| author | wenzelm |
| Mon, 25 Feb 2002 20:48:14 +0100 | |
| changeset 12937 | 0c4fd7529467 |
| parent 12925 | 99131847fb93 |
| child 13337 | f75dfc606ac7 |
| permissions | -rw-r--r-- |
| 12857 | 1 |
(* Title: HOL/Bali/TypeSafe.thy |
| 12854 | 2 |
ID: $Id$ |
|
12925
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
3 |
Author: David von Oheimb and Norbert Schirmer |
| 12858 | 4 |
License: GPL (GNU GENERAL PUBLIC LICENSE) |
| 12854 | 5 |
*) |
6 |
header {* The type soundness proof for Java *}
|
|
7 |
||
|
12925
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
8 |
theory TypeSafe = Eval + WellForm + Conform: |
| 12854 | 9 |
|
|
12925
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
10 |
section "error free" |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
11 |
|
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
12 |
lemma error_free_halloc: |
|
12937
0c4fd7529467
clarified syntax of ``long'' statements: fixes/assumes/shows;
wenzelm
parents:
12925
diff
changeset
|
13 |
assumes halloc: "G\<turnstile>s0 \<midarrow>halloc oi\<succ>a\<rightarrow> s1" and |
|
12925
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
14 |
error_free_s0: "error_free s0" |
|
12937
0c4fd7529467
clarified syntax of ``long'' statements: fixes/assumes/shows;
wenzelm
parents:
12925
diff
changeset
|
15 |
shows "error_free s1" |
|
12925
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
16 |
proof - |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
17 |
from halloc error_free_s0 |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
18 |
obtain abrupt0 store0 abrupt1 store1 |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
19 |
where eqs: "s0=(abrupt0,store0)" "s1=(abrupt1,store1)" and |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
20 |
halloc': "G\<turnstile>(abrupt0,store0) \<midarrow>halloc oi\<succ>a\<rightarrow> (abrupt1,store1)" and |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
21 |
error_free_s0': "error_free (abrupt0,store0)" |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
22 |
by (cases s0,cases s1) auto |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
23 |
from halloc' error_free_s0' |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
24 |
have "error_free (abrupt1,store1)" |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
25 |
proof (induct) |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
26 |
case Abrupt |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
27 |
then show ?case |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
28 |
. |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
29 |
next |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
30 |
case New |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
31 |
then show ?case |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
32 |
by (auto split: split_if_asm) |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
33 |
qed |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
34 |
with eqs |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
35 |
show ?thesis |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
36 |
by simp |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
37 |
qed |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
38 |
|
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
39 |
lemma error_free_sxalloc: |
|
12937
0c4fd7529467
clarified syntax of ``long'' statements: fixes/assumes/shows;
wenzelm
parents:
12925
diff
changeset
|
40 |
assumes sxalloc: "G\<turnstile>s0 \<midarrow>sxalloc\<rightarrow> s1" and error_free_s0: "error_free s0" |
|
0c4fd7529467
clarified syntax of ``long'' statements: fixes/assumes/shows;
wenzelm
parents:
12925
diff
changeset
|
41 |
shows "error_free s1" |
|
12925
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
42 |
proof - |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
43 |
from sxalloc error_free_s0 |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
44 |
obtain abrupt0 store0 abrupt1 store1 |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
45 |
where eqs: "s0=(abrupt0,store0)" "s1=(abrupt1,store1)" and |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
46 |
sxalloc': "G\<turnstile>(abrupt0,store0) \<midarrow>sxalloc\<rightarrow> (abrupt1,store1)" and |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
47 |
error_free_s0': "error_free (abrupt0,store0)" |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
48 |
by (cases s0,cases s1) auto |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
49 |
from sxalloc' error_free_s0' |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
50 |
have "error_free (abrupt1,store1)" |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
51 |
proof (induct) |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
52 |
qed (auto) |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
53 |
with eqs |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
54 |
show ?thesis |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
55 |
by simp |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
56 |
qed |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
57 |
|
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
58 |
lemma error_free_check_field_access_eq: |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
59 |
"error_free (check_field_access G accC statDeclC fn stat a s) |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
60 |
\<Longrightarrow> (check_field_access G accC statDeclC fn stat a s) = s" |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
61 |
apply (cases s) |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
62 |
apply (auto simp add: check_field_access_def Let_def error_free_def |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
63 |
abrupt_if_def |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
64 |
split: split_if_asm) |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
65 |
done |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
66 |
|
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
67 |
lemma error_free_check_method_access_eq: |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
68 |
"error_free (check_method_access G accC statT mode sig a' s) |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
69 |
\<Longrightarrow> (check_method_access G accC statT mode sig a' s) = s" |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
70 |
apply (cases s) |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
71 |
apply (auto simp add: check_method_access_def Let_def error_free_def |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
72 |
abrupt_if_def |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
73 |
split: split_if_asm) |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
74 |
done |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
75 |
|
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
76 |
lemma error_free_FVar_lemma: |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
77 |
"error_free s |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
78 |
\<Longrightarrow> error_free (abupd (if stat then id else np a) s)" |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
79 |
by (case_tac s) (auto split: split_if) |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
80 |
|
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
81 |
lemma error_free_init_lvars [simp,intro]: |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
82 |
"error_free s \<Longrightarrow> |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
83 |
error_free (init_lvars G C sig mode a pvs s)" |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
84 |
by (cases s) (auto simp add: init_lvars_def Let_def split: split_if) |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
85 |
|
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
86 |
lemma error_free_LVar_lemma: |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
87 |
"error_free s \<Longrightarrow> error_free (assign (\<lambda>v. supd lupd(vn\<mapsto>v)) w s)" |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
88 |
by (cases s) simp |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
89 |
|
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
90 |
lemma error_free_throw [simp,intro]: |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
91 |
"error_free s \<Longrightarrow> error_free (abupd (throw x) s)" |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
92 |
by (cases s) (simp add: throw_def) |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
93 |
|
| 12854 | 94 |
|
95 |
section "result conformance" |
|
96 |
||
97 |
constdefs |
|
98 |
assign_conforms :: "st \<Rightarrow> (val \<Rightarrow> state \<Rightarrow> state) \<Rightarrow> ty \<Rightarrow> env_ \<Rightarrow> bool" |
|
99 |
("_\<le>|_\<preceq>_\<Colon>\<preceq>_" [71,71,71,71] 70)
|
|
|
12925
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
100 |
"s\<le>|f\<preceq>T\<Colon>\<preceq>E \<equiv> |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
101 |
(\<forall>s' w. Norm s'\<Colon>\<preceq>E \<longrightarrow> fst E,s'\<turnstile>w\<Colon>\<preceq>T \<longrightarrow> s\<le>|s' \<longrightarrow> assign f w (Norm s')\<Colon>\<preceq>E) \<and> |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
102 |
(\<forall>s' w. error_free s' \<longrightarrow> (error_free (assign f w s')))" |
| 12854 | 103 |
|
104 |
rconf :: "prog \<Rightarrow> lenv \<Rightarrow> st \<Rightarrow> term \<Rightarrow> vals \<Rightarrow> tys \<Rightarrow> bool" |
|
105 |
("_,_,_\<turnstile>_\<succ>_\<Colon>\<preceq>_" [71,71,71,71,71,71] 70)
|
|
106 |
"G,L,s\<turnstile>t\<succ>v\<Colon>\<preceq>T |
|
107 |
\<equiv> case T of |
|
108 |
Inl T \<Rightarrow> if (\<exists>vf. t=In2 vf) |
|
109 |
then G,s\<turnstile>fst (the_In2 v)\<Colon>\<preceq>T \<and> s\<le>|snd (the_In2 v)\<preceq>T\<Colon>\<preceq>(G,L) |
|
110 |
else G,s\<turnstile>the_In1 v\<Colon>\<preceq>T |
|
111 |
| Inr Ts \<Rightarrow> list_all2 (conf G s) (the_In3 v) Ts" |
|
112 |
||
113 |
lemma rconf_In1 [simp]: |
|
114 |
"G,L,s\<turnstile>In1 ec\<succ>In1 v \<Colon>\<preceq>Inl T = G,s\<turnstile>v\<Colon>\<preceq>T" |
|
115 |
apply (unfold rconf_def) |
|
116 |
apply (simp (no_asm)) |
|
117 |
done |
|
118 |
||
119 |
lemma rconf_In2 [simp]: |
|
120 |
"G,L,s\<turnstile>In2 va\<succ>In2 vf\<Colon>\<preceq>Inl T = (G,s\<turnstile>fst vf\<Colon>\<preceq>T \<and> s\<le>|snd vf\<preceq>T\<Colon>\<preceq>(G,L))" |
|
121 |
apply (unfold rconf_def) |
|
122 |
apply (simp (no_asm)) |
|
123 |
done |
|
124 |
||
125 |
lemma rconf_In3 [simp]: |
|
126 |
"G,L,s\<turnstile>In3 es\<succ>In3 vs\<Colon>\<preceq>Inr Ts = list_all2 (\<lambda>v T. G,s\<turnstile>v\<Colon>\<preceq>T) vs Ts" |
|
127 |
apply (unfold rconf_def) |
|
128 |
apply (simp (no_asm)) |
|
129 |
done |
|
130 |
||
131 |
section "fits and conf" |
|
132 |
||
133 |
(* unused *) |
|
134 |
lemma conf_fits: "G,s\<turnstile>v\<Colon>\<preceq>T \<Longrightarrow> G,s\<turnstile>v fits T" |
|
135 |
apply (unfold fits_def) |
|
136 |
apply clarify |
|
137 |
apply (erule swap, simp (no_asm_use)) |
|
138 |
apply (drule conf_RefTD) |
|
139 |
apply auto |
|
140 |
done |
|
141 |
||
142 |
lemma fits_conf: |
|
143 |
"\<lbrakk>G,s\<turnstile>v\<Colon>\<preceq>T; G\<turnstile>T\<preceq>? T'; G,s\<turnstile>v fits T'; ws_prog G\<rbrakk> \<Longrightarrow> G,s\<turnstile>v\<Colon>\<preceq>T'" |
|
144 |
apply (auto dest!: fitsD cast_PrimT2 cast_RefT2) |
|
145 |
apply (force dest: conf_RefTD intro: conf_AddrI) |
|
146 |
done |
|
147 |
||
148 |
lemma fits_Array: |
|
149 |
"\<lbrakk>G,s\<turnstile>v\<Colon>\<preceq>T; G\<turnstile>T'.[]\<preceq>T.[]; G,s\<turnstile>v fits T'; ws_prog G\<rbrakk> \<Longrightarrow> G,s\<turnstile>v\<Colon>\<preceq>T'" |
|
150 |
apply (auto dest!: fitsD widen_ArrayPrimT widen_ArrayRefT) |
|
151 |
apply (force dest: conf_RefTD intro: conf_AddrI) |
|
152 |
done |
|
153 |
||
154 |
||
155 |
||
156 |
section "gext" |
|
157 |
||
158 |
lemma halloc_gext: "\<And>s1 s2. G\<turnstile>s1 \<midarrow>halloc oi\<succ>a\<rightarrow> s2 \<Longrightarrow> snd s1\<le>|snd s2" |
|
159 |
apply (simp (no_asm_simp) only: split_tupled_all) |
|
160 |
apply (erule halloc.induct) |
|
161 |
apply (auto dest!: new_AddrD) |
|
162 |
done |
|
163 |
||
164 |
lemma sxalloc_gext: "\<And>s1 s2. G\<turnstile>s1 \<midarrow>sxalloc\<rightarrow> s2 \<Longrightarrow> snd s1\<le>|snd s2" |
|
165 |
apply (simp (no_asm_simp) only: split_tupled_all) |
|
166 |
apply (erule sxalloc.induct) |
|
167 |
apply (auto dest!: halloc_gext) |
|
168 |
done |
|
169 |
||
170 |
lemma eval_gext_lemma [rule_format (no_asm)]: |
|
