# HG changeset patch # User chunhan # Date 1380253011 -28800 # Node ID e3ad1b294fd9dcd758f5d77bf4ae4afa923cf595 # Parent ec73b98d4a64db109eff2aaf10dccf22ebb34b0a s2ss_truncate s2ss_createmsgq diff -r ec73b98d4a64 -r e3ad1b294fd9 S2ss_prop.thy --- a/S2ss_prop.thy Thu Sep 26 22:08:32 2013 +0800 +++ b/S2ss_prop.thy Fri Sep 27 11:36:51 2013 +0800 @@ -774,9 +774,9 @@ then ss \ {sobj'} else ss - {sobj} \ {sobj'})" -definition update_s2ss_sfile :: "t_state \ t_static_state \ t_file \ t_sfile \ t_static_state" +definition update_s2ss_sfile_del :: "t_state \ t_static_state \ t_file \ t_sfile \ t_static_state" where - "update_s2ss_sfile s ss f sf \ + "update_s2ss_sfile_del s ss f sf \ if (same_inode_files s f = {f}) then ss else ss \ {S_file (cf2sfiles s f - {sf}) (O_file f \ Tainted s)}" @@ -787,8 +787,8 @@ (if (\ f' \ same_inode_files s f. f' \ f \ cf2sfile s f' = Some sf) then ss else if (\ f'. is_file s f' \ f' \ same_inode_files s f \ co2sobj s (O_file f') = co2sobj s (O_file f)) - then update_s2ss_sfile s ss f sf - else update_s2ss_sfile s (ss - {S_file (cf2sfiles s f) (O_file f \ Tainted s)}) f sf)" + then update_s2ss_sfile_del s ss f sf + else update_s2ss_sfile_del s (ss - {S_file (cf2sfiles s f) (O_file f \ Tainted s)}) f sf)" lemma alive_co2sobj_closefd1: "\alive s obj; valid (CloseFd p fd # s); co2sobj s obj = Some sobj; @@ -974,7 +974,7 @@ apply (auto simp add:co2sobj.simps tainted_eq_Tainted split:t_object.splits if_splits)[1] apply (rule impI, tactic {*my_seteq_tac 1*}) -apply (simp add:update_s2ss_obj_def update_s2ss_sfile_def) +apply (simp add:update_s2ss_obj_def update_s2ss_sfile_del_def) apply (rule conjI| rule impI|erule exE|erule conjE)+ apply (erule_tac obj = obj in co2sobj_some_caseD) apply (case_tac "pa = p", simp add:co2sobj.simps tainted_eq_Tainted) @@ -1055,7 +1055,7 @@ apply (frule_tac obj = obj in co2sobj_closefd, simp, simp add:alive_simps) apply (rule notI, simp add:co2sobj_closefd, erule_tac x = obj in allE, simp) -apply (simp add:update_s2ss_sfile_def update_s2ss_obj_def split:if_splits) +apply (simp add:update_s2ss_sfile_del_def update_s2ss_obj_def split:if_splits) apply (erule disjE, rule_tac x = "O_proc p" in exI, simp add:co2sobj.simps tainted_eq_Tainted) apply (erule exE, erule conjE) apply (case_tac "obj = O_proc p") @@ -1149,7 +1149,7 @@ apply (rule impI, rule conjI, rule impI) apply (tactic {*my_seteq_tac 1*}) -apply (simp add:update_s2ss_obj_def update_s2ss_sfile_def) +apply (simp add:update_s2ss_obj_def update_s2ss_sfile_del_def) apply (rule conjI| rule impI|erule exE|erule conjE)+ apply (erule_tac obj = obj in co2sobj_some_caseD) apply (case_tac "pa = p", simp add:co2sobj.simps tainted_eq_Tainted) @@ -1231,7 +1231,7 @@ apply (rule impI) apply (tactic {*my_seteq_tac 1*}) -apply (simp add:update_s2ss_obj_def update_s2ss_sfile_def) +apply (simp add:update_s2ss_obj_def update_s2ss_sfile_del_def) apply (rule conjI| rule impI|erule exE|erule conjE)+ apply (erule_tac obj = obj in co2sobj_some_caseD) apply (case_tac "pa = p", simp add:co2sobj.simps tainted_eq_Tainted) @@ -1334,7 +1334,7 @@ apply (frule_tac obj = obj in co2sobj_closefd, simp, simp add:alive_simps) apply (rule notI, simp add:co2sobj.simps split:option.splits)+ -apply (simp add:update_s2ss_sfile_def update_s2ss_obj_def split:if_splits) +apply (simp add:update_s2ss_sfile_del_def update_s2ss_obj_def split:if_splits) apply (erule conjE, erule disjE) apply (rule_tac x = "O_proc p" in exI, simp add:co2sobj.simps tainted_eq_Tainted) apply (erule exE, erule conjE) @@ -1471,7 +1471,7 @@ apply (frule vd_cons, frule vt_grant_os, clarsimp split:if_splits) apply (frule is_file_has_sfile', simp, erule exE, simp) apply (rule conjI, rule impI) -apply (simp add:update_s2ss_sfile_def del_s2ss_file_def) +apply (simp add:update_s2ss_sfile_del_def del_s2ss_file_def) apply (rule impI|erule conjE|erule exE|rule conjI|erule bexE)+ defer apply (rule impI|erule conjE|erule exE|rule conjI|erule bexE)+ @@ -1740,9 +1740,9 @@ apply (rule_tac x = obj in exI, simp add:co2sobj_mkdir alive_mkdir) done -definition update_s2ss_sfile_link:: "t_state \ t_static_state \ t_file \ t_sfile \ t_static_state" +definition update_s2ss_sfile:: "t_state \ t_static_state \ t_file \ t_sfile \ t_static_state" where - "update_s2ss_sfile_link s ss f sf \ + "update_s2ss_sfile s ss f sf \ if (\ f'. is_file s f' \ f' \ same_inode_files s f \ co2sobj s (O_file f') = co2sobj s (O_file f)) then ss \ {S_file (cf2sfiles s f \ {sf}) (O_file f \ Tainted s)} else ss - {S_file (cf2sfiles s f) (O_file f \ Tainted s)} @@ -1750,14 +1750,14 @@ lemma s2ss_linkhard: "valid (LinkHard p f f' # s) \ s2ss (LinkHard p f f' # s) = ( case (cf2sfile (LinkHard p f f' # s) f') of - Some sf \ update_s2ss_sfile_link s (s2ss s) f sf + Some sf \ update_s2ss_sfile s (s2ss s) f sf | _ \ {})" apply (frule vt_grant_os, frule vd_cons, clarsimp) apply (split option.splits) apply (rule conjI, rule impI, drule current_file_has_sfile', simp, simp add:current_files_simps) apply (rule allI, rule impI) -apply (simp add:update_s2ss_sfile_link_def) +apply (simp add:update_s2ss_sfile_def) apply (rule conjI, rule impI, erule exE, erule conjE, erule conjE) apply (simp add:s2ss_def) apply (tactic {*my_seteq_tac 1*}) @@ -1836,8 +1836,142 @@ apply (rule_tac x = obj in exI, simp add:co2sobj_linkhard alive_linkhard) done +lemma has_same_inode_prop3: + "is_file s f \ has_same_inode s f f" +by (auto simp:is_file_def has_same_inode_def split:option.splits) + +definition update_s2ss_sfile_tainted:: "t_state \ t_static_state \ t_file \ bool \ t_static_state" +where + "update_s2ss_sfile_tainted s ss f tag \ + if (\ f'. is_file s f' \ f' \ same_inode_files s f \ + co2sobj s (O_file f') = Some (S_file (cf2sfiles s f) False)) + then ss \ {S_file (cf2sfiles s f) True} + else ss - {S_file (cf2sfiles s f) False} + \ {S_file (cf2sfiles s f) True}" + +lemma s2ss_truncate: "valid (Truncate p f len # s) \ s2ss (Truncate p f len # s) = ( + if (O_file f \ Tainted s \ O_proc p \ Tainted