isabelle: src/HOL/Bali/AxSem.thy@61dd8c145da7 (annotated)

12857 a4386cc9b1c3 tuned header; wenzelm parents: 12854 diff changeset	1	(* Title: HOL/Bali/AxSem.thy
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	2	Author: David von Oheimb
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	3	*)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	4
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	5	header {* Axiomatic semantics of Java expressions and statements
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	6	(see also Eval.thy)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	7	*}
16417 9bc16273c2d4 migrated theory headers to new format haftmann parents: 14981 diff changeset	8	theory AxSem imports Evaln TypeSafe begin
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	9
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	10	text {*
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	11	design issues:
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	12	\begin{itemize}
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	13	\item a strong version of validity for triples with premises, namely one that
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	14	takes the recursive depth needed to complete execution, enables
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	15	correctness proof
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	16	\item auxiliary variables are handled first-class (-> Thomas Kleymann)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	17	\item expressions not flattened to elementary assignments (as usual for
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	18	axiomatic semantics) but treated first-class => explicit result value
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	19	handling
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	20	\item intermediate values not on triple, but on assertion level
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	21	(with result entry)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	22	\item multiple results with semantical substitution mechnism not requiring a
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	23	stack
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	24	\item because of dynamic method binding, terms need to be dependent on state.
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	25	this is also useful for conditional expressions and statements
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	26	\item result values in triples exactly as in eval relation (also for xcpt
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	27	states)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	28	\item validity: additional assumption of state conformance and well-typedness,
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	29	which is required for soundness and thus rule hazard required of completeness
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	30	\end{itemize}
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	31
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	32	restrictions:
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	33	\begin{itemize}
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	34	\item all triples in a derivation are of the same type (due to weak
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	35	polymorphism)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	36	\end{itemize}
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	37	*}
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	38
13688 a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	39	types res = vals --{* result entry *}
35067 af4c18c30593 modernized syntax translations, using mostly abbreviation/notation; wenzelm parents: 32960 diff changeset	40
af4c18c30593 modernized syntax translations, using mostly abbreviation/notation; wenzelm parents: 32960 diff changeset	41	abbreviation (input)
af4c18c30593 modernized syntax translations, using mostly abbreviation/notation; wenzelm parents: 32960 diff changeset	42	Val where "Val x == In1 x"
af4c18c30593 modernized syntax translations, using mostly abbreviation/notation; wenzelm parents: 32960 diff changeset	43
af4c18c30593 modernized syntax translations, using mostly abbreviation/notation; wenzelm parents: 32960 diff changeset	44	abbreviation (input)
af4c18c30593 modernized syntax translations, using mostly abbreviation/notation; wenzelm parents: 32960 diff changeset	45	Var where "Var x == In2 x"
af4c18c30593 modernized syntax translations, using mostly abbreviation/notation; wenzelm parents: 32960 diff changeset	46
af4c18c30593 modernized syntax translations, using mostly abbreviation/notation; wenzelm parents: 32960 diff changeset	47	abbreviation (input)
af4c18c30593 modernized syntax translations, using mostly abbreviation/notation; wenzelm parents: 32960 diff changeset	48	Vals where "Vals x == In3 x"
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	49
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	50	syntax
24783 5a3e336a2e37 avoid internal names; wenzelm parents: 24038 diff changeset	51	"_Val" :: "[pttrn] => pttrn" ("Val:_" [951] 950)
5a3e336a2e37 avoid internal names; wenzelm parents: 24038 diff changeset	52	"_Var" :: "[pttrn] => pttrn" ("Var:_" [951] 950)
5a3e336a2e37 avoid internal names; wenzelm parents: 24038 diff changeset	53	"_Vals" :: "[pttrn] => pttrn" ("Vals:_" [951] 950)
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	54
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	55	translations
35067 af4c18c30593 modernized syntax translations, using mostly abbreviation/notation; wenzelm parents: 32960 diff changeset	56	"\<lambda>Val:v . b" == "(\<lambda>v. b) \<circ> CONST the_In1"
af4c18c30593 modernized syntax translations, using mostly abbreviation/notation; wenzelm parents: 32960 diff changeset	57	"\<lambda>Var:v . b" == "(\<lambda>v. b) \<circ> CONST the_In2"
af4c18c30593 modernized syntax translations, using mostly abbreviation/notation; wenzelm parents: 32960 diff changeset	58	"\<lambda>Vals:v. b" == "(\<lambda>v. b) \<circ> CONST the_In3"
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	59
13688 a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	60	--{* relation on result values, state and auxiliary variables *}
35431 8758fe1fc9f8 cleanup type translations; wenzelm parents: 35416 diff changeset	61	types 'a assn = "res \<Rightarrow> state \<Rightarrow> 'a \<Rightarrow> bool"
