We present an overview of the different refinement frameworks used in the L4.verified project to formally prove the functional correctness of the seL4 microkernel. The verification is conducted in the interactive theorem prover Isabelle/HOL and proceeds in two large refinement steps: one proof between two monadic, functional specifications in HOL and one proof between such a monadic specification and a C program. To connect these proofs into one overall theorem, we map both refinement statements into a common overall framework.

@inbook{Klein_SW_10,
    author =    {Gerwin Klein and Thomas Sewell and Simon Winwood},
    title =     {Refinement in the formal verification of seL4},
    booktitle = {Design and Verification of Microprocessor Systems for High-Assurance Applications},
    editor =    {David S. Hardin},
    pages =     {323--339},
    month =     Mar,
    year =      {2010},
    publisher = {Springer},
}