622) 2023-03-30 13:59:18 +11:00
Separation.thy spec proof: resolve_address_bits'.simps[simp del] 2020-11-09 17:18:41 +11:00
Syscall_S.thy proof+autocorres: update for select_wp and alternative_wp 2023-08-09 16:42:01 +10:00

README.md

Separation Kernel Bisimilarity

This proof establishes that seL4, if configured fully statically with 1-level CSpaces and notification caps only, is bi-similar to a static separation kernel that has no other system calls than signalling notifications.

Building

To build for the ARM architecture from the l4v/ directory, run:

L4V_ARCH=ARM ./run_tests Bisim

Important Theories

Theory Separation defines static configurations, and theory Syscall_S contains the proof that this is equivalent to a static kernel.

The definition of a static kernel API can be found in the spec directory under sep-abstract.