258 |
258 |
259 lemmas analz_impI = impI [where P = "Y \<notin> analz (knows Spy evs)"] for Y evs |
259 lemmas analz_impI = impI [where P = "Y \<notin> analz (knows Spy evs)"] for Y evs |
260 |
260 |
261 ML |
261 ML |
262 {* |
262 {* |
263 val analz_mono_contra_tac = |
263 fun analz_mono_contra_tac ctxt = |
264 rtac @{thm analz_impI} THEN' |
264 rtac @{thm analz_impI} THEN' |
265 REPEAT1 o (dresolve_tac @{thms analz_mono_contra}) |
265 REPEAT1 o (dresolve_tac @{thms analz_mono_contra}) |
266 THEN' mp_tac |
266 THEN' mp_tac ctxt |
267 *} |
267 *} |
268 |
268 |
269 lemma knows_subset_knows_Cons: "knows A evs \<subseteq> knows A (e # evs)" |
269 lemma knows_subset_knows_Cons: "knows A evs \<subseteq> knows A (e # evs)" |
270 by (induct e, auto simp: knows_Cons) |
270 by (induct e, auto simp: knows_Cons) |
271 |
271 |
283 dest!: parts_insert_subset_Un [THEN keysFor_mono, THEN [2] rev_subsetD] |
283 dest!: parts_insert_subset_Un [THEN keysFor_mono, THEN [2] rev_subsetD] |
284 analz_subset_parts [THEN keysFor_mono, THEN [2] rev_subsetD] |
284 analz_subset_parts [THEN keysFor_mono, THEN [2] rev_subsetD] |
285 intro: analz_subset_parts [THEN subsetD] parts_mono [THEN [2] rev_subsetD]) |
285 intro: analz_subset_parts [THEN subsetD] parts_mono [THEN [2] rev_subsetD]) |
286 |
286 |
287 method_setup analz_mono_contra = {* |
287 method_setup analz_mono_contra = {* |
288 Scan.succeed (K (SIMPLE_METHOD (REPEAT_FIRST analz_mono_contra_tac))) *} |
288 Scan.succeed (fn ctxt => SIMPLE_METHOD (REPEAT_FIRST (analz_mono_contra_tac ctxt))) *} |
289 "for proving theorems of the form X \<notin> analz (knows Spy evs) --> P" |
289 "for proving theorems of the form X \<notin> analz (knows Spy evs) --> P" |
290 |
290 |
291 subsubsection{*Useful for case analysis on whether a hash is a spoof or not*} |
291 subsubsection{*Useful for case analysis on whether a hash is a spoof or not*} |
292 |
292 |
293 lemmas syan_impI = impI [where P = "Y \<notin> synth (analz (knows Spy evs))"] for Y evs |
293 lemmas syan_impI = impI [where P = "Y \<notin> synth (analz (knows Spy evs))"] for Y evs |
328 val knows_Spy_subset_knows_Spy_Says = @{thm knows_Spy_subset_knows_Spy_Says}; |
328 val knows_Spy_subset_knows_Spy_Says = @{thm knows_Spy_subset_knows_Spy_Says}; |
329 val knows_Spy_subset_knows_Spy_Notes = @{thm knows_Spy_subset_knows_Spy_Notes}; |
329 val knows_Spy_subset_knows_Spy_Notes = @{thm knows_Spy_subset_knows_Spy_Notes}; |
330 val knows_Spy_subset_knows_Spy_Gets = @{thm knows_Spy_subset_knows_Spy_Gets}; |
330 val knows_Spy_subset_knows_Spy_Gets = @{thm knows_Spy_subset_knows_Spy_Gets}; |
331 |
331 |
332 |
332 |
333 val synth_analz_mono_contra_tac = |
333 fun synth_analz_mono_contra_tac ctxt = |
334 rtac @{thm syan_impI} THEN' |
334 rtac @{thm syan_impI} THEN' |
335 REPEAT1 o |
335 REPEAT1 o |
336 (dresolve_tac |
336 (dresolve_tac |
337 [@{thm knows_Spy_subset_knows_Spy_Says} RS @{thm synth_analz_mono} RS @{thm contra_subsetD}, |
337 [@{thm knows_Spy_subset_knows_Spy_Says} RS @{thm synth_analz_mono} RS @{thm contra_subsetD}, |
338 @{thm knows_Spy_subset_knows_Spy_Notes} RS @{thm synth_analz_mono} RS @{thm contra_subsetD}, |
338 @{thm knows_Spy_subset_knows_Spy_Notes} RS @{thm synth_analz_mono} RS @{thm contra_subsetD}, |
339 @{thm knows_Spy_subset_knows_Spy_Gets} RS @{thm synth_analz_mono} RS @{thm contra_subsetD}]) |
339 @{thm knows_Spy_subset_knows_Spy_Gets} RS @{thm synth_analz_mono} RS @{thm contra_subsetD}]) |
340 THEN' |
340 THEN' |
341 mp_tac |
341 mp_tac ctxt |
342 *} |
342 *} |
343 |
343 |
344 method_setup synth_analz_mono_contra = {* |
344 method_setup synth_analz_mono_contra = {* |
345 Scan.succeed (K (SIMPLE_METHOD (REPEAT_FIRST synth_analz_mono_contra_tac))) *} |
345 Scan.succeed (fn ctxt => SIMPLE_METHOD (REPEAT_FIRST (synth_analz_mono_contra_tac ctxt))) *} |
346 "for proving theorems of the form X \<notin> synth (analz (knows Spy evs)) --> P" |
346 "for proving theorems of the form X \<notin> synth (analz (knows Spy evs)) --> P" |
347 (*>*) |
347 (*>*) |
348 |
348 |
349 section{* Event Traces \label{sec:events} *} |
349 section{* Event Traces \label{sec:events} *} |
350 |
350 |