Theory Fun3
section "Proof of Relative Security for fun3"
theory Fun3
imports "../Instance_IMP/Instance_Secret_IMem"
"Relative_Security.Unwinding_fin"
begin
subsection "Function definition and Boilerplate"
no_notation bot ("⊥")
consts NN::"nat"
lemma NN:"int NN ≥ 0" by auto
consts size_aa1 :: nat
consts size_aa2 :: nat
consts mispred :: "predState ⇒ pcounter list ⇒ bool"
consts update :: "predState ⇒ pcounter list ⇒ predState"
consts initPstate :: predState
definition aa1 :: "avname" where "aa1 = ''a1''"
definition aa2 :: "avname" where "aa2 = ''a2''"
definition vv :: "avname" where "vv = ''v''"
definition xx :: "avname" where "xx = ''x''"
definition tt :: "avname" where "tt = ''t''"
lemmas vvars_defs = aa1_def aa2_def vv_def xx_def tt_def
lemma vvars_dff[simp]:
"aa1 ≠ aa2" "aa1 ≠ vv" "aa1 ≠ xx" "aa1 ≠ tt"
"aa2 ≠ aa1" "aa2 ≠ vv" "aa2 ≠ xx" "aa2 ≠ tt"
"vv ≠ aa1" "vv ≠ aa2" "vv ≠ xx" "vv ≠ tt"
"xx ≠ aa1" "xx ≠ aa2" "xx ≠ vv" "xx ≠ tt"
"tt ≠ aa1" "tt ≠ aa2" "tt ≠ vv" "tt ≠ xx"
unfolding vvars_defs by auto
fun initAvstore :: "avstore ⇒ bool" where
"initAvstore (Avstore as) = (as aa1 = (0, size_aa1) ∧ as aa2 = (size_aa1, size_aa2))"
fun istate ::"state ⇒ bool" where
"istate s = (initAvstore (getAvstore s))"
definition "prog ≡
[
Start ,
Input U xx ,
tt ::= (N 0) ,
IfJump (Less (V xx) (N NN)) 4 7 ,
vv ::= VA aa1 (V xx) ,
Fence ,
tt ::= (VA aa2 (Times (V vv) (N 512))) ,
Output U (V tt)
]"
lemma cases_7: "(i::pcounter) = 0 ∨ i = 1 ∨ i = 2 ∨ i = 3 ∨ i = 4 ∨ i = 5 ∨
i = 6 ∨ i = 7 ∨ i > 7"
apply(cases i, simp_all)
subgoal for i apply(cases i, simp_all)
subgoal for i apply(cases i, simp_all)
subgoal for i apply(cases i, simp_all)
subgoal for i apply(cases i, simp_all)
subgoal for i apply(cases i, simp_all)
subgoal for i apply(cases i, simp_all)
subgoal for i apply(cases i, simp_all)
. . . . . . . .
lemma xx_NN_cases: "vs xx < int NN ∨ vs xx ≥ int NN" by auto
lemma is_If_pcOf[simp]:
"pcOf cfg < 8 ⟹ is_IfJump (prog ! (pcOf cfg)) ⟷ pcOf cfg = 3"
apply(cases cfg) subgoal for pc s using cases_7[of "pcOf cfg "]
by (auto simp: prog_def) .
lemma is_If_pc[simp]:
"pc < 8 ⟹ is_IfJump (prog ! pc) ⟷ pc = 3"
using cases_7[of pc]
by (auto simp: prog_def)
lemma eq_Fence_pc[simp]:
"pc < 8 ⟹ prog ! pc = Fence ⟷ pc = 5"
using cases_7[of pc]
by (auto simp: prog_def)
fun resolve :: "predState ⇒ pcounter list ⇒ bool" where
"resolve p pc = (if (pc = [4,7]) then True else False)"