4601f2a1ab
This patch adds a generic "post_cap_deletion" step that is called by finalise_slot. Previous to this, the only caps which had actions required at this stage were IRQHandlerCaps -- it was required that the IRQ bitmap be updated after the cap itself was removed (as the invariants state that for any existing IRQHandlerCap, the corresponding bit in the IRQ bitmap must be set). By genericising this, we add the capacity for new, arch-specific post cap deletion actions to occur in the future. |
||
|---|---|---|
| .. | ||
| access-control | ||
| asmrefine | ||
| bisim | ||
| capDL-api | ||
| crefine | ||
| drefine | ||
| infoflow | ||
| invariant-abstract | ||
| refine | ||
| sep-capDL | ||
| Makefile | ||
| README.md | ||
| ROOT | ||
| tests.xml | ||
README.md
Formal Proofs about seL4
This directory contains the formal proofs about seL4, which mostly prove properties about the various seL4 specifications.
Each such proof lives in its own subdirectory:
access-control- Access Control Proofasmrefine- Assembly Refinement Proofbisim- Bisimilarity of seL4 with a static Separation KernelcapDL-api- CapDL API Proofscrefine- C Refinement Proofdrefine- CapDL Refinement Proofinfoflow- Confidentiality Proofinvariant-abstract- Abstract Spec Invariant Proofrefine- Design Spec Refinement Proofsep-capDL- CapDL Separation Logic Proof