171 |
"G\<turnstile>s \<midarrow>t\<succ>\<rightarrow> (w,s') \<Longrightarrow> snd s\<le>|snd s' \<and> (case w of |
|
172 |
In1 v \<Rightarrow> True |
|
173 |
| In2 vf \<Rightarrow> normal s \<longrightarrow> (\<forall>v x s. s\<le>|snd (assign (snd vf) v (x,s))) |
|
174 |
| In3 vs \<Rightarrow> True)" |
|
175 |
apply (erule eval_induct) |
|
176 |
prefer 24 |
|
177 |
apply (case_tac "inited C (globs s0)", clarsimp, erule thin_rl) (* Init *) |
|
178 |
apply (auto del: conjI dest!: not_initedD gext_new sxalloc_gext halloc_gext |
|
|
12925
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
179 |
simp add: lvar_def fvar_def2 avar_def2 init_lvars_def2 |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
180 |
check_field_access_def check_method_access_def Let_def |
| 12854 | 181 |
split del: split_if_asm split add: sum3.split) |
182 |
(* 6 subgoals *) |
|
183 |
apply force+ |
|
184 |
done |
|
185 |
||
186 |
lemma evar_gext_f: |
|
187 |
"G\<turnstile>Norm s1 \<midarrow>e=\<succ>vf \<rightarrow> s2 \<Longrightarrow> s\<le>|snd (assign (snd vf) v (x,s))" |
|
188 |
apply (drule eval_gext_lemma [THEN conjunct2]) |
|
189 |
apply auto |
|
190 |
done |
|
191 |
||
192 |
lemmas eval_gext = eval_gext_lemma [THEN conjunct1] |
|
193 |
||
194 |
lemma eval_gext': "G\<turnstile>(x1,s1) \<midarrow>t\<succ>\<rightarrow> (w,x2,s2) \<Longrightarrow> s1\<le>|s2" |
|
195 |
apply (drule eval_gext) |
|
196 |
apply auto |
|
197 |
done |
|
198 |
||
199 |
lemma init_yields_initd: "G\<turnstile>Norm s1 \<midarrow>Init C\<rightarrow> s2 \<Longrightarrow> initd C s2" |
|
200 |
apply (erule eval_cases , auto split del: split_if_asm) |
|
201 |
apply (case_tac "inited C (globs s1)") |
|
202 |
apply (clarsimp split del: split_if_asm)+ |
|
203 |
apply (drule eval_gext')+ |
|
204 |
apply (drule init_class_obj_inited) |
|
205 |
apply (erule inited_gext) |
|
206 |
apply (simp (no_asm_use)) |
|
207 |
done |
|
208 |
||
209 |
||
210 |
section "Lemmas" |
|
211 |
||
212 |
lemma obj_ty_obj_class1: |
|
213 |
"\<lbrakk>wf_prog G; is_type G (obj_ty obj)\<rbrakk> \<Longrightarrow> is_class G (obj_class obj)" |
|
214 |
apply (case_tac "tag obj") |
|
215 |
apply (auto simp add: obj_ty_def obj_class_def) |
|
216 |
done |
|
217 |
||
218 |
lemma oconf_init_obj: |
|
219 |
"\<lbrakk>wf_prog G; |
|
220 |
(case r of Heap a \<Rightarrow> is_type G (obj_ty obj) | Stat C \<Rightarrow> is_class G C) |
|
221 |
\<rbrakk> \<Longrightarrow> G,s\<turnstile>obj \<lparr>values:=init_vals (var_tys G (tag obj) r)\<rparr>\<Colon>\<preceq>\<surd>r" |
|
222 |
apply (auto intro!: oconf_init_obj_lemma unique_fields) |
|
223 |
done |
|
224 |
||
225 |
(* |
|
226 |
lemma obj_split: "P obj = (\<forall> oi vs. obj = \<lparr>tag=oi,values=vs\<rparr> \<longrightarrow> ?P \<lparr>tag=oi,values=vs\<rparr>)" |
|
227 |
apply auto |
|
228 |
apply (case_tac "obj") |
|
229 |
apply auto |
|
230 |
*) |
|
231 |
||
232 |
lemma conforms_newG: "\<lbrakk>globs s oref = None; (x, s)\<Colon>\<preceq>(G,L); |
|
233 |
wf_prog G; case oref of Heap a \<Rightarrow> is_type G (obj_ty \<lparr>tag=oi,values=vs\<rparr>) |
|
234 |
| Stat C \<Rightarrow> is_class G C\<rbrakk> \<Longrightarrow> |
|
235 |
(x, init_obj G oi oref s)\<Colon>\<preceq>(G, L)" |
|
236 |
apply (unfold init_obj_def) |
|
237 |
apply (auto elim!: conforms_gupd dest!: oconf_init_obj |
|
238 |
simp add: obj.update_defs) |
|
239 |
done |
|
240 |
||
241 |
lemma conforms_init_class_obj: |
|
242 |
"\<lbrakk>(x,s)\<Colon>\<preceq>(G, L); wf_prog G; class G C=Some y; \<not> inited C (globs s)\<rbrakk> \<Longrightarrow> |
|
243 |
(x,init_class_obj G C s)\<Colon>\<preceq>(G, L)" |
|
244 |
apply (rule not_initedD [THEN conforms_newG]) |
|
245 |
apply (auto) |
|
246 |
done |
|
247 |
||
248 |
||
249 |
lemma fst_init_lvars[simp]: |
|
250 |
"fst (init_lvars G C sig (invmode m e) a' pvs (x,s)) = |
|
|
12925
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
251 |
(if is_static m then x else (np a') x)" |
| 12854 | 252 |
apply (simp (no_asm) add: init_lvars_def2) |
253 |
done |
|
254 |
||
255 |
||
256 |
lemma halloc_conforms: "\<And>s1. \<lbrakk>G\<turnstile>s1 \<midarrow>halloc oi\<succ>a\<rightarrow> s2; wf_prog G; s1\<Colon>\<preceq>(G, L); |
|
257 |
is_type G (obj_ty \<lparr>tag=oi,values=fs\<rparr>)\<rbrakk> \<Longrightarrow> s2\<Colon>\<preceq>(G, L)" |
|
258 |
apply (simp (no_asm_simp) only: split_tupled_all) |
|
259 |
apply (case_tac "aa") |
|
260 |
apply (auto elim!: halloc_elim_cases dest!: new_AddrD |
|
261 |
intro!: conforms_newG [THEN conforms_xconf] conf_AddrI) |
|
262 |
done |
|
263 |
||
|
12925
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
264 |
lemma halloc_type_sound: |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
265 |
"\<And>s1. \<lbrakk>G\<turnstile>s1 \<midarrow>halloc oi\<succ>a\<rightarrow> (x,s); wf_prog G; s1\<Colon>\<preceq>(G, L); |
| 12854 | 266 |
T = obj_ty \<lparr>tag=oi,values=fs\<rparr>; is_type G T\<rbrakk> \<Longrightarrow> |
267 |
(x,s)\<Colon>\<preceq>(G, L) \<and> (x = None \<longrightarrow> G,s\<turnstile>Addr a\<Colon>\<preceq>T)" |
|
268 |
apply (auto elim!: halloc_conforms) |
|
269 |
apply (case_tac "aa") |
|
270 |
apply (subst obj_ty_eq) |
|
271 |
apply (auto elim!: halloc_elim_cases dest!: new_AddrD intro!: conf_AddrI) |
|
272 |
done |
|
273 |
||
274 |
lemma sxalloc_type_sound: |
|
275 |
"\<And>s1 s2. \<lbrakk>G\<turnstile>s1 \<midarrow>sxalloc\<rightarrow> s2; wf_prog G\<rbrakk> \<Longrightarrow> case fst s1 of |
|
276 |
None \<Rightarrow> s2 = s1 | Some x \<Rightarrow> |
|
277 |
(\<exists>a. fst s2 = Some(Xcpt (Loc a)) \<and> (\<forall>L. s1\<Colon>\<preceq>(G,L) \<longrightarrow> s2\<Colon>\<preceq>(G,L)))" |
|
278 |
apply (simp (no_asm_simp) only: split_tupled_all) |
|
279 |
apply (erule sxalloc.induct) |
|
280 |
apply auto |
|
281 |
apply (rule halloc_conforms [THEN conforms_xconf]) |
|
282 |
apply (auto elim!: halloc_elim_cases dest!: new_AddrD intro!: conf_AddrI) |
|
283 |
done |
|
284 |
||
285 |
lemma wt_init_comp_ty: |
|
286 |
"is_acc_type G (pid C) T \<Longrightarrow> \<lparr>prg=G,cls=C,lcl=L\<rparr>\<turnstile>init_comp_ty T\<Colon>\<surd>" |
|
287 |
apply (unfold init_comp_ty_def) |
|
288 |
apply (clarsimp simp add: accessible_in_RefT_simp |
|
289 |
is_acc_type_def is_acc_class_def) |
|
290 |
done |
|
291 |
||
292 |
||
293 |
declare fun_upd_same [simp] |
|
294 |
||
295 |
declare fun_upd_apply [simp del] |
|
296 |
||
297 |
||
298 |
constdefs |
|
299 |
DynT_prop::"[prog,inv_mode,qtname,ref_ty] \<Rightarrow> bool" |
|
300 |
("_\<turnstile>_\<rightarrow>_\<preceq>_"[71,71,71,71]70)
|
|
301 |
"G\<turnstile>mode\<rightarrow>D\<preceq>t \<equiv> mode = IntVir \<longrightarrow> is_class G D \<and> |
|
302 |
(if (\<exists>T. t=ArrayT T) then D=Object else G\<turnstile>Class D\<preceq>RefT t)" |
|
303 |
||
304 |
lemma DynT_propI: |
|
305 |
"\<lbrakk>(x,s)\<Colon>\<preceq>(G, L); G,s\<turnstile>a'\<Colon>\<preceq>RefT statT; wf_prog G; mode = IntVir \<longrightarrow> a' \<noteq> Null\<rbrakk> |
|
306 |
\<Longrightarrow> G\<turnstile>mode\<rightarrow>invocation_class mode s a' statT\<preceq>statT" |
|
307 |
proof (unfold DynT_prop_def) |
|
308 |
assume state_conform: "(x,s)\<Colon>\<preceq>(G, L)" |
|
309 |
and statT_a': "G,s\<turnstile>a'\<Colon>\<preceq>RefT statT" |
|
310 |
and wf: "wf_prog G" |
|
311 |
and mode: "mode = IntVir \<longrightarrow> a' \<noteq> Null" |
|
312 |
let ?invCls = "(invocation_class mode s a' statT)" |
|
313 |
let ?IntVir = "mode = IntVir" |
|
314 |
let ?Concl = "\<lambda>invCls. is_class G invCls \<and> |
|
315 |
(if \<exists>T. statT = ArrayT T |
|
316 |
then invCls = Object |
|
317 |
else G\<turnstile>Class invCls\<preceq>RefT statT)" |
|
318 |
show "?IntVir \<longrightarrow> ?Concl ?invCls" |
|
319 |
proof |
|
320 |
assume modeIntVir: ?IntVir |
|
321 |
with mode have not_Null: "a' \<noteq> Null" .. |
|
322 |
from statT_a' not_Null state_conform |
|
323 |
obtain a obj |
|
324 |
where obj_props: "a' = Addr a" "globs s (Inl a) = Some obj" |
|
325 |
"G\<turnstile>obj_ty obj\<preceq>RefT statT" "is_type G (obj_ty obj)" |
|
326 |
by (blast dest: conforms_RefTD) |
|
327 |
show "?Concl ?invCls" |
|
328 |
proof (cases "tag obj") |
|
329 |
case CInst |
|
330 |
with modeIntVir obj_props |
|
331 |
show ?thesis |
|
332 |
by (auto dest!: widen_Array2 split add: split_if) |
|
333 |
next |
|
334 |
case Arr |
|
335 |
from Arr obtain T where "obj_ty obj = T.[]" by (blast dest: obj_ty_Arr1) |
|
336 |
moreover from Arr have "obj_class obj = Object" |
|
337 |
by (blast dest: obj_class_Arr1) |
|
338 |
moreover note modeIntVir obj_props wf |
|
339 |
ultimately show ?thesis by (auto dest!: widen_Array ) |
|
340 |
qed |
|
341 |
qed |
|
342 |
qed |
|
343 |
||
344 |
lemma invocation_methd: |
|
345 |
"\<lbrakk>wf_prog G; statT \<noteq> NullT; |
|
346 |
(\<forall> statC. statT = ClassT statC \<longrightarrow> is_class G statC); |
|
347 |
(\<forall> I. statT = IfaceT I \<longrightarrow> is_iface G I \<and> mode \<noteq> SuperM); |
|
348 |
(\<forall> T. statT = ArrayT T \<longrightarrow> mode \<noteq> SuperM); |
|
349 |
G\<turnstile>mode\<rightarrow>invocation_class mode s a' statT\<preceq>statT; |
|
350 |
dynlookup G statT (invocation_class mode s a' statT) sig = Some m \<rbrakk> |
|
351 |
\<Longrightarrow> methd G (invocation_declclass G mode s a' statT sig) sig = Some m" |
|
352 |
proof - |
|
353 |
assume wf: "wf_prog G" |
|
354 |
and not_NullT: "statT \<noteq> NullT" |
|
355 |
and statC_prop: "(\<forall> statC. statT = ClassT statC \<longrightarrow> is_class G statC)" |
|
356 |
and statI_prop: "(\<forall> I. statT = IfaceT I \<longrightarrow> is_iface G I \<and> mode \<noteq> SuperM)" |
|
357 |
and statA_prop: "(\<forall> T. statT = ArrayT T \<longrightarrow> mode \<noteq> SuperM)" |
|
358 |
and invC_prop: "G\<turnstile>mode\<rightarrow>invocation_class mode s a' statT\<preceq>statT" |
|
359 |
and dynlookup: "dynlookup G statT (invocation_class mode s a' statT) sig |
|
360 |
= Some m" |
|
361 |
show ?thesis |
|
362 |
proof (cases statT) |
|
363 |
case NullT |
|
364 |
with not_NullT show ?thesis by simp |
|
365 |
next |
|
366 |
case IfaceT |
|
367 |
with statI_prop obtain I |
|
368 |
where statI: "statT = IfaceT I" and |
|
369 |
is_iface: "is_iface G I" and |
|
370 |
not_SuperM: "mode \<noteq> SuperM" by blast |
|
371 |
||
372 |
show ?thesis |
|
373 |
proof (cases mode) |
|
374 |
case Static |
|
375 |
with wf dynlookup statI is_iface |
|
376 |
show ?thesis |
|
377 |
by (auto simp add: invocation_declclass_def dynlookup_def |
|
378 |
dynimethd_def dynmethd_C_C |
|
379 |
intro: dynmethd_declclass |
|
380 |
dest!: wf_imethdsD |
|
381 |
dest: table_of_map_SomeI |
|
382 |
split: split_if_asm) |
|
383 |
next |
|
384 |
case SuperM |
|
385 |
with not_SuperM show ?thesis .. |
|
386 |
next |
|
387 |
case IntVir |
|
388 |
with wf dynlookup IfaceT invC_prop show ?thesis |
|
389 |
by (auto simp add: invocation_declclass_def dynlookup_def dynimethd_def |
|
390 |
DynT_prop_def |
|
391 |
intro: methd_declclass dynmethd_declclass |
|
392 |
split: split_if_asm) |
|
393 |
qed |
|
394 |
next |
|
395 |
case ClassT |
|
396 |
show ?thesis |
|
397 |
proof (cases mode) |
|
398 |
case Static |
|
399 |
with wf ClassT dynlookup statC_prop |
|
400 |
show ?thesis by (auto simp add: invocation_declclass_def dynlookup_def |
|
401 |
intro: dynmethd_declclass) |
|
402 |
next |
|
403 |
case SuperM |
|
404 |
with wf ClassT dynlookup statC_prop |
|
405 |
show ?thesis by (auto simp add: invocation_declclass_def dynlookup_def |
|
406 |
intro: dynmethd_declclass) |
|
407 |
next |
|
408 |
case IntVir |
|
409 |
with wf ClassT dynlookup statC_prop invC_prop |
|
410 |
show ?thesis |
|
411 |
by (auto simp add: invocation_declclass_def dynlookup_def dynimethd_def |
|
412 |
DynT_prop_def |
|
413 |
intro: dynmethd_declclass) |
|
414 |
qed |
|
415 |
next |
|
416 |
case ArrayT |
|
417 |
show ?thesis |
|
418 |
proof (cases mode) |
|
419 |
case Static |
|
420 |
with wf ArrayT dynlookup show ?thesis |
|
421 |
by (auto simp add: invocation_declclass_def dynlookup_def |
|
422 |
dynimethd_def dynmethd_C_C |
|
423 |
intro: dynmethd_declclass |
|
424 |
dest: table_of_map_SomeI) |
|
425 |
next |
|
426 |
case SuperM |
|
427 |
with ArrayT statA_prop show ?thesis by blast |
|
428 |
next |
|
429 |
case IntVir |
|
430 |
with wf ArrayT dynlookup invC_prop show ?thesis |
|
431 |
by (auto simp add: invocation_declclass_def dynlookup_def dynimethd_def |
|
432 |
DynT_prop_def dynmethd_C_C |
|
433 |
intro: dynmethd_declclass |
|
434 |
dest: table_of_map_SomeI) |
|
435 |
qed |
|
436 |
qed |
|
437 |
qed |
|
|
12925
