selinux: comparison Co2sobj

equal deleted inserted replaced

-:87fdf2de0ffa
+:ac66d8ba86d9
 (*<*)
 theory Co2sobj_prop
-imports Main Flask Flask_type Static Static_type Sectxt_prop Init_prop Current_files_prop Current_sockets_prop Delete_prop
+imports Main Flask Flask_type Static Static_type Sectxt_prop Init_prop Current_files_prop Current_sockets_prop Delete_prop Proc_fd_of_file_prop
 begin
 (*<*)
 context tainting_s begin
 apply (frule parentf_in_current', simp+, case_tac e)
 apply (auto simp:current_files_simps is_file_simps is_dir_simps sectxt_of_obj_simps cf2sfile_path
 split:if_splits option.splits)
 done
+lemma cf2sfile_other':
+"\<lbrakk>valid (e # s);
+\<forall> p f flag fd opt. e \<noteq> Open p f flag fd opt;
+\<forall> p fd. e \<noteq> CloseFd p fd;
+\<forall> p f. e \<noteq> UnLink p f;
+\<forall> p f. e \<noteq> Rmdir p f;
+\<forall> p f i. e \<noteq> Mkdir p f i;
+\<forall> p f f'. e \<noteq> LinkHard p f f';
+ff \<in> current_files s\<rbrakk> \<Longrightarrow> cf2sfile (e # s) ff = cf2sfile s ff"
+by (auto intro!:cf2sfile_other)
 lemma cf2sfile_unlink:
 "\<lbrakk>valid (UnLink p f # s); f' \<in> current_files (UnLink p f # s)\<rbrakk>
 \<Longrightarrow> cf2sfile (UnLink p f # s) f' = cf2sfile s f'"
 apply (frule vd_cons, frule vt_grant_os)
 apply (simp add:current_files_simps split:if_splits)
 apply (auto simp:cf2sfile_def sectxt_of_obj_simps get_parentfs_ctxts_simps is_file_simps is_dir_simps
 split:if_splits option.splits)
+done
+lemma cf2sfile_rmdir:
+"\<lbrakk>valid (Rmdir p f # s); f' \<in> current_files (Rmdir p f # s)\<rbrakk>
+\<Longrightarrow> cf2sfile (Rmdir p f # s) f' = cf2sfile s f'"
+apply (frule vd_cons, frule vt_grant_os)
+apply (simp add:current_files_simps split:if_splits)
+apply (auto simp:cf2sfile_def sectxt_of_obj_simps get_parentfs_ctxts_simps is_file_simps is_dir_simps
+split:if_splits option.splits)
+done
+lemma pfdof_simp5: "\<lbrakk>proc_fd_of_file s f = {(p, fd)}; file_of_proc_fd s p fd = None\<rbrakk> \<Longrightarrow> False"
+apply (subgoal_tac "(p, fd) \<in> proc_fd_of_file s f")
+by (simp add:pfdof_simp2, simp)
+lemma pfdof_simp6: "proc_fd_of_file s f = {(p, fd)} \<Longrightarrow> file_of_proc_fd s p fd = Some f"
+apply (subgoal_tac "(p, fd) \<in> proc_fd_of_file s f")
+by (simp add:pfdof_simp2, simp)
+lemma cf2sfile_closefd:
+"\<lbrakk>valid (CloseFd p fd # s); f \<in> current_files (CloseFd p fd # s)\<rbrakk>
+\<Longrightarrow> cf2sfile (CloseFd p fd # s) f = cf2sfile s f"
+apply (frule vd_cons, frule vt_grant_os)
+apply (simp add:current_files_simps split:if_splits option.splits)
+(* costs too much time, but solved
+apply (auto simp:cf2sfile_def sectxt_of_obj_simps get_parentfs_ctxts_simps is_file_simps is_dir_simps
+split:if_splits option.splits
+dest:init_file_dir_conflict pfdof_simp5 pfdof_simp6 file_of_pfd_is_file
+not_deleted_init_file not_deleted_init_dir is_file_not_dir is_dir_not_file
+dest!:current_has_sec')
+done
+*)
+sorry
 lemmas cf2sfile_simps = cf2sfile_open cf2sfile_mkdir cf2sfile_linkhard cf2sfile_other
+cf2sfile_unlink cf2sfile_rmdir cf2sfile_closefd
+(*********** cfd2sfd simpset *********)
+lemma cfd2sfd_open1:
+"valid (Open p f flags fd opt # s)
+\<Longrightarrow> cfd2sfd (Open p f flags fd opt # s) p fd =
+(case (sectxt_of_obj (Open p f flags fd opt # s) (O_fd p fd), cf2sfile (Open p f flags fd opt # s) f) of
+(Some sec, Some sf) \<Rightarrow> Some (sec, flags, sf)
+| _ \<Rightarrow> None)"
+by (simp add:cfd2sfd_def sectxt_of_obj_simps split:if_splits)
+lemma cfd2sfd_open_some2:
+"\<lbrakk>valid (Open p f flags fd (Some inum) # s); file_of_proc_fd s p' fd' = Some f'\<rbrakk>
+\<Longrightarrow> cfd2sfd (Open p f flags fd (Some inum) # s) p' fd' = cfd2sfd s p' fd'"
+apply (frule vd_cons, frule vt_grant_os)
-lemma cf2sfile_keep_path: "\<lbrakk>f \<preceq> f'; \<tau> \<in> vt rc_cs\<rbrakk> \<Longrightarrow> cf2sfile \<tau> f \<preceq> cf2sfile \<tau> f'"
+apply (frule proc_fd_in_fds, simp)
-apply (induct f', simp add:no_junior_def)
+apply (frule file_of_proc_fd_in_curf, simp)
-apply (case_tac "f = a # f'", simp add:cf2sfile.simps)
+apply (case_tac "f = f'", simp)
-apply (drule no_junior_noteq, simp, simp add:cf2sfile.simps)
+apply (simp add:cfd2sfd_def sectxt_of_obj_simps cf2sfile_open_some1)
-done
+apply (case_tac "p = p'", simp)
+apply (rule conjI, rule impI, simp)
-lemma ckp'_aux: "\<not> f \<preceq> a # f' \<Longrightarrow> \<not> f \<preceq> f'"
+apply (drule cf2sfile_open_some1, simp)
-by (auto simp:no_junior_def)
+apply (auto split:option.splits)[1]
+apply simp
-lemma cf2sfile_keep_path': "\<lbrakk>\<not> f \<preceq> f'; \<tau> \<in> vt rc_cs; f \<in> current_files \<tau>; f' \<in> current_files \<tau>\<rbrakk> \<Longrightarrow> \<not> cf2sfile \<tau> f \<preceq> cf2sfile \<tau> f'"
+apply (drule cf2sfile_open_some1, simp)
-apply (induct f', simp add:no_junior_def cf2sfile.simps, rule notI, drule cf2sfile_root_file, simp)
+apply (auto split:option.splits)[1]
-apply (case_tac "f = a # f'", simp add:cf2sfile.simps)
+done
-apply (rule notI)
-apply (frule ckp'_aux, simp, frule parentf_in_current', simp+)
+lemma cfd2sfd_open_none2:
-apply (case_tac "cf2sfile \<tau> f = cf2sfile \<tau> (a # f')", drule cf2sfile_inj, simp+)
+"\<lbrakk>valid (Open p f flags fd None # s); file_of_proc_fd s p' fd' = Some f'\<rbrakk>
-apply (simp add:cf2sfile.simps)
+\<Longrightarrow> cfd2sfd (Open p f flags fd None # s) p' fd' = cfd2sfd s p' fd'"
-by (drule no_junior_noteq, simp+)
+apply (frule vd_cons, frule vt_grant_os)
+apply (frule proc_fd_in_fds, simp)
-lemma cf2sfile_keep_path'': "\<lbrakk>cf2sfile \<tau> f \<preceq> cf2sfile \<tau> f'; \<tau> \<in> vt rc_cs; f \<in> current_files \<tau>; f' \<in> current_files \<tau>\<rbrakk> \<Longrightarrow> f \<preceq> f'"
+apply (frule file_of_proc_fd_in_curf, simp)
-using cf2sfile_keep_path'
+apply (simp add:cfd2sfd_def sectxt_of_obj_simps cf2sfile_open_none)
-by (auto)
+apply (case_tac "p = p'", simp)
+apply (rule conjI, rule impI, simp)
-lemma cf2sfile_open_some': "\<lbrakk>f \<in> current_files \<tau>; Open p f' flags fd (Some inum) # \<tau> \<in> vt rc_cs\<rbrakk> \<Longrightarrow> cf2sfile (Open p f' flags fd (Some inum) # \<tau>) f = cf2sfile \<tau> f"
+apply (drule cf2sfile_open_none)
-apply (frule vt_cons')
+apply (auto split:option.splits)[1]
-apply (drule vt_grant_os)
+apply simp
-apply (induct f)
+apply (drule cf2sfile_open_none)
-apply (simp add:cf2sfile.simps)+
+apply (auto split:option.splits)[1]
-apply (frule parentf_in_current', simp)
+done
-apply (auto simp:os_grant.simps index_of_file.simps split:option.splits)
-done
+lemma cfd2sfd_open2:
+"\<lbrakk>valid (Open p f flags fd opt # s); file_of_proc_fd s p' fd' = Some f'\<rbrakk>
-lemma cf2sfile_open_some: "\<lbrakk>Open p f flags fd (Some inum) # \<tau> \<in> vt rc_cs; parent f = Some pf\<rbrakk>
+\<Longrightarrow> cfd2sfd (Open p f flags fd opt # s) p' fd' = cfd2sfd s p' fd'"
-\<Longrightarrow> cf2sfile (Open p f flags fd (Some inum) # \<tau>) f = (SCrea (Suc (length \<tau>)) # (cf2sfile \<tau> pf))"
+apply (case_tac opt)
-apply (case_tac f, simp)
+apply (simp add:cfd2sfd_open_none2)
-apply (frule vt_grant_os)
+apply (simp add:cfd2sfd_open_some2)
-apply (simp add:cf2sfile.simps os_grant.simps current_files_simps index_of_file.simps cf2sfile_open_some')
+done
-done
+lemma cfd2sfd_open:
-lemma cf2sfile_open_none: "cf2sfile (Open p f flags fd None # \<tau>) f' = cf2sfile \<tau> f'"
+"\<lbrakk>valid (Open p f flags fd opt # s); file_of_proc_fd (Open p f flags fd opt # s) p' fd' = Some f'\<rbrakk>
-apply (induct f')
+\<Longrightarrow> cfd2sfd (Open p f flags fd opt # s) p' fd' = (if (p' = p \<and> fd' = fd) then
-by (simp add:cf2sfile.simps index_of_file.simps split:option.splits nat.splits)+
