src/HOL/Bali/Evaln.thy
author schirmer
Tue Jul 16 20:25:21 2002 +0200 (2002-07-16)
changeset 13384 a34e38154413
parent 13337 f75dfc606ac7
child 13462 56610e2ba220
permissions -rw-r--r--
Added conditional and (&&) and or (||).
wenzelm@12857
     1
(*  Title:      HOL/Bali/Evaln.thy
schirmer@12854
     2
    ID:         $Id$
schirmer@12925
     3
    Author:     David von Oheimb and Norbert Schirmer
wenzelm@12859
     4
    License:    GPL (GNU GENERAL PUBLIC LICENSE)
schirmer@12854
     5
*)
schirmer@12854
     6
header {* Operational evaluation (big-step) semantics of Java expressions and 
schirmer@12854
     7
          statements
schirmer@12854
     8
*}
schirmer@12854
     9
schirmer@12925
    10
theory Evaln = Eval + TypeSafe:
schirmer@12854
    11
schirmer@12854
    12
text {*
schirmer@12925
    13
Variant of eval relation with counter for bounded recursive depth.
schirmer@12925
    14
Evaln omits the technical accessibility tests @{term check_field_access}
schirmer@12925
    15
and @{term check_method_access}, since we proved the absence of errors for
schirmer@12925
    16
wellformed programs.
schirmer@12854
    17
*}
schirmer@12854
    18
schirmer@12854
    19
consts
schirmer@12854
    20
schirmer@12854
    21
  evaln	:: "prog \<Rightarrow> (state \<times> term \<times> nat \<times> vals \<times> state) set"
schirmer@12854
    22
schirmer@12854
    23
syntax
schirmer@12854
    24
schirmer@12854
    25
  evaln	:: "[prog, state, term,        nat, vals * state] => bool"
schirmer@12854
    26
				("_|-_ -_>-_-> _"   [61,61,80,   61,61] 60)
schirmer@12854
    27
  evarn	:: "[prog, state, var  , vvar        , nat, state] => bool"
schirmer@12854
    28
				("_|-_ -_=>_-_-> _" [61,61,90,61,61,61] 60)
schirmer@12854
    29
  eval_n:: "[prog, state, expr , val         , nat, state] => bool"
schirmer@12854
    30
				("_|-_ -_->_-_-> _" [61,61,80,61,61,61] 60)
schirmer@12854
    31
  evalsn:: "[prog, state, expr list, val list, nat, state] => bool"
schirmer@12854
    32
				("_|-_ -_#>_-_-> _" [61,61,61,61,61,61] 60)
schirmer@12854
    33
  execn	:: "[prog, state, stmt ,               nat, state] => bool"
schirmer@12854
    34
				("_|-_ -_-_-> _"    [61,61,65,   61,61] 60)
schirmer@12854
    35
schirmer@12854
    36
syntax (xsymbols)
schirmer@12854
    37
schirmer@12854
    38
  evaln	:: "[prog, state, term,         nat, vals \<times> state] \<Rightarrow> bool"
schirmer@12854
    39
				("_\<turnstile>_ \<midarrow>_\<succ>\<midarrow>_\<rightarrow> _"   [61,61,80,   61,61] 60)
schirmer@12854
    40
  evarn	:: "[prog, state, var  , vvar         , nat, state] \<Rightarrow> bool"
schirmer@12854
    41
				("_\<turnstile>_ \<midarrow>_=\<succ>_\<midarrow>_\<rightarrow> _" [61,61,90,61,61,61] 60)
schirmer@12854
    42
  eval_n:: "[prog, state, expr , val ,          nat, state] \<Rightarrow> bool"
schirmer@12854
    43
				("_\<turnstile>_ \<midarrow>_-\<succ>_\<midarrow>_\<rightarrow> _" [61,61,80,61,61,61] 60)
schirmer@12854
    44
  evalsn:: "[prog, state, expr list, val  list, nat, state] \<Rightarrow> bool"
schirmer@12854
    45
				("_\<turnstile>_ \<midarrow>_\<doteq>\<succ>_\<midarrow>_\<rightarrow> _" [61,61,61,61,61,61] 60)
schirmer@12854
    46
  execn	:: "[prog, state, stmt ,                nat, state] \<Rightarrow> bool"
schirmer@12854
    47
				("_\<turnstile>_ \<midarrow>_\<midarrow>_\<rightarrow> _"     [61,61,65,   61,61] 60)
schirmer@12854
    48
schirmer@12854
    49
translations
schirmer@12854
    50
schirmer@12854
    51
  "G\<turnstile>s \<midarrow>t    \<succ>\<midarrow>n\<rightarrow>  w___s' " == "(s,t,n,w___s') \<in> evaln G"
schirmer@12854
    52
  "G\<turnstile>s \<midarrow>t    \<succ>\<midarrow>n\<rightarrow> (w,  s')" <= "(s,t,n,w,  s') \<in> evaln G"
schirmer@12854
    53
  "G\<turnstile>s \<midarrow>t    \<succ>\<midarrow>n\<rightarrow> (w,x,s')" <= "(s,t,n,w,x,s') \<in> evaln G"
schirmer@12854
    54
  "G\<turnstile>s \<midarrow>c     \<midarrow>n\<rightarrow> (x,s')" <= "G\<turnstile>s \<midarrow>In1r  c\<succ>\<midarrow>n\<rightarrow> (\<diamondsuit>    ,x,s')"
schirmer@12854
    55
  "G\<turnstile>s \<midarrow>c     \<midarrow>n\<rightarrow>    s' " == "G\<turnstile>s \<midarrow>In1r  c\<succ>\<midarrow>n\<rightarrow> (\<diamondsuit>    ,  s')"
schirmer@12854
    56
  "G\<turnstile>s \<midarrow>e-\<succ>v  \<midarrow>n\<rightarrow> (x,s')" <= "G\<turnstile>s \<midarrow>In1l e\<succ>\<midarrow>n\<rightarrow> (In1 v ,x,s')"
schirmer@12854
    57
  "G\<turnstile>s \<midarrow>e-\<succ>v  \<midarrow>n\<rightarrow>    s' " == "G\<turnstile>s \<midarrow>In1l e\<succ>\<midarrow>n\<rightarrow> (In1 v ,  s')"
schirmer@12854
    58
  "G\<turnstile>s \<midarrow>e=\<succ>vf \<midarrow>n\<rightarrow> (x,s')" <= "G\<turnstile>s \<midarrow>In2  e\<succ>\<midarrow>n\<rightarrow> (In2 vf,x,s')"
schirmer@12854
    59
  "G\<turnstile>s \<midarrow>e=\<succ>vf \<midarrow>n\<rightarrow>    s' " == "G\<turnstile>s \<midarrow>In2  e\<succ>\<midarrow>n\<rightarrow> (In2 vf,  s')"
schirmer@12854
    60
  "G\<turnstile>s \<midarrow>e\<doteq>\<succ>v  \<midarrow>n\<rightarrow> (x,s')" <= "G\<turnstile>s \<midarrow>In3  e\<succ>\<midarrow>n\<rightarrow> (In3 v ,x,s')"
schirmer@12854
    61
  "G\<turnstile>s \<midarrow>e\<doteq>\<succ>v  \<midarrow>n\<rightarrow>    s' " == "G\<turnstile>s \<midarrow>In3  e\<succ>\<midarrow>n\<rightarrow> (In3 v ,  s')"
schirmer@12854
    62
schirmer@12854
    63
schirmer@12854
    64
inductive "evaln G" intros
schirmer@12854
    65
schirmer@12854
    66
(* propagation of abrupt completion *)
schirmer@12854
    67
schirmer@12854
    68
  Abrupt:   "G\<turnstile>(Some xc,s) \<midarrow>t\<succ>\<midarrow>n\<rightarrow> (arbitrary3 t,(Some xc,s))"
schirmer@12854
    69
schirmer@12854
    70
schirmer@12854
    71
(* evaluation of variables *)
schirmer@12854
    72
schirmer@12854
    73
  LVar:	"G\<turnstile>Norm s \<midarrow>LVar vn=\<succ>lvar vn s\<midarrow>n\<rightarrow> Norm s"
schirmer@12854
    74
schirmer@12925
    75
  FVar:	"\<lbrakk>G\<turnstile>Norm s0 \<midarrow>Init statDeclC\<midarrow>n\<rightarrow> s1; G\<turnstile>s1 \<midarrow>e-\<succ>a'\<midarrow>n\<rightarrow> s2;
schirmer@12925
    76
	  (v,s2') = fvar statDeclC stat fn a' s2\<rbrakk> \<Longrightarrow>
schirmer@12925
    77
	  G\<turnstile>Norm s0 \<midarrow>{accC,statDeclC,stat}e..fn=\<succ>v\<midarrow>n\<rightarrow> s2'"
schirmer@12854
    78
schirmer@12854
    79
  AVar:	"\<lbrakk>G\<turnstile> Norm s0 \<midarrow>e1-\<succ>a\<midarrow>n\<rightarrow> s1 ; G\<turnstile>s1 \<midarrow>e2-\<succ>i\<midarrow>n\<rightarrow> s2; 
schirmer@12854
    80
	  (v,s2') = avar G i a s2\<rbrakk> \<Longrightarrow>
schirmer@12854
    81
	              G\<turnstile>Norm s0 \<midarrow>e1.[e2]=\<succ>v\<midarrow>n\<rightarrow> s2'"
schirmer@12854
    82
schirmer@12854
    83
schirmer@12854
    84
schirmer@12854
    85
schirmer@12854
    86
(* evaluation of expressions *)
schirmer@12854
    87
schirmer@12854
    88
  NewC:	"\<lbrakk>G\<turnstile>Norm s0 \<midarrow>Init C\<midarrow>n\<rightarrow> s1;
schirmer@12854
    89
	  G\<turnstile>     s1 \<midarrow>halloc (CInst C)\<succ>a\<rightarrow> s2\<rbrakk> \<Longrightarrow>
schirmer@12854
    90
	                          G\<turnstile>Norm s0 \<midarrow>NewC C-\<succ>Addr a\<midarrow>n\<rightarrow> s2"
schirmer@12854
    91
schirmer@12854
    92
  NewA:	"\<lbrakk>G\<turnstile>Norm s0 \<midarrow>init_comp_ty T\<midarrow>n\<rightarrow> s1; G\<turnstile>s1 \<midarrow>e-\<succ>i'\<midarrow>n\<rightarrow> s2; 
schirmer@12854
    93
	  G\<turnstile>abupd (check_neg i') s2 \<midarrow>halloc (Arr T (the_Intg i'))\<succ>a\<rightarrow> s3\<rbrakk> \<Longrightarrow>
schirmer@12854
    94
	                        G\<turnstile>Norm s0 \<midarrow>New T[e]-\<succ>Addr a\<midarrow>n\<rightarrow> s3"
schirmer@12854
    95
schirmer@12854
    96
  Cast:	"\<lbrakk>G\<turnstile>Norm s0 \<midarrow>e-\<succ>v\<midarrow>n\<rightarrow> s1;
schirmer@12854
    97
	  s2 = abupd (raise_if (\<not>G,snd s1\<turnstile>v fits T) ClassCast) s1\<rbrakk> \<Longrightarrow>
schirmer@12854
    98
			        G\<turnstile>Norm s0 \<midarrow>Cast T e-\<succ>v\<midarrow>n\<rightarrow> s2"
schirmer@12854
    99
schirmer@12854
   100
  Inst:	"\<lbrakk>G\<turnstile>Norm s0 \<midarrow>e-\<succ>v\<midarrow>n\<rightarrow> s1;
schirmer@12854
   101
	  b = (v\<noteq>Null \<and> G,store s1\<turnstile>v fits RefT T)\<rbrakk> \<Longrightarrow>
schirmer@12854
   102
			      G\<turnstile>Norm s0 \<midarrow>e InstOf T-\<succ>Bool b\<midarrow>n\<rightarrow> s1"
schirmer@12854
   103
schirmer@12854
   104
  Lit:			   "G\<turnstile>Norm s \<midarrow>Lit v-\<succ>v\<midarrow>n\<rightarrow> Norm s"
schirmer@12854
   105
schirmer@13337
   106
  UnOp: "\<lbrakk>G\<turnstile>Norm s0 \<midarrow>e-\<succ>v\<midarrow>n\<rightarrow> s1\<rbrakk> 
schirmer@13337
   107
         \<Longrightarrow> G\<turnstile>Norm s0 \<midarrow>UnOp unop e-\<succ>(eval_unop unop v)\<midarrow>n\<rightarrow> s1"
schirmer@13337
   108
schirmer@13384
   109
  BinOp: "\<lbrakk>G\<turnstile>Norm s0 \<midarrow>e1-\<succ>v1\<midarrow>n\<rightarrow> s1; 
schirmer@13384
   110
           G\<turnstile>s1 \<midarrow>(if need_second_arg binop v1 then (In1l e2) else (In1r Skip))
schirmer@13384
   111
            \<succ>\<midarrow>n\<rightarrow> (In1 v2,s2)\<rbrakk> 
schirmer@13337
   112
         \<Longrightarrow> G\<turnstile>Norm s0 \<midarrow>BinOp binop e1 e2-\<succ>(eval_binop binop v1 v2)\<midarrow>n\<rightarrow> s2"
schirmer@13337
   113
schirmer@12854
   114
  Super:		   "G\<turnstile>Norm s \<midarrow>Super-\<succ>val_this s\<midarrow>n\<rightarrow> Norm s"
schirmer@12854
   115
schirmer@12854
   116
  Acc:	"\<lbrakk>G\<turnstile>Norm s0 \<midarrow>va=\<succ>(v,f)\<midarrow>n\<rightarrow> s1\<rbrakk> \<Longrightarrow>
schirmer@12854
   117
	                          G\<turnstile>Norm s0 \<midarrow>Acc va-\<succ>v\<midarrow>n\<rightarrow> s1"
schirmer@12854
   118
schirmer@12854
   119
  Ass:	"\<lbrakk>G\<turnstile>Norm s0 \<midarrow>va=\<succ>(w,f)\<midarrow>n\<rightarrow> s1;
schirmer@12854
   120
          G\<turnstile>     s1 \<midarrow>e-\<succ>v     \<midarrow>n\<rightarrow> s2\<rbrakk> \<Longrightarrow>
schirmer@12854
   121
				   G\<turnstile>Norm s0 \<midarrow>va:=e-\<succ>v\<midarrow>n\<rightarrow> assign f v s2"
schirmer@12854
   122
schirmer@12854
   123
  Cond:	"\<lbrakk>G\<turnstile>Norm s0 \<midarrow>e0-\<succ>b\<midarrow>n\<rightarrow> s1;
schirmer@12854
   124
          G\<turnstile>     s1 \<midarrow>(if the_Bool b then e1 else e2)-\<succ>v\<midarrow>n\<rightarrow> s2\<rbrakk> \<Longrightarrow>
schirmer@12854
   125
			    G\<turnstile>Norm s0 \<midarrow>e0 ? e1 : e2-\<succ>v\<midarrow>n\<rightarrow> s2"
schirmer@12854
   126
schirmer@12854
   127
  Call:	
schirmer@12854
   128
  "\<lbrakk>G\<turnstile>Norm s0 \<midarrow>e-\<succ>a'\<midarrow>n\<rightarrow> s1; G\<turnstile>s1 \<midarrow>args\<doteq>\<succ>vs\<midarrow>n\<rightarrow> s2;
schirmer@12854
   129
    D = invocation_declclass G mode (store s2) a' statT \<lparr>name=mn,parTs=pTs\<rparr>; 
schirmer@12854
   130
    G\<turnstile>init_lvars G D \<lparr>name=mn,parTs=pTs\<rparr> mode a' vs s2
schirmer@12854
   131
            \<midarrow>Methd D \<lparr>name=mn,parTs=pTs\<rparr>-\<succ>v\<midarrow>n\<rightarrow> s3\<rbrakk>
schirmer@12925
   132
   \<Longrightarrow> 
schirmer@12925
   133
    G\<turnstile>Norm s0 \<midarrow>{accC,statT,mode}e\<cdot>mn({pTs}args)-\<succ>v\<midarrow>n\<rightarrow> (restore_lvars s2 s3)"
schirmer@12854
   134
schirmer@12854
   135
  Methd:"\<lbrakk>G\<turnstile>Norm s0 \<midarrow>body G D sig-\<succ>v\<midarrow>n\<rightarrow> s1\<rbrakk> \<Longrightarrow>
schirmer@12854
   136
				G\<turnstile>Norm s0 \<midarrow>Methd D sig-\<succ>v\<midarrow>Suc n\<rightarrow> s1"
schirmer@12854
   137
schirmer@12854
   138
  Body:	"\<lbrakk>G\<turnstile>Norm s0\<midarrow>Init D\<midarrow>n\<rightarrow> s1; G\<turnstile>s1 \<midarrow>c\<midarrow>n\<rightarrow> s2\<rbrakk>\<Longrightarrow>
schirmer@13337
   139
         G\<turnstile>Norm s0 \<midarrow>Body D c
schirmer@13337
   140
          -\<succ>the (locals (store s2) Result)\<midarrow>n\<rightarrow>abupd (absorb Ret) s2"
schirmer@12854
   141
schirmer@12854
   142
(* evaluation of expression lists *)
schirmer@12854
   143
schirmer@12854
   144
  Nil:
schirmer@12854
   145
				"G\<turnstile>Norm s0 \<midarrow>[]\<doteq>\<succ>[]\<midarrow>n\<rightarrow> Norm s0"
schirmer@12854
   146
schirmer@12854
   147
  Cons:	"\<lbrakk>G\<turnstile>Norm s0 \<midarrow>e -\<succ> v \<midarrow>n\<rightarrow> s1;
schirmer@12854
   148
          G\<turnstile>     s1 \<midarrow>es\<doteq>\<succ>vs\<midarrow>n\<rightarrow> s2\<rbrakk> \<Longrightarrow>
schirmer@12854
   149
			     G\<turnstile>Norm s0 \<midarrow>e#es\<doteq>\<succ>v#vs\<midarrow>n\<rightarrow> s2"
schirmer@12854
   150
schirmer@12854
   151
schirmer@12854
   152
(* execution of statements *)
schirmer@12854
   153
schirmer@12854
   154
  Skip:	 			    "G\<turnstile>Norm s \<midarrow>Skip\<midarrow>n\<rightarrow> Norm s"
schirmer@12854
   155
schirmer@12854
   156
  Expr:	"\<lbrakk>G\<turnstile>Norm s0 \<midarrow>e-\<succ>v\<midarrow>n\<rightarrow> s1\<rbrakk> \<Longrightarrow>
schirmer@12854
   157
				  G\<turnstile>Norm s0 \<midarrow>Expr e\<midarrow>n\<rightarrow> s1"
schirmer@12854
   158
schirmer@12854
   159
  Lab:  "\<lbrakk>G\<turnstile>Norm s0 \<midarrow>c \<midarrow>n\<rightarrow> s1\<rbrakk> \<Longrightarrow>
schirmer@13337
   160
                             G\<turnstile>Norm s0 \<midarrow>l\<bullet> c\<midarrow>n\<rightarrow> abupd (absorb l) s1"
schirmer@12854
   161
schirmer@12854
   162
  Comp:	"\<lbrakk>G\<turnstile>Norm s0 \<midarrow>c1 \<midarrow>n\<rightarrow> s1;
schirmer@12854
   163
	  G\<turnstile>     s1 \<midarrow>c2 \<midarrow>n\<rightarrow> s2\<rbrakk> \<Longrightarrow>
schirmer@12854
   164
				 G\<turnstile>Norm s0 \<midarrow>c1;; c2\<midarrow>n\<rightarrow> s2"
schirmer@12854
   165
schirmer@12854
   166
  If:	"\<lbrakk>G\<turnstile>Norm s0 \<midarrow>e-\<succ>b\<midarrow>n\<rightarrow> s1;
schirmer@12854
   167
	  G\<turnstile>     s1\<midarrow>(if the_Bool b then c1 else c2)\<midarrow>n\<rightarrow> s2\<rbrakk> \<Longrightarrow>
schirmer@12854
   168
		       G\<turnstile>Norm s0 \<midarrow>If(e) c1 Else c2 \<midarrow>n\<rightarrow> s2"
schirmer@12854
   169
schirmer@12854
   170
  Loop:	"\<lbrakk>G\<turnstile>Norm s0 \<midarrow>e-\<succ>b\<midarrow>n\<rightarrow> s1;
schirmer@12854
   171
	  if normal s1 \<and> the_Bool b 
schirmer@12854
   172
             then (G\<turnstile>s1 \<midarrow>c\<midarrow>n\<rightarrow> s2 \<and> 
schirmer@12854
   173
                   G\<turnstile>(abupd (absorb (Cont l)) s2) \<midarrow>l\<bullet> While(e) c\<midarrow>n\<rightarrow> s3)
schirmer@12854
   174
	     else s3 = s1\<rbrakk> \<Longrightarrow>
schirmer@12854
   175
			      G\<turnstile>Norm s0 \<midarrow>l\<bullet> While(e) c\<midarrow>n\<rightarrow> s3"
schirmer@12854
   176
  
schirmer@12854
   177
  Do: "G\<turnstile>Norm s \<midarrow>Do j\<midarrow>n\<rightarrow> (Some (Jump j), s)"
schirmer@12854
   178
  
schirmer@12854
   179
  Throw:"\<lbrakk>G\<turnstile>Norm s0 \<midarrow>e-\<succ>a'\<midarrow>n\<rightarrow> s1\<rbrakk> \<Longrightarrow>
schirmer@12854
   180
				 G\<turnstile>Norm s0 \<midarrow>Throw e\<midarrow>n\<rightarrow> abupd (throw a') s1"
schirmer@12854
   181
schirmer@12854
   182
  Try:	"\<lbrakk>G\<turnstile>Norm s0 \<midarrow>c1\<midarrow>n\<rightarrow> s1; G\<turnstile>s1 \<midarrow>sxalloc\<rightarrow> s2;
schirmer@12854
   183
	  if G,s2\<turnstile>catch tn then G\<turnstile>new_xcpt_var vn s2 \<midarrow>c2\<midarrow>n\<rightarrow> s3 else s3 = s2\<rbrakk>
schirmer@12854
   184
          \<Longrightarrow>
schirmer@12854
   185
		  G\<turnstile>Norm s0 \<midarrow>Try c1 Catch(tn vn) c2\<midarrow>n\<rightarrow> s3"
schirmer@12854
   186
schirmer@12854
   187
  Fin:	"\<lbrakk>G\<turnstile>Norm s0 \<midarrow>c1\<midarrow>n\<rightarrow> (x1,s1);
schirmer@12854
   188
	  G\<turnstile>Norm s1 \<midarrow>c2\<midarrow>n\<rightarrow> s2\<rbrakk> \<Longrightarrow>
schirmer@12854
   189
              G\<turnstile>Norm s0 \<midarrow>c1 Finally c2\<midarrow>n\<rightarrow> abupd (abrupt_if (x1\<noteq>None) x1) s2"
schirmer@12854
   190
  
schirmer@12854
   191
  Init:	"\<lbrakk>the (class G C) = c;
schirmer@12854
   192
	  if inited C (globs s0) then s3 = Norm s0
schirmer@12854
   193
	  else (G\<turnstile>Norm (init_class_obj G C s0)
schirmer@12854
   194
	          \<midarrow>(if C = Object then Skip else Init (super c))\<midarrow>n\<rightarrow> s1 \<and>
schirmer@12854
   195
	        G\<turnstile>set_lvars empty s1 \<midarrow>init c\<midarrow>n\<rightarrow> s2 \<and> 
schirmer@12854
   196
                s3 = restore_lvars s1 s2)\<rbrakk>
schirmer@12854
   197
          \<Longrightarrow>
schirmer@12854
   198
		 G\<turnstile>Norm s0 \<midarrow>Init C\<midarrow>n\<rightarrow> s3"
schirmer@12854
   199
monos
schirmer@12854
   200
  if_def2
schirmer@12854
   201
schirmer@12854
   202
schirmer@12854
   203
declare split_if     [split del] split_if_asm     [split del]
schirmer@12854
   204
        option.split [split del] option.split_asm [split del]
schirmer@12854
   205
inductive_cases evaln_cases: "G\<turnstile>s \<midarrow>t\<succ>\<midarrow>n\<rightarrow> vs'"
schirmer@12854
   206
schirmer@12854
   207
inductive_cases evaln_elim_cases:
schirmer@12854
   208
	"G\<turnstile>(Some xc, s) \<midarrow>t                        \<succ>\<midarrow>n\<rightarrow> vs'"
schirmer@12854
   209
	"G\<turnstile>Norm s \<midarrow>In1r Skip                      \<succ>\<midarrow>n\<rightarrow> xs'"
schirmer@12854
   210
        "G\<turnstile>Norm s \<midarrow>In1r (Do j)                    \<succ>\<midarrow>n\<rightarrow> xs'"
schirmer@12854
   211
        "G\<turnstile>Norm s \<midarrow>In1r (l\<bullet> c)                    \<succ>\<midarrow>n\<rightarrow> xs'"
schirmer@12854
   212
	"G\<turnstile>Norm s \<midarrow>In3  ([])                      \<succ>\<midarrow>n\<rightarrow> vs'"
schirmer@12854
   213
	"G\<turnstile>Norm s \<midarrow>In3  (e#es)                    \<succ>\<midarrow>n\<rightarrow> vs'"
schirmer@12854
   214
	"G\<turnstile>Norm s \<midarrow>In1l (Lit w)                   \<succ>\<midarrow>n\<rightarrow> vs'"
schirmer@13337
   215
        "G\<turnstile>Norm s \<midarrow>In1l (UnOp unop e)             \<succ>\<midarrow>n\<rightarrow> vs'"
schirmer@13337
   216
        "G\<turnstile>Norm s \<midarrow>In1l (BinOp binop e1 e2)       \<succ>\<midarrow>n\<rightarrow> vs'"
schirmer@12854
   217
	"G\<turnstile>Norm s \<midarrow>In2  (LVar vn)                 \<succ>\<midarrow>n\<rightarrow> vs'"
schirmer@12854
   218
	"G\<turnstile>Norm s \<midarrow>In1l (Cast T e)                \<succ>\<midarrow>n\<rightarrow> vs'"
schirmer@12854
   219
	"G\<turnstile>Norm s \<midarrow>In1l (e InstOf T)              \<succ>\<midarrow>n\<rightarrow> vs'"
schirmer@12854
   220
	"G\<turnstile>Norm s \<midarrow>In1l (Super)                   \<succ>\<midarrow>n\<rightarrow> vs'"
schirmer@12854
   221
	"G\<turnstile>Norm s \<midarrow>In1l (Acc va)                  \<succ>\<midarrow>n\<rightarrow> vs'"
schirmer@12854
   222
	"G\<turnstile>Norm s \<midarrow>In1r (Expr e)                  \<succ>\<midarrow>n\<rightarrow> xs'"
schirmer@12854
   223
	"G\<turnstile>Norm s \<midarrow>In1r (c1;; c2)                 \<succ>\<midarrow>n\<rightarrow> xs'"
schirmer@12854
   224
	"G\<turnstile>Norm s \<midarrow>In1l (Methd C sig)             \<succ>\<midarrow>n\<rightarrow> xs'"
schirmer@12854
   225
	"G\<turnstile>Norm s \<midarrow>In1l (Body D c)                \<succ>\<midarrow>n\<rightarrow> xs'"
schirmer@12854
   226
	"G\<turnstile>Norm s \<midarrow>In1l (e0 ? e1 : e2)            \<succ>\<midarrow>n\<rightarrow> vs'"
schirmer@12854
   227
	"G\<turnstile>Norm s \<midarrow>In1r (If(e) c1 Else c2)        \<succ>\<midarrow>n\<rightarrow> xs'"
schirmer@12854
   228
	"G\<turnstile>Norm s \<midarrow>In1r (l\<bullet> While(e) c)           \<succ>\<midarrow>n\<rightarrow> xs'"
schirmer@12854
   229
	"G\<turnstile>Norm s \<midarrow>In1r (c1 Finally c2)           \<succ>\<midarrow>n\<rightarrow> xs'"
schirmer@12854
   230
	"G\<turnstile>Norm s \<midarrow>In1r (Throw e)                 \<succ>\<midarrow>n\<rightarrow> xs'"
schirmer@12854
   231
	"G\<turnstile>Norm s \<midarrow>In1l (NewC C)                  \<succ>\<midarrow>n\<rightarrow> vs'"
schirmer@12854
   232
	"G\<turnstile>Norm s \<midarrow>In1l (New T[e])                \<succ>\<midarrow>n\<rightarrow> vs'"
schirmer@12854
   233
	"G\<turnstile>Norm s \<midarrow>In1l (Ass va e)                \<succ>\<midarrow>n\<rightarrow> vs'"
schirmer@12854
   234
	"G\<turnstile>Norm s \<midarrow>In1r (Try c1 Catch(tn vn) c2)  \<succ>\<midarrow>n\<rightarrow> xs'"
schirmer@12925
   235
	"G\<turnstile>Norm s \<midarrow>In2  ({accC,statDeclC,stat}e..fn) \<succ>\<midarrow>n\<rightarrow> vs'"
schirmer@12854
   236
	"G\<turnstile>Norm s \<midarrow>In2  (e1.[e2])                 \<succ>\<midarrow>n\<rightarrow> vs'"
schirmer@12925
   237
	"G\<turnstile>Norm s \<midarrow>In1l ({accC,statT,mode}e\<cdot>mn({pT}p)) \<succ>\<midarrow>n\<rightarrow> vs'"
schirmer@12854
   238
	"G\<turnstile>Norm s \<midarrow>In1r (Init C)                  \<succ>\<midarrow>n\<rightarrow> xs'"
schirmer@12854
   239
declare split_if     [split] split_if_asm     [split] 
schirmer@12854
   240
        option.split [split] option.split_asm [split]
schirmer@12854
   241
schirmer@12854
   242
lemma evaln_Inj_elim: "G\<turnstile>s \<midarrow>t\<succ>\<midarrow>n\<rightarrow> (w,s') \<Longrightarrow> case t of In1 ec \<Rightarrow>  
schirmer@12854
   243
  (case ec of Inl e \<Rightarrow> (\<exists>v. w = In1 v) | Inr c \<Rightarrow> w = \<diamondsuit>)  
schirmer@12854
   244
  | In2 e \<Rightarrow> (\<exists>v. w = In2 v) | In3 e \<Rightarrow> (\<exists>v. w = In3 v)"
schirmer@12854
   245
apply (erule evaln_cases , auto)
schirmer@12854
   246
apply (induct_tac "t")
schirmer@12854
   247
apply   (induct_tac "a")
schirmer@12854
   248
apply auto
schirmer@12854
   249
done
schirmer@12854
   250
schirmer@12854
   251
ML_setup {*
schirmer@12854
   252
fun enf nam inj rhs =
schirmer@12854
   253
let
schirmer@12854
   254
  val name = "evaln_" ^ nam ^ "_eq"
schirmer@12854
   255
  val lhs = "G\<turnstile>s \<midarrow>" ^ inj ^ " t\<succ>\<midarrow>n\<rightarrow> (w, s')"
schirmer@12854
   256
  val () = qed_goal name (the_context()) (lhs ^ " = (" ^ rhs ^ ")") 
schirmer@12854
   257
	(K [Auto_tac, ALLGOALS (ftac (thm "evaln_Inj_elim")) THEN Auto_tac])
schirmer@12854
   258
  fun is_Inj (Const (inj,_) $ _) = true
schirmer@12854
   259
    | is_Inj _                   = false
schirmer@12854
   260
  fun pred (_ $ (Const ("Pair",_) $ _ $ (Const ("Pair", _) $ _ $ 
schirmer@12854
   261
    (Const ("Pair", _) $ _ $ (Const ("Pair", _) $ x $ _ )))) $ _ ) = is_Inj x
schirmer@12854
   262
in
schirmer@12854
   263
  make_simproc name lhs pred (thm name)
schirmer@12854
   264
end;
schirmer@12854
   265
schirmer@12854
   266
val evaln_expr_proc = enf "expr" "In1l" "\<exists>v.  w=In1 v  \<and> G\<turnstile>s \<midarrow>t-\<succ>v \<midarrow>n\<rightarrow> s'";
schirmer@12854
   267
val evaln_var_proc  = enf "var"  "In2"  "\<exists>vf. w=In2 vf \<and> G\<turnstile>s \<midarrow>t=\<succ>vf\<midarrow>n\<rightarrow> s'";
schirmer@12854
   268
val evaln_exprs_proc= enf "exprs""In3"  "\<exists>vs. w=In3 vs \<and> G\<turnstile>s \<midarrow>t\<doteq>\<succ>vs\<midarrow>n\<rightarrow> s'";
schirmer@12854
   269
val evaln_stmt_proc = enf "stmt" "In1r" "     w=\<diamondsuit>      \<and> G\<turnstile>s \<midarrow>t     \<midarrow>n\<rightarrow> s'";
schirmer@12854
   270
Addsimprocs [evaln_expr_proc,evaln_var_proc,evaln_exprs_proc,evaln_stmt_proc];
schirmer@12854
   271
schirmer@12854
   272
bind_thms ("evaln_AbruptIs", sum3_instantiate (thm "evaln.Abrupt"))
schirmer@12854
   273
*}
schirmer@12854
   274
declare evaln_AbruptIs [intro!]
schirmer@12854
   275
schirmer@13337
   276
lemma evaln_Callee: "G\<turnstile>Norm s\<midarrow>In1l (Callee l e)\<succ>\<midarrow>n\<rightarrow> (v,s') = False"
schirmer@13337
   277
proof -
schirmer@13337
   278
  { fix s t v s'
schirmer@13337
   279
    assume eval: "G\<turnstile>s \<midarrow>t\<succ>\<midarrow>n\<rightarrow> (v,s')" and
schirmer@13337
   280
         normal: "normal s" and
schirmer@13337
   281
         callee: "t=In1l (Callee l e)"
schirmer@13337
   282
    then have "False"
schirmer@13337
   283
    proof (induct)
schirmer@13337
   284
    qed (auto)
schirmer@13337
   285
  }
schirmer@13337
   286
  then show ?thesis
schirmer@13337
   287
    by (cases s') fastsimp 
schirmer@13337
   288
qed
schirmer@13337
   289
schirmer@13337
   290
lemma evaln_InsInitE: "G\<turnstile>Norm s\<midarrow>In1l (InsInitE c e)\<succ>\<midarrow>n\<rightarrow> (v,s') = False"
schirmer@13337
   291
proof -
schirmer@13337
   292
  { fix s t v s'
schirmer@13337
   293
    assume eval: "G\<turnstile>s \<midarrow>t\<succ>\<midarrow>n\<rightarrow> (v,s')" and
schirmer@13337
   294
         normal: "normal s" and
schirmer@13337
   295
         callee: "t=In1l (InsInitE c e)"
schirmer@13337
   296
    then have "False"
schirmer@13337
   297
    proof (induct)
schirmer@13337
   298
    qed (auto)
schirmer@13337
   299
  }
schirmer@13337
   300
  then show ?thesis
schirmer@13337
   301
    by (cases s') fastsimp
schirmer@13337
   302
qed
schirmer@13337
   303
schirmer@13337
   304
lemma evaln_InsInitV: "G\<turnstile>Norm s\<midarrow>In2 (InsInitV c w)\<succ>\<midarrow>n\<rightarrow> (v,s') = False"
schirmer@13337
   305
proof -
schirmer@13337
   306
  { fix s t v s'
schirmer@13337
   307
    assume eval: "G\<turnstile>s \<midarrow>t\<succ>\<midarrow>n\<rightarrow> (v,s')" and
schirmer@13337
   308
         normal: "normal s" and
schirmer@13337
   309
         callee: "t=In2 (InsInitV c w)"
schirmer@13337
   310
    then have "False"
schirmer@13337
   311
    proof (induct)
schirmer@13337
   312
    qed (auto)
schirmer@13337
   313
  }  
schirmer@13337
   314
  then show ?thesis
schirmer@13337
   315
    by (cases s') fastsimp
schirmer@13337
   316
qed
schirmer@13337
   317
schirmer@13337
   318
lemma evaln_FinA: "G\<turnstile>Norm s\<midarrow>In1r (FinA a c)\<succ>\<midarrow>n\<rightarrow> (v,s') = False"
schirmer@13337
   319
proof -
schirmer@13337
   320
  { fix s t v s'
schirmer@13337
   321
    assume eval: "G\<turnstile>s \<midarrow>t\<succ>\<midarrow>n\<rightarrow> (v,s')" and
schirmer@13337
   322
         normal: "normal s" and
schirmer@13337
   323
         callee: "t=In1r (FinA a c)"
schirmer@13337
   324
    then have "False"
schirmer@13337
   325
    proof (induct)
schirmer@13337
   326
    qed (auto)
schirmer@13337
   327
  } 
schirmer@13337
   328
  then show ?thesis
schirmer@13337
   329
    by (cases s') fastsimp
schirmer@13337
   330
qed
schirmer@13337
   331
schirmer@12854
   332
lemma evaln_abrupt_lemma: "G\<turnstile>s \<midarrow>e\<succ>\<midarrow>n\<rightarrow> (v,s') \<Longrightarrow> 
schirmer@12854
   333
 fst s = Some xc \<longrightarrow> s' = s \<and> v = arbitrary3 e"
schirmer@12854
   334
apply (erule evaln_cases , auto)
schirmer@12854
   335
done
schirmer@12854
   336
schirmer@12854
   337
lemma evaln_abrupt: 
schirmer@12854
   338
 "\<And>s'. G\<turnstile>(Some xc,s) \<midarrow>e\<succ>\<midarrow>n\<rightarrow> (w,s') = (s' = (Some xc,s) \<and>  
schirmer@12854
   339
  w=arbitrary3 e \<and> G\<turnstile>(Some xc,s) \<midarrow>e\<succ>\<midarrow>n\<rightarrow> (arbitrary3 e,(Some xc,s)))"
schirmer@12854
   340
apply auto
schirmer@12854
   341
apply (frule evaln_abrupt_lemma, auto)+
schirmer@12854
   342
done
schirmer@12854
   343
schirmer@12854
   344
ML {*
schirmer@12854
   345
local
wenzelm@12919
   346
  fun is_Some (Const ("Pair",_) $ (Const ("Datatype.option.Some",_) $ _)$ _) =true
schirmer@12854
   347
    | is_Some _ = false
schirmer@12854
   348
  fun pred (_ $ (Const ("Pair",_) $
schirmer@12854
   349
     _ $ (Const ("Pair", _) $ _ $ (Const ("Pair", _) $ _ $
schirmer@12854
   350
       (Const ("Pair", _) $ _ $ x)))) $ _ ) = is_Some x
schirmer@12854
   351
in
schirmer@12854
   352
  val evaln_abrupt_proc = 
schirmer@12854
   353
 make_simproc "evaln_abrupt" "G\<turnstile>(Some xc,s) \<midarrow>e\<succ>\<midarrow>n\<rightarrow> (w,s')" pred (thm "evaln_abrupt")
schirmer@12854
   354
end;
schirmer@12854
   355
Addsimprocs [evaln_abrupt_proc]
schirmer@12854
   356
*}
schirmer@12854
   357
schirmer@12854
   358
lemma evaln_LitI: "G\<turnstile>s \<midarrow>Lit v-\<succ>(if normal s then v else arbitrary)\<midarrow>n\<rightarrow> s"
schirmer@12854
   359
apply (case_tac "s", case_tac "a = None")
schirmer@12854
   360
by (auto intro!: evaln.Lit)
schirmer@12854
   361
schirmer@12854
   362
lemma CondI: 
schirmer@12854
   363
 "\<And>s1. \<lbrakk>G\<turnstile>s \<midarrow>e-\<succ>b\<midarrow>n\<rightarrow> s1; G\<turnstile>s1 \<midarrow>(if the_Bool b then e1 else e2)-\<succ>v\<midarrow>n\<rightarrow> s2\<rbrakk> \<Longrightarrow> 
schirmer@12854
   364
  G\<turnstile>s \<midarrow>e ? e1 : e2-\<succ>(if normal s1 then v else arbitrary)\<midarrow>n\<rightarrow> s2"
schirmer@12854
   365
apply (case_tac "s", case_tac "a = None")
schirmer@12854
   366
by (auto intro!: evaln.Cond)
schirmer@12854
   367
schirmer@12854
   368
lemma evaln_SkipI [intro!]: "G\<turnstile>s \<midarrow>Skip\<midarrow>n\<rightarrow> s"
schirmer@12854
   369
apply (case_tac "s", case_tac "a = None")
schirmer@12854
   370
by (auto intro!: evaln.Skip)
schirmer@12854
   371
schirmer@12854
   372
lemma evaln_ExprI: "G\<turnstile>s \<midarrow>e-\<succ>v\<midarrow>n\<rightarrow> s' \<Longrightarrow> G\<turnstile>s \<midarrow>Expr e\<midarrow>n\<rightarrow> s'"
schirmer@12854
   373
apply (case_tac "s", case_tac "a = None")
schirmer@12854
   374
by (auto intro!: evaln.Expr)
schirmer@12854
   375
schirmer@12854
   376
lemma evaln_CompI: "\<lbrakk>G\<turnstile>s \<midarrow>c1\<midarrow>n\<rightarrow> s1; G\<turnstile>s1 \<midarrow>c2\<midarrow>n\<rightarrow> s2\<rbrakk> \<Longrightarrow> G\<turnstile>s \<midarrow>c1;; c2\<midarrow>n\<rightarrow> s2"
schirmer@12854
   377
apply (case_tac "s", case_tac "a = None")
schirmer@12854
   378
by (auto intro!: evaln.Comp)
schirmer@12854
   379
schirmer@12854
   380
lemma evaln_IfI: 
schirmer@12854
   381
 "\<lbrakk>G\<turnstile>s \<midarrow>e-\<succ>v\<midarrow>n\<rightarrow> s1; G\<turnstile>s1 \<midarrow>(if the_Bool v then c1 else c2)\<midarrow>n\<rightarrow> s2\<rbrakk> \<Longrightarrow> 
schirmer@12854
   382
  G\<turnstile>s \<midarrow>If(e) c1 Else c2\<midarrow>n\<rightarrow> s2"
schirmer@12854
   383
apply (case_tac "s", case_tac "a = None")
schirmer@12854
   384
by (auto intro!: evaln.If)
schirmer@12854
   385
schirmer@12854
   386
lemma evaln_SkipD [dest!]: "G\<turnstile>s \<midarrow>Skip\<midarrow>n\<rightarrow> s' \<Longrightarrow> s' = s" 
schirmer@12854
   387
by (erule evaln_cases, auto)
schirmer@12854
   388
schirmer@12854
   389
lemma evaln_Skip_eq [simp]: "G\<turnstile>s \<midarrow>Skip\<midarrow>n\<rightarrow> s' = (s = s')"
schirmer@12854
   390
apply auto
schirmer@12854
   391
done
schirmer@12854
   392
schirmer@13384
   393
(* ##### FIXME: To WellType *)
schirmer@13384
   394
lemma wt_elim_BinOp:
schirmer@13384
   395
  "\<lbrakk>E,dt\<Turnstile>In1l (BinOp binop e1 e2)\<Colon>T;
schirmer@13384
   396
    \<And>T1 T2 T3.