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
438 |
|
| 12854 | 439 |
lemma DynT_mheadsD: |
|
12925
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
440 |
"\<lbrakk>G\<turnstile>invmode sm e\<rightarrow>invC\<preceq>statT; |
| 12854 | 441 |
wf_prog G; \<lparr>prg=G,cls=C,lcl=L\<rparr>\<turnstile>e\<Colon>-RefT statT; |
|
12925
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
442 |
(statDeclT,sm) \<in> mheads G C statT sig; |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
443 |
invC = invocation_class (invmode sm e) s a' statT; |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
444 |
declC =invocation_declclass G (invmode sm e) s a' statT sig |
| 12854 | 445 |
\<rbrakk> \<Longrightarrow> |
446 |
\<exists> dm. |
|
|
12925
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
447 |
methd G declC sig = Some dm \<and> dynlookup G statT invC sig = Some dm \<and> |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
448 |
G\<turnstile>resTy (mthd dm)\<preceq>resTy sm \<and> |
| 12854 | 449 |
wf_mdecl G declC (sig, mthd dm) \<and> |
450 |
declC = declclass dm \<and> |
|
451 |
is_static dm = is_static sm \<and> |
|
452 |
is_class G invC \<and> is_class G declC \<and> G\<turnstile>invC\<preceq>\<^sub>C declC \<and> |
|
|
12925
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
453 |
(if invmode sm e = IntVir |
| 12854 | 454 |
then (\<forall> statC. statT=ClassT statC \<longrightarrow> G\<turnstile>invC \<preceq>\<^sub>C statC) |
455 |
else ( (\<exists> statC. statT=ClassT statC \<and> G\<turnstile>statC\<preceq>\<^sub>C declC) |
|
456 |
\<or> (\<forall> statC. statT\<noteq>ClassT statC \<and> declC=Object)) \<and> |
|
|
12925
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
457 |
statDeclT = ClassT (declclass dm))" |
| 12854 | 458 |
proof - |
|
12925
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
459 |
assume invC_prop: "G\<turnstile>invmode sm e\<rightarrow>invC\<preceq>statT" |
| 12854 | 460 |
and wf: "wf_prog G" |
461 |
and wt_e: "\<lparr>prg=G,cls=C,lcl=L\<rparr>\<turnstile>e\<Colon>-RefT statT" |
|
|
12925
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
462 |
and sm: "(statDeclT,sm) \<in> mheads G C statT sig" |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
463 |
and invC: "invC = invocation_class (invmode sm e) s a' statT" |
| 12854 | 464 |
and declC: "declC = |
|
12925
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
465 |
invocation_declclass G (invmode sm e) s a' statT sig" |
| 12854 | 466 |
from wt_e wf have type_statT: "is_type G (RefT statT)" |
467 |
by (auto dest: ty_expr_is_type) |
|
468 |
from sm have not_Null: "statT \<noteq> NullT" by auto |
|
469 |
from type_statT |
|
470 |
have wf_C: "(\<forall> statC. statT = ClassT statC \<longrightarrow> is_class G statC)" |
|
471 |
by (auto) |
|
472 |
from type_statT wt_e |
|
473 |
have wf_I: "(\<forall>I. statT = IfaceT I \<longrightarrow> is_iface G I \<and> |
|
|
12925
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
474 |
invmode sm e \<noteq> SuperM)" |
| 12854 | 475 |
by (auto dest: invocationTypeExpr_noClassD) |
476 |
from wt_e |
|
|
12925
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
477 |
have wf_A: "(\<forall> T. statT = ArrayT T \<longrightarrow> invmode sm e \<noteq> SuperM)" |
| 12854 | 478 |
by (auto dest: invocationTypeExpr_noClassD) |
479 |
show ?thesis |
|
|
12925
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
480 |
proof (cases "invmode sm e = IntVir") |
| 12854 | 481 |
case True |
482 |
with invC_prop not_Null |
|
483 |
have invC_prop': " is_class G invC \<and> |
|
484 |
(if (\<exists>T. statT=ArrayT T) then invC=Object |
|
485 |
else G\<turnstile>Class invC\<preceq>RefT statT)" |
|
486 |
by (auto simp add: DynT_prop_def) |
|
487 |
from True |
|
488 |
have "\<not> is_static sm" |
|
|
12925
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
489 |
by (simp add: invmode_IntVir_eq member_is_static_simp) |
| 12854 | 490 |
with invC_prop' not_Null |
491 |
have "G,statT \<turnstile> invC valid_lookup_cls_for (is_static sm)" |
|
492 |
by (cases statT) auto |
|
493 |
with sm wf type_statT obtain dm where |
|
494 |
dm: "dynlookup G statT invC sig = Some dm" and |
|
|
12925
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
495 |
resT_dm: "G\<turnstile>resTy (mthd dm)\<preceq>resTy sm" and |
| 12854 | 496 |
static: "is_static dm = is_static sm" |
|
12925
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
497 |
by - (drule dynamic_mheadsD,force+) |
| 12854 | 498 |
with declC invC not_Null |
499 |
have declC': "declC = (declclass dm)" |
|
500 |
by (auto simp add: invocation_declclass_def) |
|
501 |
with wf invC declC not_Null wf_C wf_I wf_A invC_prop dm |
|
502 |
have dm': "methd G declC sig = Some dm" |
|
503 |
by - (drule invocation_methd,auto) |
|
504 |
from wf dm invC_prop' declC' type_statT |
|
505 |
have declC_prop: "G\<turnstile>invC \<preceq>\<^sub>C declC \<and> is_class G declC" |
|
506 |
by (auto dest: dynlookup_declC) |
|
507 |
from wf dm' declC_prop declC' |
|
508 |
have wf_dm: "wf_mdecl G declC (sig,(mthd dm))" |
|
509 |
by (auto dest: methd_wf_mdecl) |
|
510 |
from invC_prop' |
|
511 |
have statC_prop: "(\<forall> statC. statT=ClassT statC \<longrightarrow> G\<turnstile>invC \<preceq>\<^sub>C statC)" |
|
512 |
by auto |
|
513 |
from True dm' resT_dm wf_dm invC_prop' declC_prop statC_prop declC' static |
|
|
12925
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
514 |
dm |
| 12854 | 515 |
show ?thesis by auto |
516 |
next |
|
517 |
case False |
|
518 |
with type_statT wf invC not_Null wf_I wf_A |
|
519 |
have invC_prop': "is_class G invC \<and> |
|
520 |
((\<exists> statC. statT=ClassT statC \<and> invC=statC) \<or> |
|
|
12925
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
521 |
(\<forall> statC. statT\<noteq>ClassT statC \<and> invC=Object))" |
| 12854 | 522 |
by (case_tac "statT") (auto simp add: invocation_class_def |
523 |
split: inv_mode.splits) |
|
524 |
with not_Null wf |
|
525 |
have dynlookup_static: "dynlookup G statT invC sig = methd G invC sig" |
|
526 |
by (case_tac "statT") (auto simp add: dynlookup_def dynmethd_C_C |
|
527 |
dynimethd_def) |
|
528 |
from sm wf wt_e not_Null False invC_prop' obtain "dm" where |
|
529 |
dm: "methd G invC sig = Some dm" and |
|
|
12925
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
530 |
eq_declC_sm_dm:"statDeclT = ClassT (declclass dm)" and |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
531 |
eq_mheads:"sm=mhead (mthd dm) " |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
532 |
by - (drule static_mheadsD, (force dest: accmethd_SomeD)+) |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
533 |
then have static: "is_static dm = is_static sm" by - (auto) |
| 12854 | 534 |
with declC invC dynlookup_static dm |
535 |
have declC': "declC = (declclass dm)" |
|
536 |
by (auto simp add: invocation_declclass_def) |
|
537 |
from invC_prop' wf declC' dm |
|
538 |
have dm': "methd G declC sig = Some dm" |
|
539 |
by (auto intro: methd_declclass) |
|
|
12925
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
540 |
from dynlookup_static dm |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
541 |
have dm'': "dynlookup G statT invC sig = Some dm" |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
542 |
by simp |
| 12854 | 543 |
from wf dm invC_prop' declC' type_statT |
544 |
have declC_prop: "G\<turnstile>invC \<preceq>\<^sub>C declC \<and> is_class G declC" |
|
545 |
by (auto dest: methd_declC ) |
|
546 |
then have declC_prop1: "invC=Object \<longrightarrow> declC=Object" by auto |
|
547 |
from wf dm' declC_prop declC' |
|
548 |
have wf_dm: "wf_mdecl G declC (sig,(mthd dm))" |
|
549 |
by (auto dest: methd_wf_mdecl) |
|
550 |
from invC_prop' declC_prop declC_prop1 |
|
551 |
have statC_prop: "( (\<exists> statC. statT=ClassT statC \<and> G\<turnstile>statC\<preceq>\<^sub>C declC) |
|
552 |
\<or> (\<forall> statC. statT\<noteq>ClassT statC \<and> declC=Object))" |
|
553 |
by auto |
|
|
12925
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
554 |
from False dm' dm'' wf_dm invC_prop' declC_prop statC_prop declC' |
| 12854 | 555 |
eq_declC_sm_dm eq_mheads static |
556 |
show ?thesis by auto |
|
557 |
qed |
|
|
12925
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
558 |
qed |
| 12854 | 559 |
|
560 |
lemma DynT_conf: "\<lbrakk>G\<turnstile>invocation_class mode s a' statT \<preceq>\<^sub>C declC; wf_prog G; |
|
561 |
isrtype G (statT); |
|
562 |
G,s\<turnstile>a'\<Colon>\<preceq>RefT statT; mode = IntVir \<longrightarrow> a' \<noteq> Null; |
|
563 |
mode \<noteq> IntVir \<longrightarrow> (\<exists> statC. statT=ClassT statC \<and> G\<turnstile>statC\<preceq>\<^sub>C declC) |
|
564 |
\<or> (\<forall> statC. statT\<noteq>ClassT statC \<and> declC=Object)\<rbrakk> |
|
565 |
\<Longrightarrow>G,s\<turnstile>a'\<Colon>\<preceq> Class declC" |
|
566 |
apply (case_tac "mode = IntVir") |
|
567 |
apply (drule conf_RefTD) |
|
568 |
apply (force intro!: conf_AddrI |
|
569 |
simp add: obj_class_def split add: obj_tag.split_asm) |
|
570 |
apply clarsimp |
|
571 |
apply safe |
|
572 |
apply (erule (1) widen.subcls [THEN conf_widen]) |
|
573 |
apply (erule wf_ws_prog) |
|
574 |
||
575 |
apply (frule widen_Object) apply (erule wf_ws_prog) |
|
576 |
apply (erule (1) conf_widen) apply (erule wf_ws_prog) |
|
577 |
done |
|
578 |
||
|
12925
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
579 |
lemma Ass_lemma: |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
580 |
"\<lbrakk> G\<turnstile>Norm s0 \<midarrow>var=\<succ>(w, f)\<rightarrow> Norm s1; G\<turnstile>Norm s1 \<midarrow>e-\<succ>v\<rightarrow> Norm s2; |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
581 |
G,s2\<turnstile>v\<Colon>\<preceq>eT;s1\<le>|s2 \<longrightarrow> assign f v (Norm s2)\<Colon>\<preceq>(G, L)\<rbrakk> |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
582 |
\<Longrightarrow> assign f v (Norm s2)\<Colon>\<preceq>(G, L) \<and> |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
583 |
(normal (assign f v (Norm s2)) \<longrightarrow> G,store (assign f v (Norm s2))\<turnstile>v\<Colon>\<preceq>eT)" |
| 12854 | 584 |
apply (drule_tac x = "None" and s = "s2" and v = "v" in evar_gext_f) |
585 |
apply (drule eval_gext', clarsimp) |
|
586 |
apply (erule conf_gext) |
|
587 |
apply simp |
|
588 |
done |
|
589 |
||
590 |
lemma Throw_lemma: "\<lbrakk>G\<turnstile>tn\<preceq>\<^sub>C SXcpt Throwable; wf_prog G; (x1,s1)\<Colon>\<preceq>(G, L); |
|
591 |
x1 = None \<longrightarrow> G,s1\<turnstile>a'\<Colon>\<preceq> Class tn\<rbrakk> \<Longrightarrow> (throw a' x1, s1)\<Colon>\<preceq>(G, L)" |
|
592 |
apply (auto split add: split_abrupt_if simp add: throw_def2) |
|
593 |
apply (erule conforms_xconf) |
|
594 |
apply (frule conf_RefTD) |
|
595 |
apply (auto elim: widen.subcls [THEN conf_widen]) |
|
596 |
done |
|
597 |
||
598 |
lemma Try_lemma: "\<lbrakk>G\<turnstile>obj_ty (the (globs s1' (Heap a)))\<preceq> Class tn; |
|
599 |
(Some (Xcpt (Loc a)), s1')\<Colon>\<preceq>(G, L); wf_prog G\<rbrakk> |
|
600 |
\<Longrightarrow> Norm (lupd(vn\<mapsto>Addr a) s1')\<Colon>\<preceq>(G, L(vn\<mapsto>Class tn))" |
|
601 |
apply (rule conforms_allocL) |
|
602 |
apply (erule conforms_NormI) |
|
603 |
apply (drule conforms_XcptLocD [THEN conf_RefTD],rule HOL.refl) |
|
604 |
apply (auto intro!: conf_AddrI) |
|
605 |
done |
|
606 |
||
607 |
lemma Fin_lemma: |
|
608 |
"\<lbrakk>G\<turnstile>Norm s1 \<midarrow>c2\<rightarrow> (x2,s2); wf_prog G; (Some a, s1)\<Colon>\<preceq>(G, L); (x2,s2)\<Colon>\<preceq>(G, L)\<rbrakk> |
|
609 |
\<Longrightarrow> (abrupt_if True (Some a) x2, s2)\<Colon>\<preceq>(G, L)" |
|
610 |
apply (force elim: eval_gext' conforms_xgext split add: split_abrupt_if) |
|
611 |
done |
|
612 |
||
|
12925
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
613 |
lemma FVar_lemma1: |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
614 |
"\<lbrakk>table_of (DeclConcepts.fields G statC) (fn, statDeclC) = Some f ; |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
615 |
x2 = None \<longrightarrow> G,s2\<turnstile>a\<Colon>\<preceq> Class statC; wf_prog G; G\<turnstile>statC\<preceq>\<^sub>C statDeclC; |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
616 |
statDeclC \<noteq> Object; |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
617 |
class G statDeclC = Some y; (x2,s2)\<Colon>\<preceq>(G, L); s1\<le>|s2; |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
618 |
inited statDeclC (globs s1); |
| 12854 | 619 |
(if static f then id else np a) x2 = None\<rbrakk> |
620 |
\<Longrightarrow> |