+(case (sectxt_of_obj (Open p f flags fd opt # s) (O_fd p fd), cf2sfile (Open p f flags fd opt # s) f) of
+(Some sec, Some sf) \<Rightarrow> Some (sec, flags, sf)
-lemma cf2sfile_open: "\<lbrakk>Open p f flags fd opt # \<tau> \<in> vt rc_cs; f' \<in> current_files (Open p f flags fd opt # \<tau>)\<rbrakk> \<Longrightarrow>
+| _ \<Rightarrow> None)         else cfd2sfd s p' fd')"
-cf2sfile (Open p f flags fd opt # \<tau>) f' = (
+apply (simp split:if_splits)
-if (opt = None) then cf2sfile \<tau> f'
+apply (simp add:cfd2sfd_open1 split:option.splits)
-else if (f' = f) then (case (parent f) of
+apply (simp add:cfd2sfd_open2)
-Some pf \<Rightarrow> (SCrea (Suc (length \<tau>)) # (cf2sfile \<tau> pf))
+apply (rule impI, simp)
-| _       \<Rightarrow> [])
+done
-else cf2sfile \<tau> f'                                                          )"
-apply (frule vt_grant_os)
+lemma cfd2sfd_closefd:
-by (auto simp:os_grant.simps current_files_simps intro:cf2sfile_open_none cf2sfile_open_some cf2sfile_open_some' split:if_splits option.splits)
+"\<lbrakk>valid (CloseFd p fd # s); file_of_proc_fd (CloseFd p fd # s) p' fd' = Some f\<rbrakk>
+\<Longrightarrow> cfd2sfd (CloseFd p fd # s) p' fd' = cfd2sfd  s p' fd'"
-lemma cf2sfile_mkdir_some': "\<lbrakk>Mkdir p f' inum # \<tau> \<in> vt rc_cs; f \<in> current_files \<tau>\<rbrakk> \<Longrightarrow> cf2sfile (Mkdir p f' inum # \<tau>) f = cf2sfile \<tau> f"
+apply (frule vd_cons, frule vt_grant_os)
-apply (frule vt_cons', drule vt_grant_os)
+apply (frule proc_fd_in_fds, simp)
-apply (induct f, (simp add:cf2sfile.simps)+)
+apply (frule file_of_proc_fd_in_curf, simp)
-apply (frule parentf_in_current', simp)
+apply (frule cf2sfile_closefd, simp)
-apply (auto simp:os_grant.simps index_of_file.simps split:option.splits)
+apply (simp add:cfd2sfd_def sectxt_of_obj_simps)
-done
+apply (auto split:option.splits if_splits)
+done
-lemma cf2sfile_mkdir_some: "\<lbrakk>Mkdir p f inum # \<tau> \<in> vt rc_cs; parent f = Some pf\<rbrakk>
-\<Longrightarrow> cf2sfile (Mkdir p f inum # \<tau>) f = (SCrea (Suc (length \<tau>)) # (cf2sfile \<tau> pf))"
+lemma cfd2sfd_clone:
-apply (case_tac f, simp)
+"\<lbrakk>valid (Clone p p' fds shms # s); file_of_proc_fd (Clone p p' fds shms # s) p'' fd' = Some f\<rbrakk>
-apply (frule vt_grant_os)
+\<Longrightarrow> cfd2sfd (Clone p p' fds shms # s) p'' fd' = (
-apply (simp add:cf2sfile.simps os_grant.simps current_files_simps index_of_file.simps cf2sfile_mkdir_some')
+if (p'' = p') then cfd2sfd s p fd'
-done
+else cfd2sfd s p'' fd')"
+apply (frule vd_cons, frule vt_grant_os)
-lemma cf2sfile_mkdir: "\<lbrakk>Mkdir p f inum # \<tau> \<in> vt rc_cs; f' \<in> current_files (Mkdir p f inum # \<tau>)\<rbrakk> \<Longrightarrow>
+apply (frule proc_fd_in_fds, simp)
-cf2sfile (Mkdir p f inum # \<tau>) f' = (
+apply (frule file_of_proc_fd_in_curf, simp, simp add:current_files_simps)
-if (f' = f) then (case (parent f) of
+apply (frule_tac cf2sfile_other', simp+)
-Some pf \<Rightarrow> (SCrea (Suc (length \<tau>)) # (cf2sfile \<tau> pf))
+apply (simp add:cfd2sfd_def sectxt_of_obj_simps)
-| _       \<Rightarrow> [])
+apply (case_tac "p'' = p'", simp)
-else cf2sfile \<tau> f'               ) "
+apply (auto split:option.splits if_splits)[1]
-apply (frule vt_grant_os)
+apply (simp)
-by (auto simp:os_grant.simps current_files_simps intro:cf2sfile_mkdir_some cf2sfile_mkdir_some' split:if_splits option.splits)
+apply (auto split:option.splits if_splits)[1]
+done
-lemma cf2sfile_linkhard_none: "\<lbrakk>LinkHard p f\<^isub>1 f\<^isub>2 # \<tau> \<in> vt rc_cs; f \<in> current_files \<tau>\<rbrakk> \<Longrightarrow> cf2sfile (LinkHard p f\<^isub>1 f\<^isub>2 # \<tau>) f = cf2sfile \<tau> f"
-apply (frule vt_cons')
+lemma cfd2sfd_execve:
-apply (drule vt_grant_os)
