diff -r 1a1df29d3507 -r d9dc04c3ea90 no_shm_selinux/S2ss_prop.thy --- a/no_shm_selinux/S2ss_prop.thy Wed Jan 08 18:40:38 2014 +0800 +++ b/no_shm_selinux/S2ss_prop.thy Thu Jan 09 14:39:00 2014 +0800 @@ -1,6 +1,6 @@ (*<*) theory S2ss_prop -imports Main Flask Flask_type Static Static_type Init_prop Tainted_prop Valid_prop Alive_prop Co2sobj_prop +imports Main Flask Flask_type Static Static_type Init_prop Tainted_prop Valid_prop Alive_prop Co2sobj_prop Dalive_prop begin (*>*) @@ -8,22 +8,9 @@ (* simpset for s2ss*) -lemma co2sobj_some_case: - "\co2sobj s obj = Some sobj; \ p. obj = O_proc p \ P (O_proc p); - \ f. obj = O_file f \ P (O_file f); - \ f. obj = O_dir f \ P (O_dir f); \ q. obj = O_msgq q \ P (O_msgq q)\ - \ P obj" (* \ h. obj = O_shm h \ P (O_shm h); *) -by (case_tac obj, auto) - -lemma co2sobj_execve_alive: - "\alive s obj; co2sobj s obj = Some x; valid (Execve p f fds # s)\ - \ alive (Execve p f fds # s) obj" -apply (erule co2sobj_some_case) -by (auto simp:alive_simps simp del:alive.simps) - lemma s2ss_execve': "valid (Execve p f fds # s) \ s2ss (Execve p f fds # s) = ( - if (\ p'. p' \ p \ p' \ current_procs s \ co2sobj s (O_proc p') = co2sobj s (O_proc p)) + if (\ p'. p' \ p \ p' \ current_procs s \ co2sobj s (D_proc p') = co2sobj s (D_proc p)) then (case (cp2sproc (Execve p f fds # s) p) of Some sp \ s2ss s \ {S_proc sp (O_proc p \ tainted s \ O_file f \ tainted s)} | _ \ {} ) @@ -41,19 +28,18 @@ apply (erule exE, simp) apply (simp add:s2ss_def, rule set_eqI, rule iffI) apply (drule CollectD, (erule exE|erule conjE)+) -apply (case_tac "obj = O_proc p") +apply (case_tac "obj = D_proc p") apply (simp add:co2sobj_execve split:if_splits) apply (simp add:co2sobj_execve, rule disjI2) -apply (rule_tac x = obj in exI, case_tac obj, (simp add:alive_simps)+)[1] +apply (rule_tac x = obj in exI, case_tac obj, (simp add:dalive_simps)+)[1] apply (simp, erule disjE) -apply (rule_tac x = "O_proc p" in exI, simp) +apply (rule_tac x = "D_proc p" in exI, simp) apply (erule exE| erule conjE)+ apply (case_tac "x = S_proc sp (O_proc p \ tainted s)") -apply (rule_tac x = "O_proc p'" in exI) -apply (simp add:alive_execve co2sobj_execve cp2sproc_execve) -apply (case_tac "obj = O_proc p", simp) -apply (frule co2sobj_execve_alive, simp, simp) -apply (frule_tac obj = obj in co2sobj_execve, simp) +apply (rule_tac x = "D_proc p'" in exI) +apply (simp add:dalive_execve co2sobj_execve cp2sproc_execve) +apply (case_tac "obj = D_proc p", simp, simp add:dalive_execve) +apply (frule_tac obj = obj in co2sobj_execve, simp add:dalive_execve) apply (rule_tac x = obj in exI, simp, simp) apply (erule conjE, frule current_proc_has_sp, simp, erule exE, rule impI, simp) @@ -62,26 +48,20 @@ apply (erule exE, erule conjE, simp) apply (simp add:s2ss_def, rule set_eqI, rule iffI) apply (drule CollectD, (erule exE|erule conjE)+) -apply (case_tac "obj = O_proc p", simp) +apply (case_tac "obj = D_proc p", simp) apply (rule disjI1, simp split:if_splits) apply (simp add:co2sobj_execve, rule disjI2) -apply (rule conjI,rule_tac x = obj in exI, simp add:alive_simps split:t_object.splits) +apply (rule conjI,rule_tac x = obj in exI, simp add:dalive_simps split:t_object.splits) apply (rule notI, simp, case_tac obj) apply (erule_tac x = nat in allE, simp, (simp split:option.splits)+) apply (erule disjE, simp) -apply (rule_tac x = "O_proc p" in exI, simp) +apply (rule_tac x = "D_proc p" in exI, simp) apply (erule exE|erule conjE)+ -apply (rule_tac x = obj in exI) -apply (drule_tac obj = obj in co2sobj_execve_alive, simp+) -apply (frule_tac obj = obj in co2sobj_execve, simp, simp) +apply (rule_tac x = obj in exI, simp add:dalive_execve) +apply (frule_tac obj = obj in co2sobj_execve, simp add:dalive_execve, simp) apply (rule impI, simp, simp) done -lemma s2ss_clone_alive: - "\co2sobj s obj = Some x; alive s obj; obj \ O_proc p'; valid (Clone p p' fds # s)\ - \ alive (Clone p p' fds # s) obj" -by (erule co2sobj_some_case, auto simp:alive_clone) - lemma s2ss_clone: "valid (Clone p p' fds # s) \ s2ss (Clone p p' fds # s) = ( case (cp2sproc (Clone p p' fds # s) p') of @@ -91,21 +71,23 @@ apply (rule conjI, rule impI, drule current_proc_has_sp', simp, simp) apply (rule allI, rule impI, simp add:s2ss_def) apply (rule set_eqI, rule iffI, drule CollectD, (erule exE|erule conjE)+) -apply (case_tac "obj = O_proc p'", simp) +apply (case_tac "obj = D_proc p'", simp) apply (case_tac "O_proc p' \ tainted s", drule tainted_in_current, simp+) apply (rule disjI1, simp split:if_splits) apply (simp, rule disjI2) apply (frule co2sobj_clone, simp) -apply (rule_tac x = obj in exI, simp add:alive_simps split:t_object.splits) +apply (rule_tac x = obj in exI) +apply (simp add:dalive_simps split:t_dobject.splits) apply (simp, erule disjE, simp) -apply (rule_tac x = "O_proc p'" in exI, simp) +apply (rule_tac x = "D_proc p'" in exI, simp) apply (rule impI, rule notI, drule tainted_in_current, simp+) apply (erule exE| erule conjE)+ -apply (case_tac "obj = O_proc p'", simp) +apply (case_tac "obj = D_proc p'", simp) apply (rule_tac x = obj in exI) -apply (frule s2ss_clone_alive, simp+) -apply (auto simp:co2sobj_clone alive_simps) +apply (frule dalive_clone) +apply (case_tac obj) +apply (auto simp:co2sobj_clone split:t_dobject.splits simp del:co2sobj.simps) done (* @@ -167,6 +149,7 @@ else tainted s)" by auto +(* lemma co2sobj_some_caseD: "\co2sobj s obj = Some sobj; \ p. \co2sobj s obj = Some sobj; obj = O_proc p\ \ P (O_proc p); \ f. \co2sobj s obj = Some sobj; obj = O_file f\ \ P (O_file f); @@ -174,11 +157,12 @@ \ q. \co2sobj s obj = Some sobj; obj = O_msgq q\ \ P (O_msgq q)\ \ P obj" by (case_tac obj, auto) +*) -definition update_s2ss_obj :: "t_state \ t_static_state \ t_object \ t_sobject \ t_sobject \ t_static_state" +definition update_s2ss_obj :: "t_state \ t_static_state \ t_dobject \ t_sobject \ t_sobject \ t_static_state" where "update_s2ss_obj s ss obj sobj sobj' = - (if (\ obj'. alive s obj' \ obj' \ obj \ co2sobj s obj' = Some sobj) + (if (\ obj'. dalive s obj' \ obj' \ obj \ co2sobj s obj' = Some sobj) then ss \ {sobj'} else ss - {sobj} \ {sobj'})" @@ -218,26 +202,26 @@ *} lemma co2sobj_sproc_imp: - "co2sobj s obj = Some (S_proc sp tag) \ \ p. obj = O_proc p" + "co2sobj s obj = Some (S_proc sp tag) \ \ p. obj = D_proc p" by (case_tac obj, auto simp:co2sobj.simps split:option.splits) lemma co2sobj_sfile_imp: - "co2sobj s obj = Some (S_file sfs tag) \ \ f. obj = O_file f" + "co2sobj s obj = Some (S_file sfs tag) \ \ f. obj = D_file f" by (case_tac obj, auto simp:co2sobj.simps split:option.splits) lemma co2sobj_sdir_imp: - "co2sobj s obj = Some (S_dir sf) \ \ f. obj = O_dir f" + "co2sobj s obj = Some (S_dir sf) \ \ f. obj = D_dir f" by (case_tac obj, auto simp:co2sobj.simps split:option.splits) lemma co2sobj_smsgq_imp: - "co2sobj s obj = Some (S_msgq sq) \ \ q. obj = O_msgq q" + "co2sobj s obj = Some (S_msgq sq) \ \ q. obj = D_msgq q" by (case_tac obj, auto simp:co2sobj.simps split:option.splits) lemma s2ss_execve: "valid (Execve p f fds # s) \ (case (cp2sproc s p, cp2sproc (Execve p f fds # s) p) of (Some sp, Some sp') \ s2ss (Execve p f fds # s) = - update_s2ss_obj s (s2ss s) (O_proc p) (S_proc sp (O_proc p \ tainted s)) + update_s2ss_obj s (s2ss s) (D_proc p) (S_proc sp (O_proc p \ tainted s)) (S_proc sp' (O_proc p \ tainted s \ O_file f \ tainted s)) | _ \ s2ss (Execve p f fds # s) = {})" apply (frule vd_cons, frule vt_grant_os) @@ -257,7 +241,7 @@ apply (rule impI) apply (tactic {*my_clarify_tac 1*}) apply (simp split:option.splits) -apply (erule_tac x = "O_proc p'" in allE, simp) +apply (erule_tac x = "D_proc p'" in allE, simp) done lemma s2ss_ptrace1_aux: "x \ {x. P x} \ \ P x" by simp @@ -266,7 +250,7 @@ "\valid (Ptrace p p' # s); O_proc p \ tainted s; O_proc p' \ tainted s\ \ (case (cp2sproc s p') of Some sp' \ s2ss (Ptrace p p' # s) = - update_s2ss_obj s (s2ss s) (O_proc p') (S_proc sp' False) (S_proc sp' True) + update_s2ss_obj s (s2ss s) (D_proc p') (S_proc sp' False) (S_proc sp' True) | _ \ s2ss (Ptrace p p' # s) = {})" apply (frule vd_cons, frule vt_grant_os) apply (clarsimp simp only:os_grant.simps) @@ -279,36 +263,36 @@ apply (tactic {*my_clarify_tac 1*}) apply (simp add:s2ss_def) apply (tactic {*my_seteq_tac 1*}) -apply (case_tac "obj = O_proc p'") +apply (case_tac "obj = D_proc p'") apply (rule disjI1, simp add:co2sobj.simps cp2sproc_other) apply (rule disjI2, simp, rule_tac x = obj in exI) -apply (simp add:co2sobj_ptrace is_file_simps is_dir_simps alive_other split:t_object.splits if_splits) +apply (simp add:co2sobj_ptrace is_file_simps is_dir_simps dalive_other split:t_dobject.splits if_splits) apply (tactic {*my_setiff_tac 1*}) -apply (rule_tac x = "O_proc p'" in exI, simp add:co2sobj.simps cp2sproc_other) +apply (rule_tac x = "D_proc p'" in exI, simp add:co2sobj.simps cp2sproc_other) apply (tactic {*my_setiff_tac 1*}) -apply (case_tac "obj = O_proc p'") +apply (case_tac "obj = D_proc p'") apply (rule_tac x = obj' in exI) -apply (simp add:co2sobj_ptrace alive_other split:t_object.splits if_splits) +apply (simp add:co2sobj_ptrace dalive_other split:t_dobject.splits if_splits) apply (auto simp:co2sobj.simps)[1] -apply (rule_tac x = obj in exI, simp add:co2sobj_ptrace alive_other split:t_object.splits) +apply (rule_tac x = obj in exI, simp add:co2sobj_ptrace dalive_other split:t_dobject.splits) apply (auto simp:co2sobj.simps)[1] apply (rule impI) apply (simp add:s2ss_def) apply (tactic {*my_seteq_tac 1*}) -apply (case_tac "obj = O_proc p'") +apply (case_tac "obj = D_proc p'") apply (rule disjI1, simp add:co2sobj.simps cp2sproc_other) apply (rule disjI2, simp, rule conjI, rule_tac x = obj in exI) -apply (simp add:co2sobj_ptrace is_file_simps is_dir_simps alive_other split:t_object.splits if_splits) +apply (simp add:co2sobj_ptrace is_file_simps is_dir_simps dalive_other split:t_dobject.splits if_splits) apply (rule notI, simp) apply (frule_tac obj = obj in co2sobj_sproc_imp, erule exE, simp) apply (erule_tac x = obj in allE, simp add:co2sobj_ptrace cp2sproc_other split:option.splits) apply (tactic {*my_setiff_tac 1*}) -apply (rule_tac x = "O_proc p'" in exI, simp add:co2sobj.simps cp2sproc_other) +apply (rule_tac x = "D_proc p'" in exI, simp add:co2sobj.simps cp2sproc_other) apply (tactic {*my_setiff_tac 1*}) -apply (case_tac "obj = O_proc p'") +apply (case_tac "obj = D_proc p'") apply (simp add:co2sobj.simps cp2sproc_other) -apply (rule_tac x = obj in exI, simp add:co2sobj_ptrace alive_other split:t_object.splits) +apply (rule_tac x = obj in exI, simp add:co2sobj_ptrace dalive_other split:t_dobject.splits) apply (auto simp:co2sobj.simps)[1] done @@ -316,7 +300,7 @@ "\valid (Ptrace p p' # s); O_proc p' \ tainted s; O_proc p \ tainted s\ \ (case (cp2sproc s p) of Some sp \ s2ss (Ptrace p p' # s) = - update_s2ss_obj s (s2ss s) (O_proc p) (S_proc sp False) (S_proc sp True) + update_s2ss_obj s (s2ss s) (D_proc p) (S_proc sp False) (S_proc sp True) | _ \ s2ss (Ptrace p p' # s) = {})" apply (frule vd_cons, frule vt_grant_os) apply (clarsimp simp only:os_grant.simps) @@ -329,36 +313,36 @@ apply (tactic {*my_clarify_tac 1*}) apply (simp add:s2ss_def) apply (tactic {*my_seteq_tac 1*}) -apply (case_tac "obj = O_proc p") +apply (case_tac "obj = D_proc p") apply (rule disjI1, simp add:co2sobj.simps cp2sproc_other) apply (rule disjI2, simp, rule_tac x = obj in exI) -apply (simp add:co2sobj_ptrace is_file_simps is_dir_simps alive_other split:t_object.splits if_splits) +apply (simp add:co2sobj_ptrace is_file_simps is_dir_simps dalive_other split:t_dobject.splits if_splits) apply (tactic {*my_setiff_tac 1*}) -apply (rule_tac x = "O_proc p" in exI, simp add:co2sobj.simps cp2sproc_other) +apply (rule_tac x = "D_proc p" in exI, simp add:co2sobj.simps cp2sproc_other) apply (tactic {*my_setiff_tac 1*}) -apply (case_tac "obj = O_proc p") +apply (case_tac "obj = D_proc p") apply (rule_tac x = obj' in exI) -apply (simp add:co2sobj_ptrace alive_other split:t_object.splits if_splits) +apply (simp add:co2sobj_ptrace dalive_other split:t_dobject.splits if_splits) apply (auto simp:co2sobj.simps)[1] -apply (rule_tac x = obj in exI, simp add:co2sobj_ptrace alive_other split:t_object.splits) +apply (rule_tac x = obj in exI, simp add:co2sobj_ptrace dalive_other split:t_dobject.splits) apply (auto simp:co2sobj.simps)[1] apply (rule impI) apply (simp add:s2ss_def) apply (tactic {*my_seteq_tac 1*}) -apply (case_tac "obj = O_proc p") +apply (case_tac "obj = D_proc p") apply (rule disjI1, simp add:co2sobj.simps cp2sproc_other) apply (rule disjI2, simp, rule conjI, rule_tac x = obj in exI) -apply (simp add:co2sobj_ptrace is_file_simps is_dir_simps alive_other split:t_object.splits if_splits) +apply (simp add:co2sobj_ptrace is_file_simps is_dir_simps dalive_other split:t_dobject.splits if_splits) apply (rule notI, simp) apply (frule_tac obj = obj in co2sobj_sproc_imp, erule exE, simp) apply (erule_tac x = obj in allE, simp add:co2sobj_ptrace cp2sproc_other split:option.splits) apply (tactic {*my_setiff_tac 1*}) -apply (rule_tac x = "O_proc p" in exI, simp add:co2sobj.simps cp2sproc_other) +apply (rule_tac x = "D_proc p" in exI, simp add:co2sobj.simps cp2sproc_other) apply (tactic {*my_setiff_tac 1*}) -apply (case_tac "obj = O_proc p") +apply (case_tac "obj = D_proc p") apply (simp add:co2sobj.simps cp2sproc_other) -apply (rule_tac x = obj in exI, simp add:co2sobj_ptrace alive_other split:t_object.splits) +apply (rule_tac x = obj in exI, simp add:co2sobj_ptrace dalive_other split:t_dobject.splits) apply (auto simp:co2sobj.simps)[1] done @@ -369,31 +353,31 @@ apply (frule vd_cons, frule vt_grant_os, rule set_eqI, rule iffI) apply (erule CollectE, (erule exE|erule conjE)+, rule CollectI) apply (rule_tac x = obj in exI) -apply (frule alive_other, simp+) +apply (frule dalive_other, simp+) apply (frule_tac obj = obj in co2sobj_ptrace, simp) -apply (auto split:t_object.splits option.splits if_splits)[1] +apply (auto split:t_dobject.splits option.splits if_splits)[1] apply (tactic {*my_setiff_tac 1*}) apply (rule_tac x = obj in exI) -apply (frule alive_other, simp+) +apply (frule dalive_other, simp+) apply (frule_tac obj = obj in co2sobj_ptrace, simp) apply (case_tac "cp2sproc s p'") apply (drule current_proc_has_sp', simp, simp) apply (case_tac "cp2sproc s p") apply (drule current_proc_has_sp', simp, simp) apply (case_tac "O_proc p' \ tainted s") -apply (auto split:t_object.splits option.splits if_splits simp:co2sobj.simps) +apply (auto split:t_dobject.splits option.splits if_splits simp:co2sobj.simps) done lemma s2ss_ptrace: "valid (Ptrace p p' # s) \ s2ss (Ptrace p p' # s) = ( if (O_proc p \ tainted s \ O_proc p' \ tainted s) then (case (cp2sproc s p') of - Some sp \ update_s2ss_obj s (s2ss s) (O_proc p') (S_proc sp False) (S_proc sp True) + Some sp \ update_s2ss_obj s (s2ss s) (D_proc p') (S_proc sp False) (S_proc sp True) | _ \ {}) else if (O_proc p' \ tainted s \ O_proc p \ tainted s) then (case (cp2sproc s p) of - Some sp \ update_s2ss_obj s (s2ss s) (O_proc p) (S_proc sp False) (S_proc sp True) + Some sp \ update_s2ss_obj s (s2ss s) (D_proc p) (S_proc sp False) (S_proc sp True) | _ \ {}) else s2ss s )" apply (case_tac "O_proc p \ tainted s \ O_proc p' \ tainted s") @@ -405,9 +389,9 @@ lemma s2ss_kill': "valid (Kill p p' # s) \ s2ss (Kill p p' # s) = ( - if (\ p''. p'' \ current_procs s \ p'' \ p' \ co2sobj s (O_proc p'') = co2sobj s (O_proc p')) + if (\ p''. p'' \ current_procs s \ p'' \ p' \ co2sobj s (D_proc p'') = co2sobj s (D_proc p')) then s2ss s - else (case (co2sobj s (O_proc p')) of + else (case (co2sobj s (D_proc p')) of Some sp \ s2ss s - {sp} | _ \ {}))" apply (frule vt_grant_os, frule vd_cons) @@ -419,42 +403,42 @@ apply (simp split: option.splits, (erule conjE)+) apply (rule set_eqI, rule iffI, erule CollectE, (erule exE|erule conjE)+, rule CollectI) apply (rule_tac x = obj in exI) -apply (simp add:co2sobj_kill alive_kill split:t_object.splits if_splits) +apply (simp add:co2sobj_kill dalive_kill split:t_dobject.splits if_splits) apply (erule CollectE, erule exE, erule conjE, rule CollectI) -apply (erule co2sobj_some_caseD) -apply (case_tac "pa = p'") -apply (rule_tac x = "O_proc p''" in exI) -apply (simp add:cp2sproc_kill alive_kill - split:t_object.splits if_splits option.splits) -apply (rule_tac x = "O_proc pa" in exI) -apply (clarsimp simp add:cp2sproc_kill alive_kill - split:t_object.splits if_splits option.splits) -apply (rule_tac x = obj in exI, frule alive_kill, simp add:co2sobj_kill del:co2sobj.simps)+ +apply (case_tac obj) +apply (case_tac "nat = p'") +apply (rule_tac x = "D_proc p''" in exI) +apply (simp add:cp2sproc_kill dalive_kill + split:t_dobject.splits if_splits option.splits) +apply (rule_tac x = "D_proc nat" in exI) +apply (clarsimp simp add:cp2sproc_kill dalive_kill + split:t_dobject.splits if_splits option.splits) +apply (rule_tac x = obj in exI, frule dalive_kill, simp add:co2sobj_kill del:co2sobj.simps)+ apply (rule impI, erule conjE, frule