|
|
12925
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
621 |
\<exists>obj. globs s2 (if static f then Inr statDeclC else Inl (the_Addr a)) |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
622 |
= Some obj \<and> |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
623 |
var_tys G (tag obj) (if static f then Inr statDeclC else Inl(the_Addr a)) |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
624 |
(Inl(fn,statDeclC)) = Some (type f)" |
| 12854 | 625 |
apply (drule initedD) |
626 |
apply (frule subcls_is_class2, simp (no_asm_simp)) |
|
627 |
apply (case_tac "static f") |
|
628 |
apply clarsimp |
|
629 |
apply (drule (1) rev_gext_objD, clarsimp) |
|
630 |
apply (frule fields_declC, erule wf_ws_prog, simp (no_asm_simp)) |
|
631 |
apply (rule var_tys_Some_eq [THEN iffD2]) |
|
632 |
apply clarsimp |
|
633 |
apply (erule fields_table_SomeI, simp (no_asm)) |
|
634 |
apply clarsimp |
|
635 |
apply (drule conf_RefTD, clarsimp, rule var_tys_Some_eq [THEN iffD2]) |
|
636 |
apply (auto dest!: widen_Array split add: obj_tag.split) |
|
637 |
apply (rotate_tac -1) (* to front: tag obja = CInst pid_field_type to enable |
|
638 |
conditional rewrite *) |
|
639 |
apply (rule fields_table_SomeI) |
|
640 |
apply (auto elim!: fields_mono subcls_is_class2) |
|
641 |
done |
|
642 |
||
|
12925
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
643 |
lemma FVar_lemma2: "error_free state |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
644 |
\<Longrightarrow> error_free |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
645 |
(assign |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
646 |
(\<lambda>v. supd |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
647 |
(upd_gobj |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
648 |
(if static field then Inr statDeclC |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
649 |
else Inl (the_Addr a)) |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
650 |
(Inl (fn, statDeclC)) v)) |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
651 |
w state)" |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
652 |
proof - |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
653 |
assume error_free: "error_free state" |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
654 |
obtain a s where "state=(a,s)" |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
655 |
by (cases state) simp |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
656 |
with error_free |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
657 |
show ?thesis |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
658 |
by (cases a) auto |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
659 |
qed |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
660 |
|
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
661 |
declare split_paired_All [simp del] split_paired_Ex [simp del] |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
662 |
declare split_if [split del] split_if_asm [split del] |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
663 |
option.split [split del] option.split_asm [split del] |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
664 |
ML_setup {*
|
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
665 |
simpset_ref() := simpset() delloop "split_all_tac"; |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
666 |
claset_ref () := claset () delSWrapper "split_all_tac" |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
667 |
*} |
| 12854 | 668 |
lemma FVar_lemma: |
|
12925
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
669 |
"\<lbrakk>((v, f), Norm s2') = fvar statDeclC (static field) fn a (x2, s2); |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
670 |
G\<turnstile>statC\<preceq>\<^sub>C statDeclC; |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
671 |
table_of (DeclConcepts.fields G statC) (fn, statDeclC) = Some field; |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
672 |
wf_prog G; |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
673 |
x2 = None \<longrightarrow> G,s2\<turnstile>a\<Colon>\<preceq>Class statC; |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
674 |
statDeclC \<noteq> Object; class G statDeclC = Some y; |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
675 |
(x2, s2)\<Colon>\<preceq>(G, L); s1\<le>|s2; inited statDeclC (globs s1)\<rbrakk> \<Longrightarrow> |
| 12854 | 676 |
G,s2'\<turnstile>v\<Colon>\<preceq>type field \<and> s2'\<le>|f\<preceq>type field\<Colon>\<preceq>(G, L)" |
677 |
apply (unfold assign_conforms_def) |
|
678 |
apply (drule sym) |
|
679 |
apply (clarsimp simp add: fvar_def2) |
|
680 |
apply (drule (9) FVar_lemma1) |
|
681 |
apply (clarsimp) |
|
682 |
apply (drule (2) conforms_globsD [THEN oconf_lconf, THEN lconfD]) |
|
683 |
apply clarsimp |
|
|
12925
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
684 |
apply (rule conjI) |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
685 |
apply clarsimp |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
686 |
apply (drule (1) rev_gext_objD) |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
687 |
apply (force elim!: conforms_upd_gobj) |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
688 |
|
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
689 |
apply (blast intro: FVar_lemma2) |
| 12854 | 690 |
done |
|
12925
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
691 |
declare split_paired_All [simp] split_paired_Ex [simp] |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
692 |
declare split_if [split] split_if_asm [split] |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
693 |
option.split [split] option.split_asm [split] |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
694 |
ML_setup {*
|
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
695 |
claset_ref() := claset() addSbefore ("split_all_tac", split_all_tac);
|
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
696 |
simpset_ref() := simpset() addloop ("split_all_tac", split_all_tac)
|
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
697 |
*} |
| 12854 | 698 |
|
699 |
||
700 |
lemma AVar_lemma1: "\<lbrakk>globs s (Inl a) = Some obj;tag obj=Arr ty i; |
|
701 |
the_Intg i' in_bounds i; wf_prog G; G\<turnstile>ty.[]\<preceq>Tb.[]; Norm s\<Colon>\<preceq>(G, L) |
|
702 |
\<rbrakk> \<Longrightarrow> G,s\<turnstile>the ((values obj) (Inr (the_Intg i')))\<Colon>\<preceq>Tb" |
|
703 |
apply (erule widen_Array_Array [THEN conf_widen]) |
|
704 |
apply (erule_tac [2] wf_ws_prog) |
|
705 |
apply (drule (1) conforms_globsD [THEN oconf_lconf, THEN lconfD]) |
|
706 |
defer apply assumption |
|
707 |
apply (force intro: var_tys_Some_eq [THEN iffD2]) |
|
708 |
done |
|
709 |
||
710 |
lemma obj_split: "\<And> obj. \<exists> t vs. obj = \<lparr>tag=t,values=vs\<rparr>" |
|
711 |
proof record_split |
|
712 |
fix tag values more |
|
713 |
show "\<exists>t vs. \<lparr>tag = tag, values = values, \<dots> = more\<rparr> = \<lparr>tag = t, values = vs\<rparr>" |
|
714 |
by auto |
|
715 |
qed |
|
716 |
||
|
12925
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
717 |
lemma AVar_lemma2: "error_free state |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
718 |
\<Longrightarrow> error_free |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
719 |
(assign |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
720 |
(\<lambda>v (x, s'). |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
721 |
((raise_if (\<not> G,s'\<turnstile>v fits T) ArrStore) x, |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
722 |
upd_gobj (Inl a) (Inr (the_Intg i)) v s')) |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
723 |
w state)" |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
724 |
proof - |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
725 |
assume error_free: "error_free state" |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
726 |
obtain a s where "state=(a,s)" |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
727 |
by (cases state) simp |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
728 |
with error_free |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
729 |
show ?thesis |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
730 |
by (cases a) auto |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
731 |
qed |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
732 |
|
| 12854 | 733 |
lemma AVar_lemma: "\<lbrakk>wf_prog G; G\<turnstile>(x1, s1) \<midarrow>e2-\<succ>i\<rightarrow> (x2, s2); |
734 |
((v,f), Norm s2') = avar G i a (x2, s2); x1 = None \<longrightarrow> G,s1\<turnstile>a\<Colon>\<preceq>Ta.[]; |
|
735 |
(x2, s2)\<Colon>\<preceq>(G, L); s1\<le>|s2\<rbrakk> \<Longrightarrow> G,s2'\<turnstile>v\<Colon>\<preceq>Ta \<and> s2'\<le>|f\<preceq>Ta\<Colon>\<preceq>(G, L)" |
|
736 |
apply (unfold assign_conforms_def) |
|
737 |
apply (drule sym) |
|
738 |
apply (clarsimp simp add: avar_def2) |
|
739 |
apply (drule (1) conf_gext) |
|
740 |
apply (drule conf_RefTD, clarsimp) |
|
741 |
apply (subgoal_tac "\<exists> t vs. obj = \<lparr>tag=t,values=vs\<rparr>") |
|
742 |
defer |
|
743 |
apply (rule obj_split) |
|
744 |
apply clarify |
|
745 |
apply (frule obj_ty_widenD) |
|
746 |
apply (auto dest!: widen_Class) |
|
|
12925
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
747 |
apply (force dest: AVar_lemma1) |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
748 |
|
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
749 |
apply (force elim!: fits_Array dest: gext_objD |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
750 |
intro: var_tys_Some_eq [THEN iffD2] conforms_upd_gobj) |
| 12854 | 751 |
done |
752 |
||
|
12925
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
753 |
section "Call" |
| 12854 | 754 |
|
755 |
lemma conforms_init_lvars_lemma: "\<lbrakk>wf_prog G; |
|
756 |
wf_mhead G P sig mh; |
|
757 |
Ball (set lvars) (split (\<lambda>vn. is_type G)); |
|
758 |
list_all2 (conf G s) pvs pTsa; G\<turnstile>pTsa[\<preceq>](parTs sig)\<rbrakk> \<Longrightarrow> |
|
759 |
G,s\<turnstile>init_vals (table_of lvars)(pars mh[\<mapsto>]pvs) |
|
760 |
[\<Colon>\<preceq>]table_of lvars(pars mh[\<mapsto>]parTs sig)" |
|
761 |
apply (unfold wf_mhead_def) |
|
762 |
apply clarify |
|
763 |
apply (erule (2) Ball_set_table [THEN lconf_init_vals, THEN lconf_ext_list]) |
|
764 |
apply (drule wf_ws_prog) |
|
765 |
apply (erule (2) conf_list_widen) |
|
766 |
done |
|
767 |
||
768 |
||
769 |
lemma lconf_map_lname [simp]: |
|
770 |
"G,s\<turnstile>(lname_case l1 l2)[\<Colon>\<preceq>](lname_case L1 L2) |
|
771 |
= |
|
772 |
(G,s\<turnstile>l1[\<Colon>\<preceq>]L1 \<and> G,s\<turnstile>(\<lambda>x::unit . l2)[\<Colon>\<preceq>](\<lambda>x::unit. L2))" |
|
773 |
apply (unfold lconf_def) |
|
774 |
apply safe |
|
775 |
apply (case_tac "n") |
|
776 |
apply (force split add: lname.split)+ |
|
777 |
done |
|
778 |
||
779 |
lemma lconf_map_ename [simp]: |
|
780 |
"G,s\<turnstile>(ename_case l1 l2)[\<Colon>\<preceq>](ename_case L1 L2) |
|
781 |
= |
|
782 |
(G,s\<turnstile>l1[\<Colon>\<preceq>]L1 \<and> G,s\<turnstile>(\<lambda>x::unit. l2)[\<Colon>\<preceq>](\<lambda>x::unit. L2))" |
|
783 |
apply (unfold lconf_def) |
|
784 |
apply safe |
|
785 |
apply (force split add: ename.split)+ |
|
786 |
done |
|
787 |
||
788 |
||
789 |
lemma defval_conf1 [rule_format (no_asm), elim]: |
|
790 |
"is_type G T \<longrightarrow> (\<exists>v\<in>Some (default_val T): G,s\<turnstile>v\<Colon>\<preceq>T)" |
|
791 |
apply (unfold conf_def) |
|
792 |
apply (induct "T") |
|
793 |
apply (auto intro: prim_ty.induct) |
|
794 |
done |
|
795 |
||
|
12925
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
796 |
declare split_paired_All [simp del] split_paired_Ex [simp del] |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
797 |
declare split_if [split del] split_if_asm [split del] |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
798 |
option.split [split del] option.split_asm [split del] |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
799 |
ML_setup {*
|
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
800 |
simpset_ref() := simpset() delloop "split_all_tac"; |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
801 |
claset_ref () := claset () delSWrapper "split_all_tac" |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
802 |
*} |
| 12854 | 803 |
lemma conforms_init_lvars: |
804 |
"\<lbrakk>wf_mhead G (pid declC) sig (mhead (mthd dm)); wf_prog G; |
|
805 |
list_all2 (conf G s) pvs pTsa; G\<turnstile>pTsa[\<preceq>](parTs sig); |
|
806 |