s \ len > 0) + then update_s2ss_sfile_tainted s (s2ss s) f True + else s2ss s)" +apply (frule vt_grant_os, frule vd_cons, simp split:if_splits) +apply (rule conjI, rule impI, (erule conjE)+) + +apply (simp add:update_s2ss_sfile_tainted_def) +apply (rule conjI|rule impI|erule exE|erule conjE)+ +apply (simp add:s2ss_def) +apply (tactic {*my_seteq_tac 1*}) +apply (case_tac "obj = O_file f") +apply (rule disjI1, simp add:co2sobj.simps tainted_eq_Tainted has_same_inode_prop3 cf2sfiles_other) +apply (erule_tac obj = obj in co2sobj_some_caseD) +apply (rule disjI2, simp, rule_tac x = obj in exI, simp add:co2sobj_truncate alive_simps) +apply (case_tac "fa \ same_inode_files s f") +apply (rule disjI1, simp add:co2sobj.simps tainted_eq_Tainted cf2sfiles_prop cf2sfiles_other) +apply (simp add:same_inode_files_prop7) +apply (rule disjI2, simp, rule_tac x = obj in exI) +apply (simp add:co2sobj_truncate is_file_simps) +apply (rule disjI2, simp, rule_tac x = obj in exI) +apply (simp add:co2sobj_truncate) +apply (rule disjI2, simp, rule_tac x = obj in exI) +apply (simp add:co2sobj_truncate is_dir_simps) +apply (rule disjI2, simp, rule_tac x = obj in exI) +apply (simp add:co2sobj_truncate) +apply (tactic {*my_setiff_tac 1*}) +apply (rule_tac x = "O_file f" in exI) +apply (simp add:co2sobj.simps is_file_simps tainted_eq_Tainted cf2sfiles_other has_same_inode_prop3) +apply (tactic {*my_setiff_tac 1*}) +apply (erule_tac obj = obj in co2sobj_some_caseD) +apply (rule_tac x = obj in exI, simp add:co2sobj_truncate) +apply (case_tac "fa \ same_inode_files s f") +apply (rule_tac x = "O_file f'" in exI) +apply (auto simp:co2sobj_truncate is_file_simps is_dir_simps split:t_object.splits)[1] +apply (simp add:co2sobj.simps same_inodes_Tainted tainted_eq_Tainted cf2sfiles_prop) +apply (rule_tac x = obj in exI, simp add:co2sobj_truncate is_file_simps) +apply (rule_tac x = obj in exI, simp add:co2sobj_truncate) +apply (rule_tac x = obj in exI, simp add:co2sobj_truncate is_dir_simps) +apply (rule_tac x = obj in exI, simp add:co2sobj_truncate) + +apply (rule conjI|rule impI|erule exE|erule conjE)+ +apply (simp add:s2ss_def) +apply (tactic {*my_seteq_tac 1*}) +apply (case_tac "obj = O_file f") +apply (rule disjI1, simp add:co2sobj.simps tainted_eq_Tainted has_same_inode_prop3 cf2sfiles_other) +apply (erule_tac obj = obj in co2sobj_some_caseD) +apply (rule disjI2, simp, rule conjI, rule_tac x = obj in exI, simp add:co2sobj_truncate alive_simps) +apply (rule notI, simp add:co2sobj.simps split:option.splits) +apply (case_tac "fa \ same_inode_files s f") +apply (rule disjI1, simp add:co2sobj.simps tainted_eq_Tainted cf2sfiles_prop cf2sfiles_other) +apply (simp add:same_inode_files_prop7) +apply (rule disjI2, simp, rule conjI, rule_tac x = obj in exI) +apply (simp add:co2sobj_truncate is_file_simps) +apply (rule notI, simp add:co2sobj_truncate is_file_simps) +apply (erule_tac x = fa in allE) +apply (simp add:co2sobj.simps) +apply (rule disjI2, simp, rule conjI, rule_tac