isabelle update_cartouches -c -t;
authorwenzelm
Sat Jan 02 18:48:45 2016 +0100 (2016-01-02)
changeset 620426c6ccf573479
parent 62041 52a87574bca9
child 62043 f57dbc3d2a26
isabelle update_cartouches -c -t;
src/HOL/Bali/AxCompl.thy
src/HOL/Bali/AxExample.thy
src/HOL/Bali/AxSem.thy
src/HOL/Bali/AxSound.thy
src/HOL/Bali/Basis.thy
src/HOL/Bali/Conform.thy
src/HOL/Bali/Decl.thy
src/HOL/Bali/DeclConcepts.thy
src/HOL/Bali/DefiniteAssignment.thy
src/HOL/Bali/DefiniteAssignmentCorrect.thy
src/HOL/Bali/Eval.thy
src/HOL/Bali/Evaln.thy
src/HOL/Bali/Example.thy
src/HOL/Bali/Name.thy
src/HOL/Bali/State.thy
src/HOL/Bali/Table.thy
src/HOL/Bali/Term.thy
src/HOL/Bali/Trans.thy
src/HOL/Bali/Type.thy
src/HOL/Bali/TypeRel.thy
src/HOL/Bali/TypeSafe.thy
src/HOL/Bali/Value.thy
src/HOL/Bali/WellForm.thy
src/HOL/Bali/WellType.thy
src/HOL/Hoare/Arith2.thy
src/HOL/Hoare/Heap.thy
src/HOL/Hoare/HeapSyntaxAbort.thy
src/HOL/Hoare/Hoare_Logic.thy
src/HOL/Hoare/Hoare_Logic_Abort.thy
src/HOL/Hoare/Pointer_Examples.thy
src/HOL/Hoare/Pointers0.thy
src/HOL/Hoare/SchorrWaite.thy
src/HOL/Hoare/SepLogHeap.thy
src/HOL/Hoare/Separation.thy
src/HOL/Hoare_Parallel/Gar_Coll.thy
src/HOL/Hoare_Parallel/Graph.thy
src/HOL/Hoare_Parallel/Mul_Gar_Coll.thy
src/HOL/Hoare_Parallel/OG_Com.thy
src/HOL/Hoare_Parallel/OG_Examples.thy
src/HOL/Hoare_Parallel/OG_Hoare.thy
src/HOL/Hoare_Parallel/OG_Syntax.thy
src/HOL/Hoare_Parallel/OG_Tactics.thy
src/HOL/Hoare_Parallel/RG_Com.thy
src/HOL/Hoare_Parallel/RG_Examples.thy
src/HOL/Hoare_Parallel/RG_Hoare.thy
src/HOL/Hoare_Parallel/RG_Tran.thy
src/HOL/MicroJava/BV/BVExample.thy
src/HOL/MicroJava/BV/BVSpec.thy
src/HOL/MicroJava/BV/BVSpecTypeSafe.thy
src/HOL/MicroJava/BV/Effect.thy
src/HOL/MicroJava/BV/JVMType.thy
src/HOL/MicroJava/Comp/CorrCompTp.thy
src/HOL/MicroJava/Comp/LemmasComp.thy
src/HOL/MicroJava/DFA/Kildall.thy
src/HOL/MicroJava/J/Conform.thy
src/HOL/MicroJava/J/Decl.thy
src/HOL/MicroJava/J/Eval.thy
src/HOL/MicroJava/J/Example.thy
src/HOL/MicroJava/J/JTypeSafe.thy
src/HOL/MicroJava/J/State.thy
src/HOL/MicroJava/J/SystemClasses.thy
src/HOL/MicroJava/J/Term.thy
src/HOL/MicroJava/J/Type.thy
src/HOL/MicroJava/J/TypeRel.thy
src/HOL/MicroJava/J/Value.thy
src/HOL/MicroJava/J/WellType.thy
src/HOL/MicroJava/JVM/JVMExec.thy
src/HOL/MicroJava/JVM/JVMExecInstr.thy
src/HOL/MicroJava/JVM/JVMInstructions.thy
src/HOL/MicroJava/JVM/JVMListExample.thy
src/HOL/MicroJava/JVM/JVMState.thy
     1.1 --- a/src/HOL/Bali/AxCompl.thy	Sat Jan 02 18:46:36 2016 +0100
     1.2 +++ b/src/HOL/Bali/AxCompl.thy	Sat Jan 02 18:48:45 2016 +0100
     1.3 @@ -2,18 +2,18 @@
     1.4      Author:     David von Oheimb and Norbert Schirmer
     1.5  *)
     1.6  
     1.7 -subsection {*
     1.8 +subsection \<open>
     1.9  Completeness proof for Axiomatic semantics of Java expressions and statements
    1.10 -*}
    1.11 +\<close>
    1.12  
    1.13  theory AxCompl imports AxSem begin
    1.14  
    1.15 -text {*
    1.16 +text \<open>
    1.17  design issues:
    1.18  \begin{itemize}
    1.19  \item proof structured by Most General Formulas (-> Thomas Kleymann)
    1.20  \end{itemize}
    1.21 -*}
    1.22 +\<close>
    1.23  
    1.24  
    1.25  
    1.26 @@ -170,10 +170,10 @@
    1.27  done
    1.28  lemmas MGFnD' = MGFnD [of _ _ _ _ "\<lambda>x. True"] 
    1.29  
    1.30 -text {* To derive the most general formula, we can always assume a normal
    1.31 +text \<open>To derive the most general formula, we can always assume a normal
    1.32  state in the precondition, since abrupt cases can be handled uniformally by
    1.33  the abrupt rule.
    1.34 -*}
    1.35 +\<close>
    1.36  lemma MGFNormalI: "G,A\<turnstile>{Normal \<doteq>} t\<succ> {G\<rightarrow>} \<Longrightarrow>  
    1.37    G,(A::state triple set)\<turnstile>{\<doteq>::state assn} t\<succ> {G\<rightarrow>}"
    1.38  apply (unfold MGF_def)
    1.39 @@ -191,8 +191,8 @@
    1.40  apply clarsimp
    1.41  done
    1.42  
    1.43 -text {* Additionally to @{text MGFNormalI}, we also expand the definition of 
    1.44 -the most general formula here *} 
    1.45 +text \<open>Additionally to \<open>MGFNormalI\<close>, we also expand the definition of 
    1.46 +the most general formula here\<close> 
    1.47  lemma MGFn_NormalI: 
    1.48  "G,(A::state triple set)\<turnstile>{Normal((\<lambda>Y' s' s. s'=s \<and> normal s) \<and>. G\<turnstile>init\<le>n)}t\<succ> 
    1.49   {\<lambda>Y s' s. G\<turnstile>s \<midarrow>t\<succ>\<rightarrow> (Y,s')} \<Longrightarrow> G,A\<turnstile>{=:n}t\<succ>{G\<rightarrow>}"
    1.50 @@ -204,9 +204,9 @@
    1.51  apply (clarsimp simp add: Let_def)
    1.52  done
    1.53  
    1.54 -text {* To derive the most general formula, we can restrict ourselves to 
    1.55 +text \<open>To derive the most general formula, we can restrict ourselves to 
    1.56  welltyped terms, since all others can be uniformally handled by the hazard
    1.57 -rule. *} 
    1.58 +rule.\<close> 
    1.59  lemma MGFn_free_wt: 
    1.60    "(\<exists>T L C. \<lparr>prg=G,cls=C,lcl=L\<rparr>\<turnstile>t\<Colon>T) 
    1.61      \<longrightarrow> G,(A::state triple set)\<turnstile>{=:n} t\<succ> {G\<rightarrow>} 
    1.62 @@ -216,10 +216,10 @@
    1.63  apply (auto elim: conseq12 simp add: MGFn_def MGF_def)
    1.64  done
    1.65  
    1.66 -text {* To derive the most general formula, we can restrict ourselves to 
    1.67 +text \<open>To derive the most general formula, we can restrict ourselves to 
    1.68  welltyped terms and assume that the state in the precondition conforms to the
    1.69  environment. All type violations can be uniformally handled by the hazard
    1.70 -rule. *} 
    1.71 +rule.\<close> 
    1.72  lemma MGFn_free_wt_NormalConformI: 
    1.73  "(\<forall> T L C . \<lparr>prg=G,cls=C,lcl=L\<rparr>\<turnstile>t\<Colon>T 
    1.74    \<longrightarrow> G,(A::state triple set)
    1.75 @@ -240,10 +240,10 @@
    1.76  apply blast
    1.77  done
    1.78  
    1.79 -text {* To derive the most general formula, we can restrict ourselves to 
    1.80 +text \<open>To derive the most general formula, we can restrict ourselves to 
    1.81  welltyped terms and assume that the state in the precondition conforms to the
    1.82  environment and that the term is definetly assigned with respect to this state.
    1.83 -All type violations can be uniformally handled by the hazard rule. *} 
    1.84 +All type violations can be uniformally handled by the hazard rule.\<close> 
    1.85  lemma MGFn_free_wt_da_NormalConformI: 
    1.86  "(\<forall> T L C B. \<lparr>prg=G,cls=C,lcl=L\<rparr>\<turnstile>t\<Colon>T
    1.87    \<longrightarrow> G,(A::state triple set)
    1.88 @@ -543,11 +543,11 @@
    1.89              [where ?Env="\<lparr>prg=G, cls=C,lcl=L\<rparr>",simplified],auto)
    1.90  
    1.91  
    1.92 -text {* To derive the most general formula for the loop statement, we need to
    1.93 +text \<open>To derive the most general formula for the loop statement, we need to
    1.94  come up with a proper loop invariant, which intuitively states that we are 
    1.95  currently inside the evaluation of the loop. To define such an invariant, we
    1.96  unroll the loop in iterated evaluations of the expression and evaluations of
    1.97 -the loop body. *}
    1.98 +the loop body.\<close>
    1.99  
   1.100  definition
   1.101    unroll :: "prog \<Rightarrow> label \<Rightarrow> expr \<Rightarrow> stmt \<Rightarrow> (state \<times>  state) set" where
   1.102 @@ -719,7 +719,7 @@
   1.103          show "Y' = \<diamondsuit> \<and> G\<turnstile>Norm s \<midarrow>l\<bullet> While(e) c\<rightarrow> s'"
   1.104          proof -
   1.105            from asm obtain v t where 
   1.106 -            -- {* @{term "Z'"} gets instantiated with @{term "Norm s"} *}  
   1.107 +            \<comment> \<open>@{term "Z'"} gets instantiated with @{term "Norm s"}\<close>  
   1.108              unroll: "(Norm s, t) \<in> (unroll G l e c)\<^sup>*" and
   1.109              eval_e: "G\<turnstile>t \<midarrow>e-\<succ>v\<rightarrow> s'" and
   1.110              normal_termination: "normal s' \<longrightarrow> \<not> the_Bool v" and
   1.111 @@ -1037,13 +1037,13 @@
   1.112          done
   1.113      next
   1.114        case (FVar accC statDeclC stat e fn)
   1.115 -      from MGFn_Init [OF hyp] and `G,A\<turnstile>{=:n} \<langle>e\<rangle>\<^sub>e\<succ> {G\<rightarrow>}` and wf
   1.116 +      from MGFn_Init [OF hyp] and \<open>G,A\<turnstile>{=:n} \<langle>e\<rangle>\<^sub>e\<succ> {G\<rightarrow>}\<close> and wf
   1.117        show ?case
   1.118          by (rule MGFn_FVar)
   1.119      next
   1.120        case (AVar e1 e2)
   1.121 -      note mgf_e1 = `G,A\<turnstile>{=:n} \<langle>e1\<rangle>\<^sub>e\<succ> {G\<rightarrow>}`
   1.122 -      note mgf_e2 = `G,A\<turnstile>{=:n} \<langle>e2\<rangle>\<^sub>e\<succ> {G\<rightarrow>}`
   1.123 +      note mgf_e1 = \<open>G,A\<turnstile>{=:n} \<langle>e1\<rangle>\<^sub>e\<succ> {G\<rightarrow>}\<close>
   1.124 +      note mgf_e2 = \<open>G,A\<turnstile>{=:n} \<langle>e2\<rangle>\<^sub>e\<succ> {G\<rightarrow>}\<close>
   1.125        show "G,A\<turnstile>{=:n} \<langle>e1.[e2]\<rangle>\<^sub>v\<succ> {G\<rightarrow>}"
   1.126          apply (rule MGFn_NormalI)
   1.127          apply (rule ax_derivs.AVar)
   1.128 @@ -1186,8 +1186,8 @@
   1.129          done
   1.130      next
   1.131        case (Call accC statT mode e mn pTs' ps)
   1.132 -      note mgf_e = `G,A\<turnstile>{=:n} \<langle>e\<rangle>\<^sub>e\<succ> {G\<rightarrow>}`
   1.133 -      note mgf_ps = `G,A\<turnstile>{=:n} \<langle>ps\<rangle>\<^sub>l\<succ> {G\<rightarrow>}`
   1.134 +      note mgf_e = \<open>G,A\<turnstile>{=:n} \<langle>e\<rangle>\<^sub>e\<succ> {G\<rightarrow>}\<close>
   1.135 +      note mgf_ps = \<open>G,A\<turnstile>{=:n} \<langle>ps\<rangle>\<^sub>l\<succ> {G\<rightarrow>}\<close>
   1.136        from mgf_methds mgf_e mgf_ps wf
   1.137        show "G,A\<turnstile>{=:n} \<langle>{accC,statT,mode}e\<cdot>mn({pTs'}ps)\<rangle>\<^sub>e\<succ> {G\<rightarrow>}"
   1.138          by (rule MGFn_Call)
   1.139 @@ -1198,7 +1198,7 @@
   1.140          by simp
   1.141      next
   1.142        case (Body D c)
   1.143 -      note mgf_c = `G,A\<turnstile>{=:n} \<langle>c\<rangle>\<^sub>s\<succ> {G\<rightarrow>}`
   1.144 +      note mgf_c = \<open>G,A\<turnstile>{=:n} \<langle>c\<rangle>\<^sub>s\<succ> {G\<rightarrow>}\<close>
   1.145        from wf MGFn_Init [OF hyp] mgf_c
   1.146        show "G,A\<turnstile>{=:n} \<langle>Body D c\<rangle>\<^sub>e\<succ> {G\<rightarrow>}"
   1.147          by (rule MGFn_Body)
   1.148 @@ -1266,8 +1266,8 @@
   1.149          done
   1.150      next
   1.151        case (Loop l e c)
   1.152 -      note mgf_e = `G,A\<turnstile>{=:n} \<langle>e\<rangle>\<^sub>e\<succ> {G\<rightarrow>}`
   1.153 -      note mgf_c = `G,A\<turnstile>{=:n} \<langle>c\<rangle>\<^sub>s\<succ> {G\<rightarrow>}`
   1.154 +      note mgf_e = \<open>G,A\<turnstile>{=:n} \<langle>e\<rangle>\<^sub>e\<succ> {G\<rightarrow>}\<close>
   1.155 +      note mgf_c = \<open>G,A\<turnstile>{=:n} \<langle>c\<rangle>\<^sub>s\<succ> {G\<rightarrow>}\<close>
   1.156        from mgf_e mgf_c wf
   1.157        show "G,A\<turnstile>{=:n} \<langle>l\<bullet> While(e) c\<rangle>\<^sub>s\<succ> {G\<rightarrow>}"
   1.158          by (rule MGFn_Loop)
   1.159 @@ -1303,8 +1303,8 @@
   1.160          done
   1.161      next
   1.162        case (Fin c1 c2)
   1.163 -      note mgf_c1 = `G,A\<turnstile>{=:n} \<langle>c1\<rangle>\<^sub>s\<succ> {G\<rightarrow>}`
   1.164 -      note mgf_c2 = `G,A\<turnstile>{=:n} \<langle>c2\<rangle>\<^sub>s\<succ> {G\<rightarrow>}`
   1.165 +      note mgf_c1 = \<open>G,A\<turnstile>{=:n} \<langle>c1\<rangle>\<^sub>s\<succ> {G\<rightarrow>}\<close>
   1.166 +      note mgf_c2 = \<open>G,A\<turnstile>{=:n} \<langle>c2\<rangle>\<^sub>s\<succ> {G\<rightarrow>}\<close>
   1.167        from wf mgf_c1 mgf_c2
   1.168        show "G,A\<turnstile>{=:n} \<langle>c1 Finally c2\<rangle>\<^sub>s\<succ> {G\<rightarrow>}"
   1.169          by (rule MGFn_Fin)
   1.170 @@ -1370,7 +1370,7 @@
   1.171  apply -
   1.172  apply (induct_tac "n")
   1.173  apply  (tactic "ALLGOALS (clarsimp_tac @{context})")
   1.174 -apply  (tactic {* dresolve_tac @{context} [Thm.permute_prems 0 1 @{thm card_seteq}] 1 *})
   1.175 +apply  (tactic \<open>dresolve_tac @{context} [Thm.permute_prems 0 1 @{thm card_seteq}] 1\<close>)
   1.176  apply    simp
   1.177  apply   (erule finite_imageI)
   1.178  apply  (simp add: MGF_asm ax_derivs_asm)
     2.1 --- a/src/HOL/Bali/AxExample.thy	Sat Jan 02 18:46:36 2016 +0100
     2.2 +++ b/src/HOL/Bali/AxExample.thy	Sat Jan 02 18:48:45 2016 +0100
     2.3 @@ -2,7 +2,7 @@
     2.4      Author:     David von Oheimb
     2.5  *)
     2.6  
     2.7 -subsection {* Example of a proof based on the Bali axiomatic semantics *}
     2.8 +subsection \<open>Example of a proof based on the Bali axiomatic semantics\<close>
     2.9  
    2.10  theory AxExample
    2.11  imports AxSem Example
    2.12 @@ -40,7 +40,7 @@
    2.13  declare split_if_asm [split del]
    2.14  declare lvar_def [simp]
    2.15  
    2.16 -ML {*
    2.17 +ML \<open>
    2.18  fun inst1_tac ctxt s t xs st =
    2.19    (case AList.lookup (op =) (rev (Term.add_var_names (Thm.prop_of st) [])) s of
    2.20      SOME i => PRIMITIVE (Rule_Insts.read_instantiate ctxt [(((s, i), Position.none), t)] xs) st
    2.21 @@ -50,7 +50,7 @@
    2.22    REPEAT o resolve_tac ctxt [allI] THEN'
    2.23    resolve_tac ctxt
    2.24      @{thms ax_Skip ax_StatRef ax_MethdN ax_Alloc ax_Alloc_Arr ax_SXAlloc_Normal ax_derivs.intros(8-)};
    2.25 -*}
    2.26 +\<close>
    2.27  
    2.28  
    2.29  theorem ax_test: "tprg,({}::'a triple set)\<turnstile> 
    2.30 @@ -64,8 +64,8 @@
    2.31           precondition. *)
    2.32  apply  (tactic "ax_tac @{context} 1" (* Try *))
    2.33  defer
    2.34 -apply    (tactic {* inst1_tac @{context} "Q" 
    2.35 -                 "\<lambda>Y s Z. arr_inv (snd s) \<and> tprg,s\<turnstile>catch SXcpt NullPointer" [] *})
    2.36 +apply    (tactic \<open>inst1_tac @{context} "Q" 
    2.37 +                 "\<lambda>Y s Z. arr_inv (snd s) \<and> tprg,s\<turnstile>catch SXcpt NullPointer" []\<close>)
    2.38  prefer 2
    2.39  apply    simp
    2.40  apply   (rule_tac P' = "Normal (\<lambda>Y s Z. arr_inv (snd s))" in conseq1)
    2.41 @@ -84,7 +84,7 @@
    2.42  apply   (tactic "ax_tac @{context} 1" (* AVar *))
    2.43  prefer 2
    2.44  apply    (rule ax_subst_Val_allI)
    2.45 -apply    (tactic {* inst1_tac @{context} "P'" "\<lambda>a. Normal (PP a\<leftarrow>x)" ["PP", "x"] *})
    2.46 +apply    (tactic \<open>inst1_tac @{context} "P'" "\<lambda>a. Normal (PP a\<leftarrow>x)" ["PP", "x"]\<close>)
    2.47  apply    (simp del: avar_def2 peek_and_def2)
    2.48  apply    (tactic "ax_tac @{context} 1")
    2.49  apply   (tactic "ax_tac @{context} 1")
    2.50 @@ -125,25 +125,25 @@
    2.51  apply      (tactic "ax_tac @{context} 1") (* Ass *)
    2.52  prefer 2
    2.53  apply       (rule ax_subst_Var_allI)
    2.54 -apply       (tactic {* inst1_tac @{context} "P'" "\<lambda>a vs l vf. PP a vs l vf\<leftarrow>x \<and>. p" ["PP", "x", "p"] *})
    2.55 +apply       (tactic \<open>inst1_tac @{context} "P'" "\<lambda>a vs l vf. PP a vs l vf\<leftarrow>x \<and>. p" ["PP", "x", "p"]\<close>)
    2.56  apply       (rule allI)
    2.57 -apply       (tactic {* simp_tac (@{context} delloop "split_all_tac" delsimps [@{thm peek_and_def2}, @{thm heap_def2}, @{thm subst_res_def2}, @{thm normal_def2}]) 1 *})
    2.58 +apply       (tactic \<open>simp_tac (@{context} delloop "split_all_tac" delsimps [@{thm peek_and_def2}, @{thm heap_def2}, @{thm subst_res_def2}, @{thm normal_def2}]) 1\<close>)
    2.59  apply       (rule ax_derivs.Abrupt)
    2.60  apply      (simp (no_asm))
    2.61  apply      (tactic "ax_tac @{context} 1" (* FVar *))
    2.62  apply       (tactic "ax_tac @{context} 2", tactic "ax_tac @{context} 2", tactic "ax_tac @{context} 2")
    2.63  apply      (tactic "ax_tac @{context} 1")
    2.64 -apply     (tactic {* inst1_tac @{context} "R" "\<lambda>a'. Normal ((\<lambda>Vals:vs (x, s) Z. arr_inv s \<and> inited Ext (globs s) \<and> a' \<noteq> Null \<and> vs = [Null]) \<and>. heap_free two)" [] *})
    2.65 +apply     (tactic \<open>inst1_tac @{context} "R" "\<lambda>a'. Normal ((\<lambda>Vals:vs (x, s) Z. arr_inv s \<and> inited Ext (globs s) \<and> a' \<noteq> Null \<and> vs = [Null]) \<and>. heap_free two)" []\<close>)
    2.66  apply     fastforce
    2.67  prefer 4
    2.68  apply    (rule ax_derivs.Done [THEN conseq1],force)
    2.69  apply   (rule ax_subst_Val_allI)
    2.70 -apply   (tactic {* inst1_tac @{context} "P'" "\<lambda>a. Normal (PP a\<leftarrow>x)" ["PP", "x"] *})
    2.71 +apply   (tactic \<open>inst1_tac @{context} "P'" "\<lambda>a. Normal (PP a\<leftarrow>x)" ["PP", "x"]\<close>)
    2.72  apply   (simp (no_asm) del: peek_and_def2 heap_free_def2 normal_def2 o_apply)
    2.73  apply   (tactic "ax_tac @{context} 1")
    2.74  prefer 2
    2.75  apply   (rule ax_subst_Val_allI)
    2.76 -apply    (tactic {* inst1_tac @{context} "P'" "\<lambda>aa v. Normal (QQ aa v\<leftarrow>y)" ["QQ", "y"] *})
    2.77 +apply    (tactic \<open>inst1_tac @{context} "P'" "\<lambda>aa v. Normal (QQ aa v\<leftarrow>y)" ["QQ", "y"]\<close>)
    2.78  apply    (simp del: peek_and_def2 heap_free_def2 normal_def2)
    2.79  apply    (tactic "ax_tac @{context} 1")
    2.80  apply   (tactic "ax_tac @{context} 1")
    2.81 @@ -162,7 +162,7 @@
    2.82  apply (tactic "ax_tac @{context} 1")
    2.83  defer
    2.84  apply  (rule ax_subst_Var_allI)
    2.85 -apply  (tactic {* inst1_tac @{context} "P'" "\<lambda>vf. Normal (PP vf \<and>. p)" ["PP", "p"] *})
    2.86 +apply  (tactic \<open>inst1_tac @{context} "P'" "\<lambda>vf. Normal (PP vf \<and>. p)" ["PP", "p"]\<close>)
    2.87  apply  (simp (no_asm) del: split_paired_All peek_and_def2 initd_def2 heap_free_def2 normal_def2)
    2.88  apply  (tactic "ax_tac @{context} 1" (* NewC *))
    2.89  apply  (tactic "ax_tac @{context} 1" (* ax_Alloc *))
    2.90 @@ -177,43 +177,43 @@
    2.91  apply  (rule ax_InitS)
    2.92  apply     force
    2.93  apply    (simp (no_asm))
    2.94 -apply   (tactic {* simp_tac (@{context} delloop "split_all_tac") 1 *})
    2.95 +apply   (tactic \<open>simp_tac (@{context} delloop "split_all_tac") 1\<close>)
    2.96  apply   (rule ax_Init_Skip_lemma)
    2.97 -apply  (tactic {* simp_tac (@{context} delloop "split_all_tac") 1 *})
    2.98 +apply  (tactic \<open>simp_tac (@{context} delloop "split_all_tac") 1\<close>)
    2.99  apply  (rule ax_InitS [THEN conseq1] (* init Base *))
   2.100  apply      force
   2.101  apply     (simp (no_asm))
   2.102  apply    (unfold arr_viewed_from_def)
   2.103  apply    (rule allI)
   2.104  apply    (rule_tac P' = "Normal P" and P = P for P in conseq1)
   2.105 -apply     (tactic {* simp_tac (@{context} delloop "split_all_tac") 1 *})
   2.106 +apply     (tactic \<open>simp_tac (@{context} delloop "split_all_tac") 1\<close>)
   2.107  apply     (tactic "ax_tac @{context} 1")
   2.108  apply     (tactic "ax_tac @{context} 1")
   2.109  apply     (rule_tac [2] ax_subst_Var_allI)
   2.110 -apply      (tactic {* inst1_tac @{context} "P'" "\<lambda>vf l vfa. Normal (P vf l vfa)" ["P"] *})
   2.111 -apply     (tactic {* simp_tac (@{context} delloop "split_all_tac" delsimps [@{thm split_paired_All}, @{thm peek_and_def2}, @{thm heap_free_def2}, @{thm initd_def2}, @{thm normal_def2}, @{thm supd_lupd}]) 2 *})
   2.112 +apply      (tactic \<open>inst1_tac @{context} "P'" "\<lambda>vf l vfa. Normal (P vf l vfa)" ["P"]\<close>)
   2.113 +apply     (tactic \<open>simp_tac (@{context} delloop "split_all_tac" delsimps [@{thm split_paired_All}, @{thm peek_and_def2}, @{thm heap_free_def2}, @{thm initd_def2}, @{thm normal_def2}, @{thm supd_lupd}]) 2\<close>)
   2.114  apply      (tactic "ax_tac @{context} 2" (* NewA *))
   2.115  apply       (tactic "ax_tac @{context} 3" (* ax_Alloc_Arr *))
   2.116  apply       (tactic "ax_tac @{context} 3")
   2.117 -apply      (tactic {* inst1_tac @{context} "P" "\<lambda>vf l vfa. Normal (P vf l vfa\<leftarrow>\<diamondsuit>)" ["P"] *})
   2.118 -apply      (tactic {* simp_tac (@{context} delloop "split_all_tac") 2 *})
   2.119 +apply      (tactic \<open>inst1_tac @{context} "P" "\<lambda>vf l vfa. Normal (P vf l vfa\<leftarrow>\<diamondsuit>)" ["P"]\<close>)
   2.120 +apply      (tactic \<open>simp_tac (@{context} delloop "split_all_tac") 2\<close>)
   2.121  apply      (tactic "ax_tac @{context} 2")
   2.122  apply     (tactic "ax_tac @{context} 1" (* FVar *))
   2.123  apply      (tactic "ax_tac @{context} 2" (* StatRef *))
   2.124  apply     (rule ax_derivs.Done [THEN conseq1])
   2.125 -apply     (tactic {* inst1_tac @{context} "Q" "\<lambda>vf. Normal ((\<lambda>Y s Z. vf=lvar (VName e) (snd s)) \<and>. heap_free four \<and>. initd Base \<and>. initd Ext)" [] *})
   2.126 +apply     (tactic \<open>inst1_tac @{context} "Q" "\<lambda>vf. Normal ((\<lambda>Y s Z. vf=lvar (VName e) (snd s)) \<and>. heap_free four \<and>. initd Base \<and>. initd Ext)" []\<close>)
   2.127  apply     (clarsimp split del: split_if)
   2.128  apply     (frule atleast_free_weaken [THEN atleast_free_weaken])
   2.129  apply     (drule initedD)
   2.130  apply     (clarsimp elim!: atleast_free_SucD simp add: arr_inv_def)
   2.131  apply    force
   2.132 -apply   (tactic {* simp_tac (@{context} delloop "split_all_tac") 1 *})
   2.133 +apply   (tactic \<open>simp_tac (@{context} delloop "split_all_tac") 1\<close>)
   2.134  apply   (rule ax_triv_Init_Object [THEN peek_and_forget2, THEN conseq1])
   2.135  apply     (rule wf_tprg)
   2.136  apply    clarsimp
   2.137 -apply   (tactic {* inst1_tac @{context} "P" "\<lambda>vf. Normal ((\<lambda>Y s Z. vf = lvar (VName e) (snd s)) \<and>. heap_free four \<and>. initd Ext)" [] *})
   2.138 +apply   (tactic \<open>inst1_tac @{context} "P" "\<lambda>vf. Normal ((\<lambda>Y s Z. vf = lvar (VName e) (snd s)) \<and>. heap_free four \<and>. initd Ext)" []\<close>)
   2.139  apply   clarsimp
   2.140 -apply  (tactic {* inst1_tac @{context} "PP" "\<lambda>vf. Normal ((\<lambda>Y s Z. vf = lvar (VName e) (snd s)) \<and>. heap_free four \<and>. Not \<circ> initd Base)" [] *})
   2.141 +apply  (tactic \<open>inst1_tac @{context} "PP" "\<lambda>vf. Normal ((\<lambda>Y s Z. vf = lvar (VName e) (snd s)) \<and>. heap_free four \<and>. Not \<circ> initd Base)" []\<close>)
   2.142  apply  clarsimp
   2.143       (* end init *)
   2.144  apply (rule conseq1)
   2.145 @@ -245,7 +245,7 @@
   2.146  apply  clarsimp
   2.147  apply (tactic "ax_tac @{context} 1" (* If *))
   2.148  apply  (tactic 
   2.149 -  {* inst1_tac @{context} "P'" "Normal (\<lambda>s.. (\<lambda>Y s Z. True)\<down>=Val (the (locals s i)))" [] *})
   2.150 +  \<open>inst1_tac @{context} "P'" "Normal (\<lambda>s.. (\<lambda>Y s Z. True)\<down>=Val (the (locals s i)))" []\<close>)
   2.151  apply  (tactic "ax_tac @{context} 1")
   2.152  apply  (rule conseq1)
   2.153  apply   (tactic "ax_tac @{context} 1")
   2.154 @@ -266,7 +266,7 @@
   2.155  apply  (tactic "ax_tac @{context} 1")
   2.156  prefer 2
   2.157  apply   (rule ax_subst_Var_allI)
   2.158 -apply   (tactic {* inst1_tac @{context} "P'" "\<lambda>b Y ba Z vf. \<lambda>Y (x,s) Z. x=None \<and> snd vf = snd (lvar i s)" [] *})
   2.159 +apply   (tactic \<open>inst1_tac @{context} "P'" "\<lambda>b Y ba Z vf. \<lambda>Y (x,s) Z. x=None \<and> snd vf = snd (lvar i s)" []\<close>)
   2.160  apply   (rule allI)
   2.161  apply   (rule_tac P' = "Normal P" and P = P for P in conseq1)
   2.162  prefer 2
     3.1 --- a/src/HOL/Bali/AxSem.thy	Sat Jan 02 18:46:36 2016 +0100
     3.2 +++ b/src/HOL/Bali/AxSem.thy	Sat Jan 02 18:48:45 2016 +0100
     3.3 @@ -2,12 +2,12 @@
     3.4      Author:     David von Oheimb
     3.5  *)
     3.6  
     3.7 -subsection {* Axiomatic semantics of Java expressions and statements 
     3.8 +subsection \<open>Axiomatic semantics of Java expressions and statements 
     3.9            (see also Eval.thy)
    3.10 -        *}
    3.11 +\<close>
    3.12  theory AxSem imports Evaln TypeSafe begin
    3.13  
    3.14 -text {*
    3.15 +text \<open>
    3.16  design issues:
    3.17  \begin{itemize}
    3.18  \item a strong version of validity for triples with premises, namely one that 
    3.19 @@ -34,9 +34,9 @@
    3.20  \item all triples in a derivation are of the same type (due to weak 
    3.21        polymorphism)
    3.22  \end{itemize}
    3.23 -*}
    3.24 +\<close>
    3.25  
    3.26 -type_synonym  res = vals --{* result entry *}
    3.27 +type_synonym  res = vals \<comment>\<open>result entry\<close>
    3.28  
    3.29  abbreviation (input)
    3.30    Val where "Val x == In1 x"
    3.31 @@ -57,7 +57,7 @@
    3.32    "\<lambda>Var:v . b"  == "(\<lambda>v. b) \<circ> CONST the_In2"
    3.33    "\<lambda>Vals:v. b"  == "(\<lambda>v. b) \<circ> CONST the_In3"
    3.34  
    3.35 -  --{* relation on result values, state and auxiliary variables *}
    3.36 +  \<comment>\<open>relation on result values, state and auxiliary variables\<close>
    3.37  type_synonym 'a assn = "res \<Rightarrow> state \<Rightarrow> 'a \<Rightarrow> bool"
    3.38  translations
    3.39    (type) "'a assn" <= (type) "vals \<Rightarrow> state \<Rightarrow> 'a \<Rightarrow> bool"
    3.40 @@ -464,8 +464,8 @@
    3.41  declare split_paired_All [simp del] split_paired_Ex [simp del] 
    3.42  declare split_if     [split del] split_if_asm     [split del] 
    3.43          option.split [split del] option.split_asm [split del]
    3.44 -setup {* map_theory_simpset (fn ctxt => ctxt delloop "split_all_tac") *}
    3.45 -setup {* map_theory_claset (fn ctxt => ctxt delSWrapper "split_all_tac") *}
    3.46 +setup \<open>map_theory_simpset (fn ctxt => ctxt delloop "split_all_tac")\<close>
    3.47 +setup \<open>map_theory_claset (fn ctxt => ctxt delSWrapper "split_all_tac")\<close>
    3.48  
    3.49  inductive
    3.50    ax_derivs :: "prog \<Rightarrow> 'a triples \<Rightarrow> 'a triples \<Rightarrow> bool" ("_,_|\<turnstile>_" [61,58,58] 57)
    3.51 @@ -496,7 +496,7 @@
    3.52  
    3.53  | Abrupt:  "G,A\<turnstile>{P\<leftarrow>(undefined3 t) \<and>. Not \<circ> normal} t\<succ> {P}"
    3.54  
    3.55 -  --{* variables *}
    3.56 +  \<comment>\<open>variables\<close>
    3.57  | LVar:  " G,A\<turnstile>{Normal (\<lambda>s.. P\<leftarrow>Var (lvar vn s))} LVar vn=\<succ> {P}"
    3.58  
    3.59  | FVar: "\<lbrakk>G,A\<turnstile>{Normal P} .Init C. {Q};
    3.60 @@ -506,7 +506,7 @@
    3.61  | AVar:  "\<lbrakk>G,A\<turnstile>{Normal P} e1-\<succ> {Q};
    3.62            \<forall>a. G,A\<turnstile>{Q\<leftarrow>Val a} e2-\<succ> {\<lambda>Val:i:. avar G i a ..; R}\<rbrakk> \<Longrightarrow>
    3.63                                   G,A\<turnstile>{Normal P} e1.[e2]=\<succ> {R}"
    3.64 -  --{* expressions *}
    3.65 +  \<comment>\<open>expressions\<close>
    3.66  
    3.67  | NewC: "\<lbrakk>G,A\<turnstile>{Normal P} .Init C. {Alloc G (CInst C) Q}\<rbrakk> \<Longrightarrow>
    3.68                                   G,A\<turnstile>{Normal P} NewC C-\<succ> {Q}"
    3.69 @@ -569,7 +569,7 @@
    3.70      \<Longrightarrow>
    3.71                                   G,A\<turnstile>{Normal P} Body D c-\<succ> {R}"
    3.72    
    3.73 -  --{* expression lists *}
    3.74 +  \<comment>\<open>expression lists\<close>
    3.75  
    3.76  | Nil:                          "G,A\<turnstile>{Normal (P\<leftarrow>Vals [])} []\<doteq>\<succ> {P}"
    3.77  
    3.78 @@ -577,7 +577,7 @@
    3.79            \<forall>v. G,A\<turnstile>{Q\<leftarrow>Val v} es\<doteq>\<succ> {\<lambda>Vals:vs:. R\<leftarrow>Vals (v#vs)}\<rbrakk> \<Longrightarrow>
    3.80                                   G,A\<turnstile>{Normal P} e#es\<doteq>\<succ> {R}"
    3.81  
    3.82 -  --{* statements *}
    3.83 +  \<comment>\<open>statements\<close>
    3.84  
    3.85  | Skip:                         "G,A\<turnstile>{Normal (P\<leftarrow>\<diamondsuit>)} .Skip. {P}"
    3.86  
    3.87 @@ -627,10 +627,10 @@
    3.88                .init c. {set_lvars l .; R}\<rbrakk> \<Longrightarrow>
    3.89                                 G,A\<turnstile>{Normal (P \<and>. Not \<circ> initd C)} .Init C. {R}"
    3.90  
    3.91 --- {* Some dummy rules for the intermediate terms @{text Callee},
    3.92 -@{text InsInitE}, @{text InsInitV}, @{text FinA} only used by the smallstep 
    3.93 +\<comment> \<open>Some dummy rules for the intermediate terms \<open>Callee\<close>,
    3.94 +\<open>InsInitE\<close>, \<open>InsInitV\<close>, \<open>FinA\<close> only used by the smallstep 
    3.95  semantics.
    3.96 -*}
    3.97 +\<close>
    3.98  | InsInitV: " G,A\<turnstile>{Normal P} InsInitV c v=\<succ> {Q}"
    3.99  | InsInitE: " G,A\<turnstile>{Normal P} InsInitE c e-\<succ> {Q}"
   3.100  | Callee:    " G,A\<turnstile>{Normal P} Callee l e-\<succ> {Q}"
   3.101 @@ -672,7 +672,7 @@
   3.102  (* 37 subgoals *)
   3.103  prefer 18 (* Methd *)
   3.104  apply (rule ax_derivs.Methd, drule spec, erule mp, fast) 
   3.105 -apply (tactic {* TRYALL (resolve_tac @{context} ((funpow 5 tl) @{thms ax_derivs.intros})) *})
   3.106 +apply (tactic \<open>TRYALL (resolve_tac @{context} ((funpow 5 tl) @{thms ax_derivs.intros}))\<close>)
   3.107  apply auto
   3.108  done
   3.109  
   3.110 @@ -692,9 +692,9 @@
   3.111  apply (erule ax_derivs.induct)
   3.112  (*42 subgoals*)
   3.113  apply       (tactic "ALLGOALS (strip_tac @{context})")
   3.114 -apply       (tactic {* ALLGOALS(REPEAT o (EVERY'[dresolve_tac @{context} @{thms subset_singletonD},
   3.115 +apply       (tactic \<open>ALLGOALS(REPEAT o (EVERY'[dresolve_tac @{context} @{thms subset_singletonD},
   3.116           eresolve_tac @{context} [disjE],
   3.117 -         fast_tac (@{context} addSIs @{thms ax_derivs.empty})]))*})
   3.118 +         fast_tac (@{context} addSIs @{thms ax_derivs.empty})]))\<close>)
   3.119  apply       (tactic "TRYALL (hyp_subst_tac @{context})")
   3.120  apply       (simp, rule ax_derivs.empty)
   3.121  apply      (drule subset_insertD)
   3.122 @@ -704,8 +704,8 @@
   3.123  apply   (fast intro: ax_derivs.weaken)
   3.124  apply  (rule ax_derivs.conseq, clarify, tactic "smp_tac @{context} 3 1", blast(* unused *))
   3.125  (*37 subgoals*)
   3.126 -apply (tactic {* TRYALL (resolve_tac @{context} ((funpow 5 tl) @{thms ax_derivs.intros})
   3.127 -                   THEN_ALL_NEW fast_tac @{context}) *})
   3.128 +apply (tactic \<open>TRYALL (resolve_tac @{context} ((funpow 5 tl) @{thms ax_derivs.intros})
   3.129 +                   THEN_ALL_NEW fast_tac @{context})\<close>)
   3.130  (*1 subgoal*)
   3.131  apply (clarsimp simp add: subset_mtriples_iff)
   3.132  apply (rule ax_derivs.Methd)
   3.133 @@ -719,16 +719,16 @@
   3.134  
   3.135  subsubsection "rules derived from conseq"
   3.136  
   3.137 -text {* In the following rules we often have to give some type annotations like:
   3.138 +text \<open>In the following rules we often have to give some type annotations like:
   3.139   @{term "G,(A::'a triple set)\<turnstile>{P::'a assn} t\<succ> {Q}"}.
   3.140  Given only the term above without annotations, Isabelle would infer a more 
   3.141  general type were we could have 
   3.142  different types of auxiliary variables in the assumption set (@{term A}) and 
   3.143  in the triple itself (@{term P} and @{term Q}). But 
   3.144 -@{text "ax_derivs.Methd"} enforces the same type in the inductive definition of
   3.145 +\<open>ax_derivs.Methd\<close> enforces the same type in the inductive definition of
   3.146  the derivation. So we have to restrict the types to be able to apply the
   3.147  rules. 
   3.148 -*}
   3.149 +\<close>
   3.150  lemma conseq12: "\<lbrakk>G,(A::'a triple set)\<turnstile>{P'::'a assn} t\<succ> {Q'};  
   3.151   \<forall>Y s Z. P Y s Z \<longrightarrow> (\<forall>Y' s'. (\<forall>Y Z'. P' Y s Z' \<longrightarrow> Q' Y' s' Z') \<longrightarrow>  
   3.152    Q Y' s' Z)\<rbrakk>  
   3.153 @@ -738,7 +738,7 @@
   3.154  apply blast
   3.155  done
   3.156  
   3.157 --- {* Nice variant, since it is so symmetric we might be able to memorise it. *}
   3.158 +\<comment> \<open>Nice variant, since it is so symmetric we might be able to memorise it.\<close>
   3.159  lemma conseq12': "\<lbrakk>G,(A::'a triple set)\<turnstile>{P'::'a assn} t\<succ> {Q'}; \<forall>s Y' s'.  
   3.160         (\<forall>Y Z. P' Y s Z \<longrightarrow> Q' Y' s' Z) \<longrightarrow>  
   3.161         (\<forall>Y Z. P  Y s Z \<longrightarrow> Q  Y' s' Z)\<rbrakk>  
   3.162 @@ -1008,7 +1008,7 @@
   3.163  apply  (auto simp add: type_ok_def)
   3.164  done
   3.165  
   3.166 -ML {* ML_Thms.bind_thms ("ax_Abrupts", sum3_instantiate @{context} @{thm ax_derivs.Abrupt}) *}
   3.167 +ML \<open>ML_Thms.bind_thms ("ax_Abrupts", sum3_instantiate @{context} @{thm ax_derivs.Abrupt})\<close>
   3.168  declare ax_Abrupts [intro!]
   3.169  
   3.170  lemmas ax_Normal_cases = ax_cases [of _ _ _ normal]
     4.1 --- a/src/HOL/Bali/AxSound.thy	Sat Jan 02 18:46:36 2016 +0100
     4.2 +++ b/src/HOL/Bali/AxSound.thy	Sat Jan 02 18:48:45 2016 +0100
     4.3 @@ -1,9 +1,9 @@
     4.4  (*  Title:      HOL/Bali/AxSound.thy
     4.5      Author:     David von Oheimb and Norbert Schirmer
     4.6  *)
     4.7 -subsection {* Soundness proof for Axiomatic semantics of Java expressions and 
     4.8 +subsection \<open>Soundness proof for Axiomatic semantics of Java expressions and 
     4.9            statements
    4.10 -       *}
    4.11 +\<close>
    4.12  
    4.13  theory AxSound imports AxSem begin
    4.14  
    4.15 @@ -19,13 +19,13 @@
    4.16              \<lparr>prg=G,cls=C,lcl=L\<rparr>\<turnstile>dom (locals (store s))\<guillemotright>t\<guillemotright>A)) \<longrightarrow>
    4.17               (\<forall>Y' s'. G\<turnstile>s \<midarrow>t\<succ>\<midarrow>n\<rightarrow> (Y',s') \<longrightarrow> Q Y' s' Z \<and> s'\<Colon>\<preceq>(G,L)))))"
    4.18  
    4.19 -text {* This definition differs from the ordinary  @{text triple_valid_def} 
    4.20 +text \<open>This definition differs from the ordinary  \<open>triple_valid_def\<close> 
    4.21  manly in the conclusion: We also ensures conformance of the result state. So
    4.22  we don't have to apply the type soundness lemma all the time during
    4.23  induction. This definition is only introduced for the soundness
    4.24  proof of the axiomatic semantics, in the end we will conclude to 
    4.25  the ordinary definition.
    4.26 -*}
    4.27 +\<close>
    4.28  
    4.29  definition
    4.30    ax_valids2 :: "prog \<Rightarrow> 'a triples \<Rightarrow> 'a triples \<Rightarrow> bool"  ("_,_|\<Turnstile>\<Colon>_" [61,58,58] 57)
    4.31 @@ -126,8 +126,8 @@
    4.32        qed
    4.33      next
    4.34        case (Suc m)
    4.35 -      note hyp = `\<forall>t\<in>A. G\<Turnstile>m\<Colon>t \<Longrightarrow> \<forall>t\<in>{{P} Methd-\<succ> {Q} | ms}.  G\<Turnstile>m\<Colon>t`
    4.36 -      note prem = `\<forall>t\<in>A. G\<Turnstile>Suc m\<Colon>t`
    4.37 +      note hyp = \<open>\<forall>t\<in>A. G\<Turnstile>m\<Colon>t \<Longrightarrow> \<forall>t\<in>{{P} Methd-\<succ> {Q} | ms}.  G\<Turnstile>m\<Colon>t\<close>
    4.38 +      note prem = \<open>\<forall>t\<in>A. G\<Turnstile>Suc m\<Colon>t\<close>
    4.39        show "\<forall>t\<in>{{P} Methd-\<succ> {Q} | ms}.  G\<Turnstile>Suc m\<Colon>t"
    4.40        proof -
    4.41          {
    4.42 @@ -350,9 +350,9 @@
    4.43      by (simp add: ax_valids2_def triple_valid2_def2)
    4.44  next
    4.45    case (insert A t ts)
    4.46 -  note valid_t = `G,A|\<Turnstile>\<Colon>{t}`
    4.47 +  note valid_t = \<open>G,A|\<Turnstile>\<Colon>{t}\<close>
    4.48    moreover
    4.49 -  note valid_ts = `G,A|\<Turnstile>\<Colon>ts`
    4.50 +  note valid_ts = \<open>G,A|\<Turnstile>\<Colon>ts\<close>
    4.51    {
    4.52      fix n assume valid_A: "\<forall>t\<in>A. G\<Turnstile>n\<Colon>t"
    4.53      have "G\<Turnstile>n\<Colon>t" and "\<forall>t\<in>ts. G\<Turnstile>n\<Colon>t"
    4.54 @@ -370,21 +370,21 @@
    4.55      by (unfold ax_valids2_def) blast
    4.56  next
    4.57    case (asm ts A)
    4.58 -  from `ts \<subseteq> A`
    4.59 +  from \<open>ts \<subseteq> A\<close>
    4.60    show "G,A|\<Turnstile>\<Colon>ts"
    4.61      by (auto simp add: ax_valids2_def triple_valid2_def)
    4.62  next
    4.63    case (weaken A ts' ts)
    4.64 -  note `G,A|\<Turnstile>\<Colon>ts'`
    4.65 -  moreover note `ts \<subseteq> ts'`
    4.66 +  note \<open>G,A|\<Turnstile>\<Colon>ts'\<close>
    4.67 +  moreover note \<open>ts \<subseteq> ts'\<close>
    4.68    ultimately show "G,A|\<Turnstile>\<Colon>ts"
    4.69      by (unfold ax_valids2_def triple_valid2_def) blast
    4.70  next
    4.71    case (conseq P A t Q)
    4.72 -  note con = `\<forall>Y s Z. P Y s Z \<longrightarrow> 
    4.73 +  note con = \<open>\<forall>Y s Z. P Y s Z \<longrightarrow> 
    4.74                (\<exists>P' Q'.
    4.75                    (G,A\<turnstile>{P'} t\<succ> {Q'} \<and> G,A|\<Turnstile>\<Colon>{ {P'} t\<succ> {Q'} }) \<and>
    4.76 -                  (\<forall>Y' s'. (\<forall>Y Z'. P' Y s Z' \<longrightarrow> Q' Y' s' Z') \<longrightarrow> Q Y' s' Z))`
    4.77 +                  (\<forall>Y' s'. (\<forall>Y Z'. P' Y s Z' \<longrightarrow> Q' Y' s' Z') \<longrightarrow> Q Y' s' Z))\<close>
    4.78    show "G,A|\<Turnstile>\<Colon>{ {P} t\<succ> {Q} }"
    4.79    proof (rule validI)
    4.80      fix n s0 L accC T C v s1 Y Z
    4.81 @@ -469,8 +469,8 @@
    4.82    qed
    4.83  next
    4.84    case (FVar A P statDeclC Q e stat fn R accC)
    4.85 -  note valid_init = `G,A|\<Turnstile>\<Colon>{ {Normal P} .Init statDeclC. {Q} }`
    4.86 -  note valid_e = `G,A|\<Turnstile>\<Colon>{ {Q} e-\<succ> {\<lambda>Val:a:. fvar statDeclC stat fn a ..; R} }`
    4.87 +  note valid_init = \<open>G,A|\<Turnstile>\<Colon>{ {Normal P} .Init statDeclC. {Q} }\<close>
    4.88 +  note valid_e = \<open>G,A|\<Turnstile>\<Colon>{ {Q} e-\<succ> {\<lambda>Val:a:. fvar statDeclC stat fn a ..; R} }\<close>
    4.89    show "G,A|\<Turnstile>\<Colon>{ {Normal P} {accC,statDeclC,stat}e..fn=\<succ> {R} }"
    4.90    proof (rule valid_var_NormalI)
    4.91      fix n s0 L accC' T V vf s3 Y Z
    4.92 @@ -564,7 +564,7 @@
    4.93    qed
    4.94  next
    4.95    case (AVar A P e1 Q e2 R)
    4.96 -  note valid_e1 = `G,A|\<Turnstile>\<Colon>{ {Normal P} e1-\<succ> {Q} }`
    4.97 +  note valid_e1 = \<open>G,A|\<Turnstile>\<Colon>{ {Normal P} e1-\<succ> {Q} }\<close>
    4.98    have valid_e2: "\<And> a. G,A|\<Turnstile>\<Colon>{ {Q\<leftarrow>In1 a} e2-\<succ> {\<lambda>Val:i:. avar G i a ..; R} }"
    4.99      using AVar.hyps by simp
   4.100    show "G,A|\<Turnstile>\<Colon>{ {Normal P} e1.[e2]=\<succ> {R} }"
   4.101 @@ -628,7 +628,7 @@
   4.102    qed
   4.103  next
   4.104    case (NewC A P C Q)
   4.105 -  note valid_init = `G,A|\<Turnstile>\<Colon>{ {Normal P} .Init C. {Alloc G (CInst C) Q} }`
   4.106 +  note valid_init = \<open>G,A|\<Turnstile>\<Colon>{ {Normal P} .Init C. {Alloc G (CInst C) Q} }\<close>
   4.107    show "G,A|\<Turnstile>\<Colon>{ {Normal P} NewC C-\<succ> {Q} }"
   4.108    proof (rule valid_expr_NormalI)
   4.109      fix n s0 L accC T E v s2 Y Z
   4.110 @@ -668,9 +668,9 @@
   4.111    qed
   4.112  next
   4.113    case (NewA A P T Q e R)
   4.114 -  note valid_init = `G,A|\<Turnstile>\<Colon>{ {Normal P} .init_comp_ty T. {Q} }`
   4.115 -  note valid_e = `G,A|\<Turnstile>\<Colon>{ {Q} e-\<succ> {\<lambda>Val:i:. abupd (check_neg i) .; 
   4.116 -                                            Alloc G (Arr T (the_Intg i)) R}}`
   4.117 +  note valid_init = \<open>G,A|\<Turnstile>\<Colon>{ {Normal P} .init_comp_ty T. {Q} }\<close>
   4.118 +  note valid_e = \<open>G,A|\<Turnstile>\<Colon>{ {Q} e-\<succ> {\<lambda>Val:i:. abupd (check_neg i) .; 
   4.119 +                                            Alloc G (Arr T (the_Intg i)) R}}\<close>
   4.120    show "G,A|\<Turnstile>\<Colon>{ {Normal P} New T[e]-\<succ> {R} }"
   4.121    proof (rule valid_expr_NormalI)
   4.122      fix n s0 L accC arrT E v s3 Y Z
   4.123 @@ -741,9 +741,9 @@
   4.124    qed
   4.125  next
   4.126    case (Cast A P e T Q)
   4.127 -  note valid_e = `G,A|\<Turnstile>\<Colon>{ {Normal P} e-\<succ> 
   4.128 +  note valid_e = \<open>G,A|\<Turnstile>\<Colon>{ {Normal P} e-\<succ> 
   4.129                   {\<lambda>Val:v:. \<lambda>s.. abupd (raise_if (\<not> G,s\<turnstile>v fits T) ClassCast) .;
   4.130 -                  Q\<leftarrow>In1 v} }`
   4.131 +                  Q\<leftarrow>In1 v} }\<close>
   4.132    show "G,A|\<Turnstile>\<Colon>{ {Normal P} Cast T e-\<succ> {Q} }"
   4.133    proof (rule valid_expr_NormalI)
   4.134      fix n s0 L accC castT E v s2 Y Z
   4.135 @@ -972,7 +972,7 @@
   4.136    qed
   4.137  next
   4.138    case (Acc A P var Q)
   4.139 -  note valid_var = `G,A|\<Turnstile>\<Colon>{ {Normal P} var=\<succ> {\<lambda>Var:(v, f):. Q\<leftarrow>In1 v} }`
   4.140 +  note valid_var = \<open>G,A|\<Turnstile>\<Colon>{ {Normal P} var=\<succ> {\<lambda>Var:(v, f):. Q\<leftarrow>In1 v} }\<close>
   4.141    show "G,A|\<Turnstile>\<Colon>{ {Normal P} Acc var-\<succ> {Q} }"
   4.142    proof (rule valid_expr_NormalI)
   4.143      fix n s0 L accC T E v s1 Y Z
   4.144 @@ -1008,7 +1008,7 @@
   4.145    qed
   4.146  next
   4.147    case (Ass A P var Q e R)
   4.148 -  note valid_var = `G,A|\<Turnstile>\<Colon>{ {Normal P} var=\<succ> {Q} }`
   4.149 +  note valid_var = \<open>G,A|\<Turnstile>\<Colon>{ {Normal P} var=\<succ> {Q} }\<close>
   4.150    have valid_e: "\<And> vf. 
   4.151                    G,A|\<Turnstile>\<Colon>{ {Q\<leftarrow>In2 vf} e-\<succ> {\<lambda>Val:v:. assign (snd vf) v .; R} }"
   4.152      using Ass.hyps by simp
   4.153 @@ -1120,7 +1120,7 @@
   4.154    qed
   4.155  next
   4.156    case (Cond A P e0 P' e1 e2 Q)
   4.157 -  note valid_e0 = `G,A|\<Turnstile>\<Colon>{ {Normal P} e0-\<succ> {P'} }`
   4.158 +  note valid_e0 = \<open>G,A|\<Turnstile>\<Colon>{ {Normal P} e0-\<succ> {P'} }\<close>
   4.159    have valid_then_else:"\<And> b.  G,A|\<Turnstile>\<Colon>{ {P'\<leftarrow>=b} (if b then e1 else e2)-\<succ> {Q} }"
   4.160      using Cond.hyps by simp
   4.161    show "G,A|\<Turnstile>\<Colon>{ {Normal P} e0 ? e1 : e2-\<succ> {Q} }"
   4.162 @@ -1210,7 +1210,7 @@
   4.163    qed
   4.164  next
   4.165    case (Call A P e Q args R mode statT mn pTs' S accC')
   4.166 -  note valid_e = `G,A|\<Turnstile>\<Colon>{ {Normal P} e-\<succ> {Q} }`
   4.167 +  note valid_e = \<open>G,A|\<Turnstile>\<Colon>{ {Normal P} e-\<succ> {Q} }\<close>
   4.168    have valid_args: "\<And> a. G,A|\<Turnstile>\<Colon>{ {Q\<leftarrow>In1 a} args\<doteq>\<succ> {R a} }"
   4.169      using Call.hyps by simp
   4.170    have valid_methd: "\<And> a vs invC declC l.
   4.171 @@ -1594,14 +1594,14 @@
   4.172    qed
   4.173  next
   4.174    case (Methd A P Q ms)
   4.175 -  note valid_body = `G,A \<union> {{P} Methd-\<succ> {Q} | ms}|\<Turnstile>\<Colon>{{P} body G-\<succ> {Q} | ms}`
   4.176 +  note valid_body = \<open>G,A \<union> {{P} Methd-\<succ> {Q} | ms}|\<Turnstile>\<Colon>{{P} body G-\<succ> {Q} | ms}\<close>
   4.177    show "G,A|\<Turnstile>\<Colon>{{P} Methd-\<succ> {Q} | ms}"
   4.178      by (rule Methd_sound) (rule Methd.hyps)
   4.179  next
   4.180    case (Body A P D Q c R)
   4.181 -  note valid_init = `G,A|\<Turnstile>\<Colon>{ {Normal P} .Init D. {Q} }`
   4.182 -  note valid_c = `G,A|\<Turnstile>\<Colon>{ {Q} .c.
   4.183 -              {\<lambda>s.. abupd (absorb Ret) .; R\<leftarrow>In1 (the (locals s Result))} }`
   4.184 +  note valid_init = \<open>G,A|\<Turnstile>\<Colon>{ {Normal P} .Init D. {Q} }\<close>
   4.185 +  note valid_c = \<open>G,A|\<Turnstile>\<Colon>{ {Q} .c.
   4.186 +              {\<lambda>s.. abupd (absorb Ret) .; R\<leftarrow>In1 (the (locals s Result))} }\<close>
   4.187    show "G,A|\<Turnstile>\<Colon>{ {Normal P} Body D c-\<succ> {R} }"
   4.188    proof (rule valid_expr_NormalI)
   4.189      fix n s0 L accC T E v s4 Y Z
   4.190 @@ -1692,7 +1692,7 @@
   4.191    qed
   4.192  next
   4.193    case (Cons A P e Q es R)
   4.194 -  note valid_e = `G,A|\<Turnstile>\<Colon>{ {Normal P} e-\<succ> {Q} }`
   4.195 +  note valid_e = \<open>G,A|\<Turnstile>\<Colon>{ {Normal P} e-\<succ> {Q} }\<close>
   4.196    have valid_es: "\<And> v. G,A|\<Turnstile>\<Colon>{ {Q\<leftarrow>\<lfloor>v\<rfloor>\<^sub>e} es\<doteq>\<succ> {\<lambda>Vals:vs:. R\<leftarrow>\<lfloor>(v # vs)\<rfloor>\<^sub>l} }"
   4.197      using Cons.hyps by simp
   4.198    show "G,A|\<Turnstile>\<Colon>{ {Normal P} e # es\<doteq>\<succ> {R} }"
   4.199 @@ -1774,7 +1774,7 @@
   4.200    qed
   4.201  next
   4.202    case (Expr A P e Q)
   4.203 -  note valid_e = `G,A|\<Turnstile>\<Colon>{ {Normal P} e-\<succ> {Q\<leftarrow>\<diamondsuit>} }`
   4.204 +  note valid_e = \<open>G,A|\<Turnstile>\<Colon>{ {Normal P} e-\<succ> {Q\<leftarrow>\<diamondsuit>} }\<close>
   4.205    show "G,A|\<Turnstile>\<Colon>{ {Normal P} .Expr e. {Q} }"
   4.206    proof (rule valid_stmt_NormalI)
   4.207      fix n s0 L accC C s1 Y Z
   4.208 @@ -1804,7 +1804,7 @@
   4.209    qed
   4.210  next
   4.211    case (Lab A P c l Q)
   4.212 -  note valid_c = `G,A|\<Turnstile>\<Colon>{ {Normal P} .c. {abupd (absorb l) .; Q} }`
   4.213 +  note valid_c = \<open>G,A|\<Turnstile>\<Colon>{ {Normal P} .c. {abupd (absorb l) .; Q} }\<close>
   4.214    show "G,A|\<Turnstile>\<Colon>{ {Normal P} .l\<bullet> c. {Q} }"
   4.215    proof (rule valid_stmt_NormalI)
   4.216      fix n s0 L accC C s2 Y Z
   4.217 @@ -1841,8 +1841,8 @@
   4.218    qed
   4.219  next
   4.220    case (Comp A P c1 Q c2 R)
   4.221 -  note valid_c1 = `G,A|\<Turnstile>\<Colon>{ {Normal P} .c1. {Q} }`
   4.222 -  note valid_c2 = `G,A|\<Turnstile>\<Colon>{ {Q} .c2. {R} }`
   4.223 +  note valid_c1 = \<open>G,A|\<Turnstile>\<Colon>{ {Normal P} .c1. {Q} }\<close>
   4.224 +  note valid_c2 = \<open>G,A|\<Turnstile>\<Colon>{ {Q} .c2. {R} }\<close>
   4.225    show "G,A|\<Turnstile>\<Colon>{ {Normal P} .c1;; c2. {R} }"
   4.226    proof (rule valid_stmt_NormalI)
   4.227      fix n s0 L accC C s2 Y Z
   4.228 @@ -1900,7 +1900,7 @@
   4.229    qed
   4.230  next
   4.231    case (If A P e P' c1 c2 Q)
   4.232 -  note valid_e = `G,A|\<Turnstile>\<Colon>{ {Normal P} e-\<succ> {P'} }`
   4.233 +  note valid_e = \<open>G,A|\<Turnstile>\<Colon>{ {Normal P} e-\<succ> {P'} }\<close>
   4.234    have valid_then_else: "\<And> b. G,A|\<Turnstile>\<Colon>{ {P'\<leftarrow>=b} .(if b then c1 else c2). {Q} }"
   4.235      using If.hyps by simp
   4.236    show "G,A|\<Turnstile>\<Colon>{ {Normal P} .If(e) c1 Else c2. {Q} }"
   4.237 @@ -1977,10 +1977,10 @@
   4.238    qed
   4.239  next
   4.240    case (Loop A P e P' c l)
   4.241 -  note valid_e = `G,A|\<Turnstile>\<Colon>{ {P} e-\<succ> {P'} }`
   4.242 -  note valid_c = `G,A|\<Turnstile>\<Colon>{ {Normal (P'\<leftarrow>=True)}
   4.243 +  note valid_e = \<open>G,A|\<Turnstile>\<Colon>{ {P} e-\<succ> {P'} }\<close>
   4.244 +  note valid_c = \<open>G,A|\<Turnstile>\<Colon>{ {Normal (P'\<leftarrow>=True)}
   4.245                           .c. 
