Theory Eg2

theory Eg2
imports Dependent_SIFUM_Type_Systems.Language
begin

datatype var⇩C = control_var⇩C | buffer⇩C | high_var⇩C | low_var⇩C | temp⇩C | reg⇩C

type_synonym addr⇩C = var⇩C
type_synonym val = nat
type_synonym mem⇩C = "addr⇩C ⇒ val"

(* Address expression evaluation *)
datatype aexp⇩C = Const "val" |
                 Load "addr⇩C"

fun 
  ev⇩A⇩C :: "mem⇩C ⇒ aexp⇩C ⇒ val"
where
  "ev⇩A⇩C mem (Const v) = v" |
  "ev⇩A⇩C mem (Load x) = mem x"

(* Boolean expression evaluation *)
datatype bexp⇩C = Eq "addr⇩C" "val"

fun
  ev⇩B⇩C :: "mem⇩C ⇒ bexp⇩C ⇒ bool"
where
  "ev⇩B⇩C mem (Eq x v) = ((mem x) = v)"

(* NB: dma ~ "domain assignment"
 * Domain assignment function based on the value of a control variable,
 * Low if 0, High otherwise. *)
definition
  dma_control_var⇩C :: "val ⇒ Sec"
where
  "dma_control_var⇩C v ≡ if v = 0 then Low else High"

(* buffer's security level is controlled by control_var.
 * high_var's is High.
 * All other memory's security level is Low. *)
definition
  dma⇩C :: "mem⇩C ⇒ addr⇩C ⇒ Sec"
where
  "dma⇩C m x ≡ if x = buffer⇩C then dma_control_var⇩C (m control_var⇩C) else if x = high_var⇩C then High else Low"

(* Function that gives the control variables of a given variable.
 * Only buffer is controlled by a control variable, control_var *)
definition
  𝒞_vars⇩C :: "addr⇩C ⇒ addr⇩C set"
where
  "𝒞_vars⇩C x ≡ if x = buffer⇩C then {control_var⇩C} else {}"

primrec
  aexp_vars⇩C :: "aexp⇩C ⇒ var⇩C set"
where
  "aexp_vars⇩C (Const _) = {}" |
  "aexp_vars⇩C (Load v) = {v}"
  
primrec
  bexp_vars⇩C :: "bexp⇩C ⇒ var⇩C set"
where
  "bexp_vars⇩C (Eq v w) = {v}"

locale sifum_example2 =
  sifum_lang_no_dma ev⇩A⇩C ev⇩B⇩C aexp_vars⇩C bexp_vars⇩C +
  assumes eval_det: "(lc, lc') ∈ sifum_lang_no_dma.eval⇩w ev⇩A⇩C ev⇩B⇩C ⟹ (lc, lc'') ∈ sifum_lang_no_dma.eval⇩w ev⇩A⇩C ev⇩B⇩C ⟹ lc' = lc''"

definition
  𝒞⇩C :: "addr⇩C set"
where
  "𝒞⇩C ≡ ⋃x. 𝒞_vars⇩C x"

context sifum_example2 begin

definition
  read_buffer⇩C :: "(var⇩C, aexp⇩C, bexp⇩C) Stmt"
where
  "read_buffer⇩C ≡ 
     ModeDecl Skip (Acq control_var⇩C AsmNoWrite) ;; 
     ModeDecl Skip (Acq temp⇩C AsmNoReadOrWrite) ;;
     Assign temp⇩C (Load buffer⇩C) ;;
     Assign reg⇩C (Load control_var⇩C);;
     If (Eq reg⇩C 0) (Assign low_var⇩C (Load temp⇩C)) (Assign high_var⇩C (Load temp⇩C)) ;;
     Assign temp⇩C (Const 0) ;;
     ModeDecl Skip (Rel temp⇩C AsmNoReadOrWrite)"

end

end