diff -r f27ba31b7e96 -r 6f7b9039715f no_shm_selinux/Delete_prop.thy --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/no_shm_selinux/Delete_prop.thy Tue Dec 17 13:30:21 2013 +0800 @@ -0,0 +1,263 @@ +theory Delete_prop +imports Main Flask Flask_type Init_prop Alive_prop Current_files_prop +begin + +context flask begin + +lemma died_cons_I: "died obj s \ died obj (e # s)" +by (case_tac e, auto) + +lemma not_died_cons_D: "\ died obj (e # s) \ \ died obj s" +by (auto dest:died_cons_I) + +lemma cons_app_simp_aux: + "(a # b) @ c = a # (b @ c)" by auto + +lemma not_died_app_I: + "died obj s \ died obj (s' @ s)" +apply (induct s', simp) +by (simp add:cons_app_simp_aux died_cons_I) + +lemma not_died_app_D: + "\ died obj (s' @ s) \ \ died obj s" +apply (rule notI) +by (simp add:not_died_app_I) + +lemma not_died_init_file: + "\\ died (O_file f) s; valid s; is_init_file f\ \ is_file s f" +apply (induct s, simp add:is_file_nil) +apply (frule vd_cons, frule vt_grant_os) +apply (case_tac a) prefer 6 apply (case_tac option) +apply (auto simp:is_file_simps split:option.splits) +done + +lemma not_died_init_dir: + "\\ died (O_dir f) s; valid s; is_init_dir f\ \ is_dir s f" +apply (induct s, simp add:is_dir_nil) +apply (frule vd_cons, frule vt_grant_os) +apply (case_tac a) prefer 6 apply (case_tac option) +apply (auto simp:is_dir_simps split:option.splits) +done + +lemma not_died_init_proc: + "\\ died (O_proc p) s; p \ init_procs\ \ p \ current_procs s" +apply (induct s, simp) +by (case_tac a, auto) + +lemma current_fd_imp_current_proc: + "\fd \ current_proc_fds s p; valid s\ \ p \ current_procs s" +apply (induct s) +apply (simp add:init_fds_of_proc_prop1) +apply (frule vd_cons, drule vt_grant_os, case_tac a) +by (auto split:if_splits option.splits) + +lemma not_died_init_fd_aux: + "\\ died (O_fd p fd) s; valid s; fd \ init_fds_of_proc p\ + \ fd \ current_proc_fds s p \ \ died (O_proc p) s" +apply (induct s arbitrary: p, simp) +apply (frule vd_cons, drule vt_grant_os) +apply (case_tac a, auto dest:current_fd_imp_current_proc) +done + +lemma not_died_init_fd2: + "\\ died (O_fd p fd) s; fd \ init_fds_of_proc p; valid s\ \ \ died (O_proc p) s" +by (auto dest:not_died_init_fd_aux) + +lemma not_died_init_fd1: + "\\ died (O_fd p fd) s; valid s; fd \ init_fds_of_proc p\ \ fd \ current_proc_fds s p" +by (auto dest:not_died_init_fd_aux) + +lemma not_died_init_tcp_aux: + "\\ died (O_tcp_sock (p,fd)) s; valid s; is_init_tcp_sock (p,fd)\ + \ is_tcp_sock s (p,fd) \ \ died (O_proc p) s" +apply (induct s arbitrary:p, simp add:is_tcp_sock_nil) +apply (frule vd_cons, frule vt_grant_os) +apply (case_tac a) prefer 6 apply (case_tac option) +by (auto simp:is_tcp_sock_simps split:option.splits t_socket_type.splits + dest:is_tcp_sock_imp_curernt_proc) + +lemma not_died_init_tcp1: + "\\ died (O_tcp_sock (p,fd)) s; valid s; is_init_tcp_sock (p,fd)\ + \ is_tcp_sock s (p,fd)" +by (auto dest:not_died_init_tcp_aux) + +lemma not_died_init_tcp2: + "\\ died (O_tcp_sock (p,fd)) s; valid s; is_init_tcp_sock (p,fd)\ + \ \ died (O_proc p) s" +by (auto dest:not_died_init_tcp_aux) + +lemma