65     apply (simp add:init_ss_in_def)

    65     apply (simp add:init_ss_in_def)

    66     apply (erule bexE)

    66     apply (erule bexE)

    67     apply (simp add:init_ss_eq_def)

    67     apply (simp add:init_ss_eq_def)

    68     apply (rule_tac x = "ss'" in bexI)

    68     apply (rule_tac x = "ss'" in bexI)

    69     apply (rule_tac x = "sobj" in exI)

    69     apply (rule_tac x = "sobj" in exI)

    70     by (auto intro:tainted_s_subset_prop)

    71     by (auto intro:tainted_s_subset_prop)

    71 qed

    72 qed

    72 

    73 

    73 lemma cp2sproc_pi:

    74 lemma cp2sproc_pi:

    74   "\<lbrakk>cp2sproc s p = Some (Init p', sec, fds, shms); valid s\<rbrakk> \<Longrightarrow> p = p' \<and> \<not> deleted (O_proc p) s \<and> p \<in> init_procs"

    75   "\<lbrakk>cp2sproc s p = Some (Init p', sec, fds, shms); valid s\<rbrakk> \<Longrightarrow> p = p' \<and> \<not> deleted (O_proc p) s \<and> p \<in> init_procs"

   184    \<Longrightarrow> \<exists> m. cm2smsg s q m = Some sm"

   185    \<Longrightarrow> \<exists> m. cm2smsg s q m = Some sm"

   185 by (auto simp:cq2smsgq_def split: option.splits intro:cqm2sms_prop1)

   186 by (auto simp:cq2smsgq_def split: option.splits intro:cqm2sms_prop1)

   186 

   187 

   187 declare co2sobj.simps [simp add]

   188 declare co2sobj.simps [simp add]

   188 

   189 

   189 lemma tainted_s_imp_tainted:

   227 lemma tainted_s_imp_tainted:

   190   "\<lbrakk>tainted_s ss sobj; ss \<in> static\<rbrakk> \<Longrightarrow> \<exists> s obj. valid s \<and> co2sobj s obj = Some sobj \<and> obj \<in> tainted s"

   228   "\<lbrakk>tainted_s ss sobj; ss \<in> static\<rbrakk> \<Longrightarrow> \<exists> s obj. valid s \<and> co2sobj s obj = Some sobj \<and> obj \<in> tainted s"

   191 apply (drule s2d_main)

   229 apply (drule s2d_main)

   192 apply (erule exE, erule conjE, simp add:s2ss_def)

   230 apply (erule exE, erule conjE, simp add:s2ss_def)

   193 apply (rule_tac x = s in exI, simp)

   231 apply (rule_tac x = s in exI, simp)