   4.246 -                         {abupd (absorb (Cont l)) .; P} }`
   4.247 +                         {abupd (absorb (Cont l)) .; P} }\<close>
   4.248    show "G,A|\<Turnstile>\<Colon>{ {P} .l\<bullet> While(e) c. {P'\<leftarrow>=False\<down>=\<diamondsuit>} }"
   4.249    proof (rule valid_stmtI)
   4.250      fix n s0 L accC C s3 Y Z
   4.251 @@ -1993,7 +1993,7 @@
   4.252      assume P: "P Y s0 Z"
   4.253      show "(P'\<leftarrow>=False\<down>=\<diamondsuit>) \<diamondsuit> s3 Z \<and> s3\<Colon>\<preceq>(G,L)"
   4.254      proof -
   4.255 -        --{* From the given hypothesises @{text valid_e} and @{text valid_c} 
   4.256 +        \<comment>\<open>From the given hypothesises \<open>valid_e\<close> and \<open>valid_c\<close> 
   4.257             we can only reach the state after unfolding the loop once, i.e. 
   4.258             @{term "P \<diamondsuit> s2 Z"}, where @{term s2} is the state after executing
   4.259             @{term c}. To gain validity of the further execution of while, to
   4.260 @@ -2001,9 +2001,9 @@
   4.261             a hypothesis about the subsequent unfoldings (the whole loop again),
   4.262             too. We can achieve this, by performing induction on the 
   4.263             evaluation relation, with all
   4.264 -           the necessary preconditions to apply @{text valid_e} and 
   4.265 -           @{text valid_c} in the goal.
   4.266 -        *}
   4.267 +           the necessary preconditions to apply \<open>valid_e\<close> and 
   4.268 +           \<open>valid_c\<close> in the goal.
   4.269 +\<close>
   4.270        {
   4.271          fix t s s' v 
   4.272          assume "G\<turnstile>s \<midarrow>t\<succ>\<midarrow>n\<rightarrow> (v, s')"
   4.273 @@ -2015,11 +2015,11 @@
   4.274            (is "PROP ?Hyp n t s v s'")
   4.275          proof (induct)
   4.276            case (Loop s0' e' b n' s1' c' s2' l' s3' Y' T E)
   4.277 -          note while = `(\<langle>l'\<bullet> While(e') c'\<rangle>\<^sub>s::term) = \<langle>l\<bullet> While(e) c\<rangle>\<^sub>s`
   4.278 +          note while = \<open>(\<langle>l'\<bullet> While(e') c'\<rangle>\<^sub>s::term) = \<langle>l\<bullet> While(e) c\<rangle>\<^sub>s\<close>
   4.279            hence eqs: "l'=l" "e'=e" "c'=c" by simp_all
   4.280 -          note valid_A = `\<forall>t\<in>A. G\<Turnstile>n'\<Colon>t`
   4.281 -          note P = `P Y' (Norm s0') Z`
   4.282 -          note conf_s0' = `Norm s0'\<Colon>\<preceq>(G, L)`
   4.283 +          note valid_A = \<open>\<forall>t\<in>A. G\<Turnstile>n'\<Colon>t\<close>
   4.284 +          note P = \<open>P Y' (Norm s0') Z\<close>
   4.285 +          note conf_s0' = \<open>Norm s0'\<Colon>\<preceq>(G, L)\<close>
   4.286            have wt: "\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile>\<langle>l\<bullet> While(e) c\<rangle>\<^sub>s\<Colon>T"
   4.287              using Loop.prems eqs by simp
   4.288            have da: "\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile>
   4.289 @@ -2168,10 +2168,10 @@
   4.290            qed
   4.291          next
   4.292            case (Abrupt abr s t' n' Y' T E)
   4.293 -          note t' = `t' = \<langle>l\<bullet> While(e) c\<rangle>\<^sub>s`
   4.294 -          note conf = `(Some abr, s)\<Colon>\<preceq>(G, L)`
   4.295 -          note P = `P Y' (Some abr, s) Z`
   4.296 -          note valid_A = `\<forall>t\<in>A. G\<Turnstile>n'\<Colon>t`
   4.297 +          note t' = \<open>t' = \<langle>l\<bullet> While(e) c\<rangle>\<^sub>s\<close>
   4.298 +          note conf = \<open>(Some abr, s)\<Colon>\<preceq>(G, L)\<close>
   4.299 +          note P = \<open>P Y' (Some abr, s) Z\<close>
   4.300 +          note valid_A = \<open>\<forall>t\<in>A. G\<Turnstile>n'\<Colon>t\<close>
   4.301            show "(P'\<leftarrow>=False\<down>=\<diamondsuit>) (undefined3 t') (Some abr, s) Z"
   4.302            proof -
   4.303              have eval_e: 
   4.304 @@ -2234,7 +2234,7 @@
   4.305    qed
   4.306  next
   4.307    case (Throw A P e Q)
   4.308 -  note valid_e = `G,A|\<Turnstile>\<Colon>{ {Normal P} e-\<succ> {\<lambda>Val:a:. abupd (throw a) .; Q\<leftarrow>\<diamondsuit>} }`
   4.309 +  note valid_e = \<open>G,A|\<Turnstile>\<Colon>{ {Normal P} e-\<succ> {\<lambda>Val:a:. abupd (throw a) .; Q\<leftarrow>\<diamondsuit>} }\<close>
   4.310    show "G,A|\<Turnstile>\<Colon>{ {Normal P} .Throw e. {Q} }"
   4.311    proof (rule valid_stmt_NormalI)
   4.312      fix n s0 L accC C s2 Y Z
   4.313 @@ -2272,11 +2272,11 @@
   4.314    qed
   4.315  next
   4.316    case (Try A P c1 Q C vn c2 R)
   4.317 -  note valid_c1 = `G,A|\<Turnstile>\<Colon>{ {Normal P} .c1. {SXAlloc G Q} }`
   4.318 -  note valid_c2 = `G,A|\<Turnstile>\<Colon>{ {Q \<and>. (\<lambda>s. G,s\<turnstile>catch C) ;. new_xcpt_var vn} 
   4.319 +  note valid_c1 = \<open>G,A|\<Turnstile>\<Colon>{ {Normal P} .c1. {SXAlloc G Q} }\<close>
   4.320 +  note valid_c2 = \<open>G,A|\<Turnstile>\<Colon>{ {Q \<and>. (\<lambda>s. G,s\<turnstile>catch C) ;. new_xcpt_var vn} 
   4.321                             .c2. 
   4.322 -                          {R} }`
   4.323 -  note Q_R = `(Q \<and>. (\<lambda>s. \<not> G,s\<turnstile>catch C)) \<Rightarrow> R`
   4.324 +                          {R} }\<close>
   4.325 +  note Q_R = \<open>(Q \<and>. (\<lambda>s. \<not> G,s\<turnstile>catch C)) \<Rightarrow> R\<close>
   4.326    show "G,A|\<Turnstile>\<Colon>{ {Normal P} .Try c1 Catch(C vn) c2. {R} }"
   4.327    proof (rule valid_stmt_NormalI)
   4.328      fix n s0 L accC E s3 Y Z
   4.329 @@ -2404,7 +2404,7 @@
   4.330    qed
   4.331  next
   4.332    case (Fin A P c1 Q c2 R)
   4.333 -  note valid_c1 = `G,A|\<Turnstile>\<Colon>{ {Normal P} .c1. {Q} }`
   4.334 +  note valid_c1 = \<open>G,A|\<Turnstile>\<Colon>{ {Normal P} .c1. {Q} }\<close>
   4.335    have valid_c2: "\<And> abr. G,A|\<Turnstile>\<Colon>{ {Q \<and>. (\<lambda>s. abr = fst s) ;. abupd (\<lambda>x. None)} 
   4.336                                    .c2.
   4.337                                    {abupd (abrupt_if (abr \<noteq> None) abr) .; R} }"
   4.338 @@ -2501,11 +2501,11 @@
   4.339    qed
   4.340  next
   4.341    case (Init C c A P Q R)
   4.342 -  note c = `the (class G C) = c`
   4.343 +  note c = \<open>the (class G C) = c\<close>
   4.344    note valid_super =
   4.345 -        `G,A|\<Turnstile>\<Colon>{ {Normal (P \<and>. Not \<circ> initd C ;. supd (init_class_obj G C))}
   4.346 +        \<open>G,A|\<Turnstile>\<Colon>{ {Normal (P \<and>. Not \<circ> initd C ;. supd (init_class_obj G C))}
   4.347                   .(if C = Object then Skip else Init (super c)). 
   4.348 -                 {Q} }`
   4.349 +                 {Q} }\<close>
   4.350    have valid_init: 
   4.351          "\<And> l.  G,A|\<Turnstile>\<Colon>{ {Q \<and>. (\<lambda>s. l = locals (snd s)) ;. set_lvars empty} 
   4.352                          .init c.
     5.1 --- a/src/HOL/Bali/Basis.thy	Sat Jan 02 18:46:36 2016 +0100
     5.2 +++ b/src/HOL/Bali/Basis.thy	Sat Jan 02 18:48:45 2016 +0100
     5.3 @@ -1,7 +1,7 @@
     5.4  (*  Title:      HOL/Bali/Basis.thy
     5.5      Author:     David von Oheimb
     5.6  *)
     5.7 -subsection {* Definitions extending HOL as logical basis of Bali *}
     5.8 +subsection \<open>Definitions extending HOL as logical basis of Bali\<close>
     5.9  
    5.10  theory Basis
    5.11  imports Main "~~/src/HOL/Library/Old_Recdef"
    5.12 @@ -9,10 +9,10 @@
    5.13  
    5.14  subsubsection "misc"
    5.15  
    5.16 -ML {* fun strip_tac ctxt i = REPEAT (resolve_tac ctxt [impI, allI] i) *}
    5.17 +ML \<open>fun strip_tac ctxt i = REPEAT (resolve_tac ctxt [impI, allI] i)\<close>
    5.18  
    5.19  declare split_if_asm  [split] option.split [split] option.split_asm [split]
    5.20 -setup {* map_theory_simpset (fn ctxt => ctxt addloop ("split_all_tac", split_all_tac)) *}
    5.21 +setup \<open>map_theory_simpset (fn ctxt => ctxt addloop ("split_all_tac", split_all_tac))\<close>
    5.22  declare if_weak_cong [cong del] option.case_cong_weak [cong del]
    5.23  declare length_Suc_conv [iff]
    5.24  
    5.25 @@ -176,13 +176,13 @@
    5.26  abbreviation the_In1r :: "('al + 'ar, 'b, 'c) sum3 \<Rightarrow> 'ar"
    5.27    where "the_In1r \<equiv> the_Inr \<circ> the_In1"
    5.28  
    5.29 -ML {*
    5.30 +ML \<open>
    5.31  fun sum3_instantiate ctxt thm =
    5.32    map (fn s =>
    5.33      simplify (ctxt delsimps @{thms not_None_eq})
    5.34        (Rule_Insts.read_instantiate ctxt [((("t", 0), Position.none), "In" ^ s ^ " x")] ["x"] thm))
    5.35      ["1l","2","3","1r"]
    5.36 -*}
    5.37 +\<close>
    5.38  (* e.g. lemmas is_stmt_rews = is_stmt_def [of "In1l x", simplified] *)
    5.39  
    5.40  
    5.41 @@ -203,7 +203,7 @@
    5.42  
    5.43  subsubsection "Special map update"
    5.44  
    5.45 -text{* Deemed too special for theory Map. *}
    5.46 +text\<open>Deemed too special for theory Map.\<close>
    5.47  
    5.48  definition chg_map :: "('b \<Rightarrow> 'b) \<Rightarrow> 'a \<Rightarrow> ('a \<rightharpoonup> 'b) \<Rightarrow> ('a \<rightharpoonup> 'b)"
    5.49    where "chg_map f a m = (case m a of None \<Rightarrow> m | Some b \<Rightarrow> m(a\<mapsto>f b))"
    5.50 @@ -255,7 +255,7 @@
    5.51  definition lsplit :: "[['a, 'a list] \<Rightarrow> 'b, 'a list] \<Rightarrow> 'b"
    5.52    where "lsplit = (\<lambda>f l. f (hd l) (tl l))"
    5.53  
    5.54 -text {* list patterns -- extends pre-defined type "pttrn" used in abstractions *}
    5.55 +text \<open>list patterns -- extends pre-defined type "pttrn" used in abstractions\<close>
    5.56  syntax
    5.57    "_lpttrn" :: "[pttrn, pttrn] \<Rightarrow> pttrn"    ("_#/_" [901,900] 900)
    5.58  translations
     6.1 --- a/src/HOL/Bali/Conform.thy	Sat Jan 02 18:46:36 2016 +0100
     6.2 +++ b/src/HOL/Bali/Conform.thy	Sat Jan 02 18:48:45 2016 +0100
     6.3 @@ -2,11 +2,11 @@
     6.4      Author:     David von Oheimb
     6.5  *)
     6.6  
     6.7 -subsection {* Conformance notions for the type soundness proof for Java *}
     6.8 +subsection \<open>Conformance notions for the type soundness proof for Java\<close>
     6.9  
    6.10  theory Conform imports State begin
    6.11  
    6.12 -text {*
    6.13 +text \<open>
    6.14  design issues:
    6.15  \begin{itemize}
    6.16  \item lconf allows for (arbitrary) inaccessible values
    6.17 @@ -14,7 +14,7 @@
    6.18        objects on the heap are indeed existing classes. Yet this can be 
    6.19        inferred for all referenced objs.
    6.20  \end{itemize}
    6.21 -*}
    6.22 +\<close>
    6.23  
    6.24  type_synonym env' = "prog \<times> (lname, ty) table" (* same as env of WellType.thy *)
    6.25  
    6.26 @@ -25,12 +25,12 @@
    6.27  definition gext :: "st \<Rightarrow> st \<Rightarrow> bool" ("_\<le>|_"       [71,71]   70) where
    6.28     "s\<le>|s' \<equiv> \<forall>r. \<forall>obj\<in>globs s r: \<exists>obj'\<in>globs s' r: tag obj'= tag obj"
    6.29  
    6.30 -text {* For the the proof of type soundness we will need the 
    6.31 +text \<open>For the the proof of type soundness we will need the 
    6.32  property that during execution, objects are not lost and moreover retain the 
    6.33  values of their tags. So the object store grows conservatively. Note that if 
    6.34  we considered garbage collection, we would have to restrict this property to 
    6.35  accessible objects.
    6.36 -*}
    6.37 +\<close>
    6.38  
    6.39  lemma gext_objD: 
    6.40  "\<lbrakk>s\<le>|s'; globs s r = Some obj\<rbrakk> 
    6.41 @@ -250,7 +250,7 @@
    6.42  
    6.43  subsubsection "weak value list conformance"
    6.44  
    6.45 -text {* Only if the value is defined it has to conform to its type. 
    6.46 +text \<open>Only if the value is defined it has to conform to its type. 
    6.47          This is the contribution of the definite assignment analysis to 
    6.48          the notion of conformance. The definite assignment analysis ensures
    6.49          that the program only attempts to access local variables that 
    6.50 @@ -258,7 +258,7 @@
    6.51          So conformance must only ensure that the
    6.52          defined values are of the right type, and not also that the value
    6.53          is defined. 
    6.54 -*}
    6.55 +\<close>
    6.56  
    6.57    
    6.58  definition
     7.1 --- a/src/HOL/Bali/Decl.thy	Sat Jan 02 18:46:36 2016 +0100
     7.2 +++ b/src/HOL/Bali/Decl.thy	Sat Jan 02 18:48:45 2016 +0100
     7.3 @@ -1,15 +1,15 @@
     7.4  (*  Title:      HOL/Bali/Decl.thy
     7.5      Author:     David von Oheimb and Norbert Schirmer
     7.6  *)
     7.7 -subsection {* Field, method, interface, and class declarations, whole Java programs
     7.8 -*}
     7.9 +subsection \<open>Field, method, interface, and class declarations, whole Java programs
    7.10 +\<close>
    7.11  
    7.12  theory Decl
    7.13  imports Term Table
    7.14    (** order is significant, because of clash for "var" **)
    7.15  begin
    7.16  
    7.17 -text {*
    7.18 +text \<open>
    7.19  improvements:
    7.20  \begin{itemize}
    7.21  \item clarification and correction of some aspects of the package/access concept
    7.22 @@ -36,20 +36,20 @@
    7.23  
    7.24  \item no main method
    7.25  \end{itemize}
    7.26 -*}
    7.27 +\<close>
    7.28  
    7.29 -subsection {* Modifier*}
    7.30 +subsection \<open>Modifier\<close>
    7.31  
    7.32 -subsubsection {* Access modifier *}
    7.33 +subsubsection \<open>Access modifier\<close>
    7.34  
    7.35  datatype acc_modi (* access modifier *)
    7.36           = Private | Package | Protected | Public 
    7.37  
    7.38 -text {* 
    7.39 +text \<open>
    7.40  We can define a linear order for the access modifiers. With Private yielding the
    7.41  most restrictive access and public the most liberal access policy:
    7.42    Private < Package < Protected < Public
    7.43 -*}
    7.44 +\<close>
    7.45   
    7.46  instantiation acc_modi :: linorder
    7.47  begin
    7.48 @@ -70,14 +70,14 @@
    7.49    fix x y z::acc_modi
    7.50    show "(x < y) = (x \<le> y \<and> \<not> y \<le> x)"
    7.51      by (auto simp add: le_acc_def less_acc_def split add: acc_modi.split) 
    7.52 -  show "x \<le> x"                       -- reflexivity
    7.53 +  show "x \<le> x"                       \<comment> reflexivity
    7.54      by (auto simp add: le_acc_def)
    7.55    {
    7.56 -    assume "x \<le> y" "y \<le> z"           -- transitivity 
    7.57 +    assume "x \<le> y" "y \<le> z"           \<comment> transitivity 
    7.58      then show "x \<le> z"
    7.59        by (auto simp add: le_acc_def less_acc_def split add: acc_modi.split)
    7.60    next
    7.61 -    assume "x \<le> y" "y \<le> x"           -- antisymmetry
    7.62 +    assume "x \<le> y" "y \<le> x"           \<comment> antisymmetry
    7.63      moreover have "\<forall> x y. x < (y::acc_modi) \<and> y < x \<longrightarrow> False"
    7.64        by (auto simp add: less_acc_def split add: acc_modi.split)
    7.65      ultimately show "x = y" by (unfold le_acc_def) iprover
    7.66 @@ -137,11 +137,11 @@
    7.67  using assms by (auto dest: acc_modi_Package_le)
    7.68  
    7.69  
    7.70 -subsubsection {* Static Modifier *}
    7.71 +subsubsection \<open>Static Modifier\<close>
    7.72  type_synonym stat_modi = bool (* modifier: static *)
    7.73  
    7.74 -subsection {* Declaration (base "class" for member,interface and class
    7.75 - declarations *}
    7.76 +subsection \<open>Declaration (base "class" for member,interface and class
    7.77 + declarations\<close>
    7.78  
    7.79  record decl =
    7.80          access :: acc_modi
    7.81 @@ -150,7 +150,7 @@
    7.82    (type) "decl" <= (type) "\<lparr>access::acc_modi\<rparr>"
    7.83    (type) "decl" <= (type) "\<lparr>access::acc_modi,\<dots>::'a\<rparr>"
    7.84  
    7.85 -subsection {* Member (field or method)*}
    7.86 +subsection \<open>Member (field or method)\<close>
    7.87  record  member = decl +
    7.88           static :: stat_modi
    7.89  
    7.90 @@ -158,7 +158,7 @@
    7.91    (type) "member" <= (type) "\<lparr>access::acc_modi,static::bool\<rparr>"
    7.92    (type) "member" <= (type) "\<lparr>access::acc_modi,static::bool,\<dots>::'a\<rparr>"
    7.93  
    7.94 -subsection {* Field *}
    7.95 +subsection \<open>Field\<close>
    7.96  
    7.97  record field = member +
    7.98          type :: ty
    7.99 @@ -173,7 +173,7 @@
   7.100  translations
   7.101    (type) "fdecl" <= (type) "vname \<times> field"
   7.102  
   7.103 -subsection  {* Method *}
   7.104 +subsection  \<open>Method\<close>
   7.105  
   7.106  record mhead = member +     (* method head (excluding signature) *)
   7.107          pars ::"vname list" (* parameter names *)
   7.108 @@ -219,9 +219,9 @@
   7.109  lemma resT_mhead [simp]:"resT (mhead m) = resT m"
   7.110  by (simp add: mhead_def)
   7.111  
   7.112 -text {* To be able to talk uniformaly about field and method declarations we
   7.113 +text \<open>To be able to talk uniformaly about field and method declarations we
   7.114  introduce the notion of a member declaration (e.g. useful to define 
   7.115 -accessiblity ) *}
   7.116 +accessiblity )\<close>
   7.117  
   7.118  datatype memberdecl = fdecl fdecl | mdecl mdecl
   7.119  
   7.120 @@ -293,16 +293,16 @@
   7.121  by (simp add: is_method_def)
   7.122  
   7.123  
   7.124 -subsection {* Interface *}
   7.125 +subsection \<open>Interface\<close>
   7.126  
   7.127  
   7.128 -record  ibody = decl +  --{* interface body *}
   7.129 -          imethods :: "(sig \<times> mhead) list" --{* method heads *}
   7.130 +record  ibody = decl +  \<comment>\<open>interface body\<close>
   7.131 +          imethods :: "(sig \<times> mhead) list" \<comment>\<open>method heads\<close>
   7.132  
   7.133 -record  iface = ibody + --{* interface *}
   7.134 -         isuperIfs:: "qtname list" --{* superinterface list *}
   7.135 +record  iface = ibody + \<comment>\<open>interface\<close>
   7.136 +         isuperIfs:: "qtname list" \<comment>\<open>superinterface list\<close>
   7.137  type_synonym
   7.138 -        idecl           --{* interface declaration, cf. 9.1 *}
   7.139 +        idecl           \<comment>\<open>interface declaration, cf. 9.1\<close>
   7.140          = "qtname \<times> iface"
   7.141  
   7.142  translations
   7.143 @@ -324,17 +324,17 @@
   7.144  lemma imethods_ibody [simp]: "(imethods (ibody i)) = imethods i"
   7.145  by (simp add: ibody_def)
   7.146  
   7.147 -subsection  {* Class *}
   7.148 -record cbody = decl +          --{* class body *}
   7.149 +subsection  \<open>Class\<close>
   7.150 +record cbody = decl +          \<comment>\<open>class body\<close>
   7.151           cfields:: "fdecl list" 
   7.152           methods:: "mdecl list"
   7.153 -         init   :: "stmt"       --{* initializer *}
   7.154 +         init   :: "stmt"       \<comment>\<open>initializer\<close>
   7.155  
   7.156 -record "class" = cbody +           --{* class *}
   7.157 -        super   :: "qtname"      --{* superclass *}
   7.158 -        superIfs:: "qtname list" --{* implemented interfaces *}
   7.159 +record "class" = cbody +           \<comment>\<open>class\<close>
   7.160 +        super   :: "qtname"      \<comment>\<open>superclass\<close>
   7.161 +        superIfs:: "qtname list" \<comment>\<open>implemented interfaces\<close>
   7.162  type_synonym
   7.163 -        cdecl           --{* class declaration, cf. 8.1 *}
   7.164 +        cdecl           \<comment>\<open>class declaration, cf. 8.1\<close>
   7.165          = "qtname \<times> class"
   7.166  
   7.167  translations
   7.168 @@ -370,16 +370,16 @@
   7.169  subsubsection "standard classes"
   7.170  
   7.171  consts
   7.172 -  Object_mdecls  ::  "mdecl list" --{* methods of Object *}
   7.173 -  SXcpt_mdecls   ::  "mdecl list" --{* methods of SXcpts *}
   7.174 +  Object_mdecls  ::  "mdecl list" \<comment>\<open>methods of Object\<close>
   7.175 +  SXcpt_mdecls   ::  "mdecl list" \<comment>\<open>methods of SXcpts\<close>
   7.176  
   7.177  definition
   7.178 -  ObjectC ::         "cdecl"      --{* declaration  of root      class   *} where
   7.179 +  ObjectC ::         "cdecl"      \<comment>\<open>declaration  of root      class\<close> where
   7.180    "ObjectC = (Object,\<lparr>access=Public,cfields=[],methods=Object_mdecls,
   7.181                                    init=Skip,super=undefined,superIfs=[]\<rparr>)"
   7.182  
   7.183  definition
   7.184 -  SXcptC  ::"xname \<Rightarrow> cdecl"      --{* declarations of throwable classes *} where
   7.185 +  SXcptC  ::"xname \<Rightarrow> cdecl"      \<comment>\<open>declarations of throwable classes\<close> where
   7.186    "SXcptC xn = (SXcpt xn,\<lparr>access=Public,cfields=[],methods=SXcpt_mdecls,
   7.187                                     init=Skip,
   7.188                                     super=if xn = Throwable then Object 
   7.189 @@ -448,11 +448,11 @@
   7.190  subsubsection "subinterface and subclass relation, in anticipation of TypeRel.thy"
   7.191  
   7.192  definition
   7.193 -  subint1  :: "prog \<Rightarrow> (qtname \<times> qtname) set" --{* direct subinterface *}
   7.194 +  subint1  :: "prog \<Rightarrow> (qtname \<times> qtname) set" \<comment>\<open>direct subinterface\<close>
   7.195    where "subint1 G = {(I,J). \<exists>i\<in>iface G I: J\<in>set (isuperIfs i)}"
   7.196  
   7.197  definition
   7.198 -  subcls1  :: "prog \<Rightarrow> (qtname \<times> qtname) set" --{* direct subclass *}
   7.199 +  subcls1  :: "prog \<Rightarrow> (qtname \<times> qtname) set" \<comment>\<open>direct subclass\<close>
   7.200    where "subcls1 G = {(C,D). C\<noteq>Object \<and> (\<exists>c\<in>class G C: super c = D)}"
   7.201  
   7.202  abbreviation
   7.203 @@ -815,7 +815,7 @@
   7.204  
   7.205  definition
   7.206    imethds :: "prog \<Rightarrow> qtname \<Rightarrow> (sig,qtname \<times> mhead) tables" where
   7.207 -  --{* methods of an interface, with overriding and inheritance, cf. 9.2 *}
   7.208 +  \<comment>\<open>methods of an interface, with overriding and inheritance, cf. 9.2\<close>
   7.209    "imethds G I = iface_rec G I
   7.210                (\<lambda>I i ts. (Un_tables ts) \<oplus>\<oplus> 
   7.211                          (set_option \<circ> table_of (map (\<lambda>(s,m). (s,I,m)) (imethods i))))"
     8.1 --- a/src/HOL/Bali/DeclConcepts.thy	Sat Jan 02 18:46:36 2016 +0100
     8.2 +++ b/src/HOL/Bali/DeclConcepts.thy	Sat Jan 02 18:48:45 2016 +0100
     8.3 @@ -1,8 +1,8 @@
     8.4  (*  Title:      HOL/Bali/DeclConcepts.thy
     8.5      Author:     Norbert Schirmer
     8.6  *)
     8.7 -subsection {* Advanced concepts on Java declarations like overriding, inheritance,
     8.8 -dynamic method lookup*}
     8.9 +subsection \<open>Advanced concepts on Java declarations like overriding, inheritance,
    8.10 +dynamic method lookup\<close>
    8.11  
    8.12  theory DeclConcepts imports TypeRel begin
    8.13  
    8.14 @@ -16,10 +16,10 @@
    8.15                     | Some c \<Rightarrow> access c = Public)"
    8.16  
    8.17  subsection "accessibility of types (cf. 6.6.1)"
    8.18 -text {* 
    8.19 +text \<open>
    8.20  Primitive types are always accessible, interfaces and classes are accessible
    8.21  in their package or if they are defined public, an array type is accessible if
    8.22 -its element type is accessible *}
    8.23 +its element type is accessible\<close>
    8.24   
    8.25  primrec
    8.26    accessible_in :: "prog \<Rightarrow> ty \<Rightarrow> pname \<Rightarrow> bool"  ("_ \<turnstile> _ accessible'_in _" [61,61,61] 60) and
    8.27 @@ -71,16 +71,16 @@
    8.28  by (simp add: is_acc_reftype_def)
    8.29  
    8.30  subsection "accessibility of members"
    8.31 -text {*
    8.32 +text \<open>
    8.33  The accessibility of members is more involved as the accessibility of types.
    8.34  We have to distinguish several cases to model the different effects of 
    8.35  accessibility during inheritance, overriding and ordinary member access 
    8.36 -*}
    8.37 +\<close>
    8.38  
    8.39 -subsubsection {* Various technical conversion and selection functions *}
    8.40 +subsubsection \<open>Various technical conversion and selection functions\<close>
    8.41  
    8.42 -text {* overloaded selector @{text accmodi} to select the access modifier 
    8.43 -out of various HOL types *}
    8.44 +text \<open>overloaded selector \<open>accmodi\<close> to select the access modifier 
    8.45 +out of various HOL types\<close>
    8.46  
    8.47  class has_accmodi =
    8.48    fixes accmodi:: "'a \<Rightarrow> acc_modi"
    8.49 @@ -144,8 +144,8 @@
    8.50   "accmodi (mdecl m) = accmodi m"
    8.51  by (simp add: memberdecl_acc_modi_def)
    8.52  
    8.53 -text {* overloaded selector @{text declclass} to select the declaring class 
    8.54 -out of various HOL types *}
    8.55 +text \<open>overloaded selector \<open>declclass\<close> to select the declaring class 
    8.56 +out of various HOL types\<close>
    8.57  
    8.58  class has_declclass =
    8.59    fixes declclass:: "'a \<Rightarrow> qtname"
    8.60 @@ -180,8 +180,8 @@
    8.61  lemma pair_declclass_simp[simp]: "declclass (c,x) = declclass c" 
    8.62  by (simp add: pair_declclass_def)
    8.63  
    8.64 -text {* overloaded selector @{text is_static} to select the static modifier 
    8.65 -out of various HOL types *}
    8.66 +text \<open>overloaded selector \<open>is_static\<close> to select the static modifier 
    8.67 +out of various HOL types\<close>
    8.68  
    8.69  class has_static =
    8.70    fixes is_static :: "'a \<Rightarrow> bool"
    8.71 @@ -246,32 +246,32 @@
    8.72  lemma mhead_static_simp [simp]: "is_static (mhead m) = is_static m"
    8.73  by (cases m) (simp add: mhead_def member_is_static_simp)
    8.74  
    8.75 --- {* some mnemotic selectors for various pairs *} 
    8.76 +\<comment> \<open>some mnemotic selectors for various pairs\<close> 
    8.77  
    8.78  definition
    8.79    decliface :: "qtname \<times> 'a decl_scheme \<Rightarrow> qtname" where
    8.80 -  "decliface = fst"          --{* get the interface component *}
    8.81 +  "decliface = fst"          \<comment>\<open>get the interface component\<close>
    8.82  
    8.83  definition
    8.84    mbr :: "qtname \<times> memberdecl \<Rightarrow> memberdecl" where
    8.85 -  "mbr = snd"            --{* get the memberdecl component *}
    8.86 +  "mbr = snd"            \<comment>\<open>get the memberdecl component\<close>
    8.87  
    8.88  definition
    8.89    mthd :: "'b \<times> 'a \<Rightarrow> 'a" where
    8.90 -  "mthd = snd"              --{* get the method component *}
    8.91 -    --{* also used for mdecl, mhead *}
    8.92 +  "mthd = snd"              \<comment>\<open>get the method component\<close>
    8.93 +    \<comment>\<open>also used for mdecl, mhead\<close>
    8.94  
    8.95  definition
    8.96    fld :: "'b \<times> 'a decl_scheme \<Rightarrow> 'a decl_scheme" where
    8.97 -  "fld = snd"               --{* get the field component *}
    8.98 -    --{* also used for @{text "((vname \<times> qtname)\<times> field)"} *}
    8.99 +  "fld = snd"               \<comment>\<open>get the field component\<close>
   8.100 +    \<comment>\<open>also used for \<open>((vname \<times> qtname)\<times> field)\<close>\<close>
   8.101  
   8.102 --- {* some mnemotic selectors for @{text "(vname \<times> qtname)"} *}
   8.103 +\<comment> \<open>some mnemotic selectors for \<open>(vname \<times> qtname)\<close>\<close>
   8.104  
   8.105  definition
   8.106    fname:: "vname \<times> 'a \<Rightarrow> vname"
   8.107    where "fname = fst"
   8.108 -    --{* also used for fdecl *}
   8.109 +    \<comment>\<open>also used for fdecl\<close>
   8.110  
   8.111  definition
   8.112    declclassf:: "(vname \<times> qtname) \<Rightarrow> qtname"
   8.113 @@ -326,7 +326,7 @@
   8.114  lemma declclassf_simp[simp]:"declclassf (n,c) = c"
   8.115  by (simp add: declclassf_def)
   8.116  
   8.117 -  --{* some mnemotic selectors for @{text "(vname \<times> qtname)"} *}
   8.118 +  \<comment>\<open>some mnemotic selectors for \<open>(vname \<times> qtname)\<close>\<close>
   8.119  
   8.120  definition
   8.121    fldname :: "vname \<times> qtname \<Rightarrow> vname"
   8.122 @@ -345,8 +345,8 @@
   8.123  lemma ext_fieldname_simp[simp]: "(fldname f,fldclass f) = f"
   8.124  by (simp add: fldname_def fldclass_def)
   8.125  
   8.126 -text {* Convert a qualified method declaration (qualified with its declaring 
   8.127 -class) to a qualified member declaration:  @{text methdMembr}  *}
   8.128 +text \<open>Convert a qualified method declaration (qualified with its declaring 
   8.129 +class) to a qualified member declaration:  \<open>methdMembr\<close>\<close>
   8.130  
   8.131  definition
   8.132    methdMembr :: "qtname \<times> mdecl \<Rightarrow> qtname \<times> memberdecl"
   8.133 @@ -364,8 +364,8 @@
   8.134  lemma declclass_methdMembr_simp[simp]: "declclass (methdMembr m) = declclass m"
   8.135  by (cases m) (simp add: methdMembr_def)
   8.136  
   8.137 -text {* Convert a qualified method (qualified with its declaring 
   8.138 -class) to a qualified member declaration:  @{text method}  *}
   8.139 +text \<open>Convert a qualified method (qualified with its declaring 
   8.140 +class) to a qualified member declaration:  \<open>method\<close>\<close>
   8.141  
   8.142  definition
   8.143    "method" :: "sig \<Rightarrow> (qtname \<times> methd) \<Rightarrow> (qtname \<times> memberdecl)"
   8.144 @@ -411,8 +411,8 @@
   8.145  lemma memberid_fieldm_simp[simp]:  "memberid (fieldm n f) = fid n"
   8.146  by (simp add: fieldm_def) 
   8.147  
   8.148 -text {* Select the signature out of a qualified method declaration:
   8.149 - @{text msig} *}
   8.150 +text \<open>Select the signature out of a qualified method declaration:
   8.151 + \<open>msig\<close>\<close>
   8.152  
   8.153  definition
   8.154    msig :: "(qtname \<times> mdecl) \<Rightarrow> sig"
   8.155 @@ -421,8 +421,8 @@
   8.156  lemma msig_simp[simp]: "msig (c,(s,m)) = s"
   8.157  by (simp add: msig_def)
   8.158  
   8.159 -text {* Convert a qualified method (qualified with its declaring 
   8.160 -class) to a qualified method declaration:  @{text qmdecl}  *}
   8.161 +text \<open>Convert a qualified method (qualified with its declaring 
   8.162 +class) to a qualified method declaration:  \<open>qmdecl\<close>\<close>
   8.163  
   8.164  definition
   8.165    qmdecl :: "sig \<Rightarrow> (qtname \<times> methd) \<Rightarrow> (qtname \<times> mdecl)"
   8.166 @@ -451,8 +451,8 @@
   8.167   "methdMembr (qmdecl sig old) = method sig old"
   8.168  by (simp add: methdMembr_def qmdecl_def method_def)
   8.169  
   8.170 -text {* overloaded selector @{text resTy} to select the result type 
   8.171 -out of various HOL types *}
   8.172 +text \<open>overloaded selector \<open>resTy\<close> to select the result type 
   8.173 +out of various HOL types\<close>
   8.174  
   8.175  class has_resTy =
   8.176    fixes resTy:: "'a \<Rightarrow> ty"
   8.177 @@ -507,8 +507,8 @@
   8.178  by (cases m) (simp add: mthd_def )
   8.179  
   8.180  subsubsection "inheritable-in"
   8.181 -text {*
   8.182 -@{text "G\<turnstile>m inheritable_in P"}: m can be inherited by
   8.183 +text \<open>
   8.184 +\<open>G\<turnstile>m inheritable_in P\<close>: m can be inherited by
   8.185  classes in package P if:
   8.186  \begin{itemize} 
   8.187  \item the declaration class of m is accessible in P and
   8.188 @@ -517,7 +517,7 @@
   8.189        class of m is also P. If the member m is declared with private access
   8.190        it is not accessible for inheritance at all.
   8.191  \end{itemize}
   8.192 -*}
   8.193 +\<close>
   8.194  definition
   8.195    inheritable_in :: "prog \<Rightarrow> (qtname \<times> memberdecl) \<Rightarrow> pname \<Rightarrow> bool" ("_ \<turnstile> _ inheritable'_in _" [61,61,61] 60)
   8.196  where
   8.197 @@ -603,14 +603,14 @@
   8.198  | Inherited: "\<lbrakk>G\<turnstile>m inheritable_in (pid C); G\<turnstile>memberid m undeclared_in C; 
   8.199                 G\<turnstile>C \<prec>\<^sub>C1 S; G\<turnstile>(Class S) accessible_in (pid C);G\<turnstile>m member_of S 
   8.200                \<rbrakk> \<Longrightarrow> G\<turnstile>m member_of C"
   8.201 -text {* Note that in the case of an inherited member only the members of the
   8.202 +text \<open>Note that in the case of an inherited member only the members of the
   8.203  direct superclass are concerned. If a member of a superclass of the direct
   8.204  superclass isn't inherited in the direct superclass (not member of the
   8.205  direct superclass) than it can't be a member of the class. E.g. If a
   8.206  member of a class A is defined with package access it isn't member of a 
   8.207  subclass S if S isn't in the same package as A. Any further subclasses 
   8.208  of S will not inherit the member, regardless if they are in the same
   8.209 -package as A or not.*}
   8.210 +package as A or not.\<close>
   8.211  
   8.212  abbreviation
   8.213  method_member_of:: "prog \<Rightarrow> (qtname \<times> mdecl) \<Rightarrow> qtname \<Rightarrow> bool"
   8.214 @@ -641,10 +641,10 @@
   8.215  definition
   8.216    member_in :: "prog \<Rightarrow> (qtname \<times> memberdecl) \<Rightarrow> qtname \<Rightarrow> bool" ("_ \<turnstile> _ member'_in _" [61,61,61] 60)
   8.217    where "G\<turnstile>m member_in C = (\<exists> provC. G\<turnstile> C \<preceq>\<^sub>C provC \<and> G \<turnstile> m member_of provC)"
   8.218 -text {* A member is in a class if it is member of the class or a superclass.
   8.219 +text \<open>A member is in a class if it is member of the class or a superclass.
   8.220  If a member is in a class we can select this member. This additional notion
   8.221  is necessary since not all members are inherited to subclasses. So such
   8.222 -members are not member-of the subclass but member-in the subclass.*}
   8.223 +members are not member-of the subclass but member-in the subclass.\<close>
   8.224  
   8.225  abbreviation
   8.226  method_member_in:: "prog \<Rightarrow> (qtname \<times> mdecl) \<Rightarrow> qtname \<Rightarrow> bool"
   8.227 @@ -669,12 +669,12 @@
   8.228  
   8.229  subsubsection "overriding"
   8.230  
   8.231 -text {* Unfortunately the static notion of overriding (used during the
   8.232 +text \<open>Unfortunately the static notion of overriding (used during the
   8.233  typecheck of the compiler) and the dynamic notion of overriding (used during
   8.234  execution in the JVM) are not exactly the same. 
   8.235 -*}
   8.236 +\<close>
   8.237  
   8.238 -text {* Static overriding (used during the typecheck of the compiler) *}
   8.239 +text \<open>Static overriding (used during the typecheck of the compiler)\<close>
   8.240  
   8.241  inductive
   8.242    stat_overridesR :: "prog \<Rightarrow> (qtname \<times> mdecl) \<Rightarrow> (qtname \<times> mdecl) \<Rightarrow> bool"
   8.243 @@ -693,7 +693,7 @@
   8.244  | Indirect: "\<lbrakk>G\<turnstile>new overrides\<^sub>S intr; G\<turnstile>intr overrides\<^sub>S old\<rbrakk>
   8.245               \<Longrightarrow> G\<turnstile>new overrides\<^sub>S old"
   8.246  
   8.247 -text {* Dynamic overriding (used during the typecheck of the compiler) *}
   8.248 +text \<open>Dynamic overriding (used during the typecheck of the compiler)\<close>
   8.249  
   8.250  inductive
   8.251    overridesR :: "prog \<Rightarrow> (qtname \<times> mdecl) \<Rightarrow> (qtname \<times> mdecl) \<Rightarrow> bool"
   8.252 @@ -799,15 +799,15 @@
   8.253                      (G\<turnstile>accclass \<prec>\<^sub>C declclass membr 
   8.254                       \<and> (G\<turnstile>cls \<preceq>\<^sub>C accclass \<or> is_static membr)) 
   8.255      | Public    \<Rightarrow> True)"
   8.256 -text {*
   8.257 +text \<open>
   8.258  The subcondition of the @{term "Protected"} case: 
   8.259  @{term "G\<turnstile>accclass \<prec>\<^sub>C declclass membr"} could also be relaxed to:
   8.260  @{term "G\<turnstile>accclass \<preceq>\<^sub>C declclass membr"} since in case both classes are the
   8.261  same the other condition @{term "(pid (declclass membr) = pid accclass)"}
   8.262  holds anyway.
   8.263 -*} 
   8.264 +\<close> 
   8.265  
   8.266 -text {* Like in case of overriding, the static and dynamic accessibility 
   8.267 +text \<open>Like in case of overriding, the static and dynamic accessibility 
   8.268  of members is not uniform.
   8.269  \begin{itemize}
   8.270  \item Statically the class/interface of the member must be accessible for the
   8.271 @@ -819,7 +819,7 @@
   8.272  \item Statically the member we want to access must be "member of" the class.
   8.273        Dynamically it must only be "member in" the class.
   8.274  \end{itemize} 
   8.275 -*} 
   8.276 +\<close> 
   8.277  
   8.278  inductive
   8.279    accessible_fromR :: "prog \<Rightarrow> qtname \<Rightarrow> (qtname \<times> memberdecl) \<Rightarrow> qtname \<Rightarrow> bool"
   8.280 @@ -1403,7 +1403,7 @@
   8.281    "imethds G I =
   8.282      iface_rec G I  (\<lambda>I i ts. (Un_tables ts) \<oplus>\<oplus>
   8.283                          (set_option \<circ> table_of (map (\<lambda>(s,m). (s,I,m)) (imethods i))))"
   8.284 -text {* methods of an interface, with overriding and inheritance, cf. 9.2 *}
   8.285 +text \<open>methods of an interface, with overriding and inheritance, cf. 9.2\<close>
   8.286  
   8.287  definition
   8.288    accimethds :: "prog \<Rightarrow> pname \<Rightarrow> qtname \<Rightarrow> (sig,qtname \<times> mhead) tables" where
   8.289 @@ -1411,7 +1411,7 @@
   8.290      (if G\<turnstile>Iface I accessible_in pack 
   8.291       then imethds G I
   8.292       else (\<lambda> k. {}))"
   8.293 -text {* only returns imethds if the interface is accessible *}
   8.294 +text \<open>only returns imethds if the interface is accessible\<close>
   8.295  
   8.296  definition
   8.297    methd :: "prog \<Rightarrow> qtname  \<Rightarrow> (sig,qtname \<times> methd) table" where
   8.298 @@ -1422,25 +1422,25 @@
   8.299                            subcls_mthds 
   8.300                 ++ 
   8.301                 table_of (map (\<lambda>(s,m). (s,C,m)) (methods c)))"
   8.302 -text {* @{term "methd G C"}: methods of a class C (statically visible from C), 
   8.303 +text \<open>@{term "methd G C"}: methods of a class C (statically visible from C), 
   8.304       with inheritance and hiding cf. 8.4.6;
   8.305 -     Overriding is captured by @{text dynmethd}.
   8.306 +     Overriding is captured by \<open>dynmethd\<close>.
   8.307       Every new method with the same signature coalesces the
   8.308 -     method of a superclass. *}
   8.309 +     method of a superclass.\<close>
   8.310  
   8.311  definition
   8.312    accmethd :: "prog \<Rightarrow> qtname \<Rightarrow> qtname  \<Rightarrow> (sig,qtname \<times> methd) table" where
   8.313    "accmethd G S C =
   8.314      filter_tab (\<lambda>sig m. G\<turnstile>method sig m of C accessible_from S) (methd G C)"
   8.315 -text {* @{term "accmethd G S C"}: only those methods of @{term "methd G C"}, 
   8.316 -        accessible from S *}
   8.317 +text \<open>@{term "accmethd G S C"}: only those methods of @{term "methd G C"}, 
   8.318 +        accessible from S\<close>
   8.319  
   8.320 -text {* Note the class component in the accessibility filter. The class where
   8.321 +text \<open>Note the class component in the accessibility filter. The class where
   8.322      method @{term m} is declared (@{term declC}) isn't necessarily accessible 
   8.323      from the current scope @{term S}. The method can be made accessible 
   8.324      through inheritance, too.
   8.325      So we must test accessibility of method @{term m} of class @{term C} 
   8.326 -    (not @{term "declclass m"}) *}
   8.327 +    (not @{term "declclass m"})\<close>
   8.328  
   8.329  definition
   8.330    dynmethd :: "prog  \<Rightarrow> qtname \<Rightarrow> qtname \<Rightarrow> (sig,qtname \<times> methd) table" where
   8.331 @@ -1461,13 +1461,13 @@
   8.332                  )
   8.333            else None))"
   8.334  
   8.335 -text {* @{term "dynmethd G statC dynC"}: dynamic method lookup of a reference 
   8.336 -        with dynamic class @{term dynC} and static class @{term statC} *}
   8.337 -text {* Note some kind of duality between @{term methd} and @{term dynmethd} 
   8.338 +text \<open>@{term "dynmethd G statC dynC"}: dynamic method lookup of a reference 
   8.339 +        with dynamic class @{term dynC} and static class @{term statC}\<close>
   8.340 +text \<open>Note some kind of duality between @{term methd} and @{term dynmethd} 
   8.341          in the @{term class_rec} arguments. Whereas @{term methd} filters the 
   8.342          subclass methods (to get only the inherited ones), @{term dynmethd} 
   8.343          filters the new methods (to get only those methods which actually
   8.344 -        override the methods of the static class) *}
   8.345 +        override the methods of the static class)\<close>
   8.346  
   8.347  definition
   8.348    dynimethd :: "prog \<Rightarrow> qtname \<Rightarrow> qtname \<Rightarrow> (sig,qtname \<times> methd) table" where
   8.349 @@ -1475,9 +1475,9 @@
   8.350      (\<lambda>sig. if imethds G I sig \<noteq> {}
   8.351             then methd G dynC sig
   8.352             else dynmethd G Object dynC sig)"
   8.353 -text {* @{term "dynimethd G I dynC"}: dynamic method lookup of a reference with 
   8.354 -        dynamic class dynC and static interface type I *}
   8.355 -text {* 
   8.356 +text \<open>@{term "dynimethd G I dynC"}: dynamic method lookup of a reference with 
   8.357 +        dynamic class dynC and static interface type I\<close>
   8.358 +text \<open>
   8.359     When calling an interface method, we must distinguish if the method signature
   8.360     was defined in the interface or if it must be an Object method in the other
   8.361     case. If it was an interface method we search the class hierarchy
   8.362 @@ -1487,7 +1487,7 @@
   8.363     effects like in case of dynmethd. The method will be inherited or 
   8.364     overridden in all classes from the first class implementing the interface 
   8.365     down to the actual dynamic class.
   8.366 - *}
   8.367 +\<close>
   8.368  
   8.369  definition
   8.370    dynlookup :: "prog  \<Rightarrow> ref_ty \<Rightarrow> qtname \<Rightarrow> (sig,qtname \<times> methd) table" where
   8.371 @@ -1497,19 +1497,19 @@
   8.372      | IfaceT I     \<Rightarrow> dynimethd G I      dynC
   8.373      | ClassT statC \<Rightarrow> dynmethd  G statC  dynC
   8.374      | ArrayT ty    \<Rightarrow> dynmethd  G Object dynC)"
   8.375 -text {* @{term "dynlookup G statT dynC"}: dynamic lookup of a method within the 
   8.376 +text \<open>@{term "dynlookup G statT dynC"}: dynamic lookup of a method within the 
   8.377      static reference type statT and the dynamic class dynC. 
   8.378      In a wellformd context statT will not be NullT and in case
   8.379 -    statT is an array type, dynC=Object *}
   8.380 +    statT is an array type, dynC=Object\<close>
   8.381  
   8.382  definition
   8.383    fields :: "prog \<Rightarrow> qtname \<Rightarrow> ((vname \<times> qtname) \<times> field) list" where
   8.384    "fields G C =
   8.385      class_rec G C [] (\<lambda>C c ts. map (\<lambda>(n,t). ((n,C),t)) (cfields c) @ ts)"
   8.386 -text {* @{term "fields G C"} 
   8.387 +text \<open>@{term "fields G C"} 
   8.388       list of fields of a class, including all the fields of the superclasses
   8.389       (private, inherited and hidden ones) not only the accessible ones
   8.390 -     (an instance of a object allocates all these fields *}
   8.391 +     (an instance of a object allocates all these fields\<close>
   8.392  
   8.393  definition
   8.394    accfield :: "prog \<Rightarrow> qtname \<Rightarrow> qtname \<Rightarrow> (vname, qtname  \<times>  field) table" where
   8.395 @@ -1517,15 +1517,15 @@
   8.396      (let field_tab = table_of((map (\<lambda>((n,d),f).(n,(d,f)))) (fields G C))
   8.397        in filter_tab (\<lambda>n (declC,f). G\<turnstile> (declC,fdecl (n,f)) of C accessible_from S)
   8.398                      field_tab)"
   8.399 -text  {* @{term "accfield G C S"}: fields of a class @{term C} which are 
   8.400 +text  \<open>@{term "accfield G C S"}: fields of a class @{term C} which are 
   8.401           accessible from scope of class
   8.402 -         @{term S} with inheritance and hiding, cf. 8.3 *}
   8.403 -text {* note the class component in the accessibility filter (see also 
   8.404 +         @{term S} with inheritance and hiding, cf. 8.3\<close>
   8.405 +text \<open>note the class component in the accessibility filter (see also 
   8.406          @{term methd}).
   8.407     The class declaring field @{term f} (@{term declC}) isn't necessarily 
   8.408     accessible from scope @{term S}. The field can be made visible through 
   8.409     inheritance, too. So we must test accessibility of field @{term f} of class 
   8.410 -   @{term C} (not @{term "declclass f"}) *} 
   8.411 +   @{term C} (not @{term "declclass f"})\<close> 
   8.412  
   8.413  definition
   8.414    is_methd :: "prog \<Rightarrow> qtname  \<Rightarrow> sig \<Rightarrow> bool"
     9.1 --- a/src/HOL/Bali/DefiniteAssignment.thy	Sat Jan 02 18:46:36 2016 +0100
     9.2 +++ b/src/HOL/Bali/DefiniteAssignment.thy	Sat Jan 02 18:48:45 2016 +0100
     9.3 @@ -1,8 +1,8 @@
     9.4 -subsection {* Definite Assignment *}
     9.5 +subsection \<open>Definite Assignment\<close>
     9.6  
     9.7  theory DefiniteAssignment imports WellType begin 
     9.8  
     9.9 -text {* Definite Assignment Analysis (cf. 16)
    9.10 +text \<open>Definite Assignment Analysis (cf. 16)
    9.11  
    9.12  The definite assignment analysis approximates the sets of local 
    9.13  variables that will be assigned at a certain point of evaluation, and ensures
    9.14 @@ -37,17 +37,17 @@
    9.15    \item analysis of definite unassigned
    9.16    \item special treatment of final fields
    9.17  \end{itemize}
    9.18 -*}
    9.19 +\<close>
    9.20  
    9.21 -subsubsection {* Correct nesting of jump statements *}
    9.22 +subsubsection \<open>Correct nesting of jump statements\<close>
    9.23  
    9.24 -text {* For definite assignment it becomes crucial, that jumps (break, 
    9.25 +text \<open>For definite assignment it becomes crucial, that jumps (break, 
    9.26  continue, return) are nested correctly i.e. a continue jump is nested in a
    9.27  matching while statement, a break jump is nested in a proper label statement,
    9.28  a class initialiser does not terminate abruptly with a return. With this we 
    9.29  can for example ensure that evaluation of an expression will never end up 
    9.30  with a jump, since no breaks, continues or returns are allowed in an 
    9.31 -expression. *}
    9.32 +expression.\<close>
    9.33  
    9.34  primrec jumpNestingOkS :: "jump set \<Rightarrow> stmt \<Rightarrow> bool"
    9.35  where
    9.36 @@ -59,8 +59,8 @@
    9.37  | "jumpNestingOkS jmps (If(e) c1 Else c2) = (jumpNestingOkS jmps c1 \<and>  
    9.38                                               jumpNestingOkS jmps c2)"
    9.39  | "jumpNestingOkS jmps (l\<bullet> While(e) c) = jumpNestingOkS ({Cont l} \<union> jmps) c"
    9.40 ---{* The label of the while loop only handles continue jumps. Breaks are only
    9.41 -     handled by @{term Lab} *}
    9.42 +\<comment>\<open>The label of the while loop only handles continue jumps. Breaks are only
    9.43 +     handled by @{term Lab}\<close>
    9.44  | "jumpNestingOkS jmps (Jmp j) = (j \<in> jmps)"
    9.45  | "jumpNestingOkS jmps (Throw e) = True"
    9.46  | "jumpNestingOkS jmps (Try c1 Catch(C vn) c2) = (jumpNestingOkS jmps c1 \<and> 
    9.47 @@ -68,9 +68,9 @@
    9.48  | "jumpNestingOkS jmps (c1 Finally c2) = (jumpNestingOkS jmps c1 \<and> 
    9.49                                            jumpNestingOkS jmps c2)"
    9.50  | "jumpNestingOkS jmps (Init C) = True" 
    9.51 - --{* wellformedness of the program must enshure that for all initializers 
    9.52 -      jumpNestingOkS {} holds *} 
    9.53 ---{* Dummy analysis for intermediate smallstep term @{term  FinA} *}
    9.54 + \<comment>\<open>wellformedness of the program must enshure that for all initializers 
    9.55 +      jumpNestingOkS {} holds\<close> 
    9.56 +\<comment>\<open>Dummy analysis for intermediate smallstep term @{term  FinA}\<close>
    9.57  | "jumpNestingOkS jmps (FinA a c) = False"
    9.58  
    9.59  
    9.60 @@ -111,10 +111,10 @@
    9.61  
    9.62  
    9.63  
    9.64 -subsubsection {* Calculation of assigned variables for boolean expressions*}
    9.65 +subsubsection \<open>Calculation of assigned variables for boolean expressions\<close>
    9.66  
    9.67  
    9.68 -subsection {* Very restricted calculation fallback calculation *}
    9.69 +subsection \<open>Very restricted calculation fallback calculation\<close>
    9.70  
    9.71  primrec the_LVar_name :: "var \<Rightarrow> lname"
    9.72    where "the_LVar_name (LVar n) = n"
    9.73 @@ -140,8 +140,8 @@
    9.74  | "assignsE (b? e1 : e2) = (assignsE b) \<union> ((assignsE e1) \<inter> (assignsE e2))"
    9.75  | "assignsE ({accC,statT,mode}objRef\<cdot>mn({pTs}args)) 
    9.76                              = (assignsE objRef) \<union> (assignsEs args)"
    9.77 --- {* Only dummy analysis for intermediate expressions  
    9.78 -      @{term Methd}, @{term Body}, @{term InsInitE} and @{term Callee} *}
    9.79 +\<comment> \<open>Only dummy analysis for intermediate expressions  
    9.80 +      @{term Methd}, @{term Body}, @{term InsInitE} and @{term Callee}\<close>
    9.81  | "assignsE (Methd C sig)   = {}" 
    9.82  | "assignsE (Body  C s)     = {}"   
    9.83  | "assignsE (InsInitE s e)  = {}"  
    9.84 @@ -216,9 +216,9 @@
    9.85                                              | False\<Rightarrow> (case (constVal e1) of
    9.86                                                           None   \<Rightarrow> None
    9.87                                                         | Some v \<Rightarrow> constVal e2)))"
    9.88 ---{* Note that @{text "constVal (Cond b e1 e2)"} is stricter as it could be.
    9.89 +\<comment>\<open>Note that \<open>constVal (Cond b e1 e2)\<close> is stricter as it could be.
    9.90       It requires that all tree expressions are constant even if we can decide
    9.91 -     which branch to choose, provided the constant value of @{term b} *}
    9.92 +     which branch to choose, provided the constant value of @{term b}\<close>
    9.93  | "constVal (Call accC statT mode objRef mn pTs args) = None"
    9.94  | "constVal (Methd C sig)   = None" 
    9.95  | "constVal (Body  C s)     = None"   
    9.96 @@ -274,19 +274,19 @@
    9.97    by (induct rule: constVal_Some_induct) simp_all
    9.98  
    9.99  
   9.100 -subsection {* Main analysis for boolean expressions *}
   9.101 +subsection \<open>Main analysis for boolean expressions\<close>
   9.102  
   9.103 -text {* Assigned local variables after evaluating the expression if it evaluates
   9.104 +text \<open>Assigned local variables after evaluating the expression if it evaluates
   9.105  to a specific boolean value. If the expression cannot evaluate to a 
   9.106  @{term Boolean} value UNIV is returned. If we expect true/false the opposite 
   9.107 -constant false/true will also lead to UNIV. *}
   9.108 +constant false/true will also lead to UNIV.\<close>
   9.109  primrec assigns_if :: "bool \<Rightarrow> expr \<Rightarrow> lname set"
   9.110  where
   9.111 -  "assigns_if b (NewC c)            = UNIV" --{*can never evaluate to Boolean*} 
   9.112 -| "assigns_if b (NewA t e)          = UNIV" --{*can never evaluate to Boolean*}
   9.113 +  "assigns_if b (NewC c)            = UNIV" \<comment>\<open>can never evaluate to Boolean\<close> 
   9.114 +| "assigns_if b (NewA t e)          = UNIV" \<comment>\<open>can never evaluate to Boolean\<close>
   9.115  | "assigns_if b (Cast t e)          = assigns_if b e" 
   9.116 -| "assigns_if b (Inst e r)          = assignsE e" --{*Inst has type Boolean but
   9.117 -                                                       e is a reference type*}
   9.118 +| "assigns_if b (Inst e r)          = assignsE e" \<comment>\<open>Inst has type Boolean but
   9.119 +                                                       e is a reference type\<close>
   9.120  | "assigns_if b (Lit val)           = (if val=Bool b then {} else UNIV)"  
   9.121  | "assigns_if b (UnOp unop e)       = (case constVal (UnOp unop e) of
   9.122                                             None   \<Rightarrow> (if unop = UNot 
   9.123 @@ -311,7 +311,7 @@
   9.124                    else assignsE e1 \<union> assignsE e2))
   9.125         | Some v \<Rightarrow> (if v=Bool b then {} else UNIV))"
   9.126  
   9.127 -| "assigns_if b (Super)      = UNIV" --{*can never evaluate to Boolean*}
   9.128 +| "assigns_if b (Super)      = UNIV" \<comment>\<open>can never evaluate to Boolean\<close>
   9.129  | "assigns_if b (Acc v)      = (assignsV v)"
   9.130  | "assigns_if b (v := e)     = (assignsE (Ass v e))"
   9.131  | "assigns_if b (c? e1 : e2) = (assignsE c) \<union>
   9.132 @@ -323,8 +323,8 @@
   9.133                                                  | False \<Rightarrow> assigns_if b e2))"
   9.134  | "assigns_if b ({accC,statT,mode}objRef\<cdot>mn({pTs}args))  
   9.135              = assignsE ({accC,statT,mode}objRef\<cdot>mn({pTs}args)) "
   9.136 --- {* Only dummy analysis for intermediate expressions  
   9.137 -      @{term Methd}, @{term Body}, @{term InsInitE} and @{term Callee} *}
   9.138 +\<comment> \<open>Only dummy analysis for intermediate expressions  
   9.139 +      @{term Methd}, @{term Body}, @{term InsInitE} and @{term Callee}\<close>
   9.140  | "assigns_if b (Methd C sig)   = {}" 
   9.141  | "assigns_if b (Body  C s)     = {}"   
   9.142  | "assigns_if b (InsInitE s e)  = {}"  
   9.143 @@ -347,10 +347,10 @@
   9.144        by (cases binop) (simp_all)
   9.145    next
   9.146      case (Cond c e1 e2 b)
   9.147 -    note hyp_c = `\<And> b. ?Const b c \<Longrightarrow> ?Ass b c`
   9.148 -    note hyp_e1 = `\<And> b. ?Const b e1 \<Longrightarrow> ?Ass b e1`
   9.149 -    note hyp_e2 = `\<And> b. ?Const b e2 \<Longrightarrow> ?Ass b e2`
   9.150 -    note const = `constVal (c ? e1 : e2) = Some (Bool b)`
   9.151 +    note hyp_c = \<open>\<And> b. ?Const b c \<Longrightarrow> ?Ass b c\<close>
   9.152 +    note hyp_e1 = \<open>\<And> b. ?Const b e1 \<Longrightarrow> ?Ass b e1\<close>
   9.153 +    note hyp_e2 = \<open>\<And> b. ?Const b e2 \<Longrightarrow> ?Ass b e2\<close>
   9.154 +    note const = \<open>constVal (c ? e1 : e2) = Some (Bool b)\<close>
   9.155      then obtain bv where bv: "constVal c = Some bv"
   9.156        by simp
   9.157      hence emptyC: "assignsE c = {}" by (rule assignsE_const_simp)
   9.158 @@ -395,10 +395,10 @@
   9.159        by (cases binop) (simp_all)
   9.160    next
   9.161      case (Cond c e1 e2 b)
   9.162 -    note hyp_c = `\<And> b. ?Const b c \<Longrightarrow> ?Ass b c`
   9.163 -    note hyp_e1 = `\<And> b. ?Const b e1 \<Longrightarrow> ?Ass b e1`
   9.164 -    note hyp_e2 = `\<And> b. ?Const b e2 \<Longrightarrow> ?Ass b e2`
   9.165 -    note const = `constVal (c ? e1 : e2) = Some (Bool b)`
   9.166 +    note hyp_c = \<open>\<And> b. ?Const b c \<Longrightarrow> ?Ass b c\<close>
   9.167 +    note hyp_e1 = \<open>\<And> b. ?Const b e1 \<Longrightarrow> ?Ass b e1\<close>
   9.168 +    note hyp_e2 = \<open>\<And> b. ?Const b e2 \<Longrightarrow> ?Ass b e2\<close>
   9.169 +    note const = \<open>constVal (c ? e1 : e2) = Some (Bool b)\<close>
   9.170      then obtain bv where bv: "constVal c = Some bv"
   9.171        by simp
   9.172      show ?case
   9.173 @@ -425,7 +425,7 @@
   9.174      by blast
   9.175  qed
   9.176  
   9.177 -subsection {* Lifting set operations to range of tables (map to a set) *}
   9.178 +subsection \<open>Lifting set operations to range of tables (map to a set)\<close>
   9.179  
   9.180  definition
   9.181    union_ts :: "('a,'b) tables \<Rightarrow> ('a,'b) tables \<Rightarrow> ('a,'b) tables" ("_ \<Rightarrow>\<union> _" [67,67] 65)
   9.182 @@ -439,7 +439,7 @@
   9.183    all_union_ts :: "('a,'b) tables \<Rightarrow> 'b set \<Rightarrow> ('a,'b) tables" (infixl "\<Rightarrow>\<union>\<^sub>\<forall>" 40)
   9.184    where "(A \<Rightarrow>\<union>\<^sub>\<forall> B) = (\<lambda> k. A k \<union> B)"
   9.185    
   9.186 -subsubsection {* Binary union of tables *}
   9.187 +subsubsection \<open>Binary union of tables\<close>
   9.188  
   9.189  lemma union_ts_iff [simp]: "(c \<in> (A \<Rightarrow>\<union> B) k) = (c \<in> A k \<or>  c \<in> B k)"
   9.190    by (unfold union_ts_def) blast
   9.191 @@ -457,7 +457,7 @@
   9.192   "\<lbrakk>c \<in> (A \<Rightarrow>\<union> B) k; (c \<in> A k \<Longrightarrow> P); (c \<in> B k \<Longrightarrow> P)\<rbrakk> \<Longrightarrow> P"
   9.193    by (unfold union_ts_def) blast
   9.194  
   9.195 -subsubsection {* Binary intersection of tables *}
   9.196 +subsubsection \<open>Binary intersection of tables\<close>
   9.197  
   9.198  lemma intersect_ts_iff [simp]: "c \<in> (A \<Rightarrow>\<inter> B) k = (c \<in> A k \<and> c \<in> B k)"
   9.199    by (unfold intersect_ts_def) blast
   9.200 @@ -476,7 +476,7 @@
   9.201    by simp
   9.202  
   9.203  
   9.204 -subsubsection {* All-Union of tables and set *}
   9.205 +subsubsection \<open>All-Union of tables and set\<close>
   9.206  
   9.207  lemma all_union_ts_iff [simp]: "(c \<in> (A \<Rightarrow>\<union>\<^sub>\<forall> B) k) = (c \<in> A k \<or>  c \<in> B)"
   9.208    by (unfold all_union_ts_def) blast
   9.209 @@ -499,14 +499,14 @@
   9.210  
   9.211   
   9.212  type_synonym breakass = "(label, lname) tables" 
   9.213 ---{* Mapping from a break label, to the set of variables that will be assigned 
   9.214 -     if the evaluation terminates with this break *}
   9.215 +\<comment>\<open>Mapping from a break label, to the set of variables that will be assigned 
   9.216 +     if the evaluation terminates with this break\<close>
   9.217      
   9.218  record assigned = 
   9.219 -         nrm :: "lname set" --{* Definetly assigned variables 
   9.220 -                                 for normal completion*}
   9.221 -         brk :: "breakass" --{* Definetly assigned variables for 
   9.222 -                                abrupt completion with a break *}
   9.223 +         nrm :: "lname set" \<comment>\<open>Definetly assigned variables 
   9.224 +                                 for normal completion\<close>
   9.225 +         brk :: "breakass" \<comment>\<open>Definetly assigned variables for 
   9.226 +                                abrupt completion with a break\<close>
   9.227  
   9.228  definition
   9.229    rmlab :: "'a \<Rightarrow> ('a,'b) tables \<Rightarrow> ('a,'b) tables"
   9.230 @@ -522,14 +522,14 @@
   9.231    range_inter_ts :: "('a,'b) tables \<Rightarrow> 'b set" ("\<Rightarrow>\<Inter>_" 80)
   9.232    where "\<Rightarrow>\<Inter>A = {x |x. \<forall> k. x \<in> A k}"
   9.233  
   9.234 -text {*
   9.235 -In @{text "E\<turnstile> B \<guillemotright>t\<guillemotright> A"},
   9.236 -@{text B} denotes the ''assigned'' variables before evaluating term @{text t},
   9.237 -whereas @{text A} denotes the ''assigned'' variables after evaluating term @{text t}.
