S2ss_prop.thy
changeset 53 e3ad1b294fd9
parent 52 ec73b98d4a64
child 54 e934f9a697f5
--- a/S2ss_prop.thy	Thu Sep 26 22:08:32 2013 +0800
+++ b/S2ss_prop.thy	Fri Sep 27 11:36:51 2013 +0800
@@ -774,9 +774,9 @@
       then ss \<union> {sobj'}
       else ss - {sobj} \<union> {sobj'})"
 
-definition update_s2ss_sfile :: "t_state \<Rightarrow> t_static_state \<Rightarrow> t_file \<Rightarrow> t_sfile \<Rightarrow> t_static_state"
+definition update_s2ss_sfile_del :: "t_state \<Rightarrow> t_static_state \<Rightarrow> t_file \<Rightarrow> t_sfile \<Rightarrow> t_static_state"
 where 
-  "update_s2ss_sfile s ss f sf \<equiv> 
+  "update_s2ss_sfile_del s ss f sf \<equiv> 
      if (same_inode_files s f = {f})
      then ss
      else ss \<union> {S_file (cf2sfiles s f - {sf}) (O_file f \<in> Tainted s)}"
@@ -787,8 +787,8 @@
      (if (\<exists> f' \<in> same_inode_files s f. f' \<noteq> f \<and> cf2sfile s f' = Some sf)
       then ss
       else if (\<exists> f'. is_file s f' \<and> f' \<notin> same_inode_files s f \<and> co2sobj s (O_file f') = co2sobj s (O_file f))
-           then update_s2ss_sfile s ss f sf
-           else update_s2ss_sfile s (ss - {S_file (cf2sfiles s f) (O_file f \<in> Tainted s)}) f sf)"
+           then update_s2ss_sfile_del s ss f sf
+           else update_s2ss_sfile_del s (ss - {S_file (cf2sfiles s f) (O_file f \<in> Tainted s)}) f sf)"
 
 lemma alive_co2sobj_closefd1:
   "\<lbrakk>alive s obj; valid (CloseFd p fd # s); co2sobj s obj = Some sobj; 
@@ -974,7 +974,7 @@
 apply (auto simp add:co2sobj.simps tainted_eq_Tainted split:t_object.splits if_splits)[1]
 
 apply (rule impI, tactic {*my_seteq_tac 1*})
-apply (simp add:update_s2ss_obj_def update_s2ss_sfile_def)
+apply (simp add:update_s2ss_obj_def update_s2ss_sfile_del_def)
 apply (rule conjI| rule impI|erule exE|erule conjE)+
 apply (erule_tac obj = obj in co2sobj_some_caseD)
 apply (case_tac "pa = p", simp add:co2sobj.simps tainted_eq_Tainted)
@@ -1055,7 +1055,7 @@
 apply (frule_tac obj = obj in co2sobj_closefd, simp, simp add:alive_simps)
 apply (rule notI, simp add:co2sobj_closefd, erule_tac x = obj in allE, simp)
 
-apply (simp add:update_s2ss_sfile_def update_s2ss_obj_def split:if_splits)
+apply (simp add:update_s2ss_sfile_del_def update_s2ss_obj_def split:if_splits)
 apply (erule disjE, rule_tac x = "O_proc p" in exI, simp add:co2sobj.simps tainted_eq_Tainted)
 apply (erule exE, erule conjE)
 apply (case_tac "obj = O_proc p")
@@ -1149,7 +1149,7 @@
 
 apply (rule impI, rule conjI, rule impI)
 apply (tactic {*my_seteq_tac 1*})
-apply (simp add:update_s2ss_obj_def update_s2ss_sfile_def)
+apply (simp add:update_s2ss_obj_def update_s2ss_sfile_del_def)
 apply (rule conjI| rule impI|erule exE|erule conjE)+
 apply (erule_tac obj = obj in co2sobj_some_caseD)
 apply (case_tac "pa = p", simp add:co2sobj.simps tainted_eq_Tainted)
@@ -1231,7 +1231,7 @@
 
 apply (rule impI)
 apply (tactic {*my_seteq_tac 1*})
-apply (simp add:update_s2ss_obj_def update_s2ss_sfile_def)
+apply (simp add:update_s2ss_obj_def update_s2ss_sfile_del_def)
 apply (rule conjI| rule impI|erule exE|erule conjE)+
 apply (erule_tac obj = obj in co2sobj_some_caseD)
 apply (case_tac "pa = p", simp add:co2sobj.simps tainted_eq_Tainted)
@@ -1334,7 +1334,7 @@
 apply (frule_tac obj = obj in co2sobj_closefd, simp, simp add:alive_simps)
 apply (rule notI, simp add:co2sobj.simps split:option.splits)+
 
