adbrucker
/
lh-l4v
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
lh-l4v/proof/refine
History
Joel Beeren 3c223b42fe SELFOUR-421: AInvs done, no added invariants yet 2016-09-22 19:11:29 +10:00
..
ADT_H.thy SELFOUR-56: Remove diminish rights from IPC 2016-02-24 13:24:10 +11:00
ArchAcc_R.thy rebase and fix problems caused by new machine constants 2016-02-17 11:18:02 +11:00
Arch_R.thy Isabelle2016: merge master into 2016 2016-02-19 16:17:26 +11:00
Bits_R.thy SELFOUR-421: AInvs done, no added invariants yet 2016-09-22 19:11:29 +10:00
BuildRefineCache.thy Import release snapshot. 2014-07-14 21:32:44 +02:00
CNodeInv_R.thy Isabelle2016: merge master into 2016 2016-02-16 12:52:24 +11:00
CSpace1_R.thy SELFOUR-421: AInvs done, no added invariants yet 2016-09-22 19:11:29 +10:00
CSpace_I.thy SELFOUR-421: AInvs done, no added invariants yet 2016-09-22 19:11:29 +10:00
CSpace_R.thy Isabelle2016: merge master into 2016 2016-02-16 12:52:24 +11:00
Cache.thy Import release snapshot. 2014-07-14 21:32:44 +02:00
Corres.thy Import release snapshot. 2014-07-14 21:32:44 +02:00
Detype_R.thy trivial: remove some comments and debug trace 2016-02-22 10:55:21 +11:00
EmptyFail.thy WIP on handling array assertions. Up to Retype_C. 2015-12-02 09:06:06 +11:00
EmptyFail_H.thy SELFOUR-56: Remove diminish rights from IPC 2016-02-24 13:24:10 +11:00
Finalise_R.thy Isabelle2016: merge master into 2016 2016-02-19 16:17:26 +11:00
IncKernelInit.thy Import release snapshot. 2014-07-14 21:32:44 +02:00
Include.thy repair ARM proofs up to Refine after factoring out architecture 2016-01-13 12:02:12 +11:00
InitLemmas.thy 2015 update for Refine 2015-05-12 17:17:31 +02:00
InterruptAcc_R.thy add arch_tcb object to C, rename aep -> ntfn 2015-11-20 16:02:13 +11:00
Interrupt_R.thy l4v-sabre: move a few word lemmas to WordLemmaBucket and fix styles of some proofs 2016-02-17 11:18:03 +11:00
Invariants_H.thy SELFOUR-421: AInvs done, no added invariants yet 2016-09-22 19:11:29 +10:00
Invocations_R.thy Import release snapshot. 2014-07-14 21:32:44 +02:00
IpcCancel_R.thy SELFOUR-56: Remove diminish rights from IPC 2016-02-24 13:24:10 +11:00
Ipc_R.thy SELFOUR-56: Remove diminish rights from IPC 2016-02-24 13:24:10 +11:00
KHeap_R.thy Isabelle2016: merge master into 2016 2016-02-16 12:52:24 +11:00
KernelInit_R.thy abstract Haskell init parameters into constants 2014-11-06 18:48:36 +11:00
LevityCatch.thy add arch_tcb object to C, rename aep -> ntfn 2015-11-20 16:02:13 +11:00
Machine_R.thy l4v-sabre: change type of irq to be 10 word 2016-02-17 11:18:02 +11:00
Orphanage.thy Merge remote-tracking branch 'verification/master' into arch_split 2016-01-21 10:22:48 +11:00
PageTableDuplicates.thy SELFOUR-56: Remove diminish rights from IPC 2016-02-24 13:24:10 +11:00
RAB_FN.thy Finally done with array assertions. 2015-12-02 09:08:27 +11:00
README.md misc: Proofing and formatting of README.md files. 2014-07-28 13:15:48 +10:00
Refine.thy Merge branch 'master' into aep-merge 2015-09-10 17:06:45 +10:00
Retype_R.thy Isabelle2016: merge master into 2016 2016-02-19 16:17:26 +11:00
Schedule_R.thy Isabelle2016: merge master into 2016 2016-02-16 12:52:24 +11:00
StateRelation.thy SELFOUR-421: AInvs done, no added invariants yet 2016-09-22 19:11:29 +10:00
SubMonad_R.thy 2015 update for Refine 2015-05-12 17:17:31 +02:00
Syscall_R.thy SELFOUR-56: Remove diminish rights from IPC 2016-02-24 13:24:10 +11:00
TcbAcc_R.thy Isabelle2016: merge master into 2016 2016-02-16 12:52:24 +11:00
Tcb_R.thy repair ARM proofs up to Refine after factoring out architecture 2016-01-13 12:02:12 +11:00
Untyped_R.thy Isabelle2016: merge master into 2016 2016-02-19 16:17:26 +11:00
VSpace_R.thy Isabelle2016: merge master into 2016 2016-02-16 12:52:24 +11:00

README.md

Design Spec Refinement Proof

This proof establishes that seL4's design specification is a formal refinement (i.e. a correct implementation) of its abstract specification. This proof also interweaves the definition and proofs of the global invariant for the design specification, and builds on the Abstract Spec Invariant Proof. It is described in the TPHOLS '08 paper.

Building

To build from the l4v/ directory, run:

./isabelle/bin/isabelle build -d . -v -b Refine

Important Theories

The top-level theory where the refinement statement is established over the entire kernel is Refine; the state-relation that relates the state-spaces of the two specifications is defined in StateRelation and the basic correspondence property proved over each kernel function is defined in Corres.