+"\<lbrakk>valid (Execve p f fds # s); file_of_proc_fd (Execve p f fds # s) p' fd' = Some f'\<rbrakk>
-apply (induct f)
+\<Longrightarrow> cfd2sfd (Execve p f fds # s) p' fd' = cfd2sfd s p' fd'"
-apply (simp add:cf2sfile.simps)+
+apply (frule vd_cons, frule vt_grant_os)
-apply (frule parentf_in_current', simp)
+apply (frule proc_fd_in_fds, simp)
-apply (auto simp:os_grant.simps index_of_file.simps split:option.splits)
+apply (frule file_of_proc_fd_in_curf, simp, simp add:current_files_simps)
-done
+apply (frule_tac cf2sfile_other', simp+)
+apply (simp add:cfd2sfd_def sectxt_of_obj_simps)
-lemma cf2sfile_linkhard_some:
+apply (case_tac "p' = p", simp)
-"\<lbrakk>LinkHard p f\<^isub>1 f\<^isub>2 # \<tau> \<in> vt rc_cs; parent f\<^isub>2 = Some pf\<^isub>2\<rbrakk> \<Longrightarrow> cf2sfile (LinkHard p f\<^isub>1 f\<^isub>2 # \<tau>) f\<^isub>2 = (SCrea (Suc (length \<tau>)) # (cf2sfile \<tau> pf\<^isub>2))"
+apply (auto split:option.splits if_splits)[1]
-apply (case_tac f\<^isub>2, simp)
+apply (simp)
-apply (frule vt_grant_os)
+apply (auto split:option.splits if_splits)[1]
-apply (simp add:cf2sfile.simps os_grant.simps current_files_simps index_of_file.simps cf2sfile_linkhard_none)
+done
-done
+lemma cfd2sfd_kill:
-lemma cf2sfile_linkhard: "\<lbrakk>LinkHard p f\<^isub>1 f\<^isub>2 # \<tau> \<in> vt rc_cs; f \<in> current_files (LinkHard p f\<^isub>1 f\<^isub>2 # \<tau>)\<rbrakk> \<Longrightarrow>
+"\<lbrakk>valid (Kill p p'' # s); file_of_proc_fd (Kill p p'' # s) p' fd' = Some f'\<rbrakk>
-cf2sfile (LinkHard p f\<^isub>1 f\<^isub>2 # \<tau>) f = (
+\<Longrightarrow> cfd2sfd (Kill p p'' # s) p' fd' = cfd2sfd s p' fd'"
-if (f = f\<^isub>2) then (case (parent f\<^isub>2) of
+apply (frule vd_cons, frule vt_grant_os)
-Some pf\<^isub>2 \<Rightarrow> SCrea (Suc (length \<tau>)) # (cf2sfile \<tau> pf\<^isub>2)
+apply (frule proc_fd_in_fds, simp)
-| _        \<Rightarrow> [])
+apply (frule proc_fd_in_procs, simp)
-else cf2sfile \<tau> f                 )"
+apply (frule file_of_proc_fd_in_curf, simp, simp add:current_files_simps)
-apply (frule vt_grant_os)
+apply (frule_tac cf2sfile_other', simp+)
-by (auto simp:os_grant.simps current_files_simps intro:cf2sfile_linkhard_none cf2sfile_linkhard_some split:if_splits option.splits)
+apply (simp add:cfd2sfd_def sectxt_of_obj_simps)
+apply (auto split:option.splits if_splits)
+done
-lemma no_junior_aux: "\<not> f\<^isub>2 \<preceq> a # f \<Longrightarrow> \<not> f\<^isub>2 \<preceq> f"
-by (auto simp:no_junior_def)
+lemma cfd2sfd_exit:
+"\<lbrakk>valid (Exit p # s); file_of_proc_fd (Exit p # s) p' fd' = Some f'\<rbrakk>
-lemma cf2sfile_rename_aux: "\<lbrakk>Rename p f\<^isub>2 f\<^isub>3 # \<tau> \<in> vt rc_cs; f \<in> current_files \<tau>\<rbrakk> \<Longrightarrow> f \<noteq> f\<^isub>3 \<and> \<not> f\<^isub>3 \<preceq> f"
+\<Longrightarrow> cfd2sfd (Exit p # s) p' fd' = cfd2sfd s p' fd'"
-apply (frule vt_grant_os, simp add:os_grant.simps, (erule exE|erule conjE)+)
+apply (frule vd_cons, frule vt_grant_os)
-apply (rule conjI, rule notI, simp)
+apply (frule proc_fd_in_fds, simp)
-apply (rule notI, drule vt_cons', simp add:ancenf_in_current)
+apply (frule proc_fd_in_procs, simp)
-done
+apply (frule file_of_proc_fd_in_curf, simp, simp add:current_files_simps)
+apply (frule_tac cf2sfile_other', simp+)
-lemma cf2sfile_rename'1:
+apply (simp add:cfd2sfd_def sectxt_of_obj_simps)
-"\<lbrakk>Rename p f\<^isub>2 f\<^isub>3 # \<tau> \<in> vt rc_cs; f \<in> current_files \<tau>; \<not> (f\<^isub>2 \<preceq> f)\<rbrakk> \<Longrightarrow> cf2sfile (Rename p f\<^isub>2 f\<^isub>3 # \<tau>) f = cf2sfile \<tau> f"
+apply (auto split:option.splits if_splits)
-apply (frule vt_cons',frule vt_grant_os,  induct f)
+done
-apply (simp add:cf2sfile.simps)
-apply (frule parentf_in_current', simp, simp)
+lemma cfd2sfd_other:
-apply (frule no_junior_aux, simp)
