adbrucker
/
lh-l4v
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
lh-l4v/spec/design
History
Alejandro Gomez-Londono ab6b9baebb ExecSpec: Changes to the haskell to better reflect ASpec 
* atcbContextGet and atcbContextSet where added (just as in ASpec)

* asUser is now defined in terms of atcbContext{Get,Set}

* arch_tcb is now correctly imported as a datatype not as a type
  synonym

  tags: [VER-623][SELFOUR-413]
 		2016-11-25 13:05:55 +11:00
..
ARM ExecSpec: Changes to the haskell to better reflect ASpec 2016-11-25 13:05:55 +11:00
m-skel/ARM SELFOUR-421: merge and fix up to ArmConfidentiality proof 2016-09-22 19:21:56 +10:00
skel ExecSpec: Changes to the haskell to better reflect ASpec 2016-11-25 13:05:55 +11:00
API_H.thy SELFOUR-553: update rpidrurw in TCBConfigure for simpler Infoflow proofs. 2016-11-18 16:27:26 +11:00
ArchInterrupt_H.thy msi: Restructure IOAPIC, MSI interrupts for x86, fix up ARM proofs for new API 2016-02-02 15:57:28 +11:00
CNode_H.thy SELFOUR-64: Remove general Recycle operation 2016-11-18 14:11:12 +11:00
CSpaceDecls_H.thy run haskell translator 2016-07-21 15:54:49 +10:00
CSpace_H.thy run haskell translator 2016-07-21 15:54:49 +10:00
Config_H.thy SELFOUR-444: Haskell implementation, begin refine. 2016-11-02 11:19:08 +11:00
Delete_H.thy SELFOUR-421: merge and fix up to ArmConfidentiality proof 2016-09-22 19:21:56 +10:00
EndpointDecls_H.thy run haskell translator 2016-07-21 15:54:49 +10:00
Endpoint_H.thy run haskell translator 2016-07-21 15:54:49 +10:00
Event_H.thy run haskell translator 2016-07-21 15:54:49 +10:00
FaultHandlerDecls_H.thy run haskell translator 2016-07-21 15:54:49 +10:00
FaultHandler_H.thy ExecSpec: arch-specific faults + VMFault -> ArchFault + ReservedIRQ 2016-11-25 13:05:42 +11:00
FaultMonad_H.thy run haskell translator 2016-07-21 15:54:49 +10:00
Fault_H.thy ExecSpec: arch-specific faults + VMFault -> ArchFault + ReservedIRQ 2016-11-25 13:05:42 +11:00
InterruptDecls_H.thy run haskell translator 2016-07-21 15:54:49 +10:00
Interrupt_H.thy ExecSpec: arch-specific faults + VMFault -> ArchFault + ReservedIRQ 2016-11-25 13:05:42 +11:00
InvocationLabels_H.thy SELFOUR-64: Remove general Recycle operation 2016-11-18 14:11:12 +11:00
Invocations_H.thy SELFOUR-64: Remove general Recycle operation 2016-11-18 14:11:12 +11:00
KI_Decls_H.thy SELFOUR-421: merge and fix up to ArmConfidentiality proof 2016-09-22 19:21:56 +10:00
KernelInitMonad_H.thy run haskell translator 2016-07-21 15:54:49 +10:00
KernelInit_H.thy SELFOUR-444: Refine proof with ghost invariant. 2016-11-02 11:19:09 +11:00
KernelStateData_H.thy SELFOUR-444: Adjust Haskell, new ghost data. 2016-11-02 11:19:09 +11:00
Kernel_H.thy run haskell translator 2016-07-21 15:54:49 +10:00
NotificationDecls_H.thy run haskell translator 2016-07-21 15:54:49 +10:00
Notification_H.thy run haskell translator 2016-07-21 15:54:49 +10:00
ObjectInstances_H.thy ExecSpec: arch-specific faults + VMFault -> ArchFault + ReservedIRQ 2016-11-25 13:05:42 +11:00
Object_H.thy run haskell translator 2016-07-21 15:54:49 +10:00
PSpaceFuns_H.thy SELFOUR-421: retranslate haskell after merge with master 2016-09-22 19:11:36 +10:00
PSpaceStorable_H.thy SELFOUR-421: merge and fix up to ArmConfidentiality proof 2016-09-22 19:21:56 +10:00
PSpaceStruct_H.thy run haskell translator 2016-07-21 15:54:49 +10:00
README.md misc: Proofing and formatting of README.md files. 2014-07-28 13:15:48 +10:00
RetypeDecls_H.thy SELFOUR-64: Remove general Recycle operation 2016-11-18 14:11:12 +11:00
Retype_H.thy SELFOUR-64: Remove general Recycle operation 2016-11-18 14:11:12 +11:00
Structures_H.thy ExecSpec: Changes to the haskell to better reflect ASpec 2016-11-25 13:05:55 +11:00
Syscall_H.thy SELFOUR-553: update rpidrurw in TCBConfigure for simpler Infoflow proofs. 2016-11-18 16:27:26 +11:00
TCBDecls_H.thy ExecSpec: Changes to the haskell to better reflect ASpec 2016-11-25 13:05:55 +11:00
TCB_H.thy ExecSpec: Changes to the haskell to better reflect ASpec 2016-11-25 13:05:55 +11:00
ThreadDecls_H.thy Revert SELFOUR-242: invert bitfield scheduler and optimise fast path 2016-11-16 14:02:50 +11:00
Thread_H.thy Revert SELFOUR-242: invert bitfield scheduler and optimise fast path 2016-11-16 14:02:50 +11:00
Types_H.thy SELFOUR-276: Finish proofs for maximum controlled priority (MCP) 2016-10-05 02:43:41 +11:00
Untyped_H.thy SELFOUR-444: Refine proof with ghost invariant. 2016-11-02 11:19:09 +11:00
VSpace_H.thy run haskell translator 2016-07-21 15:54:49 +10:00
version ExecSpec: Changes to the haskell to better reflect ASpec 2016-11-25 13:05:55 +11:00

README.md

The Executable Design Specification of seL4

l4v/spec/design/

This directory contains the Isabelle sources of the executable design specification for seL4.

Most theory files in this directory are tool-generated, do not edit!

The files here are also not particularly well suited for human consumption, it is recommended to directly read the corresponding Haskell code in seL4/haskell instead.

Top-Level Theory

The top-level theory file that draws the whole specification together is API_H, the top-level function in that theory is callKernel.

Similarly to the abstract specification, this top-level function is later in the proofs further wrapped in an automaton that describes system behaviour on this level of abstraction.

Building

The corresponding Isabelle session is ExecSpec. Build in l4v/spec/ with

make ExecSpec

Remarks

  • for regenerating the design spec from Haskell sources, go to directory l4v/tools/haskell-translator and run

       ./make_spec.sh

  • skeleton files that define which parts of which Haskell files get mapped to which Isabelle theories are found in the sub directories skel and m-skel for design and machine respectively.