(* Title: isabelle/Bali/AxSem.thy


ID: $Id$


Author: David von Oheimb


Copyright 1998 Technische Universitaet Muenchen


*)


header {* Axiomatic semantics of Java expressions and statements


(see also Eval.thy)


*}


theory AxSem = Evaln + TypeSafe:


text {*


design issues:


\begin{itemize}


\item a strong version of validity for triples with premises, namely one that


takes the recursive depth needed to complete execution, enables


correctness proof


\item auxiliary variables are handled firstclass (> Thomas Kleymann)


\item expressions not flattened to elementary assignments (as usual for


axiomatic semantics) but treated firstclass => explicit result value


handling


\item intermediate values not on triple, but on assertion level


(with result entry)


\item multiple results with semantical substitution mechnism not requiring a


stack


\item because of dynamic method binding, terms need to be dependent on state.


this is also useful for conditional expressions and statements


\item result values in triples exactly as in eval relation (also for xcpt


states)


\item validity: additional assumption of state conformance and welltypedness,


which is required for soundness and thus rule hazard required of completeness


\end{itemize}


restrictions:


\begin{itemize}


\item all triples in a derivation are of the same type (due to weak


polymorphism)


\end{itemize}


*}


types res = vals (* result entry *)


syntax


Val :: "val \<Rightarrow> res"


Var :: "var \<Rightarrow> res"


Vals :: "val list \<Rightarrow> res"


translations


"Val x" => "(In1 x)"


"Var x" => "(In2 x)"


"Vals x" => "(In3 x)"


syntax


"Val_" :: "[pttrn] => pttrn" ("Val:_" [951] 950)


"Var_" :: "[pttrn] => pttrn" ("Var:_" [951] 950)


"Vals_" :: "[pttrn] => pttrn" ("Vals:_" [951] 950)


translations


"\<lambda>Val:v . b" == "(\<lambda>v. b) \<circ> the_In1"


"\<lambda>Var:v . b" == "(\<lambda>v. b) \<circ> the_In2"


"\<lambda>Vals:v. b" == "(\<lambda>v. b) \<circ> the_In3"


(* relation on result values, state and auxiliary variables *)


types 'a assn = "res \<Rightarrow> state \<Rightarrow> 'a \<Rightarrow> bool"


translations


"res" <= (type) "AxSem.res"


"a assn" <= (type) "vals \<Rightarrow> state \<Rightarrow> a \<Rightarrow> bool"


constdefs


assn_imp :: "'a assn \<Rightarrow> 'a assn \<Rightarrow> bool" (infixr "\<Rightarrow>" 25)


"P \<Rightarrow> Q \<equiv> \<forall>Y s Z. P Y s Z \<longrightarrow> Q Y s Z"


lemma assn_imp_def2 [iff]: "(P \<Rightarrow> Q) = (\<forall>Y s Z. P Y s Z \<longrightarrow> Q Y s Z)"


apply (unfold assn_imp_def)


apply (rule HOL.refl)


done


section "assertion transformers"


subsection "peekand"


constdefs


peek_and :: "'a assn \<Rightarrow> (state \<Rightarrow> bool) \<Rightarrow> 'a assn" (infixl "\<and>." 13)


"P \<and>. p \<equiv> \<lambda>Y s Z. P Y s Z \<and> p s"


lemma peek_and_def2 [simp]: "peek_and P p Y s = (\<lambda>Z. (P Y s Z \<and> p s))"


89 
90 
91 
lemma peek_and_Not [simp]: "(P \<and>. (\<lambda>s. \<not> f s)) = (P \<and>. Not \<circ> f)"


94 
95 
96 
97 
lemma peek_and_and [simp]: "peek_and (peek_and P p) p = peek_and P p"


100 
101 
102 
lemma peek_and_commut: "(P \<and>. p \<and>. q) = (P \<and>. q \<and>. p)"


105 
106 
107 
108 
109 
syntax


Normal :: "'a assn \<Rightarrow> 'a assn"


translations


"Normal P" == "P \<and>. normal"


lemma peek_and_Normal [simp]: "peek_and (Normal P) p = Normal (peek_and P p)"


117 
118 
119 
120 
121 
subsection "assnsupd"


124 


constdefs


assn_supd :: "'a assn \<Rightarrow> (state \<Rightarrow> state) \<Rightarrow> 'a assn" (infixl ";." 13)


"P ;. f \<equiv> \<lambda>Y s' Z. \<exists>s. P Y s Z \<and> s' = f s"


lemma assn_supd_def2 [simp]: "assn_supd P f Y s' Z = (\<exists>s. P Y s Z \<and> s' = f s)"


130 
131 
132 
subsection "supdassn"


135 


constdefs


supd_assn :: "(state \<Rightarrow> state) \<Rightarrow> 'a assn \<Rightarrow> 'a assn" (infixr ".;" 13)


"f .; P \<equiv> \<lambda>Y s. P Y (f s)"


141 
142 
143 
144 
lemma supd_assn_supdD [elim]: "((f .; Q) ;. f) Y s Z \<Longrightarrow> Q Y s Z"


147 
148 
lemma supd_assn_supdI [elim]: "Q Y s Z \<Longrightarrow> (f .; (Q ;. f)) Y s Z"


151 
152 
subsection "substres"


155 


constdefs


subst_res :: "'a assn \<Rightarrow> res \<Rightarrow> 'a assn" ("_\<leftarrow>_" [60,61] 60)


"P\<leftarrow>w \<equiv> \<lambda>Y. P w"


lemma subst_res_def2 [simp]: "(P\<leftarrow>w) Y = P w"


161 
162 
163 
lemma subst_subst_res [simp]: "P\<leftarrow>w\<leftarrow>v = P\<leftarrow>w"


166 
167 
168 
lemma peek_and_subst_res [simp]: "(P \<and>. p)\<leftarrow>w = (P\<leftarrow>w \<and>. p)"


171 
172 
173 
174 
(*###Do not work for some strange (unification?) reason


177 
178 
179 
181 
182 
183 
185 
186 
187 
188 
subsection "substBool"


191 


constdefs


subst_Bool :: "'a assn \<Rightarrow> bool \<Rightarrow> 'a assn" ("_\<leftarrow>=_" [60,61] 60)


"P\<leftarrow>=b \<equiv> \<lambda>Y s Z. \<exists>v. P (Val v) s Z \<and> (normal s \<longrightarrow> the_Bool v=b)"


lemma subst_Bool_def2 [simp]:


197 
198 
199 
200 
lemma subst_Bool_the_BoolI: "P (Val b) s Z \<Longrightarrow> (P\<leftarrow>=the_Bool b) Y s Z"


203 
204 
subsection "peekres"


207 


constdefs


peek_res :: "(res \<Rightarrow> 'a assn) \<Rightarrow> 'a assn"