current_proc_has_sp, simp, erule exE, simp) apply (rule set_eqI, rule iffI) apply (erule CollectE, erule exE, erule conjE, rule DiffI) apply (rule CollectI, rule_tac x = obj in exI) -apply (simp add:co2sobj_kill alive_kill split:t_object.splits if_splits) +apply (simp add:co2sobj_kill dalive_kill split:t_dobject.splits if_splits) apply (rule notI, simp, case_tac obj) apply (erule_tac x = nat in allE) apply (simp add:co2sobj_kill cp2sproc_kill split:option.splits) apply (simp split:option.splits)+ -apply (erule co2sobj_some_caseD) -apply (case_tac "pa = p'") -apply (rule_tac x = "O_proc p''" in exI) -apply (simp add:cp2sproc_kill alive_kill - split:t_object.splits if_splits option.splits) -apply (rule_tac x = "O_proc pa" in exI) -apply (clarsimp simp add:cp2sproc_kill alive_kill - split:t_object.splits if_splits option.splits) -apply (rule_tac x = obj in exI, frule alive_kill, simp add:co2sobj_kill del:co2sobj.simps)+ +apply (case_tac obj) +apply (case_tac "nat = p'") +apply (rule_tac x = "D_proc p''" in exI) +apply (simp add:cp2sproc_kill dalive_kill + split:t_dobject.splits if_splits option.splits) +apply (rule_tac x = "D_proc nat" in exI) +apply (clarsimp simp add:cp2sproc_kill dalive_kill + split:t_dobject.splits if_splits option.splits) +apply (rule_tac x = obj in exI, frule dalive_kill, simp add:co2sobj_kill del:co2sobj.simps)+ done -definition del_s2ss_obj :: "t_state \ t_static_state \ t_object \ t_sobject \ t_static_state" +definition del_s2ss_obj :: "t_state \ t_static_state \ t_dobject \ t_sobject \ t_static_state" where "del_s2ss_obj s ss obj sobj \ - if (\ obj'. alive s obj' \ obj' \ obj \ co2sobj s obj' = Some sobj) + if (\ obj'. dalive s obj' \ obj' \ obj \ co2sobj s obj' = Some sobj) then ss else ss - {sobj}" @@ -465,7 +449,7 @@ lemma s2ss_kill: "valid (Kill p p' # s) \ ( case (cp2sproc s p') of - Some sp \ s2ss (Kill p p' # s) = del_s2ss_obj s (s2ss s) (O_proc p') (S_proc sp (O_proc p' \ tainted s)) + Some sp \ s2ss (Kill p p' # s) = del_s2ss_obj s (s2ss s) (D_proc p') (S_proc sp (O_proc p' \ tainted s)) | _ \ s2ss (Kill p p' # s) = {})" apply (frule vd_cons, frule vt_grant_os) apply (clarsimp simp only:os_grant.simps) @@ -483,14 +467,14 @@ apply (rule impI) apply (tactic {*my_clarify_tac 1*}) apply (simp split:option.splits) -apply (erule_tac x = "O_proc p''" in allE, simp) +apply (erule_tac x = "D_proc p''" in allE, simp) done lemma s2ss_exit': "valid (Exit p # s) \ s2ss (Exit p # s) = ( - if (\ p'. p' \ current_procs s \ p' \ p \ co2sobj s (O_proc p') = co2sobj s (O_proc p)) + if (\ p'. p' \ current_procs s \ p' \ p \ co2sobj s (D_proc p') = co2sobj s (D_proc p)) then s2ss s - else (case (co2sobj s (O_proc p)) of + else (case (co2sobj s (D_proc p)) of Some sp \ s2ss s - {sp} | _ \ {}))" apply (frule vt_grant_os, frule vd_cons) @@ -502,42 +486,42 @@ apply (simp split: option.splits, (erule conjE)+) apply (rule set_eqI, rule iffI, erule CollectE, (erule exE|erule conjE)+, rule CollectI) apply (rule_tac x = obj in exI) -apply (simp add:co2sobj_exit alive_exit split:t_object.splits if_splits) +apply (simp add:co2sobj_exit dalive_exit split:t_dobject.splits if_splits) apply (erule CollectE, erule exE, erule conjE, rule CollectI) -apply (erule co2sobj_some_caseD) -apply (case_tac "pa = p") -apply (rule_tac x = "O_proc p'" in exI) -apply (simp add:cp2sproc_exit alive_exit - split:t_object.splits if_splits option.splits) -apply (rule_tac x = "O_proc pa" in exI) -apply (clarsimp simp add:cp2sproc_exit alive_exit - split:t_object.splits if_splits option.splits) -apply (rule_tac x = obj in exI, frule alive_exit, simp add:co2sobj_exit del:co2sobj.simps)+ +apply (case_tac obj) +apply (case_tac "nat = p") +apply (rule_tac x = "D_proc p'" in exI) +apply (simp add:cp2sproc_exit dalive_exit + split:t_dobject.splits if_splits option.splits) +apply (rule_tac x = "D_proc nat" in exI) +apply (clarsimp simp add:cp2sproc_exit dalive_exit + split:t_dobject.splits if_splits option.splits) +apply (rule_tac x = obj in exI, frule dalive_exit, simp add:co2sobj_exit del:co2sobj.simps)+ apply (rule impI, frule current_proc_has_sp, simp, erule exE, simp) apply (rule set_eqI, rule iffI) apply (erule CollectE, erule exE, erule conjE, rule DiffI) apply (rule CollectI, rule_tac x = obj in exI) -apply (simp add:co2sobj_exit alive_exit split:t_object.splits if_splits) +apply (simp add:co2sobj_exit dalive_exit split:t_dobject.splits if_splits) apply (rule notI, simp, case_tac obj) apply (erule_tac x = nat in allE) apply (simp add:co2sobj_exit cp2sproc_exit split:option.splits) apply (simp split:option.splits)+ -apply (erule co2sobj_some_caseD) -apply (case_tac "pa = p") -apply (rule_tac x = "O_proc p'" in exI) -apply (simp add:cp2sproc_exit alive_exit - split:t_object.splits if_splits option.splits) -apply (rule_tac x = "O_proc pa" in exI) -apply (clarsimp simp add:cp2sproc_exit alive_exit - split:t_object.splits if_splits option.splits) -apply (rule_tac x = obj in exI, frule alive_exit, simp add:co2sobj_exit del:co2sobj.simps)+ +apply (case_tac obj) +apply (case_tac "nat = p") +apply (rule_tac x = "D_proc p'" in exI) +apply (simp add:cp2sproc_exit dalive_exit + split:t_dobject.splits if_splits option.splits) +apply (rule_tac x = "D_proc nat" in exI) +apply (clarsimp simp add:cp2sproc_exit dalive_exit + split:t_dobject.splits if_splits option.splits) +apply (rule_tac x = obj in exI, frule dalive_exit, simp add:co2sobj_exit del:co2sobj.simps)+ done lemma s2ss_exit: "valid (Exit p # s) \ ( case (cp2sproc s p) of - Some sp \ s2ss (Exit p # s) = del_s2ss_obj s (s2ss s) (O_proc p) (S_proc sp (O_proc p \ tainted s)) + Some sp \ s2ss (Exit p # s) = del_s2ss_obj s (s2ss s) (D_proc p) (S_proc sp (O_proc p \ tainted s)) | _ \ s2ss (Exit p # s) = {})" apply (frule vd_cons, frule vt_grant_os) apply (clarsimp simp only:os_grant.simps) @@ -555,11 +539,11 @@ apply (rule impI) apply (tactic {*my_clarify_tac 1*}) apply (simp split:option.splits) -apply (erule_tac x = "O_proc p'" in allE, simp) +apply (erule_tac x = "D_proc p'" in allE, simp) done -lemma alive_has_sobj': - "\co2sobj s obj = None; valid s\ \ \ alive s obj" +lemma dalive_has_sobj': + "\co2sobj s obj = None; valid s\ \ \ dalive s obj" apply (case_tac obj) apply (auto split:option.splits) oops @@ -567,163 +551,141 @@ declare co2sobj.simps [simp del] lemma co2sobj_open_none: - "\valid (Open p f flag fd None # s); alive s obj\ \ co2sobj (Open p f flag fd None # s) obj = ( - if (obj = O_proc p) + "\valid (Open p f flag fd None # s); dalive s obj\ \ co2sobj (Open p f flag fd None # s) obj = ( + if (obj = D_proc p) then (case (cp2sproc (Open p f flag fd None # s) p) of Some sp \ Some (S_proc sp (O_proc p \ tainted s)) | _ \ None) else co2sobj s obj)" apply (frule vt_grant_os, frule vd_cons) -apply (frule_tac obj = obj in co2sobj_open, simp add:alive_open) -apply (auto split:t_object.splits option.splits dest!:current_proc_has_sp') +apply (frule_tac obj = obj in co2sobj_open, simp add:dalive_open) +apply (auto split:t_dobject.splits option.splits dest!:current_proc_has_sp') done lemma co2sobj_open_some: - "\valid (Open p f flag fd (Some i) # s); alive s obj\ \ co2sobj (Open p f flag fd (Some i) # s) obj = ( - if (obj = O_proc p) + "\valid (Open p f flag fd (Some i) # s); dalive s obj\ \ co2sobj (Open p f flag fd (Some i) # s) obj = ( + if (obj = D_proc p) then (case (cp2sproc (Open p f flag fd (Some i) # s) p) of Some sp \ Some (S_proc sp (O_proc p \ tainted s)) | _ \ None) - else if (obj = O_file f) + else if (obj = D_file f) then (case (cf2sfile (Open p f flag fd (Some i) # s) f) of Some sf \ Some (S_file {sf} (O_proc p \ tainted s)) | _ \ None) else co2sobj s obj)" apply (frule vt_grant_os, frule vd_cons) -apply (frule_tac obj = obj in co2sobj_open, simp add:alive_open) -apply (auto split:t_object.splits option.splits dest!:current_proc_has_sp') +apply (frule_tac obj = obj in co2sobj_open, simp add:dalive_open) +apply (auto split:t_dobject.splits option.splits dest!:current_proc_has_sp') done -lemma alive_co2sobj_some_open_none: - "\co2sobj s obj = Some sobj; alive s obj; valid (Open p f flag fd None # s)\ - \ alive (Open p f flag fd None # s) obj" -by (erule co2sobj_some_caseD, auto simp:alive_simps is_file_simps is_dir_simps) - -lemma alive_co2sobj_some_open_none': - "\co2sobj (Open p f flag fd None # s) obj = Some sobj; alive (Open p f flag fd None # s) obj; - valid (Open p f flag fd None # s)\ \ alive s obj" -by (erule co2sobj_some_caseD, auto simp:alive_simps is_file_simps is_dir_simps) - lemma co2sobj_proc_obj: - "\co2sobj s obj = Some x; co2sobj s (O_proc p) = Some x\ - \ \ p'. obj = O_proc p'" + "\co2sobj s obj = Some x; co2sobj s (D_proc p) = Some x\ + \ \ p'. obj = D_proc p'" by (case_tac obj, auto simp:co2sobj.simps split:option.splits) lemma s2ss_open_none: "valid (Open p f flag fd None # s) \ s2ss (Open p f flag fd None # s) = ( - case (co2sobj s (O_proc p), co2sobj (Open p f flag fd None # s) (O_proc p)) of + case (co2sobj s (D_proc p), co2sobj (Open p f flag fd None # s) (D_proc p)) of (Some sp, Some sp') \ - if (\ p'. p' \ current_procs s \ p' \ p \ co2sobj s (O_proc p') = Some sp) + if (\ p'. p' \ current_procs s \ p' \ p \ co2sobj s (D_proc p') = Some sp) then s2ss s \ {sp'} else s2ss s - {sp} \ {sp'} | _ \ {} )" unfolding s2ss_def apply (frule vt_grant_os, frule vd_cons) -apply (case_tac "co2sobj s (O_proc p)", simp add:co2sobj.simps split:option.splits) +apply (case_tac "co2sobj s (D_proc p)", simp add:co2sobj.simps split:option.splits) apply (drule current_proc_has_sp', simp, simp) -apply (case_tac "co2sobj (Open p f flag fd None # s) (O_proc p)") +apply (case_tac "co2sobj (Open p f flag fd None # s) (D_proc p)") apply (simp add:co2sobj.simps split:option.splits) apply (drule current_proc_has_sp', simp, simp) apply (rule set_eqI, rule iffI, erule CollectE, erule exE, erule conjE, simp) -apply (frule_tac obj = obj in alive_co2sobj_some_open_none', simp, simp) +apply (simp add:dalive_open) apply (rule conjI, rule impI, erule exE, (erule conjE)+) -apply (rule Meson.disj_comm, rule disjCI, case_tac "obj = O_proc p", simp) -apply (rule_tac x = obj in exI, simp add:co2sobj_open_none) +apply (rule Meson.disj_comm, rule disjCI, case_tac "obj = D_proc p", simp) +apply (rule_tac x = obj in exI, simp add:co2sobj_open_none dalive_open split:t_dobject.splits) apply (rule impI) -apply (case_tac "obj = O_proc p", simp) +apply (case_tac "obj = D_proc p", simp) apply (rule Meson.disj_comm, rule disjCI, rule conjI) -apply (rule_tac x = obj in exI, simp add:co2sobj_open_none) +apply (rule_tac x = obj in exI, simp add:co2sobj_open_none split:t_dobject.splits) +apply (rule notI) apply (simp add:co2sobj_open_none split:option.splits) -apply (rule notI) -apply (frule co2sobj_proc_obj, simp, erule exE) -apply (erule_tac x = p' in allE, simp) +apply (frule_tac co2sobj_proc_obj, simp, erule exE) +apply (erule_tac x = p' in allE, simp split:t_dobject.splits) apply (simp split:if_splits) -apply (erule disjE, rule_tac x = "O_proc p" in exI, simp) -apply (erule exE, erule conjE, case_tac "obj = O_proc p") -apply (rule_tac x = "O_proc p'" in exI, simp add:co2sobj_open_none) -apply (rule_tac x = obj in exI, simp add:co2sobj_open_none alive_co2sobj_some_open_none) -apply (erule disjE, rule_tac x = "O_proc p" in exI, simp) -apply (erule conjE, erule exE, erule conjE, case_tac "obj = O_proc p") -apply (rule_tac x = "O_proc p'" in exI, simp add:co2sobj_open_none) -apply (rule_tac x = obj in exI, simp add:co2sobj_open_none alive_co2sobj_some_open_none) +apply (erule disjE, rule_tac x = "D_proc p" in exI, simp) +apply (erule exE, erule conjE, case_tac "obj = D_proc p") +apply (rule_tac x = "D_proc p'" in exI, simp add:co2sobj_open_none) +apply (rule_tac x = obj in exI, simp add:co2sobj_open_none dalive_open) +apply (erule disjE, rule_tac x = "D_proc p" in exI, simp) +apply (erule conjE, erule exE, erule conjE, case_tac "obj = D_proc p") +apply (rule_tac x = "D_proc p'" in exI, simp add:co2sobj_open_none) +apply (rule_tac x = obj in exI, simp add:co2sobj_open_none dalive_open) done -lemma alive_co2sobj_some_open_some: - "\alive s obj; valid (Open p f flag fd (Some i) # s)\ - \ alive (Open p f flag fd (Some i) # s) obj" -by (case_tac obj, auto simp:alive_simps is_file_simps is_dir_simps) - -lemma alive_co2sobj_some_open_some': - "\co2sobj (Open p f flag fd (Some i) # s) obj = Some sobj; alive (Open p f flag fd (Some i) # s) obj; - valid (Open p f flag fd (Some i) # s); obj \ O_file f\ \ alive s obj" -by (erule co2sobj_some_caseD, auto simp:alive_simps is_file_simps is_dir_simps) - lemma s2ss_open_some: "valid (Open p f flag fd (Some i) # s) \ s2ss (Open p f flag fd (Some i) # s) = ( - case (co2sobj s (O_proc p), co2sobj (Open p f flag fd (Some i) # s) (O_proc p), - co2sobj (Open p f flag fd (Some i) # s) (O_file f)) of + case (co2sobj s (D_proc p), co2sobj (Open p f flag fd (Some i) # s) (D_proc p), + co2sobj (Open p f flag fd (Some i) # s) (D_file f)) of (Some sp, Some sp', Some sf) \ - if (\ p'. p' \ current_procs s \ p' \ p \ co2sobj s (O_proc p') = Some sp) + if (\ p'. p' \ current_procs s \ p' \ p \ co2sobj s (D_proc p') = Some sp) then s2ss s \ {sp', sf} else s2ss s - {sp} \ {sp', sf} | _ \ {} )" unfolding s2ss_def apply (frule vt_grant_os, frule vd_cons) -apply (case_tac "co2sobj s (O_proc p)", simp add:co2sobj.simps split:option.splits) +apply (case_tac "co2sobj s (D_proc p)", simp add:co2sobj.simps split:option.splits) apply (drule current_proc_has_sp', simp, simp) -apply (case_tac "co2sobj (Open p f flag fd (Some i) # s) (O_proc p)") +apply (case_tac "co2sobj (Open p f flag fd (Some i) # s) (D_proc p)") apply (simp add:co2sobj.simps split:option.splits) apply (drule current_proc_has_sp', simp, simp) -apply (case_tac "co2sobj (Open p f flag fd (Some i) # s) (O_file f)") +apply (case_tac "co2sobj (Open p f flag fd (Some i) # s) (D_file f)") apply (simp add:co2sobj.simps split:option.splits) apply (clarsimp split del:if_splits) apply (rule set_eqI, rule iffI, erule CollectE, erule exE, erule conjE) apply (split if_splits, rule conjI, rule impI, erule exE, erule conjE, erule conjE) -apply (case_tac "obj = O_proc p", simp, case_tac "obj = O_file f", simp) +apply (case_tac "obj = D_proc p", simp, case_tac "obj = D_file f", simp) apply (rule UnI1, rule CollectI, rule_tac x = obj in exI) -apply (frule_tac obj = obj in alive_co2sobj_some_open_some', simp+) -apply (simp add:co2sobj_open split:t_object.splits) -apply (rule impI, case_tac "obj = O_proc p", simp, case_tac "obj = O_file f", simp) +apply (simp add:co2sobj_open dalive_open split:t_dobject.splits option.splits) +apply (rule impI, case_tac "obj = D_proc p", simp, case_tac "obj = D_file f", simp) apply (rule UnI1, rule DiffI, rule CollectI, rule_tac x = obj in exI) -apply (frule_tac obj = obj in alive_co2sobj_some_open_some', simp+) -apply (simp add:co2sobj_open split:t_object.splits) +apply (simp add:co2sobj_open dalive_open split:t_dobject.splits) apply (frule_tac obj = obj in co2sobj_open_some, simp+) -apply (simp add:alive_co2sobj_some_open_some', simp) -apply (rule notI) +apply (simp add:dalive_open) +apply (rule notI, simp) apply (frule_tac obj = obj and p = p in co2sobj_proc_obj, simp+, erule exE) apply (erule_tac x = p' in allE, simp) apply (simp split:if_splits, erule disjE) -apply (rule_tac x = "O_proc p" in exI, simp) -apply (erule disjE, rule_tac x = "O_file f" in exI, simp add:is_file_simps) +apply (rule_tac x = "D_proc p" in exI, simp) +apply (erule disjE, rule_tac x = "D_file f" in exI, simp add:is_file_simps) apply (erule exE, erule conjE) -apply (case_tac "obj = O_proc p", simp) -apply (rule_tac x = "O_proc p'" in exI, simp add:co2sobj_open_some) -apply (case_tac "obj = O_file f", simp add:is_file_in_current) -apply (rule_tac x = obj in exI, simp add:co2sobj_open_some alive_co2sobj_some_open_some) -apply (erule disjE, rule_tac x = "O_proc p" in exI, simp) -apply (erule disjE, rule_tac x = "O_file f" in exI, simp add:is_file_simps) +apply (case_tac "obj = D_proc p", simp) +apply (rule_tac x = "D_proc p'" in exI, simp add:co2sobj_open_some) +apply (case_tac "obj = D_file f", simp add:is_file_in_current) +apply (rule_tac x = obj in exI, simp add:co2sobj_open_some dalive_open) +apply (erule disjE, rule_tac x = "D_proc p" in exI, simp) +apply (erule disjE, rule_tac x = "D_file f" in exI, simp add:is_file_simps) apply (erule conjE, erule exE, erule conjE) -apply (case_tac "obj = O_proc p", simp) -apply (case_tac "obj = O_file f", simp add:is_file_in_current) -apply (rule_tac x = obj in exI, simp add:co2sobj_open_some alive_co2sobj_some_open_some) +apply (case_tac "obj = D_proc p", simp) +apply (case_tac "obj = D_file f", simp add:is_file_in_current) +apply (rule_tac x = obj in exI, simp add:co2sobj_open_some dalive_open) done lemma s2ss_open': "valid (Open p f flag fd opt # s) \ s2ss (Open p f flag fd opt # s) = ( if opt = None - then (case (co2sobj s (O_proc p), co2sobj (Open p f flag fd opt # s) (O_proc p)) of + then (case (co2sobj