diff -r 87fdf2de0ffa -r ac66d8ba86d9 Co2sobj_prop.thy --- a/Co2sobj_prop.thy Fri May 17 09:04:47 2013 +0800 +++ b/Co2sobj_prop.thy Tue May 21 08:01:33 2013 +0800 @@ -1,6 +1,6 @@ (*<*) theory Co2sobj_prop -imports Main Flask Flask_type Static Static_type Sectxt_prop Init_prop Current_files_prop Current_sockets_prop Delete_prop +imports Main Flask Flask_type Static Static_type Sectxt_prop Init_prop Current_files_prop Current_sockets_prop Delete_prop Proc_fd_of_file_prop begin (*<*) @@ -371,270 +371,304 @@ split:if_splits option.splits) done +lemma cf2sfile_other': + "\valid (e # s); + \ p f flag fd opt. e \ Open p f flag fd opt; + \ p fd. e \ CloseFd p fd; + \ p f. e \ UnLink p f; + \ p f. e \ Rmdir p f; + \ p f i. e \ Mkdir p f i; + \ p f f'. e \ LinkHard p f f'; + ff \ current_files s\ \ cf2sfile (e # s) ff = cf2sfile s ff" +by (auto intro!:cf2sfile_other) + lemma cf2sfile_unlink: "\valid (UnLink p f # s); f' \ current_files (UnLink p f # s)\ \ cf2sfile (UnLink p f # s) f' = cf2sfile s f'" apply (frule vd_cons, frule vt_grant_os) apply (simp add:current_files_simps split:if_splits) apply (auto simp:cf2sfile_def sectxt_of_obj_simps get_parentfs_ctxts_simps is_file_simps is_dir_simps - split:if_splits option.splits) - - -lemmas cf2sfile_simps = cf2sfile_open cf2sfile_mkdir cf2sfile_linkhard cf2sfile_other - - - - - - - - - - - - - - - -lemma cf2sfile_keep_path: "\f \ f'; \ \ vt rc_cs\ \ cf2sfile \ f \ cf2sfile \ f'" -apply (induct f', simp add:no_junior_def) -apply (case_tac "f = a # f'", simp add:cf2sfile.simps) -apply (drule no_junior_noteq, simp, simp add:cf2sfile.simps) + split:if_splits option.splits) done -lemma ckp'_aux: "\ f \ a # f' \ \ f \ f'" -by (auto simp:no_junior_def) - -lemma cf2sfile_keep_path': "\\ f \ f'; \ \ vt rc_cs; f \ current_files \; f' \ current_files \\ \ \ cf2sfile \ f \ cf2sfile \ f'" -apply (induct f', simp add:no_junior_def cf2sfile.simps, rule notI, drule cf2sfile_root_file, simp) -apply (case_tac "f = a # f'", simp add:cf2sfile.simps) -apply (rule notI) -apply (frule ckp'_aux, simp, frule parentf_in_current', simp+) -apply (case_tac "cf2sfile \ f = cf2sfile \ (a # f')", drule cf2sfile_inj, simp+) -apply (simp add:cf2sfile.simps) -by (drule no_junior_noteq, simp+) - -lemma cf2sfile_keep_path'': "\cf2sfile \ f \ cf2sfile \ f'; \ \ vt rc_cs; f \ current_files \; f' \ current_files \\ \ f \ f'" -using cf2sfile_keep_path' -by (auto) - -lemma cf2sfile_open_some': "\f \ current_files \; Open p f' flags fd (Some inum) # \ \ vt rc_cs\ \ cf2sfile (Open p f' flags fd (Some inum) # \) f = cf2sfile \ f" -apply (frule vt_cons') -apply (drule vt_grant_os) -apply (induct f) -apply (simp add:cf2sfile.simps)+ -apply (frule parentf_in_current', simp) -apply (auto simp:os_grant.simps index_of_file.simps split:option.splits) -done - -lemma cf2sfile_open_some: "\Open p f flags fd (Some inum) # \ \ vt rc_cs; parent f = Some pf\ - \ cf2sfile (Open p