"peek_res Pf \<equiv> \<lambda>Y. Pf Y Y"


syntax


"@peek_res" :: "pttrn \<Rightarrow> 'a assn \<Rightarrow> 'a assn" ("\<lambda>_:. _" [0,3] 3)


translations


"\<lambda>w:. P" == "peek_res (\<lambda>w. P)"


lemma peek_res_def2 [simp]: "peek_res P Y = P Y Y"


218 
219 
220 
lemma peek_res_subst_res [simp]: "peek_res P\<leftarrow>w = P w\<leftarrow>w"


223 
224 
225 
(* unused *)


228 
229 
230 
231 
232 
233 
subsection "ignres"


236 


constdefs


ign_res :: " 'a assn \<Rightarrow> 'a assn" ("_\<down>" [1000] 1000)


"P\<down> \<equiv> \<lambda>Y s Z. \<exists>Y. P Y s Z"


lemma ign_res_def2 [simp]: "P\<down> Y s Z = (\<exists>Y. P Y s Z)"


242 
243 
244 
lemma ign_ign_res [simp]: "P\<down>\<down> = P\<down>"


247 
248 
249 
250 
251 
lemma ign_subst_res [simp]: "P\<down>\<leftarrow>w = P\<down>"


254 
255 
256 
257 
258 
lemma peek_and_ign_res [simp]: "(P \<and>. p)\<down> = (P\<down> \<and>. p)"


261 
262 
263 
264 
265 
subsection "peekst"


268 


constdefs


peek_st :: "(st \<Rightarrow> 'a assn) \<Rightarrow> 'a assn"


"peek_st P \<equiv> \<lambda>Y s. P (store s) Y s"


syntax


"@peek_st" :: "pttrn \<Rightarrow> 'a assn \<Rightarrow> 'a assn" ("\<lambda>_.. _" [0,3] 3)


translations


"\<lambda>s.. P" == "peek_st (\<lambda>s. P)"


lemma peek_st_def2 [simp]: "(\<lambda>s.. Pf s) Y s = Pf (store s) Y s"


279 
280 
281 
lemma peek_st_triv [simp]: "(\<lambda>s.. P) = P"


284 
285 
286 
287 
lemma peek_st_st [simp]: "(\<lambda>s.. \<lambda>s'.. P s s') = (\<lambda>s.. P s s)"


290 
291 
292 
293 
lemma peek_st_split [simp]: "(\<lambda>s.. \<lambda>Y s'. P s Y s') = (\<lambda>Y s. P (store s) Y s)"


296 
297 
298 
299 
lemma peek_st_subst_res [simp]: "(\<lambda>s.. P s)\<leftarrow>w = (\<lambda>s.. P s\<leftarrow>w)"


302 
303 
304 
lemma peek_st_Normal [simp]: "(\<lambda>s..(Normal (P s))) = Normal (\<lambda>s.. P s)"


307 
308 
309 
310 
subsection "ignreseq"


313 


constdefs


ign_res_eq :: "'a assn \<Rightarrow> res \<Rightarrow> 'a assn" ("_\<down>=_" [60,61] 60)


"P\<down>=w \<equiv> \<lambda>Y:. P\<down> \<and>. (\<lambda>s. Y=w)"


319 
apply (unfold ign_res_eq_def)


apply auto


done


324 
apply (rule ext)


apply (rule ext)


apply (rule ext)


apply (simp (no_asm))


(* unused *)


331 
332 
333 
334 
335 
336 
(* unused *)


339 
340 
341 
subsection "RefVar"


344 


constdefs


RefVar :: "(state \<Rightarrow> vvar \<times> state) \<Rightarrow> 'a assn \<Rightarrow> 'a assn"(infixr "..;" 13)


"vf ..; P \<equiv> \<lambda>Y s. let (v,s') = vf s in P (Var v) s'"


lemma RefVar_def2 [simp]: "(vf ..; P) Y s =


350 
351 
352 
353 
355 
subsection "allocation"


constdefs


358 
359 
360 
361 


363 
364 


lemma Alloc_def2 [simp]: "Alloc G otag P Y s Z =


367 
368 
369 
370 
lemma SXAlloc_def2 [simp]:


373 
374 
375 
376 
section "validity"


constdefs


381 
382 
383 


385 
386 
387 
syntax


391 
392 
393 
394 
395 
396 
397 
398 
syntax (xsymbols)


402 
403 
404 
405 
406 
407 
408 
409 
410 


412 
413 
414 
415 
lemma inj_triple: "inj (\<lambda>(P,t,Q). {P} t\<succ> {Q})"


418 
419 
420 
lemma triple_inj_eq: "({P} t\<succ> {Q} = {P'} t'\<succ> {Q'} ) = (P=P' \<and> t=t' \<and> Q=Q')"


423 
424 
426 
constdefs


mtriples :: "('c \<Rightarrow> 'sig \<Rightarrow> 'a assn) \<Rightarrow> ('c \<Rightarrow> 'sig \<Rightarrow> expr) \<Rightarrow>


('c \<Rightarrow> 'sig \<Rightarrow> 'a assn) \<Rightarrow> ('c \<times> 'sig) set \<Rightarrow> 'a triples"


("{{(1_)}/ _\<succ>/ {(1_)}  _}"[3,65,3,65]75)


"{{P} tf\<succ> {Q}  ms} \<equiv> (\<lambda>(C,sig). {Normal(P C sig)} tf C sig\<succ> {Q C sig})`ms"


consts


434 
( "_\<Turnstile>_:_" [61,0, 58] 57)


ax_valids :: "prog \<Rightarrow> 'b triples \<Rightarrow> 'a triples \<Rightarrow> bool"


("_,_\<Turnstile>_" [61,58,58] 57)


ax_derivs :: "prog \<Rightarrow> ('b triples \<times> 'a triples) set"


syntax


442 
443 
444 
445 
446 
447 
448 
449 
syntax (xsymbols)


453 
454 
455 
456 
457 
458 
459 
460 
462 
defs triple_valid_def: "G\<Turnstile>n:t \<equiv> case t of {P} t\<succ> {Q} \<Rightarrow>


\<forall>Y s Z. P Y s Z \<longrightarrow> type_ok G t s \<longrightarrow>


(\<forall>Y' s'. G\<turnstile>s \<midarrow>t\<succ>\<midarrow>n\<rightarrow> (Y',s') \<longrightarrow> Q Y' s' Z)"


466 
467 
468 
469 
471 
lemma triple_valid_def2: "G\<Turnstile>n:{P} t\<succ> {Q} =


(\<forall>Y s Z. P Y s Z


\<longrightarrow> (\<exists>L. (normal s \<longrightarrow> (\<exists>T C. \<lparr>prg=G,cls=C,lcl=L\<rparr>\<turnstile>t\<Colon>T)) \<and> s\<Colon>\<preceq>(G,L)) \<longrightarrow>


(\<forall>Y' s'. G\<turnstile>s \<midarrow>t\<succ>\<midarrow>n\<rightarrow> (Y',s')\<longrightarrow> Q Y' s' Z))"


apply (unfold triple_valid_def type_ok_def)


apply (simp (no_asm))


done


480 
481 
482 
483 
484 
485 
486 
inductive "ax_derivs G" intros


empty: " G,A\<turnstile>{}"


492 
493 
494 


asm: "ts\<subseteq>A \<Longrightarrow> G,A\<turnstile>ts"


497 
498 
499 
500 
501 
502 


conseq:"\<forall>Y s Z . P Y s Z \<longrightarrow> (\<exists>P' Q'. G,A\<turnstile>{P'} t\<succ> {Q'} \<and> (\<forall>Y' s'.