s (D_proc p), co2sobj (Open p f flag fd opt # s) (D_proc p)) of (Some sp, Some sp') \ - if (\ p'. p' \ current_procs s \ p' \ p \ co2sobj s (O_proc p') = Some sp) + if (\ p'. p' \ current_procs s \ p' \ p \ co2sobj s (D_proc p') = Some sp) then s2ss s \ {sp'} else s2ss s - {sp} \ {sp'} | _ \ {} ) - else (case (co2sobj s (O_proc p), co2sobj (Open p f flag fd opt # s) (O_proc p), - co2sobj (Open p f flag fd opt # s) (O_file f)) of + else (case (co2sobj s (D_proc p), co2sobj (Open p f flag fd opt # s) (D_proc p), + co2sobj (Open p f flag fd opt # s) (D_file f)) of (Some sp, Some sp', Some sf) \ - if (\ p'. p' \ current_procs s \ p' \ p \ co2sobj s (O_proc p') = Some sp) + if (\ p'. p' \ current_procs s \ p' \ p \ co2sobj s (D_proc p') = Some sp) then s2ss s \ {sp', sf} else s2ss s - {sp} \ {sp', sf} | _ \ {} ) )" @@ -732,40 +694,40 @@ done lemma co2sobj_proc_eq_some: - "\co2sobj s (O_proc p) = Some sp; co2sobj s obj = Some sp\ - \ \ p'. obj = O_proc p'" + "\co2sobj s (D_proc p) = Some sp; co2sobj s obj = Some sp\ + \ \ p'. obj = D_proc p'" apply (case_tac obj, case_tac[!] sp) by (auto simp:co2sobj.simps split:option.splits) lemma s2ss_open: "valid (Open p f flag fd opt # s) \ - (case (co2sobj s (O_proc p), co2sobj (Open p f flag fd opt # s) (O_proc p), - co2sobj (Open p f flag fd opt # s) (O_file f)) of + (case (co2sobj s (D_proc p), co2sobj (Open p f flag fd opt # s) (D_proc p), + co2sobj (Open p f flag fd opt # s) (D_file f)) of (Some sp, Some sp', Some sf) \ s2ss (Open p f flag fd opt # s) = ( if opt = None - then update_s2ss_obj s (s2ss s) (O_proc p) sp sp' - else update_s2ss_obj s (s2ss s) (O_proc p) sp sp' \ {sf}) + then update_s2ss_obj s (s2ss s) (D_proc p) sp sp' + else update_s2ss_obj s (s2ss s) (D_proc p) sp sp' \ {sf}) | _ \ s2ss (Open p f flag fd opt # s) = {})" apply (frule vt_grant_os, frule vd_cons, clarsimp simp only:os_grant.simps) -apply (case_tac "co2sobj s (O_proc p)") +apply (case_tac "co2sobj s (D_proc p)") apply (simp add:co2sobj.simps split:option.splits) apply (drule current_proc_has_sp', simp, simp) apply (drule current_proc_has_sp', simp, simp) -apply (case_tac "co2sobj (Open p f flag fd opt # s) (O_proc p)") +apply (case_tac "co2sobj (Open p f flag fd opt # s) (D_proc p)") apply (simp add:co2sobj.simps split:option.splits) apply (drule current_proc_has_sp', simp, simp) apply (drule current_proc_has_sp', simp, simp) -apply (case_tac "co2sobj (Open p f flag fd opt # s) (O_file f)") +apply (case_tac "co2sobj (Open p f flag fd opt # s) (D_file f)") apply (simp add:co2sobj.simps split:option.splits) apply (simp split:option.splits add:s2ss_open' update_s2ss_obj_def) apply (auto) -apply (erule_tac x = "O_proc p'" in allE, simp) +apply (erule_tac x = "D_proc p'" in allE, simp) apply (frule_tac obj = obj' in co2sobj_proc_eq_some, simp, erule exE, simp) apply (erule_tac x = "p'" in allE, simp) -apply (erule_tac x = "O_proc p'" in allE, simp) +apply (erule_tac x = "D_proc p'" in allE, simp) apply (frule_tac obj = obj' in co2sobj_proc_eq_some, simp, erule exE, simp) apply (erule_tac x = "p'" in allE, simp) -apply (erule_tac x = "O_proc p'" in allE, simp) +apply (erule_tac x = "D_proc p'" in allE, simp) apply (frule_tac obj = obj' in co2sobj_proc_eq_some, simp, erule exE, simp) apply (erule_tac x = "p'" in allE, simp) done @@ -775,7 +737,7 @@ case (file_of_proc_fd s p fd) of Some f \ if (O_file f \ tainted s \ O_proc p \ tainted s) then (case (cp2sproc s p) of - Some sp \ update_s2ss_obj s (s2ss s) (O_proc p) (S_proc sp False) (S_proc sp True) + Some sp \ update_s2ss_obj s (s2ss s) (D_proc p) (S_proc sp False) (S_proc sp True) | _ \ {}) else s2ss s | _ \ {})" @@ -789,44 +751,44 @@ apply (frule co2sobj_sproc_imp, erule exE, simp split:option.splits) apply (simp add:s2ss_def) apply (tactic {*my_seteq_tac 1*}) -apply (case_tac "obj = O_proc p") +apply (case_tac "obj = D_proc p") apply (rule disjI1, simp add:co2sobj_readfile) apply (rule disjI2, simp) apply (rule_tac x = obj in exI) -apply (simp add:alive_other co2sobj_readfile split:t_object.splits option.splits) +apply (simp add:dalive_other co2sobj_readfile split:t_dobject.splits option.splits) apply (tactic {*my_setiff_tac 1*}) -apply (rule_tac x= "O_proc p" in exI, simp add:alive_other co2sobj_readfile) +apply (rule_tac x= "D_proc p" in exI, simp add:dalive_other co2sobj_readfile) apply (tactic {*my_setiff_tac 1*}) -apply (case_tac "obj = O_proc p") -apply (rule_tac x = "O_proc pa" in exI, simp add:alive_other co2sobj_readfile) +apply (case_tac "obj = D_proc p") +apply (rule_tac x = "D_proc pa" in exI, simp add:dalive_other co2sobj_readfile) apply (simp add:co2sobj.simps) apply (rule_tac x = obj in exI) -apply (auto simp add:alive_other co2sobj_readfile split:t_object.splits option.splits)[1] +apply (auto simp add:dalive_other co2sobj_readfile split:t_dobject.splits option.splits)[1] apply (tactic {*my_clarify_tac 1*}) apply (simp add:s2ss_def) apply (tactic {*my_seteq_tac 1*}) -apply (case_tac "obj = O_proc p") +apply (case_tac "obj = D_proc p") apply (rule disjI1, simp add:co2sobj_readfile) apply (rule disjI2, rule DiffI) apply (simp, rule_tac x = obj in exI) -apply (simp add:alive_other co2sobj_readfile split:t_object.splits option.splits) +apply (simp add:dalive_other co2sobj_readfile split:t_dobject.splits option.splits) apply (rule notI, erule_tac x = obj in allE) -apply (auto simp add:alive_other co2sobj_readfile split:t_object.splits option.splits)[1] +apply (auto simp add:dalive_other co2sobj_readfile split:t_dobject.splits option.splits)[1] apply (tactic {*my_setiff_tac 1*}) -apply (rule_tac x = "O_proc p" in exI, simp add:alive_other co2sobj_readfile) +apply (rule_tac x = "D_proc p" in exI, simp add:dalive_other co2sobj_readfile) apply (tactic {*my_setiff_tac 1*}) apply (rule_tac x = obj in exI) -apply (auto simp add:alive_other co2sobj_readfile split:t_object.splits option.splits)[1] +apply (auto simp add:dalive_other co2sobj_readfile split:t_dobject.splits option.splits)[1] apply (simp add:co2sobj.simps) apply (simp add:s2ss_def, rule impI) apply (tactic {*my_seteq_tac 1*}) apply (rule_tac x = obj in exI) -apply (simp add:alive_other co2sobj_readfile split:t_object.splits option.splits if_splits) +apply (simp add:dalive_other co2sobj_readfile split:t_dobject.splits option.splits if_splits) apply (simp add:co2sobj.simps) apply (tactic {*my_setiff_tac 1*}) apply (rule_tac x = obj in exI) -apply (auto simp add:alive_other co2sobj_readfile split:t_object.splits option.splits if_splits) +apply (auto simp add:dalive_other co2sobj_readfile split:t_dobject.splits option.splits if_splits) apply (simp add:co2sobj.simps) done @@ -845,10 +807,10 @@ done lemma co2sobj_writefile_unchange: - "\valid (WriteFile p fd # s); alive s obj; file_of_proc_fd s p fd = Some f; + "\valid (WriteFile p fd # s); dalive s obj; file_of_proc_fd s p fd = Some f; O_proc p \ tainted s \ O_file f \ tainted s\ \ co2sobj (WriteFile p fd # s) obj = co2sobj s obj" -apply (frule vd_cons, frule co2sobj_writefile, simp, simp split:t_object.splits if_splits) +apply (frule vd_cons, frule co2sobj_writefile, simp, simp split:t_dobject.splits if_splits) apply (simp add:co2sobj.simps) apply (case_tac "O_proc p \ tainted s") apply (simp add:same_inodes_tainted)+ @@ -859,7 +821,7 @@ case (file_of_proc_fd s p fd) of Some f \ if (O_proc p \ tainted s \ O_file f \ tainted s) then (if (\ f'. f' \ same_inode_files s f \ is_file s f' \ - co2sobj s (O_file f') = co2sobj s (O_file f)) + co2sobj s (D_file f') = co2sobj s (D_file f)) then s2ss s \ {S_file (cf2sfiles s f) True} else s2ss s - {S_file (cf2sfiles s f) False} \ {S_file (cf2sfiles s f) True}) @@ -870,49 +832,44 @@ unfolding s2ss_def apply (rule conjI|rule impI|erule exE|erule conjE)+ apply (rule set_eqI, rule iffI, erule CollectE, erule exE, erule conjE) -apply (frule_tac obj = obj in co2sobj_writefile, simp add:alive_other) -apply (simp split:t_object.splits if_splits) -apply (rule disjI2, rule_tac x= "O_proc nat" in exI, simp) +apply (frule_tac obj = obj in co2sobj_writefile, simp add:dalive_other) +apply (simp split:t_dobject.splits if_splits) +apply (rule disjI2, rule_tac x= "D_proc nat" in exI, simp) apply (rule disjI1, simp add:cf2sfiles_prop) apply (rule disjI2, rule_tac x = obj in exI, simp add:is_file_simps) -apply (simp add:co2sobj.simps) apply (rule disjI2, rule_tac x = obj in exI, simp add:is_dir_simps) -apply (simp add:co2sobj.simps) -apply (simp add:co2sobj.simps) -apply (simp add:co2sobj.simps) -apply (rule disjI2, rule_tac x = obj in exI, simp) apply (rule disjI2, rule_tac x = obj in exI, simp) apply (simp add:co2sobj.simps) apply (erule disjE) -apply (rule_tac x = "O_file aa" in exI, simp add:is_file_simps file_of_pfd_is_file) -apply (frule_tac obj = "O_file aa" in co2sobj_writefile, simp add:file_of_pfd_is_file) +apply (rule_tac x = "D_file aa" in exI, simp add:is_file_simps file_of_pfd_is_file) +apply (frule_tac obj = "D_file aa" in co2sobj_writefile, simp add:file_of_pfd_is_file) apply (simp split:if_splits add:same_inode_files_def file_of_pfd_is_file) apply (erule exE, erule conjE, erule conjE) -apply (erule_tac obj = obj in co2sobj_some_caseD) +apply (case_tac obj) apply (rule_tac x = obj in exI, simp add:co2sobj_writefile) -apply (case_tac "fa \ same_inode_files s aa") -apply (frule_tac f = fa and f' = aa in cf2sfiles_prop, simp) -apply (rule_tac x = "O_file f'" in exI, simp add:co2sobj_writefile is_file_simps) +apply (case_tac "list \ same_inode_files s aa") +apply (frule_tac f = list and f' = aa in cf2sfiles_prop, simp) +apply (rule_tac x = "D_file f'" in exI, simp add:co2sobj_writefile is_file_simps) apply (rule conjI, rule impI, simp add:same_inode_files_prop5) apply (rule impI, simp add:co2sobj.simps same_inodes_tainted) -apply (rule_tac x = "O_file fa" in exI, simp add:co2sobj_writefile is_file_simps) +apply (rule_tac x = "D_file list" in exI, simp add:co2sobj_writefile is_file_simps) apply (rule impI, simp add:same_inode_files_prop5) apply (rule_tac x = obj in exI, simp add:co2sobj_writefile is_dir_simps) apply (rule_tac x = obj in exI, simp add:co2sobj_writefile) apply (rule impI, rule impI, simp, rule set_eqI, rule iffI, erule CollectE, (erule conjE|erule exE)+) -apply (rule CollectI, rule_tac x = obj in exI, simp add:alive_simps) -apply (simp add:co2sobj_writefile split:t_object.splits if_splits) +apply (rule CollectI, rule_tac x = obj in exI, simp add:dalive_simps) +apply (simp add:co2sobj_writefile split:t_dobject.splits if_splits) apply (simp add:co2sobj.simps same_inodes_tainted) apply (case_tac "O_proc p \ tainted s", simp, simp) apply (erule CollectE, (erule conjE|erule exE)+, rule CollectI) apply (rule_tac x = obj in exI) -apply (simp add:co2sobj_writefile_unchange alive_simps) +apply (simp add:co2sobj_writefile_unchange dalive_simps) apply (rule impI| rule conjI|erule conjE)+ apply (rule set_eqI, rule iffI, erule CollectE, erule exE, erule conjE) -apply (simp add:alive_simps co2sobj_writefile split:t_object.splits) +apply (simp add:dalive_simps co2sobj_writefile split:t_dobject.splits) apply (rule disjI2, rule conjI, rule_tac x = obj in exI, simp, rule notI, simp add:co2sobj.simps split:option.splits) apply (simp split:if_splits) @@ -921,43 +878,39 @@ apply (rule notI, simp add:co2sobj.simps split:option.splits) apply (erule_tac x = list in allE, simp add:same_inode_files_prop5) apply (simp add:co2sobj.simps) -apply (rule disjI2, rule conjI, rule_tac x = obj in exI, simp, - rule notI, simp add:co2sobj.simps split:option.splits) -apply (simp add:co2sobj.simps) -apply (simp add:co2sobj.simps) -apply (simp add:co2sobj.simps) -apply (rule disjI2, rule conjI, rule_tac x = obj in exI, simp, - rule notI, simp add:co2sobj.simps split:option.splits) +apply (rule disjI2, rule conjI, rule_tac x = obj in exI, simp split:option.splits add:co2sobj.simps) +apply (rule notI, simp add:co2sobj.simps split:option.splits) apply (rule disjI2, rule conjI, rule_tac x = obj in exI, simp, rule notI, simp add:co2sobj.simps split:option.splits) apply (simp add:co2sobj.simps) apply (erule disjE) -apply (rule_tac x= "O_file aa" in exI, simp add:co2sobj_writefile alive_simps file_of_pfd_is_file) +apply (rule_tac x= "D_file aa" in exI) +apply ( simp add:co2sobj_writefile dalive_simps file_of_pfd_is_file) apply (rule impI, simp add:same_inode_files_def file_of_pfd_is_file) apply (erule exE|erule conjE)+ -apply (erule co2sobj_some_caseD) +apply (case_tac obj) apply (rule_tac x = obj in exI, simp add:co2sobj_writefile) -apply (case_tac "fa \ same_inode_files s aa") +apply (case_tac "list \ same_inode_files s aa") apply (frule cf2sfiles_prop, simp, simp add:co2sobj.simps same_inodes_tainted) apply (rule_tac x = obj in exI, simp add:co2sobj_writefile is_file_simps) apply (rule impI, simp add:same_inode_files_prop5) apply (rule_tac x = obj in exI, simp add:co2sobj_writefile is_dir_simps) apply (rule_tac x = obj in exI, simp add:co2sobj_writefile) + apply (rule impI, rule impI) - apply (rule set_eqI, rule iffI, erule CollectE,erule exE,erule conjE,rule CollectI) apply (rule_tac x = obj in exI) -apply (simp add:co2sobj_writefile_unchange alive_simps) +apply (simp add:co2sobj_writefile_unchange dalive_simps) apply (erule CollectE, erule exE, erule conjE) apply (rule CollectI, rule_tac x = obj in exI) -apply (simp add:co2sobj_writefile_unchange alive_simps) +apply (simp add:co2sobj_writefile_unchange dalive_simps) done definition update_s2ss_sfile_tainted:: "t_state \ t_static_state \ t_file \ bool \ t_static_state" where "update_s2ss_sfile_tainted s ss f tag \ if (\ f'. is_file s f' \ f' \ same_inode_files s f \ - co2sobj s (O_file f') = Some (S_file (cf2sfiles s f) False)) + co2sobj s (D_file f') = Some (S_file (cf2sfiles s f) False)) then ss \ {S_file (cf2sfiles s f) True} else ss - {S_file (cf2sfiles s f) False} \ {S_file (cf2sfiles s f) True}" @@ -989,38 +942,36 @@ "del_s2ss_file s ss f sf = (if (\ f' \ same_inode_files s f. f' \ f \ cf2sfile s f' = Some sf) then ss - else if (\ f'. is_file s f' \ f' \ same_inode_files s f \ co2sobj s (O_file f') = co2sobj s (O_file f)) + else if (\ f'. is_file s f' \ f' \ same_inode_files s f \ co2sobj s (D_file f') = co2sobj s (D_file f)) then update_s2ss_sfile_del s ss f sf else update_s2ss_sfile_del s (ss - {S_file (cf2sfiles s f) (O_file f \ tainted s)}) f sf)" -lemma alive_co2sobj_closefd1: - "\alive s obj; valid (CloseFd p fd # s); co2sobj s obj = Some sobj; +lemma dalive_co2sobj_closefd1: + "\dalive s obj; valid (CloseFd p fd # s); file_of_proc_fd s p fd = Some f; \ (f \ files_hung_by_del s \ proc_fd_of_file s f = {(p, fd)})\ - \ alive (CloseFd p fd # s) obj" -apply (erule co2sobj_some_caseD) -by (auto simp:alive_simps is_file_simps is_dir_simps split:option.splits) - -lemma alive_co2sobj_closefd3: - "\alive s obj; valid (CloseFd p fd # s); co2sobj s obj = Some sobj; obj \ O_file f; - file_of_proc_fd s p fd = Some f; f \ files_hung_by_del s; proc_fd_of_file s f = {(p, fd)}\ - \ alive (CloseFd p fd # s) obj" -apply (erule co2sobj_some_caseD) -by (auto simp:alive_simps is_file_simps is_dir_simps split:option.splits) + \ dalive (CloseFd p fd # s) obj" +apply (case_tac obj) +by (auto simp:dalive_simps is_file_simps is_dir_simps split:option.splits) -lemma alive_co2sobj_closefd2: - "\alive s obj; valid (CloseFd p fd # s); co2sobj s obj = Some sobj; file_of_proc_fd s p fd = None\ - \ alive (CloseFd p fd # s) obj" -apply (erule co2sobj_some_caseD) -by (auto simp:alive_simps is_file_simps is_dir_simps split:option.splits) +lemma dalive_co2sobj_closefd3: + "\dalive s obj; valid (CloseFd p fd # s); obj \ D_file f; + file_of_proc_fd s p fd = Some f; f \ files_hung_by_del s; proc_fd_of_file s f = {(p, fd)}\ + \ dalive (CloseFd p fd # s) obj" +apply (case_tac obj) +by (auto simp:dalive_simps is_file_simps is_dir_simps split:option.splits) -lemma alive_co2sobj_closefd': - "\co2sobj (CloseFd p fd # s) obj = Some sobj; alive (CloseFd p fd # s) obj; - valid (CloseFd p fd # s)\ \ alive s obj" -apply (erule co2sobj_some_caseD) -by (auto simp:alive_simps is_file_simps is_dir_simps split:option.splits if_splits) +lemma dalive_co2sobj_closefd2: + "\dalive s obj; valid (CloseFd p fd # s); file_of_proc_fd s p fd = None\ + \ dalive (CloseFd p fd # s) obj" +apply (case_tac obj) +by (auto simp:dalive_simps is_file_simps is_dir_simps split:option.splits) -ML {*asm_full_simp_tac*} +lemma dalive_co2sobj_closefd': + "\co2sobj (CloseFd p fd # s) obj = Some sobj; dalive (CloseFd p fd # s) obj; + valid (CloseFd p fd # s)\ \ dalive s obj" +apply (case_tac obj) +by (auto simp:dalive_simps is_file_simps is_dir_simps split:option.splits if_splits) lemma same_inode_files_prop10: "\same_inode_files s f \ {f}; is_file s f\ \ \ f'. f' \ same_inode_files s f \ f' \ f" @@ -1041,13 +992,13 @@ then (case (cf2sfile s f, cp2sproc s p, cp2sproc (CloseFd p fd # s) p) of (Some sf, Some sp, Some sp') \ (del_s2ss_file s ( - update_s2ss_obj s (s2ss s) (O_proc p) + update_s2ss_obj s (s2ss s) (D_proc p) (S_proc sp (O_proc