-apply (simp add:update_s2ss_sfile_def update_s2ss_obj_def split:if_splits)
+apply (simp add:update_s2ss_sfile_del_def update_s2ss_obj_def split:if_splits)
 apply (erule conjE, erule disjE)
 apply (rule_tac x = "O_proc p" in exI, simp add:co2sobj.simps tainted_eq_Tainted)
 apply (erule exE, erule conjE)
@@ -1471,7 +1471,7 @@
 apply (frule vd_cons, frule vt_grant_os, clarsimp split:if_splits)
 apply (frule is_file_has_sfile', simp, erule exE, simp)
 apply (rule conjI, rule impI)
-apply (simp add:update_s2ss_sfile_def del_s2ss_file_def)
+apply (simp add:update_s2ss_sfile_del_def del_s2ss_file_def)
 apply (rule impI|erule conjE|erule exE|rule conjI|erule bexE)+ defer
 apply (rule impI|erule conjE|erule exE|rule conjI|erule bexE)+ 
 
@@ -1740,9 +1740,9 @@
 apply (rule_tac x = obj in exI, simp add:co2sobj_mkdir alive_mkdir)
 done
 
-definition update_s2ss_sfile_link:: "t_state \<Rightarrow> t_static_state \<Rightarrow> t_file \<Rightarrow> t_sfile \<Rightarrow> t_static_state"
+definition update_s2ss_sfile:: "t_state \<Rightarrow> t_static_state \<Rightarrow> t_file \<Rightarrow> t_sfile \<Rightarrow> t_static_state"
 where
- "update_s2ss_sfile_link s ss f sf \<equiv>
+ "update_s2ss_sfile s ss f sf \<equiv>
     if (\<exists> f'. is_file s f' \<and> f' \<notin> same_inode_files s f \<and> co2sobj s (O_file f') = co2sobj s (O_file f))
        then ss \<union> {S_file (cf2sfiles s f \<union> {sf}) (O_file f \<in> Tainted s)}
        else ss - {S_file (cf2sfiles s f) (O_file f \<in> Tainted s)} 
@@ -1750,14 +1750,14 @@
 
 lemma s2ss_linkhard: "valid (LinkHard p f f' # s) \<Longrightarrow> s2ss (LinkHard p f f' # s) = (
   case (cf2sfile (LinkHard p f f' # s) f') of
-    Some sf \<Rightarrow> update_s2ss_sfile_link s (s2ss s) f sf
+    Some sf \<Rightarrow> update_s2ss_sfile s (s2ss s) f sf
   | _       \<Rightarrow> {})"
 apply (frule vt_grant_os, frule vd_cons, clarsimp)
 apply (split option.splits)
 apply (rule conjI, rule impI, drule current_file_has_sfile', simp, simp add:current_files_simps)
 apply (rule allI, rule impI)
 
-apply (simp add:update_s2ss_sfile_link_def)
+apply (simp add:update_s2ss_sfile_def)
 apply (rule conjI, rule impI, erule exE, erule conjE, erule conjE)
 apply (simp add:s2ss_def)
 apply (tactic {*my_seteq_tac 1*})
@@ -1836,8 +1836,142 @@
 apply (rule_tac x = obj in exI, simp add:co2sobj_linkhard alive_linkhard)
 done
 
