src/HOL/MicroJava/BV/LBVComplete.thy
author kleing
Thu Apr 04 16:48:00 2002 +0200 (2002-04-04)
changeset 13078 1dd711c6b93c
parent 13074 96bf406fd3e5
child 13101 90b31354fe15
permissions -rw-r--r--
flattened, uses locales
kleing@8388
     1
(*  Title:      HOL/MicroJava/BV/LBVComplete.thy
kleing@8388
     2
    ID:         $Id$
kleing@8388
     3
    Author:     Gerwin Klein
kleing@8388
     4
    Copyright   2000 Technische Universitaet Muenchen
kleing@9054
     5
*)
kleing@8388
     6
kleing@12911
     7
header {* \isaheader{Completeness of the LBV} *}
kleing@8388
     8
kleing@13064
     9
theory LBVComplete = LBVSpec + Typing_Framework:
kleing@9549
    10
kleing@8388
    11
constdefs
kleing@13078
    12
  is_target :: "['s step_type, 's list, nat] \<Rightarrow> bool" 
kleing@13078
    13
  "is_target step phi pc' \<equiv>
kleing@13078
    14
     \<exists>pc s'. pc' \<noteq> pc+1 \<and> pc < length phi \<and> (pc',s') \<in> set (step pc (phi!pc))"
kleing@8388
    15
kleing@13078
    16
  make_cert :: "['s step_type, 's list, 's] \<Rightarrow> 's certificate"
kleing@13078
    17
  "make_cert step phi B \<equiv> 
kleing@13078
    18
     map (\<lambda>pc. if is_target step phi pc then phi!pc else B) [0..length phi(] @ [B]"
kleing@13078
    19
kleing@13078
    20
locale lbvc = lbv + 
kleing@13078
    21
  fixes phi :: "'a list" ("\<phi>")
kleing@13078
    22
  fixes c   :: "'a list" 
kleing@13078
    23
  defines cert_def: "c \<equiv> make_cert step \<phi> \<bottom>"
kleing@9012
    24
kleing@13078
    25
  assumes mono: "mono r step (length \<phi>) A"
kleing@13078
    26
  assumes pres: "pres_type step (length \<phi>) A" 
kleing@13078
    27
  assumes phi:  "\<forall>pc < length \<phi>. \<phi>!pc \<in> A \<and> \<phi>!pc \<noteq> \<top>"
kleing@13078
    28
  assumes bounded: "bounded step (length \<phi>)"
kleing@13078
    29
kleing@13078
    30
  assumes B_neq_T: "\<bottom> \<noteq> \<top>" 
kleing@13078
    31
kleing@8388
    32
kleing@13078
    33
lemma (in lbvc) cert: "cert_ok c (length \<phi>) \<top> \<bottom> A"
kleing@13078
    34
proof (unfold cert_ok_def, intro strip conjI)  
kleing@13078
    35
  note [simp] = make_cert_def cert_def nth_append 
kleing@13078
    36
kleing@13078
    37
  show "c!length \<phi> = \<bottom>" by simp
kleing@9757
    38
kleing@13078
    39
  fix pc assume pc: "pc < length \<phi>" 
kleing@13078
    40
  from pc phi B_A show "c!pc \<in> A" by simp
kleing@13078
    41
  from pc phi B_neq_T show "c!pc \<noteq> \<top>" by simp
kleing@13078
    42
qed
kleing@13078
    43
kleing@9559
    44
lemmas [simp del] = split_paired_Ex
kleing@9559
    45
kleing@9012
    46
kleing@13078
    47
lemma (in lbvc) cert_target [intro?]:
kleing@13078
    48
  "\<lbrakk> (pc',s') \<in> set (step pc (\<phi>!pc));
kleing@13078
    49
      pc' \<noteq> pc+1; pc < length \<phi>; pc' < length \<phi> \<rbrakk>
kleing@13078
    50
  \<Longrightarrow> c!pc' = \<phi>!pc'"
kleing@13078
    51