(\<forall>Y Z'. P' Y s Z' \<longrightarrow> Q' Y' s' Z') \<longrightarrow>


Q Y' s' Z ))


\<Longrightarrow> G,A\<turnstile>{P } t\<succ> {Q }"


508 
509 


Abrupt: "G,A\<turnstile>{P\<leftarrow>(arbitrary3 t) \<and>. Not \<circ> normal} t\<succ> {P}"


512 
513 
514 


FVar: "\<lbrakk>G,A\<turnstile>{Normal P} .Init C. {Q};


G,A\<turnstile>{Q} e\<succ> {\<lambda>Val:a:. fvar C stat fn a ..; R}\<rbrakk> \<Longrightarrow>


G,A\<turnstile>{Normal P} {C,stat}e..fn=\<succ> {R}"


519 
520 
521 
522 
523 


NewC: "\<lbrakk>G,A\<turnstile>{Normal P} .Init C. {Alloc G (CInst C) Q}\<rbrakk> \<Longrightarrow>


G,A\<turnstile>{Normal P} NewC C\<succ> {Q}"


527 
528 
529 
530 


Cast: "\<lbrakk>G,A\<turnstile>{Normal P} e\<succ> {\<lambda>Val:v:. \<lambda>s..


abupd (raise_if (\<not>G,s\<turnstile>v fits T) ClassCast) .; Q\<leftarrow>Val v}\<rbrakk> \<Longrightarrow>


G,A\<turnstile>{Normal P} Cast T e\<succ> {Q}"


535 
536 
537 
538 


Lit: "G,A\<turnstile>{Normal (P\<leftarrow>Val v)} Lit v\<succ> {P}"


541 
542 


Acc: "\<lbrakk>G,A\<turnstile>{Normal P} va=\<succ> {\<lambda>Var:(v,f):. Q\<leftarrow>Val v}\<rbrakk> \<Longrightarrow>


G,A\<turnstile>{Normal P} Acc va\<succ> {Q}"


546 
547 
548 
549 


Cond: "\<lbrakk>G,A \<turnstile>{Normal P} e0\<succ> {P'};


\<forall>b. G,A\<turnstile>{P'\<leftarrow>=b} (if b then e1 else e2)\<succ> {Q}\<rbrakk> \<Longrightarrow>


G,A\<turnstile>{Normal P} e0 ? e1 : e2\<succ> {Q}"


554 
555 
556 
557 
558 
559 
560 
561 
562 
563 
564 


Methd:"\<lbrakk>G,A\<union> {{P} Methd\<succ> {Q}  ms} \<turnstile> {{P} body G\<succ> {Q}  ms}\<rbrakk> \<Longrightarrow>


G,A\<turnstile>{{P} Methd\<succ> {Q}  ms}"


568 
569 
570 
571 
572 


(* expression lists *)


575 
576 


Cons: "\<lbrakk>G,A\<turnstile>{Normal P} e\<succ> {Q};


\<forall>v. G,A\<turnstile>{Q\<leftarrow>Val v} es\<doteq>\<succ> {\<lambda>Vals:vs:. R\<leftarrow>Vals (v#vs)}\<rbrakk> \<Longrightarrow>


G,A\<turnstile>{Normal P} e#es\<doteq>\<succ> {R}"


582 


Skip: "G,A\<turnstile>{Normal (P\<leftarrow>\<diamondsuit>)} .Skip. {P}"


585 
586 
587 


Lab: "\<lbrakk>G,A\<turnstile>{Normal P} .c. {abupd (absorb (Break l)) .; Q}\<rbrakk> \<Longrightarrow>


G,A\<turnstile>{Normal P} .l\<bullet> c. {Q}"


591 
592 
593 
594 


If: "\<lbrakk>G,A \<turnstile>{Normal P} e\<succ> {P'};


\<forall>b. G,A\<turnstile>{P'\<leftarrow>=b} .(if b then c1 else c2). {Q}\<rbrakk> \<Longrightarrow>


G,A\<turnstile>{Normal P} .If(e) c1 Else c2. {Q}"


(* unfolding variant of Loop, not needed here


LoopU:"\<lbrakk>G,A \<turnstile>{Normal P} e\<succ> {P'};


\<forall>b. G,A\<turnstile>{P'\<leftarrow>=b} .(if b then c;;While(e) c else Skip).{Q}\<rbrakk>


\<Longrightarrow> G,A\<turnstile>{Normal P} .While(e) c. {Q}"


*)


Loop: "\<lbrakk>G,A\<turnstile>{P} e\<succ> {P'};


G,A\<turnstile>{Normal (P'\<leftarrow>=True)} .c. {abupd (absorb (Cont l)) .; P}\<rbrakk> \<Longrightarrow>


G,A\<turnstile>{P} .l\<bullet> While(e) c. {(P'\<leftarrow>=False)\<down>=\<diamondsuit>}"


(** Beware of polymorphic_Loop below: should be identical terms **)


608 
609 


Throw:"\<lbrakk>G,A\<turnstile>{Normal P} e\<succ> {\<lambda>Val:a:. abupd (throw a) .; Q\<leftarrow>\<diamondsuit>}\<rbrakk> \<Longrightarrow>


G,A\<turnstile>{Normal P} .Throw e. {Q}"


613 
614 
615 
616 
617 


Fin: "\<lbrakk>G,A\<turnstile>{Normal P} .c1. {Q};


\<forall>x. G,A\<turnstile>{Q \<and>. (\<lambda>s. x = fst s) ;. abupd (\<lambda>x. None)}


.c2. {abupd (abrupt_if (x\<noteq>None) x) .; R}\<rbrakk> \<Longrightarrow>


G,A\<turnstile>{Normal P} .c1 Finally c2. {R}"


623 
624 


Init: "\<lbrakk>the (class G C) = c;


G,A\<turnstile>{Normal ((P \<and>. Not \<circ> initd C) ;. supd (init_class_obj G C))}


.(if C = Object then Skip else Init (super c)). {Q};