f flags fd (Some inum) # \) f = (SCrea (Suc (length \)) # (cf2sfile \ pf))" -apply (case_tac f, simp) -apply (frule vt_grant_os) -apply (simp add:cf2sfile.simps os_grant.simps current_files_simps index_of_file.simps cf2sfile_open_some') +lemma cf2sfile_rmdir: + "\valid (Rmdir p f # s); f' \ current_files (Rmdir p f # s)\ + \ cf2sfile (Rmdir p f # s) f' = cf2sfile s f'" +apply (frule vd_cons, frule vt_grant_os) +apply (simp add:current_files_simps split:if_splits) +apply (auto simp:cf2sfile_def sectxt_of_obj_simps get_parentfs_ctxts_simps is_file_simps is_dir_simps + split:if_splits option.splits) done -lemma cf2sfile_open_none: "cf2sfile (Open p f flags fd None # \) f' = cf2sfile \ f'" -apply (induct f') -by (simp add:cf2sfile.simps index_of_file.simps split:option.splits nat.splits)+ +lemma pfdof_simp5: "\proc_fd_of_file s f = {(p, fd)}; file_of_proc_fd s p fd = None\ \ False" +apply (subgoal_tac "(p, fd) \ proc_fd_of_file s f") +by (simp add:pfdof_simp2, simp) + +lemma pfdof_simp6: "proc_fd_of_file s f = {(p, fd)} \ file_of_proc_fd s p fd = Some f" +apply (subgoal_tac "(p, fd) \ proc_fd_of_file s f") +by (simp add:pfdof_simp2, simp) + +lemma cf2sfile_closefd: + "\valid (CloseFd p fd # s); f \ current_files (CloseFd p fd # s)\ + \ cf2sfile (CloseFd p fd # s) f = cf2sfile s f" +apply (frule vd_cons, frule vt_grant_os) +apply (simp add:current_files_simps split:if_splits option.splits) +(* costs too much time, but solved + +apply (auto simp:cf2sfile_def sectxt_of_obj_simps get_parentfs_ctxts_simps is_file_simps is_dir_simps + split:if_splits option.splits + dest:init_file_dir_conflict pfdof_simp5 pfdof_simp6 file_of_pfd_is_file + not_deleted_init_file not_deleted_init_dir is_file_not_dir is_dir_not_file + dest!:current_has_sec') +done +*) +sorry -lemma cf2sfile_open: "\Open p f flags fd opt # \ \ vt rc_cs; f' \ current_files (Open p f flags fd opt # \)\ \ - cf2sfile (Open p f flags fd opt # \) f' = ( - if (opt = None) then cf2sfile \ f' - else if (f' = f) then (case (parent f) of - Some pf \ (SCrea (Suc (length \)) # (cf2sfile \ pf)) - | _ \ []) - else cf2sfile \ f' )" -apply (frule vt_grant_os) -by (auto simp:os_grant.simps current_files_simps intro:cf2sfile_open_none cf2sfile_open_some cf2sfile_open_some' split:if_splits option.splits) +lemmas cf2sfile_simps = cf2sfile_open cf2sfile_mkdir cf2sfile_linkhard cf2sfile_other + cf2sfile_unlink cf2sfile_rmdir cf2sfile_closefd + +(*********** cfd2sfd simpset *********) + +lemma cfd2sfd_open1: + "valid (Open p f flags fd opt # s) + \ cfd2sfd (Open p f flags fd opt # s) p fd = + (case (sectxt_of_obj (Open p f flags fd opt # s) (O_fd p fd), cf2sfile (Open p f flags fd opt # s) f) of + (Some sec, Some sf) \ Some (sec, flags, sf) + | _ \ None)" +by (simp add:cfd2sfd_def sectxt_of_obj_simps split:if_splits) -lemma cf2sfile_mkdir_some': "\Mkdir p f' inum # \ \ vt rc_cs; f \ current_files \\ \ cf2sfile (Mkdir p f' inum # \) f = cf2sfile \ f" -apply (frule vt_cons', drule vt_grant_os) -apply (induct f, (simp add:cf2sfile.simps)+) -apply (frule parentf_in_current', simp) -apply (auto simp:os_grant.simps index_of_file.simps split:option.splits) -done - -lemma cf2sfile_mkdir_some: "\Mkdir p f inum # \ \ vt rc_cs; parent f = Some pf\ - \ cf2sfile (Mkdir p f inum # \) f = (SCrea (Suc (length \)) # (cf2sfile \ pf))" -apply (case_tac f, simp) -apply (frule vt_grant_os) -apply (simp add:cf2sfile.simps os_grant.simps current_files_simps index_of_file.simps cf2sfile_mkdir_some') +lemma cfd2sfd_open_some2: + "\valid (Open p f flags fd (Some inum) # s); file_of_proc_fd s p' fd' = Some f'\ + \ cfd2sfd (Open p f flags fd (Some inum) # s) p' fd' = cfd2sfd s p' fd'" +apply (frule vd_cons, frule vt_grant_os) +apply (frule proc_fd_in_fds, simp) +apply (frule file_of_proc_fd_in_curf, simp) +apply (case_tac "f = f'", simp) +apply (simp add:cfd2sfd_def sectxt_of_obj_simps cf2sfile_open_some1) +apply (case_tac "p = p'", simp) +apply (rule conjI, rule impI, simp) +apply (drule cf2sfile_open_some1, simp) +apply (auto split:option.splits)[1] +apply simp +apply (drule cf2sfile_open_some1, simp) +apply (auto split:option.splits)[1] done -lemma cf2sfile_mkdir: "\Mkdir p f inum # \ \ vt rc_cs; f' \ current_files (Mkdir p f inum # \)\ \ - cf2sfile (Mkdir p f inum # \) f' = ( - if (f' = f) then (case (parent f) of - Some pf \ (SCrea (Suc (length \)) # (cf2sfile \ pf)) - | _ \ []) - else cf2sfile \ f' ) " -apply (frule vt_grant_os) -by (auto simp:os_grant.simps current_files_simps intro:cf2sfile_mkdir_some cf2sfile_mkdir_some' split:if_splits option.splits) - -lemma cf2sfile_linkhard_none: "\LinkHard p f\<^isub>1 f\<^isub>2 # \ \ vt rc_cs; f \ current_files \\ \ cf2sfile (LinkHard p f\<^isub>1 f\<^isub>2 # \) f = cf2sfile \ f" -apply (frule vt_cons') -apply (drule vt_grant_os) -apply (induct f) -apply (simp add:cf2sfile.simps)+ -apply (frule parentf_in_current', simp) -apply (auto simp:os_grant.simps index_of_file.simps split:option.splits) +lemma cfd2sfd_open_none2: + "\valid (Open p f flags fd None # s); file_of_proc_fd s p' fd' = Some f'\ + \ cfd2sfd (Open p f flags fd None # s) p' fd' = cfd2sfd s p' fd'" +apply (frule vd_cons, frule vt_grant_os) +apply (frule proc_fd_in_fds, simp) +apply (frule file_of_proc_fd_in_curf, simp) +apply (simp add:cfd2sfd_def sectxt_of_obj_simps cf2sfile_open_none) +apply (case_tac "p = p'", simp) +apply (rule conjI, rule impI, simp) +apply (drule cf2sfile_open_none) +apply (auto split:option.splits)[1] +apply simp +apply (drule cf2sfile_open_none) +apply (auto split:option.splits)[1] +done + +lemma cfd2sfd_open2: + "\valid (Open p f flags fd opt # s); file_of_proc_fd s p' fd' = Some f'\ + \ cfd2sfd (Open p f flags fd opt # s) p' fd' = cfd2sfd s p' fd'" +apply (case_tac opt) +apply (simp add:cfd2sfd_open_none2) +apply (simp add:cfd2sfd_open_some2) done -lemma