History

Gerwin Klein dc4955de6e aarch64 refine: lemma moved to Word_Lib Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>		2023-09-27 14:28:35 +10:00
..
AARCH64	aarch64 refine: lemma moved to Word_Lib	2023-09-27 14:28:35 +10:00
ARM	refine: update for changes to nondet monad	2023-08-23 11:48:13 +10:00
ARM_HYP	refine: update for changes to nondet monad	2023-08-23 11:48:13 +10:00
RISCV64	riscv refine: adjust for (no_asm) in Corres_Method	2023-08-30 21:59:37 +02:00
X64	refine: update for changes to nondet monad	2023-08-23 11:48:13 +10:00
base	refine: session directories for Isabelle2020	2020-10-27 15:52:31 +10:00
Move_R.thy	proof+autocorres: update for select_wp and alternative_wp	2023-08-09 16:42:01 +10:00
README.md	READMEs: use run_tests consistently in READMEs (#622 )	2023-03-30 13:59:18 +11:00

README.md

Design Spec Refinement Proof

This proof establishes that seL4's design specification is a formal refinement (i.e. a correct implementation) of its abstract specification. This proof also interweaves the definition and proofs of the global invariant for the design specification, and builds on the Abstract Spec Invariant Proof. It is described in the TPHOLS '08 paper.

Building

To build for the ARM architecture from the l4v/ directory, run:

L4V_ARCH=ARM ./run_tests Refine

Important Theories

The top-level theory where the refinement statement is established over the entire kernel is Refine; the state-relation that relates the state-spaces of the two specifications is defined in StateRelation and the basic correspondence property proved over each kernel function is defined in Corres.