  by (auto simp add: cert_def make_cert_def nth_append is_target_def)
kleing@9012
    52
kleing@9549
    53
kleing@13078
    54
lemma (in lbvc) cert_approx [intro?]:
kleing@13078
    55
  "\<lbrakk> pc < length \<phi>; c!pc \<noteq> \<bottom> \<rbrakk>
kleing@13078
    56
  \<Longrightarrow> c!pc = \<phi>!pc"
kleing@13078
    57
  by (auto simp add: cert_def make_cert_def nth_append)
kleing@13064
    58
kleing@13064
    59
kleing@13078
    60
lemma (in lbv) le_top [simp, intro]:
kleing@13078
    61
  "x <=_r \<top>"
kleing@13078
    62
  by (insert top) simp
kleing@13078
    63
  
kleing@13078
    64
kleing@13078
    65
lemma (in lbv) merge_mono:
kleing@13078
    66
  assumes less:  "ss2 <=|r| ss1"
kleing@13078
    67
  assumes x:     "x \<in> A"
kleing@13078
    68
  assumes ss1:   "snd`set ss1 \<subseteq> A"
kleing@13078
    69
  assumes ss2:   "snd`set ss2 \<subseteq> A"
kleing@13078
    70
  shows "merge c pc ss2 x <=_r merge c pc ss1 x" (is "?s2 <=_r ?s1")
kleing@13064
    71
proof-
kleing@13078
    72
  have "?s1 = \<top> \<Longrightarrow> ?thesis" by simp
kleing@13070
    73
  moreover {
kleing@13078
    74
    assume merge: "?s1 \<noteq> T" 
kleing@13078
    75
    from x ss1 have "?s1 =
kleing@13078
    76
      (if \<forall>(pc', s')\<in>set ss1. pc' \<noteq> pc + 1 \<longrightarrow> s' <=_r c!pc'
kleing@13078
    77
      then (map snd [(p', t')\<in>ss1 . p'=pc+1]) ++_f x
kleing@13078
    78
      else \<top>)" 
kleing@13078
    79
      by (rule merge_def)  
kleing@13078
    80
    with merge obtain
kleing@13078
    81
      app: "\<forall>(pc',s')\<in>set ss1. pc' \<noteq> pc+1 \<longrightarrow> s' <=_r c!pc'" 
kleing@13078
    82
           (is "?app ss1") and
kleing@13078
    83
      sum: "(map snd [(p',t')\<in>ss1 . p' = pc+1] ++_f x) = ?s1" 
kleing@13078
    84
           (is "?map ss1 ++_f x = _" is "?sum ss1 = _")
kleing@13078
    85
      by (simp split: split_if_asm)
kleing@13078
    86
    from app less 
kleing@13078
    87
    have "?app ss2" by (blast dest: trans_r lesub_step_typeD)
kleing@13070
    88
    moreover {
kleing@13078
    89
      from ss1 have map1: "set (?map ss1) \<subseteq> A" by auto
kleing@13078
    90
      with x have "?sum ss1 \<in> A" by (auto intro!: plusplus_closed)
kleing@13078
    91
      with sum have "?s1 \<in> A" by simp
kleing@13078
    92
      moreover    
kleing@13078
    93
      have mapD: "\<And>x ss. x \<in> set (?map ss) \<Longrightarrow> \<exists>p. (p,x) \<in> set ss \<and> p=pc+1" by auto
kleing@13078
    94
      from x map1 
kleing@13078
    95
      have "\<forall>x \<in> set (?map ss1). x <=_r ?sum ss1"
kleing@13078
    96
        by clarify (rule pp_ub1)
kleing@13078
    97
      with sum have "\<forall>x \<in> set (?map ss1). x <=_r ?s1" by simp
kleing@13078
    98
      with less have "\<forall>x \<in> set (?map ss2). x <=_r ?s1"
kleing@13078
    99
        by (fastsimp dest!: mapD lesub_step_typeD intro: trans_r)
kleing@13078
   100
      moreover 
kleing@13078
   101
      from map1 x have "x <=_r (?sum ss1)" by (rule pp_ub2)
kleing@13078
   102
      with sum have "x <=_r ?s1" by simp
kleing@13078
   103
      moreover 
kleing@13078
   104
      from ss2 have "set (?map ss2) \<subseteq> A" by auto
kleing@13078
   105
      ultimately
kleing@13078
   106
      have "?sum ss2 <=_r ?s1" using x by - (rule pp_lub)
kleing@13078
   107
    }
kleing@13078
   108
    moreover
kleing@13078
   109
    from x ss2 have 
kleing@13078
   110
      "?s2 =
kleing@13078
   111
      (if \<forall>(pc', s')\<in>set ss2. pc' \<noteq> pc + 1 \<longrightarrow> s' <=_r c!pc'
kleing@13078
   112
      then map snd [(p', t')\<in>ss2 . p' = pc + 1] ++_f x
kleing@13078
   113
      else \<top>)" 
kleing@13078
   114
      by (rule merge_def)
kleing@13078
   115
    ultimately have ?thesis by simp
kleing@13070
   116
  }
kleing@13078
   117
  ultimately show ?thesis by (cases "?s1 = \<top>") auto
kleing@13064
   118
qed
kleing@13064
   119
kleing@13064
   120
kleing@13078
   121
lemma (in lbvc) wti_mono:
kleing@13078
   122
  assumes less: "s2 <=_r s1"
kleing@13078
   123
  assumes pc:   "pc < length \<phi>" 
kleing@13078
   124
  assumes s1:   "s1 \<in> A"
kleing@13078
   125
  assumes s2:   "s2 \<in> A"
kleing@13078
   126
  shows "wti c pc s2 <=_r wti c pc s1" (is "?s2' <=_r ?s1'")
kleing@9549
   127
proof -
kleing@13078
   128
  from mono s2 have "step pc s2 <=|r| step pc s1" by - (rule monoD)
kleing@13071
   129
  moreover
kleing@13078
   130
  from pc cert have "c!Suc pc \<in> A" by - (rule cert_okD3)
kleing@13078
   131
  moreover 
kleing@13078
   132
  from pres s1 pc
kleing@13078
   133
  have "snd`set (step pc s1) \<subseteq> A" by (rule pres_typeD2)
kleing@13071
   134
  moreover
kleing@13071
   135
  from pres s2 pc
kleing@13078
   136
  have "snd`set (step pc s2) \<subseteq> A" by (rule pres_typeD2)
kleing@13071
   137
  ultimately
kleing@13078
   138
  show ?thesis by (simp add: wti merge_mono)
kleing@13071
   139
qed 
kleing@9012
   140
kleing@13078
   141
lemma (in lbvc) wtc_mono:
kleing@13078
   142
  assumes less: "s2 <=_r s1"
kleing@13078
   143
  assumes pc:   "pc < length \<phi>" 
kleing@13078
   144
  assumes s1:   "s1 \<in> A"
kleing@13078
   145
  assumes s2:   "s2 \<in> A"
kleing@13078
   146
  shows "wtc c pc s2 <=_r wtc c pc s1" (is "?s2' <=_r ?s1'")
kleing@13078
   147
proof (cases "c!pc = \<bottom>")
kleing@13078
   148
  case True 
kleing@13078
   149
  moreover have "wti c pc s2 <=_r wti c pc s1" by (rule wti_mono)
kleing@13078
   150
  ultimately show ?thesis by (simp add: wtc)
kleing@13071
   151
next
kleing@13078
   152
  case False
kleing@13078
   153
  have "?s1' = \<top> \<Longrightarrow> ?thesis" by simp
kleing@13078
   154
  moreover {
kleing@13078
   155
    assume "?s1' \<noteq> \<top>" 
kleing@13078
   156
    with False have c: "s1 <=_r c!pc" by (simp add: wtc split: split_if_asm)
kleing@13078
   157
    with less have "s2 <=_r c!pc" ..
kleing@13078
   158
    with False c have ?thesis by (simp add: wtc)
kleing@13078
   159
  }
kleing@13078
   160
  ultimately show ?thesis by (cases "?s1' = \<top>") auto
kleing@9376
   161
qed
kleing@9757
   162
kleing@9559
   163
kleing@13078
   164
lemma (in lbv) top_le_conv [simp]:
kleing@13078
   165
  "\<top> <=_r x = (x = \<top>)"
kleing@13078
   166
  by (insert semilat) (simp add: top top_le_conv) 
kleing@13078
   167
kleing@13078
   168
lemma (in lbv) neq_top [simp, elim]:
kleing@13078
   169
  "\<lbrakk> x <=_r y; y \<noteq> \<top> \<rbrakk> \<Longrightarrow> x \<noteq> \<top>"
kleing@13078
   170
  by (cases "x = T") auto
kleing@13078
   171
kleing@13078
   172
kleing@13078
   173
lemma (in lbvc) stable_wti:
kleing@13078
   174
  assumes stable:  "stable r step \<phi> pc"
kleing@13078
   175
  assumes pc:      "pc < length \<phi>"
kleing@13078
   176
  shows "wti c pc (\<phi>!pc) \<noteq> \<top>"
kleing@9559
   177
proof -
kleing@13078
   178
  let ?step = "step pc (\<phi>!pc)"
kleing@13071
   179
  from stable 
kleing@13078
   180
  have less: "\<forall>(q,s')\<in>set ?step. s' <=_r \<phi>!q" by (simp add: stable_def)
kleing@13071
   181
  
kleing@13078
   182
  from cert pc 
kleing@13078
   183
  have cert_suc: "c!Suc pc \<in> A" by - (rule cert_okD3)
kleing@13071
   184
  moreover  
kleing@13078
   185
  from phi pc have "\<phi>!pc \<in> A" by simp
kleing@13071
   186
  with pres pc 
kleing@13078
   187
  have stepA: "snd`set ?step \<subseteq> A" by - (rule pres_typeD2)  
kleing@13071
   188
  ultimately
kleing@13078
   189
  have "merge c pc ?step (c!Suc pc) =
kleing@13078
   190
    (if \<forall>(pc',s')\<in>set ?step. pc'\<noteq>pc+1 \<longrightarrow> s' <=_r c!pc'
kleing@13078
   191
    then map snd [(p',t')\<in>?step.p'=pc+1] ++_f c!Suc pc
kleing@13078
   192
    else \<top>)" by (rule merge_def)
kleing@13071
   193
  moreover {
kleing@13071
   194
    fix pc' s' assume s': "(pc', s') \<in> set ?step" and suc_pc: "pc' \<noteq> pc+1"
kleing@13078
   195
    with less have "s' <=_r \<phi>!pc'" by auto
kleing@13078
   196
    also 
kleing@13078
   197
    from bounded pc s' have "pc' < length \<phi>" by (rule boundedD)
kleing@13078
   198
    with s' suc_pc pc have "c!pc' = \<phi>!pc'" ..
kleing@13078
   199
    hence "\<phi>!pc' = c!pc'" ..
kleing@13078
   200
    finally have "s' <=_r c!pc'" .
kleing@13078
   201
  } hence "\<forall>(pc',s')\<in>set ?step. pc'\<noteq>pc+1 \<longrightarrow> s' <=_r c!pc'" by auto
kleing@13071
   202
  moreover
kleing@13078
   203
  from pc have "Suc pc = length \<phi> \<or> Suc pc < length \<phi>" by auto
kleing@13078
   204
  hence "map snd [(p',t')\<in>?step.p'=pc+1] ++_f c!Suc pc \<noteq> \<top>" 
kleing@13078
   205
         (is "?map ++_f _ \<noteq> _")
kleing@13071
   206
  proof (rule disjE)
kleing@13078
   207
    assume pc': "Suc pc = length \<phi>"
kleing@13078
   208
    with cert have "c!Suc pc = \<bottom>" by (simp add: cert_okD2)
kleing@13071
   209
    moreover 
kleing@13078
   210
    from pc' bounded pc 
kleing@13071
   211
    have "\<forall>(p',t')\<in>set ?step. p'\<noteq>pc+1" by clarify (drule boundedD, auto)
kleing@13071
   212
    hence "[(p',t')\<in>?step.p'=pc+1] = []" by (blast intro: filter_False) 
kleing@13071
   213
    hence "?map = []" by simp
kleing@13078
   214
    ultimately show ?thesis by (simp add: B_neq_T)  
kleing@13071
   215
  next
kleing@13078
   216
    assume pc': "Suc pc < length \<phi>"
kleing@13078
   217
    from pc' phi have "\<phi>!Suc pc \<in> A" by simp
kleing@13071
   218
    moreover note cert_suc
kleing@13071
   219
    moreover from stepA 
kleing@13078
   220
    have "set ?map \<subseteq> A" by auto
kleing@13071
   221
    moreover
kleing@13071
   222
    have "\<And>s. s \<in> set ?map \<Longrightarrow> \<exists>t. (Suc pc, t) \<in> set ?step" by auto
kleing@13078
   223
    with less have "\<forall>s' \<in> set ?map. s' <=_r \<phi>!Suc pc" by auto
kleing@13071
   224
    moreover
kleing@13078
   225
    from pc' have "c!Suc pc <=_r \<phi>!Suc pc" 
kleing@13078
   226
      by (cases "c!Suc pc = \<bottom>") (auto dest: cert_approx)
kleing@13071
   227
    ultimately
kleing@13078
   228
    have "?map ++_f c!Suc pc <=_r \<phi>!Suc pc" by (rule pp_lub)
kleing@13078
   229
    moreover
kleing@13078
   230
    from pc' phi have "\<phi>!Suc pc \<noteq> \<top>" by simp
kleing@13078
   231
    ultimately
kleing@13078
   232
    show ?thesis by auto
kleing@9559
   233
  qed
kleing@13071
   234
  ultimately
kleing@13078
   235
  have "merge c pc ?step (c!Suc pc) \<noteq> \<top>" by simp
kleing@13078
   236
  thus ?thesis by (simp add: wti)  
kleing@9376
   237
qed
kleing@9012
   238
kleing@13078
   239
lemma (in lbvc) wti_less:
kleing@13078
   240
  assumes stable:  "stable r step \<phi> pc"
kleing@13078
   241
  assumes suc_pc:   "Suc pc < length \<phi>"
kleing@13078
   242
  shows "wti c pc (\<phi>!pc) <=_r \<phi>!Suc pc" (is "?wti <=_r _")
kleing@9757
   243
proof -
kleing@13078
   244
  let ?step = "step pc (\<phi>!pc)"
kleing@13071
   245
kleing@13078
   246
  from stable 
kleing@13078
   247
  have less: "\<forall>(q,s')\<in>set ?step. s' <=_r \<phi>!q" by (simp add: stable_def)
kleing@13078
   248
   
kleing@13078
   249
  from suc_pc have pc: "pc < length \<phi>" by simp
kleing@13078
   250
  with cert have cert_suc: "c!Suc pc \<in> A" by - (rule cert_okD3)
kleing@13071
   251
  moreover  
kleing@13078
   252
  from phi pc have "\<phi>!pc \<in> A" by simp
kleing@13078
   253
  with pres pc have stepA: "snd`set ?step \<subseteq> A" by - (rule pres_typeD2)
kleing@13078
   254
  moreover
kleing@13078
   255
  from stable pc have "?wti \<noteq> \<top>" by (rule stable_wti)
kleing@13078
   256
  hence "merge c pc ?step (c!Suc pc) \<noteq> \<top>" by (simp add: wti)
kleing@13071
   257
  ultimately
kleing@13078
   258
  have "merge c pc ?step (c!Suc pc) =
kleing@13078
   259
    map snd [(p',t')\<in>?step.p'=pc+1] ++_f c!Suc pc" by (rule merge_not_top_s) 
kleing@13078
   260
  hence "?wti = \<dots>" (is "_ = (?map ++_f _)" is "_ = ?sum") by (simp add: wti)
kleing@13071
   261
  also {
kleing@13078
   262
    from suc_pc phi have "\<phi>!Suc pc \<in> A" by simp
kleing@13071
   263
    moreover note cert_suc
kleing@13078
   264
    moreover from stepA have "set ?map \<subseteq> A" by auto
kleing@13071
   265
    moreover
kleing@13071
   266
    have "\<And>s. s \<in> set ?map \<Longrightarrow> \<exists>t. (Suc pc, t) \<in> set ?step" by auto
kleing@13078
   267
    with less have "\<forall>s' \<in> set ?map. s' <=_r \<phi>!Suc pc" by auto
kleing@13071
   268
    moreover
kleing@13078
   269
    from suc_pc have "c!Suc pc <=_r \<phi>!Suc pc"
kleing@13078
   270
      by (cases "c!Suc pc = \<bottom>") (auto dest: cert_approx)
kleing@13071
   271
    ultimately
kleing@13078
   272
    have "?sum <=_r \<phi>!Suc pc" by (rule pp_lub)
kleing@13071
   273
  }
kleing@13071
   274
  finally show ?thesis .
kleing@13071
   275
qed
kleing@9012
   276
kleing@13078
   277
lemma (in lbvc) stable_wtc:
kleing@13078
   278
  assumes stable:  "stable r step phi pc"
kleing@13078
   279
  assumes pc:      "pc < length \<phi>"
kleing@13078
   280
  shows "wtc c pc (\<phi>!pc) \<noteq> \<top>"
kleing@13078
   281
proof -
kleing@13078
   282
  have wti: "wti c pc (\<phi>!pc) \<noteq> \<top>" by (rule stable_wti)   
kleing@13078
   283
  show ?thesis
kleing@13078
   284
  proof (cases "c!pc = \<bottom>")
kleing@13078
   285
    case True with wti show ?thesis by (simp add: wtc)
kleing@13078
   286
  next
kleing@13078
   287
    case False
kleing@13078
   288
    with pc have "c!pc = \<phi>!pc" ..    
kleing@13078
   289
    with False wti show ?thesis by (simp add: wtc)
kleing@13078
   290
  qed
kleing@13078
   291
qed
kleing@9012
   292
kleing@13078
   293
lemma (in lbvc) wtc_less:
kleing@13078
   294
  assumes stable: "stable r step \<phi> pc"
kleing@13078
   295
  assumes suc_pc: "Suc pc < length \<phi>"
kleing@13078
   296
  shows "wtc c pc (\<phi>!pc) <=_r \<phi>!Suc pc" (is "?wtc <=_r _")
kleing@13078
   297
proof (cases "c!pc = \<bottom>")
kleing@13078
   298
  case True
kleing@13078
   299
  moreover have "wti c pc (\<phi>!pc) <=_r \<phi>!Suc pc" by (rule wti_less)
kleing@13078
   300
  ultimately show ?thesis by (simp add: wtc)
kleing@13071
   301
next
kleing@13078
   302
  case False
kleing@13078
   303
  from suc_pc have pc: "pc < length \<phi>" by simp
kleing@13078
   304
  hence "?wtc \<noteq> \<top>" by - (rule stable_wtc)
kleing@13078
   305
  with False have "?wtc = wti c pc (c!pc)" 
kleing@13078
   306
    by (unfold wtc) (simp split: split_if_asm)
kleing@13078
   307
  also from pc False have "c!pc = \<phi>!pc" .. 
kleing@13078
   308
  finally have "?wtc = wti c pc (\<phi>!pc)" .
kleing@13078
   309
  also have "wti c pc (\<phi>!pc) <=_r \<phi>!Suc pc" by (rule wti_less)
kleing@13078
   310
  finally show ?thesis .
kleing@13071
   311
qed
kleing@13071
   312
kleing@13071
   313
kleing@13078
   314
lemma (in lbvc) wt_step_wtl_lemma:
kleing@13078
   315
  assumes wt_step: "wt_step r \<top> step \<phi>"
kleing@13078
   316
  shows "\<And>pc s. pc+length ls = length \<phi> \<Longrightarrow> s <=_r \<phi>!pc \<Longrightarrow> s \<in> A \<Longrightarrow> s\<noteq>\<top> \<Longrightarrow>
kleing@13078
   317
                wtl ls c pc s \<noteq> \<top>"
kleing@13078
   318
  (is "\<And>pc s. _ \<Longrightarrow> _ \<Longrightarrow> _ \<Longrightarrow> _ \<Longrightarrow> ?wtl ls pc s \<noteq> _")
kleing@13078
   319
proof (induct ls)
kleing@13078
   320
  fix pc s assume "s\<noteq>\<top>" thus "?wtl [] pc s \<noteq> \<top>" by simp
kleing@13071
   321
next
kleing@13078
   322
  fix pc s i ls
kleing@13078
   323
  assume "\<And>pc s. pc+length ls=length \<phi> \<Longrightarrow> s <=_r \<phi>!pc \<Longrightarrow> s \<in> A \<Longrightarrow> s\<noteq>\<top> \<Longrightarrow> 
kleing@13078
   324
                  ?wtl ls pc s \<noteq> \<top>"
kleing@9757
   325
  moreover
kleing@13078
   326
  assume pc_l: "pc + length (i#ls) = length \<phi>"
kleing@13078
   327
  hence suc_pc_l: "Suc pc + length ls = length \<phi>" by simp
kleing@13071
   328
  ultimately
kleing@13078
   329
  have IH: "\<And>s. s <=_r \<phi>!Suc pc \<Longrightarrow> s \<in> A \<Longrightarrow> s \<noteq> \<top> \<Longrightarrow> ?wtl ls (Suc pc) s \<noteq> \<top>" .
kleing@13071
   330
kleing@13078
   331
  from pc_l obtain pc: "pc < length \<phi>" by simp
kleing@13078
   332
  with wt_step have stable: "stable r step \<phi> pc" by (simp add: wt_step_def)
kleing@13071
   333
  moreover
kleing@13078
   334
  assume s_phi: "s <=_r \<phi>!pc"
kleing@13071
   335
  ultimately 
kleing@13078
   336
  have wt_phi: "wtc c pc (\<phi>!pc) \<noteq> \<top>" by - (rule stable_wtc)
kleing@13078
   337
kleing@13078
   338
  from phi pc have phi_pc: "\<phi>!pc \<in> A" by simp
kleing@13071
   339
  moreover 
kleing@13078
   340
  assume s: "s \<in> A"
kleing@9757
   341
  ultimately
kleing@13078
   342
  have wt_s_phi: "wtc c pc s <=_r wtc c pc (\<phi>!pc)" using s_phi by - (rule wtc_mono)
kleing@13078
   343
  with wt_phi have wt_s: "wtc c pc s \<noteq> \<top>" by simp
kleing@13078
   344
  moreover
kleing@13078
   345
  assume s: "s \<noteq> \<top>" 
kleing@13078
   346
  ultimately
kleing@13078
   347
  have "ls = [] \<Longrightarrow> ?wtl (i#ls) pc s \<noteq> \<top>" by simp
kleing@13071
   348
  moreover {
kleing@13078
   349
    assume "ls \<noteq> []" 
kleing@13078
   350
    with pc_l have suc_pc: "Suc pc < length \<phi>" by (auto simp add: neq_Nil_conv)
kleing@13078
   351
    with stable have "wtc c pc (phi!pc) <=_r \<phi>!Suc pc" by (rule wtc_less)
kleing@13078
   352
    with wt_s_phi have "wtc c pc s <=_r \<phi>!Suc pc" by (rule trans_r)      
kleing@13071
   353
    moreover
kleing@13078
   354
    from cert suc_pc have "c!pc \<in> A" "c!(pc+1) \<in> A" 
kleing@13071
   355
      by (auto simp add: cert_ok_def)
kleing@13078
   356
    with pres have "wtc c pc s \<in> A" by (rule wtc_pres)
kleing@13078
   357
    ultimately
kleing@13078
   358
    have "?wtl ls (Suc pc) (wtc c pc s) \<noteq> \<top>" using IH wt_s by blast
kleing@13078
   359
    with s wt_s have "?wtl (i#ls) pc s \<noteq> \<top>" by simp 
kleing@13071
   360
  }
kleing@13078
   361
  ultimately show "?wtl (i#ls) pc s \<noteq> \<top>" by (cases ls) blast+
kleing@9580
   362
qed
kleing@9012
   363
kleing@13078
   364
  
kleing@13078
   365
theorem (in lbvc) wtl_complete:
kleing@13078
   366
  assumes "wt_step r \<top> step \<phi>"
kleing@13078
   367
  assumes "s <=_r \<phi>!0" and "s \<in> A" and "s \<noteq> \<top>" and "length ins = length phi"
kleing@13078
   368
  shows "wtl ins c 0 s \<noteq> \<top>"
kleing@13078
   369
proof -  
kleing@13071
   370
  have "0+length ins = length phi" by simp
kleing@13078
   371
  thus ?thesis by - (rule wt_step_wtl_lemma)
kleing@13071
   372
qed
kleing@10592
   373
kleing@9549
   374
kleing@9549
   375
end