(x, s)\<Colon>\<preceq>(G, L); |
|
807 |
methd G declC sig = Some dm; |
|
808 |
isrtype G statT; |
|
809 |
G\<turnstile>invC\<preceq>\<^sub>C declC; |
|
810 |
G,s\<turnstile>a'\<Colon>\<preceq>RefT statT; |
|
811 |
invmode (mhd sm) e = IntVir \<longrightarrow> a' \<noteq> Null; |
|
812 |
invmode (mhd sm) e \<noteq> IntVir \<longrightarrow> |
|
813 |
(\<exists> statC. statT=ClassT statC \<and> G\<turnstile>statC\<preceq>\<^sub>C declC) |
|
814 |
\<or> (\<forall> statC. statT\<noteq>ClassT statC \<and> declC=Object); |
|
815 |
invC = invocation_class (invmode (mhd sm) e) s a' statT; |
|
816 |
declC = invocation_declclass G (invmode (mhd sm) e) s a' statT sig; |
|
817 |
Ball (set (lcls (mbody (mthd dm)))) |
|
818 |
(split (\<lambda>vn. is_type G)) |
|
819 |
\<rbrakk> \<Longrightarrow> |
|
820 |
init_lvars G declC sig (invmode (mhd sm) e) a' |
|
821 |
pvs (x,s)\<Colon>\<preceq>(G,\<lambda> k. |
|
822 |
(case k of |
|
823 |
EName e \<Rightarrow> (case e of |
|
824 |
VNam v |
|
825 |
\<Rightarrow> (table_of (lcls (mbody (mthd dm))) |
|
826 |
(pars (mthd dm)[\<mapsto>]parTs sig)) v |
|
827 |
| Res \<Rightarrow> Some (resTy (mthd dm))) |
|
|
12925
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
828 |
| This \<Rightarrow> if (is_static (mthd sm)) |
| 12854 | 829 |
then None else Some (Class declC)))" |
830 |
apply (simp add: init_lvars_def2) |
|
831 |
apply (rule conforms_set_locals) |
|
832 |
apply (simp (no_asm_simp) split add: split_if) |
|
833 |
apply (drule (4) DynT_conf) |
|
834 |
apply clarsimp |
|
835 |
(* apply intro *) |
|
836 |
apply (drule (4) conforms_init_lvars_lemma) |
|
837 |
apply (case_tac "dm",simp) |
|
838 |
apply (rule conjI) |
|
839 |
apply (unfold lconf_def, clarify) |
|
840 |
apply (rule defval_conf1) |
|
841 |
apply (clarsimp simp add: wf_mhead_def is_acc_type_def) |
|
842 |
apply (case_tac "is_static sm") |
|
843 |
apply simp_all |
|
844 |
done |
|
|
12925
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
845 |
declare split_paired_All [simp] split_paired_Ex [simp] |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
846 |
declare split_if [split] split_if_asm [split] |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
847 |
option.split [split] option.split_asm [split] |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
848 |
ML_setup {*
|
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
849 |
claset_ref() := claset() addSbefore ("split_all_tac", split_all_tac);
|
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
850 |
simpset_ref() := simpset() addloop ("split_all_tac", split_all_tac)
|
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
851 |
*} |
| 12854 | 852 |
|
853 |
||
854 |
||
855 |
subsection "accessibility" |
|
856 |
||
|
12925
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
857 |
|
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
858 |
(* #### stat raus und gleich is_static f schreiben *) |
| 12854 | 859 |
theorem dynamic_field_access_ok: |
|
12937
0c4fd7529467
clarified syntax of ``long'' statements: fixes/assumes/shows;
wenzelm
parents:
12925
diff
changeset
|
860 |
assumes wf: "wf_prog G" and |
|
0c4fd7529467
clarified syntax of ``long'' statements: fixes/assumes/shows;
wenzelm
parents:
12925
diff
changeset
|
861 |
not_Null: "\<not> stat \<longrightarrow> a\<noteq>Null" and |
|
0c4fd7529467
clarified syntax of ``long'' statements: fixes/assumes/shows;
wenzelm
parents:
12925
diff
changeset
|
862 |
conform_a: "G,(store s)\<turnstile>a\<Colon>\<preceq> Class statC" and |
|
0c4fd7529467
clarified syntax of ``long'' statements: fixes/assumes/shows;
wenzelm
parents:
12925
diff
changeset
|
863 |
conform_s: "s\<Colon>\<preceq>(G, L)" and |
|
0c4fd7529467
clarified syntax of ``long'' statements: fixes/assumes/shows;
wenzelm
parents:
12925
diff
changeset
|
864 |
normal_s: "normal s" and |
|
0c4fd7529467
clarified syntax of ``long'' statements: fixes/assumes/shows;
wenzelm
parents:
12925
diff
changeset
|
865 |
wt_e: "\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile>e\<Colon>-Class statC" and |
|
0c4fd7529467
clarified syntax of ``long'' statements: fixes/assumes/shows;
wenzelm
parents:
12925
diff
changeset
|
866 |
f: "accfield G accC statC fn = Some f" and |
|
0c4fd7529467
clarified syntax of ``long'' statements: fixes/assumes/shows;
wenzelm
parents:
12925
diff
changeset
|
867 |
dynC: "if stat then dynC=declclass f |
|
0c4fd7529467
clarified syntax of ``long'' statements: fixes/assumes/shows;
wenzelm
parents:
12925
diff
changeset
|
868 |
else dynC=obj_class (lookup_obj (store s) a)" and |
|
0c4fd7529467
clarified syntax of ``long'' statements: fixes/assumes/shows;
wenzelm
parents:
12925
diff
changeset
|
869 |
stat: "if stat then (is_static f) else (\<not> is_static f)" |
|
0c4fd7529467
clarified syntax of ``long'' statements: fixes/assumes/shows;
wenzelm
parents:
12925
diff
changeset
|
870 |
shows "table_of (DeclConcepts.fields G dynC) (fn,declclass f) = Some (fld f) \<and> |
| 12854 | 871 |
G\<turnstile>Field fn f in dynC dyn_accessible_from accC" |
872 |
proof (cases "stat") |
|
873 |
case True |
|
|
12925
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
874 |
with stat have static: "(is_static f)" by simp |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
875 |
from True dynC |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
876 |
have dynC': "dynC=declclass f" by simp |
| 12854 | 877 |
with f |
|
12925
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
878 |
have "table_of (DeclConcepts.fields G statC) (fn,declclass f) = Some (fld f)" |
| 12854 | 879 |
by (auto simp add: accfield_def Let_def intro!: table_of_remap_SomeD) |
|
12925
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
880 |
moreover |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
881 |
from wt_e wf have "is_class G statC" |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
882 |
by (auto dest!: ty_expr_is_type) |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
883 |
moreover note wf dynC' |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
884 |
ultimately have |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
885 |
"table_of (DeclConcepts.fields G dynC) (fn,declclass f) = Some (fld f)" |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
886 |
by (auto dest: fields_declC) |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
887 |
with dynC' f static wf |
| 12854 | 888 |
show ?thesis |
|
12925
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
889 |
by (auto dest: static_to_dynamic_accessible_from_static |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
890 |
dest!: accfield_accessibleD ) |
| 12854 | 891 |
next |
892 |
case False |
|
|
12925
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
893 |
with wf conform_a not_Null conform_s dynC |
| 12854 | 894 |
obtain subclseq: "G\<turnstile>dynC \<preceq>\<^sub>C statC" and |
895 |
"is_class G dynC" |
|
|
12925
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
896 |
by (auto dest!: conforms_RefTD [of _ _ _ _ "(fst s)" L] |
| 12854 | 897 |
dest: obj_ty_obj_class1 |
898 |
simp add: obj_ty_obj_class ) |
|
899 |
with wf f |
|
900 |
have "table_of (DeclConcepts.fields G dynC) (fn,declclass f) = Some (fld f)" |
|
901 |
by (auto simp add: accfield_def Let_def |
|
902 |
dest: fields_mono |
|
903 |
dest!: table_of_remap_SomeD) |
|
904 |
moreover |
|
905 |
from f subclseq |
|
906 |
have "G\<turnstile>Field fn f in dynC dyn_accessible_from accC" |
|
907 |
by (auto intro!: static_to_dynamic_accessible_from |
|
908 |
dest: accfield_accessibleD) |
|
909 |
ultimately show ?thesis |
|
910 |
by blast |
|
911 |
qed |
|
912 |
||
|
12925
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
913 |
(* |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
914 |
theorem dynamic_field_access_ok: |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
915 |
(assumes wf: "wf_prog G" and |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
916 |
not_Null: "\<not> is_static f \<longrightarrow> a\<noteq>Null" and |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
917 |
conform_a: "G,(store s)\<turnstile>a\<Colon>\<preceq> Class statC" and |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
918 |
conform_s: "s\<Colon>\<preceq>(G, L)" and |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
919 |
normal_s: "normal s" and |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
920 |
wt_e: "\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile>e\<Colon>-Class statC" and |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
921 |
f: "accfield G accC statC fn = Some f" and |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
922 |
dynC: "if is_static f |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
923 |
then dynC=declclass f |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
924 |
else dynC=obj_class (lookup_obj (store s) a)" |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
925 |
) "table_of (DeclConcepts.fields G dynC) (fn,declclass f) = Some (fld f) \<and> |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
926 |
G\<turnstile>Field fn f in dynC dyn_accessible_from accC" |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
927 |
proof (cases "is_static f") |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
928 |
case True |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
929 |
from True dynC |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
930 |
have dynC': "dynC=declclass f" by simp |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
931 |
with f |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
932 |
have "table_of (DeclConcepts.fields G statC) (fn,declclass f) = Some (fld f)" |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
933 |
by (auto simp add: accfield_def Let_def intro!: table_of_remap_SomeD) |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
934 |
moreover |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
935 |
from wt_e wf have "is_class G statC" |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
936 |
by (auto dest!: ty_expr_is_type) |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
937 |
moreover note wf dynC' |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
938 |
ultimately have |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
939 |
"table_of (DeclConcepts.fields G dynC) (fn,declclass f) = Some (fld f)" |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
940 |
by (auto dest: fields_declC) |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
941 |
with dynC' f True wf |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
942 |
show ?thesis |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
943 |
by (auto dest: static_to_dynamic_accessible_from_static |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
944 |
dest!: accfield_accessibleD ) |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
945 |
next |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
946 |
case False |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
947 |
with wf conform_a not_Null conform_s dynC |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
948 |
obtain subclseq: "G\<turnstile>dynC \<preceq>\<^sub>C statC" and |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
949 |
"is_class G dynC" |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
950 |
by (auto dest!: conforms_RefTD [of _ _ _ _ "(fst s)" L] |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
951 |
dest: obj_ty_obj_class1 |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
952 |
simp add: obj_ty_obj_class ) |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
953 |
with wf f |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
954 |
have "table_of (DeclConcepts.fields G dynC) (fn,declclass f) = Some (fld f)" |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
955 |
by (auto simp add: accfield_def Let_def |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
956 |
dest: fields_mono |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
957 |
dest!: table_of_remap_SomeD) |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
958 |
moreover |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
959 |
from f subclseq |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
960 |
have "G\<turnstile>Field fn f in dynC dyn_accessible_from accC" |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
961 |
by (auto intro!: static_to_dynamic_accessible_from |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
962 |
dest: accfield_accessibleD) |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
963 |