\<forall>l. G,A\<turnstile>{Q \<and>. (\<lambda>s. l = locals (store s)) ;. set_lvars empty}


.init c. {set_lvars l .; R}\<rbrakk> \<Longrightarrow>


G,A\<turnstile>{Normal (P \<and>. Not \<circ> initd C)} .Init C. {R}"


632 
633 
634 
635 
636 
637 
638 


polymorphic_Loop:


"\<lbrakk>G,A\<turnstile>{P} e\<succ> {P'};


G,A\<turnstile>{Normal (P'\<leftarrow>=True)} .c. {abupd (absorb (Cont l)) .; P}\<rbrakk> \<Longrightarrow>


G,A\<turnstile>{P} .l\<bullet> While(e) c. {(P'\<leftarrow>=False)\<down>=\<diamondsuit>}"


644 
645 
646 
647 


650 


lemma cut_valid: "\<lbrakk>G,A'\<Turnstile>ts; G,A\<Turnstile>A'\<rbrakk> \<Longrightarrow> G,A\<Turnstile>ts"


apply (unfold ax_valids_def)


apply fast


done


656 
657 
658 
659 
660 
661 
662 
663 
664 
665 
666 
667 
668 
669 
apply (fast intro: ax_derivs.asm)


670 
(*apply (fast intro: ax_derivs.cut) *)


671 
apply (fast intro: ax_derivs.weaken)


672 
apply (rule ax_derivs.conseq, intro strip, tactic "smp_tac 3 1",clarify, tactic "smp_tac 1 1",rule exI, rule exI, erule (1) conjI)


673 
(* 31 subgoals *)


674 
prefer 16 (* Methd *)


675 
apply (rule ax_derivs.Methd, drule spec, erule mp, fast)


676 
apply (tactic {* TRYALL (resolve_tac ((funpow 5 tl) (thms "ax_derivs.intros"))


677 
THEN_ALL_NEW Blast_tac) *})


678 
apply (erule ax_derivs.Call)


679 
apply clarify


680 
apply blast


681 


682 
apply (rule allI)+


683 
apply (drule spec)+


684 
apply blast


685 
done


686 


687 
lemma ax_thin_insert: "G,(A::'a triple set)\<turnstile>(t::'a triple) \<Longrightarrow> G,insert x A\<turnstile>t"


688 
apply (erule ax_thin)


689 
apply fast


690 
done


691 


692 
lemma subset_mtriples_iff:


693 
"ts \<subseteq> {{P} mb\<succ> {Q}  ms} = (\<exists>ms'. ms'\<subseteq>ms \<and> ts = {{P} mb\<succ> {Q}  ms'})"


694 
apply (unfold mtriples_def)


695 
apply (rule subset_image_iff)


696 
done


697 


698 
lemma weaken:


699 
"G,(A::'a triple set)\<turnstile>(ts'::'a triple set) \<Longrightarrow> !ts. ts \<subseteq> ts' \<longrightarrow> G,A\<turnstile>ts"


700 
apply (erule ax_derivs.induct)


701 
(*36 subgoals*)


702 
apply (tactic "ALLGOALS strip_tac")


703 
apply (tactic {* ALLGOALS(REPEAT o (EVERY'[dtac (thm "subset_singletonD"),


704 
etac disjE, fast_tac (claset() addSIs [thm "ax_derivs.empty"])]))*})


705 
apply (tactic "TRYALL hyp_subst_tac")


706 
apply (simp, rule ax_derivs.empty)


707 
apply (drule subset_insertD)


708 
apply (blast intro: ax_derivs.insert)


709 
apply (fast intro: ax_derivs.asm)


710 
(*apply (blast intro: ax_derivs.cut) *)


711 
apply (fast intro: ax_derivs.weaken)


712 
apply (rule ax_derivs.conseq, clarify, tactic "smp_tac 3 1", blast(* unused *))


713 
(*31 subgoals*)


714 
apply (tactic {* TRYALL (resolve_tac ((funpow 5 tl) (thms "ax_derivs.intros"))


715 
THEN_ALL_NEW Fast_tac) *})


716 
(*1 subgoal*)


717 
apply (clarsimp simp add: subset_mtriples_iff)


718 
apply (rule ax_derivs.Methd)


719 
apply (drule spec)


720 
apply (erule impE)


721 
apply (rule exI)


722 
apply (erule conjI)


723 
apply (rule HOL.refl)


724 
oops (* dead end, Methd is to blame *)


725 


726 


727 
section "rules derived from conseq"


728 


729 
lemma conseq12: "\<lbrakk>G,A\<turnstile>{P'} t\<succ> {Q'};


730 
\<forall>Y s Z. P Y s Z \<longrightarrow> (\<forall>Y' s'. (\<forall>Y Z'. P' Y s Z' \<longrightarrow> Q' Y' s' Z') \<longrightarrow>


731 
Q Y' s' Z)\<rbrakk>


732 
\<Longrightarrow> G,A\<turnstile>{P ::'a assn} t\<succ> {Q }"


733 
apply (rule polymorphic_conseq)


734 
apply clarsimp


735 
apply blast


736 
done


737 


738 
(*unused, but nice variant*)


739 
lemma conseq12': "\<lbrakk>G,A\<turnstile>{P'} t\<succ> {Q'}; \<forall>s Y' s'.


740 
(\<forall>Y Z. P' Y s Z \<longrightarrow> Q' Y' s' Z) \<longrightarrow>


741 
(\<forall>Y Z. P Y s Z \<longrightarrow> Q Y' s' Z)\<rbrakk>


742 
\<Longrightarrow> G,A\<turnstile>{P } t\<succ> {Q }"


743 
apply (erule conseq12)


744 
apply fast


745 
done


746 


747 
lemma conseq12_from_conseq12': "\<lbrakk>G,A\<turnstile>{P'} t\<succ> {Q'};


748 
\<forall>Y s Z. P Y s Z \<longrightarrow> (\<forall>Y' s'. (\<forall>Y Z'. P' Y s Z' \<longrightarrow> Q' Y' s' Z') \<longrightarrow>


749 
Q Y' s' Z)\<rbrakk>


750 
\<Longrightarrow> G,A\<turnstile>{P } t\<succ> {Q }"


751 
apply (erule conseq12')


752 
apply blast


753 
done


754 


755 
lemma conseq1: "\<lbrakk>G,A\<turnstile>{P'} t\<succ> {Q}; P \<Rightarrow> P'\<rbrakk> \<Longrightarrow> G,A\<turnstile>{P } t\<succ> {Q}"


756 
apply (erule conseq12)


757 
apply blast


758 
done


759 


760 
lemma conseq2: "\<lbrakk>G,A\<turnstile>{P} t\<succ> {Q'}; Q' \<Rightarrow> Q\<rbrakk> \<Longrightarrow> G,A\<turnstile>{P} t\<succ> {Q}"