+lemma has_same_inode_prop3:
+  "is_file s f \<Longrightarrow> has_same_inode s f f"
+by (auto simp:is_file_def has_same_inode_def split:option.splits)
+
+definition update_s2ss_sfile_tainted:: "t_state \<Rightarrow> t_static_state \<Rightarrow> t_file \<Rightarrow> bool \<Rightarrow> t_static_state"
+where
+ "update_s2ss_sfile_tainted s ss f tag \<equiv>
+    if (\<exists> f'. is_file s f' \<and> f' \<notin> same_inode_files s f \<and> 
+              co2sobj s (O_file f') = Some (S_file (cf2sfiles s f) False))
+       then ss \<union> {S_file (cf2sfiles s f) True}
+       else ss - {S_file (cf2sfiles s f) False} 
+               \<union> {S_file (cf2sfiles s f) True}"
+
+lemma s2ss_truncate: "valid (Truncate p f len # s) \<Longrightarrow> s2ss (Truncate p f len # s) = (
+  if (O_file f \<notin> Tainted s \<and> O_proc p \<in> Tainted s \<and> len > 0)
+  then update_s2ss_sfile_tainted s (s2ss s) f True
+  else s2ss s)"
+apply (frule vt_grant_os, frule vd_cons, simp split:if_splits)
+apply (rule conjI, rule impI, (erule conjE)+)
+
+apply (simp add:update_s2ss_sfile_tainted_def)
+apply (rule conjI|rule impI|erule exE|erule conjE)+
+apply (simp add:s2ss_def)
+apply (tactic {*my_seteq_tac 1*})
+apply (case_tac "obj = O_file f")
+apply (rule disjI1, simp add:co2sobj.simps tainted_eq_Tainted has_same_inode_prop3 cf2sfiles_other)
+apply (erule_tac obj = obj in co2sobj_some_caseD)
+apply (rule disjI2, simp, rule_tac x = obj in exI, simp add:co2sobj_truncate alive_simps)
+apply (case_tac "fa \<in> same_inode_files s f")
+apply (rule disjI1, simp add:co2sobj.simps tainted_eq_Tainted cf2sfiles_prop cf2sfiles_other)
+apply (simp add:same_inode_files_prop7)
+apply (rule disjI2, simp, rule_tac x = obj in exI)
+apply (simp add:co2sobj_truncate is_file_simps)
+apply (rule disjI2, simp, rule_tac x = obj in exI)
+apply (simp add:co2sobj_truncate)
+apply (rule disjI2, simp, rule_tac x = obj in exI)
+apply (simp add:co2sobj_truncate is_dir_simps)
+apply (rule disjI2, simp, rule_tac x = obj in exI)
+apply (simp add:co2sobj_truncate)
+apply (tactic {*my_setiff_tac 1*})
+apply (rule_tac x = "O_file f" in exI)
+apply (simp add:co2sobj.simps is_file_simps tainted_eq_Tainted cf2sfiles_other has_same_inode_prop3)
+apply (tactic {*my_setiff_tac 1*})
+apply (erule_tac obj = obj in co2sobj_some_caseD)
+apply (rule_tac x = obj in exI, simp add:co2sobj_truncate)
+apply (case_tac "fa \<in> same_inode_files s f")
+apply (rule_tac x = "O_file f'" in exI)
+apply (auto simp:co2sobj_truncate is_file_simps is_dir_simps split:t_object.splits)[1]
+apply (simp add:co2sobj.simps same_inodes_Tainted tainted_eq_Tainted cf2sfiles_prop)
+apply (rule_tac x = obj in exI, simp add:co2sobj_truncate is_file_simps)
+apply (rule_tac x = obj in exI, simp add:co2sobj_truncate)
+apply (rule_tac x = obj in exI, simp add:co2sobj_truncate is_dir_simps)
+apply (rule_tac x = obj in exI, simp add:co2sobj_truncate)
+
+apply (rule conjI|rule impI|erule exE|erule conjE)+
+apply (simp add:s2ss_def)
+apply (tactic {*my_seteq_tac 1*})
+apply (case_tac "obj = O_file f")
+apply (rule disjI1, simp add:co2sobj.simps tainted_eq_Tainted has_same_inode_prop3 cf2sfiles_other)
+apply (erule_tac obj = obj in co2sobj_some_caseD)
+apply (rule disjI2, simp, rule conjI, rule_tac x = obj in exI, simp add:co2sobj_truncate alive_simps)
+apply (rule notI, simp add:co2sobj.simps split:option.splits)
+apply (case_tac "fa \<in> same_inode_files s f")
