src/HOL/MicroJava/J/WellForm.thy
author haftmann
Tue Nov 24 14:37:23 2009 +0100 (2009-11-24)
changeset 33954 1bc3b688548c
parent 33640 0d82107dc07a
child 35416 d8d7d1b785af
permissions -rwxr-xr-x
backported parts of abstract byte code verifier from AFP/Jinja
nipkow@8011
     1
(*  Title:      HOL/MicroJava/J/WellForm.thy
nipkow@8011
     2
    Author:     David von Oheimb
nipkow@8011
     3
    Copyright   1999 Technische Universitaet Muenchen
oheimb@11070
     4
*)
nipkow@8011
     5
kleing@12911
     6
header {* \isaheader{Well-formedness of Java programs} *}
nipkow@8011
     7
haftmann@33954
     8
theory WellForm
haftmann@33954
     9
imports TypeRel SystemClasses
haftmann@33954
    10
begin
nipkow@8011
    11
oheimb@11070
    12
text {*
oheimb@11070
    13
for static checks on expressions and statements, see WellType.
oheimb@11070
    14
oheimb@11070
    15
\begin{description}
oheimb@11070
    16
\item[improvements over Java Specification 1.0 (cf. 8.4.6.3, 8.4.6.4, 9.4.1):]\ \\
oheimb@11070
    17
\begin{itemize}
oheimb@11070
    18
\item a method implementing or overwriting another method may have a result type
oheimb@11070
    19
that widens to the result type of the other method (instead of identical type)
oheimb@11070
    20
\end{itemize}
oheimb@11070
    21
oheimb@11070
    22
\item[simplifications:]\ \\
oheimb@11070
    23
\begin{itemize}
oheimb@11070
    24
\item for uniformity, Object is assumed to be declared like any other class
oheimb@11070
    25
\end{itemize}
oheimb@11070
    26
\end{description}
oheimb@11070
    27
*}
oheimb@11026
    28
types 'c wf_mb = "'c prog => cname => 'c mdecl => bool"
nipkow@8011
    29
nipkow@8011
    30
constdefs
streckem@14045
    31
 wf_syscls :: "'c prog => bool"
streckem@14045
    32
"wf_syscls G == let cs = set G in Object \<in> fst ` cs \<and> (\<forall>x. Xcpt x \<in> fst ` cs)"
streckem@14045
    33
kleing@10069
    34
 wf_fdecl :: "'c prog => fdecl => bool"
oheimb@11026
    35
"wf_fdecl G == \<lambda>(fn,ft). is_type G ft"
nipkow@8011
    36
kleing@10069
    37
 wf_mhead :: "'c prog => sig => ty => bool"
oheimb@11026
    38
"wf_mhead G == \<lambda>(mn,pTs) rT. (\<forall>T\<in>set pTs. is_type G T) \<and> is_type G rT"
nipkow@8011
    39
streckem@14045
    40
 ws_cdecl :: "'c prog => 'c cdecl => bool"
streckem@14045
    41
"ws_cdecl G ==
streckem@14045
    42
   \<lambda>(C,(D,fs,ms)).
streckem@14045
    43
  (\<forall>f\<in>set fs. wf_fdecl G         f) \<and>  unique fs \<and>
streckem@14045
    44
  (\<forall>(sig,rT,mb)\<in>set ms. wf_mhead G sig rT) \<and> unique ms \<and>
streckem@14045
    45
  (C \<noteq> Object \<longrightarrow> is_class G D \<and>  \<not>G\<turnstile>D\<preceq>C C)"
streckem@14045
    46
streckem@14045
    47
 ws_prog :: "'c prog => bool"
streckem@14045
    48
"ws_prog G == 
streckem@14045
    49
  wf_syscls G \<and> (\<forall>c\<in>set G. ws_cdecl G c) \<and> unique G"
streckem@14045
    50
streckem@14045
    51
 wf_mrT   :: "'c prog => 'c cdecl => bool"
streckem@14045
    52
"wf_mrT G ==
streckem@14045
    53
   \<lambda>(C,(D,fs,ms)).
streckem@14045
    54
  (C \<noteq> Object \<longrightarrow> (\<forall>(sig,rT,b)\<in>set ms. \<forall>D' rT' b'.
streckem@14045
    55
                      method(G,D) sig = Some(D',rT',b') --> G\<turnstile>rT\<preceq>rT'))"
streckem@14045
    56
streckem@14045
    57
 wf_cdecl_mdecl :: "'c wf_mb => 'c prog => 'c cdecl => bool"
streckem@14045
    58
"wf_cdecl_mdecl wf_mb G ==
streckem@14045
    59
   \<lambda>(C,(D,fs,ms)). (\<forall>m\<in>set ms. wf_mb G C m)"
streckem@14045
    60
streckem@14045
    61
 wf_prog :: "'c wf_mb => 'c prog => bool"
streckem@14045
    62
"wf_prog wf_mb G == 
streckem@14045
    63
     ws_prog G \<and> (\<forall>c\<in> set G. wf_mrT G c \<and> wf_cdecl_mdecl wf_mb G c)"
streckem@14045
    64
kleing@10061
    65
 wf_mdecl :: "'c wf_mb => 'c wf_mb"
oheimb@11026
    66
"wf_mdecl wf_mb G C == \<lambda>(sig,rT,mb). wf_mhead G sig rT \<and> wf_mb G C (sig,rT,mb)"
nipkow@8011
    67
kleing@10061
    68
 wf_cdecl :: "'c wf_mb => 'c prog => 'c cdecl => bool"
kleing@10042
    69
"wf_cdecl wf_mb G ==
oheimb@11026
    70
   \<lambda>(C,(D,fs,ms)).
oheimb@11026
    71
  (\<forall>f\<in>set fs. wf_fdecl G         f) \<and>  unique fs \<and>
oheimb@11026
    72
  (\<forall>m\<in>set ms. wf_mdecl wf_mb G C m) \<and>  unique ms \<and>
oheimb@11026
    73
  (C \<noteq> Object \<longrightarrow> is_class G D \<and>  \<not>G\<turnstile>D\<preceq>C C \<and>
oheimb@11026
    74
                   (\<forall>(sig,rT,b)\<in>set ms. \<forall>D' rT' b'.
oheimb@11026
    75
                      method(G,D) sig = Some(D',rT',b') --> G\<turnstile>rT\<preceq>rT'))"
nipkow@8011
    76
streckem@14045
    77
lemma wf_cdecl_mrT_cdecl_mdecl:
streckem@14045
    78
  "(wf_cdecl wf_mb G c) = (ws_cdecl G c \<and> wf_mrT G c \<and> wf_cdecl_mdecl wf_mb G c)"
streckem@14045
    79
apply (rule iffI)
streckem@14045
    80
apply (simp add: wf_cdecl_def ws_cdecl_def wf_mrT_def wf_cdecl_mdecl_def 
streckem@14045
    81
  wf_mdecl_def wf_mhead_def split_beta)+
streckem@14045
    82
done
kleing@12951
    83
streckem@14045
    84
lemma wf_cdecl_ws_cdecl [intro]: "wf_cdecl wf_mb G cd \<Longrightarrow> ws_cdecl G cd"
streckem@14045
    85
by (simp add: wf_cdecl_mrT_cdecl_mdecl)
streckem@14045
    86
streckem@14045
    87
lemma wf_prog_ws_prog [intro]: "wf_prog wf_mb G \<Longrightarrow> ws_prog G"
streckem@14045
    88
by (simp add: wf_prog_def ws_prog_def)
streckem@14045
    89
streckem@14045
    90
lemma wf_prog_wf_mdecl: 
streckem@14045
    91
  "\<lbrakk> wf_prog wf_mb G; (C,S,fs,mdecls) \<in> set G; ((mn,pTs),rT,code) \<in> set mdecls\<rbrakk>
streckem@14045
    92
  \<Longrightarrow> wf_mdecl wf_mb G C ((mn,pTs),rT,code)"
streckem@14045
    93
by (auto simp add: wf_prog_def ws_prog_def wf_mdecl_def  
streckem@14045
    94
  wf_cdecl_mdecl_def ws_cdecl_def)
oheimb@11026
    95
oheimb@11026
    96
lemma class_wf: 
streckem@14045
    97
 "[|class G C = Some c; wf_prog wf_mb G|] 
streckem@14045
    98
  ==> wf_cdecl wf_mb G (C,c) \<and> wf_mrT G (C,c)"
streckem@14045
    99
apply (unfold wf_prog_def ws_prog_def wf_cdecl_def class_def)
streckem@14045
   100
apply clarify
streckem@14045
   101
apply (drule_tac x="(C,c)" in bspec, fast dest: map_of_SomeD)
streckem@14045
   102
apply (drule_tac x="(C,c)" in bspec, fast dest: map_of_SomeD)
streckem@14045
   103
apply (simp add: wf_cdecl_def ws_cdecl_def wf_mdecl_def
streckem@14045
   104
  wf_cdecl_mdecl_def wf_mrT_def split_beta)
streckem@14045
   105
done
streckem@14045
   106
streckem@14045
   107
lemma class_wf_struct: 
streckem@14045
   108
 "[|class G C = Some c; ws_prog G|] 
streckem@14045
   109
  ==> ws_cdecl G (C,c)"
streckem@14045
   110
apply (unfold ws_prog_def class_def)
oheimb@11026
   111
apply (fast dest: map_of_SomeD)
oheimb@11026
   112
done
oheimb@11026
   113
oheimb@11026
   114
lemma class_Object [simp]: 
streckem@14045
   115
  "ws_prog G ==> \<exists>X fs ms. class G Object = Some (X,fs,ms)"
streckem@14045
   116
apply (unfold ws_prog_def wf_syscls_def class_def)
kleing@12951
   117
apply (auto simp: map_of_SomeI)
oheimb@11026
   118
done
oheimb@11026
   119
streckem@14045
   120
lemma class_Object_syscls [simp]: 
streckem@14045
   121
  "wf_syscls G ==> unique G \<Longrightarrow> \<exists>X fs ms. class G Object = Some (X,fs,ms)"
streckem@14045
   122
apply (unfold wf_syscls_def class_def)
streckem@14045
   123
apply (auto simp: map_of_SomeI)
streckem@14045
   124
done
streckem@14045
   125
streckem@14045
   126
lemma is_class_Object [simp]: "ws_prog G ==> is_class G Object"
nipkow@18576
   127
  by (simp add: is_class_def)
oheimb@11026
   128
streckem@14045
   129
lemma is_class_xcpt [simp]: "ws_prog G \<Longrightarrow> is_class G (Xcpt x)"
streckem@14045
   130
  apply (simp add: ws_prog_def wf_syscls_def)
kleing@13051
   131
  apply (simp add: is_class_def class_def)
kleing@13051
   132
  apply clarify
kleing@13051
   133
  apply (erule_tac x = x in allE)
kleing@13051
   134
  apply clarify
kleing@13051
   135
  apply (auto intro!: map_of_SomeI)
kleing@13051
   136
  done
kleing@13051
   137
haftmann@33954
   138
lemma subcls1_wfD: "[|G\<turnstile>C\<prec>C1D; ws_prog G|] ==> D \<noteq> C \<and> (D, C) \<notin> (subcls1 G)^+"
haftmann@33954
   139
apply( frule trancl.r_into_trancl [where r="subcls1 G"])
oheimb@11026
   140
apply( drule subcls1D)
oheimb@11026
   141
apply(clarify)
streckem@14045
   142
apply( drule (1) class_wf_struct)
streckem@14045
   143
apply( unfold ws_cdecl_def)
haftmann@33954
   144
apply(force simp add: reflcl_trancl [THEN sym] simp del: reflcl_trancl)
oheimb@11026
   145
done
oheimb@11026
   146
oheimb@11026
   147
lemma wf_cdecl_supD: 
streckem@14045
   148
"!!r. \<lbrakk>ws_cdecl G (C,D,r); C \<noteq> Object\<rbrakk> \<Longrightarrow> is_class G D"
streckem@14045
   149
apply (unfold ws_cdecl_def)
oheimb@11026
   150
apply (auto split add: option.split_asm)
oheimb@11026
   151
done
oheimb@11026
   152
haftmann@33954
   153
lemma subcls_asym: "[|ws_prog G; (C, D) \<in> (subcls1 G)^+|] ==> (D, C) \<notin> (subcls1 G)^+"
haftmann@33954
   154
apply(erule trancl.cases)
oheimb@11026
   155
apply(fast dest!: subcls1_wfD )
haftmann@33954
   156
apply(fast dest!: subcls1_wfD intro: trancl_trans)
oheimb@11026
   157
done
oheimb@11026
   158
haftmann@33954
   159
lemma subcls_irrefl: "[|ws_prog G; (C, D) \<in> (subcls1 G)^+|] ==> C \<noteq> D"
haftmann@33954
   160
apply (erule trancl_trans_induct)
oheimb@11026
   161
apply  (auto dest: subcls1_wfD subcls_asym)
oheimb@11026
   162
done
oheimb@11026
   163
haftmann@33954
   164
lemma acyclic_subcls1: "ws_prog G ==> acyclic (subcls1 G)"
haftmann@33954
   165
apply (simp add: acyclic_def)
oheimb@11026
   166
apply (fast dest: subcls_irrefl)
oheimb@11026
   167
done
oheimb@11026
   168
haftmann@33954
   169
lemma wf_subcls1: "ws_prog G ==> wf ((subcls1 G)^-1)"
haftmann@33954
   170
apply (rule finite_acyclic_wf)
haftmann@33954
   171
apply ( subst finite_converse)
oheimb@11026
   172
apply ( rule finite_subcls1)
haftmann@33954
   173
apply (subst acyclic_converse)
oheimb@11026
   174
apply (erule acyclic_subcls1)
oheimb@11026
   175
done
oheimb@11026
   176
haftmann@33954
   177
lemma subcls_induct_struct: 
haftmann@33954
   178
"[|ws_prog G; !!C. \<forall>D. (C, D) \<in> (subcls1 G)^+ --> P D ==> P C|] ==> P C"
oheimb@11026
   179
(is "?A \<Longrightarrow> PROP ?P \<Longrightarrow> _")
oheimb@11026
   180
proof -
oheimb@11026
   181
  assume p: "PROP ?P"
oheimb@11026
   182
  assume ?A thus ?thesis apply -
oheimb@11026
   183
apply(drule wf_subcls1)
haftmann@33954
   184
apply(drule wf_trancl)
haftmann@33954
   185
apply(simp only: trancl_converse)
haftmann@33954
   186
apply(erule_tac a = C in wf_induct)
oheimb@11026
   187
apply(rule p)
oheimb@11026
   188
apply(auto)
oheimb@11026
   189
done
oheimb@11026
   190
qed
oheimb@11026
   191
haftmann@33954
   192
lemma subcls_induct: 
haftmann@33954
   193
"[|wf_prog wf_mb G; !!C. \<forall>D. (C, D) \<in> (subcls1 G)^+ --> P D ==> P C|] ==> P C"
haftmann@33954
   194
(is "?A \<Longrightarrow> PROP ?P \<Longrightarrow> _")
haftmann@33954
   195
by (fact subcls_induct_struct [OF wf_prog_ws_prog])
haftmann@33954
   196
oheimb@11026
   197
lemma subcls1_induct:
oheimb@11026
   198
"[|is_class G C; wf_prog wf_mb G; P Object;  
oheimb@11026
   199
   !!C D fs ms. [|C \<noteq> Object; is_class G C; class G C = Some (D,fs,ms) \<and>  
oheimb@11026
   200
    wf_cdecl wf_mb G (C,D,fs,ms) \<and> G\<turnstile>C\<prec>C1D \<and> is_class G D \<and> P D|] ==> P C 
oheimb@11026
   201
 |] ==> P C"
oheimb@11026
   202
(is "?A \<Longrightarrow> ?B \<Longrightarrow> ?C \<Longrightarrow> PROP ?P \<Longrightarrow> _")
oheimb@11026
   203
proof -
oheimb@11026
   204
  assume p: "PROP ?P"
oheimb@11026
   205
  assume ?A ?B ?C thus ?thesis apply -
oheimb@11026
   206
apply(unfold is_class_def)
oheimb@11026
   207
apply( rule impE)
oheimb@11026
   208
prefer 2
oheimb@11026
   209
apply(   assumption)
oheimb@11026
   210
prefer 2
oheimb@11026
   211
apply(  assumption)
oheimb@11026
   212
apply( erule thin_rl)
oheimb@11026
   213
apply( rule subcls_induct)
oheimb@11026
   214
apply(  assumption)
oheimb@11026
   215
apply( rule impI)
oheimb@11026
   216
apply( case_tac "C = Object")
oheimb@11026
   217
apply(  fast)
paulson@18447
   218
apply auto
streckem@14045
   219
apply( frule (1) class_wf) apply (erule conjE)+
streckem@14045
   220
apply (frule wf_cdecl_ws_cdecl)
streckem@14045
   221
apply( frule (1) wf_cdecl_supD)
streckem@14045
   222
streckem@14045
   223
apply( subgoal_tac "G\<turnstile>C\<prec>C1a")
streckem@14045
   224
apply( erule_tac [2] subcls1I)
streckem@14045
   225
apply(  rule p)
streckem@14045
   226
apply (unfold is_class_def)
streckem@14045
   227
apply auto
streckem@14045
   228
done
streckem@14045
   229
qed
streckem@14045
   230
streckem@14045
   231
lemma subcls1_induct_struct:
streckem@14045
   232
"[|is_class G C; ws_prog G; P Object;  
streckem@14045
   233
   !!C D fs ms. [|C \<noteq> Object; is_class G C; class G C = Some (D,fs,ms) \<and>  
streckem@14045
   234
    ws_cdecl G (C,D,fs,ms) \<and> G\<turnstile>C\<prec>C1D \<and> is_class G D \<and> P D|] ==> P C 
streckem@14045
   235
 |] ==> P C"
streckem@14045
   236
(is "?A \<Longrightarrow> ?B \<Longrightarrow> ?C \<Longrightarrow> PROP ?P \<Longrightarrow> _")
streckem@14045
   237
proof -
streckem@14045
   238
  assume p: "PROP ?P"
streckem@14045
   239
  assume ?A ?B ?C thus ?thesis apply -
streckem@14045
   240
apply(unfold is_class_def)
streckem@14045
   241
apply( rule impE)
streckem@14045
   242
prefer 2
streckem@14045
   243
apply(   assumption)
streckem@14045
   244
prefer 2
streckem@14045
   245
apply(  assumption)
streckem@14045
   246
apply( erule thin_rl)
streckem@14045
   247
apply( rule subcls_induct_struct)
streckem@14045
   248
apply(  assumption)
streckem@14045
   249
apply( rule impI)
streckem@14045
   250
apply( case_tac "C = Object")
streckem@14045
   251
apply(  fast)
paulson@18447
   252
apply auto
streckem@14045
   253
apply( frule (1) class_wf_struct)
oheimb@11026
   254
apply( frule (1) wf_cdecl_supD)
oheimb@11026
   255
oheimb@11026
   256
apply( subgoal_tac "G\<turnstile>C\<prec>C1a")
oheimb@11026
   257
apply( erule_tac [2] subcls1I)
oheimb@11026
   258
apply(  rule p)
oheimb@11026
   259
apply (unfold is_class_def)
oheimb@11026
   260
apply auto
oheimb@11026
   261
done
oheimb@11026
   262
qed
oheimb@11026
   263
oheimb@11026
   264
lemmas method_rec = wf_subcls1 [THEN [2] method_rec_lemma];
oheimb@11026
   265
oheimb@11026
   266
lemmas fields_rec = wf_subcls1 [THEN [2] fields_rec_lemma];
oheimb@11026
   267
streckem@14045
   268
lemma field_rec: "\<lbrakk>class G C = Some (D, fs, ms); ws_prog G\<rbrakk>
streckem@13672
   269
\<Longrightarrow> field (G, C) =
streckem@13672
   270
   (if C = Object then empty else field (G, D)) ++
streckem@13672
   271
   map_of (map (\<lambda>(s, f). (s, C, f)) fs)"
streckem@13672
   272
apply (simp only: field_def)
streckem@13672
   273
apply (frule fields_rec, assumption)
streckem@13672
   274
apply (rule HOL.trans)
streckem@13672
   275
apply (simp add: o_def)
hoelzl@33640
   276
apply (simp (no_asm_use) add: split_beta split_def o_def)
streckem@13672
   277
done
streckem@13672
   278
kleing@12951
   279
lemma method_Object [simp]:
streckem@14045
   280
  "method (G, Object) sig = Some (D, mh, code) \<Longrightarrow> ws_prog G \<Longrightarrow> D = Object"  
kleing@12951
   281
  apply (frule class_Object, clarify)
kleing@12951
   282
  apply (drule method_rec, assumption)
kleing@12951
   283
  apply (auto dest: map_of_SomeD)
kleing@12951
   284
  done
oheimb@11026
   285
streckem@13672
   286
streckem@14045
   287
lemma fields_Object [simp]: "\<lbrakk> ((vn, C), T) \<in> set (fields (G, Object)); ws_prog G \<rbrakk>
streckem@13672
   288
  \<Longrightarrow> C = Object"
streckem@13672
   289
apply (frule class_Object)
streckem@13672
   290
apply clarify
streckem@13672
   291
apply (subgoal_tac "fields (G, Object) = map (\<lambda>(fn,ft). ((fn,Object),ft)) fs")
streckem@13672
   292
apply (simp add: image_iff split_beta)
streckem@13672
   293
apply auto
streckem@13672
   294
apply (rule trans)
streckem@13672
   295
apply (rule fields_rec, assumption+)
streckem@13672
   296
apply simp
streckem@13672
   297
done
streckem@13672
   298
streckem@14045
   299
lemma subcls_C_Object: "[|is_class G C; ws_prog G|] ==> G\<turnstile>C\<preceq>C Object"
streckem@14045
   300
apply(erule subcls1_induct_struct)
oheimb@11026
   301
apply(  assumption)
oheimb@11026
   302
apply( fast)
oheimb@11026
   303
apply(auto dest!: wf_cdecl_supD)
oheimb@11026
   304
done
oheimb@11026
   305
oheimb@11026
   306
lemma is_type_rTI: "wf_mhead G sig rT ==> is_type G rT"
oheimb@11026
   307
apply (unfold wf_mhead_def)
oheimb@11026
   308
apply auto
oheimb@11026
   309
done
oheimb@11026
   310
streckem@14045
   311
lemma widen_fields_defpl': "[|is_class G C; ws_prog G|] ==>  
oheimb@11026
   312
  \<forall>((fn,fd),fT)\<in>set (fields (G,C)). G\<turnstile>C\<preceq>C fd"
streckem@14045
   313
apply( erule subcls1_induct_struct)
oheimb@11026
   314
apply(   assumption)
kleing@12951
   315
apply(  frule class_Object)
kleing@12951
   316
apply(  clarify)
kleing@12951
   317
apply(  frule fields_rec, assumption)
kleing@12951
   318
apply(  fastsimp)
oheimb@11026
   319
apply( tactic "safe_tac HOL_cs")
oheimb@11026
   320
apply( subst fields_rec)
oheimb@11026
   321
apply(   assumption)
oheimb@11026
   322
apply(  assumption)
oheimb@11026
   323
apply( simp (no_asm) split del: split_if)
oheimb@11026
   324
apply( rule ballI)
oheimb@11026
   325
apply( simp (no_asm_simp) only: split_tupled_all)
oheimb@11026
   326
apply( simp (no_asm))
oheimb@11026
   327
apply( erule UnE)
oheimb@11026
   328
apply(  force)
haftmann@33954
   329
apply( erule r_into_rtrancl [THEN rtrancl_trans])
oheimb@11026
   330
apply auto
oheimb@11026
   331
done
oheimb@11026
   332
kleing@12517
   333
lemma widen_fields_defpl: 
streckem@14045
   334
  "[|((fn,fd),fT) \<in> set (fields (G,C)); ws_prog G; is_class G C|] ==>  
oheimb@11026
   335
  G\<turnstile>C\<preceq>C fd"
oheimb@11026
   336
apply( drule (1) widen_fields_defpl')
oheimb@11026
   337
apply (fast)
oheimb@11026
   338
done
oheimb@11026
   339
kleing@12517
   340
lemma unique_fields: 
streckem@14045
   341
  "[|is_class G C; ws_prog G|] ==> unique (fields (G,C))"
streckem@14045
   342
apply( erule subcls1_induct_struct)
oheimb@11026
   343
apply(   assumption)
kleing@12951
   344
apply(  frule class_Object)
kleing@12951
   345
apply(  clarify)
kleing@12951
   346
apply(  frule fields_rec, assumption)
streckem@14045
   347
apply(  drule class_wf_struct, assumption)
streckem@14045
   348
apply(  simp add: ws_cdecl_def)
kleing@12951
   349
apply(  rule unique_map_inj)
kleing@12951
   350
apply(   simp)
paulson@13585
   351
apply(  rule inj_onI)
kleing@12951
   352
apply(  simp)
kleing@12951
   353
apply( safe dest!: wf_cdecl_supD)
oheimb@11026
   354
apply( drule subcls1_wfD)
oheimb@11026
   355
apply(  assumption)
oheimb@11026
   356
apply( subst fields_rec)
oheimb@11026
   357
apply   auto
oheimb@11026
   358
apply( rotate_tac -1)
streckem@14045
   359
apply( frule class_wf_struct)
oheimb@11026
   360
apply  auto
streckem@14045
   361
apply( simp add: ws_cdecl_def)
oheimb@11026
   362
apply( erule unique_append)
oheimb@11026
   363
apply(  rule unique_map_inj)
oheimb@11026
   364
apply(   clarsimp)
paulson@13585
   365
apply  (rule inj_onI)
oheimb@11026
   366
apply(  simp)
oheimb@11026
   367
apply(auto dest!: widen_fields_defpl)
oheimb@11026
   368
done
oheimb@11026
   369
kleing@12517
   370
lemma fields_mono_lemma [rule_format (no_asm)]: 
haftmann@33954
   371
  "[|ws_prog G; (C', C) \<in> (subcls1 G)^*|] ==>  
oheimb@11026
   372
  x \<in> set (fields (G,C)) --> x \<in> set (fields (G,C'))"
haftmann@33954
   373
apply(erule converse_rtrancl_induct)
oheimb@11026
   374
apply( safe dest!: subcls1D)
oheimb@11026
   375
apply(subst fields_rec)
oheimb@11026
   376
apply(  auto)
oheimb@11026
   377
done
oheimb@11026
   378
oheimb@11026
   379
lemma fields_mono: 
streckem@14045
   380
"\<lbrakk>map_of (fields (G,C)) fn = Some f; G\<turnstile>D\<preceq>C C; is_class G D; ws_prog G\<rbrakk> 
oheimb@11026
   381
  \<Longrightarrow> map_of (fields (G,D)) fn = Some f"
oheimb@11026
   382
apply (rule map_of_SomeI)
oheimb@11026
   383
apply  (erule (1) unique_fields)
oheimb@11026
   384
apply (erule (1) fields_mono_lemma)
oheimb@11026
   385
apply (erule map_of_SomeD)
oheimb@11026
   386
done
oheimb@11026
   387
oheimb@11026
   388
lemma widen_cfs_fields: 
streckem@14045
   389
"[|field (G,C) fn = Some (fd, fT); G\<turnstile>D\<preceq>C C; ws_prog G|]==>  
oheimb@11026
   390
  map_of (fields (G,D)) (fn, fd) = Some fT"
oheimb@11026
   391
apply (drule field_fields)
haftmann@33954
   392
apply (drule rtranclD)
oheimb@11026
   393
apply safe
oheimb@11026
   394
apply (frule subcls_is_class)
haftmann@33954
   395
apply (drule trancl_into_rtrancl)
oheimb@11026
   396
apply (fast dest: fields_mono)
oheimb@11026
   397
done
oheimb@11026
   398
kleing@12517
   399
lemma method_wf_mdecl [rule_format (no_asm)]: 
kleing@12517
   400
  "wf_prog wf_mb G ==> is_class G C \<Longrightarrow>   
oheimb@11026
   401
     method (G,C) sig = Some (md,mh,m) 
oheimb@11026
   402
   --> G\<turnstile>C\<preceq>C md \<and> wf_mdecl wf_mb G md (sig,(mh,m))"
streckem@14045
   403
apply (frule wf_prog_ws_prog)
oheimb@11026
   404
apply( erule subcls1_induct)
oheimb@11026
   405
apply(   assumption)
kleing@12951
   406
apply(  clarify) 
kleing@12951
   407
apply(  frule class_Object)
kleing@12951
   408
apply(  clarify)
kleing@12951
   409
apply(  frule method_rec, assumption)
kleing@12951
   410
apply(  drule class_wf, assumption)
kleing@12951
   411
apply(  simp add: wf_cdecl_def)
kleing@12951
   412
apply(  drule map_of_SomeD)
kleing@12951
   413
apply(  subgoal_tac "md = Object")
streckem@14045
   414
apply(   fastsimp) 
kleing@12951
   415
apply(  fastsimp)
oheimb@11026
   416
apply( clarify)
oheimb@11026
   417
apply( frule_tac C = C in method_rec)
oheimb@11026
   418
apply(  assumption)
oheimb@11026
   419
apply( rotate_tac -1)
oheimb@11026
   420
apply( simp)
nipkow@14025
   421
apply( drule map_add_SomeD)
oheimb@11026
   422
apply( erule disjE)
oheimb@11026
   423
apply(  erule_tac V = "?P --> ?Q" in thin_rl)
oheimb@11026
   424
apply (frule map_of_SomeD)
oheimb@11026
   425
apply (clarsimp simp add: wf_cdecl_def)
oheimb@11026
   426
apply( clarify)
haftmann@33954
   427
apply( rule rtrancl_trans)
oheimb@11026
   428
prefer 2
oheimb@11026
   429
apply(  assumption)
haftmann@33954
   430
apply( rule r_into_rtrancl)
oheimb@11026
   431
apply( fast intro: subcls1I)
oheimb@11026
   432
done
oheimb@11026
   433
streckem@13672
   434
streckem@14045
   435
lemma method_wf_mhead [rule_format (no_asm)]: 
streckem@14045
   436
  "ws_prog G ==> is_class G C \<Longrightarrow>   
streckem@14045
   437
     method (G,C) sig = Some (md,rT,mb) 
streckem@14045
   438
   --> G\<turnstile>C\<preceq>C md \<and> wf_mhead G sig rT"
streckem@14045
   439
apply( erule subcls1_induct_struct)
streckem@14045
   440
apply(   assumption)
streckem@14045
   441
apply(  clarify) 
streckem@14045
   442
apply(  frule class_Object)
streckem@14045
   443
apply(  clarify)
streckem@14045
   444
apply(  frule method_rec, assumption)
streckem@14045
   445
apply(  drule class_wf_struct, assumption)
streckem@14045
   446
apply(  simp add: ws_cdecl_def)
streckem@14045
   447
apply(  drule map_of_SomeD)
streckem@14045
   448
apply(  subgoal_tac "md = Object")
streckem@14045
   449
apply(   fastsimp)
streckem@14045
   450
apply(  fastsimp)
streckem@14045
   451
apply( clarify)
streckem@14045
   452
apply( frule_tac C = C in method_rec)
streckem@14045
   453
apply(  assumption)
streckem@14045
   454
apply( rotate_tac -1)
streckem@14045
   455
apply( simp)
streckem@14045
   456
apply( drule map_add_SomeD)
streckem@14045
   457
apply( erule disjE)
streckem@14045
   458
apply(  erule_tac V = "?P --> ?Q" in thin_rl)
streckem@14045
   459
apply (frule map_of_SomeD)
streckem@14045
   460
apply (clarsimp simp add: ws_cdecl_def)
streckem@14045
   461
apply blast
streckem@14045
   462
apply clarify
haftmann@33954
   463
apply( rule rtrancl_trans)
streckem@14045
   464
prefer 2
streckem@14045
   465
apply(  assumption)
haftmann@33954
   466
apply( rule r_into_rtrancl)
streckem@14045
   467
apply( fast intro: subcls1I)
streckem@13672
   468
done
streckem@13672
   469
oheimb@11026
   470
lemma subcls_widen_methd [rule_format (no_asm)]: 
streckem@14045
   471
  "[|G\<turnstile>T'\<preceq>C T; wf_prog wf_mb G|] ==>  
streckem@14045
   472
   \<forall>D rT b. method (G,T) sig = Some (D,rT ,b) --> 
streckem@14045
   473
  (\<exists>D' rT' b'. method (G,T') sig = Some (D',rT',b') \<and> G\<turnstile>D'\<preceq>C D \<and> G\<turnstile>rT'\<preceq>rT)"
haftmann@33954
   474
apply( drule rtranclD)
oheimb@11026
   475
apply( erule disjE)
oheimb@11026
   476
apply(  fast)
oheimb@11026
   477
apply( erule conjE)
haftmann@33954
   478
apply( erule trancl_trans_induct)
oheimb@11026
   479
prefer 2
oheimb@11026
   480
apply(  clarify)
oheimb@11026
   481
apply(  drule spec, drule spec, drule spec, erule (1) impE)
haftmann@33954
   482
apply(  fast elim: widen_trans rtrancl_trans)
oheimb@11026
   483
apply( clarify)
oheimb@11026
   484
apply( drule subcls1D)
oheimb@11026
   485
apply( clarify)
oheimb@11026
   486
apply( subst method_rec)
oheimb@11026
   487
apply(  assumption)
nipkow@14025
   488
apply( unfold map_add_def)
streckem@14045
   489
apply( simp (no_asm_simp) add: wf_prog_ws_prog del: split_paired_Ex)
oheimb@11026
   490
apply( case_tac "\<exists>z. map_of(map (\<lambda>(s,m). (s, ?C, m)) ms) sig = Some z")
oheimb@11026
   491
apply(  erule exE)
oheimb@11026
   492
apply(  rotate_tac -1, frule ssubst, erule_tac [2] asm_rl)
oheimb@11026
   493
prefer 2
oheimb@11026
   494
apply(  rotate_tac -1, frule ssubst, erule_tac [2] asm_rl)
haftmann@22633
   495
apply(  tactic "asm_full_simp_tac (HOL_ss addsimps [@{thm not_None_eq} RS sym]) 1")
oheimb@11026
   496
apply(  simp_all (no_asm_simp) del: split_paired_Ex)
streckem@14045
   497
apply( frule (1) class_wf)
oheimb@11026
   498
apply( simp (no_asm_simp) only: split_tupled_all)
oheimb@11026
   499
apply( unfold wf_cdecl_def)
oheimb@11026
   500
apply( drule map_of_SomeD)
streckem@14045
   501
apply (auto simp add: wf_mrT_def)
haftmann@33954
   502
apply (rule rtrancl_trans)
streckem@14045
   503
defer
streckem@14045
   504
apply (rule method_wf_mhead [THEN conjunct1])
streckem@14045
   505
apply (simp only: wf_prog_def)
streckem@14045
   506
apply (simp add: is_class_def)
streckem@14045
   507
apply assumption
streckem@14045
   508
apply (auto intro: subcls1I)
oheimb@11026
   509
done
oheimb@11026
   510
streckem@14045
   511
oheimb@11026
   512
lemma subtype_widen_methd: 
oheimb@11026
   513
 "[| G\<turnstile> C\<preceq>C D; wf_prog wf_mb G;  
oheimb@11026
   514
     method (G,D) sig = Some (md, rT, b) |]  
oheimb@11026
   515
  ==> \<exists>mD' rT' b'. method (G,C) sig= Some(mD',rT',b') \<and> G\<turnstile>rT'\<preceq>rT"
streckem@14045
   516
apply(auto dest: subcls_widen_methd 
kleing@12517
   517
           simp add: wf_mdecl_def wf_mhead_def split_def)
oheimb@11026
   518
done
oheimb@11026
   519
streckem@14045
   520
kleing@12517
   521
lemma method_in_md [rule_format (no_asm)]: 
streckem@14045
   522
  "ws_prog G ==> is_class G C \<Longrightarrow> \<forall>D. method (G,C) sig = Some(D,mh,code) 
kleing@12517
   523
  --> is_class G D \<and> method (G,D) sig = Some(D,mh,code)"
streckem@14045
   524
apply (erule (1) subcls1_induct_struct)
kleing@12951
   525
 apply clarify
kleing@12951
   526
 apply (frule method_Object, assumption)
kleing@12951
   527
 apply hypsubst
kleing@12951
   528
 apply simp
oheimb@11026
   529
apply (erule conjE)
paulson@15481
   530
apply (simplesubst method_rec, assumption+)
oheimb@11026
   531
apply (clarify)
ballarin@14174
   532
apply (erule_tac x = "Da" in allE)
oheimb@11026
   533
apply (clarsimp)
oheimb@11026
   534
 apply (simp add: map_of_map)
oheimb@11026
   535
 apply (clarify)
paulson@15481
   536
 apply (subst method_rec, assumption+)
nipkow@14025
   537
 apply (simp add: map_add_def map_of_map split add: option.split)
oheimb@11026
   538
done
oheimb@11026
   539
streckem@13672
   540
streckem@14045
   541
lemma method_in_md_struct [rule_format (no_asm)]: 
streckem@14045
   542
  "ws_prog G ==> is_class G C \<Longrightarrow> \<forall>D. method (G,C) sig = Some(D,mh,code) 
streckem@14045
   543
  --> is_class G D \<and> method (G,D) sig = Some(D,mh,code)"
streckem@14045
   544
apply (erule (1) subcls1_induct_struct)
streckem@14045
   545
 apply clarify
streckem@14045
   546
 apply (frule method_Object, assumption)
streckem@14045
   547
 apply hypsubst
streckem@14045
   548
 apply simp
streckem@14045
   549
apply (erule conjE)
paulson@15481
   550
apply (simplesubst method_rec, assumption+)
streckem@14045
   551
apply (clarify)
ballarin@14174
   552
apply (erule_tac x = "Da" in allE)
streckem@14045
   553
apply (clarsimp)
streckem@14045
   554
 apply (simp add: map_of_map)
streckem@14045
   555
 apply (clarify)
paulson@15481
   556
 apply (subst method_rec, assumption+)
streckem@14045
   557
 apply (simp add: map_add_def map_of_map split add: option.split)
streckem@14045
   558
done
streckem@14045
   559
streckem@13672
   560
lemma fields_in_fd [rule_format (no_asm)]: "\<lbrakk> wf_prog wf_mb G; is_class G C\<rbrakk>
streckem@13672
   561
  \<Longrightarrow> \<forall> vn D T. (((vn,D),T) \<in> set (fields (G,C))
streckem@13672
   562
  \<longrightarrow> (is_class G D \<and> ((vn,D),T) \<in> set (fields (G,D))))"
streckem@13672
   563
apply (erule (1) subcls1_induct)
streckem@13672
   564
streckem@13672
   565
apply clarify
streckem@14045
   566
apply (frule wf_prog_ws_prog)
streckem@13672
   567
apply (frule fields_Object, assumption+)
streckem@13672
   568
apply (simp only: is_class_Object) apply simp
streckem@13672
   569
streckem@13672
   570
apply clarify
streckem@13672
   571
apply (frule fields_rec)
streckem@14045
   572
apply (simp (no_asm_simp) add: wf_prog_ws_prog)
streckem@13672
   573
streckem@13672
   574
apply (case_tac "Da=C")
wenzelm@32960
   575
apply blast                     (* case Da=C *)
streckem@13672
   576
streckem@13672
   577
apply (subgoal_tac "((vn, Da), T) \<in> set (fields (G, D))") apply blast
streckem@13672
   578
apply (erule thin_rl)
streckem@13672
   579
apply (rotate_tac 1)
streckem@13672
   580
apply (erule thin_rl, erule thin_rl, erule thin_rl, 
streckem@13672
   581
      erule thin_rl, erule thin_rl, erule thin_rl)
streckem@13672
   582
apply auto
streckem@13672
   583
done
streckem@13672
   584
streckem@13672
   585
lemma field_in_fd [rule_format (no_asm)]: "\<lbrakk> wf_prog wf_mb G; is_class G C\<rbrakk>
streckem@13672
   586
  \<Longrightarrow> \<forall> vn D T. (field (G,C) vn = Some(D,T) 
streckem@13672
   587
  \<longrightarrow> is_class G D \<and> field (G,D) vn = Some(D,T))"
streckem@13672
   588
apply (erule (1) subcls1_induct)
streckem@13672
   589
streckem@13672
   590
apply clarify
streckem@13672
   591
apply (frule field_fields)
streckem@13672
   592
apply (drule map_of_SomeD)
streckem@14045
   593
apply (frule wf_prog_ws_prog)
streckem@13672
   594
apply (drule fields_Object, assumption+)
streckem@13672
   595
apply simp
streckem@13672
   596
streckem@13672
   597
apply clarify
streckem@13672
   598
apply (subgoal_tac "((field (G, D)) ++ map_of (map (\<lambda>(s, f). (s, C, f)) fs)) vn = Some (Da, T)")
nipkow@14025
   599
apply (simp (no_asm_use) only: map_add_Some_iff)
streckem@13672
   600
apply (erule disjE)
streckem@13672
   601
apply (simp (no_asm_use) add: map_of_map) apply blast
streckem@13672
   602
apply blast
streckem@13672
   603
apply (rule trans [THEN sym], rule sym, assumption)
streckem@13672
   604
apply (rule_tac x=vn in fun_cong)
streckem@13672
   605
apply (rule trans, rule field_rec, assumption+)
streckem@14045
   606
apply (simp (no_asm_simp) add: wf_prog_ws_prog) 
streckem@13672
   607
apply (simp (no_asm_use)) apply blast
streckem@13672
   608
done
streckem@13672
   609
streckem@13672
   610
oheimb@11026
   611
lemma widen_methd: 
oheimb@11026
   612
"[| method (G,C) sig = Some (md,rT,b); wf_prog wf_mb G; G\<turnstile>T''\<preceq>C C|] 
oheimb@11026
   613
  ==> \<exists>md' rT' b'. method (G,T'') sig = Some (md',rT',b') \<and> G\<turnstile>rT'\<preceq>rT"
oheimb@11026
   614
apply( drule subcls_widen_methd)
oheimb@11026
   615
apply   auto
oheimb@11026
   616
done
oheimb@11026
   617
streckem@13672
   618
lemma widen_field: "\<lbrakk> (field (G,C) fn) = Some (fd, fT); wf_prog wf_mb G; is_class G C \<rbrakk>
streckem@13672
   619
  \<Longrightarrow> G\<turnstile>C\<preceq>C fd"
streckem@13672
   620
apply (rule widen_fields_defpl)
streckem@13672
   621
apply (simp add: field_def)
streckem@13672
   622
apply (rule map_of_SomeD)
streckem@13672
   623
apply (rule table_of_remap_SomeD) 
streckem@13672
   624
apply assumption+
streckem@14045
   625
apply (simp (no_asm_simp) add: wf_prog_ws_prog)+
streckem@13672
   626
done
streckem@13672
   627
oheimb@11026
   628
lemma Call_lemma: 
oheimb@11026
   629
"[|method (G,C) sig = Some (md,rT,b); G\<turnstile>T''\<preceq>C C; wf_prog wf_mb G;  
oheimb@11026
   630
  class G C = Some y|] ==> \<exists>T' rT' b. method (G,T'') sig = Some (T',rT',b) \<and>  
oheimb@11026
   631
  G\<turnstile>rT'\<preceq>rT \<and> G\<turnstile>T''\<preceq>C T' \<and> wf_mhead G sig rT' \<and> wf_mb G T' (sig,rT',b)"