   9.238 -The environment @{term E} is only needed for the conditional @{text "_ ? _ : _"}.
   9.239 +text \<open>
   9.240 +In \<open>E\<turnstile> B \<guillemotright>t\<guillemotright> A\<close>,
   9.241 +\<open>B\<close> denotes the ''assigned'' variables before evaluating term \<open>t\<close>,
   9.242 +whereas \<open>A\<close> denotes the ''assigned'' variables after evaluating term \<open>t\<close>.
   9.243 +The environment @{term E} is only needed for the conditional \<open>_ ? _ : _\<close>.
   9.244  The definite assignment rules refer to the typing rules here to
   9.245  distinguish boolean and other expressions.
   9.246 -*}
   9.247 +\<close>
   9.248  
   9.249  inductive
   9.250    da :: "env \<Rightarrow> lname set \<Rightarrow> term \<Rightarrow> assigned \<Rightarrow> bool" ("_\<turnstile> _ \<guillemotright>_\<guillemotright> _" [65,65,65,65] 71)
   9.251 @@ -556,7 +556,7 @@
   9.252            \<Longrightarrow>
   9.253            Env\<turnstile> B \<guillemotright>\<langle>If(e) c1 Else c2\<rangle>\<guillemotright> A"
   9.254  
   9.255 ---{* Note that @{term E} is not further used, because we take the specialized
   9.256 +\<comment>\<open>Note that @{term E} is not further used, because we take the specialized
   9.257       sets that also consider if the expression evaluates to true or false. 
   9.258       Inside of @{term e} there is no {\tt break} or {\tt finally}, so the break
   9.259       map of @{term E} will be the trivial one. So 
   9.260 @@ -572,7 +572,7 @@
   9.261       to @{term UNIV} too, because @{term "assigns_if False e = UNIV"}. So
   9.262       in the intersection of the break maps the path @{term c2} will have no
   9.263       contribution.
   9.264 -  *}
   9.265 +\<close>
   9.266  
   9.267  | Loop: "\<lbrakk>Env\<turnstile> B \<guillemotright>\<langle>e\<rangle>\<guillemotright> E; 
   9.268            Env\<turnstile> (B \<union> assigns_if True e) \<guillemotright>\<langle>c\<rangle>\<guillemotright> C;
   9.269 @@ -580,7 +580,7 @@
   9.270            brk A = brk C\<rbrakk>  
   9.271            \<Longrightarrow>
   9.272            Env\<turnstile> B \<guillemotright>\<langle>l\<bullet> While(e) c\<rangle>\<guillemotright> A"
   9.273 ---{* The @{text Loop} rule resembles some of the ideas of the @{text If} rule.
   9.274 +\<comment>\<open>The \<open>Loop\<close> rule resembles some of the ideas of the \<open>If\<close> rule.
   9.275       For the @{term "nrm A"} the set @{term "B \<union> assigns_if False e"} 
   9.276       will be @{term UNIV} if the condition is constantly true. To normally exit
   9.277       the while loop, we must consider the body @{term c} to be completed 
   9.278 @@ -589,7 +589,7 @@
   9.279       only handles continue labels, not break labels. The break label will be
   9.280       handled by an enclosing @{term Lab} statement. So we don't have to
   9.281       handle the breaks specially. 
   9.282 -  *}
   9.283 +\<close>
   9.284  
   9.285  | Jmp: "\<lbrakk>jump=Ret \<longrightarrow> Result \<in> B;
   9.286           nrm A = UNIV;
   9.287 @@ -599,13 +599,13 @@
   9.288                    | Ret     \<Rightarrow> \<lambda> k. UNIV)\<rbrakk> 
   9.289          \<Longrightarrow> 
   9.290          Env\<turnstile> B \<guillemotright>\<langle>Jmp jump\<rangle>\<guillemotright> A"
   9.291 ---{* In case of a break to label @{term l} the corresponding break set is all
   9.292 +\<comment>\<open>In case of a break to label @{term l} the corresponding break set is all
   9.293       variables assigned before the break. The assigned variables for normal
   9.294       completion of the @{term Jmp} is @{term UNIV}, because the statement will
   9.295       never complete normally. For continue and return the break map is the 
   9.296       trivial one. In case of a return we enshure that the result value is
   9.297       assigned.
   9.298 -  *}
   9.299 +\<close>
   9.300  
   9.301  | Throw: "\<lbrakk>Env\<turnstile> B \<guillemotright>\<langle>e\<rangle>\<guillemotright> E; nrm A = UNIV; brk A = (\<lambda> l. UNIV)\<rbrakk> 
   9.302           \<Longrightarrow> Env\<turnstile> B \<guillemotright>\<langle>Throw e\<rangle>\<guillemotright> A"
   9.303 @@ -622,23 +622,23 @@
   9.304            brk A = ((brk C1) \<Rightarrow>\<union>\<^sub>\<forall> (nrm C2)) \<Rightarrow>\<inter> (brk C2)\<rbrakk>  
   9.305            \<Longrightarrow>
   9.306            Env\<turnstile> B \<guillemotright>\<langle>c1 Finally c2\<rangle>\<guillemotright> A" 
   9.307 ---{* The set of assigned variables before execution @{term c2} are the same
   9.308 +\<comment>\<open>The set of assigned variables before execution @{term c2} are the same
   9.309       as before execution @{term c1}, because @{term c1} could throw an exception
   9.310       and so we can't guarantee that any variable will be assigned in @{term c1}.
   9.311 -     The @{text Finally} statement completes
   9.312 +     The \<open>Finally\<close> statement completes
   9.313       normally if both @{term c1} and @{term c2} complete normally. If @{term c1}
   9.314       completes abruptly with a break, then @{term c2} also will be executed 
   9.315       and may terminate normally or with a break. The overall break map then is
   9.316       the intersection of the maps of both paths. If @{term c2} terminates 
   9.317       normally we have to extend all break sets in @{term "brk C1"} with 
   9.318 -     @{term "nrm C2"} (@{text "\<Rightarrow>\<union>\<^sub>\<forall>"}). If @{term c2} exits with a break this
   9.319 +     @{term "nrm C2"} (\<open>\<Rightarrow>\<union>\<^sub>\<forall>\<close>). If @{term c2} exits with a break this
   9.320       break will appear in the overall result state. We don't know if 
   9.321       @{term c1} completed normally or abruptly (maybe with an exception not only
   9.322       a break) so @{term c1} has no contribution to the break map following this
   9.323       path.
   9.324 -  *}
   9.325 +\<close>
   9.326  
   9.327 ---{* Evaluation of expressions and the break sets of definite assignment:
   9.328 +\<comment>\<open>Evaluation of expressions and the break sets of definite assignment:
   9.329       Thinking of a Java expression we assume that we can never have
   9.330       a break statement inside of a expression. So for all expressions the
   9.331       break sets could be set to the trivial one: @{term "\<lambda> l. UNIV"}. 
   9.332 @@ -656,18 +656,18 @@
   9.333       the analysis of the correct nesting of breaks in the typing judgments 
   9.334       right now. So we have decided to adjust the rules of definite assignment
   9.335       to fit to these circumstances. If an initialization is involved during
   9.336 -     evaluation of the expression (evaluation rules @{text FVar}, @{text NewC} 
   9.337 -     and @{text NewA}
   9.338 -*}
   9.339 +     evaluation of the expression (evaluation rules \<open>FVar\<close>, \<open>NewC\<close> 
   9.340 +     and \<open>NewA\<close>
   9.341 +\<close>
   9.342  
   9.343  | Init: "Env\<turnstile> B \<guillemotright>\<langle>Init C\<rangle>\<guillemotright> \<lparr>nrm=B,brk=\<lambda> l. UNIV\<rparr>"
   9.344 ---{* Wellformedness of a program will ensure, that every static initialiser 
   9.345 +\<comment>\<open>Wellformedness of a program will ensure, that every static initialiser 
   9.346       is definetly assigned and the jumps are nested correctly. The case here
   9.347       for @{term Init} is just for convenience, to get a proper precondition 
   9.348       for the induction hypothesis in various proofs, so that we don't have to
   9.349       expand the initialisation on every point where it is triggerred by the
   9.350       evaluation rules.
   9.351 -  *}   
   9.352 +\<close>   
   9.353  | NewC: "Env\<turnstile> B \<guillemotright>\<langle>NewC C\<rangle>\<guillemotright> \<lparr>nrm=B,brk=\<lambda> l. UNIV\<rparr>" 
   9.354  
   9.355  | NewA: "Env\<turnstile> B \<guillemotright>\<langle>e\<rangle>\<guillemotright> A 
   9.356 @@ -715,9 +715,9 @@
   9.357               nrm A = B; brk A = (\<lambda> k. UNIV)\<rbrakk> 
   9.358               \<Longrightarrow> 
   9.359               Env\<turnstile> B \<guillemotright>\<langle>Acc (LVar vn)\<rangle>\<guillemotright> A"
   9.360 ---{* To properly access a local variable we have to test the definite 
   9.361 +\<comment>\<open>To properly access a local variable we have to test the definite 
   9.362       assignment here. The variable must occur in the set @{term B} 
   9.363 -  *}
   9.364 +\<close>
   9.365  
   9.366  | Acc: "\<lbrakk>\<forall> vn. v \<noteq> LVar vn;
   9.367           Env\<turnstile> B \<guillemotright>\<langle>v\<rangle>\<guillemotright> A\<rbrakk>
   9.368 @@ -754,7 +754,7 @@
   9.369           \<Longrightarrow>  
   9.370           Env\<turnstile> B \<guillemotright>\<langle>{accC,statT,mode}e\<cdot>mn({pTs}args)\<rangle>\<guillemotright> A"
   9.371  
   9.372 --- {* The interplay of @{term Call}, @{term Methd} and @{term Body}:
   9.373 +\<comment> \<open>The interplay of @{term Call}, @{term Methd} and @{term Body}:
   9.374        Why rules for @{term Methd} and @{term Body} at all? Note that a
   9.375        Java source program will not include bare  @{term Methd} or @{term Body}
   9.376        terms. These terms are just introduced during evaluation. So definite
   9.377 @@ -774,7 +774,7 @@
   9.378        sub-evaluation during the type-safety proof. Note that well-typedness is
   9.379        also a precondition for type-safety and so we can omit some assertion 
   9.380        that are already ensured by well-typedness. 
   9.381 -   *}
   9.382 +\<close>
   9.383  | Methd: "\<lbrakk>methd (prg Env) D sig = Some m;
   9.384             Env\<turnstile> B \<guillemotright>\<langle>Body (declclass m) (stmt (mbody (mthd m)))\<rangle>\<guillemotright> A
   9.385            \<rbrakk>
   9.386 @@ -785,7 +785,7 @@
   9.387            nrm A = B; brk A = (\<lambda> l. UNIV)\<rbrakk>
   9.388           \<Longrightarrow>
   9.389           Env\<turnstile> B \<guillemotright>\<langle>Body D c\<rangle>\<guillemotright> A"
   9.390 --- {* Note that @{term A} is not correlated to  @{term C}. If the body
   9.391 +\<comment> \<open>Note that @{term A} is not correlated to  @{term C}. If the body
   9.392        statement returns abruptly with return, evaluation of  @{term Body}
   9.393        will absorb this return and complete normally. So we cannot trivially
   9.394        get the assigned variables of the body statement since it has not 
   9.395 @@ -797,7 +797,7 @@
   9.396        for a return the @{term Jump} rule ensures that the result variable is
   9.397        set and then this information must be carried over to the @{term Body}
   9.398        rule by the conformance predicate of the state.
   9.399 -   *}
   9.400 +\<close>
   9.401  | LVar: "Env\<turnstile> B \<guillemotright>\<langle>LVar vn\<rangle>\<guillemotright> \<lparr>nrm=B, brk=\<lambda> l. UNIV\<rparr>" 
   9.402  
   9.403  | FVar: "Env\<turnstile> B \<guillemotright>\<langle>e\<rangle>\<guillemotright> A 
   9.404 @@ -818,7 +818,7 @@
   9.405  declare inj_term_sym_simps [simp]
   9.406  declare assigns_if.simps [simp del]
   9.407  declare split_paired_All [simp del] split_paired_Ex [simp del]
   9.408 -setup {* map_theory_simpset (fn ctxt => ctxt delloop "split_all_tac") *}
   9.409 +setup \<open>map_theory_simpset (fn ctxt => ctxt delloop "split_all_tac")\<close>
   9.410  
   9.411  inductive_cases da_elim_cases [cases set]:
   9.412    "Env\<turnstile> B \<guillemotright>\<langle>Skip\<rangle>\<guillemotright> A" 
   9.413 @@ -884,7 +884,7 @@
   9.414  declare inj_term_sym_simps [simp del]
   9.415  declare assigns_if.simps [simp]
   9.416  declare split_paired_All [simp] split_paired_Ex [simp]
   9.417 -setup {* map_theory_simpset (fn ctxt => ctxt addloop ("split_all_tac", split_all_tac)) *}
   9.418 +setup \<open>map_theory_simpset (fn ctxt => ctxt addloop ("split_all_tac", split_all_tac))\<close>
   9.419  
   9.420  (* To be able to eliminate both the versions with the overloaded brackets: 
   9.421     (B \<guillemotright>\<langle>Skip\<rangle>\<guillemotright> A) and with the explicit constructor (B \<guillemotright>In1r Skip\<guillemotright> A), 
   9.422 @@ -956,7 +956,7 @@
   9.423      case (Cast T e)
   9.424      have "E\<turnstile>e\<Colon>- (PrimT Boolean)"
   9.425      proof -
   9.426 -      from `E\<turnstile>(Cast T e)\<Colon>- (PrimT Boolean)`
   9.427 +      from \<open>E\<turnstile>(Cast T e)\<Colon>- (PrimT Boolean)\<close>
   9.428        obtain Te where "E\<turnstile>e\<Colon>-Te"
   9.429                             "prg E\<turnstile>Te\<preceq>? PrimT Boolean"
   9.430          by cases simp
   9.431 @@ -986,10 +986,10 @@
   9.432        by - (cases binop, auto simp add: assignsE_const_simp)
   9.433    next
   9.434      case (Cond c e1 e2)
   9.435 -    note hyp_c = `?Boolean c \<Longrightarrow> ?Incl c`
   9.436 -    note hyp_e1 = `?Boolean e1 \<Longrightarrow> ?Incl e1`
   9.437 -    note hyp_e2 = `?Boolean e2 \<Longrightarrow> ?Incl e2`
   9.438 -    note wt = `E\<turnstile>(c ? e1 : e2)\<Colon>-PrimT Boolean`
   9.439 +    note hyp_c = \<open>?Boolean c \<Longrightarrow> ?Incl c\<close>
   9.440 +    note hyp_e1 = \<open>?Boolean e1 \<Longrightarrow> ?Incl e1\<close>
   9.441 +    note hyp_e2 = \<open>?Boolean e2 \<Longrightarrow> ?Incl e2\<close>
   9.442 +    note wt = \<open>E\<turnstile>(c ? e1 : e2)\<Colon>-PrimT Boolean\<close>
   9.443      then obtain
   9.444        boolean_c:  "E\<turnstile>c\<Colon>-PrimT Boolean" and
   9.445        boolean_e1: "E\<turnstile>e1\<Colon>-PrimT Boolean" and
   9.446 @@ -1067,10 +1067,10 @@
   9.447      show ?case by cases simp
   9.448    next
   9.449      case (Lab Env B c C A l B' A')
   9.450 -    note A = `nrm A = nrm C \<inter> brk C l` `brk A = rmlab l (brk C)`
   9.451 -    note `PROP ?Hyp Env B \<langle>c\<rangle> C`
   9.452 +    note A = \<open>nrm A = nrm C \<inter> brk C l\<close> \<open>brk A = rmlab l (brk C)\<close>
   9.453 +    note \<open>PROP ?Hyp Env B \<langle>c\<rangle> C\<close>
   9.454      moreover
   9.455 -    note `B \<subseteq> B'`
   9.456 +    note \<open>B \<subseteq> B'\<close>
   9.457      moreover
   9.458      obtain C'
   9.459        where "Env\<turnstile> B' \<guillemotright>\<langle>c\<rangle>\<guillemotright> C'"
   9.460 @@ -1093,19 +1093,19 @@
   9.461        by simp
   9.462    next
   9.463      case (Comp Env B c1 C1 c2 C2 A B' A')
   9.464 -    note A = `nrm A = nrm C2` `brk A = brk C1 \<Rightarrow>\<inter>  brk C2`
   9.465 -    from `Env\<turnstile> B' \<guillemotright>\<langle>c1;; c2\<rangle>\<guillemotright> A'`
   9.466 +    note A = \<open>nrm A = nrm C2\<close> \<open>brk A = brk C1 \<Rightarrow>\<inter>  brk C2\<close>
   9.467 +    from \<open>Env\<turnstile> B' \<guillemotright>\<langle>c1;; c2\<rangle>\<guillemotright> A'\<close>
   9.468      obtain  C1' C2'
   9.469        where da_c1: "Env\<turnstile> B' \<guillemotright>\<langle>c1\<rangle>\<guillemotright> C1'" and
   9.470              da_c2: "Env\<turnstile> nrm C1' \<guillemotright>\<langle>c2\<rangle>\<guillemotright> C2'"  and
   9.471              A': "nrm A' = nrm C2'" "brk A' = brk C1' \<Rightarrow>\<inter>  brk C2'"
   9.472        by cases auto
   9.473 -    note `PROP ?Hyp Env B \<langle>c1\<rangle> C1`
   9.474 -    moreover note `B \<subseteq> B'`
   9.475 +    note \<open>PROP ?Hyp Env B \<langle>c1\<rangle> C1\<close>
   9.476 +    moreover note \<open>B \<subseteq> B'\<close>
   9.477      moreover note da_c1
   9.478      ultimately have C1': "nrm C1 \<subseteq> nrm C1'" "(\<forall>l. brk C1 l \<subseteq> brk C1' l)"
   9.479        by auto
   9.480 -    note `PROP ?Hyp Env (nrm C1) \<langle>c2\<rangle> C2`
   9.481 +    note \<open>PROP ?Hyp Env (nrm C1) \<langle>c2\<rangle> C2\<close>
   9.482      with da_c2 C1' 
   9.483      have C2': "nrm C2 \<subseteq> nrm C2'" "(\<forall>l. brk C2 l \<subseteq> brk C2' l)"
   9.484        by auto
   9.485 @@ -1114,19 +1114,19 @@
   9.486        by auto
   9.487    next
   9.488      case (If Env B e E c1 C1 c2 C2 A B' A')
   9.489 -    note A = `nrm A = nrm C1 \<inter> nrm C2` `brk A = brk C1 \<Rightarrow>\<inter>  brk C2`
   9.490 -    from `Env\<turnstile> B' \<guillemotright>\<langle>If(e) c1 Else c2\<rangle>\<guillemotright> A'`
   9.491 +    note A = \<open>nrm A = nrm C1 \<inter> nrm C2\<close> \<open>brk A = brk C1 \<Rightarrow>\<inter>  brk C2\<close>
   9.492 +    from \<open>Env\<turnstile> B' \<guillemotright>\<langle>If(e) c1 Else c2\<rangle>\<guillemotright> A'\<close>
   9.493      obtain C1' C2'
   9.494        where da_c1: "Env\<turnstile> B' \<union> assigns_if True e \<guillemotright>\<langle>c1\<rangle>\<guillemotright> C1'" and
   9.495              da_c2: "Env\<turnstile> B' \<union> assigns_if False e \<guillemotright>\<langle>c2\<rangle>\<guillemotright> C2'" and
   9.496                 A': "nrm A' = nrm C1' \<inter> nrm C2'" "brk A' = brk C1' \<Rightarrow>\<inter>  brk C2'"
   9.497        by cases auto
   9.498 -    note `PROP ?Hyp Env (B \<union> assigns_if True e) \<langle>c1\<rangle> C1`
   9.499 -    moreover note B' = `B \<subseteq> B'`
   9.500 +    note \<open>PROP ?Hyp Env (B \<union> assigns_if True e) \<langle>c1\<rangle> C1\<close>
   9.501 +    moreover note B' = \<open>B \<subseteq> B'\<close>
   9.502      moreover note da_c1 
   9.503      ultimately obtain C1': "nrm C1 \<subseteq> nrm C1'" "(\<forall>l. brk C1 l \<subseteq> brk C1' l)"
   9.504        by blast
   9.505 -    note `PROP ?Hyp Env (B \<union> assigns_if False e) \<langle>c2\<rangle> C2`
   9.506 +    note \<open>PROP ?Hyp Env (B \<union> assigns_if False e) \<langle>c2\<rangle> C2\<close>
   9.507      with da_c2 B'
   9.508      obtain C2': "nrm C2 \<subseteq> nrm C2'" "(\<forall>l. brk C2 l \<subseteq> brk C2' l)"
   9.509        by blast
   9.510 @@ -1135,16 +1135,16 @@
   9.511        by auto
   9.512    next
   9.513      case (Loop Env B e E c C A l B' A')
   9.514 -    note A = `nrm A = nrm C \<inter> (B \<union> assigns_if False e)` `brk A = brk C`
   9.515 -    from `Env\<turnstile> B' \<guillemotright>\<langle>l\<bullet> While(e) c\<rangle>\<guillemotright> A'`
   9.516 +    note A = \<open>nrm A = nrm C \<inter> (B \<union> assigns_if False e)\<close> \<open>brk A = brk C\<close>
   9.517 +    from \<open>Env\<turnstile> B' \<guillemotright>\<langle>l\<bullet> While(e) c\<rangle>\<guillemotright> A'\<close>
   9.518      obtain C'
   9.519        where 
   9.520         da_c': "Env\<turnstile> B' \<union> assigns_if True e \<guillemotright>\<langle>c\<rangle>\<guillemotright> C'" and
   9.521            A': "nrm A' = nrm C' \<inter> (B' \<union> assigns_if False e)"
   9.522                "brk A' = brk C'" 
   9.523        by cases auto
   9.524 -    note `PROP ?Hyp Env (B \<union> assigns_if True e) \<langle>c\<rangle> C`
   9.525 -    moreover note B' = `B \<subseteq> B'`
   9.526 +    note \<open>PROP ?Hyp Env (B \<union> assigns_if True e) \<langle>c\<rangle> C\<close>
   9.527 +    moreover note B' = \<open>B \<subseteq> B'\<close>
   9.528      moreover note da_c'
   9.529      ultimately obtain C': "nrm C \<subseteq> nrm C'" "(\<forall>l. brk C l \<subseteq> brk C' l)"
   9.530        by blast
   9.531 @@ -1175,8 +1175,8 @@
   9.532      case Throw thus ?case by (elim da_elim_cases) auto
   9.533    next
   9.534      case (Try Env B c1 C1 vn C c2 C2 A B' A')
   9.535 -    note A = `nrm A = nrm C1 \<inter> nrm C2` `brk A = brk C1 \<Rightarrow>\<inter>  brk C2`
   9.536 -    from `Env\<turnstile> B' \<guillemotright>\<langle>Try c1 Catch(C vn) c2\<rangle>\<guillemotright> A'`
   9.537 +    note A = \<open>nrm A = nrm C1 \<inter> nrm C2\<close> \<open>brk A = brk C1 \<Rightarrow>\<inter>  brk C2\<close>
   9.538 +    from \<open>Env\<turnstile> B' \<guillemotright>\<langle>Try c1 Catch(C vn) c2\<rangle>\<guillemotright> A'\<close>
   9.539      obtain C1' C2'
   9.540        where da_c1': "Env\<turnstile> B' \<guillemotright>\<langle>c1\<rangle>\<guillemotright> C1'" and
   9.541              da_c2': "Env\<lparr>lcl := lcl Env(VName vn\<mapsto>Class C)\<rparr>\<turnstile> B' \<union> {VName vn} 
   9.542 @@ -1184,13 +1184,13 @@
   9.543              A': "nrm A' = nrm C1' \<inter> nrm C2'"
   9.544                  "brk A' = brk C1' \<Rightarrow>\<inter>  brk C2'" 
   9.545        by cases auto
   9.546 -    note `PROP ?Hyp Env B \<langle>c1\<rangle> C1`
   9.547 -    moreover note B' = `B \<subseteq> B'`
   9.548 +    note \<open>PROP ?Hyp Env B \<langle>c1\<rangle> C1\<close>
   9.549 +    moreover note B' = \<open>B \<subseteq> B'\<close>
   9.550      moreover note da_c1'
   9.551      ultimately obtain C1': "nrm C1 \<subseteq> nrm C1'" "(\<forall>l. brk C1 l \<subseteq> brk C1' l)"
   9.552        by blast
   9.553 -    note `PROP ?Hyp (Env\<lparr>lcl := lcl Env(VName vn\<mapsto>Class C)\<rparr>)
   9.554 -                    (B \<union> {VName vn}) \<langle>c2\<rangle> C2`
   9.555 +    note \<open>PROP ?Hyp (Env\<lparr>lcl := lcl Env(VName vn\<mapsto>Class C)\<rparr>)
   9.556 +                    (B \<union> {VName vn}) \<langle>c2\<rangle> C2\<close>
   9.557      with B' da_c2'
   9.558      obtain "nrm C2 \<subseteq> nrm C2'" "(\<forall>l. brk C2 l \<subseteq> brk C2' l)"
   9.559        by blast
   9.560 @@ -1199,21 +1199,21 @@
   9.561        by auto
   9.562    next
   9.563      case (Fin Env B c1 C1 c2 C2 A B' A')
   9.564 -    note A = `nrm A = nrm C1 \<union> nrm C2`
   9.565 -      `brk A = (brk C1 \<Rightarrow>\<union>\<^sub>\<forall> nrm C2) \<Rightarrow>\<inter> (brk C2)`
   9.566 -    from `Env\<turnstile> B' \<guillemotright>\<langle>c1 Finally c2\<rangle>\<guillemotright> A'`
   9.567 +    note A = \<open>nrm A = nrm C1 \<union> nrm C2\<close>
   9.568 +      \<open>brk A = (brk C1 \<Rightarrow>\<union>\<^sub>\<forall> nrm C2) \<Rightarrow>\<inter> (brk C2)\<close>
   9.569 +    from \<open>Env\<turnstile> B' \<guillemotright>\<langle>c1 Finally c2\<rangle>\<guillemotright> A'\<close>
   9.570      obtain C1' C2'
   9.571        where  da_c1': "Env\<turnstile> B' \<guillemotright>\<langle>c1\<rangle>\<guillemotright> C1'" and
   9.572               da_c2': "Env\<turnstile> B' \<guillemotright>\<langle>c2\<rangle>\<guillemotright> C2'" and
   9.573               A':  "nrm A' = nrm C1' \<union> nrm C2'"
   9.574                    "brk A' = (brk C1' \<Rightarrow>\<union>\<^sub>\<forall> nrm C2') \<Rightarrow>\<inter> (brk C2')"
   9.575        by cases auto
   9.576 -    note `PROP ?Hyp Env B \<langle>c1\<rangle> C1`
   9.577 -    moreover note B' = `B \<subseteq> B'`
   9.578 +    note \<open>PROP ?Hyp Env B \<langle>c1\<rangle> C1\<close>
   9.579 +    moreover note B' = \<open>B \<subseteq> B'\<close>
   9.580      moreover note da_c1'
   9.581      ultimately obtain C1': "nrm C1 \<subseteq> nrm C1'" "(\<forall>l. brk C1 l \<subseteq> brk C1' l)"
   9.582        by blast
   9.583 -    note hyp_c2 = `PROP ?Hyp Env B \<langle>c2\<rangle> C2`
   9.584 +    note hyp_c2 = \<open>PROP ?Hyp Env B \<langle>c2\<rangle> C2\<close>
   9.585      from da_c2' B' 
   9.586       obtain "nrm C2 \<subseteq> nrm C2'" "(\<forall>l. brk C2 l \<subseteq> brk C2' l)"
   9.587         by - (drule hyp_c2,auto)
   9.588 @@ -1236,17 +1236,17 @@
   9.589       case UnOp thus ?case by (elim da_elim_cases) auto
   9.590     next
   9.591       case (CondAnd Env B e1 E1 e2 E2 A B' A')
   9.592 -     note A = `nrm A = B \<union>
   9.593 +     note A = \<open>nrm A = B \<union>
   9.594                         assigns_if True (BinOp CondAnd e1 e2) \<inter>
   9.595 -                       assigns_if False (BinOp CondAnd e1 e2)`
   9.596 -             `brk A = (\<lambda>l. UNIV)`
   9.597 -     from `Env\<turnstile> B' \<guillemotright>\<langle>BinOp CondAnd e1 e2\<rangle>\<guillemotright> A'`
   9.598 +                       assigns_if False (BinOp CondAnd e1 e2)\<close>
   9.599 +             \<open>brk A = (\<lambda>l. UNIV)\<close>
   9.600 +     from \<open>Env\<turnstile> B' \<guillemotright>\<langle>BinOp CondAnd e1 e2\<rangle>\<guillemotright> A'\<close>
   9.601       obtain  A': "nrm A' = B' \<union>
   9.602                                   assigns_if True (BinOp CondAnd e1 e2) \<inter>
   9.603                                   assigns_if False (BinOp CondAnd e1 e2)"
   9.604                        "brk A' = (\<lambda>l. UNIV)" 
   9.605         by cases auto
   9.606 -     note B' = `B \<subseteq> B'`
   9.607 +     note B' = \<open>B \<subseteq> B'\<close>
   9.608       with A A' show ?case 
   9.609         by auto 
   9.610     next
   9.611 @@ -1265,13 +1265,13 @@
   9.612       case Ass thus ?case by (elim da_elim_cases) auto
   9.613     next
   9.614       case (CondBool Env c e1 e2 B C E1 E2 A B' A')
   9.615 -     note A = `nrm A = B \<union> 
   9.616 +     note A = \<open>nrm A = B \<union> 
   9.617                          assigns_if True (c ? e1 : e2) \<inter> 
   9.618 -                        assigns_if False (c ? e1 : e2)`
   9.619 -             `brk A = (\<lambda>l. UNIV)`
   9.620 -     note `Env\<turnstile> (c ? e1 : e2)\<Colon>- (PrimT Boolean)`
   9.621 +                        assigns_if False (c ? e1 : e2)\<close>
   9.622 +             \<open>brk A = (\<lambda>l. UNIV)\<close>
   9.623 +     note \<open>Env\<turnstile> (c ? e1 : e2)\<Colon>- (PrimT Boolean)\<close>
   9.624       moreover
   9.625 -     note `Env\<turnstile> B' \<guillemotright>\<langle>c ? e1 : e2\<rangle>\<guillemotright> A'`
   9.626 +     note \<open>Env\<turnstile> B' \<guillemotright>\<langle>c ? e1 : e2\<rangle>\<guillemotright> A'\<close>
   9.627       ultimately
   9.628       obtain A': "nrm A' = B' \<union> 
   9.629                                    assigns_if True (c ? e1 : e2) \<inter> 
   9.630 @@ -1279,14 +1279,14 @@
   9.631                       "brk A' = (\<lambda>l. UNIV)"
   9.632         by (elim da_elim_cases) (auto simp add: inj_term_simps) 
   9.633         (* inj_term_simps needed to handle wt (defined without \<langle>\<rangle>) *)
   9.634 -     note B' = `B \<subseteq> B'`
   9.635 +     note B' = \<open>B \<subseteq> B'\<close>
   9.636       with A A' show ?case 
   9.637         by auto 
   9.638     next
   9.639       case (Cond Env c e1 e2 B C E1 E2 A B' A')  
   9.640 -     note A = `nrm A = nrm E1 \<inter> nrm E2` `brk A = (\<lambda>l. UNIV)`
   9.641 -     note not_bool = `\<not> Env\<turnstile> (c ? e1 : e2)\<Colon>- (PrimT Boolean)`
   9.642 -     from `Env\<turnstile> B' \<guillemotright>\<langle>c ? e1 : e2\<rangle>\<guillemotright> A'`
   9.643 +     note A = \<open>nrm A = nrm E1 \<inter> nrm E2\<close> \<open>brk A = (\<lambda>l. UNIV)\<close>
   9.644 +     note not_bool = \<open>\<not> Env\<turnstile> (c ? e1 : e2)\<Colon>- (PrimT Boolean)\<close>
   9.645 +     from \<open>Env\<turnstile> B' \<guillemotright>\<langle>c ? e1 : e2\<rangle>\<guillemotright> A'\<close>
   9.646       obtain E1' E2'
   9.647         where da_e1': "Env\<turnstile> B' \<union> assigns_if True c \<guillemotright>\<langle>e1\<rangle>\<guillemotright> E1'" and
   9.648               da_e2': "Env\<turnstile> B' \<union> assigns_if False c \<guillemotright>\<langle>e2\<rangle>\<guillemotright> E2'" and
   9.649 @@ -1295,12 +1295,12 @@
   9.650         using not_bool
   9.651         by (elim da_elim_cases) (auto simp add: inj_term_simps)
   9.652         (* inj_term_simps needed to handle wt (defined without \<langle>\<rangle>) *)
   9.653 -     note `PROP ?Hyp Env (B \<union> assigns_if True c) \<langle>e1\<rangle> E1`
   9.654 -     moreover note B' = `B \<subseteq> B'`
   9.655 +     note \<open>PROP ?Hyp Env (B \<union> assigns_if True c) \<langle>e1\<rangle> E1\<close>
   9.656 +     moreover note B' = \<open>B \<subseteq> B'\<close>
   9.657       moreover note da_e1'
   9.658       ultimately obtain E1': "nrm E1 \<subseteq> nrm E1'" "(\<forall>l. brk E1 l \<subseteq> brk E1' l)"
   9.659         by blast
   9.660 -     note `PROP ?Hyp Env (B \<union> assigns_if False c) \<langle>e2\<rangle> E2`
   9.661 +     note \<open>PROP ?Hyp Env (B \<union> assigns_if False c) \<langle>e2\<rangle> E2\<close>
   9.662       with B' da_e2'
   9.663       obtain "nrm E2 \<subseteq> nrm E2'" "(\<forall>l. brk E2 l \<subseteq> brk E2' l)"
   9.664         by blast
   9.665 @@ -1326,7 +1326,7 @@
   9.666    next
   9.667      case Cons thus ?case by (elim da_elim_cases) auto
   9.668    qed
   9.669 -  from this [OF da' `B \<subseteq> B'`] show ?thesis .
   9.670 +  from this [OF da' \<open>B \<subseteq> B'\<close>] show ?thesis .
   9.671  qed
   9.672    
   9.673  lemma da_weaken:     
   9.674 @@ -1342,9 +1342,9 @@
   9.675      case Expr thus ?case by (iprover intro: da.Expr)
   9.676    next
   9.677      case (Lab Env B c C A l B')  
   9.678 -    note `PROP ?Hyp Env B \<langle>c\<rangle>`
   9.679 +    note \<open>PROP ?Hyp Env B \<langle>c\<rangle>\<close>
   9.680      moreover
   9.681 -    note B' = `B \<subseteq> B'`
   9.682 +    note B' = \<open>B \<subseteq> B'\<close>
   9.683      ultimately obtain C' where "Env\<turnstile> B' \<guillemotright>\<langle>c\<rangle>\<guillemotright> C'"
   9.684        by iprover
   9.685      then obtain A' where "Env\<turnstile> B' \<guillemotright>\<langle>Break l\<bullet> c\<rangle>\<guillemotright> A'"
   9.686 @@ -1352,10 +1352,10 @@
   9.687      thus ?case ..
   9.688    next
   9.689      case (Comp Env B c1 C1 c2 C2 A B')
   9.690 -    note da_c1 = `Env\<turnstile> B \<guillemotright>\<langle>c1\<rangle>\<guillemotright> C1`
   9.691 -    note `PROP ?Hyp Env B \<langle>c1\<rangle>`
   9.692 +    note da_c1 = \<open>Env\<turnstile> B \<guillemotright>\<langle>c1\<rangle>\<guillemotright> C1\<close>
   9.693 +    note \<open>PROP ?Hyp Env B \<langle>c1\<rangle>\<close>
   9.694      moreover
   9.695 -    note B' = `B \<subseteq> B'`
   9.696 +    note B' = \<open>B \<subseteq> B'\<close>
   9.697      ultimately obtain C1' where da_c1': "Env\<turnstile> B' \<guillemotright>\<langle>c1\<rangle>\<guillemotright> C1'"
   9.698        by iprover
   9.699      with da_c1 B'
   9.700 @@ -1363,7 +1363,7 @@
   9.701        "nrm C1 \<subseteq> nrm C1'"
   9.702        by (rule da_monotone [elim_format]) simp
   9.703      moreover
   9.704 -    note `PROP ?Hyp Env (nrm C1) \<langle>c2\<rangle>`
   9.705 +    note \<open>PROP ?Hyp Env (nrm C1) \<langle>c2\<rangle>\<close>
   9.706      ultimately obtain C2' where "Env\<turnstile> nrm C1' \<guillemotright>\<langle>c2\<rangle>\<guillemotright> C2'"
   9.707        by iprover
   9.708      with da_c1' obtain A' where "Env\<turnstile> B' \<guillemotright>\<langle>c1;; c2\<rangle>\<guillemotright> A'"
   9.709 @@ -1371,7 +1371,7 @@
   9.710      thus ?case ..
   9.711    next
   9.712      case (If Env B e E c1 C1 c2 C2 A B')
   9.713 -    note B' = `B \<subseteq> B'`
   9.714 +    note B' = \<open>B \<subseteq> B'\<close>
   9.715      obtain  E' where "Env\<turnstile> B' \<guillemotright>\<langle>e\<rangle>\<guillemotright> E'"
   9.716      proof -
   9.717        have "PROP ?Hyp Env B \<langle>e\<rangle>" by (rule If.hyps)
   9.718 @@ -1405,7 +1405,7 @@
   9.719      thus ?case ..
   9.720    next  
   9.721      case (Loop Env B e E c C A l B')
   9.722 -    note B' = `B \<subseteq> B'`
   9.723 +    note B' = \<open>B \<subseteq> B'\<close>
   9.724      obtain E' where "Env\<turnstile> B' \<guillemotright>\<langle>e\<rangle>\<guillemotright> E'"
   9.725      proof -
   9.726        have "PROP ?Hyp Env B \<langle>e\<rangle>" by (rule Loop.hyps)
   9.727 @@ -1429,7 +1429,7 @@
   9.728      thus ?case ..
   9.729    next
   9.730      case (Jmp jump B A Env B') 
   9.731 -    note B' = `B \<subseteq> B'`
   9.732 +    note B' = \<open>B \<subseteq> B'\<close>
   9.733      with Jmp.hyps have "jump = Ret \<longrightarrow> Result \<in> B' "
   9.734        by auto
   9.735      moreover
   9.736 @@ -1448,7 +1448,7 @@
   9.737      case Throw thus ?case by (iprover intro: da.Throw )
   9.738    next
   9.739      case (Try Env B c1 C1 vn C c2 C2 A B')
   9.740 -    note B' = `B \<subseteq> B'`
   9.741 +    note B' = \<open>B \<subseteq> B'\<close>
   9.742      obtain C1' where "Env\<turnstile> B' \<guillemotright>\<langle>c1\<rangle>\<guillemotright> C1'"
   9.743      proof -
   9.744        have "PROP ?Hyp Env B \<langle>c1\<rangle>" by (rule Try.hyps)
   9.745 @@ -1473,7 +1473,7 @@
   9.746      thus ?case ..
   9.747    next
   9.748      case (Fin Env B c1 C1 c2 C2 A B')
   9.749 -    note B' = `B \<subseteq> B'`
   9.750 +    note B' = \<open>B \<subseteq> B'\<close>
   9.751      obtain C1' where C1': "Env\<turnstile> B' \<guillemotright>\<langle>c1\<rangle>\<guillemotright> C1'"
   9.752      proof -
   9.753        have "PROP ?Hyp Env B \<langle>c1\<rangle>" by (rule Fin.hyps)
   9.754 @@ -1507,7 +1507,7 @@
   9.755      case UnOp thus ?case by (iprover intro: da.UnOp)
   9.756    next
   9.757      case (CondAnd Env B e1 E1 e2 E2 A B')
   9.758 -    note B' = `B \<subseteq> B'`
   9.759 +    note B' = \<open>B \<subseteq> B'\<close>
   9.760      obtain E1' where "Env\<turnstile> B' \<guillemotright>\<langle>e1\<rangle>\<guillemotright> E1'"
   9.761      proof -
   9.762        have "PROP ?Hyp Env B \<langle>e1\<rangle>" by (rule CondAnd.hyps)
   9.763 @@ -1529,7 +1529,7 @@
   9.764      thus ?case ..
   9.765    next
   9.766      case (CondOr Env B e1 E1 e2 E2 A B')
   9.767 -    note B' = `B \<subseteq> B'`
   9.768 +    note B' = \<open>B \<subseteq> B'\<close>
   9.769      obtain E1' where "Env\<turnstile> B' \<guillemotright>\<langle>e1\<rangle>\<guillemotright> E1'"
   9.770      proof -
   9.771        have "PROP ?Hyp Env B \<langle>e1\<rangle>" by (rule CondOr.hyps)
   9.772 @@ -1551,7 +1551,7 @@
   9.773      thus ?case ..
   9.774    next
   9.775      case (BinOp Env B e1 E1 e2 A binop B')
   9.776 -    note B' = `B \<subseteq> B'`
   9.777 +    note B' = \<open>B \<subseteq> B'\<close>
   9.778      obtain E1' where E1': "Env\<turnstile> B' \<guillemotright>\<langle>e1\<rangle>\<guillemotright> E1'"
   9.779      proof -
   9.780        have "PROP ?Hyp Env B \<langle>e1\<rangle>" by (rule BinOp.hyps)
   9.781 @@ -1575,22 +1575,22 @@
   9.782      thus ?case ..
   9.783    next
   9.784      case (Super B Env B')
   9.785 -    note B' = `B \<subseteq> B'`
   9.786 +    note B' = \<open>B \<subseteq> B'\<close>
   9.787      with Super.hyps have "This \<in> B'"
   9.788        by auto
   9.789      thus ?case by (iprover intro: da.Super)
   9.790    next
   9.791      case (AccLVar vn B A Env B')
   9.792 -    note `vn \<in> B`
   9.793 +    note \<open>vn \<in> B\<close>
   9.794      moreover
   9.795 -    note `B \<subseteq> B'`
   9.796 +    note \<open>B \<subseteq> B'\<close>
   9.797      ultimately have "vn \<in> B'" by auto
   9.798      thus ?case by (iprover intro: da.AccLVar)
   9.799    next
   9.800      case Acc thus ?case by (iprover intro: da.Acc)
   9.801    next 
   9.802      case (AssLVar Env B e E A vn B')
   9.803 -    note B' = `B \<subseteq> B'`
   9.804 +    note B' = \<open>B \<subseteq> B'\<close>
   9.805      then obtain E' where "Env\<turnstile> B' \<guillemotright>\<langle>e\<rangle>\<guillemotright> E'"
   9.806        by (rule AssLVar.hyps [elim_format]) iprover
   9.807      then obtain A' where  
   9.808 @@ -1599,8 +1599,8 @@
   9.809      thus ?case ..
   9.810    next
   9.811      case (Ass v Env B V e A B') 
   9.812 -    note B' = `B \<subseteq> B'`
   9.813 -    note `\<forall>vn. v \<noteq> LVar vn`
   9.814 +    note B' = \<open>B \<subseteq> B'\<close>
   9.815 +    note \<open>\<forall>vn. v \<noteq> LVar vn\<close>
   9.816      moreover
   9.817      obtain V' where V': "Env\<turnstile> B' \<guillemotright>\<langle>v\<rangle>\<guillemotright> V'"
   9.818      proof -
   9.819 @@ -1625,8 +1625,8 @@
   9.820      thus ?case ..
   9.821    next
   9.822      case (CondBool Env c e1 e2 B C E1 E2 A B')
   9.823 -    note B' = `B \<subseteq> B'`
   9.824 -    note `Env\<turnstile>(c ? e1 : e2)\<Colon>-(PrimT Boolean)`
   9.825 +    note B' = \<open>B \<subseteq> B'\<close>
   9.826 +    note \<open>Env\<turnstile>(c ? e1 : e2)\<Colon>-(PrimT Boolean)\<close>
   9.827      moreover obtain C' where C': "Env\<turnstile> B' \<guillemotright>\<langle>c\<rangle>\<guillemotright> C'"
   9.828      proof -
   9.829        have "PROP ?Hyp Env B \<langle>c\<rangle>" by (rule CondBool.hyps)
   9.830 @@ -1661,8 +1661,8 @@
   9.831      thus ?case ..
   9.832    next
   9.833      case (Cond Env c e1 e2 B C E1 E2 A B')
   9.834 -    note B' = `B \<subseteq> B'`
   9.835 -    note `\<not> Env\<turnstile>(c ? e1 : e2)\<Colon>-(PrimT Boolean)`
   9.836 +    note B' = \<open>B \<subseteq> B'\<close>
   9.837 +    note \<open>\<not> Env\<turnstile>(c ? e1 : e2)\<Colon>-(PrimT Boolean)\<close>
   9.838      moreover obtain C' where C': "Env\<turnstile> B' \<guillemotright>\<langle>c\<rangle>\<guillemotright> C'"
   9.839      proof -
   9.840        have "PROP ?Hyp Env B \<langle>c\<rangle>" by (rule Cond.hyps)
   9.841 @@ -1697,7 +1697,7 @@
   9.842      thus ?case ..
   9.843    next
   9.844      case (Call Env B e E args A accC statT mode mn pTs B')
   9.845 -    note B' = `B \<subseteq> B'`
   9.846 +    note B' = \<open>B \<subseteq> B'\<close>
   9.847      obtain E' where E': "Env\<turnstile> B' \<guillemotright>\<langle>e\<rangle>\<guillemotright> E'"
   9.848      proof -
   9.849        have "PROP ?Hyp Env B \<langle>e\<rangle>" by (rule Call.hyps)
   9.850 @@ -1723,7 +1723,7 @@
   9.851      case Methd thus ?case by (iprover intro: da.Methd)
   9.852    next
   9.853      case (Body Env B c C A D B')  
   9.854 -    note B' = `B \<subseteq> B'`
   9.855 +    note B' = \<open>B \<subseteq> B'\<close>
   9.856      obtain C' where C': "Env\<turnstile> B' \<guillemotright>\<langle>c\<rangle>\<guillemotright> C'" and nrm_C': "nrm C \<subseteq> nrm C'"
   9.857      proof -
   9.858        have "Env\<turnstile> B \<guillemotright>\<langle>c\<rangle>\<guillemotright> C" by (rule Body.hyps)
   9.859 @@ -1737,10 +1737,10 @@
   9.860        with da_c that show ?thesis by iprover
   9.861      qed
   9.862      moreover 
   9.863 -    note `Result \<in> nrm C`
   9.864 +    note \<open>Result \<in> nrm C\<close>
   9.865      with nrm_C' have "Result \<in> nrm C'"
   9.866        by blast
   9.867 -    moreover note `jumpNestingOkS {Ret} c`
   9.868 +    moreover note \<open>jumpNestingOkS {Ret} c\<close>
   9.869      ultimately obtain A' where
   9.870        "Env\<turnstile> B' \<guillemotright>\<langle>Body D c\<rangle>\<guillemotright> A'"
   9.871        by (iprover intro: da.Body)
   9.872 @@ -1751,7 +1751,7 @@
   9.873      case FVar thus ?case by (iprover intro: da.FVar)
   9.874    next
   9.875      case (AVar Env B e1 E1 e2 A B')
   9.876 -    note B' = `B \<subseteq> B'`
   9.877 +    note B' = \<open>B \<subseteq> B'\<close>
   9.878      obtain E1' where E1': "Env\<turnstile> B' \<guillemotright>\<langle>e1\<rangle>\<guillemotright> E1'"
   9.879      proof -
   9.880        have "PROP ?Hyp Env B \<langle>e1\<rangle>" by (rule AVar.hyps)
   9.881 @@ -1777,7 +1777,7 @@
   9.882      case Nil thus ?case by (iprover intro: da.Nil)
   9.883    next
   9.884      case (Cons Env B e E es A B')
   9.885 -    note B' = `B \<subseteq> B'`
   9.886 +    note B' = \<open>B \<subseteq> B'\<close>
   9.887      obtain E' where E': "Env\<turnstile> B' \<guillemotright>\<langle>e\<rangle>\<guillemotright> E'"
   9.888      proof -
   9.889        have "PROP ?Hyp Env B \<langle>e\<rangle>" by (rule Cons.hyps)
   9.890 @@ -1800,7 +1800,7 @@
   9.891        by (iprover intro: da.Cons)
   9.892      thus ?case ..
   9.893    qed
   9.894 -  from this [OF `B \<subseteq> B'`] show ?thesis .
   9.895 +  from this [OF \<open>B \<subseteq> B'\<close>] show ?thesis .
   9.896  qed
   9.897  
   9.898  (* Remarks about the proof style:
    10.1 --- a/src/HOL/Bali/DefiniteAssignmentCorrect.thy	Sat Jan 02 18:46:36 2016 +0100
    10.2 +++ b/src/HOL/Bali/DefiniteAssignmentCorrect.thy	Sat Jan 02 18:48:45 2016 +0100
    10.3 @@ -1,4 +1,4 @@
    10.4 -subsection {* Correctness of Definite Assignment *}
    10.5 +subsection \<open>Correctness of Definite Assignment\<close>
    10.6  
    10.7  theory DefiniteAssignmentCorrect imports WellForm Eval begin
    10.8  
    10.9 @@ -104,8 +104,8 @@
   10.10         "\<And> jmps' jmps. \<lbrakk>jumpNestingOkS jmps' c; jmps' \<subseteq> jmps\<rbrakk> \<Longrightarrow> jumpNestingOkS jmps c" 
   10.11    proof (induct rule: var.induct expr.induct stmt.induct)
   10.12      case (Lab j c jmps' jmps)
   10.13 -    note jmpOk = `jumpNestingOkS jmps' (j\<bullet> c)`
   10.14 -    note jmps = `jmps' \<subseteq> jmps`
   10.15 +    note jmpOk = \<open>jumpNestingOkS jmps' (j\<bullet> c)\<close>
   10.16 +    note jmps = \<open>jmps' \<subseteq> jmps\<close>
   10.17      with jmpOk have "jumpNestingOkS ({j} \<union> jmps') c" by simp
   10.18      moreover from jmps have "({j} \<union> jmps') \<subseteq> ({j} \<union> jmps)" by auto
   10.19      ultimately
   10.20 @@ -135,10 +135,10 @@
   10.21        by simp
   10.22    next
   10.23      case (Loop l e c jmps' jmps)
   10.24 -    from `jumpNestingOkS jmps' (l\<bullet> While(e) c)`
   10.25 +    from \<open>jumpNestingOkS jmps' (l\<bullet> While(e) c)\<close>
   10.26      have "jumpNestingOkS ({Cont l} \<union> jmps') c" by simp
   10.27      moreover
   10.28 -    from `jmps' \<subseteq> jmps`
   10.29 +    from \<open>jmps' \<subseteq> jmps\<close>
   10.30      have "{Cont l} \<union> jmps'  \<subseteq> {Cont l} \<union> jmps" by auto
   10.31      ultimately
   10.32      have "jumpNestingOkS ({Cont l} \<union> jmps) c"
   10.33 @@ -240,7 +240,7 @@
   10.34  by (cases s) (simp add: avar_def2 abrupt_if_def)
   10.35  
   10.36  
   10.37 -text {* 
   10.38 +text \<open>
   10.39  The next theorem expresses: If jumps (breaks, continues, returns) are nested
   10.40  correctly, we won't find an unexpected jump in the result state of the 
   10.41  evaluation. For exeample, a break can't leave its enclosing loop, an return
   10.42 @@ -266,7 +266,7 @@
   10.43  
   10.44  The wellformedness of the program is used to enshure that for all
   10.45  classinitialisations and methods the nesting of jumps is wellformed, too.
   10.46 -*}  
   10.47 +\<close>  
   10.48  theorem jumpNestingOk_eval:
   10.49    assumes eval: "G\<turnstile> s0 \<midarrow>t\<succ>\<rightarrow> (v,s1)"
   10.50       and jmpOk: "jumpNestingOk jmps t" 
   10.51 @@ -287,19 +287,19 @@
   10.52         (\<forall> jmps T Env. 