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	62	translations
35431 8758fe1fc9f8 cleanup type translations; wenzelm parents: 35416 diff changeset	63	(type) "'a assn" <= (type) "vals \<Rightarrow> state \<Rightarrow> 'a \<Rightarrow> bool"
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	64
35416 d8d7d1b785af replaced a couple of constsdefs by definitions (also some old primrecs by modern ones) haftmann parents: 35069 diff changeset	65	definition assn_imp :: "'a assn \<Rightarrow> 'a assn \<Rightarrow> bool" (infixr "\<Rightarrow>" 25) where
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	66	"P \<Rightarrow> Q \<equiv> \<forall>Y s Z. P Y s Z \<longrightarrow> Q Y s Z"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	67
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	68	lemma assn_imp_def2 [iff]: "(P \<Rightarrow> Q) = (\<forall>Y s Z. P Y s Z \<longrightarrow> Q Y s Z)"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	69	apply (unfold assn_imp_def)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	70	apply (rule HOL.refl)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	71	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	72
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	73
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	74	section "assertion transformers"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	75
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	76	subsection "peek-and"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	77
35416 d8d7d1b785af replaced a couple of constsdefs by definitions (also some old primrecs by modern ones) haftmann parents: 35069 diff changeset	78	definition peek_and :: "'a assn \<Rightarrow> (state \<Rightarrow> bool) \<Rightarrow> 'a assn" (infixl "\<and>." 13) where
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	79	"P \<and>. p \<equiv> \<lambda>Y s Z. P Y s Z \<and> p s"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	80
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	81	lemma peek_and_def2 [simp]: "peek_and P p Y s = (\<lambda>Z. (P Y s Z \<and> p s))"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	82	apply (unfold peek_and_def)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	83	apply (simp (no_asm))
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	84	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	85
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	86	lemma peek_and_Not [simp]: "(P \<and>. (\<lambda>s. \<not> f s)) = (P \<and>. Not \<circ> f)"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	87	apply (rule ext)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	88	apply (rule ext)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	89	apply (simp (no_asm))
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	90	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	91
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	92	lemma peek_and_and [simp]: "peek_and (peek_and P p) p = peek_and P p"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	93	apply (unfold peek_and_def)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	94	apply (simp (no_asm))
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	95	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	96
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	97	lemma peek_and_commut: "(P \<and>. p \<and>. q) = (P \<and>. q \<and>. p)"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	98	apply (rule ext)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	99	apply (rule ext)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	100	apply (rule ext)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	101	apply auto
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	102	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	103
35067 af4c18c30593 modernized syntax translations, using mostly abbreviation/notation; wenzelm parents: 32960 diff changeset	104	abbreviation
af4c18c30593 modernized syntax translations, using mostly abbreviation/notation; wenzelm parents: 32960 diff changeset	105	Normal :: "'a assn \<Rightarrow> 'a assn"
af4c18c30593 modernized syntax translations, using mostly abbreviation/notation; wenzelm parents: 32960 diff changeset	106	where "Normal P == P \<and>. normal"
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	107
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	108	lemma peek_and_Normal [simp]: "peek_and (Normal P) p = Normal (peek_and P p)"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	109	apply (rule ext)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	110	apply (rule ext)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	111	apply (rule ext)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	112	apply auto
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	113	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	114
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	115	subsection "assn-supd"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	116
35416 d8d7d1b785af replaced a couple of constsdefs by definitions (also some old primrecs by modern ones) haftmann parents: 35069 diff changeset	117	definition assn_supd :: "'a assn \<Rightarrow> (state \<Rightarrow> state) \<Rightarrow> 'a assn" (infixl ";." 13) where
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	118	"P ;. f \<equiv> \<lambda>Y s' Z. \<exists>s. P Y s Z \<and> s' = f s"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	119
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	120	lemma assn_supd_def2 [simp]: "assn_supd P f Y s' Z = (\<exists>s. P Y s Z \<and> s' = f s)"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	121	apply (unfold assn_supd_def)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	122	apply (simp (no_asm))
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	123	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	124
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	125	subsection "supd-assn"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	126
35416 d8d7d1b785af replaced a couple of constsdefs by definitions (also some old primrecs by modern ones) haftmann parents: 35069 diff changeset	127	definition supd_assn :: "(state \<Rightarrow> state) \<Rightarrow> 'a assn \<Rightarrow> 'a assn" (infixr ".;" 13) where
