header {* \isaheader{wpF computes weakest preconditions} *} theory JBC_wpFcorrect = JBC_SysInv: section {* Alternative wpF Defintions *} lemma wpF_Load: assumes handlesEx: "handlesEx (fst \) p' = None" assumes cmd_p: "cmd \ p = Some (Load n)" shows "wpF \ p p' Q = substE ((map (\q. (Pos q, if q = p' then Pos p else FF)) (getPosEx Q))@ (map (\k. (St k,if k=0 then Rg n else St (k - 1))) (stkIds Q))) Q" (*<*) by (simp! add: wpF_def Let_def split_def fst_conv snd_conv) (*>*) lemma wpF_Store: assumes handlesEx: "handlesEx (fst \) p' = None" assumes cmd_p: "cmd \ p = Some (Store n)" shows "wpF \ p p' Q = substE ((map (\q. (Pos q, if q = p' then Pos p else FF)) (getPosEx Q))@ ((Rg n,St 0)# map (\k. (St k, St (k+1))) (stkIds Q))) Q" (*<*) by (simp! add: wpF_def Let_def split_def fst_conv snd_conv) (*>*) lemma wpF_Push: assumes handlesEx: "handlesEx (fst \) p' = None" assumes cmd_p: "cmd \ p = Some (Push v)" shows "wpF \ p p' Q = substE ((map (\q. (Pos q, if q = p' then Pos p else FF)) (getPosEx Q))@ (map (\k. (St k,if k=0 then Cn v else St (k - 1))) (stkIds Q))) Q" (*<*) by (simp! add: wpF_def Let_def split_def fst_conv snd_conv) (*>*) lemma wpF_New: assumes handlesEx: "handlesEx (fst \) p' = None" assumes cmd_p: "cmd \ p = Some (New Cl)" shows "wpF \ p p' Q = (let em=((map (\q. (Pos q, if q = p' then Pos p else FF)) (getPosEx Q)) @(map (\k. (St k,if k=0 then NewA 0 else St (k - 1))) (stkIds Q))@ (map (\n. (NewA n, NewA (n+1))) (getNewEx Q))); gfe'=foldl (\mp hex. (case hex of GF F C ex \ (let ex'=substE mp ex in (Gf F C ex,IF ex' \ NewA 0 THEN Cn (the ((snd (blank (fst \) Cl))(F,C))) ELSE Gf F C ex')) | TY ex ty \ (let ex'=substE mp ex in (Ty ex ty,IF ex' \ NewA 0 THEN Cn (Bool ((Class Cl) = ty)) ELSE Ty ex' ty)))#mp) em (remdups' (getHeapEx Q)) in substE gfe' Q)" (*<*) by (simp! add: wpF_def Let_def split_def fst_conv snd_conv) (*>*) lemma wpF_Getfield: assumes handlesEx: "handlesEx (fst \) p' = None" assumes cmd_p: "cmd \ p = Some (Getfield F C)" shows "wpF \ p p' Q = substE ((map (\q. (Pos q, if q = p' then Pos p else FF)) (getPosEx Q))@[(St 0,Gf F C (St 0))]) Q" (*<*) by (simp! add: wpF_def Let_def split_def fst_conv snd_conv) (*>*) lemma wpF_Putfield: assumes handlesEx: "handlesEx (fst \) p' = None" assumes cmd_p: "cmd \ p = Some (Putfield F C)" shows "wpF \ p p' Q = (let em=(map (\q. (Pos q, if q = p' then Pos p else FF)) (getPosEx Q)) @(map (\k. (St k,St (k+2))) (stkIds Q)); gfe'=foldl (\mp ex. let ex'=substE mp ex in (Gf F C ex,IF (ex' \ St 1) THEN St 0 ELSE Gf F C ex')#mp) em (remdups' (getGfEx F C Q)) in substE gfe' Q)" (*<*) by (simp! add: wpF_def Let_def split_def fst_conv snd_conv) (*>*) lemma wpF_Checkcast: assumes handlesEx: "handlesEx (fst \) p' = None" assumes cmd_p: "cmd \ p = Some (Checkcast C)" shows "wpF \ p p' Q = substE (map (\q. (Pos q, if q = p' then Pos p else FF)) (getPosEx Q)) Q" (*<*) by (simp! add: wpF_def Let_def split_def fst_conv snd_conv) (*>*) lemma wpF_Invoke: assumes handlesEx: "handlesEx (fst \) p' = None" assumes cmd_p: "cmd \ p = Some (Invoke M n)" shows "wpF \ p p' Q = substE ((map (\q. (Pos q, if q = p' then Pos p else FF)) (getPosEx Q))@(FrNr,FrNr \ (Cn (Intg 1)))# (map (\k. (Rg k,if k \ n then St (n-k) else (if k \ n + fst (snd (snd (snd (snd (method (fst \) (fst p') M))))) then Cn arb else none))) (rgIds Q))@ (map (\k. (St k,none)) (stkIds Q))@ (map (\ex. (Call ex,ex)) (getCallEx Q))@ (concat (map (\(cn',ex'). (if catchesEx (fst \) cn' p then [(Catch cn' ex',ex')] else [(Catch cn' ex', IF (FrNr \ Cn (Intg 1)) THEN ex' ELSE Catch cn' ex')])) (getCatchEx Q)))) Q" (*<*) by (simp! add: wpF_def Let_def split_def fst_conv snd_conv) (*>*) lemma wpF_Return: assumes handlesEx: "handlesEx (fst \) p' = None" assumes cmd_p: "cmd \ p = Some Return" shows "wpF \ p p' Q = (let (C,M,pc)=p; (P,An)=\; n = length (fst (snd (method P C M))) in substE ((map (\q. (Pos q, if q = p' then Pos p else FF)) (getPosEx Q)) @(FrNr,FrNr \ (Cn (Intg 1)))# (map (\k. (St k,if 1 \ k then Call (St (n+k)) else St 0)) (stkIds Q))@ (map (\k. (Rg k,Call (Rg k))) (rgIds Q))@ (map (\ex. (Call ex,Call (Call ex))) (getCallEx Q))@ (map (\(cn',ex'). (Catch cn' ex',Call (Catch cn' ex'))) (getCatchEx Q))) Q)" (*<*) by (simp! add: wpF_def Let_def split_def fst_conv snd_conv) (*>*) lemma wpF_Pop: assumes handlesEx: "handlesEx (fst \) p' = None" assumes cmd_p: "cmd \ p = Some Pop" shows "wpF \ p p' Q = substE (map (\q. (Pos q, if q = p' then Pos p else FF)) (getPosEx Q) @(map (\k. (St k,St (k+1))) (stkIds Q))) Q" (*<*) by (simp! add: wpF_def Let_def split_def fst_conv snd_conv) (*>*) lemma wpF_IBin: assumes handlesEx: "handlesEx (fst \) p' = None" assumes cmd_p: "cmd \ p = Some (IBin no)" shows "wpF \ p p' Q = substE (map (\q. (Pos q, if q = p' then Pos p else FF)) (getPosEx Q) @ (map (\k. (St k,if k=0 then Num (St 1) no (St 0) else (St (k+1)))) (stkIds Q))) Q" (*<*) by (simp! add: wpF_def Let_def split_def fst_conv snd_conv) (*>*) lemma wpF_Goto: assumes handlesEx: "handlesEx (fst \) p' = None" assumes cmd_p: "cmd \ p = Some (Goto t)" shows "wpF \ p p' Q = substE (map (\q. (Pos q, if q = p' then Pos p else FF)) (getPosEx Q)) Q" (*<*) by (simp! add: wpF_def Let_def split_def fst_conv snd_conv) (*>*) lemma wpF_CmpEq: assumes handlesEx: "handlesEx (fst \) p' = None" assumes cmd_p: "cmd \ p = Some CmpEq" shows "wpF \ p p' Q = substE (map (\q. (Pos q, if q = p' then Pos p else FF)) (getPosEx Q) @(map (\k. (St k,if k=0 then (St 0)\(St 1) else (St (k+1)))) (stkIds Q))) Q" (*<*) by (simp! add: wpF_def Let_def split_def fst_conv snd_conv) (*>*) lemma wpF_IfIntCmp: assumes handlesEx: "handlesEx (fst \) p' = None" assumes cmd_p: "cmd \ p = Some (IfIntCmp ro t)" shows "wpF \ p p' Q = substE (map (\q. (Pos q, if q = p' then Pos p else FF)) (getPosEx Q) @(map (\k. (St k,St (k+2))) (stkIds Q))) Q" (*<*) by (simp! add: wpF_def Let_def split_def fst_conv snd_conv) (*>*) lemma wpF_IfFalse: assumes handlesEx: "handlesEx (fst \) p' = None" assumes cmd_p: "cmd \ p = Some (IfFalse t)" shows "wpF \ p p' Q = substE (map (\q. (Pos q, if q = p' then Pos p else FF)) (getPosEx Q) @(map (\k. (St k,St (k+1))) (stkIds Q))) Q" (*<*) by (simp! add: wpF_def Let_def split_def fst_conv snd_conv) (*>*) lemma wpF_Throw_Nrm: assumes handlesEx: "handlesEx (fst \) p' = None" assumes cmd_p: "cmd \ p = Some Throw" shows "wpF \ p p' Q = FF" (*<*) by (simp! add: wpF_def Let_def split_def fst_conv snd_conv) (*>*) (* lemma wpF_Except: assumes handlesEx: "handlesEx (fst \) p' = Some cn" assumes cmd_p: "cmd \ p = Some i" shows "wpF \ p p' Q = (let mp=(map (\q. (Pos q, if q = p' then Pos p else FF)) (getPosEx Q)) @ (map (\k. (St k,if 1\k then none else (if (cmd \ p = Some Throw) then (IF St 0 \ Cn (Null) THEN (Cn (Addr (addr_of_sys_xcpt NullPointer))) ELSE St 0) else Cn (Addr (addr_of_sys_xcpt cn))))) (stkIds Q))@ (let (C,M,pc)=p; (C',M',pc')=p'; (P,An)=\ in (if match_ex_table P cn pc (ex_table_of P C M) = Some pc' then [] else let rgm=map (\k. (Rg k,Catch cn (Rg k))) (rgIds Q); om =map (\ex. (Call ex,Catch cn (Call ex))) (getCallEx Q); cm= map (\(cn',ex'). (Catch cn' ex', Catch cn (Catch cn' ex'))) (getCatchEx Q) in (FrNr,Catch cn FrNr)#rgm@om@cm)) in substE mp Q)" by (simp! add: wpF_def Let_def split_def fst_conv snd_conv) *) lemma wpF_Except: assumes handlesEx: "handlesEx (fst \) p' = Some cn" assumes cmd_p: "cmd \ p = Some i" shows "wpF \ p p' Q = (let mp=(map (\q. (Pos q, if q = p' then Pos p else FF)) (getPosEx Q)) @ (map (\k. (St k,if 1\k then none else (if (i = Throw) then (IF St 0 \ Cn (Null) THEN (Cn (Addr (addr_of_sys_xcpt NullPointer))) ELSE St 0) else Cn (Addr (addr_of_sys_xcpt (sys_xcpt_of i)))))) (stkIds Q))@ (let (C,M,pc)=p; (C',M',pc')=p'; (P,An)=\ in (if match_ex_table P cn pc (ex_table_of P C M) = Some pc' then [] else let rgm=map (\k. (Rg k,Catch cn (Rg k))) (rgIds Q); om =map (\ex. (Call ex,Catch cn (Call ex))) (getCallEx Q); cm= map (\(cn',ex'). (Catch cn' ex', Catch cn (Catch cn' ex'))) (getCatchEx Q) in (FrNr,Catch cn FrNr)#rgm@om@cm)) in substE mp Q)" (*<*) by (simp! add: wpF_def Let_def split_def fst_conv snd_conv) (*>*) section {* Auxiliary Definitions and Lemmas *} lemma foldl_map_lookup': "\ es. \hex \ set es. heapEx x \ [hex] \ \mp'. (foldl (\mp hex. (case hex of GF F C ex \ (let ex'=substE mp ex in (Gf F C ex, IF ex' \ NewA 0 THEN Cn (the (snd (blank P Cl) (F, C))) ELSE Gf F C ex')) | TY ex ty \ (let ex'=substE mp ex in (Ty ex ty, IF ex' \ NewA 0 THEN Cn (Bool ((Class Cl) = ty)) ELSE Ty ex' ty)))#mp) mp' es) ? x = mp' ? x" (*<*) apply (erule rev_mp) apply (induct_tac "es") apply simp apply (rule impI) apply (rule allI) apply (simp add: split_def) apply (erule conjE)+ apply (case_tac "a") apply simp apply (case_tac "x = Gf list1 list2 expr") apply simp apply (drule_tac t="x" in not_sym) apply simp apply simp apply (case_tac "x = Ty expr ty") apply simp apply (drule_tac t="x" in not_sym) apply simp done (*>*) lemma foldl_map_lookup'': "\ es. \a\ set es. x\f a \ \mp'. (foldl (\mp a. (f a, g mp a)#mp) mp' es) ? x = mp' ? x" (*<*) apply (erule rev_mp) apply (induct_tac "es") apply simp apply (rule impI) apply (rule allI) apply simp apply (erule conjE)+ apply (drule_tac t="x" in not_sym) apply simp done (*>*) lemma getGfEx_size: "\ex' . ex' \ set (getGfEx F C ex) \ size ex' < size ex" (*<*) apply (erule rev_mp) apply (rule_tac expr="ex" in expr_induct') apply (rule impI | rule conjI | simp add: getGfEx_def split add: split_if split_if_asm | erule disjE)+ done (*>*) lemma getGfEx_not_refl: "\ ex'. ex' \ set (getGfEx F C ex) \ ex' \ ex" (*<*) apply (drule getGfEx_size) apply (rule classical) apply simp done (*>*) lemma getHeapEx_GF_size: "\F C ex . GF F C ex \ set (getHeapEx ex') \ size ex < size ex'" (*<*) apply (erule rev_mp) apply (rule_tac expr="ex'" in expr_induct') apply (rule impI | rule conjI | simp add: getHeapEx_def split add: split_if split_if_asm | erule disjE)+ done (*>*) lemma getHeapEx_TY_size: "\ex ty . TY ex ty \ set (getHeapEx ex') \ size ex < size ex'" (*<*) apply (erule rev_mp) apply (rule_tac expr="ex'" in expr_induct') apply (rule impI | rule conjI | simp add: getHeapEx_def split add: split_if split_if_asm | erule disjE)+ done (*>*) lemma getHeapEx_GF_not_refl: "\ F C ex. GF F C ex \ set (getHeapEx ex') \ ex \ ex'" (*<*) apply (drule getHeapEx_GF_size) apply (rule classical) apply simp done (*>*) lemma getHeapEx_TY_not_refl: "\ ex ty. TY ex ty \ set (getHeapEx ex') \ ex \ ex'" (*<*) apply (drule getHeapEx_TY_size) apply (rule classical) apply simp done (*>*) lemma getGfEx_comp: "\ ex'. \ ex' \ set (getGfEx F C ex) \ \ \as bs cs. ((getGfEx F C ex) = as@(getGfEx F C ex')@bs@[ex']@cs \ ex' \ set (as@(getGfEx F C ex')@bs))" (*<*) apply (erule rev_mp) apply (rule_tac expr="ex" in expr_induct') --{* Rg nat *} apply (simp add: getGfEx_def) --{* St nat *} apply (simp add: getGfEx_def) --{* Lv nat *} apply (simp add: getGfEx_def) --{* Cn val *} apply (simp add: getGfEx_def) --{* NewA n *} apply (simp add: getGfEx_def) --{* Gf list1 list2 expr*} apply (rule impI) apply (simp add: getGfEx_def) apply (rule conjI) apply (rule impI) apply (erule disjE) apply simp apply (erule exE | erule conjE)+ apply (rule_tac x="as" in exI) apply (rule_tac x="bs" in exI) apply simp apply simp apply (rule_tac x="[]" in exI) apply (rule_tac x="[]" in exI) apply simp apply (rule impI) apply (case_tac "F = list1") apply simp apply simp --{* FrNr *} apply (simp add: getGfEx_def) --{* Num expr1 numop expr2 *} apply (rule impI) apply (simp add: getGfEx_def) apply (case_tac " ex' \ set (foldE (\(ex, as). as @ gfEx (F, C, ex)) op @ [] expr1)") apply simp apply (erule exE | erule conjE)+ apply (rule_tac x="as" in exI) apply (rule_tac x="bs" in exI) apply (rule conjI) apply (rule_tac x="cs @ foldE (\(ex, as). as @ gfEx (F, C, ex)) op @ [] expr2" in exI) apply simp apply simp apply simp apply (erule exE | erule conjE)+ apply (rule_tac x="foldE (\(ex, as). as @ gfEx (F, C, ex)) op @ [] expr1 @ as" in exI) apply (rule_tac x="bs" in exI) apply (rule conjI) apply (rule_tac x="cs" in exI) apply simp apply simp --{* Rel expr1 relop expr2 *} apply (rule impI) apply (simp add: getGfEx_def) apply (case_tac " ex' \ set (foldE (\(ex, as). as @ gfEx (F, C, ex)) op @ [] expr1)") apply simp apply (erule exE | erule conjE)+ apply (rule_tac x="as" in exI) apply (rule_tac x="bs" in exI) apply (rule conjI) apply (rule_tac x="cs @ foldE (\(ex, as). as @ gfEx (F, C, ex)) op @ [] expr2" in exI) apply simp apply simp apply simp apply (erule exE | erule conjE)+ apply (rule_tac x="foldE (\(ex, as). as @ gfEx (F, C, ex)) op @ [] expr1 @ as" in exI) apply (rule_tac x="bs" in exI) apply (rule conjI) apply (rule_tac x="cs" in exI) apply simp apply simp --{* IF expr1 THEN expr2 ELSE expr3 *} apply (rule impI) apply (simp add: getGfEx_def) apply (case_tac " ex' \ set (foldE (\(ex, as). as @ gfEx (F, C, ex)) op @ [] expr1)") apply (drule mp, assumption) apply (erule exE | erule conjE)+ apply (rule_tac x="as" in exI) apply (rule_tac x="bs" in exI) apply (rule conjI) apply (rule_tac x="cs @ foldE (\(ex, as). as @ gfEx (F, C, ex)) op @ [] expr2 @ foldE (\(ex, as). as @ gfEx (F, C, ex)) op @ [] expr3" in exI) apply simp apply simp apply (case_tac " ex' \ set (foldE (\(ex, as). as @ gfEx (F, C, ex)) op @ [] expr2)") apply (drule mp, assumption) apply (erule exE | erule conjE)+ apply (rule_tac x="foldE (\(ex, as). as @ gfEx (F, C, ex)) op @ [] expr1 @ as" in exI) apply (rule_tac x="bs" in exI) apply (rule conjI) apply (rule_tac x="cs @ foldE (\(ex, as). as @ gfEx (F, C, ex)) op @ [] expr3" in exI) apply simp apply simp apply simp apply (erule exE | erule conjE)+ apply (rule_tac x="foldE (\(ex, as). as @ gfEx (F, C, ex)) op @ [] expr1 @ foldE (\(ex, as). as @ gfEx (F, C, ex)) op @ [] expr2 @ as" in exI) apply (rule_tac x="bs" in exI) apply (rule conjI) apply (rule_tac x="cs" in exI) apply simp apply simp --{* Eq expr1 expr2 *} apply (rule impI) apply (simp add: getGfEx_def) apply (case_tac " ex' \ set (foldE (\(ex, as). as @ gfEx (F, C, ex)) op @ [] expr1)") apply simp apply (erule exE | erule conjE)+ apply (rule_tac x="as" in exI) apply (rule_tac x="bs" in exI) apply (rule conjI) apply (rule_tac x="cs @ foldE (\(ex, as). as @ gfEx (F, C, ex)) op @ [] expr2" in exI) apply simp apply simp apply simp apply (erule exE | erule conjE)+ apply (rule_tac x="foldE (\(ex, as). as @ gfEx (F, C, ex)) op @ [] expr1 @ as" in exI) apply (rule_tac x="bs" in exI) apply (rule conjI) apply (rule_tac x="cs" in exI) apply simp apply simp --{* Neg expr *} apply (simp add: getGfEx_def) --{* Imp expr1 expr2 *} apply (rule impI) apply (simp add: getGfEx_def) apply (case_tac " ex' \ set (foldE (\(ex, as). as @ gfEx (F, C, ex)) op @ [] expr1)") apply simp apply (erule exE | erule conjE)+ apply (rule_tac x="as" in exI) apply (rule_tac x="bs" in exI) apply (rule conjI) apply (rule_tac x="cs @ foldE (\(ex, as). as @ gfEx (F, C, ex)) op @ [] expr2" in exI) apply simp apply simp apply simp apply (erule exE | erule conjE)+ apply (rule_tac x="foldE (\(ex, as). as @ gfEx (F, C, ex)) op @ [] expr1 @ as" in exI) apply (rule_tac x="bs" in exI) apply (rule conjI) apply (rule_tac x="cs" in exI) apply simp apply simp --{* Forall nat expr *} apply (simp add: getGfEx_def) --{* Ty expr ty *} apply (simp add: getGfEx_def) --{* Pos x *} apply (simp add: getGfEx_def) --{* Call expr *} apply (simp add: getGfEx_def) --{* Catch expr *} apply (simp add: getGfEx_def) --{* And (ex es) *} apply (rule impI) apply (simp add: getGfEx_def) apply (case_tac "ex' \ set (foldE (\(ex, as). as @ gfEx (F, C, ex)) op @ [] ex)") apply (drule mp, assumption) apply (erule exE | erule conjE)+ apply (rule_tac x="as" in exI) apply (rule_tac x="bs" in exI) apply (rule conjI) apply (rule_tac x="cs @ foldEs (\(ex, as). as @ gfEx (F, C, ex)) op @ [] es" in exI) apply simp apply simp apply simp apply (erule exE | erule conjE)+ apply (rule_tac x=" foldE (\(ex, as). as @ gfEx (F, C, ex)) op @ [] ex @ as" in exI) apply (rule_tac x="bs" in exI) apply (rule conjI) apply (rule_tac x="cs" in exI) apply simp apply simp --{* And [] *} apply (simp add: getGfEx_def) done (*>*) lemma getGFEx_mono: "\ ex'' ex'. \ ex'' \ set (getGfEx F C ex'); ex' \ set (getGfEx F C ex) \ \ \as bs cs. remdups' (getGfEx F C ex) = as@[ex'']@bs@[ex']@cs" (*<*) apply (drule_tac ex'="ex'" in getGfEx_comp) apply (drule in_set_conv_decomp_fst) apply (erule exE | erule conjE)+ apply (simp only:) apply (subgoal_tac "remdups' ((as @ (ys @ ex'' # zs) @ bs) @ [ex'] @ cs) = remdups' (as @ (ys @ ex'' # zs) @ bs) @ [ex'] @ [b \ remdups' cs. b \ set ((as @ (ys @ ex'' # zs) @ bs)@[ex'])]") prefer 2 apply (rule_tac a="ex'" in remdups'_append_fst) apply simp apply simp apply (case_tac "ex'' \ set (as @ ys)") apply (drule in_set_conv_decomp_fst) apply (erule exE)+ apply (subgoal_tac "remdups' (ysa @ [ex''] @ (zsa @ ex'' # zs @ bs)) = remdups' ysa @ [ex''] @ [b \ remdups' (zsa @ ex'' # zs @ bs). b \ set (ysa @ [ex''])]") prefer 2 apply (rule remdups'_append_fst) apply simp apply (subgoal_tac "(as @ ys @ ex'' # zs @ bs) = ((as @ ys) @ ex'' # zs @ bs)") prefer 2 apply simp apply (simp only:) apply simp apply (rule_tac x="remdups' ysa" in exI) apply (rule_tac x="[b\remdups' (zsa @ ex'' # zs @ bs) . b \ ex'' \ b \ set ysa]" in exI) apply (rule_tac x="[b\remdups' cs . b \ ex'' \ b \ ex' \ b \ set as \ b \ set ys \ b \ set zs \ b \ set bs]" in exI) apply (simp only:) apply (subgoal_tac "remdups' ((as @ ys) @ [ex''] @ (zs @ bs)) = remdups' (as @ ys) @ [ex''] @ [b \ remdups' (zs @ bs). b \ set ((as @ ys) @ [ex''])]") prefer 2 apply (rule remdups'_append_fst) apply assumption apply (subgoal_tac "(as @ ys @ ex'' # zs @ bs) = ((as @ ys) @ [ex''] @ (zs @ bs))") prefer 2 apply simp apply (simp only:) apply (rule_tac x="remdups' (as @ ys)" in exI) apply (rule_tac x="[b\remdups' (zs @ bs) . b \ set ((as @ ys) @ [ex''])]" in exI) apply (rule_tac x="[b\remdups' cs . b \ ex'' \ b \ ex' \ b \ set as \ b \ set ys \ b \ set zs \ b \ set bs]" in exI) apply (simp (no_asm)) done (*>*) lemma getHeapEx_GF_comp: "GF F C ex' \ set (getHeapEx ex) \ \as bs cs. getHeapEx ex = as @ (getHeapEx ex') @ bs @ [GF F C ex'] @ cs \ (GF F C ex') \ set (as @ (getHeapEx ex') @ bs)" (*<*) apply (erule rev_mp) apply (rule_tac expr="ex" in expr_induct') --{* Rg nat *} apply (simp add: getHeapEx_def) --{* St nat *} apply (simp add: getHeapEx_def) --{* Lv nat *} apply (simp add: getHeapEx_def) --{* Cn val *} apply (simp add: getHeapEx_def) --{* NewA n *} apply (simp add: getHeapEx_def) --{* Gf list1 list2 expr*} apply (rule impI) apply (simp add: getHeapEx_def) apply (case_tac "GF F C ex' \ set (foldE (\(ex, as). as @ heapEx ex) op @ [] expr)") apply (drule mp, assumption) apply (erule exE | erule conjE)+ apply (rule_tac x="as" in exI) apply (rule_tac x="bs" in exI) apply simp apply simp apply (rule_tac x="[]" in exI) apply (rule_tac x="[]" in exI) apply simp --{* FrNr *} apply (simp add: getHeapEx_def) --{* Num expr1 numop expr2 *} apply (rule impI) apply (simp add: getHeapEx_def) apply (case_tac " GF F C ex' \ set (foldE (\(ex, as). as @ heapEx ex) op @ [] expr1)") apply simp apply (erule exE | erule conjE)+ apply (rule_tac x="as" in exI) apply (rule_tac x="bs" in exI) apply (rule conjI) apply (rule_tac x="cs @ foldE (\(ex, as). as @ heapEx ex) op @ [] expr2 " in exI) apply simp apply simp apply simp apply (erule exE | erule conjE)+ apply (rule_tac x="foldE (\(ex, as). as @ heapEx ex) op @ [] expr1 @ as" in exI) apply (rule_tac x="bs" in exI) apply (rule conjI) apply (rule_tac x="cs" in exI) apply simp apply simp --{* Rel expr1 relop expr2 *} apply (rule impI) apply (simp add: getHeapEx_def) apply (case_tac " GF F C ex' \ set (foldE (\(ex, as). as @ heapEx ex) op @ [] expr1)") apply simp apply (erule exE | erule conjE)+ apply (rule_tac x="as" in exI) apply (rule_tac x="bs" in exI) apply (rule conjI) apply (rule_tac x="cs @ foldE (\(ex, as). as @ heapEx ex) op @ [] expr2 " in exI) apply simp apply simp apply simp apply (erule exE | erule conjE)+ apply (rule_tac x="foldE (\(ex, as). as @ heapEx ex) op @ [] expr1 @ as" in exI) apply (rule_tac x="bs" in exI) apply (rule conjI) apply (rule_tac x="cs" in exI) apply simp apply simp --{* IF expr1 THEN expr2 ELSE expr3 *} apply (rule impI) apply (simp add: getHeapEx_def) apply (case_tac "GF F C ex' \ set (foldE (\(ex, as). as @ heapEx ex) op @ [] expr1) ") apply (drule mp, assumption) apply (erule exE | erule conjE)+ apply (rule_tac x="as" in exI) apply (rule_tac x="bs" in exI) apply (rule conjI) apply (rule_tac x="cs @ foldE (\(ex, as). as @ heapEx ex) op @ [] expr2 @ foldE (\(ex, as). as @ heapEx ex) op @ [] expr3" in exI) apply simp apply simp apply (case_tac "GF F C ex' \ set (foldE (\(ex, as). as @ heapEx ex) op @ [] expr2) ") apply (drule mp, assumption) apply (erule exE | erule conjE)+ apply (rule_tac x="foldE (\(ex, as). as @ heapEx ex) op @ [] expr1 @ as" in exI) apply (rule_tac x="bs" in exI) apply (rule conjI) apply (rule_tac x="cs @ foldE (\(ex, as). as @ heapEx ex) op @ [] expr3" in exI) apply simp apply simp apply simp apply (erule exE | erule conjE)+ apply (rule_tac x=" foldE (\(ex, as). as @ heapEx ex) op @ [] expr1 @ foldE (\(ex, as). as @ heapEx ex) op @ [] expr2 @ as" in exI) apply (rule_tac x="bs" in exI) apply (rule conjI) apply (rule_tac x="cs" in exI) apply simp apply simp --{* Eq expr1 expr2 *} apply (rule impI) apply (simp add: getHeapEx_def) apply (case_tac " GF F C ex' \ set (foldE (\(ex, as). as @ heapEx ex) op @ [] expr1)") apply simp apply (erule exE | erule conjE)+ apply (rule_tac x="as" in exI) apply (rule_tac x="bs" in exI) apply (rule conjI) apply (rule_tac x="cs @ foldE (\(ex, as). as @ heapEx ex) op @ [] expr2 " in exI) apply simp apply simp apply simp apply (erule exE | erule conjE)+ apply (rule_tac x="foldE (\(ex, as). as @ heapEx ex) op @ [] expr1 @ as" in exI) apply (rule_tac x="bs" in exI) apply (rule conjI) apply (rule_tac x="cs" in exI) apply simp apply simp --{* Neg expr *} apply (simp add: getHeapEx_def) --{* Imp expr1 expr2 *} apply (rule impI) apply (simp add: getHeapEx_def) apply (case_tac " GF F C ex' \ set (foldE (\(ex, as). as @ heapEx ex) op @ [] expr1)") apply simp apply (erule exE | erule conjE)+ apply (rule_tac x="as" in exI) apply (rule_tac x="bs" in exI) apply (rule conjI) apply (rule_tac x="cs @ foldE (\(ex, as). as @ heapEx ex) op @ [] expr2 " in exI) apply simp apply simp apply simp apply (erule exE | erule conjE)+ apply (rule_tac x="foldE (\(ex, as). as @ heapEx ex) op @ [] expr1 @ as" in exI) apply (rule_tac x="bs" in exI) apply (rule conjI) apply (rule_tac x="cs" in exI) apply simp apply simp --{* Forall nat expr *} apply (simp add: getHeapEx_def) --{* Ty expr ty *} apply (simp add: getHeapEx_def) apply (rule impI) apply (drule mp, assumption) apply (erule exE | erule conjE)+ apply (rule_tac x="as" in exI) apply (rule_tac x="bs" in exI) apply (rule conjI) apply (rule_tac x="cs @ [TY expr ty]" in exI) apply simp apply simp --{* Pos x *} apply (simp add: getHeapEx_def) --{* Call expr *} apply (simp add: getHeapEx_def) --{* Catch expr *} apply (simp add: getHeapEx_def) --{* And (ex es) *} apply (rule impI) apply (simp add: getHeapEx_def) apply (case_tac " GF F C ex' \ set (foldE (\(ex, as). as @ heapEx ex) op @ [] ex)") apply (drule mp, assumption) apply (erule exE | erule conjE)+ apply (rule_tac x="as" in exI) apply (rule_tac x="bs" in exI) apply (rule conjI) apply (rule_tac x="cs @ foldEs (\(ex, as). as @ heapEx ex) op @ [] es" in exI) apply simp apply simp apply simp apply (erule exE | erule conjE)+ apply (rule_tac x="foldE (\(ex, as). as @ heapEx ex) op @ [] ex @ as" in exI) apply (rule_tac x="bs" in exI) apply (rule conjI) apply (rule_tac x="cs" in exI) apply simp apply simp --{* And [] *} apply (simp add: getHeapEx_def) done (*>*) lemma getHeapEx_TY_comp: "TY ex' ty' \ set (getHeapEx ex) \ \as bs cs. getHeapEx ex = as @ (getHeapEx ex') @ bs @ [TY ex' ty'] @ cs \ (TY ex' ty') \ set (as @ (getHeapEx ex') @ bs)" (*<*) apply (erule rev_mp) apply (rule_tac expr="ex" in expr_induct') --{* Rg nat *} apply (simp add: getHeapEx_def) --{* St nat *} apply (simp add: getHeapEx_def) --{* Lv nat *} apply (simp add: getHeapEx_def) --{* Cn val *} apply (simp add: getHeapEx_def) --{* NewA n *} apply (simp add: getHeapEx_def) --{* Gf list1 list2 expr*} apply (simp add: getHeapEx_def) apply (rule impI) apply (drule mp, assumption) apply (erule exE | erule conjE)+ apply (rule_tac x="as" in exI) apply (rule_tac x="bs" in exI) apply (rule conjI) apply (rule_tac x="cs @ [GF list1 list2 expr]" in exI) apply simp apply simp --{* FrNr *} apply (simp add: getHeapEx_def) --{* Num expr1 numop expr2 *} apply (rule impI) apply (simp add: getHeapEx_def) apply (case_tac " TY ex' ty' \ set (foldE (\(ex, as). as @ heapEx ex) op @ [] expr1)") apply simp apply (erule exE | erule conjE)+ apply (rule_tac x="as" in exI) apply (rule_tac x="bs" in exI) apply (rule conjI) apply (rule_tac x="cs @ foldE (\(ex, as). as @ heapEx ex) op @ [] expr2 " in exI) apply simp apply simp apply simp apply (erule exE | erule conjE)+ apply (rule_tac x="foldE (\(ex, as). as @ heapEx ex) op @ [] expr1 @ as" in exI) apply (rule_tac x="bs" in exI) apply (rule conjI) apply (rule_tac x="cs" in exI) apply simp apply simp --{* Rel expr1 relop expr2 *} apply (rule impI) apply (simp add: getHeapEx_def) apply (case_tac " TY ex' ty' \ set (foldE (\(ex, as). as @ heapEx ex) op @ [] expr1)") apply simp apply (erule exE | erule conjE)+ apply (rule_tac x="as" in exI) apply (rule_tac x="bs" in exI) apply (rule conjI) apply (rule_tac x="cs @ foldE (\(ex, as). as @ heapEx ex) op @ [] expr2 " in exI) apply simp apply simp apply simp apply (erule exE | erule conjE)+ apply (rule_tac x="foldE (\(ex, as). as @ heapEx ex) op @ [] expr1 @ as" in exI) apply (rule_tac x="bs" in exI) apply (rule conjI) apply (rule_tac x="cs" in exI) apply simp apply simp --{* IF expr1 THEN expr2 ELSE expr3 *} apply (rule impI) apply (simp add: getHeapEx_def) apply (case_tac "TY ex' ty' \ set (foldE (\(ex, as). as @ heapEx ex) op @ [] expr1) ") apply (drule mp, assumption) apply (erule exE | erule conjE)+ apply (rule_tac x="as" in exI) apply (rule_tac x="bs" in exI) apply (rule conjI) apply (rule_tac x="cs @ foldE (\(ex, as). as @ heapEx ex) op @ [] expr2 @ foldE (\(ex, as). as @ heapEx ex) op @ [] expr3" in exI) apply simp apply simp apply (case_tac "TY ex' ty' \ set (foldE (\(ex, as). as @ heapEx ex) op @ [] expr2) ") apply (drule mp, assumption) apply (erule exE | erule conjE)+ apply (rule_tac x="foldE (\(ex, as). as @ heapEx ex) op @ [] expr1 @ as" in exI) apply (rule_tac x="bs" in exI) apply (rule conjI) apply (rule_tac x="cs @ foldE (\(ex, as). as @ heapEx ex) op @ [] expr3" in exI) apply simp apply simp apply simp apply (erule exE | erule conjE)+ apply (rule_tac x=" foldE (\(ex, as). as @ heapEx ex) op @ [] expr1 @ foldE (\(ex, as). as @ heapEx ex) op @ [] expr2 @ as" in exI) apply (rule_tac x="bs" in exI) apply (rule conjI) apply (rule_tac x="cs" in exI) apply simp apply simp --{* Eq expr1 expr2 *} apply (rule impI) apply (simp add: getHeapEx_def) apply (case_tac " TY ex' ty' \ set (foldE (\(ex, as). as @ heapEx ex) op @ [] expr1)") apply simp apply (erule exE | erule conjE)+ apply (rule_tac x="as" in exI) apply (rule_tac x="bs" in exI) apply (rule conjI) apply (rule_tac x="cs @ foldE (\(ex, as). as @ heapEx ex) op @ [] expr2 " in exI) apply simp apply simp apply simp apply (erule exE | erule conjE)+ apply (rule_tac x="foldE (\(ex, as). as @ heapEx ex) op @ [] expr1 @ as" in exI) apply (rule_tac x="bs" in exI) apply (rule conjI) apply (rule_tac x="cs" in exI) apply simp apply simp --{* Neg expr *} apply (simp add: getHeapEx_def) --{* Imp expr1 expr2 *} apply (rule impI) apply (simp add: getHeapEx_def) apply (case_tac " TY ex' ty' \ set (foldE (\(ex, as). as @ heapEx ex) op @ [] expr1)") apply simp apply (erule exE | erule conjE)+ apply (rule_tac x="as" in exI) apply (rule_tac x="bs" in exI) apply (rule conjI) apply (rule_tac x="cs @ foldE (\(ex, as). as @ heapEx ex) op @ [] expr2 " in exI) apply simp apply simp apply simp apply (erule exE | erule conjE)+ apply (rule_tac x="foldE (\(ex, as). as @ heapEx ex) op @ [] expr1 @ as" in exI) apply (rule_tac x="bs" in exI) apply (rule conjI) apply (rule_tac x="cs" in exI) apply simp apply simp --{* Forall nat expr *} apply (simp add: getHeapEx_def) --{* Ty expr ty *} apply (rule impI) apply (simp add: getHeapEx_def) apply (case_tac "TY ex' ty' \ set (foldE (\(ex, as). as @ heapEx ex) op @ [] expr)") apply (drule mp, assumption) apply (erule exE | erule conjE)+ apply (rule_tac x="as" in exI) apply (rule_tac x="bs" in exI) apply simp apply simp apply (rule_tac x="[]" in exI) apply (rule_tac x="[]" in exI) apply simp --{* Pos x *} apply (simp add: getHeapEx_def) --{* Call expr *} apply (simp add: getHeapEx_def) --{* Catch expr *} apply (simp add: getHeapEx_def) --{* And (ex es) *} apply (rule impI) apply (simp add: getHeapEx_def) apply (case_tac " TY ex' ty' \ set (foldE (\(ex, as). as @ heapEx ex) op @ [] ex)") apply (drule mp, assumption) apply (erule exE | erule conjE)+ apply (rule_tac x="as" in exI) apply (rule_tac x="bs" in exI) apply (rule conjI) apply (rule_tac x="cs @ foldEs (\(ex, as). as @ heapEx ex) op @ [] es" in exI) apply simp apply simp apply simp apply (erule exE | erule conjE)+ apply (rule_tac x="foldE (\(ex, as). as @ heapEx ex) op @ [] ex @ as" in exI) apply (rule_tac x="bs" in exI) apply (rule conjI) apply (rule_tac x="cs" in exI) apply simp apply simp --{* And [] *} apply (simp add: getHeapEx_def) done (*>*) lemma getHeapEx_mono_GF_GF: "\ GF F'' C'' ex'' \ set (getHeapEx ex'); GF F' C' ex' \ set (getHeapEx ex) \ \ \as bs cs. remdups' (getHeapEx ex) = as@[GF F'' C'' ex'']@bs@[GF F' C' ex']@cs" (*<*) apply (drule_tac ex'="ex'" in getHeapEx_GF_comp) apply (drule in_set_conv_decomp_fst) apply (erule exE | erule conjE)+ apply (simp only:) apply (subgoal_tac "remdups' ((as @ (ys @ GF F'' C'' ex'' # zs) @ bs) @ [GF F' C' ex'] @ cs) = remdups' (as @ (ys @ GF F'' C'' ex'' # zs) @ bs) @ [GF F' C' ex'] @ [b \ remdups' cs. b \ set ((as @ (ys @ GF F'' C'' ex'' # zs) @ bs)@[GF F' C' ex'])]") prefer 2 apply (rule_tac a="GF F' C' ex'" in remdups'_append_fst) apply simp apply simp apply (case_tac " GF F'' C'' ex'' \ set (as @ ys)") apply (drule in_set_conv_decomp_fst) apply (erule exE)+ apply (subgoal_tac "remdups' (ysa @ [ GF F'' C'' ex''] @ (zsa @ GF F'' C'' ex'' # zs @ bs)) = remdups' ysa @ [ GF F'' C'' ex''] @ [b \ remdups' (zsa @ GF F'' C'' ex'' # zs @ bs). b \ set (ysa @ [ GF F'' C'' ex''])]") prefer 2 apply (rule remdups'_append_fst) apply simp apply (subgoal_tac "(as @ ys @ GF F'' C'' ex'' # zs @ bs) = ((as @ ys) @ GF F'' C'' ex'' # zs @ bs)") prefer 2 apply simp apply (simp only:) apply simp apply (rule_tac x="remdups' ysa" in exI) apply (rule_tac x="[b\remdups' (zsa @ GF F'' C'' ex'' # zs @ bs) . b \ GF F'' C'' ex'' \ b \ set ysa]" in exI) apply (rule_tac x="[b\remdups' cs . b \ GF F'' C'' ex'' \ b \ GF F' C' ex' \ b \ set as \ b \ set ys \ b \ set zs \ b \ set bs]" in exI) apply (simp only:) apply (subgoal_tac "remdups' ((as @ ys) @ [ GF F'' C'' ex''] @ (zs @ bs)) = remdups' (as @ ys) @ [ GF F'' C'' ex''] @ [b \ remdups' (zs @ bs). b \ set ((as @ ys) @ [ GF F'' C'' ex''])]") prefer 2 apply (rule remdups'_append_fst) apply assumption apply (subgoal_tac "(as @ ys @ GF F'' C'' ex'' # zs @ bs) = ((as @ ys) @ [ GF F'' C'' ex''] @ (zs @ bs))") prefer 2 apply simp apply (simp only:) apply (rule_tac x="remdups' (as @ ys)" in exI) apply (rule_tac x="[b\remdups' (zs @ bs) . b \ set ((as @ ys) @ [GF F'' C'' ex''])]" in exI) apply (rule_tac x="[b\remdups' cs . b \ GF F'' C'' ex'' \ b \ GF F' C' ex' \ b \ set as \ b \ set ys \ b \ set zs \ b \ set bs]" in exI) apply (simp (no_asm)) done (*>*) lemma getHeapEx_mono_GF_TY: "\ GF F'' C'' ex'' \ set (getHeapEx ex'); TY ex' ty \ set (getHeapEx ex) \ \ \as bs cs. remdups' (getHeapEx ex) = as@[GF F'' C'' ex'']@bs@[TY ex' ty]@cs" (*<*) apply (drule_tac ex'="ex'" in getHeapEx_TY_comp) apply (drule in_set_conv_decomp_fst) apply (erule exE | erule conjE)+ apply (simp only:) apply (subgoal_tac "remdups' ((as @ (ys @ GF F'' C'' ex'' # zs) @ bs) @ [TY ex' ty] @ cs) = remdups' (as @ (ys @ GF F'' C'' ex'' # zs) @ bs) @ [TY ex' ty] @ [b \ remdups' cs. b \ set ((as @ (ys @ GF F'' C'' ex'' # zs) @ bs)@[TY ex' ty])]") prefer 2 apply (rule_tac a="TY ex' ty" in remdups'_append_fst) apply simp apply simp apply (case_tac " GF F'' C'' ex'' \ set (as @ ys)") apply (drule in_set_conv_decomp_fst) apply (erule exE)+ apply (subgoal_tac "remdups' (ysa @ [ GF F'' C'' ex''] @ (zsa @ GF F'' C'' ex'' # zs @ bs)) = remdups' ysa @ [ GF F'' C'' ex''] @ [b \ remdups' (zsa @ GF F'' C'' ex'' # zs @ bs). b \ set (ysa @ [ GF F'' C'' ex''])]") prefer 2 apply (rule remdups'_append_fst) apply simp apply (subgoal_tac "(as @ ys @ GF F'' C'' ex'' # zs @ bs) = ((as @ ys) @ GF F'' C'' ex'' # zs @ bs)") prefer 2 apply simp apply (simp only:) apply simp apply (rule_tac x="remdups' ysa" in exI) apply (rule_tac x="[b\remdups' (zsa @ GF F'' C'' ex'' # zs @ bs) . b \ GF F'' C'' ex'' \ b \ set ysa]" in exI) apply (rule_tac x="[b\remdups' cs . b \ GF F'' C'' ex'' \ b \ TY ex' ty \ b \ set as \ b \ set ys \ b \ set zs \ b \ set bs]" in exI) apply (simp only:) apply (subgoal_tac "remdups' ((as @ ys) @ [ GF F'' C'' ex''] @ (zs @ bs)) = remdups' (as @ ys) @ [ GF F'' C'' ex''] @ [b \ remdups' (zs @ bs). b \ set ((as @ ys) @ [ GF F'' C'' ex''])]") prefer 2 apply (rule remdups'_append_fst) apply assumption apply (subgoal_tac "(as @ ys @ GF F'' C'' ex'' # zs @ bs) = ((as @ ys) @ [ GF F'' C'' ex''] @ (zs @ bs))") prefer 2 apply simp apply (simp only:) apply (rule_tac x="remdups' (as @ ys)" in exI) apply (rule_tac x="[b\remdups' (zs @ bs) . b \ set ((as @ ys) @ [GF F'' C'' ex''])]" in exI) apply (rule_tac x="[b\remdups' cs . b \ GF F'' C'' ex'' \ b \ TY ex' ty \ b \ set as \ b \ set ys \ b \ set zs \ b \ set bs]" in exI) apply (simp (no_asm)) done (*>*) lemma getHeapEx_mono_TY_GF: "\ TY ex'' ty'' \ set (getHeapEx ex'); GF F' C' ex' \ set (getHeapEx ex) \ \ \as bs cs. remdups' (getHeapEx ex) = as@[TY ex'' ty'']@bs@[GF F' C' ex']@cs" (*<*) apply (drule_tac ex'="ex'" in getHeapEx_GF_comp) apply (drule in_set_conv_decomp_fst) apply (erule exE | erule conjE)+ apply (simp only:) apply (subgoal_tac "remdups' ((as @ (ys @ TY ex'' ty'' # zs) @ bs) @ [GF F' C' ex'] @ cs) = remdups' (as @ (ys @ TY ex'' ty'' # zs) @ bs) @ [GF F' C' ex'] @ [b \ remdups' cs. b \ set ((as @ (ys @ TY ex'' ty'' # zs) @ bs)@[GF F' C' ex'])]") prefer 2 apply (rule_tac a="GF F' C' ex'" in remdups'_append_fst) apply simp apply simp apply (case_tac " TY ex'' ty'' \ set (as @ ys)") apply (drule in_set_conv_decomp_fst) apply (erule exE)+ apply (subgoal_tac "remdups' (ysa @ [ TY ex'' ty''] @ (zsa @ TY ex'' ty'' # zs @ bs)) = remdups' ysa @ [ TY ex'' ty''] @ [b \ remdups' (zsa @ TY ex'' ty'' # zs @ bs). b \ set (ysa @ [ TY ex'' ty''])]") prefer 2 apply (rule remdups'_append_fst) apply simp apply (subgoal_tac "(as @ ys @ TY ex'' ty'' # zs @ bs) = ((as @ ys) @ TY ex'' ty'' # zs @ bs)") prefer 2 apply simp apply (simp only:) apply simp apply (rule_tac x="remdups' ysa" in exI) apply (rule_tac x="[b\remdups' (zsa @ TY ex'' ty'' # zs @ bs) . b \ TY ex'' ty'' \ b \ set ysa]" in exI) apply (rule_tac x="[b\remdups' cs . b \ TY ex'' ty'' \ b \ GF F' C' ex' \ b \ set as \ b \ set ys \ b \ set zs \ b \ set bs]" in exI) apply (simp only:) apply (subgoal_tac "remdups' ((as @ ys) @ [ TY ex'' ty''] @ (zs @ bs)) = remdups' (as @ ys) @ [ TY ex'' ty''] @ [b \ remdups' (zs @ bs). b \ set ((as @ ys) @ [ TY ex'' ty''])]") prefer 2 apply (rule remdups'_append_fst) apply assumption apply (subgoal_tac "(as @ ys @ TY ex'' ty'' # zs @ bs) = ((as @ ys) @ [ TY ex'' ty''] @ (zs @ bs))") prefer 2 apply simp apply (simp only:) apply (rule_tac x="remdups' (as @ ys)" in exI) apply (rule_tac x="[b\remdups' (zs @ bs) . b \ set ((as @ ys) @ [TY ex'' ty''])]" in exI) apply (rule_tac x="[b\remdups' cs . b \ TY ex'' ty'' \ b \ GF F' C' ex' \ b \ set as \ b \ set ys \ b \ set zs \ b \ set bs]" in exI) apply (simp (no_asm)) done (*>*) lemma getHeapEx_mono_TY_TY: "\ TY ex'' ty'' \ set (getHeapEx ex'); TY ex' ty' \ set (getHeapEx ex) \ \ \as bs cs. remdups' (getHeapEx ex) = as@[TY ex'' ty'']@bs@[TY ex' ty']@cs" (*<*) apply (drule_tac ex'="ex'" in getHeapEx_TY_comp) apply (drule in_set_conv_decomp_fst) apply (erule exE | erule conjE)+ apply (simp only:) apply (subgoal_tac "remdups' ((as @ (ys @ TY ex'' ty'' # zs) @ bs) @ [TY ex' ty'] @ cs) = remdups' (as @ (ys @ TY ex'' ty'' # zs) @ bs) @ [TY ex' ty'] @ [b \ remdups' cs. b \ set ((as @ (ys @ TY ex'' ty'' # zs) @ bs)@[TY ex' ty'])]") prefer 2 apply (rule_tac a="TY ex' ty'" in remdups'_append_fst) apply simp apply simp apply (case_tac " TY ex'' ty'' \ set (as @ ys)") apply (drule in_set_conv_decomp_fst) apply (erule exE)+ apply (subgoal_tac "remdups' (ysa @ [ TY ex'' ty''] @ (zsa @ TY ex'' ty'' # zs @ bs)) = remdups' ysa @ [ TY ex'' ty''] @ [b \ remdups' (zsa @ TY ex'' ty'' # zs @ bs). b \ set (ysa @ [ TY ex'' ty''])]") prefer 2 apply (rule remdups'_append_fst) apply simp apply (subgoal_tac "(as @ ys @ TY ex'' ty'' # zs @ bs) = ((as @ ys) @ TY ex'' ty'' # zs @ bs)") prefer 2 apply simp apply (simp only:) apply simp apply (rule_tac x="remdups' ysa" in exI) apply (rule_tac x="[b\remdups' (zsa @ TY ex'' ty'' # zs @ bs) . b \ TY ex'' ty'' \ b \ set ysa]" in exI) apply (rule_tac x="[b\remdups' cs . b \ TY ex'' ty'' \ b \ TY ex' ty' \ b \ set as \ b \ set ys \ b \ set zs \ b \ set bs]" in exI) apply (simp only:) apply (subgoal_tac "remdups' ((as @ ys) @ [ TY ex'' ty''] @ (zs @ bs)) = remdups' (as @ ys) @ [ TY ex'' ty''] @ [b \ remdups' (zs @ bs). b \ set ((as @ ys) @ [ TY ex'' ty''])]") prefer 2 apply (rule remdups'_append_fst) apply assumption apply (subgoal_tac "(as @ ys @ TY ex'' ty'' # zs @ bs) = ((as @ ys) @ [ TY ex'' ty''] @ (zs @ bs))") prefer 2 apply simp apply (simp only:) apply (rule_tac x="remdups' (as @ ys)" in exI) apply (rule_tac x="[b\remdups' (zs @ bs) . b \ set ((as @ ys) @ [TY ex'' ty''])]" in exI) apply (rule_tac x="[b\remdups' cs . b \ TY ex'' ty'' \ b \ TY ex' ty' \ b \ set as \ b \ set ys \ b \ set zs \ b \ set bs]" in exI) apply (simp (no_asm)) done (*>*) (*<*) lemmas fms = lookup_lst lookup_map l2o.simps o2l.simps l2o_o2l split_def map_if_notin map_if_notin_pair lookup_concat_map_if del_append (*>*) (*<*) declare forall_expand[simp] (*>*) section {* Simulation between wpF and effS. *} lemma effS_wpF_Load: assumes wf_Pi: "wf \" assumes handlesEx: "handlesEx (fst \) p' = None" assumes cmd_p: "cmd \ p = Some i" assumes p_domC: "p \ set (domC \)" assumes i_def: "i = Load n" assumes i_instr: "instrs_of P C M ! pc = i" assumes s_def: "s = (p,\,e)" assumes p_def: "p = (C,M,pc)" assumes sigma_def: "\ = (None,h,(stk,loc,p)#frs)" assumes s'_def: "s' = (p',\',e')" assumes sigma'_def: "\' = (None,h,fr'#frs')" assumes e'_def: "e' = e\cs := if \M n. i = Invoke M n then h # cs e else if i = Return then tl (cs e) else cs e\" assumes p'_def: "p' = snd (snd fr')" assumes p'_domC: "p' \ set (domC \)" assumes check_i: "check_instr' i P h stk loc C M pc frs" assumes exec_i : "exec_instr i P h stk loc C M pc frs = \'" assumes Pi_def: "\ = (P,An)" shows "\ I. evalE \ (p,\,e\lv:=I\) (wpF \ p p' Q) = evalE \ (p',\',e'\lv:=I\) Q" (*<*) proof - from handlesEx cmd_p i_def show ?thesis apply - apply (simp only: wpF_Load) --{* induction preparation *} apply (subgoal_tac "\Q'. Q = Q'") prefer 2 apply fastsimp apply (erule exE) apply (subgoal_tac "\em. substE em Q = substE em Q'") prefer 2 apply simp apply (subgoal_tac "\ I. evalE \ (p', \', e'\lv:=I\) Q = evalE \ (p', \', e'\lv:=I\) Q'") prefer 2 apply simp apply (subgoal_tac "Q' \ set (subExpr Q)") prefer 2 apply (simp add: getExpr_refl) apply (erule_tac V="Q = Q'" in thin_rl) apply (simp only:) apply (erule_tac V="\em. substE em Q = substE em Q'" in thin_rl) apply (erule_tac V="\I. evalE \ (p', \', e'\lv:=I\) Q = evalE \ (p', \', e'\lv:=I\) Q'" in thin_rl) apply (erule_tac P="Q' \ set (subExpr Q)" in rev_mp) apply (erule thin_rl)+ apply (cut_tac exec_i[THEN sym] sigma'_def i_def sigma_def check_i p'_def e'_def) --{* induction on Q' *} apply (rule_tac expr="Q'" in expr_induct) --{* Rg *} apply (rule impI, rule allI) apply (drule subExpr_rgIds) apply (drule in_set_conv_decomp_fst) apply (erule exE | erule conjE)+ apply (simp add: fms map_if_notin id_lookup_def) --{* St *} apply (rule impI, rule allI) apply (drule subExpr_stkIds) apply (drule_tac xs="stkIds Q" in in_set_conv_decomp_fst) apply (erule exE | erule conjE)+ apply (simp add: fms map_if_notin id_lookup_def) apply (rule impI) apply (case_tac "nat") apply simp apply simp --{* Lv *} apply (simp add: fms map_if_notin id_lookup_def) --{* Cn *} apply (simp add: fms map_if_notin id_lookup_def) --{* NewA *} apply (simp add: fms map_if_notin id_lookup_def) --{* Gf list1 list2 expr *} apply (rule impI) apply (subgoal_tac "expr \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Gf list1 list2 expr" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (simp add: fms map_if_notin id_lookup_def split add: val.split) --{* FrNr *} apply (simp add: fms map_if_notin id_lookup_def) --{* Num expr1 num_op epxr2 *} apply (rule impI) apply (subgoal_tac "expr1 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Num expr1 num_op expr2" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (subgoal_tac "expr2 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Num expr1 num_op expr2" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (simp add: fms map_if_notin id_lookup_def) --{* Rel expr1 rel_op expr2 *} apply (rule impI) apply (subgoal_tac "expr1 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Rel expr1 rel_op expr2" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (subgoal_tac "expr2 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Rel expr1 rel_op expr2" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (simp add: fms map_if_notin id_lookup_def) --{* IF expr1 THEN expr2 ELSE expr3 *} apply (rule impI) apply (subgoal_tac "expr1 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="IF expr1 THEN expr2 ELSE expr3" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (subgoal_tac "expr2 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="IF expr1 THEN expr2 ELSE expr3" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (subgoal_tac "expr3 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="IF expr1 THEN expr2 ELSE expr3" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (drule mp,assumption)+ apply (rule allI) apply (erule_tac x="I" in allE)+ apply (simp add: split_def fms map_if_notin id_lookup_def evalE_evalEs.simps substE_substEs.simps split del: split_if add: bool.split option.split) apply (case_tac "evalE \ ((C, M, Suc pc), (None, h, (loc ! n # stk, loc, C, M, Suc pc) # frs), e\lv := I\) expr1 = \Bool True\") apply simp apply simp --{* Eq expr1 expr2 *} apply (rule impI) apply (subgoal_tac "expr1 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Eq expr1 expr2" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (subgoal_tac "expr2 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Eq expr1 expr2" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (simp add: fms map_if_notin id_lookup_def) --{* Neg expr *} apply (rule impI) apply (subgoal_tac "expr \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Neg expr" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (simp add: fms map_if_notin id_lookup_def) --{* Imp expr1 expr2 *} apply (rule impI) apply (subgoal_tac "expr1 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Imp expr1 expr2" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (subgoal_tac "expr2 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Imp expr1 expr2" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (simp add: fms map_if_notin id_lookup_def) --{* Forall nat expr *} apply (rule impI) apply (subgoal_tac "expr \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Forall nat expr" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (simp add: fms map_if_notin id_lookup_def split del: split_if) --{* Ty expr ty*} apply (rule impI) apply (subgoal_tac "expr \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Ty expr ty" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (simp add: Let_def split_def fms map_if_notin id_lookup_def split add: val.split) --{* Pos x *} apply (rule impI, rule allI) apply (subgoal_tac "x \ set (getPosEx Q)") prefer 2 apply (rule subExpr_getPosEx) apply assumption apply (drule_tac xs="getPosEx Q" in in_set_conv_decomp_fst) apply (erule exE |erule conjE)+ apply (simp add: p_def fms map_if_notin id_lookup_def add: callers_sysinv_trans del: callers_sysinv.simps) apply (case_tac "frs") apply (cut_tac p'_domC) apply (cut_tac p_domC) apply (cut_tac p_def) apply simp apply (cut_tac p'_domC) apply (cut_tac p_domC) apply (cut_tac p_def) apply (simp add: callers_simps) --{* Call *} apply (rule impI,rule allI) apply (simp add: Let_def split_def fms map_if_notin id_lookup_def) apply (rule impI) apply (simp only: neq_Nil_conv) apply (erule exE)+ apply (simp (no_asm_simp) add: split_paired_all env_upd_cs) --{* Catch *} apply (rule impI,rule allI) apply (simp add: Let_def split_def fms map_if_notin id_lookup_def) apply (rule impI) apply (simp only: neq_Nil_conv) apply (erule exE)+ apply (simp (no_asm_simp) add: split_paired_all env_upd_cs) --{* And es *} apply (rule impI, rule allI) apply (simp add: evalE_And fms map_if_notin id_lookup_def del: evalE_evalEs.simps split del: split_if) apply (rule iffI) apply (rule ballI) apply (erule_tac x="ex" in ballE) apply (erule_tac x="(substE (map (\q. (Pos q, if q = (C, M, Suc pc) then Pos p else FF)) (getPosEx Q) @ map (\k. (St k, if k = 0 then Rg n else St (k - 1))) (stkIds Q)) ex)" in ballE) apply (subgoal_tac "ex \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="And es" in subExpr_Gf) apply assumption apply (simp add: parts.simps) apply (simp add: substEs_map) apply (simp add: substEs_map) apply (simp only:) apply (rule ballI) apply (simp add: substEs_map image_iff) apply (erule bexE) apply (erule_tac x="x" in ballE) apply (erule_tac x="x" in ballE) apply (subgoal_tac "x \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="And es" in subExpr_Gf) apply assumption apply (simp (no_asm_simp) add: parts.simps) apply simp apply (simp only:) apply (simp only:) done qed (*>*) lemma effS_wpF_Store: assumes i_def: "i = Store n" assumes wf_Pi: "wf \" assumes handlesEx: "handlesEx (fst \) p' = None" assumes cmd_p: "cmd \ p = Some i" assumes p_domC: "p \ set (domC \)" assumes i_instr: "instrs_of P C M ! pc = i" assumes s_def: "s = (p,\,e)" assumes p_def: "p = (C,M,pc)" assumes sigma_def: "\ = (None,h,(stk,loc,p)#frs)" assumes s'_def: "s' = (p',\',e')" assumes sigma'_def: "\' = (None,h,fr'#frs')" assumes e'_def: "e' = e\cs := if \M n. i = Invoke M n then h # cs e else if i = Return then tl (cs e) else cs e\" assumes p'_def: "p' = snd (snd fr')" assumes check_i: "check_instr' i P h stk loc C M pc frs" assumes exec_i : "exec_instr i P h stk loc C M pc frs = \'" assumes Pi_def: "\ = (P,An)" shows "\ I. evalE \ (p,\,e\lv:=I\) (wpF \ p p' Q) = evalE \ (p',\',e'\lv:=I\) Q" (*<*) proof - from handlesEx cmd_p i_def show ?thesis apply - apply (simp only: wpF_Store) --{* induction preparation *} apply (subgoal_tac "\Q'. Q = Q'") prefer 2 apply fastsimp apply (erule exE) apply (subgoal_tac "\em. substE em Q = substE em Q'") prefer 2 apply simp apply (subgoal_tac "\ I. evalE \ (p', \', e'\lv:=I\) Q = evalE \ (p', \', e'\lv:=I\) Q'") prefer 2 apply simp apply (subgoal_tac "Q' \ set (subExpr Q)") prefer 2 apply (simp add: getExpr_refl) apply (erule_tac V="Q = Q'" in thin_rl) apply (simp only:) apply (erule_tac V="\em. substE em Q = substE em Q'" in thin_rl) apply (erule_tac V="\I. evalE \ (p', \', e'\lv:=I\) Q = evalE \ (p', \', e'\lv:=I\) Q'" in thin_rl) apply (erule_tac P="Q' \ set (subExpr Q)" in rev_mp) apply (erule thin_rl)+ apply (cut_tac exec_i[THEN sym] sigma'_def i_def sigma_def check_i p'_def e'_def) --{* induction on Q' *} apply (rule_tac expr="Q'" in expr_induct) --{* Rg *} apply (rule impI, rule allI) apply (drule subExpr_rgIds) apply (drule in_set_conv_decomp_fst) apply (erule exE | erule conjE)+ apply (simp add: fms map_if_notin id_lookup_def) apply (case_tac "n = nat") apply (simp add: neq_Nil_conv) apply (erule exE | erule conjE)+ apply simp --{* n ~= nat *} apply (simp add: fms) --{* St *} apply (rule impI, rule allI) apply (drule subExpr_stkIds) apply (drule_tac xs="stkIds Q" in in_set_conv_decomp_fst) apply (erule exE | erule conjE)+ apply (simp add: fms map_if_notin id_lookup_def neq_Nil_conv) apply (erule exE | erule conjE)+ apply (case_tac "nat") apply simp apply simp --{* Lv *} apply (simp add: fms map_if_notin id_lookup_def) --{* Cn *} apply (simp add: fms map_if_notin id_lookup_def) --{* NewA *} apply (simp add: fms map_if_notin id_lookup_def) --{* Gf list1 list2 expr *} apply (rule impI) apply (subgoal_tac "expr \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Gf list1 list2 expr" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (simp add: fms map_if_notin id_lookup_def split add: val.splits) --{* FrNr *} apply (simp add: fms map_if_notin id_lookup_def) --{* Num expr1 num_op epxr2 *} apply (rule impI) apply (subgoal_tac "expr1 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Num expr1 num_op expr2" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (subgoal_tac "expr2 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Num expr1 num_op expr2" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (simp add: fms map_if_notin id_lookup_def) --{* Rel expr1 rel_op expr2 *} apply (rule impI) apply (subgoal_tac "expr1 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Rel expr1 rel_op expr2" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (subgoal_tac "expr2 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Rel expr1 rel_op expr2" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (simp add: fms map_if_notin id_lookup_def) --{* IF expr1 THEN expr2 ELSE expr3 *} apply (rule impI) apply (subgoal_tac "expr1 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="IF expr1 THEN expr2 ELSE expr3" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (subgoal_tac "expr2 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="IF expr1 THEN expr2 ELSE expr3" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (subgoal_tac "expr3 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="IF expr1 THEN expr2 ELSE expr3" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (drule mp,assumption)+ apply (simp add: split_def fms map_if_notin id_lookup_def evalE_evalEs.simps substE_substEs.simps split del: split_if add: bool.split ) apply (rule allI) apply (erule_tac x="I" in allE)+ apply (case_tac "evalE \ ((C, M, Suc pc), (None, h, (tl stk, loc[n := hd stk], C, M, Suc pc) # frs), e\lv := I\) expr1 = \Bool True\") apply simp apply simp --{* Eq expr1 expr2 *} apply (rule impI) apply (subgoal_tac "expr1 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Eq expr1 expr2" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (subgoal_tac "expr2 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Eq expr1 expr2" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (simp add: fms map_if_notin id_lookup_def) --{* Neg expr *} apply (rule impI) apply (subgoal_tac "expr \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Neg expr" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (simp add: fms map_if_notin id_lookup_def) --{* Imp expr1 expr2 *} apply (rule impI) apply (subgoal_tac "expr1 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Imp expr1 expr2" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (subgoal_tac "expr2 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Imp expr1 expr2" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (simp add: fms map_if_notin id_lookup_def) --{* Forall nat expr *} apply (rule impI) apply (subgoal_tac "expr \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Forall nat expr" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (simp add: fms map_if_notin id_lookup_def split del: split_if) --{* Ty expr ty*} apply (rule impI) apply (subgoal_tac "expr \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Ty expr ty" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (simp add: Let_def split_def fms map_if_notin id_lookup_def split add: val.split) --{* Pos x *} apply (rule impI, rule allI) apply (subgoal_tac "x \ set (getPosEx Q)") prefer 2 apply (rule subExpr_getPosEx) apply assumption apply (drule_tac xs="getPosEx Q" in in_set_conv_decomp_fst) apply (erule exE |erule conjE)+ apply (simp add: fms map_if_notin id_lookup_def) apply (rule impI) apply (subgoal_tac "p' mem domC \") prefer 2 apply (cut_tac wf_Pi) apply (cut_tac p_domC) apply (cut_tac p_def) apply (cut_tac cmd_p) apply (simp only: in_set_conv_decomp) apply (erule exE)+ apply (simp add: incA_def wf_def checkPos_split succsNormal_def split add: split_if_asm) apply (cut_tac p_domC) apply (case_tac "frs") apply (simp add: p_def mem_iff) apply (simp add: p_def mem_iff split_def callers_simps) --{* Call *} apply (rule impI,rule allI) apply (simp add: Let_def split_def fms map_if_notin id_lookup_def) apply (rule impI) apply (simp only: neq_Nil_conv) apply (erule exE)+ apply (simp (no_asm_simp) add: split_paired_all env_upd_cs) --{* Catch *} apply (rule impI,rule allI) apply (simp add: Let_def split_def fms map_if_notin id_lookup_def) apply (rule impI) apply (simp only: neq_Nil_conv) apply (erule exE)+ apply (simp (no_asm_simp) add: split_paired_all env_upd_cs) --{* And es *} apply (rule impI, rule allI) apply (simp add: evalE_And fms map_if_notin id_lookup_def del: evalE_evalEs.simps split del: split_if) apply (rule iffI) apply (rule ballI) apply (erule_tac x="ex" in ballE) apply (erule_tac x="(substE (map (\q. (Pos q, if q = (C, M, Suc pc) then Pos p else FF)) (getPosEx Q) @ (Rg n, St 0) # map (\k. (St k, St (Suc k))) (stkIds Q)) ex)" in ballE) apply (subgoal_tac "ex \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="And es" in subExpr_Gf) apply assumption apply (simp add: parts.simps) apply (simp add: substEs_map) apply (simp add: substEs_map) apply (simp only:) apply (rule ballI) apply (simp add: substEs_map image_iff) apply (erule bexE) apply (erule_tac x="x" in ballE) apply (erule_tac x="x" in ballE) apply (subgoal_tac "x \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="And es" in subExpr_Gf) apply assumption apply (simp (no_asm_simp) add: parts.simps) apply simp apply (simp only:) apply (simp only:) done qed (*>*) lemma effS_wpF_Push: assumes i_def: "i = Push v" assumes wf_Pi: "wf \" assumes handlesEx: "handlesEx (fst \) p' = None" assumes cmd_p: "cmd \ p = Some i" assumes p_domC: "p \ set (domC \)" assumes i_instr: "instrs_of P C M ! pc = i" assumes s_def: "s = (p,\,e)" assumes p_def: "p = (C,M,pc)" assumes sigma_def: "\ = (None,h,(stk,loc,p)#frs)" assumes s'_def: "s' = (p',\',e')" assumes sigma'_def: "\' = (None,h,fr'#frs')" assumes e'_def: "e' = e\cs := if \M n. i = Invoke M n then h # cs e else if i = Return then tl (cs e) else cs e\" assumes p'_def: "p' = snd (snd fr')" assumes check_i: "check_instr' i P h stk loc C M pc frs" assumes exec_i : "exec_instr i P h stk loc C M pc frs = \'" assumes Pi_def: "\ = (P,An)" shows "\ I. evalE \ (p,\,e\lv:=I\) (wpF \ p p' Q) = evalE \ (p',\',e'\lv:=I\) Q" (*<*) proof - from handlesEx cmd_p i_def show ?thesis apply - apply (simp only: wpF_Push) --{* induction preparation *} apply (subgoal_tac "\Q'. Q = Q'") prefer 2 apply fastsimp apply (erule exE) apply (subgoal_tac "\em. substE em Q = substE em Q'") prefer 2 apply simp apply (subgoal_tac "\ I. evalE \ (p', \', e'\lv:=I\) Q = evalE \ (p', \', e'\lv:=I\) Q'") prefer 2 apply simp apply (subgoal_tac "Q' \ set (subExpr Q)") prefer 2 apply (simp add: getExpr_refl) apply (erule_tac V="Q = Q'" in thin_rl) apply (simp only:) apply (erule_tac V="\em. substE em Q = substE em Q'" in thin_rl) apply (erule_tac V="\I. evalE \ (p', \', e'\lv:=I\) Q = evalE \ (p', \', e'\lv:=I\) Q'" in thin_rl) apply (erule_tac P="Q' \ set (subExpr Q)" in rev_mp) apply (erule thin_rl)+ apply (cut_tac exec_i[THEN sym] sigma'_def i_def sigma_def check_i p'_def e'_def) --{* induction on Q' *} apply (rule_tac expr="Q'" in expr_induct) --{* Rg *} apply (rule impI, rule allI) apply (drule subExpr_rgIds) apply (drule_tac xs="rgIds Q" in in_set_conv_decomp_fst) apply (erule exE | erule conjE)+ apply (simp add: fms map_if_notin id_lookup_def) --{* St *} apply (rule impI, rule allI) apply (drule subExpr_stkIds) apply (drule_tac xs="stkIds Q" in in_set_conv_decomp_fst) apply (erule exE | erule conjE)+ apply (simp add: fms map_if_notin id_lookup_def) apply (rule impI) apply (case_tac "nat") apply simp apply simp --{* Lv *} apply (simp add: fms map_if_notin id_lookup_def) --{* Cn *} apply (simp add: fms map_if_notin id_lookup_def) --{* NewA *} apply (simp add: fms map_if_notin id_lookup_def) --{* Gf list1 list2 expr *} apply (rule impI) apply (subgoal_tac "expr \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Gf list1 list2 expr" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (simp add: fms map_if_notin id_lookup_def split add: val.split) --{* FrNr *} apply (simp add: fms map_if_notin id_lookup_def) --{* Num expr1 num_op epxr2 *} apply (rule impI) apply (subgoal_tac "expr1 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Num expr1 num_op expr2" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (subgoal_tac "expr2 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Num expr1 num_op expr2" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (simp add: fms map_if_notin id_lookup_def) --{* Rel expr1 rel_op expr2 *} apply (rule impI) apply (subgoal_tac "expr1 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Rel expr1 rel_op expr2" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (subgoal_tac "expr2 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Rel expr1 rel_op expr2" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (simp add: fms map_if_notin id_lookup_def) --{* IF expr1 THEN expr2 ELSE expr3 *} apply (rule impI) apply (subgoal_tac "expr1 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="IF expr1 THEN expr2 ELSE expr3" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (subgoal_tac "expr2 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="IF expr1 THEN expr2 ELSE expr3" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (subgoal_tac "expr3 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="IF expr1 THEN expr2 ELSE expr3" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (drule mp,assumption)+ apply (rule allI)+ apply (erule_tac x="I" in allE)+ apply (simp add: split_def fms map_if_notin id_lookup_def evalE_evalEs.simps substE_substEs.simps split del: split_if add: bool.split ) apply (case_tac "evalE \ ((C, M, Suc pc), (None, h, (v # stk, loc, C, M, Suc pc) # frs), e\lv := I\) expr1 = \Bool True\") apply simp apply simp --{* Eq expr1 expr2 *} apply (rule impI) apply (subgoal_tac "expr1 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Eq expr1 expr2" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (subgoal_tac "expr2 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Eq expr1 expr2" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (simp add: fms map_if_notin id_lookup_def) --{* Neg expr *} apply (rule impI) apply (subgoal_tac "expr \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Neg expr" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (simp add: fms map_if_notin id_lookup_def) --{* Imp expr1 expr2 *} apply (rule impI) apply (subgoal_tac "expr1 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Imp expr1 expr2" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (subgoal_tac "expr2 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Imp expr1 expr2" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (simp add: fms map_if_notin id_lookup_def) --{* Forall nat expr *} apply (rule impI) apply (subgoal_tac "expr \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Forall nat expr" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (simp add: fms map_if_notin id_lookup_def split del: split_if) --{* Ty expr ty*} apply (rule impI) apply (subgoal_tac "expr \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Ty expr ty" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (simp add: Let_def split_def fms map_if_notin id_lookup_def split add: val.split) --{* Pos x *} apply (rule impI, rule allI) apply (subgoal_tac "x \ set (getPosEx Q)") prefer 2 apply (rule subExpr_getPosEx) apply assumption apply (drule_tac xs="getPosEx Q" in in_set_conv_decomp_fst) apply (erule exE |erule conjE)+ apply (subgoal_tac "p' mem domC \") prefer 2 apply (cut_tac wf_Pi) apply (cut_tac p_domC) apply (cut_tac p_def) apply (cut_tac cmd_p) apply (simp only: in_set_conv_decomp) apply (erule exE)+ apply (simp add: incA_def wf_def checkPos_split succsNormal_def split add: split_if_asm) apply (cut_tac p_domC) apply (case_tac "frs") apply (simp add: fms map_if_notin id_lookup_def p_def mem_iff) apply (simp add: fms map_if_notin id_lookup_def p_def mem_iff callers_simps) --{* Call *} apply (rule impI,rule allI) apply (simp add: Let_def split_def fms map_if_notin id_lookup_def) apply (rule impI) apply (simp only: neq_Nil_conv) apply (erule exE)+ apply (simp (no_asm_simp) add: split_paired_all env_upd_cs) --{* Catch *} apply (rule impI,rule allI) apply (simp add: Let_def split_def fms map_if_notin id_lookup_def) apply (rule impI) apply (simp only: neq_Nil_conv) apply (erule exE)+ apply (simp (no_asm_simp) add: split_paired_all env_upd_cs) --{* And es *} apply (rule impI, rule allI) apply (simp add: evalE_And fms map_if_notin id_lookup_def del: evalE_evalEs.simps split del: split_if) apply (rule iffI) apply (rule ballI) apply (erule_tac x="ex" in ballE) apply (erule_tac x="(substE (map (\q. (Pos q, if q = (C, M, Suc pc) then Pos p else FF)) (getPosEx Q) @ map (\k. (St k, if k = 0 then Cn v else St (k - 1))) (stkIds Q)) ex)" in ballE) apply (subgoal_tac "ex \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="And es" in subExpr_Gf) apply assumption apply (simp add: parts.simps) apply (simp add: substEs_map) apply (simp add: substEs_map) apply (simp only:) apply (rule ballI) apply (simp add: substEs_map image_iff) apply (erule bexE) apply (erule_tac x="x" in ballE) apply (erule_tac x="x" in ballE) apply (subgoal_tac "x \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="And es" in subExpr_Gf) apply assumption apply (simp (no_asm_simp) add: parts.simps) apply simp apply (simp only:) apply (simp only:) done qed (*>*) lemma effS_wpF_New: assumes i_def: "i = New Cl" assumes wf_Pi: "wf \" assumes handlesEx: "handlesEx (fst \) p' = None" assumes cmd_p: "cmd \ p = Some i" assumes p_domC: "p \ set (domC \)" assumes i_instr: "instrs_of P C M ! pc = i" assumes s_def: "s = (p,\,e)" assumes p_def: "p = (C,M,pc)" assumes sigma_def: "\ = (None,h,(stk,loc,p)#frs)" assumes s'_def: "s' = (p',\',e')" assumes sigma'_def: "\' = (None,h',fr'#frs')" assumes e'_def: "e' = e\cs := if \M n. i = Invoke M n then h # cs e else if i = Return then tl (cs e) else cs e\" assumes p'_def: "p' = snd (snd fr')" assumes check_i: "check_instr' i P h stk loc C M pc frs" assumes exec_i : "exec_instr i P h stk loc C M pc frs = \'" assumes Pi_def: "\ = (P,An)" shows "\ I. evalE \ (p,\,e\lv:=I\) (wpF \ p p' Q) = evalE \ (p',\',e'\lv:=I\) Q" (*<*) proof - from handlesEx cmd_p i_def show ?thesis apply - apply (simp only: wpF_New) --{* induction preparation *} apply (subgoal_tac "\Q'. Q = Q'") prefer 2 apply fastsimp apply (erule exE) apply (subgoal_tac "\em. substE em Q = substE em Q'") prefer 2 apply simp apply (subgoal_tac "\ I. evalE \ (p', \', e'\lv:=I\) Q = evalE \ (p', \', e'\lv:=I\) Q'") prefer 2 apply simp apply (subgoal_tac "Q' \ set (subExpr Q)") prefer 2 apply (simp add: getExpr_refl) apply (erule_tac V="Q = Q'" in thin_rl) apply (simp only:) apply (erule_tac V="\em. substE em Q = substE em Q'" in thin_rl) apply (erule_tac V="\I. evalE \ (p', \', e'\lv:=I\) Q = evalE \ (p', \', e'\lv:=I\) Q'" in thin_rl) apply (erule_tac P="Q' \ set (subExpr Q)" in rev_mp) apply (erule thin_rl)+ apply (cut_tac exec_i[THEN sym] sigma'_def i_def sigma_def check_i p'_def e'_def p_def Pi_def) --{* induction on Q' *} apply simp apply (rule_tac expr="Q'" in expr_induct) --{* Rg *} apply (rule impI, rule allI) apply (subgoal_tac "\hex \ set (remdups' (getHeapEx Q)). heapEx (Rg nat) \ [hex]") prefer 2 apply simp apply (drule_tac P="fst \" and Cl="Cl" in foldl_map_lookup') apply (simp add: fms map_if_notin id_lookup_def) --{* St *} apply (rule impI, rule allI) apply (subgoal_tac "\hex \ set (remdups' (getHeapEx Q)). heapEx (St nat) \ [hex]") prefer 2 apply simp apply (drule_tac P="fst \" and Cl="Cl" in foldl_map_lookup') apply (drule subExpr_stkIds) apply (drule_tac xs="stkIds Q" in in_set_conv_decomp_fst) apply (erule exE | erule conjE)+ apply (simp add: fms map_if_notin id_lookup_def neq_Nil_conv) apply (case_tac "stk") apply simp apply (case_tac "nat") apply simp apply simp --{* Lv *} apply (rule impI, rule allI) apply (subgoal_tac "\hex \ set (remdups' (getHeapEx Q)). heapEx (Lv nat) \ [hex]") prefer 2 apply simp apply (drule_tac P="fst \" and Cl="Cl" in foldl_map_lookup') apply (simp add: fms map_if_notin id_lookup_def) --{* Cn *} apply (rule impI, rule allI) apply (subgoal_tac "\hex \ set (remdups' (getHeapEx Q)). heapEx (Cn val) \ [hex]") prefer 2 apply simp apply (drule_tac P="fst \" and Cl="Cl" in foldl_map_lookup') apply (simp add: fms map_if_notin id_lookup_def) --{* NewA n*} apply (rule impI, rule allI) apply (subgoal_tac "\hex \ set (remdups' (getHeapEx Q)). heapEx (NewA n) \ [hex]") prefer 2 apply simp apply (drule_tac P="fst \" and Cl="Cl" in foldl_map_lookup') apply (drule subExpr_NewEx) apply (drule_tac xs="getNewEx Q" in in_set_conv_decomp_fst) apply (erule exE | erule conjE)+ apply (simp add: fms map_if_notin id_lookup_def) apply (subgoal_tac "evalNewA (\u. if u = a then \blank P Cl\ else h u) n = evalNewA (h(a \ blank P Cl)) n") prefer 2 apply (induct_tac n) apply simp apply simp apply (erule_tac V="h' = h(a \ blank P Cl)" in thin_rl) apply (simp only:) apply (rule evalNewA_dom) apply (simp add: dom_def mem_Collect_eq) --{* Gf list1 list2 expr *} apply (rule impI, rule allI) apply (frule subExpr_getHeapEx) apply (drule_tac x="GF list1 list2 expr" in in_rd_sp) apply (erule exE | erule conjE)+ apply (subgoal_tac "expr \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Gf list1 list2 expr" in subExpr_Gf) apply assumption apply (simp add: parts.simps) apply (drule mp, assumption) apply (subgoal_tac "\hex \ set as. heapEx (Gf list1 list2 expr) \ [hex]") prefer 2 apply (rule ballI) apply (rule classical) apply (simp add: split_def) apply (drule_tac P="fst \" and Cl="Cl" in foldl_map_lookup') apply (subgoal_tac "\hex \ set bs. heapEx (Gf list1 list2 expr) \ [hex]") prefer 2 apply (rule ballI) apply (rule classical) apply (simp add: split_def) apply (drule_tac P="fst \" and Cl="Cl" in foldl_map_lookup') apply (simp (no_asm_simp) only: evalE_evalEs.simps substE_substEs.simps) apply (subgoal_tac " (substE (foldl (\mp hex. (case hex of GF F C ex \ let ex' = substE mp ex in (Gf F C ex, IF ex' \ NewA 0 THEN Cn (the (snd (blank (fst (P, An)) Cl) (F, C))) ELSE Gf F C ex') | TY ex ty \ let ex' = substE mp ex in (Ty ex ty, IF ex' \ NewA 0 THEN Cn (Bool (Class Cl = ty)) ELSE Ty ex' ty)) # mp) ((Gf list1 list2 expr, IF substE (foldl (\mp hex. (case hex of GF F C ex \ let ex' = substE mp ex in (Gf F C ex, IF ex' \ NewA 0 THEN