History

Daniel Matichuk a34de66b9f arch_split: fix crefine up to Interrupt_C		2016-01-20 14:42:36 +11:00
..
access-control	terminology in comments: async ep -> notifications	2015-11-24 16:58:22 +13:00
asmrefine	Reduce verbosity in GraphRefine.	2015-12-08 19:36:28 +11:00
bisim	terminology in comments: async ep -> notifications	2015-11-24 16:58:22 +13:00
capDL-api	add arch_tcb object to C, rename aep -> ntfn	2015-11-20 16:02:13 +11:00
crefine	arch_split: fix crefine up to Interrupt_C	2016-01-20 14:42:36 +11:00
drefine	Wait -> Recv: update proofs	2015-11-20 16:02:14 +11:00
infoflow	infoflow: Remove a find_theorems invocation.	2015-11-25 10:30:29 +11:00
invariant-abstract	repair ARM proofs up to Refine after factoring out architecture	2016-01-13 12:02:12 +11:00
refine	arch_split: fix crefine up to Interrupt_C	2016-01-20 14:42:36 +11:00
sep-capDL	add arch_tcb object to C, rename aep -> ntfn	2015-11-20 16:02:13 +11:00
Makefile	avoid `make` warning, remove SimplExportOnly from HEAPS	2015-11-20 16:02:14 +11:00
README.md	integrate separation kernel config proofs	2014-08-13 22:08:46 +10:00
ROOT	aep-binding: removed quick and dirty from AInvs build options	2015-10-07 13:58:11 +11:00
tests.xml	regression: fix tests.xml dependencies to be consistent with ROOTs.	2016-01-07 18:39:50 +11:00

Formal Proofs about seL4

This directory contains the formal proofs about seL4, which mostly prove properties about the various seL4 specifications.

Each such proof lives in its own subdirectory: