src/HOL/Bali/TypeSafe.thy
author wenzelm
Mon, 25 Feb 2002 20:48:14 +0100
changeset 12937 0c4fd7529467
parent 12925 99131847fb93
child 13337 f75dfc606ac7
permissions -rw-r--r--
clarified syntax of ``long'' statements: fixes/assumes/shows;
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
12857
a4386cc9b1c3 tuned header;
wenzelm
parents: 12854
diff changeset
     1
(*  Title:      HOL/Bali/TypeSafe.thy
12854
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
     2
    ID:         $Id$
12925
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
     3
    Author:     David von Oheimb and Norbert Schirmer
12858
wenzelm
parents: 12857
diff changeset
     4
    License:    GPL (GNU GENERAL PUBLIC LICENSE)
12854
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
     5
*)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
     6
header {* The type soundness proof for Java *}
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
     7
12925
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
     8
theory TypeSafe = Eval + WellForm + Conform:
12854
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
     9
12925
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
    10
section "error free"
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
    11
 
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
    12
lemma error_free_halloc:
12937
0c4fd7529467 clarified syntax of ``long'' statements: fixes/assumes/shows;
wenzelm
parents: 12925
diff changeset
    13
  assumes halloc: "G\<turnstile>s0 \<midarrow>halloc oi\<succ>a\<rightarrow> s1" and
12925
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
    14
          error_free_s0: "error_free s0"
12937
0c4fd7529467 clarified syntax of ``long'' statements: fixes/assumes/shows;
wenzelm
parents: 12925
diff changeset
    15
  shows "error_free s1"
12925
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
    16
proof -
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
    17
  from halloc error_free_s0
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
    18
  obtain abrupt0 store0 abrupt1 store1
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
    19
    where eqs: "s0=(abrupt0,store0)" "s1=(abrupt1,store1)" and
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
    20
          halloc': "G\<turnstile>(abrupt0,store0) \<midarrow>halloc oi\<succ>a\<rightarrow> (abrupt1,store1)" and
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
    21
          error_free_s0': "error_free (abrupt0,store0)"
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
    22
    by (cases s0,cases s1) auto
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
    23
  from halloc' error_free_s0'
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
    24
  have "error_free (abrupt1,store1)"
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
    25
  proof (induct)
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
    26
    case Abrupt 
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
    27
    then show ?case
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
    28
      .
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
    29
  next
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
    30
    case New
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
    31
    then show ?case
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
    32
      by (auto split: split_if_asm)
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
    33
  qed
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
    34
  with eqs 
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
    35
  show ?thesis
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
    36
    by simp
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
    37
qed
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
    38
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
    39
lemma error_free_sxalloc:
12937
0c4fd7529467 clarified syntax of ``long'' statements: fixes/assumes/shows;
wenzelm
parents: 12925
diff changeset
    40
  assumes sxalloc: "G\<turnstile>s0 \<midarrow>sxalloc\<rightarrow> s1" and error_free_s0: "error_free s0"
0c4fd7529467 clarified syntax of ``long'' statements: fixes/assumes/shows;
wenzelm
parents: 12925
diff changeset
    41
  shows "error_free s1"
12925
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
    42
proof -
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
    43
  from sxalloc error_free_s0
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
    44
  obtain abrupt0 store0 abrupt1 store1
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
    45
    where eqs: "s0=(abrupt0,store0)" "s1=(abrupt1,store1)" and
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
    46
          sxalloc': "G\<turnstile>(abrupt0,store0) \<midarrow>sxalloc\<rightarrow> (abrupt1,store1)" and
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
    47
          error_free_s0': "error_free (abrupt0,store0)"
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
    48
    by (cases s0,cases s1) auto
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
    49
  from sxalloc' error_free_s0'
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
    50
  have "error_free (abrupt1,store1)"
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
    51
  proof (induct)
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
    52
  qed (auto)
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
    53
  with eqs 
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
    54
  show ?thesis 
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
    55
    by simp
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
    56
qed
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
    57
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
    58
lemma error_free_check_field_access_eq:
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
    59
 "error_free (check_field_access G accC statDeclC fn stat a s)
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
    60
 \<Longrightarrow> (check_field_access G accC statDeclC fn stat a s) = s"
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
    61
apply (cases s)
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
    62
apply (auto simp add: check_field_access_def Let_def error_free_def 
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
    63
                      abrupt_if_def 
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
    64
            split: split_if_asm)
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
    65
done
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
    66
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
    67
lemma error_free_check_method_access_eq:
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
    68
"error_free (check_method_access G accC statT mode sig a' s)
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
    69
 \<Longrightarrow> (check_method_access G accC statT mode sig a' s) = s"
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
    70
apply (cases s)
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
    71
apply (auto simp add: check_method_access_def Let_def error_free_def 
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
    72
                      abrupt_if_def 
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
    73
            split: split_if_asm)
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
    74
done
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
    75
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
    76
lemma error_free_FVar_lemma: 
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
    77
     "error_free s 
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
    78
       \<Longrightarrow> error_free (abupd (if stat then id else np a) s)"
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
    79
  by (case_tac s) (auto split: split_if) 
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
    80
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
    81
lemma error_free_init_lvars [simp,intro]:
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
    82
"error_free s \<Longrightarrow> 
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
    83
  error_free (init_lvars G C sig mode a pvs s)"
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
    84
by (cases s) (auto simp add: init_lvars_def Let_def split: split_if)
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
    85
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
    86
lemma error_free_LVar_lemma:   
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
    87
"error_free s \<Longrightarrow> error_free (assign (\<lambda>v. supd lupd(vn\<mapsto>v)) w s)"
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
    88
by (cases s) simp
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
    89
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
    90
lemma error_free_throw [simp,intro]:
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
    91
  "error_free s \<Longrightarrow> error_free (abupd (throw x) s)"
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
    92
by (cases s) (simp add: throw_def)
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
    93
12854
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
    94
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
    95
section "result conformance"
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
    96
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
    97
constdefs
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
    98
  assign_conforms :: "st \<Rightarrow> (val \<Rightarrow> state \<Rightarrow> state) \<Rightarrow> ty \<Rightarrow> env_ \<Rightarrow> bool"
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
    99
          ("_\<le>|_\<preceq>_\<Colon>\<preceq>_"                                        [71,71,71,71] 70)
12925
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   100
"s\<le>|f\<preceq>T\<Colon>\<preceq>E \<equiv>
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   101
 (\<forall>s' w. Norm s'\<Colon>\<preceq>E \<longrightarrow> fst E,s'\<turnstile>w\<Colon>\<preceq>T \<longrightarrow> s\<le>|s' \<longrightarrow> assign f w (Norm s')\<Colon>\<preceq>E) \<and>
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   102
 (\<forall>s' w. error_free s' \<longrightarrow> (error_free (assign f w s')))"      
12854
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   103
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   104
  rconf :: "prog \<Rightarrow> lenv \<Rightarrow> st \<Rightarrow> term \<Rightarrow> vals \<Rightarrow> tys \<Rightarrow> bool"
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   105
          ("_,_,_\<turnstile>_\<succ>_\<Colon>\<preceq>_"                               [71,71,71,71,71,71] 70)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   106
  "G,L,s\<turnstile>t\<succ>v\<Colon>\<preceq>T 
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   107
    \<equiv> case T of
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   108
        Inl T  \<Rightarrow> if (\<exists>vf. t=In2 vf)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   109
                  then G,s\<turnstile>fst (the_In2 v)\<Colon>\<preceq>T \<and> s\<le>|snd (the_In2 v)\<preceq>T\<Colon>\<preceq>(G,L)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   110
                  else G,s\<turnstile>the_In1 v\<Colon>\<preceq>T
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   111
      | Inr Ts \<Rightarrow> list_all2 (conf G s) (the_In3 v) Ts"
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   112
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   113
lemma rconf_In1 [simp]: 
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   114
 "G,L,s\<turnstile>In1 ec\<succ>In1 v \<Colon>\<preceq>Inl T  =  G,s\<turnstile>v\<Colon>\<preceq>T"
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   115
apply (unfold rconf_def)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   116
apply (simp (no_asm))
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   117
done
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   118
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   119
lemma rconf_In2 [simp]: 
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   120
 "G,L,s\<turnstile>In2 va\<succ>In2 vf\<Colon>\<preceq>Inl T  = (G,s\<turnstile>fst vf\<Colon>\<preceq>T \<and> s\<le>|snd vf\<preceq>T\<Colon>\<preceq>(G,L))"
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   121
apply (unfold rconf_def)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   122
apply (simp (no_asm))
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   123
done
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   124
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   125
lemma rconf_In3 [simp]: 
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   126
 "G,L,s\<turnstile>In3 es\<succ>In3 vs\<Colon>\<preceq>Inr Ts = list_all2 (\<lambda>v T. G,s\<turnstile>v\<Colon>\<preceq>T) vs Ts"
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   127
apply (unfold rconf_def)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   128
apply (simp (no_asm))
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   129
done
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   130
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   131
section "fits and conf"
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   132
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   133
(* unused *)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   134
lemma conf_fits: "G,s\<turnstile>v\<Colon>\<preceq>T \<Longrightarrow> G,s\<turnstile>v fits T"
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   135
apply (unfold fits_def)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   136
apply clarify
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   137
apply (erule swap, simp (no_asm_use))
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   138
apply (drule conf_RefTD)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   139
apply auto
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   140
done
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   141
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   142
lemma fits_conf: 
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   143
  "\<lbrakk>G,s\<turnstile>v\<Colon>\<preceq>T; G\<turnstile>T\<preceq>? T'; G,s\<turnstile>v fits T'; ws_prog G\<rbrakk> \<Longrightarrow> G,s\<turnstile>v\<Colon>\<preceq>T'"
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   144
apply (auto dest!: fitsD cast_PrimT2 cast_RefT2)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   145
apply (force dest: conf_RefTD intro: conf_AddrI)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   146
done
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   147
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   148
lemma fits_Array: 
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   149
 "\<lbrakk>G,s\<turnstile>v\<Colon>\<preceq>T; G\<turnstile>T'.[]\<preceq>T.[]; G,s\<turnstile>v fits T'; ws_prog G\<rbrakk> \<Longrightarrow> G,s\<turnstile>v\<Colon>\<preceq>T'"
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   150
apply (auto dest!: fitsD widen_ArrayPrimT widen_ArrayRefT)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   151
apply (force dest: conf_RefTD intro: conf_AddrI)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   152
done
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   153
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   154
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   155
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   156
section "gext"
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   157
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   158
lemma halloc_gext: "\<And>s1 s2. G\<turnstile>s1 \<midarrow>halloc oi\<succ>a\<rightarrow> s2 \<Longrightarrow> snd s1\<le>|snd s2"
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   159
apply (simp (no_asm_simp) only: split_tupled_all)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   160
apply (erule halloc.induct)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   161
apply  (auto dest!: new_AddrD)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   162
done
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   163
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   164
lemma sxalloc_gext: "\<And>s1 s2. G\<turnstile>s1 \<midarrow>sxalloc\<rightarrow> s2 \<Longrightarrow> snd s1\<le>|snd s2"
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   165
apply (simp (no_asm_simp) only: split_tupled_all)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   166
apply (erule sxalloc.induct)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   167
apply   (auto dest!: halloc_gext)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   168
done
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   169
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   170
lemma eval_gext_lemma [rule_format (no_asm)]: 
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   171
 "G\<turnstile>s \<midarrow>t\<succ>\<rightarrow> (w,s') \<Longrightarrow> snd s\<le>|snd s' \<and> (case w of  
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   172
    In1 v \<Rightarrow> True  
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   173
  | In2 vf \<Rightarrow> normal s \<longrightarrow> (\<forall>v x s. s\<le>|snd (assign (snd vf) v (x,s)))  
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   174
  | In3 vs \<Rightarrow> True)"
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   175
apply (erule eval_induct)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   176
prefer 24 
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   177
  apply (case_tac "inited C (globs s0)", clarsimp, erule thin_rl) (* Init *)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   178
apply (auto del: conjI  dest!: not_initedD gext_new sxalloc_gext halloc_gext
12925
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   179
 simp  add: lvar_def fvar_def2 avar_def2 init_lvars_def2 
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   180
            check_field_access_def check_method_access_def Let_def
12854
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   181
 split del: split_if_asm split add: sum3.split)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   182
(* 6 subgoals *)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   183
apply force+
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   184
done
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   185
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   186
lemma evar_gext_f: 
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   187
  "G\<turnstile>Norm s1 \<midarrow>e=\<succ>vf \<rightarrow> s2 \<Longrightarrow> s\<le>|snd (assign (snd vf) v (x,s))"
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   188
apply (drule eval_gext_lemma [THEN conjunct2])
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   189
apply auto
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   190
done
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   191
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   192
lemmas eval_gext = eval_gext_lemma [THEN conjunct1]
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   193
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   194
lemma eval_gext': "G\<turnstile>(x1,s1) \<midarrow>t\<succ>\<rightarrow> (w,x2,s2) \<Longrightarrow> s1\<le>|s2"
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   195
apply (drule eval_gext)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   196
apply auto
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   197
done
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   198
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   199
lemma init_yields_initd: "G\<turnstile>Norm s1 \<midarrow>Init C\<rightarrow> s2 \<Longrightarrow> initd C s2"
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   200
apply (erule eval_cases , auto split del: split_if_asm)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   201
apply (case_tac "inited C (globs s1)")
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   202
apply  (clarsimp split del: split_if_asm)+
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   203
apply (drule eval_gext')+
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   204
apply (drule init_class_obj_inited)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   205
apply (erule inited_gext)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   206
apply (simp (no_asm_use))
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   207
done
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   208
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   209
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   210
section "Lemmas"
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   211
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   212
lemma obj_ty_obj_class1: 
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   213
 "\<lbrakk>wf_prog G; is_type G (obj_ty obj)\<rbrakk> \<Longrightarrow> is_class G (obj_class obj)"
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   214
apply (case_tac "tag obj")
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   215
apply (auto simp add: obj_ty_def obj_class_def)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   216
done
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   217
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   218
lemma oconf_init_obj: 
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   219
 "\<lbrakk>wf_prog G;  
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   220
 (case r of Heap a \<Rightarrow> is_type G (obj_ty obj) | Stat C \<Rightarrow> is_class G C)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   221
\<rbrakk> \<Longrightarrow> G,s\<turnstile>obj \<lparr>values:=init_vals (var_tys G (tag obj) r)\<rparr>\<Colon>\<preceq>\<surd>r"
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   222
apply (auto intro!: oconf_init_obj_lemma unique_fields)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   223
done
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   224
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   225
(*
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   226
lemma obj_split: "P obj = (\<forall> oi vs. obj = \<lparr>tag=oi,values=vs\<rparr> \<longrightarrow> ?P \<lparr>tag=oi,values=vs\<rparr>)"
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   227
apply auto
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   228
apply (case_tac "obj")
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   229
apply auto
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   230
*)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   231
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   232
lemma conforms_newG: "\<lbrakk>globs s oref = None; (x, s)\<Colon>\<preceq>(G,L);   
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   233
  wf_prog G; case oref of Heap a \<Rightarrow> is_type G (obj_ty \<lparr>tag=oi,values=vs\<rparr>)  
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   234
                        | Stat C \<Rightarrow> is_class G C\<rbrakk> \<Longrightarrow>  
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   235
  (x, init_obj G oi oref s)\<Colon>\<preceq>(G, L)"
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   236
apply (unfold init_obj_def)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   237
apply (auto elim!: conforms_gupd dest!: oconf_init_obj 
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   238
            simp add: obj.update_defs)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   239
done
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   240
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   241
lemma conforms_init_class_obj: 
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   242
 "\<lbrakk>(x,s)\<Colon>\<preceq>(G, L); wf_prog G; class G C=Some y; \<not> inited C (globs s)\<rbrakk> \<Longrightarrow> 
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   243
  (x,init_class_obj G C s)\<Colon>\<preceq>(G, L)"
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   244
apply (rule not_initedD [THEN conforms_newG])
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   245
apply    (auto)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   246
done
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   247
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   248
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   249
lemma fst_init_lvars[simp]: 
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   250
 "fst (init_lvars G C sig (invmode m e) a' pvs (x,s)) = 
12925
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   251
  (if is_static m then x else (np a') x)"
12854
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   252
apply (simp (no_asm) add: init_lvars_def2)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   253
done
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   254
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   255
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   256
lemma halloc_conforms: "\<And>s1. \<lbrakk>G\<turnstile>s1 \<midarrow>halloc oi\<succ>a\<rightarrow> s2; wf_prog G; s1\<Colon>\<preceq>(G, L); 
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   257
  is_type G (obj_ty \<lparr>tag=oi,values=fs\<rparr>)\<rbrakk> \<Longrightarrow> s2\<Colon>\<preceq>(G, L)"
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   258
apply (simp (no_asm_simp) only: split_tupled_all)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   259
apply (case_tac "aa")
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   260
apply  (auto elim!: halloc_elim_cases dest!: new_AddrD 
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   261
       intro!: conforms_newG [THEN conforms_xconf] conf_AddrI)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   262
done
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   263
12925
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   264
lemma halloc_type_sound: 
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   265
"\<And>s1. \<lbrakk>G\<turnstile>s1 \<midarrow>halloc oi\<succ>a\<rightarrow> (x,s); wf_prog G; s1\<Colon>\<preceq>(G, L);
12854
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   266
  T = obj_ty \<lparr>tag=oi,values=fs\<rparr>; is_type G T\<rbrakk> \<Longrightarrow>  
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   267
  (x,s)\<Colon>\<preceq>(G, L) \<and> (x = None \<longrightarrow> G,s\<turnstile>Addr a\<Colon>\<preceq>T)"
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   268
apply (auto elim!: halloc_conforms)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   269
apply (case_tac "aa")
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   270
apply (subst obj_ty_eq)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   271
apply  (auto elim!: halloc_elim_cases dest!: new_AddrD intro!: conf_AddrI)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   272
done
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   273
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   274
lemma sxalloc_type_sound: 
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   275
 "\<And>s1 s2. \<lbrakk>G\<turnstile>s1 \<midarrow>sxalloc\<rightarrow> s2; wf_prog G\<rbrakk> \<Longrightarrow> case fst s1 of  
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   276
  None \<Rightarrow> s2 = s1 | Some x \<Rightarrow>  
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   277
  (\<exists>a. fst s2 = Some(Xcpt (Loc a)) \<and> (\<forall>L. s1\<Colon>\<preceq>(G,L) \<longrightarrow> s2\<Colon>\<preceq>(G,L)))"
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   278
apply (simp (no_asm_simp) only: split_tupled_all)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   279
apply (erule sxalloc.induct)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   280
apply   auto
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   281
apply (rule halloc_conforms [THEN conforms_xconf])
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   282
apply     (auto elim!: halloc_elim_cases dest!: new_AddrD intro!: conf_AddrI)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   283
done
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   284
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   285
lemma wt_init_comp_ty: 
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   286
"is_acc_type G (pid C) T \<Longrightarrow> \<lparr>prg=G,cls=C,lcl=L\<rparr>\<turnstile>init_comp_ty T\<Colon>\<surd>"
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   287
apply (unfold init_comp_ty_def)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   288
apply (clarsimp simp add: accessible_in_RefT_simp 
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   289
                          is_acc_type_def is_acc_class_def)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   290
done
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   291
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   292
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   293
declare fun_upd_same [simp]
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   294
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   295
declare fun_upd_apply [simp del]
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   296
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   297
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   298
constdefs
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   299
  DynT_prop::"[prog,inv_mode,qtname,ref_ty] \<Rightarrow> bool" 
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   300
                                              ("_\<turnstile>_\<rightarrow>_\<preceq>_"[71,71,71,71]70)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   301
 "G\<turnstile>mode\<rightarrow>D\<preceq>t \<equiv> mode = IntVir \<longrightarrow> is_class G D \<and> 
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   302
                     (if (\<exists>T. t=ArrayT T) then D=Object else G\<turnstile>Class D\<preceq>RefT t)"
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   303
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   304
lemma DynT_propI: 
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   305
 "\<lbrakk>(x,s)\<Colon>\<preceq>(G, L); G,s\<turnstile>a'\<Colon>\<preceq>RefT statT; wf_prog G; mode = IntVir \<longrightarrow> a' \<noteq> Null\<rbrakk> 
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   306
  \<Longrightarrow>  G\<turnstile>mode\<rightarrow>invocation_class mode s a' statT\<preceq>statT"
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   307
proof (unfold DynT_prop_def)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   308
  assume state_conform: "(x,s)\<Colon>\<preceq>(G, L)"
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   309
     and      statT_a': "G,s\<turnstile>a'\<Colon>\<preceq>RefT statT"
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   310
     and            wf: "wf_prog G"
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   311
     and          mode: "mode = IntVir \<longrightarrow> a' \<noteq> Null"
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   312
  let ?invCls = "(invocation_class mode s a' statT)"
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   313
  let ?IntVir = "mode = IntVir"
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   314
  let ?Concl  = "\<lambda>invCls. is_class G invCls \<and>
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   315
                          (if \<exists>T. statT = ArrayT T
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   316
                                  then invCls = Object
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   317
                                  else G\<turnstile>Class invCls\<preceq>RefT statT)"
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   318
  show "?IntVir \<longrightarrow> ?Concl ?invCls"
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   319
  proof  
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   320
    assume modeIntVir: ?IntVir 
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   321
    with mode have not_Null: "a' \<noteq> Null" ..
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   322
    from statT_a' not_Null state_conform 
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   323
    obtain a obj 
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   324
      where obj_props:  "a' = Addr a" "globs s (Inl a) = Some obj"   
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   325
                        "G\<turnstile>obj_ty obj\<preceq>RefT statT" "is_type G (obj_ty obj)"
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   326
      by (blast dest: conforms_RefTD)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   327
    show "?Concl ?invCls"
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   328
    proof (cases "tag obj")
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   329
      case CInst
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   330
      with modeIntVir obj_props
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   331
      show ?thesis 
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   332
	by (auto dest!: widen_Array2 split add: split_if)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   333
    next
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   334
      case Arr
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   335
      from Arr obtain T where "obj_ty obj = T.[]" by (blast dest: obj_ty_Arr1)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   336
      moreover from Arr have "obj_class obj = Object" 
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   337
	by (blast dest: obj_class_Arr1)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   338
      moreover note modeIntVir obj_props wf 
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   339
      ultimately show ?thesis by (auto dest!: widen_Array )
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   340
    qed
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   341
  qed
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   342
qed
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   343
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   344
lemma invocation_methd:
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   345
"\<lbrakk>wf_prog G; statT \<noteq> NullT; 
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   346
 (\<forall> statC. statT = ClassT statC \<longrightarrow> is_class G statC);
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   347
 (\<forall>     I. statT = IfaceT I \<longrightarrow> is_iface G I \<and> mode \<noteq> SuperM);
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   348
 (\<forall>     T. statT = ArrayT T \<longrightarrow> mode \<noteq> SuperM);
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   349
 G\<turnstile>mode\<rightarrow>invocation_class mode s a' statT\<preceq>statT;  
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   350
 dynlookup G statT (invocation_class mode s a' statT) sig = Some m \<rbrakk> 
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   351
\<Longrightarrow> methd G (invocation_declclass G mode s a' statT sig) sig = Some m"
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   352
proof -
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   353
  assume         wf: "wf_prog G"
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   354
     and  not_NullT: "statT \<noteq> NullT"
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   355
     and statC_prop: "(\<forall> statC. statT = ClassT statC \<longrightarrow> is_class G statC)"
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   356
     and statI_prop: "(\<forall> I. statT = IfaceT I \<longrightarrow> is_iface G I \<and> mode \<noteq> SuperM)"
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   357
     and statA_prop: "(\<forall>     T. statT = ArrayT T \<longrightarrow> mode \<noteq> SuperM)"
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   358
     and  invC_prop: "G\<turnstile>mode\<rightarrow>invocation_class mode s a' statT\<preceq>statT"
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   359
     and  dynlookup: "dynlookup G statT (invocation_class mode s a' statT) sig 
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   360
                      = Some m"
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   361
  show ?thesis
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   362
  proof (cases statT)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   363
    case NullT
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   364
    with not_NullT show ?thesis by simp
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   365
  next
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   366
    case IfaceT
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   367
    with statI_prop obtain I 
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   368
      where    statI: "statT = IfaceT I" and 
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   369
            is_iface: "is_iface G I"     and
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   370
          not_SuperM: "mode \<noteq> SuperM" by blast            
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   371
    
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   372
    show ?thesis 
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   373
    proof (cases mode)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   374
      case Static
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   375
      with wf dynlookup statI is_iface 
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   376
      show ?thesis
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   377
	by (auto simp add: invocation_declclass_def dynlookup_def 
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   378
                           dynimethd_def dynmethd_C_C 
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   379
	            intro: dynmethd_declclass
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   380
	            dest!: wf_imethdsD
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   381
                     dest: table_of_map_SomeI
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   382
                    split: split_if_asm)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   383
    next	
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   384
      case SuperM
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   385
      with not_SuperM show ?thesis ..
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   386
    next
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   387
      case IntVir
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   388
      with wf dynlookup IfaceT invC_prop show ?thesis 
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   389
	by (auto simp add: invocation_declclass_def dynlookup_def dynimethd_def
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   390
                           DynT_prop_def
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   391
	            intro: methd_declclass dynmethd_declclass
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   392
	            split: split_if_asm)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   393
    qed
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   394
  next
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   395
    case ClassT
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   396
    show ?thesis
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   397
    proof (cases mode)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   398
      case Static
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   399
      with wf ClassT dynlookup statC_prop 
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   400
      show ?thesis by (auto simp add: invocation_declclass_def dynlookup_def
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   401
                               intro: dynmethd_declclass)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   402
    next
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   403
      case SuperM
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   404
      with wf ClassT dynlookup statC_prop 
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   405
      show ?thesis by (auto simp add: invocation_declclass_def dynlookup_def
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   406
                               intro: dynmethd_declclass)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   407
    next
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   408
      case IntVir
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   409
      with wf ClassT dynlookup statC_prop invC_prop 
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   410
      show ?thesis
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   411
	by (auto simp add: invocation_declclass_def dynlookup_def dynimethd_def
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   412
                           DynT_prop_def
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   413
	            intro: dynmethd_declclass)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   414
    qed
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   415
  next
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   416
    case ArrayT
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   417
    show ?thesis
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   418
    proof (cases mode)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   419
      case Static
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   420
      with wf ArrayT dynlookup show ?thesis
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   421
	by (auto simp add: invocation_declclass_def dynlookup_def 
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   422
                           dynimethd_def dynmethd_C_C
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   423
                    intro: dynmethd_declclass
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   424
                     dest: table_of_map_SomeI)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   425
    next
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   426
      case SuperM
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   427
      with ArrayT statA_prop show ?thesis by blast
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   428
    next
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   429
      case IntVir
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   430
      with wf ArrayT dynlookup invC_prop show ?thesis
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   431
	by (auto simp add: invocation_declclass_def dynlookup_def dynimethd_def
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   432
                           DynT_prop_def dynmethd_C_C
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   433
                    intro: dynmethd_declclass
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   434
                     dest: table_of_map_SomeI)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   435
    qed
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   436
  qed
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   437
qed
12925
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   438
12854
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   439
lemma DynT_mheadsD: 
12925
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   440
"\<lbrakk>G\<turnstile>invmode sm e\<rightarrow>invC\<preceq>statT; 
12854
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   441
  wf_prog G; \<lparr>prg=G,cls=C,lcl=L\<rparr>\<turnstile>e\<Colon>-RefT statT; 
12925
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   442
  (statDeclT,sm) \<in> mheads G C statT sig; 
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   443
  invC = invocation_class (invmode sm e) s a' statT;
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   444
  declC =invocation_declclass G (invmode sm e) s a' statT sig
12854
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   445
 \<rbrakk> \<Longrightarrow> 
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   446
  \<exists> dm. 
12925
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   447
  methd G declC sig = Some dm \<and> dynlookup G statT invC sig = Some dm  \<and> 
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   448
  G\<turnstile>resTy (mthd dm)\<preceq>resTy sm \<and> 
12854
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   449
  wf_mdecl G declC (sig, mthd dm) \<and>
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   450
  declC = declclass dm \<and>
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   451
  is_static dm = is_static sm \<and>  
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   452
  is_class G invC \<and> is_class G declC  \<and> G\<turnstile>invC\<preceq>\<^sub>C declC \<and>  
12925
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   453
  (if invmode sm e = IntVir
12854
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   454
      then (\<forall> statC. statT=ClassT statC \<longrightarrow> G\<turnstile>invC \<preceq>\<^sub>C statC)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   455
      else (  (\<exists> statC. statT=ClassT statC \<and> G\<turnstile>statC\<preceq>\<^sub>C declC)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   456
            \<or> (\<forall> statC. statT\<noteq>ClassT statC \<and> declC=Object)) \<and> 
12925
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   457
            statDeclT = ClassT (declclass dm))"
12854
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   458
proof -
12925
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   459
  assume invC_prop: "G\<turnstile>invmode sm e\<rightarrow>invC\<preceq>statT" 
12854
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   460
     and        wf: "wf_prog G" 
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   461
     and      wt_e: "\<lparr>prg=G,cls=C,lcl=L\<rparr>\<turnstile>e\<Colon>-RefT statT"
12925
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   462
     and        sm: "(statDeclT,sm) \<in> mheads G C statT sig" 
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   463
     and      invC: "invC = invocation_class (invmode sm e) s a' statT"
12854
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   464
     and     declC: "declC = 
12925
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   465
                    invocation_declclass G (invmode sm e) s a' statT sig"
12854
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   466
  from wt_e wf have type_statT: "is_type G (RefT statT)"
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   467
    by (auto dest: ty_expr_is_type)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   468
  from sm have not_Null: "statT \<noteq> NullT" by auto
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   469
  from type_statT 
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   470
  have wf_C: "(\<forall> statC. statT = ClassT statC \<longrightarrow> is_class G statC)"
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   471
    by (auto)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   472
  from type_statT wt_e 
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   473
  have wf_I: "(\<forall>I. statT = IfaceT I \<longrightarrow> is_iface G I \<and> 
12925
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   474
                                        invmode sm e \<noteq> SuperM)"
12854
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   475
    by (auto dest: invocationTypeExpr_noClassD)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   476
  from wt_e
12925
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   477
  have wf_A: "(\<forall>     T. statT = ArrayT T \<longrightarrow> invmode sm e \<noteq> SuperM)"
12854
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   478
    by (auto dest: invocationTypeExpr_noClassD)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   479
  show ?thesis
12925
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   480
  proof (cases "invmode sm e = IntVir")
12854
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   481
    case True
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   482
    with invC_prop not_Null
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   483
    have invC_prop': " is_class G invC \<and> 
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   484
                      (if (\<exists>T. statT=ArrayT T) then invC=Object 
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   485
                                              else G\<turnstile>Class invC\<preceq>RefT statT)"
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   486
      by (auto simp add: DynT_prop_def) 
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   487
    from True 
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   488
    have "\<not> is_static sm"
12925
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   489
      by (simp add: invmode_IntVir_eq member_is_static_simp)
12854
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   490
    with invC_prop' not_Null
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   491
    have "G,statT \<turnstile> invC valid_lookup_cls_for (is_static sm)"
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   492
      by (cases statT) auto
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   493
    with sm wf type_statT obtain dm where
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   494
           dm: "dynlookup G statT invC sig = Some dm" and
12925
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   495
      resT_dm: "G\<turnstile>resTy (mthd dm)\<preceq>resTy sm"      and
12854
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   496
       static: "is_static dm = is_static sm"
12925
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   497
      by  - (drule dynamic_mheadsD,force+)
12854
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   498
    with declC invC not_Null 
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   499
    have declC': "declC = (declclass dm)" 
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   500
      by (auto simp add: invocation_declclass_def)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   501
    with wf invC declC not_Null wf_C wf_I wf_A invC_prop dm 
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   502
    have dm': "methd G declC sig = Some dm"
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   503
      by - (drule invocation_methd,auto)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   504
    from wf dm invC_prop' declC' type_statT 
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   505
    have declC_prop: "G\<turnstile>invC \<preceq>\<^sub>C declC \<and> is_class G declC"
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   506
      by (auto dest: dynlookup_declC)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   507
    from wf dm' declC_prop declC' 
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   508
    have wf_dm: "wf_mdecl G declC (sig,(mthd dm))"
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   509
      by (auto dest: methd_wf_mdecl)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   510
    from invC_prop' 
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   511
    have statC_prop: "(\<forall> statC. statT=ClassT statC \<longrightarrow> G\<turnstile>invC \<preceq>\<^sub>C statC)"
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   512
      by auto
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   513
    from True dm' resT_dm wf_dm invC_prop' declC_prop statC_prop declC' static
12925
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   514
         dm
12854
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   515
    show ?thesis by auto
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   516
  next
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   517
    case False
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   518
    with type_statT wf invC not_Null wf_I wf_A
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   519
    have invC_prop': "is_class G invC \<and>  
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   520
                     ((\<exists> statC. statT=ClassT statC \<and> invC=statC) \<or>
12925
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   521
                      (\<forall> statC. statT\<noteq>ClassT statC \<and> invC=Object))"
12854
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   522
        by (case_tac "statT") (auto simp add: invocation_class_def 
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   523
                                       split: inv_mode.splits)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   524
    with not_Null wf
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   525
    have dynlookup_static: "dynlookup G statT invC sig = methd G invC sig"
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   526
      by (case_tac "statT") (auto simp add: dynlookup_def dynmethd_C_C
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   527
                                            dynimethd_def)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   528
    from sm wf wt_e not_Null False invC_prop' obtain "dm" where
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   529
                    dm: "methd G invC sig = Some dm"          and
12925
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   530
	eq_declC_sm_dm:"statDeclT = ClassT (declclass dm)"  and
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   531
	     eq_mheads:"sm=mhead (mthd dm) "
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   532
      by - (drule static_mheadsD, (force dest: accmethd_SomeD)+)
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   533
    then have static: "is_static dm = is_static sm" by - (auto)
12854
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   534
    with declC invC dynlookup_static dm
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   535
    have declC': "declC = (declclass dm)"  
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   536
      by (auto simp add: invocation_declclass_def)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   537
    from invC_prop' wf declC' dm 
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   538
    have dm': "methd G declC sig = Some dm"
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   539
      by (auto intro: methd_declclass)
12925
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   540
    from dynlookup_static dm 
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   541
    have dm'': "dynlookup G statT invC sig = Some dm"
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   542
      by simp
12854
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   543
    from wf dm invC_prop' declC' type_statT 
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   544
    have declC_prop: "G\<turnstile>invC \<preceq>\<^sub>C declC \<and> is_class G declC"
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   545
      by (auto dest: methd_declC )
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   546
    then have declC_prop1: "invC=Object \<longrightarrow> declC=Object"  by auto
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   547
    from wf dm' declC_prop declC' 
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   548
    have wf_dm: "wf_mdecl G declC (sig,(mthd dm))"
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   549
      by (auto dest: methd_wf_mdecl)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   550
    from invC_prop' declC_prop declC_prop1
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   551
    have statC_prop: "(   (\<exists> statC. statT=ClassT statC \<and> G\<turnstile>statC\<preceq>\<^sub>C declC)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   552
                       \<or>  (\<forall> statC. statT\<noteq>ClassT statC \<and> declC=Object))" 
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   553
      by auto
12925
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   554
    from False dm' dm'' wf_dm invC_prop' declC_prop statC_prop declC' 
12854
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   555
         eq_declC_sm_dm eq_mheads static
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   556
    show ?thesis by auto
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   557
  qed
12925
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   558
qed   
12854
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   559
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   560
lemma DynT_conf: "\<lbrakk>G\<turnstile>invocation_class mode s a' statT \<preceq>\<^sub>C declC; wf_prog G;
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   561
 isrtype G (statT);
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   562
 G,s\<turnstile>a'\<Colon>\<preceq>RefT statT; mode = IntVir \<longrightarrow> a' \<noteq> Null;  
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   563
  mode \<noteq> IntVir \<longrightarrow>    (\<exists> statC. statT=ClassT statC \<and> G\<turnstile>statC\<preceq>\<^sub>C declC)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   564
                    \<or>  (\<forall> statC. statT\<noteq>ClassT statC \<and> declC=Object)\<rbrakk> 
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   565
 \<Longrightarrow>G,s\<turnstile>a'\<Colon>\<preceq> Class declC"
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   566
apply (case_tac "mode = IntVir")
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   567
apply (drule conf_RefTD)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   568
apply (force intro!: conf_AddrI 
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   569
            simp add: obj_class_def split add: obj_tag.split_asm)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   570
apply  clarsimp
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   571
apply  safe
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   572
apply    (erule (1) widen.subcls [THEN conf_widen])
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   573
apply    (erule wf_ws_prog)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   574
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   575
apply    (frule widen_Object) apply (erule wf_ws_prog)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   576
apply    (erule (1) conf_widen) apply (erule wf_ws_prog)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   577
done
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   578
12925
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   579
lemma Ass_lemma:
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   580
"\<lbrakk> G\<turnstile>Norm s0 \<midarrow>var=\<succ>(w, f)\<rightarrow> Norm s1; G\<turnstile>Norm s1 \<midarrow>e-\<succ>v\<rightarrow> Norm s2;
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   581
   G,s2\<turnstile>v\<Colon>\<preceq>eT;s1\<le>|s2 \<longrightarrow> assign f v (Norm s2)\<Colon>\<preceq>(G, L)\<rbrakk>
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   582
\<Longrightarrow> assign f v (Norm s2)\<Colon>\<preceq>(G, L) \<and>
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   583
      (normal (assign f v (Norm s2)) \<longrightarrow> G,store (assign f v (Norm s2))\<turnstile>v\<Colon>\<preceq>eT)"
12854
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   584
apply (drule_tac x = "None" and s = "s2" and v = "v" in evar_gext_f)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   585
apply (drule eval_gext', clarsimp)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   586
apply (erule conf_gext)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   587
apply simp
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   588
done
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   589
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   590
lemma Throw_lemma: "\<lbrakk>G\<turnstile>tn\<preceq>\<^sub>C SXcpt Throwable; wf_prog G; (x1,s1)\<Colon>\<preceq>(G, L);  
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   591
    x1 = None \<longrightarrow> G,s1\<turnstile>a'\<Colon>\<preceq> Class tn\<rbrakk> \<Longrightarrow> (throw a' x1, s1)\<Colon>\<preceq>(G, L)"
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   592
apply (auto split add: split_abrupt_if simp add: throw_def2)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   593
apply (erule conforms_xconf)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   594
apply (frule conf_RefTD)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   595
apply (auto elim: widen.subcls [THEN conf_widen])
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   596
done
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   597
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   598
lemma Try_lemma: "\<lbrakk>G\<turnstile>obj_ty (the (globs s1' (Heap a)))\<preceq> Class tn; 
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   599
 (Some (Xcpt (Loc a)), s1')\<Colon>\<preceq>(G, L); wf_prog G\<rbrakk> 
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   600
 \<Longrightarrow> Norm (lupd(vn\<mapsto>Addr a) s1')\<Colon>\<preceq>(G, L(vn\<mapsto>Class tn))"
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   601
apply (rule conforms_allocL)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   602
apply  (erule conforms_NormI)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   603
apply (drule conforms_XcptLocD [THEN conf_RefTD],rule HOL.refl)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   604
apply (auto intro!: conf_AddrI)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   605
done
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   606
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   607
lemma Fin_lemma: 
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   608
"\<lbrakk>G\<turnstile>Norm s1 \<midarrow>c2\<rightarrow> (x2,s2); wf_prog G; (Some a, s1)\<Colon>\<preceq>(G, L); (x2,s2)\<Colon>\<preceq>(G, L)\<rbrakk> 
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   609
\<Longrightarrow>  (abrupt_if True (Some a) x2, s2)\<Colon>\<preceq>(G, L)"
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   610
apply (force elim: eval_gext' conforms_xgext split add: split_abrupt_if)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   611
done
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   612
12925
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   613
lemma FVar_lemma1: 
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   614
"\<lbrakk>table_of (DeclConcepts.fields G statC) (fn, statDeclC) = Some f ; 
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   615
  x2 = None \<longrightarrow> G,s2\<turnstile>a\<Colon>\<preceq> Class statC; wf_prog G; G\<turnstile>statC\<preceq>\<^sub>C statDeclC; 
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   616
  statDeclC \<noteq> Object; 
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   617
  class G statDeclC = Some y; (x2,s2)\<Colon>\<preceq>(G, L); s1\<le>|s2; 
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   618
  inited statDeclC (globs s1); 
12854
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   619
  (if static f then id else np a) x2 = None\<rbrakk> 
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   620
 \<Longrightarrow>  
12925
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   621
  \<exists>obj. globs s2 (if static f then Inr statDeclC else Inl (the_Addr a)) 
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   622
                  = Some obj \<and> 
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   623
  var_tys G (tag obj)  (if static f then Inr statDeclC else Inl(the_Addr a)) 
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   624
          (Inl(fn,statDeclC)) = Some (type f)"
12854
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   625
apply (drule initedD)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   626
apply (frule subcls_is_class2, simp (no_asm_simp))
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   627
apply (case_tac "static f")
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   628
apply  clarsimp
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   629
apply  (drule (1) rev_gext_objD, clarsimp)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   630
apply  (frule fields_declC, erule wf_ws_prog, simp (no_asm_simp))
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   631
apply  (rule var_tys_Some_eq [THEN iffD2])
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   632
apply  clarsimp
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   633
apply  (erule fields_table_SomeI, simp (no_asm))
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   634
apply clarsimp
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   635
apply (drule conf_RefTD, clarsimp, rule var_tys_Some_eq [THEN iffD2])
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   636
apply (auto dest!: widen_Array split add: obj_tag.split)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   637
apply (rotate_tac -1) (* to front: tag obja = CInst pid_field_type to enable
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   638
                         conditional rewrite *)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   639
apply (rule fields_table_SomeI)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   640
apply (auto elim!: fields_mono subcls_is_class2)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   641
done
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   642
12925
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   643
lemma FVar_lemma2: "error_free state
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   644
       \<Longrightarrow> error_free
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   645
           (assign
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   646
             (\<lambda>v. supd
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   647
                   (upd_gobj
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   648
                     (if static field then Inr statDeclC
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   649
                      else Inl (the_Addr a))
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   650
                     (Inl (fn, statDeclC)) v))
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   651
             w state)"
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   652
proof -
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   653
  assume error_free: "error_free state"
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   654
  obtain a s where "state=(a,s)"
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   655
    by (cases state) simp
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   656
  with error_free
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   657
  show ?thesis
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   658
    by (cases a) auto
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   659
qed
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   660
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   661
declare split_paired_All [simp del] split_paired_Ex [simp del] 
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   662
declare split_if     [split del] split_if_asm     [split del] 
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   663
        option.split [split del] option.split_asm [split del]
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   664
ML_setup {*
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   665
simpset_ref() := simpset() delloop "split_all_tac";
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   666
claset_ref () := claset () delSWrapper "split_all_tac"
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   667
*}
12854
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   668
lemma FVar_lemma: 
12925
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   669
"\<lbrakk>((v, f), Norm s2') = fvar statDeclC (static field) fn a (x2, s2); 
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   670
  G\<turnstile>statC\<preceq>\<^sub>C statDeclC;  
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   671
  table_of (DeclConcepts.fields G statC) (fn, statDeclC) = Some field; 
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   672
  wf_prog G;   
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   673
  x2 = None \<longrightarrow> G,s2\<turnstile>a\<Colon>\<preceq>Class statC; 
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   674
  statDeclC \<noteq> Object; class G statDeclC = Some y;   
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   675
  (x2, s2)\<Colon>\<preceq>(G, L); s1\<le>|s2; inited statDeclC (globs s1)\<rbrakk> \<Longrightarrow>  
12854
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   676
  G,s2'\<turnstile>v\<Colon>\<preceq>type field \<and> s2'\<le>|f\<preceq>type field\<Colon>\<preceq>(G, L)"
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   677
apply (unfold assign_conforms_def)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   678
apply (drule sym)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   679
apply (clarsimp simp add: fvar_def2)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   680
apply (drule (9) FVar_lemma1)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   681
apply (clarsimp)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   682
apply (drule (2) conforms_globsD [THEN oconf_lconf, THEN lconfD])
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   683
apply clarsimp
12925
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   684
apply (rule conjI)
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   685
apply   clarsimp
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   686
apply   (drule (1) rev_gext_objD)
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   687
apply   (force elim!: conforms_upd_gobj)
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   688
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   689
apply   (blast intro: FVar_lemma2)
12854
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   690
done
12925
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   691
declare split_paired_All [simp] split_paired_Ex [simp] 
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   692
declare split_if     [split] split_if_asm     [split] 
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   693
        option.split [split] option.split_asm [split]
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   694
ML_setup {*
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   695
claset_ref()  := claset() addSbefore ("split_all_tac", split_all_tac);
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   696
simpset_ref() := simpset() addloop ("split_all_tac", split_all_tac)
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   697
*}
12854
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   698
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   699
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   700
lemma AVar_lemma1: "\<lbrakk>globs s (Inl a) = Some obj;tag obj=Arr ty i; 
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   701
 the_Intg i' in_bounds i; wf_prog G; G\<turnstile>ty.[]\<preceq>Tb.[]; Norm s\<Colon>\<preceq>(G, L)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   702
\<rbrakk> \<Longrightarrow> G,s\<turnstile>the ((values obj) (Inr (the_Intg i')))\<Colon>\<preceq>Tb"
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   703
apply (erule widen_Array_Array [THEN conf_widen])
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   704
apply  (erule_tac [2] wf_ws_prog)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   705
apply (drule (1) conforms_globsD [THEN oconf_lconf, THEN lconfD])
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   706
defer apply assumption
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   707
apply (force intro: var_tys_Some_eq [THEN iffD2])
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   708
done
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   709
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   710
lemma obj_split: "\<And> obj. \<exists> t vs. obj = \<lparr>tag=t,values=vs\<rparr>"
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   711
proof record_split
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   712
  fix tag values more
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   713
  show "\<exists>t vs. \<lparr>tag = tag, values = values, \<dots> = more\<rparr> = \<lparr>tag = t, values = vs\<rparr>"
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   714
    by auto
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   715
qed
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   716
 
12925
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   717
lemma AVar_lemma2: "error_free state 
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   718
       \<Longrightarrow> error_free
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   719
           (assign
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   720
             (\<lambda>v (x, s').
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   721
                 ((raise_if (\<not> G,s'\<turnstile>v fits T) ArrStore) x,
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   722
                  upd_gobj (Inl a) (Inr (the_Intg i)) v s'))
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   723
             w state)"
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   724
proof -
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   725
  assume error_free: "error_free state"
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   726
  obtain a s where "state=(a,s)"
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   727
    by (cases state) simp
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   728
  with error_free
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   729
  show ?thesis
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   730
    by (cases a) auto
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   731
qed
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   732
12854
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   733
lemma AVar_lemma: "\<lbrakk>wf_prog G; G\<turnstile>(x1, s1) \<midarrow>e2-\<succ>i\<rightarrow> (x2, s2);  
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   734
  ((v,f), Norm s2') = avar G i a (x2, s2); x1 = None \<longrightarrow> G,s1\<turnstile>a\<Colon>\<preceq>Ta.[];  
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   735
  (x2, s2)\<Colon>\<preceq>(G, L); s1\<le>|s2\<rbrakk> \<Longrightarrow> G,s2'\<turnstile>v\<Colon>\<preceq>Ta \<and> s2'\<le>|f\<preceq>Ta\<Colon>\<preceq>(G, L)"
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   736
apply (unfold assign_conforms_def)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   737
apply (drule sym)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   738
apply (clarsimp simp add: avar_def2)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   739
apply (drule (1) conf_gext)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   740
apply (drule conf_RefTD, clarsimp)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   741
apply (subgoal_tac "\<exists> t vs. obj = \<lparr>tag=t,values=vs\<rparr>")
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   742
defer
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   743
apply   (rule obj_split)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   744
apply clarify
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   745
apply (frule obj_ty_widenD)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   746
apply (auto dest!: widen_Class)
12925
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   747
apply   (force dest: AVar_lemma1)
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   748
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   749
apply   (force elim!: fits_Array dest: gext_objD 
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   750
         intro: var_tys_Some_eq [THEN iffD2] conforms_upd_gobj)
12854
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   751
done
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   752
12925
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   753
section "Call"
12854
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   754
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   755
lemma conforms_init_lvars_lemma: "\<lbrakk>wf_prog G;  
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   756
  wf_mhead G P sig mh; 
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   757
  Ball (set lvars) (split (\<lambda>vn. is_type G)); 
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   758
  list_all2 (conf G s) pvs pTsa; G\<turnstile>pTsa[\<preceq>](parTs sig)\<rbrakk> \<Longrightarrow>  
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   759
  G,s\<turnstile>init_vals (table_of lvars)(pars mh[\<mapsto>]pvs)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   760
      [\<Colon>\<preceq>]table_of lvars(pars mh[\<mapsto>]parTs sig)"
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   761
apply (unfold wf_mhead_def)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   762
apply clarify
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   763
apply (erule (2) Ball_set_table [THEN lconf_init_vals, THEN lconf_ext_list])
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   764
apply (drule wf_ws_prog)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   765
apply (erule (2) conf_list_widen)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   766
done
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   767
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   768
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   769
lemma lconf_map_lname [simp]: 
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   770
  "G,s\<turnstile>(lname_case l1 l2)[\<Colon>\<preceq>](lname_case L1 L2)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   771
   =
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   772
  (G,s\<turnstile>l1[\<Colon>\<preceq>]L1 \<and> G,s\<turnstile>(\<lambda>x::unit . l2)[\<Colon>\<preceq>](\<lambda>x::unit. L2))"
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   773
apply (unfold lconf_def)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   774
apply safe
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   775
apply (case_tac "n")
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   776
apply (force split add: lname.split)+
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   777
done
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   778
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   779
lemma lconf_map_ename [simp]:
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   780
  "G,s\<turnstile>(ename_case l1 l2)[\<Colon>\<preceq>](ename_case L1 L2)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   781
   =
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   782
  (G,s\<turnstile>l1[\<Colon>\<preceq>]L1 \<and> G,s\<turnstile>(\<lambda>x::unit. l2)[\<Colon>\<preceq>](\<lambda>x::unit. L2))"
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   783
apply (unfold lconf_def)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   784
apply safe
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   785
apply (force split add: ename.split)+
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   786
done
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   787
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   788
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   789
lemma defval_conf1 [rule_format (no_asm), elim]: 
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   790
  "is_type G T \<longrightarrow> (\<exists>v\<in>Some (default_val T): G,s\<turnstile>v\<Colon>\<preceq>T)"
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   791
apply (unfold conf_def)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   792
apply (induct "T")
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   793
apply (auto intro: prim_ty.induct)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   794
done
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   795
12925
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   796
declare split_paired_All [simp del] split_paired_Ex [simp del] 
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   797
declare split_if     [split del] split_if_asm     [split del] 
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   798
        option.split [split del] option.split_asm [split del]
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   799
ML_setup {*
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   800
simpset_ref() := simpset() delloop "split_all_tac";
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   801
claset_ref () := claset () delSWrapper "split_all_tac"
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   802
*}
12854
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   803
lemma conforms_init_lvars: 
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   804
"\<lbrakk>wf_mhead G (pid declC) sig (mhead (mthd dm)); wf_prog G;  
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   805
  list_all2 (conf G s) pvs pTsa; G\<turnstile>pTsa[\<preceq>](parTs sig);  
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   806
  (x, s)\<Colon>\<preceq>(G, L); 
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   807
  methd G declC sig = Some dm;  
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   808
  isrtype G statT;
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   809
  G\<turnstile>invC\<preceq>\<^sub>C declC; 
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   810
  G,s\<turnstile>a'\<Colon>\<preceq>RefT statT;  
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   811
  invmode (mhd sm) e = IntVir \<longrightarrow> a' \<noteq> Null; 
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   812
  invmode (mhd sm) e \<noteq> IntVir \<longrightarrow>  
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   813
       (\<exists> statC. statT=ClassT statC \<and> G\<turnstile>statC\<preceq>\<^sub>C declC)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   814
    \<or>  (\<forall> statC. statT\<noteq>ClassT statC \<and> declC=Object);
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   815
  invC  = invocation_class (invmode (mhd sm) e) s a' statT;
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   816
  declC = invocation_declclass G (invmode (mhd sm) e) s a' statT sig;
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   817
  Ball (set (lcls (mbody (mthd dm)))) 
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   818
       (split (\<lambda>vn. is_type G)) 
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   819
 \<rbrakk> \<Longrightarrow>  
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   820
  init_lvars G declC sig (invmode (mhd sm) e) a'  
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   821
  pvs (x,s)\<Colon>\<preceq>(G,\<lambda> k. 
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   822
                (case k of
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   823
                   EName e \<Rightarrow> (case e of 
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   824
                                 VNam v 
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   825
                                  \<Rightarrow> (table_of (lcls (mbody (mthd dm)))
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   826
                                        (pars (mthd dm)[\<mapsto>]parTs sig)) v
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   827
                               | Res \<Rightarrow> Some (resTy (mthd dm)))
12925
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   828
                 | This \<Rightarrow> if (is_static (mthd sm)) 
12854
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   829
                              then None else Some (Class declC)))"
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   830
apply (simp add: init_lvars_def2)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   831
apply (rule conforms_set_locals)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   832
apply  (simp (no_asm_simp) split add: split_if)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   833
apply (drule  (4) DynT_conf)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   834
apply clarsimp
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   835
(* apply intro *)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   836
apply (drule (4) conforms_init_lvars_lemma)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   837
apply (case_tac "dm",simp)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   838
apply (rule conjI)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   839
apply (unfold lconf_def, clarify)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   840
apply (rule defval_conf1)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   841
apply (clarsimp simp add: wf_mhead_def is_acc_type_def)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   842
apply (case_tac "is_static sm")
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   843
apply simp_all
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   844
done
12925
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   845
declare split_paired_All [simp] split_paired_Ex [simp] 
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   846
declare split_if     [split] split_if_asm     [split] 
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   847
        option.split [split] option.split_asm [split]
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   848
ML_setup {*
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   849
claset_ref()  := claset() addSbefore ("split_all_tac", split_all_tac);
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   850
simpset_ref() := simpset() addloop ("split_all_tac", split_all_tac)
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   851
*}
12854
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   852
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   853
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   854
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   855
subsection "accessibility"
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   856
12925
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   857
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   858
(* #### stat raus und gleich is_static f schreiben *) 
12854
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   859
theorem dynamic_field_access_ok:
12937
0c4fd7529467 clarified syntax of ``long'' statements: fixes/assumes/shows;
wenzelm
parents: 12925
diff changeset
   860
  assumes wf: "wf_prog G" and
0c4fd7529467 clarified syntax of ``long'' statements: fixes/assumes/shows;
wenzelm
parents: 12925
diff changeset
   861
    not_Null: "\<not> stat \<longrightarrow> a\<noteq>Null" and
0c4fd7529467 clarified syntax of ``long'' statements: fixes/assumes/shows;
wenzelm
parents: 12925
diff changeset
   862
   conform_a: "G,(store s)\<turnstile>a\<Colon>\<preceq> Class statC" and
0c4fd7529467 clarified syntax of ``long'' statements: fixes/assumes/shows;
wenzelm
parents: 12925
diff changeset
   863
   conform_s: "s\<Colon>\<preceq>(G, L)" and 
0c4fd7529467 clarified syntax of ``long'' statements: fixes/assumes/shows;
wenzelm
parents: 12925
diff changeset
   864
    normal_s: "normal s" and
0c4fd7529467 clarified syntax of ``long'' statements: fixes/assumes/shows;
wenzelm
parents: 12925
diff changeset
   865
        wt_e: "\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile>e\<Colon>-Class statC" and
0c4fd7529467 clarified syntax of ``long'' statements: fixes/assumes/shows;
wenzelm
parents: 12925
diff changeset
   866
           f: "accfield G accC statC fn = Some f" and
0c4fd7529467 clarified syntax of ``long'' statements: fixes/assumes/shows;
wenzelm
parents: 12925
diff changeset
   867
        dynC: "if stat then dynC=declclass f  
0c4fd7529467 clarified syntax of ``long'' statements: fixes/assumes/shows;
wenzelm
parents: 12925
diff changeset
   868
                       else dynC=obj_class (lookup_obj (store s) a)" and
0c4fd7529467 clarified syntax of ``long'' statements: fixes/assumes/shows;
wenzelm
parents: 12925
diff changeset
   869
        stat: "if stat then (is_static f) else (\<not> is_static f)"
0c4fd7529467 clarified syntax of ``long'' statements: fixes/assumes/shows;
wenzelm
parents: 12925
diff changeset
   870
  shows "table_of (DeclConcepts.fields G dynC) (fn,declclass f) = Some (fld f) \<and> 
12854
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   871
     G\<turnstile>Field fn f in dynC dyn_accessible_from accC"
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   872
proof (cases "stat")
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   873
  case True
12925
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   874
  with stat have static: "(is_static f)" by simp
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   875
  from True dynC 
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   876
  have dynC': "dynC=declclass f" by simp
12854
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   877
  with f
12925
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   878
  have "table_of (DeclConcepts.fields G statC) (fn,declclass f) = Some (fld f)"
12854
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   879
    by (auto simp add: accfield_def Let_def intro!: table_of_remap_SomeD)
12925
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   880
  moreover
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   881
  from wt_e wf have "is_class G statC"
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   882
    by (auto dest!: ty_expr_is_type)
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   883
  moreover note wf dynC'
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   884
  ultimately have
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   885
     "table_of (DeclConcepts.fields G dynC) (fn,declclass f) = Some (fld f)"
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   886
    by (auto dest: fields_declC)
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   887
  with dynC' f static wf
12854
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   888
  show ?thesis
12925
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   889
    by (auto dest: static_to_dynamic_accessible_from_static
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   890
            dest!: accfield_accessibleD )
12854
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   891
next
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   892
  case False
12925
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   893
  with wf conform_a not_Null conform_s dynC
12854
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   894
  obtain subclseq: "G\<turnstile>dynC \<preceq>\<^sub>C statC" and
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   895
    "is_class G dynC"
12925
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   896
    by (auto dest!: conforms_RefTD [of _ _ _ _ "(fst s)" L]
12854
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   897
              dest: obj_ty_obj_class1
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   898
          simp add: obj_ty_obj_class )
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   899
  with wf f
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   900
  have "table_of (DeclConcepts.fields G dynC) (fn,declclass f) = Some (fld f)"
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   901
    by (auto simp add: accfield_def Let_def
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   902
                 dest: fields_mono
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   903
                dest!: table_of_remap_SomeD)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   904
  moreover
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   905
  from f subclseq
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   906
  have "G\<turnstile>Field fn f in dynC dyn_accessible_from accC"
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   907
    by (auto intro!: static_to_dynamic_accessible_from 
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   908
               dest: accfield_accessibleD)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   909
  ultimately show ?thesis
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   910
    by blast
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   911
qed
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
   912
12925
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   913
(*
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   914
theorem dynamic_field_access_ok:
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   915
  (assumes wf: "wf_prog G" and
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   916
     not_Null: "\<not> is_static f \<longrightarrow> a\<noteq>Null" and
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   917
    conform_a: "G,(store s)\<turnstile>a\<Colon>\<preceq> Class statC" and
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   918
    conform_s: "s\<Colon>\<preceq>(G, L)" and 
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   919
     normal_s: "normal s" and
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   920
         wt_e: "\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile>e\<Colon>-Class statC" and
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   921
            f: "accfield G accC statC fn = Some f" and
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   922
         dynC: "if is_static f 
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   923
                   then dynC=declclass f  
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   924
                   else dynC=obj_class (lookup_obj (store s) a)" 
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   925
  ) "table_of (DeclConcepts.fields G dynC) (fn,declclass f) = Some (fld f) \<and> 
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   926
     G\<turnstile>Field fn f in dynC dyn_accessible_from accC"
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   927
proof (cases "is_static f")
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   928
  case True
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   929
  from True dynC 
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   930
  have dynC': "dynC=declclass f" by simp
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   931
  with f
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   932
  have "table_of (DeclConcepts.fields G statC) (fn,declclass f) = Some (fld f)"
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   933
    by (auto simp add: accfield_def Let_def intro!: table_of_remap_SomeD)
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   934
  moreover
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   935
  from wt_e wf have "is_class G statC"
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   936
    by (auto dest!: ty_expr_is_type)
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   937
  moreover note wf dynC'
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   938
  ultimately have
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   939
     "table_of (DeclConcepts.fields G dynC) (fn,declclass f) = Some (fld f)"
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   940
    by (auto dest: fields_declC)
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   941
  with dynC' f True wf
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   942
  show ?thesis
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   943
    by (auto dest: static_to_dynamic_accessible_from_static
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   944
            dest!: accfield_accessibleD )
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   945
next
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   946
  case False
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   947
  with wf conform_a not_Null conform_s dynC
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   948
  obtain subclseq: "G\<turnstile>dynC \<preceq>\<^sub>C statC" and
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   949
    "is_class G dynC"
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   950
    by (auto dest!: conforms_RefTD [of _ _ _ _ "(fst s)" L]
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   951
              dest: obj_ty_obj_class1
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   952
          simp add: obj_ty_obj_class )
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   953
  with wf f
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   954
  have "table_of (DeclConcepts.fields G dynC) (fn,declclass f) = Some (fld f)"
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   955
    by (auto simp add: accfield_def Let_def
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   956
                 dest: fields_mono
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   957
                dest!: table_of_remap_SomeD)
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   958
  moreover
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   959
  from f subclseq
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   960
  have "G\<turnstile>Field fn f in dynC dyn_accessible_from accC"
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   961
    by (auto intro!: static_to_dynamic_accessible_from 
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   962
               dest: accfield_accessibleD)
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   963
  ultimately show ?thesis
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   964
    by blast
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   965
qed
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   966
*)
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   967
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   968
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   969
(* ### Einsetzen in case FVar des TypeSoundness Proofs *)
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   970
(*
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   971
lemma FVar_check_error_free:
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   972
(assumes fvar: "(v, s2') = fvar statDeclC stat fn a s2" and 
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   973
        check: "s3 = check_field_access G accC statDeclC fn stat a s2'" and
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   974
       conf_a: "normal s2 \<longrightarrow> G,store s2\<turnstile>a\<Colon>\<preceq>Class statC" and
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   975
      conf_s2: "s2\<Colon>\<preceq>(G, L)" and
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   976
    initd_statDeclC_s2: "initd statDeclC s2" and
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   977
    wt_e: "\<lparr>prg=G, cls=accC, lcl=L\<rparr>\<turnstile>e\<Colon>-Class statC" and
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   978
    accfield: "accfield G accC statC fn = Some (statDeclC,f)" and
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   979
    stat: "stat=is_static f" and
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   980
      wf: "wf_prog G"
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   981
)  "s3=s2'"
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   982
proof -
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   983
  from fvar 
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   984
  have store_s2': "store s2'=store s2"
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   985
    by (cases s2) (simp add: fvar_def2)
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   986
  with fvar conf_s2 
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   987
  have conf_s2': "s2'\<Colon>\<preceq>(G, L)"
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   988
    by (cases s2,cases stat) (auto simp add: fvar_def2)
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   989
  from initd_statDeclC_s2 store_s2' 
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   990
  have initd_statDeclC_s2': "initd statDeclC s2"
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   991
    by simp
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   992
  show ?thesis
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   993
  proof (cases "normal s2'")
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   994
    case False
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   995
    with check show ?thesis 
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   996
      by (auto simp add: check_field_access_def Let_def)
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   997
  next
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   998
    case True
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
   999
    with fvar store_s2' 
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1000
    have not_Null: "\<not> stat \<longrightarrow> a\<noteq>Null" 
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1001
      by (cases s2) (auto simp add: fvar_def2)
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1002
    from True fvar store_s2'
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1003
    have "normal s2"
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1004
      by (cases s2,cases stat) (auto simp add: fvar_def2)
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1005
    with conf_a store_s2'
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1006
    have conf_a': "G,store s2'\<turnstile>a\<Colon>\<preceq>Class statC"
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1007
      by simp 
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1008
    from conf_a' conf_s2'  check True initd_statDeclC_s2' 
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1009
      dynamic_field_access_ok [OF wf not_Null conf_a' conf_s2' 
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1010
                                   True wt_e accfield ] stat
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1011
    show ?thesis
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1012
      by (cases stat)
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1013
         (auto dest!: initedD
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1014
           simp add: check_field_access_def Let_def)
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1015
  qed
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1016
qed
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1017
*)
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1018
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1019
lemma error_free_field_access:
12937
0c4fd7529467 clarified syntax of ``long'' statements: fixes/assumes/shows;
wenzelm
parents: 12925
diff changeset
  1020
  assumes accfield: "accfield G accC statC fn = Some (statDeclC, f)" and
12925
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1021
              wt_e: "\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>e\<Colon>-Class statC" and
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1022
         eval_init: "G\<turnstile>Norm s0 \<midarrow>Init statDeclC\<rightarrow> s1" and
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1023
            eval_e: "G\<turnstile>s1 \<midarrow>e-\<succ>a\<rightarrow> s2" and
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1024
           conf_s2: "s2\<Colon>\<preceq>(G, L)" and