+"\<lbrakk>valid (e # s); file_of_proc_fd (e # s) p' fd' = Some f';
-apply (simp add:os_grant.simps, (erule exE|erule conjE)+)
+\<forall> p f flags fd opt. e \<noteq> Open p f flags fd opt;
-apply (drule cf2sfile_rename_aux, simp, erule conjE)
+\<forall> p p'' fds shms. e \<noteq> Clone p p'' fds shms\<rbrakk>
-apply (auto simp add:cf2sfile.simps index_of_file.simps split:option.splits nat.splits)
+\<Longrightarrow> cfd2sfd (e # s) p' fd' = cfd2sfd s p' fd'"
-done
+apply (frule vd_cons, frule vt_grant_os)
+apply (frule proc_fd_in_fds, simp)
-lemma cf2sfile_rename'2:
+apply (frule proc_fd_in_procs, simp)
-"\<lbrakk>Rename p f\<^isub>2 f\<^isub>3 # \<tau> \<in> vt rc_cs; \<not> (f\<^isub>3 \<preceq> f)\<rbrakk> \<Longrightarrow> cf2sfile (Rename p f\<^isub>2 f\<^isub>3 # \<tau>) f = cf2sfile \<tau> f"
+apply (frule file_of_proc_fd_in_curf, simp)
-apply (frule vt_cons', induct f)
+apply (case_tac e)
-by (auto simp add:index_of_file.simps cf2sfile.simps no_junior_def split:option.splits nat.splits)
+apply (auto intro!:cfd2sfd_execve cfd2sfd_closefd cfd2sfd_kill cfd2sfd_exit)
+apply (auto simp:cfd2sfd_def sectxt_of_obj_simps current_files_simps cf2sfile_simps split:option.splits)
-lemma cf2sfile_rename1:
+apply (auto dest!:current_has_sec' dest:file_of_proc_fd_in_curf proc_fd_in_fds)
-"\<lbrakk>Rename p f\<^isub>2 f\<^isub>3 # \<tau> \<in> vt rc_cs; parent f\<^isub>3 = Some pf\<^isub>3\<rbrakk> \<Longrightarrow> cf2sfile (Rename p f\<^isub>2 f\<^isub>3 # \<tau>) f\<^isub>3 = SCrea (Suc (length \<tau>)) # (cf2sfile \<tau> pf\<^isub>3)"
+done
-apply (case_tac f\<^isub>3, simp add:cf2sfile.simps)
-apply (auto dest!:cf2sfile_rename'2 simp add:no_junior_def cf2sfile.simps index_of_file.simps split:option.splits)
+lemmas cfd2sfd_simps = cfd2sfd_open cfd2sfd_clone cfd2sfd_other
-done
+(********** cpfd2sfds simpset **********)
-lemma index_of_file_rename1: "\<lbrakk>f\<^isub>2 \<preceq> f; f \<noteq> f\<^isub>2\<rbrakk> \<Longrightarrow> index_of_file (Rename p f\<^isub>2 f\<^isub>3 # \<tau>) (file_after_rename f\<^isub>2 f\<^isub>3 f) = index_of_file \<tau> f"
-apply (clarsimp simp add:index_of_file.simps split:option.splits)
+lemma current_filefd_has_flags:
-by (frule_tac f\<^isub>3 = f\<^isub>3 in file_renaming_prop3, simp, erule conjE, simp add:file_renaming_prop5)
+"\<lbrakk>file_of_proc_fd s p fd = Some f; valid s\<rbrakk> \<Longrightarrow> \<exists> flags. flags_of_proc_fd s p fd = Some flags"
+apply (induct s arbitrary:p)
-lemma cf2sfile_rename2: "\<lbrakk>Rename p f\<^isub>2 f\<^isub>3 # \<tau> \<in> vt rc_cs; (file_before_rename f\<^isub>2 f\<^isub>3 f) \<in> current_files \<tau>; parent f\<^isub>3 = Some pf\<^isub>3; f\<^isub>3 \<preceq> f\<rbrakk>
+apply (simp only:flags_of_proc_fd.simps file_of_proc_fd.simps init_filefd_prop4)
-\<Longrightarrow> cf2sfile (Rename p f\<^isub>2 f\<^isub>3 # \<tau>) f = file_after_rename (cf2sfile \<tau> f\<^isub>2) (SCrea (Suc (length \<tau>)) # (cf2sfile \<tau> pf\<^isub>3)) (cf2sfile \<tau> (file_before_rename f\<^isub>2 f\<^isub>3 f))"
+apply (frule vd_cons, frule vt_grant_os, case_tac a)
-apply (induct f, simp add:no_junior_def)
+apply (auto split:if_splits option.splits dest:proc_fd_in_fds)
-apply (case_tac "a # f = f\<^isub>3", simp)
+done
-apply (drule cf2sfile_rename1, simp, simp add:file_renaming_prop0' file_renaming_prop0)
+lemma current_filefd_has_flags':
-apply (frule no_junior_noteq, simp, simp)
+"\<lbrakk>flags_of_proc_fd s p fd = None; valid s\<rbrakk> \<Longrightarrow> file_of_proc_fd s p fd = None"
-apply (frule_tac file_renaming_prop1')
+apply (case_tac "file_of_proc_fd s p fd")
-apply (frule_tac f = f\<^isub>2 and \<tau> = \<tau> in cf2sfile_keep_path, simp add:vt_cons')
+apply (simp, drule current_filefd_has_flags, simp+)
-apply (frule_tac f\<^isub>2 = f\<^isub>2 and a = a in file_renaming_prop8')
+done