ultimately show ?thesis |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
964 |
by blast |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
965 |
qed |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
966 |
*) |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
967 |
|
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
968 |
|
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
969 |
(* ### Einsetzen in case FVar des TypeSoundness Proofs *) |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
970 |
(* |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
971 |
lemma FVar_check_error_free: |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
972 |
(assumes fvar: "(v, s2') = fvar statDeclC stat fn a s2" and |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
973 |
check: "s3 = check_field_access G accC statDeclC fn stat a s2'" and |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
974 |
conf_a: "normal s2 \<longrightarrow> G,store s2\<turnstile>a\<Colon>\<preceq>Class statC" and |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
975 |
conf_s2: "s2\<Colon>\<preceq>(G, L)" and |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
976 |
initd_statDeclC_s2: "initd statDeclC s2" and |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
977 |
wt_e: "\<lparr>prg=G, cls=accC, lcl=L\<rparr>\<turnstile>e\<Colon>-Class statC" and |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
978 |
accfield: "accfield G accC statC fn = Some (statDeclC,f)" and |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
979 |
stat: "stat=is_static f" and |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
980 |
wf: "wf_prog G" |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
981 |
) "s3=s2'" |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
982 |
proof - |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
983 |
from fvar |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
984 |
have store_s2': "store s2'=store s2" |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
985 |
by (cases s2) (simp add: fvar_def2) |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
986 |
with fvar conf_s2 |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
987 |
have conf_s2': "s2'\<Colon>\<preceq>(G, L)" |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
988 |
by (cases s2,cases stat) (auto simp add: fvar_def2) |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
989 |
from initd_statDeclC_s2 store_s2' |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
990 |
have initd_statDeclC_s2': "initd statDeclC s2" |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
991 |
by simp |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
992 |
show ?thesis |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
993 |
proof (cases "normal s2'") |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
994 |
case False |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
995 |
with check show ?thesis |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
996 |
by (auto simp add: check_field_access_def Let_def) |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
997 |
next |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
998 |
case True |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
999 |
with fvar store_s2' |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1000 |
have not_Null: "\<not> stat \<longrightarrow> a\<noteq>Null" |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1001 |
by (cases s2) (auto simp add: fvar_def2) |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1002 |
from True fvar store_s2' |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1003 |
have "normal s2" |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1004 |
by (cases s2,cases stat) (auto simp add: fvar_def2) |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1005 |
with conf_a store_s2' |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1006 |
have conf_a': "G,store s2'\<turnstile>a\<Colon>\<preceq>Class statC" |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1007 |
by simp |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1008 |
from conf_a' conf_s2' check True initd_statDeclC_s2' |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1009 |
dynamic_field_access_ok [OF wf not_Null conf_a' conf_s2' |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1010 |
True wt_e accfield ] stat |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1011 |
show ?thesis |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1012 |
by (cases stat) |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1013 |
(auto dest!: initedD |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1014 |
simp add: check_field_access_def Let_def) |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1015 |
qed |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1016 |
qed |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1017 |
*) |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1018 |
|
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1019 |
lemma error_free_field_access: |
|
12937
0c4fd7529467
clarified syntax of ``long'' statements: fixes/assumes/shows;
wenzelm
parents:
12925
diff
changeset
|
1020 |
assumes accfield: "accfield G accC statC fn = Some (statDeclC, f)" and |
|
12925
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1021 |
wt_e: "\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>e\<Colon>-Class statC" and |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1022 |
eval_init: "G\<turnstile>Norm s0 \<midarrow>Init statDeclC\<rightarrow> s1" and |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1023 |
eval_e: "G\<turnstile>s1 \<midarrow>e-\<succ>a\<rightarrow> s2" and |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1024 |
conf_s2: "s2\<Colon>\<preceq>(G, L)" and |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1025 |
conf_a: "normal s2 \<Longrightarrow> G, store s2\<turnstile>a\<Colon>\<preceq>Class statC" and |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1026 |
fvar: "(v,s2')=fvar statDeclC (is_static f) fn a s2" and |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1027 |
wf: "wf_prog G" |
|
12937
0c4fd7529467
clarified syntax of ``long'' statements: fixes/assumes/shows;
wenzelm
parents:
12925
diff
changeset
|
1028 |
shows "check_field_access G accC statDeclC fn (is_static f) a s2' = s2'" |
|
12925
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1029 |
proof - |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1030 |
from fvar |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1031 |
have store_s2': "store s2'=store s2" |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1032 |
by (cases s2) (simp add: fvar_def2) |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1033 |
with fvar conf_s2 |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1034 |
have conf_s2': "s2'\<Colon>\<preceq>(G, L)" |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1035 |
by (cases s2,cases "is_static f") (auto simp add: fvar_def2) |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1036 |
from eval_init |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1037 |
have initd_statDeclC_s1: "initd statDeclC s1" |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1038 |
by (rule init_yields_initd) |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1039 |
with eval_e store_s2' |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1040 |
have initd_statDeclC_s2': "initd statDeclC s2'" |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1041 |
by (auto dest: eval_gext intro: inited_gext) |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1042 |
show ?thesis |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1043 |
proof (cases "normal s2'") |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1044 |
case False |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1045 |
then show ?thesis |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1046 |
by (auto simp add: check_field_access_def Let_def) |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1047 |
next |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1048 |
case True |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1049 |
with fvar store_s2' |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1050 |
have not_Null: "\<not> (is_static f) \<longrightarrow> a\<noteq>Null" |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1051 |
by (cases s2) (auto simp add: fvar_def2) |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1052 |
from True fvar store_s2' |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1053 |
have "normal s2" |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1054 |
by (cases s2,cases "is_static f") (auto simp add: fvar_def2) |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1055 |
with conf_a store_s2' |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1056 |
have conf_a': "G,store s2'\<turnstile>a\<Colon>\<preceq>Class statC" |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1057 |
by simp |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1058 |
from conf_a' conf_s2' True initd_statDeclC_s2' |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1059 |
dynamic_field_access_ok [OF wf not_Null conf_a' conf_s2' |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1060 |
True wt_e accfield ] |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1061 |
show ?thesis |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1062 |
by (cases "is_static f") |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1063 |
(auto dest!: initedD |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1064 |
simp add: check_field_access_def Let_def) |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1065 |
qed |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1066 |
qed |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1067 |
|
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1068 |
lemma call_access_ok: |
|
12937
0c4fd7529467
clarified syntax of ``long'' statements: fixes/assumes/shows;
wenzelm
parents:
12925
diff
changeset
|
1069 |
assumes invC_prop: "G\<turnstile>invmode statM e\<rightarrow>invC\<preceq>statT" |
|
0c4fd7529467
clarified syntax of ``long'' statements: fixes/assumes/shows;
wenzelm
parents:
12925
diff
changeset
|
1070 |
and wf: "wf_prog G" |
|
0c4fd7529467
clarified syntax of ``long'' statements: fixes/assumes/shows;
wenzelm
parents:
12925
diff
changeset
|
1071 |
and wt_e: "\<lparr>prg=G,cls=C,lcl=L\<rparr>\<turnstile>e\<Colon>-RefT statT" |
|
0c4fd7529467
clarified syntax of ``long'' statements: fixes/assumes/shows;
wenzelm
parents:
12925
diff
changeset
|
1072 |
and statM: "(statDeclT,statM) \<in> mheads G accC statT sig" |
|
0c4fd7529467
clarified syntax of ``long'' statements: fixes/assumes/shows;
wenzelm
parents:
12925
diff
changeset
|
1073 |
and invC: "invC = invocation_class (invmode statM e) s a statT" |
|
0c4fd7529467
clarified syntax of ``long'' statements: fixes/assumes/shows;
wenzelm
parents:
12925
diff
changeset
|
1074 |
shows "\<exists> dynM. dynlookup G statT invC sig = Some dynM \<and> |
| 12854 | 1075 |
G\<turnstile>Methd sig dynM in invC dyn_accessible_from accC" |
1076 |
proof - |
|
1077 |
from wt_e wf have type_statT: "is_type G (RefT statT)" |
|
1078 |
by (auto dest: ty_expr_is_type) |
|
1079 |
from statM have not_Null: "statT \<noteq> NullT" by auto |
|
1080 |
from type_statT wt_e |
|
1081 |
have wf_I: "(\<forall>I. statT = IfaceT I \<longrightarrow> is_iface G I \<and> |
|
|
12925
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1082 |
invmode statM e \<noteq> SuperM)" |
| 12854 | 1083 |
by (auto dest: invocationTypeExpr_noClassD) |
1084 |
from wt_e |
|
|
12925
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1085 |
have wf_A: "(\<forall> T. statT = ArrayT T \<longrightarrow> invmode statM e \<noteq> SuperM)" |
| 12854 | 1086 |
by (auto dest: invocationTypeExpr_noClassD) |
1087 |
show ?thesis |
|
|
12925
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1088 |
proof (cases "invmode statM e = IntVir") |
| 12854 | 1089 |
case True |
1090 |
with invC_prop not_Null |
|
1091 |
have invC_prop': "is_class G invC \<and> |
|
1092 |
(if (\<exists>T. statT=ArrayT T) then invC=Object |
|
1093 |
else G\<turnstile>Class invC\<preceq>RefT statT)" |
|
1094 |
by (auto simp add: DynT_prop_def) |
|
1095 |
with True not_Null |
|
1096 |
have "G,statT \<turnstile> invC valid_lookup_cls_for is_static statM" |
|
|
12925
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1097 |