schirmer@13384
   397
       \<lbrakk>E,dt\<Turnstile>e1\<Colon>-T1; E,dt\<Turnstile>e2\<Colon>-T2; wt_binop (prg E) binop T1 T2;
schirmer@13384
   398
          E,dt\<Turnstile>(if b then In1l e2 else In1r Skip)\<Colon>T3;
schirmer@13384
   399
          T = Inl (PrimT (binop_type binop))\<rbrakk>
schirmer@13384
   400
       \<Longrightarrow> P\<rbrakk>
schirmer@13384
   401
\<Longrightarrow> P"
schirmer@13384
   402
apply (erule wt_elim_cases)
schirmer@13384
   403
apply (cases b)
schirmer@13384
   404
apply auto
schirmer@13384
   405
done
schirmer@13384
   406
schirmer@13384
   407
section {* evaln implies eval *}
schirmer@12925
   408
lemma evaln_eval:  
wenzelm@12937
   409
  assumes evaln: "G\<turnstile>s0 \<midarrow>t\<succ>\<midarrow>n\<rightarrow> (v,s1)" and
schirmer@12925
   410
             wt: "\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile>t\<Colon>T" and  
schirmer@12925
   411
        conf_s0: "s0\<Colon>\<preceq>(G, L)" and
schirmer@12925
   412
             wf: "wf_prog G" 
schirmer@12925
   413
       
wenzelm@12937
   414
  shows "G\<turnstile>s0 \<midarrow>t\<succ>\<rightarrow> (v,s1)"
schirmer@12925
   415
proof -
schirmer@12925
   416
  from evaln 
schirmer@12925
   417
  show "\<And> L accC T. \<lbrakk>s0\<Colon>\<preceq>(G, L);\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile>t\<Colon>T\<rbrakk>
schirmer@12925
   418
                    \<Longrightarrow> G\<turnstile>s0 \<midarrow>t\<succ>\<rightarrow> (v,s1)"
schirmer@12925
   419
       (is "PROP ?EqEval s0 s1 t v")
schirmer@12925
   420
  proof (induct)
schirmer@12925
   421
    case Abrupt
schirmer@12925
   422
    show ?case by (rule eval.Abrupt)
schirmer@12925
   423
  next
schirmer@12925
   424
    case LVar
schirmer@12925
   425
    show ?case by (rule eval.LVar)
schirmer@12925
   426
  next
schirmer@12925
   427
    case (FVar a accC' e fn n s0 s1 s2 s2' stat statDeclC v L accC T)
schirmer@12925
   428
    have eval_initn: "G\<turnstile>Norm s0 \<midarrow>Init statDeclC\<midarrow>n\<rightarrow> s1" .
schirmer@12925
   429
    have eval_en: "G\<turnstile>s1 \<midarrow>e-\<succ>a\<midarrow>n\<rightarrow> s2" .
schirmer@12925
   430
    have hyp_init: "PROP ?EqEval (Norm s0) s1 (In1r (Init statDeclC)) \<diamondsuit>" .
schirmer@12925
   431
    have hyp_e: "PROP ?EqEval s1 s2 (In1l e) (In1 a)" .
schirmer@12925
   432
    have fvar: "(v, s2') = fvar statDeclC stat fn a s2" .
schirmer@12925
   433
    have conf_s0: "Norm s0\<Colon>\<preceq>(G, L)" .
schirmer@12925
   434
    have wt: "\<lparr>prg=G, cls=accC, lcl=L\<rparr>\<turnstile>In2 ({accC',statDeclC,stat}e..fn)\<Colon>T" .
schirmer@12925
   435
    then obtain statC f where
schirmer@12925
   436
                wt_e: "\<lparr>prg=G, cls=accC, lcl=L\<rparr>\<turnstile>e\<Colon>-Class statC" and
schirmer@12925
   437
            accfield: "accfield G accC statC fn = Some (statDeclC,f)" and
schirmer@12925
   438
                stat: "stat=is_static f" and
schirmer@12925
   439
               accC': "accC'=accC" and
schirmer@12925
   440
	           T: "T=(Inl (type f))"
schirmer@12925
   441
       by (rule wt_elim_cases) (auto simp add: member_is_static_simp)
schirmer@12925
   442
    from wf wt_e 
schirmer@12925
   443
    have iscls_statC: "is_class G statC"
schirmer@12925
   444
      by (auto dest: ty_expr_is_type type_is_class)
schirmer@12925
   445
    with wf accfield 
schirmer@12925
   446
    have iscls_statDeclC: "is_class G statDeclC"
schirmer@12925
   447
      by (auto dest!: accfield_fields dest: fields_declC)
schirmer@12925
   448
    then 
schirmer@12925
   449
    have wt_init: "\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>(Init statDeclC)\<Colon>\<surd>"
schirmer@12925
   450
      by simp
schirmer@12925
   451
    from conf_s0 wt_init
schirmer@12925
   452
    have eval_init: "G\<turnstile>Norm s0 \<midarrow>Init statDeclC\<rightarrow> s1"
schirmer@12925
   453
      by (rule hyp_init)
schirmer@12925
   454
    with wt_init conf_s0 wf 
schirmer@12925
   455
    have conf_s1: "s1\<Colon>\<preceq>(G, L)"
schirmer@12925
   456
      by (blast dest: exec_ts)
schirmer@12925
   457
    with hyp_e wt_e
schirmer@12925
   458
    have eval_e: "G\<turnstile>s1 \<midarrow>e-\<succ>a\<rightarrow> s2"
schirmer@12925
   459
      by blast
schirmer@12925
   460
    with wf conf_s1 wt_e
schirmer@12925
   461
    obtain conf_s2: "s2\<Colon>\<preceq>(G, L)" and
schirmer@12925
   462
            conf_a: "normal s2 \<longrightarrow> G,store s2\<turnstile>a\<Colon>\<preceq>Class statC"
schirmer@12925
   463
      by (auto dest!: eval_type_sound)
schirmer@12925
   464
    obtain s3 where
schirmer@12925
   465
      check: "s3 = check_field_access G accC statDeclC fn stat a s2'"
schirmer@12925
   466
      by simp
schirmer@12925
   467
    from accfield wt_e eval_init eval_e conf_s2 conf_a fvar stat check  wf
schirmer@12925
   468
    have eq_s3_s2': "s3=s2'"  
schirmer@12925
   469
      by (auto dest!: error_free_field_access)
schirmer@12925
   470
    with eval_init eval_e fvar check accC'
schirmer@12925
   471
    show "G\<turnstile>Norm s0 \<midarrow>{accC',statDeclC,stat}e..fn=\<succ>v\<rightarrow> s2'"
schirmer@12925
   472
      by (auto intro: eval.FVar)
schirmer@12925
   473
  next
schirmer@12925
   474
    case AVar
schirmer@12925
   475
    with wf show ?case
schirmer@12925
   476
      apply -
schirmer@12925
   477
      apply (erule wt_elim_cases)
schirmer@12925
   478
      apply (blast intro!: eval.AVar dest: eval_type_sound)
schirmer@12925
   479
      done
schirmer@12925
   480
  next
schirmer@12925
   481
    case NewC
schirmer@12925
   482
    with wf show ?case
schirmer@12925
   483
      apply - 
schirmer@12925
   484
      apply (erule wt_elim_cases)
schirmer@12925
   485
      apply (blast intro!: eval.NewC dest: eval_type_sound is_acc_classD)
schirmer@12925
   486
      done
schirmer@12925
   487
  next
schirmer@12925
   488
    case (NewA T a e i n s0 s1 s2 s3 L accC Ta) 
schirmer@12925
   489
    have hyp_init: "PROP ?EqEval (Norm s0) s1 (In1r (init_comp_ty T)) \<diamondsuit>" .
schirmer@12925
   490
    have hyp_size: "PROP ?EqEval s1 s2 (In1l e) (In1 i)" .
schirmer@12925
   491
    have "\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>In1l (New T[e])\<Colon>Ta" .
schirmer@12925
   492
    then obtain
schirmer@12925
   493
       wt_init: "\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>init_comp_ty T\<Colon>\<surd>" and
schirmer@12925
   494
       wt_size: "\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>e\<Colon>-PrimT Integer"
schirmer@12925
   495
      by (rule wt_elim_cases) (auto intro: wt_init_comp_ty dest: is_acc_typeD)
schirmer@12925
   496
    have conf_s0: "Norm s0\<Colon>\<preceq>(G, L)" .
schirmer@12925
   497
    from this wt_init 
schirmer@12925
   498
    have eval_init: "G\<turnstile>Norm s0 \<midarrow>init_comp_ty T\<rightarrow> s1"
schirmer@12925
   499
      by (rule hyp_init)
schirmer@12925
   500
    moreover
schirmer@12925
   501
    from eval_init wt_init wf conf_s0
schirmer@12925
   502
    have "s1\<Colon>\<preceq>(G, L)"
schirmer@12925
   503
      by (auto dest: eval_type_sound)
schirmer@12925
   504
    from this wt_size 
schirmer@12925
   505
    have "G\<turnstile>s1 \<midarrow>e-\<succ>i\<rightarrow> s2"
schirmer@12925
   506
      by (rule hyp_size)
schirmer@12925
   507
    moreover note NewA
schirmer@12925
   508
    ultimately show ?case
schirmer@12925
   509
      by (blast intro!: eval.NewA)
schirmer@12925
   510
  next
schirmer@12925
   511
    case Cast
schirmer@12925
   512
    with wf show ?case
schirmer@12925
   513
      by - (erule wt_elim_cases, rule eval.Cast,auto dest: eval_type_sound)
schirmer@12925
   514
  next
schirmer@12925
   515
    case Inst
schirmer@12925
   516
    with wf show ?case
schirmer@12925
   517
      by - (erule wt_elim_cases, rule eval.Inst,auto dest: eval_type_sound)
schirmer@12925
   518
  next
schirmer@12925
   519
    case Lit
schirmer@12925
   520
    show ?case by (rule eval.Lit)
schirmer@12925
   521
  next
schirmer@13337
   522
    case UnOp
schirmer@13337
   523
    with wf show ?case
schirmer@13337
   524
      by - (erule wt_elim_cases, rule eval.UnOp,auto dest: eval_type_sound)
schirmer@13337
   525
  next
schirmer@13337
   526
    case BinOp
schirmer@13384
   527
    with wf show ?case 
schirmer@13384
   528
      by - (erule wt_elim_BinOp, blast intro!: eval.BinOp dest: eval_type_sound)
schirmer@13337
   529
  next
schirmer@12925
   530
    case Super
schirmer@12925
   531
    show ?case by (rule eval.Super)
schirmer@12925
   532
  next
schirmer@12925
   533
    case Acc
schirmer@12925
   534
    then show ?case
schirmer@12925
   535
      by - (erule wt_elim_cases, rule eval.Acc,auto dest: eval_type_sound)
schirmer@12925
   536
  next
schirmer@12925
   537
    case Ass
schirmer@12925
   538
    with wf show ?case
schirmer@12925
   539
      by - (erule wt_elim_cases, blast intro!: eval.Ass dest: eval_type_sound) 
schirmer@12925
   540
  next
schirmer@12925
   541
    case (Cond b e0 e1 e2 n s0 s1 s2 v L accC T)
schirmer@12925
   542
    have hyp_e0: "PROP ?EqEval (Norm s0) s1 (In1l e0) (In1 b)" .
schirmer@12925
   543
    have hyp_if: "PROP ?EqEval s1 s2 
schirmer@12925
   544
                              (In1l (if the_Bool b then e1 else e2)) (In1 v)" .
schirmer@12925
   545
    have conf_s0: "Norm s0\<Colon>\<preceq>(G, L)" .
schirmer@12925
   546
    have wt: "\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>In1l (e0 ? e1 : e2)\<Colon>T" .
schirmer@12925
   547
    then obtain T1 T2 statT where
schirmer@12925
   548
       wt_e0: "\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>e0\<Colon>-PrimT Boolean" and
schirmer@12925
   549
       wt_e1: "\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>e1\<Colon>-T1" and
schirmer@12925
   550
       wt_e2: "\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>e2\<Colon>-T2" and 
schirmer@12925
   551
       statT: "G\<turnstile>T1\<preceq>T2 \<and> statT = T2  \<or>  G\<turnstile>T2\<preceq>T1 \<and> statT =  T1" and
schirmer@12925
   552
       T    : "T=Inl statT"
schirmer@12925
   553
      by (rule wt_elim_cases) auto
schirmer@12925
   554
    from conf_s0 wt_e0
schirmer@12925
   555
    have eval_e0: "G\<turnstile>Norm s0 \<midarrow>e0-\<succ>b\<rightarrow> s1"
schirmer@12925
   556
      by (rule hyp_e0)
schirmer@12925
   557
    moreover
schirmer@12925
   558
    from eval_e0 conf_s0 wf wt_e0
schirmer@12925
   559
    have "s1\<Colon>\<preceq>(G, L)"
schirmer@12925
   560
      by (blast dest: eval_type_sound)
schirmer@12925
   561
    with wt_e1 wt_e2 statT hyp_if
schirmer@12925
   562
    have "G\<turnstile>s1 \<midarrow>(if the_Bool b then e1 else e2)-\<succ>v\<rightarrow> s2"
schirmer@12925
   563
      by (cases "the_Bool b") auto
schirmer@12925
   564
    ultimately
schirmer@12925
   565
    show ?case
schirmer@12925
   566
      by (rule eval.Cond)
schirmer@12925
   567
  next
schirmer@12925
   568
    case (Call invDeclC a' accC' args e mn mode n pTs' s0 s1 s2 s4 statT 
schirmer@12925
   569
           v vs L accC T)
wenzelm@12937
   570
    txt {* Repeats large parts of the type soundness proof. One should factor
wenzelm@12937
   571
      out some lemmata about the relations and conformance of @{text
wenzelm@12937
   572
      s2}, @{text s3} and @{text s3'} *}
schirmer@12925
   573
    have evaln_e: "G\<turnstile>Norm s0 \<midarrow>e-\<succ>a'\<midarrow>n\<rightarrow> s1" .
schirmer@12925
   574
    have evaln_args: "G\<turnstile>s1 \<midarrow>args\<doteq>\<succ>vs\<midarrow>n\<rightarrow> s2" .
schirmer@12925
   575
    have invDeclC: "invDeclC 
schirmer@12925
   576
                      = invocation_declclass G mode (store s2) a' statT 
schirmer@12925
   577
                           \<lparr>name = mn, parTs = pTs'\<rparr>" .
schirmer@12925
   578
    let ?InitLvars 
schirmer@12925
   579
         = "init_lvars G invDeclC \<lparr>name = mn, parTs = pTs'\<rparr> mode a' vs s2"
schirmer@12925
   580
    obtain s3 s3' where 
schirmer@12925
   581
      init_lvars: "s3 = 
schirmer@12925
   582
             init_lvars G invDeclC \<lparr>name = mn, parTs = pTs'\<rparr> mode a' vs s2" and
schirmer@12925
   583
      check: "s3' =
schirmer@12925
   584
         check_method_access G accC' statT mode \<lparr>name = mn, parTs = pTs'\<rparr> a' s3"
schirmer@12925
   585
      by simp
schirmer@12925
   586
    have evaln_methd: 
schirmer@13337
   587
     "G\<turnstile>?InitLvars \<midarrow>Methd invDeclC \<lparr>name = mn, parTs = pTs'\<rparr>-\<succ>v\<midarrow>n\<rightarrow> s4" .
schirmer@12925
   588
    have     hyp_e: "PROP ?EqEval (Norm s0) s1 (In1l e) (In1 a')" .
schirmer@12925
   589
    have  hyp_args: "PROP ?EqEval s1 s2 (In3 args) (In3 vs)" .
schirmer@12925
   590
    have hyp_methd: "PROP ?EqEval ?InitLvars s4 
schirmer@13337
   591
              (In1l (Methd invDeclC \<lparr>name = mn, parTs = pTs'\<rparr>)) (In1 v)".
schirmer@12925
   592
    have conf_s0: "Norm s0\<Colon>\<preceq>(G, L)" .
schirmer@12925
   593
    have      wt: "\<lparr>prg=G, cls=accC, lcl=L\<rparr>
schirmer@12925
   594
                    \<turnstile>In1l ({accC',statT,mode}e\<cdot>mn( {pTs'}args))\<Colon>T" .
