|
1
|
1 |
theory tainted
|
|
|
2 |
imports Main rc_theory os_rc deleted_prop obj2sobj_prop
|
|
|
3 |
begin
|
|
|
4 |
|
|
|
5 |
context tainting begin
|
|
|
6 |
|
|
|
7 |
lemma tainted_is_valid:
|
|
|
8 |
"obj \<in> tainted s \<Longrightarrow> valid s"
|
|
|
9 |
by (erule tainted.induct, auto simp:vs_nil)
|
|
|
10 |
|
|
|
11 |
lemma tainted_is_current:
|
|
|
12 |
"obj \<in> tainted s \<Longrightarrow> exists s obj"
|
|
|
13 |
apply (erule tainted.induct)
|
|
|
14 |
apply (auto dest:valid_os)
|
|
|
15 |
apply (drule seeds_in_init, case_tac obj, auto)
|
|
|
16 |
done
|
|
|
17 |
|
|
|
18 |
lemma nodel_tainted_exists:
|
|
|
19 |
"\<lbrakk>no_del_event (s'@s); obj \<in> tainted s\<rbrakk> \<Longrightarrow> exists (s'@s) obj"
|
|
|
20 |
apply (drule_tac obj = obj in nodel_imp_un_deleted)
|
|
|
21 |
by (drule tainted_is_current, simp add:not_deleted_imp_exists')
|
|
|
22 |
|
|
|
23 |
lemma t_remain_app:
|
|
|
24 |
"\<lbrakk>obj \<in> tainted s'; no_del_event (s @ s'); valid (s @ s')\<rbrakk>
|
|
|
25 |
\<Longrightarrow> obj \<in> tainted (s @ s')"
|
|
|
26 |
apply (induct s, simp)
|
|
|
27 |
apply (simp only:cons_app_simp_aux)
|
|
|
28 |
apply (frule valid_cons, frule no_del_event_cons_D, simp)
|
|
|
29 |
apply (rule t_remain, simp+)
|
|
|
30 |
apply (drule tainted_is_current)
|
|
|
31 |
apply (case_tac a, case_tac [!] obj, auto)
|
|
|
32 |
done
|
|
|
33 |
|
|
|
34 |
end
|
|
|
35 |
|
|
|
36 |
context tainting_s_complete begin
|
|
|
37 |
|
|
|
38 |
lemma unknown_notin_tainted_s':
|
|
|
39 |
"sobj \<in> tainted_s \<Longrightarrow> sobj \<noteq> Unknown"
|
|
|
40 |
apply (erule tainted_s.induct, auto)
|
|
|
41 |
apply (drule seeds_in_init)
|
|
|
42 |
apply (subgoal_tac "exists [] obj")
|
|
|
43 |
apply (drule init_obj_has_sobj, simp+)
|
|
|
44 |
apply (case_tac obj, simp+)
|
|
|
45 |
done
|
|
|
46 |
|
|
|
47 |
lemma unknown_notin_tainted_s:
|
|
|
48 |
"Unknown \<in> tainted_s \<Longrightarrow> False"
|
|
|
49 |
by (auto dest:unknown_notin_tainted_s')
|
|
|
50 |
|
|
|
51 |
end
|
|
|
52 |
|
|
|
53 |
end |