cf2sfile_linkhard_some: - "\LinkHard p f\<^isub>1 f\<^isub>2 # \ \ vt rc_cs; parent f\<^isub>2 = Some pf\<^isub>2\ \ cf2sfile (LinkHard p f\<^isub>1 f\<^isub>2 # \) f\<^isub>2 = (SCrea (Suc (length \)) # (cf2sfile \ pf\<^isub>2))" -apply (case_tac f\<^isub>2, simp) -apply (frule vt_grant_os) -apply (simp add:cf2sfile.simps os_grant.simps current_files_simps index_of_file.simps cf2sfile_linkhard_none) +lemma cfd2sfd_open: + "\valid (Open p f flags fd opt # s); file_of_proc_fd (Open p f flags fd opt # s) p' fd' = Some f'\ + \ cfd2sfd (Open p f flags fd opt # s) p' fd' = (if (p' = p \ fd' = fd) then + (case (sectxt_of_obj (Open p f flags fd opt # s) (O_fd p fd), cf2sfile (Open p f flags fd opt # s) f) of + (Some sec, Some sf) \ Some (sec, flags, sf) + | _ \ None) else cfd2sfd s p' fd')" +apply (simp split:if_splits) +apply (simp add:cfd2sfd_open1 split:option.splits) +apply (simp add:cfd2sfd_open2) +apply (rule impI, simp) done -lemma cf2sfile_linkhard: "\LinkHard p f\<^isub>1 f\<^isub>2 # \ \ vt rc_cs; f \ current_files (LinkHard p f\<^isub>1 f\<^isub>2 # \)\ \ - cf2sfile (LinkHard p f\<^isub>1 f\<^isub>2 # \) f = ( - if (f = f\<^isub>2) then (case (parent f\<^isub>2) of - Some pf\<^isub>2 \ SCrea (Suc (length \)) # (cf2sfile \ pf\<^isub>2) - | _ \ []) - else cf2sfile \ f )" -apply (frule vt_grant_os) -by (auto simp:os_grant.simps current_files_simps intro:cf2sfile_linkhard_none cf2sfile_linkhard_some split:if_splits option.splits) +lemma cfd2sfd_closefd: + "\valid (CloseFd p fd # s); file_of_proc_fd (CloseFd p fd # s) p' fd' = Some f\ + \ cfd2sfd (CloseFd p fd # s) p' fd' = cfd2sfd s p' fd'" +apply (frule vd_cons, frule vt_grant_os) +apply (frule proc_fd_in_fds, simp) +apply (frule file_of_proc_fd_in_curf, simp) +apply (frule cf2sfile_closefd, simp) +apply (simp add:cfd2sfd_def sectxt_of_obj_simps) +apply (auto split:option.splits if_splits) +done - -lemma no_junior_aux: "\ f\<^isub>2 \ a # f \ \ f\<^isub>2 \ f" -by (auto simp:no_junior_def) - -lemma cf2sfile_rename_aux: "\Rename p f\<^isub>2 f\<^isub>3 # \ \ vt rc_cs; f \ current_files \\ \ f \ f\<^isub>3 \ \ f\<^isub>3 \ f" -apply (frule vt_grant_os, simp add:os_grant.simps, (erule exE|erule conjE)+) -apply (rule conjI, rule notI, simp) -apply (rule notI, drule vt_cons', simp add:ancenf_in_current) +lemma cfd2sfd_clone: + "\valid (Clone p p' fds shms # s); file_of_proc_fd (Clone p p' fds shms # s) p'' fd' = Some f\ + \ cfd2sfd (Clone p p' fds shms # s) p'' fd' = ( + if (p'' = p') then cfd2sfd s p fd' + else cfd2sfd s p'' fd')" +apply (frule vd_cons, frule vt_grant_os) +apply (frule proc_fd_in_fds, simp) +apply (frule file_of_proc_fd_in_curf, simp, simp add:current_files_simps) +apply (frule_tac cf2sfile_other', simp+) +apply (simp add:cfd2sfd_def sectxt_of_obj_simps) +apply (case_tac "p'' = p'", simp) +apply (auto split:option.splits if_splits)[1] +apply (simp) +apply (auto split:option.splits if_splits)[1] done -lemma