schirmer@12925
   595
    from wt obtain pTs statDeclT statM where
schirmer@12925
   596
                 wt_e: "\<lparr>prg=G, cls=accC, lcl=L\<rparr>\<turnstile>e\<Colon>-RefT statT" and
schirmer@12925
   597
              wt_args: "\<lparr>prg=G, cls=accC, lcl=L\<rparr>\<turnstile>args\<Colon>\<doteq>pTs" and
schirmer@12925
   598
                statM: "max_spec G accC statT \<lparr>name=mn,parTs=pTs\<rparr> 
schirmer@12925
   599
                         = {((statDeclT,statM),pTs')}" and
schirmer@12925
   600
                 mode: "mode = invmode statM e" and
schirmer@12925
   601
                    T: "T =Inl (resTy statM)" and
schirmer@12925
   602
        eq_accC_accC': "accC=accC'"
schirmer@12925
   603
      by (rule wt_elim_cases) auto
schirmer@12925
   604
    from conf_s0 wt_e hyp_e
schirmer@12925
   605
    have eval_e: "G\<turnstile>Norm s0 \<midarrow>e-\<succ>a'\<rightarrow> s1"
schirmer@12925
   606
      by blast
schirmer@12925
   607
    with wf conf_s0 wt_e
schirmer@12925
   608
    obtain conf_s1: "s1\<Colon>\<preceq>(G, L)" and
schirmer@12925
   609
           conf_a': "normal s1 \<Longrightarrow> G, store s1\<turnstile>a'\<Colon>\<preceq>RefT statT" 
schirmer@12925
   610
      by (auto dest!: eval_type_sound)
schirmer@12925
   611
    from conf_s1 wt_args hyp_args
schirmer@12925
   612
    have eval_args: "G\<turnstile>s1 \<midarrow>args\<doteq>\<succ>vs\<rightarrow> s2"
schirmer@12925
   613
      by blast
schirmer@12925
   614
    with wt_args conf_s1 wf 
schirmer@12925
   615
    obtain    conf_s2: "s2\<Colon>\<preceq>(G, L)" and
schirmer@12925
   616
            conf_args: "normal s2 
schirmer@12925
   617
                         \<Longrightarrow>  list_all2 (conf G (store s2)) vs pTs" 
schirmer@12925
   618
      by (auto dest!: eval_type_sound)
schirmer@12925
   619
    from statM 
schirmer@12925
   620
    obtain
schirmer@12925
   621
       statM': "(statDeclT,statM)\<in>mheads G accC statT \<lparr>name=mn,parTs=pTs'\<rparr>" and
schirmer@12925
   622
       pTs_widen: "G\<turnstile>pTs[\<preceq>]pTs'"
schirmer@12925
   623
      by (blast dest: max_spec2mheads)
schirmer@12925
   624
    from check
schirmer@12925
   625
    have eq_store_s3'_s3: "store s3'=store s3"
schirmer@12925
   626
      by (cases s3) (simp add: check_method_access_def Let_def)
schirmer@12925
   627
    obtain invC
schirmer@12925
   628
      where invC: "invC = invocation_class mode (store s2) a' statT"
schirmer@12925
   629
      by simp
schirmer@12925
   630
    with init_lvars
schirmer@12925
   631
    have invC': "invC = (invocation_class mode (store s3) a' statT)"
schirmer@12925
   632
      by (cases s2,cases mode) (auto simp add: init_lvars_def2 )
schirmer@12925
   633
    show "G\<turnstile>Norm s0 \<midarrow>{accC',statT,mode}e\<cdot>mn( {pTs'}args)
schirmer@12925
   634
             -\<succ>v\<rightarrow> (set_lvars (locals (store s2))) s4"
schirmer@12925
   635
    proof (cases "normal s2")
schirmer@12925
   636
      case False
schirmer@12925
   637
      with init_lvars 
schirmer@12925
   638
      obtain keep_abrupt: "abrupt s3 = abrupt s2" and
schirmer@12925
   639
             "store s3 = store (init_lvars G invDeclC \<lparr>name = mn, parTs = pTs'\<rparr> 
schirmer@12925
   640
                                            mode a' vs s2)" 
schirmer@12925
   641
	by (auto simp add: init_lvars_def2)
schirmer@12925
   642
      moreover
schirmer@12925
   643
      from keep_abrupt False check
schirmer@12925
   644
      have eq_s3'_s3: "s3'=s3" 
schirmer@12925
   645
	by (auto simp add: check_method_access_def Let_def)
schirmer@12925
   646
      moreover
schirmer@12925
   647
      from eq_s3'_s3 False keep_abrupt evaln_methd init_lvars
schirmer@12925
   648
      obtain "s4=s3'"
schirmer@13337
   649
      "In1 v=arbitrary3 (In1l (Methd invDeclC \<lparr>name = mn, parTs = pTs'\<rparr>))"
schirmer@12925
   650
	by auto
schirmer@12925
   651
      moreover note False
schirmer@12925
   652
      ultimately have
schirmer@12925
   653
	"G\<turnstile>s3' \<midarrow>Methd invDeclC \<lparr>name = mn, parTs = pTs'\<rparr>-\<succ>v\<rightarrow> s4"
schirmer@12925
   654
	by (auto)
schirmer@12925
   655
      from eval_e eval_args invDeclC init_lvars check this
schirmer@12925
   656
      show ?thesis
schirmer@12925
   657
	by (rule eval.Call)
schirmer@12925
   658
    next
schirmer@12925
   659
      case True
schirmer@12925
   660
      note normal_s2 = True
schirmer@12925
   661
      with eval_args
schirmer@12925
   662
      have normal_s1: "normal s1"
schirmer@12925
   663
	by (cases "normal s1") auto
schirmer@12925
   664
      with conf_a' eval_args 
schirmer@12925
   665
      have conf_a'_s2: "G, store s2\<turnstile>a'\<Colon>\<preceq>RefT statT"
schirmer@12925
   666
	by (auto dest: eval_gext intro: conf_gext)
schirmer@12925
   667
      show ?thesis
schirmer@12925
   668
      proof (cases "a'=Null \<longrightarrow> is_static statM")
schirmer@12925
   669
	case False
schirmer@12925
   670
	then obtain not_static: "\<not> is_static statM" and Null: "a'=Null" 
schirmer@12925
   671
	  by blast
schirmer@12925
   672
	with normal_s2 init_lvars mode
schirmer@12925
   673
	obtain np: "abrupt s3 = Some (Xcpt (Std NullPointer))" and
schirmer@12925
   674
                   "store s3 = store (init_lvars G invDeclC 
schirmer@12925
   675
                                       \<lparr>name = mn, parTs = pTs'\<rparr> mode a' vs s2)"
schirmer@12925
   676
	  by (auto simp add: init_lvars_def2)
schirmer@12925
   677
	moreover
schirmer@12925
   678
	from np check
schirmer@12925
   679
	have eq_s3'_s3: "s3'=s3" 
schirmer@12925
   680
	  by (auto simp add: check_method_access_def Let_def)
schirmer@12925
   681
	moreover
schirmer@12925
   682
	from eq_s3'_s3 np evaln_methd init_lvars
schirmer@12925
   683
	obtain "s4=s3'"
schirmer@13337
   684
      "In1 v=arbitrary3 (In1l (Methd invDeclC \<lparr>name = mn, parTs = pTs'\<rparr>))"
schirmer@12925
   685
	  by auto
schirmer@12925
   686
	moreover note np 
schirmer@12925
   687
	ultimately have
schirmer@12925
   688
	  "G\<turnstile>s3' \<midarrow>Methd invDeclC \<lparr>name = mn, parTs = pTs'\<rparr>-\<succ>v\<rightarrow> s4"
schirmer@12925
   689
	  by (auto)
schirmer@12925
   690
	from eval_e eval_args invDeclC init_lvars check this
schirmer@12925
   691
	show ?thesis
schirmer@12925
   692
	  by (rule eval.Call)
schirmer@12925
   693
      next
schirmer@12925
   694
	case True
schirmer@12925
   695
	with mode have notNull: "mode = IntVir \<longrightarrow> a' \<noteq> Null"
schirmer@12925
   696
	  by (auto dest!: Null_staticD)
schirmer@12925
   697
	with conf_s2 conf_a'_s2 wf invC 
schirmer@12925
   698
	have dynT_prop: "G\<turnstile>mode\<rightarrow>invC\<preceq>statT"
schirmer@12925
   699
	  by (cases s2) (auto intro: DynT_propI)
schirmer@12925
   700
	with wt_e statM' invC mode wf 
schirmer@12925
   701
	obtain dynM where 
schirmer@12925
   702
           dynM: "dynlookup G statT invC  \<lparr>name=mn,parTs=pTs'\<rparr> = Some dynM" and
schirmer@12925
   703
           acc_dynM: "G \<turnstile>Methd  \<lparr>name=mn,parTs=pTs'\<rparr> dynM 
schirmer@12925
   704
                          in invC dyn_accessible_from accC"
schirmer@12925
   705
	  by (force dest!: call_access_ok)
schirmer@12925
   706
	with invC' check eq_accC_accC'
schirmer@12925
   707
	have eq_s3'_s3: "s3'=s3"
schirmer@12925
   708
	  by (auto simp add: check_method_access_def Let_def)
schirmer@12925
   709
	from dynT_prop wf wt_e statM' mode invC invDeclC dynM 
schirmer@12925
   710
	obtain 
schirmer@12925
   711
	   wf_dynM: "wf_mdecl G invDeclC (\<lparr>name=mn,parTs=pTs'\<rparr>,mthd dynM)" and
schirmer@12925
   712
	     dynM': "methd G invDeclC \<lparr>name=mn,parTs=pTs'\<rparr> = Some dynM" and
schirmer@12925
   713
           iscls_invDeclC: "is_class G invDeclC" and
schirmer@12925
   714
	        invDeclC': "invDeclC = declclass dynM" and
schirmer@12925
   715
	     invC_widen: "G\<turnstile>invC\<preceq>\<^sub>C invDeclC" and
schirmer@12925
   716
	   is_static_eq: "is_static dynM = is_static statM" and
schirmer@12925
   717
	   involved_classes_prop:
schirmer@12925
   718
             "(if invmode statM e = IntVir
schirmer@12925
   719
               then \<forall>statC. statT = ClassT statC \<longrightarrow> G\<turnstile>invC\<preceq>\<^sub>C statC
schirmer@12925
   720
               else ((\<exists>statC. statT = ClassT statC \<and> G\<turnstile>statC\<preceq>\<^sub>C invDeclC) \<or>
schirmer@12925
   721
                     (\<forall>statC. statT \<noteq> ClassT statC \<and> invDeclC = Object)) \<and>
schirmer@12925
   722
                      statDeclT = ClassT invDeclC)"
schirmer@12925
   723
	  by (auto dest: DynT_mheadsD)
schirmer@12925
   724
	obtain L' where 
schirmer@12925
   725
	   L':"L'=(\<lambda> k. 
schirmer@12925
   726
                 (case k of
schirmer@12925
   727
                    EName e
schirmer@12925
   728
                    \<Rightarrow> (case e of 
schirmer@12925
   729
                          VNam v 
schirmer@12925
   730
                          \<Rightarrow>(table_of (lcls (mbody (mthd dynM)))
schirmer@12925
   731
                             (pars (mthd dynM)[\<mapsto>]pTs')) v
schirmer@12925
   732
                        | Res \<Rightarrow> Some (resTy dynM))
schirmer@12925
   733
                  | This \<Rightarrow> if is_static statM 
schirmer@12925
   734
                            then None else Some (Class invDeclC)))"
schirmer@12925
   735
	  by simp
schirmer@12925
   736
	from wf_dynM [THEN wf_mdeclD1, THEN conjunct1] normal_s2 conf_s2 wt_e
schirmer@12925
   737
              wf eval_args conf_a' mode notNull wf_dynM involved_classes_prop
schirmer@12925
   738
	have conf_s3: "s3\<Colon>\<preceq>(G,L')"
schirmer@12925
   739
	   apply - 
schirmer@12925
   740
          (*FIXME confomrs_init_lvars should be 
schirmer@12925
   741
                adjusted to be more directy applicable *)
schirmer@12925
   742
	   apply (drule conforms_init_lvars [of G invDeclC 
schirmer@12925
   743
                  "\<lparr>name=mn,parTs=pTs'\<rparr>" dynM "store s2" vs pTs "abrupt s2" 
schirmer@12925
   744
                  L statT invC a' "(statDeclT,statM)" e])
schirmer@12925
   745
	     apply (rule wf)
schirmer@12925
   746
	     apply (rule conf_args,assumption)
schirmer@12925
   747
	     apply (simp add: pTs_widen)
schirmer@12925
   748
	     apply (cases s2,simp)
schirmer@12925
   749
	     apply (rule dynM')
schirmer@12925
   750
	     apply (force dest: ty_expr_is_type)
schirmer@12925
   751
	     apply (rule invC_widen)
schirmer@12925
   752
	     apply (force intro: conf_gext dest: eval_gext)
schirmer@12925
   753
	     apply simp
schirmer@12925
   754
	     apply simp
schirmer@12925
   755
	     apply (simp add: invC)
schirmer@12925
   756
	     apply (simp add: invDeclC)
schirmer@12925
   757
	     apply (force dest: wf_mdeclD1 is_acc_typeD)
schirmer@12925
   758
	     apply (cases s2, simp add: L' init_lvars
schirmer@12925
   759
	                      cong add: lname.case_cong ename.case_cong)
schirmer@12925
   760
	   done
schirmer@12925
   761
	from is_static_eq wf_dynM L'
schirmer@12925
   762
	obtain mthdT where
schirmer@12925
   763
	   "\<lparr>prg=G,cls=invDeclC,lcl=L'\<rparr>
schirmer@12925
   764
            \<turnstile>Body invDeclC (stmt (mbody (mthd dynM)))\<Colon>-mthdT" and
schirmer@12925
   765
	   mthdT_widen: "G\<turnstile>mthdT\<preceq>resTy dynM"
schirmer@12925
   766
	  by - (drule wf_mdecl_bodyD,
schirmer@13337
   767
                auto simp: cong add: lname.case_cong ename.case_cong)
schirmer@12925
   768
	with dynM' iscls_invDeclC invDeclC'
schirmer@12925
   769
	have
schirmer@12925
   770
	   "\<lparr>prg=G,cls=invDeclC,lcl=L'\<rparr>
schirmer@12925
   771
            \<turnstile>(Methd invDeclC \<lparr>name = mn, parTs = pTs'\<rparr>)\<Colon>-mthdT"
schirmer@12925
   772
	  by (auto intro: wt.Methd)
schirmer@12925
   773
	with conf_s3 hyp_methd init_lvars eq_s3'_s3
schirmer@12925
   774
	have "G\<turnstile>s3' \<midarrow>Methd invDeclC \<lparr>name = mn, parTs = pTs'\<rparr>-\<succ>v\<rightarrow> s4"
schirmer@12925
   775
	  by auto
schirmer@12925
   776
	from eval_e eval_args invDeclC init_lvars check this
schirmer@12925
   777
	show ?thesis
schirmer@12925
   778
	  by (rule eval.Call)
schirmer@12925
   779
      qed
schirmer@12925
   780
    qed
schirmer@12925
   781
  next
schirmer@12925
   782
    case Methd
schirmer@12925
   783
    with wf show ?case
schirmer@12925
   784
      by - (erule wt_elim_cases, rule eval.Methd, 
schirmer@12925
   785
            auto dest: eval_type_sound simp add: body_def2)
schirmer@12925
   786
  next
schirmer@12925
   787
    case Body
schirmer@12925
   788
    with wf show ?case
schirmer@12925
   789
       by - (erule wt_elim_cases, blast intro!: eval.Body dest: eval_type_sound)
schirmer@12925
   790
  next
schirmer@12925
   791
    case Nil
schirmer@12925
   792
    show ?case by (rule eval.Nil)
schirmer@12925
   793
  next
schirmer@12925
   794
    case Cons
schirmer@12925
   795
    with wf show ?case
schirmer@12925
   796
      by - (erule wt_elim_cases, blast intro!: eval.Cons dest: eval_type_sound)
schirmer@12925
   797
  next
schirmer@12925
   798
    case Skip
schirmer@12925
   799
    show ?case by (rule eval.Skip)
schirmer@12925
   800
  next
schirmer@12925
   801
    case Expr
schirmer@12925
   802
    with wf show ?case
schirmer@12925
   803
      by - (erule wt_elim_cases, rule eval.Expr,auto dest: eval_type_sound)
schirmer@12925
   804
  next
schirmer@12925
   805
    case Lab
schirmer@12925
   806
    with wf show ?case
schirmer@12925
   807
      by - (erule wt_elim_cases, rule eval.Lab,auto dest: eval_type_sound)
schirmer@12925
   808
  next
schirmer@12925
   809
    case Comp
schirmer@12925
   810
    with wf show ?case
schirmer@12925
   811
      by - (erule wt_elim_cases, blast intro!: eval.Comp dest: eval_type_sound)
schirmer@12925
   812
  next
schirmer@12925
   813
    case (If b c1 c2 e n s0 s1 s2 L accC T)
schirmer@12925
   814
    have hyp_e: "PROP ?EqEval (Norm s0) s1 (In1l e) (In1 b)" .
schirmer@12925
   815
    have hyp_then_else: 
schirmer@12925
   816
      "PROP ?EqEval s1 s2 (In1r (if the_Bool b then c1 else c2)) \<diamondsuit>" .
schirmer@12925
   817
    have conf_s0: "Norm s0\<Colon>\<preceq>(G, L)" .
schirmer@12925
   818
    have      wt: "\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>In1r (If(e) c1 Else c2)\<Colon>T" .
schirmer@12925
   819
    then obtain 
schirmer@12925
   820
              wt_e: "\<lparr>prg=G, cls=accC, lcl=L\<rparr>\<turnstile>e\<Colon>-PrimT Boolean" and
schirmer@12925
   821
      wt_then_else: "\<lparr>prg=G, cls=accC, lcl=L\<rparr>\<turnstile>(if the_Bool b then c1 else c2)\<Colon>\<surd>"
schirmer@12925
   822
      by (rule wt_elim_cases) (auto split add: split_if)
schirmer@12925
   823
    from conf_s0 wt_e
schirmer@12925
   824
    have eval_e: "G\<turnstile>Norm s0 \<midarrow>e-\<succ>b\<rightarrow> s1"
schirmer@12925
   825
      by (rule hyp_e)
schirmer@12925
   826
    moreover
schirmer@12925
   827
    from eval_e wt_e conf_s0 wf
schirmer@12925
   828
    have "s1\<Colon>\<preceq>(G, L)"
schirmer@12925
   829
      by (blast dest: eval_type_sound)
schirmer@12925
   830
    from this wt_then_else
schirmer@12925
   831
    have "G\<turnstile>s1 \<midarrow>(if the_Bool b then c1 else c2)\<rightarrow> s2"
schirmer@12925
   832
      by (rule hyp_then_else)
schirmer@12925
   833
    ultimately
schirmer@12925
   834
    show ?case
schirmer@12925
   835
      by (rule eval.If)
schirmer@12925
   836
  next
schirmer@12925
   837
    case (Loop b c e l n s0 s1 s2 s3 L accC T)
schirmer@12925
   838
    have hyp_e: "PROP ?EqEval (Norm s0) s1 (In1l e) (In1 b)" .
schirmer@12925
   839
    have conf_s0: "Norm s0\<Colon>\<preceq>(G, L)" .
schirmer@12925
   840
    have      wt: "\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>In1r (l\<bullet> While(e) c)\<Colon>T" .
schirmer@12925
   841
    then obtain wt_e: "\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>e\<Colon>-PrimT Boolean" and
schirmer@12925
   842
                wt_c: "\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>c\<Colon>\<surd>"
schirmer@12925
   843
      by (rule wt_elim_cases) (blast)
schirmer@12925
   844
    from conf_s0 wt_e 
schirmer@12925
   845
    have eval_e: "G\<turnstile>Norm s0 \<midarrow>e-\<succ>b\<rightarrow> s1"
schirmer@12925
   846
      by (rule hyp_e)
schirmer@12925
   847
    moreover
schirmer@12925
   848
    from eval_e wt_e conf_s0 wf
schirmer@12925
   849
    have conf_s1: "s1\<Colon>\<preceq>(G, L)"
schirmer@12925
   850
      by (blast dest: eval_type_sound)
schirmer@12925
   851
    have "if normal s1 \<and> the_Bool b 
schirmer@12925
   852
             then (G\<turnstile>s1 \<midarrow>c\<rightarrow> s2 \<and> 
schirmer@12925
   853
                   G\<turnstile>(abupd (absorb (Cont l)) s2) \<midarrow>l\<bullet> While(e) c\<rightarrow> s3)
schirmer@12925
   854
	     else s3 = s1"
schirmer@12925
   855
    proof (cases "normal s1 \<and> the_Bool b")
schirmer@12925
   856
      case True 
schirmer@12925
   857
      from Loop True have hyp_c: "PROP ?EqEval s1 s2 (In1r c) \<diamondsuit>"
schirmer@12925
   858
	by (auto)
schirmer@12925
   859
      from Loop True have hyp_w: "PROP ?EqEval (abupd (absorb (Cont l)) s2)
schirmer@12925
   860
                                        s3 (In1r (l\<bullet> While(e) c)) \<diamondsuit>"
schirmer@12925
   861
	by (auto)
schirmer@12925
   862
      from conf_s1 wt_c
schirmer@12925
   863
      have eval_c: "G\<turnstile>s1 \<midarrow>c\<rightarrow> s2"
schirmer@12925
   864
	by (rule hyp_c)
schirmer@12925
   865
      moreover
schirmer@12925
   866
      from eval_c conf_s1 wt_c wf
schirmer@12925
   867
      have "s2\<Colon>\<preceq>(G, L)"
schirmer@12925
   868
	by (blast dest: eval_type_sound)
schirmer@12925
   869
      then
schirmer@12925
   870
      have "abupd (absorb (Cont l)) s2 \<Colon>\<preceq>(G, L)"
schirmer@12925
   871
	by (cases s2) (auto intro: conforms_absorb)
schirmer@12925
   872
      from this and wt
schirmer@12925
   873
      have "G\<turnstile>abupd (absorb (Cont l)) s2 \<midarrow>l\<bullet> While(e) c\<rightarrow> s3"
schirmer@12925
   874
	by (rule hyp_w)
schirmer@12925
   875
      moreover note True
schirmer@12925
   876
      ultimately
schirmer@12925
   877
      show ?thesis
schirmer@12925
   878
	by simp
schirmer@12925
   879
    next
schirmer@12925
   880
      case False
schirmer@12925
   881
      with Loop have "s3 = s1" by simp
schirmer@12925
   882
      with False
schirmer@12925
   883
      show ?thesis 
schirmer@12925
   884
	by auto
schirmer@12925
   885
    qed
schirmer@12925
   886
    ultimately
schirmer@12925
   887
    show ?case
schirmer@12925
   888
      by (rule eval.Loop)
schirmer@12925
   889
  next
schirmer@12925
   890
    case Do
schirmer@12925
   891
    show ?case by (rule eval.Do)
schirmer@12925
   892
  next
schirmer@12925
   893
    case Throw
schirmer@12925
   894
    with wf show ?case
schirmer@12925
   895
      by - (erule wt_elim_cases, rule eval.Throw,auto dest: eval_type_sound)
schirmer@12925
   896
  next
schirmer@12925
   897
    case (Try c1 c2 n s0 s1 s2 s3 catchC vn L accC T)
schirmer@12925
   898
    have  hyp_c1: "PROP ?EqEval (Norm s0) s1 (In1r c1) \<diamondsuit>" .
