header {* \isaheader{Branch conditions guarantee progress} *} theory JBC_succsFprogress = JBC_VCG_Correctness: (*<*) declare map_fst_tuple[simp] declare image_fst_tuple [simp] (*>*) lemma catchstate_find_handler: "\ st rg C M pc e stk. \ wf (P,An); \ p \ set (map (snd \ snd) ((st,rg,(C,M,pc))#frs)). p \ set (domC (P,An)); (C',M',pc') \ set (domC (P,An)); catchstate (P,(cname_of h xa),((C,M,pc),(None,h,(st,rg,(C,M,pc))#frs),e)) = ((C',M',pc'),(x',h',(st',rg',(C',M',pc'))#frs'),e'); JVMExceptions.match_ex_table P (cname_of h xa) pc' (ex_table_of P C' M') = Some (pch,d); JVMExceptions.match_ex_table P (cname_of h xa) pc (ex_table_of P C M) = None \ \ find_handler P xa h ((stk,rg,(C,M,pc))#frs) = (None,h,([Addr xa],rg',(C',M',pch))#frs')" (*<*) apply (induct frs) apply (subgoal_tac "d = 0") prefer 2 apply (rule wf_match_ex_table_d) apply assumption apply (erule_tac x="(C,M,pc)" in ballE) apply (rule domC_methodnames) apply simp apply simp apply simp apply simp apply (subgoal_tac "d = 0") prefer 2 apply (rule_tac X="(cname_of h xa)" and p="pc'" and h="pch" in wf_match_ex_table_d) apply assumption apply (rule domC_methodnames) apply simp apply simp apply (subgoal_tac "\ sta rga pa. a = (sta,rga,pa)") prefer 2 apply (fastsimp) apply (erule exE)+ apply (subgoal_tac "\ Ca Ma pca. pa = (Ca,Ma,pca)") prefer 2 apply (fastsimp) apply (erule exE)+ apply (simplesubst find_handler_simp) apply (simp (no_asm_simp) del: find_handler.simps) apply atomize apply (erule_tac x="sta" in allE) apply (erule_tac x="rga" in allE) apply (erule_tac x="Ca" in allE) apply (erule_tac x="Ma" in allE) apply (erule_tac x="pca" in allE) apply (erule_tac x="e\cs:= tl (cs e)\" in allE) apply (erule_tac x="sta" in allE) apply (simp del: catchstate.simps find_handler.simps split del: option.split_asm) apply (case_tac "frs") apply simp apply (drule_tac t="aa" in sym) apply simp apply (subgoal_tac "catchstate (P, cname_of h xa, (Ca, Ma, pca), (None, h, (sta, rga, Ca, Ma, pca) # aa # list), e\cs := tl (cs e)\) =catchstate (P, cname_of h xa, (Ca, Ma, pca), (None, hd (cs e), (sta, rga, Ca, Ma, pca) # aa # list), e\cs := tl (cs e)\)") prefer 2 apply (cut_tac catchstate_eq) apply (erule_tac x="P" in allE) apply (erule_tac x="cname_of h xa" in allE) apply (erule_tac x="(Ca, Ma, pca)" in allE) apply (erule_tac x="None" in allE) apply (erule_tac x="h" in allE) apply (erule_tac x="hd (cs e)" in allE) apply (erule_tac x="(sta, rga, Ca, Ma, pca)" in allE) apply (erule_tac x="(sta, rga, Ca, Ma, pca)" in allE) apply (erule_tac x="aa" in allE) apply (erule_tac x="list" in allE) apply (erule_tac x="e\cs:=tl (cs e)\" in allE) apply (simp only:) apply (simp only:) apply simp apply (drule_tac t="ab" in sym) apply simp done (*>*) consts callchain::"jbc_prog \ pos list \ bool" primrec "callchain \ [] = True" "callchain \ (p#ps) = (case ps of [] \ True | p'#ps' \ p \ set (callers \ p') \ callchain \ ps)" lemma callchain_append: "\ p ps'. callchain \ (ps@p#ps') = (callchain \ (ps@[p]) \ callchain \ (p#ps'))" (*<*) apply (induct ps) apply simp apply simp apply (case_tac "ps @ p # ps'") apply simp apply (case_tac "ps @ [p]") apply simp apply simp apply (atomize) apply (erule_tac x="p" in allE) apply (erule_tac x="ps'" in allE) apply (subgoal_tac "aa = ab" ) prefer 2 apply (subgoal_tac "ps @ (p # ps') = (ps @ [p]) @ ps'") prefer 2 apply (induct_tac ps) apply simp apply simp apply simp apply (simp only: cong del: case_cong) apply simp done (*>*) lemmas succsXpt_def = succsXpt.simps lemma succsXpt_simp: "succsXpt ((P, An), X, ps) = (case length (domC (P, An)) \ length ps of True \ map (\p. (p, TT)) (domC (P, An)) | False \ case ps of [] \ map (\p. (p, TT)) (domC (P, An)) | p # pss \ let (C, M, pc) = p; et = ex_table_of P C M; A = aF (P, An) p in (case match_ex_table_e P X pc et of None \ concat (map (\p'. succsXpt ((P, An), X, p' # ps)) (callers (P, An) p)) | \en\ \ (let (f,t,X',pc',d) = en in [((C, M, pc'), And ((if pss = [] then [] else [Catch X' A, Catch X (Pos p)])@[xcpt_cond (P, An) X (last ps)]))])))" (*<*) by simp (*>*) lemma catchstate_form': "\ p h e stk loc frs. \ p' h' st' rg' frs' e'. catchstate (P,X,(p,(None,h,(stk,loc,p)#frs),e)) = (p',(None,h',(st',rg',p')#frs'),e')" (*<*) apply (subgoal_tac "\ n. length ((stk,loc,p)#frs) = n") prefer 2 apply fastsimp apply (erule exE) apply (erule rev_mp) apply (simp only: atomize_all) apply (rule forall_switch7) apply (rule allI) apply (rule_tac n="n" in nat_less_induct) apply (rule allI)+ apply (case_tac "frs") apply fastsimp apply (subgoal_tac "\ sta lca pa. a = (sta,lca,pa)") prefer 2 apply fastsimp apply (erule exE)+ apply simp apply (rule impI) apply (simp add: split_def) apply (rule conjI) apply (rule impI) apply (erule_tac x="Suc (length list)" in allE) apply simp apply (erule_tac x="fst pa" in allE) apply (erule_tac x="fst (snd pa)" in allE) apply (erule_tac x="snd (snd pa)" in allE) apply (erule_tac x="hd (cs e)" in allE) apply (erule_tac x=" e\cs := tl (cs e)\" in allE) apply (erule_tac x="sta" in allE) apply (erule_tac x="lca" in allE) apply (erule_tac x="list" in allE) apply simp apply (rule impI) apply fastsimp done (*>*) lemma succsXpt_findhandler: assumes s_def:"s = (p, (None, h, (st, rg, p) # frs), e)" assumes wf_Pi:"wf \" assumes p'_B_succsXpt:"(p',B) \ set (succsXpt (\,X,[p]))" assumes valid_B:"\,s \ B" assumes s_inv_Pos: "\,s \ inv_Pos \ (fst s)" assumes X_def: "X = cname_of h xa" assumes succsXpt_domC: "fst ` set (succsXpt (\, X, [p])) \ set (domC \)" shows "\ rg' frs'. find_handler (fst \) xa h ((st,rg,p)#frs) = (None,h,([Addr xa],rg',p')#frs')" proof - obtain P An where Pi_def: "\ = (P,An)" by (cases "\") obtain C M pc where p_def:"p = (C,M,pc)" by (cases "p") from s_inv_Pos have callers_sysinv_s:"callers_sysinv (\,s)" apply - apply (rule callers_sysinv_Pos) by (simp add: inv_Pos_def) from callers_sysinv_s s_def obtain dm dm' where domC_p:"domC \ = dm@[p]@dm'" apply - apply (simp only: callers_sysinv_trans) apply (erule_tac x="0" in allE) apply (simp add: in_set_conv_decomp) apply (erule conjE | erule exE)+ by fastsimp have succsXpt_induct: "\ k L. length (domC \) - length L = k \ fst ` set (succsXpt (\, X, L)) \ set (domC \) \ (\L'. L = L' @ [p]) \ (p', B) \ set (succsXpt (\, X, L)) \ (\(C', M', pc')\set (tl L). JBC_VCG.match_ex_table P X pc' (ex_table_of P C' M') = None) \ callchain \ L \ \ rg' frs'. find_handler P xa h ((st,rg,p)#frs) = (None,h,([Addr xa],rg',p')#frs')" (is "\k. PROP ?P k") proof - fix k show "PROP ?P k" proof (induct "k" rule: nat_less_induct) case (1 n) assume IH:"\mx. length (domC \) - length x = m \ fst ` set (succsXpt (\, X, x)) \ set (domC \) \ (\L'. x = L' @ [p]) \ (p', B) \ set (succsXpt (\, X, x)) \ (\(C', M', pc')\set (tl x). JBC_VCG.match_ex_table P X pc' (ex_table_of P C' M') = None) \ callchain \ x \ (\ rg' frs'. find_handler P xa h ((st,rg,p)#frs) = (None,h,([Addr xa],rg',p')#frs')) " assume length_L_n:"length (domC \) - length L = n" assume succsX_domC:"fst ` set (succsXpt (\, X, L)) \ set (domC \)" assume appL_L':"\L'. L = L' @ [p]" assume p'_B_succsX_L:"(p', B) \ set (succsXpt (\, X, L))" assume match_ex_tab_L:"\u\set (tl L). (\(C', M', pc'). JBC_VCG.match_ex_table P X pc' (ex_table_of P C' M') = None) u" assume callchain_L: "callchain \ L" show "\ rg' frs'. find_handler P xa h ((st,rg,p)#frs) = (None,h,([Addr xa],rg',p')#frs')" proof - from succsX_domC have domC_L:"\ (length (domC \) \ length L)" by (simp add: succsXpt.simps Pi_def split add: bool.split_asm) from succsX_domC domC_L appL_L' obtain Ca Ma pca list where L_cons: "L = (Ca,Ma,pca)#list" apply (case_tac "L = []") apply simp apply (simp add: neq_Nil_conv, (erule exE)+,blast) done show ?thesis proof (cases "JVMExceptions.match_ex_table P X pca (ex_table_of P Ca Ma)") case None from None domC_L L_cons p'_B_succsX_L Pi_def have succsXpt_rec: "(\a\set (callers \ (Ca, Ma, pca)). (p',B) \ set (succsXpt (\, X, a # (Ca, Ma, pca) # list)))" apply (simp only: Pi_def) apply (drule_tac P="\ S. (p', B) \ set S" in subst[OF succsXpt_simp]) apply (simp del: succsXpt.simps split del: option.split_asm) apply (simp add: set_concat_map split_def del: succsXpt.simps ) apply (drule match_ex_table_e_sim) apply simp done from succsXpt_rec obtain a where succsXpt_rec':" a\set (callers \ (Ca, Ma, pca)) \ (p',B) \ set (succsXpt (\, X, a # (Ca, Ma, pca) # list))" apply blast done from length_L_n L_cons domC_L have length_a_L :"length (domC \) - length (a # (Ca, Ma, pca) # list) < n" by (simp, arith) from succsXpt_rec' succsX_domC L_cons domC_L None have succsX_a_domC: "fst ` set (succsXpt (\, X, a # (Ca, Ma, pca) # list)) \ set (domC \)" apply simp apply (erule conjE)+ apply (simp only: in_set_conv_decomp) apply (erule exE)+ apply (simp add: Pi_def image_Un) apply (simp only: insert_def) apply (drule un_subset_drop', assumption) apply (drule match_ex_table_e_sim) apply simp done from L_cons have appL_L'_a: "(\L'. a # ((Ca, Ma, pca) # list) = L' @ [p])" apply (cut_tac appL_L') apply (erule exE) apply (rule_tac