# HG changeset patch # User chunhan # Date 1384931998 -28800 # Node ID 002c34a6ff4fed12c2228b5aea37cc4029ea13ec # Parent fc7151df7f8e7c52f7702cc0180117fb402d4632 add conflict of p fd as file_fd & socket diff -r fc7151df7f8e -r 002c34a6ff4f Alive_prop.thy --- a/Alive_prop.thy Wed Nov 20 13:44:32 2013 +0800 +++ b/Alive_prop.thy Wed Nov 20 15:19:58 2013 +0800 @@ -1,5 +1,5 @@ theory Alive_prop -imports Main Flask_type Flask Current_files_prop Current_sockets_prop Init_prop +imports Main Flask_type Flask Current_files_prop Current_sockets_prop Init_prop Proc_fd_of_file_prop begin context flask begin @@ -51,6 +51,8 @@ dest:is_dir_in_current split:if_splits option.splits) done +(* sock is not inherited on Execve, Clone cases, cause I simplified it with os_grant. + * chunhan, 2013-11-20 lemma alive_execve: "valid (Execve p f fds # s) \ alive (Execve p f fds # s) = ( \ obj. case obj of @@ -68,6 +70,7 @@ apply (auto simp:current_files_simps current_sockets_simps is_file_simps is_dir_simps is_tcp_sock_simps is_udp_sock_simps dest:is_dir_in_current split:if_splits option.splits) + done lemma alive_clone: @@ -90,6 +93,48 @@ intro:is_tcp_in_current is_udp_in_current dest:is_dir_in_current split:if_splits option.splits) done +*) + +lemma alive_execve: + "valid (Execve p f fds # s) \ alive (Execve p f fds # s) = ( + \ obj. case obj of + O_fd p' fd \ (if (p = p' \ fd \ fds) then alive s (O_fd p fd) + else if (p = p') then False + else alive s (O_fd p' fd)) + | O_tcp_sock (p', fd) \ (if (p = p') then False + else alive s (O_tcp_sock (p', fd))) + | O_udp_sock (p', fd) \ (if (p = p') then False + else alive s (O_udp_sock (p', fd))) + | _ \ alive s obj )" +apply (frule vd_cons, frule vt_grant_os, rule ext, case_tac obj) +apply (auto simp:current_files_simps current_sockets_simps is_file_simps is_dir_simps + is_tcp_sock_simps is_udp_sock_simps + dest:is_dir_in_current split:if_splits option.splits) +apply (drule_tac s = s and p = p in file_fds_subset_pfds, auto) + +done + +lemma alive_clone: + "valid (Clone p p' fds shms # s) \ alive (Clone p p' fds shms # s) = ( + \ obj. case obj of + O_proc p'' \ if (p'' = p') then True else alive s obj + | O_fd p'' fd \ if (p'' = p' \ fd \ fds) then True + else if (p'' = p') then False + else alive s obj + | O_tcp_sock (p'', fd) \ (if (p'' = p' \ fd \ fds) then alive s (O_tcp_sock (p, fd)) + else if (p'' = p') then False + else alive s (O_tcp_sock (p'', fd))) + | O_udp_sock (p'', fd) \ (if (p'' = p' \ fd \ fds) then alive s (O_udp_sock (p, fd)) + else if (p'' = p') then False + else alive s (O_udp_sock (p'', fd))) + | _ \ alive s obj )" +apply (frule vd_cons, frule vt_grant_os, rule ext, case_tac obj) +apply (auto simp:current_files_simps current_sockets_simps is_file_simps is_dir_simps + is_tcp_sock_simps is_udp_sock_simps + intro:is_tcp_in_current is_udp_in_current + dest:is_dir_in_current split:if_splits option.splits) +done + lemma alive_kill: "valid (Kill p p' # s) \ alive (Kill p p' # s) = ( diff -r fc7151df7f8e -r 002c34a6ff4f Dynamic_static.thy --- a/Dynamic_static.thy Wed Nov 20 13:44:32 2013 +0800 +++ b/Dynamic_static.thy Wed Nov 20 15:19:58 2013 +0800 @@ -119,7 +119,7 @@ lemma enrich_inherit_fds_check: assumes grant: "inherit_fds_check s (up, nr, nt) p fds" and vd: "valid s" - and fd2sfd: "\ fd. fd \ current_procs s \ cp2sproc s' p = cp2sproc s p" + and cp2sp: "\ p. p \ current_procs s \ cp2sproc s' p = cp2sproc s p" and p_in: "p \ current_procs s" and p_in': "p \ current_procs s'" and fd_in: "fds \ current_proc_fds s p" and fd_in': "fds \ current_proc_fds s' p" shows "inherit_fds_check s' (up, nr, nt) p fds" diff -r fc7151df7f8e -r 002c34a6ff4f Flask.thy --- a/Flask.thy Wed Nov 20 13:44:32 2013 +0800 +++ b/Flask.thy Wed Nov 20 15:19:58 2013 +0800 @@ -154,7 +154,7 @@ init_itag_of_inum im = Some