not_died_init_udp_aux: + "\\ died (O_udp_sock (p,fd)) s; valid s; is_init_udp_sock (p,fd)\ + \ is_udp_sock s (p,fd) \ \ died (O_proc p) s" +apply (induct s arbitrary:p, simp add:is_udp_sock_nil) +apply (frule vd_cons, frule vt_grant_os) +apply (case_tac a) prefer 6 apply (case_tac option) +by (auto simp:is_udp_sock_simps split:option.splits t_socket_type.splits + dest:is_udp_sock_imp_curernt_proc) + +lemma not_died_init_udp1: + "\\ died (O_udp_sock (p,fd)) s; valid s; is_init_udp_sock (p,fd)\ + \ is_udp_sock s (p,fd)" +by (auto dest:not_died_init_udp_aux) + +lemma not_died_init_udp2: + "\\ died (O_udp_sock (p,fd)) s; valid s; is_init_udp_sock (p,fd)\ + \ \ died (O_proc p) s" +by (auto dest:not_died_init_udp_aux) + +(* +lemma not_died_init_shm: + "\\ died (O_shm h) s; h \ init_shms\ \ h \ current_shms s" +apply (induct s, simp) +by (case_tac a, auto) +*) + +lemma not_died_init_msgq: + "\\ died (O_msgq q) s; q \ init_msgqs\ \ q \ current_msgqs s" +apply (induct s, simp) +by (case_tac a, auto) + +lemma current_msg_imp_current_msgq: + "\m \ set (msgs_of_queue s q); valid s\ \ q \ current_msgqs s" +apply (induct s) +apply (simp add:init_msgs_valid) +apply (frule vd_cons, drule vt_grant_os) +apply (case_tac a, auto split:if_splits) +done + +lemma not_died_init_msg: + "\\ died (O_msg q m) s; valid s; m \ set (init_msgs_of_queue q)\ \ m \ set (msgs_of_queue s q)" +apply (induct s, simp) +apply (frule vd_cons, frule vt_grant_os) +apply (case_tac a, auto dest:current_msg_imp_current_msgq) +apply (case_tac "msgs_of_queue s q", simp+) +done + +lemma not_died_imp_alive: (* init_alive obj; *) + "\\ died obj s; valid s; init_alive obj\ \ alive s obj" +apply (case_tac obj) +apply (auto dest!: not_died_init_file not_died_init_dir not_died_init_proc + not_died_init_msg not_died_init_fd1 not_died_init_tcp1 not_died_init_udp1 (* not_died_init_shm *) + not_died_init_msgq + intro:is_file_in_current is_dir_in_current is_tcp_in_current is_udp_in_current + current_msg_imp_current_msgq) +done + +lemma not_died_cur_file_app: + "\\ died (O_file f) (s' @ s); valid (s' @ s); is_file s f\ \ is_file (s' @ s) f" +apply (induct s', simp, simp add:cons_app_simp_aux) +apply (frule vd_cons, frule vt_grant_os, simp) +apply (case_tac a) prefer 6 apply (case_tac option) +apply (auto simp:is_file_simps split:option.splits) +done + +lemma not_died_cur_dir_app: + "\\ died (O_dir f) (s' @ s); valid (s' @ s); is_dir s f\ \ is_dir (s' @ s) f" +apply (induct s', simp, simp add:cons_app_simp_aux) +apply (frule vd_cons, frule vt_grant_os, simp) +apply (case_tac a) prefer 6 apply (case_tac option) +apply (auto simp:is_dir_simps split:option.splits) +done + +lemma not_died_cur_proc_app: + "\\ died (O_proc p) (s' @ s); p \ current_procs s\ \ p \ current_procs (s' @ s)" +apply (induct s', simp, simp add:cons_app_simp_aux) +by (case_tac a, auto) + +lemma not_died_cur_fd_app: + "\\ died (O_fd p fd) (s' @ s); valid (s' @ s); fd \ current_proc_fds s p\ + \ fd \ current_proc_fds (s' @ s) p" +apply (induct s' arbitrary: p, simp, simp add:cons_app_simp_aux) +apply (frule vd_cons, drule vt_grant_os) +apply (case_tac a, auto dest:current_fd_imp_current_proc) +done + +lemma not_died_cur_tcp_app: + "\\ died (O_tcp_sock (p,fd)) (s' @ s); valid (s' @ s); is_tcp_sock s (p,fd)\ + \ is_tcp_sock (s' @ s) (p,fd)" +apply (induct s' arbitrary:p, simp, simp add:cons_app_simp_aux) +apply (frule vd_cons, frule vt_grant_os) +apply (case_tac a) prefer 6 apply (case_tac option) +by (auto simp:is_tcp_sock_simps split:option.splits t_socket_type.splits + dest:is_tcp_sock_imp_curernt_proc) + +lemma not_died_cur_udp_app: + "\\ died (O_udp_sock (p,fd)) (s' @ s); valid (s' @ s); is_udp_sock s (p,fd)\ + \ is_udp_sock (s' @ s) (p,fd)" +apply (induct s' arbitrary:p, simp, simp add:cons_app_simp_aux) +apply (frule vd_cons, frule vt_grant_os) +apply (case_tac a) prefer 6 apply (case_tac option) +by (auto simp:is_udp_sock_simps split:option.splits t_socket_type.splits + dest:is_udp_sock_imp_curernt_proc) + +(* +lemma not_died_cur_shm_app: + "\\ died (O_shm h) (s' @ s); h \ current_shms s\ \ h \ current_shms (s' @ s)" +apply (induct s', simp, simp add:cons_app_simp_aux) +by (case_tac a, auto) +*) + +lemma not_died_cur_msgq_app: + "\\ died (O_msgq q) (s' @ s); q \ current_msgqs s\ \ q \ current_msgqs (s' @ s)" +apply (induct s', simp, simp add:cons_app_simp_aux) +by (case_tac a, auto) + +lemma not_died_cur_msg_app: + "\\ died (O_msg q m) (s' @ s); valid (s' @ s); m \ set (msgs_of_queue s q)\ + \ m \ set (msgs_of_queue (s' @ s) q)" +apply (induct s', simp, simp add:cons_app_simp_aux) +apply (frule vd_cons, frule vt_grant_os) +apply (case_tac a, auto dest:current_msg_imp_current_msgq) +apply (case_tac "msgs_of_queue (s' @ s) q", simp+) +done + +lemma not_died_imp_alive_app: + "\\ died obj (s' @ s); valid (s' @ s); alive s obj\ \ alive (s' @ s) obj" +apply (case_tac obj) +apply (auto dest!: not_died_cur_file_app not_died_cur_dir_app + not_died_cur_proc_app not_died_cur_fd_app not_died_cur_tcp_app not_died_cur_msg_app + not_died_cur_udp_app (* not_died_cur_shm_app *) not_died_cur_msgq_app + intro:is_file_in_current is_dir_in_current is_tcp_in_current is_udp_in_current + current_msg_imp_current_msgq) +done + +lemma not_died_imp_alive_cons: + "\\ died obj (e # s); valid (e # s); alive s obj\ \ alive (e # s) obj" +using not_died_imp_alive_app[where s = s and s' = "[e]" and obj = obj] +by auto + +end + +context tainting begin + +lemma deleted_died: + "appropriate obj \ died obj s = (deleted obj s \ exited obj s)" +apply (induct s) +apply (simp, case_tac obj, simp+) +apply (case_tac a, case_tac [!] obj, auto) +done + +end + +(* + +lemma nodel_imp_un_died: + "no_del_event s \ \ died obj s" +by (induct s, simp, case_tac a,auto) + +lemma nodel_exists_remains: + "\no_del_event (s'@s); exists s obj\ \ exists (s'@s) obj" +apply (drule_tac obj = obj in nodel_imp_un_died) +by (simp add:not_died_imp_exists') + +lemma nodel_imp_exists: + "\no_del_event s; exists [] obj\ \ exists s obj" +apply (drule_tac obj = obj in nodel_imp_un_died) +by (simp add:not_died_imp_exists) + +lemma no_del_event_cons_D: + "no_del_event (e # s) \ no_del_event s" +by (case_tac e, auto) +*) + +end \ No newline at end of file