adbrucker
/
lh-l4v
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
lh-l4v/proof/refine
History
Thomas Sewell 7c3a06a8d7 Minor adjustments caused by Strengthen changes. 2015-10-29 11:27:54 +11:00
..
ADT_H.thy poll: Added new syscall for polling async endpoints (non-blocking wait) 2015-10-21 14:24:49 +11:00
ArchAcc_R.thy 2015 update for Refine 2015-05-12 17:17:31 +02:00
Arch_R.thy Minor adjustments caused by Strengthen changes. 2015-10-29 11:27:54 +11:00
Bits_R.thy Merge branch 'master' into aep-merge 2015-09-10 17:06:45 +10:00
BuildRefineCache.thy Import release snapshot. 2014-07-14 21:32:44 +02:00
CNodeInv_R.thy Merge 'verification/master' into priority-bitmap 2015-10-21 06:19:20 +11:00
CSpace1_R.thy 2015 update for Refine 2015-05-12 17:17:31 +02:00
CSpace_I.thy fewer warnings 2015-05-16 19:52:49 +10:00
CSpace_R.thy Merge 'verification/master' into priority-bitmap 2015-10-21 06:19:20 +11:00
CSpace_R.thy.orig Merge 'verification/master' into priority-bitmap 2015-10-21 06:19:20 +11:00
Cache.thy Import release snapshot. 2014-07-14 21:32:44 +02:00
Corres.thy Import release snapshot. 2014-07-14 21:32:44 +02:00
Detype_R.thy Merge 'verification/master' into priority-bitmap 2015-10-21 06:19:20 +11:00
EmptyFail.thy 2015 update for Refine 2015-05-12 17:17:31 +02:00
EmptyFail_H.thy Refine working. 2014-08-11 18:51:04 +10:00
Finalise_R.thy Merge 'verification/master' into priority-bitmap 2015-10-21 06:19:20 +11:00
IncKernelInit.thy Import release snapshot. 2014-07-14 21:32:44 +02:00
Include.thy Import release snapshot. 2014-07-14 21:32:44 +02:00
InitLemmas.thy 2015 update for Refine 2015-05-12 17:17:31 +02:00
InterruptAcc_R.thy priority-bitmap: Update abstract->Haskell refinement 2015-10-20 23:40:44 +11:00
Interrupt_R.thy Minor adjustments caused by Strengthen changes. 2015-10-29 11:27:54 +11:00
Invariants_H.thy priority-bitmap: clean up Refine (i.e. "FIXME RAF") 2015-10-21 13:38:29 +11:00
Invocations_R.thy Import release snapshot. 2014-07-14 21:32:44 +02:00
IpcCancel_R.thy priority-bitmap: clean up Refine (i.e. "FIXME RAF") 2015-10-21 13:38:29 +11:00
Ipc_R.thy Minor adjustments caused by Strengthen changes. 2015-10-29 11:27:54 +11:00
KHeap_R.thy Merge 'verification/master' into priority-bitmap 2015-10-21 06:19:20 +11:00
KernelInit_R.thy abstract Haskell init parameters into constants 2014-11-06 18:48:36 +11:00
LevityCatch.thy remove old levity and taint-mode comments 2014-07-22 18:10:28 +02:00
Machine_R.thy 2015 update for Refine 2015-05-12 17:17:31 +02:00
Orphanage.thy Minor adjustments caused by Strengthen changes. 2015-10-29 11:27:54 +11:00
PageTableDuplicates.thy poll: Added new syscall for polling async endpoints (non-blocking wait) 2015-10-21 14:24:49 +11:00
README.md misc: Proofing and formatting of README.md files. 2014-07-28 13:15:48 +10:00
Refine.thy Merge branch 'master' into aep-merge 2015-09-10 17:06:45 +10:00
Retype_R.thy Merge 'verification/master' into priority-bitmap 2015-10-21 06:19:20 +11:00
Schedule_R.thy priority-bitmap: clean up Refine (i.e. "FIXME RAF") 2015-10-21 13:38:29 +11:00
StateRelation.thy Merge branch 'master' into aep-merge 2015-09-10 17:06:45 +10:00
SubMonad_R.thy 2015 update for Refine 2015-05-12 17:17:31 +02:00
Syscall_R.thy Merge remote-tracking branch 'verification/master' into priority-bitmap 2015-10-21 16:23:01 +11:00
TcbAcc_R.thy priority-bitmap: clean up Refine (i.e. "FIXME RAF") 2015-10-21 13:38:29 +11:00
Tcb_R.thy Merge 'verification/master' into priority-bitmap 2015-10-21 06:19:20 +11:00
Untyped_R.thy Minor adjustments caused by Strengthen changes. 2015-10-29 11:27:54 +11:00
VSpace_R.thy Merge 'verification/master' into priority-bitmap 2015-10-21 06:19:20 +11:00

README.md

Design Spec Refinement Proof

This proof establishes that seL4's design specification is a formal refinement (i.e. a correct implementation) of its abstract specification. This proof also interweaves the definition and proofs of the global invariant for the design specification, and builds on the Abstract Spec Invariant Proof. It is described in the TPHOLS '08 paper.

Building

To build from the l4v/ directory, run:

./isabelle/bin/isabelle build -d . -v -b Refine

Important Theories

The top-level theory where the refinement statement is established over the entire kernel is Refine; the state-relation that relates the state-spaces of the two specifications is defined in StateRelation and the basic correspondence property proved over each kernel function is defined in Corres.