Cn (the (snd (blank (fst (P, An)) Cl) (F, C))) ELSE Gf F C ex') | TY ex ty \ let ex' = substE mp ex in (Ty ex ty, IF ex' \ NewA 0 THEN Cn (Bool (Class Cl = ty)) ELSE Ty ex' ty)) # mp) (map (\q. (Pos q, if q = (C, M, Suc pc) then Pos p else FF)) (getPosEx Q) @ map (\k. (St k, if k = 0 then NewA 0 else St (k - 1))) (stkIds Q) @ map (\n. (NewA n, NewA (Suc n))) (getNewEx Q)) as) expr \ NewA 0 THEN Cn (the (snd (blank P Cl) (list1, list2))) ELSE Gf list1 list2 (substE (foldl (\mp hex. (case hex of GF F C ex \ let ex' = substE mp ex in (Gf F C ex, IF ex' \ NewA 0 THEN Cn (the (snd (blank (fst (P, An)) Cl) (F, C))) ELSE Gf F C ex') | TY ex ty \ let ex' = substE mp ex in (Ty ex ty, IF ex' \ NewA 0 THEN Cn (Bool (Class Cl = ty)) ELSE Ty ex' ty)) # mp) (map (\q. (Pos q, if q = (C, M, Suc pc) then Pos p else FF)) (getPosEx Q) @ map (\k. (St k, if k = 0 then NewA 0 else St (k - 1))) (stkIds Q) @ map (\n. (NewA n, NewA (Suc n))) (getNewEx Q)) as) expr)) # foldl (\mp hex. (case hex of GF F C ex \ let ex' = substE mp ex in (Gf F C ex, IF ex' \ NewA 0 THEN Cn (the (snd (blank (fst (P, An)) Cl) (F, C))) ELSE Gf F C ex') | TY ex ty \ let ex' = substE mp ex in (Ty ex ty, IF ex' \ NewA 0 THEN Cn (Bool (Class Cl = ty)) ELSE Ty ex' ty)) # mp) (map (\q. (Pos q, if q = (C, M, Suc pc) then Pos p else FF)) (getPosEx Q) @ map (\k. (St k, if k = 0 then NewA 0 else St (k - 1))) (stkIds Q) @ map (\n. (NewA n, NewA (Suc n))) (getNewEx Q)) as) bs) expr) = (substE (foldl (\mp hex. (case hex of GF F C ex \ let ex' = substE mp ex in (Gf F C ex, IF ex' \ NewA 0 THEN Cn (the (snd (blank (fst (P, An)) Cl) (F, C))) ELSE Gf F C ex') | TY ex ty \ let ex' = substE mp ex in (Ty ex ty, IF ex' \ NewA 0 THEN Cn (Bool (Class Cl = ty)) ELSE Ty ex' ty)) # mp) (map (\q. (Pos q, if q = (C, M, Suc pc) then Pos p else FF)) (getPosEx Q) @ map (\k. (St k, if k = 0 then NewA 0 else St (k - 1))) (stkIds Q) @ map (\n. (NewA n, NewA (Suc n))) (getNewEx Q)) as) expr)" ) prefer 2 apply (erule_tac V="\I. ?P I" in thin_rl) apply (erule_tac V="\mp'. ?P mp'" in thin_rl) apply (erule_tac V="\mp'. ?P mp'" in thin_rl) apply (rule substE_eq) apply (subgoal_tac "\expr'. expr = expr'") prefer 2 apply (erule thin_rl)+ apply fastsimp apply (erule exE)+ apply (subgoal_tac "\ em em'. eqExMps em em' expr = eqExMps em em' expr'") prefer 2 apply simp apply (subgoal_tac "expr' \ set (subExpr expr)") prefer 2 apply (simp only:) apply (rule getExpr_refl) apply (erule_tac V="expr = expr'" in thin_rl) apply (simp only:) apply (erule_tac P="expr' \ set (subExpr expr)" in rev_mp) apply (rule_tac expr="expr'" in expr_induct) --{* Rg nat *} apply (subgoal_tac "\ hex\set as. heapEx (Rg nat) \ [hex]") prefer 2 apply simp apply (drule_tac P="fst (P,An)" and Cl="Cl" in foldl_map_lookup') apply (subgoal_tac "\ hex \set bs. heapEx (Rg nat) \ [hex]") prefer 2 apply simp apply (drule_tac P="fst (P,An)" and Cl="Cl" in foldl_map_lookup') apply (simp add: fst_conv eqExMps_def lookup.simps fms) --{* St nat *} apply (subgoal_tac "\hex\set as. heapEx (St nat) \ [hex]") prefer 2 apply simp apply (drule_tac P="fst (P,An)" and Cl="Cl" in foldl_map_lookup') apply (subgoal_tac "\ hex\set bs. heapEx (St nat) \ [hex]") prefer 2 apply simp apply (drule_tac P="fst (P,An)" and Cl="Cl" in foldl_map_lookup') apply (simp add: eqExMps_def lookup.simps fms) --{* Lv nat *} apply (subgoal_tac "\ hex\set as. heapEx (Lv nat) \ [hex]") prefer 2 apply simp apply (drule_tac P="fst (P,An)" and Cl="Cl" in foldl_map_lookup') apply (subgoal_tac "\ hex\set bs. heapEx (Lv nat) \ [hex]") prefer 2 apply simp apply (drule_tac P="fst (P,An)" and Cl="Cl" in foldl_map_lookup') apply (simp add: eqExMps_def lookup.simps fms) --{* Cn val *} apply (subgoal_tac "\ hex\set as. heapEx (Cn val) \ [hex]") prefer 2 apply simp apply (drule_tac P="fst (P,An)" and Cl="Cl" in foldl_map_lookup') apply (subgoal_tac "\ hex\set bs. heapEx (Cn val) \ [hex]") prefer 2 apply simp apply (drule_tac P="fst (P,An)" and Cl="Cl" in foldl_map_lookup') apply (simp add: eqExMps_def lookup.simps fms) --{* NewA *} apply (subgoal_tac "\ hex\set as. heapEx (NewA n) \ [hex]") prefer 2 apply simp apply (drule_tac P="fst (P,An)" and Cl="Cl" in foldl_map_lookup') apply (subgoal_tac "\ hex\set bs. heapEx (NewA n) \ [hex]") prefer 2 apply simp apply (drule_tac P="fst (P,An)" and Cl="Cl" in foldl_map_lookup') apply (simp add: eqExMps_def lookup.simps fms) --{* Gf list1a list2a expra *} apply (rule impI) thm subExpr_getHeapEx apply (frule_tac ex="expra" in subExpr_getHeapEx) apply (subgoal_tac "expra \ set (subExpr expr)") prefer 2 apply (rule_tac ex'="Gf list1a list2a expra" in subExpr_Gf) apply assumption apply (simp add: parts.simps) apply (drule mp, assumption) apply (subgoal_tac "\as' bs' cs'. remdups' (getHeapEx Q) = as'@[GF list1a list2a expra]@bs'@[GF list1 list2 expr]@cs'") prefer 2 apply (rule getHeapEx_mono_GF_GF) apply assumption apply (rule subExpr_getHeapEx) apply assumption apply (erule exE)+ apply (subgoal_tac "distinct (as' @ [GF list1a list2a expra] @ bs' @ [GF list1 list2 expr] @ cs')") prefer 2 apply (drule_tac t="as' @ [GF list1a list2a expra] @ bs' @ [GF list1 list2 expr] @ cs'" in sym) apply (erule_tac V="remdups' (getHeapEx Q) = ?c" in thin_rl) apply (simp only: distinct_remdups') apply (subgoal_tac "distinct (as@[GF list1 list2 expr]@bs)") prefer 2 apply (subgoal_tac "(as @ GF list1 list2 expr # bs) = (as @ [GF list1 list2 expr] @ bs)") prefer 2 apply simp apply (drule_tac s="as @ GF list1 list2 expr # bs" in sym) apply (simp only: distinct_remdups') apply (subgoal_tac "as @ [GF list1 list2 expr] @ bs = (as' @ [GF list1a list2a expra] @ bs') @ [GF list1 list2 expr] @ cs'") prefer 2 apply (drule_tac t="as' @ [GF list1a list2a expra] @ bs' @ [GF list1 list2 expr] @ cs'" in sym) apply simp apply (drule distinct_list_match) apply assumption apply simp apply (subgoal_tac "\hex \ set bs. heapEx (Gf list1a list2a expra) \ [hex]") prefer 2 apply (subgoal_tac "GF list1a list2a expra \ set bs") prefer 2 apply simp apply (rule ballI) apply (rule classical) apply (simp add: split_def) apply (subgoal_tac "\ hex \ set as'. heapEx (Gf list1a list2a expra) \ [hex]") prefer 2 apply (subgoal_tac "GF list1a list2a expra \ set as'") prefer 2 apply simp apply (rule ballI) apply (rule classical) apply (simp add: split_def) apply (subgoal_tac "\ hex \ set bs'. heapEx (Gf list1a list2a expra) \ [hex]") prefer 2 apply (subgoal_tac "GF list1a list2a expra \ set bs'") prefer 2 apply simp apply (rule ballI) apply (rule classical) apply (simp add: split_def) apply (drule_tac P="fst (P,An)" and Cl="Cl" in foldl_map_lookup')+ apply (subgoal_tac "expr \ expra") prefer 2 apply (drule getHeapEx_GF_not_refl) apply (rule not_sym) apply assumption apply (simp add: eqExMps_def) --{* FrNr *} apply (subgoal_tac "\ hex\set as. heapEx FrNr \ [hex]") prefer 2 apply simp apply (drule_tac P="fst (P,An)" and Cl="Cl" in foldl_map_lookup') apply (subgoal_tac "\ hex\set bs. heapEx FrNr \ [hex]") prefer 2 apply simp apply (drule_tac P="fst (P,An)" and Cl="Cl" in foldl_map_lookup') apply (simp add: eqExMps_def lookup.simps fms) --{* Num expr1 numop expr2 *} apply (rule impI) apply (subgoal_tac "expr1 \ set (subExpr expr)") prefer 2 apply (rule_tac ex'="Num expr1 num_op expr2" in subExpr_Gf) apply assumption apply simp apply (subgoal_tac "expr2 \ set (subExpr expr)") prefer 2 apply (rule_tac ex'="Num expr1 num_op expr2" in subExpr_Gf) apply assumption apply simp apply (subgoal_tac "\ hex\set as. heapEx ( Num expr1 num_op expr2 ) \ [hex]") prefer 2 apply simp apply (drule_tac P="fst (P,An)" and Cl="Cl" in foldl_map_lookup') apply (subgoal_tac "\ hex\set bs. heapEx (Num expr1 num_op expr2) \ [hex]") prefer 2 apply simp apply (drule_tac P="fst (P,An)" and Cl="Cl" in foldl_map_lookup') apply (simp add: eqExMps_def fms) --{* Rel expr1 relop expr2 *} apply (rule impI) apply (subgoal_tac "expr1 \ set (subExpr expr)") prefer 2 apply (rule_tac ex'="Rel expr1 rel_op expr2" in subExpr_Gf) apply assumption apply simp apply (subgoal_tac "expr2 \ set (subExpr expr)") prefer 2 apply (rule_tac ex'="Rel expr1 rel_op expr2" in subExpr_Gf) apply assumption apply simp apply (subgoal_tac "\ hex\set as. heapEx (Rel expr1 rel_op expr2) \ [hex]") prefer 2 apply simp apply (drule_tac P="fst (P,An)" and Cl="Cl" in foldl_map_lookup') apply (subgoal_tac "\ hex\set bs. heapEx (Rel expr1 rel_op expr2) \ [hex]") prefer 2 apply simp apply (drule_tac P="fst (P,An)" and Cl="Cl" in foldl_map_lookup') apply (simp add: eqExMps_def fms) --{* IF THEN ELSE *} apply (rule impI) apply (subgoal_tac "expr1 \ set (subExpr expr)") prefer 2 apply (rule_tac ex'="IF expr1 THEN expr2 ELSE expr3" in subExpr_Gf) apply assumption apply simp apply (subgoal_tac "expr2 \ set (subExpr expr)") prefer 2 apply (rule_tac ex'="IF expr1 THEN expr2 ELSE expr3" in subExpr_Gf) apply assumption apply simp apply (subgoal_tac "expr3 \ set (subExpr expr)") prefer 2 apply (rule_tac ex'="IF expr1 THEN expr2 ELSE expr3" in subExpr_Gf) apply assumption apply simp apply (subgoal_tac "\ hex\set as. heapEx (IF expr1 THEN expr2 ELSE expr3) \ [hex]") prefer 2 apply simp apply (drule_tac P="fst (P,An)" and Cl="Cl" in foldl_map_lookup') apply (subgoal_tac "\ hex\set bs. heapEx (IF expr1 THEN expr2 ELSE expr3) \ [hex]") prefer 2 apply simp apply (drule_tac P="fst (P,An)" and Cl="Cl" in foldl_map_lookup') apply (simp add: eqExMps_def fms) --{* Eq expr1 expr2 *} apply (rule impI) apply (subgoal_tac "expr1 \ set (subExpr expr)") prefer 2 apply (rule_tac ex'="Eq expr1 expr2" in subExpr_Gf) apply assumption apply simp apply (subgoal_tac "expr2 \ set (subExpr expr)") prefer 2 apply (rule_tac ex'="Eq expr1 expr2" in subExpr_Gf) apply assumption apply simp apply (subgoal_tac "\ hex\set as. heapEx (Eq expr1 expr2) \ [hex]") prefer 2 apply simp apply (drule_tac P="fst (P,An)" and Cl="Cl" in foldl_map_lookup') apply (subgoal_tac "\ hex\set bs. heapEx (Eq expr1 expr2) \ [hex]") prefer 2 apply simp apply (drule_tac P="fst (P,An)" and Cl="Cl" in foldl_map_lookup') apply (simp add: eqExMps_def fms) --{* Neg expra *} apply (rule impI) apply (subgoal_tac "expra \ set (subExpr expr)") prefer 2 apply (rule_tac ex'="Neg expra" in subExpr_Gf) apply assumption apply simp apply (subgoal_tac "\ hex\set as. heapEx (Neg expra) \ [hex]") prefer 2 apply simp apply (drule_tac P="fst (P,An)" and Cl="Cl" in foldl_map_lookup') apply (subgoal_tac "\ hex\set bs. heapEx (Neg expra) \ [hex]") prefer 2 apply simp apply (drule_tac P="fst (P,An)" and Cl="Cl" in foldl_map_lookup') apply (simp add: eqExMps_def fms) --{* Imp expr1 expr2 *} apply (rule impI) apply (subgoal_tac "expr1 \ set (subExpr expr)") prefer 2 apply (rule_tac ex'="Imp expr1 expr2" in subExpr_Gf) apply assumption apply simp apply (subgoal_tac "expr2 \ set (subExpr expr)") prefer 2 apply (rule_tac ex'="Imp expr1 expr2" in subExpr_Gf) apply assumption apply simp apply (subgoal_tac "\ hex\set as. heapEx (Imp expr1 expr2) \ [hex]") prefer 2 apply simp apply (drule_tac P="fst (P,An)" and Cl="Cl" in foldl_map_lookup') apply (subgoal_tac "\ hex\set bs. heapEx (Imp expr1 expr2) \ [hex]") prefer 2 apply simp apply (drule_tac P="fst (P,An)" and Cl="Cl" in foldl_map_lookup') apply (simp add: eqExMps_def fms) --{* Forall nat expra *} apply (rule impI) apply (subgoal_tac "expra \ set (subExpr expr)") prefer 2 apply (rule_tac ex'="Forall nat expra" in subExpr_Gf) apply assumption apply simp apply (subgoal_tac "\ hex\set as. heapEx (Forall nat expra) \ [hex]") prefer 2 apply simp apply (drule_tac P="fst (P,An)" and Cl="Cl" in foldl_map_lookup') apply (subgoal_tac "\ hex\set bs. heapEx (Forall nat expra) \ [hex]") prefer 2 apply simp apply (drule_tac P="fst (P,An)" and Cl="Cl" in foldl_map_lookup') apply (simp add: eqExMps_def fms) --{* Ty expra ty *} apply (rule impI) apply (subgoal_tac "expra \ set (subExpr expr)") prefer 2 apply (rule_tac ex'="Ty expra ty" in subExpr_Gf) apply assumption apply simp apply (drule mp, assumption) apply (subgoal_tac "\ hex\set bs. heapEx (Ty expra ty) \ [hex]") prefer 2 apply simp apply (drule_tac subExpr_getHeapEx_TY) apply (subgoal_tac "\ as' bs' cs'. remdups' (getHeapEx Q) = as' @ [TY expra ty] @ bs' @ [ GF list1 list2 expr] @ cs'") prefer 2 apply (rule getHeapEx_mono_TY_GF) apply assumption apply (rule subExpr_getHeapEx) apply assumption apply (erule exE)+ apply (subgoal_tac "distinct (as' @ [TY expra ty] @ bs' @ [ GF list1 list2 expr] @ cs')") prefer 2 apply (drule_tac t="as' @ [TY expra ty] @ bs' @ [ GF list1 list2 expr] @ cs'" in sym) apply (erule_tac V="remdups' (getHeapEx Q) = ?a" in thin_rl) apply (simp only:) apply (rule distinct_remdups') apply (subgoal_tac "distinct (as @ GF list1 list2 expr # bs)") prefer 2 apply (drule_tac t="as @ GF list1 list2 expr # bs" in sym) apply (simp only:) apply (subgoal_tac "as = as'@[TY expra ty]@bs' \ bs = cs'") prefer 2 apply (rule_tac x="GF list1 list2 expr" in distinct_list_match) apply (drule_tac t="as' @ [TY expra ty] @ bs' @ [GF list1 list2 expr] @ cs'" in sym) apply simp apply simp apply simp apply (rule ballI) apply (rule classical) apply simp apply (drule_tac P="fst (P,An)" and Cl="Cl" in foldl_map_lookup') apply (simp add: eqExMps_def fms) --{* Pos x *} apply (subgoal_tac "\ hex\set as. heapEx ( Pos x) \ [hex]") prefer 2 apply simp apply (drule_tac P="fst (P,An)" and Cl="Cl" in foldl_map_lookup') apply (subgoal_tac "\ hex\set bs. heapEx (Pos x) \ [hex]") prefer 2 apply simp apply (drule_tac P="fst (P,An)" and Cl="Cl" in foldl_map_lookup') apply (simp add: eqExMps_def lookup.simps fms) --{* Call expra *} apply (subgoal_tac "\ hex\set as. heapEx (Call expra) \ [hex]") prefer 2 apply simp apply (drule_tac P="fst (P,An)" and Cl="Cl" in foldl_map_lookup') apply (subgoal_tac "\ hex\set bs. heapEx (Call expra) \ [hex]") prefer 2 apply simp apply (drule_tac P="fst (P,An)" and Cl="Cl" in foldl_map_lookup') apply (simp only: eqExMps_Call) apply (simp add: fms) --{* Catch list expra *} apply (subgoal_tac "\ hex\set as. heapEx (Catch list expra) \ [hex]") prefer 2 apply simp apply (drule_tac P="fst (P,An)" and Cl="Cl" in foldl_map_lookup') apply (subgoal_tac "\ hex\set bs. heapEx (Catch list expra) \ [hex]") prefer 2 apply simp apply (drule_tac P="fst (P,An)" and Cl="Cl" in foldl_map_lookup') apply (simp only: eqExMps_Catch) apply (simp add: fms) --{* And es *} apply (rule impI) apply (simp only: eqExMps_And') apply (rule conjI) apply (subgoal_tac "\hex \ set bs. heapEx (And es) \ [hex]") prefer 2 apply simp apply (subgoal_tac "\hex \ set as. heapEx (And es) \ [hex]") prefer 2 apply simp apply (drule_tac P="fst (P,An)" and Cl="Cl" in foldl_map_lookup')+ apply (simp add: fms map_if_notin id_lookup_def del: evalE_evalEs.simps split del: split_if) apply (rule ballI) apply (erule_tac x="ex" and A="set es" in ballE) apply (subgoal_tac "ex \ set (subExpr expr)") prefer 2 apply (rule_tac ex'="And es" in subExpr_Gf) apply simp apply simp apply (simp only:) apply simp apply (simp only: foldl_append foldl.simps heapexpr.cases Let_def) apply simp apply (subgoal_tac "(\u. if u = a then \blank P Cl\ else h u) = (h(a \ blank P Cl))") prefer 2 apply (rule ext) apply simp apply simp apply (rule allI | rule impI)+ apply (case_tac "aa = Addr a") apply (simp add: split_def) apply (simp add: split_def) apply (case_tac "aa") apply simp apply simp apply simp apply simp apply simp --{* FrNr *} apply (rule impI, rule allI) apply (subgoal_tac "\hex \ set (remdups' (getHeapEx Q)). heapEx FrNr \ [hex]") prefer 2 apply simp apply (drule_tac P="fst \" and Cl="Cl" in foldl_map_lookup') apply (simp add: fms map_if_notin id_lookup_def) --{* Num expr1 numop expr2 *} apply (rule impI, rule allI) apply (subgoal_tac "\hex \ set (remdups' (getHeapEx Q)). heapEx (Num expr1 num_op expr2) \ [hex]") prefer 2 apply simp apply (drule_tac P="fst \" and Cl="Cl" in foldl_map_lookup') apply (subgoal_tac "expr1 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Num expr1 num_op expr2" in subExpr_Gf) apply assumption apply simp apply (subgoal_tac "expr2 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Num expr1 num_op expr2" in subExpr_Gf) apply assumption apply simp apply (simp add: fms map_if_notin id_lookup_def) --{* Rel expr1 numop expr2 *} apply (rule impI, rule allI) apply (subgoal_tac "\hex \ set (remdups' (getHeapEx Q)). heapEx (Rel expr1 rel_op expr2) \ [hex]") prefer 2 apply simp apply (drule_tac P="fst \" and Cl="Cl" in foldl_map_lookup') apply (subgoal_tac "expr1 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Rel expr1 rel_op expr2" in subExpr_Gf) apply assumption apply simp apply (subgoal_tac "expr2 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Rel expr1 rel_op expr2" in subExpr_Gf) apply assumption apply simp apply (simp add: fms map_if_notin id_lookup_def) --{* IF THEN ELSE *} apply (rule impI, rule allI) apply (subgoal_tac "\hex \ set (remdups' (getHeapEx Q)). heapEx (IF expr1 THEN expr2 ELSE expr3) \ [hex]") prefer 2 apply simp apply (drule_tac P="fst \" and Cl="Cl" in foldl_map_lookup') apply (subgoal_tac "expr1 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="IF expr1 THEN expr2 ELSE expr3" in subExpr_Gf) apply assumption apply simp apply (subgoal_tac "expr2 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="IF expr1 THEN expr2 ELSE expr3" in subExpr_Gf) apply assumption apply simp apply (subgoal_tac "expr3 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="IF expr1 THEN expr2 ELSE expr3" in subExpr_Gf) apply assumption apply simp apply (simp add: fms map_if_notin id_lookup_def split add: bool.split) --{* Eq expr1 expr2 *} apply (rule impI, rule allI) apply (subgoal_tac "\hex \ set (remdups' (getHeapEx Q)). heapEx (Eq expr1 expr2) \ [hex]") prefer 2 apply simp apply (drule_tac P="fst \" and Cl="Cl" in foldl_map_lookup') apply (subgoal_tac "expr1 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Eq expr1 expr2" in subExpr_Gf) apply assumption apply simp apply (subgoal_tac "expr2 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Eq expr1 expr2" in subExpr_Gf) apply assumption apply simp apply (simp add: fms map_if_notin id_lookup_def) --{* Neg expr *} apply (rule impI, rule allI) apply (subgoal_tac "\hex \ set (remdups' (getHeapEx Q)). heapEx ( Neg expr) \ [hex]") prefer 2 apply simp apply (drule_tac P="fst \" and Cl="Cl" in foldl_map_lookup') apply (subgoal_tac "expr \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Neg expr" in subExpr_Gf) apply assumption apply simp apply (simp add: fms map_if_notin id_lookup_def) --{* Imp expr1 expr2 *} apply (rule impI, rule allI) apply (subgoal_tac "\hex \ set (remdups' (getHeapEx Q)). heapEx (Imp expr1 expr2) \ [hex]") prefer 2 apply simp apply (drule_tac P="fst \" and Cl="Cl" in foldl_map_lookup') apply (subgoal_tac "expr1 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Imp expr1 expr2" in subExpr_Gf) apply assumption apply simp apply (subgoal_tac "expr2 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Imp expr1 expr2" in subExpr_Gf) apply assumption apply simp apply (simp add: fms map_if_notin id_lookup_def) --{* Foral nat expr *} apply (rule impI, rule allI) apply (subgoal_tac "\hex \ set (remdups' (getHeapEx Q)). heapEx (Forall nat expr) \ [hex]") prefer 2 apply simp apply (drule_tac P="fst \" and Cl="Cl" in foldl_map_lookup') apply (subgoal_tac "expr \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Forall nat expr" in subExpr_Gf) apply assumption apply simp apply (simp add: fms map_if_notin id_lookup_def) --{* Ty expr ty *} apply (rule impI, rule allI) apply (frule subExpr_getHeapEx_TY) apply (drule_tac x="TY expr ty" in in_rd_sp) apply (erule exE | erule conjE)+ apply (subgoal_tac "expr \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Ty expr ty" in subExpr_Gf) apply assumption apply (simp add: parts.simps) apply (drule mp, assumption) apply (subgoal_tac "\hex \ set as. heapEx (Ty expr ty) \ [hex]") prefer 2 apply (rule ballI) apply (rule classical) apply (simp add: split_def) apply (drule_tac P="fst \" and Cl="Cl" in foldl_map_lookup') apply (subgoal_tac "\hex \ set bs. heapEx (Ty expr ty) \ [hex]") prefer 2 apply (rule ballI) apply (rule classical) apply (simp add: split_def) apply (drule_tac P="fst \" and Cl="Cl" in foldl_map_lookup') apply (simp (no_asm_simp)) apply (simp (no_asm_simp) only: substE_substEs.simps) apply (simp only: evalE_evalEs.simps) apply simp apply (subgoal_tac "(substE (foldl (\mp hex. (case hex of GF F C ex \ let ex' = substE mp ex in (Gf F C ex, IF ex' \ NewA 0 THEN Cn (the (snd (blank (fst (P, An)) Cl) (F, C))) ELSE Gf F C ex') | TY ex ty \ let ex' = substE mp ex in (Ty ex ty, IF ex' \ NewA 0 THEN Cn (Bool (Class Cl = ty)) ELSE Ty ex' ty)) # mp) ((Ty expr ty, IF substE (foldl (\mp hex. (case hex of GF F C ex \ let ex' = substE mp ex in (Gf F C ex, IF ex' \ NewA 0 THEN Cn (the (snd (blank (fst (P, An)) Cl) (F, C))) ELSE Gf F C ex') | TY ex ty \ let ex' = substE mp ex in (Ty ex ty, IF ex' \ NewA 0 THEN Cn (Bool (Class Cl = ty)) ELSE Ty ex' ty)) # mp) (map (\q. (Pos q, if q = (C, M, Suc pc) then Pos (C,M,pc) else FF)) (getPosEx Q) @ map (\k. (St k, if k = 0 then NewA 0 else St (k - 1))) (stkIds Q) @ map (\n. (NewA n, NewA (Suc n))) (getNewEx Q)) as) expr \ NewA 0 THEN Cn (Bool (Class Cl = ty)) ELSE Ty (substE (foldl (\mp hex. (case hex of GF F C ex \ let ex' = substE mp ex in (Gf F C ex, IF ex' \ NewA 0 THEN Cn (the (snd (blank (fst (P, An)) Cl) (F, C))) ELSE Gf F C ex') | TY ex ty \ let ex' = substE mp ex in (Ty ex ty, IF ex' \ NewA 0 THEN Cn (Bool (Class Cl = ty)) ELSE Ty ex' ty)) # mp) (map (\q. (Pos q, if q = (C, M, Suc pc) then Pos (C,M,pc) else FF)) (getPosEx Q) @ map (\k. (St k, if k = 0 then NewA 0 else St (k - 1))) (stkIds Q) @ map (\n. (NewA n, NewA (Suc n))) (getNewEx Q)) as) expr) ty) # foldl (\mp hex. (case hex of GF F C ex \ let ex' = substE mp ex in (Gf F C ex, IF ex' \ NewA 0 THEN Cn (the (snd (blank (fst (P, An)) Cl) (F, C))) ELSE Gf F C ex') | TY ex ty \ let ex' = substE mp ex in (Ty ex ty, IF ex' \ NewA 0 THEN Cn (Bool (Class Cl = ty)) ELSE Ty ex' ty)) # mp) (map (\q. (Pos q, if q = (C, M, Suc pc) then Pos (C,M,pc) else FF)) (getPosEx Q) @ map (\k. (St k, if k = 0 then NewA 0 else St (k - 1))) (stkIds Q) @ map (\n. (NewA n, NewA (Suc n))) (getNewEx Q)) as) bs) expr) = (substE (foldl (\mp hex. (case hex of GF F C ex \ let ex' = substE mp ex in (Gf F C ex, IF ex' \ NewA 0 THEN Cn (the (snd (blank (fst (P, An)) Cl) (F, C))) ELSE Gf F C ex') | TY ex ty \ let ex' = substE mp ex in (Ty ex ty, IF ex' \ NewA 0 THEN Cn (Bool (Class Cl = ty)) ELSE Ty ex' ty)) # mp) (map (\q. (Pos q, if q = (C, M, Suc pc) then Pos (C,M,pc) else FF)) (getPosEx Q) @ map (\k. (St k, if k = 0 then NewA 0 else St (k - 1))) (stkIds Q) @ map (\n. (NewA n, NewA (Suc n))) (getNewEx Q)) as) expr)") prefer 2 apply (erule_tac V="\I. ?P I" in thin_rl) apply (erule_tac V="\mp'. ?P mp'" in thin_rl) apply (erule_tac V="\mp'. ?P mp'" in thin_rl) apply (rule substE_eq) apply (subgoal_tac "\expr'. expr = expr'") prefer 2 apply (erule thin_rl)+ apply fastsimp apply (erule exE)+ apply (subgoal_tac "\ em em'. eqExMps em em' expr = eqExMps em em' expr'") prefer 2 apply simp apply (subgoal_tac "expr' \ set (subExpr expr)") prefer 2 apply (simp only:) apply (rule getExpr_refl) apply (erule_tac V="expr = expr'" in thin_rl) apply (simp only:) apply (erule_tac P="expr' \ set (subExpr expr)" in rev_mp) apply (rule_tac expr="expr'" in expr_induct) --{* Rg nat *} apply (subgoal_tac "\ hex\set as. heapEx (Rg nat) \ [hex]") prefer 2 apply simp apply (drule_tac P="fst (P,An)" and Cl="Cl" in foldl_map_lookup') apply (subgoal_tac "\ hex \set bs. heapEx (Rg nat) \ [hex]") prefer 2 apply simp apply (drule_tac P="fst (P,An)" and Cl="Cl" in foldl_map_lookup') apply (simp add: fst_conv eqExMps_def lookup.simps fms) --{* St nat *} apply (subgoal_tac "\hex\set as. heapEx (St nat) \ [hex]") prefer 2 apply simp apply (drule_tac P="fst (P,An)" and Cl="Cl" in foldl_map_lookup') apply (subgoal_tac "\ hex\set bs. heapEx (St nat) \ [hex]") prefer 2 apply simp apply (drule_tac P="fst (P,An)" and Cl="Cl" in foldl_map_lookup') apply (simp add: eqExMps_def lookup.simps fms) --{* Lv nat *} apply (subgoal_tac "\ hex\set as. heapEx (Lv nat) \ [hex]") prefer 2 apply simp apply (drule_tac P="fst (P,An)" and Cl="Cl" in foldl_map_lookup') apply (subgoal_tac "\ hex\set bs. heapEx (Lv nat) \ [hex]") prefer 2 apply simp apply (drule_tac P="fst (P,An)" and Cl="Cl" in foldl_map_lookup') apply (simp add: eqExMps_def lookup.simps fms) --{* Cn val *} apply (subgoal_tac "\ hex\set as. heapEx (Cn val) \ [hex]") prefer 2 apply simp apply (drule_tac P="fst (P,An)" and Cl="Cl" in foldl_map_lookup') apply (subgoal_tac "\ hex\set bs. heapEx (Cn val) \ [hex]") prefer 2 apply simp apply (drule_tac P="fst (P,An)" and Cl="Cl" in foldl_map_lookup') apply (simp add: eqExMps_def lookup.simps fms) --{* NewA *} apply (subgoal_tac "\ hex\set as. heapEx (NewA n) \ [hex]") prefer 2 apply simp apply (drule_tac P="fst (P,An)" and Cl="Cl" in foldl_map_lookup') apply (subgoal_tac "\ hex\set bs. heapEx (NewA n) \ [hex]") prefer 2 apply simp apply (drule_tac P="fst (P,An)" and Cl="Cl" in foldl_map_lookup') apply (simp add: eqExMps_def lookup.simps fms) --{* Gf list1 list2 expra *} apply (rule impI) apply (frule_tac ex="expra" in subExpr_getHeapEx) apply (subgoal_tac "expra \ set (subExpr expr)") prefer 2 apply (rule_tac ex'="Gf list1 list2 expra" in subExpr_Gf) apply assumption apply (simp add: parts.simps) apply (drule mp, assumption) apply (subgoal_tac "\as' bs' cs'. remdups' (getHeapEx Q) = as'@[GF list1 list2 expra]@bs'@[TY expr ty]@cs'") prefer 2 apply (rule getHeapEx_mono_GF_TY) apply assumption apply (rule subExpr_getHeapEx_TY) apply assumption apply (erule exE)+ apply (subgoal_tac "distinct (as' @ [GF list1 list2 expra] @ bs' @ [TY expr ty] @ cs')") prefer 2 apply (drule_tac t="as' @ [GF list1 list2 expra] @ bs' @ [TY expr ty] @ cs'" in sym) apply (erule_tac V="remdups' (getHeapEx Q) = ?c" in thin_rl) apply (simp only: distinct_remdups') apply (subgoal_tac "distinct (as@[TY expr ty]@bs)") prefer 2 apply (subgoal_tac "(as @ TY expr ty # bs) = (as @ [TY expr ty] @ bs)") prefer 2 apply simp apply (drule_tac s="as @ TY expr ty # bs" in sym) apply (simp only: distinct_remdups') apply (subgoal_tac "as @ [TY expr ty] @ bs = (as' @ [GF list1 list2 expra] @ bs') @ [TY expr ty] @ cs'") prefer 2 apply (drule_tac t="as' @ [GF list1 list2 expra] @ bs' @ [TY expr ty] @ cs'" in sym) apply simp apply (drule distinct_list_match) apply assumption apply simp apply (subgoal_tac "\hex \ set bs. heapEx (Gf list1 list2 expra) \ [hex]") prefer 2 apply (subgoal_tac "GF list1 list2 expra \ set bs") prefer 2 apply simp apply (rule ballI) apply (rule classical) apply (simp add: split_def) apply (subgoal_tac "\ hex \ set as'. heapEx (Gf list1 list2 expra) \ [hex]") prefer 2 apply (subgoal_tac "GF list1 list2 expra \ set as'") prefer 2 apply simp apply (rule ballI) apply (rule classical) apply (simp add: split_def) apply (subgoal_tac "\ hex \ set bs'. heapEx (Gf list1 list2 expra) \ [hex]") prefer 2 apply (subgoal_tac "GF list1 list2 expra \ set bs'") prefer 2 apply simp apply (rule ballI) apply (rule classical) apply (simp add: split_def) apply (drule_tac P="fst (P,An)" and Cl="Cl" in foldl_map_lookup')+ apply (subgoal_tac "expr \ expra") prefer 2 apply (drule getHeapEx_GF_not_refl) apply (rule not_sym) apply assumption apply (simp add: eqExMps_def) --{* FrNr *} apply (subgoal_tac "\ hex\set as. heapEx FrNr \ [hex]") prefer 2 apply simp apply (drule_tac P="fst (P,An)" and Cl="Cl" in foldl_map_lookup') apply (subgoal_tac "\ hex\set bs. heapEx FrNr \ [hex]") prefer 2 apply simp apply (drule_tac P="fst (P,An)" and Cl="Cl" in foldl_map_lookup') apply (simp add: eqExMps_def lookup.simps fms) --{* Num expr1 numop expr2 *} apply (rule impI) apply (subgoal_tac "expr1 \ set (subExpr expr)") prefer 2 apply (rule_tac ex'="Num expr1 num_op expr2" in subExpr_Gf) apply assumption apply simp apply (subgoal_tac "expr2 \ set (subExpr expr)") prefer 2 apply (rule_tac ex'="Num expr1 num_op expr2" in subExpr_Gf) apply assumption apply simp apply (subgoal_tac "\ hex\set as. heapEx ( Num expr1 num_op expr2 ) \ [hex]") prefer 2 apply simp apply (drule_tac P="fst (P,An)" and Cl="Cl" in foldl_map_lookup') apply (subgoal_tac "\ hex\set bs. heapEx (Num expr1 num_op expr2) \ [hex]") prefer 2 apply simp apply (drule_tac P="fst (P,An)" and Cl="Cl" in foldl_map_lookup') apply (simp add: eqExMps_def fms) --{* Rel expr1 relop expr2 *} apply (rule impI) apply (subgoal_tac "expr1 \ set (subExpr expr)") prefer 2 apply (rule_tac ex'="Rel expr1 rel_op expr2" in subExpr_Gf) apply assumption apply simp apply (subgoal_tac "expr2 \ set (subExpr expr)") prefer 2 apply (rule_tac ex'="Rel expr1 rel_op expr2" in subExpr_Gf) apply assumption apply simp apply (subgoal_tac "\ hex\set as. heapEx (Rel expr1 rel_op expr2) \ [hex]") prefer 2 apply simp apply (drule_tac P="fst (P,An)" and Cl="Cl" in foldl_map_lookup') apply (subgoal_tac "\ hex\set bs. heapEx (Rel expr1 rel_op expr2) \ [hex]") prefer 2 apply simp apply (drule_tac P="fst (P,An)" and Cl="Cl" in foldl_map_lookup') apply (simp add: eqExMps_def fms) --{* IF THEN ELSE *} apply (rule impI) apply (subgoal_tac "expr1 \ set (subExpr expr)") prefer 2 apply (rule_tac ex'="IF expr1 THEN expr2 ELSE expr3" in subExpr_Gf) apply assumption apply simp apply (subgoal_tac "expr2 \ set (subExpr expr)") prefer 2 apply (rule_tac ex'="IF expr1 THEN expr2 ELSE expr3" in subExpr_Gf) apply assumption apply simp apply (subgoal_tac "expr3 \ set (subExpr expr)") prefer 2 apply (rule_tac ex'="IF expr1 THEN expr2 ELSE expr3" in subExpr_Gf) apply assumption apply simp apply (subgoal_tac "\ hex\set as. heapEx (IF expr1 THEN expr2 ELSE expr3) \ [hex]") prefer 2 apply simp apply (drule_tac P="fst (P,An)" and Cl="Cl" in foldl_map_lookup') apply (subgoal_tac "\ hex\set bs. heapEx (IF expr1 THEN expr2 ELSE expr3) \ [hex]") prefer 2 apply simp apply (drule_tac P="fst (P,An)" and Cl="Cl" in foldl_map_lookup') apply (simp add: eqExMps_def fms) --{* Eq expr1 expr2 *} apply (rule impI) apply (subgoal_tac "expr1 \ set (subExpr expr)") prefer 2 apply (rule_tac ex'="Eq expr1 expr2" in subExpr_Gf) apply assumption apply simp apply (subgoal_tac "expr2 \ set (subExpr expr)") prefer 2 apply (rule_tac ex'="Eq expr1 expr2" in subExpr_Gf) apply assumption apply simp apply (subgoal_tac "\ hex\set as. heapEx (Eq expr1 expr2) \ [hex]") prefer 2 apply simp apply (drule_tac P="fst (P,An)" and Cl="Cl" in foldl_map_lookup') apply (subgoal_tac "\ hex\set bs. heapEx (Eq expr1 expr2) \ [hex]") prefer 2 apply simp apply (drule_tac P="fst (P,An)" and Cl="Cl" in foldl_map_lookup') apply (simp add: eqExMps_def fms) --{* Neg expra *} apply (rule impI) apply (subgoal_tac "expra \ set (subExpr expr)") prefer 2 apply (rule_tac ex'="Neg expra" in subExpr_Gf) apply assumption apply simp apply (subgoal_tac "\ hex\set as. heapEx (Neg expra) \ [hex]") prefer 2 apply simp apply (drule_tac P="fst (P,An)" and Cl="Cl" in foldl_map_lookup') apply (subgoal_tac "\ hex\set bs. heapEx (Neg expra) \ [hex]") prefer 2 apply simp apply (drule_tac P="fst (P,An)" and Cl="Cl" in foldl_map_lookup') apply (simp add: eqExMps_def fms) --{* Imp expr1 expr2 *} apply (rule impI) apply (subgoal_tac "expr1 \ set (subExpr expr)") prefer 2 apply (rule_tac ex'="Imp expr1 expr2" in subExpr_Gf) apply assumption apply simp apply (subgoal_tac "expr2 \ set (subExpr expr)") prefer 2 apply (rule_tac ex'="Imp expr1 expr2" in subExpr_Gf) apply assumption apply simp apply (subgoal_tac "\ hex\set as. heapEx (Imp expr1 expr2) \ [hex]") prefer 2 apply simp apply (drule_tac P="fst (P,An)" and Cl="Cl" in foldl_map_lookup') apply (subgoal_tac "\ hex\set bs. heapEx (Imp expr1 expr2) \ [hex]") prefer 2 apply simp apply (drule_tac P="fst (P,An)" and Cl="Cl" in foldl_map_lookup') apply (simp add: eqExMps_def fms) --{* Forall nat expra *} apply (rule impI) apply (subgoal_tac "expra \ set (subExpr expr)") prefer 2 apply (rule_tac ex'="Forall nat expra" in subExpr_Gf) apply assumption apply simp apply (subgoal_tac "\ hex\set as. heapEx (Forall nat expra) \ [hex]") prefer 2 apply simp apply (drule_tac P="fst (P,An)" and Cl="Cl" in foldl_map_lookup') apply (subgoal_tac "\ hex\set bs. heapEx (Forall nat expra) \ [hex]") prefer 2 apply simp apply (drule_tac P="fst (P,An)" and Cl="Cl" in foldl_map_lookup') apply (simp add: eqExMps_def fms) --{* Ty expra tya *} apply (rule impI) apply (subgoal_tac "expra \ set (subExpr expr)") prefer 2 apply (rule_tac ex'="Ty expra tya" in subExpr_Gf) apply assumption apply simp apply (drule mp, assumption) apply (subgoal_tac "\ hex\set bs. heapEx (Ty expra tya) \ [hex]") prefer 2 apply simp apply (drule_tac subExpr_getHeapEx_TY) apply (subgoal_tac "\ as' bs' cs'. remdups' (getHeapEx Q) = as' @ [TY expra tya] @ bs' @ [ TY expr ty] @ cs'") prefer 2 apply (rule getHeapEx_mono_TY_TY) apply (rule subExpr_getHeapEx_TY) apply assumption apply assumption apply (erule exE)+ apply (subgoal_tac "distinct (as' @ [TY expra tya] @ bs' @ [ TY expr ty] @ cs')") prefer 2 apply (drule_tac t="as' @ [TY expra tya] @ bs' @ [ TY expr ty] @ cs'" in sym) apply (erule_tac V="remdups' (getHeapEx Q) = ?a" in thin_rl) apply (simp only:) apply (rule distinct_remdups') apply (subgoal_tac "distinct (as @ TY expr ty # bs)") prefer 2 apply (drule_tac t="as @ TY expr ty # bs" in sym) apply (simp only:) apply (subgoal_tac "as = as'@[TY expra tya]@bs' \ bs = cs'") prefer 2 apply (rule_tac x="TY expr ty" in distinct_list_match) apply (drule_tac t="as' @ [TY expra tya] @ bs' @ [TY expr ty] @ cs'" in sym) apply simp apply simp apply simp apply (rule ballI) apply (rule classical) apply simp apply (drule_tac P="fst (P,An)" and Cl="Cl" in foldl_map_lookup') apply (subgoal_tac "expr \ expra") prefer 2 apply (drule_tac ex="expra" in subExpr_getHeapEx_TY) apply (drule