by (cases statT) (auto simp add: invmode_def) |
| 12854 | 1098 |
with statM type_statT wf |
1099 |
show ?thesis |
|
1100 |
by - (rule dynlookup_access,auto) |
|
1101 |
next |
|
1102 |
case False |
|
1103 |
with type_statT wf invC not_Null wf_I wf_A |
|
1104 |
have invC_prop': " is_class G invC \<and> |
|
1105 |
((\<exists> statC. statT=ClassT statC \<and> invC=statC) \<or> |
|
1106 |
(\<forall> statC. statT\<noteq>ClassT statC \<and> invC=Object)) " |
|
1107 |
by (case_tac "statT") (auto simp add: invocation_class_def |
|
1108 |
split: inv_mode.splits) |
|
1109 |
with not_Null wf |
|
1110 |
have dynlookup_static: "dynlookup G statT invC sig = methd G invC sig" |
|
1111 |
by (case_tac "statT") (auto simp add: dynlookup_def dynmethd_C_C |
|
1112 |
dynimethd_def) |
|
1113 |
from statM wf wt_e not_Null False invC_prop' obtain dynM where |
|
1114 |
"accmethd G accC invC sig = Some dynM" |
|
1115 |
by (auto dest!: static_mheadsD) |
|
1116 |
from invC_prop' False not_Null wf_I |
|
1117 |
have "G,statT \<turnstile> invC valid_lookup_cls_for is_static statM" |
|
|
12925
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1118 |
by (cases statT) (auto simp add: invmode_def) |
| 12854 | 1119 |
with statM type_statT wf |
1120 |
show ?thesis |
|
1121 |
by - (rule dynlookup_access,auto) |
|
1122 |
qed |
|
1123 |
qed |
|
1124 |
||
|
12925
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1125 |
lemma error_free_call_access: |
|
12937
0c4fd7529467
clarified syntax of ``long'' statements: fixes/assumes/shows;
wenzelm
parents:
12925
diff
changeset
|
1126 |
assumes |
|
12925
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1127 |
eval_args: "G\<turnstile>s1 \<midarrow>args\<doteq>\<succ>vs\<rightarrow> s2" and |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1128 |
wt_e: "\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>e\<Colon>-(RefT statT)" and |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1129 |
statM: "max_spec G accC statT \<lparr>name = mn, parTs = pTs\<rparr> |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1130 |
= {((statDeclT, statM), pTs')}" and
|
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1131 |
conf_s2: "s2\<Colon>\<preceq>(G, L)" and |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1132 |
conf_a: "normal s1 \<Longrightarrow> G, store s1\<turnstile>a\<Colon>\<preceq>RefT statT" and |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1133 |
invProp: "normal s3 \<Longrightarrow> |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1134 |
G\<turnstile>invmode statM e\<rightarrow>invC\<preceq>statT" and |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1135 |
s3: "s3=init_lvars G invDeclC \<lparr>name = mn, parTs = pTs'\<rparr> |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1136 |
(invmode statM e) a vs s2" and |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1137 |
invC: "invC = invocation_class (invmode statM e) (store s2) a statT"and |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1138 |
invDeclC: "invDeclC = invocation_declclass G (invmode statM e) (store s2) |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1139 |
a statT \<lparr>name = mn, parTs = pTs'\<rparr>" and |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1140 |
wf: "wf_prog G" |
|
12937
0c4fd7529467
clarified syntax of ``long'' statements: fixes/assumes/shows;
wenzelm
parents:
12925
diff
changeset
|
1141 |
shows "check_method_access G accC statT (invmode statM e) \<lparr>name=mn,parTs=pTs'\<rparr> a s3 |
|
12925
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1142 |
= s3" |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1143 |
proof (cases "normal s2") |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1144 |
case False |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1145 |
with s3 |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1146 |
have "abrupt s3 = abrupt s2" |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1147 |
by (auto simp add: init_lvars_def2) |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1148 |
with False |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1149 |
show ?thesis |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1150 |
by (auto simp add: check_method_access_def Let_def) |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1151 |
next |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1152 |
case True |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1153 |
note normal_s2 = True |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1154 |
with eval_args |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1155 |
have normal_s1: "normal s1" |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1156 |
by (cases "normal s1") auto |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1157 |
with conf_a eval_args |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1158 |
have conf_a_s2: "G, store s2\<turnstile>a\<Colon>\<preceq>RefT statT" |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1159 |
by (auto dest: eval_gext intro: conf_gext) |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1160 |
show ?thesis |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1161 |
proof (cases "a=Null \<longrightarrow> (is_static statM)") |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1162 |
case False |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1163 |
then obtain "\<not> is_static statM" "a=Null" |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1164 |
by blast |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1165 |
with normal_s2 s3 |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1166 |
have "abrupt s3 = Some (Xcpt (Std NullPointer))" |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1167 |
by (auto simp add: init_lvars_def2) |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1168 |
then show ?thesis |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1169 |
by (auto simp add: check_method_access_def Let_def) |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1170 |
next |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1171 |
case True |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1172 |
from statM |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1173 |
obtain |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1174 |
statM': "(statDeclT,statM)\<in>mheads G accC statT \<lparr>name=mn,parTs=pTs'\<rparr>" |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1175 |
by (blast dest: max_spec2mheads) |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1176 |
from True normal_s2 s3 |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1177 |
have "normal s3" |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1178 |
by (auto simp add: init_lvars_def2) |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1179 |
then have "G\<turnstile>invmode statM e\<rightarrow>invC\<preceq>statT" |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1180 |
by (rule invProp) |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1181 |
with wt_e statM' wf invC |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1182 |
obtain dynM where |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1183 |
dynM: "dynlookup G statT invC \<lparr>name=mn,parTs=pTs'\<rparr> = Some dynM" and |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1184 |
acc_dynM: "G \<turnstile>Methd \<lparr>name=mn,parTs=pTs'\<rparr> dynM |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1185 |
in invC dyn_accessible_from accC" |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1186 |
by (force dest!: call_access_ok) |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1187 |
moreover |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1188 |
from s3 invC |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1189 |
have invC': "invC=(invocation_class (invmode statM e) (store s3) a statT)" |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1190 |
by (cases s2,cases "invmode statM e") |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1191 |
(simp add: init_lvars_def2 del: invmode_Static_eq)+ |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1192 |
ultimately |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1193 |
show ?thesis |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1194 |
by (auto simp add: check_method_access_def Let_def) |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1195 |
qed |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1196 |
qed |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1197 |
|
| 12854 | 1198 |
section "main proof of type safety" |
1199 |
||
|
12925
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1200 |
lemma eval_type_sound: |
|
12937
0c4fd7529467
clarified syntax of ``long'' statements: fixes/assumes/shows;
wenzelm
parents:
12925
diff
changeset
|
1201 |
assumes eval: "G\<turnstile>s0 \<midarrow>t\<succ>\<rightarrow> (v,s1)" and |
|
0c4fd7529467
clarified syntax of ``long'' statements: fixes/assumes/shows;
wenzelm
parents:
12925
diff
changeset
|
1202 |
wt: "\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile>t\<Colon>T" and |
|
0c4fd7529467
clarified syntax of ``long'' statements: fixes/assumes/shows;
wenzelm
parents:
12925
diff
changeset
|
1203 |
wf: "wf_prog G" and |
|
0c4fd7529467
clarified syntax of ``long'' statements: fixes/assumes/shows;
wenzelm
parents:
12925
diff
changeset
|
1204 |
conf_s0: "s0\<Colon>\<preceq>(G,L)" |
|
0c4fd7529467
clarified syntax of ``long'' statements: fixes/assumes/shows;
wenzelm
parents:
12925
diff
changeset
|
1205 |
shows "s1\<Colon>\<preceq>(G,L) \<and> (normal s1 \<longrightarrow> G,L,store s1\<turnstile>t\<succ>v\<Colon>\<preceq>T) \<and> |
|
12925
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1206 |
(error_free s0 = error_free s1)" |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1207 |
proof - |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1208 |
from eval |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1209 |
have "\<And> L accC T. \<lbrakk>s0\<Colon>\<preceq>(G,L);\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile>t\<Colon>T\<rbrakk> |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1210 |
\<Longrightarrow> s1\<Colon>\<preceq>(G,L) \<and> (normal s1 \<longrightarrow> G,L,store s1\<turnstile>t\<succ>v\<Colon>\<preceq>T) |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1211 |
\<and> (error_free s0 = error_free s1)" |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1212 |
(is "PROP ?TypeSafe s0 s1 t v" |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1213 |
is "\<And> L accC T. ?Conform L s0 \<Longrightarrow> ?WellTyped L accC T t |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1214 |
\<Longrightarrow> ?Conform L s1 \<and> ?ValueTyped L T s1 t v \<and> |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1215 |
?ErrorFree s0 s1") |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1216 |
proof (induct) |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1217 |
case (Abrupt s t xc L accC T) |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1218 |
have "(Some xc, s)\<Colon>\<preceq>(G,L)" . |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1219 |
then show "(Some xc, s)\<Colon>\<preceq>(G,L) \<and> |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1220 |
(normal (Some xc, s) |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1221 |
\<longrightarrow> G,L,store (Some xc,s)\<turnstile>t\<succ>arbitrary3 t\<Colon>\<preceq>T) \<and> |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1222 |
(error_free (Some xc, s) = error_free (Some xc, s))" |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1223 |
by (simp) |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1224 |
next |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1225 |
case (Skip s L accC T) |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1226 |
have "Norm s\<Colon>\<preceq>(G, L)" and |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1227 |
"\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>In1r Skip\<Colon>T" . |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1228 |
then show "Norm s\<Colon>\<preceq>(G, L) \<and> |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1229 |
(normal (Norm s) \<longrightarrow> G,L,store (Norm s)\<turnstile>In1r Skip\<succ>\<diamondsuit>\<Colon>\<preceq>T) \<and> |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1230 |
(error_free (Norm s) = error_free (Norm s))" |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1231 |
by (simp) |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1232 |
