adbrucker
/
lh-l4v
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
lh-l4v/proof/crefine
History
Joel Beeren d6f7579be7 poll: Added new syscall for polling async endpoints (non-blocking wait) 2015-10-21 14:24:49 +11:00
..
ADT_C.thy Merge branch 'master' into aep-merge 2015-09-10 17:06:45 +10:00
Arch_C.thy Merge branch 'master' into aep-merge 2015-09-10 17:06:45 +10:00
BuildRefineCache_C.thy Import release snapshot. 2014-07-14 21:32:44 +02:00
CACHE.ML Import release snapshot. 2014-07-14 21:32:44 +02:00
CLevityCatch.thy crefine: Port CRefine to Isabelle 2014. 2014-09-11 16:57:59 +10:00
CREGRESSION_S.ML Import release snapshot. 2014-07-14 21:32:44 +02:00
CSpaceAcc_C.thy aep-binding: cleanup 2015-10-07 14:18:09 +11:00
CSpace_All.thy crefine: 2015 update up to Tcb_C 2015-05-18 09:11:43 +10:00
CSpace_C.thy crefine: 2015 update up to Tcb_C 2015-05-18 09:11:43 +10:00
CSpace_RAB_C.thy WIP on WCET annotations. 2015-07-14 14:23:29 +10:00
Cache.thy Import release snapshot. 2014-07-14 21:32:44 +02:00
Delete_C.thy Repair refine/crefine for WCET annotations. 2015-07-14 14:23:29 +10:00
DetWP.thy crefine: 2015 update up to Tcb_C 2015-05-18 09:11:43 +10:00
Detype_C.thy Merge branch 'master' into aep-merge 2015-09-10 17:06:45 +10:00
Fastpath_C.thy Merge branch 'master' into aep-merge 2015-09-10 17:06:45 +10:00
Finalise_C.thy Merge branch 'master' into aep-merge 2015-09-10 17:06:45 +10:00
Include_C.thy Import release snapshot. 2014-07-14 21:32:44 +02:00
Init_C.thy abstract Haskell init parameters into constants 2014-11-06 18:48:36 +11:00
Interrupt_C.thy Merge branch 'master' into aep-merge 2015-09-10 17:06:45 +10:00
Invoke_C.thy Merge branch 'master' into aep-merge 2015-09-10 17:06:45 +10:00
IpcCancel_C.thy Merge branch 'master' into aep-merge 2015-09-10 17:06:45 +10:00
Ipc_C.thy poll: Added new syscall for polling async endpoints (non-blocking wait) 2015-10-21 14:24:49 +11:00
Machine_C.thy WIP on WCET annotations. 2015-07-14 14:23:29 +10:00
Move.thy history squashed patch for aep-binding 2015-09-02 15:43:39 +10:00
PSpace_C.thy WIP on WCET annotations. 2015-07-14 14:23:29 +10:00
README.md misc: Proofing and formatting of README.md files. 2014-07-28 13:15:48 +10:00
Recycle_C.thy Merge branch 'master' into aep-merge 2015-09-10 17:06:45 +10:00
Refine_C.thy poll: Added new syscall for polling async endpoints (non-blocking wait) 2015-10-21 14:24:49 +11:00
Refine_nondet_C.thy abstract Haskell init parameters into constants 2014-11-06 18:48:36 +11:00
Retype_C.thy fix CRefine after libseL4 NotificationObject terminology update 2015-10-14 14:00:27 +11:00
SR_lemmas_C.thy Merge branch 'master' into aep-merge 2015-09-10 17:06:45 +10:00
Schedule_C.thy Merge branch 'master' into aep-merge 2015-09-10 17:06:45 +10:00
StateRelation_C.thy poll: Added new syscall for polling async endpoints (non-blocking wait) 2015-10-21 14:24:49 +11:00
StoreWord_C.thy crefine: 2015 update up to Tcb_C 2015-05-18 09:11:43 +10:00
SyscallArgs_C.thy Merge branch 'master' into aep-merge 2015-09-10 17:06:45 +10:00
Syscall_C.thy poll: Added new syscall for polling async endpoints (non-blocking wait) 2015-10-21 14:24:49 +11:00
TcbAcc_C.thy Import release snapshot. 2014-07-14 21:32:44 +02:00
TcbQueue_C.thy Merge branch 'master' into aep-merge 2015-09-10 17:06:45 +10:00
Tcb_C.thy aep-binding: fixed crefine, drefine, dpolicy with new decode_bind_aep definition 2015-09-16 10:35:31 +10:00
VSpace_C.thy Merge branch 'master' into aep-merge 2015-09-10 17:06:45 +10:00
Wellformed_C.thy fix CRefine after libseL4 NotificationObject terminology update 2015-10-14 14:00:27 +11:00

README.md

C Refinement Proof

This proof establishes that seL4's C code, once translated into Isabelle/HOL using Michael Norrish's C parser, is a formal refinement (i.e. a correct implementation) of its design specification and, transitively (using the results of the Design Spec Refinement Proof) seL4's C code is also a formal refinement of its abstract specification. In other words, this proof establishes that seL4's C code correctly implements its abstract specification.

The approach used for the proof is described in the TPHOLS '09 [paper][5].

Building

To build from the l4v/proof directory, run:

make CRefine

Important Theories

The top-level theory where the refinement statement is established over the entire kernel is Refine_C; the state-relation that relates the state-spaces of the two specifications is defined in StateRelation_C.

Note that this proof deals with two C-level semantics of seL4: one produced directly by the C parser from the kernel's C code, and another produced by the C spec's Substitute theory. These proofs largely operate on the latter, proving that it corresponds to the design spec. Refinement between the two C-level specs is proved in the CToCRefine theory. The top-level Refine_C theory quotes both refinement properties.