getHeapEx_TY_not_refl) apply (rule not_sym) apply assumption apply (simp add: eqExMps_def fms split add: bool.split) --{* Pos x *} apply (subgoal_tac "\ hex\set as. heapEx ( Pos x) \ [hex]") prefer 2 apply simp apply (drule_tac P="fst (P,An)" and Cl="Cl" in foldl_map_lookup') apply (subgoal_tac "\ hex\set bs. heapEx (Pos x) \ [hex]") prefer 2 apply simp apply (drule_tac P="fst (P,An)" and Cl="Cl" in foldl_map_lookup') apply (simp add: eqExMps_def lookup.simps fms) --{* Call expra *} apply (subgoal_tac "\ hex\set as. heapEx (Call expra) \ [hex]") prefer 2 apply simp apply (drule_tac P="fst (P,An)" and Cl="Cl" in foldl_map_lookup') apply (subgoal_tac "\ hex\set bs. heapEx (Call expra) \ [hex]") prefer 2 apply simp apply (drule_tac P="fst (P,An)" and Cl="Cl" in foldl_map_lookup') apply (simp only: eqExMps_Call) apply (simp add: fms) --{* Catch lista expra *} apply (subgoal_tac "\ hex\set as. heapEx (Catch list expra) \ [hex]") prefer 2 apply simp apply (drule_tac P="fst (P,An)" and Cl="Cl" in foldl_map_lookup') apply (subgoal_tac "\ hex\set bs. heapEx (Catch list expra) \ [hex]") prefer 2 apply simp apply (drule_tac P="fst (P,An)" and Cl="Cl" in foldl_map_lookup') apply (simp only: eqExMps_Catch) apply (simp add: fms) --{* And es *} apply (rule impI) apply (simp only: eqExMps_And') apply (rule conjI) apply (subgoal_tac "\hex \ set bs. heapEx (And es) \ [hex]") prefer 2 apply simp apply (subgoal_tac "\hex \ set as. heapEx (And es) \ [hex]") prefer 2 apply simp apply (drule_tac P="fst (P,An)" and Cl="Cl" in foldl_map_lookup')+ apply (simp add: fms map_if_notin id_lookup_def del: evalE_evalEs.simps split del: split_if) apply (rule ballI) apply (erule_tac x="ex" and A="set es" in ballE) apply (subgoal_tac "ex \ set (subExpr expr)") prefer 2 apply (rule_tac ex'="And es" in subExpr_Gf) apply simp apply simp apply (simp only:) apply simp apply (subgoal_tac "(\u. if u = a then \blank P Cl\ else h u) = (h(a \ blank P Cl))") prefer 2 apply (rule ext) apply simp apply simp apply (rule allI | rule impI)+ apply (case_tac "aa = Addr a") apply (simp add: split_def blank_def obj_ty_def) apply blast apply (case_tac "aa") apply simp apply simp apply simp apply simp apply simp --{* Pos *} apply (rule impI,rule allI) apply (drule subExpr_getPosEx) apply (drule_tac xs="getPosEx Q" in in_set_conv_decomp_fst) apply (erule exE | erule conjE)+ apply (subgoal_tac "\hex \ set (remdups' (getHeapEx Q)). heapEx (Pos x) \ [hex]") prefer 2 apply simp apply (drule_tac P="fst \" and Cl="Cl" in foldl_map_lookup') apply (subgoal_tac "p' mem domC \") prefer 2 apply (cut_tac wf_Pi) apply (cut_tac p_domC) apply (cut_tac p_def) apply (cut_tac cmd_p) apply (simp only: in_set_conv_decomp) apply (erule exE)+ apply (simp add: incA_def wf_def checkPos_split succsNormal_def split add: split_if_asm) apply (cut_tac p_domC) apply (case_tac "frs") apply (simp add: fms map_if_notin id_lookup_def p_def mem_iff) apply (simp add: fms map_if_notin id_lookup_def p_def mem_iff callers_simps) --{* Call expr *} apply (rule impI, rule allI) apply (subgoal_tac "\hex \ set (remdups' (getHeapEx Q)). heapEx (Call expr) \ [hex]") prefer 2 apply simp apply (drule_tac P="fst \" and Cl="Cl" in foldl_map_lookup') apply (simp add: fms map_if_notin id_lookup_def) apply (rule impI) apply (simp only: neq_Nil_conv) apply (erule exE)+ apply (simp (no_asm_simp) only: split_paired_all env_upd callstate.simps) --{* Catch list expr *} apply (rule impI, rule allI) apply (subgoal_tac "\hex \ set (remdups' (getHeapEx Q)). heapEx (Catch list expr) \ [hex]") prefer 2 apply simp apply (drule_tac P="fst \" and Cl="Cl" in foldl_map_lookup') apply (simp add: fms map_if_notin id_lookup_def) apply (rule impI) apply (simp only: neq_Nil_conv) apply (erule exE)+ apply (simp (no_asm_simp) only: split_paired_all env_upd catchstate.simps) --{* And ex *} apply (rule impI, rule allI) apply (subgoal_tac "\hex \ set (remdups' (getHeapEx Q)). heapEx (And es) \ [hex]") prefer 2 apply simp apply (drule_tac P="fst \" and Cl="Cl" in foldl_map_lookup') apply (simp add: substEs_map evalE_And fms map_if_notin id_lookup_def del: evalE_evalEs.simps split del: split_if) apply (rule iffI) apply (rule ballI) apply (erule_tac x="ex" in ballE)+ apply (subgoal_tac "ex \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="And es" in subExpr_Gf) apply assumption apply (simp add: parts.simps) apply (drule mp, assumption) apply simp apply simp apply simp apply (rule ballI) apply (erule_tac x="ex" in ballE)+ apply (subgoal_tac "ex \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="And es" in subExpr_Gf) apply assumption apply (simp add: parts.simps) apply (drule mp, assumption) apply simp apply simp apply simp done qed (*>*) lemma effS_wpF_Getfield: assumes i_def: "i = Getfield list1 list2" assumes wf_Pi: "wf \" assumes handlesEx: "handlesEx (fst \) p' = None" assumes cmd_p: "cmd \ p = Some i" assumes p_domC: "p \ set (domC \)" assumes i_instr: "instrs_of P C M ! pc = i" assumes s_def: "s = (p,\,e)" assumes p_def: "p = (C,M,pc)" assumes sigma_def: "\ = (None,h,(stk,loc,p)#frs)" assumes s'_def: "s' = (p',\',e')" assumes sigma'_def: "\' = (None,h',fr'#frs')" assumes e'_def: "e' = e\cs := if \M n. i = Invoke M n then h # cs e else if i = Return then tl (cs e) else cs e\" assumes p'_def: "p' = snd (snd fr')" assumes check_i: "check_instr' i P h stk loc C M pc frs" assumes exec_i : "exec_instr i P h stk loc C M pc frs = \'" assumes Pi_def: "\ = (P,An)" shows "\ I. evalE \ (p,\,e\lv:=I\) (wpF \ p p' Q) = evalE \ (p',\',e'\lv:=I\) Q" (*<*) proof - from handlesEx cmd_p i_def show ?thesis apply - apply (simp only: wpF_Getfield) --{* induction preparation *} apply (subgoal_tac "\Q'. Q = Q'") prefer 2 apply fastsimp apply (erule exE) apply (subgoal_tac "\em. substE em Q = substE em Q'") prefer 2 apply simp apply (subgoal_tac "\ I. evalE \ (p', \', e'\lv:=I\) Q = evalE \ (p', \', e'\lv:=I\) Q'") prefer 2 apply simp apply (subgoal_tac "Q' \ set (subExpr Q)") prefer 2 apply (simp add: getExpr_refl) apply (erule_tac V="Q = Q'" in thin_rl) apply (simp only:) apply (erule_tac V="\em. substE em Q = substE em Q'" in thin_rl) apply (erule_tac V="\I. evalE \ (p', \', e'\lv:=I\) Q = evalE \ (p', \', e'\lv:=I\) Q'" in thin_rl) apply (erule_tac P="Q' \ set (subExpr Q)" in rev_mp) apply (erule thin_rl)+ apply (cut_tac exec_i[THEN sym] sigma'_def i_def check_i sigma_def p'_def e'_def p_def Pi_def) --{* induction on Q' *} apply simp apply (case_tac "hd stk = Null") apply (simp add: split_def) apply (simp add: split_def) apply (rule_tac expr="Q'" in expr_induct) --{* Rg *} apply (rule impI, rule allI) apply (drule subExpr_rgIds) apply (drule_tac xs="rgIds Q" in in_set_conv_decomp_fst) apply (erule exE | erule conjE)+ apply (simp add: fms map_if_notin id_lookup_def) --{* St *} apply (case_tac "stk") apply simp apply (rule impI, rule allI) apply (drule subExpr_stkIds) apply (drule_tac xs="stkIds Q" in in_set_conv_decomp_fst) apply (erule exE | erule conjE)+ apply (simp add: fms map_if_notin id_lookup_def neq_Nil_conv) apply (case_tac "nat") apply (simp split add: val.split ) apply (case_tac "a") apply (simp add: is_Ref_def is_Ref'_def) apply (simp add: is_Ref_def is_Ref'_def) apply (simp add: is_Ref_def is_Ref'_def) apply (simp add: is_Ref_def is_Ref'_def) apply (simp add: is_Ref'_def) apply (erule exE)+ apply simp --{* nat = Suc nata *} apply simp --{* Lv *} apply (simp add: fms map_if_notin id_lookup_def) --{* Cn *} apply (simp add: fms map_if_notin id_lookup_def) --{* NewA *} apply (simp add: fms map_if_notin id_lookup_def) --{* Gf list1 list2 expr *} apply (rule impI) apply (subgoal_tac "expr \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Gf list1a list2a expr" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (simp add: fms map_if_notin id_lookup_def split add: val.split) --{* FrNr *} apply (simp add: fms map_if_notin id_lookup_def) --{* Num expr1 num_op epxr2 *} apply (rule impI) apply (subgoal_tac "expr1 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Num expr1 num_op expr2" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (subgoal_tac "expr2 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Num expr1 num_op expr2" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (simp add: fms map_if_notin id_lookup_def) --{* Rel expr1 rel_op expr2 *} apply (rule impI) apply (subgoal_tac "expr1 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Rel expr1 rel_op expr2" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (subgoal_tac "expr2 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Rel expr1 rel_op expr2" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (simp add: fms map_if_notin id_lookup_def) --{* IF expr1 THEN expr2 ELSE expr3 *} apply (rule impI) apply (subgoal_tac "expr1 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="IF expr1 THEN expr2 ELSE expr3" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (subgoal_tac "expr2 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="IF expr1 THEN expr2 ELSE expr3" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (subgoal_tac "expr3 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="IF expr1 THEN expr2 ELSE expr3" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (drule mp,assumption)+ apply (simp add: split_def fms map_if_notin id_lookup_def evalE_evalEs.simps substE_substEs.simps split del: split_if add: bool.split ) apply (rule allI) apply (erule_tac x="I" in allE) apply (case_tac " evalE (P, An) ((C, M, Suc pc), (None, h, (the (snd (the (h (the_Addr (hd stk)))) (list1, list2)) # tl stk, loc, C, M, Suc pc) # frs), e\lv := I\) expr1 = \Bool True\") apply simp apply simp --{* Eq expr1 expr2 *} apply (rule impI) apply (subgoal_tac "expr1 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Eq expr1 expr2" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (subgoal_tac "expr2 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Eq expr1 expr2" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (simp add: fms map_if_notin id_lookup_def) --{* Neg expr *} apply (rule impI) apply (subgoal_tac "expr \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Neg expr" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (simp add: fms map_if_notin id_lookup_def) --{* Imp expr1 expr2 *} apply (rule impI) apply (subgoal_tac "expr1 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Imp expr1 expr2" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (subgoal_tac "expr2 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Imp expr1 expr2" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (simp add: fms map_if_notin id_lookup_def) --{* Forall nat expr *} apply (rule impI) apply (subgoal_tac "expr \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Forall nat expr" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (simp add: fms map_if_notin id_lookup_def split del: split_if) --{* Ty expr ty*} apply (rule impI) apply (subgoal_tac "expr \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Ty expr ty" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (simp add: Let_def split_def fms map_if_notin id_lookup_def split add: val.split) --{* Pos x *} apply (rule impI, rule allI) apply (subgoal_tac "x \ set (getPosEx Q)") prefer 2 apply (rule subExpr_getPosEx) apply assumption apply (drule_tac xs="getPosEx Q" in in_set_conv_decomp_fst) apply (erule exE |erule conjE)+ apply (subgoal_tac "p' mem domC \") prefer 2 apply (cut_tac wf_Pi) apply (cut_tac p_domC) apply (cut_tac p_def) apply (cut_tac cmd_p) apply (simp only: in_set_conv_decomp) apply (erule exE)+ apply (simp add: incA_def wf_def checkPos_split succsNormal_def split add: split_if_asm) apply (cut_tac p_domC) apply (case_tac "frs") apply (simp add: fms map_if_notin id_lookup_def p_def mem_iff) apply (simp add: fms map_if_notin id_lookup_def p_def mem_iff callers_simps) --{* Call *} apply (rule impI,rule allI) apply (simp add: Let_def split_def fms map_if_notin id_lookup_def) apply (rule impI) apply (simp only: neq_Nil_conv) apply (erule exE)+ apply (simp (no_asm_simp) add: split_paired_all env_upd_cs) --{* Catch *} apply (rule impI,rule allI) apply (simp add: Let_def split_def fms map_if_notin id_lookup_def) apply (rule impI) apply (simp only: neq_Nil_conv) apply (erule exE)+ apply (simp (no_asm_simp) add: split_paired_all env_upd_cs) --{* And es *} apply (rule impI, rule allI) apply (simp add: evalE_And fms map_if_notin id_lookup_def del: evalE_evalEs.simps split del: split_if) apply (rule iffI) apply (rule ballI) apply (erule_tac x="ex" in ballE) apply (erule_tac x="(substE (map (\q. (Pos q, if q = (C, M, Suc pc) then Pos p else FF)) (getPosEx Q) @ [(St 0, Gf list1 list2 (St 0))]) ex)" in ballE) apply (subgoal_tac "ex \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="And es" in subExpr_Gf) apply assumption apply (simp add: parts.simps) apply (simp add: substEs_map) apply (simp add: substEs_map) apply (simp only:) apply (rule ballI) apply (simp add: substEs_map image_iff) apply (erule bexE) apply (erule_tac x="x" in ballE) apply (erule_tac x="x" in ballE) apply (subgoal_tac "x \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="And es" in subExpr_Gf) apply assumption apply (simp (no_asm_simp) add: parts.simps) apply simp apply (simp only:) apply (simp only:) done qed (*>*) lemma effS_wpF_Putfield: assumes i_def: "i = Putfield list1 list2" assumes wf_Pi: "wf \" assumes handlesEx: "handlesEx (fst \) p' = None" assumes cmd_p: "cmd \ p = Some i" assumes p_domC: "p \ set (domC \)" assumes i_instr: "instrs_of P C M ! pc = i" assumes s_def: "s = (p,\,e)" assumes p_def: "p = (C,M,pc)" assumes sigma_def: "\ = (None,h,(stk,loc,p)#frs)" assumes s'_def: "s' = (p',\',e')" assumes sigma'_def: "\' = (None,h',fr'#frs')" assumes e'_def: "e' = e\cs := if \M n. i = Invoke M n then h # cs e else if i = Return then tl (cs e) else cs e\" assumes p'_def: "p' = snd (snd fr')" assumes check_i: "check_instr' i P h stk loc C M pc frs" assumes exec_i : "exec_instr i P h stk loc C M pc frs = \'" assumes Pi_def: "\ = (P,An)" shows "\ I. evalE \ (p,\,e\lv:=I\) (wpF \ p p' Q) = evalE \ (p',\',e'\lv:=I\) Q" (*<*) proof - from handlesEx cmd_p i_def show ?thesis apply - apply (simp only: wpF_Putfield) --{* induction preparation *} apply (subgoal_tac "\Q'. Q = Q'") prefer 2 apply fastsimp apply (erule exE) apply (subgoal_tac "\em. substE em Q = substE em Q'") prefer 2 apply simp apply (subgoal_tac "\ I. evalE \ (p', \', e'\lv:=I\) Q = evalE \ (p', \', e'\lv:=I\) Q'") prefer 2 apply simp apply (subgoal_tac "Q' \ set (subExpr Q)") prefer 2 apply (simp add: getExpr_refl) apply (erule_tac V="Q = Q'" in thin_rl) apply (simp only:) apply (erule_tac V="\em. substE em Q = substE em Q'" in thin_rl) apply (erule_tac V="\I. evalE \ (p', \', e'\lv:=I\) Q = evalE \ (p', \', e'\lv:=I\) Q'" in thin_rl) apply (erule_tac P="Q' \ set (subExpr Q)" in rev_mp) apply (erule thin_rl)+ apply (cut_tac exec_i[THEN sym] sigma'_def i_def sigma_def check_i p'_def e'_def p_def Pi_def) --{* induction on Q' *} apply simp apply (case_tac "hd (tl stk) = Null") apply (simp add: split_def) apply (simp add: split_def env_upd) apply (rule_tac expr="Q'" in expr_induct) --{* Rg *} apply (rule impI, rule allI) apply (subgoal_tac "\ex \ set (remdups' (getGfEx list1 list2 Q)). Rg nat \ Gf list1 list2 ex") prefer 2 apply simp apply (drule_tac foldl_map_lookup) apply (simp add: fms map_if_notin id_lookup_def) --{* St *} apply (rule impI, rule allI) apply (subgoal_tac "\ex \ set (remdups' (getGfEx list1 list2 Q)). St nat \ Gf list1 list2 ex") prefer 2 apply simp apply (drule_tac foldl_map_lookup) apply (drule subExpr_stkIds) apply (drule_tac xs="stkIds Q" in in_set_conv_decomp_fst) apply (erule exE | erule conjE)+ apply (simp add: fms map_if_notin id_lookup_def neq_Nil_conv) apply (case_tac "stk") apply simp apply (case_tac "list") apply simp apply (case_tac "lista") apply simp apply simp --{* Lv *} apply (subgoal_tac "\ex \ set (remdups' (getGfEx list1 list2 Q)). Lv nat \ Gf list1 list2 ex") prefer 2 apply simp apply (drule_tac foldl_map_lookup) apply (simp add: fms map_if_notin id_lookup_def) --{* Cn *} apply (subgoal_tac "\ex \ set (remdups' (getGfEx list1 list2 Q)). Cn val \ Gf list1 list2 ex") prefer 2 apply simp apply (drule_tac foldl_map_lookup) apply (simp add: fms map_if_notin id_lookup_def) --{* NewA *} apply (subgoal_tac "\ex \ set (remdups' (getGfEx list1 list2 Q)). NewA n \ Gf list1 list2 ex") prefer 2 apply simp apply (drule_tac foldl_map_lookup) apply (simp add: fms map_if_notin id_lookup_def) apply (rule impI) apply (erule conjE | erule exE)+ apply (case_tac "hd (tl stk)") apply (simp add: is_Ref_def is_Ref'_def)+ apply (erule exE)+ apply (rule evalNewA_dom) apply (rule set_ext) apply (simp (no_asm_simp) add: mem_Collect_eq Map.dom_def split add: split_if) --{* Gf list1a list2a expr *} apply (rule impI) apply (frule subExpr_getGfEx) apply (drule_tac x="expr" in in_rd_sp) apply (erule exE | erule conjE)+ apply (rule allI) apply (case_tac "list1a = list1 \ list2a = list2") prefer 2 apply (subgoal_tac "\ex \ set (remdups' (getGfEx list1 list2 Q)). Gf list1a list2a expr \ Gf list1 list2 ex") prefer 2 apply simp apply (rule impI)+ apply simp apply (simp (no_asm_simp) only: foldl_map_lookup substE_substEs.simps del: evalE_evalEs.simps) apply (subgoal_tac "(map (\q. (Pos q, if q = (C, M, Suc pc) then Pos p else FF)) (getPosEx Q) @ map (\k. (St k, St (Suc (Suc k)))) (stkIds Q)) ? Gf list1a list2a expr = None") prefer 2 apply (simp add: fms) apply (simp only: option.cases) apply (subgoal_tac "expr \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Gf list1a list2a expr" in subExpr_Gf) apply assumption apply (simp add: parts.simps) apply (drule mp, assumption) apply (simp add: is_Ref'_def is_Addr'_conv split add: val.split) apply (rule conjI) apply (rule impI) apply (erule conjE)+ apply simp apply (erule conjE | erule exE)+ apply simp --{* list1a = list1 and list2a = list2 *} apply (subgoal_tac "\ ex \ set bs. Gf list1 list2 expr \ Gf list1 list2 ex") prefer 2 apply simp apply (rule ballI) apply (case_tac "ex = expr") apply simp apply (rule not_sym) apply assumption apply (subgoal_tac "\ ex \ set as. Gf list1 list2 expr \ Gf list1 list2 ex") prefer 2 apply simp apply (rule ballI) apply (case_tac "ex = expr") apply simp apply (rule not_sym) apply assumption apply (simp only: foldl_map_lookup foldl_append foldl.simps substE_substEs.simps lookup.simps fst_conv snd_conv simp_thms bool.cases option.cases) apply (subgoal_tac "expr \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Gf list1 list2 expr" in subExpr_Gf) apply simp apply (simp add: parts.simps) apply (drule mp, assumption) apply (subgoal_tac "(substE (foldl (\mp ex. (Gf list1 list2 ex, IF substE mp ex \ St (Suc 0) THEN St 0 ELSE Gf list1 list2 (substE mp ex)) # mp) ((Gf list1 list2 expr, IF substE (foldl (\mp ex. (Gf list1 list2 ex, IF substE mp ex \ St (Suc 0) THEN St 0 ELSE Gf list1 list2 (substE mp ex)) # mp) (map (\q. (Pos q, if q = (C, M, Suc pc) then Pos (C,M,pc) else FF)) (getPosEx Q) @ map (\k. (St k, St (Suc (Suc k)))) (stkIds Q)) as) expr \ St (Suc 0) THEN St 0 ELSE Gf list1 list2 (substE (foldl (\mp ex. (Gf list1 list2 ex, IF substE mp ex \ St (Suc 0) THEN St 0 ELSE Gf list1 list2 (substE mp ex)) # mp) (map (\q. (Pos q, if q = (C, M, Suc pc) then Pos (C,M,pc) else FF)) (getPosEx Q) @ map (\k. (St k, St (Suc (Suc k)))) (stkIds Q)) as) expr)) # foldl (\mp ex. (Gf list1 list2 ex, IF substE mp ex \ St (Suc 0) THEN St 0 ELSE Gf list1 list2 (substE mp ex)) # mp) (map (\q. (Pos q, if q = (C, M, Suc pc) then Pos (C,M,pc) else FF)) (getPosEx Q) @ map (\k. (St k, St (Suc (Suc k)))) (stkIds Q)) as) bs) expr) = substE (foldl (\mp ex. (Gf list1 list2 ex, IF substE mp ex \ St (Suc 0) THEN St 0 ELSE Gf list1 list2 (substE mp ex)) # mp) (map (\q. (Pos q, if q = (C, M, Suc pc) then Pos (C,M,pc) else FF)) (getPosEx Q) @ map (\k. (St k, St (Suc (Suc k)))) (stkIds Q)) as) expr ") prefer 2 apply (erule_tac V="\I. ?P I" in thin_rl) apply (rule substE_eq) apply (subgoal_tac "\expr'. expr = expr'") prefer 2 apply (erule thin_rl)+ apply fastsimp apply (erule exE)+ apply (subgoal_tac "\ em em'. eqExMps em em' expr = eqExMps em em' expr'") prefer 2 apply simp apply (subgoal_tac "expr' \ set (subExpr expr)") prefer 2 apply (simp only:) apply (rule getExpr_refl) apply (erule_tac V="expr = expr'" in thin_rl) apply (simp only:) apply (erule_tac P="expr' \ set (subExpr expr)" in rev_mp) apply (rule_tac expr="expr'" in expr_induct) --{* Rg nat *} apply (simp add: eqExMps_def lookup.simps fms foldl_map_lookup) --{* St nat *} apply (simp add: eqExMps_def lookup.simps fms foldl_map_lookup) --{* Lv nat *} apply (simp add: eqExMps_def lookup.simps fms foldl_map_lookup) --{* Cn val *} apply (simp add: eqExMps_def lookup.simps fms foldl_map_lookup) --{* NewA *} apply (simp add: eqExMps_def lookup.simps fms foldl_map_lookup) --{* Gf list1aa list2aa expra *} apply (rule impI) apply (frule_tac ex="expra" in subExpr_getGfEx) apply (subgoal_tac "expra \ set (subExpr expr)") prefer 2 apply (rule_tac ex'="Gf list1aa list2aa expra" in subExpr_Gf) apply assumption apply (simp add: parts.simps) apply (drule mp, assumption) apply (case_tac "list1aa = list1 \ list2aa = list2") apply (frule_tac getGfEx_not_refl) apply (subgoal_tac "\as' bs' cs'. remdups' (getGfEx list1 list2 Q) = as'@[expra]@bs'@[expr]@cs'") prefer 2 apply (rule getGFEx_mono) apply simp apply (rule subExpr_getGfEx) apply assumption apply (erule exE)+ apply (subgoal_tac "distinct (as' @ [expra] @ bs' @ [expr] @ cs')") prefer 2 apply (drule_tac t="as' @ [expra] @ bs' @ [expr] @ cs'" in sym) apply (erule_tac V="remdups' (getGfEx list1 list2 Q) = ?c" in thin_rl) apply (simp only: distinct_remdups') apply (subgoal_tac "distinct (as@[expr]@bs)") prefer 2 apply (subgoal_tac "(as @ expr # bs) = (as @ [expr] @ bs)") prefer 2 apply simp apply (drule_tac s="as @ expr # bs" in sym) apply (simp only: distinct_remdups') apply (subgoal_tac "as @ [expr] @ bs = (as' @ [expra] @ bs') @ [expr] @ cs'") prefer 2 apply (drule_tac t="as' @ [expra] @ bs' @ [expr] @ cs'" in sym) apply simp apply (drule distinct_list_match) apply assumption apply simp apply (subgoal_tac "\ ex \ set bs. Gf list1 list2 expra \ Gf list1 list2 ex") prefer 2 apply (subgoal_tac "expra \ set bs") prefer 2 apply simp apply (rule ballI) apply (rule classical) apply simp apply (subgoal_tac "\ ex \ set as'. Gf list1 list2 expra \ Gf list1 list2 ex") prefer 2 apply (subgoal_tac "expra \ set as'") prefer 2 apply simp apply (rule ballI) apply (rule classical) apply simp apply (subgoal_tac "\ ex \ set bs'. Gf list1 list2 expra \ Gf list1 list2 ex") prefer 2 apply (subgoal_tac "expra \ set bs'") prefer 2 apply simp apply (rule ballI) apply (rule classical) apply simp apply (simp add: eqExMps_def foldl_map_lookup) --{* ~ (list1aa = list1 and list2aa = list2) *} apply (frule_tac getGfEx_not_refl) apply (subgoal_tac "\ex \ set bs. Gf list1aa list2aa expra \ Gf list1 list2 ex") prefer 2 apply simp apply (rule impI)+ apply simp apply (subgoal_tac "\ex \ set as. Gf list1aa list2aa expra \ Gf list1 list2 ex") prefer 2 apply simp apply (rule impI)+ apply simp apply (simp add: fms eqExMps_def foldl_map_lookup split add: bool.split) apply (rule impI)+ apply (rule not_sym) apply assumption --{* FrNr *} apply (simp add: eqExMps_def lookup.simps fms foldl_map_lookup) --{* Num expr1 numop expr2 *} apply (rule impI) apply (subgoal_tac "expr1 \ set (subExpr expr)") prefer 2 apply (rule_tac ex'="Num expr1 num_op expr2" in subExpr_Gf) apply assumption apply simp apply (subgoal_tac "expr2 \ set (subExpr expr)") prefer 2 apply (rule_tac ex'="Num expr1 num_op expr2" in subExpr_Gf) apply assumption apply simp apply (simp add: eqExMps_def fms foldl_map_lookup) --{* Rel expr1 rop expr2 *} apply (rule impI) apply (subgoal_tac "expr1 \ set (subExpr expr)") prefer 2 apply (rule_tac ex'="Rel expr1 rel_op expr2" in subExpr_Gf) apply assumption apply simp apply (subgoal_tac "expr2 \ set (subExpr expr)") prefer 2 apply (rule_tac ex'="Rel expr1 rel_op expr2" in subExpr_Gf) apply assumption apply simp apply (simp add: eqExMps_def fms foldl_map_lookup) --{* IF THEN ELSE *} apply (rule impI) apply (subgoal_tac "expr1 \ set (subExpr expr)") prefer 2 apply (rule_tac ex'="IF expr1 THEN expr2 ELSE expr3" in subExpr_Gf) apply assumption apply simp apply (subgoal_tac "expr2 \ set (subExpr expr)") prefer 2 apply (rule_tac ex'="IF expr1 THEN expr2 ELSE expr3" in subExpr_Gf) apply assumption apply simp apply (subgoal_tac "expr3 \ set (subExpr expr)") prefer 2 apply (rule_tac ex'="IF expr1 THEN expr2 ELSE expr3" in subExpr_Gf) apply assumption apply simp apply (simp add: eqExMps_def fms foldl_map_lookup) --{* Eq expr1 expr2 *} apply (rule impI) apply (subgoal_tac "expr1 \ set (subExpr expr)") prefer 2 apply (rule_tac ex'="Eq expr1 expr2" in subExpr_Gf) apply assumption apply simp apply (subgoal_tac "expr2 \ set (subExpr expr)") prefer 2 apply (rule_tac ex'="Eq expr1 expr2" in subExpr_Gf) apply assumption apply simp apply (simp add: eqExMps_def fms foldl_map_lookup) --{* Neg *} apply (rule impI) apply (subgoal_tac "expra \ set (subExpr expr)") prefer 2 apply (rule_tac ex'="Neg expra" in subExpr_Gf) apply assumption apply simp apply (simp add: eqExMps_def fms foldl_map_lookup) --{* Imp expr1 expr2 *} apply (rule impI) apply (subgoal_tac "expr1 \ set (subExpr expr)") prefer 2 apply (rule_tac ex'="Imp expr1 expr2" in subExpr_Gf) apply assumption apply simp apply (subgoal_tac "expr2 \ set (subExpr expr)") prefer 2 apply (rule_tac ex'="Imp expr1 expr2" in subExpr_Gf) apply assumption apply simp apply (simp add: eqExMps_def fms foldl_map_lookup) --{* Forall nat expra *} apply (rule impI) apply (subgoal_tac "expra \ set (subExpr expr)") prefer 2 apply (rule_tac ex'="Forall nat expra" in subExpr_Gf) apply assumption apply simp apply (simp add: eqExMps_def fms foldl_map_lookup) --{* Ty expra ty *} apply (rule impI) apply (subgoal_tac "expra \ set (subExpr expr)") prefer 2 apply (rule_tac ex'="Ty expra ty" in subExpr_Gf) apply assumption apply simp apply (simp add: eqExMps_def fms foldl_map_lookup) --{* Pos *} apply (simp add: eqExMps_def fms foldl_map_lookup) --{* Call *} apply (rule impI) apply (subgoal_tac "\ex \ set bs. Call expra \ Gf list1 list2 ex") prefer 2 apply simp apply (subgoal_tac "\ex \ set as. Call expra \ Gf list1 list2 ex") prefer 2 apply simp apply (simp only: eqExMps_Call) apply (simp add: fms foldl_map_lookup) --{* Catch *} apply (rule impI) apply (subgoal_tac "\ex \ set bs. Call expra \ Gf list1 list2 ex") prefer 2 apply simp apply (subgoal_tac "\ex \ set as. Call expra \ Gf list1 list2 ex") prefer 2 apply simp apply (simp only: eqExMps_Catch) apply (simp add: fms foldl_map_lookup) --{* And es *} apply (rule impI) apply (simp only: eqExMps_And') apply (rule conjI) apply (subgoal_tac "\ex \ set bs. And es \ Gf list1 list2 ex") prefer 2 apply simp apply (subgoal_tac "\ex \ set as. And es \ Gf list1 list2 ex") prefer 2 apply simp apply (simp add: fms map_if_notin id_lookup_def foldl_map_lookup del: evalE_evalEs.simps split del: split_if) apply (rule ballI) apply (erule_tac x="ex" and A="set es" in ballE) prefer 2 apply simp apply (subgoal_tac "ex \ set (subExpr expr)") prefer 2 apply (rule_tac ex'="And es" in subExpr_Gf) apply simp apply simp apply (drule mp, assumption) apply (simp only:) apply (simp only: foldl_append foldl_Cons substE_substEs.simps) apply (subgoal_tac "\ ex \ (set bs). Gf list1 list2 expr \ Gf list1 list2 ex") prefer 2 apply simp (* apply (simp only: foldl_map_lookup) *) apply (simp only: evalE_evalEs.simps the_Bool_def) apply (case_tac "stk") apply simp apply (case_tac "list") apply simp apply (simp add: is_Ref'_def is_Addr'_conv) apply (erule conjE | erule exE)+ apply (rule allI) apply (rule impI)+ apply (rule conjI) apply (rule impI)+ apply (case_tac "aa") apply simp apply simp apply simp apply simp apply simp apply (rule impI)+ apply (case_tac "ad") apply simp apply simp apply simp apply simp --{* ad = Addr nat *} apply simp --{* FrNr *} apply (rule impI, rule allI) apply (subgoal_tac "\ex \ set (remdups' (getGfEx list1 list2 Q)). FrNr \ Gf list1 list2 ex") prefer 2 apply simp apply (drule_tac foldl_map_lookup) apply (simp add: fms map_if_notin id_lookup_def) --{* Num expr1 numop expr2 *} apply (rule impI) apply (subgoal_tac "expr1 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Num expr1 num_op expr2" in subExpr_Gf) apply assumption apply simp apply (subgoal_tac "expr2 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Num expr1 num_op expr2" in subExpr_Gf) apply assumption apply simp apply (simp add: fms foldl_map_lookup) --{* Rel expr1 rop expr2 *} apply (rule impI) apply (subgoal_tac "expr1 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Rel expr1 rel_op expr2" in subExpr_Gf) apply assumption apply simp apply (subgoal_tac "expr2 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Rel expr1 rel_op expr2" in subExpr_Gf) apply assumption apply simp apply (simp add: fms foldl_map_lookup) --{* IF THEN ELSE *} apply (rule impI) apply (subgoal_tac "expr1 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="IF expr1 THEN expr2 ELSE expr3" in subExpr_Gf) apply assumption apply simp apply (subgoal_tac "expr2 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="IF expr1 THEN expr2 ELSE expr3" in subExpr_Gf) apply assumption apply simp apply (subgoal_tac "expr3 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="IF expr1 THEN expr2 ELSE expr3" in subExpr_Gf) apply assumption apply simp apply (simp add: fms foldl_map_lookup split add: bool.split) --{* Eq expr1 expr2 *} apply (rule impI) apply (subgoal_tac "expr1 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Eq expr1 expr2" in subExpr_Gf) apply assumption apply simp apply (subgoal_tac "expr2 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Eq expr1 expr2" in subExpr_Gf) apply assumption apply simp apply (simp add: fms foldl_map_lookup) --{* Neg *} apply (rule impI) apply (subgoal_tac "expr \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Neg expr" in subExpr_Gf) apply assumption apply simp apply (simp add: fms foldl_map_lookup) --{* Imp expr1 expr2 *} apply (rule impI) apply (subgoal_tac "expr1 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Imp expr1 expr2" in subExpr_Gf) apply assumption apply simp apply (subgoal_tac "expr2 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Imp expr1 expr2" in subExpr_Gf) apply assumption apply simp apply (simp add: fms foldl_map_lookup) --{* Forall nat expra *} apply (rule impI) apply (subgoal_tac "expr \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Forall nat expr" in subExpr_Gf) apply assumption apply simp apply (simp add: fms foldl_map_lookup) --{* Ty expr ty *} apply (rule impI) apply (subgoal_tac "expr \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Ty expr ty" in subExpr_Gf) apply assumption apply simp apply (erule conjE | erule exE)+ apply (simp add: is_Ref'_def is_Addr'_conv) apply (erule conjE | erule exE)+ apply (simp add: fms foldl_map_lookup split add: val.split) --{* Pos *} apply (rule impI) apply (subgoal_tac "x \ set (getPosEx Q)") prefer 2 apply (rule subExpr_getPosEx) apply assumption apply (drule_tac xs="(getPosEx Q)" in in_set_conv_decomp_fst) apply (erule exE | erule conjE)+ apply (subgoal_tac "\ex \ set (remdups' (getGfEx list1 list2 Q)). Pos x \ Gf list1 list2 ex") prefer 2 apply simp apply (subgoal_tac "p' mem domC \") prefer 2 apply (cut_tac wf_Pi) apply (cut_tac p_domC) apply (cut_tac p_def) apply (cut_tac cmd_p) apply (simp only: in_set_conv_decomp) apply (erule exE)+ apply (simp add: incA_def wf_def checkPos_split succsNormal_def split add: split_if_asm) apply (cut_tac p_domC) apply (case_tac "frs") apply (simp add: fms foldl_map_lookup map_if_notin id_lookup_def p_def mem_iff) apply (simp add: fms foldl_map_lookup map_if_notin id_lookup_def p_def mem_iff callers_simps) --{* Call *} apply (rule impI) apply (subgoal_tac "\ex \ set (remdups' (getGfEx list1 list2 Q)). Call expr \ Gf list1 list2 ex") prefer 2 apply simp apply (simp add: fms foldl_map_lookup id_lookup_def) apply (rule impI) apply (simp only: neq_Nil_conv) apply (erule exE)+ apply (simp add: split_paired_all) --{* Catch *} apply (rule impI) apply (subgoal_tac "\ex \ set (remdups' (getGfEx list1 list2 Q)). Catch list expr \ Gf list1 list2 ex") prefer 2 apply simp apply (simp add: fms foldl_map_lookup id_lookup_def) apply (rule impI) apply (simp only: neq_Nil_conv) apply (erule exE)+ apply (simp add: split_paired_all) --{* And es*} apply (rule impI) apply (simp only: evalE_And substE_substEs.simps substEs_map) apply simp apply (rule allI) apply (rule iffI) apply (rule ballI) apply (erule_tac x="ex" in ballE) prefer 2 apply simp apply (erule_tac x="ex" in ballE) prefer 2 apply simp apply (subgoal_tac "ex \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="And es" in subExpr_Gf) apply assumption apply simp apply (drule mp, assumption) apply (erule_tac x="I" in allE) apply (simp only:) apply (subgoal_tac "(\u. if u = the_Addr (hd (tl stk)) then \(cname_of h (the_Addr (hd (tl stk))), \u. if u = (list1, list2) then \hd stk\ else snd (the (h (the_Addr (hd (tl stk))))) u)\ else h u) = h(the_Addr (hd (tl stk)) \ (cname_of h (the_Addr (hd (tl stk))), snd (the (h (the_Addr (hd (tl stk)))))((list1, list2) \ hd stk)))") prefer 2 apply (rule ext) apply simp apply (rule impI) apply (rule ext) apply simp apply (simp only:) --{* second direction of iff *} apply (rule ballI) apply (erule_tac x="ex" in ballE) prefer 2 apply simp apply (erule_tac x="ex" in ballE) prefer 2 apply simp apply (subgoal_tac "ex \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="And es" in subExpr_Gf) apply assumption apply simp apply (drule mp, assumption) apply (erule_tac x="I" in allE) apply (simp only:) apply (subgoal_tac "(\u. if u = the_Addr (hd (tl stk)) then \(cname_of h (the_Addr (hd (tl stk))), \u. if u = (list1, list2) then \hd stk\ else snd (the (h (the_Addr (hd (tl stk))))) u)\ else h u) = h(the_Addr (hd (tl stk)) \ (cname_of h (the_Addr (hd (tl stk))), snd (the (h (the_Addr (hd (tl stk)))))((list1, list2) \ hd stk)))") prefer 2 apply (rule ext) apply simp apply (rule impI) apply (rule ext) apply simp apply (simp only:) done qed (*>*) lemma effS_wpF_Checkcast: assumes i_def: "i = Checkcast Cl" assumes wf_Pi: "wf \" assumes handlesEx: "handlesEx (fst \) p' = None" assumes cmd_p: "cmd \ p = Some i" assumes p_domC: "p \ set (domC \)" assumes i_instr: "instrs_of P C M ! pc = i" assumes s_def: "s = (p,\,e)" assumes p_def: "p = (C,M,pc)" assumes sigma_def: "\ = (None,h,(stk,loc,p)#frs)" assumes s'_def: "s' = (p',\',e')" assumes sigma'_def: "\' = (None,h,fr'#frs')" assumes e'_def: "e' = e\cs := if \M n. i = Invoke M n then h # cs e else if i = Return then tl (cs e) else cs e\" assumes p'_def: "p' = snd (snd fr')" assumes check_i: "check_instr' i P h stk loc C M pc frs" assumes exec_i : "exec_instr i P h stk loc C M pc frs = \'" assumes Pi_def: "\ = (P,An)" shows "\ I. evalE \ (p,\,e\lv:=I\) (wpF \ p p' Q) = evalE \ (p',\',e'\lv:=I\) Q" (*<*) proof - from handlesEx cmd_p i_def show ?thesis apply - apply (simp only: wpF_Checkcast) --{* induction preparation *} apply (subgoal_tac "\Q'. Q = Q'") prefer 2 apply fastsimp apply (erule exE) apply (subgoal_tac "\em. substE em Q = substE em Q'") prefer 2 apply simp apply (subgoal_tac "\ I. evalE \ (p', \', e'\lv:=I\) Q = evalE \ (p', \', e'\lv:=I\) Q'") prefer 2 apply simp apply (subgoal_tac "Q' \ set (subExpr Q)") prefer 2 apply (simp add: getExpr_refl) apply (erule_tac V="Q = Q'" in thin_rl) apply (simp only:) apply (erule_tac V="\em. substE em Q = substE em Q'" in thin_rl) apply (erule_tac V="\I. evalE \ (p', \', e'\lv:=I\) Q = evalE \ (p', \', e'\lv:=I\) Q'" in thin_rl) apply (erule_tac P="Q' \ set (subExpr Q)" in rev_mp) apply (erule thin_rl)+ apply (cut_tac exec_i[THEN sym] sigma'_def i_def sigma_def check_i p'_def e'_def p_def) --{* induction on Q' *} apply simp apply (case_tac " \ cast_ok P Cl h (hd stk)") apply (simp add: split_def) apply (simp add: split_def) apply (rule_tac expr="Q'" in expr_induct) --{* Rg *} apply (rule impI, rule allI) apply (drule subExpr_rgIds) apply (drule_tac xs="rgIds Q" in in_set_conv_decomp_fst) apply (erule exE | erule conjE)+ apply (simp add: fms map_if_notin id_lookup_def) --{* St *} apply (rule impI, rule allI) apply (drule subExpr_stkIds) apply (drule_tac xs="stkIds Q" in in_set_conv_decomp_fst) apply (erule exE | erule conjE)+ apply (simp add: fms map_if_notin id_lookup_def neq_Nil_conv) --{* Lv *} apply (simp add: fms map_if_notin id_lookup_def) --{* Cn *} apply (simp add: fms map_if_notin id_lookup_def) --{* NewA *} apply (simp add: fms map_if_notin id_lookup_def) --{* Gf list1 list2 expr *} apply (rule impI) apply (subgoal_tac "expr \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Gf list1 list2 expr" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (simp add: fms map_if_notin id_lookup_def split add: val.split) --{* FrNr *} apply (simp add: fms map_if_notin id_lookup_def) --{* Num expr1 num_op epxr2 *} apply (rule impI) apply (subgoal_tac "expr1 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Num expr1 num_op expr2" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (subgoal_tac "expr2 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Num expr1 num_op expr2" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (simp add: fms map_if_notin id_lookup_def) --{* Rel expr1 rel_op expr2 *} apply (rule impI) apply (subgoal_tac "expr1 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Rel expr1 rel_op expr2" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (subgoal_tac "expr2 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Rel expr1 rel_op expr2" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (simp add: fms map_if_notin id_lookup_def) --{* IF expr1 THEN expr2 ELSE expr3 *} apply (rule impI) apply (subgoal_tac "expr1 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="IF expr1 THEN expr2 ELSE expr3" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (subgoal_tac "expr2 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="IF expr1 THEN expr2 ELSE expr3" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (subgoal_tac "expr3 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="IF expr1 THEN expr2 ELSE expr3" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (drule mp,assumption)+ apply (simp add: split_def fms map_if_notin id_lookup_def evalE_evalEs.simps substE_substEs.simps split del: split_if add: bool.split ) apply (rule allI) apply (case_tac "evalE \ ((C, M, Suc pc), (None, h, (stk, loc, C, M, Suc pc) # frs), e\lv := I\) expr1 = \Bool True\") apply simp apply simp --{* Eq expr1 expr2 *} apply (rule impI) apply (subgoal_tac "expr1 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Eq expr1 expr2" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (subgoal_tac "expr2 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Eq expr1 expr2" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (simp add: fms map_if_notin id_lookup_def) --{* Neg expr *} apply (rule impI) apply (subgoal_tac "expr \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Neg expr" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (simp add: fms map_if_notin id_lookup_def) --{* Imp expr1 expr2 *} apply (rule impI) apply (subgoal_tac "expr1 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Imp expr1 expr2" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (subgoal_tac "expr2 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Imp expr1 expr2" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (simp add: fms map_if_notin id_lookup_def) --{* Forall nat expr *} apply (rule impI) apply (subgoal_tac "expr \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Forall nat expr" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (simp add: fms map_if_notin id_lookup_def split del: split_if) --{* Ty expr ty*} apply (rule impI) apply (subgoal_tac "expr \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Ty expr ty" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (simp add: Let_def split_def fms map_if_notin id_lookup_def split add: val.split) --{* Pos x *} apply (rule impI, rule allI) apply (subgoal_tac "x \ set (getPosEx Q)") prefer 2 apply (rule subExpr_getPosEx) apply assumption apply (drule_tac xs="getPosEx Q" in in_set_conv_decomp_fst) apply (erule exE |erule conjE)+ apply (subgoal_tac "p' mem domC \") prefer 2 apply (cut_tac wf_Pi) apply (cut_tac p_domC) apply (cut_tac p_def) apply (cut_tac cmd_p) apply (simp only: in_set_conv_decomp) apply (erule exE)+ apply (simp add: incA_def wf_def checkPos_split succsNormal_def split add: split_if_asm) apply (cut_tac p_domC) apply (case_tac "frs") apply (simp add: fms map_if_notin id_lookup_def p_def mem_iff) apply (simp add: fms map_if_notin id_lookup_def p_def mem_iff callers_simps) --{* Call *} apply (rule impI,rule allI) apply (simp add: Let_def split_def fms map_if_notin id_lookup_def) apply (rule impI) apply (simp only: neq_Nil_conv) apply (erule exE)+ apply (simp (no_asm_simp) add: split_paired_all env_upd_cs) --{* Catch *} apply (rule impI,rule allI) apply (simp add: Let_def split_def fms map_if_notin id_lookup_def) apply (rule impI) apply (simp only: neq_Nil_conv) apply (erule exE)+ apply (simp (no_asm_simp) add: split_paired_all env_upd_cs) --{* And es *} apply (rule impI, rule allI) apply (simp add: evalE_And fms map_if_notin id_lookup_def del: evalE_evalEs.simps split del: split_if) apply (rule iffI) apply (rule ballI) apply (erule_tac x="ex" in ballE) apply (erule_tac x="(substE (map (\q. (Pos q, if q = (C, M, Suc pc) then Pos p else FF)) (getPosEx Q)) ex)" in ballE) apply (subgoal_tac "ex \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="And es" in subExpr_Gf) apply assumption apply (simp add: parts.simps) apply (simp add: substEs_map) apply (simp add: substEs_map) apply (simp only:) apply (rule ballI) apply (simp add: substEs_map image_iff) apply (erule bexE) apply (erule_tac x="x" in ballE) apply (erule_tac x="x" in ballE) apply (subgoal_tac "x \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="And es" in subExpr_Gf) apply assumption apply (simp (no_asm_simp) add: parts.simps) apply simp apply (simp only:) apply (simp only:) done qed (*>*) lemma effS_wpF_Invoke: assumes i_def: "i = Invoke Mn n" assumes wf_Pi: "wf \" assumes handlesEx: "handlesEx (fst \) p' = None" assumes cmd_p: "cmd \ p = Some i" assumes p_domC: "p \ set (domC \)" assumes i_instr: "instrs_of P C M ! pc = i" assumes s_def: "s = (p,\,e)" assumes p_def: "p = (C,M,pc)" assumes sigma_def: "\ = (None,h,(stk,loc,p)#frs)" assumes s'_def: "s' = (p',\',e')" assumes sigma'_def: "\' = (None,h,fr'#frs')" assumes e'_def: "e' = e\cs := if \M n. i = Invoke M n then h # cs e else if i = Return then tl (cs e) else cs e\" assumes p'_def: "p' = snd (snd fr')" assumes check_i: "check_instr' i P h stk loc C M pc frs" assumes exec_i : "exec_instr i P h stk loc C M pc frs = \'" assumes Pi_def: "\ = (P,An)" (* assumes anF_p: "\ A. anF \ p = Some A \ \,s \ A" *) assumes p'_domC: "p' \ set (domC \)" shows "\ I. evalE \ (p,\,e\lv:=I\) (wpF \ p p' Q) = evalE \ (p',\',e'\lv:=I\) Q" (*<*) proof - from handlesEx cmd_p i_def show ?thesis apply - apply (simp only: wpF_Invoke) --{* induction preparation *} apply (subgoal_tac "\Q'. Q = Q'") prefer 2 apply fastsimp apply (erule exE) apply (subgoal_tac "\em. substE em Q = substE em Q'") prefer 2 apply simp apply (subgoal_tac "\ I. evalE \ (p', \', e'\lv:=I\) Q = evalE \ (p', \', e'\lv:=I\) Q'") prefer 2 apply simp apply (subgoal_tac "Q' \ set (subExpr Q)") prefer 2 apply (simp add: getExpr_refl) apply (erule_tac V="Q = Q'" in thin_rl) apply (simp only:) apply (erule_tac V="\em. substE em Q = substE em Q'" in thin_rl) apply (erule_tac V="\I. evalE \ (p', \', e'\lv:=I\) Q = evalE \ (p', \', e'\lv:=I\) Q'" in thin_rl) apply (erule_tac P="Q' \ set (subExpr Q)" in rev_mp) apply (erule thin_rl)+ apply (cut_tac exec_i[THEN sym] sigma'_def i_def sigma_def check_i p'_def e'_def p_def) --{* induction on Q' *} apply (case_tac "stk ! n = Null") apply (simp add: split_def) apply (rule_tac expr="Q'" in expr_induct) --{* Rg *} apply (rule impI, rule allI) apply (drule subExpr_rgIds) apply (drule_tac xs="rgIds Q" in in_set_conv_decomp_fst) apply (erule exE | erule conjE)+ apply (simp add: is_Ref'_def is_Addr'_conv fms map_if_notin id_lookup_def) apply (erule conjE | erule exE)+ apply (drule has_method_has_method) apply (erule conjE | erule exE)+ apply (rule conjI | rule impI)+ apply (case_tac "nat") apply simp apply (subgoal_tac "nata < length stk") prefer 2 apply arith apply (simp add: nth_append) apply (rule rev_take_nth) apply assumption apply arith apply arith apply (rule impI)+ apply (case_tac "nat") apply simp apply (simp add: nth_append) apply (subgoal_tac "nata - min (length stk) n < fst (snd (snd (snd (snd (method P (cname_of h (the_Addr (stk ! n))) Mn)))))") prefer 2 apply (simp add: min_def linorder_not_le le_simps linorder_not_less Pi_def) apply (presburger (abs)) apply (simp add: nth_replicate arb_def) apply arith apply arith apply (case_tac "stk") apply simp apply (simp add: none_def linorder_not_less min_def le_simps linorder_not_le Pi_def) --{* St *} apply (rule impI, rule allI) apply (drule subExpr_stkIds) apply (drule_tac xs="stkIds Q" in in_set_conv_decomp_fst) apply (erule exE | erule conjE)+ apply (simp add: fms map_if_notin id_lookup_def neq_Nil_conv none_def) --{* Lv *} apply (simp add: fms map_if_notin id_lookup_def cong del: if_weak_cong) --{* Cn *} apply (simp add: fms map_if_notin id_lookup_def cong del: if_weak_cong) --{* NewA *} apply (simp add: fms map_if_notin id_lookup_def cong del: if_weak_cong) --{* Gf list1 list2 expr *} apply (rule impI) apply (subgoal_tac "expr \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Gf list1 list2 expr" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (simp add: fms map_if_notin id_lookup_def cong del: if_weak_cong split add: val.split) --{* FrNr *} apply (simp add: fms map_if_notin id_lookup_def numop_def) --{* Num expr1 num_op epxr2 *} apply (rule impI) apply (subgoal_tac "expr1 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Num expr1 num_op expr2" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (subgoal_tac "expr2 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Num expr1 num_op expr2" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (simp add: fms map_if_notin id_lookup_def cong del: if_weak_cong ) --{* Rel expr1 rel_op expr2 *} apply (rule impI) apply (subgoal_tac "expr1 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Rel expr1 rel_op expr2" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (subgoal_tac "expr2 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Rel expr1 rel_op expr2" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (simp add: fms map_if_notin id_lookup_def cong del: if_weak_cong) --{* IF expr1 THEN expr2 ELSE expr3 *} apply (rule impI) apply (subgoal_tac "expr1 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="IF expr1 THEN expr2 ELSE expr3" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (subgoal_tac "expr2 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="IF expr1 THEN expr2 ELSE expr3" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (subgoal_tac "expr3 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="IF expr1 THEN expr2 ELSE expr3" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (drule mp,assumption)+ apply (simp add: split_def fms map_if_notin id_lookup_def evalE_evalEs.simps substE_substEs.simps split del: split_if add: bool.split cong del: if_weak_cong ) --{* Eq expr1 expr2 *} apply (rule impI) apply (subgoal_tac "expr1 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Eq expr1 expr2" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (subgoal_tac "expr2 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Eq expr1 expr2" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (simp add: fms map_if_notin id_lookup_def cong del: if_weak_cong) --{* Neg expr *} apply (rule impI) apply (subgoal_tac "expr \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Neg expr" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (simp add: fms map_if_notin id_lookup_def cong del: if_weak_cong) --{* Imp expr1 expr2 *} apply (rule impI) apply (subgoal_tac "expr1 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Imp expr1 expr2" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (subgoal_tac "expr2 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Imp expr1 expr2" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (simp add: fms map_if_notin id_lookup_def cong del: if_weak_cong) --{* Forall nat expr *} apply (rule impI) apply (subgoal_tac "expr \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Forall nat expr" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (simp add: fms map_if_notin id_lookup_def split del: split_if cong del: if_weak_cong) --{* Ty expr ty*} apply (rule impI) apply (subgoal_tac "expr \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Ty expr ty" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (simp add: Let_def split_def fms map_if_notin id_lookup_def split add: val.split cong del: if_weak_cong) --{* Pos x *} apply (rule impI, rule allI) apply (subgoal_tac "x \ set (getPosEx Q)") prefer 2 apply (rule subExpr_getPosEx) apply assumption apply (drule_tac xs="getPosEx Q" in in_set_conv_decomp_fst) apply (erule exE |erule conjE)+ apply (subgoal_tac "p' mem domC \") prefer 2 apply (cut_tac p'_domC) apply (simp only: mem_iff) (* apply (cut_tac wf_Pi) apply (cut_tac p_domC) apply (cut_tac p_def) apply (cut_tac cmd_p) apply (simp only: in_set_conv_decomp) apply (erule exE)+ apply (simp add: is_Ref'_def is_Addr'_conv incA_def wf_def checkPos_split succsNormal_def split add: split_if_asm) apply (case_tac "extractTy (a,St n) = []") apply simp apply (subgoal_tac "\tp\set (extractTy (a,St n)). \,s \ Ty (St n) tp") prefer 2 apply (rule_tac A="a" in extractTy_sem) apply (cut_tac anF_p) apply (erule_tac x="a" in allE) apply simp apply (rule refl) apply assumption apply (erule bexE) apply (case_tac "extractTy (a,St n) = []") apply simp apply (simp add: in_set_conv_decomp not_Nil_case) apply (subgoal_tac "\ X. tp = Class X") prefer 2 apply (case_tac "ysc") apply simp apply (case_tac "tp") apply simp apply simp apply simp --{* tp = NT *} apply (cut_tac s_def sigma_def) apply (case_tac "ac") apply simp apply simp apply simp apply simp apply simp --{* tp = Class list *} apply simp --{* ysc = ac list *} apply (simp add: list_all_iff) apply (case_tac "tp") apply simp apply simp apply simp --{* tp = NT *} apply (cut_tac s_def sigma_def) apply (case_tac "ac") apply simp apply simp apply simp apply simp apply simp --{* tp = Class lista *} apply simp apply (erule exE ) apply simp apply (case_tac "ac") apply simp apply simp apply simp apply simp apply simp --{* ac = Addr nat *} apply (drule has_method_has_method) apply (erule exE | erule conjE)+ apply (simp add: split_def) apply (simp add: obj_ty_def) apply (cut_tac s_def) apply (simp add: Pi_def) *) apply (cut_tac p_domC) apply (cut_tac s_def) apply (case_tac "frs") apply (simp add: fms map_if_notin id_lookup_def p_def mem_iff) apply (rule impI) apply (case_tac "C = fst (ipc \) \ M = fst (snd (ipc \))") apply (cut_tac cmd_p) apply (cut_tac p_def) apply (simp add: callers_def) apply simp apply (case_tac "C = fst (ipc \)") apply simp apply simp --{* frs = a list *} apply (simp add: fms map_if_notin id_lookup_def p_def mem_iff callers_simps) apply (rule impI) apply (subgoal_tac "(C, M, pc) \ set (callers \ (fst (method P (cname_of h (the_Addr (stk ! n))) Mn), Mn, 0))") prefer 2 apply (cut_tac cmd_p) apply (cut_tac p_def) apply (simp add: callers_def) apply simp --{* Call *} apply (rule impI,rule allI) apply (drule subExpr_getCallEx) apply (drule_tac xs="getCallEx Q" in in_set_conv_decomp_fst) apply (erule exE | erule conjE)+ apply (simp add: Let_def split_def fms map_if_notin id_lookup_def env_upd) --{* Catch *} apply (rule impI,rule allI) apply (drule subExpr_getCatchEx) apply (drule_tac xs="getCatchEx Q" in in_set_conv_decomp_fst) apply (erule exE | erule conjE)+ apply (simp add: Let_def split_def fms map_if_notin id_lookup_def env_upd split del: split_if list.split option.split) apply (subgoal_tac "(concat (map (\e. if catchesEx P (fst e) (C, M, pc) then FiniteMap.o2l ([(Catch (fst e) (snd e), snd e)] ? Catch list expr) else FiniteMap.o2l ([(Catch (fst e) (snd e), IF FrNr \ Cn (Intg 1) THEN snd e ELSE Catch (fst e) (snd e))] ? Catch list expr)) ys)) = []") prefer 2 apply (erule_tac P="(list,expr)\ set ys" in rev_mp) apply (induct_tac "ys") apply simp apply (simp (no_asm_simp) split del: split_if) apply (rule impI) apply (simp (no_asm_simp)) apply (case_tac "fst a = list \ snd a = expr") apply (simp add: split_paired_all) apply (simp (no_asm_simp)) apply (simp (no_asm_simp) add: Pi_def Let_def split_def fms map_if_notin id_lookup_def env_upd split del: split_if list.split option.split) apply (case_tac "JVMExceptions.match_ex_table P list pc (ex_table_of P C M)") apply (subgoal_tac "\ catchesEx P list (C,M,pc)") prefer 2 apply (simp add: catchesEx_def) apply (simp add: env_upd split del: split_if list.split option.split) apply (case_tac "frs") apply simp --{* obsolete record manipulations *} apply (simp add: Pi_def) --{* exception caught *} apply (subgoal_tac "catchesEx P list (C,M,pc)") prefer 2 apply (simp add: catchesEx_def) apply (simp add: env_upd) --{* And es *} apply (rule impI, rule allI) apply (simp add: evalE_And fms map_if_notin id_lookup_def del: evalE_evalEs.simps split del: split_if) apply (rule iffI) apply (rule ballI) apply (erule_tac x="ex" in ballE) apply (erule_tac x=" (substE (map (\q. (Pos q, if q = (fst (method (fst \) (cname_of h (the_Addr (stk ! n))) Mn), Mn, 0) then Pos p else FF)) (getPosEx Q) @ (FrNr, Num FrNr num_op.Add (Cn (Intg 1))) # map (\k. (Rg k, if k \ n then St (n - k) else (if k \ n + fst (snd (snd (snd (snd (method (fst \) (fst p') Mn))))) then Cn arb else none))) (rgIds Q) @ map (\k. (St k, none)) (stkIds Q) @ map (\ex. (Call ex, ex)) (getCallEx Q) @ concat (map (\u. if catchesEx P (fst u) (C, M, pc) then [(Catch (fst u) (snd u), snd u)] else [(Catch (fst u) (snd u), IF FrNr \ Cn (Intg 1) THEN snd u ELSE Catch (fst u) (snd u))]) (getCatchEx Q))) ex)" in ballE) apply (subgoal_tac "ex \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="And es" in subExpr_Gf) apply assumption apply (simp add: parts.simps) apply (drule mp, assumption) apply (erule_tac x="I" in allE) apply (cut_tac Pi_def) apply (simp add: substEs_map) apply (simp add: substEs_map Pi_def) apply (simp only:) apply (rule ballI) apply (simp add: substEs_map image_iff) apply (erule bexE) apply (erule_tac x="x" in ballE) apply (erule_tac x="x" in ballE) apply (subgoal_tac "x \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="And es" in subExpr_Gf) apply assumption apply (simp (no_asm_simp) add: parts.simps) apply simp apply (simp only:) apply (simp only:) done qed (*>*) lemma effS_wpF_Return: assumes i_def: "i = Return" assumes wf_Pi: "wf \" assumes handlesEx: "handlesEx (fst \) p' = None" assumes cmd_p: "cmd \ p = Some i" assumes p_domC: "p \ set (domC \)" assumes i_instr: "instrs_of P C M ! pc = i" assumes s_def: "s = (p,\,e)" assumes p_def: "p = (C,M,pc)" assumes sigma_def: "\ = (None,h,(stk,loc,p)#frs)" assumes s'_def: "s' = (p',\',e')" assumes sigma'_def: "\' = (None,h,fr'#frs')" assumes e'_def: "e' = e\cs := if \M n. i = Invoke M n then h # cs e else if i = Return then tl (cs e) else cs e\" assumes p'_def: "p' = snd (snd fr')" assumes check_i: "check_instr' i P h stk loc C M pc frs" assumes exec_i : "exec_instr i P h stk loc C M pc frs = \'" assumes Pi_def: "\ = (P,An)" assumes Pos_p: "\,(p,\,e) \ Pos p" shows "\ I. evalE \ (p,\,e\lv:=I\) (wpF \ p p' Q) = evalE \ (p',\',e'\lv:=I\) Q" (*<*) proof - from handlesEx cmd_p i_def show ?thesis apply - apply (simp only: wpF_Return) --{* induction preparation *} apply (subgoal_tac "\Q'. Q = Q'") prefer 2 apply fastsimp apply (erule exE) apply (subgoal_tac "\em. substE em Q = substE em Q'") prefer 2 apply simp apply (subgoal_tac "\ I. evalE \ (p', \', e'\lv:=I\) Q = evalE \ (p', \', e'\lv:=I\) Q'") prefer 2 apply simp apply (subgoal_tac "Q' \ set (subExpr Q)") prefer 2 apply (simp add: getExpr_refl) apply (erule_tac V="Q = Q'" in thin_rl) apply (simp only:) apply (erule_tac V="\em. substE em Q = substE em Q'" in thin_rl) apply (erule_tac V="\I. evalE \ (p', \', e'\lv:=I\) Q = evalE \ (p', \', e'\lv:=I\) Q'" in thin_rl) apply (erule_tac P="Q' \ set (subExpr Q)" in rev_mp) apply (erule thin_rl)+ apply (cut_tac exec_i[THEN sym] sigma'_def i_def sigma_def check_i p'_def e'_def p_def Pi_def) --{* induction on Q' *} apply (case_tac "frs") apply simp apply (subgoal_tac "\st_a rg_a p_a. a=(st_a,rg_a,p_a)") prefer 2 apply (erule thin_rl)+ apply fastsimp apply (erule exE)+ apply simp apply (rule_tac expr="Q'" in expr_induct) --{* Rg *} apply (rule impI, rule allI) apply (drule subExpr_rgIds) apply (drule_tac xs="rgIds Q" in in_set_conv_decomp_fst) apply (erule exE | erule conjE)+ apply (simp add: fms map_if_notin id_lookup_def) --{* St *} apply (rule impI, rule allI) apply (drule subExpr_stkIds) apply (drule_tac xs="stkIds Q" in in_set_conv_decomp_fst) apply (erule exE | erule conjE)+ apply (simp add: fms map_if_notin id_lookup_def neq_Nil_conv) apply (erule exE | erule conjE)+ apply (case_tac "nat") apply simp apply simp apply arith --{* Lv *} apply (simp add: fms map_if_notin id_lookup_def) --{* Cn *} apply (simp add: fms map_if_notin id_lookup_def) --{* NewA *} apply (simp add: fms map_if_notin id_lookup_def) --{* Gf list1 list2 expr *} apply (rule impI) apply (subgoal_tac "expr \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Gf list1 list2 expr" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (simp add: fms map_if_notin id_lookup_def split add: val.split) --{* FrNr *} apply (simp add: fms map_if_notin id_lookup_def numop_def) --{* Num expr1 num_op epxr2 *} apply (rule impI) apply (subgoal_tac "expr1 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Num expr1 num_op expr2" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (subgoal_tac "expr2 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Num expr1 num_op expr2" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (simp add: fms map_if_notin id_lookup_def) --{* Rel expr1 rel_op expr2 *} apply (rule impI) apply (subgoal_tac "expr1 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Rel expr1 rel_op expr2" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (subgoal_tac "expr2 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Rel expr1 rel_op expr2" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (simp add: fms map_if_notin id_lookup_def) --{* IF expr1 THEN expr2 ELSE expr3 *} apply (rule impI) apply (subgoal_tac "expr1 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="IF expr1 THEN expr2 ELSE expr3" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (subgoal_tac "expr2 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="IF expr1 THEN expr2 ELSE expr3" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (subgoal_tac "expr3 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="IF expr1 THEN expr2 ELSE expr3" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (drule mp,assumption)+ apply (simp add: split_def fms map_if_notin id_lookup_def evalE_evalEs.simps substE_substEs.simps split del: split_if add: bool.split ) apply (rule allI) apply (erule_tac x="I" in allE)+ apply (case_tac "evalE (P, An) ((fst p_a, fst (snd p_a), Suc (snd (snd p_a))), (None, h, (hd stk # drop (Suc (length (fst (snd (method P C M))))) st_a, rg_a, fst p_a, fst (snd p_a), Suc (snd (snd p_a))) # list), e \cs := tl (cs e), lv := I\) expr1 = \Bool True\") apply simp apply simp --{* Eq expr1 expr2 *} apply (rule impI) apply (subgoal_tac "expr1 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Eq expr1 expr2" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (subgoal_tac "expr2 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Eq expr1 expr2" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (simp add: fms map_if_notin id_lookup_def) --{* Neg expr *} apply (rule impI) apply (subgoal_tac "expr \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Neg expr" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (simp add: fms map_if_notin id_lookup_def) --{* Imp expr1 expr2 *} apply (rule impI) apply (subgoal_tac "expr1 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Imp expr1 expr2" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (subgoal_tac "expr2 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Imp expr1 expr2" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (simp add: fms map_if_notin id_lookup_def) --{* Forall nat expr *} apply (rule impI) apply (subgoal_tac "expr \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Forall nat expr" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (simp add: fms map_if_notin id_lookup_def split del: split_if) --{* Ty expr ty*} apply (rule impI) apply (subgoal_tac "expr \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Ty expr ty" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (simp add: Let_def split_def fms map_if_notin id_lookup_def split add: val.split) --{* Pos x *} apply (rule impI, rule allI) apply (subgoal_tac "x \ set (getPosEx Q)") prefer 2 apply (rule subExpr_getPosEx) apply assumption apply (drule_tac xs="getPosEx Q" in in_set_conv_decomp_fst) apply (erule exE |erule conjE)+ apply (subgoal_tac "p' mem domC \") prefer 2 apply (cut_tac wf_Pi) apply (cut_tac p_domC) apply (cut_tac p_def) apply (cut_tac cmd_p) apply (cut_tac Pos_p) apply (cut_tac s_def) apply (cut_tac sigma_def) apply (simp only: in_set_conv_decomp) apply (erule exE)+ apply (simp add: incA_def wf_def checkPos_split succsNormal_def split_def split add: split_if_asm) apply (simp add: in_set_conv_decomp) apply (erule exE)+ apply (case_tac "list") apply simp apply simp apply (simp add: fms map_if_notin id_lookup_def p_def mem_iff) apply (rule impI) apply (cut_tac "p_domC") apply (cut_tac Pi_def) apply (cut_tac p_def) apply (subgoal_tac "p_a \ set (callers (P, An) (C, M, pc))") prefer 2 apply (cut_tac Pos_p) apply (cut_tac s_def) apply (simp add: callers_def) apply (subgoal_tac "p_a \ set (domC (P,An))") prefer 2 apply (cut_tac Pos_p) apply (cut_tac s_def) apply (simp add: callers_def) apply (case_tac "list") apply (simp add: fms map_if_notin id_lookup_def p_def mem_iff callers_simps) apply (simp add: fms map_if_notin id_lookup_def p_def mem_iff callers_simps) --{* Call *} apply (rule impI,rule allI) apply (drule subExpr_getCallEx) apply (drule_tac xs="getCallEx Q" in in_set_conv_decomp_fst) apply (erule exE | erule conjE)+ apply (simp add: Let_def split_def fms map_if_notin id_lookup_def) apply (rule impI) apply (simp only: neq_Nil_conv) apply (erule exE)+ apply (simp (no_asm_simp) add: split_paired_all env_upd_cs) --{* Catch *} apply (rule impI,rule allI) apply (drule subExpr_getCatchEx) apply (drule_tac xs="getCatchEx Q" in in_set_conv_decomp_fst) apply (erule exE | erule conjE)+ apply (simp add: Let_def split_def fms map_if_notin id_lookup_def) apply (rule impI) apply (simp only: neq_Nil_conv) apply (erule exE)+ apply (simp (no_asm_simp) add: split_paired_all env_upd_cs) --{* And es *} apply (rule impI, rule allI) apply (simp add: evalE_And fms map_if_notin id_lookup_def del: evalE_evalEs.simps split del: split_if) apply (rule iffI) apply (rule ballI) apply (erule_tac x="ex" in ballE) apply (erule_tac x="(substE (map (\q. (Pos q, if q = (fst p_a, fst (snd p_a), Suc (snd (snd p_a))) then Pos p else FF)) (getPosEx Q) @ (FrNr, FrNr \ Cn (Intg 1)) # map (\k. (St k, if Suc 0 \ k then Call (St (length (fst (snd (method P C M))) + k)) else St 0)) (stkIds Q) @ map (\k. (Rg k, Call (Rg k))) (rgIds Q) @ map (\ex. (Call ex, Call (Call ex))) (getCallEx Q) @ map (\u. (Catch (fst u) (snd u), Call (Catch (fst u) (snd u)))) (getCatchEx Q)) ex)" in ballE) apply (subgoal_tac "ex \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="And es" in subExpr_Gf) apply assumption apply (simp add: parts.simps) apply (simp add: substEs_map) apply (simp add: substEs_map) apply (simp only:) apply (rule ballI) apply (simp add: substEs_map image_iff) apply (erule bexE) apply (erule_tac x="x" in ballE) apply (erule_tac x="x" in ballE) apply (subgoal_tac "x \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="And es" in subExpr_Gf) apply assumption apply (simp (no_asm_simp) add: parts.simps) apply simp apply (simp only:) apply (simp only:) done qed (*>*) lemma effS_wpF_Pop: assumes i_def: "i = Pop" assumes wf_Pi: "wf \" assumes handlesEx: "handlesEx (fst \) p' = None" assumes cmd_p: "cmd \ p = Some i" assumes p_domC: "p \ set (domC \)" assumes i_instr: "instrs_of P C M ! pc = i" assumes s_def: "s = (p,\,e)" assumes p_def: "p = (C,M,pc)" assumes sigma_def: "\ = (None,h,(stk,loc,p)#frs)" assumes s'_def: "s' = (p',\',e')" assumes sigma'_def: "\' = (None,h,fr'#frs')" assumes e'_def: "e' = e\cs := if \M n. i = Invoke M n then h # cs e else if i = Return then tl (cs e) else cs e\" assumes p'_def: "p' = snd (snd fr')" assumes check_i: "check_instr' i P h stk loc C M pc frs" assumes exec_i : "exec_instr i P h stk loc C M pc frs = \'" assumes Pi_def: "\ = (P,An)" shows "\ I. evalE \ (p,\,e\lv:=I\) (wpF \ p p' Q) = evalE \ (p',\',e'\lv:=I\) Q" (*<*) proof - from handlesEx cmd_p i_def show ?thesis apply - apply (simp only: wpF_Pop) --{* induction preparation *} apply (subgoal_tac "\Q'. Q = Q'") prefer 2 apply fastsimp apply (erule exE) apply (subgoal_tac "\em. substE em Q = substE em Q'") prefer 2 apply simp apply (subgoal_tac "\ I. evalE \ (p', \', e'\lv:=I\) Q = evalE \ (p', \', e'\lv:=I\) Q'") prefer 2 apply simp apply (subgoal_tac "Q' \ set (subExpr Q)") prefer 2 apply (simp add: getExpr_refl) apply (erule_tac V="Q = Q'" in thin_rl) apply (simp only:) apply (erule_tac V="\em. substE em Q = substE em Q'" in thin_rl) apply (erule_tac V="\I. evalE \ (p', \', e'\lv:=I\) Q = evalE \ (p', \', e'\lv:=I\) Q'" in thin_rl) apply (erule_tac P="Q' \ set (subExpr Q)" in rev_mp) apply (erule thin_rl)+ apply (cut_tac exec_i[THEN sym] sigma'_def i_def sigma_def check_i p'_def e'_def p_def) --{* induction on Q' *} apply simp apply (rule_tac expr="Q'" in expr_induct) --{* Rg *} apply (simp add: fms map_if_notin id_lookup_def) --{* St *} apply (rule impI, rule allI) apply (drule subExpr_stkIds) apply (drule_tac xs="stkIds Q" in in_set_conv_decomp_fst) apply (erule exE | erule conjE)+ apply (simp add: fms map_if_notin id_lookup_def neq_Nil_conv) apply (erule exE)+ apply (case_tac "ysa") apply simp apply simp --{* Lv *} apply (simp add: fms map_if_notin id_lookup_def) --{* Cn *} apply (simp add: fms map_if_notin id_lookup_def) --{* NewA *} apply (simp add: fms map_if_notin id_lookup_def) --{* Gf list1 list2 expr *} apply (rule impI) apply (subgoal_tac "expr \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Gf list1 list2 expr" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (simp add: fms map_if_notin id_lookup_def split add: val.splits) --{* FrNr *} apply (simp add: fms map_if_notin id_lookup_def) --{* Num expr1 num_op epxr2 *} apply (rule impI) apply (subgoal_tac "expr1 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Num expr1 num_op expr2" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (subgoal_tac "expr2 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Num expr1 num_op expr2" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (simp