schirmer@12925
   899
    have conf_s0:"Norm s0\<Colon>\<preceq>(G, L)" .
schirmer@12925
   900
    have      wt:"\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile>In1r (Try c1 Catch(catchC vn) c2)\<Colon>T" .
schirmer@12925
   901
    then obtain 
schirmer@12925
   902
      wt_c1: "\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile>c1\<Colon>\<surd>" and
schirmer@12925
   903
      wt_c2: "\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<lparr>lcl := L(VName vn\<mapsto>Class catchC)\<rparr>\<turnstile>c2\<Colon>\<surd>"
schirmer@12925
   904
      by (rule wt_elim_cases) (auto)
schirmer@12925
   905
    from conf_s0 wt_c1
schirmer@12925
   906
    have eval_c1: "G\<turnstile>Norm s0 \<midarrow>c1\<rightarrow> s1"
schirmer@12925
   907
      by (rule hyp_c1)
schirmer@12925
   908
    moreover
schirmer@12925
   909
    have sxalloc: "G\<turnstile>s1 \<midarrow>sxalloc\<rightarrow> s2" .
schirmer@12925
   910
    moreover
schirmer@12925
   911
    from eval_c1 wt_c1 conf_s0 wf
schirmer@12925
   912
    have "s1\<Colon>\<preceq>(G, L)"
schirmer@12925
   913
      by (blast dest: eval_type_sound)
schirmer@12925
   914
    with sxalloc wf
schirmer@12925
   915
    have conf_s2: "s2\<Colon>\<preceq>(G, L)" 
schirmer@12925
   916
      by (auto dest: sxalloc_type_sound split: option.splits)
schirmer@12925
   917
    have "if G,s2\<turnstile>catch catchC then G\<turnstile>new_xcpt_var vn s2 \<midarrow>c2\<rightarrow> s3 else s3 = s2"
schirmer@12925
   918
    proof (cases "G,s2\<turnstile>catch catchC")
schirmer@12925
   919
      case True
schirmer@12925
   920
      note Catch = this
schirmer@12925
   921
      with Try have hyp_c2: "PROP ?EqEval (new_xcpt_var vn s2) s3 (In1r c2) \<diamondsuit>"
schirmer@12925
   922
	by auto
schirmer@12925
   923
      show ?thesis
schirmer@12925
   924
      proof (cases "normal s1")
schirmer@12925
   925
	case True
schirmer@12925
   926
	with sxalloc wf 
schirmer@12925
   927
	have eq_s2_s1: "s2=s1"
schirmer@12925
   928
	  by (auto dest: sxalloc_type_sound split: option.splits)
schirmer@12925
   929
	with True 
schirmer@12925
   930
	have "\<not>  G,s2\<turnstile>catch catchC"
schirmer@12925
   931
	  by (simp add: catch_def)
schirmer@12925
   932
	with Catch show ?thesis 
schirmer@12925
   933
	  by (contradiction)
schirmer@12925
   934
      next 
schirmer@12925
   935
	case False
schirmer@12925
   936
	with sxalloc wf
schirmer@12925
   937
	obtain a 
schirmer@12925
   938
	  where xcpt_s2: "abrupt s2 = Some (Xcpt (Loc a))"
schirmer@12925
   939
	  by (auto dest!: sxalloc_type_sound split: option.splits)
schirmer@12925
   940
	with Catch
schirmer@12925
   941
	have "G\<turnstile>obj_ty (the (globs (store s2) (Heap a)))\<preceq>Class catchC"
schirmer@12925
   942
	  by (cases s2) simp
schirmer@12925
   943
	with xcpt_s2 conf_s2 wf 
schirmer@12925
   944
	have "new_xcpt_var vn s2\<Colon>\<preceq>(G, L(VName vn\<mapsto>Class catchC))"
schirmer@12925
   945
	  by (auto dest: Try_lemma)
schirmer@12925
   946
	from this wt_c2
schirmer@12925
   947
	have "G\<turnstile>new_xcpt_var vn s2 \<midarrow>c2\<rightarrow> s3"
schirmer@12925
   948
	  by (auto intro: hyp_c2)
schirmer@12925
   949
	with Catch 
schirmer@12925
   950
	show ?thesis
schirmer@12925
   951
	  by simp
schirmer@12925
   952
      qed
schirmer@12925
   953
    next
schirmer@12925
   954
      case False
schirmer@12925
   955
      with Try
schirmer@12925
   956
      have "s3=s2"
schirmer@12925
   957
	by simp
schirmer@12925
   958
      with False
schirmer@12925
   959
      show ?thesis
schirmer@12925
   960
	by simp
schirmer@12925
   961
    qed
schirmer@12925
   962
    ultimately
schirmer@12925
   963
    show ?case
schirmer@12925
   964
      by (rule eval.Try)
schirmer@12925
   965
  next
schirmer@13337
   966
    case (Fin c1 c2 n s0 s1 s2 x1 L accC T)
schirmer@13337
   967
    have hyp_c1: "PROP ?EqEval (Norm s0) (x1,s1) (In1r c1) \<diamondsuit>" .
schirmer@13337
   968
    have hyp_c2: "PROP ?EqEval (Norm s1) (s2) (In1r c2) \<diamondsuit>" .
schirmer@13337
   969
    have conf_s0: "Norm s0\<Colon>\<preceq>(G, L)" .
schirmer@13337
   970
    have      wt: "\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>In1r (c1 Finally c2)\<Colon>T" .
schirmer@13337
   971
    then obtain
schirmer@13337
   972
      wt_c1: "\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>c1\<Colon>\<surd>" and
schirmer@13337
   973
      wt_c2: "\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>c2\<Colon>\<surd>" 
schirmer@13337
   974
      by (rule wt_elim_cases) blast
schirmer@13337
   975
    from conf_s0 wt_c1
schirmer@13337
   976
    have eval_c1: "G\<turnstile>Norm s0 \<midarrow>c1\<rightarrow> (x1, s1)"
schirmer@13337
   977
      by (rule hyp_c1)
schirmer@13337
   978
    with wf wt_c1 conf_s0
schirmer@13337
   979
    obtain       conf_s1: "Norm s1\<Colon>\<preceq>(G, L)" and 
schirmer@13337
   980
           error_free_s1: "error_free (x1,s1)"
schirmer@13337
   981
      by (auto dest!: eval_type_sound intro: conforms_NormI)
schirmer@13337
   982
    from conf_s1 wt_c2
schirmer@13337
   983
    have eval_c2: "G\<turnstile>Norm s1 \<midarrow>c2\<rightarrow> s2"
schirmer@13337
   984
      by (rule hyp_c2)
schirmer@13337
   985
    with eval_c1 error_free_s1
schirmer@13337
   986
    show "G\<turnstile>Norm s0 \<midarrow>c1 Finally c2\<rightarrow> abupd (abrupt_if (x1 \<noteq> None) x1) s2"
schirmer@13337
   987
      by (auto intro: eval.Fin simp add: error_free_def)
schirmer@12925
   988
  next
schirmer@12925
   989
    case (Init C c n s0 s1 s2 s3 L accC T)
schirmer@12925
   990
    have     cls: "the (class G C) = c" .
schirmer@12925
   991
    have conf_s0: "Norm s0\<Colon>\<preceq>(G, L)" .
schirmer@12925
   992
    have      wt: "\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>In1r (Init C)\<Colon>T" .
schirmer@12925
   993
    with cls
schirmer@12925
   994
    have cls_C: "class G C = Some c"
schirmer@12925
   995
      by - (erule wt_elim_cases,auto)
schirmer@12925
   996
    have "if inited C (globs s0) then s3 = Norm s0
schirmer@12925
   997
	  else (G\<turnstile>Norm (init_class_obj G C s0) 
schirmer@12925
   998
		  \<midarrow>(if C = Object then Skip else Init (super c))\<rightarrow> s1 \<and>
schirmer@12925
   999
	       G\<turnstile>set_lvars empty s1 \<midarrow>init c\<rightarrow> s2 \<and> s3 = restore_lvars s1 s2)"
schirmer@12925
  1000
    proof (cases "inited C (globs s0)")
schirmer@12925
  1001
      case True
schirmer@12925
  1002
      with Init have "s3 = Norm s0"
schirmer@12925
  1003
	by simp
schirmer@12925
  1004
      with True show ?thesis 
schirmer@12925
  1005
	by simp
schirmer@12925
  1006
    next
schirmer@12925
  1007
      case False
schirmer@12925
  1008
      with Init
schirmer@12925
  1009
      obtain 
schirmer@12925
  1010
	hyp_init_super: 
schirmer@12925
  1011
        "PROP ?EqEval (Norm ((init_class_obj G C) s0)) s1
schirmer@12925
  1012
	               (In1r (if C = Object then Skip else Init (super c))) \<diamondsuit>"
schirmer@12925
  1013
	and 
schirmer@12925
  1014
        hyp_init_c:
schirmer@12925
  1015
	   "PROP ?EqEval ((set_lvars empty) s1) s2 (In1r (init c)) \<diamondsuit>" and
schirmer@12925
  1016
	s3: "s3 = (set_lvars (locals (store s1))) s2"
schirmer@12925
  1017
	by (simp only: if_False)
schirmer@12925
  1018
      from conf_s0 wf cls_C False
schirmer@12925
  1019
      have conf_s0': "(Norm ((init_class_obj G C) s0))\<Colon>\<preceq>(G, L)"
schirmer@12925
  1020
	by (auto dest: conforms_init_class_obj)
schirmer@12925
  1021
      moreover
schirmer@12925
  1022
      from wf cls_C 
schirmer@12925
  1023
      have wt_init_super:
schirmer@12925
  1024
           "\<lparr>prg = G, cls = accC, lcl = L\<rparr>
schirmer@12925
  1025
                  \<turnstile>(if C = Object then Skip else Init (super c))\<Colon>\<surd>"
schirmer@12925
  1026
	by (cases "C=Object")
schirmer@12925
  1027
           (auto dest: wf_prog_cdecl wf_cdecl_supD is_acc_classD)
schirmer@12925
  1028
      ultimately
schirmer@12925
  1029
      have eval_init_super: 
schirmer@12925
  1030
	   "G\<turnstile>Norm ((init_class_obj G C) s0) 
schirmer@12925
  1031
            \<midarrow>(if C = Object then Skip else Init (super c))\<rightarrow> s1"
schirmer@12925
  1032
	by (rule hyp_init_super)
schirmer@12925
  1033
      with conf_s0' wt_init_super wf
schirmer@12925
  1034
      have "s1\<Colon>\<preceq>(G, L)"
schirmer@12925
  1035
	by (blast dest: eval_type_sound)
schirmer@12925
  1036
      then
schirmer@12925
  1037
      have "(set_lvars empty) s1\<Colon>\<preceq>(G, empty)"
schirmer@12925
  1038
	by (cases s1) (auto dest: conforms_set_locals )
schirmer@12925
  1039
      with wf cls_C 
schirmer@12925
  1040
      have eval_init_c: "G\<turnstile>(set_lvars empty) s1 \<midarrow>init c\<rightarrow> s2"
schirmer@12925
  1041
	by (auto intro!: hyp_init_c dest: wf_prog_cdecl wf_cdecl_wt_init)
schirmer@12925
  1042
      from False eval_init_super eval_init_c s3
schirmer@12925
  1043
      show ?thesis
schirmer@12925
  1044
	by simp
schirmer@12925
  1045
    qed
wenzelm@12937
  1046
    with cls show ?case
schirmer@12925
  1047
      by (rule eval.Init)
schirmer@12925
  1048
  qed 
schirmer@12925
  1049
qed
schirmer@12925
  1050
schirmer@12925
  1051
lemma Suc_le_D_lemma: "\<lbrakk>Suc n <= m'; (\<And>m. n <= m \<Longrightarrow> P (Suc m)) \<rbrakk> \<Longrightarrow> P m'"
schirmer@12925
  1052
apply (frule Suc_le_D)
schirmer@12925
  1053
apply fast
schirmer@12925
  1054
done
schirmer@12925
  1055
schirmer@12925
  1056
lemma evaln_nonstrict [rule_format (no_asm), elim]: 
schirmer@12925
  1057
  "\<And>ws. G\<turnstile>s \<midarrow>t\<succ>\<midarrow>n\<rightarrow> ws \<Longrightarrow> \<forall>m. n\<le>m \<longrightarrow> G\<turnstile>s \<midarrow>t\<succ>\<midarrow>m\<rightarrow> ws"
schirmer@12925
  1058
apply (simp (no_asm_simp) only: split_tupled_all)
schirmer@12925
  1059
apply (erule evaln.induct)
schirmer@12925
  1060
apply (tactic {* ALLGOALS (EVERY'[strip_tac, TRY o etac (thm "Suc_le_D_lemma"),
schirmer@12925
  1061
  REPEAT o smp_tac 1, 
schirmer@12925
  1062
  resolve_tac (thms "evaln.intros") THEN_ALL_NEW TRY o atac]) *})
schirmer@12925
  1063
(* 3 subgoals *)
schirmer@12925
  1064
apply (auto split del: split_if)
schirmer@12925
  1065
done
schirmer@12925
  1066
schirmer@12925
  1067
lemmas evaln_nonstrict_Suc = evaln_nonstrict [OF _ le_refl [THEN le_SucI]]
schirmer@12925
  1068
schirmer@12925
  1069
lemma evaln_max2: "\<lbrakk>G\<turnstile>s1 \<midarrow>t1\<succ>\<midarrow>n1\<rightarrow> ws1; G\<turnstile>s2 \<midarrow>t2\<succ>\<midarrow>n2\<rightarrow> ws2\<rbrakk> \<Longrightarrow> 
schirmer@12925
  1070
             G\<turnstile>s1 \<midarrow>t1\<succ>\<midarrow>max n1 n2\<rightarrow> ws1 \<and> G\<turnstile>s2 \<midarrow>t2\<succ>\<midarrow>max n1 n2\<rightarrow> ws2"
schirmer@12925
  1071
apply (fast intro: le_maxI1 le_maxI2)
schirmer@12925
  1072
done
schirmer@12925
  1073
schirmer@12925
  1074
lemma evaln_max3: 
schirmer@12925
  1075
"\<lbrakk>G\<turnstile>s1 \<midarrow>t1\<succ>\<midarrow>n1\<rightarrow> ws1; G\<turnstile>s2 \<midarrow>t2\<succ>\<midarrow>n2\<rightarrow> ws2; G\<turnstile>s3 \<midarrow>t3\<succ>\<midarrow>n3\<rightarrow> ws3\<rbrakk> \<Longrightarrow>
schirmer@12925
  1076
 G\<turnstile>s1 \<midarrow>t1\<succ>\<midarrow>max (max n1 n2) n3\<rightarrow> ws1 \<and>
schirmer@12925
  1077
 G\<turnstile>s2 \<midarrow>t2\<succ>\<midarrow>max (max n1 n2) n3\<rightarrow> ws2 \<and> 
schirmer@12925
  1078
 G\<turnstile>s3 \<midarrow>t3\<succ>\<midarrow>max (max n1 n2) n3\<rightarrow> ws3"
schirmer@12925
  1079
apply (drule (1) evaln_max2, erule thin_rl)
schirmer@12925
  1080
apply (fast intro!: le_maxI1 le_maxI2)
schirmer@12925
  1081
done
schirmer@12925
  1082
schirmer@12925
  1083
lemma le_max3I1: "(n2::nat) \<le> max n1 (max n2 n3)"
schirmer@12925
  1084
proof -
schirmer@12925
  1085
  have "n2 \<le> max n2 n3"
schirmer@12925
  1086
    by (rule le_maxI1)
schirmer@12925
  1087
  also
schirmer@12925
  1088
  have "max n2 n3 \<le> max n1 (max n2 n3)"
schirmer@12925
  1089
    by (rule le_maxI2)
schirmer@12925
  1090
  finally
schirmer@12925
  1091
  show ?thesis .
schirmer@12925
  1092
qed
schirmer@12925
  1093
schirmer@12925
  1094
lemma le_max3I2: "(n3::nat) \<le> max n1 (max n2 n3)"
schirmer@12925
  1095
proof -
schirmer@12925
  1096
  have "n3 \<le> max n2 n3"
schirmer@12925
  1097
    by (rule le_maxI2)
schirmer@12925
  1098
  also
schirmer@12925
  1099
  have "max n2 n3 \<le> max n1 (max n2 n3)"
schirmer@12925
  1100
    by (rule le_maxI2)
schirmer@12925
  1101
  finally
schirmer@12925
  1102
  show ?thesis .
schirmer@12925
  1103
qed
schirmer@12925
  1104
schirmer@13384
  1105
section {* eval implies evaln *}
schirmer@12925
  1106
lemma eval_evaln: 
wenzelm@12937
  1107
  assumes eval: "G\<turnstile>s0 \<midarrow>t\<succ>\<rightarrow> (v,s1)" and
wenzelm@12937
  1108
            wt: "\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile>t\<Colon>T" and  
wenzelm@12937
  1109
       conf_s0: "s0\<Colon>\<preceq>(G, L)" and
wenzelm@12937
  1110
            wf: "wf_prog G"  
wenzelm@12937
  1111
  shows  "\<exists>n. G\<turnstile>s0 \<midarrow>t\<succ>\<midarrow>n\<rightarrow> (v,s1)"
schirmer@12925
  1112
proof -
schirmer@12925
  1113
  from eval 
schirmer@12925
  1114
  show "\<And> L accC T. \<lbrakk>s0\<Colon>\<preceq>(G, L);\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile>t\<Colon>T\<rbrakk>
schirmer@12925
  1115
                     \<Longrightarrow> \<exists> n. G\<turnstile>s0 \<midarrow>t\<succ>\<midarrow>n\<rightarrow> (v,s1)"
schirmer@12925
  1116
       (is "PROP ?EqEval s0 s1 t v")
schirmer@12925
  1117
  proof (induct)
schirmer@12925
  1118
    case (Abrupt s t xc L accC T)
schirmer@12925
  1119
    obtain n where
schirmer@12925
  1120
      "G\<turnstile>(Some xc, s) \<midarrow>t\<succ>\<midarrow>n\<rightarrow> (arbitrary3 t, Some xc, s)"
schirmer@12925
  1121
      by (rules intro: evaln.Abrupt)
schirmer@12925
  1122
    then show ?case ..
schirmer@12925
  1123
  next
schirmer@12925
  1124
    case Skip
schirmer@12925
  1125
    show ?case by (blast intro: evaln.Skip)
schirmer@12925
  1126
  next
schirmer@12925
  1127
    case (Expr e s0 s1 v L accC T)
schirmer@12925
  1128
    then obtain n where
schirmer@12925
  1129
      "G\<turnstile>Norm s0 \<midarrow>e-\<succ>v\<midarrow>n\<rightarrow> s1"
schirmer@12925
  1130
      by (rules elim!: wt_elim_cases)
schirmer@12925
  1131
    then have "G\<turnstile>Norm s0 \<midarrow>Expr e\<midarrow>n\<rightarrow> s1"
schirmer@12925
  1132
      by (rule evaln.Expr) 
schirmer@12925
  1133
    then show ?case ..
schirmer@12925
  1134
  next
schirmer@12925
  1135
    case (Lab c l s0 s1 L accC T)
schirmer@12925
  1136
    then obtain n where
schirmer@12925
  1137
      "G\<turnstile>Norm s0 \<midarrow>c\<midarrow>n\<rightarrow> s1"
schirmer@12925
  1138
      by (rules elim!: wt_elim_cases)
schirmer@13337
  1139
    then have "G\<turnstile>Norm s0 \<midarrow>l\<bullet> c\<midarrow>n\<rightarrow> abupd (absorb l) s1"
schirmer@12925
  1140
      by (rule evaln.Lab)
schirmer@12925
  1141
    then show ?case ..