761 
apply (erule conseq12)


762 
apply blast


763 
done


764 


765 
lemma ax_escape: "\<lbrakk>\<forall>Y s Z. P Y s Z \<longrightarrow> G,A\<turnstile>{\<lambda>Y' s' Z'. (Y',s') = (Y,s)} t\<succ> {\<lambda>Y s Z'. Q Y s Z}\<rbrakk> \<Longrightarrow>


766 
G,A\<turnstile>{P} t\<succ> {Q}"


767 
apply (rule polymorphic_conseq)


768 
apply force


769 
done


770 


771 
(* unused *)


772 
lemma ax_constant: "\<lbrakk> C \<Longrightarrow> G,A\<turnstile>{P} t\<succ> {Q}\<rbrakk> \<Longrightarrow> G,A\<turnstile>{\<lambda>Y s Z. C \<and> P Y s Z} t\<succ> {Q}"


773 
apply (rule ax_escape (* unused *))


774 
apply clarify


775 
apply (rule conseq12)


776 
apply fast


777 
apply auto


778 
done


779 
(*alternative (more direct) proof:


780 
apply (rule ax_derivs.conseq) *)(* unused *)(*


781 
apply (fast)


782 
*)


783 


784 


785 
lemma ax_impossible [intro]: "G,A\<turnstile>{\<lambda>Y s Z. False} t\<succ> {Q}"


786 
apply (rule ax_escape)


787 
apply clarify


788 
done


789 


790 
(* unused *)


791 
lemma ax_nochange_lemma: "\<lbrakk>P Y s; All (op = w)\<rbrakk> \<Longrightarrow> P w s"


792 
apply auto


793 
done


794 
lemma ax_nochange:"G,A\<turnstile>{\<lambda>Y s Z. (Y,s)=Z} t\<succ> {\<lambda>Y s Z. (Y,s)=Z} \<Longrightarrow> G,A\<turnstile>{P} t\<succ> {P}"


795 
apply (erule conseq12)


796 
apply auto


797 
apply (erule (1) ax_nochange_lemma)


798 
done


799 


800 
(* unused *)


801 
lemma ax_trivial: "G,A\<turnstile>{P} t\<succ> {\<lambda>Y s Z. True}"


802 
apply (rule polymorphic_conseq(* unused *))


803 
apply auto


804 
done


805 


806 
(* unused *)


807 
lemma ax_disj: "\<lbrakk>G,A\<turnstile>{P1} t\<succ> {Q1}; G,A\<turnstile>{P2} t\<succ> {Q2}\<rbrakk> \<Longrightarrow>


808 
G,A\<turnstile>{\<lambda>Y s Z. P1 Y s Z \<or> P2 Y s Z} t\<succ> {\<lambda>Y s Z. Q1 Y s Z \<or> Q2 Y s Z}"


809 
apply (rule ax_escape (* unused *))


810 
apply safe


811 
apply (erule conseq12, fast)+


812 
done


813 


814 
(* unused *)


815 
lemma ax_supd_shuffle: "(\<exists>Q. G,A\<turnstile>{P} .c1. {Q} \<and> G,A\<turnstile>{Q ;. f} .c2. {R}) =


816 
(\<exists>Q'. G,A\<turnstile>{P} .c1. {f .; Q'} \<and> G,A\<turnstile>{Q'} .c2. {R})"


817 
apply (best elim!: conseq1 conseq2)


818 
done


819 


820 
lemma ax_cases: "\<lbrakk>G,A\<turnstile>{P \<and>. C} t\<succ> {Q};


821 
G,A\<turnstile>{P \<and>. Not \<circ> C} t\<succ> {Q}\<rbrakk> \<Longrightarrow> G,A\<turnstile>{P} t\<succ> {Q}"


822 
apply (unfold peek_and_def)


823 
apply (rule ax_escape)


824 
apply clarify


825 
apply (case_tac "C s")


826 
apply (erule conseq12, force)+


827 
done


828 
(*alternative (more direct) proof:


829 
apply (rule rtac ax_derivs.conseq) *)(* unused *)(*


830 
apply clarify


831 
apply (case_tac "C s")


832 
apply force+


833 
*)


834 


835 
lemma ax_adapt: "G,A\<turnstile>{P} t\<succ> {Q} \<Longrightarrow> G,A\<turnstile>{adapt_pre P Q Q'} t\<succ> {Q'}"


836 
apply (unfold adapt_pre_def)


837 
apply (erule conseq12)


838 
apply fast


839 
done


840 


841 
lemma adapt_pre_adapts: "G,A\<Turnstile>{P} t\<succ> {Q} \<longrightarrow> G,A\<Turnstile>{adapt_pre P Q Q'} t\<succ> {Q'}"


842 
apply (unfold adapt_pre_def)


843 
apply (simp add: ax_valids_def triple_valid_def2)


844 
apply fast


845 
done


846 


847 


848 
lemma adapt_pre_weakest:


849 
"\<forall>G (A::'a triple set) t. G,A\<Turnstile>{P} t\<succ> {Q} \<longrightarrow> G,A\<Turnstile>{P'} t\<succ> {Q'} \<Longrightarrow>


850 
P' \<Rightarrow> adapt_pre P Q (Q'::'a assn)"


851 
apply (unfold adapt_pre_def)


852 
apply (drule spec)


853 
apply (drule_tac x = "{}" in spec)


854 
apply (drule_tac x = "In1r Skip" in spec)


855 
apply (simp add: ax_valids_def triple_valid_def2)


856 
oops


857 


858 
(*


859 
Goal "\<forall>(A::'a triple set) t. G,A\<Turnstile>{P} t\<succ> {Q} \<longrightarrow> G,A\<Turnstile>{P'} t\<succ> {Q'} \<Longrightarrow>


860 
wf_prog G \<Longrightarrow> G,(A::'a triple set)\<turnstile>{P} t\<succ> {Q::'a assn} \<Longrightarrow> G,A\<turnstile>{P'} t\<succ> {Q'::'a assn}"


861 
b y fatac ax_sound 1 1;


862 
b y asm_full_simp_tac (simpset() addsimps [ax_valids_def,triple_valid_def2]) 1;


863 
b y rtac ax_no_hazard 1;


864 
b y etac conseq12 1;


865 
b y Clarify_tac 1;


866 
b y case_tac "\<forall>Z. \<not>P Y s Z" 1;


867 
b y smp_tac 2 1;


868 
b y etac thin_rl 1;


869 
b y etac thin_rl 1;


870 
b y clarsimp_tac (claset(), simpset() addsimps [type_ok_def]) 1;


871 
b y subgoal_tac "G\<Turnstile>n:A" 1;


872 
b y smp_tac 1 1;


873 
b y smp_tac 3 1;


874 
b y etac impE 1;


875 
back();


