Theory Fun_mask
section "Proof of Relative Security for fun2"
theory Fun_mask
imports
"../Instance_IMP/Instance_Secret_IMem"
"Relative_Security.Unwinding_fin"
begin
subsection "Function definition and Boilerplate"
no_notation bot (‹⊥›)
consts NN :: int
consts SS :: int
axiomatization where NN: "NN ≥ 0" and SS: "SS≥0"
definition aa1 :: "avname" where "aa1 = ''a1''"
definition aa2 :: "avname" where "aa2 = ''a2''"
definition vv :: "avname" where "vv = ''v''"
definition ii :: "avname" where "ii = ''i''"
definition temp :: "avname" where "temp = ''temp''"
lemmas vvars_defs = aa1_def aa2_def vv_def ii_def temp_def
lemma vvars_dff[simp]:
"aa1 ≠ aa2" "aa1 ≠ vv" "aa1 ≠ ii" "aa1 ≠ temp"
"aa2 ≠ aa1" "aa2 ≠ vv" "aa2 ≠ ii" "aa2 ≠ temp"
"vv ≠ aa1" "vv ≠ aa2" "vv ≠ ii" "vv ≠ temp"
"ii ≠ aa1" "ii ≠ aa2" "ii ≠ vv" "ii ≠ temp"
"temp ≠ aa1" "temp ≠ aa2" "temp ≠ vv" "temp ≠ ii"
unfolding vvars_defs by auto
consts size_aa1 :: nat
consts size_aa2 :: nat
fun initVstore :: "vstore ⇒ bool" where
"initVstore vst = True"
fun initAvstore :: "avstore ⇒ bool" where
"initAvstore (Avstore as) = (as aa1 = (0, size_aa1) ∧ as aa2 = (size_aa1, size_aa2))"
definition "prog ≡
[
Start ,
Input T ii ,
IfJump (Less (V ii) (N (int (size_aa1)))) 3 7 ,
vv ::= (Times (VA aa1 (V ii)) (N 512)) ,
M temp I (Less (V ii) (N (int (size_aa1)))) T VA aa2 (V vv) E (N 0),
Output U (V temp) ,
Jump 8 ,
Output U (N 0)
]"
lemma cases_8: "(i::pcounter) = 0 ∨ i = 1 ∨ i = 2 ∨ i = 3 ∨ i = 4 ∨ i = 5 ∨
i = 6 ∨ i = 7 ∨ i = 8 ∨ i > 8"
apply(cases i, simp_all)
subgoal for i apply(cases i, simp_all)
subgoal for i apply(cases i, simp_all)
subgoal for i apply(cases i, simp_all)
subgoal for i apply(cases i, simp_all)
subgoal for i apply(cases i, simp_all)
subgoal for i apply(cases i, simp_all)
subgoal for i apply(cases i, simp_all)
subgoal for i apply(cases i, simp_all)
. . . . . . . . .
lemma cases_branch:"(i::pcounter) < 3 ∨ i = 3 ∨ i = 4 ∨ i = 5 ∨ i > 5"
apply(cases i, simp_all)
subgoal for i apply(cases i, simp_all)
subgoal for i apply(cases i, simp_all)
subgoal for i apply(cases i, simp_all)
subgoal for i apply(cases i, simp_all)
subgoal for i apply(cases i, simp_all)
. . . . . .
lemma ii_aa1_cases: "vs ii < int size_aa1 ∨ vs ii ≥ int size_aa1" by auto
lemma is_If_pcOf[simp]:
"pcOf cfg < 8 ⟹ is_IfJump (prog ! (pcOf cfg)) ⟷ pcOf cfg = 2"
apply(cases cfg) subgoal for pc s using cases_8[of "pcOf cfg "]
by (auto simp: prog_def) .
lemma is_If_pc[simp]:
"pc < 8 ⟹ is_IfJump (prog ! pc) ⟷ pc = 2"
using cases_8[of pc]
by (auto simp: prog_def)
lemma eq_Fence_pc[simp]:
"pc < 8 ⟹ prog ! pc ≠ Fence"
using cases_8[of pc]
by (auto simp: prog_def)
lemma [simp]:"¬ is_getInput (prog ! 3)"
unfolding prog_def by simp
lemma [simp]:"¬ is_getInput (prog ! 3)"
unfolding prog_def by simp
lemma not_is_Output[simp]:"¬ is_Output (prog ! 3)"
unfolding prog_def by simp
consts mispred :: "predState ⇒ pcounter list ⇒ bool"
consts resolve :: "predState ⇒ pcounter list ⇒ bool"
consts update :: "predState ⇒ pcounter list ⇒ predState"
consts initPstate :: predState
fun istate ::"state ⇒ bool" where
"istate s = (initAvstore (getAvstore s))"