x="a # L'" in exI) apply simp done from succsX_a_domC succsXpt_rec' length_a_L IH length_L_n succsX_domC L_cons None p'_B_succsX_L match_ex_tab_L callchain_L show ?thesis apply simp apply (erule_tac x="length (domC \) - length (a # (Ca, Ma, pca) # list)" in allE) apply simp apply (erule_tac x="a # (Ca, Ma, pca) # list" in allE) apply simp apply (cut_tac appL_L'_a) apply (drule mp, assumption) apply simp done next case (Some "aa") from L_cons appL_L' callchain_L have domC_Ca_Ma_pca:"(Ca,Ma,pca) \ set (domC \)" proof (cases list) case Nil from Nil L_cons appL_L' show ?thesis by (simp add: domC_p) next case Cons from Cons callchain_L L_cons appL_L' show ?thesis by (simp add: callers_def) qed from Some wf_Pi p_def domC_Ca_Ma_pca Pi_def have snd_aa_0:"snd aa = 0" apply (rule_tac d="snd aa" and P="P" and An="An" and C="Ca" and M="Ma" and h="fst aa" and p="pca" and X="X" in wf_match_ex_table_d) apply (simp add: wf_def Pi_def) apply (rule_tac pc="pca" and An="An" in domC_methodnames, simp) apply simp done from appL_L' have last_L_p: "last L = p" by fastsimp from p'_B_succsX_L succsX_domC appL_L' Pi_def have B'_xcpt_cond: "\ As. B = And (As@[xcpt_cond (P,An) X p])" apply - apply (rule_tac L="L" and p'="p'" in succsXpt_xcpt_cond) apply simp apply simp apply simp done from p'_B_succsX_L valid_B B'_xcpt_cond have valid_xcpt_cond: "\,s \ (xcpt_cond \ X p)" apply - apply (erule exE)+ apply (simp add: Pi_def del: succsXpt.simps) apply (simp add: evalEs_map) done show ?thesis proof (cases list rule:rev_cases[consumes 1,case_names "rev_Nil" "rev_cons"]) case rev_Nil from rev_Nil appL_L' L_cons p_def have p_def': "(Ca,Ma,pca) = (C,M,pc)" by simp from Some rev_Nil p_def' p_def snd_aa_0 X_def have find_handler_p:"find_handler P xa h ((st,rg,p)#frs) = (None,h,([Addr xa],rg,(C,M,fst aa))#frs)" apply - apply simp done from Some obtain en where en_intro: "match_ex_table_e P X pca (ex_table_of P Ca Ma) = \en\" and en_def: "snd (snd (snd en)) = aa" apply - apply (drule match_ex_table_e_sim2) apply (erule exE | erule conjE)+ apply fastsimp done from en_def obtain f t X' where en_def: "en = (f,t,X',aa)" apply (cases en) by fastsimp from p_def p_def' rev_Nil L_cons p'_B_succsX_L en_def en_intro Pi_def succsX_domC have p'_def: "p' = (C,M,fst aa)" apply - apply simp apply (case_tac "length (domC (P, An)) \ Suc 0") apply simp apply (simp add: split_def split del: option.split_asm) done from find_handler_p p'_def show ?thesis by fastsimp next case (rev_cons "ys" "y") from rev_cons L_cons have L_cons': "L = (Ca,Ma,pca)#ys@[p]" apply simp apply (cut_tac appL_L') apply (erule exE) apply simp done from L_cons' match_ex_tab_L p_def have no_match_p: "JVMExceptions.match_ex_table P X pc (ex_table_of P C M) = None" by simp from Some obtain en where en_intro: "match_ex_table_e P X pca (ex_table_of P Ca Ma) = \en\" and en_def: "snd (snd (snd en)) = aa" apply - apply (drule match_ex_table_e_sim2) apply (erule exE | erule conjE)+ apply fastsimp done from en_def obtain f t X' where en_def: "en = (f,t,X',aa)" apply (cases en) by fastsimp from en_def en_intro domC_L L_cons' p'_B_succsX_L have p'_B_def:"p' = (Ca, Ma, fst aa) \ B = And [Catch X' (aF (P, An) (Ca, Ma, pca)), Catch X (Pos (Ca, Ma, pca)), xcpt_cond (P, An) X p]" apply - apply (simp only: Pi_def) apply (drule_tac P="\ S. (p', B) \ (set S)" in subst[OF succsXpt_simp[of "P" "An" "X" "(Ca,Ma,pca)#(ys@[p])"]]) apply (simp del: succsXpt.simps) apply (simp add: split_def) done from Pi_def s_def obtain cp ch cst crg cfrs ce where catchstate_s: "catchstate (P, X, s) = (cp, (None, ch, (cst, crg, cp) # cfrs), ce)" apply - apply (subgoal_tac "\p' h' st' rg' frs' e'. catchstate (P, X, s) = (p', (None, h', (st', rg', p') # frs'), e')") prefer 2 apply (simp only:) apply (rule catchstate_form') apply (erule exE)+ apply blast done from Pi_def catchstate_s p'_B_def valid_B s_def have cp_simp: "cp = (Ca,Ma,pca)" apply (simp del: catchstate.simps) apply (case_tac "frs") apply simp apply simp done from callers_sysinv_s s_def p_def Pi_def have frs_domC: "\p\set (map (snd \ snd) ((st, rg, C, M, pc) # frs)). p \ set (domC (P, An))" apply - apply (simp add: callers_sysinv_trans del: callers_sysinv.simps) apply (case_tac "frs") apply (simp add: mem_iff) apply (erule conjE)+ apply (rule ballI) apply (subgoal_tac "\ frs1 frs2. frs = frs1 @ pa#frs2") prefer 2 apply (simp only: in_set_conv_decomp) apply (erule exE)+ apply (erule_tac x="length frs1" in allE) apply (drule_tac t="a # list" in sym) apply (simp add: nth_append) done from cp_simp catchstate_s domC_Ca_Ma_pca s_def frs_domC wf_Pi Pi_def no_match_p Some p_def X_def have find_handler_s: "find_handler P xa h ((st,rg,(C,M,pc))#frs) = (None,h,([Addr xa],crg,(Ca,Ma,fst aa))#cfrs)" apply - apply (rule_tac P="P" and C="C" and M="M" and xa="xa" and h="h" and e="e" and d="snd aa" and stk="st" and rg="rg" and rg'="crg" and C'="Ca" and M'="Ma" and pch="fst aa" and x'="None" and frs'="cfrs" and An="An" and st="st" and frs="frs" and pc'="snd (snd cp)" and st'="cst" and h'="ch" and e'="ce" in catchstate_find_handler) apply (simp add: wf_def) apply assumption apply simp apply simp apply simp apply simp done from p_def rev_cons L_cons p'_B_succsX_L en_def en_intro Pi_def succsX_domC have p'_def: "p' = (Ca,Ma,fst aa)" apply - apply simp apply (case_tac "length (domC (P, An)) \ Suc 0") apply simp apply (case_tac "length (domC (P, An)) \ Suc (Suc (length ys))") apply simp apply (simp add: split_def split del: option.split_asm) done from find_handler_s p'_def p_def show ?thesis by fastsimp qed qed qed qed qed from succsXpt_induct[where k="length (domC \) - 1" and L="[p]"] succsXpt_domC p'_B_succsXpt Pi_def show ?thesis by (simp del: find_handler.simps) qed lemma succsF_progress_Throw: assumes Pi_def:"\ = (P,An)" assumes p_def:"p = (C,M,pc)" assumes s_def:"s = (p, (None, h, (st, rg, p) # frs), e)" assumes wf_Pi:"wf \" (* assumes valid_An: "\ A. anF \ p = Some A \ \,s \ A" *) assumes p'_B_succsF:"(p',B) \ set (succsF \ p)" assumes valid_B:"\,s \ B" assumes cmd_p:"cmd \ p = Some Throw" assumes s_inv_Pos: "\,s \ inv_Pos \ (fst s)" assumes s_inv_Ty:"\,s \ inv_Ty \ (fst s)" assumes s_inv_FrNr:"\,s \ inv_FrNr \ (fst s)" assumes s_inv_ExTys:"\,s \ inv_ExTys \ (fst s)" shows goal: "\st' rg' frs' e'. (s, (p', (st', rg', frs'), e')) \ effS \" (*<*) proof - note GA = Pi_def p_def s_def wf_Pi p'_B_succsF valid_B cmd_p from GA have p'_B_nrml_expt: "(p', B) \ (\(p', B). (p', And [Pos p, B])) ` set (succsNormal \ p) \ (p', B) \ (\(p', B). (p', And [Pos p, B])) ` set (succsExcept \ p)" (is "?nrml \ ?xcpt") by (simp add: addPos_def succsF_def) from Pi_def wf_Pi have wfK: "wf_jvm_prog\<^isub>k P" apply - apply (drule wf_TypeSafe) apply (simp add: jvm_kildall_correct wf_jvm_prog_def) apply fastsimp done from cmd_p Pi_def wf_Pi p_def have instr_p:"instrs_of P C M ! pc = Throw" apply - apply (drule_tac \="\" and C="C" and M="M" and pc="pc" in domC_cmd_instr_of) apply (rule cmd_domC) apply simp apply simp done obtain i where i_def: "i = Throw" by fastsimp from cmd_p obtain dm dm' where domC_p:"domC \ = dm@[p]@dm'" by (fastsimp dest: cmd_domC simp add: in_set_conv_decomp) from cmd_p have has_method_p: "has_method P C M" apply - apply (drule cmd_domC) apply (simp add: p_def Pi_def has_method_def mem_iff) apply (rule_tac pc="pc" and An="An" in domC_methodnames, assumption) done from wf_Pi Pi_def s_def p_def s_inv_Ty cmd_p i_def have check_s: "check_instr' i (fst \) h st rg C M pc frs" apply - apply (rule wf_invTys_check') apply simp+ done from check_s s_def p_def instr_p i_def obtain r rst where st_def:"st = r#rst" and is_Ref_r:"is_Ref' h r" apply (simp add: neq_Nil_conv split_def) apply (erule conjE | erule exE)+ apply atomize apply (erule_tac x="y" in allE) apply (erule_tac x="ys" in allE) apply simp done from s_inv_ExTys s_def have cname_sysxcpt: "(cname_of h (addr_of_sys_xcpt NullPointer)) = NullPointer" apply (simp add: inv_ExTys_def obj_ty_def) done from p'_B_nrml_expt show ?thesis proof assume nrml: "?nrml" from cmd_p nrml show ?thesis apply (simp add: succsNormal_def) done next assume xcpt: "?xcpt" from wf_Pi cmd_p domC_p obtain A tys where wf_Throw:"anF \ p = Some A \ extractTy (A,St 0) = tys \ tys \ [] \ (\ tp\ (set tys). \ XA. tp = Class XA) \ p \ ipc \" apply (simp add: wf_def JBC_VCG.wf_def checkPos_split split_if[of "\ x. x" _ _ "False"]) apply (case_tac "anF \ p") apply simp apply (case_tac "p = ipc \") apply simp apply simp apply atomize apply (erule_tac x="a" in allE) apply (erule_tac x="extractTy (a,St 0)" in allE) apply (erule conjE)+ apply (case_tac "extractTy (a,St 0)") apply simp apply (simp only: list.cases if_False) apply (drule_tac t="aa # list" in sym) apply (simp only: list_all_iff) apply (subgoal_tac "(\tp\set (extractTy (a, St 0)). \XA. tp = Class XA)") prefer 2 apply (rule ballI) apply (erule_tac x="tp" in ballE) prefer 2 apply simp apply (case_tac "tp") apply simp apply simp apply simp apply simp apply simp apply (drule_tac t="extractTy (a, St 