This contains a formalised algorithm and the proof of correctness of a user-level system initialiser that uses capDL to specify the state of the resultant system.
It builds on the CapDL API Proofs, and uses a separation logic defined for capDL.
The system initialiser and the proof are described in the ICFEM '13 paper and Andrew Boyton's PhD thesis.
To build from the l4v/ directory for the ARM architecture, run:
L4V_ARCH=ARM ./run_tests SysInit
To build the example capDL specifications, from the l4v/ directory, run:
L4V_ARCH=ARM ./run_tests SysInitExamples
-
The specification for the algorithm of the system initialiser is in
SysInit_SI. -
The top-level statement of the correctness of the system-initialiser is found in
Proof_SI. -
The definition of what it means for an object to be initialised (
object_initialisedand (irq_initialised) is found inObjectInitialised_SI. -
Only "well-formed" capDL specifications can be initialised. The definition of well-formed is located in
WellFormed_SI. -
Two example capDL specifications that are "well-formed" are found in
ExampleSpec_SIandExampleSpecIRQ_SI. The former is a simple capDL spec, and the latter a more complicated specifications with IRQ support.