-apply (frule_tac f\<^isub>2 = f\<^isub>2 and a = a in file_renaming_prop6')
-apply (frule_tac f = "file_before_rename f\<^isub>2 f\<^isub>3 (a # f)" and \<tau> = \<tau> and f\<^isub>2 = f\<^isub>2 and f\<^isub>3 = f\<^isub>3 and p = p in index_of_file_rename1, simp add:file_before_rename_def)
+lemma current_file_has_sfile':
-apply (drule_tac f\<^isub>3 = f\<^isub>3 and f\<^isub>1 = f and a = a and f\<^isub>2 = f\<^isub>2 in file_renaming_prop9', simp)
+"\<lbrakk>cf2sfile s f = None; valid s\<rbrakk> \<Longrightarrow> f \<notin> current_files s"
-apply (drule parentf_in_current', simp add:vt_cons')
+by (rule notI, drule current_file_has_sfile, simp+)
-apply (simp add:cf2sfile.simps)
-apply (erule file_renaming_prop6[THEN sym])
+lemma current_filefd_has_sfd:
-done
+"\<lbrakk>file_of_proc_fd s p fd = Some f; valid s\<rbrakk> \<Longrightarrow> \<exists>sfd. cfd2sfd s p fd = Some sfd"
+by (auto simp:cfd2sfd_def split:option.splits dest!:current_has_sec' current_file_has_sfile'
-lemma cf2sfile_rename2': "\<lbrakk>Rename p f\<^isub>2 f\<^isub>3 # \<tau> \<in> vt rc_cs; f \<in> current_files \<tau>; parent f\<^isub>3 = Some pf\<^isub>3; f\<^isub>2 \<preceq> f\<rbrakk>
+dest:file_of_proc_fd_in_curf proc_fd_in_fds current_filefd_has_flags)
-\<Longrightarrow> cf2sfile (Rename p f\<^isub>2 f\<^isub>3 # \<tau>) (file_after_rename f\<^isub>2 f\<^isub>3 f) = file_after_rename (cf2sfile \<tau> f\<^isub>2) (SCrea (Suc (length \<tau>)) # (cf2sfile \<tau> pf\<^isub>3)) (cf2sfile \<tau> f)"
-apply (frule_tac f\<^isub>3 = f\<^isub>3 in file_renaming_prop5)
+lemma current_filefd_has_sfd':
-apply (frule_tac f\<^isub>3 = f\<^isub>3 in file_renaming_prop1)
+"\<lbrakk>cfd2sfd s p fd = None; valid s\<rbrakk> \<Longrightarrow> file_of_proc_fd s p fd = None"
-apply (drule_tac f = "file_after_rename f\<^isub>2 f\<^isub>3 f" in cf2sfile_rename2, simp+)
+by (case_tac "file_of_proc_fd s p fd", auto dest:current_filefd_has_sfd)
-done
+definition cpfd2sfds' :: "t_state \<Rightarrow> t_process \<Rightarrow> t_sfd set"
-lemma cf2sfile_rename3: "\<lbrakk>Rename p f\<^isub>2 f\<^isub>3 # \<tau> \<in> vt rc_cs; f \<in> current_files \<tau>; parent f\<^isub>3 = Some pf\<^isub>3\<rbrakk>
+where
-\<Longrightarrow> cf2sfile (Rename p f\<^isub>2 f\<^isub>3 # \<tau>) (file_after_rename f\<^isub>2 f\<^isub>3 f) = file_after_rename (cf2sfile \<tau> f\<^isub>2) (SCrea (Suc (length \<tau>)) # (cf2sfile \<tau> pf\<^isub>3)) (cf2sfile \<tau> f)"
+"cpfd2sfds' s p \<equiv> {sfd. \<exists> fd f. file_of_proc_fd s p fd = Some f \<and> cfd2sfd s p fd = Some sfd}"
-apply (case_tac "f\<^isub>2 \<preceq> f")
-apply (rule cf2sfile_rename2', simp+)
+definition cph2spshs' :: "t_state \<Rightarrow> t_process \<Rightarrow> t_sproc_sshm set"
-apply (frule vt_grant_os)
+where
-apply (frule_tac \<tau> = \<tau> in cf2sfile_keep_path', simp add:vt_cons', simp add:os_grant.simps, simp)
+"cph2spshs' s p \<equiv> {(sh, flag). \<exists> h. (p, flag) \<in> procs_of_shm s h \<and> ch2sshm s h = Some sh}"
-apply (simp add:file_after_rename_def)
-by (rule cf2sfile_rename'1, simp+)
+lemma "x \<in> cph2spshs' s p \<Longrightarrow> False"
+apply (simp add:cph2spshs'_def)
-lemma cf2sfile_rename: "\<lbrakk>Rename p f\<^isub>2 f\<^isub>3 # \<tau> \<in> vt rc_cs; f \<in> current_files (Rename p f\<^isub>2 f\<^isub>3 # \<tau>)\<rbrakk> \<Longrightarrow>
+apply (case_tac x, simp)
-cf2sfile (Rename p f\<^isub>2 f\<^isub>3 # \<tau>) f = (
-if (f\<^isub>3 \<preceq> f) then (case (parent f\<^isub>3) of
-Some pf\<^isub>3 \<Rightarrow> file_after_rename (cf2sfile \<tau> f\<^isub>2) (SCrea (Suc (length \<tau>)) # (cf2sfile \<tau> pf\<^isub>3)) (cf2sfile \<tau> (file_before_rename f\<^isub>2 f\<^isub>3 f))
+lemma cpfd2sfds_open_some1:
-| _        \<Rightarrow> [])
+"valid (Open p f flags fd (Some inum) # s) \<Longrightarrow>
-else cf2sfile \<tau> f               )"