schirmer@12925
  1142
  next
schirmer@12925
  1143
    case (Comp c1 c2 s0 s1 s2 L accC T)
schirmer@12925
  1144
    with wf obtain n1 n2 where
schirmer@12925
  1145
      "G\<turnstile>Norm s0 \<midarrow>c1\<midarrow>n1\<rightarrow> s1"
schirmer@12925
  1146
      "G\<turnstile>s1 \<midarrow>c2\<midarrow>n2\<rightarrow> s2"
schirmer@12925
  1147
      by (blast elim!: wt_elim_cases dest: eval_type_sound)
schirmer@12925
  1148
    then have "G\<turnstile>Norm s0 \<midarrow>c1;; c2\<midarrow>max n1 n2\<rightarrow> s2"
schirmer@12925
  1149
      by (blast intro: evaln.Comp dest: evaln_max2 )
schirmer@12925
  1150
    then show ?case ..
schirmer@12925
  1151
  next
schirmer@12925
  1152
    case (If b c1 c2 e s0 s1 s2 L accC T)
schirmer@12925
  1153
    with wf obtain
schirmer@12925
  1154
      "\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>e\<Colon>-PrimT Boolean"
schirmer@12925
  1155
      "\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>(if the_Bool b then c1 else c2)\<Colon>\<surd>"
schirmer@12925
  1156
      by (cases "the_Bool b") (auto elim!: wt_elim_cases)
schirmer@12925
  1157
    with If wf obtain n1 n2 where
schirmer@12925
  1158
      "G\<turnstile>Norm s0 \<midarrow>e-\<succ>b\<midarrow>n1\<rightarrow> s1"
schirmer@12925
  1159
      "G\<turnstile>s1 \<midarrow>(if the_Bool b then c1 else c2)\<midarrow>n2\<rightarrow> s2"
schirmer@12925
  1160
      by (blast dest: eval_type_sound)
schirmer@12925
  1161
    then have "G\<turnstile>Norm s0 \<midarrow>If(e) c1 Else c2\<midarrow>max n1 n2\<rightarrow> s2"
schirmer@12925
  1162
      by (blast intro: evaln.If dest: evaln_max2)
schirmer@12925
  1163
    then show ?case ..
schirmer@12925
  1164
  next
schirmer@12925
  1165
    case (Loop b c e l s0 s1 s2 s3 L accC T)
schirmer@12925
  1166
    have eval_e: "G\<turnstile>Norm s0 \<midarrow>e-\<succ>b\<rightarrow> s1" .
schirmer@12925
  1167
    have hyp_e: "PROP ?EqEval (Norm s0) s1 (In1l e) (In1 b)" .
schirmer@12925
  1168
    have conf_s0: "Norm s0\<Colon>\<preceq>(G, L)" .
schirmer@12925
  1169
    have      wt: "\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>In1r (l\<bullet> While(e) c)\<Colon>T" .
schirmer@12925
  1170
    then obtain wt_e: "\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>e\<Colon>-PrimT Boolean" and
schirmer@12925
  1171
                wt_c: "\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>c\<Colon>\<surd>"
schirmer@12925
  1172
      by (rule wt_elim_cases) (blast)
schirmer@12925
  1173
    from conf_s0 wt_e 
schirmer@12925
  1174
    obtain n1 where
schirmer@12925
  1175
      "G\<turnstile>Norm s0 \<midarrow>e-\<succ>b\<midarrow>n1\<rightarrow> s1"
schirmer@12925
  1176
      by (rules dest: hyp_e)
schirmer@12925
  1177
    moreover
schirmer@12925
  1178
    from eval_e wt_e conf_s0 wf
schirmer@12925
  1179
    have conf_s1: "s1\<Colon>\<preceq>(G, L)"
schirmer@12925
  1180
      by (rules dest: eval_type_sound)
schirmer@12925
  1181
    obtain n2 where
schirmer@12925
  1182
      "if normal s1 \<and> the_Bool b 
schirmer@12925
  1183
             then (G\<turnstile>s1 \<midarrow>c\<midarrow>n2\<rightarrow> s2 \<and> 
schirmer@12925
  1184
                   G\<turnstile>(abupd (absorb (Cont l)) s2)\<midarrow>l\<bullet> While(e) c\<midarrow>n2\<rightarrow> s3)
schirmer@12925
  1185
	     else s3 = s1"
schirmer@12925
  1186
    proof (cases "normal s1 \<and> the_Bool b")
schirmer@12925
  1187
      case True
schirmer@12925
  1188
      from Loop True have hyp_c: "PROP ?EqEval s1 s2 (In1r c) \<diamondsuit>"
schirmer@12925
  1189
	by (auto)
schirmer@12925
  1190
      from Loop True have hyp_w: "PROP ?EqEval (abupd (absorb (Cont l)) s2)
schirmer@12925
  1191
                                        s3 (In1r (l\<bullet> While(e) c)) \<diamondsuit>"
schirmer@12925
  1192
	by (auto)
schirmer@12925
  1193
      from Loop True have eval_c: "G\<turnstile>s1 \<midarrow>c\<rightarrow> s2"
schirmer@12925
  1194
	by simp
schirmer@12925
  1195
      from conf_s1 wt_c
schirmer@12925
  1196
      obtain m1 where 
schirmer@12925
  1197
	evaln_c: "G\<turnstile>s1 \<midarrow>c\<midarrow>m1\<rightarrow> s2"
schirmer@12925
  1198
	by (rules dest: hyp_c)
schirmer@12925
  1199
      moreover
schirmer@12925
  1200
      from eval_c conf_s1 wt_c wf
schirmer@12925
  1201
      have "s2\<Colon>\<preceq>(G, L)"
schirmer@12925
  1202
	by (rules dest: eval_type_sound)
schirmer@12925
  1203
      then
schirmer@12925
  1204
      have "abupd (absorb (Cont l)) s2 \<Colon>\<preceq>(G, L)"
schirmer@12925
  1205
	by (cases s2) (auto intro: conforms_absorb)
schirmer@12925
  1206
      from this and wt
schirmer@12925
  1207
      obtain m2 where 
schirmer@12925
  1208
	"G\<turnstile>abupd (absorb (Cont l)) s2 \<midarrow>l\<bullet> While(e) c\<midarrow>m2\<rightarrow> s3"
schirmer@12925
  1209
	by (blast dest: hyp_w)
schirmer@12925
  1210
      moreover note True and that
schirmer@12925
  1211
      ultimately show ?thesis
schirmer@12925
  1212
	by simp (rules intro: evaln_nonstrict le_maxI1 le_maxI2)
schirmer@12925
  1213
    next
schirmer@12925
  1214
      case False
schirmer@12925
  1215
      with Loop have "s3 = s1"
schirmer@12925
  1216
	by simp
schirmer@12925
  1217
      with False that
schirmer@12925
  1218
      show ?thesis
schirmer@12925
  1219
	by auto 
schirmer@12925
  1220
    qed
schirmer@12925
  1221
    ultimately
schirmer@12925
  1222
    have "G\<turnstile>Norm s0 \<midarrow>l\<bullet> While(e) c\<midarrow>max n1 n2\<rightarrow> s3"
schirmer@12925
  1223
      apply -
schirmer@12925
  1224
      apply (rule evaln.Loop)
schirmer@12925
  1225
      apply   (rules intro: evaln_nonstrict intro: le_maxI1)
schirmer@12925
  1226
schirmer@12925
  1227
      apply   (auto intro: evaln_nonstrict intro: le_maxI2)
schirmer@12925
  1228
      done
schirmer@12925
  1229
    then show ?case ..
schirmer@12925
  1230
  next
schirmer@12925
  1231
    case (Do j s L accC T)
schirmer@12925
  1232
    have "G\<turnstile>Norm s \<midarrow>Do j\<midarrow>n\<rightarrow> (Some (Jump j), s)"
schirmer@12925
  1233
      by (rule evaln.Do)
schirmer@12925
  1234
    then show ?case ..
schirmer@12925
  1235
  next
schirmer@12925
  1236
    case (Throw a e s0 s1 L accC T)
schirmer@12925
  1237
    then obtain n where
schirmer@12925
  1238
      "G\<turnstile>Norm s0 \<midarrow>e-\<succ>a\<midarrow>n\<rightarrow> s1"
schirmer@12925
  1239
      by (rules elim!: wt_elim_cases)
schirmer@12925
  1240
    then have "G\<turnstile>Norm s0 \<midarrow>Throw e\<midarrow>n\<rightarrow> abupd (throw a) s1"
schirmer@12925
  1241
      by (rule evaln.Throw)
schirmer@12925
  1242
    then show ?case ..
schirmer@12925
  1243
  next 
schirmer@12925
  1244
    case (Try catchC c1 c2 s0 s1 s2 s3 vn L accC T)
schirmer@12925
  1245
    have  hyp_c1: "PROP ?EqEval (Norm s0) s1 (In1r c1) \<diamondsuit>" .
schirmer@12925
  1246
    have eval_c1: "G\<turnstile>Norm s0 \<midarrow>c1\<rightarrow> s1" .
schirmer@12925
  1247
    have conf_s0: "Norm s0\<Colon>\<preceq>(G, L)" .
schirmer@12925
  1248
    have      wt: "\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile>In1r (Try c1 Catch(catchC vn) c2)\<Colon>T" .
schirmer@12925
  1249
    then obtain 
schirmer@12925
  1250
      wt_c1: "\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile>c1\<Colon>\<surd>" and
schirmer@12925
  1251
      wt_c2: "\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<lparr>lcl := L(VName vn\<mapsto>Class catchC)\<rparr>\<turnstile>c2\<Colon>\<surd>"
schirmer@12925
  1252
      by (rule wt_elim_cases) (auto)
schirmer@12925
  1253
    from conf_s0 wt_c1
schirmer@12925
  1254
    obtain n1 where
schirmer@12925
  1255
      "G\<turnstile>Norm s0 \<midarrow>c1\<midarrow>n1\<rightarrow> s1"
schirmer@12925
  1256
      by (blast dest: hyp_c1)
schirmer@12925
  1257
    moreover 
schirmer@12925
  1258
    have sxalloc: "G\<turnstile>s1 \<midarrow>sxalloc\<rightarrow> s2" .
schirmer@12925
  1259
    moreover
schirmer@12925
  1260
    from eval_c1 wt_c1 conf_s0 wf
schirmer@12925
  1261
    have "s1\<Colon>\<preceq>(G, L)"
schirmer@12925
  1262
      by (blast dest: eval_type_sound)
schirmer@12925
  1263
    with sxalloc wf
schirmer@12925
  1264
    have conf_s2: "s2\<Colon>\<preceq>(G, L)" 
schirmer@12925
  1265
      by (auto dest: sxalloc_type_sound split: option.splits)
schirmer@12925
  1266
    obtain n2 where
schirmer@12925
  1267
      "if G,s2\<turnstile>catch catchC then G\<turnstile>new_xcpt_var vn s2 \<midarrow>c2\<midarrow>n2\<rightarrow> s3 else s3 = s2"
schirmer@12925
  1268
    proof (cases "G,s2\<turnstile>catch catchC")
schirmer@12925
  1269
      case True
schirmer@12925
  1270
      note Catch = this
schirmer@12925
  1271
      with Try have hyp_c2: "PROP ?EqEval (new_xcpt_var vn s2) s3 (In1r c2) \<diamondsuit>"
schirmer@12925
  1272
	by auto
schirmer@12925
  1273
      show ?thesis
schirmer@12925
  1274
      proof (cases "normal s1")
schirmer@12925
  1275
	case True
schirmer@12925
  1276
	with sxalloc wf 
schirmer@12925
  1277
	have eq_s2_s1: "s2=s1"
schirmer@12925
  1278
	  by (auto dest: sxalloc_type_sound split: option.splits)
schirmer@12925
  1279
	with True 
schirmer@12925
  1280
	have "\<not>  G,s2\<turnstile>catch catchC"
schirmer@12925
  1281
	  by (simp add: catch_def)
schirmer@12925
  1282
	with Catch show ?thesis 
schirmer@12925
  1283
	  by (contradiction)
schirmer@12925
  1284
      next 
schirmer@12925
  1285
	case False
schirmer@12925
  1286
	with sxalloc wf
schirmer@12925
  1287
	obtain a 
schirmer@12925
  1288
	  where xcpt_s2: "abrupt s2 = Some (Xcpt (Loc a))"
schirmer@12925
  1289
	  by (auto dest!: sxalloc_type_sound split: option.splits)
schirmer@12925
  1290
	with Catch
schirmer@12925
  1291
	have "G\<turnstile>obj_ty (the (globs (store s2) (Heap a)))\<preceq>Class catchC"
schirmer@12925
  1292
	  by (cases s2) simp
schirmer@12925
  1293
	with xcpt_s2 conf_s2 wf 
schirmer@12925
  1294
	have "new_xcpt_var vn s2\<Colon>\<preceq>(G, L(VName vn\<mapsto>Class catchC))"
schirmer@12925
  1295
	  by (auto dest: Try_lemma)
wenzelm@12937
  1296
	(* FIXME extract lemma for this conformance, also useful for
schirmer@12925
  1297
               eval_type_sound and evaln_eval *)
schirmer@12925
  1298
	from this wt_c2
schirmer@12925
  1299
	obtain m where "G\<turnstile>new_xcpt_var vn s2 \<midarrow>c2\<midarrow>m\<rightarrow> s3"
schirmer@12925
  1300
	  by (auto dest: hyp_c2)
schirmer@12925
  1301
	with True that
schirmer@12925
  1302
	show ?thesis
schirmer@12925
  1303
	  by simp
schirmer@12925
  1304
      qed
schirmer@12925
  1305
    next
schirmer@12925
  1306
      case False
schirmer@12925
  1307
      with Try
schirmer@12925
  1308
      have "s3=s2"
schirmer@12925
  1309
	by simp
schirmer@12925
  1310
      with False and that
schirmer@12925
  1311
      show ?thesis
schirmer@12925
  1312
	by simp
schirmer@12925
  1313
    qed
schirmer@12925
  1314
    ultimately
schirmer@12925
  1315
    have "G\<turnstile>Norm s0 \<midarrow>Try c1 Catch(catchC vn) c2\<midarrow>max n1 n2\<rightarrow> s3"
schirmer@12925
  1316
      by (auto intro!: evaln.Try le_maxI1 le_maxI2)
schirmer@12925
  1317
    then show ?case ..
schirmer@12925
  1318
  next
schirmer@13337
  1319
    case (Fin c1 c2 s0 s1 s2 s3 x1 L accC T)
schirmer@13337
  1320
    have s3: "s3 = (if \<exists>err. x1 = Some (Error err) 
schirmer@13337
  1321
                       then (x1, s1)
schirmer@13337
  1322
                       else abupd (abrupt_if (x1 \<noteq> None) x1) s2)" .
schirmer@13337
  1323
    from Fin wf obtain n1 n2 where 
schirmer@12925
  1324
      "G\<turnstile>Norm s0 \<midarrow>c1\<midarrow>n1\<rightarrow> (x1, s1)"
schirmer@13337
  1325
      "G\<turnstile>Norm s1 \<midarrow>c2\<midarrow>n2\<rightarrow> s2" and
schirmer@13337
  1326
      error_free_s1: "error_free (x1,s1)"
schirmer@12925
  1327
      by (blast elim!: wt_elim_cases 
schirmer@12925
  1328
	         dest: eval_type_sound intro: conforms_NormI)
schirmer@12925
  1329
    then have 
schirmer@12925
  1330
     "G\<turnstile>Norm s0 \<midarrow>c1 Finally c2\<midarrow>max n1 n2\<rightarrow> abupd (abrupt_if (x1 \<noteq> None) x1) s2"
schirmer@12925
  1331
      by (blast intro: evaln.Fin dest: evaln_max2)
schirmer@13337
  1332
    with error_free_s1 s3
schirmer@13337
  1333
    show "\<exists>n. G\<turnstile>Norm s0 \<midarrow>c1 Finally c2\<midarrow>n\<rightarrow> s3"
schirmer@13337
  1334
      by (auto simp add: error_free_def)
schirmer@12925
  1335
  next
schirmer@12925
  1336
    case (Init C c s0 s1 s2 s3 L accC T)
schirmer@12925
  1337
    have     cls: "the (class G C) = c" .
schirmer@12925
  1338
    have conf_s0: "Norm s0\<Colon>\<preceq>(G, L)" .
schirmer@12925
  1339
    have      wt: "\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>In1r (Init C)\<Colon>T" .
schirmer@12925
  1340
    with cls
schirmer@12925
  1341
    have cls_C: "class G C = Some c"
schirmer@12925
  1342
      by - (erule wt_elim_cases,auto)
schirmer@12925
  1343
    obtain n where
schirmer@12925
  1344
      "if inited C (globs s0) then s3 = Norm s0
schirmer@12925
  1345
       else (G\<turnstile>Norm (init_class_obj G C s0)
schirmer@12925
  1346
	      \<midarrow>(if C = Object then Skip else Init (super c))\<midarrow>n\<rightarrow> s1 \<and>
schirmer@12925
  1347
	           G\<turnstile>set_lvars empty s1 \<midarrow>init c\<midarrow>n\<rightarrow> s2 \<and> 
schirmer@12925
  1348
                   s3 = restore_lvars s1 s2)"
schirmer@12925
  1349
    proof (cases "inited C (globs s0)")
schirmer@12925
  1350
      case True
schirmer@12925
  1351
      with Init have "s3 = Norm s0"
schirmer@12925
  1352
	by simp
schirmer@12925
  1353
      with True that show ?thesis 
schirmer@12925
  1354
	by simp
schirmer@12925
  1355
    next
schirmer@12925
  1356
      case False
schirmer@12925
  1357
      with Init
schirmer@12925
  1358
      obtain 
schirmer@12925
  1359
	hyp_init_super: 
schirmer@12925
  1360
        "PROP ?EqEval (Norm ((init_class_obj G C) s0)) s1
schirmer@12925
  1361
	               (In1r (if C = Object then Skip else Init (super c))) \<diamondsuit>"
schirmer@12925
  1362
	and 
schirmer@12925
  1363
        hyp_init_c:
schirmer@12925
  1364
	   "PROP ?EqEval ((set_lvars empty) s1) s2 (In1r (init c)) \<diamondsuit>" and
schirmer@12925
  1365
	s3: "s3 = (set_lvars (locals (store s1))) s2" and
schirmer@12925
  1366
	eval_init_super: 
schirmer@12925
  1367
	"G\<turnstile>Norm ((init_class_obj G C) s0) 
schirmer@12925
  1368
           \<midarrow>(if C = Object then Skip else Init (super c))\<rightarrow> s1"
schirmer@12925
  1369
	by (simp only: if_False)
schirmer@12925
  1370
      from conf_s0 wf cls_C False
schirmer@12925
  1371
      have conf_s0': "(Norm ((init_class_obj G C) s0))\<Colon>\<preceq>(G, L)"
schirmer@12925
  1372
	by (auto dest: conforms_init_class_obj)
schirmer@12925
  1373
      moreover
schirmer@12925
  1374
      from wf cls_C 
schirmer@12925
  1375
      have wt_init_super:
schirmer@12925
  1376
           "\<lparr>prg = G, cls = accC, lcl = L\<rparr>
schirmer@12925
  1377
                  \<turnstile>(if C = Object then Skip else Init (super c))\<Colon>\<surd>"
schirmer@12925
  1378
	by (cases "C=Object")
schirmer@12925
  1379
           (auto dest: wf_prog_cdecl wf_cdecl_supD is_acc_classD)
schirmer@12925
  1380
      ultimately
schirmer@12925
  1381
      obtain m1 where  
schirmer@12925
  1382
	   "G\<turnstile>Norm ((init_class_obj G C) s0) 
schirmer@12925
  1383
            \<midarrow>(if C = Object then Skip else Init (super c))\<midarrow>m1\<rightarrow> s1"
schirmer@12925
  1384
	by (rules dest: hyp_init_super)
schirmer@12925
  1385
      moreover
schirmer@12925
  1386
      from eval_init_super conf_s0' wt_init_super wf
schirmer@12925
  1387
      have "s1\<Colon>\<preceq>(G, L)"
schirmer@12925
  1388
	by (rules dest: eval_type_sound)
schirmer@12925
  1389
      then
schirmer@12925
  1390
      have "(set_lvars empty) s1\<Colon>\<preceq>(G, empty)"
schirmer@12925
  1391
	by (cases s1) (auto dest: conforms_set_locals )
schirmer@12925
  1392
      with wf cls_C 
schirmer@12925
  1393
      obtain m2 where
schirmer@12925
  1394
	"G\<turnstile>(set_lvars empty) s1 \<midarrow>init c\<midarrow>m2\<rightarrow> s2"
schirmer@12925
  1395
	by (blast dest!: hyp_init_c 
schirmer@12925
  1396
                   dest: wf_prog_cdecl intro!: wf_cdecl_wt_init)
schirmer@12925
  1397
      moreover note s3 and False and that
schirmer@12925
  1398
      ultimately show ?thesis
schirmer@12925
  1399
	by simp (rules intro: evaln_nonstrict le_maxI1 le_maxI2)
schirmer@12925
  1400
    qed
schirmer@12925
  1401
    from cls this have "G\<turnstile>Norm s0 \<midarrow>Init C\<midarrow>n\<rightarrow> s3"
schirmer@12925
  1402
      by (rule evaln.Init)
schirmer@12925
  1403
    then show ?case ..