   10.53            ?Jmp jmps s0 \<longrightarrow> jumpNestingOk jmps t \<longrightarrow> Env\<turnstile>t\<Colon>T \<longrightarrow> prg Env=G\<longrightarrow>
   10.54            ?Jmp jmps s1 \<and> ?Upd v s1)"
   10.55 -  -- {* Variable @{text ?HypObj} is the following goal spelled in terms of
   10.56 +  \<comment> \<open>Variable \<open>?HypObj\<close> is the following goal spelled in terms of
   10.57          the object logic, instead of the meta logic. It is needed in some
   10.58          cases of the induction were, the atomize-rulify process of induct 
   10.59          does not work fine, because the eval rules mix up object and meta
   10.60 -        logic. See for example the case for the loop. *} 
   10.61 +        logic. See for example the case for the loop.\<close> 
   10.62    from eval 
   10.63    have "\<And> jmps T Env. \<lbrakk>?Jmp jmps s0; jumpNestingOk jmps t; Env\<turnstile>t\<Colon>T;prg Env=G\<rbrakk>
   10.64              \<Longrightarrow> ?Jmp jmps s1 \<and> ?Upd v s1" 
   10.65          (is "PROP ?Hyp t s0 s1 v")
   10.66 -  -- {* We need to abstract over @{term jmps} since @{term jmps} are extended
   10.67 +  \<comment> \<open>We need to abstract over @{term jmps} since @{term jmps} are extended
   10.68          during analysis of @{term Lab}. Also we need to abstract over 
   10.69          @{term T} and @{term Env} since they are altered in various
   10.70 -        typing judgements. *}    
   10.71 +        typing judgements.\<close>    
   10.72    proof (induct)   
   10.73      case Abrupt thus ?case by simp 
   10.74    next
   10.75 @@ -308,8 +308,8 @@
   10.76      case Expr thus ?case by (elim wt_elim_cases) simp
   10.77    next
   10.78      case (Lab s0 c s1 jmp jmps T Env) 
   10.79 -    note jmpOK = `jumpNestingOk jmps (In1r (jmp\<bullet> c))`
   10.80 -    note G = `prg Env = G`
   10.81 +    note jmpOK = \<open>jumpNestingOk jmps (In1r (jmp\<bullet> c))\<close>
   10.82 +    note G = \<open>prg Env = G\<close>
   10.83      have wt_c: "Env\<turnstile>c\<Colon>\<surd>" 
   10.84        using Lab.prems by (elim wt_elim_cases)
   10.85      { 
   10.86 @@ -319,7 +319,7 @@
   10.87        proof -
   10.88          from ab_s1 have jmp_s1: "abrupt s1 = Some (Jump j)"
   10.89            by (cases s1) (simp add: absorb_def)
   10.90 -        note hyp_c = `PROP ?Hyp (In1r c) (Norm s0) s1 \<diamondsuit>`
   10.91 +        note hyp_c = \<open>PROP ?Hyp (In1r c) (Norm s0) s1 \<diamondsuit>\<close>
   10.92          from ab_s1 have "j \<noteq> jmp" 
   10.93            by (cases s1) (simp add: absorb_def)
   10.94          moreover have "j \<in> {jmp} \<union> jmps"
   10.95 @@ -337,8 +337,8 @@
   10.96      thus ?case by simp
   10.97    next
   10.98      case (Comp s0 c1 s1 c2 s2 jmps T Env)
   10.99 -    note jmpOk = `jumpNestingOk jmps (In1r (c1;; c2))`
  10.100 -    note G = `prg Env = G`
  10.101 +    note jmpOk = \<open>jumpNestingOk jmps (In1r (c1;; c2))\<close>
  10.102 +    note G = \<open>prg Env = G\<close>
  10.103      from Comp.prems obtain
  10.104        wt_c1: "Env\<turnstile>c1\<Colon>\<surd>" and wt_c2: "Env\<turnstile>c2\<Colon>\<surd>"
  10.105        by (elim wt_elim_cases)
  10.106 @@ -349,11 +349,11 @@
  10.107        proof -
  10.108          have jmp: "?Jmp jmps s1"
  10.109          proof -
  10.110 -          note hyp_c1 = `PROP ?Hyp (In1r c1) (Norm s0) s1 \<diamondsuit>`
  10.111 +          note hyp_c1 = \<open>PROP ?Hyp (In1r c1) (Norm s0) s1 \<diamondsuit>\<close>
  10.112            with wt_c1 jmpOk G 
  10.113            show ?thesis by simp
  10.114          qed
  10.115 -        moreover note hyp_c2 = `PROP ?Hyp (In1r c2) s1 s2 (\<diamondsuit>::vals)`
  10.116 +        moreover note hyp_c2 = \<open>PROP ?Hyp (In1r c2) s1 s2 (\<diamondsuit>::vals)\<close>
  10.117          have jmpOk': "jumpNestingOk jmps (In1r c2)" using jmpOk by simp
  10.118          moreover note wt_c2 G abr_s2
  10.119          ultimately show "j \<in> jmps"
  10.120 @@ -362,8 +362,8 @@
  10.121      } thus ?case by simp
  10.122    next
  10.123      case (If s0 e b s1 c1 c2 s2 jmps T Env)
  10.124 -    note jmpOk = `jumpNestingOk jmps (In1r (If(e) c1 Else c2))`
  10.125 -    note G = `prg Env = G`
  10.126 +    note jmpOk = \<open>jumpNestingOk jmps (In1r (If(e) c1 Else c2))\<close>
  10.127 +    note G = \<open>prg Env = G\<close>
  10.128      from If.prems obtain 
  10.129                wt_e: "Env\<turnstile>e\<Colon>-PrimT Boolean" and 
  10.130        wt_then_else: "Env\<turnstile>(if the_Bool b then c1 else c2)\<Colon>\<surd>"
  10.131 @@ -373,11 +373,11 @@
  10.132        assume jmp: "abrupt s2 = Some (Jump j)"
  10.133        have "j\<in>jmps"
  10.134        proof -
  10.135 -        note `PROP ?Hyp (In1l e) (Norm s0) s1 (In1 b)`
  10.136 +        note \<open>PROP ?Hyp (In1l e) (Norm s0) s1 (In1 b)\<close>
  10.137          with wt_e G have "?Jmp jmps s1" 
  10.138            by simp
  10.139          moreover note hyp_then_else =
  10.140 -          `PROP ?Hyp (In1r (if the_Bool b then c1 else c2)) s1 s2 \<diamondsuit>`
  10.141 +          \<open>PROP ?Hyp (In1r (if the_Bool b then c1 else c2)) s1 s2 \<diamondsuit>\<close>
  10.142          have "jumpNestingOk jmps (In1r (if the_Bool b then c1 else c2))"
  10.143            using jmpOk by (cases "the_Bool b") simp_all
  10.144          moreover note wt_then_else G jmp
  10.145 @@ -388,9 +388,9 @@
  10.146      thus ?case by simp
  10.147    next
  10.148      case (Loop s0 e b s1 c s2 l s3 jmps T Env)
  10.149 -    note jmpOk = `jumpNestingOk jmps (In1r (l\<bullet> While(e) c))`
  10.150 -    note G = `prg Env = G`
  10.151 -    note wt = `Env\<turnstile>In1r (l\<bullet> While(e) c)\<Colon>T`
  10.152 +    note jmpOk = \<open>jumpNestingOk jmps (In1r (l\<bullet> While(e) c))\<close>
  10.153 +    note G = \<open>prg Env = G\<close>
  10.154 +    note wt = \<open>Env\<turnstile>In1r (l\<bullet> While(e) c)\<Colon>T\<close>
  10.155      then obtain 
  10.156                wt_e: "Env\<turnstile>e\<Colon>-PrimT Boolean" and 
  10.157                wt_c: "Env\<turnstile>c\<Colon>\<surd>"
  10.158 @@ -400,7 +400,7 @@
  10.159        assume jmp: "abrupt s3 = Some (Jump j)" 
  10.160        have "j\<in>jmps"
  10.161        proof -
  10.162 -        note `PROP ?Hyp (In1l e) (Norm s0) s1 (In1 b)`
  10.163 +        note \<open>PROP ?Hyp (In1l e) (Norm s0) s1 (In1 b)\<close>
  10.164          with wt_e G have jmp_s1: "?Jmp jmps s1" 
  10.165            by simp
  10.166          show ?thesis
  10.167 @@ -468,8 +468,8 @@
  10.168      case (Jmp s j jmps T Env) thus ?case by simp
  10.169    next
  10.170      case (Throw s0 e a s1 jmps T Env)
  10.171 -    note jmpOk = `jumpNestingOk jmps (In1r (Throw e))`
  10.172 -    note G = `prg Env = G`
  10.173 +    note jmpOk = \<open>jumpNestingOk jmps (In1r (Throw e))\<close>
  10.174 +    note G = \<open>prg Env = G\<close>
  10.175      from Throw.prems obtain Te where 
  10.176        wt_e: "Env\<turnstile>e\<Colon>-Te" 
  10.177        by (elim wt_elim_cases)
  10.178 @@ -478,7 +478,7 @@
  10.179        assume jmp: "abrupt (abupd (throw a) s1) = Some (Jump j)"
  10.180        have "j\<in>jmps"
  10.181        proof -
  10.182 -        from `PROP ?Hyp (In1l e) (Norm s0) s1 (In1 a)`
  10.183 +        from \<open>PROP ?Hyp (In1l e) (Norm s0) s1 (In1 a)\<close>
  10.184          have "?Jmp jmps s1" using wt_e G by simp
  10.185          moreover
  10.186          from jmp 
  10.187 @@ -490,8 +490,8 @@
  10.188      thus ?case by simp
  10.189    next
  10.190      case (Try s0 c1 s1 s2 C vn c2 s3 jmps T Env)
  10.191 -    note jmpOk = `jumpNestingOk jmps (In1r (Try c1 Catch(C vn) c2))`
  10.192 -    note G = `prg Env = G`
  10.193 +    note jmpOk = \<open>jumpNestingOk jmps (In1r (Try c1 Catch(C vn) c2))\<close>
  10.194 +    note G = \<open>prg Env = G\<close>
  10.195      from Try.prems obtain 
  10.196        wt_c1: "Env\<turnstile>c1\<Colon>\<surd>" and  
  10.197        wt_c2: "Env\<lparr>lcl := lcl Env(VName vn\<mapsto>Class C)\<rparr>\<turnstile>c2\<Colon>\<surd>"
  10.198 @@ -501,10 +501,10 @@
  10.199        assume jmp: "abrupt s3 = Some (Jump j)"
  10.200        have "j\<in>jmps"
  10.201        proof -
  10.202 -        note `PROP ?Hyp (In1r c1) (Norm s0) s1 (\<diamondsuit>::vals)`
  10.203 +        note \<open>PROP ?Hyp (In1r c1) (Norm s0) s1 (\<diamondsuit>::vals)\<close>
  10.204          with jmpOk wt_c1 G
  10.205          have jmp_s1: "?Jmp jmps s1" by simp
  10.206 -        note s2 = `G\<turnstile>s1 \<midarrow>sxalloc\<rightarrow> s2`
  10.207 +        note s2 = \<open>G\<turnstile>s1 \<midarrow>sxalloc\<rightarrow> s2\<close>
  10.208          show "j \<in> jmps"
  10.209          proof (cases "G,s2\<turnstile>catch C")
  10.210            case False
  10.211 @@ -542,8 +542,8 @@
  10.212      thus ?case by simp
  10.213    next
  10.214      case (Fin s0 c1 x1 s1 c2 s2 s3 jmps T Env)
  10.215 -    note jmpOk = `jumpNestingOk jmps (In1r (c1 Finally c2))`
  10.216 -    note G = `prg Env = G`
  10.217 +    note jmpOk = \<open>jumpNestingOk jmps (In1r (c1 Finally c2))\<close>
  10.218 +    note G = \<open>prg Env = G\<close>
  10.219      from Fin.prems obtain 
  10.220        wt_c1: "Env\<turnstile>c1\<Colon>\<surd>" and wt_c2: "Env\<turnstile>c2\<Colon>\<surd>"
  10.221        by (elim wt_elim_cases)
  10.222 @@ -553,14 +553,14 @@
  10.223        have "j \<in> jmps"
  10.224        proof (cases "x1=Some (Jump j)")
  10.225          case True
  10.226 -        note hyp_c1 = `PROP ?Hyp (In1r c1) (Norm s0) (x1,s1) \<diamondsuit>`
  10.227 +        note hyp_c1 = \<open>PROP ?Hyp (In1r c1) (Norm s0) (x1,s1) \<diamondsuit>\<close>
  10.228          with True jmpOk wt_c1 G show ?thesis 
  10.229            by - (rule hyp_c1 [THEN conjunct1,rule_format (no_asm)],simp_all)
  10.230        next
  10.231          case False
  10.232 -        note hyp_c2 = `PROP ?Hyp (In1r c2) (Norm s1) s2 \<diamondsuit>`
  10.233 -        note `s3 = (if \<exists>err. x1 = Some (Error err) then (x1, s1)
  10.234 -                    else abupd (abrupt_if (x1 \<noteq> None) x1) s2)`
  10.235 +        note hyp_c2 = \<open>PROP ?Hyp (In1r c2) (Norm s1) s2 \<diamondsuit>\<close>
  10.236 +        note \<open>s3 = (if \<exists>err. x1 = Some (Error err) then (x1, s1)
  10.237 +                    else abupd (abrupt_if (x1 \<noteq> None) x1) s2)\<close>
  10.238          with False jmp have "abrupt s2 = Some (Jump j)"
  10.239            by (cases s2) (simp add: abrupt_if_def)
  10.240          with jmpOk wt_c2 G show ?thesis 
  10.241 @@ -570,9 +570,9 @@
  10.242      thus ?case by simp
  10.243    next
  10.244      case (Init C c s0 s3 s1 s2 jmps T Env)
  10.245 -    note `jumpNestingOk jmps (In1r (Init C))`
  10.246 -    note G = `prg Env = G`
  10.247 -    note `the (class G C) = c`
  10.248 +    note \<open>jumpNestingOk jmps (In1r (Init C))\<close>
  10.249 +    note G = \<open>prg Env = G\<close>
  10.250 +    note \<open>the (class G C) = c\<close>
  10.251      with Init.prems have c: "class G C = Some c"
  10.252        by (elim wt_elim_cases) auto
  10.253      {
  10.254 @@ -640,15 +640,15 @@
  10.255        assume jmp: "abrupt s2 = Some (Jump j)"
  10.256        have "j\<in>jmps"
  10.257        proof - 
  10.258 -        note `prg Env = G`
  10.259 -        moreover note hyp_init = `PROP ?Hyp (In1r (Init C)) (Norm s0) s1 \<diamondsuit>`
  10.260 +        note \<open>prg Env = G\<close>
  10.261 +        moreover note hyp_init = \<open>PROP ?Hyp (In1r (Init C)) (Norm s0) s1 \<diamondsuit>\<close>
  10.262          moreover from wf NewC.prems 
  10.263          have "Env\<turnstile>(Init C)\<Colon>\<surd>"
  10.264            by (elim wt_elim_cases) (drule is_acc_classD,simp)
  10.265          moreover 
  10.266          have "abrupt s1 = Some (Jump j)"
  10.267          proof -
  10.268 -          from `G\<turnstile>s1 \<midarrow>halloc CInst C\<succ>a\<rightarrow> s2` and jmp show ?thesis
  10.269 +          from \<open>G\<turnstile>s1 \<midarrow>halloc CInst C\<succ>a\<rightarrow> s2\<close> and jmp show ?thesis
  10.270              by (rule halloc_no_jump')
  10.271          qed
  10.272          ultimately show "j \<in> jmps" 
  10.273 @@ -663,20 +663,20 @@
  10.274        assume jmp: "abrupt s3 = Some (Jump j)"
  10.275        have "j\<in>jmps"
  10.276        proof -
  10.277 -        note G = `prg Env = G`
  10.278 +        note G = \<open>prg Env = G\<close>
  10.279          from NewA.prems 
  10.280          obtain wt_init: "Env\<turnstile>init_comp_ty elT\<Colon>\<surd>" and 
  10.281                 wt_size: "Env\<turnstile>e\<Colon>-PrimT Integer"
  10.282            by (elim wt_elim_cases) (auto dest:  wt_init_comp_ty')
  10.283 -        note `PROP ?Hyp (In1r (init_comp_ty elT)) (Norm s0) s1 \<diamondsuit>`
  10.284 +        note \<open>PROP ?Hyp (In1r (init_comp_ty elT)) (Norm s0) s1 \<diamondsuit>\<close>
  10.285          with wt_init G 
  10.286          have "?Jmp jmps s1" 
  10.287            by (simp add: init_comp_ty_def)
  10.288          moreover
  10.289 -        note hyp_e = `PROP ?Hyp (In1l e) s1 s2 (In1 i)`
  10.290 +        note hyp_e = \<open>PROP ?Hyp (In1l e) s1 s2 (In1 i)\<close>
  10.291          have "abrupt s2 = Some (Jump j)"
  10.292          proof -
  10.293 -          note `G\<turnstile>abupd (check_neg i) s2\<midarrow>halloc Arr elT (the_Intg i)\<succ>a\<rightarrow> s3`
  10.294 +          note \<open>G\<turnstile>abupd (check_neg i) s2\<midarrow>halloc Arr elT (the_Intg i)\<succ>a\<rightarrow> s3\<close>
  10.295            moreover note jmp
  10.296            ultimately 
  10.297            have "abrupt (abupd (check_neg i) s2) = Some (Jump j)"
  10.298 @@ -695,14 +695,14 @@
  10.299        assume jmp: "abrupt s2 = Some (Jump j)"
  10.300        have "j\<in>jmps"
  10.301        proof -
  10.302 -        note hyp_e = `PROP ?Hyp (In1l e) (Norm s0) s1 (In1 v)`
  10.303 -        note `prg Env = G`
  10.304 +        note hyp_e = \<open>PROP ?Hyp (In1l e) (Norm s0) s1 (In1 v)\<close>
  10.305 +        note \<open>prg Env = G\<close>
  10.306          moreover from Cast.prems
  10.307          obtain eT where "Env\<turnstile>e\<Colon>-eT" by (elim wt_elim_cases)
  10.308          moreover 
  10.309          have "abrupt s1 = Some (Jump j)"
  10.310          proof -
  10.311 -          note `s2 = abupd (raise_if (\<not> G,snd s1\<turnstile>v fits cT) ClassCast) s1`
  10.312 +          note \<open>s2 = abupd (raise_if (\<not> G,snd s1\<turnstile>v fits cT) ClassCast) s1\<close>
  10.313            moreover note jmp
  10.314            ultimately show ?thesis by (cases s1) (simp add: abrupt_if_def)
  10.315          qed
  10.316 @@ -718,8 +718,8 @@
  10.317        assume jmp: "abrupt s1 = Some (Jump j)"
  10.318        have "j\<in>jmps"
  10.319        proof -
  10.320 -        note hyp_e = `PROP ?Hyp (In1l e) (Norm s0) s1 (In1 v)`
  10.321 -        note `prg Env = G`
  10.322 +        note hyp_e = \<open>PROP ?Hyp (In1l e) (Norm s0) s1 (In1 v)\<close>
  10.323 +        note \<open>prg Env = G\<close>
  10.324          moreover from Inst.prems
  10.325          obtain eT where "Env\<turnstile>e\<Colon>-eT" by (elim wt_elim_cases)
  10.326          moreover note jmp
  10.327 @@ -737,8 +737,8 @@
  10.328        assume jmp: "abrupt s1 = Some (Jump j)"
  10.329        have "j\<in>jmps"
  10.330        proof -
  10.331 -        note hyp_e = `PROP ?Hyp (In1l e) (Norm s0) s1 (In1 v)`
  10.332 -        note `prg Env = G`
  10.333 +        note hyp_e = \<open>PROP ?Hyp (In1l e) (Norm s0) s1 (In1 v)\<close>
  10.334 +        note \<open>prg Env = G\<close>
  10.335          moreover from UnOp.prems
  10.336          obtain eT where "Env\<turnstile>e\<Colon>-eT" by (elim wt_elim_cases)
  10.337          moreover note jmp
  10.338 @@ -754,17 +754,17 @@
  10.339        assume jmp: "abrupt s2 = Some (Jump j)"
  10.340        have "j\<in>jmps"
  10.341        proof -
  10.342 -        note G = `prg Env = G`
  10.343 +        note G = \<open>prg Env = G\<close>
  10.344          from BinOp.prems
  10.345          obtain e1T e2T where 
  10.346            wt_e1: "Env\<turnstile>e1\<Colon>-e1T" and
  10.347            wt_e2: "Env\<turnstile>e2\<Colon>-e2T" 
  10.348            by (elim wt_elim_cases)
  10.349 -        note `PROP ?Hyp (In1l e1) (Norm s0) s1 (In1 v1)`
  10.350 +        note \<open>PROP ?Hyp (In1l e1) (Norm s0) s1 (In1 v1)\<close>
  10.351          with G wt_e1 have jmp_s1: "?Jmp jmps s1" by simp
  10.352          note hyp_e2 =
  10.353 -          `PROP ?Hyp (if need_second_arg binop v1 then In1l e2 else In1r Skip)
  10.354 -                     s1 s2 (In1 v2)`
  10.355 +          \<open>PROP ?Hyp (if need_second_arg binop v1 then In1l e2 else In1r Skip)
  10.356 +                     s1 s2 (In1 v2)\<close>
  10.357          show "j\<in>jmps"
  10.358          proof (cases "need_second_arg binop v1")
  10.359            case True with jmp_s1 wt_e2 jmp G
  10.360 @@ -787,8 +787,8 @@
  10.361        assume jmp: "abrupt s1 = Some (Jump j)"
  10.362        have "j\<in>jmps"
  10.363        proof -
  10.364 -        note hyp_va = `PROP ?Hyp (In2 va) (Norm s0) s1 (In2 (v,f))`
  10.365 -        note `prg Env = G`
  10.366 +        note hyp_va = \<open>PROP ?Hyp (In2 va) (Norm s0) s1 (In2 (v,f))\<close>
  10.367 +        note \<open>prg Env = G\<close>
  10.368          moreover from Acc.prems
  10.369          obtain vT where "Env\<turnstile>va\<Colon>=vT" by (elim wt_elim_cases)
  10.370          moreover note jmp
  10.371 @@ -799,14 +799,14 @@
  10.372      thus ?case by simp
  10.373    next
  10.374      case (Ass s0 va w f s1 e v s2 jmps T Env)
  10.375 -    note G = `prg Env = G`
  10.376 +    note G = \<open>prg Env = G\<close>
  10.377      from Ass.prems
  10.378      obtain vT eT where
  10.379        wt_va: "Env\<turnstile>va\<Colon>=vT" and
  10.380         wt_e: "Env\<turnstile>e\<Colon>-eT"
  10.381        by (elim wt_elim_cases)
  10.382 -    note hyp_v = `PROP ?Hyp (In2 va) (Norm s0) s1 (In2 (w,f))`
  10.383 -    note hyp_e = `PROP ?Hyp (In1l e) s1 s2 (In1 v)`
  10.384 +    note hyp_v = \<open>PROP ?Hyp (In2 va) (Norm s0) s1 (In2 (w,f))\<close>
  10.385 +    note hyp_e = \<open>PROP ?Hyp (In1l e) s1 s2 (In1 v)\<close>
  10.386      {
  10.387        fix j
  10.388        assume jmp: "abrupt (assign f v s2) = Some (Jump j)"
  10.389 @@ -815,7 +815,7 @@
  10.390          have "abrupt s2 = Some (Jump j)"
  10.391          proof (cases "normal s2")
  10.392            case True
  10.393 -          from `G\<turnstile>s1 \<midarrow>e-\<succ>v\<rightarrow> s2` and True have nrm_s1: "normal s1" 
  10.394 +          from \<open>G\<turnstile>s1 \<midarrow>e-\<succ>v\<rightarrow> s2\<close> and True have nrm_s1: "normal s1" 
  10.395              by (rule eval_no_abrupt_lemma [rule_format]) 
  10.396            with nrm_s1 wt_va G True
  10.397            have "abrupt (f v s2) \<noteq> Some (Jump j)"
  10.398 @@ -838,9 +838,9 @@
  10.399      thus ?case by simp
  10.400    next
  10.401      case (Cond s0 e0 b s1 e1 e2 v s2 jmps T Env)
  10.402 -    note G = `prg Env = G`
  10.403 -    note hyp_e0 = `PROP ?Hyp (In1l e0) (Norm s0) s1 (In1 b)`
  10.404 -    note hyp_e1_e2 = `PROP ?Hyp (In1l (if the_Bool b then e1 else e2)) s1 s2 (In1 v)`
  10.405 +    note G = \<open>prg Env = G\<close>
  10.406 +    note hyp_e0 = \<open>PROP ?Hyp (In1l e0) (Norm s0) s1 (In1 b)\<close>
  10.407 +    note hyp_e1_e2 = \<open>PROP ?Hyp (In1l (if the_Bool b then e1 else e2)) s1 s2 (In1 v)\<close>
  10.408      from Cond.prems
  10.409      obtain e1T e2T
  10.410        where wt_e0: "Env\<turnstile>e0\<Colon>-PrimT Boolean"
  10.411 @@ -873,7 +873,7 @@
  10.412    next
  10.413      case (Call s0 e a s1 args vs s2 D mode statT mn pTs s3 s3' accC v s4
  10.414                 jmps T Env)
  10.415 -    note G = `prg Env = G`
  10.416 +    note G = \<open>prg Env = G\<close>
  10.417      from Call.prems
  10.418      obtain eT argsT 
  10.419        where wt_e: "Env\<turnstile>e\<Colon>-eT" and wt_args: "Env\<turnstile>args\<Colon>\<doteq>argsT"
  10.420 @@ -884,26 +884,26 @@
  10.421                       = Some (Jump j)"
  10.422        have "j\<in>jmps"
  10.423        proof -
  10.424 -        note hyp_e = `PROP ?Hyp (In1l e) (Norm s0) s1 (In1 a)`
  10.425 +        note hyp_e = \<open>PROP ?Hyp (In1l e) (Norm s0) s1 (In1 a)\<close>
  10.426          from wt_e G 
  10.427          have jmp_s1: "?Jmp jmps s1"
  10.428            by - (rule hyp_e [THEN conjunct1],simp_all)
  10.429 -        note hyp_args = `PROP ?Hyp (In3 args) s1 s2 (In3 vs)`
  10.430 +        note hyp_args = \<open>PROP ?Hyp (In3 args) s1 s2 (In3 vs)\<close>
  10.431          have "abrupt s2 = Some (Jump j)"
  10.432          proof -
  10.433 -          note `G\<turnstile>s3' \<midarrow>Methd D \<lparr>name = mn, parTs = pTs\<rparr>-\<succ>v\<rightarrow> s4`
  10.434 +          note \<open>G\<turnstile>s3' \<midarrow>Methd D \<lparr>name = mn, parTs = pTs\<rparr>-\<succ>v\<rightarrow> s4\<close>
  10.435            moreover
  10.436            from jmp have "abrupt s4 = Some (Jump j)"
  10.437              by (cases s4) simp
  10.438            ultimately have "abrupt s3' = Some (Jump j)"
  10.439              by - (rule ccontr,drule (1) Methd_no_jump,simp)
  10.440 -          moreover note `s3' = check_method_access G accC statT mode 
  10.441 -                              \<lparr>name = mn, parTs = pTs\<rparr> a s3`
  10.442 +          moreover note \<open>s3' = check_method_access G accC statT mode 
  10.443 +                              \<lparr>name = mn, parTs = pTs\<rparr> a s3\<close>
  10.444            ultimately have "abrupt s3 = Some (Jump j)"
  10.445              by (cases s3) 
  10.446                 (simp add: check_method_access_def abrupt_if_def Let_def)
  10.447            moreover 
  10.448 -          note `s3 = init_lvars G D \<lparr>name=mn, parTs=pTs\<rparr> mode a vs s2`
  10.449 +          note \<open>s3 = init_lvars G D \<lparr>name=mn, parTs=pTs\<rparr> mode a vs s2\<close>
  10.450            ultimately show ?thesis
  10.451              by (cases s2) (auto simp add: init_lvars_def2)
  10.452          qed
  10.453 @@ -915,7 +915,7 @@
  10.454      thus ?case by simp
  10.455    next
  10.456      case (Methd s0 D sig v s1 jmps T Env)
  10.457 -    from `G\<turnstile>Norm s0 \<midarrow>body G D sig-\<succ>v\<rightarrow> s1`
  10.458 +    from \<open>G\<turnstile>Norm s0 \<midarrow>body G D sig-\<succ>v\<rightarrow> s1\<close>
  10.459      have "G\<turnstile>Norm s0 \<midarrow>Methd D sig-\<succ>v\<rightarrow> s1"
  10.460        by (rule eval.Methd)
  10.461      hence "\<And> j. abrupt s1 \<noteq> Some (Jump j)"
  10.462 @@ -934,7 +934,7 @@
  10.463      thus ?case by (simp add: lvar_def Let_def)
  10.464    next
  10.465      case (FVar s0 statDeclC s1 e a s2 v s2' stat fn s3 accC jmps T Env)
  10.466 -    note G = `prg Env = G`
  10.467 +    note G = \<open>prg Env = G\<close>
  10.468      from wf FVar.prems 
  10.469      obtain  statC f where
  10.470        wt_e: "Env\<turnstile>e\<Colon>-Class statC" and
  10.471 @@ -951,21 +951,21 @@
  10.472        thus ?thesis
  10.473          by simp
  10.474      qed
  10.475 -    note fvar = `(v, s2') = fvar statDeclC stat fn a s2`
  10.476 +    note fvar = \<open>(v, s2') = fvar statDeclC stat fn a s2\<close>
  10.477      {
  10.478        fix j
  10.479        assume jmp: "abrupt s3 = Some (Jump j)"
  10.480        have "j\<in>jmps"
  10.481        proof -
  10.482 -        note hyp_init = `PROP ?Hyp (In1r (Init statDeclC)) (Norm s0) s1 \<diamondsuit>`
  10.483 +        note hyp_init = \<open>PROP ?Hyp (In1r (Init statDeclC)) (Norm s0) s1 \<diamondsuit>\<close>
  10.484          from G wt_init 
  10.485          have "?Jmp jmps s1"
  10.486            by - (rule hyp_init [THEN conjunct1],auto)
  10.487          moreover
  10.488 -        note hyp_e = `PROP ?Hyp (In1l e) s1 s2 (In1 a)`
  10.489 +        note hyp_e = \<open>PROP ?Hyp (In1l e) s1 s2 (In1 a)\<close>
  10.490          have "abrupt s2 = Some (Jump j)"
  10.491          proof -
  10.492 -          note `s3 = check_field_access G accC statDeclC fn stat a s2'`
  10.493 +          note \<open>s3 = check_field_access G accC statDeclC fn stat a s2'\<close>
  10.494            with jmp have "abrupt s2' = Some (Jump j)"
  10.495              by (cases s2') 
  10.496                 (simp add: check_field_access_def abrupt_if_def Let_def)
  10.497 @@ -993,23 +993,23 @@
  10.498      ultimately show ?case using v by simp
  10.499    next
  10.500      case (AVar s0 e1 a s1 e2 i s2 v s2' jmps T Env)
  10.501 -    note G = `prg Env = G`
  10.502 +    note G = \<open>prg Env = G\<close>
  10.503      from AVar.prems 
  10.504      obtain  e1T e2T where
  10.505        wt_e1: "Env\<turnstile>e1\<Colon>-e1T" and wt_e2: "Env\<turnstile>e2\<Colon>-e2T"
  10.506        by  (elim wt_elim_cases) simp
  10.507 -    note avar = `(v, s2') = avar G i a s2`
  10.508 +    note avar = \<open>(v, s2') = avar G i a s2\<close>
  10.509      {
  10.510        fix j
  10.511        assume jmp: "abrupt s2' = Some (Jump j)"
  10.512        have "j\<in>jmps"
  10.513        proof -
  10.514 -        note hyp_e1 = `PROP ?Hyp (In1l e1) (Norm s0) s1 (In1 a)`
  10.515 +        note hyp_e1 = \<open>PROP ?Hyp (In1l e1) (Norm s0) s1 (In1 a)\<close>
  10.516          from G wt_e1
  10.517          have "?Jmp jmps s1"
  10.518            by - (rule hyp_e1 [THEN conjunct1], auto)
  10.519          moreover
  10.520 -        note hyp_e2 = `PROP ?Hyp (In1l e2) s1 s2 (In1 i)`
  10.521 +        note hyp_e2 = \<open>PROP ?Hyp (In1l e2) s1 s2 (In1 i)\<close>
  10.522          have "abrupt s2 = Some (Jump j)"
  10.523          proof -
  10.524            from avar have "s2' = snd (avar G i a s2)"
  10.525 @@ -1039,7 +1039,7 @@
  10.526      case Nil thus ?case by simp
  10.527    next
  10.528      case (Cons s0 e v s1 es vs s2 jmps T Env)
  10.529 -    note G = `prg Env = G`
  10.530 +    note G = \<open>prg Env = G\<close>
  10.531      from Cons.prems obtain eT esT
  10.532        where wt_e: "Env\<turnstile>e\<Colon>-eT" and wt_e2: "Env\<turnstile>es\<Colon>\<doteq>esT"
  10.533        by  (elim wt_elim_cases) simp
  10.534 @@ -1048,12 +1048,12 @@
  10.535        assume jmp: "abrupt s2 = Some (Jump j)"
  10.536        have "j\<in>jmps"
  10.537        proof -
  10.538 -        note hyp_e = `PROP ?Hyp (In1l e) (Norm s0) s1 (In1 v)`
  10.539 +        note hyp_e = \<open>PROP ?Hyp (In1l e) (Norm s0) s1 (In1 v)\<close>
  10.540          from G wt_e
  10.541          have "?Jmp jmps s1"
  10.542            by - (rule hyp_e [THEN conjunct1],simp_all)
  10.543          moreover
  10.544 -        note hyp_es = `PROP ?Hyp (In3 es) s1 s2 (In3 vs)`
  10.545 +        note hyp_es = \<open>PROP ?Hyp (In3 es) s1 s2 (In3 vs)\<close>
  10.546          ultimately show ?thesis
  10.547            using wt_e2 G jmp
  10.548            by - (rule hyp_es [THEN conjunct1, rule_format (no_asm)],
  10.549 @@ -1255,7 +1255,7 @@
  10.550    \<subseteq> dom (locals (store (snd (avar G i a s))))"
  10.551  by (cases s, simp add: avar_def2)
  10.552  
  10.553 -  text {* 
  10.554 +  text \<open>
  10.555  Since assignments are modelled as functions from states to states, we
  10.556    must take into account these functions. They  appear only in the assignment 
  10.557    rule and as result from evaluating a variable. Thats why we need the 
  10.558 @@ -1268,7 +1268,7 @@
  10.559  could also think of a pair of a value and a reference in the store, instead of
  10.560  the generic update function. But as only array updates can cause a special
  10.561  exception (if the types mismatch) and not array reads we then have to introduce
  10.562 -two different rules to handle array reads and updates *} 
  10.563 +two different rules to handle array reads and updates\<close> 
  10.564  lemma dom_locals_eval_mono: 
  10.565    assumes   eval: "G\<turnstile> s0 \<midarrow>t\<succ>\<rightarrow> (v,s1)" 
  10.566    shows "dom (locals (store s0)) \<subseteq> dom (locals (store s1)) \<and>
  10.567 @@ -1334,7 +1334,7 @@
  10.568      then
  10.569      have s0_s1: "dom (locals (store ((Norm s0)::state))) 
  10.570                    \<subseteq> dom (locals (store s1))" by simp
  10.571 -    from `G\<turnstile>s1 \<midarrow>sxalloc\<rightarrow> s2`
  10.572 +    from \<open>G\<turnstile>s1 \<midarrow>sxalloc\<rightarrow> s2\<close>
  10.573      have s1_s2: "dom (locals (store s1)) \<subseteq> dom (locals (store s2))" 
  10.574        by (rule dom_locals_sxalloc_mono)
  10.575      thus ?case 
  10.576 @@ -1402,7 +1402,7 @@
  10.577      qed
  10.578    next
  10.579      case (NewC s0 C s1 a s2)
  10.580 -    note halloc = `G\<turnstile>s1 \<midarrow>halloc CInst C\<succ>a\<rightarrow> s2`
  10.581 +    note halloc = \<open>G\<turnstile>s1 \<midarrow>halloc CInst C\<succ>a\<rightarrow> s2\<close>
  10.582      from NewC.hyps
  10.583      have "dom (locals (store ((Norm s0)::state))) \<subseteq> dom (locals (store s1))" 
  10.584        by simp
  10.585 @@ -1412,7 +1412,7 @@
  10.586      finally show ?case by simp
  10.587    next
  10.588      case (NewA s0 T s1 e i s2 a s3)
  10.589 -    note halloc = `G\<turnstile>abupd (check_neg i) s2 \<midarrow>halloc Arr T (the_Intg i)\<succ>a\<rightarrow> s3`
  10.590 +    note halloc = \<open>G\<turnstile>abupd (check_neg i) s2 \<midarrow>halloc Arr T (the_Intg i)\<succ>a\<rightarrow> s3\<close>
  10.591      from NewA.hyps
  10.592      have "dom (locals (store ((Norm s0)::state))) \<subseteq> dom (locals (store s1))" 
  10.593        by simp
  10.594 @@ -1470,7 +1470,7 @@
  10.595        finally show ?thesis by simp
  10.596      next
  10.597        case False
  10.598 -      with `G\<turnstile>s1 \<midarrow>e-\<succ>v\<rightarrow> s2`
  10.599 +      with \<open>G\<turnstile>s1 \<midarrow>e-\<succ>v\<rightarrow> s2\<close>
  10.600        have "s2=s1"
  10.601          by auto
  10.602        with s0_s1 False
  10.603 @@ -1492,7 +1492,7 @@
  10.604      finally show ?case by simp
  10.605    next
  10.606      case (Call s0 e a' s1 args vs s2 D mode statT mn pTs s3 s3' accC v s4)
  10.607 -    note s3 = `s3 = init_lvars G D \<lparr>name = mn, parTs = pTs\<rparr> mode a' vs s2`
  10.608 +    note s3 = \<open>s3 = init_lvars G D \<lparr>name = mn, parTs = pTs\<rparr> mode a' vs s2\<close>
  10.609      from Call.hyps 
  10.610      have "dom (locals (store ((Norm s0)::state))) \<subseteq> dom (locals (store s1))"
  10.611        by simp
  10.612 @@ -1521,10 +1521,10 @@
  10.613      also
  10.614      have "\<dots> \<subseteq> dom (locals (store (abupd (absorb Ret) s3)))"
  10.615      proof -
  10.616 -      from `s3 =
  10.617 +      from \<open>s3 =
  10.618           (if \<exists>l. abrupt s2 = Some (Jump (Break l)) \<or> 
  10.619                   abrupt s2 = Some (Jump (Cont l))
  10.620 -             then abupd (\<lambda>x. Some (Error CrossMethodJump)) s2 else s2)`
  10.621 +             then abupd (\<lambda>x. Some (Error CrossMethodJump)) s2 else s2)\<close>
  10.622        show ?thesis
  10.623          by simp
  10.624      qed
  10.625 @@ -1546,7 +1546,7 @@
  10.626        by (simp add: dom_locals_fvar_vvar_mono) 
  10.627      hence v_ok: "(\<forall>vv. In2 v = In2 vv \<and> normal s3 \<longrightarrow> ?V_ok)"
  10.628        by - (intro strip, simp)
  10.629 -    note s3 = `s3 = check_field_access G accC statDeclC fn stat a s2'`
  10.630 +    note s3 = \<open>s3 = check_field_access G accC statDeclC fn stat a s2'\<close>
  10.631      from FVar.hyps 
  10.632      have "dom (locals (store ((Norm s0)::state))) \<subseteq> dom (locals (store s1))"
  10.633        by simp
  10.634 @@ -1659,7 +1659,7 @@
  10.635    from eval normal show ?thesis
  10.636    proof (induct)
  10.637      case Abrupt thus ?case by simp 
  10.638 -  next -- {* For statements its trivial, since then @{term "assigns t = {}"} *}
  10.639 +  next \<comment> \<open>For statements its trivial, since then @{term "assigns t = {}"}\<close>
  10.640      case Skip show ?case by simp
  10.641    next
  10.642      case Expr show ?case by simp 
  10.643 @@ -1685,7 +1685,7 @@
  10.644      case NewC show ?case by simp
  10.645    next
  10.646      case (NewA s0 T s1 e i s2 a s3)
  10.647 -    note halloc = `G\<turnstile>abupd (check_neg i) s2 \<midarrow>halloc Arr T (the_Intg i)\<succ>a\<rightarrow> s3`
  10.648 +    note halloc = \<open>G\<turnstile>abupd (check_neg i) s2 \<midarrow>halloc Arr T (the_Intg i)\<succ>a\<rightarrow> s3\<close>
  10.649      have "assigns (In1l e) \<subseteq> dom (locals (store s2))"
  10.650      proof -
  10.651        from NewA
  10.652 @@ -1728,8 +1728,8 @@
  10.653      also
  10.654      have "\<dots>  \<subseteq> dom (locals (store s2))"
  10.655      proof -
  10.656 -      note `G\<turnstile>s1 \<midarrow>(if need_second_arg binop v1 then In1l e2
  10.657 -                      else In1r Skip)\<succ>\<rightarrow> (In1 v2, s2)`
  10.658 +      note \<open>G\<turnstile>s1 \<midarrow>(if need_second_arg binop v1 then In1l e2
  10.659 +                      else In1r Skip)\<succ>\<rightarrow> (In1 v2, s2)\<close>
  10.660        thus ?thesis
  10.661          by (rule dom_locals_eval_mono_elim)
  10.662      qed
  10.663 @@ -1752,7 +1752,7 @@
  10.664      case Acc thus ?case by simp
  10.665    next 
  10.666      case (Ass s0 va w f s1 e v s2)
  10.667 -    note nrm_ass_s2 = `normal (assign f v s2)`
  10.668 +    note nrm_ass_s2 = \<open>normal (assign f v s2)\<close>
  10.669      hence nrm_s2: "normal s2"
  10.670        by (cases s2, simp add: assign_def Let_def)
  10.671      with Ass.hyps 
  10.672 @@ -1843,16 +1843,16 @@
  10.673      case (Call s0 e a' s1 args vs s2 D mode statT mn pTs s3 s3' accC v s4)
  10.674      have nrm_s2: "normal s2"
  10.675      proof -
  10.676 -      from `normal ((set_lvars (locals (snd s2))) s4)`
  10.677 +      from \<open>normal ((set_lvars (locals (snd s2))) s4)\<close>
  10.678        have normal_s4: "normal s4" by simp
  10.679        hence "normal s3'" using Call.hyps
  10.680          by - (erule eval_no_abrupt_lemma [rule_format]) 
  10.681        moreover note
  10.682 -       `s3' = check_method_access G accC statT mode \<lparr>name=mn, parTs=pTs\<rparr> a' s3`
  10.683 +       \<open>s3' = check_method_access G accC statT mode \<lparr>name=mn, parTs=pTs\<rparr> a' s3\<close>
  10.684        ultimately have "normal s3"
  10.685          by (cases s3) (simp add: check_method_access_def Let_def) 
  10.686        moreover
  10.687 -      note s3 = `s3 = init_lvars G D \<lparr>name = mn, parTs = pTs\<rparr> mode a' vs s2`
  10.688 +      note s3 = \<open>s3 = init_lvars G D \<lparr>name = mn, parTs = pTs\<rparr> mode a' vs s2\<close>
  10.689        ultimately show "normal s2"
  10.690          by (cases s2) (simp add: init_lvars_def2)
  10.691      qed
  10.692 @@ -1883,11 +1883,11 @@
  10.693      case LVar thus ?case by simp
  10.694    next
  10.695      case (FVar s0 statDeclC s1 e a s2 v s2' stat fn s3 accC)
  10.696 -    note s3 = `s3 = check_field_access G accC statDeclC fn stat a s2'`
  10.697 -    note avar = `(v, s2') = fvar statDeclC stat fn a s2`
  10.698 +    note s3 = \<open>s3 = check_field_access G accC statDeclC fn stat a s2'\<close>
  10.699 +    note avar = \<open>(v, s2') = fvar statDeclC stat fn a s2\<close>
  10.700      have nrm_s2: "normal s2"
  10.701      proof -
  10.702 -      note `normal s3`
  10.703 +      note \<open>normal s3\<close>
  10.704        with s3 have "normal s2'"
  10.705          by (cases s2') (simp add: check_field_access_def Let_def)
  10.706        with avar show "normal s2"
  10.707 @@ -1912,10 +1912,10 @@
  10.708        by simp
  10.709    next
  10.710      case (AVar s0 e1 a s1 e2 i s2 v s2')
  10.711 -    note avar = `(v, s2') = avar G i a s2`
  10.712 +    note avar = \<open>(v, s2') = avar G i a s2\<close>
  10.713      have nrm_s2: "normal s2"
  10.714      proof -
  10.715 -      from avar and `normal s2'`
  10.716 +      from avar and \<open>normal s2'\<close>
  10.717        show ?thesis by (cases s2) (simp add: avar_def2)
  10.718      qed
  10.719      with AVar.hyps 
  10.720 @@ -2018,17 +2018,17 @@
  10.721      case Inst hence False by simp thus ?case ..
  10.722    next
  10.723      case (Lit val c v s0 s)
  10.724 -    note `constVal (Lit val) = Some c`
  10.725 +    note \<open>constVal (Lit val) = Some c\<close>
  10.726      moreover
  10.727 -    from `G\<turnstile>Norm s0 \<midarrow>Lit val-\<succ>v\<rightarrow> s`
  10.728 +    from \<open>G\<turnstile>Norm s0 \<midarrow>Lit val-\<succ>v\<rightarrow> s\<close>
  10.729      obtain "v=val" and "normal s"
  10.730        by cases simp
  10.731      ultimately show "v=c \<and> normal s" by simp
  10.732    next
  10.733      case (UnOp unop e c v s0 s)
  10.734 -    note const = `constVal (UnOp unop e) = Some c`
  10.735 +    note const = \<open>constVal (UnOp unop e) = Some c\<close>
  10.736      then obtain ce where ce: "constVal e = Some ce" by simp
  10.737 -    from `G\<turnstile>Norm s0 \<midarrow>UnOp unop e-\<succ>v\<rightarrow> s`
  10.738 +    from \<open>G\<turnstile>Norm s0 \<midarrow>UnOp unop e-\<succ>v\<rightarrow> s\<close>
  10.739      obtain ve where ve: "G\<turnstile>Norm s0 \<midarrow>e-\<succ>ve\<rightarrow> s" and
  10.740                       v: "v = eval_unop unop ve"
  10.741        by cases simp
  10.742 @@ -2042,12 +2042,12 @@
  10.743      show ?case ..
  10.744    next
  10.745      case (BinOp binop e1 e2 c v s0 s)
  10.746 -    note const = `constVal (BinOp binop e1 e2) = Some c`
  10.747 +    note const = \<open>constVal (BinOp binop e1 e2) = Some c\<close>
  10.748      then obtain c1 c2 where c1: "constVal e1 = Some c1" and
  10.749                              c2: "constVal e2 = Some c2" and
  10.750                               c: "c = eval_binop binop c1 c2"
  10.751        by simp
  10.752 -    from `G\<turnstile>Norm s0 \<midarrow>BinOp binop e1 e2-\<succ>v\<rightarrow> s`
  10.753 +    from \<open>G\<turnstile>Norm s0 \<midarrow>BinOp binop e1 e2-\<succ>v\<rightarrow> s\<close>
  10.754      obtain v1 s1 v2
  10.755        where v1: "G\<turnstile>Norm s0 \<midarrow>e1-\<succ>v1\<rightarrow> s1" and
  10.756              v2: "G\<turnstile>s1 \<midarrow>(if need_second_arg binop v1 then In1l e2
  10.757 @@ -2089,13 +2089,13 @@
  10.758      case Ass hence False by simp thus ?case ..
  10.759    next
  10.760      case (Cond b e1 e2 c v s0 s)
  10.761 -    note c = `constVal (b ? e1 : e2) = Some c`
  10.762 +    note c = \<open>constVal (b ? e1 : e2) = Some c\<close>
  10.763      then obtain cb c1 c2 where
  10.764        cb: "constVal b  = Some cb" and
  10.765        c1: "constVal e1 = Some c1" and
  10.766        c2: "constVal e2 = Some c2"
  10.767        by (auto split: bool.splits)
  10.768 -    from `G\<turnstile>Norm s0 \<midarrow>b ? e1 : e2-\<succ>v\<rightarrow> s`
  10.769 +    from \<open>G\<turnstile>Norm s0 \<midarrow>b ? e1 : e2-\<succ>v\<rightarrow> s\<close>
  10.770      obtain vb s1
  10.771        where     vb: "G\<turnstile>Norm s0 \<midarrow>b-\<succ>vb\<rightarrow> s1" and
  10.772              eval_v: "G\<turnstile>s1 \<midarrow>(if the_Bool vb then e1 else e2)-\<succ>v\<rightarrow> s"
  10.773 @@ -2166,27 +2166,27 @@
  10.774      case Inst hence False by simp thus ?case ..
  10.775    next
  10.776      case (Lit v c)
  10.777 -    from `constVal (Lit v) = Some c`
  10.778 +    from \<open>constVal (Lit v) = Some c\<close>
  10.779      have "c=v" by simp
  10.780      moreover
  10.781 -    from `Env\<turnstile>Lit v\<Colon>-PrimT Boolean`
  10.782 +    from \<open>Env\<turnstile>Lit v\<Colon>-PrimT Boolean\<close>
  10.783      have "typeof empty_dt v = Some (PrimT Boolean)"
  10.784        by cases simp
  10.785      ultimately show ?case by simp
  10.786    next
  10.787      case (UnOp unop e c)
  10.788 -    from `Env\<turnstile>UnOp unop e\<Colon>-PrimT Boolean`
  10.789 +    from \<open>Env\<turnstile>UnOp unop e\<Colon>-PrimT Boolean\<close>
  10.790      have "Boolean = unop_type unop" by cases simp
  10.791      moreover
  10.792 -    from `constVal (UnOp unop e) = Some c`
  10.793 +    from \<open>constVal (UnOp unop e) = Some c\<close>
  10.794      obtain ce where "c = eval_unop unop ce" by auto
  10.795      ultimately show ?case by (simp add: eval_unop_type)
  10.796    next
  10.797      case (BinOp binop e1 e2 c)
  10.798 -    from `Env\<turnstile>BinOp binop e1 e2\<Colon>-PrimT Boolean`
  10.799 +    from \<open>Env\<turnstile>BinOp binop e1 e2\<Colon>-PrimT Boolean\<close>
  10.800      have "Boolean = binop_type binop" by cases simp
  10.801      moreover
  10.802 -    from `constVal (BinOp binop e1 e2) = Some c`
  10.803 +    from \<open>constVal (BinOp binop e1 e2) = Some c\<close>
  10.804      obtain c1 c2 where "c = eval_binop binop c1 c2" by auto
  10.805      ultimately show ?case by (simp add: eval_binop_type)
  10.806    next
  10.807 @@ -2197,13 +2197,13 @@
  10.808      case Ass hence False by simp thus ?case ..
  10.809    next
  10.810      case (Cond b e1 e2 c)
  10.811 -    note c = `constVal (b ? e1 : e2) = Some c`
  10.812 +    note c = \<open>constVal (b ? e1 : e2) = Some c\<close>
  10.813      then obtain cb c1 c2 where
  10.814        cb: "constVal b  = Some cb" and
  10.815        c1: "constVal e1 = Some c1" and
  10.816        c2: "constVal e2 = Some c2"
  10.817        by (auto split: bool.splits)
  10.818 -    note wt = `Env\<turnstile>b ? e1 : e2\<Colon>-PrimT Boolean`
  10.819 +    note wt = \<open>Env\<turnstile>b ? e1 : e2\<Colon>-PrimT Boolean\<close>
  10.820      then
  10.821      obtain T1 T2
  10.822        where "Env\<turnstile>b\<Colon>-PrimT Boolean" and
  10.823 @@ -2239,8 +2239,8 @@
  10.824       bool: "Env\<turnstile> e\<Colon>-PrimT Boolean"
  10.825    shows "assigns_if (the_Bool b) e \<subseteq> dom (locals (store s1))"
  10.826  proof -
  10.827 -  -- {* To properly perform induction on the evaluation relation we have to
  10.828 -        generalize the lemma to terms not only expressions. *}
  10.829 +  \<comment> \<open>To properly perform induction on the evaluation relation we have to
  10.830 +        generalize the lemma to terms not only expressions.\<close>
  10.831    { fix t val
  10.832     assume eval': "prg Env\<turnstile> s0 \<midarrow>t\<succ>\<rightarrow> (val,s1)"  
  10.833     assume bool': "Env\<turnstile> t\<Colon>Inl (PrimT Boolean)"
  10.834 @@ -2252,26 +2252,26 @@
  10.835       case Abrupt thus ?case by simp
  10.836     next
  10.837       case (NewC s0 C s1 a s2)
  10.838 -     from `Env\<turnstile>NewC C\<Colon>-PrimT Boolean`
  10.839 +     from \<open>Env\<turnstile>NewC C\<Colon>-PrimT Boolean\<close>
  10.840       have False 
  10.841         by cases simp
  10.842       thus ?case ..
  10.843     next
  10.844       case (NewA s0 T s1 e i s2 a s3)
  10.845 -     from `Env\<turnstile>New T[e]\<Colon>-PrimT Boolean`
  10.846 +     from \<open>Env\<turnstile>New T[e]\<Colon>-PrimT Boolean\<close>
  10.847       have False 
  10.848         by cases simp
  10.849       thus ?case ..
  10.850     next
  10.851       case (Cast s0 e b s1 s2 T)
  10.852 -     note s2 = `s2 = abupd (raise_if (\<not> prg Env,snd s1\<turnstile>b fits T) ClassCast) s1`
  10.853 +     note s2 = \<open>s2 = abupd (raise_if (\<not> prg Env,snd s1\<turnstile>b fits T) ClassCast) s1\<close>
  10.854       have "assigns_if (the_Bool b) e \<subseteq> dom (locals (store s1))" 
  10.855       proof -
  10.856 -       from s2 and `normal s2`
  10.857 +       from s2 and \<open>normal s2\<close>
  10.858         have "normal s1"
  10.859           by (cases s1) simp
  10.860         moreover
  10.861 -       from `Env\<turnstile>Cast T e\<Colon>-PrimT Boolean`
  10.862 +       from \<open>Env\<turnstile>Cast T e\<Colon>-PrimT Boolean\<close>
  10.863         have "Env\<turnstile>e\<Colon>- PrimT Boolean" 
  10.864           by cases (auto dest: cast_Boolean2)
  10.865         ultimately show ?thesis 
  10.866 @@ -2283,14 +2283,14 @@
  10.867       finally show ?case by simp
  10.868     next
  10.869       case (Inst s0 e v s1 b T)
  10.870 -     from `prg Env\<turnstile>Norm s0 \<midarrow>e-\<succ>v\<rightarrow> s1` and `normal s1`
  10.871 +     from \<open>prg Env\<turnstile>Norm s0 \<midarrow>e-\<succ>v\<rightarrow> s1\<close> and \<open>normal s1\<close>
  10.872       have "assignsE e \<subseteq> dom (locals (store s1))"
  10.873         by (rule assignsE_good_approx)
  10.874       thus ?case
  10.875         by simp
  10.876     next
  10.877       case (Lit s v)
  10.878 -     from `Env\<turnstile>Lit v\<Colon>-PrimT Boolean`
  10.879 +     from \<open>Env\<turnstile>Lit v\<Colon>-PrimT Boolean\<close>
  10.880       have "typeof empty_dt v = Some (PrimT Boolean)"
  10.881         by cases simp
  10.882       then obtain b where "v=Bool b"
  10.883 @@ -2299,13 +2299,13 @@
  10.884         by simp
  10.885     next
  10.886       case (UnOp s0 e v s1 unop)
  10.887 -     note bool = `Env\<turnstile>UnOp unop e\<Colon>-PrimT Boolean`
  10.888 +     note bool = \<open>Env\<turnstile>UnOp unop e\<Colon>-PrimT Boolean\<close>
  10.889       hence bool_e: "Env\<turnstile>e\<Colon>-PrimT Boolean" 
  10.890         by cases (cases unop,simp_all)
  10.891       show ?case
  10.892       proof (cases "constVal (UnOp unop e)")
  10.893         case None
  10.894 -       note `normal s1`
  10.895 +       note \<open>normal s1\<close>
  10.896         moreover note bool_e
  10.897         ultimately have "assigns_if (the_Bool v) e \<subseteq> dom (locals (store s1))"
  10.898           by (rule UnOp.hyps [elim_format]) auto
  10.899 @@ -2321,7 +2321,7 @@
  10.900       next
  10.901         case (Some c)
  10.902         moreover
  10.903 -       from `prg Env\<turnstile>Norm s0 \<midarrow>e-\<succ>v\<rightarrow> s1`
  10.904 +       from \<open>prg Env\<turnstile>Norm s0 \<midarrow>e-\<succ>v\<rightarrow> s1\<close>
  10.905         have "prg Env\<turnstile>Norm s0 \<midarrow>UnOp unop e-\<succ>eval_unop unop v\<rightarrow> s1" 
  10.906           by (rule eval.UnOp)
  10.907         with Some
  10.908 @@ -2339,7 +2339,7 @@
  10.909       qed
  10.910     next
  10.911       case (BinOp s0 e1 v1 s1 binop e2 v2 s2)
  10.912 -     note bool = `Env\<turnstile>BinOp binop e1 e2\<Colon>-PrimT Boolean`
  10.913 +     note bool = \<open>Env\<turnstile>BinOp binop e1 e2\<Colon>-PrimT Boolean\<close>
  10.914       show ?case
  10.915       proof (cases "constVal (BinOp binop e1 e2)") 
  10.916         case (Some c)
  10.917 @@ -2392,7 +2392,7 @@
  10.918               with condAnd 
  10.919               have need_second: "need_second_arg binop v1"
  10.920                 by (simp add: need_second_arg_def)
  10.921 -             from `normal s2`
  10.922 +             from \<open>normal s2\<close>
  10.923               have "assigns_if (the_Bool v2) e2 \<subseteq> dom (locals (store s2))"
  10.924                 by (rule BinOp.hyps [elim_format]) 
  10.925                    (simp add: need_second bool_e2)+
  10.926 @@ -2412,7 +2412,7 @@
  10.927                 obtain "the_Bool v1=True" and "the_Bool v2 = False"
  10.928                   by (simp add: need_second_arg_def)
  10.929                 moreover
  10.930 -               from `normal s2`
  10.931 +               from \<open>normal s2\<close>
  10.932                 have "assigns_if (the_Bool v2) e2 \<subseteq> dom (locals (store s2))"
  10.933                   by (rule BinOp.hyps [elim_format]) (simp add: True bool_e2)+
  10.934                 with e1_s2
  10.935 @@ -2440,7 +2440,7 @@
  10.936               with condOr 
  10.937               have need_second: "need_second_arg binop v1"
  10.938                 by (simp add: need_second_arg_def)
  10.939 -             from `normal s2`
  10.940 +             from \<open>normal s2\<close>
  10.941               have "assigns_if (the_Bool v2) e2 \<subseteq> dom (locals (store s2))"
  10.942                 by (rule BinOp.hyps [elim_format]) 
  10.943                    (simp add: need_second bool_e2)+
  10.944 @@ -2460,7 +2460,7 @@
  10.945                 obtain "the_Bool v1=False" and "the_Bool v2 = True"
  10.946                   by (simp add: need_second_arg_def)
  10.947                 moreover
  10.948 -               from `normal s2`
  10.949 +               from \<open>normal s2\<close>
  10.950                 have "assigns_if (the_Bool v2) e2 \<subseteq> dom (locals (store s2))"
  10.951                   by (rule BinOp.hyps [elim_format]) (simp add: True bool_e2)+
  10.952                 with e1_s2
  10.953 @@ -2483,12 +2483,12 @@
  10.954           qed  
  10.955         next
  10.956           case False
  10.957 -         note `\<not> (binop = CondAnd \<or> binop = CondOr)`
  10.958 +         note \<open>\<not> (binop = CondAnd \<or> binop = CondOr)\<close>
  10.959           from BinOp.hyps
  10.960           have
  10.961             "prg Env\<turnstile>Norm s0 \<midarrow>BinOp binop e1 e2-\<succ>eval_binop binop v1 v2\<rightarrow> s2"
  10.962             by - (rule eval.BinOp)  
  10.963 -         moreover note `normal s2`
  10.964 +         moreover note \<open>normal s2\<close>
  10.965           ultimately
  10.966           have "assignsE (BinOp binop e1 e2) \<subseteq> dom (locals (store s2))"
  10.967             by (rule assignsE_good_approx)
  10.968 @@ -2499,13 +2499,13 @@
  10.969       qed
  10.970     next     
  10.971       case Super 
  10.972 -     note `Env\<turnstile>Super\<Colon>-PrimT Boolean`
  10.973 +     note \<open>Env\<turnstile>Super\<Colon>-PrimT Boolean\<close>
  10.974       hence False 
  10.975         by cases simp
  10.976       thus ?case ..
  10.977     next
  10.978       case (Acc s0 va v f s1)
  10.979 -     from `prg Env\<turnstile>Norm s0 \<midarrow>va=\<succ>(v, f)\<rightarrow> s1` and `normal s1`
  10.980 +     from \<open>prg Env\<turnstile>Norm s0 \<midarrow>va=\<succ>(v, f)\<rightarrow> s1\<close> and \<open>normal s1\<close>
  10.981       have "assignsV va \<subseteq> dom (locals (store s1))"
  10.982         by (rule assignsV_good_approx)
  10.983       thus ?case by simp
  10.984 @@ -2513,23 +2513,23 @@
  10.985       case (Ass s0 va w f s1 e v s2)
  10.986       hence "prg Env\<turnstile>Norm s0 \<midarrow>va := e-\<succ>v\<rightarrow> assign f v s2"
  10.987         by - (rule eval.Ass)
  10.988 -     moreover note `normal (assign f v s2)`
  10.989 +     moreover note \<open>normal (assign f v s2)\<close>
  10.990       ultimately 
  10.991       have "assignsE (va := e) \<subseteq> dom (locals (store (assign f v s2)))"
  10.992         by (rule assignsE_good_approx)
  10.993       thus ?case by simp
  10.994     next
  10.995       case (Cond s0 e0 b s1 e1 e2 v s2)
  10.996 -     from `Env\<turnstile>e0 ? e1 : e2\<Colon>-PrimT Boolean`
  10.997 +     from \<open>Env\<turnstile>e0 ? e1 : e2\<Colon>-PrimT Boolean\<close>
  10.998       obtain wt_e1: "Env\<turnstile>e1\<Colon>-PrimT Boolean" and
  10.999              wt_e2: "Env\<turnstile>e2\<Colon>-PrimT Boolean"
 10.1000         by cases (auto dest: widen_Boolean2)
 10.1001 -     note eval_e0 = `prg Env\<turnstile>Norm s0 \<midarrow>e0-\<succ>b\<rightarrow> s1`
 10.1002 +     note eval_e0 = \<open>prg Env\<turnstile>Norm s0 \<midarrow>e0-\<succ>b\<rightarrow> s1\<close>
 10.1003       have e0_s2: "assignsE e0 \<subseteq> dom (locals (store s2))"
 10.1004       proof -
 10.1005         note eval_e0 
 10.1006         moreover
 10.1007 -       from Cond.hyps and `normal s2` have "normal s1"
 10.1008 +       from Cond.hyps and \<open>normal s2\<close> have "normal s1"
 10.1009           by - (erule eval_no_abrupt_lemma [rule_format],simp)
 10.1010         ultimately
 10.1011         have "assignsE e0 \<subseteq> dom (locals (store s1))"
 10.1012 @@ -2547,14 +2547,14 @@
 10.1013                \<subseteq> dom (locals (store s2))"
 10.1014         proof (cases "the_Bool b")
 10.1015           case True
 10.1016 -         from `normal s2`
 10.1017 +         from \<open>normal s2\<close>
 10.1018           have "assigns_if (the_Bool v) e1 \<subseteq> dom (locals (store s2))"    
 10.1019             by (rule Cond.hyps [elim_format]) (simp_all add: wt_e1 True)
 10.1020           thus ?thesis
 10.1021             by blast
 10.1022         next
 10.1023           case False
 10.1024 -         from `normal s2`
 10.1025 +         from \<open>normal s2\<close>
 10.1026           have "assigns_if (the_Bool v) e2 \<subseteq> dom (locals (store s2))"    
 10.1027             by (rule Cond.hyps [elim_format]) (simp_all add: wt_e2 False)
 10.1028           thus ?thesis
 10.1029 @@ -2574,7 +2574,7 @@
 10.1030         show ?thesis
 10.1031         proof (cases "the_Bool c")
 10.1032           case True
 10.1033 -         from `normal s2`
 10.1034 +         from \<open>normal s2\<close>
 10.1035           have "assigns_if (the_Bool v) e1 \<subseteq> dom (locals (store s2))"
 10.1036             by (rule Cond.hyps [elim_format]) (simp_all add: eq_b_c True wt_e1)
 10.1037           with e0_s2
 10.1038 @@ -2584,7 +2584,7 @@
 10.1039             by simp
 10.1040         next
 10.1041           case False
 10.1042 -         from `normal s2`
 10.1043 +         from \<open>normal s2\<close>
 10.1044           have "assigns_if (the_Bool v) e2 \<subseteq> dom (locals (store s2))"    
 10.1045             by (rule Cond.hyps [elim_format]) (simp_all add: eq_b_c False wt_e2)
 10.1046           with e0_s2
 10.1047 @@ -2602,14 +2602,14 @@
 10.1048         by - (rule eval.Call)
 10.1049       hence "assignsE ({accC,statT,mode}e\<cdot>mn( {pTs}args)) 
 10.1050                \<subseteq>  dom (locals (store ((set_lvars (locals (store s2))) s4)))"
 10.1051 -       using `normal ((set_lvars (locals (snd s2))) s4)`
 10.1052 +       using \<open>normal ((set_lvars (locals (snd s2))) s4)\<close>
 10.1053         by (rule assignsE_good_approx)
 10.1054       thus ?case by simp
 10.1055     next
 10.1056       case Methd show ?case by simp
 10.1057     next
 10.1058       case Body show ?case by simp
 10.1059 -   qed simp+ -- {* all the statements and variables *}
 10.1060 +   qed simp+ \<comment> \<open>all the statements and variables\<close>
 10.1061   }
 10.1062   note generalized = this
 10.1063   from eval bool show ?thesis
 10.1064 @@ -2653,7 +2653,7 @@
 10.1065    let ?HypObj = "\<lambda> t s0 s1.