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1025
            conf_a: "normal s2 \<Longrightarrow> G, store s2\<turnstile>a\<Colon>\<preceq>Class statC" and
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1026
              fvar: "(v,s2')=fvar statDeclC (is_static f) fn a s2" and
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1027
                wf: "wf_prog G"   
12937
0c4fd7529467 clarified syntax of ``long'' statements: fixes/assumes/shows;
wenzelm
parents: 12925
diff changeset
  1028
  shows "check_field_access G accC statDeclC fn (is_static f) a s2' = s2'"
12925
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1029
proof -
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1030
  from fvar
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1031
  have store_s2': "store s2'=store s2"
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1032
    by (cases s2) (simp add: fvar_def2)
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1033
  with fvar conf_s2 
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1034
  have conf_s2': "s2'\<Colon>\<preceq>(G, L)"
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1035
    by (cases s2,cases "is_static f") (auto simp add: fvar_def2)
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1036
  from eval_init 
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1037
  have initd_statDeclC_s1: "initd statDeclC s1"
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1038
    by (rule init_yields_initd)
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1039
  with eval_e store_s2'
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1040
  have initd_statDeclC_s2': "initd statDeclC s2'"
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1041
    by (auto dest: eval_gext intro: inited_gext)
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1042
  show ?thesis
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1043
  proof (cases "normal s2'")
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1044
    case False
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1045
    then show ?thesis 
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1046
      by (auto simp add: check_field_access_def Let_def)
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1047
  next
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1048
    case True
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1049
    with fvar store_s2' 
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1050
    have not_Null: "\<not> (is_static f) \<longrightarrow> a\<noteq>Null" 
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1051
      by (cases s2) (auto simp add: fvar_def2)
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1052
    from True fvar store_s2'
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1053
    have "normal s2"
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1054
      by (cases s2,cases "is_static f") (auto simp add: fvar_def2)
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1055
    with conf_a store_s2'
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1056
    have conf_a': "G,store s2'\<turnstile>a\<Colon>\<preceq>Class statC"
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1057
      by simp
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1058
    from conf_a' conf_s2' True initd_statDeclC_s2' 
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1059
      dynamic_field_access_ok [OF wf not_Null conf_a' conf_s2' 
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1060
                                   True wt_e accfield ] 
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1061
    show ?thesis
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1062
      by  (cases "is_static f")
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1063
          (auto dest!: initedD
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1064
           simp add: check_field_access_def Let_def)
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1065
  qed
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1066
qed
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1067
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1068
lemma call_access_ok:
12937
0c4fd7529467 clarified syntax of ``long'' statements: fixes/assumes/shows;
wenzelm
parents: 12925
diff changeset
  1069
  assumes invC_prop: "G\<turnstile>invmode statM e\<rightarrow>invC\<preceq>statT" 
0c4fd7529467 clarified syntax of ``long'' statements: fixes/assumes/shows;
wenzelm
parents: 12925
diff changeset
  1070
      and        wf: "wf_prog G" 
0c4fd7529467 clarified syntax of ``long'' statements: fixes/assumes/shows;
wenzelm
parents: 12925
diff changeset
  1071
      and      wt_e: "\<lparr>prg=G,cls=C,lcl=L\<rparr>\<turnstile>e\<Colon>-RefT statT"
0c4fd7529467 clarified syntax of ``long'' statements: fixes/assumes/shows;
wenzelm
parents: 12925
diff changeset
  1072
      and     statM: "(statDeclT,statM) \<in> mheads G accC statT sig" 
0c4fd7529467 clarified syntax of ``long'' statements: fixes/assumes/shows;
wenzelm
parents: 12925
diff changeset
  1073
      and      invC: "invC = invocation_class (invmode statM e) s a statT"
0c4fd7529467 clarified syntax of ``long'' statements: fixes/assumes/shows;
wenzelm
parents: 12925
diff changeset
  1074
  shows "\<exists> dynM. dynlookup G statT invC sig = Some dynM \<and>
12854
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
  1075
  G\<turnstile>Methd sig dynM in invC dyn_accessible_from accC"
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
  1076
proof -
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
  1077
  from wt_e wf have type_statT: "is_type G (RefT statT)"
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
  1078
    by (auto dest: ty_expr_is_type)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
  1079
  from statM have not_Null: "statT \<noteq> NullT" by auto
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
  1080
  from type_statT wt_e 
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
  1081
  have wf_I: "(\<forall>I. statT = IfaceT I \<longrightarrow> is_iface G I \<and> 
12925
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1082
                                        invmode statM e \<noteq> SuperM)"
12854
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
  1083
    by (auto dest: invocationTypeExpr_noClassD)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
  1084
  from wt_e
12925
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1085
  have wf_A: "(\<forall>     T. statT = ArrayT T \<longrightarrow> invmode statM e \<noteq> SuperM)"
12854
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
  1086
    by (auto dest: invocationTypeExpr_noClassD)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
  1087
  show ?thesis
12925
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1088
  proof (cases "invmode statM e = IntVir")
12854
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
  1089
    case True
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
  1090
    with invC_prop not_Null
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
  1091
    have invC_prop': "is_class G invC \<and>  
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
  1092
                      (if (\<exists>T. statT=ArrayT T) then invC=Object 
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
  1093
                                              else G\<turnstile>Class invC\<preceq>RefT statT)"
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
  1094
      by (auto simp add: DynT_prop_def)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
  1095
    with True not_Null
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
  1096
    have "G,statT \<turnstile> invC valid_lookup_cls_for is_static statM"
12925
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1097
     by (cases statT) (auto simp add: invmode_def) 
12854
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
  1098
    with statM type_statT wf 
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
  1099
    show ?thesis
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
  1100
      by - (rule dynlookup_access,auto)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
  1101
  next
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
  1102
    case False
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
  1103
    with type_statT wf invC not_Null wf_I wf_A
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
  1104
    have invC_prop': " is_class G invC \<and>
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
  1105
                      ((\<exists> statC. statT=ClassT statC \<and> invC=statC) \<or>
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
  1106
                      (\<forall> statC. statT\<noteq>ClassT statC \<and> invC=Object)) "
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
  1107
        by (case_tac "statT") (auto simp add: invocation_class_def 
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
  1108
                                       split: inv_mode.splits)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
  1109
    with not_Null wf
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
  1110
    have dynlookup_static: "dynlookup G statT invC sig = methd G invC sig"
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
  1111
      by (case_tac "statT") (auto simp add: dynlookup_def dynmethd_C_C
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
  1112
                                            dynimethd_def)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
  1113
   from statM wf wt_e not_Null False invC_prop' obtain dynM where
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
  1114
                "accmethd G accC invC sig = Some dynM" 
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
  1115
     by (auto dest!: static_mheadsD)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
  1116
   from invC_prop' False not_Null wf_I
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
  1117
   have "G,statT \<turnstile> invC valid_lookup_cls_for is_static statM"
12925
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1118
     by (cases statT) (auto simp add: invmode_def) 
12854
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
  1119
   with statM type_statT wf 
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
  1120
    show ?thesis
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
  1121
      by - (rule dynlookup_access,auto)
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
  1122
  qed
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
  1123
qed
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
  1124
12925
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1125
lemma error_free_call_access:
12937
0c4fd7529467 clarified syntax of ``long'' statements: fixes/assumes/shows;
wenzelm
parents: 12925
diff changeset
  1126
  assumes
12925
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1127
   eval_args: "G\<turnstile>s1 \<midarrow>args\<doteq>\<succ>vs\<rightarrow> s2" and
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1128
        wt_e: "\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>e\<Colon>-(RefT statT)" and  
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1129
       statM: "max_spec G accC statT \<lparr>name = mn, parTs = pTs\<rparr> 
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1130
               = {((statDeclT, statM), pTs')}" and
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1131
     conf_s2: "s2\<Colon>\<preceq>(G, L)" and
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1132
      conf_a: "normal s1 \<Longrightarrow> G, store s1\<turnstile>a\<Colon>\<preceq>RefT statT" and
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1133
     invProp: "normal s3 \<Longrightarrow>
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1134
                G\<turnstile>invmode statM e\<rightarrow>invC\<preceq>statT" and
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1135
          s3: "s3=init_lvars G invDeclC \<lparr>name = mn, parTs = pTs'\<rparr> 
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1136
                        (invmode statM e) a vs s2" and
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1137
        invC: "invC = invocation_class (invmode statM e) (store s2) a statT"and
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1138
    invDeclC: "invDeclC = invocation_declclass G (invmode statM e) (store s2) 
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1139
                             a statT \<lparr>name = mn, parTs = pTs'\<rparr>" and
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1140
          wf: "wf_prog G"
12937
0c4fd7529467 clarified syntax of ``long'' statements: fixes/assumes/shows;
wenzelm
parents: 12925
diff changeset
  1141
  shows "check_method_access G accC statT (invmode statM e) \<lparr>name=mn,parTs=pTs'\<rparr> a s3
12925
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1142
   = s3"
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1143
proof (cases "normal s2")
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1144
  case False
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1145
  with s3 
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1146
  have "abrupt s3 = abrupt s2"  
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1147
    by (auto simp add: init_lvars_def2)
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1148
  with False
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1149
  show ?thesis
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1150
    by (auto simp add: check_method_access_def Let_def)
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1151
next
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1152
  case True
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1153
  note normal_s2 = True
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1154
  with eval_args
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1155
  have normal_s1: "normal s1"
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1156
    by (cases "normal s1") auto
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1157
  with conf_a eval_args 
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1158
  have conf_a_s2: "G, store s2\<turnstile>a\<Colon>\<preceq>RefT statT"
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1159
    by (auto dest: eval_gext intro: conf_gext)
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1160
  show ?thesis
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1161
  proof (cases "a=Null \<longrightarrow> (is_static statM)")
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1162
    case False
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1163
    then obtain "\<not> is_static statM" "a=Null" 
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1164
      by blast
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1165
    with normal_s2 s3
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1166
    have "abrupt s3 = Some (Xcpt (Std NullPointer))" 
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1167
      by (auto simp add: init_lvars_def2)
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1168
    then show ?thesis
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1169
      by (auto simp add: check_method_access_def Let_def)
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1170
  next
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1171
    case True
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1172
    from statM 
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1173
    obtain
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1174
      statM': "(statDeclT,statM)\<in>mheads G accC statT \<lparr>name=mn,parTs=pTs'\<rparr>" 
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1175
      by (blast dest: max_spec2mheads)
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1176
    from True normal_s2 s3
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1177
    have "normal s3"
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1178
      by (auto simp add: init_lvars_def2)
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1179
    then have "G\<turnstile>invmode statM e\<rightarrow>invC\<preceq>statT"
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1180
      by (rule invProp)
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1181
    with wt_e statM' wf invC
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1182
    obtain dynM where 
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1183
      dynM: "dynlookup G statT invC  \<lparr>name=mn,parTs=pTs'\<rparr> = Some dynM" and
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1184
      acc_dynM: "G \<turnstile>Methd  \<lparr>name=mn,parTs=pTs'\<rparr> dynM 
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1185
                          in invC dyn_accessible_from accC"
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1186
      by (force dest!: call_access_ok)
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1187
    moreover
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1188
    from s3 invC
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1189
    have invC': "invC=(invocation_class (invmode statM e) (store s3) a statT)"
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1190
      by (cases s2,cases "invmode statM e") 
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1191
         (simp add: init_lvars_def2 del: invmode_Static_eq)+
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1192
    ultimately
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1193
    show ?thesis
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1194
      by (auto simp add: check_method_access_def Let_def)
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1195
  qed
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1196
qed
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1197
12854
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
  1198
section "main proof of type safety"
00d4a435777f Isabelle/Bali sources;
schirmer
parents:
diff changeset
  1199
12925
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1200
lemma eval_type_sound:
12937
0c4fd7529467 clarified syntax of ``long'' statements: fixes/assumes/shows;
wenzelm
parents: 12925
diff changeset
  1201
  assumes eval: "G\<turnstile>s0 \<midarrow>t\<succ>\<rightarrow> (v,s1)" and
0c4fd7529467 clarified syntax of ``long'' statements: fixes/assumes/shows;
wenzelm
parents: 12925
diff changeset
  1202
            wt: "\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile>t\<Colon>T" and
0c4fd7529467 clarified syntax of ``long'' statements: fixes/assumes/shows;
wenzelm
parents: 12925
diff changeset
  1203
            wf: "wf_prog G" and 
0c4fd7529467 clarified syntax of ``long'' statements: fixes/assumes/shows;
wenzelm
parents: 12925
diff changeset
  1204
       conf_s0: "s0\<Colon>\<preceq>(G,L)"           
0c4fd7529467 clarified syntax of ``long'' statements: fixes/assumes/shows;
wenzelm
parents: 12925
diff changeset
  1205
  shows "s1\<Colon>\<preceq>(G,L) \<and>  (normal s1 \<longrightarrow> G,L,store s1\<turnstile>t\<succ>v\<Colon>\<preceq>T) \<and> 
12925
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1206
         (error_free s0 = error_free s1)"
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1207
proof -
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1208
  from eval 
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1209
  have "\<And> L accC T. \<lbrakk>s0\<Colon>\<preceq>(G,L);\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile>t\<Colon>T\<rbrakk>  
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1210
        \<Longrightarrow> s1\<Colon>\<preceq>(G,L) \<and> (normal s1 \<longrightarrow> G,L,store s1\<turnstile>t\<succ>v\<Colon>\<preceq>T)
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1211
            \<and> (error_free s0 = error_free s1)"
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1212
   (is "PROP ?TypeSafe s0 s1 t v"
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1213
    is "\<And> L accC T. ?Conform L s0 \<Longrightarrow> ?WellTyped L accC T t  
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1214
                 \<Longrightarrow> ?Conform L s1 \<and> ?ValueTyped L T s1 t v \<and>
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1215
                     ?ErrorFree s0 s1")
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1216
  proof (induct)
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1217
    case (Abrupt s t xc L accC T) 
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1218
    have "(Some xc, s)\<Colon>\<preceq>(G,L)" .