876 
b y Fast_tac 1;


877 
b y


878 
b y rotate_tac 2 1;


879 
b y etac thin_rl 1;


880 
b y etac thin_rl 2;


881 
b y etac thin_rl 2;


882 
b y Clarify_tac 2;


883 
b y dtac spec 2;


884 
b y EVERY'[dtac spec, mp_tac] 2;


885 
b y thin_tac "\<forall>n Y s Z. ?PP n Y s Z" 2;


886 
b y thin_tac "P' Y s Z" 2;


887 
b y Blast_tac 2;


888 
b y smp_tac 3 1;


889 
b y case_tac "\<forall>Z. \<not>P Y s Z" 1;


890 
b y dres_inst_tac [("x","In1r Skip")] spec 1;


891 
b y Full_simp_tac 1;


892 
*)


893 


894 
lemma peek_and_forget1_Normal:


895 
"G,A\<turnstile>{Normal P} t\<succ> {Q} \<Longrightarrow> G,A\<turnstile>{Normal (P \<and>. p)} t\<succ> {Q}"


896 
apply (erule conseq1)


897 
apply (simp (no_asm))


898 
done


899 


900 
lemma peek_and_forget1: "G,A\<turnstile>{P} t\<succ> {Q} \<Longrightarrow> G,A\<turnstile>{P \<and>. p} t\<succ> {Q}"


901 
apply (erule conseq1)


902 
apply (simp (no_asm))


903 
done


904 


905 
lemmas ax_NormalD = peek_and_forget1 [of _ _ _ _ _ normal]


906 


907 
lemma peek_and_forget2: "G,A\<turnstile>{P} t\<succ> {Q \<and>. p} \<Longrightarrow> G,A\<turnstile>{P} t\<succ> {Q}"


908 
apply (erule conseq2)


909 
apply (simp (no_asm))


910 
done


911 


912 
lemma ax_subst_Val_allI: "\<forall>v. G,A\<turnstile>{(P' v )\<leftarrow>Val v} t\<succ> {Q v} \<Longrightarrow>


913 
\<forall>v. G,A\<turnstile>{(\<lambda>w:. P' (the_In1 w))\<leftarrow>Val v} t\<succ> {Q v}"


914 
apply (force elim!: conseq1)


915 
done


916 


917 
lemma ax_subst_Var_allI: "\<forall>v. G,A\<turnstile>{(P' v )\<leftarrow>Var v} t\<succ> {Q v} \<Longrightarrow>


918 
\<forall>v. G,A\<turnstile>{(\<lambda>w:. P' (the_In2 w))\<leftarrow>Var v} t\<succ> {Q v}"


919 
apply (force elim!: conseq1)


920 
done


921 


922 
lemma ax_subst_Vals_allI: "(\<forall>v. G,A\<turnstile>{( P' v )\<leftarrow>Vals v} t\<succ> {Q v}) \<Longrightarrow>


923 
\<forall>v. G,A\<turnstile>{(\<lambda>w:. P' (the_In3 w))\<leftarrow>Vals v} t\<succ> {Q v}"


924 
apply (force elim!: conseq1)


925 
done


926 


927 


928 
section "alternative axioms"


929 


930 
lemma ax_Lit2:


931 
"G,(A::'a triple set)\<turnstile>{Normal P::'a assn} Lit v\<succ> {Normal (P\<down>=Val v)}"


932 
apply (rule ax_derivs.Lit [THEN conseq1])


933 
apply force


934 
done


935 
lemma ax_Lit2_test_complete:


936 
"G,(A::'a triple set)\<turnstile>{Normal (P\<leftarrow>Val v)::'a assn} Lit v\<succ> {P}"


937 
apply (rule ax_Lit2 [THEN conseq2])


938 
apply force


939 
done


940 


941 
lemma ax_LVar2: "G,(A::'a triple set)\<turnstile>{Normal P::'a assn} LVar vn=\<succ> {Normal (\<lambda>s.. P\<down>=Var (lvar vn s))}"


942 
apply (rule ax_derivs.LVar [THEN conseq1])


943 
apply force


944 
done


945 


946 
lemma ax_Super2: "G,(A::'a triple set)\<turnstile>


947 
{Normal P::'a assn} Super\<succ> {Normal (\<lambda>s.. P\<down>=Val (val_this s))}"


948 
apply (rule ax_derivs.Super [THEN conseq1])


949 
apply force


950 
done


951 


952 
lemma ax_Nil2:


953 
"G,(A::'a triple set)\<turnstile>{Normal P::'a assn} []\<doteq>\<succ> {Normal (P\<down>=Vals [])}"


954 
apply (rule ax_derivs.Nil [THEN conseq1])


955 
apply force


956 
done


957 


958 


959 
section "misc derived structural rules"


960 


961 
(* unused *)


962 
lemma ax_finite_mtriples_lemma: "\<lbrakk>F \<subseteq> ms; finite ms; \<forall>(C,sig)\<in>ms.


963 
G,(A::'a triple set)\<turnstile>{Normal (P C sig)::'a assn} mb C sig\<succ> {Q C sig}\<rbrakk> \<Longrightarrow>


964 
G,A\<turnstile>{{P} mb\<succ> {Q}  F}"


965 
apply (frule (1) finite_subset)


966 
apply (erule make_imp)


967 
apply (erule thin_rl)


968 
apply (erule finite_induct)


969 
apply (unfold mtriples_def)


970 
apply (clarsimp intro!: ax_derivs.empty ax_derivs.insert)+


971 
apply force


972 
done


973 
lemmas ax_finite_mtriples = ax_finite_mtriples_lemma [OF subset_refl]


974 


975 
lemma ax_derivs_insertD:


976 
"G,(A::'a triple set)\<turnstile>insert (t::'a triple) ts \<Longrightarrow> G,A\<turnstile>t \<and> G,A\<turnstile>ts"


977 
apply (fast intro: ax_derivs.weaken)


978 
done


979 


980 
lemma ax_methods_spec:


981 
"\<lbrakk>G,(A::'a triple set)\<turnstile>split f ` ms; (C,sig) \<in> ms\<rbrakk>\<Longrightarrow> G,A\<turnstile>((f C sig)::'a triple)"


982 
apply (erule ax_derivs.weaken)


983 
apply (force del: image_eqI intro: rev_image_eqI)


984 
done


985 


986 
(* this version is used to avoid using the cut rule *)


987 
lemma ax_finite_pointwise_lemma [rule_format]: "\<lbrakk>F \<subseteq> ms; finite ms\<rbrakk> \<Longrightarrow>


988 
((\<forall>(C,sig)\<in>F. G,(A::'a triple set)\<turnstile>(f C sig::'a triple)) \<longrightarrow> (\<forall>(C,sig)\<in>ms. G,A\<turnstile>(g C sig::'a triple))) \<longrightarrow>