oheimb@11026
   632
apply( drule (2) widen_methd)
oheimb@11026
   633
apply( clarify)
oheimb@11026
   634
apply( frule subcls_is_class2)
oheimb@11026
   635
apply (unfold is_class_def)
oheimb@11026
   636
apply (simp (no_asm_simp))
oheimb@11026
   637
apply( drule method_wf_mdecl)
oheimb@11026
   638
apply( unfold wf_mdecl_def)
oheimb@11026
   639
apply( unfold is_class_def)
oheimb@11026
   640
apply auto
oheimb@11026
   641
done
oheimb@11026
   642
kleing@12517
   643
lemma fields_is_type_lemma [rule_format (no_asm)]: 
streckem@14045
   644
  "[|is_class G C; ws_prog G|] ==>  
oheimb@11026
   645
  \<forall>f\<in>set (fields (G,C)). is_type G (snd f)"
streckem@14045
   646
apply( erule (1) subcls1_induct_struct)
kleing@12951
   647
apply(  frule class_Object)
kleing@12951
   648
apply(  clarify)
kleing@12951
   649
apply(  frule fields_rec, assumption)
streckem@14045
   650
apply(  drule class_wf_struct, assumption)
streckem@14045
   651
apply(  simp add: ws_cdecl_def wf_fdecl_def)
kleing@12951
   652
apply(  fastsimp)
oheimb@11026
   653
apply( subst fields_rec)
oheimb@11026
   654
apply(   fast)
oheimb@11026
   655
apply(  assumption)
oheimb@11026
   656
apply( clarsimp)
oheimb@11026
   657
apply( safe)
oheimb@11026
   658
prefer 2
oheimb@11026
   659
apply(  force)
streckem@14045
   660
apply( drule (1) class_wf_struct)
streckem@14045
   661
apply( unfold ws_cdecl_def)
oheimb@11026
   662
apply( clarsimp)
oheimb@11026
   663
apply( drule (1) bspec)
oheimb@11026
   664
apply( unfold wf_fdecl_def)
oheimb@11026
   665
apply auto
oheimb@11026
   666
done
oheimb@11026
   667
streckem@14045
   668
kleing@12517
   669
lemma fields_is_type: 
streckem@14045
   670
  "[|map_of (fields (G,C)) fn = Some f; ws_prog G; is_class G C|] ==>  
oheimb@11026
   671
  is_type G f"
oheimb@11026
   672
apply(drule map_of_SomeD)
oheimb@11026
   673
apply(drule (2) fields_is_type_lemma)
oheimb@11026
   674
apply(auto)
oheimb@11026
   675
done
oheimb@11026
   676
streckem@14045
   677
streckem@14045
   678
lemma field_is_type: "\<lbrakk> ws_prog G; is_class G C; field (G, C) fn = Some (fd, fT) \<rbrakk>
streckem@14045
   679
  \<Longrightarrow> is_type G fT"
streckem@14045
   680
apply (frule_tac f="((fn, fd), fT)" in fields_is_type_lemma)
streckem@14045
   681
apply (auto simp add: field_def dest: map_of_SomeD)
streckem@14045
   682
done
streckem@14045
   683
streckem@14045
   684
oheimb@11026
   685
lemma methd:
streckem@14045
   686
  "[| ws_prog G; (C,S,fs,mdecls) \<in> set G; (sig,rT,code) \<in> set mdecls |]
oheimb@11026
   687
  ==> method (G,C) sig = Some(C,rT,code) \<and> is_class G C"
oheimb@11026
   688
proof -
streckem@14045
   689
  assume wf: "ws_prog G" and C:  "(C,S,fs,mdecls) \<in> set G" and
kleing@12951
   690
         m: "(sig,rT,code) \<in> set mdecls"
oheimb@11026
   691
  moreover
kleing@12951
   692
  from wf C have "class G C = Some (S,fs,mdecls)"
streckem@14045
   693
    by (auto simp add: ws_prog_def class_def is_class_def intro: map_of_SomeI)
kleing@12951
   694
  moreover
kleing@12951
   695
  from wf C 
streckem@14045
   696
  have "unique mdecls" by (unfold ws_prog_def ws_cdecl_def) auto
kleing@12951
   697
  hence "unique (map (\<lambda>(s,m). (s,C,m)) mdecls)" by (induct mdecls, auto)  
kleing@12951
   698
  with m 
kleing@12951
   699
  have "map_of (map (\<lambda>(s,m). (s,C,m)) mdecls) sig = Some (C,rT,code)"
kleing@12951
   700
    by (force intro: map_of_SomeI)
oheimb@11026
   701
  ultimately
kleing@12517
   702
  show ?thesis by (auto simp add: is_class_def dest: method_rec)
oheimb@11026
   703
qed
nipkow@8011
   704
kleing@12951
   705
kleing@12951
   706
lemma wf_mb'E:
kleing@12951
   707
  "\<lbrakk> wf_prog wf_mb G; \<And>C S fs ms m.\<lbrakk>(C,S,fs,ms) \<in> set G; m \<in> set ms\<rbrakk> \<Longrightarrow> wf_mb' G C m \<rbrakk>
kleing@12951
   708
  \<Longrightarrow> wf_prog wf_mb' G"
streckem@14045
   709
  apply (simp only: wf_prog_def)
kleing@12951
   710
  apply auto
streckem@14045
   711
  apply (simp add: wf_cdecl_mdecl_def)
kleing@12951
   712
  apply safe
kleing@12951
   713
  apply (drule bspec, assumption) apply simp
kleing@12951
   714
  done
kleing@12951
   715
kleing@12951
   716
kleing@12951
   717
lemma fst_mono: "A \<subseteq> B \<Longrightarrow> fst ` A \<subseteq> fst ` B" by fast
kleing@12951
   718
kleing@12951
   719
lemma wf_syscls:
kleing@12951
   720
  "set SystemClasses \<subseteq> set G \<Longrightarrow> wf_syscls G"
kleing@12951
   721
  apply (drule fst_mono)
kleing@12951
   722
  apply (simp add: SystemClasses_def wf_syscls_def)
kleing@12951
   723
  apply (simp add: ObjectC_def) 
kleing@12951
   724
  apply (rule allI, case_tac x)
kleing@12951
   725
  apply (auto simp add: NullPointerC_def ClassCastC_def OutOfMemoryC_def)
kleing@12951
   726
  done
kleing@12951
   727
nipkow@8011
   728
end