+cpfd2sfds (Open p f flags fd (Some inum) # s) p = (
-apply (frule vt_grant_os)
+case (cfd2sfd (Open p f flags fd (Some inum) # s) p fd) of
-apply (case_tac "f = f\<^isub>3", clarsimp simp:os_grant.simps, drule cf2sfile_rename1, simp+, simp add:file_renaming_prop0' file_renaming_prop0)
+Some sfd \<Rightarrow> (cpfd2sfds s p) \<union> {sfd}
+| _ \<Rightarrow> cpfd2sfds s p)"
-apply (auto simp:os_grant.simps current_files_simps intro:cf2sfile_rename'2 cf2sfile_rename1 split:if_splits option.splits)
+apply (frule vd_cons, frule vt_grant_os)
-apply (rule cf2sfile_rename2, simp, drule rename_renaming_decom, simp+)
+apply (split option.splits)
-apply (drule_tac f\<^isub>2 = f\<^isub>2 and f\<^isub>1 = f\<^isub>1 and f\<^isub>3 = f\<^isub>3 in file_renaming_prop5, simp+)
+apply (rule conjI, rule impI, drule current_filefd_has_sfd', simp, simp)
-done
+apply (rule allI, rule impI)
+apply (rule set_eqI, rule iffI)
-lemma cf2sfile_other: "\<lbrakk>
+unfolding cpfd2sfds_def
-\<forall> p f flags fd opt. e \<noteq> Open p f flags fd opt;
+thm CollectE
-\<forall> p f im. e \<noteq> Mkdir p f im;
+apply (erule CollectE)
-\<forall> p f\<^isub>1 f\<^isub>2. e \<noteq> LinkHard p f\<^isub>1 f\<^isub>2;
+apply (erule CollectE, (erule conjE|erule exE)+)
-\<forall> p f\<^isub>2 f\<^isub>3. e \<noteq> Rename p f\<^isub>2 f\<^isub>3\<rbrakk> \<Longrightarrow> cf2sfile (e # \<tau>) f' = cf2sfile \<tau> f'"
+apply (simp only:file_of_proc_fd.simps split:if_splits)
-apply (induct f', simp add:cf2sfile.simps index_of_file.simps split:option.splits nat.splits)
+apply (simp add:cpfd2sfds_def)
-apply (case_tac e, auto simp add:cf2sfile.simps index_of_file.simps split:option.splits nat.splits)
-done
+apply (auto simp:cpfd2sfds_def split:option.splits if_splits dest:file_of_proc_fd_in_curf proc_fd_in_fds proc_fd_in_procs)
-lemmas cf2sfile_nil = init_cf2sfile
+lemma cpfd2sfds_open1:
+"valid (Open p f flags fd opt # s) \<Longrightarrow>
-lemma cf2sfile_nil': "f \<in> current_files [] \<Longrightarrow> cf2sfile [] f = map SInit f"
+cpfd2sfds (Open p f flags fd opt # s) p = (
-by (simp add:cf2sfile_nil current_files_simps)
+case (sectxt_of_obj (Open p f flags fd opt # s) (O_fd p fd), cf2sfile (Open p f flags fd opt # s) f) of
+(Some sec, Some sf) \<Rightarrow> (cpfd2sfds s p) \<union> {(sec, flags, sf)}
-lemmas cf2sfile_simps = cf2sfile_nil cf2sfile_nil' cf2sfile_open cf2sfile_mkdir cf2sfile_linkhard cf2sfile_rename cf2sfile_other
+| _ \<Rightarrow> cpfd2sfds s p)"
+apply (frule vd_cons, frule vt_grant_os)
-lemmas cf2sfile_simpss = cf2sfile_nil cf2sfile_nil' cf2sfile_open_some' cf2sfile_open_some cf2sfile_open_none cf2sfile_open cf2sfile_mkdir_some' cf2sfile_mkdir_some
+apply (case_tac opt)
-cf2sfile_mkdir cf2sfile_linkhard_none cf2sfile_linkhard_some cf2sfile_linkhard cf2sfile_rename'1 cf2sfile_rename'2 cf2sfile_rename1
+apply (auto simp:sectxt_of_obj_simps current_files_simps dest!:current_has_sec' current_file_has_sfile'
-cf2sfile_rename2 cf2sfile_rename2' cf2sfile_rename3 cf2sfile_rename cf2sfile_other
+split:option.splits)
+apply (auto simp:cpfd2sfds_def split:if_splits)
-lemma cf2sfile_open_some'_inum: "\<lbrakk>Open p f' flags fd (Some inum) # \<tau> \<in> vt rc_cs; inum_of_file \<tau> f = Some im\<rbrakk> \<Longrightarrow> cf2sfile (Open p f' flags fd (Some inum) # \<tau>) f = cf2sfile \<tau> f"
+apply (auto simp:cfd2sfd_open cf2sfile_open sectxt_of_obj_simps current_files_simps split:option.splits if_splits dest!:current_has_sec' current_file_has_sfile')
-by (simp add:cf2sfile_open_some' current_files_def)
+apply (frule cfd2sfd_open1)
+apply (
-lemma cf2sfile_mkdir_some'_inum: "\<lbrakk>Mkdir p f' inum # \<tau> \<in> vt rc_cs; inum_of_file \<tau> f = Some im\<rbrakk> \<Longrightarrow> cf2sfile (Mkdir p f' inum # \<tau>) f = cf2sfile \<tau> f"
+apply (simp add:cpfd2sfds_def)