cf2sfile_rename'1: - "\Rename p f\<^isub>2 f\<^isub>3 # \ \ vt rc_cs; f \ current_files \; \ (f\<^isub>2 \ f)\ \ cf2sfile (Rename p f\<^isub>2 f\<^isub>3 # \) f = cf2sfile \ f" -apply (frule vt_cons',frule vt_grant_os, induct f) -apply (simp add:cf2sfile.simps) -apply (frule parentf_in_current', simp, simp) -apply (frule no_junior_aux, simp) -apply (simp add:os_grant.simps, (erule exE|erule conjE)+) -apply (drule cf2sfile_rename_aux, simp, erule conjE) -apply (auto simp add:cf2sfile.simps index_of_file.simps split:option.splits nat.splits) +lemma cfd2sfd_execve: + "\valid (Execve p f fds # s); file_of_proc_fd (Execve p f fds # s) p' fd' = Some f'\ + \ cfd2sfd (Execve p f fds # s) p' fd' = cfd2sfd s p' fd'" +apply (frule vd_cons, frule vt_grant_os) +apply (frule proc_fd_in_fds, simp) +apply (frule file_of_proc_fd_in_curf, simp, simp add:current_files_simps) +apply (frule_tac cf2sfile_other', simp+) +apply (simp add:cfd2sfd_def sectxt_of_obj_simps) +apply (case_tac "p' = p", simp) +apply (auto split:option.splits if_splits)[1] +apply (simp) +apply (auto split:option.splits if_splits)[1] done -lemma cf2sfile_rename'2: - "\Rename p f\<^isub>2 f\<^isub>3 # \ \ vt rc_cs; \ (f\<^isub>3 \ f)\ \ cf2sfile (Rename p f\<^isub>2 f\<^isub>3 # \) f = cf2sfile \ f" -apply (frule vt_cons', induct f) -by (auto simp add:index_of_file.simps cf2sfile.simps no_junior_def split:option.splits nat.splits) - -lemma cf2sfile_rename1: - "\Rename p f\<^isub>2 f\<^isub>3 # \ \ vt rc_cs; parent f\<^isub>3 = Some pf\<^isub>3\ \ cf2sfile (Rename p f\<^isub>2 f\<^isub>3 # \) f\<^isub>3 = SCrea (Suc (length \)) # (cf2sfile \ pf\<^isub>3)" -apply (case_tac f\<^isub>3, simp add:cf2sfile.simps) -apply (auto dest!:cf2sfile_rename'2 simp add:no_junior_def cf2sfile.simps index_of_file.simps split:option.splits) +lemma cfd2sfd_kill: + "\valid (Kill p p'' # s); file_of_proc_fd (Kill p p'' # s) p' fd' = Some f'\ + \ cfd2sfd (Kill p p'' # s) p' fd' = cfd2sfd s p' fd'" +apply (frule vd_cons, frule vt_grant_os) +apply (frule proc_fd_in_fds, simp) +apply (frule proc_fd_in_procs, simp) +apply (frule file_of_proc_fd_in_curf, simp, simp add:current_files_simps) +apply (frule_tac cf2sfile_other', simp+) +apply (simp add:cfd2sfd_def sectxt_of_obj_simps) +apply (auto split:option.splits if_splits) done -lemma index_of_file_rename1: "\f\<^isub>2 \ f; f \ f\<^isub>2\ \ index_of_file (Rename p f\<^isub>2 f\<^isub>3 # \) (file_after_rename f\<^isub>2 f\<^isub>3 f) = index_of_file \ f" -apply (clarsimp simp add:index_of_file.simps split:option.splits) -by (frule_tac f\<^isub>3 = f\<^isub>3 in file_renaming_prop3, simp, erule conjE, simp add:file_renaming_prop5) - -lemma cf2sfile_rename2: "\Rename p f\<^isub>2 f\<^isub>3 # \ \ vt rc_cs; (file_before_rename f\<^isub>2 f\<^isub>3 f) \ current_files \; parent f\<^isub>3 = Some pf\<^isub>3; f\<^isub>3 \ f\ - \ cf2sfile (Rename p f\<^isub>2 f\<^isub>3 # \) f = file_after_rename (cf2sfile \ f\<^isub>2) (SCrea (Suc (length \)) # (cf2sfile \ pf\<^isub>3)) (cf2sfile \ (file_before_rename f\<^isub>2 f\<^isub>3 f))" -apply (induct f, simp add:no_junior_def) -apply (case_tac "a # f = f\<^isub>3", simp) -apply (drule cf2sfile_rename1, simp, simp add:file_renaming_prop0' file_renaming_prop0) - -apply (frule no_junior_noteq, simp, simp) -apply (frule_tac file_renaming_prop1') -apply (frule_tac f = f\<^isub>2 and \ = \ in cf2sfile_keep_path, simp add:vt_cons') -apply (frule_tac f\<^isub>2 = f\<^isub>2 and a = a in file_renaming_prop8') -apply (frule_tac f\<^isub>2 = f\<^isub>2 and a = a in file_renaming_prop6') -apply (frule_tac f = "file_before_rename f\<^isub>2 f\<^isub>3 (a # f)" and \ = \ and f\<^isub>2 = f\<^isub>2 and f\<^isub>3 = f\<^isub>3 and p = p in index_of_file_rename1, simp add:file_before_rename_def) -apply (drule_tac f\<^isub>3 = f\<^isub>3 and f\<^isub>1 = f and a = a and f\<^isub>2 = f\<^isub>2 in file_renaming_prop9', simp) -apply (drule parentf_in_current', simp add:vt_cons') -apply (simp add:cf2sfile.simps) -apply (erule file_renaming_prop6[THEN sym]) +lemma cfd2sfd_exit: + "\valid (Exit p # s); file_of_proc_fd (Exit p # s) p' fd' = Some f'\ + \ cfd2sfd (Exit p # s) p' fd' = cfd2sfd s p' fd'" +apply (frule vd_cons, frule vt_grant_os) +apply (frule proc_fd_in_fds, simp) +apply (frule proc_fd_in_procs, simp) +apply (frule file_of_proc_fd_in_curf, simp, simp add:current_files_simps) +apply (frule_tac cf2sfile_other', simp+) +apply (simp add:cfd2sfd_def sectxt_of_obj_simps) +apply (auto split:option.splits if_splits) done -lemma cf2sfile_rename2': "\Rename p f\<^isub>2 f\<^isub>3 # \ \ vt rc_cs; f \ current_files \; parent f\<^isub>3 = Some pf\<^isub>3; f\<^isub>2 \ f\ - \ cf2sfile (Rename p f\<^isub>2 f\<^isub>3 # \) (file_after_rename f\<^isub>2 f\<^isub>3 f) = file_after_rename (cf2sfile \ f\<^isub>2) (SCrea (Suc (length \)) # (cf2sfile \ pf\<^isub>3)) (cf2sfile \ f)" -apply (frule_tac f\<^isub>3 = f\<^isub>3 in file_renaming_prop5) -apply (frule_tac f\<^isub>3 = f\<^isub>3 in file_renaming_prop1) -apply (drule_tac f = "file_after_rename f\<^isub>2 f\<^isub>3 f" in cf2sfile_rename2, simp+) +lemma cfd2sfd_other: + "\valid (e # s); file_of_proc_fd (e # s) p' fd' = Some f'; + \ p f flags fd opt. e \ Open p f flags fd opt; + \ p p'' fds shms. e \ Clone p p'' fds shms\ + \ cfd2sfd (e # s) p' fd' = cfd2sfd s p' fd'" +apply (frule vd_cons, frule vt_grant_os) +apply (frule proc_fd_in_fds, simp) +apply (frule proc_fd_in_procs, simp) +apply (frule file_of_proc_fd_in_curf, simp) +apply (case_tac e) +apply (auto intro!:cfd2sfd_execve cfd2sfd_closefd cfd2sfd_kill cfd2sfd_exit) +apply (auto simp:cfd2sfd_def sectxt_of_obj_simps current_files_simps cf2sfile_simps split:option.splits) +apply (auto dest!:current_has_sec' dest:file_of_proc_fd_in_curf proc_fd_in_fds) +done + +lemmas cfd2sfd_simps = cfd2sfd_open cfd2sfd_clone