add: fms map_if_notin id_lookup_def) --{* Rel expr1 rel_op expr2 *} apply (rule impI) apply (subgoal_tac "expr1 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Rel expr1 rel_op expr2" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (subgoal_tac "expr2 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Rel expr1 rel_op expr2" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (simp add: fms map_if_notin id_lookup_def) --{* IF expr1 THEN expr2 ELSE expr3 *} apply (rule impI) apply (subgoal_tac "expr1 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="IF expr1 THEN expr2 ELSE expr3" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (subgoal_tac "expr2 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="IF expr1 THEN expr2 ELSE expr3" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (subgoal_tac "expr3 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="IF expr1 THEN expr2 ELSE expr3" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (drule mp,assumption)+ apply (rule allI) apply (simp add: split_def fms map_if_notin id_lookup_def evalE_evalEs.simps substE_substEs.simps split del: split_if add: bool.split ) apply (case_tac "evalE \ ((C, M, Suc pc), (None, h, (tl stk, loc, C, M, Suc pc) # frs), e\lv := I\) expr1 = \Bool True\") apply simp apply simp --{* Eq expr1 expr2 *} apply (rule impI) apply (subgoal_tac "expr1 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Eq expr1 expr2" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (subgoal_tac "expr2 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Eq expr1 expr2" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (simp add: fms map_if_notin id_lookup_def) --{* Neg expr *} apply (rule impI) apply (subgoal_tac "expr \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Neg expr" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (simp add: fms map_if_notin id_lookup_def) --{* Imp expr1 expr2 *} apply (rule impI) apply (subgoal_tac "expr1 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Imp expr1 expr2" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (subgoal_tac "expr2 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Imp expr1 expr2" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (simp add: fms map_if_notin id_lookup_def) --{* Forall nat expr *} apply (rule impI) apply (subgoal_tac "expr \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Forall nat expr" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (simp add: fms map_if_notin id_lookup_def split del: split_if) --{* Ty expr ty*} apply (rule impI) apply (subgoal_tac "expr \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Ty expr ty" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (simp add: Let_def split_def fms map_if_notin id_lookup_def split add: val.split) --{* Pos x *} apply (rule impI, rule allI) apply (subgoal_tac "x \ set (getPosEx Q)") prefer 2 apply (rule subExpr_getPosEx) apply assumption apply (drule_tac xs="getPosEx Q" in in_set_conv_decomp_fst) apply (erule exE |erule conjE)+ apply (subgoal_tac "p' mem domC \") prefer 2 apply (cut_tac wf_Pi) apply (cut_tac p_domC) apply (cut_tac p_def) apply (cut_tac cmd_p) apply (simp only: in_set_conv_decomp) apply (erule exE)+ apply (simp add: incA_def wf_def checkPos_split succsNormal_def split add: split_if_asm) apply (cut_tac p_domC) apply (case_tac "frs") apply (simp add: fms map_if_notin id_lookup_def p_def mem_iff) apply (simp add: fms map_if_notin id_lookup_def p_def mem_iff callers_simps) --{* Call *} apply (rule impI,rule allI) apply (simp add: Let_def split_def fms map_if_notin id_lookup_def) apply (rule impI) apply (simp only: neq_Nil_conv) apply (erule exE)+ apply (simp (no_asm_simp) add: split_paired_all env_upd_cs) --{* Catch *} apply (rule impI,rule allI) apply (simp add: Let_def split_def fms map_if_notin id_lookup_def) apply (rule impI) apply (simp only: neq_Nil_conv) apply (erule exE)+ apply (simp (no_asm_simp) add: split_paired_all env_upd_cs) --{* And es *} apply (rule impI, rule allI) apply (simp add: evalE_And fms map_if_notin id_lookup_def del: evalE_evalEs.simps split del: split_if) apply (rule iffI) apply (rule ballI) apply (erule_tac x="ex" in ballE) apply (erule_tac x="(substE (map (\q. (Pos q, if q = (C, M, Suc pc) then Pos p else FF)) (getPosEx Q) @ map (\k. (St k, St (Suc k))) (stkIds Q)) ex)" in ballE) apply (subgoal_tac "ex \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="And es" in subExpr_Gf) apply assumption apply (simp add: parts.simps) apply (simp add: substEs_map) apply (simp add: substEs_map) apply (simp only:) apply (rule ballI) apply (simp add: substEs_map image_iff) apply (erule bexE) apply (erule_tac x="x" in ballE) apply (erule_tac x="x" in ballE) apply (subgoal_tac "x \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="And es" in subExpr_Gf) apply assumption apply (simp (no_asm_simp) add: parts.simps) apply simp apply (simp only:) apply (simp only:) done qed (*>*) lemma effS_wpF_IBin: assumes i_def: "i = (IBin no)" assumes wf_Pi: "wf \" assumes handlesEx: "handlesEx (fst \) p' = None" assumes cmd_p: "cmd \ p = Some i" assumes p_domC: "p \ set (domC \)" assumes i_instr: "instrs_of P C M ! pc = i" assumes s_def: "s = (p,\,e)" assumes p_def: "p = (C,M,pc)" assumes sigma_def: "\ = (None,h,(stk,loc,p)#frs)" assumes s'_def: "s' = (p',\',e')" assumes sigma'_def: "\' = (None,h,fr'#frs')" assumes e'_def: "e' = e\cs := if \M n. i = Invoke M n then h # cs e else if i = Return then tl (cs e) else cs e\" assumes p'_def: "p' = snd (snd fr')" assumes check_i: "check_instr' i P h stk loc C M pc frs" assumes exec_i : "exec_instr i P h stk loc C M pc frs = \'" assumes Pi_def: "\ = (P,An)" shows "\ I. evalE \ (p,\,e\lv:=I\) (wpF \ p p' Q) = evalE \ (p',\',e'\lv:=I\) Q" (*<*) proof - from handlesEx cmd_p i_def show ?thesis apply - apply (simp only: wpF_IBin) --{* induction preparation *} apply (subgoal_tac "\Q'. Q = Q'") prefer 2 apply fastsimp apply (erule exE) apply (subgoal_tac "\em. substE em Q = substE em Q'") prefer 2 apply simp apply (subgoal_tac "\ I. evalE \ (p', \', e'\lv:=I\) Q = evalE \ (p', \', e'\lv:=I\) Q'") prefer 2 apply simp apply (subgoal_tac "Q' \ set (subExpr Q)") prefer 2 apply (simp add: getExpr_refl) apply (erule_tac V="Q = Q'" in thin_rl) apply (simp only:) apply (erule_tac V="\em. substE em Q = substE em Q'" in thin_rl) apply (erule_tac V="\I. evalE \ (p', \', e'\lv:=I\) Q = evalE \ (p', \', e'\lv:=I\) Q'" in thin_rl) apply (erule_tac P="Q' \ set (subExpr Q)" in rev_mp) apply (erule thin_rl)+ apply (cut_tac exec_i[THEN sym] sigma'_def i_def sigma_def check_i p'_def e'_def p_def) --{* induction on Q' *} apply simp apply (rule_tac expr="Q'" in expr_induct) --{* Rg *} apply (simp add: fms map_if_notin id_lookup_def) --{* St *} apply (rule impI, rule allI) apply (drule subExpr_stkIds) apply (drule_tac xs="stkIds Q" in in_set_conv_decomp_fst) apply (erule exE | erule conjE)+ apply (case_tac "stk") apply simp apply (case_tac "list") apply simp apply (simp add: fms map_if_notin id_lookup_def neq_Nil_conv numop_def isIntg_conv) apply (erule exE)+ apply (case_tac "nat") apply simp apply simp --{* Lv *} apply (simp add: fms map_if_notin id_lookup_def) --{* Cn *} apply (simp add: fms map_if_notin id_lookup_def) --{* NewA *} apply (simp add: fms map_if_notin id_lookup_def) --{* Gf list1 list2 expr *} apply (rule impI) apply (subgoal_tac "expr \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Gf list1 list2 expr" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (simp add: fms map_if_notin id_lookup_def split add: val.splits) --{* FrNr *} apply (simp add: fms map_if_notin id_lookup_def) --{* Num expr1 num_op epxr2 *} apply (rule impI) apply (subgoal_tac "expr1 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Num expr1 num_op expr2" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (subgoal_tac "expr2 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Num expr1 num_op expr2" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (simp add: fms map_if_notin id_lookup_def) --{* Rel expr1 rel_op expr2 *} apply (rule impI) apply (subgoal_tac "expr1 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Rel expr1 rel_op expr2" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (subgoal_tac "expr2 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Rel expr1 rel_op expr2" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (simp add: fms map_if_notin id_lookup_def) --{* IF expr1 THEN expr2 ELSE expr3 *} apply (rule impI) apply (subgoal_tac "expr1 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="IF expr1 THEN expr2 ELSE expr3" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (subgoal_tac "expr2 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="IF expr1 THEN expr2 ELSE expr3" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (subgoal_tac "expr3 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="IF expr1 THEN expr2 ELSE expr3" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (drule mp,assumption)+ apply (simp add: split_def fms map_if_notin id_lookup_def evalE_evalEs.simps substE_substEs.simps split del: split_if add: bool.split ) apply (case_tac "evalE \ ((C, M, Suc pc), (None, h, (Intg (numop no (the_Intg (hd stk)) (the_Intg (hd (tl stk)))) # tl (tl stk), loc, C, M, Suc pc) # frs), e\lv := I\) expr1 = \Bool True\") apply simp apply simp --{* Eq expr1 expr2 *} apply (rule impI) apply (subgoal_tac "expr1 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Eq expr1 expr2" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (subgoal_tac "expr2 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Eq expr1 expr2" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (simp add: fms map_if_notin id_lookup_def) --{* Neg expr *} apply (rule impI) apply (subgoal_tac "expr \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Neg expr" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (simp add: fms map_if_notin id_lookup_def) --{* Imp expr1 expr2 *} apply (rule impI) apply (subgoal_tac "expr1 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Imp expr1 expr2" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (subgoal_tac "expr2 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Imp expr1 expr2" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (simp add: fms map_if_notin id_lookup_def) --{* Forall nat expr *} apply (rule impI) apply (subgoal_tac "expr \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Forall nat expr" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (simp add: fms map_if_notin id_lookup_def split del: split_if) --{* Ty expr ty*} apply (rule impI) apply (subgoal_tac "expr \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Ty expr ty" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (simp add: Let_def split_def fms map_if_notin id_lookup_def split add: val.split) --{* Pos x *} apply (rule impI, rule allI) apply (subgoal_tac "x \ set (getPosEx Q)") prefer 2 apply (rule subExpr_getPosEx) apply assumption apply (drule_tac xs="getPosEx Q" in in_set_conv_decomp_fst) apply (erule exE |erule conjE)+ apply (subgoal_tac "p' mem domC \") prefer 2 apply (cut_tac wf_Pi) apply (cut_tac p_domC) apply (cut_tac p_def) apply (cut_tac cmd_p) apply (simp only: in_set_conv_decomp) apply (erule exE)+ apply (simp add: incA_def wf_def checkPos_split succsNormal_def split add: split_if_asm) apply (cut_tac p_domC) apply (case_tac "frs") apply (simp add: fms map_if_notin id_lookup_def p_def mem_iff) apply (simp add: fms map_if_notin id_lookup_def p_def mem_iff callers_simps) --{* Call *} apply (rule impI,rule allI) apply (simp add: Let_def split_def fms map_if_notin id_lookup_def) apply (rule impI) apply (simp only: neq_Nil_conv) apply (erule exE)+ apply (simp (no_asm_simp) add: split_paired_all env_upd_cs) --{* Catch *} apply (rule impI,rule allI) apply (simp add: Let_def split_def fms map_if_notin id_lookup_def) apply (rule impI) apply (simp only: neq_Nil_conv) apply (erule exE)+ apply (simp (no_asm_simp) add: split_paired_all env_upd_cs) --{* And es *} apply (rule impI, rule allI) apply (simp add: evalE_And fms map_if_notin id_lookup_def del: evalE_evalEs.simps split del: split_if) apply (rule iffI) apply (rule ballI) apply (erule_tac x="ex" in ballE) apply (erule_tac x="(substE (map (\q. (Pos q, if q = (C, M, Suc pc) then Pos p else FF)) (getPosEx Q) @ map (\k. (St k, if k = 0 then Num (St 1) no (St 0) else St (k + 1))) (stkIds Q)) ex)" in ballE) apply (subgoal_tac "ex \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="And es" in subExpr_Gf) apply assumption apply (simp add: parts.simps) apply (simp add: substEs_map) apply (simp add: substEs_map) apply (simp only:) apply (rule ballI) apply (simp add: substEs_map image_iff) apply (erule bexE) apply (erule_tac x="x" in ballE) apply (erule_tac x="x" in ballE) apply (subgoal_tac "x \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="And es" in subExpr_Gf) apply assumption apply (simp (no_asm_simp) add: parts.simps) apply simp apply (simp only:) apply (simp only:) done qed (*>*) lemma effS_wpF_Goto: assumes i_def: "i = Goto t" assumes wf_Pi: "wf \" assumes handlesEx: "handlesEx (fst \) p' = None" assumes cmd_p: "cmd \ p = Some i" assumes p_domC: "p \ set (domC \)" assumes i_instr: "instrs_of P C M ! pc = i" assumes s_def: "s = (p,\,e)" assumes p_def: "p = (C,M,pc)" assumes sigma_def: "\ = (None,h,(stk,loc,p)#frs)" assumes s'_def: "s' = (p',\',e')" assumes sigma'_def: "\' = (None,h,fr'#frs')" assumes e'_def: "e' = e\cs := if \M n. i = Invoke M n then h # cs e else if i = Return then tl (cs e) else cs e\" assumes p'_def: "p' = snd (snd fr')" assumes check_i: "check_instr' i P h stk loc C M pc frs" assumes exec_i : "exec_instr i P h stk loc C M pc frs = \'" assumes Pi_def: "\ = (P,An)" shows "\ I. evalE \ (p,\,e\lv:=I\) (wpF \ p p' Q) = evalE \ (p',\',e'\lv:=I\) Q" (*<*) proof - from handlesEx cmd_p i_def show ?thesis apply - apply (simp only: wpF_Goto) --{* induction preparation *} apply (subgoal_tac "\Q'. Q = Q'") prefer 2 apply fastsimp apply (erule exE) apply (subgoal_tac "\em. substE em Q = substE em Q'") prefer 2 apply simp apply (subgoal_tac "\ I. evalE \ (p', \', e'\lv:=I\) Q = evalE \ (p', \', e'\lv:=I\) Q'") prefer 2 apply simp apply (subgoal_tac "Q' \ set (subExpr Q)") prefer 2 apply (simp add: getExpr_refl) apply (erule_tac V="Q = Q'" in thin_rl) apply (simp only:) apply (erule_tac V="\em. substE em Q = substE em Q'" in thin_rl) apply (erule_tac V="\I. evalE \ (p', \', e'\lv:=I\) Q = evalE \ (p', \', e'\lv:=I\) Q'" in thin_rl) apply (erule_tac P="Q' \ set (subExpr Q)" in rev_mp) apply (erule thin_rl)+ apply (cut_tac exec_i[THEN sym] sigma'_def i_def sigma_def check_i p'_def e'_def p_def) --{* induction on Q' *} apply simp apply (rule_tac expr="Q'" in expr_induct) --{* Rg *} apply (simp add: fms map_if_notin id_lookup_def) --{* St *} apply (simp add: fms map_if_notin id_lookup_def) --{* Lv *} apply (simp add: fms map_if_notin id_lookup_def) --{* Cn *} apply (simp add: fms map_if_notin id_lookup_def) --{* NewA *} apply (simp add: fms map_if_notin id_lookup_def) --{* Gf list1 list2 expr *} apply (rule impI) apply (subgoal_tac "expr \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Gf list1 list2 expr" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (simp add: fms map_if_notin id_lookup_def split add: val.splits) --{* FrNr *} apply (simp add: fms map_if_notin id_lookup_def) --{* Num expr1 num_op epxr2 *} apply (rule impI) apply (subgoal_tac "expr1 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Num expr1 num_op expr2" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (subgoal_tac "expr2 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Num expr1 num_op expr2" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (simp add: fms map_if_notin id_lookup_def) --{* Rel expr1 rel_op expr2 *} apply (rule impI) apply (subgoal_tac "expr1 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Rel expr1 rel_op expr2" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (subgoal_tac "expr2 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Rel expr1 rel_op expr2" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (simp add: fms map_if_notin id_lookup_def) --{* IF expr1 THEN expr2 ELSE expr3 *} apply (rule impI) apply (subgoal_tac "expr1 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="IF expr1 THEN expr2 ELSE expr3" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (subgoal_tac "expr2 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="IF expr1 THEN expr2 ELSE expr3" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (subgoal_tac "expr3 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="IF expr1 THEN expr2 ELSE expr3" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (drule mp,assumption)+ apply (simp add: split_def fms map_if_notin id_lookup_def evalE_evalEs.simps substE_substEs.simps split del: split_if add: bool.split ) apply (case_tac "evalE \ ((C, M, nat (int pc + t)), (None, h, (stk, loc, C, M, nat (int pc + t)) # frs), e\lv := I\) expr1 = \Bool True\") apply simp apply simp --{* Eq expr1 expr2 *} apply (rule impI) apply (subgoal_tac "expr1 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Eq expr1 expr2" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (subgoal_tac "expr2 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Eq expr1 expr2" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (simp add: fms map_if_notin id_lookup_def) --{* Neg expr *} apply (rule impI) apply (subgoal_tac "expr \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Neg expr" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (simp add: fms map_if_notin id_lookup_def) --{* Imp expr1 expr2 *} apply (rule impI) apply (subgoal_tac "expr1 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Imp expr1 expr2" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (subgoal_tac "expr2 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Imp expr1 expr2" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (simp add: fms map_if_notin id_lookup_def) --{* Forall nat expr *} apply (rule impI) apply (subgoal_tac "expr \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Forall nata expr" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (simp add: fms map_if_notin id_lookup_def split del: split_if) --{* Ty expr ty*} apply (rule impI) apply (subgoal_tac "expr \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Ty expr ty" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (simp add: Let_def split_def fms map_if_notin id_lookup_def split add: val.split) --{* Pos x *} apply (rule impI, rule allI) apply (subgoal_tac "x \ set (getPosEx Q)") prefer 2 apply (rule subExpr_getPosEx) apply assumption apply (drule_tac xs="getPosEx Q" in in_set_conv_decomp_fst) apply (erule exE |erule conjE)+ apply (subgoal_tac "p' mem domC \") prefer 2 apply (cut_tac wf_Pi) apply (cut_tac p_domC) apply (cut_tac p_def) apply (cut_tac cmd_p) apply (simp only: in_set_conv_decomp) apply (erule exE)+ apply (simp add: incA_def wf_def checkPos_split succsNormal_def split add: split_if_asm) apply (cut_tac p_domC) apply (case_tac "frs") apply (simp add: fms map_if_notin id_lookup_def p_def mem_iff) apply (simp add: fms map_if_notin id_lookup_def p_def mem_iff callers_simps) --{* Call *} apply (rule impI,rule allI) apply (simp add: Let_def split_def fms map_if_notin id_lookup_def) apply (rule impI) apply (simp only: neq_Nil_conv) apply (erule exE)+ apply (simp (no_asm_simp) add: split_paired_all env_upd_cs) --{* Catch *} apply (rule impI,rule allI) apply (simp add: Let_def split_def fms map_if_notin id_lookup_def) apply (rule impI) apply (simp only: neq_Nil_conv) apply (erule exE)+ apply (simp (no_asm_simp) add: split_paired_all env_upd_cs) --{* And es *} apply (rule impI, rule allI) apply (simp add: evalE_And fms map_if_notin id_lookup_def del: evalE_evalEs.simps split del: split_if) apply (rule iffI) apply (rule ballI) apply (erule_tac x="ex" in ballE) apply (erule_tac x="(substE (map (\q. (Pos q, if q = (C, M, nat (int pc + t)) then Pos p else FF)) (getPosEx Q)) ex)" in ballE) apply (subgoal_tac "ex \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="And es" in subExpr_Gf) apply assumption apply (simp add: parts.simps) apply (simp add: substEs_map) apply (simp add: substEs_map) apply (simp only:) apply (rule ballI) apply (simp add: substEs_map image_iff) apply (erule bexE) apply (erule_tac x="x" in ballE) apply (erule_tac x="x" in ballE) apply (subgoal_tac "x \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="And es" in subExpr_Gf) apply assumption apply (simp (no_asm_simp) add: parts.simps) apply simp apply (simp only:) apply (simp only:) done qed (*>*) lemma effS_wpF_CmpEq: assumes i_def: "i = CmpEq" assumes wf_Pi: "wf \" assumes handlesEx: "handlesEx (fst \) p' = None" assumes cmd_p: "cmd \ p = Some i" assumes p_domC: "p \ set (domC \)" assumes i_instr: "instrs_of P C M ! pc = i" assumes s_def: "s = (p,\,e)" assumes p_def: "p = (C,M,pc)" assumes sigma_def: "\ = (None,h,(stk,loc,p)#frs)" assumes s'_def: "s' = (p',\',e')" assumes sigma'_def: "\' = (None,h,fr'#frs')" assumes e'_def: "e' = e\cs := if \M n. i = Invoke M n then h # cs e else if i = Return then tl (cs e) else cs e\" assumes p'_def: "p' = snd (snd fr')" assumes check_i: "check_instr' i P h stk loc C M pc frs" assumes exec_i : "exec_instr i P h stk loc C M pc frs = \'" assumes Pi_def: "\ = (P,An)" shows "\ I. evalE \ (p,\,e\lv:=I\) (wpF \ p p' Q) = evalE \ (p',\',e'\lv:=I\) Q" (*<*) proof - from handlesEx cmd_p i_def show ?thesis apply - apply (simp only: wpF_CmpEq) --{* induction preparation *} apply (subgoal_tac "\Q'. Q = Q'") prefer 2 apply fastsimp apply (erule exE) apply (subgoal_tac "\em. substE em Q = substE em Q'") prefer 2 apply simp apply (subgoal_tac "\ I. evalE \ (p', \', e'\lv:=I\) Q = evalE \ (p', \', e'\lv:=I\) Q'") prefer 2 apply simp apply (subgoal_tac "Q' \ set (subExpr Q)") prefer 2 apply (simp add: getExpr_refl) apply (erule_tac V="Q = Q'" in thin_rl) apply (simp only:) apply (erule_tac V="\em. substE em Q = substE em Q'" in thin_rl) apply (erule_tac V="\I. evalE \ (p', \', e'\lv:=I\) Q = evalE \ (p', \', e'\lv:=I\) Q'" in thin_rl) apply (erule_tac P="Q' \ set (subExpr Q)" in rev_mp) apply (erule thin_rl)+ apply (cut_tac exec_i[THEN sym] sigma'_def i_def sigma_def check_i p'_def e'_def p_def) --{* induction on Q' *} apply simp apply (rule_tac expr="Q'" in expr_induct) --{* Rg *} apply (simp add: fms map_if_notin id_lookup_def) --{* St *} apply (rule impI, rule allI) apply (drule subExpr_stkIds) apply (drule_tac xs="stkIds Q" in in_set_conv_decomp_fst) apply (erule exE | erule conjE)+ apply (case_tac "stk") apply simp apply (case_tac "list") apply simp apply (simp add: fms map_if_notin id_lookup_def neq_Nil_conv liftI_def numop_def) apply (rule conjI) apply (rule impI) apply (rule iffI) apply (rule sym, assumption)+ apply (rule impI)+ apply (case_tac "nat") apply simp apply simp --{* Lv *} apply (simp add: fms map_if_notin id_lookup_def) --{* Cn *} apply (simp add: fms map_if_notin id_lookup_def) --{* NewA *} apply (simp add: fms map_if_notin id_lookup_def) --{* Gf list1 list2 expr *} apply (rule impI) apply (subgoal_tac "expr \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Gf list1 list2 expr" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (simp add: fms map_if_notin id_lookup_def split add: val.splits) --{* FrNr *} apply (simp add: fms map_if_notin id_lookup_def) --{* Num expr1 num_op epxr2 *} apply (rule impI) apply (subgoal_tac "expr1 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Num expr1 num_op expr2" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (subgoal_tac "expr2 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Num expr1 num_op expr2" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (simp add: fms map_if_notin id_lookup_def) --{* Rel expr1 rel_op expr2 *} apply (rule impI) apply (subgoal_tac "expr1 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Rel expr1 rel_op expr2" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (subgoal_tac "expr2 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Rel expr1 rel_op expr2" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (simp add: fms map_if_notin id_lookup_def) --{* IF expr1 THEN expr2 ELSE expr3 *} apply (rule impI) apply (subgoal_tac "expr1 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="IF expr1 THEN expr2 ELSE expr3" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (subgoal_tac "expr2 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="IF expr1 THEN expr2 ELSE expr3" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (subgoal_tac "expr3 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="IF expr1 THEN expr2 ELSE expr3" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (drule mp,assumption)+ apply (simp add: split_def fms map_if_notin id_lookup_def evalE_evalEs.simps substE_substEs.simps split del: split_if add: bool.split ) apply (case_tac "evalE \ ((C, M, Suc pc), (None, h, (Bool (hd (tl stk) = hd stk) # tl (tl stk), loc, C, M, Suc pc) # frs), e\lv := I\) expr1 = \Bool True\") apply simp apply simp --{* Eq expr1 expr2 *} apply (rule impI) apply (subgoal_tac "expr1 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Eq expr1 expr2" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (subgoal_tac "expr2 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Eq expr1 expr2" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (simp add: fms map_if_notin id_lookup_def) --{* Neg expr *} apply (rule impI) apply (subgoal_tac "expr \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Neg expr" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (simp add: fms map_if_notin id_lookup_def) --{* Imp expr1 expr2 *} apply (rule impI) apply (subgoal_tac "expr1 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Imp expr1 expr2" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (subgoal_tac "expr2 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Imp expr1 expr2" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (simp add: fms map_if_notin id_lookup_def) --{* Forall nat expr *} apply (rule impI) apply (subgoal_tac "expr \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Forall nat expr" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (simp add: fms map_if_notin id_lookup_def split del: split_if) --{* Ty expr ty*} apply (rule impI) apply (subgoal_tac "expr \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Ty expr ty" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (simp add: Let_def split_def fms map_if_notin id_lookup_def split add: val.split) --{* Pos x *} apply (rule impI, rule allI) apply (subgoal_tac "x \ set (getPosEx Q)") prefer 2 apply (rule subExpr_getPosEx) apply assumption apply (drule_tac xs="getPosEx Q" in in_set_conv_decomp_fst) apply (erule exE |erule conjE)+ apply (subgoal_tac "p' mem domC \") prefer 2 apply (cut_tac wf_Pi) apply (cut_tac p_domC) apply (cut_tac p_def) apply (cut_tac cmd_p) apply (simp only: in_set_conv_decomp) apply (erule exE)+ apply (simp add: incA_def wf_def checkPos_split succsNormal_def split add: split_if_asm) apply (cut_tac p_domC) apply (case_tac "frs") apply (simp add: fms map_if_notin id_lookup_def p_def mem_iff) apply (simp add: fms map_if_notin id_lookup_def p_def mem_iff callers_simps) --{* Call *} apply (rule impI,rule allI) apply (simp add: Let_def split_def fms map_if_notin id_lookup_def) apply (rule impI) apply (simp only: neq_Nil_conv) apply (erule exE)+ apply (simp (no_asm_simp) add: split_paired_all env_upd_cs) --{* Catch *} apply (rule impI,rule allI) apply (simp add: Let_def split_def fms map_if_notin id_lookup_def) apply (rule impI) apply (simp only: neq_Nil_conv) apply (erule exE)+ apply (simp (no_asm_simp) add: split_paired_all env_upd_cs) --{* And es *} apply (rule impI, rule allI) apply (simp add: evalE_And fms map_if_notin id_lookup_def del: evalE_evalEs.simps split del: split_if) apply (rule iffI) apply (rule ballI) apply (erule_tac x="ex" in ballE) apply (erule_tac x="(substE (map (\q. (Pos q, if q = (C, M, Suc pc) then Pos p else FF)) (getPosEx Q) @ map (\k. (St k, if k = 0 then St 0 \ St 1 else St (k + 1))) (stkIds Q)) ex)" in ballE) apply (subgoal_tac "ex \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="And es" in subExpr_Gf) apply assumption apply (simp add: parts.simps) apply (simp add: substEs_map) apply (simp add: substEs_map) apply (simp only:) apply (rule ballI) apply (simp add: substEs_map image_iff) apply (erule bexE) apply (erule_tac x="x" in ballE) apply (erule_tac x="x" in ballE) apply (subgoal_tac "x \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="And es" in subExpr_Gf) apply assumption apply (simp (no_asm_simp) add: parts.simps) apply simp apply (simp only:) apply (simp only:) done qed (*>*) lemma effS_wpF_IfIntCmp: assumes i_def: "i = IfIntCmp ro t" assumes wf_Pi: "wf \" assumes handlesEx: "handlesEx (fst \) p' = None" assumes cmd_p: "cmd \ p = Some i" assumes p_domC: "p \ set (domC \)" assumes i_instr: "instrs_of P C M ! pc = i" assumes s_def: "s = (p,\,e)" assumes p_def: "p = (C,M,pc)" assumes sigma_def: "\ = (None,h,(stk,loc,p)#frs)" assumes s'_def: "s' = (p',\',e')" assumes sigma'_def: "\' = (None,h,fr'#frs')" assumes e'_def: "e' = e\cs := if \M n. i = Invoke M n then h # cs e else if i = Return then tl (cs e) else cs e\" assumes p'_def: "p' = snd (snd fr')" assumes check_i: "check_instr' i P h stk loc C M pc frs" assumes exec_i : "exec_instr i P h stk loc C M pc frs = \'" assumes Pi_def: "\ = (P,An)" shows "\ I. evalE \ (p,\,e\lv:=I\) (wpF \ p p' Q) = evalE \ (p',\',e'\lv:=I\) Q" (*<*) proof - from handlesEx cmd_p i_def show ?thesis apply - apply (simp only: wpF_IfIntCmp) --{* induction preparation *} apply (subgoal_tac "\Q'. Q = Q'") prefer 2 apply fastsimp apply (erule exE) apply (subgoal_tac "\em. substE em Q = substE em Q'") prefer 2 apply simp apply (subgoal_tac "\ I. evalE \ (p', \', e'\lv:=I\) Q = evalE \ (p', \', e'\lv:=I\) Q'") prefer 2 apply simp apply (subgoal_tac "Q' \ set (subExpr Q)") prefer 2 apply (simp add: getExpr_refl) apply (erule_tac V="Q = Q'" in thin_rl) apply (simp only:) apply (erule_tac V="\em. substE em Q = substE em Q'" in thin_rl) apply (erule_tac V="\I. evalE \ (p', \', e'\lv:=I\) Q = evalE \ (p', \', e'\lv:=I\) Q'" in thin_rl) apply (erule_tac P="Q' \ set (subExpr Q)" in rev_mp) apply (erule thin_rl)+ apply (cut_tac exec_i[THEN sym] sigma'_def i_def sigma_def check_i p'_def e'_def p_def) --{* induction on Q' *} apply (rule_tac expr="Q'" in expr_induct) --{* Rg *} apply (simp add: fms map_if_notin id_lookup_def) --{* St *} apply (rule impI) apply (drule subExpr_stkIds) apply (drule_tac xs="stkIds Q" in in_set_conv_decomp_fst) apply (erule exE | erule conjE)+ apply (case_tac "stk") apply simp apply (case_tac "list") apply simp apply (simp add: fms map_if_notin id_lookup_def) --{* Lv *} apply (simp add: fms map_if_notin id_lookup_def) --{* Cn *} apply (simp add: fms map_if_notin id_lookup_def) --{* NewA *} apply (simp add: fms map_if_notin id_lookup_def) --{* Gf list1 list2 expr *} apply (rule impI) apply (subgoal_tac "expr \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Gf list1 list2 expr" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (simp add: fms map_if_notin id_lookup_def split add: val.splits) --{* FrNr *} apply (simp add: fms map_if_notin id_lookup_def) --{* Num expr1 num_op epxr2 *} apply (rule impI) apply (subgoal_tac "expr1 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Num expr1 num_op expr2" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (subgoal_tac "expr2 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Num expr1 num_op expr2" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (simp add: fms map_if_notin id_lookup_def) --{* Rel expr1 rel_op expr2 *} apply (rule impI) apply (subgoal_tac "expr1 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Rel expr1 rel_op expr2" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (subgoal_tac "expr2 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Rel expr1 rel_op expr2" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (simp add: fms map_if_notin id_lookup_def) --{* IF expr1 THEN expr2 ELSE expr3 *} apply (rule impI) apply (subgoal_tac "expr1 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="IF expr1 THEN expr2 ELSE expr3" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (subgoal_tac "expr2 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="IF expr1 THEN expr2 ELSE expr3" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (subgoal_tac "expr3 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="IF expr1 THEN expr2 ELSE expr3" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (drule mp,assumption)+ apply (simp add: split_def fms map_if_notin id_lookup_def evalE_evalEs.simps substE_substEs.simps split del: split_if add: bool.split ) apply (rule allI) apply (case_tac "evalE \ ((C, M, if relop ro (the_Intg (hd stk)) (the_Intg (hd (tl stk))) then nat (int pc + t) else pc + 1), (None, h, (tl (tl stk), loc, C, M, if relop ro (the_Intg (hd stk)) (the_Intg (hd (tl stk))) then nat (int pc + t) else pc + 1) # frs), e \lv := I\) expr1 = \Bool True\") apply simp apply simp --{* Eq expr1 expr2 *} apply (rule impI) apply (subgoal_tac "expr1 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Eq expr1 expr2" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (subgoal_tac "expr2 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Eq expr1 expr2" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (simp add: fms map_if_notin id_lookup_def) --{* Neg expr *} apply (rule impI) apply (subgoal_tac "expr \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Neg expr" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (simp add: fms map_if_notin id_lookup_def) --{* Imp expr1 expr2 *} apply (rule