schirmer@12925
  1404
  next
schirmer@12925
  1405
    case (NewC C a s0 s1 s2 L accC T)
schirmer@12925
  1406
    with wf obtain n where 
schirmer@12925
  1407
     "G\<turnstile>Norm s0 \<midarrow>Init C\<midarrow>n\<rightarrow> s1"
schirmer@12925
  1408
      by (blast elim!: wt_elim_cases dest: is_acc_classD)
schirmer@12925
  1409
    with NewC 
schirmer@12925
  1410
    have "G\<turnstile>Norm s0 \<midarrow>NewC C-\<succ>Addr a\<midarrow>n\<rightarrow> s2"
schirmer@12925
  1411
      by (rules intro: evaln.NewC)
schirmer@12925
  1412
    then show ?case ..
schirmer@12925
  1413
  next
schirmer@12925
  1414
    case (NewA T a e i s0 s1 s2 s3 L accC Ta)
schirmer@12925
  1415
    hence "\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>init_comp_ty T\<Colon>\<surd>" 
schirmer@12925
  1416
      by (auto elim!: wt_elim_cases 
schirmer@12925
  1417
              intro!: wt_init_comp_ty dest: is_acc_typeD)
schirmer@12925
  1418
    with NewA wf obtain n1 n2 where 
schirmer@12925
  1419
      "G\<turnstile>Norm s0 \<midarrow>init_comp_ty T\<midarrow>n1\<rightarrow> s1"
schirmer@12925
  1420
      "G\<turnstile>s1 \<midarrow>e-\<succ>i\<midarrow>n2\<rightarrow> s2"      
schirmer@12925
  1421
      by (blast elim!: wt_elim_cases dest: eval_type_sound)
schirmer@12925
  1422
    moreover
schirmer@12925
  1423
    have "G\<turnstile>abupd (check_neg i) s2 \<midarrow>halloc Arr T (the_Intg i)\<succ>a\<rightarrow> s3" .
schirmer@12925
  1424
    ultimately
schirmer@12925
  1425
    have "G\<turnstile>Norm s0 \<midarrow>New T[e]-\<succ>Addr a\<midarrow>max n1 n2\<rightarrow> s3"
schirmer@12925
  1426
      by (blast intro: evaln.NewA dest: evaln_max2)
schirmer@12925
  1427
    then show ?case ..
schirmer@12925
  1428
  next
schirmer@12925
  1429
    case (Cast castT e s0 s1 s2 v L accC T)
schirmer@12925
  1430
    with wf obtain n where
schirmer@12925
  1431
      "G\<turnstile>Norm s0 \<midarrow>e-\<succ>v\<midarrow>n\<rightarrow> s1"
schirmer@12925
  1432
      by (rules elim!: wt_elim_cases)
schirmer@12925
  1433
    moreover 
schirmer@12925
  1434
    have "s2 = abupd (raise_if (\<not> G,snd s1\<turnstile>v fits castT) ClassCast) s1" .
schirmer@12925
  1435
    ultimately
schirmer@12925
  1436
    have "G\<turnstile>Norm s0 \<midarrow>Cast castT e-\<succ>v\<midarrow>n\<rightarrow> s2"
schirmer@12925
  1437
      by (rule evaln.Cast)
schirmer@12925
  1438
    then show ?case ..
schirmer@12925
  1439
  next
schirmer@12925
  1440
    case (Inst T b e s0 s1 v L accC T')
schirmer@12925
  1441
    with wf obtain n where
schirmer@12925
  1442
      "G\<turnstile>Norm s0 \<midarrow>e-\<succ>v\<midarrow>n\<rightarrow> s1"
schirmer@12925
  1443
      by (rules elim!: wt_elim_cases)
schirmer@12925
  1444
    moreover 
schirmer@12925
  1445
    have "b = (v \<noteq> Null \<and> G,snd s1\<turnstile>v fits RefT T)" .
schirmer@12925
  1446
    ultimately
schirmer@12925
  1447
    have "G\<turnstile>Norm s0 \<midarrow>e InstOf T-\<succ>Bool b\<midarrow>n\<rightarrow> s1"
schirmer@12925
  1448
      by (rule evaln.Inst)
schirmer@12925
  1449
    then show ?case ..
schirmer@12925
  1450
  next
schirmer@12925
  1451
    case (Lit s v L accC T)
schirmer@12925
  1452
    have "G\<turnstile>Norm s \<midarrow>Lit v-\<succ>v\<midarrow>n\<rightarrow> Norm s"
schirmer@12925
  1453
      by (rule evaln.Lit)
schirmer@12925
  1454
    then show ?case ..
schirmer@12925
  1455
  next
schirmer@13337
  1456
    case (UnOp e s0 s1 unop v L accC T)
schirmer@13337
  1457
    with wf obtain n where
schirmer@13337
  1458
      "G\<turnstile>Norm s0 \<midarrow>e-\<succ>v\<midarrow>n\<rightarrow> s1"
schirmer@13337
  1459
      by (rules elim!: wt_elim_cases)
schirmer@13337
  1460
    hence "G\<turnstile>Norm s0 \<midarrow>UnOp unop e-\<succ>eval_unop unop v\<midarrow>n\<rightarrow> s1"
schirmer@13337
  1461
      by (rule evaln.UnOp)
schirmer@13337
  1462
    then show ?case ..
schirmer@13337
  1463
  next
schirmer@13337
  1464
    case (BinOp binop e1 e2 s0 s1 s2 v1 v2 L accC T)
schirmer@13337
  1465
    with wf obtain n1 n2 where 
schirmer@13337
  1466
      "G\<turnstile>Norm s0 \<midarrow>e1-\<succ>v1\<midarrow>n1\<rightarrow> s1"
schirmer@13384
  1467
      "G\<turnstile>s1 \<midarrow>(if need_second_arg binop v1 then In1l e2
schirmer@13384
  1468
               else In1r Skip)\<succ>\<midarrow>n2\<rightarrow> (In1 v2, s2)"    
schirmer@13384
  1469
      by (blast elim!: wt_elim_BinOp dest: eval_type_sound)
schirmer@13337
  1470
    hence "G\<turnstile>Norm s0 \<midarrow>BinOp binop e1 e2-\<succ>(eval_binop binop v1 v2)\<midarrow>max n1 n2
schirmer@13337
  1471
           \<rightarrow> s2"
schirmer@13337
  1472
      by (blast intro!: evaln.BinOp dest: evaln_max2)
schirmer@13337
  1473
    then show ?case ..
schirmer@13337
  1474
  next
schirmer@12925
  1475
    case (Super s L accC T)
schirmer@12925
  1476
    have "G\<turnstile>Norm s \<midarrow>Super-\<succ>val_this s\<midarrow>n\<rightarrow> Norm s"
schirmer@12925
  1477
      by (rule evaln.Super)
schirmer@12925
  1478
    then show ?case ..
schirmer@12925
  1479
  next
schirmer@12925
  1480
    case (Acc f s0 s1 v va L accC T)
schirmer@12925
  1481
    with wf obtain n where
schirmer@12925
  1482
      "G\<turnstile>Norm s0 \<midarrow>va=\<succ>(v, f)\<midarrow>n\<rightarrow> s1"
schirmer@12925
  1483
      by (rules elim!: wt_elim_cases)
schirmer@12925
  1484
    then
schirmer@12925
  1485
    have "G\<turnstile>Norm s0 \<midarrow>Acc va-\<succ>v\<midarrow>n\<rightarrow> s1"
schirmer@12925
  1486
      by (rule evaln.Acc)
schirmer@12925
  1487
    then show ?case ..
schirmer@12925
  1488
  next
schirmer@12925
  1489
    case (Ass e f s0 s1 s2 v var w L accC T)
schirmer@12925
  1490
    with wf obtain n1 n2 where 
schirmer@12925
  1491
      "G\<turnstile>Norm s0 \<midarrow>var=\<succ>(w, f)\<midarrow>n1\<rightarrow> s1"
schirmer@12925
  1492
      "G\<turnstile>s1 \<midarrow>e-\<succ>v\<midarrow>n2\<rightarrow> s2"      
schirmer@12925
  1493
      by (blast elim!: wt_elim_cases dest: eval_type_sound)
schirmer@12925
  1494
    then
schirmer@12925
  1495
    have "G\<turnstile>Norm s0 \<midarrow>var:=e-\<succ>v\<midarrow>max n1 n2\<rightarrow> assign f v s2"
schirmer@12925
  1496
      by (blast intro: evaln.Ass dest: evaln_max2)
schirmer@12925
  1497
    then show ?case ..
schirmer@12925
  1498
  next
schirmer@12925
  1499
    case (Cond b e0 e1 e2 s0 s1 s2 v L accC T)
schirmer@12925
  1500
    have hyp_e0: "PROP ?EqEval (Norm s0) s1 (In1l e0) (In1 b)" .
schirmer@12925
  1501
    have hyp_if: "PROP ?EqEval s1 s2 
schirmer@12925
  1502
                              (In1l (if the_Bool b then e1 else e2)) (In1 v)" .
schirmer@12925
  1503
    have conf_s0: "Norm s0\<Colon>\<preceq>(G, L)" .
schirmer@12925
  1504
    have wt: "\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>In1l (e0 ? e1 : e2)\<Colon>T" .
schirmer@12925
  1505
    then obtain T1 T2 statT where
schirmer@12925
  1506
       wt_e0: "\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>e0\<Colon>-PrimT Boolean" and
schirmer@12925
  1507
       wt_e1: "\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>e1\<Colon>-T1" and
schirmer@12925
  1508
       wt_e2: "\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>e2\<Colon>-T2" and 
schirmer@12925
  1509
       statT: "G\<turnstile>T1\<preceq>T2 \<and> statT = T2  \<or>  G\<turnstile>T2\<preceq>T1 \<and> statT =  T1" and
schirmer@12925
  1510
       T    : "T=Inl statT"
schirmer@12925
  1511
      by (rule wt_elim_cases) auto
schirmer@12925
  1512
    have eval_e0: "G\<turnstile>Norm s0 \<midarrow>e0-\<succ>b\<rightarrow> s1" .
schirmer@12925
  1513
    from conf_s0 wt_e0
schirmer@12925
  1514
    obtain n1 where 
schirmer@12925
  1515
      "G\<turnstile>Norm s0 \<midarrow>e0-\<succ>b\<midarrow>n1\<rightarrow> s1"
schirmer@12925
  1516
      by (rules dest: hyp_e0)
schirmer@12925
  1517
    moreover
schirmer@12925
  1518
    from eval_e0 conf_s0 wf wt_e0
schirmer@12925
  1519
    have "s1\<Colon>\<preceq>(G, L)"
schirmer@12925
  1520
      by (blast dest: eval_type_sound)
schirmer@12925
  1521
    with wt_e1 wt_e2 statT hyp_if obtain n2 where
schirmer@12925
  1522
      "G\<turnstile>s1 \<midarrow>(if the_Bool b then e1 else e2)-\<succ>v\<midarrow>n2\<rightarrow> s2"
schirmer@12925
  1523
      by  (cases "the_Bool b") force+
schirmer@12925
  1524
    ultimately
schirmer@12925
  1525
    have "G\<turnstile>Norm s0 \<midarrow>e0 ? e1 : e2-\<succ>v\<midarrow>max n1 n2\<rightarrow> s2"
schirmer@12925
  1526
      by (blast intro: evaln.Cond dest: evaln_max2)
schirmer@12925
  1527
    then show ?case ..
schirmer@12925
  1528
  next
schirmer@12925
  1529
    case (Call invDeclC a' accC' args e mn mode pTs' s0 s1 s2 s3 s3' s4 statT 
schirmer@12925
  1530
      v vs L accC T)
schirmer@12925
  1531
    (* Repeats large parts of the type soundness proof. One should factor
schirmer@12925
  1532
       out some lemmata about the relations and conformance of s2, s3 and s3'*)
schirmer@12925
  1533
    have eval_e: "G\<turnstile>Norm s0 \<midarrow>e-\<succ>a'\<rightarrow> s1" .
schirmer@12925
  1534
    have eval_args: "G\<turnstile>s1 \<midarrow>args\<doteq>\<succ>vs\<rightarrow> s2" .
schirmer@12925
  1535
    have invDeclC: "invDeclC 
schirmer@12925
  1536
                      = invocation_declclass G mode (store s2) a' statT 
schirmer@12925
  1537
                           \<lparr>name = mn, parTs = pTs'\<rparr>" .
schirmer@12925
  1538
    have
schirmer@12925
  1539
      init_lvars: "s3 = 
schirmer@12925
  1540
             init_lvars G invDeclC \<lparr>name = mn, parTs = pTs'\<rparr> mode a' vs s2" .
schirmer@12925
  1541
    have
schirmer@12925
  1542
      check: "s3' =
schirmer@12925
  1543
       check_method_access G accC' statT mode \<lparr>name = mn, parTs = pTs'\<rparr> a' s3" .
schirmer@12925
  1544
    have eval_methd: 
schirmer@12925
  1545
           "G\<turnstile>s3' \<midarrow>Methd invDeclC \<lparr>name = mn, parTs = pTs'\<rparr>-\<succ>v\<rightarrow> s4" .
schirmer@12925
  1546
    have     hyp_e: "PROP ?EqEval (Norm s0) s1 (In1l e) (In1 a')" .
schirmer@12925
  1547
    have  hyp_args: "PROP ?EqEval s1 s2 (In3 args) (In3 vs)" .
schirmer@12925
  1548
    have hyp_methd: "PROP ?EqEval s3' s4 
schirmer@13337
  1549
             (In1l (Methd invDeclC \<lparr>name = mn, parTs = pTs'\<rparr>)) (In1 v)".
schirmer@12925
  1550
    have conf_s0: "Norm s0\<Colon>\<preceq>(G, L)" .
schirmer@12925
  1551
    have      wt: "\<lparr>prg=G, cls=accC, lcl=L\<rparr>
schirmer@12925
  1552
                    \<turnstile>In1l ({accC',statT,mode}e\<cdot>mn( {pTs'}args))\<Colon>T" .
