838 |
838 |
839 |
839 |
840 subsection{*Tactics useful for many protocol proofs*} |
840 subsection{*Tactics useful for many protocol proofs*} |
841 ML |
841 ML |
842 {* |
842 {* |
843 val invKey = thm "invKey" |
843 structure Message = |
844 val keysFor_def = thm "keysFor_def" |
844 struct |
845 val HPair_def = thm "HPair_def" |
|
846 val symKeys_def = thm "symKeys_def" |
|
847 val parts_mono = thm "parts_mono"; |
|
848 val analz_mono = thm "analz_mono"; |
|
849 val synth_mono = thm "synth_mono"; |
|
850 val analz_increasing = thm "analz_increasing"; |
|
851 |
|
852 val analz_insertI = thm "analz_insertI"; |
|
853 val analz_subset_parts = thm "analz_subset_parts"; |
|
854 val Fake_parts_insert = thm "Fake_parts_insert"; |
|
855 val Fake_analz_insert = thm "Fake_analz_insert"; |
|
856 val pushes = thms "pushes"; |
|
857 |
|
858 |
845 |
859 (*Prove base case (subgoal i) and simplify others. A typical base case |
846 (*Prove base case (subgoal i) and simplify others. A typical base case |
860 concerns Crypt K X \<notin> Key`shrK`bad and cannot be proved by rewriting |
847 concerns Crypt K X \<notin> Key`shrK`bad and cannot be proved by rewriting |
861 alone.*) |
848 alone.*) |
862 fun prove_simple_subgoals_tac i = |
849 fun prove_simple_subgoals_tac i = |
870 |
857 |
871 (*Apply rules to break down assumptions of the form |
858 (*Apply rules to break down assumptions of the form |
872 Y \<in> parts(insert X H) and Y \<in> analz(insert X H) |
859 Y \<in> parts(insert X H) and Y \<in> analz(insert X H) |
873 *) |
860 *) |
874 val Fake_insert_tac = |
861 val Fake_insert_tac = |
875 dresolve_tac [impOfSubs Fake_analz_insert, |
862 dresolve_tac [impOfSubs @{thm Fake_analz_insert}, |
876 impOfSubs Fake_parts_insert] THEN' |
863 impOfSubs @{thm Fake_parts_insert}] THEN' |
877 eresolve_tac [asm_rl, thm"synth.Inj"]; |
864 eresolve_tac [asm_rl, @{thm synth.Inj}]; |
878 |
865 |
879 fun Fake_insert_simp_tac ss i = |
866 fun Fake_insert_simp_tac ss i = |
880 REPEAT (Fake_insert_tac i) THEN asm_full_simp_tac ss i; |
867 REPEAT (Fake_insert_tac i) THEN asm_full_simp_tac ss i; |
881 |
868 |
882 fun atomic_spy_analz_tac (cs,ss) = SELECT_GOAL |
869 fun atomic_spy_analz_tac (cs,ss) = SELECT_GOAL |
883 (Fake_insert_simp_tac ss 1 |
870 (Fake_insert_simp_tac ss 1 |
884 THEN |
871 THEN |
885 IF_UNSOLVED (Blast.depth_tac |
872 IF_UNSOLVED (Blast.depth_tac |
886 (cs addIs [analz_insertI, |
873 (cs addIs [@{thm analz_insertI}, |
887 impOfSubs analz_subset_parts]) 4 1)) |
874 impOfSubs @{thm analz_subset_parts}]) 4 1)) |
888 |
875 |
889 (*The explicit claset and simpset arguments help it work with Isar*) |
876 (*The explicit claset and simpset arguments help it work with Isar*) |
890 fun gen_spy_analz_tac (cs,ss) i = |
877 fun gen_spy_analz_tac (cs,ss) i = |
891 DETERM |
878 DETERM |
892 (SELECT_GOAL |
879 (SELECT_GOAL |
898 simp_tac ss 1, |
885 simp_tac ss 1, |
899 REPEAT (FIRSTGOAL (resolve_tac [allI,impI,notI,conjI,iffI])), |
886 REPEAT (FIRSTGOAL (resolve_tac [allI,impI,notI,conjI,iffI])), |
900 DEPTH_SOLVE (atomic_spy_analz_tac (cs,ss) 1)]) i) |
887 DEPTH_SOLVE (atomic_spy_analz_tac (cs,ss) 1)]) i) |
901 |
888 |
902 fun spy_analz_tac i = gen_spy_analz_tac (claset(), simpset()) i |
889 fun spy_analz_tac i = gen_spy_analz_tac (claset(), simpset()) i |
|
890 |
|
891 end |
903 *} |
892 *} |
904 |
893 |
905 text{*By default only @{text o_apply} is built-in. But in the presence of |
894 text{*By default only @{text o_apply} is built-in. But in the presence of |
906 eta-expansion this means that some terms displayed as @{term "f o g"} will be |
895 eta-expansion this means that some terms displayed as @{term "f o g"} will be |
907 rewritten, and others will not!*} |
896 rewritten, and others will not!*} |
949 |
938 |
950 lemmas Fake_parts_sing_imp_Un = Fake_parts_sing [THEN [2] rev_subsetD] |
939 lemmas Fake_parts_sing_imp_Un = Fake_parts_sing [THEN [2] rev_subsetD] |
951 |
940 |
952 method_setup spy_analz = {* |
941 method_setup spy_analz = {* |
953 Method.ctxt_args (fn ctxt => |
942 Method.ctxt_args (fn ctxt => |
954 Method.SIMPLE_METHOD (gen_spy_analz_tac (local_clasimpset_of ctxt) 1)) *} |
943 Method.SIMPLE_METHOD (Message.gen_spy_analz_tac (local_clasimpset_of ctxt) 1)) *} |
955 "for proving the Fake case when analz is involved" |
944 "for proving the Fake case when analz is involved" |
956 |
945 |
957 method_setup atomic_spy_analz = {* |
946 method_setup atomic_spy_analz = {* |
958 Method.ctxt_args (fn ctxt => |
947 Method.ctxt_args (fn ctxt => |
959 Method.SIMPLE_METHOD (atomic_spy_analz_tac (local_clasimpset_of ctxt) 1)) *} |
948 Method.SIMPLE_METHOD (Message.atomic_spy_analz_tac (local_clasimpset_of ctxt) 1)) *} |
960 "for debugging spy_analz" |
949 "for debugging spy_analz" |
961 |
950 |
962 method_setup Fake_insert_simp = {* |
951 method_setup Fake_insert_simp = {* |
963 Method.ctxt_args (fn ctxt => |
952 Method.ctxt_args (fn ctxt => |
964 Method.SIMPLE_METHOD (Fake_insert_simp_tac (local_simpset_of ctxt) 1)) *} |
953 Method.SIMPLE_METHOD (Message.Fake_insert_simp_tac (local_simpset_of ctxt) 1)) *} |
965 "for debugging spy_analz" |
954 "for debugging spy_analz" |
966 |
955 |
967 |
|
968 end |
956 end |