+apply (rule disjI1, simp add:co2sobj.simps tainted_eq_Tainted cf2sfiles_prop cf2sfiles_other)
+apply (simp add:same_inode_files_prop7)
+apply (rule disjI2, simp, rule conjI, rule_tac x = obj in exI)
+apply (simp add:co2sobj_truncate is_file_simps)
+apply (rule notI, simp add:co2sobj_truncate is_file_simps)
+apply (erule_tac x = fa in allE)
+apply (simp add:co2sobj.simps)
+apply (rule disjI2, simp, rule conjI, rule_tac x = obj in exI)
+apply (simp add:co2sobj_truncate)
+apply (rule notI, simp add:co2sobj.simps split:option.splits)
+apply (rule disjI2, simp, rule conjI, rule_tac x = obj in exI)
+apply (simp add:co2sobj_truncate is_dir_simps)
+apply (rule notI, simp add:co2sobj.simps split:option.splits)
+apply (rule disjI2, simp, rule conjI, rule_tac x = obj in exI)
+apply (simp add:co2sobj_truncate)
+apply (rule notI, simp add:co2sobj.simps split:option.splits)
+apply (tactic {*my_setiff_tac 1*})
+apply (rule_tac x = "O_file f" in exI)
+apply (simp add:co2sobj.simps is_file_simps tainted_eq_Tainted cf2sfiles_other has_same_inode_prop3)
+apply (tactic {*my_setiff_tac 1*})
+apply (erule_tac obj = obj in co2sobj_some_caseD)
+apply (rule_tac x = obj in exI, simp add:co2sobj_truncate)
+apply (case_tac "fa \<in> same_inode_files s f")
+apply (simp add:co2sobj.simps same_inodes_Tainted tainted_eq_Tainted cf2sfiles_prop)
+apply (rule_tac x = obj in exI, simp add:co2sobj_truncate is_file_simps)
+apply (rule_tac x = obj in exI, simp add:co2sobj_truncate)
+apply (rule_tac x = obj in exI, simp add:co2sobj_truncate is_dir_simps)
+apply (rule_tac x = obj in exI, simp add:co2sobj_truncate)
+
+apply (rule impI, simp add:s2ss_def)
+apply (tactic {*my_seteq_tac 1*})
+apply (rule_tac x = obj in exI)
+apply (simp add:alive_simps co2sobj_truncate)
+apply (simp split:t_object.splits if_splits add:co2sobj.simps tainted_eq_Tainted)
+apply (case_tac "O_proc p \<in> Tainted s", simp add:same_inodes_Tainted)
+apply simp
+apply (tactic {*my_setiff_tac 1*})
+apply (rule_tac x = obj in exI)
+apply (simp add:alive_simps co2sobj_truncate)
+apply (auto split:t_object.splits if_splits simp:co2sobj.simps tainted_eq_Tainted same_inodes_Tainted)
+done
+
+lemma s2ss_createmsgq: "valid (CreateMsgq p q # s) \<Longrightarrow> s2ss (CreateMsgq p q # s) = 
+  (case (cq2smsgq (CreateMsgq p q # s) q) of 
+     Some sq \<Rightarrow> s2ss s \<union> {S_msgq sq}
+   | _       \<Rightarrow> {})"
+apply (frule vd_cons, frule vt_grant_os, clarsimp)
+apply (case_tac "cq2smsgq (CreateMsgq p q # s) q")
+apply (drule current_has_smsgq', simp+)
+apply (simp add:s2ss_def)
+apply (tactic {*my_seteq_tac 1*})
+apply (case_tac "obj = O_msgq q")
+apply (rule disjI1, simp add:co2sobj.simps)
+apply (rule disjI2, simp, rule_tac x = obj in exI)
+apply (simp add:co2sobj_createmsgq is_file_simps is_dir_simps split:t_object.splits if_splits)
+apply (simp add:co2sobj.simps)
+apply (simp add:co2sobj.simps)
+apply (tactic {*my_setiff_tac 1*})
+apply (rule_tac x = "O_msgq q" in exI, simp add:co2sobj.simps)
+apply (tactic {*my_setiff_tac 1*})
+apply (case_tac "obj = O_msgq q")
+apply simp
+apply (rule_tac x = obj in exI)
+apply (auto simp add:co2sobj_createmsgq alive_simps split:t_object.splits if_splits)
+done
+
+lemma s2ss_sendmsg:
+
+lemma s2ss_recvmsg:
+
+lemma s2ss_removemsgq:
 
 lemmas s2ss_simps = s2ss_execve s2ss_clone s2ss_ptrace s2ss_kill s2ss_exit s2ss_open
   s2ss_readfile s2ss_writefile s2ss_closefd s2ss_unlink s2ss_rmdir s2ss_linkhard
-  s2ss
+  s2ss_truncate s2ss_createmsgq