989 
G,A\<turnstile>split f ` F \<longrightarrow> G,A\<turnstile>split g ` F"


990 
apply (frule (1) finite_subset)


991 
apply (erule make_imp)


992 
apply (erule thin_rl)


993 
apply (erule finite_induct)


994 
apply clarsimp+


995 
apply (drule ax_derivs_insertD)


996 
apply (rule ax_derivs.insert)


997 
apply (simp (no_asm_simp) only: split_tupled_all)


998 
apply (auto elim: ax_methods_spec)


999 
done


1000 
lemmas ax_finite_pointwise = ax_finite_pointwise_lemma [OF subset_refl]


1001 


1002 
lemma ax_no_hazard:


1003 
"G,(A::'a triple set)\<turnstile>{P \<and>. type_ok G t} t\<succ> {Q::'a assn} \<Longrightarrow> G,A\<turnstile>{P} t\<succ> {Q}"


1004 
apply (erule ax_cases)


1005 
apply (rule ax_derivs.hazard [THEN conseq1])


1006 
apply force


1007 
done


1008 


1009 
lemma ax_free_wt:


1010 
"(\<exists>T L C. \<lparr>prg=G,cls=C,lcl=L\<rparr>\<turnstile>t\<Colon>T)


1011 
\<longrightarrow> G,(A::'a triple set)\<turnstile>{Normal P} t\<succ> {Q::'a assn} \<Longrightarrow>


1012 
G,A\<turnstile>{Normal P} t\<succ> {Q}"


1013 
apply (rule ax_no_hazard)


1014 
apply (rule ax_escape)


1015 
apply clarify


1016 
apply (erule mp [THEN conseq12])


1017 
apply (auto simp add: type_ok_def)


1018 
done


1019 


1020 
ML {*


1021 
bind_thms ("ax_Abrupts", sum3_instantiate (thm "ax_derivs.Abrupt"))


1022 
*}


1023 
declare ax_Abrupts [intro!]


1024 


1025 
lemmas ax_Normal_cases = ax_cases [of _ _ normal]


1026 


1027 
lemma ax_Skip [intro!]: "G,(A::'a triple set)\<turnstile>{P\<leftarrow>\<diamondsuit>} .Skip. {P::'a assn}"


1028 
apply (rule ax_Normal_cases)


1029 
apply (rule ax_derivs.Skip)


1030 
apply fast


1031 
done


1032 
lemmas ax_SkipI = ax_Skip [THEN conseq1, standard]


1033 


1034 


1035 
section "derived rules for methd call"


1036 


1037 
lemma ax_Call_known_DynT:


1038 
"\<lbrakk>G\<turnstile>IntVir\<rightarrow>C\<preceq>statT;


1039 
\<forall>a vs l. G,A\<turnstile>{(R a\<leftarrow>Vals vs \<and>. (\<lambda>s. l = locals (store s)) ;.


1040 
init_lvars G C \<lparr>name=mn,parTs=pTs\<rparr> IntVir a vs)}


1041 
Methd C \<lparr>name=mn,parTs=pTs\<rparr>\<succ> {set_lvars l .; S};


1042 
\<forall>a. G,A\<turnstile>{Q\<leftarrow>Val a} args\<doteq>\<succ>


1043 
{R a \<and>. (\<lambda>s. C = obj_class (the (heap (store s) (the_Addr a))) \<and>


1044 
C = invocation_declclass


1045 
G IntVir (store s) a statT \<lparr>name=mn,parTs=pTs\<rparr> )};


1046 
G,(A::'a triple set)\<turnstile>{Normal P} e\<succ> {Q::'a assn}\<rbrakk>


1047 
\<Longrightarrow> G,A\<turnstile>{Normal P} {statT,IntVir}e\<cdot>mn({pTs}args)\<succ> {S}"


1048 
apply (erule ax_derivs.Call)


1049 
apply safe


1050 
apply (erule spec)


1051 
apply (rule ax_escape, clarsimp)


1052 
apply (drule spec, drule spec, drule spec,erule conseq12)


1053 
apply force


1054 
done


1055 


1056 


1057 
lemma ax_Call_Static:


1058 
"\<lbrakk>\<forall>a vs l. G,A\<turnstile>{R a\<leftarrow>Vals vs \<and>. (\<lambda>s. l = locals (store s)) ;.


1059 
init_lvars G C \<lparr>name=mn,parTs=pTs\<rparr> Static any_Addr vs}


1060 
Methd C \<lparr>name=mn,parTs=pTs\<rparr>\<succ> {set_lvars l .; S};


1061 
G,A\<turnstile>{Normal P} e\<succ> {Q};


1062 
\<forall> a. G,(A::'a triple set)\<turnstile>{Q\<leftarrow>Val a} args\<doteq>\<succ> {(R::val \<Rightarrow> 'a assn) a


1063 
\<and>. (\<lambda> s. C=invocation_declclass


1064 
G Static (store s) a statT \<lparr>name=mn,parTs=pTs\<rparr>)}


1065 
\<rbrakk> \<Longrightarrow> G,A\<turnstile>{Normal P} {statT,Static}e\<cdot>mn({pTs}args)\<succ> {S}"


1066 
apply (erule ax_derivs.Call)


1067 
apply safe


1068 
apply (erule spec)


1069 
apply (rule ax_escape, clarsimp)


1070 
apply (erule_tac V = "?P \<longrightarrow> ?Q" in thin_rl)


1071 
apply (drule spec,drule spec,drule spec, erule conseq12)


1072 
apply (force simp add: init_lvars_def)


1073 
done


1074 


1075 
lemma ax_Methd1:


1076 
"\<lbrakk>G,A\<union>{{P} Methd\<succ> {Q}  ms}\<turnstile> {{P} body G\<succ> {Q}  ms}; (C,sig)\<in> ms\<rbrakk> \<Longrightarrow>


1077 
G,A\<turnstile>{Normal (P C sig)} Methd C sig\<succ> {Q C sig}"


1078 
apply (drule ax_derivs.Methd)


1079 
apply (unfold mtriples_def)


1080 
apply (erule (1) ax_methods_spec)


1081 
done


1082 


1083 
lemma ax_MethdN:


1084 
"G,insert({Normal P} Methd C sig\<succ> {Q}) A\<turnstile>


1085 
{Normal P} body G C sig\<succ> {Q} \<Longrightarrow>


1086 
G,A\<turnstile>{Normal P} Methd C sig\<succ> {Q}"


1087 
apply (rule ax_Methd1)


1088 
apply (rule_tac [2] singletonI)


1089 
apply (unfold mtriples_def)


1090 
apply clarsimp


1091 
done


1092 


1093 
lemma ax_StatRef:


1094 
"G,(A::'a triple set)\<turnstile>{Normal (P\<leftarrow>Val Null)} StatRef rt\<succ> {P::'a assn}"


