Skip to content

Files

Latest commit

lsf37lsf37
Merge branch 'master' into 2015
May 28, 2015
cfec9ea · May 28, 2015

History

History
This branch is 5440 commits behind seL4/l4v:master.

drefine

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
Arch_DR.thy
Arch_DR.thy
May 28, 2015
CNode_DR.thy
CNode_DR.thy
May 28, 2015
Corres_D.thy
Corres_D.thy
Aug 13, 2014
Finalise_DR.thy
Finalise_DR.thy
May 28, 2015
Include_D.thy
Include_D.thy
Jul 22, 2014
Intent_DR.thy
Intent_DR.thy
May 13, 2015
Interrupt_DR.thy
Interrupt_DR.thy
May 13, 2015
Ipc_DR.thy
Ipc_DR.thy
May 16, 2015
KHeap_DR.thy
KHeap_DR.thy
May 13, 2015
Lemmas_D.thy
Lemmas_D.thy
Jul 23, 2014
MoreCorres.thy
MoreCorres.thy
May 13, 2015
MoreHOL.thy
MoreHOL.thy
Jul 14, 2014
README.md
README.md
Jul 28, 2014
Refine_D.thy
Refine_D.thy
May 13, 2015
Schedule_DR.thy
Schedule_DR.thy
May 13, 2015
StateTranslationProofs_DR.thy
StateTranslationProofs_DR.thy
May 13, 2015
StateTranslation_D.thy
StateTranslation_D.thy
May 13, 2015
Syscall_DR.thy
Syscall_DR.thy
May 16, 2015
Tcb_DR.thy
Tcb_DR.thy
May 13, 2015
Untyped_DR.thy
Untyped_DR.thy
May 16, 2015

README.md

CapDL Refinement Proof

This proof establishes that seL4's abstract specification is a formal refinement (i.e. a correct implementation) of its capDL specification. It is described as part of an ICFEM '13 paper.

Building

To build from the l4v/ directory, run:

./isabelle/bin/isabelle build -d . -v -b DRefine

Important Theories

The top-level theory where the refinement statement is established over the entire kernel is Refine_D; the state-relation that relates the state-spaces of the two specifications is defined in StateTranslation_D and the basic correspondence property proved over each kernel function is defined in Corres_D.