 10.1066        \<forall> Env T A. ?Wt Env t T \<longrightarrow>  ?Da Env s0 t A \<longrightarrow> prg Env = G 
 10.1067         \<longrightarrow> ?NormalAssigned s1 A \<and> ?BreakAssigned s0 s1 A \<and> ?ResAssigned  s0 s1"
 10.1068 -  -- {* Goal in object logic variant *} 
 10.1069 +  \<comment> \<open>Goal in object logic variant\<close> 
 10.1070    let ?Hyp = "\<lambda>t s0 s1. (\<And> Env T A. \<lbrakk>?Wt Env t T; ?Da Env s0 t A; prg Env = G\<rbrakk> 
 10.1071          \<Longrightarrow> ?NormalAssigned s1 A \<and> ?BreakAssigned s0 s1 A \<and> ?ResAssigned s0 s1)"
 10.1072    from eval and wt da G
 10.1073 @@ -2692,7 +2692,7 @@
 10.1074           (rule Expr.hyps, auto)
 10.1075    next 
 10.1076      case (Lab s0 c s1 j Env T A)
 10.1077 -    note G = `prg Env = G`
 10.1078 +    note G = \<open>prg Env = G\<close>
 10.1079      from Lab.prems
 10.1080      obtain C l where
 10.1081        da_c: "Env\<turnstile> dom (locals (snd (Norm s0))) \<guillemotright>\<langle>c\<rangle>\<guillemotright> C" and
 10.1082 @@ -2751,7 +2751,7 @@
 10.1083      ultimately show ?case by (intro conjI)
 10.1084    next
 10.1085      case (Comp s0 c1 s1 c2 s2 Env T A)
 10.1086 -    note G = `prg Env = G`
 10.1087 +    note G = \<open>prg Env = G\<close>
 10.1088      from Comp.prems
 10.1089      obtain C1 C2
 10.1090        where da_c1: "Env\<turnstile> dom (locals (snd (Norm s0))) \<guillemotright>\<langle>c1\<rangle>\<guillemotright> C1" and 
 10.1091 @@ -2762,7 +2762,7 @@
 10.1092      obtain wt_c1: "Env\<turnstile>c1\<Colon>\<surd>" and
 10.1093             wt_c2: "Env\<turnstile>c2\<Colon>\<surd>"
 10.1094        by (elim wt_elim_cases) simp
 10.1095 -    note `PROP ?Hyp (In1r c1) (Norm s0) s1`
 10.1096 +    note \<open>PROP ?Hyp (In1r c1) (Norm s0) s1\<close>
 10.1097      with wt_c1 da_c1 G 
 10.1098      obtain nrm_c1: "?NormalAssigned s1 C1" and 
 10.1099             brk_c1: "?BreakAssigned (Norm s0) s1 C1" and
 10.1100 @@ -2777,7 +2777,7 @@
 10.1101                 nrm_c2: "nrm C2 \<subseteq> nrm C2'"                  and
 10.1102                 brk_c2: "\<forall> l. brk C2 l \<subseteq> brk C2' l"
 10.1103          by (rule da_weakenE) iprover
 10.1104 -      note `PROP ?Hyp (In1r c2) s1 s2`
 10.1105 +      note \<open>PROP ?Hyp (In1r c2) s1 s2\<close>
 10.1106        with wt_c2 da_c2' G
 10.1107        obtain nrm_c2': "?NormalAssigned s2 C2'" and 
 10.1108               brk_c2': "?BreakAssigned s1 s2 C2'" and
 10.1109 @@ -2797,7 +2797,7 @@
 10.1110        ultimately show ?thesis by (intro conjI)
 10.1111      next
 10.1112        case False
 10.1113 -      with `G\<turnstile>s1 \<midarrow>c2\<rightarrow> s2`
 10.1114 +      with \<open>G\<turnstile>s1 \<midarrow>c2\<rightarrow> s2\<close>
 10.1115        have eq_s1_s2: "s2=s1" by auto
 10.1116        with False have "?NormalAssigned s2 A" by blast
 10.1117        moreover
 10.1118 @@ -2824,7 +2824,7 @@
 10.1119      qed
 10.1120    next
 10.1121      case (If s0 e b s1 c1 c2 s2 Env T A)
 10.1122 -    note G = `prg Env = G`
 10.1123 +    note G = \<open>prg Env = G\<close>
 10.1124      with If.hyps have eval_e: "prg Env \<turnstile>Norm s0 \<midarrow>e-\<succ>b\<rightarrow> s1" by simp
 10.1125      from If.prems
 10.1126      obtain E C1 C2 where
 10.1127 @@ -2920,7 +2920,7 @@
 10.1128        moreover
 10.1129        have "s2 = s1"
 10.1130        proof -
 10.1131 -        from abr and `G\<turnstile>s1 \<midarrow>(if the_Bool b then c1 else c2)\<rightarrow> s2`
 10.1132 +        from abr and \<open>G\<turnstile>s1 \<midarrow>(if the_Bool b then c1 else c2)\<rightarrow> s2\<close>
 10.1133          show ?thesis  
 10.1134            by (cases s1) simp
 10.1135        qed
 10.1136 @@ -2928,7 +2928,7 @@
 10.1137      qed
 10.1138    next
 10.1139      case (Loop s0 e b s1 c s2 l s3 Env T A)
 10.1140 -    note G = `prg Env = G`
 10.1141 +    note G = \<open>prg Env = G\<close>
 10.1142      with Loop.hyps have eval_e: "prg Env\<turnstile>Norm s0 \<midarrow>e-\<succ>b\<rightarrow> s1" 
 10.1143        by (simp (no_asm_simp))
 10.1144      from Loop.prems
 10.1145 @@ -3134,7 +3134,7 @@
 10.1146      ultimately show ?case by (intro conjI)
 10.1147    next
 10.1148      case (Throw s0 e a s1 Env T A)
 10.1149 -    note G = `prg Env = G`
 10.1150 +    note G = \<open>prg Env = G\<close>
 10.1151      from Throw.prems obtain E where 
 10.1152        da_e: "Env\<turnstile> dom (locals (store ((Norm s0)::state))) \<guillemotright>\<langle>e\<rangle>\<guillemotright> E"
 10.1153        by (elim da_elim_cases)
 10.1154 @@ -3164,7 +3164,7 @@
 10.1155      ultimately show ?case by (intro conjI)
 10.1156    next
 10.1157      case (Try s0 c1 s1 s2 C vn c2 s3 Env T A)
 10.1158 -    note G = `prg Env = G`
 10.1159 +    note G = \<open>prg Env = G\<close>
 10.1160      from Try.prems obtain C1 C2 where
 10.1161        da_c1: "Env\<turnstile> dom (locals (store ((Norm s0)::state))) \<guillemotright>\<langle>c1\<rangle>\<guillemotright> C1"  and
 10.1162        da_c2:
 10.1163 @@ -3178,7 +3178,7 @@
 10.1164        by (elim wt_elim_cases)
 10.1165      have sxalloc: "prg Env\<turnstile>s1 \<midarrow>sxalloc\<rightarrow> s2" using Try.hyps G 
 10.1166        by (simp (no_asm_simp))
 10.1167 -    note `PROP ?Hyp (In1r c1) (Norm s0) s1`
 10.1168 +    note \<open>PROP ?Hyp (In1r c1) (Norm s0) s1\<close>
 10.1169      with wt_c1 da_c1 G
 10.1170      obtain nrm_C1: "?NormalAssigned s1 C1" and
 10.1171             brk_C1: "?BreakAssigned (Norm s0) s1 C1" and
 10.1172 @@ -3236,7 +3236,7 @@
 10.1173            have "(dom (locals (store ((Norm s0)::state))) \<union> {VName vn}) 
 10.1174                    \<subseteq> dom (locals (store (new_xcpt_var vn s2)))"
 10.1175            proof -
 10.1176 -            from `G\<turnstile>Norm s0 \<midarrow>c1\<rightarrow> s1`
 10.1177 +            from \<open>G\<turnstile>Norm s0 \<midarrow>c1\<rightarrow> s1\<close>
 10.1178              have "dom (locals (store ((Norm s0)::state))) 
 10.1179                      \<subseteq> dom (locals (store s1))"
 10.1180                by (rule dom_locals_eval_mono_elim)
 10.1181 @@ -3311,7 +3311,7 @@
 10.1182      qed
 10.1183    next
 10.1184      case (Fin s0 c1 x1 s1 c2 s2 s3 Env T A)
 10.1185 -    note G = `prg Env = G`
 10.1186 +    note G = \<open>prg Env = G\<close>
 10.1187      from Fin.prems obtain C1 C2 where 
 10.1188        da_C1: "Env\<turnstile> dom (locals (store ((Norm s0)::state))) \<guillemotright>\<langle>c1\<rangle>\<guillemotright> C1" and
 10.1189        da_C2: "Env\<turnstile> dom (locals (store ((Norm s0)::state))) \<guillemotright>\<langle>c2\<rangle>\<guillemotright> C2" and
 10.1190 @@ -3322,7 +3322,7 @@
 10.1191        wt_c1: "Env\<turnstile>c1\<Colon>\<surd>" and
 10.1192        wt_c2: "Env\<turnstile>c2\<Colon>\<surd>"
 10.1193        by (elim wt_elim_cases)
 10.1194 -    note `PROP ?Hyp (In1r c1) (Norm s0) (x1,s1)`
 10.1195 +    note \<open>PROP ?Hyp (In1r c1) (Norm s0) (x1,s1)\<close>
 10.1196      with wt_c1 da_C1 G
 10.1197      obtain nrmAss_C1: "?NormalAssigned (x1,s1) C1" and
 10.1198             brkAss_C1: "?BreakAssigned (Norm s0) (x1,s1) C1" and
 10.1199 @@ -3342,7 +3342,7 @@
 10.1200          nrm_C2': "nrm C2 \<subseteq> nrm C2'" and
 10.1201          brk_C2': "\<forall> l. brk C2 l \<subseteq> brk C2' l"
 10.1202          by (rule da_weakenE) simp
 10.1203 -      note `PROP ?Hyp (In1r c2) (Norm s1) s2`
 10.1204 +      note \<open>PROP ?Hyp (In1r c2) (Norm s1) s2\<close>
 10.1205        with wt_c2 da_C2' G
 10.1206        obtain nrmAss_C2': "?NormalAssigned s2 C2'" and
 10.1207               brkAss_C2': "?BreakAssigned (Norm s1) s2 C2'" and
 10.1208 @@ -3357,11 +3357,11 @@
 10.1209        show ?thesis
 10.1210          using that resAss_s2' by simp
 10.1211      qed
 10.1212 -    note s3 = `s3 = (if \<exists>err. x1 = Some (Error err) then (x1, s1)
 10.1213 -                       else abupd (abrupt_if (x1 \<noteq> None) x1) s2)`
 10.1214 +    note s3 = \<open>s3 = (if \<exists>err. x1 = Some (Error err) then (x1, s1)
 10.1215 +                       else abupd (abrupt_if (x1 \<noteq> None) x1) s2)\<close>
 10.1216      have s1_s2: "dom (locals s1) \<subseteq> dom (locals (store s2))"
 10.1217      proof -  
 10.1218 -      from `G\<turnstile>Norm s1 \<midarrow>c2\<rightarrow> s2`
 10.1219 +      from \<open>G\<turnstile>Norm s1 \<midarrow>c2\<rightarrow> s2\<close>
 10.1220        show ?thesis
 10.1221          by (rule dom_locals_eval_mono_elim) simp
 10.1222      qed
 10.1223 @@ -3470,7 +3470,7 @@
 10.1224      ultimately show ?case by (intro conjI)
 10.1225    next 
 10.1226      case (Init C c s0 s3 s1 s2 Env T A)
 10.1227 -    note G = `prg Env = G`
 10.1228 +    note G = \<open>prg Env = G\<close>
 10.1229      from Init.hyps
 10.1230      have eval: "prg Env\<turnstile> Norm s0 \<midarrow>Init C\<rightarrow> s3"
 10.1231        apply (simp only: G) 
 10.1232 @@ -3480,7 +3480,7 @@
 10.1233        apply (simp only: if_False )
 10.1234        apply (elim conjE,intro conjI,assumption+,simp)
 10.1235        done (* auto or simp alone always do too much *)
 10.1236 -    from Init.prems and `the (class G C) = c`
 10.1237 +    from Init.prems and \<open>the (class G C) = c\<close>
 10.1238      have c: "class G C = Some c"
 10.1239        by (elim wt_elim_cases) auto
 10.1240      from Init.prems obtain
 10.1241 @@ -3525,7 +3525,7 @@
 10.1242      qed
 10.1243    next 
 10.1244      case (NewC s0 C s1 a s2 Env T A)
 10.1245 -    note G = `prg Env = G`
 10.1246 +    note G = \<open>prg Env = G\<close>
 10.1247      from NewC.prems
 10.1248      obtain A: "nrm A = dom (locals (store ((Norm s0)::state)))"
 10.1249                "brk A = (\<lambda> l. UNIV)"
 10.1250 @@ -3565,7 +3565,7 @@
 10.1251      ultimately show ?case by (intro conjI)
 10.1252    next
 10.1253      case (NewA s0 elT s1 e i s2 a s3 Env T A) 
 10.1254 -    note G = `prg Env = G`
 10.1255 +    note G = \<open>prg Env = G\<close>
 10.1256      from NewA.prems obtain
 10.1257        da_e: "Env\<turnstile> dom (locals (store ((Norm s0)::state))) \<guillemotright>\<langle>e\<rangle>\<guillemotright> A"
 10.1258        by (elim da_elim_cases)
 10.1259 @@ -3573,7 +3573,7 @@
 10.1260        wt_init: "Env\<turnstile>init_comp_ty elT\<Colon>\<surd>" and 
 10.1261        wt_size: "Env\<turnstile>e\<Colon>-PrimT Integer"
 10.1262        by (elim wt_elim_cases) (auto dest:  wt_init_comp_ty')
 10.1263 -    note halloc = `G\<turnstile>abupd (check_neg i) s2\<midarrow>halloc Arr elT (the_Intg i)\<succ>a\<rightarrow>s3`
 10.1264 +    note halloc = \<open>G\<turnstile>abupd (check_neg i) s2\<midarrow>halloc Arr elT (the_Intg i)\<succ>a\<rightarrow>s3\<close>
 10.1265      have "dom (locals (store ((Norm s0)::state))) \<subseteq> dom (locals (store s1))"
 10.1266        by (rule dom_locals_eval_mono_elim) (rule NewA.hyps)
 10.1267      with da_e obtain A' where
 10.1268 @@ -3581,7 +3581,7 @@
 10.1269          and  nrm_A_A': "nrm A \<subseteq> nrm A'"                  
 10.1270          and  brk_A_A': "\<forall> l. brk A l \<subseteq> brk A' l"
 10.1271        by (rule da_weakenE) simp
 10.1272 -    note `PROP ?Hyp (In1l e) s1 s2`
 10.1273 +    note \<open>PROP ?Hyp (In1l e) s1 s2\<close>
 10.1274      with wt_size da_e' G obtain 
 10.1275        nrmAss_A': "?NormalAssigned s2 A'" and
 10.1276        brkAss_A': "?BreakAssigned s1 s2 A'"
 10.1277 @@ -3630,19 +3630,19 @@
 10.1278      ultimately show ?case by (intro conjI)
 10.1279    next
 10.1280      case (Cast s0 e v s1 s2 cT Env T A)
 10.1281 -    note G = `prg Env = G`
 10.1282 +    note G = \<open>prg Env = G\<close>
 10.1283      from Cast.prems obtain
 10.1284        da_e: "Env\<turnstile> dom (locals (store ((Norm s0)::state))) \<guillemotright>\<langle>e\<rangle>\<guillemotright> A"
 10.1285        by (elim da_elim_cases)
 10.1286      from Cast.prems obtain eT where
 10.1287        wt_e: "Env\<turnstile>e\<Colon>-eT"
 10.1288        by (elim wt_elim_cases) 
 10.1289 -    note `PROP ?Hyp (In1l e) (Norm s0) s1`
 10.1290 +    note \<open>PROP ?Hyp (In1l e) (Norm s0) s1\<close>
 10.1291      with wt_e da_e G obtain 
 10.1292        nrmAss_A: "?NormalAssigned s1 A" and
 10.1293        brkAss_A: "?BreakAssigned (Norm s0) s1 A"
 10.1294        by simp
 10.1295 -    note s2 = `s2 = abupd (raise_if (\<not> G,snd s1\<turnstile>v fits cT) ClassCast) s1`
 10.1296 +    note s2 = \<open>s2 = abupd (raise_if (\<not> G,snd s1\<turnstile>v fits cT) ClassCast) s1\<close>
 10.1297      hence s1_s2: "dom (locals (store s1)) \<subseteq> dom (locals (store s2))"
 10.1298        by simp
 10.1299      have "?NormalAssigned s2 A"
 10.1300 @@ -3675,14 +3675,14 @@
 10.1301      ultimately show ?case by (intro conjI)
 10.1302    next
 10.1303      case (Inst s0 e v s1 b iT Env T A)
 10.1304 -    note G = `prg Env = G`
 10.1305 +    note G = \<open>prg Env = G\<close>
 10.1306      from Inst.prems obtain
 10.1307        da_e: "Env\<turnstile> dom (locals (store ((Norm s0)::state))) \<guillemotright>\<langle>e\<rangle>\<guillemotright> A"
 10.1308        by (elim da_elim_cases)
 10.1309      from Inst.prems obtain eT where
 10.1310        wt_e: "Env\<turnstile>e\<Colon>-eT"
 10.1311        by (elim wt_elim_cases) 
 10.1312 -    note `PROP ?Hyp (In1l e) (Norm s0) s1`
 10.1313 +    note \<open>PROP ?Hyp (In1l e) (Norm s0) s1\<close>
 10.1314      with wt_e da_e G obtain 
 10.1315        "?NormalAssigned s1 A" and
 10.1316        "?BreakAssigned (Norm s0) s1 A" and
 10.1317 @@ -3697,14 +3697,14 @@
 10.1318      thus ?case by simp
 10.1319    next
 10.1320      case (UnOp s0 e v s1 unop Env T A)
 10.1321 -    note G = `prg Env = G`
 10.1322 +    note G = \<open>prg Env = G\<close>
 10.1323      from UnOp.prems obtain
 10.1324        da_e: "Env\<turnstile> dom (locals (store ((Norm s0)::state))) \<guillemotright>\<langle>e\<rangle>\<guillemotright> A"
 10.1325        by (elim da_elim_cases)
 10.1326      from UnOp.prems obtain eT where
 10.1327        wt_e: "Env\<turnstile>e\<Colon>-eT"
 10.1328        by (elim wt_elim_cases) 
 10.1329 -    note `PROP ?Hyp (In1l e) (Norm s0) s1`
 10.1330 +    note \<open>PROP ?Hyp (In1l e) (Norm s0) s1\<close>
 10.1331      with wt_e da_e G obtain 
 10.1332        "?NormalAssigned s1 A" and
 10.1333        "?BreakAssigned (Norm s0) s1 A" and
 10.1334 @@ -3713,7 +3713,7 @@
 10.1335      thus ?case by (intro conjI)
 10.1336    next
 10.1337      case (BinOp s0 e1 v1 s1 binop e2 v2 s2 Env T A)
 10.1338 -    note G = `prg Env = G`
 10.1339 +    note G = \<open>prg Env = G\<close>
 10.1340      from BinOp.hyps 
 10.1341      have 
 10.1342        eval: "prg Env\<turnstile>Norm s0 \<midarrow>BinOp binop e1 e2-\<succ>(eval_binop binop v1 v2)\<rightarrow> s2"
 10.1343 @@ -3828,7 +3828,7 @@
 10.1344              where da_e1: "Env\<turnstile> dom (locals (snd (Norm s0))) \<guillemotright>\<langle>e1\<rangle>\<guillemotright> E1"  
 10.1345               and  da_e2: "Env\<turnstile> nrm E1 \<guillemotright>\<langle>e2\<rangle>\<guillemotright> A"
 10.1346              by (elim da_elim_cases) (simp_all add: notAndOr)
 10.1347 -          note `PROP ?Hyp (In1l e1) (Norm s0) s1`
 10.1348 +          note \<open>PROP ?Hyp (In1l e1) (Norm s0) s1\<close>
 10.1349            with wt_e1 da_e1 G normal_s1
 10.1350            obtain "?NormalAssigned s1 E1"  
 10.1351              by simp
 10.1352 @@ -3880,20 +3880,20 @@
 10.1353        have "nrm A = dom (locals (store ((Norm s0)::state)))"
 10.1354          by (simp only: vn) (elim da_elim_cases,simp_all)
 10.1355        moreover
 10.1356 -      from `G\<turnstile>Norm s0 \<midarrow>v=\<succ>(w, upd)\<rightarrow> s1`
 10.1357 +      from \<open>G\<turnstile>Norm s0 \<midarrow>v=\<succ>(w, upd)\<rightarrow> s1\<close>
 10.1358        have "s1=Norm s0"
 10.1359          by (simp only: vn) (elim eval_elim_cases,simp)
 10.1360        ultimately show ?thesis by simp
 10.1361      next
 10.1362        case False
 10.1363 -      note G = `prg Env = G`
 10.1364 +      note G = \<open>prg Env = G\<close>
 10.1365        from False Acc.prems
 10.1366        have da_v: "Env\<turnstile> dom (locals (store ((Norm s0)::state))) \<guillemotright>\<langle>v\<rangle>\<guillemotright> A"
 10.1367          by (elim da_elim_cases) simp_all 
 10.1368        from Acc.prems obtain vT where
 10.1369          wt_v: "Env\<turnstile>v\<Colon>=vT"
 10.1370          by (elim wt_elim_cases) 
 10.1371 -      note `PROP ?Hyp (In2 v) (Norm s0) s1`
 10.1372 +      note \<open>PROP ?Hyp (In2 v) (Norm s0) s1\<close>
 10.1373        with wt_v da_v G obtain 
 10.1374          "?NormalAssigned s1 A" and
 10.1375          "?BreakAssigned (Norm s0) s1 A" and
 10.1376 @@ -3903,7 +3903,7 @@
 10.1377      qed
 10.1378    next
 10.1379      case (Ass s0 var w upd s1 e v s2 Env T A)
 10.1380 -    note G = `prg Env = G`
 10.1381 +    note G = \<open>prg Env = G\<close>
 10.1382      from Ass.prems obtain varT eT where
 10.1383        wt_var: "Env\<turnstile>var\<Colon>=varT" and
 10.1384        wt_e:   "Env\<turnstile>e\<Colon>-eT"
 10.1385 @@ -3918,8 +3918,8 @@
 10.1386          by (cases s2) (simp add: assign_def Let_def)
 10.1387        hence normal_s1: "normal s1"
 10.1388          by - (rule eval_no_abrupt_lemma [rule_format], rule Ass.hyps)
 10.1389 -      note hyp_var = `PROP ?Hyp (In2 var) (Norm s0) s1`
 10.1390 -      note hyp_e = `PROP ?Hyp (In1l e) s1 s2`
 10.1391 +      note hyp_var = \<open>PROP ?Hyp (In2 var) (Norm s0) s1\<close>
 10.1392 +      note hyp_e = \<open>PROP ?Hyp (In1l e) s1 s2\<close>
 10.1393        show "nrm A \<subseteq> dom (locals (store (assign upd v s2)))"
 10.1394        proof (cases "\<exists> vn. var = LVar vn")
 10.1395          case True
 10.1396 @@ -4017,7 +4017,7 @@
 10.1397      ultimately show ?case by (intro conjI)
 10.1398    next
 10.1399      case (Cond s0 e0 b s1 e1 e2 v s2 Env T A)
 10.1400 -    note G = `prg Env = G`
 10.1401 +    note G = \<open>prg Env = G\<close>
 10.1402      have "?NormalAssigned s2 A"
 10.1403      proof 
 10.1404        assume normal_s2: "normal s2"
 10.1405 @@ -4140,7 +4140,7 @@
 10.1406    next
 10.1407      case (Call s0 e a s1 args vs s2 D mode statT mn pTs s3 s3' accC v s4
 10.1408             Env T A)
 10.1409 -    note G = `prg Env = G`
 10.1410 +    note G = \<open>prg Env = G\<close>
 10.1411      have "?NormalAssigned (restore_lvars s2 s4) A"
 10.1412      proof 
 10.1413        assume normal_restore_lvars: "normal (restore_lvars s2 s4)"
 10.1414 @@ -4154,9 +4154,9 @@
 10.1415               wt_e: "Env\<turnstile>e\<Colon>-eT" and
 10.1416            wt_args: "Env\<turnstile>args\<Colon>\<doteq>argsT"
 10.1417            by (elim wt_elim_cases)
 10.1418 -        note s3 = `s3 = init_lvars G D \<lparr>name = mn, parTs = pTs\<rparr> mode a vs s2`
 10.1419 -        note s3' = `s3' = check_method_access G accC statT mode 
 10.1420 -                                           \<lparr>name=mn,parTs=pTs\<rparr> a s3`
 10.1421 +        note s3 = \<open>s3 = init_lvars G D \<lparr>name = mn, parTs = pTs\<rparr> mode a vs s2\<close>
 10.1422 +        note s3' = \<open>s3' = check_method_access G accC statT mode 
 10.1423 +                                           \<lparr>name=mn,parTs=pTs\<rparr> a s3\<close>
 10.1424          have normal_s2: "normal s2"
 10.1425          proof -
 10.1426            from normal_restore_lvars have "normal s4"
 10.1427 @@ -4170,7 +4170,7 @@
 10.1428          qed
 10.1429          then have normal_s1: "normal s1"
 10.1430            by  - (rule eval_no_abrupt_lemma [rule_format], rule Call.hyps)
 10.1431 -        note `PROP ?Hyp (In1l e) (Norm s0) s1`
 10.1432 +        note \<open>PROP ?Hyp (In1l e) (Norm s0) s1\<close>
 10.1433          with da_e wt_e G normal_s1
 10.1434          have "nrm E \<subseteq> dom (locals (store s1))"
 10.1435            by simp
 10.1436 @@ -4178,7 +4178,7 @@
 10.1437            da_args': "Env\<turnstile> dom (locals (store s1)) \<guillemotright>\<langle>args\<rangle>\<guillemotright> A'" and
 10.1438            nrm_A_A': "nrm A \<subseteq> nrm A'"
 10.1439            by (rule da_weakenE) iprover
 10.1440 -        note `PROP ?Hyp (In3 args) s1 s2`
 10.1441 +        note \<open>PROP ?Hyp (In3 args) s1 s2\<close>
 10.1442          with da_args' wt_args G normal_s2
 10.1443          have "nrm A' \<subseteq> dom (locals (store s2))"
 10.1444            by simp
 10.1445 @@ -4212,7 +4212,7 @@
 10.1446      ultimately show ?case by (intro conjI)
 10.1447    next
 10.1448      case (Methd s0 D sig v s1 Env T A)
 10.1449 -    note G = `prg Env = G`
 10.1450 +    note G = \<open>prg Env = G\<close>
 10.1451      from Methd.prems obtain m where
 10.1452         m:      "methd (prg Env) D sig = Some m" and
 10.1453         da_body: "Env\<turnstile>(dom (locals (store ((Norm s0)::state)))) 
 10.1454 @@ -4222,7 +4222,7 @@
 10.1455        isCls: "is_class (prg Env) D" and
 10.1456        wt_body: "Env \<turnstile>In1l (Body (declclass m) (stmt (mbody (mthd m))))\<Colon>T"
 10.1457        by - (erule wt_elim_cases,simp)
 10.1458 -    note `PROP ?Hyp (In1l (body G D sig)) (Norm s0) s1`
 10.1459 +    note \<open>PROP ?Hyp (In1l (body G D sig)) (Norm s0) s1\<close>
 10.1460      moreover
 10.1461      from wt_body have "Env\<turnstile>In1l (body G D sig)\<Colon>T"
 10.1462        using isCls m G by (simp add: body_def2)
 10.1463 @@ -4234,7 +4234,7 @@
 10.1464        using G by simp
 10.1465    next
 10.1466      case (Body s0 D s1 c s2 s3 Env T A)
 10.1467 -    note G = `prg Env = G`
 10.1468 +    note G = \<open>prg Env = G\<close>
 10.1469      from Body.prems 
 10.1470      have nrm_A: "nrm A = dom (locals (store ((Norm s0)::state)))"
 10.1471        by (elim da_elim_cases) simp
 10.1472 @@ -4260,14 +4260,14 @@
 10.1473      thus ?case by simp
 10.1474    next
 10.1475      case (FVar s0 statDeclC s1 e a s2 v s2' stat fn s3 accC Env T A)
 10.1476 -    note G = `prg Env = G`
 10.1477 +    note G = \<open>prg Env = G\<close>
 10.1478      have "?NormalAssigned s3 A"
 10.1479      proof 
 10.1480        assume normal_s3: "normal s3"
 10.1481        show "nrm A \<subseteq> dom (locals (store s3))"
 10.1482        proof -
 10.1483 -        note fvar = `(v, s2') = fvar statDeclC stat fn a s2` and
 10.1484 -          s3 = `s3 = check_field_access G accC statDeclC fn stat a s2'`
 10.1485 +        note fvar = \<open>(v, s2') = fvar statDeclC stat fn a s2\<close> and
 10.1486 +          s3 = \<open>s3 = check_field_access G accC statDeclC fn stat a s2'\<close>
 10.1487          from FVar.prems
 10.1488          have da_e: "Env\<turnstile> (dom (locals (store ((Norm s0)::state))))\<guillemotright>\<langle>e\<rangle>\<guillemotright> A"
 10.1489            by (elim da_elim_cases)
 10.1490 @@ -4290,7 +4290,7 @@
 10.1491            show "normal s2"
 10.1492              by (cases s2) (simp add: fvar_def2)
 10.1493          qed
 10.1494 -        note `PROP ?Hyp (In1l e) s1 s2`
 10.1495 +        note \<open>PROP ?Hyp (In1l e) s1 s2\<close>
 10.1496          with da_e' wt_e G normal_s2
 10.1497          have "nrm A' \<subseteq> dom (locals (store s2))"
 10.1498            by simp
 10.1499 @@ -4332,13 +4332,13 @@
 10.1500      ultimately show ?case by (intro conjI)
 10.1501    next
 10.1502      case (AVar s0 e1 a s1 e2 i s2 v s2' Env T A)
 10.1503 -    note G = `prg Env = G`
 10.1504 +    note G = \<open>prg Env = G\<close>
 10.1505      have "?NormalAssigned s2' A"
 10.1506      proof 
 10.1507        assume normal_s2': "normal s2'"
 10.1508        show "nrm A \<subseteq> dom (locals (store s2'))"
 10.1509        proof -
 10.1510 -        note avar = `(v, s2') = avar G i a s2`
 10.1511 +        note avar = \<open>(v, s2') = avar G i a s2\<close>
 10.1512          from AVar.prems obtain E1 where
 10.1513            da_e1: "Env\<turnstile> (dom (locals (store ((Norm s0)::state))))\<guillemotright>\<langle>e1\<rangle>\<guillemotright> E1" and
 10.1514            da_e2: "Env\<turnstile> nrm E1 \<guillemotright>\<langle>e2\<rangle>\<guillemotright> A" 
 10.1515 @@ -4352,14 +4352,14 @@
 10.1516            by (cases s2) (simp add: avar_def2)
 10.1517          hence "normal s1"
 10.1518            by - (rule eval_no_abrupt_lemma [rule_format], rule AVar, rule normal_s2)
 10.1519 -        moreover note `PROP ?Hyp (In1l e1) (Norm s0) s1`
 10.1520 +        moreover note \<open>PROP ?Hyp (In1l e1) (Norm s0) s1\<close>
 10.1521          ultimately have "nrm E1 \<subseteq> dom (locals (store s1))" 
 10.1522            using da_e1 wt_e1 G by simp
 10.1523          with da_e2 obtain A' where
 10.1524            da_e2': "Env\<turnstile> dom (locals (store s1)) \<guillemotright>\<langle>e2\<rangle>\<guillemotright> A'" and
 10.1525            nrm_A_A': "nrm A \<subseteq> nrm A'"
 10.1526            by (rule da_weakenE) iprover
 10.1527 -        note `PROP ?Hyp (In1l e2) s1 s2`
 10.1528 +        note \<open>PROP ?Hyp (In1l e2) s1 s2\<close>
 10.1529          with da_e2' wt_e2 G normal_s2
 10.1530          have "nrm A' \<subseteq> dom (locals (store s2))"
 10.1531            by simp
 10.1532 @@ -4404,7 +4404,7 @@
 10.1533      thus ?case by simp
 10.1534    next 
 10.1535      case (Cons s0 e v s1 es vs s2 Env T A)
 10.1536 -    note G = `prg Env = G`
 10.1537 +    note G = \<open>prg Env = G\<close>
 10.1538      have "?NormalAssigned s2 A"
 10.1539      proof 
 10.1540        assume normal_s2: "normal s2"
 10.1541 @@ -4420,14 +4420,14 @@
 10.1542            by (elim wt_elim_cases)
 10.1543          have "normal s1"
 10.1544            by - (rule eval_no_abrupt_lemma [rule_format], rule Cons.hyps, rule normal_s2)
 10.1545 -        moreover note `PROP ?Hyp (In1l e) (Norm s0) s1`
 10.1546 +        moreover note \<open>PROP ?Hyp (In1l e) (Norm s0) s1\<close>
 10.1547          ultimately have "nrm E \<subseteq> dom (locals (store s1))" 
 10.1548            using da_e wt_e G by simp
 10.1549          with da_es obtain A' where
 10.1550            da_es': "Env\<turnstile> dom (locals (store s1)) \<guillemotright>\<langle>es\<rangle>\<guillemotright> A'" and
 10.1551            nrm_A_A': "nrm A \<subseteq> nrm A'"
 10.1552            by (rule da_weakenE) iprover
 10.1553 -        note `PROP ?Hyp (In3 es) s1 s2`
 10.1554 +        note \<open>PROP ?Hyp (In3 es) s1 s2\<close>
 10.1555          with da_es' wt_es G normal_s2
 10.1556          have "nrm A' \<subseteq> dom (locals (store s2))"
 10.1557            by simp
    11.1 --- a/src/HOL/Bali/Eval.thy	Sat Jan 02 18:46:36 2016 +0100
    11.2 +++ b/src/HOL/Bali/Eval.thy	Sat Jan 02 18:48:45 2016 +0100
    11.3 @@ -1,13 +1,13 @@
    11.4  (*  Title:      HOL/Bali/Eval.thy
    11.5      Author:     David von Oheimb
    11.6  *)
    11.7 -subsection {* Operational evaluation (big-step) semantics of Java expressions and 
    11.8 +subsection \<open>Operational evaluation (big-step) semantics of Java expressions and 
    11.9            statements
   11.10 -*}
   11.11 +\<close>
   11.12  
   11.13  theory Eval imports State DeclConcepts begin
   11.14  
   11.15 -text {*
   11.16 +text \<open>
   11.17  
   11.18  improvements over Java Specification 1.0:
   11.19  \begin{itemize}
   11.20 @@ -57,10 +57,10 @@
   11.21    \end{itemize}
   11.22  \item the rules are defined carefully in order to be applicable even in not
   11.23    type-correct situations (yielding undefined values),
   11.24 -  e.g. @{text "the_Addr (Val (Bool b)) = undefined"}.
   11.25 +  e.g. \<open>the_Addr (Val (Bool b)) = undefined\<close>.
   11.26    \begin{itemize}
   11.27    \item[++] fewer rules 
   11.28 -  \item[-]  less readable because of auxiliary functions like @{text the_Addr}
   11.29 +  \item[-]  less readable because of auxiliary functions like \<open>the_Addr\<close>
   11.30    \end{itemize}
   11.31    Alternative: "defensive" evaluation throwing some InternalError exception
   11.32                 in case of (impossible, for correct programs) type mismatches
   11.33 @@ -81,7 +81,7 @@
   11.34             (whether there is enough memory to allocate the exception) in 
   11.35              evaluation rules
   11.36    \end{itemize}
   11.37 -\item unfortunately @{text new_Addr} is not directly executable because of 
   11.38 +\item unfortunately \<open>new_Addr\<close> is not directly executable because of 
   11.39        Hilbert operator.
   11.40  \end{itemize}
   11.41  simplifications:
   11.42 @@ -93,7 +93,7 @@
   11.43        modelled
   11.44  \item exceptions in initializations not replaced by ExceptionInInitializerError
   11.45  \end{itemize}
   11.46 -*}
   11.47 +\<close>
   11.48  
   11.49  
   11.50  type_synonym vvar = "val \<times> (val \<Rightarrow> state \<Rightarrow> state)"
   11.51 @@ -102,11 +102,11 @@
   11.52    (type) "vvar" <= (type) "val \<times> (val \<Rightarrow> state \<Rightarrow> state)"
   11.53    (type) "vals" <= (type) "(val, vvar, val list) sum3" 
   11.54  
   11.55 -text {* To avoid redundancy and to reduce the number of rules, there is only 
   11.56 +text \<open>To avoid redundancy and to reduce the number of rules, there is only 
   11.57   one evaluation rule for each syntactic term. This is also true for variables
   11.58 - (e.g. see the rules below for @{text LVar}, @{text FVar} and @{text AVar}). 
   11.59 + (e.g. see the rules below for \<open>LVar\<close>, \<open>FVar\<close> and \<open>AVar\<close>). 
   11.60   So evaluation of a variable must capture both possible further uses: 
   11.61 - read (rule @{text Acc}) or write (rule @{text Ass}) to the variable. 
   11.62 + read (rule \<open>Acc\<close>) or write (rule \<open>Ass\<close>) to the variable. 
   11.63   Therefor a variable evaluates to a special value @{term vvar}, which is 
   11.64   a pair, consisting of the current value (for later read access) and an update 
   11.65   function (for later write access). Because
   11.66 @@ -122,7 +122,7 @@
   11.67   such a generic update function, but only to store the address and the kind
   11.68   of variable (array (+ element type), local variable or field) for later 
   11.69   assignment. 
   11.70 -*}
   11.71 +\<close>
   11.72  
   11.73  abbreviation
   11.74    dummy_res :: "vals" ("\<diamondsuit>")
   11.75 @@ -355,7 +355,7 @@
   11.76  
   11.77  
   11.78  
   11.79 -lemma init_lvars_def2: --{* better suited for simplification *} 
   11.80 +lemma init_lvars_def2: \<comment>\<open>better suited for simplification\<close> 
   11.81  "init_lvars G C sig mode a' pvs (x,s) =  
   11.82    set_lvars 
   11.83      (\<lambda> k. 
   11.84 @@ -378,7 +378,7 @@
   11.85      (let m = the (methd G C sig) 
   11.86       in Body (declclass m) (stmt (mbody (mthd m))))"
   11.87  
   11.88 -lemma body_def2: --{* better suited for simplification *} 
   11.89 +lemma body_def2: \<comment>\<open>better suited for simplification\<close> 
   11.90  "body G C sig = Body  (declclass (the (methd G C sig))) 
   11.91                        (stmt (mbody (mthd (the (methd G C sig)))))"
   11.92  apply (unfold body_def Let_def)
   11.93 @@ -412,7 +412,7 @@
   11.94                                ,upd_gobj oref n v s)) 
   11.95       in ((the (cs n),f),abupd (raise_if (\<not>i in_bounds k) IndOutBound \<circ> np a') s))"
   11.96  
   11.97 -lemma fvar_def2: --{* better suited for simplification *} 
   11.98 +lemma fvar_def2: \<comment>\<open>better suited for simplification\<close> 
   11.99  "fvar C stat fn a' s =  
  11.100    ((the 
  11.101       (values 
  11.102 @@ -427,7 +427,7 @@
  11.103  apply (simp (no_asm) add: Let_def split_beta)
  11.104  done
  11.105  
  11.106 -lemma avar_def2: --{* better suited for simplification *} 
  11.107 +lemma avar_def2: \<comment>\<open>better suited for simplification\<close> 
  11.108  "avar G i' a' s =  
  11.109    ((the ((snd(snd(the_Arr (globs (store s) (Heap (the_Addr a')))))) 
  11.110             (Inr (the_Intg i')))
  11.111 @@ -471,7 +471,7 @@
  11.112  
  11.113  inductive
  11.114    halloc :: "[prog,state,obj_tag,loc,state]\<Rightarrow>bool" ("_\<turnstile>_ \<midarrow>halloc _\<succ>_\<rightarrow> _"[61,61,61,61,61]60) for G::prog
  11.115 -where --{* allocating objects on the heap, cf. 12.5 *}
  11.116 +where \<comment>\<open>allocating objects on the heap, cf. 12.5\<close>
  11.117  
  11.118    Abrupt: 
  11.119    "G\<turnstile>(Some x,s) \<midarrow>halloc oi\<succ>undefined\<rightarrow> (Some x,s)"
  11.120 @@ -483,8 +483,8 @@
  11.121              G\<turnstile>Norm s \<midarrow>halloc oi\<succ>a\<rightarrow> (x,init_obj G oi' (Heap a) s)"
  11.122  
  11.123  inductive sxalloc :: "[prog,state,state]\<Rightarrow>bool" ("_\<turnstile>_ \<midarrow>sxalloc\<rightarrow> _"[61,61,61]60) for G::prog
  11.124 -where --{* allocating exception objects for
  11.125 -  standard exceptions (other than OutOfMemory) *}
  11.126 +where \<comment>\<open>allocating exception objects for
  11.127 +  standard exceptions (other than OutOfMemory)\<close>
  11.128  
  11.129    Norm:  "G\<turnstile> Norm              s   \<midarrow>sxalloc\<rightarrow>  Norm             s"
  11.130  
  11.131 @@ -513,42 +513,42 @@
  11.132  | "G\<turnstile>s \<midarrow>e=\<succ>vf\<rightarrow>     s' \<equiv> G\<turnstile>s \<midarrow>In2  e\<succ>\<rightarrow> (In2 vf, s')"
  11.133  | "G\<turnstile>s \<midarrow>e\<doteq>\<succ>v \<rightarrow>     s' \<equiv> G\<turnstile>s \<midarrow>In3  e\<succ>\<rightarrow> (In3 v,  s')"
  11.134  
  11.135 ---{* propagation of abrupt completion *}
  11.136 +\<comment>\<open>propagation of abrupt completion\<close>
  11.137  
  11.138 -  --{* cf. 14.1, 15.5 *}
  11.139 +  \<comment>\<open>cf. 14.1, 15.5\<close>
  11.140  | Abrupt: 
  11.141     "G\<turnstile>(Some xc,s) \<midarrow>t\<succ>\<rightarrow> (undefined3 t, (Some xc, s))"
  11.142  
  11.143  
  11.144 ---{* execution of statements *}
  11.145 +\<comment>\<open>execution of statements\<close>
  11.146  
  11.147 -  --{* cf. 14.5 *}
  11.148 +  \<comment>\<open>cf. 14.5\<close>
  11.149  | Skip:                             "G\<turnstile>Norm s \<midarrow>Skip\<rightarrow> Norm s"
  11.150  
  11.151 -  --{* cf. 14.7 *}
  11.152 +  \<comment>\<open>cf. 14.7\<close>
  11.153  | Expr: "\<lbrakk>G\<turnstile>Norm s0 \<midarrow>e-\<succ>v\<rightarrow> s1\<rbrakk> \<Longrightarrow>
  11.154                                    G\<turnstile>Norm s0 \<midarrow>Expr e\<rightarrow> s1"
  11.155  
  11.156  | Lab:  "\<lbrakk>G\<turnstile>Norm s0 \<midarrow>c \<rightarrow> s1\<rbrakk> \<Longrightarrow>
  11.157                                  G\<turnstile>Norm s0 \<midarrow>l\<bullet> c\<rightarrow> abupd (absorb l) s1"
  11.158 -  --{* cf. 14.2 *}
  11.159 +  \<comment>\<open>cf. 14.2\<close>
  11.160  | Comp: "\<lbrakk>G\<turnstile>Norm s0 \<midarrow>c1 \<rightarrow> s1;
  11.161            G\<turnstile>     s1 \<midarrow>c2 \<rightarrow> s2\<rbrakk> \<Longrightarrow>
  11.162                                   G\<turnstile>Norm s0 \<midarrow>c1;; c2\<rightarrow> s2"
  11.163  
  11.164 -  --{* cf. 14.8.2 *}
  11.165 +  \<comment>\<open>cf. 14.8.2\<close>
  11.166  | If:   "\<lbrakk>G\<turnstile>Norm s0 \<midarrow>e-\<succ>b\<rightarrow> s1;
  11.167            G\<turnstile>     s1\<midarrow>(if the_Bool b then c1 else c2)\<rightarrow> s2\<rbrakk> \<Longrightarrow>
  11.168                         G\<turnstile>Norm s0 \<midarrow>If(e) c1 Else c2 \<rightarrow> s2"
  11.169  
  11.170 -  --{* cf. 14.10, 14.10.1 *}
  11.171 +  \<comment>\<open>cf. 14.10, 14.10.1\<close>
  11.172    
  11.173 -  --{* A continue jump from the while body @{term c} is handled by 
  11.174 +  \<comment>\<open>A continue jump from the while body @{term c} is handled by 
  11.175       this rule. If a continue jump with the proper label was invoked inside 
  11.176       @{term c} this label (Cont l) is deleted out of the abrupt component of 
  11.177       the state before the iterative evaluation of the while statement.
  11.178 -     A break jump is handled by the Lab Statement @{text "Lab l (while\<dots>)"}.
  11.179 -  *}
  11.180 +     A break jump is handled by the Lab Statement \<open>Lab l (while\<dots>)\<close>.
  11.181 +\<close>
  11.182  | Loop: "\<lbrakk>G\<turnstile>Norm s0 \<midarrow>e-\<succ>b\<rightarrow> s1;
  11.183            if the_Bool b 
  11.184               then (G\<turnstile>s1 \<midarrow>c\<rightarrow> s2 \<and> 
  11.185 @@ -558,16 +558,16 @@
  11.186  
  11.187  | Jmp: "G\<turnstile>Norm s \<midarrow>Jmp j\<rightarrow> (Some (Jump j), s)"
  11.188     
  11.189 -  --{* cf. 14.16 *}
  11.190 +  \<comment>\<open>cf. 14.16\<close>
  11.191  | Throw: "\<lbrakk>G\<turnstile>Norm s0 \<midarrow>e-\<succ>a'\<rightarrow> s1\<rbrakk> \<Longrightarrow>
  11.192                                   G\<turnstile>Norm s0 \<midarrow>Throw e\<rightarrow> abupd (throw a') s1"
  11.193  
  11.194 -  --{* cf. 14.18.1 *}
  11.195 +  \<comment>\<open>cf. 14.18.1\<close>
  11.196  | Try:  "\<lbrakk>G\<turnstile>Norm s0 \<midarrow>c1\<rightarrow> s1; G\<turnstile>s1 \<midarrow>sxalloc\<rightarrow> s2; 
  11.197            if G,s2\<turnstile>catch C then G\<turnstile>new_xcpt_var vn s2 \<midarrow>c2\<rightarrow> s3 else s3 = s2\<rbrakk> \<Longrightarrow>
  11.198                    G\<turnstile>Norm s0 \<midarrow>Try c1 Catch(C vn) c2\<rightarrow> s3"
  11.199  
  11.200 -  --{* cf. 14.18.2 *}
  11.201 +  \<comment>\<open>cf. 14.18.2\<close>
  11.202  | Fin:  "\<lbrakk>G\<turnstile>Norm s0 \<midarrow>c1\<rightarrow> (x1,s1);
  11.203            G\<turnstile>Norm s1 \<midarrow>c2\<rightarrow> s2;
  11.204            s3=(if (\<exists> err. x1=Some (Error err)) 
  11.205 @@ -575,7 +575,7 @@
  11.206                else abupd (abrupt_if (x1\<noteq>None) x1) s2) \<rbrakk> 
  11.207            \<Longrightarrow>
  11.208            G\<turnstile>Norm s0 \<midarrow>c1 Finally c2\<rightarrow> s3"
  11.209 -  --{* cf. 12.4.2, 8.5 *}
  11.210 +  \<comment>\<open>cf. 12.4.2, 8.5\<close>
  11.211  | Init: "\<lbrakk>the (class G C) = c;
  11.212            if inited C (globs s0) then s3 = Norm s0
  11.213            else (G\<turnstile>Norm (init_class_obj G C s0) 
  11.214 @@ -583,20 +583,20 @@
  11.215                 G\<turnstile>set_lvars empty s1 \<midarrow>init c\<rightarrow> s2 \<and> s3 = restore_lvars s1 s2)\<rbrakk> 
  11.216                \<Longrightarrow>
  11.217                   G\<turnstile>Norm s0 \<midarrow>Init C\<rightarrow> s3"
  11.218 -   --{* This class initialisation rule is a little bit inaccurate. Look at the
  11.219 +   \<comment>\<open>This class initialisation rule is a little bit inaccurate. Look at the
  11.220        exact sequence:
  11.221        (1) The current class object (the static fields) are initialised
  11.222 -           (@{text init_class_obj}),
  11.223 +           (\<open>init_class_obj\<close>),
  11.224        (2) the superclasses are initialised,
  11.225        (3) the static initialiser of the current class is invoked.
  11.226        More precisely we should expect another ordering, namely 2 1 3.
  11.227        But we can't just naively toggle 1 and 2. By calling 
  11.228 -      @{text init_class_obj} 
  11.229 +      \<open>init_class_obj\<close> 
  11.230        before initialising the superclasses, we also implicitly record that
  11.231        we have started to initialise the current class (by setting an 
  11.232        value for the class object). This becomes 
  11.233        crucial for the completeness proof of the axiomatic semantics 
  11.234 -      @{text "AxCompl.thy"}. Static initialisation requires an induction on 
  11.235 +      \<open>AxCompl.thy\<close>. Static initialisation requires an induction on 
  11.236        the number of classes not yet initialised (or to be more precise, 
  11.237        classes were the initialisation has not yet begun). 
  11.238        So we could first assign a dummy value to the class before
  11.239 @@ -604,30 +604,30 @@
  11.240        But as long as we don't take memory overflow into account 
  11.241        when allocating class objects, we can leave things as they are for 
  11.242        convenience. 
  11.243 -   *}
  11.244 ---{* evaluation of expressions *}
  11.245 +\<close>
  11.246 +\<comment>\<open>evaluation of expressions\<close>
  11.247  
  11.248 -  --{* cf. 15.8.1, 12.4.1 *}
  11.249 +  \<comment>\<open>cf. 15.8.1, 12.4.1\<close>
  11.250  | NewC: "\<lbrakk>G\<turnstile>Norm s0 \<midarrow>Init C\<rightarrow> s1;
  11.251            G\<turnstile>     s1 \<midarrow>halloc (CInst C)\<succ>a\<rightarrow> s2\<rbrakk> \<Longrightarrow>
  11.252                                    G\<turnstile>Norm s0 \<midarrow>NewC C-\<succ>Addr a\<rightarrow> s2"
  11.253  
  11.254 -  --{* cf. 15.9.1, 12.4.1 *}
  11.255 +  \<comment>\<open>cf. 15.9.1, 12.4.1\<close>
  11.256  | NewA: "\<lbrakk>G\<turnstile>Norm s0 \<midarrow>init_comp_ty T\<rightarrow> s1; G\<turnstile>s1 \<midarrow>e-\<succ>i'\<rightarrow> s2; 
  11.257            G\<turnstile>abupd (check_neg i') s2 \<midarrow>halloc (Arr T (the_Intg i'))\<succ>a\<rightarrow> s3\<rbrakk> \<Longrightarrow>
  11.258                                  G\<turnstile>Norm s0 \<midarrow>New T[e]-\<succ>Addr a\<rightarrow> s3"
  11.259  
  11.260 -  --{* cf. 15.15 *}
  11.261 +  \<comment>\<open>cf. 15.15\<close>
  11.262  | Cast: "\<lbrakk>G\<turnstile>Norm s0 \<midarrow>e-\<succ>v\<rightarrow> s1;
  11.263            s2 = abupd (raise_if (\<not>G,store s1\<turnstile>v fits T) ClassCast) s1\<rbrakk> \<Longrightarrow>
  11.264                                  G\<turnstile>Norm s0 \<midarrow>Cast T e-\<succ>v\<rightarrow> s2"
  11.265  
  11.266 -  --{* cf. 15.19.2 *}
  11.267 +  \<comment>\<open>cf. 15.19.2\<close>
  11.268  | Inst: "\<lbrakk>G\<turnstile>Norm s0 \<midarrow>e-\<succ>v\<rightarrow> s1;
  11.269            b = (v\<noteq>Null \<and> G,store s1\<turnstile>v fits RefT T)\<rbrakk> \<Longrightarrow>
  11.270                                G\<turnstile>Norm s0 \<midarrow>e InstOf T-\<succ>Bool b\<rightarrow> s1"
  11.271  
  11.272 -  --{* cf. 15.7.1 *}
  11.273 +  \<comment>\<open>cf. 15.7.1\<close>
  11.274  | Lit:  "G\<turnstile>Norm s \<midarrow>Lit v-\<succ>v\<rightarrow> Norm s"
  11.275  
  11.276  | UnOp: "\<lbrakk>G\<turnstile>Norm s0 \<midarrow>e-\<succ>v\<rightarrow> s1\<rbrakk> 
  11.277 @@ -639,25 +639,25 @@
  11.278            \<rbrakk> 
  11.279           \<Longrightarrow> G\<turnstile>Norm s0 \<midarrow>BinOp binop e1 e2-\<succ>(eval_binop binop v1 v2)\<rightarrow> s2"
  11.280     
  11.281 -  --{* cf. 15.10.2 *}
  11.282 +  \<comment>\<open>cf. 15.10.2\<close>
  11.283  | Super: "G\<turnstile>Norm s \<midarrow>Super-\<succ>val_this s\<rightarrow> Norm s"
  11.284  
  11.285 -  --{* cf. 15.2 *}
  11.286 +  \<comment>\<open>cf. 15.2\<close>
  11.287  | Acc:  "\<lbrakk>G\<turnstile>Norm s0 \<midarrow>va=\<succ>(v,f)\<rightarrow> s1\<rbrakk> \<Longrightarrow>
  11.288                                    G\<turnstile>Norm s0 \<midarrow>Acc va-\<succ>v\<rightarrow> s1"
  11.289  
  11.290 -  --{* cf. 15.25.1 *}
  11.291 +  \<comment>\<open>cf. 15.25.1\<close>
  11.292  | Ass:  "\<lbrakk>G\<turnstile>Norm s0 \<midarrow>va=\<succ>(w,f)\<rightarrow> s1;
  11.293            G\<turnstile>     s1 \<midarrow>e-\<succ>v  \<rightarrow> s2\<rbrakk> \<Longrightarrow>
  11.294                                     G\<turnstile>Norm s0 \<midarrow>va:=e-\<succ>v\<rightarrow> assign f v s2"
  11.295  
  11.296 -  --{* cf. 15.24 *}
  11.297 +  \<comment>\<open>cf. 15.24\<close>
  11.298  | Cond: "\<lbrakk>G\<turnstile>Norm s0 \<midarrow>e0-\<succ>b\<rightarrow> s1;
  11.299            G\<turnstile>     s1 \<midarrow>(if the_Bool b then e1 else e2)-\<succ>v\<rightarrow> s2\<rbrakk> \<Longrightarrow>
  11.300                              G\<turnstile>Norm s0 \<midarrow>e0 ? e1 : e2-\<succ>v\<rightarrow> s2"
  11.301  
  11.302  
  11.303 --- {* The interplay of  @{term Call}, @{term Methd} and @{term Body}:
  11.304 +\<comment> \<open>The interplay of  @{term Call}, @{term Methd} and @{term Body}:
  11.305        Method invocation is split up into these three rules:
  11.306        \begin{itemize}
  11.307        \item [@{term Call}] Calculates the target address and evaluates the
  11.308 @@ -674,8 +674,8 @@
  11.309                             initialisation. Without class initialisation we 
  11.310                             could just evaluate the body statement. 
  11.311        \end{itemize}
  11.312 -   *}
  11.313 -  --{* cf. 15.11.4.1, 15.11.4.2, 15.11.4.4, 15.11.4.5 *}
  11.314 +\<close>
  11.315 +  \<comment>\<open>cf. 15.11.4.1, 15.11.4.2, 15.11.4.4, 15.11.4.5\<close>
  11.316  | Call: 
  11.317    "\<lbrakk>G\<turnstile>Norm s0 \<midarrow>e-\<succ>a'\<rightarrow> s1; G\<turnstile>s1 \<midarrow>args\<doteq>\<succ>vs\<rightarrow> s2;
  11.318      D = invocation_declclass G mode (store s2) a' statT \<lparr>name=mn,parTs=pTs\<rparr>;
  11.319 @@ -684,10 +684,10 @@
  11.320      G\<turnstile>s3' \<midarrow>Methd D \<lparr>name=mn,parTs=pTs\<rparr>-\<succ>v\<rightarrow> s4\<rbrakk>
  11.321     \<Longrightarrow>
  11.322         G\<turnstile>Norm s0 \<midarrow>{accC,statT,mode}e\<cdot>mn({pTs}args)-\<succ>v\<rightarrow> (restore_lvars s2 s4)"
  11.323 ---{* The accessibility check is after @{term init_lvars}, to keep it simple. 
  11.324 +\<comment>\<open>The accessibility check is after @{term init_lvars}, to keep it simple. 
  11.325     @{term init_lvars} already tests for the absence of a null-pointer 
  11.326     reference in case of an instance method invocation.
  11.327 -*}
  11.328 +\<close>
  11.329  
  11.330  | Methd:        "\<lbrakk>G\<turnstile>Norm s0 \<midarrow>body G D sig-\<succ>v\<rightarrow> s1\<rbrakk> \<Longrightarrow>
  11.331                                  G\<turnstile>Norm s0 \<midarrow>Methd D sig-\<succ>v\<rightarrow> s1"
  11.332 @@ -699,40 +699,40 @@
  11.333                    else s2)\<rbrakk> \<Longrightarrow>
  11.334             G\<turnstile>Norm s0 \<midarrow>Body D c-\<succ>the (locals (store s2) Result)
  11.335                \<rightarrow>abupd (absorb Ret) s3"
  11.336 -  --{* cf. 14.15, 12.4.1 *}
  11.337 -  --{* We filter out a break/continue in @{term s2}, so that we can proof 
  11.338 +  \<comment>\<open>cf. 14.15, 12.4.1\<close>
  11.339 +  \<comment>\<open>We filter out a break/continue in @{term s2}, so that we can proof 
  11.340       definite assignment
  11.341       correct, without the need of conformance of the state. By this the
  11.342 -     different parts of the typesafety proof can be disentangled a little. *}
  11.343 +     different parts of the typesafety proof can be disentangled a little.\<close>
  11.344  
  11.345 ---{* evaluation of variables *}
  11.346 +\<comment>\<open>evaluation of variables\<close>
  11.347  
  11.348 -  --{* cf. 15.13.1, 15.7.2 *}
  11.349 +  \<comment>\<open>cf. 15.13.1, 15.7.2\<close>
  11.350  | LVar: "G\<turnstile>Norm s \<midarrow>LVar vn=\<succ>lvar vn s\<rightarrow> Norm s"
  11.351  
  11.352 -  --{* cf. 15.10.1, 12.4.1 *}
  11.353 +  \<comment>\<open>cf. 15.10.1, 12.4.1\<close>
  11.354  | FVar: "\<lbrakk>G\<turnstile>Norm s0 \<midarrow>Init statDeclC\<rightarrow> s1; G\<turnstile>s1 \<midarrow>e-\<succ>a\<rightarrow> s2;
  11.355            (v,s2') = fvar statDeclC stat fn a s2;
  11.356            s3 = check_field_access G accC statDeclC fn stat a s2' \<rbrakk> \<Longrightarrow>
  11.357            G\<turnstile>Norm s0 \<midarrow>{accC,statDeclC,stat}e..fn=\<succ>v\<rightarrow> s3"
  11.358 - --{* The accessibility check is after @{term fvar}, to keep it simple. 
  11.359 + \<comment>\<open>The accessibility check is after @{term fvar}, to keep it simple. 
  11.360      @{term fvar} already tests for the absence of a null-pointer reference 
  11.361      in case of an instance field
  11.362 -  *}
  11.363 +\<close>
  11.364  
  11.365 -  --{* cf. 15.12.1, 15.25.1 *}
  11.366 +  \<comment>\<open>cf. 15.12.1, 15.25.1\<close>
  11.367  | AVar: "\<lbrakk>G\<turnstile> Norm s0 \<midarrow>e1-\<succ>a\<rightarrow> s1; G\<turnstile>s1 \<midarrow>e2-\<succ>i\<rightarrow> s2;
  11.368            (v,s2') = avar G i a s2\<rbrakk> \<Longrightarrow>
  11.369                        G\<turnstile>Norm s0 \<midarrow>e1.[e2]=\<succ>v\<rightarrow> s2'"
  11.370  
  11.371  
  11.372 ---{* evaluation of expression lists *}
  11.373 +\<comment>\<open>evaluation of expression lists\<close>
  11.374  
  11.375 -  --{* cf. 15.11.4.2 *}
  11.376 +  \<comment>\<open>cf. 15.11.4.2\<close>
  11.377  | Nil:
  11.378                                      "G\<turnstile>Norm s0 \<midarrow>[]\<doteq>\<succ>[]\<rightarrow> Norm s0"
  11.379  
  11.380 -  --{* cf. 15.6.4 *}
  11.381 +  \<comment>\<open>cf. 15.6.4\<close>
  11.382  | Cons: "\<lbrakk>G\<turnstile>Norm s0 \<midarrow>e -\<succ> v \<rightarrow> s1;
  11.383            G\<turnstile>     s1 \<midarrow>es\<doteq>\<succ>vs\<rightarrow> s2\<rbrakk> \<Longrightarrow>
  11.384                                     G\<turnstile>Norm s0 \<midarrow>e#es\<doteq>\<succ>v#vs\<rightarrow> s2"
  11.385 @@ -744,13 +744,13 @@
  11.386   29(AVar),24(Call)]
  11.387  *)
  11.388  
  11.389 -ML {*
  11.390 +ML \<open>
  11.391  ML_Thms.bind_thm ("eval_induct", rearrange_prems 
  11.392  [0,1,2,8,4,30,31,27,15,16,
  11.393   17,18,19,20,21,3,5,25,26,23,6,
  11.394   7,11,9,13,14,12,22,10,28,
  11.395   29,24] @{thm eval.induct})
  11.396 -*}
  11.397 +\<close>
  11.398  
  11.399  
  11.400  declare split_if     [split del] split_if_asm     [split del] 
  11.401 @@ -780,7 +780,7 @@
  11.402  
  11.403  declare not_None_eq [simp del] (* IntDef.Zero_def [simp del] *)
  11.404  declare split_paired_All [simp del] split_paired_Ex [simp del]
  11.405 -setup {* map_theory_simpset (fn ctxt => ctxt delloop "split_all_tac") *}
  11.406 +setup \<open>map_theory_simpset (fn ctxt => ctxt delloop "split_all_tac")\<close>
  11.407  
  11.408  inductive_cases eval_cases: "G\<turnstile>s \<midarrow>t\<succ>\<rightarrow> (v, s')"
  11.409  
  11.410 @@ -818,7 +818,7 @@
  11.411          "G\<turnstile>Norm s \<midarrow>In1r (Init C)                       \<succ>\<rightarrow> (x, s')"
  11.412  declare not_None_eq [simp]  (* IntDef.Zero_def [simp] *)
  11.413  declare split_paired_All [simp] split_paired_Ex [simp]
  11.414 -declaration {* K (Simplifier.map_ss (fn ss => ss addloop ("split_all_tac", split_all_tac))) *}
  11.415 +declaration \<open>K (Simplifier.map_ss (fn ss => ss addloop ("split_all_tac", split_all_tac)))\<close>
  11.416  declare split_if     [split] split_if_asm     [split] 
  11.417          option.split [split] option.split_asm [split]
  11.418  
  11.419 @@ -837,12 +837,12 @@
  11.420  apply auto
  11.421  done
  11.422  
  11.423 -text {* The following simplification procedures set up the proper injections of
  11.424 +text \<open>The following simplification procedures set up the proper injections of
  11.425   terms and their corresponding values in the evaluation relation:
  11.426   E.g. an expression 
  11.427   (injection @{term In1l} into terms) always evaluates to ordinary values 
  11.428   (injection @{term In1} into generalised values @{term vals}). 
  11.429 -*}
  11.430 +\<close>
  11.431  
  11.432  lemma eval_expr_eq: "G\<turnstile>s \<midarrow>In1l t\<succ>\<rightarrow> (w, s') = (\<exists>v. w=In1 v \<and> G\<turnstile>s \<midarrow>t-\<succ>v \<rightarrow> s')"
  11.433    by (auto, frule eval_Inj_elim, auto)
  11.434 @@ -856,40 +856,40 @@
  11.435  lemma eval_stmt_eq: "G\<turnstile>s \<midarrow>In1r t\<succ>\<rightarrow> (w, s') = (w=\<diamondsuit> \<and> G\<turnstile>s \<midarrow>t \<rightarrow> s')"
  11.436    by (auto, frule eval_Inj_elim, auto, frule eval_Inj_elim, auto)
  11.437  
  11.438 -simproc_setup eval_expr ("G\<turnstile>s \<midarrow>In1l t\<succ>\<rightarrow> (w, s')") = {*
  11.439 +simproc_setup eval_expr ("G\<turnstile>s \<midarrow>In1l t\<succ>\<rightarrow> (w, s')") = \<open>
  11.440    fn _ => fn _ => fn ct =>
  11.441      (case Thm.term_of ct of
  11.442        (_ $ _ $ _ $ _ $ (Const _ $ _) $ _) => NONE
  11.443 -    | _ => SOME (mk_meta_eq @{thm eval_expr_eq})) *}
  11.444 +    | _ => SOME (mk_meta_eq @{thm eval_expr_eq}))\<close>
  11.445  
  11.446 -simproc_setup eval_var ("G\<turnstile>s \<midarrow>In2 t\<succ>\<rightarrow> (w, s')") = {*
  11.447 +simproc_setup eval_var ("G\<turnstile>s \<midarrow>In2 t\<succ>\<rightarrow> (w, s')") = \<open>
  11.448    fn _ => fn _ => fn ct =>
  11.449      (case Thm.term_of ct of
  11.450        (_ $ _ $ _ $ _ $ (Const _ $ _) $ _) => NONE
  11.451 -    | _ => SOME (mk_meta_eq @{thm eval_var_eq})) *}
  11.452 +    | _ => SOME (mk_meta_eq @{thm eval_var_eq}))\<close>
  11.453  
  11.454 -simproc_setup eval_exprs ("G\<turnstile>s \<midarrow>In3 t\<succ>\<rightarrow> (w, s')") = {*
  11.455 +simproc_setup eval_exprs ("G\<turnstile>s \<midarrow>In3 t\<succ>\<rightarrow> (w, s')") = \<open>
  11.456    fn _ => fn _ => fn ct =>
  11.457      (case Thm.term_of ct of
  11.458        (_ $ _ $ _ $ _ $ (Const _ $ _) $ _) => NONE
  11.459 -    | _ => SOME (mk_meta_eq @{thm eval_exprs_eq})) *}
  11.460 +    | _ => SOME (mk_meta_eq @{thm eval_exprs_eq}))\<close>
  11.461  
  11.462 -simproc_setup eval_stmt ("G\<turnstile>s \<midarrow>In1r t\<succ>\<rightarrow> (w, s')") = {*
  11.463 +simproc_setup eval_stmt ("G\<turnstile>s \<midarrow>In1r t\<succ>\<rightarrow> (w, s')") = \<open>
  11.464    fn _ => fn _ => fn ct =>
  11.465      (case Thm.term_of ct of
  11.466        (_ $ _ $ _ $ _ $ (Const _ $ _) $ _) => NONE
  11.467 -    | _ => SOME (mk_meta_eq @{thm eval_stmt_eq})) *}
  11.468 +    | _ => SOME (mk_meta_eq @{thm eval_stmt_eq}))\<close>
  11.469  
  11.470 -ML {*
  11.471 +ML \<open>
  11.472  ML_Thms.bind_thms ("AbruptIs", sum3_instantiate @{context} @{thm eval.Abrupt})
  11.473 -*}
  11.474 +\<close>
  11.475  
  11.476  declare halloc.Abrupt [intro!] eval.Abrupt [intro!]  AbruptIs [intro!]