p \ tainted s)) (S_proc sp' (O_proc p \ tainted s))) f sf) | _ \ {}) else (case (cp2sproc s p, cp2sproc (CloseFd p fd # s) p) of (Some sp, Some sp') \ - (update_s2ss_obj s (s2ss s) (O_proc p) + (update_s2ss_obj s (s2ss s) (D_proc p) (S_proc sp (O_proc p \ tainted s)) (S_proc sp' (O_proc p \ tainted s))) | _ \ {}) @@ -1059,17 +1010,17 @@ apply (simp add:s2ss_def) apply (rule set_eqI, rule iffI, erule CollectE, erule exE, erule conjE, rule CollectI) -apply (rule_tac x = obj in exI, simp add:alive_co2sobj_closefd') +apply (rule_tac x = obj in exI, simp add:dalive_co2sobj_closefd') apply (frule co2sobj_closefd, simp) apply (frule cp2sproc_closefd, simp) -apply (simp add:proc_file_fds_def split:t_object.splits) +apply (simp add:proc_file_fds_def split:t_dobject.splits) apply (simp split:if_splits add:co2sobj.simps) apply (erule CollectE, erule exE, erule conjE, rule CollectI) -apply (rule_tac x = obj in exI, simp add:alive_co2sobj_closefd2) -apply (frule_tac obj = obj in co2sobj_closefd, simp add:alive_co2sobj_closefd2) +apply (rule_tac x = obj in exI, simp add:dalive_co2sobj_closefd2) +apply (frule_tac obj = obj in co2sobj_closefd, simp add:dalive_co2sobj_closefd2) apply (frule cp2sproc_closefd, simp) apply (auto simp add:proc_file_fds_def co2sobj.simps - split:t_object.splits option.splits if_splits)[1] + split:t_dobject.splits option.splits if_splits)[1] apply (case_tac "cp2sproc (CloseFd p fd # s) p") apply (drule current_proc_has_sp', simp, simp) @@ -1085,177 +1036,177 @@ apply (rule conjI|rule impI|erule exE|erule conjE|erule bexE)+ apply (tactic {*my_seteq_tac 1*}) apply simp -apply (case_tac "obj = O_proc p") +apply (case_tac "obj = D_proc p") apply (simp add:co2sobj.simps) apply (rule disjI2, rule_tac x = obj in exI) -apply (frule_tac obj = obj in co2sobj_closefd, simp add:alive_simps) -apply (simp add:alive_simps co2sobj.simps split:t_object.splits if_splits) +apply (frule_tac obj = obj in co2sobj_closefd, simp add:dalive_simps) +apply (simp add:dalive_simps co2sobj.simps split:t_dobject.splits if_splits) apply (tactic {*my_setiff_tac 1*}) -apply (rule_tac x = "O_proc p" in exI) +apply (rule_tac x = "D_proc p" in exI) apply (simp add:co2sobj.simps) apply (tactic {*my_setiff_tac 1*}) -apply (case_tac "obj = O_proc p") +apply (case_tac "obj = D_proc p") apply (rule_tac x = obj' in exI) apply (frule co2sobj_sproc_imp, erule exE, simp add:co2sobj_closefd) apply (simp add:co2sobj.simps) -apply (case_tac "obj = O_file a") -apply (rule_tac x = "O_file f'" in exI) +apply (case_tac "obj = D_file a") +apply (rule_tac x = "D_file f'" in exI) apply (case_tac "f' = a", simp add:same_inode_files_prop9 file_of_pfd_is_file) -apply (frule_tac obj = "O_file f'" in co2sobj_closefd, simp add:alive_simps) -apply (simp add:alive_simps co2sobj.simps split:t_object.splits if_splits) +apply (frule_tac obj = "D_file f'" in co2sobj_closefd, simp add:dalive_simps) +apply (simp add:dalive_simps co2sobj.simps split:t_dobject.splits if_splits) apply (rule_tac x = obj in exI) -apply (frule_tac obj = obj in alive_co2sobj_closefd3, simp+) +apply (frule_tac obj = obj in dalive_co2sobj_closefd3, simp+) apply (frule_tac obj = obj in co2sobj_closefd, simp) -apply (auto simp add:alive_simps co2sobj.simps split:t_object.splits if_splits)[1] +apply (auto simp add:dalive_simps co2sobj.simps split:t_dobject.splits if_splits)[1] apply (rule impI)+ apply (tactic {*my_seteq_tac 1*}) -apply (case_tac "obj = O_proc p", rule disjI1, simp add:co2sobj.simps) +apply (case_tac "obj = D_proc p", rule disjI1, simp add:co2sobj.simps) apply (rule disjI2) -apply (case_tac "obj = O_file a", simp add:alive_simps) +apply (case_tac "obj = D_file a", simp add:dalive_simps) apply (rule DiffI, simp) apply (rule_tac x = obj in exI) -apply (frule_tac obj = obj in alive_co2sobj_closefd', simp+) +apply (frule_tac obj = obj in dalive_co2sobj_closefd', simp+) apply (frule_tac obj = obj in co2sobj_closefd, simp) -apply (simp add:alive_simps co2sobj.simps split:t_object.splits if_splits) +apply (simp add:dalive_simps co2sobj.simps split:t_dobject.splits if_splits) apply (simp, rule notI, simp, frule co2sobj_sproc_imp, erule exE, simp add:co2sobj_closefd) -apply (erule_tac x = "O_proc pa" in allE, simp) +apply (erule_tac x = "D_proc pa" in allE, simp) apply (tactic {*my_setiff_tac 1*}) -apply (rule_tac x = "O_proc p" in exI, simp add:co2sobj.simps) +apply (rule_tac x = "D_proc p" in exI, simp add:co2sobj.simps) apply (tactic {*my_setiff_tac 1*}) -apply (case_tac "obj = O_proc p", simp add:co2sobj.simps) -apply (case_tac "obj = O_file a", rule_tac x = "O_file f'" in exI) +apply (case_tac "obj = D_proc p", simp add:co2sobj.simps) +apply (case_tac "obj = D_file a", rule_tac x = "D_file f'" in exI) apply (case_tac "f' = a", simp add:same_inode_files_prop9 file_of_pfd_is_file) -apply (frule_tac obj = "O_file f'" in co2sobj_closefd, simp add:alive_simps) -apply (simp add:alive_simps co2sobj.simps split:t_object.splits if_splits) +apply (frule_tac obj = "D_file f'" in co2sobj_closefd, simp add:dalive_simps) +apply (simp add:dalive_simps co2sobj.simps split:t_dobject.splits if_splits) apply (rule_tac x = obj in exI) -apply (frule_tac obj = obj in alive_co2sobj_closefd3, simp+) +apply (frule_tac obj = obj in dalive_co2sobj_closefd3, simp+) apply (frule_tac obj = obj in co2sobj_closefd, simp) -apply (auto simp add:co2sobj.simps split:t_object.splits if_splits)[1] +apply (auto simp add:co2sobj.simps split:t_dobject.splits if_splits)[1] apply (rule impI, tactic {*my_seteq_tac 1*}) apply (simp add:update_s2ss_obj_def update_s2ss_sfile_del_def) apply (rule conjI| rule impI|erule exE|erule conjE)+ -apply (erule_tac obj = obj in co2sobj_some_caseD) -apply (case_tac "pa = p", simp add:co2sobj.simps) +apply (case_tac obj) +apply (case_tac "nat = p", simp add:co2sobj.simps) apply (rule disjI2, rule_tac x = obj in exI) -apply (frule_tac obj = obj in co2sobj_closefd, simp, simp add:alive_simps) -apply (case_tac "f = a", simp add:alive_simps) +apply (frule_tac obj = obj in co2sobj_closefd, simp, simp add:dalive_simps) +apply (case_tac "list = a", simp add:dalive_simps) apply (rule disjI2, rule_tac x = obj in exI) -apply (frule_tac obj = obj in co2sobj_closefd, simp, simp add:alive_simps) +apply (frule_tac obj = obj in co2sobj_closefd, simp, simp add:dalive_simps) apply (rule disjI2, rule_tac x = obj in exI) -apply (frule_tac obj = obj in co2sobj_closefd, simp, simp add:alive_simps) +apply (frule_tac obj = obj in co2sobj_closefd, simp, simp add:dalive_simps) apply (rule disjI2, rule_tac x = obj in exI) -apply (frule_tac obj = obj in co2sobj_closefd, simp, simp add:alive_simps) +apply (frule_tac obj = obj in co2sobj_closefd, simp, simp add:dalive_simps) apply (rule conjI| rule impI|erule exE|erule conjE)+ -apply (erule_tac obj = obj in co2sobj_some_caseD) -apply (case_tac "pa = p", simp add:co2sobj.simps) +apply (case_tac obj) +apply (case_tac "nat = p", simp add:co2sobj.simps) apply (rule disjI2, rule disjI2, rule_tac x = obj in exI) apply (frule_tac obj = obj in co2sobj_closefd, simp) -apply (auto simp add:co2sobj.simps split:t_object.splits if_splits)[1] -apply (case_tac "f = a", simp add:alive_simps) -apply (case_tac "f \ same_inode_files s a", rule disjI1) +apply (auto simp add:co2sobj.simps split:t_dobject.splits if_splits)[1] +apply (case_tac "list = a", simp add:dalive_simps) +apply (case_tac "list \ same_inode_files s a", rule disjI1) apply (simp add:co2sobj_simps split:if_splits option.splits t_sobject.splits) apply (simp add:co2sobj.simps same_inodes_tainted cf2sfiles_prop) apply (erule bexE, erule conjE) apply (erule_tac x = f'' in ballE, simp, simp) apply (rule disjI2, rule disjI2, rule_tac x = obj in exI) -apply (frule_tac obj = obj in co2sobj_closefd, simp, simp add:alive_simps) +apply (frule_tac obj = obj in co2sobj_closefd, simp, simp add:dalive_simps) apply (rule disjI2, rule disjI2, rule_tac x = obj in exI) -apply (frule_tac obj = obj in co2sobj_closefd, simp, simp add:alive_simps) +apply (frule_tac obj = obj in co2sobj_closefd, simp, simp add:dalive_simps) apply (rule disjI2, rule disjI2, rule_tac x = obj in exI) -apply (frule_tac obj = obj in co2sobj_closefd, simp, simp add:alive_simps) +apply (frule_tac obj = obj in co2sobj_closefd, simp, simp add:dalive_simps) apply (rule impI, rule conjI, rule impI) -apply (erule_tac obj = obj in co2sobj_some_caseD) -apply (case_tac "pa = p", simp add:co2sobj.simps) +apply (case_tac obj) +apply (case_tac "nat = p", simp add:co2sobj.simps) apply (rule disjI2, rule conjI, rule_tac x = obj in exI) -apply (frule_tac obj = obj in co2sobj_closefd, simp, simp add:alive_simps) +apply (frule_tac obj = obj in co2sobj_closefd, simp, simp add:dalive_simps) apply (rule notI, simp add:co2sobj_closefd, erule_tac x = obj in allE, simp add:is_file_simps) -apply (case_tac "f = a", simp add:alive_simps) +apply (case_tac "list = a", simp add:dalive_simps) apply (rule disjI2, rule conjI, rule_tac x = obj in exI) -apply (frule_tac obj = obj in co2sobj_closefd, simp, simp add:alive_simps) +apply (frule_tac obj = obj in co2sobj_closefd, simp, simp add:dalive_simps) apply (rule notI, simp add:co2sobj_closefd, erule_tac x = obj in allE, simp add:is_file_simps) apply (rule disjI2, rule conjI, rule_tac x = obj in exI) -apply (frule_tac obj = obj in co2sobj_closefd, simp, simp add:alive_simps) +apply (frule_tac obj = obj in co2sobj_closefd, simp, simp add:dalive_simps) apply (rule notI, simp add:co2sobj_closefd, erule_tac x = obj in allE, simp add:is_dir_simps) apply (rule disjI2, rule conjI, rule_tac x = obj in exI) -apply (frule_tac obj = obj in co2sobj_closefd, simp, simp add:alive_simps) +apply (frule_tac obj = obj in co2sobj_closefd, simp, simp add:dalive_simps) apply (rule notI, simp add:co2sobj_closefd, erule_tac x = obj in allE, simp) apply (rule impI) -apply (erule_tac obj = obj in co2sobj_some_caseD) -apply (case_tac "pa = p", simp add:co2sobj.simps) +apply (case_tac obj) +apply (case_tac "nat = p", simp add:co2sobj.simps) apply (rule disjI2, rule disjI2, rule conjI, rule_tac x = obj in exI) apply (frule_tac obj = obj in co2sobj_closefd, simp) -apply (auto simp add:co2sobj.simps split:t_object.splits if_splits)[1] +apply (auto simp add:co2sobj.simps split:t_dobject.splits if_splits)[1] apply (rule notI, simp add:co2sobj_closefd) apply (erule_tac x = obj in allE, simp) -apply (case_tac "f = a", simp add:alive_simps) -apply (case_tac "f \ same_inode_files s a", rule disjI1) +apply (case_tac "list = a", simp add:dalive_simps) +apply (case_tac "list \ same_inode_files s a", rule disjI1) apply (simp add:co2sobj_simps split:if_splits option.splits t_sobject.splits) apply (simp add:co2sobj.simps same_inodes_tainted cf2sfiles_prop) apply (erule bexE, erule conjE) apply (erule_tac x = f'' in ballE, simp, simp) apply (rule disjI2, rule disjI2, rule conjI, rule_tac x = obj in exI) -apply (frule_tac obj = obj in co2sobj_closefd, simp, simp add:alive_simps) +apply (frule_tac obj = obj in co2sobj_closefd, simp, simp add:dalive_simps) apply (rule notI, simp add:co2sobj_closefd, erule_tac x = obj in allE, simp add:is_file_simps) apply (rule disjI2, rule disjI2, rule conjI, rule_tac x = obj in exI) -apply (frule_tac obj = obj in co2sobj_closefd, simp, simp add:alive_simps) +apply (frule_tac obj = obj in co2sobj_closefd, simp, simp add:dalive_simps) apply (rule notI, simp add:co2sobj_closefd, erule_tac x = obj in allE, simp add:is_dir_simps) apply (rule disjI2, rule disjI2, rule conjI, rule_tac x = obj in exI) -apply (frule_tac obj = obj in co2sobj_closefd, simp, simp add:alive_simps) +apply (frule_tac obj = obj in co2sobj_closefd, simp, simp add:dalive_simps) apply (rule notI, simp add:co2sobj_closefd, erule_tac x = obj in allE, simp) apply (simp add:update_s2ss_sfile_del_def update_s2ss_obj_def split:if_splits) -apply (erule disjE, rule_tac x = "O_proc p" in exI, simp add:co2sobj.simps) +apply (erule disjE, rule_tac x = "D_proc p" in exI, simp add:co2sobj.simps) apply (erule exE, erule conjE) -apply (case_tac "obj = O_proc p") +apply (case_tac "obj = D_proc p") apply (rule_tac x = obj' in exI) apply (frule co2sobj_sproc_imp, erule exE, simp add:co2sobj_closefd) apply (simp add:co2sobj.simps) -apply (case_tac "obj = O_file a") -apply (rule_tac x = "O_file f'" in exI) +apply (case_tac "obj = D_file a") +apply (rule_tac x = "D_file f'" in exI) apply (case_tac "f' = a", simp add:same_inode_files_prop9 file_of_pfd_is_file) -apply (frule_tac obj = "O_file f'" in co2sobj_closefd, simp add:alive_simps) -apply (simp add:alive_simps co2sobj.simps split:t_object.splits if_splits) +apply (frule_tac obj = "D_file f'" in co2sobj_closefd, simp add:dalive_simps) +apply (simp add:dalive_simps co2sobj.simps split:t_dobject.splits if_splits) apply (rule_tac x = obj in exI) -apply (frule_tac obj = obj in alive_co2sobj_closefd3, simp+) +apply (frule_tac obj = obj in dalive_co2sobj_closefd3, simp+) apply (frule_tac obj = obj in co2sobj_closefd, simp) -apply (auto simp add:alive_simps co2sobj.simps split:t_object.splits if_splits)[1] -apply (erule disjE, rule_tac x = "O_proc p" in exI, simp add:co2sobj.simps) +apply (auto simp add:dalive_simps co2sobj.simps split:t_dobject.splits if_splits)[1] +apply (erule disjE, rule_tac x = "D_proc p" in exI, simp add:co2sobj.simps) apply (erule conjE, erule exE, erule conjE) -apply (case_tac "obj = O_proc p") +apply (case_tac "obj = D_proc p") apply (simp add:co2sobj.simps) -apply (case_tac "obj = O_file a") -apply (rule_tac x = "O_file f'" in exI) +apply (case_tac "obj = D_file a") +apply (rule_tac x = "D_file f'" in exI) apply (case_tac "f' = a", simp add:same_inode_files_prop9 file_of_pfd_is_file) -apply (frule_tac obj = "O_file f'" in co2sobj_closefd, simp add:alive_simps) -apply (simp add:alive_simps co2sobj.simps split:t_object.splits if_splits) +apply (frule_tac obj = "D_file f'" in co2sobj_closefd, simp add:dalive_simps) +apply (simp add:dalive_simps co2sobj.simps split:t_dobject.splits if_splits) apply (rule_tac x = obj in exI) -apply (frule_tac obj = obj in alive_co2sobj_closefd3, simp+) +apply (frule_tac obj = obj in dalive_co2sobj_closefd3, simp+) apply (frule_tac obj = obj in co2sobj_closefd, simp) -apply (auto simp add:alive_simps co2sobj.simps split:t_object.splits if_splits)[1] +apply (auto simp add:dalive_simps co2sobj.simps split:t_dobject.splits if_splits)[1] apply (erule disjE) apply (drule same_inode_files_prop10, simp add:file_of_pfd_is_file, erule exE, erule conjE) -apply (rule_tac x = "O_file f'a" in exI) +apply (rule_tac x = "D_file f'a" in exI) apply (frule same_inode_files_prop11) -apply (frule_tac obj = "O_file f'a" in co2sobj_closefd) -apply (simp add:alive_simps)+ +apply (frule_tac obj = "D_file f'a" in co2sobj_closefd) +apply (simp add:dalive_simps)+ apply (frule_tac f = "f'a" in is_file_has_sfile', simp, erule exE) apply (simp add:co2sobj.simps cf2sfiles_prop same_inodes_tainted split:if_splits) apply (rule impI, erule bexE, erule conjE, erule_tac x = f'' in ballE, simp, simp) apply (erule bexE, erule conjE, erule_tac x = f'' in ballE, simp, simp) apply (erule disjE) -apply (rule_tac x = "O_proc p" in exI, simp add:co2sobj.simps) +apply (rule_tac x = "D_proc p" in exI, simp add:co2sobj.simps) apply (erule exE, erule conjE) -apply (case_tac "obj = O_proc p") +apply (case_tac "obj = D_proc p") apply (rule_tac x = obj' in exI) apply (frule co2sobj_sproc_imp, erule exE, simp add:co2sobj_closefd) apply (simp add:co2sobj.simps) -apply (erule_tac obj = obj in co2sobj_some_caseD) +apply (case_tac obj) apply (rule_tac x = obj in exI) apply (simp add:co2sobj_closefd) -apply (case_tac "f \ same_inode_files s a") -apply (rule_tac x = "O_file f'" in exI) +apply (case_tac "list \ same_inode_files s a") +apply (rule_tac x = "D_file f'" in exI) apply (simp add:co2sobj_simps is_file_simps split:if_splits option.splits t_sobject.splits) apply (rule conjI, rule notI, simp add:same_inode_files_prop9) apply (rule impI, simp add:co2sobj.simps cf2sfiles_prop same_inodes_tainted) @@ -1267,25 +1218,25 @@ apply (erule disjE) apply (drule same_inode_files_prop10, simp add:file_of_pfd_is_file, erule exE, erule conjE) -apply (rule_tac x = "O_file f'a" in exI) +apply (rule_tac x = "D_file f'a" in exI) apply (frule same_inode_files_prop11) -apply (frule_tac obj = "O_file f'a" in co2sobj_closefd) -apply (simp add:alive_simps)+ +apply (frule_tac obj = "D_file f'a" in co2sobj_closefd) +apply (simp add:dalive_simps)+ apply (frule_tac f = "f'a" in is_file_has_sfile', simp, erule exE) apply (simp add:co2sobj.simps cf2sfiles_prop same_inodes_tainted split:if_splits) apply (rule impI, erule bexE, erule conjE, erule_tac x = f'' in ballE, simp, simp) apply (erule bexE, erule conjE, erule_tac x = f'' in ballE, simp, simp) apply (erule disjE) -apply (rule_tac x = "O_proc p" in exI) +apply (rule_tac x = "D_proc p" in exI) apply (simp add:co2sobj.simps) apply (erule conjE, erule exE, erule conjE) -apply (case_tac "obj = O_proc p") +apply (case_tac "obj = D_proc