schirmer@12925
  1553
    from wt obtain pTs statDeclT statM where
schirmer@12925
  1554
                 wt_e: "\<lparr>prg=G, cls=accC, lcl=L\<rparr>\<turnstile>e\<Colon>-RefT statT" and
schirmer@12925
  1555
              wt_args: "\<lparr>prg=G, cls=accC, lcl=L\<rparr>\<turnstile>args\<Colon>\<doteq>pTs" and
schirmer@12925
  1556
                statM: "max_spec G accC statT \<lparr>name=mn,parTs=pTs\<rparr> 
schirmer@12925
  1557
                         = {((statDeclT,statM),pTs')}" and
schirmer@12925
  1558
                 mode: "mode = invmode statM e" and
schirmer@12925
  1559
                    T: "T =Inl (resTy statM)" and
schirmer@12925
  1560
        eq_accC_accC': "accC=accC'"
schirmer@12925
  1561
      by (rule wt_elim_cases) auto
schirmer@12925
  1562
    from conf_s0 wt_e
schirmer@12925
  1563
    obtain n1 where
schirmer@12925
  1564
      evaln_e: "G\<turnstile>Norm s0 \<midarrow>e-\<succ>a'\<midarrow>n1\<rightarrow> s1"
schirmer@12925
  1565
      by (rules dest: hyp_e)
schirmer@12925
  1566
    from wf eval_e conf_s0 wt_e
schirmer@12925
  1567
    obtain conf_s1: "s1\<Colon>\<preceq>(G, L)" and
schirmer@12925
  1568
           conf_a': "normal s1 \<Longrightarrow> G, store s1\<turnstile>a'\<Colon>\<preceq>RefT statT"  
schirmer@12925
  1569
      by (auto dest!: eval_type_sound)
schirmer@12925
  1570
    from conf_s1 wt_args
schirmer@12925
  1571
    obtain n2 where
schirmer@12925
  1572
      evaln_args: "G\<turnstile>s1 \<midarrow>args\<doteq>\<succ>vs\<midarrow>n2\<rightarrow> s2"
schirmer@12925
  1573
      by (blast dest: hyp_args)
schirmer@12925
  1574
    from wt_args conf_s1 eval_args wf 
schirmer@12925
  1575
    obtain    conf_s2: "s2\<Colon>\<preceq>(G, L)" and
schirmer@12925
  1576
            conf_args: "normal s2 
schirmer@12925
  1577
                         \<Longrightarrow>  list_all2 (conf G (store s2)) vs pTs"  
schirmer@12925
  1578
      by (auto dest!: eval_type_sound)
schirmer@12925
  1579
    from statM 
schirmer@12925
  1580
    obtain
schirmer@12925
  1581
       statM': "(statDeclT,statM)\<in>mheads G accC statT \<lparr>name=mn,parTs=pTs'\<rparr>" and
schirmer@12925
  1582
       pTs_widen: "G\<turnstile>pTs[\<preceq>]pTs'"
schirmer@12925
  1583
      by (blast dest: max_spec2mheads)
schirmer@12925
  1584
    from check
schirmer@12925
  1585
    have eq_store_s3'_s3: "store s3'=store s3"
schirmer@12925
  1586
      by (cases s3) (simp add: check_method_access_def Let_def)
schirmer@12925
  1587
    obtain invC
schirmer@12925
  1588
      where invC: "invC = invocation_class mode (store s2) a' statT"
schirmer@12925
  1589
      by simp
schirmer@12925
  1590
    with init_lvars
schirmer@12925
  1591
    have invC': "invC = (invocation_class mode (store s3) a' statT)"
schirmer@12925
  1592
      by (cases s2,cases mode) (auto simp add: init_lvars_def2 )
schirmer@12925
  1593
    obtain n3 where
schirmer@12925
  1594
     "G\<turnstile>Norm s0 \<midarrow>{accC',statT,mode}e\<cdot>mn( {pTs'}args)-\<succ>v\<midarrow>n3\<rightarrow> 
schirmer@12925
  1595
          (set_lvars (locals (store s2))) s4"
schirmer@12925
  1596
    proof (cases "normal s2")
schirmer@12925
  1597
      case False
schirmer@12925
  1598
      with init_lvars 
schirmer@12925
  1599
      obtain keep_abrupt: "abrupt s3 = abrupt s2" and
schirmer@12925
  1600
             "store s3 = store (init_lvars G invDeclC \<lparr>name = mn, parTs = pTs'\<rparr> 
schirmer@12925
  1601
                                            mode a' vs s2)" 
schirmer@12925
  1602
	by (auto simp add: init_lvars_def2)
schirmer@12925
  1603
      moreover
schirmer@12925
  1604
      from keep_abrupt False check
schirmer@12925
  1605
      have eq_s3'_s3: "s3'=s3" 
schirmer@12925
  1606
	by (auto simp add: check_method_access_def Let_def)
schirmer@12925
  1607
      moreover
schirmer@12925
  1608
      from eq_s3'_s3 False keep_abrupt eval_methd init_lvars
schirmer@12925
  1609
      obtain "s4=s3'"
schirmer@13337
  1610
      "In1 v=arbitrary3 (In1l (Methd invDeclC \<lparr>name = mn, parTs = pTs'\<rparr>))"
schirmer@12925
  1611
	by auto
schirmer@12925
  1612
      moreover note False evaln.Abrupt
schirmer@12925
  1613
      ultimately obtain m where 
schirmer@12925
  1614
	"G\<turnstile>s3' \<midarrow>Methd invDeclC \<lparr>name = mn, parTs = pTs'\<rparr>-\<succ>v\<midarrow>m\<rightarrow> s4"
schirmer@12925
  1615
	by force
schirmer@12925
  1616
      from evaln_e evaln_args invDeclC init_lvars eq_s3'_s3 this
schirmer@12925
  1617
      have 
schirmer@12925
  1618
       "G\<turnstile>Norm s0 \<midarrow>{accC',statT,mode}e\<cdot>mn( {pTs'}args)-\<succ>v\<midarrow>max n1 (max n2 m)\<rightarrow> 
schirmer@12925
  1619
            (set_lvars (locals (store s2))) s4"
schirmer@12925
  1620
	by (auto intro!: evaln.Call le_maxI1 le_max3I1 le_max3I2)
schirmer@12925
  1621
      with that show ?thesis 
schirmer@12925
  1622
	by rules
schirmer@12925
  1623
    next
schirmer@12925
  1624
      case True
schirmer@12925
  1625
      note normal_s2 = True
schirmer@12925
  1626
      with eval_args
schirmer@12925
  1627
      have normal_s1: "normal s1"
schirmer@12925
  1628
	by (cases "normal s1") auto
schirmer@12925
  1629
      with conf_a' eval_args 
schirmer@12925
  1630
      have conf_a'_s2: "G, store s2\<turnstile>a'\<Colon>\<preceq>RefT statT"
schirmer@12925
  1631
	by (auto dest: eval_gext intro: conf_gext)
schirmer@12925
  1632
      show ?thesis
schirmer@12925
  1633
      proof (cases "a'=Null \<longrightarrow> is_static statM")
schirmer@12925
  1634
	case False
schirmer@12925
  1635
	then obtain not_static: "\<not> is_static statM" and Null: "a'=Null" 
schirmer@12925
  1636
	  by blast
schirmer@12925
  1637
	with normal_s2 init_lvars mode
schirmer@12925
  1638
	obtain np: "abrupt s3 = Some (Xcpt (Std NullPointer))" and
schirmer@12925
  1639
                   "store s3 = store (init_lvars G invDeclC 
schirmer@12925
  1640
                                       \<lparr>name = mn, parTs = pTs'\<rparr> mode a' vs s2)"
schirmer@12925
  1641
	  by (auto simp add: init_lvars_def2)
schirmer@12925
  1642
	moreover
schirmer@12925
  1643
	from np check
schirmer@12925
  1644
	have eq_s3'_s3: "s3'=s3" 
schirmer@12925
  1645
	  by (auto simp add: check_method_access_def Let_def)
schirmer@12925
  1646
	moreover
schirmer@12925
  1647
	from eq_s3'_s3 np eval_methd init_lvars
schirmer@12925
  1648
	obtain "s4=s3'"
schirmer@13337
  1649
      "In1 v=arbitrary3 (In1l (Methd invDeclC \<lparr>name = mn, parTs = pTs'\<rparr>))"
schirmer@12925
  1650
	  by auto
schirmer@12925
  1651
	moreover note np
schirmer@12925
  1652
	ultimately obtain m where 
schirmer@12925
  1653
	  "G\<turnstile>s3' \<midarrow>Methd invDeclC \<lparr>name = mn, parTs = pTs'\<rparr>-\<succ>v\<midarrow>m\<rightarrow> s4"
schirmer@12925
  1654
	  by force
schirmer@12925
  1655
	from evaln_e evaln_args invDeclC init_lvars eq_s3'_s3 this
schirmer@12925
  1656
	have 
schirmer@12925
  1657
        "G\<turnstile>Norm s0 \<midarrow>{accC',statT,mode}e\<cdot>mn( {pTs'}args)-\<succ>v\<midarrow>max n1 (max n2 m)\<rightarrow> 
schirmer@12925
  1658
            (set_lvars (locals (store s2))) s4"
schirmer@12925
  1659
	  by (auto intro!: evaln.Call le_maxI1 le_max3I1 le_max3I2)
schirmer@12925
  1660
	with that show ?thesis 
schirmer@12925
  1661
	  by rules
schirmer@12925
  1662
      next
schirmer@12925
  1663
	case True
schirmer@12925
  1664
	with mode have notNull: "mode = IntVir \<longrightarrow> a' \<noteq> Null"
schirmer@12925
  1665
	  by (auto dest!: Null_staticD)
schirmer@12925
  1666
	with conf_s2 conf_a'_s2 wf invC 
schirmer@12925
  1667
	have dynT_prop: "G\<turnstile>mode\<rightarrow>invC\<preceq>statT"
schirmer@12925
  1668
	  by (cases s2) (auto intro: DynT_propI)
schirmer@12925
  1669
	with wt_e statM' invC mode wf 
schirmer@12925
  1670
	obtain dynM where 
schirmer@12925
  1671
           dynM: "dynlookup G statT invC  \<lparr>name=mn,parTs=pTs'\<rparr> = Some dynM" and
schirmer@12925
  1672
           acc_dynM: "G \<turnstile>Methd  \<lparr>name=mn,parTs=pTs'\<rparr> dynM 
schirmer@12925
  1673
                          in invC dyn_accessible_from accC"
schirmer@12925
  1674
	  by (force dest!: call_access_ok)
schirmer@12925
  1675
	with invC' check eq_accC_accC'
schirmer@12925
  1676
	have eq_s3'_s3: "s3'=s3"
schirmer@12925
  1677
	  by (auto simp add: check_method_access_def Let_def)
schirmer@12925
  1678
	from dynT_prop wf wt_e statM' mode invC invDeclC dynM 
schirmer@12925
  1679
	obtain 
schirmer@12925
  1680
	   wf_dynM: "wf_mdecl G invDeclC (\<lparr>name=mn,parTs=pTs'\<rparr>,mthd dynM)" and
schirmer@12925
  1681
	     dynM': "methd G invDeclC \<lparr>name=mn,parTs=pTs'\<rparr> = Some dynM" and
schirmer@12925
  1682
           iscls_invDeclC: "is_class G invDeclC" and
schirmer@12925
  1683
	        invDeclC': "invDeclC = declclass dynM" and
schirmer@12925
  1684
	     invC_widen: "G\<turnstile>invC\<preceq>\<^sub>C invDeclC" and
schirmer@12925
  1685
	   is_static_eq: "is_static dynM = is_static statM" and
schirmer@12925
  1686
	   involved_classes_prop:
schirmer@12925
  1687
             "(if invmode statM e = IntVir
schirmer@12925
  1688
               then \<forall>statC. statT = ClassT statC \<longrightarrow> G\<turnstile>invC\<preceq>\<^sub>C statC
schirmer@12925
  1689
               else ((\<exists>statC. statT = ClassT statC \<and> G\<turnstile>statC\<preceq>\<^sub>C invDeclC) \<or>
schirmer@12925
  1690
                     (\<forall>statC. statT \<noteq> ClassT statC \<and> invDeclC = Object)) \<and>
schirmer@12925
  1691
                      statDeclT = ClassT invDeclC)"
schirmer@12925
  1692
	  by (auto dest: DynT_mheadsD)
schirmer@12925
  1693
	obtain L' where 
schirmer@12925
  1694
	   L':"L'=(\<lambda> k. 
schirmer@12925
  1695
                 (case k of
schirmer@12925
  1696
                    EName e
schirmer@12925
  1697
                    \<Rightarrow> (case e of 
schirmer@12925
  1698
                          VNam v 
schirmer@12925
  1699
                          \<Rightarrow>(table_of (lcls (mbody (mthd dynM)))
schirmer@12925
  1700
                             (pars (mthd dynM)[\<mapsto>]pTs')) v
schirmer@12925
  1701
                        | Res \<Rightarrow> Some (resTy dynM))
schirmer@12925
  1702
                  | This \<Rightarrow> if is_static statM 
schirmer@12925
  1703
                            then None else Some (Class invDeclC)))"
schirmer@12925
  1704
	  by simp
schirmer@12925
  1705
	from wf_dynM [THEN wf_mdeclD1, THEN conjunct1] normal_s2 conf_s2 wt_e
schirmer@12925
  1706
              wf eval_args conf_a' mode notNull wf_dynM involved_classes_prop
schirmer@12925
  1707
	have conf_s3: "s3\<Colon>\<preceq>(G,L')"
schirmer@12925
  1708
	   apply - 
schirmer@12925
  1709
          (*FIXME confomrs_init_lvars should be 
schirmer@12925
  1710
                adjusted to be more directy applicable *)
schirmer@12925
  1711
	   apply (drule conforms_init_lvars [of G invDeclC 
schirmer@12925
  1712
                  "\<lparr>name=mn,parTs=pTs'\<rparr>" dynM "store s2" vs pTs "abrupt s2" 
schirmer@12925
  1713
                  L statT invC a' "(statDeclT,statM)" e])
schirmer@12925
  1714
	     apply (rule wf)
schirmer@12925
  1715
	     apply (rule conf_args,assumption)
schirmer@12925
  1716
	     apply (simp add: pTs_widen)
schirmer@12925
  1717
	     apply (cases s2,simp)
schirmer@12925
  1718
	     apply (rule dynM')
schirmer@12925
  1719
	     apply (force dest: ty_expr_is_type)
schirmer@12925
  1720
	     apply (rule invC_widen)
schirmer@12925
  1721
	     apply (force intro: conf_gext dest: eval_gext)
schirmer@12925
  1722
	     apply simp
schirmer@12925
  1723
	     apply simp
schirmer@12925
  1724
	     apply (simp add: invC)
schirmer@12925
  1725
	     apply (simp add: invDeclC)
schirmer@12925
  1726
	     apply (force dest: wf_mdeclD1 is_acc_typeD)
schirmer@12925
  1727
	     apply (cases s2, simp add: L' init_lvars
schirmer@12925
  1728
	                      cong add: lname.case_cong ename.case_cong)
schirmer@12925
  1729
	   done
schirmer@12925
  1730
	with is_static_eq wf_dynM L'
schirmer@12925
  1731
	obtain mthdT where
schirmer@12925
  1732
	   "\<lparr>prg=G,cls=invDeclC,lcl=L'\<rparr>
schirmer@12925
  1733
            \<turnstile>Body invDeclC (stmt (mbody (mthd dynM)))\<Colon>-mthdT" 
schirmer@12925
  1734
	  by - (drule wf_mdecl_bodyD,
schirmer@13337
  1735
                auto simp: cong add: lname.case_cong ename.case_cong)
schirmer@12925
  1736
	with dynM' iscls_invDeclC invDeclC'
schirmer@12925
  1737
	have
schirmer@12925
  1738
	   "\<lparr>prg=G,cls=invDeclC,lcl=L'\<rparr>
schirmer@12925
  1739
            \<turnstile>(Methd invDeclC \<lparr>name = mn, parTs = pTs'\<rparr>)\<Colon>-mthdT"
schirmer@12925
  1740
	  by (auto intro: wt.Methd)
schirmer@12925
  1741
	with conf_s3 eq_s3'_s3 hyp_methd
schirmer@12925
  1742
	obtain m where
schirmer@12925
  1743
	   "G\<turnstile>s3' \<midarrow>Methd invDeclC \<lparr>name = mn, parTs = pTs'\<rparr>-\<succ>v\<midarrow>m\<rightarrow> s4"
schirmer@12925
  1744
	  by (blast)
schirmer@12925
  1745
	from evaln_e evaln_args invDeclC init_lvars  eq_s3'_s3 this
schirmer@12925
  1746
	have 
schirmer@12925
  1747
        "G\<turnstile>Norm s0 \<midarrow>{accC',statT,mode}e\<cdot>mn( {pTs'}args)-\<succ>v\<midarrow>max n1 (max n2 m)\<rightarrow> 
schirmer@12925
  1748
            (set_lvars (locals (store s2))) s4"
schirmer@12925
  1749
	  by (auto intro!: evaln.Call le_maxI1 le_max3I1 le_max3I2)
schirmer@12925
  1750
	with that show ?thesis 
schirmer@12925
  1751
	  by rules
schirmer@12925
  1752
      qed
schirmer@12925
  1753
    qed
schirmer@12925
  1754
    then show ?case ..
schirmer@12925
  1755
  next
schirmer@12925
  1756
    case (Methd D s0 s1 sig v L accC T)
schirmer@12925
  1757
    then obtain n where
schirmer@12925
  1758
      "G\<turnstile>Norm s0 \<midarrow>body G D sig-\<succ>v\<midarrow>n\<rightarrow> s1"
schirmer@12925
  1759
      by - (erule wt_elim_cases, force simp add: body_def2)
schirmer@12925
  1760
    then have "G\<turnstile>Norm s0 \<midarrow>Methd D sig-\<succ>v\<midarrow>Suc n\<rightarrow> s1"
schirmer@12925
  1761
      by (rule evaln.Methd)
schirmer@12925
  1762
    then show ?case ..
schirmer@12925
  1763
  next
schirmer@12925
  1764
    case (Body D c s0 s1 s2 L accC T)
schirmer@12925
  1765
    with wf obtain n1 n2 where 
schirmer@12925
  1766
      "G\<turnstile>Norm s0 \<midarrow>Init D\<midarrow>n1\<rightarrow> s1"
schirmer@12925
  1767
      "G\<turnstile>s1 \<midarrow>c\<midarrow>n2\<rightarrow> s2"
schirmer@12925
  1768
      by (blast elim!: wt_elim_cases dest: eval_type_sound)
schirmer@12925
  1769
    then have 
schirmer@12925
  1770
     "G\<turnstile>Norm s0 \<midarrow>Body D c-\<succ>the (locals (store s2) Result)\<midarrow>max n1 n2
schirmer@12925
  1771
       \<rightarrow> abupd (absorb Ret) s2"
schirmer@12925
  1772
      by (blast intro: evaln.Body dest: evaln_max2)
schirmer@12925
  1773
    then show ?case ..
schirmer@12925
  1774
  next
schirmer@12925
  1775
    case (LVar s vn L accC T)
schirmer@12925
  1776
    obtain n where
schirmer@12925
  1777
      "G\<turnstile>Norm s \<midarrow>LVar vn=\<succ>lvar vn s\<midarrow>n\<rightarrow> Norm s"
schirmer@12925
  1778
      by (rules intro: evaln.LVar)
schirmer@12925
  1779
    then show ?case ..
schirmer@12925
  1780
  next
schirmer@12925
  1781
    case (FVar a accC e fn s0 s1 s2 s2' s3 stat statDeclC v L accC' T)
schirmer@12925
  1782
    have eval_init: "G\<turnstile>Norm s0 \<midarrow>Init statDeclC\<rightarrow> s1" .
schirmer@12925
  1783
    have eval_e: "G\<turnstile>s1 \<midarrow>e-\<succ>a\<rightarrow> s2" .
schirmer@12925
  1784
    have check: "s3 = check_field_access G accC statDeclC fn stat a s2'" .
schirmer@12925
  1785
    have hyp_init: "PROP ?EqEval (Norm s0) s1 (In1r (Init statDeclC)) \<diamondsuit>" .
schirmer@12925
  1786
    have hyp_e: "PROP ?EqEval s1 s2 (In1l e) (In1 a)" .
schirmer@12925
  1787
    have fvar: "(v, s2') = fvar statDeclC stat fn a s2" .
schirmer@12925
  1788
    have conf_s0: "Norm s0\<Colon>\<preceq>(G, L)" .
schirmer@12925
  1789
    have wt: "\<lparr>prg=G, cls=accC', lcl=L\<rparr>\<turnstile>In2 ({accC,statDeclC,stat}e..fn)\<Colon>T" .
schirmer@12925
  1790
    then obtain statC f where
schirmer@12925
  1791
                wt_e: "\<lparr>prg=G, cls=accC, lcl=L\<rparr>\<turnstile>e\<Colon>-Class statC" and
schirmer@12925
  1792
            accfield: "accfield G accC statC fn = Some (statDeclC,f)" and
schirmer@12925
  1793
                stat: "stat=is_static f" and
schirmer@12925
  1794
               accC': "accC'=accC" and
schirmer@12925
  1795
	           T: "T=(Inl (type f))"
schirmer@12925
  1796
       by (rule wt_elim_cases) (auto simp add: member_is_static_simp)
schirmer@12925
  1797
    from wf wt_e 
schirmer@12925
  1798
    have iscls_statC: "is_class G statC"
schirmer@12925
  1799
      by (auto dest: ty_expr_is_type type_is_class)
schirmer@12925
  1800
    with wf accfield 
schirmer@12925
  1801
    have iscls_statDeclC: "is_class G statDeclC"
schirmer@12925
  1802
      by (auto dest!: accfield_fields dest: fields_declC)
schirmer@12925
  1803
    then 
schirmer@12925
  1804
    have wt_init: "\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>(Init statDeclC)\<Colon>\<surd>"
schirmer@12925
  1805
      by simp
schirmer@12925
  1806
    from conf_s0 wt_init
schirmer@12925
  1807
    obtain n1 where
schirmer@12925
  1808
      evaln_init: "G\<turnstile>Norm s0 \<midarrow>Init statDeclC\<midarrow>n1\<rightarrow> s1"
schirmer@12925
  1809
      by (rules dest: hyp_init)
schirmer@12925
  1810
    from eval_init wt_init conf_s0 wf 
schirmer@12925
  1811
    have conf_s1: "s1\<Colon>\<preceq>(G, L)"
schirmer@12925
  1812
      by (blast dest: eval_type_sound)
schirmer@12925
  1813
    with wt_e
schirmer@12925
  1814
    obtain n2 where
schirmer@12925
  1815
      evaln_e: "G\<turnstile>s1 \<midarrow>e-\<succ>a\<midarrow>n2\<rightarrow> s2"
schirmer@12925
  1816
      by (blast dest: hyp_e)
schirmer@12925
  1817
    from eval_e wf conf_s1 wt_e
schirmer@12925
  1818
    obtain conf_s2: "s2\<Colon>\<preceq>(G, L)" and
schirmer@12925
  1819
            conf_a: "normal s2 \<longrightarrow> G,store s2\<turnstile>a\<Colon>\<preceq>Class statC"
schirmer@12925
  1820
      by (auto dest!: eval_type_sound)
schirmer@12925
  1821
    from accfield wt_e eval_init eval_e conf_s2 conf_a fvar stat check  wf
schirmer@12925
  1822
    have eq_s3_s2': "s3=s2'"  
schirmer@12925
  1823
      by (auto dest!: error_free_field_access)
schirmer@12925
  1824
    with evaln_init evaln_e fvar accC'
schirmer@12925
  1825
    have "G\<turnstile>Norm s0 \<midarrow>{accC,statDeclC,stat}e..fn=\<succ>v\<midarrow>max n1 n2\<rightarrow> s3"
schirmer@12925
  1826
      by (auto intro: evaln.FVar dest: evaln_max2)
schirmer@12925
  1827
    then show ?case ..
schirmer@12925
  1828
  next
schirmer@12925
  1829
    case (AVar a e1 e2 i s0 s1 s2 s2' v L accC T)
schirmer@12925
  1830
    with wf obtain n1 n2 where 
schirmer@12925
  1831
      "G\<turnstile>Norm s0 \<midarrow>e1-\<succ>a\<midarrow>n1\<rightarrow> s1"
schirmer@12925
  1832
      "G\<turnstile>s1 \<midarrow>e2-\<succ>i\<midarrow>n2\<rightarrow> s2"      
schirmer@12925
  1833
      by (blast elim!: wt_elim_cases dest: eval_type_sound)
schirmer@12925
  1834
    moreover 
schirmer@12925
  1835
    have "(v, s2') = avar G i a s2" .
schirmer@12925
  1836
    ultimately 
schirmer@12925
  1837
    have "G\<turnstile>Norm s0 \<midarrow>e1.[e2]=\<succ>v\<midarrow>max n1 n2\<rightarrow> s2'"
schirmer@12925
  1838
      by (blast intro!: evaln.AVar dest: evaln_max2)
schirmer@12925
  1839
    then show ?case ..
schirmer@12925
  1840
  next
schirmer@12925
  1841
    case (Nil s0 L accC T)
schirmer@12925
  1842
    show ?case by (rules intro: evaln.Nil)
schirmer@12925
  1843
  next
schirmer@12925
  1844
    case (Cons e es s0 s1 s2 v vs L accC T)
schirmer@12925
  1845
    with wf obtain n1 n2 where 
schirmer@12925
  1846
      "G\<turnstile>Norm s0 \<midarrow>e-\<succ>v\<midarrow>n1\<rightarrow> s1"
schirmer@12925
  1847
      "G\<turnstile>s1 \<midarrow>es\<doteq>\<succ>vs\<midarrow>n2\<rightarrow> s2"      
schirmer@12925
  1848
      by (blast elim!: wt_elim_cases dest: eval_type_sound)
schirmer@12925
  1849
    then
schirmer@12925
  1850
    have "G\<turnstile>Norm s0 \<midarrow>e # es\<doteq>\<succ>v # vs\<midarrow>max n1 n2\<rightarrow> s2"
schirmer@12925
  1851
      by (blast intro!: evaln.Cons dest: evaln_max2)
schirmer@12925
  1852
    then show ?case ..
schirmer@12925
  1853
  qed
schirmer@12925
  1854
qed
schirmer@12925
  1855
schirmer@12854
  1856
end