-
Notifications
You must be signed in to change notification settings - Fork 0
/
MLS.Symbolic.TypedSession.fst
67 lines (60 loc) · 2.84 KB
/
MLS.Symbolic.TypedSession.fst
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
module MLS.Symbolic.TypedSession
open Comparse
open MLS.Symbolic
open MLS.Symbolic.Session
open LabeledRuntimeAPI
type bare_typed_session_pred (a:Type) {|parseable_serializeable dy_bytes a|} = gu:global_usage -> p:principal -> time:timestamp -> si:nat -> vi:nat -> session:a -> prop
val bare_typed_session_pred_later: #a:Type -> {|parseable_serializeable dy_bytes a|} -> bare_typed_session_pred a -> prop
let bare_typed_session_pred_later #a #ps_a spred =
forall gu p time0 time1 si vi session.
(spred gu p time0 si vi session /\ time0 <$ time1)
==>
spred gu p time1 si vi session
val bare_typed_session_pred_is_msg: #a:Type -> {|parseable_serializeable dy_bytes a|} -> bare_typed_session_pred a -> prop
let bare_typed_session_pred_is_msg #a #ps_a spred =
forall gu p time si vi session.
spred gu p time si vi session
==>
is_well_formed _ (is_msg gu (readers [psv_id p si vi]) time) session
type typed_session_pred (a:Type) {|parseable_serializeable dy_bytes a|} = spred:bare_typed_session_pred a{bare_typed_session_pred_later spred /\ bare_typed_session_pred_is_msg spred}
val typed_session_pred_to_session_pred: #a:Type -> {|parseable_serializeable dy_bytes a|} -> typed_session_pred a -> session_pred
let typed_session_pred_to_session_pred #a #ps_a tspred =
let bare_spred gu p time si vi session: prop =
match parse a session with
| None -> False
| Some st -> tspred gu p time si vi st
in
mk_session_pred bare_spred
(fun gu p time0 time1 si vi session -> ())
(fun gu p time si vi session ->
let st = Some?.v (parse a session) in
let pre = is_msg gu (readers [psv_id p si vi]) time in
serialize_parse_inv_lemma a session;
serialize_wf_lemma a pre st
)
val mk_typed_session_pred:
#a:Type -> {|parseable_serializeable dy_bytes a|} ->
tspred:bare_typed_session_pred a ->
(gu:global_usage -> p:principal -> time0:timestamp -> time1:timestamp -> si:nat -> vi:nat -> session:a -> Lemma
(requires tspred gu p time0 si vi session /\ time0 <$ time1)
(ensures tspred gu p time1 si vi session)
) ->
(gu:global_usage -> p:principal -> time:timestamp -> si:nat -> vi:nat -> session:a -> Lemma
(requires tspred gu p time si vi session)
(ensures is_well_formed _ (is_msg gu (readers [psv_id p si vi]) time) session)
) ->
typed_session_pred a
let mk_typed_session_pred #a #ps_a tspred later_lemma is_msg_lemma =
introduce forall gu p time0 time1 si vi session. (tspred gu p time0 si vi session /\ time0 <$ time1) ==> tspred gu p time1 si vi session
with (
introduce _ ==> _ with _. (
later_lemma gu p time0 time1 si vi session
)
);
introduce forall gu p time si vi session. tspred gu p time si vi session ==> is_well_formed _ (is_msg gu (readers [psv_id p si vi]) time) session
with (
introduce _ ==> _ with _. (
is_msg_lemma gu p time si vi session
)
);
tspred