p") apply (simp add:co2sobj.simps) -apply (erule_tac obj = obj in co2sobj_some_caseD) +apply (case_tac obj) apply (rule_tac x = obj in exI) apply (simp add:co2sobj_closefd) -apply (case_tac "f \ same_inode_files s a") -apply (rule_tac x = "O_file f'" in exI) +apply (case_tac "list \ same_inode_files s a") +apply (rule_tac x = "D_file f'" in exI) apply (simp add:co2sobj_simps is_file_simps split:if_splits option.splits t_sobject.splits) apply (rule conjI, rule notI, simp add:same_inode_files_prop9) apply (rule impI, simp add:co2sobj.simps cf2sfiles_prop same_inodes_tainted) @@ -1299,107 +1250,107 @@ apply (tactic {*my_seteq_tac 1*}) apply (simp add:update_s2ss_obj_def update_s2ss_sfile_del_def) apply (rule conjI| rule impI|erule exE|erule conjE)+ -apply (erule_tac obj = obj in co2sobj_some_caseD) -apply (case_tac "pa = p", simp add:co2sobj.simps) +apply (case_tac obj) +apply (case_tac "nat = p", simp add:co2sobj.simps) apply (rule disjI2, rule_tac x = obj in exI) -apply (frule_tac obj = obj in co2sobj_closefd, simp, simp add:alive_simps) -apply (case_tac "f = a", simp add:alive_simps) +apply (frule_tac obj = obj in co2sobj_closefd, simp, simp add:dalive_simps) +apply (case_tac "list = a", simp add:dalive_simps) apply (rule disjI2, rule_tac x = obj in exI) -apply (frule_tac obj = obj in co2sobj_closefd, simp, clarsimp simp:alive_simps split:if_splits) +apply (frule_tac obj = obj in co2sobj_closefd, simp, clarsimp simp:dalive_simps split:if_splits) apply (rule disjI2, rule_tac x = obj in exI) -apply (frule_tac obj = obj in co2sobj_closefd, simp, simp add:alive_simps) +apply (frule_tac obj = obj in co2sobj_closefd, simp, simp add:dalive_simps) apply (rule disjI2, rule_tac x = obj in exI) -apply (frule_tac obj = obj in co2sobj_closefd, simp, simp add:alive_simps) +apply (frule_tac obj = obj in co2sobj_closefd, simp, simp add:dalive_simps) apply (rule conjI| rule impI|erule exE|erule conjE)+ -apply (erule_tac obj = obj in co2sobj_some_caseD) -apply (case_tac "pa = p", simp add:co2sobj.simps) +apply (case_tac obj) +apply (case_tac "nat = p", simp add:co2sobj.simps) apply (rule disjI2, rule conjI, rule_tac x = obj in exI) apply (frule_tac obj = obj in co2sobj_closefd, simp) -apply (auto simp add:co2sobj.simps split:t_object.splits if_splits)[1] -apply (rule notI, simp, erule_tac x = "O_proc pa" in allE, simp add:co2sobj_closefd) -apply (case_tac "f = a", simp add:alive_simps) -apply (case_tac "f \ same_inode_files s a", rule disjI2) +apply (auto simp add:co2sobj.simps split:t_dobject.splits if_splits)[1] +apply (rule notI, simp, erule_tac x = "D_proc nat" in allE, simp add:co2sobj_closefd) +apply (case_tac "list = a", simp add:dalive_simps) +apply (case_tac "list \ same_inode_files s a", rule disjI2) apply (simp add:co2sobj_simps split:if_splits option.splits t_sobject.splits) apply (simp add:co2sobj.simps same_inodes_tainted cf2sfiles_prop) apply (erule bexE, erule conjE) -apply (rule conjI, rule_tac x = "O_file f''" in exI) +apply (rule conjI, rule_tac x = "D_file f''" in exI) apply (simp add:same_inode_files_prop11 co2sobj.simps cf2sfiles_prop same_inodes_tainted) apply (rule notI, simp) apply (rule disjI2, rule conjI, rule_tac x = obj in exI) -apply (frule_tac obj = obj in co2sobj_closefd, simp, simp add:alive_simps) +apply (frule_tac obj = obj in co2sobj_closefd, simp, simp add:dalive_simps) apply (rule notI, simp add:co2sobj.simps) apply (rule disjI2, rule conjI, rule_tac x = obj in exI) -apply (frule_tac obj = obj in co2sobj_closefd, simp, simp add:alive_simps) +apply (frule_tac obj = obj in co2sobj_closefd, simp, simp add:dalive_simps) apply (rule notI, simp add:co2sobj.simps split:option.splits) apply (rule disjI2, rule conjI, rule_tac x = obj in exI) -apply (frule_tac obj = obj in co2sobj_closefd, simp, simp add:alive_simps) +apply (frule_tac obj = obj in co2sobj_closefd, simp, simp add:dalive_simps) apply (rule notI, simp add:co2sobj.simps split:option.splits) apply (erule bexE, erule conjE) apply (simp add:update_s2ss_obj_def split:if_splits) -apply (erule disjE, rule_tac x = "O_proc p" in exI, simp add:co2sobj.simps) +apply (erule disjE, rule_tac x = "D_proc p" in exI, simp add:co2sobj.simps) apply (erule exE, erule conjE) -apply (case_tac "obj = O_proc p") +apply (case_tac "obj = D_proc p") apply (rule_tac x = obj' in exI) apply (frule co2sobj_sproc_imp, erule exE, simp add:co2sobj_closefd) apply (simp add:co2sobj.simps) -apply (case_tac "obj = O_file a") -apply (rule_tac x = "O_file f'" in exI) -apply (frule_tac obj = "O_file f'" in co2sobj_closefd, simp add:alive_simps same_inode_files_prop11) -apply (simp add:alive_simps co2sobj.simps split:t_object.splits if_splits) +apply (case_tac "obj = D_file a") +apply (rule_tac x = "D_file f'" in exI) +apply (frule_tac obj = "D_file f'" in co2sobj_closefd, simp add:dalive_simps same_inode_files_prop11) +apply (simp add:dalive_simps co2sobj.simps split:t_dobject.splits if_splits) apply (rule conjI) apply (rule impI) apply (rule_tac x = f' in ballE, simp, simp, simp) apply (simp add:same_inode_files_prop11 co2sobj.simps cf2sfiles_prop same_inodes_tainted) apply (rule_tac x = obj in exI) -apply (frule_tac obj = obj in alive_co2sobj_closefd3, simp+) +apply (frule_tac obj = obj in dalive_co2sobj_closefd3, simp+) apply (frule_tac obj = obj in co2sobj_closefd, simp) -apply (auto simp add:alive_simps co2sobj.simps split:t_object.splits if_splits)[1] -apply (erule disjE, rule_tac x = "O_proc p" in exI, simp add:co2sobj.simps) +apply (auto simp add:dalive_simps co2sobj.simps split:t_dobject.splits if_splits)[1] +apply (erule disjE, rule_tac x = "D_proc p" in exI, simp add:co2sobj.simps) apply (erule conjE, erule exE, erule conjE) -apply (case_tac "obj = O_proc p") +apply (case_tac "obj = D_proc p") apply (simp add:co2sobj.simps) -apply (case_tac "obj = O_file a") -apply (rule_tac x = "O_file f'" in exI) -apply (frule_tac obj = "O_file f'" in co2sobj_closefd, simp add:alive_simps same_inode_files_prop11) -apply (simp add:alive_simps co2sobj.simps split:t_object.splits if_splits) +apply (case_tac "obj = D_file a") +apply (rule_tac x = "D_file f'" in exI) +apply (frule_tac obj = "D_file f'" in co2sobj_closefd, simp add:dalive_simps same_inode_files_prop11) +apply (simp add:dalive_simps co2sobj.simps split:t_dobject.splits if_splits) apply (rule conjI) apply (rule impI) apply (rule_tac x = f' in ballE, simp, simp, simp) apply (simp add:same_inode_files_prop11 co2sobj.simps cf2sfiles_prop same_inodes_tainted) apply (rule_tac x = obj in exI) -apply (frule_tac obj = obj in alive_co2sobj_closefd3, simp+) +apply (frule_tac obj = obj in dalive_co2sobj_closefd3, simp+) apply (frule_tac obj = obj in co2sobj_closefd, simp) -apply (auto simp add:alive_simps co2sobj.simps split:t_object.splits if_splits)[1] +apply (auto simp add:dalive_simps co2sobj.simps split:t_dobject.splits if_splits)[1] apply (rule impI) apply (tactic {*my_seteq_tac 1*}) apply (simp add:update_s2ss_obj_def update_s2ss_sfile_del_def) apply (rule conjI| rule impI|erule exE|erule conjE)+ -apply (erule_tac obj = obj in co2sobj_some_caseD) -apply (case_tac "pa = p", simp add:co2sobj.simps) +apply (case_tac obj) +apply (case_tac "nat = p", simp add:co2sobj.simps) apply (rule disjI2, rule_tac x = obj in exI) -apply (frule_tac obj = obj in co2sobj_closefd, simp, simp add:alive_simps) -apply (case_tac "f = a", simp add:alive_simps) +apply (frule_tac obj = obj in co2sobj_closefd, simp, simp add:dalive_simps) +apply (case_tac "list = a", simp add:dalive_simps) apply (rule disjI2, rule_tac x = obj in exI) -apply (frule_tac obj = obj in co2sobj_closefd, simp, clarsimp simp:alive_simps split:if_splits) +apply (frule_tac obj = obj in co2sobj_closefd, simp, clarsimp simp:dalive_simps split:if_splits) apply (rule disjI2, rule_tac x = obj in exI) -apply (frule_tac obj = obj in co2sobj_closefd, simp, simp add:alive_simps) +apply (frule_tac obj = obj in co2sobj_closefd, simp, simp add:dalive_simps) apply (rule disjI2, rule_tac x = obj in exI) -apply (frule_tac obj = obj in co2sobj_closefd, simp, simp add:alive_simps) +apply (frule_tac obj = obj in co2sobj_closefd, simp, simp add:dalive_simps) apply (frule_tac obj = obj in co2sobj_closefd, simp, rule notI, simp) apply (frule_tac obj = obj in co2sobj_sfile_imp, erule exE, simp add:is_file_simps split:if_splits) apply (erule_tac x= f in allE, simp add:co2sobj.simps) apply (rule conjI| rule impI|erule exE|erule conjE)+ -apply (erule_tac obj = obj in co2sobj_some_caseD) -apply (case_tac "pa = p", simp add:co2sobj.simps) +apply (case_tac obj) +apply (case_tac "nat = p", simp add:co2sobj.simps) apply (rule disjI2, rule notI, simp) apply (rule disjI2, rule conjI, rule disjI2, rule_tac x = obj in exI) apply (frule_tac obj = obj in co2sobj_closefd, simp) -apply (auto simp add:co2sobj.simps split:t_object.splits if_splits)[1] +apply (auto simp add:co2sobj.simps split:t_dobject.splits if_splits)[1] apply (rule notI, simp add:co2sobj.simps split:option.splits) -apply (case_tac "f = a", simp add:alive_simps) -apply (case_tac "f \ same_inode_files s a", rule disjI1) +apply (case_tac "list = a", simp add:dalive_simps) +apply (case_tac "list \ same_inode_files s a", rule disjI1) apply (simp add:co2sobj_simps split:if_splits option.splits t_sobject.splits) apply (simp add:co2sobj.simps same_inodes_tainted cf2sfiles_prop) apply (erule bexE, erule conjE) @@ -1407,25 +1358,25 @@ apply (rule disjI2, rule conjI, rule disjI2, rule_tac x = obj in exI) apply (simp add:is_file_simps co2sobj_closefd) apply (rule notI, simp add:co2sobj_closefd) -apply (erule_tac x = f in allE, simp add:is_file_simps co2sobj.simps) +apply (erule_tac x = list in allE, simp add:is_file_simps co2sobj.simps) apply (rule disjI2, rule conjI, rule disjI2, rule_tac x = obj in exI) -apply (frule_tac obj = obj in co2sobj_closefd, simp, simp add:alive_simps) +apply (frule_tac obj = obj in co2sobj_closefd, simp, simp add:dalive_simps) apply (rule notI, simp add:co2sobj.simps split:option.splits) apply (rule disjI2, rule conjI, rule disjI2, rule_tac x = obj in exI) -apply (frule_tac obj = obj in co2sobj_closefd, simp, simp add:alive_simps) +apply (frule_tac obj = obj in co2sobj_closefd, simp, simp add:dalive_simps) apply (rule notI, simp add:co2sobj.simps split:option.splits) apply (rule impI, rule conjI, rule impI) -apply (erule_tac obj = obj in co2sobj_some_caseD) -apply (case_tac "pa = p", simp add:co2sobj.simps) +apply (case_tac obj) +apply (case_tac "nat = p", simp add:co2sobj.simps) apply (rule notI, simp) apply (rule conjI, rule disjI2, rule conjI, rule_tac x = obj in exI) apply (frule_tac obj = obj in co2sobj_closefd, simp) -apply (auto simp add:co2sobj.simps split:t_object.splits if_splits)[1] +apply (auto simp add:co2sobj.simps split:t_dobject.splits if_splits)[1] apply (erule_tac x = obj in allE, simp add:co2sobj_closefd) apply (rule notI, simp add:co2sobj.simps split:option.splits) -apply (case_tac "f = a", simp add:alive_simps) -apply (case_tac "f \ same_inode_files s a", rule conjI, rule disjI2, rule conjI) +apply (case_tac "list = a", simp add:dalive_simps) +apply (case_tac "list \ same_inode_files s a", rule conjI, rule disjI2, rule conjI) apply (simp add:co2sobj_simps split:if_splits option.splits t_sobject.splits) apply (simp add:co2sobj.simps) apply (rule notI, simp add:co2sobj.simps) @@ -1433,24 +1384,24 @@ apply (simp add:is_file_simps co2sobj_closefd) apply (rule notI, simp add:co2sobj.simps) apply (rule notI, simp add:co2sobj_closefd) -apply (erule_tac x = f in allE, simp add:is_file_simps co2sobj.simps) +apply (erule_tac x = list in allE, simp add:is_file_simps co2sobj.simps) apply (rule conjI, rule disjI2, rule conjI, rule_tac x = obj in exI) -apply (frule_tac obj = obj in co2sobj_closefd, simp, simp add:alive_simps) +apply (frule_tac obj = obj in co2sobj_closefd, simp, simp add:dalive_simps) apply (rule notI, simp add:co2sobj.simps split:option.splits)+ apply (rule conjI, rule disjI2, rule conjI, rule_tac x = obj in exI) -apply (frule_tac obj = obj in co2sobj_closefd, simp, simp add:alive_simps) +apply (frule_tac obj = obj in co2sobj_closefd, simp, simp add:dalive_simps) apply (rule notI, simp add:co2sobj.simps split:option.splits)+ apply (rule impI) -apply (erule_tac obj = obj in co2sobj_some_caseD) -apply (case_tac "pa = p", simp add:co2sobj.simps) +apply (case_tac obj) +apply (case_tac "nat = p", simp add:co2sobj.simps) apply (rule disjI2, rule notI, simp) apply (rule disjI2, rule conjI, rule disjI2, rule conjI, rule_tac x = obj in exI) apply (frule_tac obj = obj in co2sobj_closefd, simp) -apply (auto simp add:co2sobj.simps split:t_object.splits if_splits)[1] +apply (auto simp add:co2sobj.simps split:t_dobject.splits if_splits)[1] apply (erule_tac x = obj in allE, simp add:co2sobj_closefd) apply (rule notI, simp add:co2sobj.simps split:option.splits) -apply (case_tac "f = a", simp add:alive_simps) -apply (case_tac "f \ same_inode_files s a", rule disjI1) +apply (case_tac "list = a", simp add:dalive_simps) +apply (case_tac "list \ same_inode_files s a", rule disjI1) apply (simp add:co2sobj_closefd split:if_splits option.splits t_sobject.splits) apply (simp add:co2sobj.simps cf2sfiles_prop same_inodes_tainted) apply (erule bexE, erule conjE, erule_tac x = "f''" in ballE, simp, simp) @@ -1458,86 +1409,86 @@ apply (simp add:is_file_simps co2sobj_closefd) apply (rule notI, simp add:co2sobj.simps) apply (rule notI, simp add:co2sobj_closefd) -apply (erule_tac x = f in allE, simp add:is_file_simps co2sobj.simps) +apply (erule_tac x = list in allE, simp add:is_file_simps co2sobj.simps) apply (rule disjI2, rule conjI, rule disjI2, rule conjI, rule_tac x = obj in exI) -apply (frule_tac obj = obj in co2sobj_closefd, simp, simp add:alive_simps) +apply (frule_tac obj = obj in co2sobj_closefd, simp, simp add:dalive_simps) apply (rule notI, simp add:co2sobj.simps split:option.splits)+ apply (rule disjI2, rule conjI, rule disjI2, rule conjI, rule_tac x = obj in exI) -apply (frule_tac obj = obj in co2sobj_closefd, simp, simp add:alive_simps) +apply (frule_tac obj = obj in co2sobj_closefd, simp, simp add:dalive_simps) apply (rule notI, simp add:co2sobj.simps split:option.splits)+ apply (simp add:update_s2ss_sfile_del_def update_s2ss_obj_def split:if_splits) apply (erule conjE, erule disjE) -apply (rule_tac x = "O_proc p" in exI, simp add:co2sobj.simps) +apply (rule_tac x = "D_proc p" in exI, simp add:co2sobj.simps) apply (erule exE, erule conjE) -apply (case_tac "obj = O_file a", simp add:co2sobj.simps) -apply (case_tac "obj = O_proc p") +apply (case_tac "obj = D_file a", simp add:co2sobj.simps) +apply (case_tac "obj = D_proc p") apply (rule_tac x = obj' in exI, frule_tac obj = obj' in co2sobj_sproc_imp, erule exE) -apply (frule_tac obj = obj' in alive_co2sobj_closefd3, simp+) +apply (frule_tac obj = obj' in dalive_co2sobj_closefd3, simp+) apply (simp add:co2sobj_closefd) apply (simp add:co2sobj.simps) -apply (frule_tac obj = obj in alive_co2sobj_closefd3, simp+) +apply (frule_tac obj = obj in dalive_co2sobj_closefd3, simp+) apply (rule_tac x = obj in exI, simp add:co2sobj_closefd) -apply (auto simp add:co2sobj.simps split:t_object.splits if_splits)[1] +apply (auto simp add:co2sobj.simps split:t_dobject.splits if_splits)[1] apply (erule conjE|erule exE|erule disjE)+ -apply (rule_tac x = "O_proc p" in exI, simp add:co2sobj.simps) +apply (rule_tac x = "D_proc p" in exI, simp add:co2sobj.simps) apply (erule conjE, erule exE, erule conjE) -apply (case_tac "obj = O_file a", simp add:co2sobj.simps) -apply (case_tac "obj = O_proc p") +apply (case_tac "obj = D_file a", simp add:co2sobj.simps) +apply (case_tac "obj = D_proc p") apply (simp add:co2sobj.simps) -apply (frule_tac obj = obj in alive_co2sobj_closefd3, simp+) +apply (frule_tac obj = obj in dalive_co2sobj_closefd3, simp+) apply (rule_tac x = obj in exI, simp add:co2sobj_closefd) -apply (auto simp add:co2sobj.simps split:t_object.splits if_splits)[1] +apply (auto simp add:co2sobj.simps split:t_dobject.splits if_splits)[1] apply (erule conjE|erule exE|erule disjE)+ apply (drule same_inode_files_prop10, simp add:file_of_pfd_is_file, erule exE, erule conjE) -apply (rule_tac x = "O_file f'" in exI) +apply (rule_tac x = "D_file f'" in exI) apply (frule same_inode_files_prop11) -apply (frule_tac obj = "O_file f'" in co2sobj_closefd) -apply (simp add:alive_simps)+ +apply (frule_tac obj = "D_file f'" in co2sobj_closefd) +apply (simp add:dalive_simps)+ apply (frule_tac f = "f'" in is_file_has_sfile', simp, erule exE) apply (simp add:co2sobj.simps cf2sfiles_prop same_inodes_tainted split:if_splits) apply (rule impI, erule bexE, erule conjE, erule_tac x = f'' in ballE, simp, simp) apply (erule bexE, erule conjE, erule_tac x = f'' in ballE, simp, simp) apply (erule conjE, erule disjE) -apply (rule_tac x = "O_proc p" in exI) +apply (rule_tac x = "D_proc p" in exI) apply (simp add:co2sobj.simps) apply (erule exE, erule conjE) -apply (case_tac "obj = O_proc p") +apply (case_tac "obj = D_proc p") apply (rule_tac x = "obj'" in exI, simp, frule_tac obj = obj' in co2sobj_sproc_imp, erule exE) -apply (frule_tac obj = obj' in alive_co2sobj_closefd3, simp+) +apply (frule_tac obj = obj' in dalive_co2sobj_closefd3, simp+) apply (simp add:co2sobj_closefd) apply (simp add:co2sobj.simps) -apply (case_tac "obj = O_file a", simp add:co2sobj.simps) -apply (frule_tac obj = obj in alive_co2sobj_closefd3, simp+) -apply (erule_tac obj = obj in co2sobj_some_caseD) +apply (case_tac "obj = D_file a", simp add:co2sobj.simps) +apply (frule_tac obj = obj in dalive_co2sobj_closefd3, simp+) +apply (case_tac obj) apply (rule_tac x = obj in exI) apply (simp add:co2sobj_closefd) -apply (case_tac "f = a", simp add:alive_simps) -apply (case_tac "f \ same_inode_files s a") +apply (case_tac "list = a", simp add:dalive_simps) +apply (case_tac "list \ same_inode_files s a") apply (simp add:co2sobj.simps cf2sfiles_prop same_inodes_tainted) apply (rule_tac x = obj in exI, simp add:co2sobj_closefd) apply (rule_tac x = obj in exI, simp add:co2sobj_closefd) apply (rule_tac x = obj in exI, simp add:co2sobj_closefd) apply (erule disjE) apply (drule same_inode_files_prop10, simp add:file_of_pfd_is_file, erule exE, erule conjE) -apply (rule_tac x = "O_file f'" in exI) +apply (rule_tac x = "D_file f'" in exI) apply (frule same_inode_files_prop11) -apply (frule_tac obj = "O_file f'" in co2sobj_closefd) -apply (simp add:alive_simps)+ +apply (frule_tac obj = "D_file f'" in co2sobj_closefd) +apply (simp add:dalive_simps)+ apply (frule_tac f = "f'" in is_file_has_sfile', simp, erule exE) apply (simp add:co2sobj.simps cf2sfiles_prop same_inodes_tainted split:if_splits) apply (rule impI, erule bexE, erule conjE, erule_tac x = f'' in ballE, simp, simp) apply (erule bexE, erule conjE, erule_tac x = f'' in ballE, simp, simp) apply (erule conjE, erule disjE) -apply (rule_tac x = "O_proc p" in exI) +apply (rule_tac x = "D_proc p" in exI) apply (simp add:co2sobj.simps) apply (erule conjE, erule exE, erule conjE) -apply (case_tac "obj = O_proc p", simp add:co2sobj.simps) -apply (case_tac "obj = O_file a", simp add:co2sobj.simps) -apply (erule_tac obj = obj in co2sobj_some_caseD) +apply (case_tac "obj = D_proc p", simp add:co2sobj.simps) +apply (case_tac "obj = D_file a", simp add:co2sobj.simps) +apply (case_tac obj) apply (rule_tac x = obj in exI) apply (simp add:co2sobj_closefd) -apply (case_tac "f \ same_inode_files s a") +apply (case_tac "list \ same_inode_files s a") apply (simp add:co2sobj.simps cf2sfiles_prop same_inodes_tainted) apply (rule_tac x = obj in exI, simp add:co2sobj_closefd is_file_simps) apply (rule_tac x = obj in exI, simp add:co2sobj_closefd is_dir_simps) @@ -1549,47 +1500,47 @@ apply (simp add:s2ss_def) apply (rule set_eqI, rule iffI, erule CollectE, erule exE, erule conjE) apply (simp) -apply (case_tac "obj = O_proc p") +apply (case_tac "obj = D_proc p") apply (simp add:co2sobj.simps split:if_splits) apply (rule disjI2, rule_tac x = obj in exI, erule conjE) -apply (simp add:alive_co2sobj_closefd') -apply (frule_tac obj = obj in co2sobj_closefd, simp, simp split:t_object.splits if_splits) +apply (simp add:dalive_co2sobj_closefd') +apply (frule_tac obj = obj in co2sobj_closefd, simp, simp split:t_dobject.splits if_splits) apply (simp, erule disjE) -apply (rule_tac x = "O_proc p" in exI, simp add:co2sobj.simps) +apply (rule_tac x = "D_proc p" in exI, simp add:co2sobj.simps) apply (erule exE, erule conjE) -apply (case_tac "obj = O_proc p") -apply (rule_tac x = obj' in exI, simp add:alive_co2sobj_closefd1) -apply (frule_tac obj = obj' in co2sobj_closefd, simp add:alive_co2sobj_closefd1) -apply (clarsimp split:t_object.splits if_splits option.splits simp:co2sobj.simps) -apply (rule_tac x = obj in exI, simp add:alive_co2sobj_closefd1) -apply (frule_tac obj = obj in co2sobj_closefd, simp add:alive_co2sobj_closefd1) -apply (clarsimp split:t_object.splits if_splits option.splits simp: co2sobj.simps) +apply (case_tac "obj = D_proc p") +apply (rule_tac x = obj' in exI, simp add:dalive_co2sobj_closefd1) +apply (frule_tac obj = obj' in co2sobj_closefd, simp add:dalive_co2sobj_closefd1) +apply (clarsimp split:t_dobject.splits if_splits option.splits simp:co2sobj.simps) +apply (rule_tac x = obj in exI, simp add:dalive_co2sobj_closefd1) +apply (frule_tac obj = obj in co2sobj_closefd, simp add:dalive_co2sobj_closefd1) +apply (clarsimp split:t_dobject.splits if_splits option.splits simp: co2sobj.simps) apply (rule impI) apply (simp add:s2ss_def) apply (rule set_eqI, rule iffI, erule CollectE, erule exE, erule conjE) apply (simp) -apply (case_tac "obj = O_proc p") +apply (case_tac "obj = D_proc p") apply (rule disjI1, simp add:co2sobj.simps split:if_splits) -apply (rule disjI2, rule conjI, rule_tac x = obj in exI, simp add:alive_co2sobj_closefd') -apply (frule_tac obj = obj in co2sobj_closefd, simp add:alive_co2sobj_closefd1) -apply (clarsimp split:t_object.splits if_splits option.splits simp: co2sobj.simps) -apply (rule notI, erule_tac x = obj in allE, simp add:alive_co2sobj_closefd') -apply (frule_tac obj = obj in co2sobj_closefd, simp add:alive_co2sobj_closefd1) -apply (clarsimp split:t_object.splits if_splits option.splits) +apply (rule disjI2, rule conjI, rule_tac x = obj in exI, simp add:dalive_co2sobj_closefd') +apply (frule_tac obj = obj in co2sobj_closefd, simp add:dalive_co2sobj_closefd1) +apply (clarsimp split:t_dobject.splits if_splits option.splits simp: co2sobj.simps) +apply (rule notI, erule_tac x = obj in allE, simp add:dalive_co2sobj_closefd') +apply (frule_tac obj = obj in co2sobj_closefd, simp add:dalive_co2sobj_closefd1) +apply (clarsimp split:t_dobject.splits if_splits option.splits) apply (simp) apply (erule disjE) -apply (rule_tac x = "O_proc p" in exI, simp add:co2sobj.simps) +apply (rule_tac x = "D_proc p" in exI, simp add:co2sobj.simps) apply (erule exE|erule conjE)+ apply (rule_tac x = obj in exI) -apply (frule_tac obj = obj in co2sobj_closefd, simp add:alive_co2sobj_closefd1) -apply (clarsimp split:t_object.splits if_splits option.splits - simp: co2sobj.simps alive_co2sobj_closefd1) +apply (frule_tac obj = obj in co2sobj_closefd, simp add:dalive_co2sobj_closefd1) +apply (clarsimp split:t_dobject.splits if_splits option.splits + simp: co2sobj.simps dalive_co2sobj_closefd1) done -lemma alive_co2sobj_unlink: - "\alive s obj; valid (UnLink p f # s); obj \ O_file f\ - \ alive (UnLink p f # s) obj" -by (auto simp add:alive_simps split:t_object.splits) +lemma dalive_co2sobj_unlink: + "\dalive s obj; valid (UnLink p f # s); obj \ D_file f\ + \ dalive (UnLink p f # s) obj" +by (auto simp add:dalive_simps split:t_dobject.splits) lemma s2ss_unlink: "valid (UnLink p f # s) \ s2ss (UnLink p f # s) = ( @@ -1607,33 +1558,31 @@ apply (simp add:s2ss_def) apply (tactic {*my_seteq_tac 1*}) -apply (case_tac "obj = O_file f", simp add:is_file_simps) +apply (case_tac "obj = D_file f", simp add:is_file_simps) apply simp apply (rule conjI) -apply (rule_tac x = obj in exI,simp add:co2sobj_unlink is_file_simps is_dir_simps split:t_object.splits) -apply (simp add:co2sobj.simps) -apply (simp add:co2sobj.simps) +apply (rule_tac x = obj in exI,simp add:co2sobj_unlink is_file_simps is_dir_simps split:t_dobject.splits) apply (rule notI, simp, frule_tac obj = obj in co2sobj_sfile_imp, erule exE, simp) apply (frule_tac obj = obj in co2sobj_unlink, simp) apply (erule_tac x = fa in allE, simp add:is_file_simps) apply (simp add:co2sobj.simps) apply (tactic {*my_setiff_tac 1*}) -apply (case_tac "obj = O_file f", simp add:co2sobj.simps) -apply (frule_tac alive_co2sobj_unlink, simp, simp) +apply (case_tac "obj = D_file f", simp add:co2sobj.simps) +apply (frule_tac dalive_co2sobj_unlink, simp, simp) apply (frule_tac obj = obj in co2sobj_unlink, simp) apply (rule_tac x = obj in exI) -apply (simp add:co2sobj.simps split:t_object.splits if_splits) +apply (simp add:co2sobj.simps split:t_dobject.splits if_splits) apply (rule impI|erule conjE|erule exE|rule conjI|erule bexE)+ defer apply (rule impI|erule conjE|erule exE|rule conjI|erule bexE)+ apply (simp add:s2ss_def) apply (tactic {*my_seteq_tac 1*}) -apply (case_tac "obj = O_file f", simp add:alive_simps) -apply (erule_tac obj = obj in co2sobj_some_caseD) +apply (case_tac "obj = D_file f", simp add:dalive_simps) +apply (case_tac obj) apply (rule disjI2, simp, rule_tac x = obj in exI) apply (simp add:co2sobj_unlink) -apply (case_tac "fa \ same_inode_files s f") +apply (case_tac "list \ same_inode_files s f") apply (rule disjI1) apply (simp add:co2sobj_unlink) apply (simp add:co2sobj.simps same_inodes_tainted cf2sfiles_prop split:if_splits) @@ -1644,8 +1593,8 @@ apply (rule disjI2, simp, rule_tac x = obj in exI, simp add:co2sobj_unlink) apply (tactic {*my_setiff_tac 1*}) apply (drule same_inode_files_prop10, simp, erule exE, erule conjE) -apply (rule_tac x = "O_file f'a" in exI, simp add:is_file_simps) -apply (frule_tac obj = "O_file f'a" in co2sobj_unlink, simp add:same_inode_files_prop11 is_file_simps) +apply (rule_tac x = "D_file f'a" in exI, simp add:is_file_simps) +apply (frule_tac obj = "D_file f'a" in co2sobj_unlink, simp add:same_inode_files_prop11 is_file_simps) apply (simp add:co2sobj.simps same_inodes_tainted cf2sfiles_prop is_file_simps same_inode_files_prop11 split:if_splits) apply (rule impI, erule bexE, erule_tac x = f'' in ballE, simp, simp) @@ -1653,14 +1602,14 @@ apply (tactic {*my_setiff_tac 1*}) apply (case_tac "f' = f", simp add:same_inode_files_prop9) -apply (case_tac "obj= O_file f") -apply (rule_tac x = "O_file f'" in exI, simp add:is_file_simps) +apply (case_tac "obj= D_file f") +apply (rule_tac x = "D_file f'" in exI, simp add:is_file_simps) apply (frule_tac f' = f' in cf2sfiles_unlink, simp add:current_files_simps is_file_in_current) apply (simp add:co2sobj.simps) -apply (erule_tac obj = obj in co2sobj_some_caseD) +apply (case_tac obj) apply (rule_tac x = obj in exI, simp add:co2sobj_unlink) -apply (case_tac "fa \ same_inode_files s f") -apply (rule_tac x = "O_file f'" in exI) +apply (case_tac "list \ same_inode_files s f") +apply (rule_tac x = "D_file f'" in exI) apply (frule_tac f' = f' in cf2sfiles_unlink, simp add:current_files_simps is_file_in_current) apply (simp add:co2sobj.simps is_file_simps cf2sfiles_prop same_inodes_tainted) apply (rule_tac x = obj in exI, simp add:co2sobj_unlink is_file_simps) @@ -1672,12 +1621,12 @@ apply (rule impI|erule conjE|erule exE|rule conjI|erule bexE)+ apply (simp add:s2ss_def) apply (tactic {*my_seteq_tac 1*}) -apply (case_tac "obj = O_file f", simp add:alive_simps, simp) -apply (erule_tac obj = obj in co2sobj_some_caseD) +apply (case_tac "obj = D_file f", simp add:dalive_simps, simp) +apply (case_tac obj) apply (rule disjI2, rule conjI, simp, rule_tac x = obj in exI) apply (simp add:co2sobj_unlink) apply (rule notI, simp add:co2sobj.simps split:option.splits) -apply (case_tac "fa \ same_inode_files s f") +apply (case_tac "list \ same_inode_files s f") apply (rule disjI1) apply (simp add:co2sobj_unlink) apply (simp add:co2sobj.simps same_inodes_tainted cf2sfiles_prop split:if_splits) @@ -1685,24 +1634,24 @@ apply (rule disjI2, rule conjI, simp, rule_tac x = obj in exI) apply (simp add:co2sobj_unlink is_file_simps) apply (rule notI, simp add:co2sobj_unlink) -apply (erule_tac x = fa in allE, simp add:co2sobj.simps is_file_simps) +apply (erule_tac x = list in allE, simp add:co2sobj.simps is_file_simps) apply (rule disjI2, rule conjI, simp, rule_tac x = obj in exI, simp add:co2sobj_unlink is_dir_simps) apply (rule notI, simp add:co2sobj.simps split:option.splits) apply (rule disjI2, rule conjI, simp, rule_tac x = obj in exI, simp add:co2sobj_unlink) apply (rule notI, simp add:co2sobj.simps split:option.splits) apply (tactic {*my_setiff_tac 1*}) apply (drule same_inode_files_prop10, simp, erule exE, erule conjE) -apply (rule_tac x = "O_file f'" in exI, simp add:is_file_simps) -apply (frule_tac obj = "O_file f'" in co2sobj_unlink, simp add:same_inode_files_prop11 is_file_simps) +apply (rule_tac x = "D_file f'" in exI, simp add:is_file_simps) +apply (frule_tac obj = "D_file f'" in co2sobj_unlink, simp add:same_inode_files_prop11 is_file_simps) apply (simp add:co2sobj.simps same_inodes_tainted cf2sfiles_prop is_file_simps same_inode_files_prop11 split:if_splits) apply (rule impI, erule bexE, erule_tac x = f'' in ballE, simp, simp) apply (erule bexE, erule_tac x = f'' in ballE, simp, simp) apply (tactic {*my_setiff_tac 1*}, simp) -apply (case_tac "obj = O_file f", simp add:co2sobj.simps) -apply (erule_tac obj = obj in co2sobj_some_caseD) +apply (case_tac "obj = D_file f", simp add:co2sobj.simps) +apply (case_tac obj) apply (rule_tac x = obj in exI, simp add:co2sobj_unlink) -apply (case_tac "fa \ same_inode_files s f") +apply (case_tac "list \ same_inode_files s f") apply (simp add:co2sobj.simps cf2sfiles_prop same_inodes_tainted) apply (rule_tac x = obj in exI, simp add:co2sobj_unlink is_file_simps) apply (rule_tac x = obj in exI, simp add:co2sobj_unlink is_dir_simps) @@ -1712,45 +1661,39 @@ apply (simp add:s2ss_def) apply (tactic {*my_seteq_tac 1*}) apply (rule_tac x = obj in exI) -apply (simp add:co2sobj_unlink is_file_simps is_dir_simps split:t_object.splits) -apply (simp add:co2sobj.simps) -apply (simp add:co2sobj.simps) +apply (simp add:co2sobj_unlink is_file_simps is_dir_simps split:t_dobject.splits) apply (tactic {*my_setiff_tac 1*}) apply (rule_tac x = obj in exI) -apply (subgoal_tac "alive (UnLink p f # s) obj") -apply (auto simp add:co2sobj_unlink is_file_simps is_dir_simps split:t_object.splits)[1] -apply (auto simp add:co2sobj_unlink alive_simps split:t_object.splits)[1] +apply (subgoal_tac "dalive (UnLink p f # s) obj") +apply (auto simp add:co2sobj_unlink is_file_simps is_dir_simps split:t_dobject.splits)[1] +apply (auto simp add:co2sobj_unlink dalive_simps split:t_dobject.splits)[1] apply (simp add:s2ss_def) apply (tactic {*my_seteq_tac 1*}) -apply (case_tac "obj = O_file f", simp add:alive_simps) -apply (rule_tac x = obj in exI, simp add:co2sobj_unlink is_file_simps is_dir_simps split:t_object.splits) -apply (simp add:co2sobj.simps) -apply (simp add:co2sobj.simps) +apply (case_tac "obj = D_file f", simp add:dalive_simps) +apply (rule_tac x = obj in exI, simp add:co2sobj_unlink is_file_simps is_dir_simps split:t_dobject.splits) apply (tactic {*my_setiff_tac 1*}) -apply (case_tac "obj = O_file f") -apply (rule_tac x = "O_file f'" in exI) -apply (auto simp add:co2sobj_unlink is_file_simps is_dir_simps split:t_object.splits)[1] +apply (case_tac "obj = D_file f") +apply (rule_tac x = "D_file f'" in exI) +apply (auto simp add:co2sobj_unlink is_file_simps is_dir_simps split:t_dobject.splits)[1] apply (rule_tac x =obj in exI) -apply (subgoal_tac "alive (UnLink p f # s) obj") -apply (auto simp add:co2sobj_unlink is_file_simps is_dir_simps split:t_object.splits)[1] -apply (auto simp add:co2sobj_unlink alive_simps split:t_object.splits)[1] +apply (subgoal_tac "dalive (UnLink p f # s) obj") +apply (auto simp add:co2sobj_unlink is_file_simps is_dir_simps split:t_dobject.splits)[1] +apply (auto simp add:co2sobj_unlink dalive_simps split:t_dobject.splits)[1] apply (simp add:s2ss_def) apply (tactic {*my_seteq_tac 1*}) -apply (case_tac "obj = O_file f", simp add:alive_simps) -apply (rule_tac x = obj in exI, simp add:co2sobj_unlink is_file_simps is_dir_simps split:t_object.splits if_splits) -apply (simp add:co2sobj.simps) -apply (simp add:co2sobj.simps) +apply (case_tac "obj = D_file f", simp add:dalive_simps) +apply (rule_tac x = obj in exI, simp add:co2sobj_unlink is_file_simps is_dir_simps split:t_dobject.splits if_splits) apply (tactic {*my_setiff_tac 1*}) -apply (case_tac "obj = O_file f") -apply (rule_tac x = "O_file f'" in exI) -apply (auto simp add:co2sobj_unlink is_file_simps is_dir_simps same_inode_files_prop9 split:t_object.splits)[1] -apply (erule_tac obj = obj in co2sobj_some_caseD) +apply (case_tac "obj = D_file f") +apply (rule_tac x = "D_file f'" in exI) +apply (auto simp add:co2sobj_unlink is_file_simps is_dir_simps same_inode_files_prop9 split:t_dobject.splits)[1] +apply (case_tac obj) apply (rule_tac x = obj in exI, simp add:co2sobj_unlink) -apply (case_tac "fa \ same_inode_files s f") -apply (rule_tac x = "O_file f'" in exI) -apply (simp add:alive_simps co2sobj.simps) +apply (case_tac "list \ same_inode_files s f") +apply (rule_tac x = "D_file f'" in exI) +apply (simp add:dalive_simps co2sobj.simps) apply (rule conjI, rule notI, simp add:same_inode_files_prop9) apply (rule impI, frule_tac f' = f' in cf2sfiles_unlink) apply (simp add:current_files_simps is_file_simps is_file_in_current) @@ -1761,27 +1704,25 @@ apply (simp add:s2ss_def) apply (tactic {*my_seteq_tac 1*}) -apply (case_tac "obj = O_file f", simp add:alive_simps) -apply (rule_tac x = obj in exI, simp add:co2sobj_unlink is_file_simps is_dir_simps split:t_object.splits if_splits) -apply (simp add:co2sobj.simps) -apply (simp add:co2sobj.simps) +apply (case_tac "obj = D_file f", simp add:dalive_simps) +apply (rule_tac x = obj in exI, simp add:co2sobj_unlink is_file_simps is_dir_simps split:t_dobject.splits if_splits) apply (tactic {*my_setiff_tac 1*}) -apply (case_tac "obj = O_file f") -apply (rule_tac x = "O_file f'" in exI) -apply (subgoal_tac "alive (UnLink p f # s) (O_file f')") +apply (case_tac "obj = D_file f") +apply (rule_tac x = "D_file f'" in exI) +apply (subgoal_tac "dalive (UnLink p f # s) (D_file f')") apply (frule same_inode_files_prop11, frule_tac f = f' in is_file_has_sfile', simp add:vd_cons, erule exE) -apply (frule_tac obj = "O_file f'" in co2sobj_unlink, simp) +apply (frule_tac obj = "D_file f'" in co2sobj_unlink, simp) apply (simp split:if_splits option.splits add:is_file_simps) apply (simp add:co2sobj.simps cf2sfiles_prop same_inodes_tainted) apply (auto split:t_sobject.splits)[1] apply (simp add:is_file_simps same_inode_files_prop11) -apply (erule_tac obj = obj in co2sobj_some_caseD) +apply (case_tac obj) apply (rule_tac x = obj in exI, simp add:co2sobj_unlink) -apply (case_tac "fa \ same_inode_files s f") -apply (rule_tac x = "O_file f'" in exI) -apply (subgoal_tac "alive (UnLink p f # s) (O_file f')") +apply (case_tac "list \ same_inode_files s f") +apply (rule_tac x = "D_file f'" in exI) +apply (subgoal_tac "dalive (UnLink p f # s) (D_file f')") apply (frule same_inode_files_prop11, frule_tac f = f' in is_file_has_sfile', simp add:vd_cons, erule exE) -apply (frule_tac obj = "O_file f'" in co2sobj_unlink, simp) +apply (frule_tac obj = "D_file f'" in co2sobj_unlink, simp) apply (simp split:if_splits option.splits add:is_file_simps) apply (simp add:co2sobj.simps cf2sfiles_prop same_inodes_tainted) apply (auto split:t_sobject.splits)[1] @@ -1792,8 +1733,8 @@ done lemma s2ss_rmdir: "valid (Rmdir p f # s) \ s2ss (Rmdir p f # s) = ( - case (co2sobj s (O_dir f)) of - Some sdir \ del_s2ss_obj s (s2ss s) (O_dir f) sdir + case (co2sobj s (D_dir f)) of + Some sdir \ del_s2ss_obj s (s2ss s) (D_dir f) sdir | _ \ {})" apply (frule vd_cons, frule vt_grant_os) apply (clarsimp simp:dir_is_empty_def) @@ -1806,30 +1747,30 @@ apply (simp add:s2ss_def) apply (tactic {*my_seteq_tac 1*}) apply (rule_tac x = obj in exI) -apply (simp add:co2sobj_rmdir is_file_simps is_dir_simps alive_simps split:t_object.splits if_splits) +apply (simp add:co2sobj_rmdir is_file_simps is_dir_simps dalive_simps split:t_dobject.splits if_splits) apply (tactic {*my_setiff_tac 1*}) -apply (case_tac "obj = O_dir f") +apply (case_tac "obj = D_dir f") apply (rule_tac x = obj' in exI) -apply (subgoal_tac "alive (Rmdir p f # s) obj'") -apply (auto simp add:co2sobj_rmdir is_file_simps is_dir_simps split:t_object.splits)[1] -apply (simp add:alive_rmdir) +apply (subgoal_tac "dalive (Rmdir p f # s) obj'") +apply (auto simp add:co2sobj_rmdir is_file_simps is_dir_simps split:t_dobject.splits)[1] +apply (simp add:dalive_rmdir) apply (rule_tac x = obj in exI) -apply (subgoal_tac "alive (Rmdir p f # s) obj") -apply (auto simp add:co2sobj_rmdir is_file_simps is_dir_simps split:t_object.splits)[1] -apply (simp add:alive_rmdir) +apply (subgoal_tac "dalive (Rmdir p f # s) obj") +apply (auto simp add:co2sobj_rmdir is_file_simps is_dir_simps split:t_dobject.splits)[1] +apply (simp add:dalive_rmdir) apply (rule conjI|rule impI|erule exE|erule conjE)+ apply (simp add:s2ss_def) apply (tactic {*my_seteq_tac 1*}) apply simp -apply (case_tac "obj = O_dir f", simp add:alive_rmdir) +apply (case_tac "obj = D_dir f", simp add:dalive_rmdir) apply (rule conjI) -apply (rule_tac x = obj in exI, simp add:co2sobj_rmdir alive_rmdir) +apply (rule_tac x = obj in exI, simp add:co2sobj_rmdir dalive_rmdir) apply (simp add:co2sobj_rmdir) -apply (simp add:alive_rmdir, erule_tac x = obj in allE, simp) +apply (simp add:dalive_rmdir, erule_tac x = obj in allE, simp) apply (tactic {*my_setiff_tac 1*}, simp) -apply (case_tac "obj = O_dir f", simp) -apply (rule_tac x = obj in exI, simp add:co2sobj_rmdir alive_rmdir) +apply (case_tac "obj = D_dir f", simp) +apply (rule_tac x = obj in exI, simp add:co2sobj_rmdir dalive_rmdir) done lemma s2ss_mkdir: "valid (Mkdir p f inum # s) \ s2ss (Mkdir p f inum # s) = ( @@ -1842,20 +1783,20 @@ apply (simp add:s2ss_def) apply (tactic {*my_seteq_tac 1*}, simp) -apply (case_tac "obj = O_dir f") +apply (case_tac "obj = D_dir f") apply (rule disjI1, simp add:co2sobj.simps) -apply (rule disjI2, rule_tac x = obj in exI, simp add:co2sobj_mkdir alive_simps) +apply (rule disjI2, rule_tac x = obj in exI, simp add:co2sobj_mkdir dalive_simps) apply (tactic {*my_setiff_tac 1*}, simp) -apply (rule_tac x = "O_dir f" in exI, simp add:alive_mkdir co2sobj.simps) +apply (rule_tac x = "D_dir f" in exI, simp add:dalive_mkdir co2sobj.simps) apply (tactic {*my_setiff_tac 1*}) -apply (case_tac "obj = O_dir f", simp add:is_dir_in_current) -apply (rule_tac x = obj in exI, simp add:co2sobj_mkdir alive_mkdir) +apply (case_tac "obj = D_dir f", simp add:is_dir_in_current) +apply (rule_tac x = obj in exI, simp add:co2sobj_mkdir dalive_mkdir) done definition update_s2ss_sfile_add :: "t_state \ t_static_state \ t_file \ t_sfile \ t_static_state" where "update_s2ss_sfile_add s ss f sf \ - if (\ f'. is_file s f' \ f' \ same_inode_files s f \ co2sobj s (O_file f') = co2sobj s (O_file f)) + if (\ f'. is_file s f' \ f' \ same_inode_files s f \ co2sobj s (D_file f') = co2sobj s (D_file f)) then ss \ {S_file (cf2sfiles s f \ {sf}) (O_file f \ tainted s)} else ss - {S_file (cf2sfiles s f) (O_file f \ tainted s)} \ {S_file (cf2sfiles s f \ {sf}) (O_file f \ tainted s)}" @@ -1873,54 +1814,54 @@ apply (rule conjI, rule impI, erule exE, erule conjE, erule conjE) apply (simp add:s2ss_def) apply (tactic {*my_seteq_tac 1*}) -apply (case_tac "obj = O_file f'") +apply (case_tac "obj = D_file f'") apply (rule disjI1, simp add:co2sobj.simps cf2sfiles_linkhard same_inode_files_linkhard split:if_splits) apply (case_tac "O_file f' \ tainted s") -apply (drule tainted_in_current, simp, simp add:is_file_in_current alive.simps, simp) -apply (erule_tac obj = obj in co2sobj_some_caseD) +apply (drule tainted_in_current, simp, simp add:is_file_in_current dalive.simps, simp) +apply (case_tac obj) apply (rule disjI2, simp, rule_tac x = obj in exI) -apply (simp add:co2sobj_linkhard alive_linkhard) -apply (case_tac "fa \ same_inode_files s f") +apply (simp add:co2sobj_linkhard dalive_linkhard) +apply (case_tac "list \ same_inode_files s f") apply (rule disjI1, simp add:co2sobj.simps cf2sfiles_linkhard same_inodes_tainted split:if_splits) apply (rule disjI2, simp, rule_tac x = obj in exI, simp add:co2sobj_linkhard is_file_simps) apply (rule disjI2, simp, rule_tac x = obj in exI, simp add:co2sobj_linkhard is_dir_simps) apply (rule disjI2, simp, rule_tac x = obj in exI, simp add:co2sobj_linkhard) apply (tactic {*my_setiff_tac 1*}) -apply (rule_tac x = "O_file f" in exI) -apply (frule_tac obj = "O_file f" in co2sobj_linkhard) -apply (simp add:alive_linkhard) -apply (simp add:alive_linkhard same_inode_files_prop9 split:t_object.splits) +apply (rule_tac x = "D_file f" in exI) +apply (frule_tac obj = "D_file f" in co2sobj_linkhard) +apply (simp add:dalive_linkhard) +apply (simp add:dalive_linkhard same_inode_files_prop9 split:t_dobject.splits) apply (tactic {*my_setiff_tac 1*}) -apply (case_tac "obj = O_file f'", simp add:alive_linkhard is_file_in_current) -apply (erule_tac obj = obj in co2sobj_some_caseD) -apply (rule_tac x = obj in exI, simp add:co2sobj_linkhard alive_linkhard) -apply (case_tac "fa \ same_inode_files s f") -apply (rule_tac x = "O_file f'a" in exI, simp add:co2sobj_linkhard alive_linkhard) +apply (case_tac "obj = D_file f'", simp add:dalive_linkhard is_file_in_current) +apply (case_tac obj) +apply (rule_tac x = obj in exI, simp add:co2sobj_linkhard dalive_linkhard) +apply (case_tac "list \ same_inode_files s f") +apply (rule_tac x = "D_file f'a" in exI, simp add:co2sobj_linkhard dalive_linkhard) apply (rule conjI, rule impI, simp add:is_file_in_current) apply (rule impI, simp add:co2sobj.simps cf2sfiles_prop same_inodes_tainted) -apply (rule_tac x = obj in exI, simp add:co2sobj_linkhard alive_linkhard) -apply (rule_tac x = obj in exI, simp add:co2sobj_linkhard alive_linkhard) -apply (rule_tac x = obj in exI, simp add:co2sobj_linkhard alive_linkhard) +apply (rule_tac x = obj in exI, simp add:co2sobj_linkhard dalive_linkhard) +apply (rule_tac x = obj in exI, simp add:co2sobj_linkhard dalive_linkhard) +apply (rule_tac x = obj in exI, simp add:co2sobj_linkhard dalive_linkhard) apply (rule impI) apply (simp add:s2ss_def) apply (tactic {*my_seteq_tac 1*}) -apply (case_tac "obj = O_file f'", simp) +apply (case_tac "obj = D_file f'", simp) apply (rule disjI1, simp add:co2sobj.simps cf2sfiles_linkhard same_inode_files_linkhard split:if_splits) apply (case_tac "O_file f' \ tainted s") -apply (drule tainted_in_current, simp, simp add:is_file_in_current alive.simps, simp) -apply (erule_tac obj = obj in co2sobj_some_caseD, simp) +apply (drule tainted_in_current, simp, simp add:is_file_in_current dalive.simps, simp) +apply (case_tac obj, simp) apply (rule disjI2, rule conjI, rule_tac x = obj in exI) -apply (simp add:co2sobj_linkhard alive_linkhard) +apply (simp add:co2sobj_linkhard dalive_linkhard) apply (rule notI, simp add:co2sobj.simps split:option.splits) -apply (case_tac "fa \ same_inode_files s f") +apply (case_tac "list \ same_inode_files s f") apply (rule disjI1, simp add:co2sobj.simps cf2sfiles_linkhard same_inodes_tainted split:if_splits) apply (simp, rule disjI2, rule conjI, rule_tac x = obj in exI, simp add:co2sobj_linkhard is_file_simps) -apply (erule_tac x = fa in allE, rule notI) +apply (erule_tac x = list in allE, rule notI) apply (simp add:co2sobj_linkhard is_file_simps) apply (simp add:co2sobj.simps) apply (rule disjI2, simp, rule conjI, rule_tac x = obj in exI, simp add:co2sobj_linkhard is_dir_simps) @@ -1928,19 +1869,19 @@ apply (rule disjI2, simp, rule conjI, rule_tac x = obj in exI, simp add:co2sobj_linkhard) apply (rule notI, simp add:co2sobj.simps split:option.splits) apply (tactic {*my_setiff_tac 1*}) -apply (rule_tac x = "O_file f" in exI) -apply (frule_tac obj = "O_file f" in co2sobj_linkhard) -apply (simp add:alive_linkhard) -apply (simp add:alive_linkhard same_inode_files_prop9 split:t_object.splits) +apply (rule_tac x = "D_file f" in exI) +apply (frule_tac obj = "D_file f" in co2sobj_linkhard) +apply (simp add:dalive_linkhard) +apply (simp add:dalive_linkhard same_inode_files_prop9 split:t_dobject.splits) apply (tactic {*my_setiff_tac 1*}) -apply (case_tac "obj = O_file f'", simp add:alive_linkhard is_file_in_current) -apply (erule_tac obj = obj in co2sobj_some_caseD) -apply (rule_tac x = obj in exI, simp add:co2sobj_linkhard alive_linkhard) -apply (case_tac "fa \ same_inode_files s f") +apply (case_tac "obj = D_file f'", simp add:dalive_linkhard is_file_in_current) +apply (case_tac obj) +apply (rule_tac x = obj in exI, simp add:co2sobj_linkhard dalive_linkhard) +apply (case_tac "list \ same_inode_files s f") apply (simp add:co2sobj.simps cf2sfiles_prop same_inodes_tainted) -apply (rule_tac x = obj in exI, simp add:co2sobj_linkhard alive_linkhard) -apply (rule_tac x = obj in exI, simp add:co2sobj_linkhard alive_linkhard) -apply (rule_tac x = obj in exI, simp add:co2sobj_linkhard alive_linkhard) +apply (rule_tac x = obj in exI, simp add:co2sobj_linkhard dalive_linkhard) +apply (rule_tac x = obj in exI, simp add:co2sobj_linkhard dalive_linkhard) +apply (rule_tac x = obj in exI, simp add:co2sobj_linkhard dalive_linkhard) done lemma same_inode_files_prop12: @@ -1958,11 +1899,11 @@ apply (rule conjI|rule impI|erule exE|erule conjE)+ apply (simp add:s2ss_def) apply (tactic {*my_seteq_tac 1*}) -apply (case_tac "obj = O_file f") +apply (case_tac "obj = D_file f") apply (rule disjI1, simp add:co2sobj.simps same_inode_files_prop12 cf2sfiles_other) -apply (erule_tac obj = obj in co2sobj_some_caseD) -apply (rule disjI2, simp, rule_tac x = obj in exI, simp add:co2sobj_truncate alive_simps) -apply (case_tac "fa \ same_inode_files s f") +apply (case_tac obj) +apply (rule disjI2, simp, rule_tac x = obj in exI, simp add:co2sobj_truncate dalive_simps) +apply (case_tac "list \ same_inode_files s f") apply (rule disjI1, simp add:co2sobj.simps cf2sfiles_prop cf2sfiles_other) apply (rule disjI2, simp, rule_tac x = obj in exI) apply (simp add:co2sobj_truncate is_file_simps) @@ -1971,14 +1912,14 @@ apply (rule disjI2, simp, rule_tac x = obj in exI) apply (simp add:co2sobj_truncate) apply (tactic {*my_setiff_tac 1*}) -apply (rule_tac x = "O_file f" in exI) +apply (rule_tac x = "D_file f" in exI) apply (simp add:co2sobj.simps is_file_simps cf2sfiles_other same_inode_files_prop12) apply (tactic {*my_setiff_tac 1*}) -apply (erule_tac obj = obj in co2sobj_some_caseD) +apply (case_tac obj) apply (rule_tac x = obj in exI, simp add:co2sobj_truncate) -apply (case_tac "fa \ same_inode_files s f") -apply (rule_tac x = "O_file f'" in exI) -apply (auto simp:co2sobj_truncate is_file_simps is_dir_simps split:t_object.splits)[1] +apply (case_tac "list \ same_inode_files s f") +apply (rule_tac x = "D_file f'" in exI) +apply (auto simp:co2sobj_truncate is_file_simps is_dir_simps split:t_dobject.splits)[1] apply (simp add:co2sobj.simps same_inodes_tainted cf2sfiles_prop) apply (rule_tac x = obj in exI, simp add:co2sobj_truncate is_file_simps) apply (rule_tac x = obj in exI, simp add:co2sobj_truncate is_dir_simps) @@ -1987,17 +1928,17 @@ apply (rule conjI|rule impI|erule exE|erule conjE)+ apply (simp add:s2ss_def) apply (tactic {*my_seteq_tac 1*}) -apply (case_tac "obj = O_file f") +apply (case_tac "obj = D_file f") apply (rule disjI1, simp add:co2sobj.simps same_inode_files_prop12 cf2sfiles_other) -apply (erule_tac obj = obj in co2sobj_some_caseD) -apply (rule disjI2, simp, rule conjI, rule_tac x = obj in exI, simp add:co2sobj_truncate alive_simps) +apply (case_tac obj) +apply (rule disjI2, simp, rule conjI, rule_tac x = obj in exI, simp add:co2sobj_truncate dalive_simps) apply (rule notI, simp add:co2sobj.simps split:option.splits) -apply (case_tac "fa \ same_inode_files s f") +apply (case_tac "list \ same_inode_files s f") apply (rule disjI1, simp add:co2sobj.simps cf2sfiles_prop cf2sfiles_other) apply (rule disjI2, simp, rule conjI, rule_tac x = obj in exI) apply (simp add:co2sobj_truncate is_file_simps) apply (rule notI, simp add:co2sobj_truncate is_file_simps) -apply (erule_tac x = fa in allE) +apply (erule_tac x = list in allE) apply (simp add:co2sobj.simps) apply (rule disjI2, simp, rule conjI, rule_tac x = obj in exI) apply (simp add:co2sobj_truncate is_dir_simps) @@ -2006,12 +1947,12 @@ apply (simp add:co2sobj_truncate) apply (rule notI, simp add:co2sobj.simps split:option.splits) apply (tactic {*my_setiff_tac 1*}) -apply (rule_tac x = "O_file f" in exI) +apply (rule_tac x = "D_file f" in exI) apply (simp add:co2sobj.simps is_file_simps cf2sfiles_other same_inode_files_prop12) apply (tactic {*my_setiff_tac 1*}) -apply (erule_tac obj = obj in co2sobj_some_caseD) +apply (case_tac obj) apply (rule_tac x = obj in exI, simp add:co2sobj_truncate) -apply (case_tac "fa \ same_inode_files s f") +apply (case_tac "list \ same_inode_files s f") apply (simp add:co2sobj.simps same_inodes_tainted cf2sfiles_prop) apply (rule_tac x = obj in exI, simp add:co2sobj_truncate is_file_simps) apply (rule_tac x = obj in exI, simp add:co2sobj_truncate is_dir_simps) @@ -2020,14 +1961,14 @@ apply (rule impI, simp add:s2ss_def) apply (tactic {*my_seteq_tac 1*}) apply (rule_tac x = obj in exI) -apply (simp add:alive_simps co2sobj_truncate) -apply (simp split:t_object.splits if_splits add:co2sobj.simps) +apply (simp add:dalive_simps co2sobj_truncate) +apply (simp split:t_dobject.splits if_splits add:co2sobj.simps) apply (case_tac "O_proc p \ tainted s", simp add:same_inodes_tainted) apply simp apply (tactic {*my_setiff_tac 1*}) apply (rule_tac x = obj in exI) -apply (simp add:alive_simps co2sobj_truncate) -apply (auto split:t_object.splits if_splits simp:co2sobj.simps same_inodes_tainted) +apply (simp add:dalive_simps co2sobj_truncate) +apply (auto split:t_dobject.splits if_splits simp:co2sobj.simps same_inodes_tainted) done lemma s2ss_createmsgq: "valid (CreateMsgq p q # s) \ s2ss (CreateMsgq p q # s) = @@ -2039,24 +1980,22 @@ apply (drule current_has_smsgq', simp+) apply (simp add:s2ss_def) apply (tactic {*my_seteq_tac 1*}) -apply (case_tac "obj = O_msgq q") +apply (case_tac "obj = D_msgq q") apply (rule disjI1, simp add:co2sobj.simps) apply (rule disjI2, simp, rule_tac x = obj in exI) -apply (simp add:co2sobj_createmsgq is_file_simps is_dir_simps split:t_object.splits if_splits) -apply (simp add:co2sobj.simps) -apply (simp add:co2sobj.simps) +apply (simp add:co2sobj_createmsgq is_file_simps is_dir_simps split:t_dobject.splits if_splits) apply (tactic {*my_setiff_tac 1*}) -apply (rule_tac x = "O_msgq q" in exI, simp add:co2sobj.simps) +apply (rule_tac x = "D_msgq q" in exI, simp