cfd2sfd_other + +(********** cpfd2sfds simpset **********) + +lemma current_filefd_has_flags: + "\file_of_proc_fd s p fd = Some f; valid s\ \ \ flags. flags_of_proc_fd s p fd = Some flags" +apply (induct s arbitrary:p) +apply (simp only:flags_of_proc_fd.simps file_of_proc_fd.simps init_filefd_prop4) +apply (frule vd_cons, frule vt_grant_os, case_tac a) +apply (auto split:if_splits option.splits dest:proc_fd_in_fds) +done + +lemma current_filefd_has_flags': + "\flags_of_proc_fd s p fd = None; valid s\ \ file_of_proc_fd s p fd = None" +apply (case_tac "file_of_proc_fd s p fd") +apply (simp, drule current_filefd_has_flags, simp+) done -lemma cf2sfile_rename3: "\Rename p f\<^isub>2 f\<^isub>3 # \ \ vt rc_cs; f \ current_files \; parent f\<^isub>3 = Some pf\<^isub>3\ - \ cf2sfile (Rename p f\<^isub>2 f\<^isub>3 # \) (file_after_rename f\<^isub>2 f\<^isub>3 f) = file_after_rename (cf2sfile \ f\<^isub>2) (SCrea (Suc (length \)) # (cf2sfile \ pf\<^isub>3)) (cf2sfile \ f)" -apply (case_tac "f\<^isub>2 \ f") -apply (rule cf2sfile_rename2', simp+) -apply (frule vt_grant_os) -apply (frule_tac \ = \ in cf2sfile_keep_path', simp add:vt_cons', simp add:os_grant.simps, simp) -apply (simp add:file_after_rename_def) -by (rule cf2sfile_rename'1, simp+) +lemma current_file_has_sfile': + "\cf2sfile s f = None; valid s\ \ f \ current_files s" +by (rule notI, drule current_file_has_sfile, simp+) -lemma cf2sfile_rename: "\Rename p f\<^isub>2 f\<^isub>3 # \ \ vt rc_cs; f \ current_files (Rename p f\<^isub>2 f\<^isub>3 # \)\ \ - cf2sfile (Rename p f\<^isub>2 f\<^isub>3 # \) f = ( - if (f\<^isub>3 \ f) then (case (parent f\<^isub>3) of - Some pf\<^isub>3 \ file_after_rename (cf2sfile \ f\<^isub>2) (SCrea (Suc (length \)) # (cf2sfile \ pf\<^isub>3)) (cf2sfile \ (file_before_rename f\<^isub>2 f\<^isub>3 f)) - | _ \ []) - else cf2sfile \ f )" -apply (frule vt_grant_os) -apply (case_tac "f = f\<^isub>3", clarsimp simp:os_grant.simps, drule cf2sfile_rename1, simp+, simp add:file_renaming_prop0' file_renaming_prop0) +lemma current_filefd_has_sfd: + "\file_of_proc_fd s p fd = Some f; valid s\ \ \sfd. cfd2sfd s p fd = Some sfd" +by (auto simp:cfd2sfd_def split:option.splits dest!:current_has_sec' current_file_has_sfile' + dest:file_of_proc_fd_in_curf proc_fd_in_fds current_filefd_has_flags) + +lemma current_filefd_has_sfd': + "\cfd2sfd s p fd = None; valid s\ \ file_of_proc_fd s p fd = None" +by (case_tac "file_of_proc_fd s p fd", auto dest:current_filefd_has_sfd) -apply (auto simp:os_grant.simps current_files_simps intro:cf2sfile_rename'2 cf2sfile_rename1 split:if_splits option.splits) -apply (rule cf2sfile_rename2, simp, drule rename_renaming_decom, simp+) -apply (drule_tac f\<^isub>2 = f\<^isub>2 and f\<^isub>1 = f\<^isub>1 and f\<^isub>3 = f\<^isub>3 in file_renaming_prop5, simp+) -done +definition cpfd2sfds' :: "t_state \ t_process \ t_sfd set" +where + "cpfd2sfds' s p \ {sfd. \ fd