  11.477  
  11.478 -text{* @{text Callee},@{text InsInitE}, @{text InsInitV}, @{text FinA} are only
  11.479 +text\<open>\<open>Callee\<close>,\<open>InsInitE\<close>, \<open>InsInitV\<close>, \<open>FinA\<close> are only
  11.480  used in smallstep semantics, not in the bigstep semantics. So their is no
  11.481  valid evaluation of these terms 
  11.482 -*}
  11.483 +\<close>
  11.484  
  11.485  
  11.486  lemma eval_Callee: "G\<turnstile>Norm s\<midarrow>Callee l e-\<succ>v\<rightarrow> s' = False"
  11.487 @@ -952,12 +952,12 @@
  11.488  apply (frule eval_no_abrupt_lemma, auto)+
  11.489  done
  11.490  
  11.491 -simproc_setup eval_no_abrupt ("G\<turnstile>(x,s) \<midarrow>e\<succ>\<rightarrow> (w,Norm s')") = {*
  11.492 +simproc_setup eval_no_abrupt ("G\<turnstile>(x,s) \<midarrow>e\<succ>\<rightarrow> (w,Norm s')") = \<open>
  11.493    fn _ => fn _ => fn ct =>
  11.494      (case Thm.term_of ct of
  11.495        (_ $ _ $ (Const (@{const_name Pair}, _) $ (Const (@{const_name None}, _)) $ _) $ _  $ _ $ _) => NONE
  11.496      | _ => SOME (mk_meta_eq @{thm eval_no_abrupt}))
  11.497 -*}
  11.498 +\<close>
  11.499  
  11.500  
  11.501  lemma eval_abrupt_lemma: 
  11.502 @@ -972,12 +972,12 @@
  11.503  apply (frule eval_abrupt_lemma, auto)+
  11.504  done
  11.505  
  11.506 -simproc_setup eval_abrupt ("G\<turnstile>(Some xc,s) \<midarrow>e\<succ>\<rightarrow> (w,s')") = {*
  11.507 +simproc_setup eval_abrupt ("G\<turnstile>(Some xc,s) \<midarrow>e\<succ>\<rightarrow> (w,s')") = \<open>
  11.508    fn _ => fn _ => fn ct =>
  11.509      (case Thm.term_of ct of
  11.510        (_ $ _ $ _ $ _ $ _ $ (Const (@{const_name Pair}, _) $ (Const (@{const_name Some}, _) $ _)$ _)) => NONE
  11.511      | _ => SOME (mk_meta_eq @{thm eval_abrupt}))
  11.512 -*}
  11.513 +\<close>
  11.514  
  11.515  lemma LitI: "G\<turnstile>s \<midarrow>Lit v-\<succ>(if normal s then v else undefined)\<rightarrow> s"
  11.516  apply (case_tac "s", case_tac "a = None")
  11.517 @@ -1162,8 +1162,8 @@
  11.518  lemma unique_eval [rule_format (no_asm)]: 
  11.519    "G\<turnstile>s \<midarrow>t\<succ>\<rightarrow> (w, s') \<Longrightarrow> (\<forall>w' s''. G\<turnstile>s \<midarrow>t\<succ>\<rightarrow> (w', s'') \<longrightarrow> w' = w \<and> s'' = s')"
  11.520  apply (erule eval_induct)
  11.521 -apply (tactic {* ALLGOALS (EVERY'
  11.522 -      [strip_tac @{context}, rotate_tac ~1, eresolve_tac @{context} @{thms eval_elim_cases}]) *})
  11.523 +apply (tactic \<open>ALLGOALS (EVERY'
  11.524 +      [strip_tac @{context}, rotate_tac ~1, eresolve_tac @{context} @{thms eval_elim_cases}])\<close>)
  11.525  (* 31 subgoals *)
  11.526  prefer 28 (* Try *) 
  11.527  apply (simp (no_asm_use) only: split add: split_if_asm)
    12.1 --- a/src/HOL/Bali/Evaln.thy	Sat Jan 02 18:46:36 2016 +0100
    12.2 +++ b/src/HOL/Bali/Evaln.thy	Sat Jan 02 18:48:45 2016 +0100
    12.3 @@ -1,14 +1,14 @@
    12.4  (*  Title:      HOL/Bali/Evaln.thy
    12.5      Author:     David von Oheimb and Norbert Schirmer
    12.6  *)
    12.7 -subsection {* Operational evaluation (big-step) semantics of Java expressions and 
    12.8 +subsection \<open>Operational evaluation (big-step) semantics of Java expressions and 
    12.9            statements
   12.10 -*}
   12.11 +\<close>
   12.12  
   12.13  theory Evaln imports TypeSafe begin
   12.14  
   12.15  
   12.16 -text {*
   12.17 +text \<open>
   12.18  Variant of @{term eval} relation with counter for bounded recursive depth. 
   12.19  In principal @{term evaln} could replace @{term eval}.
   12.20  
   12.21 @@ -25,7 +25,7 @@
   12.22  @{term check_field_access} and @{term check_method_access} like @{term eval}. 
   12.23  If it would omit them @{term evaln} and @{term eval} would only be equivalent 
   12.24  for welltyped, and definitely assigned terms.
   12.25 -*}
   12.26 +\<close>
   12.27  
   12.28  inductive
   12.29    evaln :: "[prog, state, term, nat, vals, state] \<Rightarrow> bool"
   12.30 @@ -46,12 +46,12 @@
   12.31  | "G\<turnstile>s \<midarrow>e=\<succ>vf \<midarrow>n\<rightarrow>    s' \<equiv> G\<turnstile>s \<midarrow>In2  e\<succ>\<midarrow>n\<rightarrow> (In2 vf,  s')"
   12.32  | "G\<turnstile>s \<midarrow>e\<doteq>\<succ>v  \<midarrow>n\<rightarrow>    s' \<equiv> G\<turnstile>s \<midarrow>In3  e\<succ>\<midarrow>n\<rightarrow> (In3 v ,  s')"
   12.33  
   12.34 ---{* propagation of abrupt completion *}
   12.35 +\<comment>\<open>propagation of abrupt completion\<close>
   12.36  
   12.37  | Abrupt:   "G\<turnstile>(Some xc,s) \<midarrow>t\<succ>\<midarrow>n\<rightarrow> (undefined3 t,(Some xc,s))"
   12.38  
   12.39  
   12.40 ---{* evaluation of variables *}
   12.41 +\<comment>\<open>evaluation of variables\<close>
   12.42  
   12.43  | LVar: "G\<turnstile>Norm s \<midarrow>LVar vn=\<succ>lvar vn s\<midarrow>n\<rightarrow> Norm s"
   12.44  
   12.45 @@ -67,7 +67,7 @@
   12.46  
   12.47  
   12.48  
   12.49 ---{* evaluation of expressions *}
   12.50 +\<comment>\<open>evaluation of expressions\<close>
   12.51  
   12.52  | NewC: "\<lbrakk>G\<turnstile>Norm s0 \<midarrow>Init C\<midarrow>n\<rightarrow> s1;
   12.53            G\<turnstile>     s1 \<midarrow>halloc (CInst C)\<succ>a\<rightarrow> s2\<rbrakk> \<Longrightarrow>
   12.54 @@ -129,7 +129,7 @@
   12.55           G\<turnstile>Norm s0 \<midarrow>Body D c
   12.56            -\<succ>the (locals (store s2) Result)\<midarrow>n\<rightarrow>abupd (absorb Ret) s3"
   12.57  
   12.58 ---{* evaluation of expression lists *}
   12.59 +\<comment>\<open>evaluation of expression lists\<close>
   12.60  
   12.61  | Nil:
   12.62                                  "G\<turnstile>Norm s0 \<midarrow>[]\<doteq>\<succ>[]\<midarrow>n\<rightarrow> Norm s0"
   12.63 @@ -139,7 +139,7 @@
   12.64                               G\<turnstile>Norm s0 \<midarrow>e#es\<doteq>\<succ>v#vs\<midarrow>n\<rightarrow> s2"
   12.65  
   12.66  
   12.67 ---{* execution of statements *}
   12.68 +\<comment>\<open>execution of statements\<close>
   12.69  
   12.70  | Skip:                             "G\<turnstile>Norm s \<midarrow>Skip\<midarrow>n\<rightarrow> Norm s"
   12.71  
   12.72 @@ -197,7 +197,7 @@
   12.73          option.split [split del] option.split_asm [split del]
   12.74          not_None_eq [simp del] 
   12.75          split_paired_All [simp del] split_paired_Ex [simp del]
   12.76 -setup {* map_theory_simpset (fn ctxt => ctxt delloop "split_all_tac") *}
   12.77 +setup \<open>map_theory_simpset (fn ctxt => ctxt delloop "split_all_tac")\<close>
   12.78  
   12.79  inductive_cases evaln_cases: "G\<turnstile>s \<midarrow>t\<succ>\<midarrow>n\<rightarrow> (v, s')"
   12.80  
   12.81 @@ -238,7 +238,7 @@
   12.82          option.split [split] option.split_asm [split]
   12.83          not_None_eq [simp] 
   12.84          split_paired_All [simp] split_paired_Ex [simp]
   12.85 -declaration {* K (Simplifier.map_ss (fn ss => ss addloop ("split_all_tac", split_all_tac))) *}
   12.86 +declaration \<open>K (Simplifier.map_ss (fn ss => ss addloop ("split_all_tac", split_all_tac)))\<close>
   12.87  
   12.88  lemma evaln_Inj_elim: "G\<turnstile>s \<midarrow>t\<succ>\<midarrow>n\<rightarrow> (w,s') \<Longrightarrow> case t of In1 ec \<Rightarrow>  
   12.89    (case ec of Inl e \<Rightarrow> (\<exists>v. w = In1 v) | Inr c \<Rightarrow> w = \<diamondsuit>)  
   12.90 @@ -249,12 +249,12 @@
   12.91  apply auto
   12.92  done
   12.93  
   12.94 -text {* The following simplification procedures set up the proper injections of
   12.95 +text \<open>The following simplification procedures set up the proper injections of
   12.96   terms and their corresponding values in the evaluation relation:
   12.97   E.g. an expression 
   12.98   (injection @{term In1l} into terms) always evaluates to ordinary values 
   12.99   (injection @{term In1} into generalised values @{term vals}). 
  12.100 -*}
  12.101 +\<close>
  12.102  
  12.103  lemma evaln_expr_eq: "G\<turnstile>s \<midarrow>In1l t\<succ>\<midarrow>n\<rightarrow> (w, s') = (\<exists>v. w=In1 v \<and> G\<turnstile>s \<midarrow>t-\<succ>v \<midarrow>n\<rightarrow> s')"
  12.104    by (auto, frule evaln_Inj_elim, auto)
  12.105 @@ -268,31 +268,31 @@
  12.106  lemma evaln_stmt_eq: "G\<turnstile>s \<midarrow>In1r t\<succ>\<midarrow>n\<rightarrow> (w, s') = (w=\<diamondsuit> \<and> G\<turnstile>s \<midarrow>t \<midarrow>n\<rightarrow> s')"
  12.107    by (auto, frule evaln_Inj_elim, auto, frule evaln_Inj_elim, auto)
  12.108  
  12.109 -simproc_setup evaln_expr ("G\<turnstile>s \<midarrow>In1l t\<succ>\<midarrow>n\<rightarrow> (w, s')") = {*
  12.110 +simproc_setup evaln_expr ("G\<turnstile>s \<midarrow>In1l t\<succ>\<midarrow>n\<rightarrow> (w, s')") = \<open>
  12.111    fn _ => fn _ => fn ct =>
  12.112      (case Thm.term_of ct of
  12.113        (_ $ _ $ _ $ _ $ _ $ (Const _ $ _) $ _) => NONE
  12.114 -    | _ => SOME (mk_meta_eq @{thm evaln_expr_eq})) *}
  12.115 +    | _ => SOME (mk_meta_eq @{thm evaln_expr_eq}))\<close>
  12.116  
  12.117 -simproc_setup evaln_var ("G\<turnstile>s \<midarrow>In2 t\<succ>\<midarrow>n\<rightarrow> (w, s')") = {*
  12.118 +simproc_setup evaln_var ("G\<turnstile>s \<midarrow>In2 t\<succ>\<midarrow>n\<rightarrow> (w, s')") = \<open>
  12.119    fn _ => fn _ => fn ct =>
  12.120      (case Thm.term_of ct of
  12.121        (_ $ _ $ _ $ _ $ _ $ (Const _ $ _) $ _) => NONE
  12.122 -    | _ => SOME (mk_meta_eq @{thm evaln_var_eq})) *}
  12.123 +    | _ => SOME (mk_meta_eq @{thm evaln_var_eq}))\<close>
  12.124  
  12.125 -simproc_setup evaln_exprs ("G\<turnstile>s \<midarrow>In3 t\<succ>\<midarrow>n\<rightarrow> (w, s')") = {*
  12.126 +simproc_setup evaln_exprs ("G\<turnstile>s \<midarrow>In3 t\<succ>\<midarrow>n\<rightarrow> (w, s')") = \<open>
  12.127    fn _ => fn _ => fn ct =>
  12.128      (case Thm.term_of ct of
  12.129        (_ $ _ $ _ $ _ $ _ $ (Const _ $ _) $ _) => NONE
  12.130 -    | _ => SOME (mk_meta_eq @{thm evaln_exprs_eq})) *}
  12.131 +    | _ => SOME (mk_meta_eq @{thm evaln_exprs_eq}))\<close>
  12.132  
  12.133 -simproc_setup evaln_stmt ("G\<turnstile>s \<midarrow>In1r t\<succ>\<midarrow>n\<rightarrow> (w, s')") = {*
  12.134 +simproc_setup evaln_stmt ("G\<turnstile>s \<midarrow>In1r t\<succ>\<midarrow>n\<rightarrow> (w, s')") = \<open>
  12.135    fn _ => fn _ => fn ct =>
  12.136      (case Thm.term_of ct of
  12.137        (_ $ _ $ _ $ _ $ _ $ (Const _ $ _) $ _) => NONE
  12.138 -    | _ => SOME (mk_meta_eq @{thm evaln_stmt_eq})) *}
  12.139 +    | _ => SOME (mk_meta_eq @{thm evaln_stmt_eq}))\<close>
  12.140  
  12.141 -ML {* ML_Thms.bind_thms ("evaln_AbruptIs", sum3_instantiate @{context} @{thm evaln.Abrupt}) *}
  12.142 +ML \<open>ML_Thms.bind_thms ("evaln_AbruptIs", sum3_instantiate @{context} @{thm evaln.Abrupt})\<close>
  12.143  declare evaln_AbruptIs [intro!]
  12.144  
  12.145  lemma evaln_Callee: "G\<turnstile>Norm s\<midarrow>In1l (Callee l e)\<succ>\<midarrow>n\<rightarrow> (v,s') = False"
  12.146 @@ -355,13 +355,13 @@
  12.147  apply (frule evaln_abrupt_lemma, auto)+
  12.148  done
  12.149  
  12.150 -simproc_setup evaln_abrupt ("G\<turnstile>(Some xc,s) \<midarrow>e\<succ>\<midarrow>n\<rightarrow> (w,s')") = {*
  12.151 +simproc_setup evaln_abrupt ("G\<turnstile>(Some xc,s) \<midarrow>e\<succ>\<midarrow>n\<rightarrow> (w,s')") = \<open>
  12.152    fn _ => fn _ => fn ct =>
  12.153      (case Thm.term_of ct of
  12.154        (_ $ _ $ _ $ _ $ _ $ _ $ (Const (@{const_name Pair}, _) $ (Const (@{const_name Some},_) $ _)$ _))
  12.155          => NONE
  12.156      | _ => SOME (mk_meta_eq @{thm evaln_abrupt}))
  12.157 -*}
  12.158 +\<close>
  12.159  
  12.160  lemma evaln_LitI: "G\<turnstile>s \<midarrow>Lit v-\<succ>(if normal s then v else undefined)\<midarrow>n\<rightarrow> s"
  12.161  apply (case_tac "s", case_tac "a = None")
  12.162 @@ -401,7 +401,7 @@
  12.163  
  12.164  
  12.165  
  12.166 -subsubsection {* evaln implies eval *}
  12.167 +subsubsection \<open>evaln implies eval\<close>
  12.168  
  12.169  lemma evaln_eval:  
  12.170    assumes evaln: "G\<turnstile>s0 \<midarrow>t\<succ>\<midarrow>n\<rightarrow> (v,s1)" 
  12.171 @@ -409,7 +409,7 @@
  12.172  using evaln 
  12.173  proof (induct)
  12.174    case (Loop s0 e b n s1 c s2 l s3)
  12.175 -  note `G\<turnstile>Norm s0 \<midarrow>e-\<succ>b\<rightarrow> s1`
  12.176 +  note \<open>G\<turnstile>Norm s0 \<midarrow>e-\<succ>b\<rightarrow> s1\<close>
  12.177    moreover
  12.178    have "if the_Bool b
  12.179          then (G\<turnstile>s1 \<midarrow>c\<rightarrow> s2) \<and> 
  12.180 @@ -419,16 +419,16 @@
  12.181    ultimately show ?case by (rule eval.Loop)
  12.182  next
  12.183    case (Try s0 c1 n s1 s2 C vn c2 s3)
  12.184 -  note `G\<turnstile>Norm s0 \<midarrow>c1\<rightarrow> s1`
  12.185 +  note \<open>G\<turnstile>Norm s0 \<midarrow>c1\<rightarrow> s1\<close>
  12.186    moreover
  12.187 -  note `G\<turnstile>s1 \<midarrow>sxalloc\<rightarrow> s2`
  12.188 +  note \<open>G\<turnstile>s1 \<midarrow>sxalloc\<rightarrow> s2\<close>
  12.189    moreover
  12.190    have "if G,s2\<turnstile>catch C then G\<turnstile>new_xcpt_var vn s2 \<midarrow>c2\<rightarrow> s3 else s3 = s2"
  12.191      using Try.hyps by simp
  12.192    ultimately show ?case by (rule eval.Try)
  12.193  next
  12.194    case (Init C c s0 s3 n s1 s2)
  12.195 -  note `the (class G C) = c`
  12.196 +  note \<open>the (class G C) = c\<close>
  12.197    moreover
  12.198    have "if inited C (globs s0) 
  12.199             then s3 = Norm s0
  12.200 @@ -448,10 +448,10 @@
  12.201  lemma evaln_nonstrict [rule_format (no_asm), elim]: 
  12.202    "G\<turnstile>s \<midarrow>t\<succ>\<midarrow>n\<rightarrow> (w, s') \<Longrightarrow> \<forall>m. n\<le>m \<longrightarrow> G\<turnstile>s \<midarrow>t\<succ>\<midarrow>m\<rightarrow> (w, s')"
  12.203  apply (erule evaln.induct)
  12.204 -apply (tactic {* ALLGOALS (EVERY' [strip_tac @{context},
  12.205 +apply (tactic \<open>ALLGOALS (EVERY' [strip_tac @{context},
  12.206    TRY o eresolve_tac @{context} @{thms Suc_le_D_lemma},
  12.207    REPEAT o smp_tac @{context} 1, 
  12.208 -  resolve_tac @{context} @{thms evaln.intros} THEN_ALL_NEW TRY o assume_tac @{context}]) *})
  12.209 +  resolve_tac @{context} @{thms evaln.intros} THEN_ALL_NEW TRY o assume_tac @{context}])\<close>)
  12.210  (* 3 subgoals *)
  12.211  apply (auto split del: split_if)
  12.212  done
  12.213 @@ -511,7 +511,7 @@
  12.214  
  12.215  declare [[simproc del: wt_expr wt_var wt_exprs wt_stmt]]
  12.216  
  12.217 -subsubsection {* eval implies evaln *}
  12.218 +subsubsection \<open>eval implies evaln\<close>
  12.219  lemma eval_evaln: 
  12.220    assumes eval: "G\<turnstile>s0 \<midarrow>t\<succ>\<rightarrow> (v,s1)"
  12.221    shows  "\<exists>n. G\<turnstile>s0 \<midarrow>t\<succ>\<midarrow>n\<rightarrow> (v,s1)"
  12.222 @@ -597,7 +597,7 @@
  12.223      "G\<turnstile>Norm s0 \<midarrow>c1\<midarrow>n1\<rightarrow> s1"
  12.224      by (iprover)
  12.225    moreover 
  12.226 -  note sxalloc = `G\<turnstile>s1 \<midarrow>sxalloc\<rightarrow> s2`
  12.227 +  note sxalloc = \<open>G\<turnstile>s1 \<midarrow>sxalloc\<rightarrow> s2\<close>
  12.228    moreover
  12.229    from Try.hyps obtain n2 where
  12.230      "if G,s2\<turnstile>catch catchC then G\<turnstile>new_xcpt_var vn s2 \<midarrow>c2\<midarrow>n2\<rightarrow> s3 else s3 = s2"
  12.231 @@ -613,9 +613,9 @@
  12.232      "G\<turnstile>Norm s1 \<midarrow>c2\<midarrow>n2\<rightarrow> s2"
  12.233      by iprover
  12.234    moreover
  12.235 -  note s3 = `s3 = (if \<exists>err. x1 = Some (Error err) 
  12.236 +  note s3 = \<open>s3 = (if \<exists>err. x1 = Some (Error err) 
  12.237                     then (x1, s1)
  12.238 -                   else abupd (abrupt_if (x1 \<noteq> None) x1) s2)`
  12.239 +                   else abupd (abrupt_if (x1 \<noteq> None) x1) s2)\<close>
  12.240    ultimately 
  12.241    have 
  12.242      "G\<turnstile>Norm s0 \<midarrow>c1 Finally c2\<midarrow>max n1 n2\<rightarrow> s3"
  12.243 @@ -623,7 +623,7 @@
  12.244    then show ?case ..
  12.245  next
  12.246    case (Init C c s0 s3 s1 s2)
  12.247 -  note cls = `the (class G C) = c`
  12.248 +  note cls = \<open>the (class G C) = c\<close>
  12.249    moreover from Init.hyps obtain n where
  12.250        "if inited C (globs s0) then s3 = Norm s0
  12.251         else (G\<turnstile>Norm (init_class_obj G C s0)
  12.252 @@ -650,7 +650,7 @@
  12.253      "G\<turnstile>s1 \<midarrow>e-\<succ>i\<midarrow>n2\<rightarrow> s2"      
  12.254      by (iprover)
  12.255    moreover
  12.256 -  note `G\<turnstile>abupd (check_neg i) s2 \<midarrow>halloc Arr T (the_Intg i)\<succ>a\<rightarrow> s3`
  12.257 +  note \<open>G\<turnstile>abupd (check_neg i) s2 \<midarrow>halloc Arr T (the_Intg i)\<succ>a\<rightarrow> s3\<close>
  12.258    ultimately
  12.259    have "G\<turnstile>Norm s0 \<midarrow>New T[e]-\<succ>Addr a\<midarrow>max n1 n2\<rightarrow> s3"
  12.260      by (blast intro: evaln.NewA dest: evaln_max2)
  12.261 @@ -661,7 +661,7 @@
  12.262      "G\<turnstile>Norm s0 \<midarrow>e-\<succ>v\<midarrow>n\<rightarrow> s1"
  12.263      by (iprover)
  12.264    moreover 
  12.265 -  note `s2 = abupd (raise_if (\<not> G,snd s1\<turnstile>v fits castT) ClassCast) s1`
  12.266 +  note \<open>s2 = abupd (raise_if (\<not> G,snd s1\<turnstile>v fits castT) ClassCast) s1\<close>
  12.267    ultimately
  12.268    have "G\<turnstile>Norm s0 \<midarrow>Cast castT e-\<succ>v\<midarrow>n\<rightarrow> s2"
  12.269      by (rule evaln.Cast)
  12.270 @@ -672,7 +672,7 @@
  12.271      "G\<turnstile>Norm s0 \<midarrow>e-\<succ>v\<midarrow>n\<rightarrow> s1"
  12.272      by (iprover)
  12.273    moreover 
  12.274 -  note `b = (v \<noteq> Null \<and> G,snd s1\<turnstile>v fits RefT T)`
  12.275 +  note \<open>b = (v \<noteq> Null \<and> G,snd s1\<turnstile>v fits RefT T)\<close>
  12.276    ultimately
  12.277    have "G\<turnstile>Norm s0 \<midarrow>e InstOf T-\<succ>Bool b\<midarrow>n\<rightarrow> s1"
  12.278      by (rule evaln.Inst)
  12.279 @@ -742,12 +742,12 @@
  12.280      "G\<turnstile>s1 \<midarrow>args\<doteq>\<succ>vs\<midarrow>n2\<rightarrow> s2"
  12.281      by iprover
  12.282    moreover
  12.283 -  note `invDeclC = invocation_declclass G mode (store s2) a' statT 
  12.284 -                       \<lparr>name=mn,parTs=pTs'\<rparr>`
  12.285 +  note \<open>invDeclC = invocation_declclass G mode (store s2) a' statT 
  12.286 +                       \<lparr>name=mn,parTs=pTs'\<rparr>\<close>
  12.287    moreover
  12.288 -  note `s3 = init_lvars G invDeclC \<lparr>name=mn,parTs=pTs'\<rparr> mode a' vs s2`
  12.289 +  note \<open>s3 = init_lvars G invDeclC \<lparr>name=mn,parTs=pTs'\<rparr> mode a' vs s2\<close>
  12.290    moreover
  12.291 -  note `s3'=check_method_access G accC' statT mode \<lparr>name=mn,parTs=pTs'\<rparr> a' s3`
  12.292 +  note \<open>s3'=check_method_access G accC' statT mode \<lparr>name=mn,parTs=pTs'\<rparr> a' s3\<close>
  12.293    moreover 
  12.294    from Call.hyps
  12.295    obtain m where 
  12.296 @@ -773,10 +773,10 @@
  12.297      evaln_c: "G\<turnstile>s1 \<midarrow>c\<midarrow>n2\<rightarrow> s2"
  12.298      by (iprover)
  12.299    moreover
  12.300 -  note `s3 = (if \<exists>l. fst s2 = Some (Jump (Break l)) \<or> 
  12.301 +  note \<open>s3 = (if \<exists>l. fst s2 = Some (Jump (Break l)) \<or> 
  12.302                       fst s2 = Some (Jump (Cont l))
  12.303                then abupd (\<lambda>x. Some (Error CrossMethodJump)) s2 
  12.304 -              else s2)`
  12.305 +              else s2)\<close>
  12.306    ultimately
  12.307    have
  12.308       "G\<turnstile>Norm s0 \<midarrow>Body D c-\<succ>the (locals (store s2) Result)\<midarrow>max n1 n2
  12.309 @@ -796,8 +796,8 @@
  12.310      "G\<turnstile>s1 \<midarrow>e-\<succ>a\<midarrow>n2\<rightarrow> s2"
  12.311      by iprover
  12.312    moreover
  12.313 -  note `s3 = check_field_access G accC statDeclC fn stat a s2'`
  12.314 -    and `(v, s2') = fvar statDeclC stat fn a s2`
  12.315 +  note \<open>s3 = check_field_access G accC statDeclC fn stat a s2'\<close>
  12.316 +    and \<open>(v, s2') = fvar statDeclC stat fn a s2\<close>
  12.317    ultimately
  12.318    have "G\<turnstile>Norm s0 \<midarrow>{accC,statDeclC,stat}e..fn=\<succ>v\<midarrow>max n1 n2\<rightarrow> s3"
  12.319      by (iprover intro: evaln.FVar dest: evaln_max2)
  12.320 @@ -809,7 +809,7 @@
  12.321      "G\<turnstile>s1 \<midarrow>e2-\<succ>i\<midarrow>n2\<rightarrow> s2"      
  12.322      by iprover
  12.323    moreover 
  12.324 -  note `(v, s2') = avar G i a s2`
  12.325 +  note \<open>(v, s2') = avar G i a s2\<close>
  12.326    ultimately 
  12.327    have "G\<turnstile>Norm s0 \<midarrow>e1.[e2]=\<succ>v\<midarrow>max n1 n2\<rightarrow> s2'"
  12.328      by (blast intro!: evaln.AVar dest: evaln_max2)
    13.1 --- a/src/HOL/Bali/Example.thy	Sat Jan 02 18:46:36 2016 +0100
    13.2 +++ b/src/HOL/Bali/Example.thy	Sat Jan 02 18:48:45 2016 +0100
    13.3 @@ -1,13 +1,13 @@
    13.4  (*  Title:      HOL/Bali/Example.thy
    13.5      Author:     David von Oheimb
    13.6  *)
    13.7 -subsection {* Example Bali program *}
    13.8 +subsection \<open>Example Bali program\<close>
    13.9  
   13.10  theory Example
   13.11  imports Eval WellForm
   13.12  begin
   13.13  
   13.14 -text {*
   13.15 +text \<open>
   13.16  The following example Bali program includes:
   13.17  \begin{itemize}
   13.18  \item class and interface declarations with inheritance, hiding of fields,
   13.19 @@ -52,7 +52,7 @@
   13.20    }
   13.21  }
   13.22  \end{verbatim}
   13.23 -*}
   13.24 +\<close>
   13.25  declare widen.null [intro]
   13.26  
   13.27  lemma wf_fdecl_def2: "\<And>fd. wf_fdecl G P fd = is_acc_type G P (type (snd fd))"
   13.28 @@ -894,7 +894,7 @@
   13.29  
   13.30  declare member_is_static_simp [simp]
   13.31  declare wt.Skip [rule del] wt.Init [rule del]
   13.32 -ML {* ML_Thms.bind_thms ("wt_intros", map (rewrite_rule @{context} @{thms id_def}) @{thms wt.intros}) *}
   13.33 +ML \<open>ML_Thms.bind_thms ("wt_intros", map (rewrite_rule @{context} @{thms id_def}) @{thms wt.intros})\<close>
   13.34  lemmas wtIs = wt_Call wt_Super wt_FVar wt_StatRef wt_intros
   13.35  lemmas daIs = assigned.select_convs da_Skip da_NewC da_Lit da_Super da.intros
   13.36  
   13.37 @@ -1187,9 +1187,9 @@
   13.38  declare BaseCl_def [simp] ExtCl_def [simp] Ext_foo_def [simp]
   13.39          Base_foo_defs  [simp]
   13.40  
   13.41 -ML {* ML_Thms.bind_thms ("eval_intros", map 
   13.42 +ML \<open>ML_Thms.bind_thms ("eval_intros", map 
   13.43          (simplify (@{context} delsimps @{thms Skip_eq} addsimps @{thms lvar_def}) o 
   13.44 -         rewrite_rule @{context} [@{thm assign_def}, @{thm Let_def}]) @{thms eval.intros}) *}
   13.45 +         rewrite_rule @{context} [@{thm assign_def}, @{thm Let_def}]) @{thms eval.intros})\<close>
   13.46  lemmas eval_Is = eval_Init eval_StatRef AbruptIs eval_intros
   13.47  
   13.48  axiomatization
    14.1 --- a/src/HOL/Bali/Name.thy	Sat Jan 02 18:46:36 2016 +0100
    14.2 +++ b/src/HOL/Bali/Name.thy	Sat Jan 02 18:48:45 2016 +0100
    14.3 @@ -1,22 +1,22 @@
    14.4  (*  Title:      HOL/Bali/Name.thy
    14.5      Author:     David von Oheimb
    14.6  *)
    14.7 -subsection {* Java names *}
    14.8 +subsection \<open>Java names\<close>
    14.9  
   14.10  theory Name imports Basis begin
   14.11  
   14.12  (* cf. 6.5 *) 
   14.13 -typedecl tnam   --{* ordinary type name, i.e. class or interface name *}
   14.14 -typedecl pname  --{* package name *}
   14.15 -typedecl mname  --{* method name *}
   14.16 -typedecl vname  --{* variable or field name *}
   14.17 -typedecl label  --{* label as destination of break or continue *}
   14.18 +typedecl tnam   \<comment>\<open>ordinary type name, i.e. class or interface name\<close>
   14.19 +typedecl pname  \<comment>\<open>package name\<close>
   14.20 +typedecl mname  \<comment>\<open>method name\<close>
   14.21 +typedecl vname  \<comment>\<open>variable or field name\<close>
   14.22 +typedecl label  \<comment>\<open>label as destination of break or continue\<close>
   14.23  
   14.24 -datatype ename        --{* expression name *} 
   14.25 +datatype ename        \<comment>\<open>expression name\<close> 
   14.26          = VNam vname 
   14.27 -        | Res         --{* special name to model the return value of methods *}
   14.28 +        | Res         \<comment>\<open>special name to model the return value of methods\<close>
   14.29  
   14.30 -datatype lname        --{* names for local variables and the This pointer *}
   14.31 +datatype lname        \<comment>\<open>names for local variables and the This pointer\<close>
   14.32          = EName ename 
   14.33          | This
   14.34  abbreviation VName   :: "vname \<Rightarrow> lname"
   14.35 @@ -25,7 +25,7 @@
   14.36  abbreviation Result :: lname
   14.37        where "Result == EName Res"
   14.38  
   14.39 -datatype xname          --{* names of standard exceptions *}
   14.40 +datatype xname          \<comment>\<open>names of standard exceptions\<close>
   14.41          = Throwable
   14.42          | NullPointer | OutOfMemory | ClassCast   
   14.43          | NegArrSize  | IndOutBound | ArrStore
   14.44 @@ -39,12 +39,12 @@
   14.45  done
   14.46  
   14.47  
   14.48 -datatype tname  --{* type names for standard classes and other type names *}
   14.49 +datatype tname  \<comment>\<open>type names for standard classes and other type names\<close>
   14.50          = Object'
   14.51          | SXcpt'   xname
   14.52          | TName   tnam
   14.53  
   14.54 -record   qtname = --{* qualified tname cf. 6.5.3, 6.5.4*}
   14.55 +record   qtname = \<comment>\<open>qualified tname cf. 6.5.3, 6.5.4\<close>
   14.56            pid :: pname  
   14.57            tid :: tname
   14.58  
   14.59 @@ -82,7 +82,7 @@
   14.60    (type) "'a qtname_scheme" <= (type) "\<lparr>pid::pname,tid::tname,\<dots>::'a\<rparr>"
   14.61  
   14.62  
   14.63 -axiomatization java_lang::pname --{* package java.lang *}
   14.64 +axiomatization java_lang::pname \<comment>\<open>package java.lang\<close>
   14.65  
   14.66  definition
   14.67    Object :: qtname
    15.1 --- a/src/HOL/Bali/State.thy	Sat Jan 02 18:46:36 2016 +0100
    15.2 +++ b/src/HOL/Bali/State.thy	Sat Jan 02 18:48:45 2016 +0100
    15.3 @@ -1,35 +1,35 @@
    15.4  (*  Title:      HOL/Bali/State.thy
    15.5      Author:     David von Oheimb
    15.6  *)
    15.7 -subsection {* State for evaluation of Java expressions and statements *}
    15.8 +subsection \<open>State for evaluation of Java expressions and statements\<close>
    15.9  
   15.10  theory State
   15.11  imports DeclConcepts
   15.12  begin
   15.13  
   15.14 -text {*
   15.15 +text \<open>
   15.16  design issues:
   15.17  \begin{itemize}
   15.18  \item all kinds of objects (class instances, arrays, and class objects)
   15.19    are handeled via a general object abstraction
   15.20  \item the heap and the map for class objects are combined into a single table
   15.21 -  @{text "(recall (loc, obj) table \<times> (qtname, obj) table  ~=  (loc + qtname, obj) table)"}
   15.22 +  \<open>(recall (loc, obj) table \<times> (qtname, obj) table  ~=  (loc + qtname, obj) table)\<close>
   15.23  \end{itemize}
   15.24 -*}
   15.25 +\<close>
   15.26  
   15.27  subsubsection "objects"
   15.28  
   15.29 -datatype  obj_tag =     --{* tag for generic object   *}
   15.30 -          CInst qtname  --{* class instance           *}
   15.31 -        | Arr  ty int   --{* array with component type and length *}
   15.32 -    --{* | CStat qtname   the tag is irrelevant for a class object,
   15.33 +datatype  obj_tag =     \<comment>\<open>tag for generic object\<close>
   15.34 +          CInst qtname  \<comment>\<open>class instance\<close>
   15.35 +        | Arr  ty int   \<comment>\<open>array with component type and length\<close>
   15.36 +    \<comment>\<open>| CStat qtname   the tag is irrelevant for a class object,
   15.37                             i.e. the static fields of a class,
   15.38                             since its type is given already by the reference to 
   15.39 -                           it (see below) *}
   15.40 +                           it (see below)\<close>
   15.41  
   15.42 -type_synonym vn = "fspec + int"                 --{* variable name      *}
   15.43 +type_synonym vn = "fspec + int"                 \<comment>\<open>variable name\<close>
   15.44  record  obj  = 
   15.45 -          tag :: "obj_tag"                      --{* generalized object *}
   15.46 +          tag :: "obj_tag"                      \<comment>\<open>generalized object\<close>
   15.47            "values" :: "(vn, val) table"      
   15.48  
   15.49  translations 
   15.50 @@ -130,7 +130,7 @@
   15.51  
   15.52  subsubsection "object references"
   15.53  
   15.54 -type_synonym oref = "loc + qtname"         --{* generalized object reference *}
   15.55 +type_synonym oref = "loc + qtname"         \<comment>\<open>generalized object reference\<close>
   15.56  syntax
   15.57    Heap  :: "loc   \<Rightarrow> oref"
   15.58    Stat  :: "qtname \<Rightarrow> oref"
   15.59 @@ -213,7 +213,7 @@
   15.60  
   15.61  subsubsection "stores"
   15.62  
   15.63 -type_synonym globs               --{* global variables: heap and static variables *}
   15.64 +type_synonym globs               \<comment>\<open>global variables: heap and static variables\<close>
   15.65          = "(oref , obj) table"
   15.66  type_synonym heap
   15.67          = "(loc  , obj) table"
   15.68 @@ -580,7 +580,7 @@
   15.69  subsubsection "full program state"
   15.70  
   15.71  type_synonym
   15.72 -  state = "abopt \<times> st"          --{* state including abruption information *}
   15.73 +  state = "abopt \<times> st"          \<comment>\<open>state including abruption information\<close>
   15.74  
   15.75  translations
   15.76    (type) "abopt" <= (type) "abrupt option"
   15.77 @@ -727,7 +727,7 @@
   15.78  apply (simp (no_asm))
   15.79  done
   15.80  
   15.81 -subsubsection {* @{text error_free} *}
   15.82 +subsubsection \<open>\<open>error_free\<close>\<close>
   15.83  
   15.84  definition
   15.85    error_free :: "state \<Rightarrow> bool"
    16.1 --- a/src/HOL/Bali/Table.thy	Sat Jan 02 18:46:36 2016 +0100
    16.2 +++ b/src/HOL/Bali/Table.thy	Sat Jan 02 18:48:45 2016 +0100
    16.3 @@ -1,11 +1,11 @@
    16.4  (*  Title:      HOL/Bali/Table.thy
    16.5      Author:     David von Oheimb
    16.6  *)
    16.7 -subsection {* Abstract tables and their implementation as lists *}
    16.8 +subsection \<open>Abstract tables and their implementation as lists\<close>
    16.9  
   16.10  theory Table imports Basis begin
   16.11  
   16.12 -text {*
   16.13 +text \<open>
   16.14  design issues:
   16.15  \begin{itemize}
   16.16  \item definition of table: infinite map vs. list vs. finite set
   16.17 @@ -27,18 +27,18 @@
   16.18    \item[-]  sometimes awkward case distinctions, alleviated by operator 'the'
   16.19    \end{itemize}
   16.20  \end{itemize}
   16.21 -*}
   16.22 +\<close>
   16.23  
   16.24 -type_synonym ('a, 'b) table    --{* table with key type 'a and contents type 'b *}
   16.25 +type_synonym ('a, 'b) table    \<comment>\<open>table with key type 'a and contents type 'b\<close>
   16.26        = "'a \<rightharpoonup> 'b"
   16.27 -type_synonym ('a, 'b) tables   --{* non-unique table with key 'a and contents 'b *}
   16.28 +type_synonym ('a, 'b) tables   \<comment>\<open>non-unique table with key 'a and contents 'b\<close>
   16.29        = "'a \<Rightarrow> 'b set"
   16.30  
   16.31  
   16.32  subsubsection "map of / table of"
   16.33  
   16.34  abbreviation
   16.35 -  table_of :: "('a \<times> 'b) list \<Rightarrow> ('a, 'b) table"   --{* concrete table *}
   16.36 +  table_of :: "('a \<times> 'b) list \<Rightarrow> ('a, 'b) table"   \<comment>\<open>concrete table\<close>
   16.37    where "table_of \<equiv> map_of"
   16.38  
   16.39  translations
   16.40 @@ -49,12 +49,12 @@
   16.41    by (simp add: map_add_def)
   16.42  
   16.43  
   16.44 -subsubsection {* Conditional Override *}
   16.45 +subsubsection \<open>Conditional Override\<close>
   16.46  
   16.47  definition cond_override :: "('b \<Rightarrow>'b \<Rightarrow> bool) \<Rightarrow> ('a, 'b)table \<Rightarrow> ('a, 'b)table \<Rightarrow> ('a, 'b) table" where
   16.48  
   16.49 ---{* when merging tables old and new, only override an entry of table old when  
   16.50 -   the condition cond holds *}
   16.51 +\<comment>\<open>when merging tables old and new, only override an entry of table old when  
   16.52 +   the condition cond holds\<close>
   16.53  "cond_override cond old new =
   16.54   (\<lambda>k.
   16.55    (case new k of
   16.56 @@ -95,7 +95,7 @@
   16.57  by (rule finite_UnI)
   16.58  
   16.59  
   16.60 -subsubsection {* Filter on Tables *}
   16.61 +subsubsection \<open>Filter on Tables\<close>
   16.62  
   16.63  definition filter_tab :: "('a \<Rightarrow> 'b \<Rightarrow> bool) \<Rightarrow> ('a, 'b) table \<Rightarrow> ('a, 'b) table"
   16.64    where
   16.65 @@ -179,7 +179,7 @@
   16.66  by (auto simp add: fun_eq_iff cond_override_def filter_tab_def )
   16.67  
   16.68  
   16.69 -subsubsection {* Misc *}
   16.70 +subsubsection \<open>Misc\<close>
   16.71  
   16.72  lemma Ball_set_table: "(\<forall> (x,y)\<in> set l. P x y) \<Longrightarrow> \<forall> x. \<forall> y\<in> map_of l x: P x y"
   16.73  apply (erule rev_mp)
   16.74 @@ -276,13 +276,13 @@
   16.75    where "(t hidings s entails R) = (\<forall>k. \<forall>x\<in>t k. \<forall>y\<in>s k. R x y)"
   16.76  
   16.77  definition
   16.78 -  --{* variant for unique table: *}
   16.79 +  \<comment>\<open>variant for unique table:\<close>
   16.80    hiding_entails :: "('a, 'b) table  \<Rightarrow> ('a, 'c) table  \<Rightarrow> ('b \<Rightarrow> 'c \<Rightarrow> bool) \<Rightarrow> bool"
   16.81      ("_ hiding _ entails _"  20)
   16.82    where "(t hiding  s entails R) = (\<forall>k. \<forall>x\<in>t k: \<forall>y\<in>s k: R x y)"
   16.83  
   16.84  definition
   16.85 -  --{* variant for a unique table and conditional overriding: *}
   16.86 +  \<comment>\<open>variant for a unique table and conditional overriding:\<close>
   16.87    cond_hiding_entails :: "('a, 'b) table  \<Rightarrow> ('a, 'c) table  
   16.88                            \<Rightarrow> ('b \<Rightarrow> 'c \<Rightarrow> bool) \<Rightarrow> ('b \<Rightarrow> 'c \<Rightarrow> bool) \<Rightarrow> bool"  
   16.89                            ("_ hiding _ under _ entails _"  20)
    17.1 --- a/src/HOL/Bali/Term.thy	Sat Jan 02 18:46:36 2016 +0100
    17.2 +++ b/src/HOL/Bali/Term.thy	Sat Jan 02 18:48:45 2016 +0100
    17.3 @@ -2,11 +2,11 @@
    17.4      Author:     David von Oheimb
    17.5  *)
    17.6  
    17.7 -subsection {* Java expressions and statements *}
    17.8 +subsection \<open>Java expressions and statements\<close>
    17.9  
   17.10  theory Term imports Value Table begin
   17.11  
   17.12 -text {*
   17.13 +text \<open>
   17.14  design issues:
   17.15  \begin{itemize}
   17.16  \item invocation frames for local variables could be reduced to special static
   17.17 @@ -42,185 +42,185 @@
   17.18  \item no synchronized statements
   17.19  \item no secondary forms of if, while (e.g. no for) (may be easily simulated)
   17.20  \item no switch (may be simulated with if)
   17.21 -\item the @{text try_catch_finally} statement is divided into the 
   17.22 -      @{text try_catch} statement 
   17.23 +\item the \<open>try_catch_finally\<close> statement is divided into the 
   17.24 +      \<open>try_catch\<close> statement 
   17.25        and a finally statement, which may be considered as try..finally with 
   17.26        empty catch
   17.27 -\item the @{text try_catch} statement has exactly one catch clause; 
   17.28 +\item the \<open>try_catch\<close> statement has exactly one catch clause; 
   17.29        multiple ones can be
   17.30    simulated with instanceof
   17.31 -\item the compiler is supposed to add the annotations {@{text _}} during 
   17.32 +\item the compiler is supposed to add the annotations {\<open>_\<close>} during 
   17.33        type-checking. This
   17.34    transformation is left out as its result is checked by the type rules anyway
   17.35  \end{itemize}
   17.36 -*}
   17.37 +\<close>
   17.38  
   17.39  
   17.40  
   17.41 -type_synonym locals = "(lname, val) table"  --{* local variables *}
   17.42 +type_synonym locals = "(lname, val) table"  \<comment>\<open>local variables\<close>
   17.43  
   17.44  
   17.45  datatype jump
   17.46 -        = Break label --{* break *}
   17.47 -        | Cont label  --{* continue *}
   17.48 -        | Ret         --{* return from method *}
   17.49 +        = Break label \<comment>\<open>break\<close>
   17.50 +        | Cont label  \<comment>\<open>continue\<close>
   17.51 +        | Ret         \<comment>\<open>return from method\<close>
   17.52  
   17.53 -datatype xcpt        --{* exception *}
   17.54 -        = Loc loc    --{* location of allocated execption object *}
   17.55 -        | Std xname  --{* intermediate standard exception, see Eval.thy *}
   17.56 +datatype xcpt        \<comment>\<open>exception\<close>
   17.57 +        = Loc loc    \<comment>\<open>location of allocated execption object\<close>
   17.58 +        | Std xname  \<comment>\<open>intermediate standard exception, see Eval.thy\<close>
   17.59  
   17.60  datatype error
   17.61 -       =  AccessViolation  --{* Access to a member that isn't permitted *}
   17.62 -        | CrossMethodJump  --{* Method exits with a break or continue *}
   17.63 +       =  AccessViolation  \<comment>\<open>Access to a member that isn't permitted\<close>
   17.64 +        | CrossMethodJump  \<comment>\<open>Method exits with a break or continue\<close>
   17.65  
   17.66 -datatype abrupt       --{* abrupt completion *} 
   17.67 -        = Xcpt xcpt   --{* exception *}
   17.68 -        | Jump jump   --{* break, continue, return *}
   17.69 -        | Error error -- {* runtime errors, we wan't to detect and proof absent
   17.70 -                            in welltyped programms *}
   17.71 +datatype abrupt       \<comment>\<open>abrupt completion\<close> 
   17.72 +        = Xcpt xcpt   \<comment>\<open>exception\<close>
   17.73 +        | Jump jump   \<comment>\<open>break, continue, return\<close>
   17.74 +        | Error error \<comment> \<open>runtime errors, we wan't to detect and proof absent
   17.75 +                            in welltyped programms\<close>
   17.76  type_synonym
   17.77    abopt  = "abrupt option"
   17.78  
   17.79 -text {* Local variable store and exception. 
   17.80 +text \<open>Local variable store and exception. 
   17.81  Anticipation of State.thy used by smallstep semantics. For a method call, 
   17.82  we save the local variables of the caller in the term Callee to restore them 
   17.83  after method return. Also an exception must be restored after the finally
   17.84 -statement *}
   17.85 +statement\<close>
   17.86  
   17.87  translations
   17.88   (type) "locals" <= (type) "(lname, val) table"
   17.89  
   17.90 -datatype inv_mode                  --{* invocation mode for method calls *}
   17.91 -        = Static                   --{* static *}
   17.92 -        | SuperM                   --{* super  *}
   17.93 -        | IntVir                   --{* interface or virtual *}
   17.94 +datatype inv_mode                  \<comment>\<open>invocation mode for method calls\<close>
   17.95 +        = Static                   \<comment>\<open>static\<close>
   17.96 +        | SuperM                   \<comment>\<open>super\<close>
   17.97 +        | IntVir                   \<comment>\<open>interface or virtual\<close>
   17.98  
   17.99 -record  sig =              --{* signature of a method, cf. 8.4.2  *}
  17.100 -          name ::"mname"   --{* acutally belongs to Decl.thy *}
  17.101 +record  sig =              \<comment>\<open>signature of a method, cf. 8.4.2\<close>
  17.102 +          name ::"mname"   \<comment>\<open>acutally belongs to Decl.thy\<close>
  17.103            parTs::"ty list"        
  17.104  
  17.105  translations
  17.106    (type) "sig" <= (type) "\<lparr>name::mname,parTs::ty list\<rparr>"
  17.107    (type) "sig" <= (type) "\<lparr>name::mname,parTs::ty list,\<dots>::'a\<rparr>"
  17.108  
  17.109 ---{* function codes for unary operations *}
  17.110 -datatype unop =  UPlus    -- {*{\tt +} unary plus*} 
  17.111 -               | UMinus   -- {*{\tt -} unary minus*}
  17.112 -               | UBitNot  -- {*{\tt ~} bitwise NOT*}
  17.113 -               | UNot     -- {*{\tt !} logical complement*}
  17.114 +\<comment>\<open>function codes for unary operations\<close>
  17.115 +datatype unop =  UPlus    \<comment> \<open>{\tt +} unary plus\<close> 
  17.116 +               | UMinus   \<comment> \<open>{\tt -} unary minus\<close>
  17.117 +               | UBitNot  \<comment> \<open>{\tt ~} bitwise NOT\<close>
  17.118 +               | UNot     \<comment> \<open>{\tt !} logical complement\<close>
  17.119  
  17.120 ---{* function codes for binary operations *}
  17.121 -datatype binop = Mul     -- {*{\tt * }   multiplication*}
  17.122 -               | Div     -- {*{\tt /}   division*}
  17.123 -               | Mod     -- {*{\tt \%}   remainder*}
  17.124 -               | Plus    -- {*{\tt +}   addition*}
  17.125 -               | Minus   -- {*{\tt -}   subtraction*}
  17.126 -               | LShift  -- {*{\tt <<}  left shift*}
  17.127 -               | RShift  -- {*{\tt >>}  signed right shift*}
  17.128 -               | RShiftU -- {*{\tt >>>} unsigned right shift*}
  17.129 -               | Less    -- {*{\tt <}   less than*}
  17.130 -               | Le      -- {*{\tt <=}  less than or equal*}
  17.131 -               | Greater -- {*{\tt >}   greater than*}
  17.132 -               | Ge      -- {*{\tt >=}  greater than or equal*}
  17.133 -               | Eq      -- {*{\tt ==}  equal*}
  17.134 -               | Neq     -- {*{\tt !=}  not equal*}
  17.135 -               | BitAnd  -- {*{\tt \&}   bitwise AND*}
  17.136 -               | And     -- {*{\tt \&}   boolean AND*}
  17.137 -               | BitXor  -- {*{\texttt \^}   bitwise Xor*}
  17.138 -               | Xor     -- {*{\texttt \^}   boolean Xor*}
  17.139 -               | BitOr   -- {*{\tt |}   bitwise Or*}
  17.140 -               | Or      -- {*{\tt |}   boolean Or*}
  17.141 -               | CondAnd -- {*{\tt \&\&}  conditional And*}
  17.142 -               | CondOr  -- {*{\tt ||}  conditional Or *}
  17.143 -text{* The boolean operators {\tt \&} and {\tt |} strictly evaluate both
  17.144 +\<comment>\<open>function codes for binary operations\<close>
  17.145 +datatype binop = Mul     \<comment> \<open>{\tt * }   multiplication\<close>
  17.146 +               | Div     \<comment> \<open>{\tt /}   division\<close>
  17.147 +               | Mod     \<comment> \<open>{\tt \%}   remainder\<close>
  17.148 +               | Plus    \<comment> \<open>{\tt +}   addition\<close>
  17.149 +               | Minus   \<comment> \<open>{\tt -}   subtraction\<close>
  17.150 +               | LShift  \<comment> \<open>{\tt <<}  left shift\<close>
  17.151 +               | RShift  \<comment> \<open>{\tt >>}  signed right shift\<close>
  17.152 +               | RShiftU \<comment> \<open>{\tt >>>} unsigned right shift\<close>
  17.153 +               | Less    \<comment> \<open>{\tt <}   less than\<close>
  17.154 +               | Le      \<comment> \<open>{\tt <=}  less than or equal\<close>
  17.155 +               | Greater \<comment> \<open>{\tt >}   greater than\<close>
  17.156 +               | Ge      \<comment> \<open>{\tt >=}  greater than or equal\<close>
  17.157 +               | Eq      \<comment> \<open>{\tt ==}  equal\<close>
  17.158 +               | Neq     \<comment> \<open>{\tt !=}  not equal\<close>
  17.159 +               | BitAnd  \<comment> \<open>{\tt \&}   bitwise AND\<close>
  17.160 +               | And     \<comment> \<open>{\tt \&}   boolean AND\<close>
  17.161 +               | BitXor  \<comment> \<open>{\texttt \^}   bitwise Xor\<close>
  17.162 +               | Xor     \<comment> \<open>{\texttt \^}   boolean Xor\<close>
  17.163 +               | BitOr   \<comment> \<open>{\tt |}   bitwise Or\<close>
  17.164 +               | Or      \<comment> \<open>{\tt |}   boolean Or\<close>
  17.165 +               | CondAnd \<comment> \<open>{\tt \&\&}  conditional And\<close>
  17.166 +               | CondOr  \<comment> \<open>{\tt ||}  conditional Or\<close>
  17.167 +text\<open>The boolean operators {\tt \&} and {\tt |} strictly evaluate both
  17.168  of their arguments. The conditional operators {\tt \&\&} and {\tt ||} only 
  17.169  evaluate the second argument if the value of the whole expression isn't 
  17.170  allready determined by the first argument.
  17.171  e.g.: {\tt false \&\& e} e is not evaluated;  
  17.172        {\tt true || e} e is not evaluated; 
  17.173 -*}
  17.174 +\<close>
  17.175  
  17.176  datatype var
  17.177 -        = LVar lname --{* local variable (incl. parameters) *}
  17.178 +        = LVar lname \<comment>\<open>local variable (incl. parameters)\<close>
  17.179          | FVar qtname qtname bool expr vname ("{_,_,_}_.._"[10,10,10,85,99]90)
  17.180 -                     --{* class field *}
  17.181 -                     --{* @{term "{accC,statDeclC,stat}e..fn"}   *}
  17.182 -                     --{* @{text accC}: accessing class (static class were *}
  17.183 -                     --{* the code is declared. Annotation only needed for *}
  17.184 -                     --{* evaluation to check accessibility) *}
  17.185 -                     --{* @{text statDeclC}: static declaration class of field*}
  17.186 -                     --{* @{text stat}: static or instance field?*}
  17.187 -                     --{* @{text e}: reference to object*}
  17.188 -                     --{* @{text fn}: field name*}
  17.189 +                     \<comment>\<open>class field\<close>
  17.190 +                     \<comment>\<open>@{term "{accC,statDeclC,stat}e..fn"}\<close>
  17.191 +                     \<comment>\<open>\<open>accC\<close>: accessing class (static class were\<close>
  17.192 +                     \<comment>\<open>the code is declared. Annotation only needed for\<close>
  17.193 +                     \<comment>\<open>evaluation to check accessibility)\<close>
  17.194 +                     \<comment>\<open>\<open>statDeclC\<close>: static declaration class of field\<close>
  17.195 +                     \<comment>\<open>\<open>stat\<close>: static or instance field?\<close>
  17.196 +                     \<comment>\<open>\<open>e\<close>: reference to object\<close>
  17.197 +                     \<comment>\<open>\<open>fn\<close>: field name\<close>
  17.198          | AVar expr expr ("_.[_]"[90,10   ]90)
  17.199 -                     --{* array component *}
  17.200 -                     --{* @{term "e1.[e2]"}: e1 array reference; e2 index *}
  17.201 +                     \<comment>\<open>array component\<close>
  17.202 +                     \<comment>\<open>@{term "e1.[e2]"}: e1 array reference; e2 index\<close>
  17.203          | InsInitV stmt var 
  17.204 -                     --{* insertion of initialization before evaluation   *}
  17.205 -                     --{* of var (technical term for smallstep semantics.)*}
  17.206 +                     \<comment>\<open>insertion of initialization before evaluation\<close>
  17.207 +                     \<comment>\<open>of var (technical term for smallstep semantics.)\<close>
  17.208  
  17.209  and expr
  17.210 -        = NewC qtname         --{* class instance creation *}
  17.211 +        = NewC qtname         \<comment>\<open>class instance creation\<close>
  17.212          | NewA ty expr ("New _[_]"[99,10   ]85) 
  17.213 -                              --{* array creation *} 
  17.214 -        | Cast ty expr        --{* type cast  *}
  17.215 +                              \<comment>\<open>array creation\<close> 
  17.216 +        | Cast ty expr        \<comment>\<open>type cast\<close>
  17.217          | Inst expr ref_ty ("_ InstOf _"[85,99] 85)   
  17.218 -                              --{* instanceof *}     
  17.219 -        | Lit  val              --{* literal value, references not allowed *}
  17.220 -        | UnOp unop expr        --{* unary operation *}
  17.221 -        | BinOp binop expr expr --{* binary operation *}
  17.222 +                              \<comment>\<open>instanceof\<close>     
  17.223 +        | Lit  val              \<comment>\<open>literal value, references not allowed\<close>
  17.224 +        | UnOp unop expr        \<comment>\<open>unary operation\<close>
  17.225 +        | BinOp binop expr expr \<comment>\<open>binary operation\<close>
  17.226          
  17.227 -        | Super               --{* special Super keyword *}
  17.228 -        | Acc  var            --{* variable access *}
  17.229 +        | Super               \<comment>\<open>special Super keyword\<close>
  17.230 +        | Acc  var            \<comment>\<open>variable access\<close>
  17.231          | Ass  var expr       ("_:=_"   [90,85   ]85)
  17.232 -                              --{* variable assign *} 
  17.233 -        | Cond expr expr expr ("_ ? _ : _" [85,85,80]80) --{* conditional *}  
  17.234 +                              \<comment>\<open>variable assign\<close> 
  17.235 +        | Cond expr expr expr ("_ ? _ : _" [85,85,80]80) \<comment>\<open>conditional\<close>  
  17.236          | Call qtname ref_ty inv_mode expr mname "(ty list)" "(expr list)"  
  17.237              ("{_,_,_}_\<cdot>_'( {_}_')"[10,10,10,85,99,10,10]85) 
  17.238 -                    --{* method call *} 
  17.239 -                    --{* @{term "{accC,statT,mode}e\<cdot>mn({pTs}args)"} " *}
  17.240 -                    --{* @{text accC}: accessing class (static class were *}
  17.241 -                    --{* the call code is declared. Annotation only needed for*}
  17.242 -                    --{* evaluation to check accessibility) *}
  17.243 -                    --{* @{text statT}: static declaration class/interface of *}
  17.244 -                    --{* method *}
  17.245 -                    --{* @{text mode}: invocation mode *}
  17.246 -                    --{* @{text e}: reference to object*}
  17.247 -                    --{* @{text mn}: field name*}   
  17.248 -                    --{* @{text pTs}: types of parameters *}
  17.249 -                    --{* @{text args}: the actual parameters/arguments *} 
  17.250 -        | Methd qtname sig    --{*   (folded) method (see below) *}
  17.251 -        | Body qtname stmt    --{* (unfolded) method body *}
  17.252 +                    \<comment>\<open>method call\<close> 
  17.253 +                    \<comment>\<open>@{term "{accC,statT,mode}e\<cdot>mn({pTs}args)"} "\<close>
  17.254 +                    \<comment>\<open>\<open>accC\<close>: accessing class (static class were\<close>
  17.255 +                    \<comment>\<open>the call code is declared. Annotation only needed for\<close>
  17.256 +                    \<comment>\<open>evaluation to check accessibility)\<close>
  17.257 +                    \<comment>\<open>\<open>statT\<close>: static declaration class/interface of\<close>
  17.258 +                    \<comment>\<open>method\<close>
  17.259 +                    \<comment>\<open>\<open>mode\<close>: invocation mode\<close>
  17.260 +                    \<comment>\<open>\<open>e\<close>: reference to object\<close>
  17.261 +                    \<comment>\<open>\<open>mn\<close>: field name\<close>   
  17.262 +                    \<comment>\<open>\<open>pTs\<close>: types of parameters\<close>
  17.263 +                    \<comment>\<open>\<open>args\<close>: the actual parameters/arguments\<close> 
  17.264 +        | Methd qtname sig    \<comment>\<open>(folded) method (see below)\<close>
  17.265 +        | Body qtname stmt    \<comment>\<open>(unfolded) method body\<close>
  17.266          | InsInitE stmt expr  
  17.267 -                 --{* insertion of initialization before *}
  17.268 -                 --{* evaluation of expr (technical term for smallstep sem.) *}
  17.269 -        | Callee locals expr  --{* save callers locals in callee-Frame *}
  17.270 -                              --{* (technical term for smallstep semantics) *}
  17.271 +                 \<comment>\<open>insertion of initialization before\<close>
  17.272 +                 \<comment>\<open>evaluation of expr (technical term for smallstep sem.)\<close>
  17.273 +        | Callee locals expr  \<comment>\<open>save callers locals in callee-Frame\<close>
  17.274 +                              \<comment>\<open>(technical term for smallstep semantics)\<close>
  17.275  and  stmt
  17.276 -        = Skip                  --{* empty      statement *}
  17.277 -        | Expr  expr            --{* expression statement *}
  17.278 +        = Skip                  \<comment>\<open>empty      statement\<close>
  17.279 +        | Expr  expr            \<comment>\<open>expression statement\<close>
  17.280          | Lab   jump stmt       ("_\<bullet> _" [      99,66]66)
  17.281 -                                --{* labeled statement; handles break *}
  17.282 +                                \<comment>\<open>labeled statement; handles break\<close>
  17.283          | Comp  stmt stmt       ("_;; _"                  [      66,65]65)
  17.284          | If'   expr stmt stmt  ("If'(_') _ Else _"       [   80,79,79]70)
  17.285          | Loop  label expr stmt ("_\<bullet> While'(_') _"        [   99,80,79]70)
  17.286 -        | Jmp jump              --{* break, continue, return *}
  17.287 +        | Jmp jump              \<comment>\<open>break, continue, return\<close>
  17.288          | Throw expr
  17.289          | TryC  stmt qtname vname stmt ("Try _ Catch'(_ _') _"  [79,99,80,79]70)
  17.290 -             --{* @{term "Try c1 Catch(C vn) c2"} *} 
  17.291 -             --{* @{text c1}: block were exception may be thrown *}
  17.292 -             --{* @{text C}:  execption class to catch *}
  17.293 -             --{* @{text vn}: local name for exception used in @{text c2}*}
  17.294 -             --{* @{text c2}: block to execute when exception is cateched*}
  17.295 +             \<comment>\<open>@{term "Try c1 Catch(C vn) c2"}\<close> 
  17.296 +             \<comment>\<open>\<open>c1\<close>: block were exception may be thrown\<close>
  17.297 +             \<comment>\<open>\<open>C\<close>:  execption class to catch\<close>
  17.298 +             \<comment>\<open>\<open>vn\<close>: local name for exception used in \<open>c2\<close>\<close>
  17.299 +             \<comment>\<open>\<open>c2\<close>: block to execute when exception is cateched\<close>
  17.300          | Fin  stmt  stmt        ("_ Finally _"               [      79,79]70)
  17.301 -        | FinA abopt stmt       --{* Save abruption of first statement *} 
  17.302 -                                --{* technical term  for smallstep sem.) *}
  17.303 -        | Init  qtname          --{* class initialization *}
  17.304 +        | FinA abopt stmt       \<comment>\<open>Save abruption of first statement\<close> 
  17.305 +                                \<comment>\<open>technical term  for smallstep sem.)\<close>
  17.306 +        | Init  qtname          \<comment>\<open>class initialization\<close>
  17.307  
  17.308  datatype_compat var expr stmt
  17.309  
  17.310  
  17.311 -text {*
  17.312 +text \<open>
  17.313  The expressions Methd and Body are artificial program constructs, in the
  17.314  sense that they are not used to define a concrete Bali program. In the 
  17.315  operational semantic's they are "generated on the fly" 
  17.316 @@ -235,7 +235,7 @@
  17.317  frame stack.