add:co2sobj.simps) apply (tactic {*my_setiff_tac 1*}) -apply (case_tac "obj = O_msgq q") +apply (case_tac "obj = D_msgq q") apply simp apply (rule_tac x = obj in exI) -apply (auto simp add:co2sobj_createmsgq alive_simps split:t_object.splits if_splits) +apply (auto simp add:co2sobj_createmsgq dalive_simps split:t_dobject.splits if_splits) done lemma s2ss_sendmsg: "valid (SendMsg p q m # s) \ s2ss (SendMsg p q m # s) = ( case (cq2smsgq s q, cq2smsgq (SendMsg p q m # s) q) of - (Some sq, Some sq') \ update_s2ss_obj s (s2ss s) (O_msgq q) (S_msgq sq) (S_msgq sq') + (Some sq, Some sq') \ update_s2ss_obj s (s2ss s) (D_msgq q) (S_msgq sq) (S_msgq sq') | _ \ {})" apply (frule vd_cons, frule vt_grant_os, clarsimp) apply (case_tac "cq2smsgq s q") @@ -2068,55 +2007,49 @@ apply (tactic {*my_clarify_tac 1*}) apply (simp add:s2ss_def) apply (tactic {*my_seteq_tac 1*}) -apply (case_tac "obj = O_msgq q") +apply (case_tac "obj = D_msgq q") apply (rule disjI1, simp add:co2sobj.simps) apply (rule disjI2, simp, rule_tac x = obj in exI) -apply (simp add:co2sobj_sendmsg is_file_simps is_dir_simps split:t_object.splits if_splits) -apply (simp add:co2sobj.simps) -apply (simp add:co2sobj.simps) -apply (simp add:co2sobj.simps) +apply (simp add:co2sobj_sendmsg is_file_simps is_dir_simps split:t_dobject.splits if_splits) +apply (tactic {*my_setiff_tac 1*}) +apply (rule_tac x = "D_msgq q" in exI, simp add:co2sobj.simps) apply (tactic {*my_setiff_tac 1*}) -apply (rule_tac x = "O_msgq q" in exI, simp add:co2sobj.simps) -apply (tactic {*my_setiff_tac 1*}) -apply (case_tac "obj = O_msgq q") +apply (case_tac "obj = D_msgq q") apply (rule_tac x = obj' in exI) -apply (simp add:co2sobj_sendmsg alive_sendmsg split:t_object.splits if_splits) +apply (simp add:co2sobj_sendmsg dalive_sendmsg split:t_dobject.splits if_splits) apply (auto simp:co2sobj.simps)[1] -apply (rule_tac x = obj in exI, simp add:co2sobj_sendmsg alive_sendmsg split:t_object.splits) +apply (rule_tac x = obj in exI, simp add:co2sobj_sendmsg dalive_sendmsg split:t_dobject.splits) apply (auto simp:co2sobj.simps)[1] apply (rule impI) apply (simp add:s2ss_def) apply (tactic {*my_seteq_tac 1*}) -apply (case_tac "obj = O_msgq q") +apply (case_tac "obj = D_msgq q") apply (rule disjI1, simp add:co2sobj.simps) apply (rule disjI2, simp, rule conjI, rule_tac x = obj in exI) -apply (simp add:co2sobj_sendmsg is_file_simps is_dir_simps split:t_object.splits if_splits) -apply (simp add:co2sobj.simps) -apply (simp add:co2sobj.simps) -apply (simp add:co2sobj.simps) +apply (simp add:co2sobj_sendmsg is_file_simps is_dir_simps split:t_dobject.splits if_splits) apply (rule notI, simp) apply (frule_tac obj = obj in co2sobj_smsgq_imp, erule exE, simp) apply (erule_tac x = obj in allE, simp add:co2sobj_sendmsg) apply (tactic {*my_setiff_tac 1*}) -apply (rule_tac x = "O_msgq q" in exI, simp add:co2sobj.simps) +apply (rule_tac x = "D_msgq q" in exI, simp add:co2sobj.simps) apply (tactic {*my_setiff_tac 1*}) -apply (case_tac "obj = O_msgq q") +apply (case_tac "obj = D_msgq q") apply (simp add:co2sobj.simps) -apply (rule_tac x = obj in exI, simp add:co2sobj_sendmsg alive_sendmsg split:t_object.splits) +apply (rule_tac x = obj in exI, simp add:co2sobj_sendmsg dalive_sendmsg split:t_dobject.splits) apply (auto simp:co2sobj.simps)[1] done -lemma alive_co2sobj_removemsgq: - "\alive s obj; valid (RemoveMsgq p q # s); co2sobj s obj = Some sobj; obj \ O_msgq q\ - \ alive (RemoveMsgq p q # s) obj" -apply (erule co2sobj_some_caseD) +lemma dalive_co2sobj_removemsgq: + "\dalive s obj; valid (RemoveMsgq p q # s); obj \ D_msgq q\ + \ dalive (RemoveMsgq p q # s) obj" +apply (case_tac obj) apply (auto simp:is_file_simps is_dir_simps) done lemma s2ss_removemsgq: "valid (RemoveMsgq p q # s) \ s2ss (RemoveMsgq p q # s) = (case (cq2smsgq s q) of - Some sq \ del_s2ss_obj s (s2ss s) (O_msgq q) (S_msgq sq) + Some sq \ del_s2ss_obj s (s2ss s) (D_msgq q) (S_msgq sq) | _ \ {})" apply (frule vd_cons, frule vt_grant_os, clarsimp) apply (split option.splits, rule conjI, rule impI) @@ -2127,31 +2060,31 @@ apply (tactic {*my_clarify_tac 1*}) apply (simp add:s2ss_def) apply (tactic {*my_seteq_tac 1*}) -apply (case_tac "obj = O_msgq q", simp) +apply (case_tac "obj = D_msgq q", simp) apply (rule_tac x = obj in exI) -apply (simp add:co2sobj_removemsgq alive_simps split:t_object.splits if_splits) +apply (simp add:co2sobj_removemsgq dalive_simps split:t_dobject.splits if_splits) apply (tactic {*my_setiff_tac 1*}) -apply (case_tac "obj = O_msgq q", simp) +apply (case_tac "obj = D_msgq q", simp) apply (rule_tac x = obj' in exI) apply (frule_tac obj = obj' in co2sobj_smsgq_imp, erule exE) -apply (simp add:co2sobj_removemsgq alive_simps split:t_object.splits if_splits) +apply (simp add:co2sobj_removemsgq dalive_simps split:t_dobject.splits if_splits) apply (simp add:co2sobj.simps) apply (rule_tac x = obj in exI) -apply (simp add:co2sobj_removemsgq alive_co2sobj_removemsgq) +apply (simp add:co2sobj_removemsgq dalive_co2sobj_removemsgq) apply (rule impI) apply (simp add:s2ss_def) apply (tactic {*my_seteq_tac 1*}) -apply (case_tac "obj = O_msgq q", simp) +apply (case_tac "obj = D_msgq q", simp) apply (simp, rule conjI, rule_tac x = obj in exI) -apply (simp add:co2sobj_removemsgq alive_simps split:t_object.splits if_splits) +apply (simp add:co2sobj_removemsgq dalive_simps split:t_dobject.splits if_splits) apply (rule notI, simp, frule_tac obj = obj in co2sobj_smsgq_imp, erule exE) -apply (erule_tac x = obj in allE, simp add:co2sobj_removemsgq alive_co2sobj_removemsgq) +apply (erule_tac x = obj in allE, simp add:co2sobj_removemsgq dalive_co2sobj_removemsgq) apply (tactic {*my_setiff_tac 1*}) -apply (case_tac "obj = O_msgq q", simp) +apply (case_tac "obj = D_msgq q", simp) apply (simp add:co2sobj.simps) apply (rule_tac x = obj in exI) -apply (simp add:co2sobj_removemsgq alive_co2sobj_removemsgq) +apply (simp add:co2sobj_removemsgq dalive_co2sobj_removemsgq) done declare Product_Type.split_paired_Ex Product_Type.split_paired_All [simp del] @@ -2160,9 +2093,9 @@ case (cq2smsgq s q, cq2smsgq (RecvMsg p q m # s) q, cp2sproc s p) of (Some sq, Some sq', Some sp) \ if (O_msg q m \ tainted s \ O_proc p \ tainted s) then update_s2ss_obj s (update_s2ss_obj s (s2ss s) - (O_proc p) (S_proc sp False) (S_proc sp True)) - (O_msgq q) (S_msgq sq) (S_msgq sq') - else update_s2ss_obj s (s2ss s) (O_msgq q) (S_msgq sq) (S_msgq sq') + (D_proc p) (S_proc sp False) (S_proc sp True)) + (D_msgq q) (S_msgq sq) (S_msgq sq') + else update_s2ss_obj s (s2ss s) (D_msgq q) (S_msgq sq) (S_msgq sq') | _ \ {})" apply (frule vt_grant_os, frule vd_cons) apply (case_tac "cq2smsgq s q") @@ -2178,161 +2111,153 @@ apply (tactic {*my_clarify_tac 1*}) apply (simp add:s2ss_def) apply (tactic {*my_seteq_tac 1*}) -apply (case_tac "obj = O_msgq q") +apply (case_tac "obj = D_msgq q") apply (rule disjI1, simp add:co2sobj.simps) -apply (case_tac "obj = O_proc p") +apply (case_tac "obj = D_proc p") apply (rule disjI2, rule disjI1, simp add:co2sobj.simps cp2sproc_other) apply (rule disjI2, rule disjI2, simp) apply (rule_tac x = obj in exI) -apply (simp add:alive_recvmsg co2sobj_recvmsg split:t_object.splits if_splits) +apply (simp add:dalive_recvmsg co2sobj_recvmsg split:t_dobject.splits if_splits) apply (tactic {*my_setiff_tac 1*}) -apply (rule_tac x = "O_msgq q" in exI, simp add:co2sobj.simps) +apply (rule_tac x = "D_msgq q" in exI, simp add:co2sobj.simps) apply (tactic {*my_setiff_tac 1*}) -apply (rule_tac x = "O_proc p" in exI, simp add:co2sobj.simps cp2sproc_other) +apply (rule_tac x = "D_proc p" in exI, simp add:co2sobj.simps cp2sproc_other) apply (tactic {*my_setiff_tac 1*}) -apply (case_tac "obj = O_msgq q") +apply (case_tac "obj = D_msgq q") apply (frule co2sobj_smsgq_imp, erule exE) -apply (rule_tac x = "O_msgq qa" in exI, simp add:alive_recvmsg co2sobj_recvmsg) +apply (rule_tac x = "D_msgq qa" in exI, simp add:dalive_recvmsg co2sobj_recvmsg) apply (simp add:co2sobj.simps) -apply (case_tac "obj = O_proc p") +apply (case_tac "obj = D_proc p") apply (frule co2sobj_sproc_imp, erule exE) -apply (rule_tac x = "O_proc pa" in exI, simp add:alive_recvmsg co2sobj_recvmsg) +apply (rule_tac x = "D_proc pa" in exI, simp add:dalive_recvmsg co2sobj_recvmsg) apply (simp add:co2sobj.simps) apply (rule_tac x = obj in exI) -apply (auto simp add:alive_recvmsg co2sobj_recvmsg split:t_object.splits if_splits)[1] -apply (simp add:co2sobj.simps) +apply (auto simp add:dalive_recvmsg co2sobj_recvmsg split:t_dobject.splits if_splits)[1] apply (tactic {*my_clarify_tac 1*}) apply (simp add:s2ss_def) apply (tactic {*my_seteq_tac 1*}) -apply (case_tac "obj = O_msgq q") +apply (case_tac "obj = D_msgq q") apply (rule disjI1, simp add:co2sobj.simps) -apply (case_tac "obj = O_proc p") +apply (case_tac "obj = D_proc p") apply (rule disjI2, simp add:co2sobj.simps cp2sproc_other) apply (rule notI, simp) apply (rule disjI2, simp, rule conjI, rule disjI2) apply (rule_tac x = obj in exI) -apply (simp add:alive_recvmsg co2sobj_recvmsg split:t_object.splits if_splits) +apply (simp add:dalive_recvmsg co2sobj_recvmsg split:t_dobject.splits if_splits) apply (rule notI, simp) apply (frule co2sobj_smsgq_imp, erule exE) -apply (erule_tac x = "O_msgq qa" in allE, simp add:alive_recvmsg co2sobj_recvmsg split:if_splits) +apply (erule_tac x = "D_msgq qa" in allE, simp add:dalive_recvmsg co2sobj_recvmsg split:if_splits) apply (tactic {*my_setiff_tac 1*}) -apply (rule_tac x = "O_msgq q" in exI, simp add:co2sobj.simps) +apply (rule_tac x = "D_msgq q" in exI, simp add:co2sobj.simps) apply (tactic {*my_setiff_tac 1*}, simp, erule disjE) -apply (rule_tac x = "O_proc p" in exI, simp add:co2sobj.simps cp2sproc_other) +apply (rule_tac x = "D_proc p" in exI, simp add:co2sobj.simps cp2sproc_other) apply (erule exE, erule conjE) -apply (case_tac "obj = O_msgq q", simp add:co2sobj.simps) -apply (case_tac "obj = O_proc p") +apply (case_tac "obj = D_msgq q", simp add:co2sobj.simps) +apply (case_tac "obj = D_proc p") apply (frule_tac co2sobj_sproc_imp, erule exE) -apply (rule_tac x = "O_proc pa" in exI, simp add:alive_recvmsg co2sobj_recvmsg) +apply (rule_tac x = "D_proc pa" in exI, simp add:dalive_recvmsg co2sobj_recvmsg) apply (simp add:co2sobj.simps) apply (rule_tac x = obj in exI) -apply (auto simp add:alive_recvmsg co2sobj_recvmsg split:t_object.splits if_splits)[1] -apply (simp add:co2sobj.simps) +apply (auto simp add:dalive_recvmsg co2sobj_recvmsg split:t_dobject.splits if_splits)[1] apply (tactic {*my_clarify_tac 1*}) apply (simp add:s2ss_def) apply (tactic {*my_seteq_tac 1*}) -apply (case_tac "obj = O_msgq q") +apply (case_tac "obj = D_msgq q") apply (rule disjI1, simp add:co2sobj.simps) -apply (case_tac "obj = O_proc p") +apply (case_tac "obj = D_proc p") apply (rule disjI2, rule disjI1, simp add:co2sobj.simps cp2sproc_other) apply (rule disjI2, rule disjI2, simp, rule conjI) apply (rule_tac x = obj in exI) -apply (simp add:alive_recvmsg co2sobj_recvmsg split:t_object.splits if_splits) +apply (simp add:dalive_recvmsg co2sobj_recvmsg split:t_dobject.splits if_splits) apply (rule notI, simp) apply (frule co2sobj_sproc_imp, erule exE) -apply (erule_tac x = "O_proc pa" in allE, simp add:co2sobj_recvmsg split:t_object.splits) +apply (erule_tac x = "D_proc pa" in allE, simp add:co2sobj_recvmsg split:t_dobject.splits) apply (tactic {*my_setiff_tac 1*}) -apply (rule_tac x = "O_msgq q" in exI, simp add:co2sobj.simps) +apply (rule_tac x = "D_msgq q" in exI, simp add:co2sobj.simps) apply (tactic {*my_setiff_tac 1*}) -apply (rule_tac x = "O_proc p" in exI, simp add:co2sobj.simps cp2sproc_other) +apply (rule_tac x = "D_proc p" in exI, simp add:co2sobj.simps cp2sproc_other) apply (tactic {*my_setiff_tac 1*}) -apply (case_tac "obj = O_msgq q") +apply (case_tac "obj = D_msgq q") apply (frule co2sobj_smsgq_imp, erule exE) -apply (rule_tac x = "O_msgq qa" in exI, simp add:alive_recvmsg co2sobj_recvmsg) +apply (rule_tac x = "D_msgq qa" in exI, simp add:dalive_recvmsg co2sobj_recvmsg) apply (simp add:co2sobj.simps) -apply (case_tac "obj = O_proc p") +apply (case_tac "obj = D_proc p") apply (simp add:co2sobj.simps) apply (rule_tac x = obj in exI) -apply (auto simp add:alive_recvmsg co2sobj_recvmsg split:t_object.splits if_splits)[1] -apply (simp add:co2sobj.simps) +apply (auto simp add:dalive_recvmsg co2sobj_recvmsg split:t_dobject.splits if_splits)[1] apply (tactic {*my_clarify_tac 1*}) apply (simp add:s2ss_def) apply (tactic {*my_seteq_tac 1*}) -apply (case_tac "obj = O_msgq q") +apply (case_tac "obj = D_msgq q") apply (rule disjI1, simp add:co2sobj.simps) -apply (case_tac "obj = O_proc p") +apply (case_tac "obj = D_proc p") apply (rule disjI2, simp, rule conjI) apply (rule disjI1, simp add:co2sobj.simps cp2sproc_other) apply (rule notI, simp add:co2sobj.simps cp2sproc_other) apply (rule disjI2, simp, rule conjI, rule disjI2, rule conjI) apply (rule_tac x = obj in exI) -apply (simp add:alive_recvmsg co2sobj_recvmsg split:t_object.splits if_splits) +apply (simp add:dalive_recvmsg co2sobj_recvmsg split:t_dobject.splits if_splits) apply (rule notI, simp, frule co2sobj_sproc_imp, erule exE) -apply (erule_tac x = "O_proc pa" in allE, simp add:co2sobj_recvmsg) +apply (erule_tac x = "D_proc pa" in allE, simp add:co2sobj_recvmsg) apply (rule notI, simp, frule co2sobj_smsgq_imp, erule exE) -apply (rotate_tac 12, erule_tac x = "O_msgq qa" in allE, simp add:co2sobj_recvmsg) +apply (rotate_tac 12, erule_tac x = "D_msgq qa" in allE, simp add:co2sobj_recvmsg) apply (tactic {*my_setiff_tac 1*}) -apply (rule_tac x = "O_msgq q" in exI, simp add:co2sobj.simps) +apply (rule_tac x = "D_msgq q" in exI, simp add:co2sobj.simps) apply (tactic {*my_setiff_tac 1*}, simp) apply (tactic {*my_clarify_tac 1*}) -apply (rule_tac x = "O_proc p" in exI, simp add:co2sobj.simps cp2sproc_other) +apply (rule_tac x = "D_proc p" in exI, simp add:co2sobj.simps cp2sproc_other) apply (tactic {*my_clarify_tac 1*}) -apply (case_tac "obj = O_msgq q") +apply (case_tac "obj = D_msgq q") apply (simp add:co2sobj.simps) -apply (case_tac "obj = O_proc p") +apply (case_tac "obj = D_proc p") apply (simp add:co2sobj.simps) apply (rule_tac x = obj in exI) -apply (auto simp add:alive_recvmsg co2sobj_recvmsg split:t_object.splits if_splits)[1] -apply (simp add:co2sobj.simps) +apply (auto simp add:dalive_recvmsg co2sobj_recvmsg split:t_dobject.splits if_splits)[1] apply (simp add:update_s2ss_obj_def) apply (tactic {*my_clarify_tac 1*}) apply (simp add:s2ss_def) apply (tactic {*my_seteq_tac 1*}) -apply (case_tac "obj = O_msgq q") +apply (case_tac "obj = D_msgq q") apply (rule disjI1, simp add:co2sobj.simps) apply (rule disjI2, simp) apply (rule_tac x = obj in exI) -apply (simp add:alive_recvmsg co2sobj_recvmsg split:t_object.splits if_splits) +apply (simp add:dalive_recvmsg co2sobj_recvmsg split:t_dobject.splits if_splits) apply (simp add:co2sobj.simps) apply (tactic {*my_setiff_tac 1*}) -apply (rule_tac x = "O_msgq q" in exI, simp add:co2sobj.simps) +apply (rule_tac x = "D_msgq q" in exI, simp add:co2sobj.simps) apply (tactic {*my_setiff_tac 1*}) -apply (case_tac "obj = O_msgq q") +apply (case_tac "obj = D_msgq q") apply (frule co2sobj_smsgq_imp, erule exE) -apply (rule_tac x = "O_msgq qa" in exI, simp add:alive_recvmsg co2sobj_recvmsg) +apply (rule_tac x = "D_msgq qa" in exI, simp add:dalive_recvmsg co2sobj_recvmsg) apply (simp add:co2sobj.simps) apply (rule_tac x = obj in exI) -apply (auto simp add:alive_recvmsg co2sobj_recvmsg split:t_object.splits if_splits)[1] -apply (simp add:co2sobj.simps) -apply (simp add:co2sobj.simps) +apply (auto simp add:dalive_recvmsg co2sobj_recvmsg split:t_dobject.splits if_splits)[1] apply (simp add:co2sobj.simps) apply (tactic {*my_clarify_tac 1*}) apply (simp add:s2ss_def) apply (tactic {*my_seteq_tac 1*}) -apply (case_tac "obj = O_msgq q") +apply (case_tac "obj = D_msgq q") apply (rule disjI1, simp add:co2sobj.simps) apply (rule disjI2, simp, rule conjI) apply (rule_tac x = obj in exI) -apply (simp add:alive_recvmsg co2sobj_recvmsg split:t_object.splits if_splits) +apply (simp add:dalive_recvmsg co2sobj_recvmsg split:t_dobject.splits if_splits) apply (simp add:co2sobj.simps) apply (rule notI, simp) -apply (frule co2sobj_smsgq_imp, erule exE, erule_tac x = "O_msgq qa" in allE) +apply (frule co2sobj_smsgq_imp, erule exE, erule_tac x = "D_msgq qa" in allE) apply (simp add:co2sobj_recvmsg) apply (tactic {*my_setiff_tac 1*}) -apply (rule_tac x = "O_msgq q" in exI, simp add:co2sobj.simps) +apply (rule_tac x = "D_msgq q" in exI, simp add:co2sobj.simps) apply (tactic {*my_setiff_tac 1*}) -apply (case_tac "obj = O_msgq q") +apply (case_tac "obj = D_msgq q") apply (simp add:co2sobj.simps) apply (rule_tac x = obj in exI) -apply (auto simp add:alive_recvmsg co2sobj_recvmsg split:t_object.splits if_splits)[1] -apply (simp add:co2sobj.simps) -apply (simp add:co2sobj.simps) +apply (auto simp add:dalive_recvmsg co2sobj_recvmsg split:t_dobject.splits if_splits)[1] apply (simp add:co2sobj.simps) done