256 lemmas analz_mono_contra = |
256 lemmas analz_mono_contra = |
257 knows_Spy_subset_knows_Spy_Says [THEN analz_mono, THEN contra_subsetD] |
257 knows_Spy_subset_knows_Spy_Says [THEN analz_mono, THEN contra_subsetD] |
258 knows_Spy_subset_knows_Spy_Notes [THEN analz_mono, THEN contra_subsetD] |
258 knows_Spy_subset_knows_Spy_Notes [THEN analz_mono, THEN contra_subsetD] |
259 knows_Spy_subset_knows_Spy_Gets [THEN analz_mono, THEN contra_subsetD] |
259 knows_Spy_subset_knows_Spy_Gets [THEN analz_mono, THEN contra_subsetD] |
260 |
260 |
261 ML |
|
262 {* |
|
263 val analz_mono_contra_tac = |
|
264 let val analz_impI = inst "P" "?Y \<notin> analz (knows Spy ?evs)" impI |
|
265 in |
|
266 rtac analz_impI THEN' |
|
267 REPEAT1 o |
|
268 (dresolve_tac (thms"analz_mono_contra")) |
|
269 THEN' mp_tac |
|
270 end |
|
271 *} |
|
272 |
|
273 |
261 |
274 lemma knows_subset_knows_Cons: "knows A evs \<subseteq> knows A (e # evs)" |
262 lemma knows_subset_knows_Cons: "knows A evs \<subseteq> knows A (e # evs)" |
275 by (induct e, auto simp: knows_Cons) |
263 by (induct e, auto simp: knows_Cons) |
276 |
264 |
277 lemma initState_subset_knows: "initState A \<subseteq> knows A evs" |
265 lemma initState_subset_knows: "initState A \<subseteq> knows A evs" |
287 by (force |
275 by (force |
288 dest!: parts_insert_subset_Un [THEN keysFor_mono, THEN [2] rev_subsetD] |
276 dest!: parts_insert_subset_Un [THEN keysFor_mono, THEN [2] rev_subsetD] |
289 analz_subset_parts [THEN keysFor_mono, THEN [2] rev_subsetD] |
277 analz_subset_parts [THEN keysFor_mono, THEN [2] rev_subsetD] |
290 intro: analz_subset_parts [THEN subsetD] parts_mono [THEN [2] rev_subsetD]) |
278 intro: analz_subset_parts [THEN subsetD] parts_mono [THEN [2] rev_subsetD]) |
291 |
279 |
|
280 |
|
281 ML |
|
282 {* |
|
283 val analz_mono_contra_tac = |
|
284 let val analz_impI = inst "P" "?Y \<notin> analz (knows Spy ?evs)" impI |
|
285 in |
|
286 rtac analz_impI THEN' |
|
287 REPEAT1 o |
|
288 (dresolve_tac @{thms analz_mono_contra}) |
|
289 THEN' mp_tac |
|
290 end |
|
291 *} |
|
292 |
292 method_setup analz_mono_contra = {* |
293 method_setup analz_mono_contra = {* |
293 Method.no_args (Method.SIMPLE_METHOD (REPEAT_FIRST analz_mono_contra_tac)) *} |
294 Method.no_args (Method.SIMPLE_METHOD (REPEAT_FIRST analz_mono_contra_tac)) *} |
294 "for proving theorems of the form X \<notin> analz (knows Spy evs) --> P" |
295 "for proving theorems of the form X \<notin> analz (knows Spy evs) --> P" |
295 |
296 |
296 subsubsection{*Useful for case analysis on whether a hash is a spoof or not*} |
297 subsubsection{*Useful for case analysis on whether a hash is a spoof or not*} |
297 |
298 |
298 ML |
299 ML |
299 {* |
300 {* |
300 val knows_Cons = thm "knows_Cons" |
|
301 val used_Nil = thm "used_Nil" |
