f7768ee90e
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems> |
||
|---|---|---|
| .. | ||
| AbstractSeparationHelpers_SD.thy | ||
| AbstractSeparation_SD.thy | ||
| Frame_SD.thy | ||
| Helpers_SD.thy | ||
| Lookups_D.thy | ||
| README.md | ||
| Sep_Tactic_Helper.thy | ||
| Separation_SD.thy | ||
| Types_SD.thy | ||
README.md
CapDL Separation Logic Proof
This proof defines a separation logic for the capDL kernel specification. It builds on a generic separation algebra, described in the ITP 2012 paper.
The separation logic is defined on a lifted heap where we lift the object heap and IRQ table into an object-component heap and an IRQ table heap. This gives us a separation algebra with a capability-level of granularity.
This separation logic is used by the CapDL API Proofs and the system initialiser specification.
This separation logic is described in the ICFEM '13 paper and Andrew Boyton's PhD thesis.
Building
To build for the ARM architecture from the l4v/ directory, run:
L4V_ARCH=ARM ./run_tests SepDSpec
Important Theories
-
The definitions of heap disjunction, heap addition and showing that they produce a separation algebra is found in
AbstractSeparation_SD. -
The "arrows" are defined in
Separation_SD. -
The "frame rule" for specific leaf functions is defined in
Frame_SD. This "frame rule" is different from the traditional frame rule as we use a shallow embedding.