impI) apply (subgoal_tac "expr1 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Imp expr1 expr2" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (subgoal_tac "expr2 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Imp expr1 expr2" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (simp add: fms map_if_notin id_lookup_def) --{* Forall nat expr *} apply (rule impI) apply (subgoal_tac "expr \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Forall nat expr" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (simp add: fms map_if_notin id_lookup_def split del: split_if) --{* Ty expr ty*} apply (rule impI) apply (subgoal_tac "expr \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Ty expr ty" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (simp add: Let_def split_def fms map_if_notin id_lookup_def split add: val.split) --{* Pos x *} apply (rule impI, rule allI) apply (subgoal_tac "x \ set (getPosEx Q)") prefer 2 apply (rule subExpr_getPosEx) apply assumption apply (drule_tac xs="getPosEx Q" in in_set_conv_decomp_fst) apply (erule exE |erule conjE)+ apply (subgoal_tac "p' mem domC \") prefer 2 apply (cut_tac wf_Pi) apply (cut_tac p_domC) apply (cut_tac p_def) apply (cut_tac cmd_p) apply (simp only: in_set_conv_decomp) apply (erule exE)+ apply (simp add: incA_def wf_def checkPos_split succsNormal_def split add: split_if_asm) apply (cut_tac p_domC) apply (case_tac "frs") apply (simp add: fms map_if_notin id_lookup_def p_def mem_iff) apply (simp add: fms map_if_notin id_lookup_def p_def mem_iff callers_simps) --{* Call *} apply (rule impI,rule allI) apply (case_tac "stk") apply simp apply (case_tac "frs") apply (simp add: Let_def split_def fms map_if_notin id_lookup_def env_upd) apply (simp add: split_paired_all Let_def split_def fms map_if_notin id_lookup_def env_upd) --{* Catch *} apply (rule impI,rule allI) apply (case_tac "stk") apply simp apply (case_tac "frs") apply (simp add: Let_def split_def fms map_if_notin id_lookup_def env_upd) apply (simp add: split_paired_all Let_def split_def fms map_if_notin id_lookup_def env_upd) --{* And es *} apply (rule impI, rule allI) apply (simp add: evalE_And fms map_if_notin id_lookup_def del: evalE_evalEs.simps split del: split_if) apply (rule iffI) apply (rule ballI) apply (erule_tac x="ex" in ballE) apply (erule_tac x="(substE (map (\q. (Pos q, if q = (C, M, if relop ro (the_Intg (hd (tl stk))) (the_Intg (hd stk)) then nat (int pc + t) else pc + 1) then Pos p else FF)) (getPosEx Q) @ map (\k. (St k, St (Suc (Suc k)))) (stkIds Q)) ex)" in ballE) apply (subgoal_tac "ex \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="And es" in subExpr_Gf) apply assumption apply (simp add: parts.simps) apply (simp add: substEs_map) apply (simp add: substEs_map) apply (simp only:) apply (rule ballI) apply (simp add: substEs_map image_iff) apply (erule bexE) apply (erule_tac x="x" in ballE) apply (erule_tac x="x" in ballE) apply (subgoal_tac "x \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="And es" in subExpr_Gf) apply assumption apply (simp (no_asm_simp) add: parts.simps) apply simp apply (simp only:) apply (simp only:) done qed (*>*) lemma effS_wpF_IfFalse: assumes i_def: "i = IfFalse t" assumes wf_Pi: "wf \" assumes handlesEx: "handlesEx (fst \) p' = None" assumes cmd_p: "cmd \ p = Some i" assumes p_domC: "p \ set (domC \)" assumes i_instr: "instrs_of P C M ! pc = i" assumes s_def: "s = (p,\,e)" assumes p_def: "p = (C,M,pc)" assumes sigma_def: "\ = (None,h,(stk,loc,p)#frs)" assumes s'_def: "s' = (p',\',e')" assumes sigma'_def: "\' = (None,h,fr'#frs')" assumes e'_def: "e' = e\cs := if \M n. i = Invoke M n then h # cs e else if i = Return then tl (cs e) else cs e\" assumes p'_def: "p' = snd (snd fr')" assumes check_i: "check_instr' i P h stk loc C M pc frs" assumes exec_i : "exec_instr i P h stk loc C M pc frs = \'" assumes Pi_def: "\ = (P,An)" shows "\ I. evalE \ (p,\,e\lv:=I\) (wpF \ p p' Q) = evalE \ (p',\',e'\lv:=I\) Q" (*<*) proof - from handlesEx cmd_p i_def show ?thesis apply - apply (simp only: wpF_IfFalse) --{* induction preparation *} apply (subgoal_tac "\Q'. Q = Q'") prefer 2 apply fastsimp apply (erule exE) apply (subgoal_tac "\em. substE em Q = substE em Q'") prefer 2 apply simp apply (subgoal_tac "\ I. evalE \ (p', \', e'\lv:=I\) Q = evalE \ (p', \', e'\lv:=I\) Q'") prefer 2 apply simp apply (subgoal_tac "Q' \ set (subExpr Q)") prefer 2 apply (simp add: getExpr_refl) apply (erule_tac V="Q = Q'" in thin_rl) apply (simp only:) apply (erule_tac V="\em. substE em Q = substE em Q'" in thin_rl) apply (erule_tac V="\I. evalE \ (p', \', e'\lv:=I\) Q = evalE \ (p', \', e'\lv:=I\) Q'" in thin_rl) apply (erule_tac P="Q' \ set (subExpr Q)" in rev_mp) apply (erule thin_rl)+ apply (cut_tac exec_i[THEN sym] sigma'_def i_def sigma_def check_i p'_def e'_def p_def) --{* induction on Q' *} apply (rule_tac expr="Q'" in expr_induct) --{* Rg *} apply (simp add: fms map_if_notin id_lookup_def) --{* St *} apply (rule impI) apply (drule subExpr_stkIds) apply (drule_tac xs="stkIds Q" in in_set_conv_decomp_fst) apply (erule exE | erule conjE)+ apply (case_tac "stk") apply simp apply (simp add: fms map_if_notin id_lookup_def) --{* Lv *} apply (simp add: fms map_if_notin id_lookup_def) --{* Cn *} apply (simp add: fms map_if_notin id_lookup_def) --{* NewA *} apply (simp add: fms map_if_notin id_lookup_def) --{* Gf list1 list2 expr *} apply (rule impI) apply (subgoal_tac "expr \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Gf list1 list2 expr" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (simp add: fms map_if_notin id_lookup_def split add: val.splits) --{* FrNr *} apply (simp add: fms map_if_notin id_lookup_def) --{* Num expr1 num_op epxr2 *} apply (rule impI) apply (subgoal_tac "expr1 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Num expr1 num_op expr2" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (subgoal_tac "expr2 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Num expr1 num_op expr2" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (simp add: fms map_if_notin id_lookup_def) --{* Rel expr1 rel_op expr2 *} apply (rule impI) apply (subgoal_tac "expr1 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Rel expr1 rel_op expr2" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (subgoal_tac "expr2 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Rel expr1 rel_op expr2" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (simp add: fms map_if_notin id_lookup_def) --{* IF expr1 THEN expr2 ELSE expr3 *} apply (rule impI) apply (subgoal_tac "expr1 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="IF expr1 THEN expr2 ELSE expr3" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (subgoal_tac "expr2 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="IF expr1 THEN expr2 ELSE expr3" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (subgoal_tac "expr3 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="IF expr1 THEN expr2 ELSE expr3" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (drule mp,assumption)+ apply (rule allI) apply (simp add: split_def fms map_if_notin id_lookup_def evalE_evalEs.simps substE_substEs.simps split del: split_if add: bool.split ) apply (case_tac "evalE \ ((C, M, if hd stk = Bool False then nat (int pc + t) else pc + 1), (None, h, (tl stk, loc, C, M, if hd stk = Bool False then nat (int pc + t) else pc + 1) # frs), e\lv := I\) expr1 = \Bool True\") apply simp apply simp --{* Eq expr1 expr2 *} apply (rule impI) apply (subgoal_tac "expr1 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Eq expr1 expr2" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (subgoal_tac "expr2 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Eq expr1 expr2" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (simp add: fms map_if_notin id_lookup_def) --{* Neg expr *} apply (rule impI) apply (subgoal_tac "expr \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Neg expr" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (simp add: fms map_if_notin id_lookup_def) --{* Imp expr1 expr2 *} apply (rule impI) apply (subgoal_tac "expr1 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Imp expr1 expr2" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (subgoal_tac "expr2 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Imp expr1 expr2" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (simp add: fms map_if_notin id_lookup_def) --{* Forall nat expr *} apply (rule impI) apply (subgoal_tac "expr \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Forall nat expr" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (simp add: fms map_if_notin id_lookup_def split del: split_if) --{* Ty expr ty*} apply (rule impI) apply (subgoal_tac "expr \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Ty expr ty" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (simp add: Let_def split_def fms map_if_notin id_lookup_def split add: val.split) --{* Pos x *} apply (rule impI, rule allI) apply (subgoal_tac "x \ set (getPosEx Q)") prefer 2 apply (rule subExpr_getPosEx) apply assumption apply (drule_tac xs="getPosEx Q" in in_set_conv_decomp_fst) apply (erule exE |erule conjE)+ apply (subgoal_tac "p' mem domC \") prefer 2 apply (cut_tac wf_Pi) apply (cut_tac p_domC) apply (cut_tac p_def) apply (cut_tac cmd_p) apply (simp only: in_set_conv_decomp) apply (erule exE)+ apply (simp add: incA_def wf_def checkPos_split succsNormal_def split add: split_if_asm) apply (cut_tac p_domC) apply (case_tac "frs") apply (simp add: fms map_if_notin id_lookup_def p_def mem_iff) apply (simp add: fms map_if_notin id_lookup_def p_def mem_iff callers_simps) --{* Call *} apply (rule impI,rule allI) apply (case_tac "stk") apply simp apply (case_tac "frs") apply (simp add: Let_def split_def fms map_if_notin id_lookup_def env_upd) apply (simp add: split_paired_all Let_def split_def fms map_if_notin id_lookup_def env_upd) --{* Catch *} apply (rule impI,rule allI) apply (case_tac "stk") apply simp apply (case_tac "frs") apply (simp add: Let_def split_def fms map_if_notin id_lookup_def env_upd) apply (simp add: split_paired_all Let_def split_def fms map_if_notin id_lookup_def env_upd) --{* And es *} apply (rule impI, rule allI) apply (simp add: evalE_And fms map_if_notin id_lookup_def del: evalE_evalEs.simps split del: split_if) apply (rule iffI) apply (rule ballI) apply (erule_tac x="ex" in ballE) apply (erule_tac x="(substE (map (\q. (Pos q, if q = (C, M, if hd stk = Bool False then nat (int pc + t) else pc + 1) then Pos p else FF)) (getPosEx Q) @ map (\k. (St k, St (Suc k))) (stkIds Q)) ex)" in ballE) apply (subgoal_tac "ex \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="And es" in subExpr_Gf) apply assumption apply (simp add: parts.simps) apply (simp add: substEs_map) apply (simp add: substEs_map) apply (simp only:) apply (rule ballI) apply (simp add: substEs_map image_iff) apply (erule bexE) apply (erule_tac x="x" in ballE) apply (erule_tac x="x" in ballE) apply (subgoal_tac "x \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="And es" in subExpr_Gf) apply assumption apply (simp (no_asm_simp) add: parts.simps) apply simp apply (simp only:) apply (simp only:) done qed (*>*) lemma effS_wpF_Except: assumes wf_Pi: "wf \" assumes sys_xptn_inv: "\ C \ sys_xcpts. (\ob. (h (addr_of_sys_xcpt C) = \ob\ \ obj_ty ob = (Class C)))" assumes handlesEx: "handlesEx (fst \) p' = Some cn" assumes xa_sub_cn: "P \ (cname_of h xa) \\<^sup>* cn" (* assumes cn_noObject: "cn \ Object" *) assumes cmd_p: "cmd \ p = Some i" assumes p_domC: "p \ set (domC \)" assumes i_instr: "instrs_of P C M ! pc = i" assumes s_def: "s = (p,\,e)" assumes p_def: "p = (C,M,pc)" assumes sigma_def: "\ = (None,h,(stk,loc,p)#frs)" assumes s'_def: "s' = (p',\',e')" assumes check_i: "check_instr' i P h stk loc C M pc frs" assumes exec_i : "exec_instr i P h stk loc C M pc frs = (\xa\, h', frs'')" assumes findhandler_s: "find_handler P xa h ((stk, loc, p) # frs) = \'" assumes sigma'_def: "\' = (None, h, ([Addr xa], loc', p') # frs')" assumes e'_def: "e' = e\cs := drop (length frs - length frs') (cs e)\" assumes Pi_def: "\ = (P,An)" assumes Pos_p: "\,(p,\,e) \ Pos p" shows "\ I. evalE \ (p,\,e\lv:=I\) (wpF \ p p' Q) = evalE \ (p',\',e'\lv:=I\) Q" (*<*) proof - (* from xa_sub_cn cn_noObject wf_Pi Pi_def have xa_cn_sysxcpt: "(cname_of h xa) \ sys_xcpts \ cn = (cname_of h xa)" apply - apply (rule sysxpct_no_object) apply simp+ done *) show ?thesis proof (cases "match_ex_table P (cname_of h xa) pc (ex_table_of P C M)") case None from this xa_sub_cn have JBC_VCG_match_cn_None: "match_ex_table P cn pc (ex_table_of P C M) = None" apply (rule_tac cn="cname_of h xa" in match_ex_table_subtype_None) apply assumption+ done from this have JVMException_match_cn_None: "JVMExceptions.match_ex_table P cn pc (ex_table_of P C M) = None" by (simp add: match_ex_table_def) from None have find_handler_eq: "find_handler P xa h frs = find_handler P xa h ((stk, loc, C, M, pc)#frs)" by simp obtain C' M' pc' where p'_def: "p' = (C',M',pc')" apply atomize apply (erule_tac x="fst p'" in allE) apply (erule_tac x="fst (snd p')" in allE) apply (erule_tac x="snd (snd p')" in allE) apply simp done from findhandler_s find_handler_eq sigma'_def p_def obtain pfx where frs_pfx_frs': "frs = pfx @ frs' \ pfx \ []" apply - apply (simp only:) apply (drule_tac frs="frs" in find_handler_frs) apply fastsimp done from this have frs_not_Nil: "frs \ []" by simp from wf_Pi Pi_def p'_def findhandler_s s_def s'_def sigma'_def p_def handlesEx frs_pfx_frs' have catchstate_simp: "\ e. (\h' stk' pc''. catchstate (P, cn, (C, M, pc), (None, h, (stk, loc, C, M, pc) # frs), e) = ((C', M', pc''), (None, h', (stk', loc', C', M', pc'') # frs'), e \cs := drop (length frs - length frs') (cs e)\) \ match_ex_table P (cname_of h xa) pc'' (ex_table_of P C' M') = \pc'\)" apply - apply (rule allI) apply (simp only:) apply (drule_tac st'="stk" and stk="stk" and e="ea" in find_handler_catchstate) apply assumption+ apply (simp only: fst_conv) apply simp done from None have JVMExceptions_None: "JVMExceptions.match_ex_table P (cname_of h xa) pc (ex_table_of P C M) = None" by (simp add: match_ex_table_def) from cmd_p handlesEx show ?thesis apply - apply (simp only: wpF_Except) --{* induction preparation *} apply (subgoal_tac "\Q'. Q = Q'") prefer 2 apply fastsimp apply (erule exE) apply (subgoal_tac "\em. substE em Q = substE em Q'") prefer 2 apply simp apply (subgoal_tac "\ I. evalE \ (p', \', e'\lv:=I\) Q = evalE \ (p', \', e'\lv:=I\) Q'") prefer 2 apply simp apply (subgoal_tac "Q' \ set (subExpr Q)") prefer 2 apply (simp add: getExpr_refl) apply (erule_tac V="Q = Q'" in thin_rl) apply (simp only:) apply (erule_tac V="\em. substE em Q = substE em Q'" in thin_rl) apply (erule_tac V="\I. evalE \ (p', \', e'\lv:=I\) Q = evalE \ (p', \', e'\lv:=I\) Q'" in thin_rl) apply (erule_tac P="Q' \ set (subExpr Q)" in rev_mp) apply (erule thin_rl)+ --{* induction on Q' *} apply (cut_tac catchstate_simp JBC_VCG_match_cn_None Pi_def p_def sigma_def sigma'_def frs_not_Nil) apply (rule_tac expr="Q'" in expr_induct) --{* Rg *} apply (rule impI, rule allI) apply (drule subExpr_rgIds) apply (drule_tac xs="rgIds Q" in in_set_conv_decomp_fst) apply (erule_tac x="e\lv := I\" in allE) apply (erule exE | erule conjE)+ apply (simp add: fms map_if_notin id_lookup_def del: match_ex_table_def) --{* St nat *} apply (rule impI, rule allI) apply (drule subExpr_stkIds) apply (drule_tac xs="stkIds Q" in in_set_conv_decomp_fst) apply (erule_tac x="e\lv := I\" in allE) apply (erule exE | erule conjE)+ apply (simp add: fms map_if_notin id_lookup_def) apply (case_tac "i=Throw") apply (cut_tac "check_i") apply (simp add: neq_Nil_conv) apply (erule exE | erule conjE)+ apply (case_tac "hd stk = Null") apply (cut_tac s_def) apply (simp only:) apply (subgoal_tac "\ob. (h (addr_of_sys_xcpt NullPointer) = \ob\ \ obj_ty ob = (Class NullPointer))") prefer 2 apply (cut_tac "sys_xptn_inv") apply (erule_tac x="NullPointer" in ballE) prefer 2 apply (simp add: NullPointer_def sys_xcpts_def) apply assumption apply (erule exE | erule conjE)+ apply (cut_tac exec_i[THEN sym]) apply (simp add: is_Ref'_def is_Addr'_conv none_def split del: option.split_asm) --{* hd stk ~= Null *} apply (cut_tac exec_i[THEN sym]) apply (simp add: is_Ref_def is_Ref'_def is_Addr'_conv split del: split_if split_if_asm option.split option.split_asm) apply (case_tac "y") apply simp apply simp apply simp apply simp apply (simp add: none_def) --{* i ~= Throw *} apply simp apply (cut_tac exec_i[THEN sym] check_i) apply (case_tac "i") --{* Load *} apply simp --{* Store *} apply simp --{* Push *} apply simp --{* New *} apply (cut_tac s_def) apply simp apply (subgoal_tac "\ob. (h (addr_of_sys_xcpt OutOfMemory) = \ob\ \ obj_ty ob = (Class OutOfMemory))") prefer 2 apply (cut_tac "sys_xptn_inv") apply (erule_tac x="OutOfMemory" in ballE) prefer 2 apply (simp add: OutOfMemory_def sys_xcpts_def) apply assumption apply (erule exE) apply (simp add: sys_xcpt_of_def obj_ty_def none_def) --{* Getfield *} apply simp apply (case_tac "hd stk = Null") apply (simp add: split_def) apply (subgoal_tac "\ob. (h (addr_of_sys_xcpt NullPointer) = \ob\ \ obj_ty ob = (Class NullPointer))") prefer 2 apply (cut_tac "sys_xptn_inv") apply (erule_tac x="NullPointer" in ballE) prefer 2 apply (simp add: NullPointer_def sys_xcpts_def) apply assumption apply (erule exE) apply (simp add: sys_xcpt_of_def obj_ty_def none_def) apply (simp add: split_def) --{* Putfield *} apply simp apply (case_tac "hd (tl stk) = Null") apply (simp add: split_def) apply (subgoal_tac "\ob. (h (addr_of_sys_xcpt NullPointer) = \ob\ \ obj_ty ob = (Class NullPointer))") prefer 2 apply (cut_tac "sys_xptn_inv") apply (erule_tac x="NullPointer" in ballE) prefer 2 apply (simp add: NullPointer_def sys_xcpts_def) apply assumption apply (erule exE) apply (simp add: sys_xcpt_of_def obj_ty_def none_def) apply (simp add: split_def none_def) --{* Checkcast *} apply simp apply (case_tac "cast_ok P list h (hd stk)") apply (simp add: split_def) apply (subgoal_tac "\ob. (h (addr_of_sys_xcpt ClassCast) = \ob\ \ obj_ty ob = (Class ClassCast))") prefer 2 apply (cut_tac "sys_xptn_inv") apply (erule_tac x="ClassCast" in ballE) prefer 2 apply (simp add: ClassCast_def sys_xcpts_def) apply assumption apply (erule exE) apply (simp add: sys_xcpt_of_def obj_ty_def none_def) --{* Invoke *} apply simp apply (case_tac " stk ! nata = Null") apply (simp add: split_def) apply (subgoal_tac "\ob. (h (addr_of_sys_xcpt NullPointer) = \ob\ \ obj_ty ob = (Class NullPointer))") prefer 2 apply (cut_tac "sys_xptn_inv") apply (erule_tac x="NullPointer" in ballE) prefer 2 apply (simp add: NullPointer_def sys_xcpts_def) apply assumption apply (erule exE) apply (simp add: sys_xcpt_of_def obj_ty_def none_def) apply (simp add: split_def) --{* Return *} apply (case_tac "frs") apply simp apply (simp add: split_def) --{* Pop *} apply simp --{* IBin *} apply simp --{* Goto *} apply simp --{* CmpEq *} apply simp --{* IfIntLeq *} apply simp --{* IfFalse *} apply simp --{* Throw *} apply simp --{* Lv nat *} apply (simp add: fms map_if_notin id_lookup_def) --{* Cn nat *} apply (simp add: fms map_if_notin id_lookup_def) --{* NewA *} apply (simp add: fms map_if_notin id_lookup_def) --{* Gf list1 list2 expr *} apply (rule impI) apply (subgoal_tac "expr \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Gf list1 list2 expr" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (simp add: fms map_if_notin id_lookup_def split add: val.split) --{* FrNr *} apply (rule impI, rule allI) apply (erule_tac x="e\lv:=I\" in allE) apply (erule exE)+ apply (simp add: fms map_if_notin id_lookup_def) --{* Num expr1 num_op epxr2 *} apply (rule impI, rule allI) apply (subgoal_tac "expr1 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Num expr1 num_op expr2" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (subgoal_tac "expr2 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Num expr1 num_op expr2" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (simp add: fms map_if_notin id_lookup_def) --{* Rel expr1 rel_op expr2 *} apply (rule impI, rule allI) apply (subgoal_tac "expr1 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Rel expr1 rel_op expr2" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (subgoal_tac "expr2 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Rel expr1 rel_op expr2" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (simp add: fms map_if_notin id_lookup_def) --{* IF expr1 THEN expr2 ELSE expr3 *} apply (rule impI, rule allI) apply (subgoal_tac "expr1 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="IF expr1 THEN expr2 ELSE expr3" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (subgoal_tac "expr2 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="IF expr1 THEN expr2 ELSE expr3" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (subgoal_tac "expr3 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="IF expr1 THEN expr2 ELSE expr3" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (drule mp,assumption)+ apply (simp add: split_def fms map_if_notin id_lookup_def evalE_evalEs.simps substE_substEs.simps split del: split_if add: bool.split ) apply (case_tac "evalE (P, An) (p', (None, h, ([Addr xa], loc', p') # frs'), e'\lv := I\) expr1 = \Bool True\") apply simp apply simp --{* Eq expr1 expr2 *} apply (rule impI, rule allI) apply (subgoal_tac "expr1 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Eq expr1 expr2" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (subgoal_tac "expr2 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Eq expr1 expr2" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (simp add: fms map_if_notin id_lookup_def) --{* Neg expr *} apply (rule impI, rule allI) apply (subgoal_tac "expr \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Neg expr" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (simp add: fms map_if_notin id_lookup_def) --{* Imp expr1 expr2 *} apply (rule impI, rule allI) apply (subgoal_tac "expr1 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Imp expr1 expr2" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (subgoal_tac "expr2 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Imp expr1 expr2" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (simp add: fms map_if_notin id_lookup_def) --{* Forall nat expr *} apply (rule impI, rule allI) apply (subgoal_tac "expr \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Forall nat expr" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (simp add: fms map_if_notin id_lookup_def split del: split_if) --{* Ty expr ty*} apply (rule impI, rule allI) apply (subgoal_tac "expr \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Ty expr ty" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (simp add: Let_def split_def fms map_if_notin id_lookup_def split add: val.split) --{* Pos x *} apply (rule impI, rule allI) apply (subgoal_tac "x \ set (getPosEx Q)") prefer 2 apply (rule subExpr_getPosEx) apply assumption apply (drule_tac xs="getPosEx Q" in in_set_conv_decomp_fst) apply (erule exE |erule conjE)+ apply (subgoal_tac "p' mem domC \") prefer 2 apply (cut_tac wf_Pi) apply (cut_tac p_domC) apply (cut_tac p_def) apply (cut_tac p'_def) apply (subgoal_tac "(C',M') \ set (methodnames P)") prefer 2 apply (cut_tac findhandler_s) apply (simp only:) apply (drule find_handler_frs') apply (erule exE | erule conjE)+ apply (simp add: Let_def fst_conv snd_conv) apply (rule_tac xs="pfx" in rev_cases) apply simp apply (simp add: split_def) apply (cut_tac Pos_p) apply (simp add: callers_sysinv_trans del: callers_sysinv.simps) apply (case_tac "ysa") apply simp apply (erule conjE)+ apply (rule_tac pc="snd (snd (snd (snd y)))" and An="An" in domC_methodnames) apply simp --{* ysa = a list *} apply simp apply (case_tac "list") apply simp apply (erule conjE)+ apply (rule_tac pc="snd (snd (snd (snd y)))" and An="An" in domC_methodnames) apply simp --{* list = aa lista *} apply (erule conjE)+ apply (erule_tac x="length list - 1" in allE) apply simp apply (erule conjE)+ apply (rule_tac pc="snd (snd (snd (snd y)))" and An="An" in domC_methodnames) apply simp apply (erule_tac x="e" in allE) apply (erule conjE | erule exE)+ apply (subgoal_tac "(C',M',pc') \ set (domC (P,An))") prefer 2 apply (rule_tac X="cname_of h xa" in wf_ex_table_domC) apply (cut_tac "wf_Pi") apply (simp add: Pi_def) apply assumption apply simp apply (simp add: Pi_def mem_iff) apply (cut_tac p_domC) apply (cut_tac Pos_p) apply (cut_tac findhandler_s) apply (simp only:) apply (drule find_handler_frs') apply (erule exE | erule conjE)+ apply (simp add: fms map_if_notin id_lookup_def p_def mem_iff callers_sysinv_trans del: callers_sysinv.simps) apply (case_tac "frs'") apply (simp add: not_Nil_case) apply (rule impI) apply (rule_tac xs="pfx" in rev_cases) apply simp apply (rule iffI) apply (erule_tac x="length pfx - 1" in allE)+ apply (simp add: length_append last_append) apply (rule allI) apply (rule conjI) apply (rule impI) apply (erule_tac x="i" in allE) apply (drule_tac s="Suc i" and t="length pfx" in sym) apply (simp add: nth_append last_append) apply (rule impI)+ apply (erule_tac x="i" in allE) apply simp --{* frs' = a list *} apply (subgoal_tac "\ Cp Mp pcp. last pfx = (Cp,Mp,pcp)") prefer 2 apply (erule thin_rl)+ apply (rule_tac x="fst (last pfx)" in exI) apply (rule_tac x="fst (snd (last pfx))" in exI) apply (rule_tac x="snd (snd (last (pfx)))" in exI) apply simp apply (erule exE)+ apply (cut_tac p'_def) apply simp apply (drule_tac t="a # list" and s="frs'" in sym) apply (simp only:) apply (subgoal_tac "pfx @ frs' \ []") prefer 2 apply simp apply (simp add: not_Nil_case) apply (rule impI) apply (erule conjE | erule exE)+ apply (subgoal_tac "snd (snd a) \ set (callers (P, An) p')") prefer 2 apply (rule_tac xs="pfx" in rev_cases) apply simp apply (erule_tac x="length pfx - 2" in allE) apply simp apply (subgoal_tac "length ysa - Suc 0 < Suc (length ysa + length list)") prefer 2 apply (erule thin_rl)+ apply arith apply simp apply (case_tac "length ysa - Suc 0 = length ysa + length list") apply simp apply (drule_tac t="frs'" and s="a # list" in sym) apply (case_tac "ysa") apply simp apply (case_tac "pfx") apply simp apply (subgoal_tac "callers \ (C,M,pc) = callers \ (C,M,pc')") prefer 2 apply (rule callers_eq) apply (erule conjE)+ apply (drule_tac t="pcp" in sym) apply simp apply simp apply simp apply (case_tac "ysa") apply simp apply (subgoal_tac "callers \ (C,M,pc) = callers \ (C,M,pc')") prefer 2 apply (rule callers_eq) apply (erule conjE)+ apply (drule_tac t="pcp" in sym) apply (drule_tac t="frs'" in sym) apply simp --{* ysa = aa lista *} apply simp apply (drule_tac t="frs'" in sym) apply (simp add: nth_append) apply (erule conjE)+ apply (subgoal_tac "callers \ (fst pcp,fst (snd pcp),pc') = callers \ (fst pcp,fst (snd pcp),snd (snd pcp))") prefer 2 apply (rule callers_eq) apply simp apply (cut_tac p'_def) apply simp apply (rule allI) apply (rule conjI) apply (rule impI) apply (erule_tac x="length pfx + length list - 1" in allE) apply simp apply (rule impI)+ apply (erule_tac x="length pfx + i - 1" in allE) apply (case_tac "pfx") apply simp apply (subgoal_tac "length pfx + i - 1 < length pfx + length list") prefer 2 apply simp apply simp apply (drule_tac t="frs'" in sym) apply (simp add: nth_append) --{* Call *} apply (rule impI, rule allI) apply (drule subExpr_getCallEx) apply (drule_tac xs="getCallEx Q" in in_set_conv_decomp_fst) apply (erule exE | erule conjE)+ apply (erule_tac x="e\lv:=I\" in allE) apply (erule exE)+ apply (simp add: fms id_lookup_def) apply (rule impI) apply (simp only: neq_Nil_conv) apply (erule exE)+ apply (cut_tac e'_def) apply (simp (no_asm_simp) add: split_paired_all) --{* Catch *} apply (rule impI,rule allI) apply (drule subExpr_getCatchEx) apply (drule_tac xs="getCatchEx Q" in in_set_conv_decomp_fst) apply (erule exE | erule conjE)+ apply (erule_tac x="e\lv:=I\" in allE) apply (erule exE)+ apply (simp add: fms id_lookup_def) apply (rule impI) apply (simp only: neq_Nil_conv) apply (erule exE) + apply (subgoal_tac " (catchstate (P, list, (C', M', pc''), (None, h', (stk', loc', C', M', pc'') # frs'), e \lv:= I, cs := drop (length frs - length frs') (cs e)\)) = (catchstate (P, list, (C', M', pc'), (None, h, ([Addr xa], loc', C', M', pc') # frs'), e \cs := drop (length frs - length frs') (cs e),lv:= I\))") prefer 2 apply (simp only:) apply (erule thin_rl)+ apply (cut_tac catchstate_eq) apply fastsimp apply (cut_tac p'_def e'_def) apply simp --{* And es *} apply (rule impI, rule allI) apply (simp add: evalE_And fms map_if_notin id_lookup_def del: evalE_evalEs.simps split del: split_if) apply (rule iffI) apply (rule ballI) apply (erule_tac x="ex" in ballE) apply (erule_tac x="(substE (map (\q. (Pos q, if q = p' then Pos p else FF)) (getPosEx Q) @ map (\k. (St k, if Suc 0 \ k then none else if i = Throw then IF St 0 \ Cn Null THEN Cn (Addr (addr_of_sys_xcpt NullPointer)) ELSE St 0 else Cn (Addr (addr_of_sys_xcpt (sys_xcpt_of i))))) (stkIds Q) @ (FrNr, Catch cn FrNr) # map (\k. (Rg k, Catch cn (Rg k))) (rgIds Q) @ map (\ex. (Call ex, Catch cn (Call ex))) (getCallEx Q) @ map (\p. (Catch (fst p) (snd p), Catch cn (Catch (fst p) (snd p)))) (getCatchEx Q)) ex)" in ballE) apply (subgoal_tac "ex \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="And es" in subExpr_Gf) apply assumption apply (simp add: parts.simps) apply (simp add: substEs_map) apply (simp add: substEs_map) apply (simp only:) apply (rule ballI) apply (simp add: substEs_map image_iff) apply (erule bexE) apply (erule_tac x="x" in ballE) apply (erule_tac x="x" in ballE) apply (subgoal_tac "x \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="And es" in subExpr_Gf) apply assumption apply (simp (no_asm_simp) add: parts.simps) apply simp apply (simp only:) apply (simp only:) done next case (Some a) obtain C' M' pc' where p'_def:"p' = (C',M',pc')" apply atomize apply (erule_tac x="fst p'" in allE) apply (erule_tac x="fst (snd p')" in allE) apply (erule_tac x="snd (snd p')" in allE) apply simp done from Some wf_Pi Pi_def p_def findhandler_s s_def sigma'_def handlesEx p'_def p'_def obtain d where JVMException_match_xa_Some: "JVMExceptions.match_ex_table P (cname_of h xa) pc (ex_table_of P C M) = \(pc',d)\" apply atomize apply (simp add: JBC_VCG.match_ex_table_def) apply fastsimp done from Some wf_Pi Pi_def p_domC p_def findhandler_s s_def sigma'_def handlesEx p'_def have JBC_VCG_match_cn_Some: "match_ex_table P cn pc (ex_table_of P C M) = \pc'\" apply - apply (rule_tac cn'="(cname_of h xa)" and An="An" in handlesEx_match_ex_table) apply simp apply (rule_tac pc="pc" and An="An" in domC_methodnames, simp) apply simp apply simp done from cmd_p handlesEx show ?thesis apply - apply (simp only: wpF_Except) --{* induction preparation *} apply (subgoal_tac "\Q'. Q = Q'") prefer 2 apply fastsimp apply (erule exE) apply (subgoal_tac "\em. substE em Q = substE em Q'") prefer 2 apply simp apply (subgoal_tac "\ I. evalE \ (p', \', e'\lv:=I\) Q = evalE \ (p', \', e'\lv:=I\) Q'") prefer 2 apply simp apply (subgoal_tac "Q' \ set (subExpr Q)") prefer 2 apply (simp add: getExpr_refl) apply (erule_tac V="Q = Q'" in thin_rl) apply (simp only:) apply (erule_tac V="\em. substE em Q = substE em Q'" in thin_rl) apply (erule_tac V="\I. evalE \ (p', \', e'\lv:=I\) Q = evalE \ (p', \', e'\lv:=I\) Q'" in thin_rl) apply (erule_tac P="Q' \ set (subExpr Q)" in rev_mp) apply (erule thin_rl)+ --{* induction on Q' *} apply (cut_tac JVMException_match_xa_Some JBC_VCG_match_cn_Some Pi_def p_def sigma_def sigma'_def p'_def findhandler_s) apply (rule_tac expr="Q'" in expr_induct) --{* Rg *} apply (rule impI, rule allI) apply (simp only: split_def Let_def fst_conv snd_conv simp_thms if_True) apply (drule subExpr_rgIds) apply (drule_tac xs="rgIds Q" in in_set_conv_decomp_fst) apply (erule exE | erule conjE)+ apply (simp add: fms map_if_notin id_lookup_def del: match_ex_table_def) --{* St nat *} apply (rule impI, rule allI) apply (simp only: split_def Let_def fst_conv snd_conv simp_thms if_True) apply (drule subExpr_stkIds) apply (drule_tac xs="stkIds Q" in in_set_conv_decomp_fst) apply (erule exE | erule conjE)+ apply (simp add: fms map_if_notin id_lookup_def) apply (case_tac "i=Throw") apply (cut_tac exec_i[THEN sym] check_i) apply (simp add: neq_Nil_conv) apply (erule exE | erule conjE)+ apply (case_tac "hd stk = Null") apply (subgoal_tac "\ob. (h (addr_of_sys_xcpt NullPointer) = \ob\ \ obj_ty ob = (Class NullPointer))") prefer 2 apply (cut_tac "sys_xptn_inv") apply (erule_tac x="NullPointer" in ballE) prefer 2 apply (simp add: NullPointer_def sys_xcpts_def) apply assumption apply (erule exE) apply (simp add: none_def) --{* hd stk ~= Null *} apply (simp add: is_Ref_def is_Ref'_def split del: split_if split_if_asm option.split option.split_asm) apply (case_tac "y") apply simp apply simp apply simp apply simp apply (simp add: none_def) --{* i ~= Throw *} apply simp apply (cut_tac exec_i[THEN sym] check_i) apply (case_tac "i") --{* Load *} apply simp --{* Store *} apply simp --{* Push *} apply simp --{* New *} apply simp apply (subgoal_tac "\ob. (h (addr_of_sys_xcpt OutOfMemory) = \ob\ \ obj_ty ob = (Class OutOfMemory))") prefer 2 apply (cut_tac "sys_xptn_inv") apply (erule_tac x="OutOfMemory" in ballE) prefer 2 apply (simp add: OutOfMemory_def sys_xcpts_def) apply assumption apply (erule exE) apply (simp add: sys_xcpt_of_def obj_ty_def none_def) --{* Getfield *} apply simp apply (case_tac "hd stk = Null") apply (simp add: split_def) apply (subgoal_tac "\ob. (h (addr_of_sys_xcpt NullPointer) = \ob\ \ obj_ty ob = (Class NullPointer))") prefer 2 apply (cut_tac "sys_xptn_inv") apply (erule_tac x="NullPointer" in ballE) prefer 2 apply (simp add: NullPointer_def