adbrucker
/
lh-l4v
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
lh-l4v/proof/invariant-abstract
History
Gerwin Klein abc195f170 arm-hyp ainvs: add valid_arch_tcb invariant (vcpu_at for tcb_vcpu) 2017-06-19 14:32:28 +10:00
..
ARM arm: refactor sanitise_register to take a bool instead of a kernel_object 2017-05-03 21:51:57 +10:00
ARM_HYP arm-hyp ainvs: add valid_arch_tcb invariant (vcpu_at for tcb_vcpu) 2017-06-19 14:32:28 +10:00
ADT_AI.thy ainvs (arm_hyp + generic): 'getActiveIRQ in_kernel' proof updates 2017-06-19 14:32:26 +10:00
AInvs.thy arm-hyp/ainvs: proof repair for vgic_maintenance 2017-06-19 14:32:26 +10:00
AInvsPre.thy SELFOUR-421: merge and fix up to ArmConfidentiality proof 2016-09-22 19:21:56 +10:00
Arch_AI.thy arm-hyp invariants: updates for vcpu, alignments, valid_vspace_obj, wellformed_arch_obj, etc. 2017-06-19 14:32:20 +10:00
BCorres2_AI.thy arm-hyp ainvs: add valid_arch_tcb invariant (vcpu_at for tcb_vcpu) 2017-06-19 14:32:28 +10:00
BCorres_AI.thy arm-hyp invariants: changes from rebase for ARM_HYP invariants 2017-06-19 14:32:20 +10:00
Bits_AI.thy wp_cleanup: update proofs for new wp behaviour 2017-01-13 14:04:15 +01:00
CNodeInv_AI.thy arm-hyp invariants: ArchCNodeInv_AI done 2017-06-19 14:32:22 +10:00
CSpaceInvPre_AI.thy Isabelle2016-1: update references to renamed constants and facts 2017-01-05 14:23:05 +11:00
CSpaceInv_AI.thy arm-hyp invariants: new liveness definition 2017-06-19 14:32:22 +10:00
CSpacePre_AI.thy ainvs: allow valid_arch_state to depend on arch objs 2017-03-03 13:51:35 +11:00
CSpace_AI.thy ainvs (arm_hyp + generic): 'getActiveIRQ in_kernel' proof updates 2017-06-19 14:32:26 +10:00
DetSchedAux_AI.thy wp_cleanup: update proofs for new wp behaviour 2017-01-13 14:04:15 +01:00
DetSchedDomainTime_AI.thy arm-hyp/ainvs: proof repair for vgic_maintenance 2017-06-19 14:32:26 +10:00
DetSchedInvs_AI.thy changes after rebasing (for isabelle2016-1 and the new wp) 2017-06-19 14:32:21 +10:00
DetSchedSchedule_AI.thy arm-hyp/ainvs: proof repair for vgic_maintenance 2017-06-19 14:32:26 +10:00
Deterministic_AI.thy arm: refactor sanitise_register to take a bool instead of a kernel_object 2017-05-03 21:51:57 +10:00
Detype_AI.thy arm-hyp ainvs: add valid_arch_tcb invariant (vcpu_at for tcb_vcpu) 2017-06-19 14:32:28 +10:00
EmptyFail_AI.thy ainvs (arm_hyp + generic): 'getActiveIRQ in_kernel' proof updates 2017-06-19 14:32:26 +10:00
Finalise_AI.thy arm-hyp invariants: rename live' (to avoid name-clashing with execspec invariants) 2017-06-19 14:32:23 +10:00
Include_AI.thy SELFOUR-276: Finish proofs for maximum controlled priority (MCP) 2016-10-05 02:43:41 +11:00
InterruptAcc_AI.thy arm-hyp invariants: updates for vcpu, alignments, valid_vspace_obj, wellformed_arch_obj, etc. 2017-06-19 14:32:20 +10:00
Interrupt_AI.thy backport changes to ARM proofs from X64 work in progress 2017-01-27 08:31:07 +11:00
InvariantsPre_AI.thy arm-hyp invariants: fix arch_splitting/locales 2017-06-19 14:32:21 +10:00
Invariants_AI.thy arm-hyp ainvs: add valid_arch_tcb invariant (vcpu_at for tcb_vcpu) 2017-06-19 14:32:28 +10:00
IpcCancel_AI.thy arm-hyp invariants: rename live' (to avoid name-clashing with execspec invariants) 2017-06-19 14:32:23 +10:00
Ipc_AI.thy arm-hyp ainvs: add valid_arch_tcb invariant (vcpu_at for tcb_vcpu) 2017-06-19 14:32:28 +10:00
KHeapPre_AI.thy arm-hyp: AInvs sorry-free 2017-06-19 14:32:23 +10:00
KHeap_AI.thy arm-hyp ainvs: add valid_arch_tcb invariant (vcpu_at for tcb_vcpu) 2017-06-19 14:32:28 +10:00
KernelInitSepProofs_AI.thy Isabelle2016-1: update references to renamed constants and facts 2017-01-05 14:23:05 +11:00
KernelInitSep_AI.thy Isabelle2016-1: update references to renamed constants and facts 2017-01-05 14:23:05 +11:00
KernelInit_AI.thy SELFOUR-421: fix coding style 2016-09-22 19:23:28 +10:00
LevityCatch_AI.thy backport changes to ARM proofs from X64 work in progress 2017-01-27 08:31:07 +11:00
README.md misc: Proofing and formatting of README.md files. 2014-07-28 13:15:48 +10:00
Retype_AI.thy arm-hyp ainvs: add valid_arch_tcb invariant (vcpu_at for tcb_vcpu) 2017-06-19 14:32:28 +10:00
Schedule_AI.thy wp_cleanup: update proofs for new wp behaviour 2017-01-13 14:04:15 +01:00
SubMonad_AI.thy repairing AInvs: checks up to the middle of VSpace_AI 2016-01-12 18:10:36 +11:00
Syscall_AI.thy arm-hyp invariants: changes from rebase for ARM_HYP invariants 2017-06-19 14:32:20 +10:00
TcbAcc_AI.thy arm-hyp ainvs: add valid_arch_tcb invariant (vcpu_at for tcb_vcpu) 2017-06-19 14:32:28 +10:00
Tcb_AI.thy arm-hyp ainvs: add valid_arch_tcb invariant (vcpu_at for tcb_vcpu) 2017-06-19 14:32:28 +10:00
Untyped_AI.thy arm-hyp: AInvs sorry-free 2017-06-19 14:32:23 +10:00
VSpaceEntries_AI.thy arm-hyp invariants: more fixes for crunches and sorries 2017-06-19 14:32:21 +10:00
VSpacePre_AI.thy arm-hyp invariants: updates for vcpu, alignments, valid_vspace_obj, wellformed_arch_obj, etc. 2017-06-19 14:32:20 +10:00
VSpace_AI.thy SELFOUR-421: fix coding style 2016-09-22 19:23:28 +10:00

README.md

Abstract Spec Invariant Proof

This proof defines and proves the global invariants of seL4's abstract specification. The invariants are phrased and proved using a monadic Hoare logic described in a TPHOLS '08 paper.

Building

To build from the l4v/ directory, run:

./isabelle/bin/isabelle build -d . -v -b AInvs

Important Theories

The top-level theory where the invariants are proved over the kernel is Syscall_AI; the bottom-level theory where they are defined is Invariants_AI.