History

Victor Phan 1689dd94fe cleanup arm ainvs: cleanup Abbreviate Hoare triples that do not care about the return value and whose pre and post conditions are the same. x64 ainvs: cleanup ainvs: cleanup x64 ainvs: cleanup drefine: cleanup		2019-04-18 14:32:08 +10:00
..
document	Removes all trailing whitespaces	2017-07-12 15:13:51 +10:00
README.md	terminology in comments: async ep -> notifications	2015-11-24 16:58:22 +13:00
Separation.thy	Isabelle2018: new "op x" syntax; now is "(x)"	2018-08-20 09:06:35 +10:00
Syscall_S.thy	cleanup	2019-04-18 14:32:08 +10:00

README.md

Separation Kernel Bisimilarity

This proof establishes that seL4, if configured fully statically with 1-level CSpaces and notification caps only, is bi-similar to a static separation kernel that has no other system calls than signalling notifications.

Building

To build from the l4v/ directory, run:

./isabelle/bin/isabelle build -d . -v -b Bisim

Important Theories

Theory Separation defines static configurations, and theory Syscall_S contains the proof that this is equivalent to a static kernel.

The definition of a static kernel API can be found in the spec directory under sep-abstract.