next |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1233 |
case (Expr e s0 s1 v L accC T) |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1234 |
have "G\<turnstile>Norm s0 \<midarrow>e-\<succ>v\<rightarrow> s1" . |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1235 |
have hyp: "PROP ?TypeSafe (Norm s0) s1 (In1l e) (In1 v)" . |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1236 |
have conf_s0: "Norm s0\<Colon>\<preceq>(G, L)" . |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1237 |
have wt: "\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>In1r (Expr e)\<Colon>T" . |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1238 |
then obtain eT |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1239 |
where "\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>In1l e\<Colon>eT" |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1240 |
by (rule wt_elim_cases) (blast) |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1241 |
with conf_s0 hyp |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1242 |
obtain "s1\<Colon>\<preceq>(G, L)" and "error_free s1" |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1243 |
by (blast) |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1244 |
with wt |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1245 |
show "s1\<Colon>\<preceq>(G, L) \<and> |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1246 |
(normal s1 \<longrightarrow> G,L,store s1\<turnstile>In1r (Expr e)\<succ>\<diamondsuit>\<Colon>\<preceq>T) \<and> |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1247 |
(error_free (Norm s0) = error_free s1)" |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1248 |
by (simp) |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1249 |
next |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1250 |
case (Lab c l s0 s1 L accC T) |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1251 |
have hyp: "PROP ?TypeSafe (Norm s0) s1 (In1r c) \<diamondsuit>" . |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1252 |
have conf_s0: "Norm s0\<Colon>\<preceq>(G, L)" . |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1253 |
have wt: "\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>In1r (l\<bullet> c)\<Colon>T" . |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1254 |
then have "\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>c\<Colon>\<surd>" |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1255 |
by (rule wt_elim_cases) (blast) |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1256 |
with conf_s0 hyp |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1257 |
obtain conf_s1: "s1\<Colon>\<preceq>(G, L)" and |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1258 |
error_free_s1: "error_free s1" |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1259 |
by (blast) |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1260 |
from conf_s1 have "abupd (absorb (Break l)) s1\<Colon>\<preceq>(G, L)" |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1261 |
by (cases s1) (auto intro: conforms_absorb) |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1262 |
with wt error_free_s1 |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1263 |
show "abupd (absorb (Break l)) s1\<Colon>\<preceq>(G, L) \<and> |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1264 |
(normal (abupd (absorb (Break l)) s1) |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1265 |
\<longrightarrow> G,L,store (abupd (absorb (Break l)) s1)\<turnstile>In1r (l\<bullet> c)\<succ>\<diamondsuit>\<Colon>\<preceq>T) \<and> |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1266 |
(error_free (Norm s0) = error_free (abupd (absorb (Break l)) s1))" |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1267 |
by (simp) |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1268 |
next |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1269 |
case (Comp c1 c2 s0 s1 s2 L accC T) |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1270 |
have "G\<turnstile>Norm s0 \<midarrow>c1\<rightarrow> s1" . |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1271 |
have "G\<turnstile>s1 \<midarrow>c2\<rightarrow> s2" . |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1272 |
have hyp_c1: "PROP ?TypeSafe (Norm s0) s1 (In1r c1) \<diamondsuit>" . |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1273 |
have hyp_c2: "PROP ?TypeSafe s1 s2 (In1r c2) \<diamondsuit>" . |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1274 |
have conf_s0: "Norm s0\<Colon>\<preceq>(G, L)" . |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1275 |
have wt: "\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>In1r (c1;; c2)\<Colon>T" . |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1276 |
then obtain wt_c1: "\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>c1\<Colon>\<surd>" and |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1277 |
wt_c2: "\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>c2\<Colon>\<surd>" |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1278 |
by (rule wt_elim_cases) (blast) |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1279 |
with conf_s0 hyp_c1 hyp_c2 |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1280 |
obtain "s2\<Colon>\<preceq>(G, L)" and "error_free s2" |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1281 |
by (blast) |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1282 |
with wt |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1283 |
show "s2\<Colon>\<preceq>(G, L) \<and> |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1284 |
(normal s2 \<longrightarrow> G,L,store s2\<turnstile>In1r (c1;; c2)\<succ>\<diamondsuit>\<Colon>\<preceq>T) \<and> |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1285 |
(error_free (Norm s0) = error_free s2)" |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1286 |
by (simp) |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1287 |
next |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1288 |
case (If b c1 c2 e s0 s1 s2 L accC T) |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1289 |
have "G\<turnstile>Norm s0 \<midarrow>e-\<succ>b\<rightarrow> s1" . |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1290 |
have "G\<turnstile>s1 \<midarrow>(if the_Bool b then c1 else c2)\<rightarrow> s2" . |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1291 |
have hyp_e: "PROP ?TypeSafe (Norm s0) s1 (In1l e) (In1 b)" . |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1292 |
have hyp_then_else: |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1293 |
"PROP ?TypeSafe s1 s2 (In1r (if the_Bool b then c1 else c2)) \<diamondsuit>" . |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1294 |
have conf_s0: "Norm s0\<Colon>\<preceq>(G, L)" . |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1295 |
have wt: "\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>In1r (If(e) c1 Else c2)\<Colon>T" . |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1296 |
then obtain "\<lparr>prg=G, cls=accC, lcl=L\<rparr>\<turnstile>e\<Colon>-PrimT Boolean" |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1297 |
"\<lparr>prg=G, cls=accC, lcl=L\<rparr>\<turnstile>(if the_Bool b then c1 else c2)\<Colon>\<surd>" |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1298 |
by (rule wt_elim_cases) (auto split add: split_if) |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1299 |
with conf_s0 hyp_e hyp_then_else |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1300 |
obtain "s2\<Colon>\<preceq>(G, L)" and "error_free s2" |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1301 |
by (blast) |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1302 |
with wt |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1303 |
show "s2\<Colon>\<preceq>(G, L) \<and> |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1304 |
(normal s2 \<longrightarrow> G,L,store s2\<turnstile>In1r (If(e) c1 Else c2)\<succ>\<diamondsuit>\<Colon>\<preceq>T) \<and> |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1305 |
(error_free (Norm s0) = error_free s2)" |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1306 |
by (simp) |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1307 |
next |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1308 |
case (Loop b c e l s0 s1 s2 s3 L accC T) |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1309 |
have "G\<turnstile>Norm s0 \<midarrow>e-\<succ>b\<rightarrow> s1" . |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1310 |
have hyp_e: "PROP ?TypeSafe (Norm s0) s1 (In1l e) (In1 b)" . |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1311 |
have conf_s0: "Norm s0\<Colon>\<preceq>(G, L)" . |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1312 |
have wt: "\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>In1r (l\<bullet> While(e) c)\<Colon>T" . |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1313 |
then obtain wt_e: "\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>e\<Colon>-PrimT Boolean" and |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1314 |
wt_c: "\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>c\<Colon>\<surd>" |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1315 |
by (rule wt_elim_cases) (blast) |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1316 |
from conf_s0 wt_e hyp_e |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1317 |
obtain conf_s1: "s1\<Colon>\<preceq>(G, L)" and error_free_s1: "error_free s1" |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1318 |
by blast |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1319 |
show "s3\<Colon>\<preceq>(G, L) \<and> |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1320 |
(normal s3 \<longrightarrow> G,L,store s3\<turnstile>In1r (l\<bullet> While(e) c)\<succ>\<diamondsuit>\<Colon>\<preceq>T) \<and> |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1321 |
(error_free (Norm s0) = error_free s3)" |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1322 |
proof (cases "normal s1 \<and> the_Bool b") |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1323 |
case True |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1324 |
from Loop True have "G\<turnstile>s1 \<midarrow>c\<rightarrow> s2" by auto |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1325 |
from Loop True have "G\<turnstile>abupd (absorb (Cont l)) s2 \<midarrow>l\<bullet> While(e) c\<rightarrow> s3" |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1326 |
by auto |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1327 |
from Loop True have hyp_c: "PROP ?TypeSafe s1 s2 (In1r c) \<diamondsuit>" |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1328 |
by (auto) |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1329 |
from Loop True have hyp_w: "PROP ?TypeSafe (abupd (absorb (Cont l)) s2) |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1330 |
s3 (In1r (l\<bullet> While(e) c)) \<diamondsuit>" |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1331 |
by (auto) |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1332 |
from conf_s1 error_free_s1 wt_c hyp_c |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1333 |
obtain conf_s2: "s2\<Colon>\<preceq>(G, L)" and error_free_s2: "error_free s2" |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1334 |
by blast |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1335 |
from conf_s2 have "abupd (absorb (Cont l)) s2 \<Colon>\<preceq>(G, L)" |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1336 |
by (cases s2) (auto intro: conforms_absorb) |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1337 |
moreover |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1338 |
from error_free_s2 have "error_free (abupd (absorb (Cont l)) s2)" |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1339 |
by simp |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1340 |
moreover note wt hyp_w |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1341 |
ultimately obtain "s3\<Colon>\<preceq>(G, L)" and "error_free s3" |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1342 |
by blast |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1343 |
with wt |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1344 |
show ?thesis |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1345 |
by (simp) |
|
99131847fb93
Added check for field/method access to operational semantics and proved the acesses valid.
schirmer
parents:
12858
diff
changeset
|
1346 |
next |