adbrucker
/
lh-l4v
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
lh-l4v/proof/refine
History
Matthew Brecknell b5158e31bc Isabelle2016-1: fix proofs involving UNION 
SUPREMUM changed from a definition to an abbreviation.

A number of proofs that previously used blast, fastforce or auto to
solve goals involving UNION, now either fail or loop. This commit
includes various ad-hoc workarounds.
 		2017-01-05 14:27:33 +11:00
..
ADT_H.thy Isabelle2016-1: rename free variables to avoid capture 2017-01-05 14:24:36 +11:00
ArchAcc_R.thy Isabelle2016-1: update references to renamed constants and facts 2017-01-05 14:23:05 +11:00
Arch_R.thy Isabelle2016-1: rename free variables to avoid capture 2017-01-05 14:24:36 +11:00
Bits_R.thy Isabelle2016-1: update references to renamed constants and facts 2017-01-05 14:23:05 +11:00
BuildRefineCache.thy Import release snapshot. 2014-07-14 21:32:44 +02:00
CNodeInv_R.thy Isabelle2016-1: rename free variables to avoid capture 2017-01-05 14:24:36 +11:00
CSpace1_R.thy Isabelle2016-1: remove references to empty 'assms' 2017-01-05 14:26:47 +11:00
CSpace_I.thy Isabelle2016-1: update references to renamed constants and facts 2017-01-05 14:23:05 +11:00
CSpace_R.thy Isabelle2016-1: rename free variables to avoid capture 2017-01-05 14:24:36 +11:00
Cache.thy Import release snapshot. 2014-07-14 21:32:44 +02:00
Corres.thy autocorres-crefine: add pre-no-fail flag to corres. Updated AI+Refine. 2016-01-22 15:08:14 +11:00
Detype_R.thy Isabelle2016-1: fix proofs involving UNION 2017-01-05 14:27:33 +11:00
DomainTime_R.thy Refine: Updating refine for tcb_arch reserved_irq and arch_fault changes 2016-11-25 13:05:55 +11:00
EmptyFail.thy SELFOUR-444: Refine proof with ghost invariant. 2016-11-02 11:19:09 +11:00
EmptyFail_H.thy Isabelle2016-1: update references to renamed constants and facts 2017-01-05 14:23:05 +11:00
Finalise_R.thy Isabelle2016-1: update references to renamed constants and facts 2017-01-05 14:23:05 +11:00
IncKernelInit.thy Import release snapshot. 2014-07-14 21:32:44 +02:00
Include.thy repair ARM proofs up to Refine after factoring out architecture 2016-01-13 12:02:12 +11:00
InitLemmas.thy 2015 update for Refine 2015-05-12 17:17:31 +02:00
InterruptAcc_R.thy SELFOUR-444: Haskell implementation, begin refine. 2016-11-02 11:19:08 +11:00
Interrupt_R.thy Isabelle2016-1: rename free variables to avoid capture 2017-01-05 14:24:36 +11:00
Invariants_H.thy Isabelle2016-1: update references to renamed constants and facts 2017-01-05 14:23:05 +11:00
Invocations_R.thy arch_split: replaced sublocale with global_naming 2016-04-27 14:32:38 +10:00
IpcCancel_R.thy Isabelle2016-1: update references to renamed constants and facts 2017-01-05 14:23:05 +11:00
Ipc_R.thy Isabelle2016-1: update references to renamed constants and facts 2017-01-05 14:23:05 +11:00
KHeap_R.thy Isabelle2016-1: update references to renamed constants and facts 2017-01-05 14:23:05 +11:00
KernelInit_R.thy ADT: add kernel entry/exit constraints on domain time left 2016-11-11 06:01:30 +11:00
LevityCatch.thy arch_split: replaced sublocale with global_naming 2016-04-27 14:32:38 +10:00
Machine_R.thy arch_split: replaced sublocale with global_naming 2016-04-27 14:32:38 +10:00
Orphanage.thy Isabelle2016-1: replace 'unfolded' attr with 'simplified' where the former now loops 2017-01-05 14:27:04 +11:00
PageTableDuplicates.thy Isabelle2016-1: update references to renamed constants and facts 2017-01-05 14:23:05 +11:00
RAB_FN.thy Isabelle2016-1: update references to renamed constants and facts 2017-01-05 14:23:05 +11:00
README.md misc: Proofing and formatting of README.md files. 2014-07-28 13:15:48 +10:00
Refine.thy Isabelle2016-1: remove references to empty 'assms' 2017-01-05 14:26:47 +11:00
Retype_R.thy Isabelle2016-1: fix proofs involving UNION 2017-01-05 14:27:33 +11:00
Schedule_R.thy Isabelle2016-1: replace 'unfolded' attr with 'simplified' where the former now loops 2017-01-05 14:27:04 +11:00
StateRelation.thy Isabelle2016-1: update references to renamed constants and facts 2017-01-05 14:23:05 +11:00
SubMonad_R.thy Isabelle2016-1: rename free variables to avoid capture 2017-01-05 14:24:36 +11:00
Syscall_R.thy Isabelle2016-1: update references to renamed constants and facts 2017-01-05 14:23:05 +11:00
TcbAcc_R.thy Isabelle2016-1: remove references to empty 'assms' 2017-01-05 14:26:47 +11:00
Tcb_R.thy Isabelle2016-1: update references to renamed constants and facts 2017-01-05 14:23:05 +11:00
Untyped_R.thy Isabelle2016-1: update references to renamed constants and facts 2017-01-05 14:23:05 +11:00
VSpace_R.thy Isabelle2016-1: rename free variables to avoid capture 2017-01-05 14:24:36 +11:00

README.md

Design Spec Refinement Proof

This proof establishes that seL4's design specification is a formal refinement (i.e. a correct implementation) of its abstract specification. This proof also interweaves the definition and proofs of the global invariant for the design specification, and builds on the Abstract Spec Invariant Proof. It is described in the TPHOLS '08 paper.

Building

To build from the l4v/ directory, run:

./isabelle/bin/isabelle build -d . -v -b Refine

Important Theories

The top-level theory where the refinement statement is established over the entire kernel is Refine; the state-relation that relates the state-spaces of the two specifications is defined in StateRelation and the basic correspondence property proved over each kernel function is defined in Corres.