ab259704c7
* Context : We would like to prove that, for ARM_HYP architecture, the current vcpu is always the vcpu associated to the current thread. See issue https://jira.csiro.au/browse/VER-770 and PR 291 http://bitbucket.keg.ertos.in.nicta.com.au/projects/SEL4/repos/l4v/pull-requests/291 In this process, we changed the definition of `idle_tcb_at` * In this commit : Update some proofs in access, infoflow and drefine to take the new definition of `idle_tcb_at` into account. |
||
|---|---|---|
| .. | ||
| access-control | ||
| asmrefine | ||
| bisim | ||
| capDL-api | ||
| crefine | ||
| drefine | ||
| infoflow | ||
| invariant-abstract | ||
| refine | ||
| sep-capDL | ||
| Makefile | ||
| README.md | ||
| ROOT | ||
| tests.xml | ||
README.md
Formal Proofs about seL4
This directory contains the formal proofs about seL4, which mostly prove properties about the various seL4 specifications.
Each such proof lives in its own subdirectory:
access-control- Access Control Proofasmrefine- Assembly Refinement Proofbisim- Bisimilarity of seL4 with a static Separation KernelcapDL-api- CapDL API Proofscrefine- C Refinement Proofdrefine- CapDL Refinement Proofinfoflow- Confidentiality Proofinvariant-abstract- Abstract Spec Invariant Proofrefine- Design Spec Refinement Proofsep-capDL- CapDL Separation Logic Proof