adbrucker
/
lh-l4v
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
lh-l4v/sys-init
History
Gerwin Klein 0e3016251f
lib+proof: proof updates for wpc change 
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
 		2023-06-15 09:52:15 +10:00
..
examples isabelle2021-1: global hide_lams -> opaque_lifting 2022-03-29 08:38:25 +11:00
CreateIRQCaps_SI.thy lib+proofs+sys-init+tools: proof updates for Fun_Pred_Syntax 2023-01-09 14:54:11 +11:00
CreateObjects_SI.thy proofs: updates for monad refactor 2023-02-09 11:46:55 +11:00
DuplicateCaps_SI.thy lib+proof: proof updates for wpc change 2023-06-15 09:52:15 +10:00
InitCSpace_SI.thy isabelle-2021: update SysInit 2021-09-30 16:53:17 +10:00
InitIRQ_SI.thy lib+proofs+sys-init+tools: proof updates for Fun_Pred_Syntax 2023-01-09 14:54:11 +11:00
InitTCB_SI.thy isabelle-2021: update SysInit 2021-09-30 16:53:17 +10:00
InitVSpace_SI.thy lib+proof: eliminate hoare_ex_wp 2023-01-25 11:48:38 +11:00
Makefile Makefiles: remove unused report-regression target 2022-06-03 09:36:43 +10:00
Mapped_Separating_Conjunction.thy isabelle2021-1: global hide_lams -> opaque_lifting 2022-03-29 08:38:25 +11:00
ObjectInitialised_SI.thy isabelle-2021: update SysInit 2021-09-30 16:53:17 +10:00
Proof_SI.thy lib+proof: eliminate hoare_ex_wp 2023-01-25 11:48:38 +11:00
README.md READMEs: use run_tests consistently in READMEs (#622) 2023-03-30 13:59:18 +11:00
ROOT ROOT files: file reorg for new ROOT requirements 2020-10-27 15:52:31 +10:00
RootTask_SI.thy licenses: convert license tags to SPDX 2020-03-13 14:38:24 +08:00
StartThreads_SI.thy isabelle-2021: update SysInit 2021-09-30 16:53:17 +10:00
SysInit_SI.thy licenses: convert license tags to SPDX 2020-03-13 14:38:24 +08:00
WellFormed_SI.thy isabelle2021-1: remove no_take_bit 2022-03-29 08:38:25 +11:00
tests.xml licenses: convert license tags to SPDX 2020-03-13 14:38:24 +08:00

README.md

CapDL User-level system initialiser

This contains a formalised algorithm and the proof of correctness of a user-level system initialiser that uses capDL to specify the state of the resultant system.

It builds on the CapDL API Proofs, and uses a separation logic defined for capDL.

The system initialiser and the proof are described in the ICFEM '13 paper and Andrew Boyton's PhD thesis.

Building

To build from the l4v/ directory for the ARM architecture, run:

L4V_ARCH=ARM ./run_tests SysInit

To build the example capDL specifications, from the l4v/ directory, run:

L4V_ARCH=ARM ./run_tests SysInitExamples

Important Theories

  • The specification for the algorithm of the system initialiser is in SysInit_SI.

  • The top-level statement of the correctness of the system-initialiser is found in Proof_SI.

  • The definition of what it means for an object to be initialised (object_initialised and (irq_initialised) is found in ObjectInitialised_SI.

  • Only "well-formed" capDL specifications can be initialised. The definition of well-formed is located in WellFormed_SI.

  • Two example capDL specifications that are "well-formed" are found in ExampleSpec_SI and ExampleSpecIRQ_SI. The former is a simple capDL spec, and the latter a more complicated specifications with IRQ support.