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1219
    then show "(Some xc, s)\<Colon>\<preceq>(G,L) \<and> 
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1220
      (normal (Some xc, s) 
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1221
      \<longrightarrow> G,L,store (Some xc,s)\<turnstile>t\<succ>arbitrary3 t\<Colon>\<preceq>T) \<and> 
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1222
      (error_free (Some xc, s) = error_free (Some xc, s))"
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1223
      by (simp)
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1224
  next
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1225
    case (Skip s L accC T)
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1226
    have "Norm s\<Colon>\<preceq>(G, L)" and  
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1227
           "\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>In1r Skip\<Colon>T" .
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1228
    then show "Norm s\<Colon>\<preceq>(G, L) \<and>
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1229
              (normal (Norm s) \<longrightarrow> G,L,store (Norm s)\<turnstile>In1r Skip\<succ>\<diamondsuit>\<Colon>\<preceq>T) \<and> 
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1230
              (error_free (Norm s) = error_free (Norm s))"
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1231
      by (simp)
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1232
  next
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1233
    case (Expr e s0 s1 v L accC T)
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1234
    have "G\<turnstile>Norm s0 \<midarrow>e-\<succ>v\<rightarrow> s1" .
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1235
    have     hyp: "PROP ?TypeSafe (Norm s0) s1 (In1l e) (In1 v)" .
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1236
    have conf_s0: "Norm s0\<Colon>\<preceq>(G, L)" .
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1237
    have      wt: "\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>In1r (Expr e)\<Colon>T" .
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1238
    then obtain eT 
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1239
      where "\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>In1l e\<Colon>eT"
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1240
      by (rule wt_elim_cases) (blast)
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1241
    with conf_s0 hyp 
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1242
    obtain "s1\<Colon>\<preceq>(G, L)" and "error_free s1"
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1243
      by (blast)
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1244
    with wt
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1245
    show "s1\<Colon>\<preceq>(G, L) \<and>
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1246
          (normal s1 \<longrightarrow> G,L,store s1\<turnstile>In1r (Expr e)\<succ>\<diamondsuit>\<Colon>\<preceq>T) \<and> 
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1247
          (error_free (Norm s0) = error_free s1)"
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1248
      by (simp)
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1249
  next
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1250
    case (Lab c l s0 s1 L accC T)
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1251
    have     hyp: "PROP ?TypeSafe (Norm s0) s1 (In1r c) \<diamondsuit>" .
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1252
    have conf_s0: "Norm s0\<Colon>\<preceq>(G, L)" .
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1253
    have      wt: "\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>In1r (l\<bullet> c)\<Colon>T" .
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1254
    then have "\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>c\<Colon>\<surd>"
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1255
      by (rule wt_elim_cases) (blast)
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1256
    with conf_s0 hyp
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1257
    obtain       conf_s1: "s1\<Colon>\<preceq>(G, L)" and 
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1258
           error_free_s1: "error_free s1" 
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1259
      by (blast)
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1260
    from conf_s1 have "abupd (absorb (Break l)) s1\<Colon>\<preceq>(G, L)"
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1261
      by (cases s1) (auto intro: conforms_absorb)
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1262
    with wt error_free_s1
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1263
    show "abupd (absorb (Break l)) s1\<Colon>\<preceq>(G, L) \<and>
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1264
          (normal (abupd (absorb (Break l)) s1)
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1265
           \<longrightarrow> G,L,store (abupd (absorb (Break l)) s1)\<turnstile>In1r (l\<bullet> c)\<succ>\<diamondsuit>\<Colon>\<preceq>T) \<and>
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1266
          (error_free (Norm s0) = error_free (abupd (absorb (Break l)) s1))"
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1267
      by (simp)
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1268
  next
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1269
    case (Comp c1 c2 s0 s1 s2 L accC T)
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1270
    have "G\<turnstile>Norm s0 \<midarrow>c1\<rightarrow> s1" .
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1271
    have "G\<turnstile>s1 \<midarrow>c2\<rightarrow> s2" .
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1272
    have  hyp_c1: "PROP ?TypeSafe (Norm s0) s1 (In1r c1) \<diamondsuit>" .
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1273
    have  hyp_c2: "PROP ?TypeSafe s1        s2 (In1r c2) \<diamondsuit>" .
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1274
    have conf_s0: "Norm s0\<Colon>\<preceq>(G, L)" .
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1275
    have      wt: "\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>In1r (c1;; c2)\<Colon>T" .
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1276
    then obtain wt_c1: "\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>c1\<Colon>\<surd>" and
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1277
                wt_c2: "\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>c2\<Colon>\<surd>"
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1278
      by (rule wt_elim_cases) (blast)
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1279
    with conf_s0 hyp_c1 hyp_c2
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1280
    obtain "s2\<Colon>\<preceq>(G, L)" and "error_free s2"
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1281
      by (blast)
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1282
    with wt
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1283
    show "s2\<Colon>\<preceq>(G, L) \<and>
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1284
          (normal s2 \<longrightarrow> G,L,store s2\<turnstile>In1r (c1;; c2)\<succ>\<diamondsuit>\<Colon>\<preceq>T) \<and>
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1285
          (error_free (Norm s0) = error_free s2)"
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1286
      by (simp)
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1287
  next
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1288
    case (If b c1 c2 e s0 s1 s2 L accC T)
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1289
    have "G\<turnstile>Norm s0 \<midarrow>e-\<succ>b\<rightarrow> s1" .
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1290
    have "G\<turnstile>s1 \<midarrow>(if the_Bool b then c1 else c2)\<rightarrow> s2" .
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1291
    have hyp_e: "PROP ?TypeSafe (Norm s0) s1 (In1l e) (In1 b)" .
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1292
    have hyp_then_else: 
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1293
            "PROP ?TypeSafe s1 s2 (In1r (if the_Bool b then c1 else c2)) \<diamondsuit>" .
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1294
    have conf_s0: "Norm s0\<Colon>\<preceq>(G, L)" .
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1295
    have      wt: "\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>In1r (If(e) c1 Else c2)\<Colon>T" .
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1296
    then obtain "\<lparr>prg=G, cls=accC, lcl=L\<rparr>\<turnstile>e\<Colon>-PrimT Boolean"
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1297
                "\<lparr>prg=G, cls=accC, lcl=L\<rparr>\<turnstile>(if the_Bool b then c1 else c2)\<Colon>\<surd>"
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1298
      by (rule wt_elim_cases) (auto split add: split_if)
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1299
    with conf_s0 hyp_e hyp_then_else
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1300
    obtain "s2\<Colon>\<preceq>(G, L)" and "error_free s2"
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1301
      by (blast)
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1302
    with wt
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1303
    show "s2\<Colon>\<preceq>(G, L) \<and>
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1304
           (normal s2 \<longrightarrow> G,L,store s2\<turnstile>In1r (If(e) c1 Else c2)\<succ>\<diamondsuit>\<Colon>\<preceq>T) \<and>
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1305
           (error_free (Norm s0) = error_free s2)"
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1306
      by (simp)
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1307
  next
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1308
    case (Loop b c e l s0 s1 s2 s3 L accC T)
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1309
    have "G\<turnstile>Norm s0 \<midarrow>e-\<succ>b\<rightarrow> s1" .
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1310
    have hyp_e: "PROP ?TypeSafe (Norm s0) s1 (In1l e) (In1 b)" .
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1311
    have conf_s0: "Norm s0\<Colon>\<preceq>(G, L)" .
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1312
    have      wt: "\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>In1r (l\<bullet> While(e) c)\<Colon>T" .
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1313
    then obtain wt_e: "\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>e\<Colon>-PrimT Boolean" and
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1314
                wt_c: "\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>c\<Colon>\<surd>"
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1315
      by (rule wt_elim_cases) (blast)
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1316
    from conf_s0 wt_e hyp_e
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1317
    obtain conf_s1: "s1\<Colon>\<preceq>(G, L)" and error_free_s1: "error_free s1"
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1318
      by blast
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1319
    show "s3\<Colon>\<preceq>(G, L) \<and>
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1320
          (normal s3 \<longrightarrow> G,L,store s3\<turnstile>In1r (l\<bullet> While(e) c)\<succ>\<diamondsuit>\<Colon>\<preceq>T) \<and>
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1321
          (error_free (Norm s0) = error_free s3)"
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1322
    proof (cases "normal s1 \<and> the_Bool b")
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1323
      case True
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1324
      from Loop True have "G\<turnstile>s1 \<midarrow>c\<rightarrow> s2" by auto
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1325
      from Loop True have "G\<turnstile>abupd (absorb (Cont l)) s2 \<midarrow>l\<bullet> While(e) c\<rightarrow> s3"
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1326
	by auto
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1327
      from Loop True have hyp_c: "PROP ?TypeSafe s1 s2 (In1r c) \<diamondsuit>"
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1328
	by (auto)
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1329
      from Loop True have hyp_w: "PROP ?TypeSafe (abupd (absorb (Cont l)) s2)
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1330
                                       s3 (In1r (l\<bullet> While(e) c)) \<diamondsuit>"
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1331
	by (auto)
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1332
      from conf_s1 error_free_s1 wt_c hyp_c
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1333
      obtain conf_s2:  "s2\<Colon>\<preceq>(G, L)" and error_free_s2: "error_free s2"
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1334
	by blast
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1335
      from conf_s2 have "abupd (absorb (Cont l)) s2 \<Colon>\<preceq>(G, L)"
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1336
	by (cases s2) (auto intro: conforms_absorb)
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1337
      moreover
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1338
      from error_free_s2 have "error_free (abupd (absorb (Cont l)) s2)"
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1339
	by simp
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1340
      moreover note wt hyp_w
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1341
      ultimately obtain "s3\<Colon>\<preceq>(G, L)" and "error_free s3"
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1342
	by blast
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1343
      with wt 
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1344
      show ?thesis
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1345
	by (simp)
99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents: 12858
diff changeset
  1346
    next