|
302 val used_Cons = thm "used_Cons" |
|
303 |
|
304 val Notes_imp_used = thm "Notes_imp_used"; |
|
305 val Says_imp_used = thm "Says_imp_used"; |
|
306 val Says_imp_knows_Spy = thm "Says_imp_knows_Spy"; |
|
307 val Notes_imp_knows_Spy = thm "Notes_imp_knows_Spy"; |
|
308 val knows_Spy_partsEs = thms "knows_Spy_partsEs"; |
|
309 val spies_partsEs = thms "spies_partsEs"; |
|
310 val Says_imp_spies = thm "Says_imp_spies"; |
|
311 val parts_insert_spies = thm "parts_insert_spies"; |
|
312 val Says_imp_knows = thm "Says_imp_knows"; |
|
313 val Notes_imp_knows = thm "Notes_imp_knows"; |
|
314 val Gets_imp_knows_agents = thm "Gets_imp_knows_agents"; |
|
315 val knows_imp_Says_Gets_Notes_initState = thm "knows_imp_Says_Gets_Notes_initState"; |
|
316 val knows_Spy_imp_Says_Notes_initState = thm "knows_Spy_imp_Says_Notes_initState"; |
|
317 val usedI = thm "usedI"; |
|
318 val initState_into_used = thm "initState_into_used"; |
|
319 val used_Says = thm "used_Says"; |
|
320 val used_Notes = thm "used_Notes"; |
|
321 val used_Gets = thm "used_Gets"; |
|
322 val used_nil_subset = thm "used_nil_subset"; |
|
323 val analz_mono_contra = thms "analz_mono_contra"; |
|
324 val knows_subset_knows_Cons = thm "knows_subset_knows_Cons"; |
|
325 val initState_subset_knows = thm "initState_subset_knows"; |
|
326 val keysFor_parts_insert = thm "keysFor_parts_insert"; |
|
327 |
|
328 |
|
329 val synth_analz_mono = thm "synth_analz_mono"; |
|
330 |
|
331 val knows_Spy_subset_knows_Spy_Says = thm "knows_Spy_subset_knows_Spy_Says"; |
|
332 val knows_Spy_subset_knows_Spy_Notes = thm "knows_Spy_subset_knows_Spy_Notes"; |
|
333 val knows_Spy_subset_knows_Spy_Gets = thm "knows_Spy_subset_knows_Spy_Gets"; |
|
334 |
|
335 |
|
336 val synth_analz_mono_contra_tac = |
301 val synth_analz_mono_contra_tac = |
337 let val syan_impI = inst "P" "?Y \<notin> synth (analz (knows Spy ?evs))" impI |
302 let val syan_impI = inst "P" "?Y \<notin> synth (analz (knows Spy ?evs))" impI |
338 in |
303 in |
339 rtac syan_impI THEN' |
304 rtac syan_impI THEN' |
340 REPEAT1 o |
305 REPEAT1 o |
341 (dresolve_tac |
306 (dresolve_tac |
342 [knows_Spy_subset_knows_Spy_Says RS synth_analz_mono RS contra_subsetD, |
307 [@{thm knows_Spy_subset_knows_Spy_Says} RS @{thm synth_analz_mono} RS @{thm contra_subsetD}, |
343 knows_Spy_subset_knows_Spy_Notes RS synth_analz_mono RS contra_subsetD, |
308 @{thm knows_Spy_subset_knows_Spy_Notes} RS @{thm synth_analz_mono} RS @{thm contra_subsetD}, |
344 knows_Spy_subset_knows_Spy_Gets RS synth_analz_mono RS contra_subsetD]) |
309 @{thm knows_Spy_subset_knows_Spy_Gets} RS @{thm synth_analz_mono} RS @{thm contra_subsetD}]) |
345 THEN' |
310 THEN' |
346 mp_tac |
311 mp_tac |
347 end; |
312 end; |
348 *} |
313 *} |
349 |
314 |