  17.318  The InsInitV/E terms are only used by the smallstep semantics to model the
  17.319  intermediate steps of class-initialisation.
  17.320 -*}
  17.321 +\<close>
  17.322   
  17.323  type_synonym "term" = "(expr+stmt,var,expr list) sum3"
  17.324  translations
  17.325 @@ -254,7 +254,7 @@
  17.326  
  17.327  abbreviation
  17.328    Return :: "expr \<Rightarrow> stmt"
  17.329 -  where "Return e == Expr (Ass (LVar (EName Res)) e);; Jmp Ret" --{* \tt Res := e;; Jmp Ret *}
  17.330 +  where "Return e == Expr (Ass (LVar (EName Res)) e);; Jmp Ret" \<comment>\<open>\tt Res := e;; Jmp Ret\<close>
  17.331  
  17.332  abbreviation
  17.333    StatRef :: "ref_ty \<Rightarrow> expr"
  17.334 @@ -264,14 +264,14 @@
  17.335    is_stmt :: "term \<Rightarrow> bool"
  17.336    where "is_stmt t = (\<exists>c. t=In1r c)"
  17.337  
  17.338 -ML {* ML_Thms.bind_thms ("is_stmt_rews", sum3_instantiate @{context} @{thm is_stmt_def}) *}
  17.339 +ML \<open>ML_Thms.bind_thms ("is_stmt_rews", sum3_instantiate @{context} @{thm is_stmt_def})\<close>
  17.340  
  17.341  declare is_stmt_rews [simp]
  17.342  
  17.343 -text {*
  17.344 +text \<open>
  17.345    Here is some syntactic stuff to handle the injections of statements,
  17.346    expressions, variables and expression lists into general terms.
  17.347 -*}
  17.348 +\<close>
  17.349  
  17.350  abbreviation (input)
  17.351    expr_inj_term :: "expr \<Rightarrow> term" ("\<langle>_\<rangle>\<^sub>e" 1000)
  17.352 @@ -289,22 +289,22 @@
  17.353    lst_inj_term :: "expr list \<Rightarrow> term" ("\<langle>_\<rangle>\<^sub>l" 1000)
  17.354    where "\<langle>es\<rangle>\<^sub>l == In3 es"
  17.355  
  17.356 -text {* It seems to be more elegant to have an overloaded injection like the
  17.357 +text \<open>It seems to be more elegant to have an overloaded injection like the
  17.358  following.
  17.359 -*}
  17.360 +\<close>
  17.361  
  17.362  class inj_term =
  17.363    fixes inj_term:: "'a \<Rightarrow> term" ("\<langle>_\<rangle>" 1000)
  17.364  
  17.365 -text {* How this overloaded injections work can be seen in the theory 
  17.366 -@{text DefiniteAssignment}. Other big inductive relations on
  17.367 -terms defined in theories @{text WellType}, @{text Eval}, @{text Evaln} and
  17.368 -@{text AxSem} don't follow this convention right now, but introduce subtle 
  17.369 +text \<open>How this overloaded injections work can be seen in the theory 
  17.370 +\<open>DefiniteAssignment\<close>. Other big inductive relations on
  17.371 +terms defined in theories \<open>WellType\<close>, \<open>Eval\<close>, \<open>Evaln\<close> and
  17.372 +\<open>AxSem\<close> don't follow this convention right now, but introduce subtle 
  17.373  syntactic sugar in the relations themselves to make a distinction on 
  17.374  expressions, statements and so on. So unfortunately you will encounter a 
  17.375  mixture of dealing with these injections. The abbreviations above are used
  17.376  as bridge between the different conventions.  
  17.377 -*}
  17.378 +\<close>
  17.379  
  17.380  instantiation stmt :: inj_term
  17.381  begin
  17.382 @@ -427,15 +427,15 @@
  17.383    apply auto
  17.384    done
  17.385  
  17.386 -subsubsection {* Evaluation of unary operations *}
  17.387 +subsubsection \<open>Evaluation of unary operations\<close>
  17.388  primrec eval_unop :: "unop \<Rightarrow> val \<Rightarrow> val"
  17.389  where
  17.390    "eval_unop UPlus v = Intg (the_Intg v)"
  17.391  | "eval_unop UMinus v = Intg (- (the_Intg v))"
  17.392 -| "eval_unop UBitNot v = Intg 42"                -- "FIXME: Not yet implemented"
  17.393 +| "eval_unop UBitNot v = Intg 42"                \<comment> "FIXME: Not yet implemented"
  17.394  | "eval_unop UNot v = Bool (\<not> the_Bool v)"
  17.395  
  17.396 -subsubsection {* Evaluation of binary operations *}
  17.397 +subsubsection \<open>Evaluation of binary operations\<close>
  17.398  primrec eval_binop :: "binop \<Rightarrow> val \<Rightarrow> val \<Rightarrow> val"
  17.399  where
  17.400    "eval_binop Mul     v1 v2 = Intg ((the_Intg v1) * (the_Intg v2))" 
  17.401 @@ -444,10 +444,10 @@
  17.402  | "eval_binop Plus    v1 v2 = Intg ((the_Intg v1) + (the_Intg v2))"
  17.403  | "eval_binop Minus   v1 v2 = Intg ((the_Intg v1) - (the_Intg v2))"
  17.404  
  17.405 --- "Be aware of the explicit coercion of the shift distance to nat"
  17.406 +\<comment> "Be aware of the explicit coercion of the shift distance to nat"
  17.407  | "eval_binop LShift  v1 v2 = Intg ((the_Intg v1) *   (2^(nat (the_Intg v2))))"
  17.408  | "eval_binop RShift  v1 v2 = Intg ((the_Intg v1) div (2^(nat (the_Intg v2))))"
  17.409 -| "eval_binop RShiftU v1 v2 = Intg 42" --"FIXME: Not yet implemented"
  17.410 +| "eval_binop RShiftU v1 v2 = Intg 42" \<comment>"FIXME: Not yet implemented"
  17.411  
  17.412  | "eval_binop Less    v1 v2 = Bool ((the_Intg v1) < (the_Intg v2))" 
  17.413  | "eval_binop Le      v1 v2 = Bool ((the_Intg v1) \<le> (the_Intg v2))"
  17.414 @@ -456,11 +456,11 @@
  17.415  
  17.416  | "eval_binop Eq      v1 v2 = Bool (v1=v2)"
  17.417  | "eval_binop Neq     v1 v2 = Bool (v1\<noteq>v2)"
  17.418 -| "eval_binop BitAnd  v1 v2 = Intg 42" -- "FIXME: Not yet implemented"
  17.419 +| "eval_binop BitAnd  v1 v2 = Intg 42" \<comment> "FIXME: Not yet implemented"
  17.420  | "eval_binop And     v1 v2 = Bool ((the_Bool v1) \<and> (the_Bool v2))"
  17.421 -| "eval_binop BitXor  v1 v2 = Intg 42" -- "FIXME: Not yet implemented"
  17.422 +| "eval_binop BitXor  v1 v2 = Intg 42" \<comment> "FIXME: Not yet implemented"
  17.423  | "eval_binop Xor     v1 v2 = Bool ((the_Bool v1) \<noteq> (the_Bool v2))"
  17.424 -| "eval_binop BitOr   v1 v2 = Intg 42" -- "FIXME: Not yet implemented"
  17.425 +| "eval_binop BitOr   v1 v2 = Intg 42" \<comment> "FIXME: Not yet implemented"
  17.426  | "eval_binop Or      v1 v2 = Bool ((the_Bool v1) \<or> (the_Bool v2))"
  17.427  | "eval_binop CondAnd v1 v2 = Bool ((the_Bool v1) \<and> (the_Bool v2))"
  17.428  | "eval_binop CondOr  v1 v2 = Bool ((the_Bool v1) \<or> (the_Bool v2))"
  17.429 @@ -469,8 +469,8 @@
  17.430    need_second_arg :: "binop \<Rightarrow> val \<Rightarrow> bool" where
  17.431    "need_second_arg binop v1 = (\<not> ((binop=CondAnd \<and>  \<not> the_Bool v1) \<or>
  17.432                                   (binop=CondOr  \<and> the_Bool v1)))"
  17.433 -text {* @{term CondAnd} and @{term CondOr} only evalulate the second argument
  17.434 - if the value isn't already determined by the first argument*}
  17.435 +text \<open>@{term CondAnd} and @{term CondOr} only evalulate the second argument
  17.436 + if the value isn't already determined by the first argument\<close>
  17.437  
  17.438  lemma need_second_arg_CondAnd [simp]: "need_second_arg CondAnd (Bool b) = b" 
  17.439  by (simp add: need_second_arg_def)
    18.1 --- a/src/HOL/Bali/Trans.thy	Sat Jan 02 18:46:36 2016 +0100
    18.2 +++ b/src/HOL/Bali/Trans.thy	Sat Jan 02 18:48:45 2016 +0100
    18.3 @@ -236,14 +236,14 @@
    18.4  | InsInitFVar:
    18.5        "G\<turnstile>(\<langle>InsInitV Skip ({accC,statDeclC,stat}Lit a..fn)\<rangle>,Norm s) 
    18.6          \<mapsto>1 (\<langle>{accC,statDeclC,stat}Lit a..fn\<rangle>,Norm s)"
    18.7 ---  {* Notice, that we do not have literal values for @{text vars}. 
    18.8 -The rules for accessing variables (@{text Acc}) and assigning to variables 
    18.9 -(@{text Ass}), test this with the predicate @{text groundVar}.  After 
   18.10 -initialisation is done and the @{text FVar} is evaluated, we can't just 
   18.11 -throw away the @{text InsInitFVar} term and return a literal value, as in the 
   18.12 -cases of @{text New}  or @{text NewC}. Instead we just return the evaluated 
   18.13 -@{text FVar} and test for initialisation in the rule @{text FVar}. 
   18.14 -*}
   18.15 +\<comment>  \<open>Notice, that we do not have literal values for \<open>vars\<close>. 
   18.16 +The rules for accessing variables (\<open>Acc\<close>) and assigning to variables 
   18.17 +(\<open>Ass\<close>), test this with the predicate \<open>groundVar\<close>.  After 
   18.18 +initialisation is done and the \<open>FVar\<close> is evaluated, we can't just 
   18.19 +throw away the \<open>InsInitFVar\<close> term and return a literal value, as in the 
   18.20 +cases of \<open>New\<close>  or \<open>NewC\<close>. Instead we just return the evaluated 
   18.21 +\<open>FVar\<close> and test for initialisation in the rule \<open>FVar\<close>. 
   18.22 +\<close>
   18.23  
   18.24  
   18.25  | AVarE1: "\<lbrakk>G\<turnstile>(\<langle>e1\<rangle>,Norm s) \<mapsto>1 (\<langle>e1'\<rangle>,s')\<rbrakk> 
   18.26 @@ -258,7 +258,7 @@
   18.27  
   18.28  (* evaluation of expression lists *)
   18.29  
   18.30 -  -- {* @{text Nil}  is fully evaluated *}
   18.31 +  \<comment> \<open>\<open>Nil\<close>  is fully evaluated\<close>
   18.32  
   18.33  | ConsHd: "\<lbrakk>G\<turnstile>(\<langle>e::expr\<rangle>,Norm s) \<mapsto>1 (\<langle>e'::expr\<rangle>,s')\<rbrakk> 
   18.34             \<Longrightarrow>
   18.35 @@ -339,8 +339,8 @@
   18.36            \<mapsto>1 (\<langle>(if C = Object then Skip else (Init (super c)));;
   18.37                  Expr (Callee (locals s) (InsInitE (init c) SKIP))\<rangle>
   18.38                 ,Norm (init_class_obj G C s))"
   18.39 --- {* @{text InsInitE} is just used as trick to embed the statement 
   18.40 -@{text "init c"} into an expression*} 
   18.41 +\<comment> \<open>\<open>InsInitE\<close> is just used as trick to embed the statement 
   18.42 +\<open>init c\<close> into an expression\<close> 
   18.43  | InsInitESKIP:
   18.44      "G\<turnstile>(\<langle>InsInitE Skip SKIP\<rangle>,Norm s) \<mapsto>1 (\<langle>SKIP\<rangle>,Norm s)"
   18.45  
    19.1 --- a/src/HOL/Bali/Type.thy	Sat Jan 02 18:46:36 2016 +0100
    19.2 +++ b/src/HOL/Bali/Type.thy	Sat Jan 02 18:48:45 2016 +0100
    19.3 @@ -2,33 +2,33 @@
    19.4      Author:     David von Oheimb
    19.5  *)
    19.6  
    19.7 -subsection {* Java types *}
    19.8 +subsection \<open>Java types\<close>
    19.9  
   19.10  theory Type imports Name begin
   19.11  
   19.12 -text {*
   19.13 +text \<open>
   19.14  simplifications:
   19.15  \begin{itemize}
   19.16  \item only the most important primitive types
   19.17  \item the null type is regarded as reference type
   19.18  \end{itemize}
   19.19 -*}
   19.20 +\<close>
   19.21  
   19.22 -datatype prim_ty        --{* primitive type, cf. 4.2 *}
   19.23 -        = Void          --{* result type of void methods *}
   19.24 +datatype prim_ty        \<comment>\<open>primitive type, cf. 4.2\<close>
   19.25 +        = Void          \<comment>\<open>result type of void methods\<close>
   19.26          | Boolean
   19.27          | Integer
   19.28  
   19.29  
   19.30 -datatype ref_ty         --{* reference type, cf. 4.3 *}
   19.31 -        = NullT         --{* null type, cf. 4.1 *}
   19.32 -        | IfaceT qtname --{* interface type *}
   19.33 -        | ClassT qtname --{* class type *}
   19.34 -        | ArrayT ty     --{* array type *}
   19.35 +datatype ref_ty         \<comment>\<open>reference type, cf. 4.3\<close>
   19.36 +        = NullT         \<comment>\<open>null type, cf. 4.1\<close>
   19.37 +        | IfaceT qtname \<comment>\<open>interface type\<close>
   19.38 +        | ClassT qtname \<comment>\<open>class type\<close>
   19.39 +        | ArrayT ty     \<comment>\<open>array type\<close>
   19.40  
   19.41 -and ty                  --{* any type, cf. 4.1 *}
   19.42 -        = PrimT prim_ty --{* primitive type *}
   19.43 -        | RefT  ref_ty  --{* reference type *}
   19.44 +and ty                  \<comment>\<open>any type, cf. 4.1\<close>
   19.45 +        = PrimT prim_ty \<comment>\<open>primitive type\<close>
   19.46 +        | RefT  ref_ty  \<comment>\<open>reference type\<close>
   19.47  
   19.48  abbreviation "NT == RefT NullT"
   19.49  abbreviation "Iface I == RefT (IfaceT I)"
    20.1 --- a/src/HOL/Bali/TypeRel.thy	Sat Jan 02 18:46:36 2016 +0100
    20.2 +++ b/src/HOL/Bali/TypeRel.thy	Sat Jan 02 18:48:45 2016 +0100
    20.3 @@ -1,11 +1,11 @@
    20.4  (*  Title:      HOL/Bali/TypeRel.thy
    20.5      Author:     David von Oheimb
    20.6  *)
    20.7 -subsection {* The relations between Java types *}
    20.8 +subsection \<open>The relations between Java types\<close>
    20.9  
   20.10  theory TypeRel imports Decl begin
   20.11  
   20.12 -text {*
   20.13 +text \<open>
   20.14  simplifications:
   20.15  \begin{itemize}
   20.16  \item subinterface, subclass and widening relation includes identity
   20.17 @@ -19,11 +19,11 @@
   20.18  \end{itemize}
   20.19  design issues:
   20.20  \begin{itemize}
   20.21 -\item the type relations do not require @{text is_type} for their arguments
   20.22 -\item the subint1 and subcls1 relations imply @{text is_iface}/@{text is_class}
   20.23 +\item the type relations do not require \<open>is_type\<close> for their arguments
   20.24 +\item the subint1 and subcls1 relations imply \<open>is_iface\<close>/\<open>is_class\<close>
   20.25        for their first arguments, which is required for their finiteness
   20.26  \end{itemize}
   20.27 -*}
   20.28 +\<close>
   20.29  
   20.30  (*subint1, in Decl.thy*)                     (* direct subinterface       *)
   20.31  (*subint , by translation*)                  (* subinterface (+ identity) *)
   20.32 @@ -32,8 +32,8 @@
   20.33  (*subclseq, by translation*)                 (* subclass + identity       *)
   20.34  
   20.35  definition
   20.36 -  implmt1 :: "prog \<Rightarrow> (qtname \<times> qtname) set" --{* direct implementation *}
   20.37 -  --{* direct implementation, cf. 8.1.3 *}
   20.38 +  implmt1 :: "prog \<Rightarrow> (qtname \<times> qtname) set" \<comment>\<open>direct implementation\<close>
   20.39 +  \<comment>\<open>direct implementation, cf. 8.1.3\<close>
   20.40    where "implmt1 G = {(C,I). C\<noteq>Object \<and> (\<exists>c\<in>class G C: I\<in>set (superIfs c))}"
   20.41  
   20.42  
   20.43 @@ -43,7 +43,7 @@
   20.44  
   20.45  abbreviation
   20.46    subint_syntax :: "prog => [qtname, qtname] => bool" ("_\<turnstile>_\<preceq>I _"  [71,71,71] 70)
   20.47 -  where "G\<turnstile>I \<preceq>I J == (I,J) \<in>(subint1 G)^*" --{* cf. 9.1.3 *}
   20.48 +  where "G\<turnstile>I \<preceq>I J == (I,J) \<in>(subint1 G)^*" \<comment>\<open>cf. 9.1.3\<close>
   20.49  
   20.50  abbreviation
   20.51    implmt1_syntax :: "prog => [qtname, qtname] => bool" ("_\<turnstile>_\<leadsto>1_"  [71,71,71] 70)
   20.52 @@ -334,7 +334,7 @@
   20.53  apply auto
   20.54  done
   20.55  
   20.56 -inductive --{* implementation, cf. 8.1.4 *}
   20.57 +inductive \<comment>\<open>implementation, cf. 8.1.4\<close>
   20.58    implmt :: "prog \<Rightarrow> qtname \<Rightarrow> qtname \<Rightarrow> bool" ("_\<turnstile>_\<leadsto>_" [71,71,71] 70)
   20.59    for G :: prog
   20.60  where
   20.61 @@ -369,13 +369,13 @@
   20.62  subsubsection "widening relation"
   20.63  
   20.64  inductive
   20.65 - --{*widening, viz. method invocation conversion, cf. 5.3
   20.66 -                            i.e. kind of syntactic subtyping *}
   20.67 + \<comment>\<open>widening, viz. method invocation conversion, cf. 5.3
   20.68 +                            i.e. kind of syntactic subtyping\<close>
   20.69    widen :: "prog \<Rightarrow> ty \<Rightarrow> ty \<Rightarrow> bool" ("_\<turnstile>_\<preceq>_" [71,71,71] 70)
   20.70    for G :: prog
   20.71  where
   20.72 -  refl:    "G\<turnstile>T\<preceq>T" --{*identity conversion, cf. 5.1.1 *}
   20.73 -| subint:  "G\<turnstile>I\<preceq>I J  \<Longrightarrow> G\<turnstile>Iface I\<preceq> Iface J" --{*wid.ref.conv.,cf. 5.1.4 *}
   20.74 +  refl:    "G\<turnstile>T\<preceq>T" \<comment>\<open>identity conversion, cf. 5.1.1\<close>
   20.75 +| subint:  "G\<turnstile>I\<preceq>I J  \<Longrightarrow> G\<turnstile>Iface I\<preceq> Iface J" \<comment>\<open>wid.ref.conv.,cf. 5.1.4\<close>
   20.76  | int_obj: "G\<turnstile>Iface I\<preceq> Class Object"
   20.77  | subcls:  "G\<turnstile>C\<preceq>\<^sub>C D  \<Longrightarrow> G\<turnstile>Class C\<preceq> Class D"
   20.78  | implmt:  "G\<turnstile>C\<leadsto>I   \<Longrightarrow> G\<turnstile>Class C\<preceq> Iface I"
   20.79 @@ -400,11 +400,11 @@
   20.80  apply (ind_cases "G\<turnstile>S\<preceq>PrimT x")
   20.81  by auto
   20.82  
   20.83 -text {* 
   20.84 +text \<open>
   20.85     These widening lemmata hold in Bali but are to strong for ordinary
   20.86     Java. They  would not work for real Java Integral Types, like short, 
   20.87     long, int. These lemmata are just for documentation and are not used.
   20.88 - *}
   20.89 +\<close>
   20.90  
   20.91  lemma widen_PrimT_strong: "G\<turnstile>PrimT x\<preceq>T \<Longrightarrow> T = PrimT x"
   20.92  by (ind_cases "G\<turnstile>PrimT x\<preceq>T") simp_all
   20.93 @@ -412,7 +412,7 @@
   20.94  lemma widen_PrimT2_strong: "G\<turnstile>S\<preceq>PrimT x \<Longrightarrow> S = PrimT x"
   20.95  by (ind_cases "G\<turnstile>S\<preceq>PrimT x") simp_all
   20.96  
   20.97 -text {* Specialized versions for booleans also would work for real Java *}
   20.98 +text \<open>Specialized versions for booleans also would work for real Java\<close>
   20.99  
  20.100  lemma widen_Boolean: "G\<turnstile>PrimT Boolean\<preceq>T \<Longrightarrow> T = PrimT Boolean"
  20.101  by (ind_cases "G\<turnstile>PrimT Boolean\<preceq>T") simp_all
  20.102 @@ -594,7 +594,7 @@
  20.103  *)
  20.104  
  20.105  (* more detailed than necessary for type-safety, see above rules. *)
  20.106 -inductive --{* narrowing reference conversion, cf. 5.1.5 *}
  20.107 +inductive \<comment>\<open>narrowing reference conversion, cf. 5.1.5\<close>
  20.108    narrow :: "prog \<Rightarrow> ty \<Rightarrow> ty \<Rightarrow> bool" ("_\<turnstile>_\<succ>_" [71,71,71] 70)
  20.109    for G :: prog
  20.110  where
  20.111 @@ -624,18 +624,18 @@
  20.112                                    \<exists>t. S=PrimT t \<and> G\<turnstile>PrimT t\<preceq>PrimT pt"
  20.113  by (ind_cases "G\<turnstile>S\<succ>PrimT pt")
  20.114  
  20.115 -text {* 
  20.116 +text \<open>
  20.117     These narrowing lemmata hold in Bali but are to strong for ordinary
  20.118     Java. They  would not work for real Java Integral Types, like short, 
  20.119     long, int. These lemmata are just for documentation and are not used.
  20.120 - *}
  20.121 +\<close>
  20.122  lemma narrow_PrimT_strong: "G\<turnstile>PrimT pt\<succ>T \<Longrightarrow> T=PrimT pt"
  20.123  by (ind_cases "G\<turnstile>PrimT pt\<succ>T")
  20.124  
  20.125  lemma narrow_PrimT2_strong: "G\<turnstile>S\<succ>PrimT pt \<Longrightarrow> S=PrimT pt"
  20.126  by (ind_cases "G\<turnstile>S\<succ>PrimT pt")
  20.127  
  20.128 -text {* Specialized versions for booleans also would work for real Java *}
  20.129 +text \<open>Specialized versions for booleans also would work for real Java\<close>
  20.130  
  20.131  lemma narrow_Boolean: "G\<turnstile>PrimT Boolean\<succ>T \<Longrightarrow> T=PrimT Boolean"
  20.132  by (ind_cases "G\<turnstile>PrimT Boolean\<succ>T")
  20.133 @@ -645,7 +645,7 @@
  20.134  
  20.135  subsubsection "casting relation"
  20.136  
  20.137 -inductive --{* casting conversion, cf. 5.5 *}
  20.138 +inductive \<comment>\<open>casting conversion, cf. 5.5\<close>
  20.139    cast :: "prog \<Rightarrow> ty \<Rightarrow> ty \<Rightarrow> bool" ("_\<turnstile>_\<preceq>? _" [71,71,71] 70)
  20.140    for G :: prog
  20.141  where
    21.1 --- a/src/HOL/Bali/TypeSafe.thy	Sat Jan 02 18:46:36 2016 +0100
    21.2 +++ b/src/HOL/Bali/TypeSafe.thy	Sat Jan 02 18:48:45 2016 +0100
    21.3 @@ -1,7 +1,7 @@
    21.4  (*  Title:      HOL/Bali/TypeSafe.thy
    21.5      Author:     David von Oheimb and Norbert Schirmer
    21.6  *)
    21.7 -subsection {* The type soundness proof for Java *}
    21.8 +subsection \<open>The type soundness proof for Java\<close>
    21.9  
   21.10  theory TypeSafe
   21.11  imports DefiniteAssignmentCorrect Conform
   21.12 @@ -114,7 +114,7 @@
   21.13                  else G,s\<turnstile>the_In1 v\<Colon>\<preceq>T
   21.14      | Inr Ts \<Rightarrow> list_all2 (conf G s) (the_In3 v) Ts)"
   21.15  
   21.16 -text {*
   21.17 +text \<open>
   21.18   With @{term rconf} we describe the conformance of the result value of a term.
   21.19   This definition gets rather complicated because of the relations between the
   21.20   injections of the different terms, types and values. The main case distinction
   21.21 @@ -132,7 +132,7 @@
   21.22   local variables are allowed to be @{term None}, since the definedness is not 
   21.23   ensured by conformance but by definite assignment. Field and array variables 
   21.24   must contain a value. 
   21.25 -*}
   21.26 +\<close>
   21.27   
   21.28  
   21.29  
   21.30 @@ -588,8 +588,8 @@
   21.31  qed
   21.32  
   21.33  corollary DynT_mheadsE [consumes 7]: 
   21.34 ---{* Same as @{text DynT_mheadsD} but better suited for application in 
   21.35 -typesafety proof   *}
   21.36 +\<comment>\<open>Same as \<open>DynT_mheadsD\<close> but better suited for application in 
   21.37 +typesafety proof\<close>
   21.38   assumes invC_compatible: "G\<turnstile>mode\<rightarrow>invC\<preceq>statT" 
   21.39       and wf: "wf_prog G" 
   21.40       and wt_e: "\<lparr>prg=G,cls=C,lcl=L\<rparr>\<turnstile>e\<Colon>-RefT statT"
   21.41 @@ -726,8 +726,8 @@
   21.42  declare split_paired_All [simp del] split_paired_Ex [simp del] 
   21.43  declare split_if     [split del] split_if_asm     [split del] 
   21.44          option.split [split del] option.split_asm [split del]
   21.45 -setup {* map_theory_simpset (fn ctxt => ctxt delloop "split_all_tac") *}
   21.46 -setup {* map_theory_claset (fn ctxt => ctxt delSWrapper "split_all_tac") *}
   21.47 +setup \<open>map_theory_simpset (fn ctxt => ctxt delloop "split_all_tac")\<close>
   21.48 +setup \<open>map_theory_claset (fn ctxt => ctxt delSWrapper "split_all_tac")\<close>
   21.49  
   21.50  lemma FVar_lemma: 
   21.51  "\<lbrakk>((v, f), Norm s2') = fvar statDeclC (static field) fn a (x2, s2); 
   21.52 @@ -755,8 +755,8 @@
   21.53  declare split_paired_All [simp] split_paired_Ex [simp] 
   21.54  declare split_if     [split] split_if_asm     [split] 
   21.55          option.split [split] option.split_asm [split]
   21.56 -setup {* map_theory_claset (fn ctxt => ctxt addSbefore ("split_all_tac", split_all_tac)) *}
   21.57 -setup {* map_theory_simpset (fn ctxt => ctxt addloop ("split_all_tac", split_all_tac)) *}
   21.58 +setup \<open>map_theory_claset (fn ctxt => ctxt addSbefore ("split_all_tac", split_all_tac))\<close>
   21.59 +setup \<open>map_theory_simpset (fn ctxt => ctxt addloop ("split_all_tac", split_all_tac))\<close>
   21.60  
   21.61  
   21.62  lemma AVar_lemma1: "\<lbrakk>globs s (Inl a) = Some obj;tag obj=Arr ty i; 
   21.63 @@ -871,8 +871,8 @@
   21.64  declare split_paired_All [simp del] split_paired_Ex [simp del] 
   21.65  declare split_if     [split del] split_if_asm     [split del] 
   21.66          option.split [split del] option.split_asm [split del]
   21.67 -setup {* map_theory_simpset (fn ctxt => ctxt delloop "split_all_tac") *}
   21.68 -setup {* map_theory_claset (fn ctxt => ctxt delSWrapper "split_all_tac") *}
   21.69 +setup \<open>map_theory_simpset (fn ctxt => ctxt delloop "split_all_tac")\<close>
   21.70 +setup \<open>map_theory_claset (fn ctxt => ctxt delSWrapper "split_all_tac")\<close>
   21.71  
   21.72  lemma conforms_init_lvars: 
   21.73  "\<lbrakk>wf_mhead G (pid declC) sig (mhead (mthd dm)); wf_prog G;  
   21.74 @@ -924,8 +924,8 @@
   21.75  declare split_paired_All [simp] split_paired_Ex [simp] 
   21.76  declare split_if     [split] split_if_asm     [split] 
   21.77          option.split [split] option.split_asm [split]
   21.78 -setup {* map_theory_claset (fn ctxt => ctxt addSbefore ("split_all_tac", split_all_tac)) *}
   21.79 -setup {* map_theory_simpset (fn ctxt => ctxt addloop ("split_all_tac", split_all_tac)) *}
   21.80 +setup \<open>map_theory_claset (fn ctxt => ctxt addSbefore ("split_all_tac", split_all_tac))\<close>
   21.81 +setup \<open>map_theory_simpset (fn ctxt => ctxt addloop ("split_all_tac", split_all_tac))\<close>
   21.82  
   21.83  
   21.84  subsection "accessibility"
   21.85 @@ -1169,7 +1169,7 @@
   21.86    case Nil thus ?case by simp
   21.87  next
   21.88    case (Cons p ps tab qs)
   21.89 -  from `length (p#ps) = length qs`
   21.90 +  from \<open>length (p#ps) = length qs\<close>
   21.91    obtain q qs' where qs: "qs=q#qs'" and eq_length: "length ps=length qs'"
   21.92      by (cases qs) auto
   21.93    from eq_length have "(tab(p\<mapsto>q))(ps[\<mapsto>]qs'@zs)=(tab(p\<mapsto>q))(ps[\<mapsto>]qs')"
   21.94 @@ -1185,7 +1185,7 @@
   21.95    case Nil thus ?case by simp
   21.96  next
   21.97    case (Cons p ps tab qs x y)
   21.98 -  from `length (p#ps) = length qs`
   21.99 +  from \<open>length (p#ps) = length qs\<close>
  21.100    obtain q qs' where qs: "qs=q#qs'" and eq_length: "length ps=length qs'"
  21.101      by (cases qs) auto
  21.102    from eq_length 
  21.103 @@ -1278,14 +1278,14 @@
  21.104    case Nil thus ?case by simp
  21.105  next
  21.106    case (Cons x xs tab ys z)
  21.107 -  note z = `tab vn = Some z`
  21.108 +  note z = \<open>tab vn = Some z\<close>
  21.109    show ?case
  21.110    proof (cases ys)
  21.111      case Nil
  21.112      with z show ?thesis by simp
  21.113    next
  21.114      case (Cons y ys')
  21.115 -    note ys = `ys = y#ys'`
  21.116 +    note ys = \<open>ys = y#ys'\<close>
  21.117      from z obtain z' where "(tab(x\<mapsto>y)) vn = Some z'"
  21.118        by (rule map_upd_Some_expand [of tab,elim_format]) blast
  21.119      hence "\<exists>z. ((tab(x\<mapsto>y))(xs[\<mapsto>]ys')) vn = Some z"
  21.120 @@ -1320,14 +1320,14 @@
  21.121    case Nil thus ?case by simp
  21.122  next
  21.123    case (Cons x xs tab tab' ys z)
  21.124 -  note some = `(tab(x # xs[\<mapsto>]ys)) vn = Some z`
  21.125 -  note tab_not_z = `tab vn \<noteq> Some z`
  21.126 +  note some = \<open>(tab(x # xs[\<mapsto>]ys)) vn = Some z\<close>
  21.127 +  note tab_not_z = \<open>tab vn \<noteq> Some z\<close>
  21.128    show ?case
  21.129    proof (cases ys)
  21.130      case Nil with some tab_not_z show ?thesis by simp
  21.131    next
  21.132      case (Cons y tl)
  21.133 -    note ys = `ys = y#tl`
  21.134 +    note ys = \<open>ys = y#tl\<close>
  21.135      show ?thesis
  21.136      proof (cases "(tab(x\<mapsto>y)) vn \<noteq> Some z")
  21.137        case True
  21.138 @@ -1412,15 +1412,15 @@
  21.139    case Nil thus ?case by simp
  21.140  next
  21.141    case (Cons x xs tab tab' ys)
  21.142 -  note tab_vn = `(tab(x # xs[\<mapsto>]ys)) vn = Some el`
  21.143 -  note tab'_vn = `(tab'(x # xs[\<mapsto>]ys)) vn = None`
  21.144 +  note tab_vn = \<open>(tab(x # xs[\<mapsto>]ys)) vn = Some el\<close>
  21.145 +  note tab'_vn = \<open>(tab'(x # xs[\<mapsto>]ys)) vn = None\<close>
  21.146    show ?case
  21.147    proof (cases ys)
  21.148      case Nil
  21.149      with tab_vn show ?thesis by simp
  21.150    next
  21.151      case (Cons y tl)
  21.152 -    note ys = `ys=y#tl`
  21.153 +    note ys = \<open>ys=y#tl\<close>
  21.154      with tab_vn tab'_vn 
  21.155      have "(tab(x\<mapsto>y)) vn = Some el"
  21.156        by - (rule Cons.hyps,auto)
  21.157 @@ -1497,7 +1497,7 @@
  21.158  next
  21.159    case (Cons x xs tab ys)
  21.160    note Hyp = Cons.hyps
  21.161 -  note len = `length (x#xs)=length ys`
  21.162 +  note len = \<open>length (x#xs)=length ys\<close>
  21.163    show ?case
  21.164    proof (cases ys)
  21.165      case Nil with len show ?thesis by simp
  21.166 @@ -1728,7 +1728,7 @@
  21.167                       ?ErrorFree s0 s1")
  21.168    proof (induct)
  21.169      case (Abrupt xc s t L accC T A) 
  21.170 -    from `(Some xc, s)\<Colon>\<preceq>(G,L)`
  21.171 +    from \<open>(Some xc, s)\<Colon>\<preceq>(G,L)\<close>
  21.172      show "(Some xc, s)\<Colon>\<preceq>(G,L) \<and> 
  21.173        (normal (Some xc, s) 
  21.174        \<longrightarrow> G,L,store (Some xc,s)\<turnstile>t\<succ>undefined3 t\<Colon>\<preceq>T) \<and> 
  21.175 @@ -1736,19 +1736,19 @@
  21.176        by simp
  21.177    next
  21.178      case (Skip s L accC T A)
  21.179 -    from `Norm s\<Colon>\<preceq>(G, L)` and
  21.180 -      `\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>In1r Skip\<Colon>T`
  21.181 +    from \<open>Norm s\<Colon>\<preceq>(G, L)\<close> and
  21.182 +      \<open>\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>In1r Skip\<Colon>T\<close>
  21.183      show "Norm s\<Colon>\<preceq>(G, L) \<and>
  21.184                (normal (Norm s) \<longrightarrow> G,L,store (Norm s)\<turnstile>In1r Skip\<succ>\<diamondsuit>\<Colon>\<preceq>T) \<and> 
  21.185                (error_free (Norm s) = error_free (Norm s))"
  21.186        by simp
  21.187    next
  21.188      case (Expr s0 e v s1 L accC T A)
  21.189 -    note `G\<turnstile>Norm s0 \<midarrow>e-\<succ>v\<rightarrow> s1`
  21.190 -    note hyp = `PROP ?TypeSafe (Norm s0) s1 (In1l e) (In1 v)`
  21.191 -    note conf_s0 = `Norm s0\<Colon>\<preceq>(G, L)`
  21.192 +    note \<open>G\<turnstile>Norm s0 \<midarrow>e-\<succ>v\<rightarrow> s1\<close>
  21.193 +    note hyp = \<open>PROP ?TypeSafe (Norm s0) s1 (In1l e) (In1 v)\<close>
  21.194 +    note conf_s0 = \<open>Norm s0\<Colon>\<preceq>(G, L)\<close>
  21.195      moreover
  21.196 -    note wt = `\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>In1r (Expr e)\<Colon>T`
  21.197 +    note wt = \<open>\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>In1r (Expr e)\<Colon>T\<close>
  21.198      then obtain eT 
  21.199        where "\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>In1l e\<Colon>eT"
  21.200        by (rule wt_elim_cases) blast
  21.201 @@ -1766,10 +1766,10 @@
  21.202        by (simp)
  21.203    next
  21.204      case (Lab s0 c s1 l L accC T A)
  21.205 -    note hyp = `PROP ?TypeSafe (Norm s0) s1 (In1r c) \<diamondsuit>`
  21.206 -    note conf_s0 = `Norm s0\<Colon>\<preceq>(G, L)`
  21.207 +    note hyp = \<open>PROP ?TypeSafe (Norm s0) s1 (In1r c) \<diamondsuit>\<close>
  21.208 +    note conf_s0 = \<open>Norm s0\<Colon>\<preceq>(G, L)\<close>
  21.209      moreover
  21.210 -    note wt = `\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>In1r (l\<bullet> c)\<Colon>T`
  21.211 +    note wt = \<open>\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>In1r (l\<bullet> c)\<Colon>T\<close>
  21.212      then have "\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>c\<Colon>\<surd>"
  21.213        by (rule wt_elim_cases) blast
  21.214      moreover from Lab.prems obtain C where
  21.215 @@ -1789,12 +1789,12 @@
  21.216        by (simp)
  21.217    next
  21.218      case (Comp s0 c1 s1 c2 s2 L accC T A)
  21.219 -    note eval_c1 = `G\<turnstile>Norm s0 \<midarrow>c1\<rightarrow> s1`
  21.220 -    note eval_c2 = `G\<turnstile>s1 \<midarrow>c2\<rightarrow> s2`
  21.221 -    note hyp_c1 = `PROP ?TypeSafe (Norm s0) s1 (In1r c1) \<diamondsuit>`
  21.222 -    note hyp_c2 = `PROP ?TypeSafe s1        s2 (In1r c2) \<diamondsuit>`
  21.223 -    note conf_s0 = `Norm s0\<Colon>\<preceq>(G, L)`
  21.224 -    note wt = `\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>In1r (c1;; c2)\<Colon>T`
  21.225 +    note eval_c1 = \<open>G\<turnstile>Norm s0 \<midarrow>c1\<rightarrow> s1\<close>
  21.226 +    note eval_c2 = \<open>G\<turnstile>s1 \<midarrow>c2\<rightarrow> s2\<close>
  21.227 +    note hyp_c1 = \<open>PROP ?TypeSafe (Norm s0) s1 (In1r c1) \<diamondsuit>\<close>
  21.228 +    note hyp_c2 = \<open>PROP ?TypeSafe s1        s2 (In1r c2) \<diamondsuit>\<close>
  21.229 +    note conf_s0 = \<open>Norm s0\<Colon>\<preceq>(G, L)\<close>
  21.230 +    note wt = \<open>\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>In1r (c1;; c2)\<Colon>T\<close>
  21.231      then obtain wt_c1: "\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>c1\<Colon>\<surd>" and
  21.232                  wt_c2: "\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>c2\<Colon>\<surd>"
  21.233        by (rule wt_elim_cases) blast
  21.234 @@ -1835,13 +1835,13 @@
  21.235      qed
  21.236    next
  21.237      case (If s0 e b s1 c1 c2 s2 L accC T A)
  21.238 -    note eval_e = `G\<turnstile>Norm s0 \<midarrow>e-\<succ>b\<rightarrow> s1`
  21.239 -    note eval_then_else = `G\<turnstile>s1 \<midarrow>(if the_Bool b then c1 else c2)\<rightarrow> s2`
  21.240 -    note hyp_e = `PROP ?TypeSafe (Norm s0) s1 (In1l e) (In1 b)`
  21.241 +    note eval_e = \<open>G\<turnstile>Norm s0 \<midarrow>e-\<succ>b\<rightarrow> s1\<close>
  21.242 +    note eval_then_else = \<open>G\<turnstile>s1 \<midarrow>(if the_Bool b then c1 else c2)\<rightarrow> s2\<close>
  21.243 +    note hyp_e = \<open>PROP ?TypeSafe (Norm s0) s1 (In1l e) (In1 b)\<close>
  21.244      note hyp_then_else =
  21.245 -      `PROP ?TypeSafe s1 s2 (In1r (if the_Bool b then c1 else c2)) \<diamondsuit>`
  21.246 -    note conf_s0 = `Norm s0\<Colon>\<preceq>(G, L)`
  21.247 -    note wt = `\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>In1r (If(e) c1 Else c2)\<Colon>T`
  21.248 +      \<open>PROP ?TypeSafe s1 s2 (In1r (if the_Bool b then c1 else c2)) \<diamondsuit>\<close>
  21.249 +    note conf_s0 = \<open>Norm s0\<Colon>\<preceq>(G, L)\<close>
  21.250 +    note wt = \<open>\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>In1r (If(e) c1 Else c2)\<Colon>T\<close>
  21.251      then obtain 
  21.252                wt_e: "\<lparr>prg=G, cls=accC, lcl=L\<rparr>\<turnstile>e\<Colon>-PrimT Boolean" and
  21.253        wt_then_else: "\<lparr>prg=G, cls=accC, lcl=L\<rparr>\<turnstile>(if the_Bool b then c1 else c2)\<Colon>\<surd>"
  21.254 @@ -1899,7 +1899,7 @@
  21.255        with wt show ?thesis
  21.256          by simp
  21.257      qed
  21.258 -    -- {* Note that we don't have to show that @{term b} really is a boolean 
  21.259 +    \<comment> \<open>Note that we don't have to show that @{term b} really is a boolean 
  21.260            value. With @{term the_Bool} we enforce to get a value of boolean 
  21.261            type. So execution will be type safe, even if b would be
  21.262            a string, for example. We might not expect such a behaviour to be
  21.263 @@ -1907,18 +1907,18 @@
  21.264            the evaulation rule, so that it only has a type safe evaluation if
  21.265            we actually get a boolean value for the condition. That b is actually
  21.266            a boolean value is part of @{term hyp_e}. See also Loop 
  21.267 -       *}
  21.268 +\<close>
  21.269    next
  21.270      case (Loop s0 e b s1 c s2 l s3 L accC T A)
  21.271 -    note eval_e = `G\<turnstile>Norm s0 \<midarrow>e-\<succ>b\<rightarrow> s1`
  21.272 -    note hyp_e = `PROP ?TypeSafe (Norm s0) s1 (In1l e) (In1 b)`
  21.273 -    note conf_s0 = `Norm s0\<Colon>\<preceq>(G, L)`
  21.274 -    note wt = `\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>In1r (l\<bullet> While(e) c)\<Colon>T`
  21.275 +    note eval_e = \<open>G\<turnstile>Norm s0 \<midarrow>e-\<succ>b\<rightarrow> s1\<close>
  21.276 +    note hyp_e = \<open>PROP ?TypeSafe (Norm s0) s1 (In1l e) (In1 b)\<close>
  21.277 +    note conf_s0 = \<open>Norm s0\<Colon>\<preceq>(G, L)\<close>
  21.278 +    note wt = \<open>\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>In1r (l\<bullet> While(e) c)\<Colon>T\<close>
  21.279      then obtain wt_e: "\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>e\<Colon>-PrimT Boolean" and
  21.280                  wt_c: "\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>c\<Colon>\<surd>"
  21.281        by (rule wt_elim_cases) blast
  21.282 -    note da = `\<lparr>prg=G, cls=accC, lcl=L\<rparr>
  21.283 -            \<turnstile> dom (locals(store ((Norm s0)::state))) \<guillemotright>In1r (l\<bullet> While(e) c)\<guillemotright> A`
  21.284 +    note da = \<open>\<lparr>prg=G, cls=accC, lcl=L\<rparr>
  21.285 +            \<turnstile> dom (locals(store ((Norm s0)::state))) \<guillemotright>In1r (l\<bullet> While(e) c)\<guillemotright> A\<close>
  21.286      then
  21.287      obtain E C where
  21.288        da_e: "\<lparr>prg=G, cls=accC, lcl=L\<rparr>
  21.289 @@ -2041,7 +2041,7 @@
  21.290      qed
  21.291    next
  21.292      case (Jmp s j L accC T A)
  21.293 -    note `Norm s\<Colon>\<preceq>(G, L)`
  21.294 +    note \<open>Norm s\<Colon>\<preceq>(G, L)\<close>
  21.295      moreover
  21.296      from Jmp.prems 
  21.297      have "j=Ret \<longrightarrow> Result \<in> dom (locals (store ((Norm s)::state)))"
  21.298 @@ -2055,10 +2055,10 @@
  21.299        by simp
  21.300    next
  21.301      case (Throw s0 e a s1 L accC T A)
  21.302 -    note `G\<turnstile>Norm s0 \<midarrow>e-\<succ>a\<rightarrow> s1`
  21.303 -    note hyp = `PROP ?TypeSafe (Norm s0) s1 (In1l e) (In1 a)`
  21.304 -    note conf_s0 = `Norm s0\<Colon>\<preceq>(G, L)`
  21.305 -    note wt = `\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>In1r (Throw e)\<Colon>T`
  21.306 +    note \<open>G\<turnstile>Norm s0 \<midarrow>e-\<succ>a\<rightarrow> s1\<close>
  21.307 +    note hyp = \<open>PROP ?TypeSafe (Norm s0) s1 (In1l e) (In1 a)\<close>
  21.308 +    note conf_s0 = \<open>Norm s0\<Colon>\<preceq>(G, L)\<close>
  21.309 +    note wt = \<open>\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>In1r (Throw e)\<Colon>T\<close>
  21.310      then obtain tn 
  21.311        where      wt_e: "\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>e\<Colon>-Class tn" and
  21.312              throwable: "G\<turnstile>tn\<preceq>\<^sub>C SXcpt Throwable"
  21.313 @@ -2083,11 +2083,11 @@
  21.314        by simp
  21.315    next
  21.316      case (Try s0 c1 s1 s2 catchC vn c2 s3 L accC T A)
  21.317 -    note eval_c1 = `G\<turnstile>Norm s0 \<midarrow>c1\<rightarrow> s1`
  21.318 -    note sx_alloc = `G\<turnstile>s1 \<midarrow>sxalloc\<rightarrow> s2`
  21.319 -    note hyp_c1 = `PROP ?TypeSafe (Norm s0) s1 (In1r c1) \<diamondsuit>`
  21.320 -    note conf_s0 = `Norm s0\<Colon>\<preceq>(G, L)`
  21.321 -    note wt = `\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile>In1r (Try c1 Catch(catchC vn) c2)\<Colon>T`
  21.322 +    note eval_c1 = \<open>G\<turnstile>Norm s0 \<midarrow>c1\<rightarrow> s1\<close>
  21.323 +    note sx_alloc = \<open>G\<turnstile>s1 \<midarrow>sxalloc\<rightarrow> s2\<close>
  21.324 +    note hyp_c1 = \<open>PROP ?TypeSafe (Norm s0) s1 (In1r c1) \<diamondsuit>\<close>
  21.325 +    note conf_s0 = \<open>Norm s0\<Colon>\<preceq>(G, L)\<close>
  21.326 +    note wt = \<open>\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile>In1r (Try c1 Catch(catchC vn) c2)\<Colon>T\<close>
  21.327      then obtain 
  21.328        wt_c1: "\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile>c1\<Colon>\<surd>" and
  21.329        wt_c2: "\<lparr>prg=G,cls=accC,lcl=L(VName vn\<mapsto>Class catchC)\<rparr>\<turnstile>c2\<Colon>\<surd>" and
  21.330 @@ -2165,7 +2165,7 @@
  21.331            have "(dom (locals (store ((Norm s0)::state))) \<union> {VName vn}) 
  21.332                    \<subseteq> dom (locals (store (new_xcpt_var vn s2)))"
  21.333            proof -
  21.334 -            from `G\<turnstile>Norm s0 \<midarrow>c1\<rightarrow> s1`
  21.335 +            from \<open>G\<turnstile>Norm s0 \<midarrow>c1\<rightarrow> s1\<close>
  21.336              have "dom (locals (store ((Norm s0)::state))) 
  21.337                      \<subseteq> dom (locals (store s1))"
  21.338                by (rule dom_locals_eval_mono_elim)
  21.339 @@ -2200,15 +2200,15 @@
  21.340      qed
  21.341    next
  21.342      case (Fin s0 c1 x1 s1 c2 s2 s3 L accC T A)
  21.343 -    note eval_c1 = `G\<turnstile>Norm s0 \<midarrow>c1\<rightarrow> (x1, s1)`
  21.344 -    note eval_c2 = `G\<turnstile>Norm s1 \<midarrow>c2\<rightarrow> s2`
  21.345 -    note s3 = `s3 = (if \<exists>err. x1 = Some (Error err)
  21.346 +    note eval_c1 = \<open>G\<turnstile>Norm s0 \<midarrow>c1\<rightarrow> (x1, s1)\<close>
  21.347 +    note eval_c2 = \<open>G\<turnstile>Norm s1 \<midarrow>c2\<rightarrow> s2\<close>
  21.348 +    note s3 = \<open>s3 = (if \<exists>err. x1 = Some (Error err)
  21.349                       then (x1, s1)
  21.350 -                     else abupd (abrupt_if (x1 \<noteq> None) x1) s2)`
  21.351 -    note hyp_c1 = `PROP ?TypeSafe (Norm s0) (x1,s1) (In1r c1) \<diamondsuit>`
  21.352 -    note hyp_c2 = `PROP ?TypeSafe (Norm s1) s2      (In1r c2) \<diamondsuit>`
  21.353 -    note conf_s0 = `Norm s0\<Colon>\<preceq>(G, L)`
  21.354 -    note wt = `\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>In1r (c1 Finally c2)\<Colon>T`
  21.355 +                     else abupd (abrupt_if (x1 \<noteq> None) x1) s2)\<close>
  21.356 +    note hyp_c1 = \<open>PROP ?TypeSafe (Norm s0) (x1,s1) (In1r c1) \<diamondsuit>\<close>
  21.357 +    note hyp_c2 = \<open>PROP ?TypeSafe (Norm s1) s2      (In1r c2) \<diamondsuit>\<close>
  21.358 +    note conf_s0 = \<open>Norm s0\<Colon>\<preceq>(G, L)\<close>
  21.359 +    note wt = \<open>\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>In1r (c1 Finally c2)\<Colon>T\<close>
  21.360      then obtain
  21.361        wt_c1: "\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile>c1\<Colon>\<surd>" and
  21.362        wt_c2: "\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile>c2\<Colon>\<surd>"
  21.363 @@ -2270,9 +2270,9 @@
  21.364      qed
  21.365    next
  21.366      case (Init C c s0 s3 s1 s2 L accC T A)
  21.367 -    note cls = `the (class G C) = c`
  21.368 -    note conf_s0 = `Norm s0\<Colon>\<preceq>(G, L)`
  21.369 -    note wt = `\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>In1r (Init C)\<Colon>T`
  21.370 +    note cls = \<open>the (class G C) = c\<close>
  21.371 +    note conf_s0 = \<open>Norm s0\<Colon>\<preceq>(G, L)\<close>
  21.372 +    note wt = \<open>\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>In1r (Init C)\<Colon>T\<close>
  21.373      with cls
  21.374      have cls_C: "class G C = Some c"
  21.375        by - (erule wt_elim_cases, auto)
  21.376 @@ -2376,12 +2376,12 @@
  21.377      qed
  21.378    next
  21.379      case (NewC s0 C s1 a s2 L accC T A)
  21.380 -    note `G\<turnstile>Norm s0 \<midarrow>Init C\<rightarrow> s1`
  21.381 -    note halloc = `G\<turnstile>s1 \<midarrow>halloc CInst C\<succ>a\<rightarrow> s2`
  21.382 -    note hyp = `PROP ?TypeSafe (Norm s0) s1 (In1r (Init C)) \<diamondsuit>`
  21.383 -    note conf_s0 = `Norm s0\<Colon>\<preceq>(G, L)`
  21.384 +    note \<open>G\<turnstile>Norm s0 \<midarrow>Init C\<rightarrow> s1\<close>
  21.385 +    note halloc = \<open>G\<turnstile>s1 \<midarrow>halloc CInst C\<succ>a\<rightarrow> s2\<close>
  21.386 +    note hyp = \<open>PROP ?TypeSafe (Norm s0) s1 (In1r (Init C)) \<diamondsuit>\<close>
  21.387 +    note conf_s0 = \<open>Norm s0\<Colon>\<preceq>(G, L)\<close>
  21.388      moreover
  21.389 -    note wt = `\<lparr>prg=G, cls=accC, lcl=L\<rparr>\<turnstile>In1l (NewC C)\<Colon>T`
  21.390 +    note wt = \<open>\<lparr>prg=G, cls=accC, lcl=L\<rparr>\<turnstile>In1l (NewC C)\<Colon>T\<close>
  21.391      then obtain is_cls_C: "is_class G C" and
  21.392                         T: "T=Inl (Class C)"
  21.393        by (rule wt_elim_cases) (auto dest: is_acc_classD)
  21.394 @@ -2408,13 +2408,13 @@
  21.395        by auto
  21.396    next
  21.397      case (NewA s0 elT s1 e i s2 a s3 L accC T A)
  21.398 -    note eval_init = `G\<turnstile>Norm s0 \<midarrow>init_comp_ty elT\<rightarrow> s1`
  21.399 -    note eval_e = `G\<turnstile>s1 \<midarrow>e-\<succ>i\<rightarrow> s2`
  21.400 -    note halloc = `G\<turnstile>abupd (check_neg i) s2\<midarrow>halloc Arr elT (the_Intg i)\<succ>a\<rightarrow> s3`
  21.401 -    note hyp_init = `PROP ?TypeSafe (Norm s0) s1 (In1r (init_comp_ty elT)) \<diamondsuit>`
  21.402 -    note hyp_size = `PROP ?TypeSafe s1 s2 (In1l e) (In1 i)`
  21.403 -    note conf_s0 = `Norm s0\<Colon>\<preceq>(G, L)`
  21.404 -    note wt = `\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>In1l (New elT[e])\<Colon>T`
  21.405 +    note eval_init = \<open>G\<turnstile>Norm s0 \<midarrow>init_comp_ty elT\<rightarrow> s1\<close>
  21.406 +    note eval_e = \<open>G\<turnstile>s1 \<midarrow>e-\<succ>i\<rightarrow> s2\<close>
  21.407 +    note halloc = \<open>G\<turnstile>abupd (check_neg i) s2\<midarrow>halloc Arr elT (the_Intg i)\<succ>a\<rightarrow> s3\<close>
  21.408 +    note hyp_init = \<open>PROP ?TypeSafe (Norm s0) s1 (In1r (init_comp_ty elT)) \<diamondsuit>\<close>
  21.409 +    note hyp_size = \<open>PROP ?TypeSafe s1 s2 (In1l e) (In1 i)\<close>
  21.410 +    note conf_s0 = \<open>Norm s0\<Colon>\<preceq>(G, L)\<close>
  21.411 +    note wt = \<open>\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>In1l (New elT[e])\<Colon>T\<close>
  21.412      then obtain
  21.413        wt_init: "\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>init_comp_ty elT\<Colon>\<surd>" and
  21.414        wt_size: "\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>e\<Colon>-PrimT Integer" and
  21.415 @@ -2479,11 +2479,11 @@
  21.416        by simp
  21.417    next
  21.418      case (Cast s0 e v s1 s2 castT L accC T A)
  21.419 -    note `G\<turnstile>Norm s0 \<midarrow>e-\<succ>v\<rightarrow> s1`
  21.420 -    note s2 = `s2 = abupd (raise_if (\<not> G,store s1\<turnstile>v fits castT) ClassCast) s1`
  21.421 -    note hyp = `PROP ?TypeSafe (Norm s0) s1 (In1l e) (In1 v)`
  21.422 -    note conf_s0 = `Norm s0\<Colon>\<preceq>(G, L)`
  21.423 -    note wt = `\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>In1l (Cast castT e)\<Colon>T`
  21.424 +    note \<open>G\<turnstile>Norm s0 \<midarrow>e-\<succ>v\<rightarrow> s1\<close>
  21.425 +    note s2 = \<open>s2 = abupd (raise_if (\<not> G,store s1\<turnstile>v fits castT) ClassCast) s1\<close>
  21.426 +    note hyp = \<open>PROP ?TypeSafe (Norm s0) s1 (In1l e) (In1 v)\<close>
  21.427 +    note conf_s0 = \<open>Norm s0\<Colon>\<preceq>(G, L)\<close>
  21.428 +    note wt = \<open>\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>In1l (Cast castT e)\<Colon>T\<close>
  21.429      then obtain eT
  21.430        where wt_e: "\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>e\<Colon>-eT" and
  21.431                eT: "G\<turnstile>eT\<preceq>? castT" and 
  21.432 @@ -2525,8 +2525,8 @@
  21.433        by blast
  21.434    next
  21.435      case (Inst s0 e v s1 b instT L accC T A)
  21.436 -    note hyp = `PROP ?TypeSafe (Norm s0) s1 (In1l e) (In1 v)`
  21.437 -    note conf_s0 = `Norm s0\<Colon>\<preceq>(G, L)`
  21.438 +    note hyp = \<open>PROP ?TypeSafe (Norm s0) s1 (In1l e) (In1 v)\<close>
  21.439 +    note conf_s0 = \<open>Norm s0\<Colon>\<preceq>(G, L)\<close>
  21.440      from Inst.prems obtain eT
  21.441      where wt_e: "\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>e\<Colon>-RefT eT"  and
  21.442               T: "T=Inl (PrimT Boolean)" 
  21.443 @@ -2549,9 +2549,9 @@
  21.444                 intro: conf_litval simp add: empty_dt_def)
  21.445    next
  21.446      case (UnOp s0 e v s1 unop L accC T A)
  21.447 -    note hyp = `PROP ?TypeSafe (Norm s0) s1 (In1l e) (In1 v)`
  21.448 -    note conf_s0 = `Norm s0\<Colon>\<preceq>(G, L)`
  21.449 -    note wt = `\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>In1l (UnOp unop e)\<Colon>T`
  21.450 +    note hyp = \<open>PROP ?TypeSafe (Norm s0) s1 (In1l e) (In1 v)\<close>
  21.451 +    note conf_s0 = \<open>Norm s0\<Colon>\<preceq>(G, L)\<close>
  21.452 +    note wt = \<open>\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>In1l (UnOp unop e)\<Colon>T\<close>
  21.453      then obtain eT
  21.454        where    wt_e: "\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>e\<Colon>-eT" and
  21.455              wt_unop: "wt_unop unop eT" and
  21.456 @@ -2576,15 +2576,15 @@
  21.457        by simp
  21.458    next
  21.459      case (BinOp s0 e1 v1 s1 binop e2 v2 s2 L accC T A)
  21.460 -    note eval_e1 = `G\<turnstile>Norm s0 \<midarrow>e1-\<succ>v1\<rightarrow> s1`
  21.461 -    note eval_e2 = `G\<turnstile>s1 \<midarrow>(if need_second_arg binop v1 then In1l e2
  21.462 -                             else In1r Skip)\<succ>\<rightarrow> (In1 v2, s2)`
  21.463 -    note hyp_e1 = `PROP ?TypeSafe (Norm s0) s1 (In1l e1) (In1 v1)`
  21.464 -    note hyp_e2 = `PROP ?TypeSafe       s1  s2 
  21.465 +    note eval_e1 = \<open>G\<turnstile>Norm s0 \<midarrow>e1-\<succ>v1\<rightarrow> s1\<close>
  21.466 +    note eval_e2 = \<open>G\<turnstile>s1 \<midarrow>(if need_second_arg binop v1 then In1l e2
  21.467 +                             else In1r Skip)\<succ>\<rightarrow> (In1 v2, s2)\<close>
  21.468 +    note hyp_e1 = \<open>PROP ?TypeSafe (Norm s0) s1 (In1l e1) (In1 v1)\<close>
  21.469 +    note hyp_e2 = \<open>PROP ?TypeSafe       s1  s2 
  21.470                     (if need_second_arg binop v1 then In1l e2 else In1r Skip) 
  21.471 -                   (In1 v2)`
  21.472 -    note conf_s0 = `Norm s0\<Colon>\<preceq>(G, L)`
  21.473 -    note wt = `\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>In1l (BinOp binop e1 e2)\<Colon>T`
  21.474 +                   (In1 v2)\<close>
  21.475 +    note conf_s0 = \<open>Norm s0\<Colon>\<preceq>(G, L)\<close>
  21.476 +    note wt = \<open>\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>In1l (BinOp binop e1 e2)\<Colon>T\<close>
  21.477      then obtain e1T e2T where
  21.478           wt_e1: "\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>e1\<Colon>-e1T" and
  21.479           wt_e2: "\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>e2\<Colon>-e2T" and
  21.480 @@ -2597,8 +2597,8 @@
  21.481        daSkip: "\<lparr>prg=G,cls=accC,lcl=L\<rparr>
  21.482                    \<turnstile> dom (locals (store s1)) \<guillemotright>In1r Skip\<guillemotright> S"
  21.483        by (auto intro: da_Skip [simplified] assigned.select_convs)
  21.484 -    note da = `\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile> dom (locals (store ((Norm s0::state)))) 
  21.485 -                  \<guillemotright>\<langle>BinOp binop e1 e2\<rangle>\<^sub>e\<guillemotright> A`
  21.486 +    note da = \<open>\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile> dom (locals (store ((Norm s0::state)))) 
  21.487 +                  \<guillemotright>\<langle>BinOp binop e1 e2\<rangle>\<^sub>e\<guillemotright> A\<close>
  21.488      then obtain E1 where
  21.489        da_e1: "\<lparr>prg=G,cls=accC,lcl=L\<rparr>
  21.490                    \<turnstile> dom (locals (store ((Norm s0)::state))) \<guillemotright>In1l e1\<guillemotright> E1"
  21.491 @@ -2612,20 +2612,20 @@
  21.492      have conf_v:
  21.493        "G,L,snd s2\<turnstile>In1l (BinOp binop e1 e2)\<succ>In1 (eval_binop binop v1 v2)\<Colon>\<preceq>T"
  21.494        by (cases binop) auto
  21.495 -    -- {* Note that we don't use the information that v1 really is compatible 
  21.496 +    \<comment> \<open>Note that we don't use the information that v1 really is compatible 
  21.497            with the expected type e1T and v2 is compatible with e2T, 
  21.498 -          because @{text eval_binop} will anyway produce an output of 
  21.499 +          because \<open>eval_binop\<close> will anyway produce an output of 
  21.500            the right type.
