ba38ae33ab
The links to nicta.com.au have stopped working, so the publication links now point to the TS publication pages. Signed-off-by: Gerwin Klein <gerwin.klein@data61.csiro.au> |
||
|---|---|---|
| .. | ||
| base | ||
| Arch_DR.thy | ||
| CNode_DR.thy | ||
| Corres_D.thy | ||
| Finalise_DR.thy | ||
| Intent_DR.thy | ||
| Interrupt_DR.thy | ||
| Ipc_DR.thy | ||
| KHeap_DR.thy | ||
| Lemmas_D.thy | ||
| MoreCorres.thy | ||
| MoreHOL.thy | ||
| README.md | ||
| Refine_D.thy | ||
| Schedule_DR.thy | ||
| StateTranslationProofs_DR.thy | ||
| StateTranslation_D.thy | ||
| Syscall_DR.thy | ||
| Tcb_DR.thy | ||
| Untyped_DR.thy | ||
README.md
CapDL Refinement Proof
This proof establishes that seL4's abstract specification is a formal refinement (i.e. a correct implementation) of its capDL specification. It is described as part of an ICFEM '13 paper.
Building
To build from the l4v/ directory, run:
./isabelle/bin/isabelle build -d . -v -b DRefine
Important Theories
The top-level theory where the refinement statement is established over
the entire kernel is Refine_D; the state-relation that
relates the state-spaces of the two specifications is defined in
StateTranslation_D and the basic
correspondence property proved over each kernel function is defined in
Corres_D.