sys_xcpts_def) apply assumption apply (erule exE) apply (simp add: sys_xcpt_of_def obj_ty_def none_def) apply (simp add: split_def) --{* Putfield *} apply simp apply (case_tac "hd (tl stk) = Null") apply (simp add: split_def) apply (subgoal_tac "\ob. (h (addr_of_sys_xcpt NullPointer) = \ob\ \ obj_ty ob = (Class NullPointer))") prefer 2 apply (cut_tac "sys_xptn_inv") apply (erule_tac x="NullPointer" in ballE) prefer 2 apply (simp add: NullPointer_def sys_xcpts_def) apply assumption apply (erule exE) apply (simp add: sys_xcpt_of_def obj_ty_def none_def) apply (simp add: split_def) --{* Checkcast *} apply simp apply (case_tac "cast_ok P list h (hd stk)") apply (simp add: split_def) apply (cut_tac s_def) apply (simp only:) apply (subgoal_tac "\ob. (h (addr_of_sys_xcpt ClassCast) = \ob\ \ obj_ty ob = (Class ClassCast))") prefer 2 apply (cut_tac "sys_xptn_inv") apply (erule_tac x="ClassCast" in ballE) prefer 2 apply (simp add: ClassCast_def sys_xcpts_def) apply assumption apply (erule exE) apply (simp add: sys_xcpt_of_def obj_ty_def none_def) --{* Invoke *} apply simp apply (erule conjE)+ apply (case_tac " stk ! nata = Null") apply (simp add: split_def) apply (cut_tac s_def) apply (simp only:) apply (subgoal_tac "\ob. (h (addr_of_sys_xcpt NullPointer) = \ob\ \ obj_ty ob = (Class NullPointer))") prefer 2 apply (cut_tac "sys_xptn_inv") apply (erule_tac x="NullPointer" in ballE) prefer 2 apply (simp add: NullPointer_def sys_xcpts_def) apply assumption apply (simp add: sys_xcpt_of_def) apply (simp add: split_def) --{* Return *} apply (case_tac "frs") apply simp apply (simp add: split_def) apply (case_tac "frs'") apply simp apply (simp add: split_def) --{* Pop *} apply (simp add: none_def) --{* IBin *} apply simp --{* Goto *} apply simp --{* CmpEq *} apply simp --{* IfIntLeq *} apply simp --{* IfFalse *} apply simp --{* Throw *} apply simp --{* Lv nat *} apply (simp add: fms map_if_notin id_lookup_def) --{* Cn nat *} apply (simp add: fms map_if_notin id_lookup_def) --{* NewA *} apply (simp add: fms map_if_notin id_lookup_def) --{* Gf list1 list2 expr *} apply (rule impI, rule allI) apply (subgoal_tac "expr \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Gf list1 list2 expr" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (simp add: fms map_if_notin id_lookup_def split add: val.split) --{* FrNr *} apply (rule impI, rule allI) apply (simp add: fms map_if_notin id_lookup_def) --{* Num expr1 num_op epxr2 *} apply (rule impI, rule allI) apply (subgoal_tac "expr1 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Num expr1 num_op expr2" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (subgoal_tac "expr2 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Num expr1 num_op expr2" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (simp add: fms map_if_notin id_lookup_def) --{* Rel expr1 rel_op expr2 *} apply (rule impI, rule allI) apply (subgoal_tac "expr1 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Rel expr1 rel_op expr2" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (subgoal_tac "expr2 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Rel expr1 rel_op expr2" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (simp add: fms map_if_notin id_lookup_def) --{* IF expr1 THEN expr2 ELSE expr3 *} apply (rule impI, rule allI) apply (subgoal_tac "expr1 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="IF expr1 THEN expr2 ELSE expr3" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (subgoal_tac "expr2 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="IF expr1 THEN expr2 ELSE expr3" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (subgoal_tac "expr3 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="IF expr1 THEN expr2 ELSE expr3" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (drule mp,assumption)+ apply (simp add: split_def fms map_if_notin id_lookup_def evalE_evalEs.simps substE_substEs.simps split del: split_if add: bool.split ) apply (case_tac " evalE (P, An) ((C', M', pc'), (None, h, ([Addr xa], loc', C', M', pc') # frs'), e'\lv := I\) expr1 = \Bool True\") apply simp apply simp --{* Eq expr1 expr2 *} apply (rule impI, rule allI) apply (subgoal_tac "expr1 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Eq expr1 expr2" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (subgoal_tac "expr2 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Eq expr1 expr2" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (simp add: fms map_if_notin id_lookup_def) --{* Neg expr *} apply (rule impI, rule allI) apply (subgoal_tac "expr \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Neg expr" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (simp add: fms map_if_notin id_lookup_def) --{* Imp expr1 expr2 *} apply (rule impI, rule allI) apply (subgoal_tac "expr1 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Imp expr1 expr2" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (subgoal_tac "expr2 \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Imp expr1 expr2" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (simp add: fms map_if_notin id_lookup_def) --{* Forall nat expr *} apply (rule impI, rule allI) apply (subgoal_tac "expr \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Forall nat expr" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (simp add: fms map_if_notin id_lookup_def split del: split_if) --{* Ty expr ty*} apply (rule impI, rule allI) apply (subgoal_tac "expr \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="Ty expr ty" in subExpr_Gf) apply assumption apply (simp (no_asm) add: parts.simps) apply (simp add: Let_def split_def fms map_if_notin id_lookup_def split add: val.split) --{* Pos x *} apply (rule impI, rule allI) apply (subgoal_tac "x \ set (getPosEx Q)") prefer 2 apply (rule subExpr_getPosEx) apply assumption apply (drule_tac xs="getPosEx Q" in in_set_conv_decomp_fst) apply (erule exE |erule conjE)+ apply (subgoal_tac "(C,M,pc') \ set (domC (P,An))") prefer 2 apply (rule_tac X="cn" in wf_ex_table_domC) apply (cut_tac wf_Pi) apply simp apply (rule_tac pc="pc" and An="An" in domC_methodnames) apply (cut_tac p_domC) apply simp apply simp apply (simp add: fms map_if_notin id_lookup_def) apply (rule impI) apply (case_tac "frs'") apply (cut_tac p_domC) apply (simp add: mem_iff) apply (cut_tac p_domC) apply (simp add: mem_iff split_def del: callers_sysinv.simps) apply (subgoal_tac "callers (P,An) (C',M',pc') = callers (P,An) (C',M',pc)") prefer 2 apply (rule callers_eq) apply (cut_tac e'_def) apply simp --{* Call *} apply (rule impI,rule allI) apply (simp add: Let_def split_def fms map_if_notin id_lookup_def) apply (rule impI) apply (simp only: neq_Nil_conv) apply (erule exE)+ apply (cut_tac e'_def) apply (simp (no_asm_simp) add: split_paired_all) --{* Catch *} apply (rule impI,rule allI) apply (simp add: Let_def split_def fms map_if_notin id_lookup_def) apply (rule impI) apply (simp only: neq_Nil_conv) apply (erule exE)+ apply (cut_tac e'_def) apply (simp (no_asm_simp) add: split_paired_all) --{* And es *} apply (rule impI, rule allI) apply (simp add: evalE_And fms map_if_notin id_lookup_def del: evalE_evalEs.simps split del: split_if) apply (rule iffI) apply (rule ballI) apply (erule_tac x="ex" in ballE) apply (erule_tac x=" (substE (map (\q. (Pos q, if q = (C', M', pc') then Pos p else FF)) (getPosEx Q) @ map (\k. (St k, if Suc 0 \ k then none else if i = Throw then IF St 0 \ Cn Null THEN Cn (Addr (addr_of_sys_xcpt NullPointer)) ELSE St 0 else Cn (Addr (addr_of_sys_xcpt (sys_xcpt_of i))))) (stkIds Q)) ex)" in ballE) apply (subgoal_tac "ex \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="And es" in subExpr_Gf) apply assumption apply (simp add: parts.simps) apply (simp add: substEs_map) apply (simp add: substEs_map) apply (simp only:) apply (rule ballI) apply (simp add: substEs_map image_iff) apply (erule bexE) apply (erule_tac x="x" in ballE) apply (erule_tac x="x" in ballE) apply (subgoal_tac "x \ set (subExpr Q)") prefer 2 apply (rule_tac ex'="And es" in subExpr_Gf) apply assumption apply (simp (no_asm_simp) add: parts.simps) apply simp apply (simp only:) apply (simp only:) done qed qed (*>*) lemma effS_wpF: assumes wf_Pi: "wf \" assumes s_def: "s = (p,\,e)" assumes s'_def: "s' = (p',\',e')" (* assumes anF_p: "(\ Mn n. cmd \ p = Some (Invoke Mn n)) \ (\ A. anF \ p = Some A \ \,s \ A)" *) assumes s_inv_Pos: "\,s \ inv_Pos \ (fst s)" assumes s_inv_Ty:"\,s \ inv_Ty \ (fst s)" assumes s_inv_ExTys:"\,s \ inv_ExTys \ (fst s)" assumes p'_B_succsF_p: "(p',B) \ set (succsF \ p)" assumes s_B: "\,s \ B" assumes s_s'_effS: "(s,s') \ effS \" shows "\ I. evalE \ (p,\,e\lv:=I\) (wpF \ p p' Q) = evalE \ (p', \',e'\lv:=I\) Q" (*<*) proof (rule effS.elims[OF s_s'_effS]) fix p \ e p' \' e' P C M pc i h stk loc frs assume s_s'_def: "(s, s') = ((p, \, e), p', \', e')" assume P_def: "P = fst \" assume p_def: "p = (C, M, pc)" assume i_def: "i = instrs_of P C M ! pc" assume sigma_def: "\ = (None, h, (stk, loc, p) # frs)" assume has_method_C_M: "JBC_Semantics.has_method P C M" { --{* EXCEPTIONAL EXECUTION *} fix xa h' frs'' loc' frs' assume exec_i: "exec_instr i P h stk loc C M pc frs = (\xa\, h', frs'')" assume find_handler_s: "find_handler P xa h ((stk, loc, p) # frs) = \'" assume sigma'_def: "\' = (None, h, ([Addr xa], loc', p') # frs')" assume e'_def: "e' = e\cs := drop (length frs - length frs') (cs e)\" show ?thesis proof - from s_inv_Pos s_def s_s'_def have Pos_p: "\,(p,\,e) \ Pos p" apply (simp add: inv_Pos_def split_def) apply (case_tac "snd (snd \)") apply simp apply simp done from s_inv_ExTys s_s'_def s_def have sys_xptn_inv: "\C\sys_xcpts. \ob. (fst (snd \)) (addr_of_sys_xcpt C) = \ob\ \ obj_ty ob = Class C" by (simp add: inv_ExTys_def split_def sys_xcpts_def obj_ty_def split_paired_all) from p'_B_succsF_p s_s'_def s_def have p_domC: "p \ set (domC \)" apply - apply (simp add: succsF_def succsNormal_def succsExcept_def addPos_def) apply (rule cmd_domC) apply simp apply (rule cmd_domC) apply simp done from wf_Pi p'_B_succsF_p s_s'_def s_def s'_def have p'_domC: "p' \ set (domC \)" apply - apply (drule succsF_domC) apply assumption apply simp done from sigma_def p_def i_def p_domC wf_Pi s_inv_Ty s_def sigma_def p_def s_s'_def have check_i : "check_instr' ((instrs_of P C M)!pc) (fst \) h stk loc C M pc frs" apply - apply (rule wf_invTys_check') apply simp apply simp apply simp apply simp apply simp apply (drule_tac C="C" and M="M" and pc="pc" and \="\" in domC_cmd_instr_of) apply simp apply (simp add: P_def) done from wf_Pi p_domC p_def i_def P_def s_s'_def s_def have cmd_p: "cmd \ p = Some i" apply - apply simp apply (drule domC_cmd_instr_of) apply simp apply simp done from P_def obtain An where Pi_def: "\ = (P,An)" apply atomize apply (erule_tac x="snd \" in allE) apply simp done from wf_Pi p_domC cmd_p p_def exec_i find_handler_s sigma'_def Pi_def s_s'_def s_def s'_def obtain cn where handlesEx_p: "handlesEx (fst \) p' = Some cn \ P \ (cname_of h xa) \\<^sup>* cn" apply - apply atomize apply (subgoal_tac "\cn. handlesEx P p' = Some cn \ P \ (cname_of h xa) \\<^sup>* cn") prefer 2 apply (subgoal_tac "\ cns cn cns'. handlesEx' P p' = (cns @ cn # cns') \ P \ (cname_of h xa) \\<^sup>* cn") prefer 2 apply (subgoal_tac "(\h' stk' pc''. catchstate (P, cname_of h xa, p, (None, h, (stk, loc, p) # frs), e) = ((fst p', fst (snd p'), pc''), (None, h', (stk', loc', fst p', fst (snd p'), pc'') # frs'), e\cs := drop (length frs - length frs') (cs e)\) \ match_ex_table P (cname_of h xa) pc'' (ex_table_of P (fst p') (fst (snd p'))) = \snd (snd p')\) \ frs = frs'") prefer 2 apply (rule_tac P="P" and xa="xa" and st'="stk" in find_handler_catchstate') apply simp apply (case_tac "frs = frs'") apply simp apply (frule find_handler_frs) apply (erule exE | erule conjE)+ apply simp apply (drule_tac C="C" and M="M" and cn="cname_of h xa" and pc="pc" and pc'="fst a" in match_ex_table_handlesEx') apply (rule_tac pc="pc" and An="An" in domC_methodnames) apply simp apply (simp add: JBC_VCG.match_ex_table_def) apply (erule exE | erule conjE)+ apply (rule_tac x="cns" in exI) apply (rule_tac x="cn'" in exI) apply simp --{* frs ~= frs' *} apply simp apply (frule_tac C="fst p'" and M="fst (snd p')" and cn="cname_of h xa" and pc="pc''" and pc'="fst a" in match_ex_table_handlesEx') apply (subgoal_tac "(fst p', fst (snd p')) \ set (methodnames P)") prefer 2 apply (cut_tac p'_domC) apply (rule_tac pc="snd (snd p')" and An="An" in domC_methodnames) apply simp apply assumption apply (simp add: JBC_VCG.match_ex_table_def) apply (erule exE | erule conjE)+ apply (rule_tac x="cns" in exI) apply (rule_tac x="cn'" in exI) apply simp apply (erule conjE | erule exE)+ apply (subgoal_tac "length (handlesEx' P p') \ 1") prefer 2 apply (rule_tac An="An" in wf_handlesEx'_length) apply (simp only: Pi_def) apply (rule_tac x="cn" in exI) apply (case_tac "cns") apply (simp add: handlesEx_def) apply simp apply simp done show ?thesis apply - apply (rule_tac s="s" and C="C" and M="M" and pc="pc" and cn="cn" and xa="xa" and h="h" and stk="stk" and loc="loc" and frs="frs" and h'="h'" and frs''="frs''" and s'="s'" and P="P" and An="snd \" and loc'="loc'" and frs'="frs'" in effS_wpF_Except) apply (rule wf_Pi) apply (cut_tac sys_xptn_inv s_def sigma_def s_s'_def) apply simp apply (cut_tac handlesEx_p s_s'_def s'_def, simp) apply (cut_tac handlesEx_p s_s'_def s'_def, simp) apply (cut_tac handlesEx_p s_s'_def s'_def, simp) apply (cut_tac cmd_p s_s'_def s_def, simp) apply (cut_tac s_s'_def s_def p_domC, simp) apply (simp only: i_def) apply (rule s_def) apply (cut_tac s_s'_def s_def p_def, simp) apply (cut_tac s_s'_def s_def sigma_def, simp) apply (rule s'_def) apply (cut_tac check_i i_def Pi_def, simp) apply (cut_tac s_s'_def s'_def sigma'_def exec_i,simp) apply (cut_tac find_handler_s s_s'_def s_def s'_def sigma'_def, simp) apply (cut_tac s_s'_def s'_def s_def sigma'_def, simp) apply (cut_tac s_s'_def s'_def s_def e'_def, simp) apply (simp add: P_def) apply (cut_tac Pos_p s_s'_def s_def) apply simp done qed next --{* NORMAL EXECUTION *} fix h' fr' frs' assume exec_i: "exec_instr i P h stk loc C M pc frs = (None, h', fr' # frs')" assume sigma'_def: "\' = (None, h', fr' # frs')" assume p'_def: "p' = snd (snd fr')" assume e'_def: "e' = e\cs := if \M n. i = Invoke M n then h # cs e else if i = Return then tl (cs e) else cs e\" show ?thesis proof - from s_inv_Pos s_def s_s'_def have Pos_p: "\,(p,\,e) \ Pos p" apply (simp add: inv_Pos_def split_def) apply (case_tac "snd (snd \)") apply simp apply simp done from s_inv_ExTys s_s'_def s_def have sys_xptn_inv: "\C\sys_xcpts. \ob. (fst (snd \)) (addr_of_sys_xcpt C) = \ob\ \ obj_ty ob = Class C" by (simp add: inv_ExTys_def split_def sys_xcpts_def obj_ty_def split_paired_all) from wf_Pi p'_B_succsF_p s_s'_def s_def s'_def have p_domC' : "p \ set (domC \)" apply - apply (drule succsF_domC) apply assumption apply simp done from wf_Pi p'_B_succsF_p s_s'_def s_def s'_def have p'_domC : "p' \ set (domC \)" apply - apply (drule succsF_domC) apply assumption apply simp done from sigma_def p_def i_def p_domC' wf_Pi s_inv_Ty s_def sigma_def p_def s_s'_def have check_i : "check_instr' ((instrs_of P C M)!pc) P h stk loc C M pc frs" apply - apply (subgoal_tac "check_instr' ((instrs_of P C M)!pc) (fst \) h stk loc C M pc frs") prefer 2 apply (rule wf_invTys_check') apply simp apply simp apply simp apply simp apply simp apply (drule_tac C="C" and M="M" and pc="pc" and \="\" in domC_cmd_instr_of) apply simp apply (simp add: P_def) apply (simp add: P_def) done from wf_Pi p_domC' p_def i_def P_def have cmd_p: "cmd \ p = Some i" apply - apply simp apply (drule domC_cmd_instr_of) apply simp apply simp done from P_def obtain An where Pi_def: "\ = (P,An)" apply atomize apply (erule_tac x="snd \" in allE) apply simp done from wf_Pi p_domC' cmd_p p_def p'_def exec_i have handlesEx_p: "handlesEx (fst \) p' = None" proof - from wf_Pi p_domC' cmd_p have throwChk_p: "throwChk (\, \i\, anF \ p, p)" apply (simp only: in_set_conv_decomp) apply (erule exE)+ apply (simp add: JBC_VCG.wf_def checkPos_split) apply (erule conjE)+ apply (drule split_if_False) apply simp done from wf_Pi p_domC' cmd_p have invokeChk_p: "invokeChk (\, \i\, anF \ p, p)" apply (simp only: in_set_conv_decomp) apply (erule exE)+ apply (simp add: JBC_VCG.wf_def checkPos_split) apply (erule conjE)+ apply (drule split_if_False) apply simp done from wf_Pi p_domC' cmd_p have p'_succsN_hEx: "p' mem map fst (succsNormal \ p) \ handlesEx (fst \) p' = None" apply - apply (simp only: in_set_conv_decomp mem_iff) apply (erule exE)+ apply (simp add: JBC_VCG.wf_def checkPos_split mem_iff) apply (erule conjE)+ apply (drule split_if_False) apply (erule conjE)+ apply simp done from p'_B_succsF_p s_s'_def s_def s'_def obtain B' where B_def: "B = And [Pos p,B']" apply - apply (simp add: succsF_def addPos_def) apply (erule disjE) apply (erule imageE) apply (simp add: split_def) apply (erule imageE) apply (simp add: split_def) done from p'_B_succsF_p s_s'_def s_def s'_def B_def have p'_succsNormal_succsExcept: "(p',B') \ set (succsNormal \ p) \ (p',B') \ set (succsExcept \ p)" apply - apply (simp add: succsF_def addPos_append addPos_def) apply (erule disjE) apply (erule imageE) apply (simp add: split_def) apply (erule imageE) apply (simp add: split_def) done note exec_simp = p_domC' cmd_p exec_i[THEN sym] p_def p'_def from exec_simp sigma_def s_def have p'_succsN: "p' mem map fst (succsNormal \ p)" proof (cases i) case (Load n) from this exec_simp show ?thesis by (simp add: succsNormal_def incA_def) next case (Store n) from this exec_simp show ?thesis by (simp add: succsNormal_def incA_def) next case (Push v) from this exec_simp show ?thesis by (simp add: succsNormal_def incA_def) next case (New cn) from this exec_simp show ?thesis by (simp add: succsNormal_def incA_def) next case (Getfield Fn cn) from this exec_simp show ?thesis apply (simp add: succsNormal_def incA_def) apply (case_tac "hd stk = Null") apply (simp add: split_def)+ done next case (Putfield Fn Cn) from this exec_simp show ?thesis apply (simp add: succsNormal_def incA_def) apply (case_tac "hd (tl stk) = Null") apply (simp add: split_def) apply (simp add: split_def) done next case (Checkcast Cn) from this exec_simp show ?thesis by (simp add: succsNormal_def incA_def) next case (Invoke Mn n) show ?thesis proof (cases "stk ! n = Null") case True from True Invoke exec_simp show ?thesis by (simp add: split_def) next case False from False have not_Null: "stk ! n \ Null" by simp from p'_succsNormal_succsExcept show ?thesis proof (cases "(p',B') \ set (succsExcept \ p)") case True from True s_B B_def wf_Pi Invoke cmd_p s_s'_def s_def s'_def sigma_def not_Null show ?thesis apply - apply (drule wf_succsXpt_xcpt_cond) apply assumption apply simp apply assumption apply (erule exE) apply (simp add: valid_def sys_xcpt_of_def xcpt_cond_def evalEs_map) apply (case_tac "n < length stk") apply simp apply simp done next case False from False p'_succsNormal_succsExcept show ?thesis apply - apply (simp add: mem_iff) apply (drule_tac f="fst" in imageI) apply simp done qed qed next case Return from this exec_simp p'_B_succsF_p s_s'_def s_def s'_def show ?thesis apply (simp add: succsNormal_def succsF_def incA_def succsExcept_def addPos_def) apply (erule imageE) apply (erule imageE) apply (simp add: split_def mem_iff map_fst_tuple image_fst_tuple) apply (drule_tac f="(\p'. ((fst p', fst (snd p'), Suc (snd (snd p'))), Call (And [aF \ p', Pos p'])))" and A="set (callers \ (C,M,pc))" in imageI) apply (drule_tac f="fst" and x="((fst p'a, fst (snd p'a), Suc (snd (snd p'a))), Call (And [aF \ p'a, Pos p'a]))" in imageI) apply simp done next case Pop from this exec_simp show ?thesis by (simp add: succsNormal_def incA_def) next case IBin from this exec_simp show ?thesis by (simp add: succsNormal_def incA_def) next case (Goto t) from this exec_simp show ?thesis by (simp add: succsNormal_def incA_def) next case CmpEq from this exec_simp show ?thesis by (simp add: succsNormal_def incA_def) next case (IfIntCmp ro t) from this exec_simp show ?thesis by (simp add: succsNormal_def incA_def) next case (IfFalse t) from this exec_simp show ?thesis by (simp add: succsNormal_def incA_def) next case Throw from this exec_simp show ?thesis apply simp apply (case_tac "hd stk = Null") apply simp apply simp done qed from p'_succsN_hEx p'_succsN show ?thesis by simp qed --{* handlesEx_p *} show ?thesis proof (cases i) case (Load n) from this show ?thesis apply - apply (rule_tac s="s" and C="C" and M="M" and pc="pc" and h="h" and stk="stk" and loc="loc" and frs="frs" and s'="s'" and fr'="fr'" and P="P" and An="snd \" in effS_wpF_Load) apply (rule wf_Pi) apply (cut_tac handlesEx_p s_s'_def s'_def, simp) apply (cut_tac cmd_p s_s'_def s_def, simp) apply (cut_tac s_s'_def s_def p_domC', simp) apply simp apply (simp only: i_def) apply (rule s_def) apply (cut_tac s_s'_def s_def p_def, simp) apply (cut_tac s_s'_def s_def sigma_def, simp) apply (rule s'_def) apply (cut_tac s_s'_def s'_def sigma'_def exec_i,simp) apply (cut_tac s_s'_def s'_def s_def e'_def, simp) apply (cut_tac s_s'_def s'_def p'_def, simp) apply (cut_tac p'_domC s_s'_def s'_def, simp) apply (cut_tac check_i i_def, simp) apply (cut_tac s_s'_def s'_def exec_i sigma'_def, simp) apply (simp add: P_def) done next case (Store n) from this show ?thesis apply - apply (rule_tac s="s" and C="C" and M="M" and pc="pc" and h="h" and stk="stk" and loc="loc" and frs="frs" and s'="s'" and fr'="fr'" and P="P" and An="snd \" in effS_wpF_Store) apply simp apply (rule wf_Pi) apply (cut_tac handlesEx_p s_s'_def s'_def, simp) apply (cut_tac cmd_p s_s'_def s_def, simp) apply (cut_tac s_s'_def s_def p_domC', simp) apply (simp only: i_def) apply (rule s_def) apply (cut_tac s_s'_def s_def p_def, simp) apply (cut_tac s_s'_def s_def sigma_def, simp) apply (rule s'_def) apply (cut_tac s_s'_def s'_def sigma'_def exec_i,simp) apply (cut_tac s_s'_def s'_def s_def e'_def, simp) apply (cut_tac s_s'_def s'_def p'_def, simp) apply (cut_tac check_i i_def, simp) apply (cut_tac s_s'_def s'_def exec_i sigma'_def, simp) apply (simp add: P_def) done next case (Push v) from this show ?thesis apply - apply (rule_tac s="s" and C="C" and M="M" and pc="pc" and h="h" and stk="stk" and loc="loc" and frs="frs" and s'="s'" and fr'="fr'" and P="P" and An="snd \" in effS_wpF_Push) apply simp apply (rule wf_Pi) apply (cut_tac handlesEx_p s_s'_def s'_def, simp) apply (cut_tac cmd_p s_s'_def s_def, simp) apply (cut_tac s_s'_def s_def p_domC', simp) apply (simp only: i_def) apply (rule s_def) apply (cut_tac s_s'_def s_def p_def, simp) apply (cut_tac s_s'_def s_def sigma_def, simp) apply (rule s'_def) apply (cut_tac s_s'_def s'_def sigma'_def exec_i,simp) apply (cut_tac s_s'_def s'_def s_def e'_def, simp) apply (cut_tac s_s'_def s'_def p'_def, simp) apply (cut_tac check_i i_def, simp) apply (cut_tac s_s'_def s'_def exec_i sigma'_def, simp) apply (simp add: P_def) done next case (New Cl) from this show ?thesis apply - apply (rule_tac s="s" and C="C" and M="M" and pc="pc" and Cl="Cl" and h="h" and h'="h'" and stk="stk" and loc="loc" and frs="frs" and s'="s'" and fr'="fr'" and P="P" and An="snd \" in effS_wpF_New) apply simp apply (rule wf_Pi) apply (cut_tac handlesEx_p s_s'_def s'_def, simp) apply (cut_tac cmd_p s_s'_def s_def, simp) apply (cut_tac s_s'_def s_def p_domC', simp) apply (simp only: i_def) apply (rule s_def) apply (cut_tac s_s'_def s_def p_def, simp) apply (cut_tac s_s'_def s_def sigma_def, simp) apply (rule s'_def) apply (cut_tac s_s'_def s'_def sigma'_def exec_i,simp) apply (cut_tac s_s'_def s'_def s_def e'_def, simp) apply (cut_tac s_s'_def s'_def p'_def, simp) apply (cut_tac check_i i_def, simp) apply (cut_tac s_s'_def s'_def exec_i sigma'_def, simp) apply (simp add: P_def) done next case (Getfield F Cl) from this show ?thesis apply - apply (rule_tac s="s" and C="C" and M="M" and pc="pc" and ?list1.0="F" and ?list2.0="Cl" and h'="h'" and h="h" and stk="stk" and loc="loc" and frs="frs" and s'="s'" and fr'="fr'" and P="P" and An="snd \" in effS_wpF_Getfield) apply simp apply (rule wf_Pi) apply (cut_tac handlesEx_p s_s'_def s'_def, simp) apply (cut_tac cmd_p s_s'_def s_def, simp) apply (cut_tac s_s'_def s_def p_domC', simp) apply (simp only: i_def) apply (rule s_def) apply (cut_tac s_s'_def s_def p_def, simp) apply (cut_tac s_s'_def s_def sigma_def, simp) apply (rule s'_def) apply (cut_tac s_s'_def s'_def sigma'_def exec_i,simp) apply (cut_tac s_s'_def s'_def s_def e'_def, simp) apply (cut_tac s_s'_def s'_def p'_def, simp) apply (cut_tac check_i i_def, simp) apply (cut_tac s_s'_def s'_def exec_i sigma'_def, simp) apply (simp add: P_def) done next case (Putfield F Cl) from this show ?thesis apply - apply (rule_tac s="s" and C="C" and M="M" and pc="pc" and ?list1.0="F" and ?list2.0="Cl" and h'="h'" and h="h" and stk="stk" and loc="loc" and frs="frs" and s'="s'" and fr'="fr'" and P="P" and An="snd \" in effS_wpF_Putfield) apply simp apply (rule wf_Pi) apply (cut_tac handlesEx_p s_s'_def s'_def, simp) apply (cut_tac cmd_p s_s'_def s_def, simp) apply (cut_tac s_s'_def s_def p_domC', simp) apply (simp only: i_def) apply (rule s_def) apply (cut_tac s_s'_def s_def p_def, simp) apply (cut_tac s_s'_def s_def sigma_def, simp) apply (rule s'_def) apply (cut_tac s_s'_def s'_def sigma'_def exec_i,simp) apply (cut_tac s_s'_def s'_def s_def e'_def, simp) apply (cut_tac s_s'_def s'_def p'_def, simp) apply (cut_tac check_i i_def, simp) apply (cut_tac s_s'_def s'_def exec_i sigma'_def, simp) apply (simp add: P_def) done next case (Checkcast Cl) from this show ?thesis apply - apply (rule_tac s="s" and C="C" and M="M" and pc="pc" and Cl="Cl" and h="h" and stk="stk" and loc="loc" and frs="frs" and s'="s'" and fr'="fr'" and P="P" and An="snd \" in effS_wpF_Checkcast) apply simp apply (rule wf_Pi) apply (cut_tac handlesEx_p s_s'_def s'_def, simp) apply (cut_tac cmd_p s_s'_def s_def, simp) apply (cut_tac s_s'_def s_def p_domC', simp) apply (simp only: i_def) apply (rule s_def) apply (cut_tac s_s'_def s_def p_def, simp) apply (cut_tac s_s'_def s_def sigma_def, simp) apply (rule s'_def) apply (cut_tac s_s'_def s'_def sigma'_def exec_i,simp) apply (cut_tac s_s'_def s'_def s_def e'_def, simp) apply (cut_tac s_s'_def s'_def p'_def, simp) apply (cut_tac check_i i_def, simp) apply (cut_tac s_s'_def s'_def exec_i sigma'_def, simp split add: split_if_asm) apply (simp add: P_def) done next case (Invoke Mn n) from this show ?thesis apply - apply (rule_tac s="s" and C="C" and M="M" and pc="pc" and Mn="Mn" and n="n" and h="h" and stk="stk" and loc="loc" and frs="frs" and s'="s'" and fr'="fr'" and P="P" and An="snd \" in effS_wpF_Invoke) apply simp apply (rule wf_Pi) apply (cut_tac handlesEx_p s_s'_def s'_def, simp) apply (cut_tac cmd_p s_s'_def s_def, simp) apply (cut_tac s_s'_def s_def p_domC', simp) apply (simp only: i_def) apply (rule s_def) apply (cut_tac s_s'_def s_def p_def, simp) apply (cut_tac s_s'_def s_def sigma_def, simp) apply (rule s'_def) apply (cut_tac s_s'_def s'_def sigma'_def exec_i,simp add: split_def) apply (cut_tac s_s'_def s'_def s_def e'_def, simp) apply (cut_tac s_s'_def s'_def p'_def, simp) apply (cut_tac check_i i_def, simp) apply (cut_tac s_s'_def s'_def exec_i sigma'_def, simp split add: split_if_asm) apply (simp add: P_def) apply (cut_tac s_s'_def s'_def p'_domC, simp) done next case Return from this show ?thesis apply - apply (rule_tac s="s" and C="C" and M="M" and pc="pc" and h="h" and stk="stk" and loc="loc" and frs="frs" and s'="s'" and fr'="fr'" and P="P" and An="snd \" in effS_wpF_Return) apply simp apply (rule wf_Pi) apply (cut_tac handlesEx_p s_s'_def s'_def, simp) apply (cut_tac cmd_p s_s'_def s_def, simp) apply (cut_tac s_s'_def s_def p_domC', simp) apply (simp only: i_def) apply (rule s_def) apply (cut_tac s_s'_def s_def p_def, simp) apply (cut_tac s_s'_def s_def sigma_def, simp) apply (rule s'_def) apply (cut_tac s_s'_def s'_def sigma'_def exec_i,simp add: split_def split add: split_if_asm) apply (cut_tac s_s'_def s'_def s_def e'_def, simp) apply (cut_tac s_s'_def s'_def p'_def, simp) apply (cut_tac check_i i_def, simp) apply (cut_tac s_s'_def s'_def exec_i sigma'_def, simp split add: split_if_asm) apply (simp add: P_def) apply (cut_tac Pos_p s_s'_def s_def, simp) done next case Pop from this show ?thesis apply - apply (rule_tac s="s" and C="C" and M="M" and pc="pc" and h="h" and stk="stk" and loc="loc" and frs="frs" and s'="s'" and fr'="fr'" and P="P" and An="snd \" in effS_wpF_Pop) apply simp apply (rule wf_Pi) apply (cut_tac handlesEx_p s_s'_def s'_def, simp) apply (cut_tac cmd_p s_s'_def s_def, simp) apply (cut_tac s_s'_def s_def p_domC', simp) apply (simp only: i_def) apply (rule s_def) apply (cut_tac s_s'_def s_def p_def, simp) apply (cut_tac s_s'_def s_def sigma_def, simp) apply (rule s'_def) apply (cut_tac s_s'_def s'_def sigma'_def exec_i,simp add: split_def split add: split_if_asm) apply (cut_tac s_s'_def s'_def s_def e'_def, simp) apply (cut_tac s_s'_def s'_def p'_def, simp) apply (cut_tac check_i i_def, simp) apply (cut_tac s_s'_def s'_def exec_i sigma'_def, simp split add: split_if_asm) apply (simp add: P_def) done next case IBin from this show ?thesis apply - apply (rule_tac s="s" and C="C" and M="M" and pc="pc" and h="h" and stk="stk" and loc="loc" and frs="frs" and s'="s'" and fr'="fr'" and P="P" and An="snd \" in effS_wpF_IBin) apply simp apply (rule wf_Pi) apply (cut_tac handlesEx_p s_s'_def s'_def, simp) apply (cut_tac cmd_p s_s'_def s_def, simp) apply (cut_tac s_s'_def s_def p_domC', simp) apply (simp only: i_def) apply (rule s_def) apply (cut_tac s_s'_def s_def p_def, simp) apply (cut_tac s_s'_def s_def sigma_def, simp) apply (rule s'_def) apply (cut_tac s_s'_def s'_def sigma'_def exec_i,simp add: split_def split add: split_if_asm) apply (cut_tac s_s'_def s'_def s_def e'_def, simp) apply (cut_tac s_s'_def s'_def p'_def, simp) apply (cut_tac check_i i_def, simp) apply (cut_tac s_s'_def s'_def exec_i sigma'_def, simp split add: split_if_asm) apply (simp add: P_def) done next case (Goto t) from this show ?thesis apply - apply (rule_tac s="s" and C="C" and M="M" and pc="pc" and t="t" and h="h" and stk="stk" and loc="loc" and frs="frs" and s'="s'" and fr'="fr'" and P="P" and An="snd \" in effS_wpF_Goto) apply simp apply (rule wf_Pi) apply (cut_tac handlesEx_p s_s'_def s'_def, simp) apply (cut_tac cmd_p s_s'_def s_def, simp) apply (cut_tac s_s'_def s_def p_domC', simp) apply (simp only: i_def) apply (rule s_def) apply (cut_tac s_s'_def s_def p_def, simp) apply (cut_tac s_s'_def s_def sigma_def, simp) apply (rule s'_def) apply (cut_tac s_s'_def s'_def sigma'_def exec_i,simp add: split_def split add: split_if_asm) apply (cut_tac s_s'_def s'_def s_def e'_def, simp) apply (cut_tac s_s'_def s'_def p'_def, simp) apply (cut_tac check_i i_def, simp) apply (cut_tac s_s'_def s'_def exec_i sigma'_def, simp split add: split_if_asm) apply (simp add: P_def) done next case CmpEq from this show ?thesis apply - apply (rule_tac s="s" and C="C" and M="M" and pc="pc" and h="h" and stk="stk" and loc="loc" and frs="frs" and s'="s'" and fr'="fr'" and P="P" and An="snd \" in effS_wpF_CmpEq) apply simp apply (rule wf_Pi) apply (cut_tac handlesEx_p s_s'_def s'_def, simp) apply (cut_tac cmd_p s_s'_def s_def, simp) apply (cut_tac s_s'_def s_def p_domC', simp) apply (simp only: i_def) apply (rule s_def) apply (cut_tac s_s'_def s_def p_def, simp) apply (cut_tac s_s'_def s_def sigma_def, simp) apply (rule s'_def) apply (cut_tac s_s'_def s'_def sigma'_def exec_i,simp add: split_def split add: split_if_asm) apply (cut_tac s_s'_def s'_def s_def e'_def, simp) apply (cut_tac s_s'_def s'_def p'_def, simp) apply (cut_tac check_i i_def, simp) apply (cut_tac s_s'_def s'_def exec_i sigma'_def, simp split add: split_if_asm) apply (simp add: P_def) done next case (IfIntCmp ro t) from this show ?thesis apply - apply (rule_tac s="s" and C="C" and M="M" and pc="pc" and t="t" and h="h" and stk="stk" and loc="loc" and frs="frs" and s'="s'" and fr'="fr'" and P="P" and An="snd \" in effS_wpF_IfIntCmp) apply simp apply (rule wf_Pi) apply (cut_tac handlesEx_p s_s'_def s'_def, simp) apply (cut_tac cmd_p s_s'_def s_def, simp) apply (cut_tac s_s'_def s_def p_domC', simp) apply (simp only: i_def) apply (rule s_def) apply (cut_tac s_s'_def s_def p_def, simp) apply (cut_tac s_s'_def s_def sigma_def, simp) apply (rule s'_def) apply (cut_tac s_s'_def s'_def sigma'_def exec_i,simp add: split_def split add: split_if_asm) apply (cut_tac s_s'_def s'_def s_def e'_def, simp) apply (cut_tac s_s'_def s'_def p'_def, simp) apply (cut_tac check_i i_def, simp) apply (cut_tac s_s'_def s'_def exec_i sigma'_def, simp split add: split_if_asm) apply (simp add: P_def) done next case (IfFalse t) from this show ?thesis apply - apply (rule_tac s="s" and C="C" and M="M" and pc="pc" and t="t" and h="h" and stk="stk" and loc="loc" and frs="frs" and s'="s'" and fr'="fr'" and P="P" and An="snd \" in effS_wpF_IfFalse) apply simp apply (rule wf_Pi) apply (cut_tac handlesEx_p s_s'_def s'_def, simp) apply (cut_tac cmd_p s_s'_def s_def, simp) apply (cut_tac s_s'_def s_def p_domC', simp) apply (simp only: i_def) apply (rule s_def) apply (cut_tac s_s'_def s_def p_def, simp) apply (cut_tac s_s'_def s_def sigma_def, simp) apply (rule s'_def) apply (cut_tac s_s'_def s'_def sigma'_def exec_i,simp add: split_def split add: split_if_asm) apply (cut_tac s_s'_def s'_def s_def e'_def, simp) apply (cut_tac s_s'_def s'_def p'_def, simp) apply (cut_tac check_i i_def, simp) apply (cut_tac s_s'_def s'_def exec_i sigma'_def, simp split add: split_if_asm) apply (simp add: P_def) done next case Throw from this exec_i s_s'_def s_def s'_def sigma_def sigma'_def show ?thesis apply - apply (simp split add: split_if_asm) done qed qed } qed (*>*) end