c44fd87594
A lot of the proofs in SysInit and DRefine previously had to unfold opt_object, which was really just an alias for cdl_objects with the arguments in the opposite order! This commit deletes opt_object in favour of using cdl_objects directly, which should slightly reduce the burden of unfolding. |
||
|---|---|---|
| .. | ||
| API_DP.thy | ||
| Arch_DP.thy | ||
| CNode_DP.thy | ||
| IRQ_DP.thy | ||
| Invocation_DP.thy | ||
| KHeap_DP.thy | ||
| Kernel_DP.thy | ||
| ProofHelpers_DP.thy | ||
| README.md | ||
| RWHelper_DP.thy | ||
| Retype_DP.thy | ||
| Sep_Tactic_Examples.thy | ||
| TCB_DP.thy | ||
README.md
CapDL API Proofs
This proof develops a formal API description for a number of the seL4 system calls, of the capDL kernel specification. This API description is a set of lemmas describing the behaviour of various system calls in terms of a separation logic defined over that kernel specification.
When reasoning about system calls this proof treats the kernel like a library invoked directly from user-space and does not reason about scheduling. These proofs are used by the system initialiser proof, as described in the ICFEM '13 paper and Andrew Boyton's PhD thesis.
Building
To build from the l4v/ directory, run:
./isabelle/bin/isabelle build -d . -v -b DSpecProofs
Important Theories
The top-level theory is API_DP. The seL4 API and kernel
model are located in Kernel_DP.