-by (simp add:cf2sfile_mkdir_some' current_files_def)
+apply (auto simp add:cpfd2sfds_def split:option.splits)
+apply (auto dest!:current_has_sec')
-lemma cf2sfile_linkhard_none_inum: "\<lbrakk>LinkHard p f\<^isub>1 f\<^isub>2 # \<tau> \<in> vt rc_cs; inum_of_file \<tau> f = Some im\<rbrakk> \<Longrightarrow> cf2sfile (LinkHard p f\<^isub>1 f\<^isub>2 # \<tau>) f = cf2sfile \<tau> f"
-by (simp add:cf2sfile_linkhard_none current_files_def)
+lemma cpfd2sfds_open:
+"valid (Open p f flags fd opt # s)
-lemma cf2sfile_rename'1_inum:
+\<Longrightarrow> cpfd2sfds (Open p f flags fd opt # s) = (cpfd2sfds s) (p := (
-"\<lbrakk>Rename p f\<^isub>2 f\<^isub>3 # \<tau> \<in> vt rc_cs; inum_of_file \<tau> f = Some im ; \<not> (f\<^isub>2 \<preceq> f)\<rbrakk> \<Longrightarrow> cf2sfile (Rename p f\<^isub>2 f\<^isub>3 # \<tau>) f = cf2sfile \<tau> f"
+case (sectxt_of_obj (Open p f flags fd opt # s) (O_fd p fd), cf2sfile (Open p f flags fd opt # s) f) of
-by (simp add:cf2sfile_rename'1 current_files_def)
+(Some sec, Some sf) \<Rightarrow> (cpfd2sfds s p) \<union> {(sec, flags, sf)}
+| _ \<Rightarrow> cpfd2sfds s p))"
-lemma cf2sfile_rename2_inum: "\<lbrakk>Rename p f\<^isub>2 f\<^isub>3 # \<tau> \<in> vt rc_cs; inum_of_file \<tau> (file_before_rename f\<^isub>2 f\<^isub>3 f) = Some im; parent f\<^isub>3 = Some pf\<^isub>3; f\<^isub>3 \<preceq> f\<rbrakk>
+apply (frule cfd2sfd_open1)
-\<Longrightarrow> cf2sfile (Rename p f\<^isub>2 f\<^isub>3 # \<tau>) f = file_after_rename (cf2sfile \<tau> f\<^isub>2) (SCrea (Suc (length \<tau>)) # (cf2sfile \<tau> pf\<^isub>3)) (cf2sfile \<tau> (file_before_rename f\<^isub>2 f\<^isub>3 f))"
+apply (rule ext)
-by (simp add:cf2sfile_rename2 current_files_def)
+apply (simp add:cpfd2sfds_def)
+apply (auto simp add:cpfd2sfds_def split:option.splits)
-lemma cf2sfile_rename2'_inum: "\<lbrakk>Rename p f\<^isub>2 f\<^isub>3 # \<tau> \<in> vt rc_cs; inum_of_file \<tau> f = Some im; parent f\<^isub>3 = Some pf\<^isub>3; f\<^isub>2 \<preceq> f\<rbrakk>
-\<Longrightarrow> cf2sfile (Rename p f\<^isub>2 f\<^isub>3 # \<tau>) (file_after_rename f\<^isub>2 f\<^isub>3 f) = file_after_rename (cf2sfile \<tau> f\<^isub>2) (SCrea (Suc (length \<tau>)) # (cf2sfile \<tau> pf\<^isub>3)) (cf2sfile \<tau> f)"
+lemma cpfd2sfds_simps =
-by (simp add:cf2sfile_rename2' current_files_def)
+(******** cp2sproc simpset *********)
-lemma cf2sfile_rename3_inum: "\<lbrakk>Rename p f\<^isub>2 f\<^isub>3 # \<tau> \<in> vt rc_cs; inum_of_file \<tau> f = Some im; parent f\<^isub>3 = Some pf\<^isub>3\<rbrakk>
-\<Longrightarrow> cf2sfile (Rename p f\<^isub>2 f\<^isub>3 # \<tau>) (file_after_rename f\<^isub>2 f\<^isub>3 f) = file_after_rename (cf2sfile \<tau> f\<^isub>2) (SCrea (Suc (length \<tau>)) # (cf2sfile \<tau> pf\<^isub>3)) (cf2sfile \<tau> f)"
-by (simp add:cf2sfile_rename3 current_files_def)
-lemma cf2sfile_nil'_inum: "inum_of_file [] f = Some im \<Longrightarrow> cf2sfile [] f = map SInit f"
-by (simp add:cf2sfile_nil' current_files_def)
-lemmas cf2sfile_simps_inum = cf2sfile_nil cf2sfile_nil'_inum cf2sfile_open_some'_inum cf2sfile_open_some cf2sfile_open_none cf2sfile_open cf2sfile_mkdir_some'_inum cf2sfile_mkdir_some
-cf2sfile_mkdir cf2sfile_linkhard_none_inum cf2sfile_linkhard_some cf2sfile_linkhard cf2sfile_rename'1_inum cf2sfile_rename'2 cf2sfile_rename1
-cf2sfile_rename2_inum cf2sfile_rename2'_inum cf2sfile_rename3_inum cf2sfile_rename cf2sfile_other
-(*************** cp2sproc simpset *********************)
 lemma cp2sproc_nil: "p \<in> init_processes \<Longrightarrow> cp2sproc [] p = SInit p"
+apply (simp add:cp2sproc_def)
 by (simp add:cp2sproc_def index_of_proc.simps)
 lemma cp2sproc_nil': "p \<in> current_procs [] \<Longrightarrow> cp2sproc [] p = SInit p"
 by (simp add:cp2sproc_nil current_procs.simps)

changeset 10	ac66d8ba86d9
parent 8	289a30c4cfb7
child 11	3e7617baa6a3