adbrucker
/
lh-l4v
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
lh-l4v/proof/invariant-abstract
History
Gerwin Klein f0faa90f8a lib/spec/proof/tools: fix word change fallout 2016-05-16 21:11:40 +10:00
..
ARM lib/spec/proof/tools: fix word change fallout 2016-05-16 21:11:40 +10:00
ADT_AI.thy arch_split: fix proofs after removing shadow and unqualify commands and adding fix for crunch. Checks up to DPolicy. 2016-05-04 15:14:41 +10:00
AInvs.thy arch_split: replaced sublocale with global_naming 2016-04-27 14:32:38 +10:00
Arch_AI.thy arch_split: fix proofs after removing shadow and unqualify commands and adding fix for crunch. Checks up to DPolicy. 2016-05-04 15:14:41 +10:00
BCorres2_AI.thy arch_split: replaced sublocale with global_naming 2016-04-27 14:32:38 +10:00
BCorres_AI.thy arch_split: fix proofs after removing shadow and unqualify commands and adding fix for crunch. Checks up to DPolicy. 2016-05-04 15:14:41 +10:00
Bits_AI.thy arch_split: change caps_of_state to be explicit projection f caps_of_state 2016-03-04 19:03:45 +11:00
CNodeInv_AI.thy arch_split: replaced sublocale with global_naming 2016-04-27 14:32:38 +10:00
CSpaceInvPre_AI.thy arch_split: fix proofs after removing shadow and unqualify commands and adding fix for crunch. Checks up to DPolicy. 2016-05-04 15:14:41 +10:00
CSpaceInv_AI.thy arch_split: fix proofs after removing shadow and unqualify commands and adding fix for crunch. Checks up to DPolicy. 2016-05-04 15:14:41 +10:00
CSpacePre_AI.thy arch_split: fix proofs after removing shadow and unqualify commands and adding fix for crunch. Checks up to DPolicy. 2016-05-04 15:14:41 +10:00
CSpace_AI.thy arch_split: fix proofs after removing shadow and unqualify commands and adding fix for crunch. Checks up to DPolicy. 2016-05-04 15:14:41 +10:00
DetSchedAux_AI.thy arch_split: replaced sublocale with global_naming 2016-04-27 14:32:38 +10:00
DetSchedInvs_AI.thy Merge branch 'master' into aep-merge 2015-09-10 17:06:45 +10:00
DetSchedSchedule_AI.thy arch_split: replaced sublocale with global_naming 2016-04-27 14:32:38 +10:00
Deterministic_AI.thy arch_split: merge master 2016-04-28 14:36:43 +10:00
Detype_AI.thy arch_split: replaced sublocale with global_naming 2016-04-27 14:32:38 +10:00
EmptyFail_AI.thy arch_split: fix proofs after removing shadow and unqualify commands and adding fix for crunch. Checks up to DPolicy. 2016-05-04 15:14:41 +10:00
Finalise_AI.thy arch_split: fix proofs after removing shadow and unqualify commands and adding fix for crunch. Checks up to DPolicy. 2016-05-04 15:14:41 +10:00
Include_AI.thy lib/spec/proof/tools: fix word change fallout 2016-05-16 21:11:40 +10:00
InterruptAcc_AI.thy arch_split: replaced sublocale with global_naming 2016-04-27 14:32:38 +10:00
Interrupt_AI.thy arch_split: fix proofs after removing shadow and unqualify commands and adding fix for crunch. Checks up to DPolicy. 2016-05-04 15:14:41 +10:00
InvariantsPre_AI.thy arch_split: fix proofs after removing shadow and unqualify commands and adding fix for crunch. Checks up to DPolicy. 2016-05-04 15:14:41 +10:00
Invariants_AI.thy arch_split: fix proofs after removing shadow and unqualify commands and adding fix for crunch. Checks up to DPolicy. 2016-05-04 15:14:41 +10:00
IpcCancel_AI.thy arch_split: replaced sublocale with global_naming 2016-04-27 14:32:38 +10:00
Ipc_AI.thy arch_split: fix proofs after removing shadow and unqualify commands and adding fix for crunch. Checks up to DPolicy. 2016-05-04 15:14:41 +10:00
KHeapPre_AI.thy arch_split: invariants: slightly more selective interpretation up to AInvs 2016-04-20 08:36:22 +10:00
KHeap_AI.thy arch_split: fix proofs after removing shadow and unqualify commands and adding fix for crunch. Checks up to DPolicy. 2016-05-04 15:14:41 +10:00
KernelInitSepProofs_AI.thy Import release snapshot. 2014-07-14 21:32:44 +02:00
KernelInitSep_AI.thy repair ARM proofs up to Refine after factoring out architecture 2016-01-13 12:02:12 +11:00
KernelInit_AI.thy arch_split: replaced sublocale with global_naming 2016-04-27 14:32:38 +10:00
LevityCatch_AI.thy arch_split: More namespacing progress and invariant splitting. Checks halfway into Invariants_AI 2016-02-05 17:00:06 +11:00
PDPTEntries_AI.thy arch_split: replaced sublocale with global_naming 2016-04-27 14:32:38 +10:00
README.md misc: Proofing and formatting of README.md files. 2014-07-28 13:15:48 +10:00
Retype_AI.thy arch_split: fix proofs after removing shadow and unqualify commands and adding fix for crunch. Checks up to DPolicy. 2016-05-04 15:14:41 +10:00
Schedule_AI.thy arch_split: fix proofs after removing shadow and unqualify commands and adding fix for crunch. Checks up to DPolicy. 2016-05-04 15:14:41 +10:00
SubMonad_AI.thy repairing AInvs: checks up to the middle of VSpace_AI 2016-01-12 18:10:36 +11:00
Syscall_AI.thy arch_split: merge master 2016-04-28 14:36:43 +10:00
TcbAcc_AI.thy arch_split: fix proofs after removing shadow and unqualify commands and adding fix for crunch. Checks up to DPolicy. 2016-05-04 15:14:41 +10:00
Tcb_AI.thy arch_split: replaced sublocale with global_naming 2016-04-27 14:32:38 +10:00
Untyped_AI.thy lib/spec/proof/tools: fix word change fallout 2016-05-16 21:11:40 +10:00
VSpacePre_AI.thy arch_split: fix proofs after removing shadow and unqualify commands and adding fix for crunch. Checks up to DPolicy. 2016-05-04 15:14:41 +10:00
VSpace_AI.thy arch_split: some quick and dirty arch_splitting by selectively interpreting the ARM locale (with FIXMEs) 2016-04-07 17:05:14 +10:00

README.md

Abstract Spec Invariant Proof

This proof defines and proves the global invariants of seL4's abstract specification. The invariants are phrased and proved using a monadic Hoare logic described in a TPHOLS '08 paper.

Building

To build from the l4v/ directory, run:

./isabelle/bin/isabelle build -d . -v -b AInvs

Important Theories

The top-level theory where the invariants are proved over the kernel is Syscall_AI; the bottom-level theory where they are defined is Invariants_AI.