1095 
apply (rule ax_derivs.Cast)


1096 
apply (rule ax_Lit2 [THEN conseq2])


1097 
apply clarsimp


1098 
done


1099 


1100 
section "rules derived from Init and Done"


1101 


1102 
lemma ax_InitS: "\<lbrakk>the (class G C) = c; C \<noteq> Object;


1103 
\<forall>l. G,A\<turnstile>{Q \<and>. (\<lambda>s. l = locals (store s)) ;. set_lvars empty}


1104 
.init c. {set_lvars l .; R};


1105 
G,A\<turnstile>{Normal ((P \<and>. Not \<circ> initd C) ;. supd (init_class_obj G C))}


1106 
.Init (super c). {Q}\<rbrakk> \<Longrightarrow>


1107 
G,(A::'a triple set)\<turnstile>{Normal (P \<and>. Not \<circ> initd C)} .Init C. {R::'a assn}"


1108 
apply (erule ax_derivs.Init)


1109 
apply (simp (no_asm_simp))


1110 
apply assumption


1111 
done


1112 


1113 
lemma ax_Init_Skip_lemma:


1114 
"\<forall>l. G,(A::'a triple set)\<turnstile>{P\<leftarrow>\<diamondsuit> \<and>. (\<lambda>s. l = locals (store s)) ;. set_lvars l'}


1115 
.Skip. {(set_lvars l .; P)::'a assn}"


1116 
apply (rule allI)


1117 
apply (rule ax_SkipI)


1118 
apply clarsimp


1119 
done


1120 


1121 
lemma ax_triv_InitS: "\<lbrakk>the (class G C) = c;init c = Skip; C \<noteq> Object;


1122 
P\<leftarrow>\<diamondsuit> \<Rightarrow> (supd (init_class_obj G C) .; P);


1123 
G,A\<turnstile>{Normal (P \<and>. initd C)} .Init (super c). {(P \<and>. initd C)\<leftarrow>\<diamondsuit>}\<rbrakk> \<Longrightarrow>


1124 
G,(A::'a triple set)\<turnstile>{Normal P\<leftarrow>\<diamondsuit>} .Init C. {(P \<and>. initd C)::'a assn}"


1125 
apply (rule_tac C = "initd C" in ax_cases)


1126 
apply (rule conseq1, rule ax_derivs.Done, clarsimp)


1127 
apply (simp (no_asm))


1128 
apply (erule (1) ax_InitS)


1129 
apply simp


1130 
apply (rule ax_Init_Skip_lemma)


1131 
apply (erule conseq1)


1132 
apply force


1133 
done


1134 


1135 
lemma ax_Init_Object: "wf_prog G \<Longrightarrow> G,(A::'a triple set)\<turnstile>


1136 
{Normal ((supd (init_class_obj G Object) .; P\<leftarrow>\<diamondsuit>) \<and>. Not \<circ> initd Object)}


1137 
.Init Object. {(P \<and>. initd Object)::'a assn}"


1138 
apply (rule ax_derivs.Init)


1139 
apply (drule class_Object, force)


1140 
apply (simp_all (no_asm))


1141 
apply (rule_tac [2] ax_Init_Skip_lemma)


1142 
apply (rule ax_SkipI, force)


1143 
done


1144 


1145 
lemma ax_triv_Init_Object: "\<lbrakk>wf_prog G;


1146 
(P::'a assn) \<Rightarrow> (supd (init_class_obj G Object) .; P)\<rbrakk> \<Longrightarrow>


1147 
G,(A::'a triple set)\<turnstile>{Normal P\<leftarrow>\<diamondsuit>} .Init Object. {P \<and>. initd Object}"


1148 
apply (rule_tac C = "initd Object" in ax_cases)


1149 
apply (rule conseq1, rule ax_derivs.Done, clarsimp)


1150 
apply (erule ax_Init_Object [THEN conseq1])


1151 
apply force


1152 
done


1153 


1154 


1155 
section "introduction rules for Alloc and SXAlloc"


1156 


1157 
lemma ax_SXAlloc_Normal: "G,A\<turnstile>{P} .c. {Normal Q} \<Longrightarrow> G,A\<turnstile>{P} .c. {SXAlloc G Q}"


1158 
apply (erule conseq2)


1159 
apply (clarsimp elim!: sxalloc_elim_cases simp add: split_tupled_all)


1160 
done


1161 


1162 
lemma ax_Alloc:


1163 
"G,A\<turnstile>{P} t\<succ> {Normal (\<lambda>Y (x,s) Z. (\<forall>a. new_Addr (heap s) = Some a \<longrightarrow>


1164 
Q (Val (Addr a)) (Norm(init_obj G (CInst C) (Heap a) s)) Z)) \<and>.


1165 
heap_free (Suc (Suc 0))}


1166 
\<Longrightarrow> G,A\<turnstile>{P} t\<succ> {Alloc G (CInst C) Q}"


1167 
apply (erule conseq2)


1168 
apply (auto elim!: halloc_elim_cases)


1169 
done


1170 


1171 
lemma ax_Alloc_Arr:


1172 
"G,A\<turnstile>{P} t\<succ> {\<lambda>Val:i:. Normal (\<lambda>Y (x,s) Z. \<not>the_Intg i<0 \<and>


1173 
(\<forall>a. new_Addr (heap s) = Some a \<longrightarrow>


1174 
Q (Val (Addr a)) (Norm (init_obj G (Arr T (the_Intg i)) (Heap a) s)) Z)) \<and>.


1175 
heap_free (Suc (Suc 0))} \<Longrightarrow>


1176 
G,A\<turnstile>{P} t\<succ> {\<lambda>Val:i:. abupd (check_neg i) .; Alloc G (Arr T(the_Intg i)) Q}"


1177 
apply (erule conseq2)


1178 
apply (auto elim!: halloc_elim_cases)


1179 
done


1180 


1181 
lemma ax_SXAlloc_catch_SXcpt:


1182 
"\<lbrakk>G,A\<turnstile>{P} t\<succ> {(\<lambda>Y (x,s) Z. x=Some (Xcpt (Std xn)) \<and>


1183 
(\<forall>a. new_Addr (heap s) = Some a \<longrightarrow>


1184 
Q Y (Some (Xcpt (Loc a)),init_obj G (CInst (SXcpt xn)) (Heap a) s) Z))


1185 
\<and>. heap_free (Suc (Suc 0))}\<rbrakk> \<Longrightarrow>


1186 
G,A\<turnstile>{P} t\<succ> {SXAlloc G (\<lambda>Y s Z. Q Y s Z \<and> G,s\<turnstile>catch SXcpt xn)}"


1187 
apply (erule conseq2)


1188 
apply (auto elim!: sxalloc_elim_cases halloc_elim_cases)


1189 
done


1190 


1191 
end