0)" in sym) apply simp done (* from this valid_An s_def have s_A :"\,s \ A" by simp *) from wf_Throw have anF_p: "anF \ p = Some A" by simp (* from wf_Throw s_def wf_Pi cmd_p domC_p s_A have r_ty': "\tp \ set (extractTy (A,St 0)). \,s \ Ty (St 0) tp" apply (rule_tac A="A" and tys="(extractTy (A,St 0))" in extractTy_sem) apply (simp add: assert_def) apply simp apply simp done from r_ty' wf_Throw obtain XA where r_ty: "\,s \ Ty (St 0) (Class XA) \ Class XA \ set (extractTy (A,St 0))" apply atomize apply (erule bexE) apply (erule conjE)+ apply (erule_tac x="tp" in ballE) prefer 2 apply simp apply (erule exE) apply (erule_tac x="XA" in allE) apply simp done *) from xcpt s_def cmd_p i_def anF_p have succsExcept_exp: "set (succsExcept \ p) = set (succsXpt (\, NullPointer, [p])) \ (\a\set (extractTy (A,St 0)). set (case a of Class X \ succsXpt (\, X, [p]) | _ \ []))" by (simp add: image_Un cmd_p succsExcept_def split del: option.split_asm) from wf_Pi domC_p have succsExcept_domC: "fst ` (set (succsExcept \ p)) \ set (domC \)" by (simp add: wf_def JBC_VCG.wf_def checkPos_split split_if[of "\ x. x" _ _ "False"] ) from xcpt wf_Throw have xcpt_cases: "(p', B) \ (\(p', B). (p', And [Pos p, B])) ` set (succsXpt (\, NullPointer, [p])) \ (p', B) \ (\(p', B). (p', And [Pos p, B])) ` (\a\set (extractTy (A,St 0)). set (case a of Class X \ succsXpt (\, X, [p]) | _ \ []))" (is "?NP \ ?XA") by (simp add: image_Un cmd_p succsExcept_def split del: option.split_asm) from xcpt_cases show ?thesis proof assume np_case: "(p', B) \ (\(p', B). (p', And [Pos p, B])) ` set (succsXpt (\, NullPointer, [p]))" show ?thesis proof - from np_case obtain B' where p'_B'_succsXpt: "(p',B') \ set (succsXpt (\,NullPointer,[p]))" and B_def: "B = And [Pos p,B']" apply - apply (erule imageE) apply (simp add: split_def) by fastsimp from xcpt succsExcept_domC cmd_p have succsXpt_domC: "fst ` (set (succsXpt (\,NullPointer,[p]))) \ set (domC \)" apply - apply (simp add: succsExcept_def) apply blast done from p'_B'_succsXpt succsXpt_domC Pi_def have B'_xcpt_cond: "\ As. B' = And (As@[xcpt_cond (P,An) NullPointer p])" apply - apply (rule_tac X="NullPointer" and L="[p]" and p'="p'" in succsXpt_xcpt_cond) apply simp apply simp apply simp done from p'_B'_succsXpt valid_B B_def B'_xcpt_cond have valid_xcpt_cond: "\,s \ (xcpt_cond \ NullPointer p)" apply - apply (erule exE)+ apply (simp add: Pi_def del: succsXpt.simps) apply (erule conjE)+ apply (simp add: evalEs_map) done from st_def s_def is_Ref_r valid_xcpt_cond cmd_p have exec_instr_s: "exec_instr Throw P h st rg C M pc frs = (Some (if r = Null then addr_of_sys_xcpt NullPointer else (the_Addr r)),h,(st,rg,(C,M,pc))#frs)" apply (simp add: split_def xcpt_cond_def) (* apply (rule impI) apply (case_tac "r::val") apply simp apply simp apply simp apply simp apply simp *) done from st_def s_def is_Ref_r valid_xcpt_cond cmd_p have cname_r: "cname_of h ((if r = Null then addr_of_sys_xcpt NullPointer else (the_Addr r))) = NullPointer" apply (simp add: xcpt_cond_def) apply (case_tac "r::val") apply simp+ apply (rule cname_sysxcpt) apply (simp add: obj_ty_def)+ done from s_def wf_Pi p'_B'_succsXpt valid_B B_def s_inv_Pos cname_r succsXpt_domC Pi_def p_def obtain rg' frs' where find_handler_s: "find_handler P (if r = Null then addr_of_sys_xcpt NullPointer else (the_Addr r)) h ((st, rg, p) # frs) = (None, h, ([Addr (if r = Null then (addr_of_sys_xcpt NullPointer) else (the_Addr r))], rg', p') # frs')" apply - apply (drule_tac xa="(if r = Null then (addr_of_sys_xcpt NullPointer) else (the_Addr r))" in succsXpt_findhandler) apply assumption apply assumption apply simp apply assumption apply simp apply assumption apply (erule exE)+ by fastsimp from Pi_def p_def instr_p has_method_p exec_instr_s find_handler_s cname_sysxcpt s_def have s_effS: "((p,(None,h,(st,rg,p)#frs),e),(p',(None,h,([Addr (if r = Null then (addr_of_sys_xcpt NullPointer) else (the_Addr r))],rg',p')#frs'), e\cs := drop (length frs - length frs') (cs e)\)) \ effS \" apply (rule_tac P="P" and M="M" and C="C" and pc="pc" and stk="st" and loc="rg" and i="Throw" and loc'="rg'" and h="h" and xa="if r = Null then (addr_of_sys_xcpt NullPointer) else (the_Addr r)" and frs="frs" and frs'="frs'" and bla="(st, rg, C, M, pc) # frs" and h'="h" in effS.expt) apply simp apply simp apply simp apply simp apply simp apply simp apply simp apply simp apply simp done from s_effS s_def show ?thesis by fastsimp qed next assume norm_case: "(p', B) \ (\(p', B). (p', And [Pos p, B])) ` (\a\set (extractTy (A,St 0)). set (case a of Class X \ succsXpt (\, X, [p]) | _ \ []))" from valid_B cmd_p wf_Throw norm_case xcpt succsExcept_exp succsExcept_domC obtain XA where succsXpt_XA: "(p', B) \ (\(p', B). (p', And [Pos p, B])) ` set (succsXpt (\, XA, [p]))" and XA_extractTy:"Class XA \ set (extractTy (A,St 0))" apply - apply (erule conjE)+ apply (erule imageE) apply (simp add: succsExcept_def) apply (erule bexE) apply (case_tac "a") apply simp+ apply fastsimp done from succsXpt_XA obtain B' where p'_B'_succsXpt: "(p',B') \ set (succsXpt (\,XA,[p]))" and B_def: "B = And [Pos p,B']" apply - apply (erule imageE) apply (simp add: split_def) by fastsimp from wf_Throw XA_extractTy obtain tys1 tys2 where tys_def: "tys = tys1@(Class XA)#tys2" apply - apply (erule conjE)+ apply (simp add: in_set_conv_decomp) apply fastsimp done from wf_Throw have extractTy_A: "extractTy (A, St 0) = tys" by simp from xcpt succsExcept_domC cmd_p p'_B'_succsXpt B_def tys_def anF_p extractTy_A have succsXpt_domC: "fst ` (set (succsXpt (\,XA,[p]))) \ set (domC \)" apply - apply (simp add: succsExcept_def split del: option.split_asm) apply (erule conjE | erule exE | erule imageE)+ apply blast done from p'_B'_succsXpt succsXpt_domC Pi_def have B'_xcpt_cond: "\ As. B' = And (As@[xcpt_cond (P,An) XA p])" apply - apply (rule_tac X="XA" and L="[p]" and p'="p'" in succsXpt_xcpt_cond) apply simp apply simp apply simp done from p'_B'_succsXpt valid_B B_def B'_xcpt_cond have valid_xcpt_cond: "\,s \ (xcpt_cond \ XA p)" apply - apply (erule exE)+ apply (simp add: Pi_def del: succsXpt.simps) apply (erule conjE)+ apply (simp add: evalEs_map) done from st_def s_def is_Ref_r valid_xcpt_cond cmd_p have exec_instr_s: "exec_instr Throw P h st rg C M pc frs = (Some (if r = Null then addr_of_sys_xcpt NullPointer else the_Addr r),h,(st,rg,(C,M,pc))#frs)" apply (simp add: split_def xcpt_cond_def) done from st_def s_def is_Ref_r valid_xcpt_cond cmd_p have cname_r: "cname_of h (if r=Null then addr_of_sys_xcpt NullPointer else the_Addr r) = XA" apply simp apply (case_tac "r::val") apply (simp add: is_Ref'_def)+ apply (simp add: xcpt_cond_def) apply (case_tac "XA = NullPointer") apply simp apply (rule cname_sysxcpt) apply simp apply (simp add: is_Ref'_def)+ apply (erule exE)+ apply (simp add: xcpt_cond_def obj_ty_def) apply (case_tac "XA = NullPointer") apply simp apply simp done from s_def wf_Pi p'_B'_succsXpt valid_B B_def s_inv_Pos cname_r succsXpt_domC Pi_def p_def obtain rg' frs' where find_handler_s: "find_handler P (if r = Null then addr_of_sys_xcpt NullPointer else the_Addr r) h ((st, rg, p) # frs) = (None, h, ([Addr (if r = Null then addr_of_sys_xcpt NullPointer else the_Addr r)], rg', p') # frs')" apply - apply (drule_tac xa="(if r = Null then addr_of_sys_xcpt NullPointer else the_Addr r)" in succsXpt_findhandler) apply assumption apply assumption apply simp apply assumption apply simp apply simp apply (erule exE)+ by fastsimp from Pi_def p_def instr_p has_method_p exec_instr_s find_handler_s cname_sysxcpt s_def have s_effS: "((p,(None,h,(st,rg,p)#frs),e),(p',(None,h, ([Addr (if r = Null then addr_of_sys_xcpt NullPointer else the_Addr r)],rg',p')#frs'), e\cs := drop (length frs - length frs') (cs e)\)) \ effS \" apply (rule_tac P="P" and M="M" and C="C" and pc="pc" and stk="st" and loc="rg" and i="Throw" and loc'="rg'" and h="h" and xa="if r = Null then addr_of_sys_xcpt NullPointer else (the_Addr r)" and frs="frs" and frs'="frs'" and bla="(st, rg, C, M, pc) # frs" and h'="h" in effS.expt) apply simp apply simp apply simp apply simp apply simp apply simp apply simp apply simp apply simp done from s_effS s_def show ?thesis by fastsimp qed qed qed lemma succsF_progress_Invoke: assumes Pi_def:"\ = (P,An)" assumes p_def:"p = (C,M,pc)" assumes s_def:"s = (p, (None, h, (st, rg, p) # frs), e)" assumes wf_Pi:"wf \" (* assumes valid_An: "\ A. anF \ p = Some A \ \,s \ A" *) assumes p'_B_succsF:"(p',B) \ set (succsF \ p)" assumes valid_B:"\,s \ B" assumes cmd_p:"cmd \ p = Some (Invoke Mn n)" assumes s_inv_Pos: "\,s \ inv_Pos \ (fst s)" assumes s_inv_Ty:"\,s \ inv_Ty \ (fst s)" assumes s_inv_FrNr:"\,s \ inv_FrNr \ (fst s)" assumes s_inv_ExTys:"\,s \ inv_ExTys \ (fst s)" shows goal: "\st' rg' frs' e'. (s, (p', (st', rg', frs'), e')) \ effS \" (*<*) proof - note GA = Pi_def p_def s_def wf_Pi p'_B_succsF valid_B cmd_p from GA have p'_B_nrml_expt: "(p', B) \ (\(p', B). (p', And [Pos p, B])) ` set (succsNormal \ p) \ (p', B) \ (\(p', B). (p', And [Pos p, B])) ` set (succsExcept \ p)" (is "?nrml \ ?xcpt") by (simp add: addPos_def succsF_def) from Pi_def wf_Pi have wfK: "wf_jvm_prog\<^isub>k P" apply - apply (drule wf_TypeSafe) apply (simp add: jvm_kildall_correct wf_jvm_prog_def) apply fastsimp done obtain i where i_def: "i = Invoke Mn n" by fastsimp from cmd_p Pi_def wf_Pi p_def i_def have instr_p:"instrs_of P C M ! pc = i" apply - apply (drule_tac \="\" and C="C" and M="M" and pc="pc" in domC_cmd_instr_of) apply (rule cmd_domC) apply simp apply simp done from cmd_p obtain dm dm' where domC_p:"domC \ = dm@[p]@dm'" by (fastsimp dest: cmd_domC simp add: in_set_conv_decomp) from cmd_p have has_method_p: "has_method P C M" apply - apply (drule cmd_domC) apply (simp add: p_def Pi_def has_method_def mem_iff) apply (rule_tac pc="pc" and An="An" in domC_methodnames, assumption) done from wf_Pi Pi_def s_def p_def s_inv_Ty cmd_p i_def have check_s: "check_instr' i (fst \) h st rg C M pc frs" apply - apply (rule wf_invTys_check') apply simp+ done from check_s s_def p_def instr_p i_def obtain args r rst where st_def:"st = args@r#rst" and length_args:"length args = n" and is_Ref_r:"is_Ref' h r" apply atomize apply (simp add: neq_Nil_conv check_def split_def) apply (erule conjE | erule exE)+ apply (drule_tac n="n" in list_length_split) apply (erule conjE | erule exE)+ apply (erule_tac x="ls" in allE) apply (erule_tac x="l" in allE) apply (subgoal_tac "is_Ref' h l") prefer 2 apply (simp add: is_Ref'_def nth_append) apply (case_tac "l = Null") apply simp apply (simp add: is_Ref'_def) done from is_Ref_r obtain adr obj where r_def: "r = Null \ (r = Addr adr \ h adr = Some obj)" by (simp only: is_Ref'_def, case_tac "r::val",simp,simp,simp,simp,simp add: not_None_eq,blast) from r_def st_def length_args is_Ref_r check_s p_def i_def Pi_def obtain cn cn' where classnames_obj: "(r \ Null) \ classnames P = cn@[fst obj]@cn'" apply (subgoal_tac "(r \ Null) \ (\ cn cn'. classnames P = cn@[fst obj]@cn')") prefer 2 apply (rule impI) apply (simp add: nth_append) apply (simp only: TypeRel.has_method_def) apply (erule exE)+ apply (drule sees_method_is_class) apply (simp add: is_class_def class_def classnames_def) apply (erule exE)+ apply (drule map_of_SomeD) apply (simp add: in_set_conv_decomp) apply (erule exE)+ apply (simp add: map_append) apply (rule_tac x=" map fst ys" in exI) apply (rule_tac x="map fst zs" in exI) apply simp apply (case_tac "r = Null") apply simp apply atomize apply simp done from s_inv_ExTys s_def have cname_sysxcpt: "(cname_of h (addr_of_sys_xcpt NullPointer)) = NullPointer" apply (simp add: inv_ExTys_def obj_ty_def) done from p'_B_nrml_expt show ?thesis proof assume nrml: "?nrml" from cmd_p nrml valid_B s_def wf_Pi have p'_B_def': "\ A. anF \ p = Some A \ (\ tp \ (set (extractTy (A,St n))). (\ X. tp = Class X \ p' = (X,Mn,0) \ B = And [Pos p, And [Neg (St n \ Cn Null), Ty (St n) (Class X)]] \ JBC_Semantics.has_method (fst \) X Mn))" apply - apply (simp add: JBC_VCG.wf_def checkPos_split domC_p split_if[of "\ x. x" _ _ "False"]) apply (erule conjE)+ apply (case_tac "anF \ p") apply simp apply (rule_tac x="a" in exI) apply simp apply (case_tac "p = ipc \") apply simp apply simp apply (subgoal_tac "\ tp \ set (extractTy (a,St n)). (\ X. tp = Class X \ JBC_Semantics.has_method (fst \) X Mn) \ tp = NT") prefer 2 apply (case_tac "extractTy (a, St n)") apply simp apply (simp only: list.cases) apply (drule_tac t="aa # list" in sym) apply (simp only: list_all_iff) apply (rule ballI) apply (erule conjE)+ apply (erule_tac x="tp" in ballE) prefer 2 apply simp apply (case_tac "tp::ty") apply simp apply simp apply simp --{* tp = NT *} apply simp --{* tp = Class lista *} apply simp apply (simp add: succsNormal_def st_def length_args nth_append) apply (erule imageE) apply simp apply (erule bexE) apply (case_tac "aa::ty") apply simp apply simp apply simp apply simp --{* aa = Class list *} apply (simp add: xcpt_cond_def) apply (erule_tac x="Class list" in ballE) prefer 2 apply simp apply (erule conjE)+ apply simp apply (subgoal_tac "\Ts T m. method P list Mn = (list, Ts, T, m)") prefer 2 apply (rule_tac An="An" in has_method_class) apply (cut_tac wf_Pi) apply (simp add: Pi_def) apply (cut_tac Pi_def) apply simp apply (erule exE)+ apply (cut_tac Pi_def) apply simp done from p'_B_def' obtain A X where p'_B_def:"p' = (X,Mn,0) \ B = And [Pos p, And [Neg (St n \ Cn Null), Ty (St n) (Class X)]] \ Class X \ (set (extractTy (A,St n))) \ has_method (fst \) X Mn" apply - apply atomize apply (erule exE | erule conjE)+ apply (erule bexE) apply (erule exE) apply (erule_tac x="X" in allE) apply (erule_tac x="A" in allE) apply simp done from st_def length_args p'_B_def valid_B s_def r_def wf_Pi have exec_instr_s: "exec_instr (Invoke Mn n) P h st rg C M pc frs = (None,h,([],Addr adr # rev args @ replicate (fst (snd (snd (snd (snd (method P (fst obj) Mn)))))) arbitrary,(X,Mn,0))#(st,rg,(C,M,pc))#frs)" apply (simp add: split_def nth_append obj_ty_def) apply (erule conjE )+ apply (simp add: Pi_def has_method_def mem_iff) apply (frule methodnames_P) apply (subgoal_tac "method P (fst obj) Mn = method' P (fst obj) Mn") prefer 2 apply (rule_tac wf_md="wf_md_Ty" in method_method') apply (drule wf_wfprog) apply simp apply assumption apply (erule conjE | erule exE)+ apply (simp add: method'_def) done from Pi_def p_def instr_p exec_instr_s check_s has_method_p p'_B_def st_def r_def s_def i_def have "((p,(None,h,(st,rg,p)#frs),e),(p',(None,h,([],Addr adr # rev args @ replicate (fst (snd (snd (snd (snd (method P (fst obj) Mn)))))) arbitrary,(X,Mn,0))#(st,rg,(C,M,pc))#frs),e\cs:=h#(cs e)\)) \ effS \" apply (rule_tac P="P" and M="M" and C="C" and pc="pc" and stk="st" and loc="rg" and i="Invoke Mn n" and fr'="([],Addr adr # rev args @ replicate (fst (snd (snd (snd (snd (method P (fst obj) Mn)))))) arbitrary,(X,Mn,0))" and h="h" and h'="h" and frs="frs" and frs'="(st,rg,(C,M,pc))#frs" in effS.nrml) apply simp apply simp apply simp apply simp apply simp apply simp apply simp apply simp apply simp done from this s_def show "\st' rg' frs' e'. (s, (p', (st', rg', frs'), e')) \ effS \" by fastsimp next assume xcpt: "?xcpt" show "\st' rg' frs' e'. (s, (p', (st', rg', frs'), e')) \ effS \" proof - from xcpt cmd_p obtain B' where p'_B'_succsXpt: "(p',B') \ set (succsXpt (\,NullPointer,[p]))" and B_def: "B = And [Pos p,B']" apply - apply (simp add: succsExcept_def) apply (erule imageE) apply (simp add: split_def) by fastsimp from wf_Pi domC_p have succsExcept_domC: "fst ` (set (succsExcept \ p)) \ set (domC \)" by (simp add: wf_def JBC_VCG.wf_def checkPos_split split_if[of "\ x. x" _ _ "False"] ) from xcpt succsExcept_domC cmd_p have succsXpt_domC: "fst ` (set (succsXpt (\,NullPointer,[p]))) \ set (domC \)" apply - apply (simp add: succsExcept_def) done from p'_B'_succsXpt succsXpt_domC Pi_def have B'_xcpt_cond: "\ As. B' = And (As@[xcpt_cond (P,An) NullPointer p])" apply - apply (rule_tac X="NullPointer" and L="[p]" and p'="p'" in succsXpt_xcpt_cond) apply simp apply simp apply simp done from p'_B'_succsXpt valid_B B_def B'_xcpt_cond have valid_xcpt_cond: "\,s \ (xcpt_cond \ NullPointer p)" apply - apply (erule exE)+ apply (simp add: Pi_def del: succsXpt.simps) apply (erule conjE)+ apply (simp add: evalEs_map) done from st_def s_def is_Ref_r valid_xcpt_cond cmd_p i_def length_args obtain bla where exec_instr_s: "exec_instr i P h st rg C M pc frs = (\addr_of_sys_xcpt NullPointer\, h,bla)" apply (simp add: split_def xcpt_cond_def) done from s_def s_inv_ExTys have cname_r: "cname_of h (addr_of_sys_xcpt NullPointer) = NullPointer" by (simp add: inv_ExTys_def obj_ty_def) from s_def wf_Pi p'_B'_succsXpt valid_B B_def s_inv_Pos cname_r succsXpt_domC Pi_def p_def obtain rg' frs' where find_handler_s: "find_handler P (addr_of_sys_xcpt NullPointer) h ((st, rg, p) # frs) = (None, h, ([Addr (addr_of_sys_xcpt NullPointer)], rg', p') # frs')" apply - apply (drule_tac xa="addr_of_sys_xcpt NullPointer" in succsXpt_findhandler) apply assumption apply assumption apply simp apply assumption apply simp apply assumption apply (erule exE)+ by fastsimp from Pi_def p_def instr_p has_method_p exec_instr_s find_handler_s cname_sysxcpt s_def i_def have s_effS: "((p,(None,h,(st,rg,p)#frs),e),(p',(None,h,([Addr (addr_of_sys_xcpt NullPointer)],rg',p')#frs'), e\cs := drop (length frs - length frs') (cs e)\)) \ effS \" apply (rule_tac P="P" and M="M" and C="C" and pc="pc" and stk="st" and loc="rg" and i="i" and loc'="rg'" and h="h" and xa="(addr_of_sys_xcpt NullPointer)" and frs="frs" and frs'="frs'" and bla="bla" and h'="h" in effS.expt) apply simp apply simp apply simp apply simp apply simp apply simp apply simp apply simp apply simp done from s_effS s_def show ?thesis by fastsimp qed qed qed (*>*) lemma succsF_progress_New: assumes Pi_def:"\ = (P,An)" assumes p_def:"p = (C,M,pc)" assumes s_def:"s = (p, (None, h, (st, rg, p) # frs), e)" assumes wf_Pi:"wf \" (* assumes valid_An: "\ A. anF \ p = Some A \