x = obj in exI) +apply (simp add:co2sobj_truncate) +apply (rule notI, simp add:co2sobj.simps split:option.splits) +apply (rule disjI2, simp, rule conjI, rule_tac x = obj in exI) +apply (simp add:co2sobj_truncate is_dir_simps) +apply (rule notI, simp add:co2sobj.simps split:option.splits) +apply (rule disjI2, simp, rule conjI, rule_tac x = obj in exI) +apply (simp add:co2sobj_truncate) +apply (rule notI, simp add:co2sobj.simps split:option.splits) +apply (tactic {*my_setiff_tac 1*}) +apply (rule_tac x = "O_file f" in exI) +apply (simp add:co2sobj.simps is_file_simps tainted_eq_Tainted cf2sfiles_other has_same_inode_prop3) +apply (tactic {*my_setiff_tac 1*}) +apply (erule_tac obj = obj in co2sobj_some_caseD) +apply (rule_tac x = obj in exI, simp add:co2sobj_truncate) +apply (case_tac "fa \ same_inode_files s f") +apply (simp add:co2sobj.simps same_inodes_Tainted tainted_eq_Tainted cf2sfiles_prop) +apply (rule_tac x = obj in exI, simp add:co2sobj_truncate is_file_simps) +apply (rule_tac x = obj in exI, simp add:co2sobj_truncate) +apply (rule_tac x = obj in exI, simp add:co2sobj_truncate is_dir_simps) +apply (rule_tac x = obj in exI, simp add:co2sobj_truncate) + +apply (rule impI, simp add:s2ss_def) +apply (tactic {*my_seteq_tac 1*}) +apply (rule_tac x = obj in exI) +apply (simp add:alive_simps co2sobj_truncate) +apply (simp split:t_object.splits if_splits add:co2sobj.simps tainted_eq_Tainted) +apply (case_tac "O_proc p \ Tainted s", simp add:same_inodes_Tainted) +apply simp +apply (tactic {*my_setiff_tac 1*}) +apply (rule_tac x = obj in exI) +apply (simp add:alive_simps co2sobj_truncate) +apply (auto split:t_object.splits if_splits simp:co2sobj.simps tainted_eq_Tainted same_inodes_Tainted) +done + +lemma s2ss_createmsgq: "valid (CreateMsgq p q # s) \ s2ss (CreateMsgq p q # s) = + (case (cq2smsgq (CreateMsgq p q # s) q) of + Some sq \ s2ss s \ {S_msgq sq} + | _ \ {})" +apply (frule vd_cons, frule vt_grant_os, clarsimp) +apply (case_tac "cq2smsgq (CreateMsgq p q # s) q") +apply (drule current_has_smsgq', simp+) +apply (simp add:s2ss_def) +apply (tactic {*my_seteq_tac 1*}) +apply (case_tac "obj = O_msgq q") +apply (rule disjI1, simp add:co2sobj.simps) +apply (rule disjI2, simp, rule_tac x = obj in exI) +apply (simp add:co2sobj_createmsgq is_file_simps is_dir_simps split:t_object.splits if_splits) +apply (simp add:co2sobj.simps) +apply (simp add:co2sobj.simps) +apply (tactic {*my_setiff_tac 1*}) +apply (rule_tac x = "O_msgq q" in exI, simp add:co2sobj.simps) +apply (tactic {*my_setiff_tac 1*}) +apply (case_tac "obj = O_msgq q") +apply simp +apply (rule_tac x = obj in exI) +apply (auto simp add:co2sobj_createmsgq alive_simps split:t_object.splits if_splits) +done + +lemma s2ss_sendmsg: + +lemma s2ss_recvmsg: + +lemma s2ss_removemsgq: lemmas s2ss_simps = s2ss_execve s2ss_clone s2ss_ptrace s2ss_kill s2ss_exit s2ss_open s2ss_readfile s2ss_writefile s2ss_closefd s2ss_unlink s2ss_rmdir s2ss_linkhard - s2ss + s2ss_truncate s2ss_createmsgq