Tag_FILE \ (init_itag_of_inum im = Some Tag_DIR \ \ (\ f'. f' \ init_files \ f \ f'))" and init_procfds_valid: "\ p fd. fd \ init_fds_of_proc p \ p \ init_procs \ ((\ f \ init_files. init_file_of_proc_fd p fd = Some f) \ (p, fd) \ init_sockets)" - and init_filefd_valid: "\ p fd f. init_file_of_proc_fd p fd = Some f \ fd \ init_fds_of_proc p \ (\ im. init_inum_of_file f = Some im \ init_itag_of_inum im = Some Tag_FILE) \ p \ init_procs \ (\ flags. init_oflags_of_proc_fd p fd = Some flags)" + and init_filefd_valid: "\ p fd f. init_file_of_proc_fd p fd = Some f \ fd \ init_fds_of_proc p \ (\ im. init_inum_of_file f = Some im \ init_itag_of_inum im = Some Tag_FILE) \ p \ init_procs \ (\ flags. init_oflags_of_proc_fd p fd = Some flags) \ (p, fd) \ init_sockets" and init_fileflag_valid: "\ p fd flags. init_oflags_of_proc_fd p fd = Some flags \ \ f. init_file_of_proc_fd p fd = Some f" and init_procs_has_shm: "\ p h flag. (p,flag) \ init_procs_of_shm h \ p \ init_procs \ h \ init_shms \ init_flag_of_proc_shm p h = Some flag" @@ -162,7 +162,7 @@ and init_msgs_distinct: "\ q. distinct (init_msgs_of_queue q)" and init_msgs_valid: "\ m q. m \ set (init_msgs_of_queue q) \ q \ init_msgqs" - and init_socket_has_inode: "\ p fd. (p, fd) \ init_sockets \ \ im. init_inum_of_socket (p, fd) = Some im \ p \ init_procs \ fd \ init_fds_of_proc p" + and init_socket_has_inode: "\ p fd. (p, fd) \ init_sockets \ \ im. init_inum_of_socket (p, fd) = Some im \ p \ init_procs \ fd \ init_fds_of_proc p \ init_file_of_proc_fd p fd = None" and inos_has_sock_tag: "\ s im. init_inum_of_socket s = Some im \ s \ init_sockets \ (\ tag. init_itag_of_inum im = Some tag \ is_sock_itag tag)" (* and init_netobj_has_state: "bidirect_in_init init_netobjs init_netobj_state" @@ -260,6 +260,13 @@ where "proc_fd_of_file \ f = {(p, fd) | p fd. file_of_proc_fd \ p fd = Some f}" +definition proc_file_fds :: "t_state \ t_process \ t_fd set" +where + "proc_file_fds s p \ {fd. \ f. file_of_proc_fd s p fd = Some f}" + +definition init_proc_file_fds:: "t_process \ t_fd set" +where + "init_proc_file_fds p \ {fd. \ f. init_file_of_proc_fd p fd = Some f}" (****** files and directories ******) @@ -802,16 +809,6 @@ | "deleted obj (RecvMsg p q m # s) = (obj = O_msg q m \ deleted obj s)" | "deleted obj (_ # s) = deleted obj s" - -definition proc_file_fds :: "t_state \ t_process \ t_fd set" -where - "proc_file_fds s p \ {fd. \ f. file_of_proc_fd s p fd = Some f}" - - -definition init_proc_file_fds:: "t_process \ t_fd set" -where - "init_proc_file_fds p \ {fd. \ f. init_file_of_proc_fd p fd = Some f}" - end diff -r fc7151df7f8e -r 002c34a6ff4f Proc_fd_of_file_prop.thy --- a/Proc_fd_of_file_prop.thy Wed Nov 20 13:44:32 2013 +0800 +++ b/Proc_fd_of_file_prop.thy Wed Nov 20 15:19:58 2013 +0800 @@ -1,5 +1,5 @@ theory Proc_fd_of_file_prop -imports Main Flask Flask_type Valid_prop Current_files_prop +imports Main Flask Flask_type Valid_prop Current_files_prop Current_sockets_prop begin context flask begin @@ -45,6 +45,24 @@ lemma file_of_proc_fd_in_curf: "\file_of_proc_fd \ p fd = Some f; valid \\ \ f \ current_files \" by (drule procfd_of_file_non_empty, simp add:proc_fd_file_in_cur') +lemma file_fds_subset_pfds: + "valid s \ proc_file_fds s p \ current_proc_fds s p" +by (auto simp add:proc_file_fds_def intro:proc_fd_in_fds) + +lemma tcp_filefd_conflict: + "\file_of_proc_fd s p fd = Some f; is_tcp_sock s (p, fd); valid s\ \ False" +apply (induct s, simp) +apply (auto simp:is_tcp_sock_simps) + + +lemma tcp_not_file_fd: + "\is_tcp_sock s (p, fd); valid s\ \ fd \ proc_file_fds s p" +apply (auto simp:proc_file_fds_def) + +lemma udp_not_file_fd: + "\is_udp_sock s (p, fd); valid s\ \ fd \ proc_file_fds s p" + +lemma (******************* rebuild proc_fd_of_file simpset ***********************) (*