f. file_of_proc_fd s p fd = Some f \ cfd2sfd s p fd = Some sfd}" -lemma cf2sfile_other: "\ - \ p f flags fd opt. e \ Open p f flags fd opt; - \ p f im. e \ Mkdir p f im; - \ p f\<^isub>1 f\<^isub>2. e \ LinkHard p f\<^isub>1 f\<^isub>2; - \ p f\<^isub>2 f\<^isub>3. e \ Rename p f\<^isub>2 f\<^isub>3\ \ cf2sfile (e # \) f' = cf2sfile \ f'" -apply (induct f', simp add:cf2sfile.simps index_of_file.simps split:option.splits nat.splits) -apply (case_tac e, auto simp add:cf2sfile.simps index_of_file.simps split:option.splits nat.splits) -done +definition cph2spshs' :: "t_state \ t_process \ t_sproc_sshm set" +where + "cph2spshs' s p \ {(sh, flag). \ h. (p, flag) \ procs_of_shm s h \ ch2sshm s h = Some sh}" -lemmas cf2sfile_nil = init_cf2sfile +lemma "x \ cph2spshs' s p \ False" +apply (simp add:cph2spshs'_def) +apply (case_tac x, simp) -lemma cf2sfile_nil': "f \ current_files [] \ cf2sfile [] f = map SInit f" -by (simp add:cf2sfile_nil current_files_simps) -lemmas cf2sfile_simps = cf2sfile_nil cf2sfile_nil' cf2sfile_open cf2sfile_mkdir cf2sfile_linkhard cf2sfile_rename cf2sfile_other - -lemmas cf2sfile_simpss = cf2sfile_nil cf2sfile_nil' cf2sfile_open_some' cf2sfile_open_some cf2sfile_open_none cf2sfile_open cf2sfile_mkdir_some' cf2sfile_mkdir_some - cf2sfile_mkdir cf2sfile_linkhard_none cf2sfile_linkhard_some cf2sfile_linkhard cf2sfile_rename'1 cf2sfile_rename'2 cf2sfile_rename1 - cf2sfile_rename2 cf2sfile_rename2' cf2sfile_rename3 cf2sfile_rename cf2sfile_other - -lemma cf2sfile_open_some'_inum: "\Open p f' flags fd (Some inum) # \ \ vt rc_cs; inum_of_file \ f = Some im\ \ cf2sfile (Open p f' flags fd (Some inum) # \) f = cf2sfile \ f" -by (simp add:cf2sfile_open_some' current_files_def) +lemma cpfd2sfds_open_some1: + "valid (Open p f flags fd (Some inum) # s) \ + cpfd2sfds (Open p f flags fd (Some inum) # s) p = ( + case (cfd2sfd (Open p f flags fd (Some inum) # s) p fd) of + Some sfd \ (cpfd2sfds s p) \ {sfd} + | _ \ cpfd2sfds s p)" +apply (frule vd_cons, frule vt_grant_os) +apply (split option.splits) +apply (rule conjI, rule impI, drule current_filefd_has_sfd', simp, simp) +apply (rule allI, rule impI) +apply (rule set_eqI, rule iffI) +unfolding cpfd2sfds_def +thm CollectE +apply (erule CollectE) +apply (erule CollectE, (erule conjE|erule exE)+) +apply (simp only:file_of_proc_fd.simps split:if_splits) +apply (simp add:cpfd2sfds_def) -lemma cf2sfile_mkdir_some'_inum: "\Mkdir p f' inum # \ \ vt rc_cs; inum_of_file \ f = Some im\ \ cf2sfile (Mkdir p f' inum # \) f = cf2sfile \ f" -by (simp add:cf2sfile_mkdir_some' current_files_def) - -lemma cf2sfile_linkhard_none_inum: "\LinkHard p f\<^isub>1 f\<^isub>2 # \ \ vt rc_cs; inum_of_file \ f = Some im\ \ cf2sfile (LinkHard p f\<^isub>1 f\<^isub>2 # \) f = cf2sfile \ f" -by (simp add:cf2sfile_linkhard_none current_files_def) - -lemma cf2sfile_rename'1_inum: - "\Rename p f\<^isub>2 f\<^isub>3 # \ \ vt rc_cs; inum_of_file \