1289f7bc6e
* tcb_context rephrasing to (tcb_context o tcb_arch) and respectively for set operations * unfolding of reserved_irq for trivially solving most lemmas * Changes to the inductive definition of integrity_obj to account for tcb_arch and tcb_context new location * Changes to the tcb examples in ExampleSystem to include tcb_arch * Rephrasing of domain_sep_inv to accommodate the ReservedIRQ case * Mostly rephrasing of tcb_context to (some form of) (tcb_context o tcb_arch) * Trivial unfolding of handle_reserved_irq for hoare rules * Examples in Example_Valid_State.thy were updated * Nothing remarkable, mostly rephrasing of tcb_context and ReservedIRQ handling * Fun fact, some proofs are now shorter tags: [VER-623][SELFOUR-413] |
||
|---|---|---|
| .. | ||
| Arch_DR.thy | ||
| CNode_DR.thy | ||
| Corres_D.thy | ||
| Finalise_DR.thy | ||
| Include_D.thy | ||
| Intent_DR.thy | ||
| Interrupt_DR.thy | ||
| Ipc_DR.thy | ||
| KHeap_DR.thy | ||
| Lemmas_D.thy | ||
| MoreCorres.thy | ||
| MoreHOL.thy | ||
| README.md | ||
| Refine_D.thy | ||
| Schedule_DR.thy | ||
| StateTranslationProofs_DR.thy | ||
| StateTranslation_D.thy | ||
| Syscall_DR.thy | ||
| Tcb_DR.thy | ||
| Untyped_DR.thy | ||
README.md
CapDL Refinement Proof
This proof establishes that seL4's abstract specification is a formal refinement (i.e. a correct implementation) of its capDL specification. It is described as part of an ICFEM '13 paper.
Building
To build from the l4v/ directory, run:
./isabelle/bin/isabelle build -d . -v -b DRefine
Important Theories
The top-level theory where the refinement statement is established over
the entire kernel is Refine_D; the state-relation that
relates the state-spaces of the two specifications is defined in
StateTranslation_D and the basic
correspondence property proved over each kernel function is defined in
Corres_D.