  21.501            So evaluating the addition of an integer with a string is type
  21.502            safe. This is a little bit annoying since we may regard such a
  21.503            behaviour as not type safe.
  21.504 -          If we want to avoid this we can redefine @{text eval_binop} so that
  21.505 +          If we want to avoid this we can redefine \<open>eval_binop\<close> so that
  21.506            it only produces a output of proper type if it is assigned to 
  21.507            values of the expected types, and arbitrary if the inputs have 
  21.508            unexpected types. The proof can easily be adapted since we
  21.509            have the hypothesis that the values have a proper type.
  21.510            This also applies to unary operations.
  21.511 -       *}
  21.512 +\<close>
  21.513      from eval_e1 have 
  21.514        s0_s1:"dom (locals (store ((Norm s0)::state))) \<subseteq> dom (locals (store s1))"
  21.515        by (rule dom_locals_eval_mono_elim)
  21.516 @@ -2667,8 +2667,8 @@
  21.517      qed
  21.518    next
  21.519      case (Super s L accC T A)
  21.520 -    note conf_s = `Norm s\<Colon>\<preceq>(G, L)`
  21.521 -    note wt = `\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>In1l Super\<Colon>T`
  21.522 +    note conf_s = \<open>Norm s\<Colon>\<preceq>(G, L)\<close>
  21.523 +    note wt = \<open>\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>In1l Super\<Colon>T\<close>
  21.524      then obtain C c where
  21.525               C: "L This = Some (Class C)" and
  21.526         neq_Obj: "C\<noteq>Object" and
  21.527 @@ -2692,8 +2692,8 @@
  21.528        by simp
  21.529    next
  21.530      case (Acc s0 v w upd s1 L accC T A)
  21.531 -    note hyp = `PROP ?TypeSafe (Norm s0) s1 (In2 v) (In2 (w,upd))`
  21.532 -    note conf_s0 = `Norm s0\<Colon>\<preceq>(G, L)`
  21.533 +    note hyp = \<open>PROP ?TypeSafe (Norm s0) s1 (In2 v) (In2 (w,upd))\<close>
  21.534 +    note conf_s0 = \<open>Norm s0\<Colon>\<preceq>(G, L)\<close>
  21.535      from Acc.prems obtain vT where
  21.536        wt_v: "\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>v\<Colon>=vT" and
  21.537           T: "T=Inl vT"
  21.538 @@ -2712,7 +2712,7 @@
  21.539          also
  21.540          have "dom (locals s0) \<subseteq> dom (locals (store s1))"
  21.541          proof -
  21.542 -          from `G\<turnstile>Norm s0 \<midarrow>v=\<succ>(w, upd)\<rightarrow> s1`
  21.543 +          from \<open>G\<turnstile>Norm s0 \<midarrow>v=\<succ>(w, upd)\<rightarrow> s1\<close>
  21.544            show ?thesis
  21.545              by (rule dom_locals_eval_mono_elim) simp
  21.546          qed
  21.547 @@ -2732,12 +2732,12 @@
  21.548        by simp
  21.549    next
  21.550      case (Ass s0 var w upd s1 e v s2 L accC T A)
  21.551 -    note eval_var = `G\<turnstile>Norm s0 \<midarrow>var=\<succ>(w, upd)\<rightarrow> s1`
  21.552 -    note eval_e = `G\<turnstile>s1 \<midarrow>e-\<succ>v\<rightarrow> s2`
  21.553 -    note hyp_var = `PROP ?TypeSafe (Norm s0) s1 (In2 var) (In2 (w,upd))`
  21.554 -    note hyp_e = `PROP ?TypeSafe s1 s2 (In1l e) (In1 v)`
  21.555 -    note conf_s0 = `Norm s0\<Colon>\<preceq>(G, L)`
  21.556 -    note wt = `\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>In1l (var:=e)\<Colon>T`
  21.557 +    note eval_var = \<open>G\<turnstile>Norm s0 \<midarrow>var=\<succ>(w, upd)\<rightarrow> s1\<close>
  21.558 +    note eval_e = \<open>G\<turnstile>s1 \<midarrow>e-\<succ>v\<rightarrow> s2\<close>
  21.559 +    note hyp_var = \<open>PROP ?TypeSafe (Norm s0) s1 (In2 var) (In2 (w,upd))\<close>
  21.560 +    note hyp_e = \<open>PROP ?TypeSafe s1 s2 (In1l e) (In1 v)\<close>
  21.561 +    note conf_s0 = \<open>Norm s0\<Colon>\<preceq>(G, L)\<close>
  21.562 +    note wt = \<open>\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>In1l (var:=e)\<Colon>T\<close>
  21.563      then obtain varT eT where
  21.564           wt_var: "\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>var\<Colon>=varT" and
  21.565             wt_e: "\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>e\<Colon>-eT" and
  21.566 @@ -2889,13 +2889,13 @@
  21.567      qed
  21.568    next
  21.569      case (Cond s0 e0 b s1 e1 e2 v s2 L accC T A)
  21.570 -    note eval_e0 = `G\<turnstile>Norm s0 \<midarrow>e0-\<succ>b\<rightarrow> s1`
  21.571 -    note eval_e1_e2 = `G\<turnstile>s1 \<midarrow>(if the_Bool b then e1 else e2)-\<succ>v\<rightarrow> s2`
  21.572 -    note hyp_e0 = `PROP ?TypeSafe (Norm s0) s1 (In1l e0) (In1 b)`
  21.573 -    note hyp_if = `PROP ?TypeSafe s1 s2
  21.574 -                       (In1l (if the_Bool b then e1 else e2)) (In1 v)`
  21.575 -    note conf_s0 = `Norm s0\<Colon>\<preceq>(G, L)`
  21.576 -    note wt = `\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>In1l (e0 ? e1 : e2)\<Colon>T`
  21.577 +    note eval_e0 = \<open>G\<turnstile>Norm s0 \<midarrow>e0-\<succ>b\<rightarrow> s1\<close>
  21.578 +    note eval_e1_e2 = \<open>G\<turnstile>s1 \<midarrow>(if the_Bool b then e1 else e2)-\<succ>v\<rightarrow> s2\<close>
  21.579 +    note hyp_e0 = \<open>PROP ?TypeSafe (Norm s0) s1 (In1l e0) (In1 b)\<close>
  21.580 +    note hyp_if = \<open>PROP ?TypeSafe s1 s2
  21.581 +                       (In1l (if the_Bool b then e1 else e2)) (In1 v)\<close>
  21.582 +    note conf_s0 = \<open>Norm s0\<Colon>\<preceq>(G, L)\<close>
  21.583 +    note wt = \<open>\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>In1l (e0 ? e1 : e2)\<Colon>T\<close>
  21.584      then obtain T1 T2 statT where
  21.585        wt_e0: "\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>e0\<Colon>-PrimT Boolean" and
  21.586        wt_e1: "\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>e1\<Colon>-T1" and
  21.587 @@ -2983,24 +2983,24 @@
  21.588    next
  21.589      case (Call s0 e a s1 args vs s2 invDeclC mode statT mn pTs' s3 s3' accC'
  21.590             v s4 L accC T A)
  21.591 -    note eval_e = `G\<turnstile>Norm s0 \<midarrow>e-\<succ>a\<rightarrow> s1`
  21.592 -    note eval_args = `G\<turnstile>s1 \<midarrow>args\<doteq>\<succ>vs\<rightarrow> s2`
  21.593 -    note invDeclC = `invDeclC 
  21.594 +    note eval_e = \<open>G\<turnstile>Norm s0 \<midarrow>e-\<succ>a\<rightarrow> s1\<close>
  21.595 +    note eval_args = \<open>G\<turnstile>s1 \<midarrow>args\<doteq>\<succ>vs\<rightarrow> s2\<close>
  21.596 +    note invDeclC = \<open>invDeclC 
  21.597                        = invocation_declclass G mode (store s2) a statT 
  21.598 -                           \<lparr>name = mn, parTs = pTs'\<rparr>`
  21.599 +                           \<lparr>name = mn, parTs = pTs'\<rparr>\<close>
  21.600      note init_lvars =
  21.601 -      `s3 = init_lvars G invDeclC \<lparr>name = mn, parTs = pTs'\<rparr> mode a vs s2`
  21.602 -    note check = `s3' =
  21.603 -        check_method_access G accC' statT mode \<lparr>name = mn, parTs = pTs'\<rparr> a s3`
  21.604 +      \<open>s3 = init_lvars G invDeclC \<lparr>name = mn, parTs = pTs'\<rparr> mode a vs s2\<close>
  21.605 +    note check = \<open>s3' =
  21.606 +        check_method_access G accC' statT mode \<lparr>name = mn, parTs = pTs'\<rparr> a s3\<close>
  21.607      note eval_methd =
  21.608 -      `G\<turnstile>s3' \<midarrow>Methd invDeclC \<lparr>name = mn, parTs = pTs'\<rparr>-\<succ>v\<rightarrow> s4`
  21.609 -    note hyp_e = `PROP ?TypeSafe (Norm s0) s1 (In1l e) (In1 a)`
  21.610 -    note hyp_args = `PROP ?TypeSafe s1 s2 (In3 args) (In3 vs)`
  21.611 -    note hyp_methd = `PROP ?TypeSafe s3' s4 
  21.612 -        (In1l (Methd invDeclC \<lparr>name = mn, parTs = pTs'\<rparr>)) (In1 v)`
  21.613 -    note conf_s0 = `Norm s0\<Colon>\<preceq>(G, L)`
  21.614 -    note wt = `\<lparr>prg=G, cls=accC, lcl=L\<rparr>
  21.615 -        \<turnstile>In1l ({accC',statT,mode}e\<cdot>mn( {pTs'}args))\<Colon>T`
  21.616 +      \<open>G\<turnstile>s3' \<midarrow>Methd invDeclC \<lparr>name = mn, parTs = pTs'\<rparr>-\<succ>v\<rightarrow> s4\<close>
  21.617 +    note hyp_e = \<open>PROP ?TypeSafe (Norm s0) s1 (In1l e) (In1 a)\<close>
  21.618 +    note hyp_args = \<open>PROP ?TypeSafe s1 s2 (In3 args) (In3 vs)\<close>
  21.619 +    note hyp_methd = \<open>PROP ?TypeSafe s3' s4 
  21.620 +        (In1l (Methd invDeclC \<lparr>name = mn, parTs = pTs'\<rparr>)) (In1 v)\<close>
  21.621 +    note conf_s0 = \<open>Norm s0\<Colon>\<preceq>(G, L)\<close>
  21.622 +    note wt = \<open>\<lparr>prg=G, cls=accC, lcl=L\<rparr>
  21.623 +        \<turnstile>In1l ({accC',statT,mode}e\<cdot>mn( {pTs'}args))\<Colon>T\<close>
  21.624      from wt obtain pTs statDeclT statM where
  21.625                   wt_e: "\<lparr>prg=G, cls=accC, lcl=L\<rparr>\<turnstile>e\<Colon>-RefT statT" and
  21.626                wt_args: "\<lparr>prg=G, cls=accC, lcl=L\<rparr>\<turnstile>args\<Colon>\<doteq>pTs" and
  21.627 @@ -3325,10 +3325,10 @@
  21.628      qed
  21.629    next
  21.630      case (Methd s0 D sig v s1 L accC T A)
  21.631 -    note `G\<turnstile>Norm s0 \<midarrow>body G D sig-\<succ>v\<rightarrow> s1`
  21.632 -    note hyp = `PROP ?TypeSafe (Norm s0) s1 (In1l (body G D sig)) (In1 v)`
  21.633 -    note conf_s0 = `Norm s0\<Colon>\<preceq>(G, L)`
  21.634 -    note wt = `\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>In1l (Methd D sig)\<Colon>T`
  21.635 +    note \<open>G\<turnstile>Norm s0 \<midarrow>body G D sig-\<succ>v\<rightarrow> s1\<close>
  21.636 +    note hyp = \<open>PROP ?TypeSafe (Norm s0) s1 (In1l (body G D sig)) (In1 v)\<close>
  21.637 +    note conf_s0 = \<open>Norm s0\<Colon>\<preceq>(G, L)\<close>
  21.638 +    note wt = \<open>\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>In1l (Methd D sig)\<Colon>T\<close>
  21.639      then obtain m bodyT where
  21.640        D: "is_class G D" and
  21.641        m: "methd G D sig = Some m" and
  21.642 @@ -3350,12 +3350,12 @@
  21.643        by (auto simp add: Let_def body_def)
  21.644    next
  21.645      case (Body s0 D s1 c s2 s3 L accC T A)
  21.646 -    note eval_init = `G\<turnstile>Norm s0 \<midarrow>Init D\<rightarrow> s1`
  21.647 -    note eval_c = `G\<turnstile>s1 \<midarrow>c\<rightarrow> s2`
  21.648 -    note hyp_init = `PROP ?TypeSafe (Norm s0) s1 (In1r (Init D)) \<diamondsuit>`
  21.649 -    note hyp_c = `PROP ?TypeSafe s1 s2 (In1r c) \<diamondsuit>`
  21.650 -    note conf_s0 = `Norm s0\<Colon>\<preceq>(G, L)`
  21.651 -    note wt = `\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>In1l (Body D c)\<Colon>T`
  21.652 +    note eval_init = \<open>G\<turnstile>Norm s0 \<midarrow>Init D\<rightarrow> s1\<close>
  21.653 +    note eval_c = \<open>G\<turnstile>s1 \<midarrow>c\<rightarrow> s2\<close>
  21.654 +    note hyp_init = \<open>PROP ?TypeSafe (Norm s0) s1 (In1r (Init D)) \<diamondsuit>\<close>
  21.655 +    note hyp_c = \<open>PROP ?TypeSafe s1 s2 (In1r c) \<diamondsuit>\<close>
  21.656 +    note conf_s0 = \<open>Norm s0\<Colon>\<preceq>(G, L)\<close>
  21.657 +    note wt = \<open>\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>In1l (Body D c)\<Colon>T\<close>
  21.658      then obtain bodyT where
  21.659           iscls_D: "is_class G D" and
  21.660              wt_c: "\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>c\<Colon>\<surd>" and
  21.661 @@ -3413,10 +3413,10 @@
  21.662        have "\<And> j. abrupt s2 = Some (Jump j) \<Longrightarrow> j=Ret"
  21.663          by (rule jumpNestingOk_evalE) (auto intro: jmpOk simp add: s1_no_jmp)
  21.664        moreover 
  21.665 -      note `s3 =
  21.666 +      note \<open>s3 =
  21.667                  (if \<exists>l. abrupt s2 = Some (Jump (Break l)) \<or> 
  21.668                          abrupt s2 = Some (Jump (Cont l))
  21.669 -                 then abupd (\<lambda>x. Some (Error CrossMethodJump)) s2 else s2)`
  21.670 +                 then abupd (\<lambda>x. Some (Error CrossMethodJump)) s2 else s2)\<close>
  21.671        ultimately show ?thesis
  21.672          by force
  21.673      qed
  21.674 @@ -3451,8 +3451,8 @@
  21.675        by (cases s2) (auto intro: conforms_locals)
  21.676    next
  21.677      case (LVar s vn L accC T)
  21.678 -    note conf_s = `Norm s\<Colon>\<preceq>(G, L)` and
  21.679 -      wt = `\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>In2 (LVar vn)\<Colon>T`
  21.680 +    note conf_s = \<open>Norm s\<Colon>\<preceq>(G, L)\<close> and
  21.681 +      wt = \<open>\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>In2 (LVar vn)\<Colon>T\<close>
  21.682      then obtain vnT where
  21.683        vnT: "L vn = Some vnT" and
  21.684          T: "T=Inl vnT"
  21.685 @@ -3474,14 +3474,14 @@
  21.686        by (simp add: lvar_def) 
  21.687    next
  21.688      case (FVar s0 statDeclC s1 e a s2 v s2' stat fn s3 accC L accC' T A)
  21.689 -    note eval_init = `G\<turnstile>Norm s0 \<midarrow>Init statDeclC\<rightarrow> s1`
  21.690 -    note eval_e = `G\<turnstile>s1 \<midarrow>e-\<succ>a\<rightarrow> s2`
  21.691 -    note fvar = `(v, s2') = fvar statDeclC stat fn a s2`
  21.692 -    note check = `s3 = check_field_access G accC statDeclC fn stat a s2'`
  21.693 -    note hyp_init = `PROP ?TypeSafe (Norm s0) s1 (In1r (Init statDeclC)) \<diamondsuit>`
  21.694 -    note hyp_e = `PROP ?TypeSafe s1 s2 (In1l e) (In1 a)`
  21.695 -    note conf_s0 = `Norm s0\<Colon>\<preceq>(G, L)`
  21.696 -    note wt = `\<lparr>prg=G, cls=accC', lcl=L\<rparr>\<turnstile>In2 ({accC,statDeclC,stat}e..fn)\<Colon>T`
  21.697 +    note eval_init = \<open>G\<turnstile>Norm s0 \<midarrow>Init statDeclC\<rightarrow> s1\<close>
  21.698 +    note eval_e = \<open>G\<turnstile>s1 \<midarrow>e-\<succ>a\<rightarrow> s2\<close>
  21.699 +    note fvar = \<open>(v, s2') = fvar statDeclC stat fn a s2\<close>
  21.700 +    note check = \<open>s3 = check_field_access G accC statDeclC fn stat a s2'\<close>
  21.701 +    note hyp_init = \<open>PROP ?TypeSafe (Norm s0) s1 (In1r (Init statDeclC)) \<diamondsuit>\<close>
  21.702 +    note hyp_e = \<open>PROP ?TypeSafe s1 s2 (In1l e) (In1 a)\<close>
  21.703 +    note conf_s0 = \<open>Norm s0\<Colon>\<preceq>(G, L)\<close>
  21.704 +    note wt = \<open>\<lparr>prg=G, cls=accC', lcl=L\<rparr>\<turnstile>In2 ({accC,statDeclC,stat}e..fn)\<Colon>T\<close>
  21.705      then obtain statC f where
  21.706                  wt_e: "\<lparr>prg=G, cls=accC, lcl=L\<rparr>\<turnstile>e\<Colon>-Class statC" and
  21.707              accfield: "accfield G accC statC fn = Some (statDeclC,f)" and
  21.708 @@ -3590,13 +3590,13 @@
  21.709        by auto
  21.710    next
  21.711      case (AVar s0 e1 a s1 e2 i s2 v s2' L accC T A)
  21.712 -    note eval_e1 = `G\<turnstile>Norm s0 \<midarrow>e1-\<succ>a\<rightarrow> s1`
  21.713 -    note eval_e2 = `G\<turnstile>s1 \<midarrow>e2-\<succ>i\<rightarrow> s2`
  21.714 -    note hyp_e1 = `PROP ?TypeSafe (Norm s0) s1 (In1l e1) (In1 a)`
  21.715 -    note hyp_e2 = `PROP ?TypeSafe s1 s2 (In1l e2) (In1 i)`
  21.716 -    note avar = `(v, s2') = avar G i a s2`
  21.717 -    note conf_s0 = `Norm s0\<Colon>\<preceq>(G, L)`
  21.718 -    note wt = `\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>In2 (e1.[e2])\<Colon>T`
  21.719 +    note eval_e1 = \<open>G\<turnstile>Norm s0 \<midarrow>e1-\<succ>a\<rightarrow> s1\<close>
  21.720 +    note eval_e2 = \<open>G\<turnstile>s1 \<midarrow>e2-\<succ>i\<rightarrow> s2\<close>
  21.721 +    note hyp_e1 = \<open>PROP ?TypeSafe (Norm s0) s1 (In1l e1) (In1 a)\<close>
  21.722 +    note hyp_e2 = \<open>PROP ?TypeSafe s1 s2 (In1l e2) (In1 i)\<close>
  21.723 +    note avar = \<open>(v, s2') = avar G i a s2\<close>
  21.724 +    note conf_s0 = \<open>Norm s0\<Colon>\<preceq>(G, L)\<close>
  21.725 +    note wt = \<open>\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>In2 (e1.[e2])\<Colon>T\<close>
  21.726      then obtain elemT
  21.727         where wt_e1: "\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile>e1\<Colon>-elemT.[]" and
  21.728               wt_e2: "\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile>e2\<Colon>-PrimT Integer" and
  21.729 @@ -3690,12 +3690,12 @@
  21.730        by (auto elim!: wt_elim_cases)
  21.731    next
  21.732      case (Cons s0 e v s1 es vs s2 L accC T A)
  21.733 -    note eval_e = `G\<turnstile>Norm s0 \<midarrow>e-\<succ>v\<rightarrow> s1`
  21.734 -    note eval_es = `G\<turnstile>s1 \<midarrow>es\<doteq>\<succ>vs\<rightarrow> s2`
  21.735 -    note hyp_e = `PROP ?TypeSafe (Norm s0) s1 (In1l e) (In1 v)`
  21.736 -    note hyp_es = `PROP ?TypeSafe s1 s2 (In3 es) (In3 vs)`
  21.737 -    note conf_s0 = `Norm s0\<Colon>\<preceq>(G, L)`
  21.738 -    note wt = `\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>In3 (e # es)\<Colon>T`
  21.739 +    note eval_e = \<open>G\<turnstile>Norm s0 \<midarrow>e-\<succ>v\<rightarrow> s1\<close>
  21.740 +    note eval_es = \<open>G\<turnstile>s1 \<midarrow>es\<doteq>\<succ>vs\<rightarrow> s2\<close>
  21.741 +    note hyp_e = \<open>PROP ?TypeSafe (Norm s0) s1 (In1l e) (In1 v)\<close>
  21.742 +    note hyp_es = \<open>PROP ?TypeSafe s1 s2 (In3 es) (In3 vs)\<close>
  21.743 +    note conf_s0 = \<open>Norm s0\<Colon>\<preceq>(G, L)\<close>
  21.744 +    note wt = \<open>\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>In3 (e # es)\<Colon>T\<close>
  21.745      then obtain eT esT where
  21.746         wt_e: "\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>e\<Colon>-eT" and
  21.747         wt_es: "\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>es\<Colon>\<doteq>esT" and
  21.748 @@ -3749,10 +3749,10 @@
  21.749    from this and conf_s0 wt da show ?thesis .
  21.750  qed
  21.751  
  21.752 -text {* 
  21.753 +text \<open>
  21.754  
  21.755  
  21.756 -*} (* dummy text command to break paragraph for latex;
  21.757 +\<close> (* dummy text command to break paragraph for latex;
  21.758                large paragraphs exhaust memory of debian pdflatex *)
  21.759  
  21.760  corollary eval_type_soundE [consumes 5]:
  21.761 @@ -3823,7 +3823,7 @@
  21.762  
  21.763  subsection "Ideas for the future"
  21.764  
  21.765 -text {* In the type soundness proof and the correctness proof of 
  21.766 +text \<open>In the type soundness proof and the correctness proof of 
  21.767  definite assignment we perform induction on the evaluation relation with the 
  21.768  further preconditions that the term is welltyped and definitely assigned. During
  21.769  the proofs we have to establish the welltypedness and definite assignment of 
  21.770 @@ -3833,7 +3833,7 @@
  21.771  evaluation of a wellformed term, were these propagations is already done, once
  21.772  and forever. 
  21.773  Then we can do the proofs with this rule and can enjoy the time we have saved.
  21.774 -Here is a first and incomplete sketch of such a rule.*}
  21.775 +Here is a first and incomplete sketch of such a rule.\<close>
  21.776  theorem wellformed_eval_induct [consumes 4, case_names Abrupt Skip Expr Lab 
  21.777                                  Comp If]:
  21.778    assumes  eval: "G\<turnstile>s0 \<midarrow>t\<succ>\<rightarrow> (v,s1)" 
  21.779 @@ -3926,8 +3926,8 @@
  21.780        by (rule lab)
  21.781    next
  21.782      case (Comp s0 c1 s1 c2 s2 L accC T A) 
  21.783 -    note eval_c1 = `G\<turnstile>Norm s0 \<midarrow>c1\<rightarrow> s1`
  21.784 -    note eval_c2 = `G\<turnstile>s1 \<midarrow>c2\<rightarrow> s2`
  21.785 +    note eval_c1 = \<open>G\<turnstile>Norm s0 \<midarrow>c1\<rightarrow> s1\<close>
  21.786 +    note eval_c2 = \<open>G\<turnstile>s1 \<midarrow>c2\<rightarrow> s2\<close>
  21.787      from Comp.prems obtain 
  21.788        wt_c1: "\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>c1\<Colon>\<surd>" and
  21.789        wt_c2: "\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>c2\<Colon>\<surd>"
  21.790 @@ -3969,8 +3969,8 @@
  21.791        by (rule comp) iprover+
  21.792    next
  21.793      case (If s0 e b s1 c1 c2 s2 L accC T A)
  21.794 -    note eval_e = `G\<turnstile>Norm s0 \<midarrow>e-\<succ>b\<rightarrow> s1`
  21.795 -    note eval_then_else = `G\<turnstile>s1 \<midarrow>(if the_Bool b then c1 else c2)\<rightarrow> s2`
  21.796 +    note eval_e = \<open>G\<turnstile>Norm s0 \<midarrow>e-\<succ>b\<rightarrow> s1\<close>
  21.797 +    note eval_then_else = \<open>G\<turnstile>s1 \<midarrow>(if the_Bool b then c1 else c2)\<rightarrow> s2\<close>
  21.798      from If.prems
  21.799      obtain 
  21.800                wt_e: "\<lparr>prg=G, cls=accC, lcl=L\<rparr>\<turnstile>e\<Colon>-PrimT Boolean" and
    22.1 --- a/src/HOL/Bali/Value.thy	Sat Jan 02 18:46:36 2016 +0100
    22.2 +++ b/src/HOL/Bali/Value.thy	Sat Jan 02 18:48:45 2016 +0100
    22.3 @@ -1,20 +1,20 @@
    22.4  (*  Title:      HOL/Bali/Value.thy
    22.5      Author:     David von Oheimb
    22.6  *)
    22.7 -subsection {* Java values *}
    22.8 +subsection \<open>Java values\<close>
    22.9  
   22.10  
   22.11  
   22.12  theory Value imports Type begin
   22.13  
   22.14 -typedecl loc            --{* locations, i.e. abstract references on objects *}
   22.15 +typedecl loc            \<comment>\<open>locations, i.e. abstract references on objects\<close>
   22.16  
   22.17  datatype val
   22.18 -        = Unit          --{* dummy result value of void methods *}
   22.19 -        | Bool bool     --{* Boolean value *}
   22.20 -        | Intg int      --{* integer value *}
   22.21 -        | Null          --{* null reference *}
   22.22 -        | Addr loc      --{* addresses, i.e. locations of objects *}
   22.23 +        = Unit          \<comment>\<open>dummy result value of void methods\<close>
   22.24 +        | Bool bool     \<comment>\<open>Boolean value\<close>
   22.25 +        | Intg int      \<comment>\<open>integer value\<close>
   22.26 +        | Null          \<comment>\<open>null reference\<close>
   22.27 +        | Addr loc      \<comment>\<open>addresses, i.e. locations of objects\<close>
   22.28  
   22.29  
   22.30  primrec the_Bool :: "val \<Rightarrow> bool"
   22.31 @@ -36,13 +36,13 @@
   22.32  | "typeof dt  Null = Some NT"
   22.33  | "typeof dt (Addr a) = dt a"
   22.34  
   22.35 -primrec defpval :: "prim_ty \<Rightarrow> val"  --{* default value for primitive types *}
   22.36 +primrec defpval :: "prim_ty \<Rightarrow> val"  \<comment>\<open>default value for primitive types\<close>
   22.37  where
   22.38    "defpval Void = Unit"
   22.39  | "defpval Boolean = Bool False"
   22.40  | "defpval Integer = Intg 0"
   22.41  
   22.42 -primrec default_val :: "ty \<Rightarrow> val"  --{* default value for all types *}
   22.43 +primrec default_val :: "ty \<Rightarrow> val"  \<comment>\<open>default value for all types\<close>
   22.44  where
   22.45    "default_val (PrimT pt) = defpval pt"
   22.46  | "default_val (RefT  r ) = Null"
    23.1 --- a/src/HOL/Bali/WellForm.thy	Sat Jan 02 18:46:36 2016 +0100
    23.2 +++ b/src/HOL/Bali/WellForm.thy	Sat Jan 02 18:48:45 2016 +0100
    23.3 @@ -2,10 +2,10 @@
    23.4      Author:     David von Oheimb and Norbert Schirmer
    23.5  *)
    23.6  
    23.7 -subsection {* Well-formedness of Java programs *}
    23.8 +subsection \<open>Well-formedness of Java programs\<close>
    23.9  theory WellForm imports DefiniteAssignment begin
   23.10  
   23.11 -text {*
   23.12 +text \<open>
   23.13  For static checks on expressions and statements, see WellType.thy
   23.14  
   23.15  improvements over Java Specification 1.0 (cf. 8.4.6.3, 8.4.6.4, 9.4.1):
   23.16 @@ -25,11 +25,11 @@
   23.17  \item Object and standard exceptions are assumed to be declared like normal 
   23.18        classes
   23.19  \end{itemize}
   23.20 -*}
   23.21 +\<close>
   23.22  
   23.23  subsubsection "well-formed field declarations"
   23.24 -text  {* well-formed field declaration (common part for classes and interfaces),
   23.25 -        cf. 8.3 and (9.3) *}
   23.26 +text  \<open>well-formed field declaration (common part for classes and interfaces),
   23.27 +        cf. 8.3 and (9.3)\<close>
   23.28  
   23.29  definition
   23.30    wf_fdecl :: "prog \<Rightarrow> pname \<Rightarrow> fdecl \<Rightarrow> bool"
   23.31 @@ -46,7 +46,7 @@
   23.32    (*well-formed method declaration,cf. 8.4, 8.4.1, 8.4.3, 8.4.5, 14.3.2, (9.4)*)
   23.33    (* cf. 14.15, 15.7.2, for scope issues cf. 8.4.1 and 14.3.2 *)
   23.34  
   23.35 -text {*
   23.36 +text \<open>
   23.37  A method head is wellformed if:
   23.38  \begin{itemize}
   23.39  \item the signature and the method head agree in the number of parameters
   23.40 @@ -54,7 +54,7 @@
   23.41  \item the result type is visible
   23.42  \item the parameter names are unique
   23.43  \end{itemize} 
   23.44 -*}
   23.45 +\<close>
   23.46  definition
   23.47    wf_mhead :: "prog \<Rightarrow> pname \<Rightarrow> sig \<Rightarrow> mhead \<Rightarrow> bool" where
   23.48    "wf_mhead G P = (\<lambda> sig mh. length (parTs sig) = length (pars mh) \<and>
   23.49 @@ -63,7 +63,7 @@
   23.50                              distinct (pars mh))"
   23.51  
   23.52  
   23.53 -text {*
   23.54 +text \<open>
   23.55  A method declaration is wellformed if:
   23.56  \begin{itemize}
   23.57  \item the method head is wellformed
   23.58 @@ -76,7 +76,7 @@
   23.59        the parameters the special result variable (Res) and This are assoziated
   23.60        with there types. 
   23.61  \end{itemize}
   23.62 -*}
   23.63 +\<close>
   23.64  
   23.65  definition
   23.66    callee_lcl :: "qtname \<Rightarrow> sig \<Rightarrow> methd \<Rightarrow> lenv" where
   23.67 @@ -205,7 +205,7 @@
   23.68  subsubsection "well-formed interface declarations"
   23.69    (* well-formed interface declaration, cf. 9.1, 9.1.2.1, 9.1.3, 9.4 *)
   23.70  
   23.71 -text {*
   23.72 +text \<open>
   23.73  A interface declaration is wellformed if:
   23.74  \begin{itemize}
   23.75  \item the interface hierarchy is wellstructured
   23.76 @@ -219,7 +219,7 @@
   23.77  \item the result type of a method overriding a set of methods defined in the
   23.78        superinterfaces widens to each of the corresponding result types
   23.79  \end{itemize}
   23.80 -*}
   23.81 +\<close>
   23.82  definition
   23.83    wf_idecl :: "prog  \<Rightarrow> idecl \<Rightarrow> bool" where
   23.84   "wf_idecl G =
   23.85 @@ -277,7 +277,7 @@
   23.86    (* well-formed class declaration, cf. 8.1, 8.1.2.1, 8.1.2.2, 8.1.3, 8.1.4 and
   23.87     class method declaration, cf. 8.4.3.3, 8.4.6.1, 8.4.6.2, 8.4.6.3, 8.4.6.4 *)
   23.88  
   23.89 -text {*
   23.90 +text \<open>
   23.91  A class declaration is wellformed if:
   23.92  \begin{itemize}
   23.93  \item there is no interface with the same name
   23.94 @@ -320,7 +320,7 @@
   23.95        \end{itemize}
   23.96  
   23.97  \end{itemize}
   23.98 -*}
   23.99 +\<close>
  23.100  (* to Table *)
  23.101  definition
  23.102    entails :: "('a,'b) table \<Rightarrow> ('b \<Rightarrow> bool) \<Rightarrow> bool" ("_ entails _" 20)
  23.103 @@ -503,7 +503,7 @@
  23.104  subsubsection "well-formed programs"
  23.105    (* well-formed program, cf. 8.1, 9.1 *)
  23.106  
  23.107 -text {*
  23.108 +text \<open>
  23.109  A program declaration is wellformed if:
  23.110  \begin{itemize}
  23.111  \item the class ObjectC of Object is defined
  23.112 @@ -512,12 +512,12 @@
  23.113        necessary since every interface automatically inherits from Object.  
  23.114        We must know, that every time a Object method is "overriden" by an 
  23.115        interface method this is also overriden by the class implementing the
  23.116 -      the interface (see @{text "implement_dynmethd and class_mheadsD"})
  23.117 +      the interface (see \<open>implement_dynmethd and class_mheadsD\<close>)
  23.118  \item all standard Exceptions are defined
  23.119  \item all defined interfaces are wellformed
  23.120  \item all defined classes are wellformed
  23.121  \end{itemize}
  23.122 -*}
  23.123 +\<close>
  23.124  definition
  23.125    wf_prog :: "prog \<Rightarrow> bool" where
  23.126   "wf_prog G = (let is = ifaces G; cs = classes G in
  23.127 @@ -811,7 +811,7 @@
  23.128      by (cases new, cases old) auto
  23.129  qed
  23.130  
  23.131 -text {* Compare this lemma about static  
  23.132 +text \<open>Compare this lemma about static  
  23.133  overriding @{term "G \<turnstile>new overrides\<^sub>S old"} with the definition of 
  23.134  dynamic overriding @{term "G \<turnstile>new overrides old"}. 
  23.135  Conforming result types and restrictions on the access modifiers of the old 
  23.136 @@ -820,8 +820,8 @@
  23.137  no restrictions on the access modifiers but enforces confrom result types 
  23.138  as precondition. But with some efford we can guarantee the access modifier
  23.139  restriction for dynamic overriding, too. See lemma 
  23.140 -@{text wf_prog_dyn_override_prop}.
  23.141 -*}
  23.142 +\<open>wf_prog_dyn_override_prop\<close>.
  23.143 +\<close>
  23.144  lemma wf_prog_stat_overridesD:
  23.145    assumes stat_override: "G \<turnstile>new overrides\<^sub>S old" and wf: "wf_prog G"
  23.146    shows
  23.147 @@ -1758,7 +1758,7 @@
  23.148      then show ?case by  (blast elim: bexI')
  23.149    next
  23.150      case (step I SI)
  23.151 -    from `G\<turnstile>I \<prec>I1 SI`
  23.152 +    from \<open>G\<turnstile>I \<prec>I1 SI\<close>
  23.153      obtain i where
  23.154        ifI: "iface G I = Some i" and
  23.155         SI: "SI \<in> set (isuperIfs i)"
  23.156 @@ -2048,7 +2048,7 @@
  23.157    qed
  23.158  qed
  23.159  
  23.160 -text {*
  23.161 +text \<open>
  23.162  Which dynamic classes are valid to look up a member of a distinct static type?
  23.163  We have to distinct class members (named static members in Java) 
  23.164  from instance members. Class members are global to all Objects of a class,
  23.165 @@ -2076,7 +2076,7 @@
  23.166  methods at all, we have to lookup methods in the base class Object.
  23.167  
  23.168  The limitation to classes in the field column is artificial  and comes out
  23.169 -of the typing rule for the field access (see rule @{text "FVar"} in the 
  23.170 +of the typing rule for the field access (see rule \<open>FVar\<close> in the 
  23.171  welltyping relation @{term "wt"} in theory WellType). 
  23.172  I stems out of the fact, that Object
  23.173  indeed has no non private fields. So interfaces and arrays can actually
  23.174 @@ -2091,7 +2091,7 @@
  23.175   Iface    Object 
  23.176   Class    dynC 
  23.177   Array    Object
  23.178 -*}
  23.179 +\<close>
  23.180  primrec valid_lookup_cls:: "prog \<Rightarrow> ref_ty \<Rightarrow> qtname \<Rightarrow> bool \<Rightarrow> bool"
  23.181                          ("_,_ \<turnstile> _ valid'_lookup'_cls'_for _" [61,61,61,61] 60)
  23.182  where
  23.183 @@ -2127,8 +2127,8 @@
  23.184  qed
  23.185  
  23.186  declare split_paired_All [simp del] split_paired_Ex [simp del]
  23.187 -setup {* map_theory_simpset (fn ctxt => ctxt delloop "split_all_tac") *}
  23.188 -setup {* map_theory_claset (fn ctxt => ctxt delSWrapper "split_all_tac") *}
  23.189 +setup \<open>map_theory_simpset (fn ctxt => ctxt delloop "split_all_tac")\<close>
  23.190 +setup \<open>map_theory_claset (fn ctxt => ctxt delSWrapper "split_all_tac")\<close>
  23.191  
  23.192  lemma dynamic_mheadsD:   
  23.193  "\<lbrakk>emh \<in> mheads G S statT sig;    
  23.194 @@ -2257,8 +2257,8 @@
  23.195    qed
  23.196  qed
  23.197  declare split_paired_All [simp] split_paired_Ex [simp]
  23.198 -setup {* map_theory_claset (fn ctxt => ctxt addSbefore ("split_all_tac", split_all_tac)) *}
  23.199 -setup {* map_theory_simpset (fn ctxt => ctxt addloop ("split_all_tac", split_all_tac)) *}
  23.200 +setup \<open>map_theory_claset (fn ctxt => ctxt addSbefore ("split_all_tac", split_all_tac))\<close>
  23.201 +setup \<open>map_theory_simpset (fn ctxt => ctxt addloop ("split_all_tac", split_all_tac))\<close>
  23.202  
  23.203  (* Tactical version *)
  23.204  (*
  23.205 @@ -2401,8 +2401,8 @@
  23.206    
  23.207  
  23.208  declare split_paired_All [simp del] split_paired_Ex [simp del]
  23.209 -setup {* map_theory_simpset (fn ctxt => ctxt delloop "split_all_tac") *}
  23.210 -setup {* map_theory_claset (fn ctxt => ctxt delSWrapper "split_all_tac") *}
  23.211 +setup \<open>map_theory_simpset (fn ctxt => ctxt delloop "split_all_tac")\<close>
  23.212 +setup \<open>map_theory_claset (fn ctxt => ctxt delSWrapper "split_all_tac")\<close>
  23.213  
  23.214  lemma wt_is_type: "E,dt\<Turnstile>v\<Colon>T \<Longrightarrow>  wf_prog (prg E) \<longrightarrow> 
  23.215    dt=empty_dt \<longrightarrow> (case T of 
  23.216 @@ -2426,8 +2426,8 @@
  23.217      )
  23.218  done
  23.219  declare split_paired_All [simp] split_paired_Ex [simp]
  23.220 -setup {* map_theory_claset (fn ctxt => ctxt addSbefore ("split_all_tac", split_all_tac)) *}
  23.221 -setup {* map_theory_simpset (fn ctxt => ctxt addloop ("split_all_tac", split_all_tac)) *}
  23.222 +setup \<open>map_theory_claset (fn ctxt => ctxt addSbefore ("split_all_tac", split_all_tac))\<close>
  23.223 +setup \<open>map_theory_simpset (fn ctxt => ctxt addloop ("split_all_tac", split_all_tac))\<close>
  23.224  
  23.225  lemma ty_expr_is_type: 
  23.226  "\<lbrakk>E\<turnstile>e\<Colon>-T; wf_prog (prg E)\<rbrakk> \<Longrightarrow> is_type (prg E) T"
  23.227 @@ -2855,7 +2855,7 @@
  23.228                                     dest: acc_modi_le_Dests)
  23.229  qed
  23.230  
  23.231 -subsubsection {* Properties of dynamic accessibility *}
  23.232 +subsubsection \<open>Properties of dynamic accessibility\<close>
  23.233  
  23.234  lemma dyn_accessible_Private:
  23.235   assumes dyn_acc: "G \<turnstile> m in C dyn_accessible_from accC" and
  23.236 @@ -2866,7 +2866,7 @@
  23.237    show ?thesis
  23.238    proof (induct)
  23.239      case (Immediate m C)
  23.240 -    from `G \<turnstile> m in C permits_acc_from accC` and `accmodi m = Private`
  23.241 +    from \<open>G \<turnstile> m in C permits_acc_from accC\<close> and \<open>accmodi m = Private\<close>
  23.242      show ?case
  23.243        by (simp add: permits_acc_def)
  23.244    next
  23.245 @@ -2876,9 +2876,9 @@
  23.246    qed
  23.247  qed
  23.248  
  23.249 -text {* @{text dyn_accessible_Package} only works with the @{text wf_prog} assumption. 
  23.250 +text \<open>\<open>dyn_accessible_Package\<close> only works with the \<open>wf_prog\<close> assumption. 
  23.251  Without it. it is easy to leaf the Package!
  23.252 -*}
  23.253 +\<close>
  23.254  lemma dyn_accessible_Package:
  23.255   "\<lbrakk>G \<turnstile> m in C dyn_accessible_from accC; accmodi m = Package;
  23.256     wf_prog G\<rbrakk>
  23.257 @@ -2919,8 +2919,8 @@
  23.258    qed
  23.259  qed
  23.260  
  23.261 -text {* For fields we don't need the wellformedness of the program, since
  23.262 -there is no overriding *}
  23.263 +text \<open>For fields we don't need the wellformedness of the program, since
  23.264 +there is no overriding\<close>
  23.265  lemma dyn_accessible_field_Package:
  23.266   assumes dyn_acc: "G \<turnstile> f in C dyn_accessible_from accC" and
  23.267              pack: "accmodi f = Package" and
  23.268 @@ -2931,7 +2931,7 @@
  23.269    show ?thesis
  23.270    proof (induct)
  23.271      case (Immediate f C)
  23.272 -    from `G \<turnstile> f in C permits_acc_from accC` and `accmodi f = Package`
  23.273 +    from \<open>G \<turnstile> f in C permits_acc_from accC\<close> and \<open>accmodi f = Package\<close>
  23.274      show ?case
  23.275        by (simp add: permits_acc_def)
  23.276    next
  23.277 @@ -2940,9 +2940,9 @@
  23.278    qed
  23.279  qed
  23.280  
  23.281 -text {* @{text dyn_accessible_instance_field_Protected} only works for fields
  23.282 +text \<open>\<open>dyn_accessible_instance_field_Protected\<close> only works for fields
  23.283  since methods can break the package bounds due to overriding
  23.284 -*}
  23.285 +\<close>
  23.286  lemma dyn_accessible_instance_field_Protected:
  23.287    assumes dyn_acc: "G \<turnstile> f in C dyn_accessible_from accC" and
  23.288               prot: "accmodi f = Protected" and
  23.289 @@ -2955,7 +2955,7 @@
  23.290    show ?thesis
  23.291    proof (induct)
  23.292      case (Immediate f C)
  23.293 -    note `G \<turnstile> f in C permits_acc_from accC`
  23.294 +    note \<open>G \<turnstile> f in C permits_acc_from accC\<close>
  23.295      moreover 
  23.296      assume "accmodi f = Protected" and  "is_field f" and "\<not> is_static f" and
  23.297             "pid (declclass f) \<noteq> pid accC"
  23.298 @@ -2983,12 +2983,12 @@
  23.299      assume "accmodi f = Protected" and  "is_field f" and "is_static f" and
  23.300             "pid (declclass f) \<noteq> pid accC"
  23.301      moreover
  23.302 -    note `G \<turnstile> f in C permits_acc_from accC`
  23.303 +    note \<open>G \<turnstile> f in C permits_acc_from accC\<close>
  23.304      ultimately
  23.305      have "G\<turnstile> accC \<preceq>\<^sub>C declclass f"
  23.306        by (auto simp add: permits_acc_def)
  23.307      moreover
  23.308 -    from `G \<turnstile> f member_in C`
  23.309 +    from \<open>G \<turnstile> f member_in C\<close>
  23.310      have "G\<turnstile>C \<preceq>\<^sub>C declclass f"
  23.311        by (rule member_in_class_relation)
  23.312      ultimately show ?case
    24.1 --- a/src/HOL/Bali/WellType.thy	Sat Jan 02 18:46:36 2016 +0100
    24.2 +++ b/src/HOL/Bali/WellType.thy	Sat Jan 02 18:48:45 2016 +0100
    24.3 @@ -1,13 +1,13 @@
    24.4  (*  Title:      HOL/Bali/WellType.thy
    24.5      Author:     David von Oheimb
    24.6  *)
    24.7 -subsection {* Well-typedness of Java programs *}
    24.8 +subsection \<open>Well-typedness of Java programs\<close>
    24.9  
   24.10  theory WellType
   24.11  imports DeclConcepts
   24.12  begin
   24.13  
   24.14 -text {*
   24.15 +text \<open>
   24.16  improvements over Java Specification 1.0:
   24.17  \begin{itemize}
   24.18  \item methods of Object can be called upon references of interface or array type
   24.19 @@ -26,15 +26,15 @@
   24.20    the dynamic type of objects. Therefore, they can be used for both 
   24.21    checking static types and determining runtime types in transition semantics.
   24.22  \end{itemize}
   24.23 -*}
   24.24 +\<close>
   24.25  
   24.26  type_synonym lenv
   24.27 -        = "(lname, ty) table"  --{* local variables, including This and Result*}
   24.28 +        = "(lname, ty) table"  \<comment>\<open>local variables, including This and Result\<close>
   24.29  
   24.30  record env = 
   24.31 -         prg:: "prog"    --{* program *}
   24.32 -         cls:: "qtname"  --{* current package and class name *}
   24.33 -         lcl:: "lenv"    --{* local environment *}     
   24.34 +         prg:: "prog"    \<comment>\<open>program\<close>
   24.35 +         cls:: "qtname"  \<comment>\<open>current package and class name\<close>
   24.36 +         lcl:: "lenv"    \<comment>\<open>local environment\<close>     
   24.37    
   24.38  translations
   24.39    (type) "lenv" <= (type) "(lname, ty) table"
   24.40 @@ -44,7 +44,7 @@
   24.41  
   24.42  
   24.43  abbreviation
   24.44 -  pkg :: "env \<Rightarrow> pname" --{* select the current package from an environment *}
   24.45 +  pkg :: "env \<Rightarrow> pname" \<comment>\<open>select the current package from an environment\<close>
   24.46    where "pkg e == pid (cls e)"
   24.47  
   24.48  subsubsection "Static overloading: maximally specific methods "
   24.49 @@ -52,7 +52,7 @@
   24.50  type_synonym
   24.51    emhead = "ref_ty \<times> mhead"
   24.52  
   24.53 ---{* Some mnemotic selectors for emhead *}
   24.54 +\<comment>\<open>Some mnemotic selectors for emhead\<close>
   24.55  definition
   24.56    "declrefT" :: "emhead \<Rightarrow> ref_ty"
   24.57    where "declrefT = fst"
   24.58 @@ -107,20 +107,20 @@
   24.59  | "mheads G S (ArrayT T) = accObjectmheads G S (ArrayT T)"
   24.60  
   24.61  definition
   24.62 -  --{* applicable methods, cf. 15.11.2.1 *}
   24.63 +  \<comment>\<open>applicable methods, cf. 15.11.2.1\<close>
   24.64    appl_methds :: "prog \<Rightarrow> qtname \<Rightarrow>  ref_ty \<Rightarrow> sig \<Rightarrow> (emhead \<times> ty list) set" where
   24.65    "appl_methds G S rt = (\<lambda> sig. 
   24.66        {(mh,pTs') |mh pTs'. mh \<in> mheads G S rt \<lparr>name=name sig,parTs=pTs'\<rparr> \<and> 
   24.67                             G\<turnstile>(parTs sig)[\<preceq>]pTs'})"
   24.68  
   24.69  definition
   24.70 -  --{* more specific methods, cf. 15.11.2.2 *}
   24.71 +  \<comment>\<open>more specific methods, cf. 15.11.2.2\<close>
   24.72    more_spec :: "prog \<Rightarrow> emhead \<times> ty list \<Rightarrow> emhead \<times> ty list \<Rightarrow> bool" where
   24.73    "more_spec G = (\<lambda>(mh,pTs). \<lambda>(mh',pTs'). G\<turnstile>pTs[\<preceq>]pTs')"
   24.74  (*more_spec G \<equiv>\<lambda>((d,h),pTs). \<lambda>((d',h'),pTs'). G\<turnstile>RefT d\<preceq>RefT d'\<and>G\<turnstile>pTs[\<preceq>]pTs'*)
   24.75  
   24.76  definition
   24.77 -  --{* maximally specific methods, cf. 15.11.2.2 *}
   24.78 +  \<comment>\<open>maximally specific methods, cf. 15.11.2.2\<close>
   24.79    max_spec :: "prog \<Rightarrow> qtname \<Rightarrow> ref_ty \<Rightarrow> sig \<Rightarrow> (emhead \<times> ty list) set" where
   24.80    "max_spec G S rt sig = {m. m \<in>appl_methds G S rt sig \<and>
   24.81                            (\<forall>m'\<in>appl_methds G S rt sig. more_spec G m' m \<longrightarrow> m'=m)}"
   24.82 @@ -262,13 +262,13 @@
   24.83  | "E,dt\<Turnstile>e\<Colon>=T \<equiv> E,dt\<Turnstile>In2  e\<Colon>Inl T"
   24.84  | "E,dt\<Turnstile>e\<Colon>\<doteq>T \<equiv> E,dt\<Turnstile>In3  e\<Colon>Inr T"
   24.85  
   24.86 ---{* well-typed statements *}
   24.87 +\<comment>\<open>well-typed statements\<close>
   24.88  
   24.89  | Skip:                                 "E,dt\<Turnstile>Skip\<Colon>\<surd>"
   24.90  
   24.91  | Expr: "\<lbrakk>E,dt\<Turnstile>e\<Colon>-T\<rbrakk> \<Longrightarrow>
   24.92                                           E,dt\<Turnstile>Expr e\<Colon>\<surd>"
   24.93 -  --{* cf. 14.6 *}
   24.94 +  \<comment>\<open>cf. 14.6\<close>
   24.95  | Lab:  "E,dt\<Turnstile>c\<Colon>\<surd> \<Longrightarrow>                   
   24.96                                           E,dt\<Turnstile>l\<bullet> c\<Colon>\<surd>" 
   24.97  
   24.98 @@ -276,62 +276,62 @@
   24.99            E,dt\<Turnstile>c2\<Colon>\<surd>\<rbrakk> \<Longrightarrow>
  24.100                                           E,dt\<Turnstile>c1;; c2\<Colon>\<surd>"
  24.101  
  24.102 -  --{* cf. 14.8 *}
  24.103 +  \<comment>\<open>cf. 14.8\<close>
  24.104  | If:   "\<lbrakk>E,dt\<Turnstile>e\<Colon>-PrimT Boolean;
  24.105            E,dt\<Turnstile>c1\<Colon>\<surd>;
  24.106            E,dt\<Turnstile>c2\<Colon>\<surd>\<rbrakk> \<Longrightarrow>
  24.107                                           E,dt\<Turnstile>If(e) c1 Else c2\<Colon>\<surd>"
  24.108  
  24.109 -  --{* cf. 14.10 *}
  24.110 +  \<comment>\<open>cf. 14.10\<close>
  24.111  | Loop: "\<lbrakk>E,dt\<Turnstile>e\<Colon>-PrimT Boolean;
  24.112            E,dt\<Turnstile>c\<Colon>\<surd>\<rbrakk> \<Longrightarrow>
  24.113                                           E,dt\<Turnstile>l\<bullet> While(e) c\<Colon>\<surd>"
  24.114 -  --{* cf. 14.13, 14.15, 14.16 *}
  24.115 +  \<comment>\<open>cf. 14.13, 14.15, 14.16\<close>
  24.116  | Jmp:                                   "E,dt\<Turnstile>Jmp jump\<Colon>\<surd>"
  24.117  
  24.118 -  --{* cf. 14.16 *}
  24.119 +  \<comment>\<open>cf. 14.16\<close>
  24.120  | Throw: "\<lbrakk>E,dt\<Turnstile>e\<Colon>-Class tn;
  24.121            prg E\<turnstile>tn\<preceq>\<^sub>C SXcpt Throwable\<rbrakk> \<Longrightarrow>
  24.122                                           E,dt\<Turnstile>Throw e\<Colon>\<surd>"
  24.123 -  --{* cf. 14.18 *}
  24.124 +  \<comment>\<open>cf. 14.18\<close>
  24.125  | Try:  "\<lbrakk>E,dt\<Turnstile>c1\<Colon>\<surd>; prg E\<turnstile>tn\<preceq>\<^sub>C SXcpt Throwable;
  24.126            lcl E (VName vn)=None; E \<lparr>lcl := lcl E(VName vn\<mapsto>Class tn)\<rparr>,dt\<Turnstile>c2\<Colon>\<surd>\<rbrakk>
  24.127            \<Longrightarrow>
  24.128                                           E,dt\<Turnstile>Try c1 Catch(tn vn) c2\<Colon>\<surd>"
  24.129  
  24.130 -  --{* cf. 14.18 *}
  24.131 +  \<comment>\<open>cf. 14.18\<close>
  24.132  | Fin:  "\<lbrakk>E,dt\<Turnstile>c1\<Colon>\<surd>; E,dt\<Turnstile>c2\<Colon>\<surd>\<rbrakk> \<Longrightarrow>
  24.133                                           E,dt\<Turnstile>c1 Finally c2\<Colon>\<surd>"
  24.134  
  24.135  | Init: "\<lbrakk>is_class (prg E) C\<rbrakk> \<Longrightarrow>
  24.136                                           E,dt\<Turnstile>Init C\<Colon>\<surd>"
  24.137 -  --{* @{term Init} is created on the fly during evaluation (see Eval.thy). 
  24.138 +  \<comment>\<open>@{term Init} is created on the fly during evaluation (see Eval.thy). 
  24.139       The class isn't necessarily accessible from the points @{term Init} 
  24.140       is called. Therefor we only demand @{term is_class} and not 
  24.141       @{term is_acc_class} here. 
  24.142 -   *}
  24.143 +\<close>
  24.144  
  24.145 ---{* well-typed expressions *}
  24.146 +\<comment>\<open>well-typed expressions\<close>
  24.147  
  24.148 -  --{* cf. 15.8 *}
  24.149 +  \<comment>\<open>cf. 15.8\<close>
  24.150  | NewC: "\<lbrakk>is_acc_class (prg E) (pkg E) C\<rbrakk> \<Longrightarrow>
  24.151                                           E,dt\<Turnstile>NewC C\<Colon>-Class C"
  24.152 -  --{* cf. 15.9 *}
  24.153 +  \<comment>\<open>cf. 15.9\<close>
  24.154  | NewA: "\<lbrakk>is_acc_type (prg E) (pkg E) T;
  24.155            E,dt\<Turnstile>i\<Colon>-PrimT Integer\<rbrakk> \<Longrightarrow>
  24.156                                           E,dt\<Turnstile>New T[i]\<Colon>-T.[]"
  24.157  
  24.158 -  --{* cf. 15.15 *}
  24.159 +  \<comment>\<open>cf. 15.15\<close>
  24.160  | Cast: "\<lbrakk>E,dt\<Turnstile>e\<Colon>-T; is_acc_type (prg E) (pkg E) T';
  24.161            prg E\<turnstile>T\<preceq>? T'\<rbrakk> \<Longrightarrow>
  24.162                                           E,dt\<Turnstile>Cast T' e\<Colon>-T'"
  24.163  
  24.164 -  --{* cf. 15.19.2 *}
  24.165 +  \<comment>\<open>cf. 15.19.2\<close>
  24.166  | Inst: "\<lbrakk>E,dt\<Turnstile>e\<Colon>-RefT T; is_acc_type (prg E) (pkg E) (RefT T');
  24.167            prg E\<turnstile>RefT T\<preceq>? RefT T'\<rbrakk> \<Longrightarrow>
  24.168                                           E,dt\<Turnstile>e InstOf T'\<Colon>-PrimT Boolean"
  24.169  
  24.170 -  --{* cf. 15.7.1 *}
  24.171 +  \<comment>\<open>cf. 15.7.1\<close>
  24.172  | Lit:  "\<lbrakk>typeof dt x = Some T\<rbrakk> \<Longrightarrow>
  24.173                                           E,dt\<Turnstile>Lit x\<Colon>-T"
  24.174  
  24.175 @@ -344,28 +344,28 @@
  24.176             \<Longrightarrow>
  24.177             E,dt\<Turnstile>BinOp binop e1 e2\<Colon>-T"
  24.178    
  24.179 -  --{* cf. 15.10.2, 15.11.1 *}
  24.180 +  \<comment>\<open>cf. 15.10.2, 15.11.1\<close>
  24.181  | Super: "\<lbrakk>lcl E This = Some (Class C); C \<noteq> Object;
  24.182            class (prg E) C = Some c\<rbrakk> \<Longrightarrow>
  24.183                                           E,dt\<Turnstile>Super\<Colon>-Class (super c)"
  24.184  
  24.185 -  --{* cf. 15.13.1, 15.10.1, 15.12 *}
  24.186 +  \<comment>\<open>cf. 15.13.1, 15.10.1, 15.12\<close>
  24.187  | Acc:  "\<lbrakk>E,dt\<Turnstile>va\<Colon>=T\<rbrakk> \<Longrightarrow>
  24.188                                           E,dt\<Turnstile>Acc va\<Colon>-T"
  24.189  
  24.190 -  --{* cf. 15.25, 15.25.1 *}
  24.191 +  \<comment>\<open>cf. 15.25, 15.25.1\<close>
  24.192  | Ass:  "\<lbrakk>E,dt\<Turnstile>va\<Colon>=T; va \<noteq> LVar This;
  24.193            E,dt\<Turnstile>v \<Colon>-T';
  24.194            prg E\<turnstile>T'\<preceq>T\<rbrakk> \<Longrightarrow>
  24.195                                           E,dt\<Turnstile>va:=v\<Colon>-T'"
  24.196  
  24.197 -  --{* cf. 15.24 *}
  24.198 +  \<comment>\<open>cf. 15.24\<close>
  24.199  | Cond: "\<lbrakk>E,dt\<Turnstile>e0\<Colon>-PrimT Boolean;
  24.200            E,dt\<Turnstile>e1\<Colon>-T1; E,dt\<Turnstile>e2\<Colon>-T2;
  24.201            prg E\<turnstile>T1\<preceq>T2 \<and> T = T2  \<or>  prg E\<turnstile>T2\<preceq>T1 \<and> T = T1\<rbrakk> \<Longrightarrow>
  24.202                                           E,dt\<Turnstile>e0 ? e1 : e2\<Colon>-T"
  24.203  
  24.204 -  --{* cf. 15.11.1, 15.11.2, 15.11.3 *}
  24.205 +  \<comment>\<open>cf. 15.11.1, 15.11.2, 15.11.3\<close>
  24.206  | Call: "\<lbrakk>E,dt\<Turnstile>e\<Colon>-RefT statT;
  24.207            E,dt\<Turnstile>ps\<Colon>\<doteq>pTs;
  24.208            max_spec (prg E) (cls E) statT \<lparr>name=mn,parTs=pTs\<rparr> 
  24.209 @@ -377,7 +377,7 @@
  24.210            methd (prg E) C sig = Some m;
  24.211            E,dt\<Turnstile>Body (declclass m) (stmt (mbody (mthd m)))\<Colon>-T\<rbrakk> \<Longrightarrow>
  24.212                                           E,dt\<Turnstile>Methd C sig\<Colon>-T"
  24.213 - --{* The class @{term C} is the dynamic class of the method call 
  24.214 + \<comment>\<open>The class @{term C} is the dynamic class of the method call 
  24.215      (cf. Eval.thy). 
  24.216      It hasn't got to be directly accessible from the current package 
  24.217      @{term "(pkg E)"}. 
  24.218 @@ -386,42 +386,42 @@
  24.219      Note that l is just a dummy value. It is only used in the smallstep 
  24.220      semantics. To proof typesafety directly for the smallstep semantics 
  24.221      we would have to assume conformance of l here!
  24.222 -  *}
  24.223 +\<close>
  24.224  
  24.225  | Body: "\<lbrakk>is_class (prg E) D;
  24.226            E,dt\<Turnstile>blk\<Colon>\<surd>;
  24.227            (lcl E) Result = Some T;
  24.228            is_type (prg E) T\<rbrakk> \<Longrightarrow>
  24.229                                           E,dt\<Turnstile>Body D blk\<Colon>-T"
  24.230 ---{* The class @{term D} implementing the method must not directly be 
  24.231 +\<comment>\<open>The class @{term D} implementing the method must not directly be 
  24.232       accessible  from the current package @{term "(pkg E)"}, but can also 
  24.233       be indirectly accessible due to inheritance (enshured in @{term Call})
  24.234      The result type hasn't got to be accessible in Java! (If it is not 
  24.235      accessible you can only assign it to Object).
  24.236      For dummy value l see rule @{term Methd}. 
  24.237 -   *}
  24.238 +\<close>
  24.239  
  24.240 ---{* well-typed variables *}
  24.241 +\<comment>\<open>well-typed variables\<close>
  24.242  
  24.243 -  --{* cf. 15.13.1 *}
  24.244 +  \<comment>\<open>cf. 15.13.1\<close>
  24.245  | LVar: "\<lbrakk>lcl E vn = Some T; is_acc_type (prg E) (pkg E) T\<rbrakk> \<Longrightarrow>
  24.246                                           E,dt\<Turnstile>LVar vn\<Colon>=T"
  24.247 -  --{* cf. 15.10.1 *}
  24.248 +  \<comment>\<open>cf. 15.10.1\<close>
  24.249  | FVar: "\<lbrakk>E,dt\<Turnstile>e\<Colon>-Class C; 
  24.250            accfield (prg E) (cls E) C fn = Some (statDeclC,f)\<rbrakk> \<Longrightarrow>
  24.251                           E,dt\<Turnstile>{cls E,statDeclC,is_static f}e..fn\<Colon>=(type f)"
  24.252 -  --{* cf. 15.12 *}
  24.253 +  \<comment>\<open>cf. 15.12\<close>