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	128	"f .; P \<equiv> \<lambda>Y s. P Y (f s)"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	129
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	130
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	131	lemma supd_assn_def2 [simp]: "(f .; P) Y s = P Y (f s)"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	132	apply (unfold supd_assn_def)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	133	apply (simp (no_asm))
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	134	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	135
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	136	lemma supd_assn_supdD [elim]: "((f .; Q) ;. f) Y s Z \<Longrightarrow> Q Y s Z"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	137	apply auto
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	138	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	139
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	140	lemma supd_assn_supdI [elim]: "Q Y s Z \<Longrightarrow> (f .; (Q ;. f)) Y s Z"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	141	apply (auto simp del: split_paired_Ex)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	142	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	143
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	144	subsection "subst-res"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	145
35416 d8d7d1b785af replaced a couple of constsdefs by definitions (also some old primrecs by modern ones) haftmann parents: 35069 diff changeset	146	definition subst_res :: "'a assn \<Rightarrow> res \<Rightarrow> 'a assn" ("_\<leftarrow>_" [60,61] 60) where
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	147	"P\<leftarrow>w \<equiv> \<lambda>Y. P w"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	148
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	149	lemma subst_res_def2 [simp]: "(P\<leftarrow>w) Y = P w"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	150	apply (unfold subst_res_def)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	151	apply (simp (no_asm))
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	152	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	153
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	154	lemma subst_subst_res [simp]: "P\<leftarrow>w\<leftarrow>v = P\<leftarrow>w"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	155	apply (rule ext)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	156	apply (simp (no_asm))
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	157	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	158
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	159	lemma peek_and_subst_res [simp]: "(P \<and>. p)\<leftarrow>w = (P\<leftarrow>w \<and>. p)"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	160	apply (rule ext)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	161	apply (rule ext)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	162	apply (simp (no_asm))
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	163	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	164
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	165	(*###Do not work for some strange (unification?) reason
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	166	lemma subst_res_Val_beta [simp]: "(\<lambda>Y. P (the_In1 Y))\<leftarrow>Val v = (\<lambda>Y. P v)"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	167	apply (rule ext)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	168	by simp
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	169
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	170	lemma subst_res_Var_beta [simp]: "(\<lambda>Y. P (the_In2 Y))\<leftarrow>Var vf = (\<lambda>Y. P vf)";
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	171	apply (rule ext)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	172	by simp
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	173
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	174	lemma subst_res_Vals_beta [simp]: "(\<lambda>Y. P (the_In3 Y))\<leftarrow>Vals vs = (\<lambda>Y. P vs)";
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	175	apply (rule ext)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	176	by simp
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	177	*)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	178
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	179	subsection "subst-Bool"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	180
35416 d8d7d1b785af replaced a couple of constsdefs by definitions (also some old primrecs by modern ones) haftmann parents: 35069 diff changeset	181	definition subst_Bool :: "'a assn \<Rightarrow> bool \<Rightarrow> 'a assn" ("_\<leftarrow>=_" [60,61] 60) where
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	182	"P\<leftarrow>=b \<equiv> \<lambda>Y s Z. \<exists>v. P (Val v) s Z \<and> (normal s \<longrightarrow> the_Bool v=b)"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	183
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	184	lemma subst_Bool_def2 [simp]:
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	185	"(P\<leftarrow>=b) Y s Z = (\<exists>v. P (Val v) s Z \<and> (normal s \<longrightarrow> the_Bool v=b))"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	186	apply (unfold subst_Bool_def)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	187	apply (simp (no_asm))
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	188	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	189
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	190	lemma subst_Bool_the_BoolI: "P (Val b) s Z \<Longrightarrow> (P\<leftarrow>=the_Bool b) Y s Z"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	191	apply auto
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	192	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	193
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	194	subsection "peek-res"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	195
35416 d8d7d1b785af replaced a couple of constsdefs by definitions (also some old primrecs by modern ones) haftmann parents: 35069 diff changeset	196	definition peek_res :: "(res \<Rightarrow> 'a assn) \<Rightarrow> 'a assn" where
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	197	"peek_res Pf \<equiv> \<lambda>Y. Pf Y Y"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	198
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	199	syntax
35067 af4c18c30593 modernized syntax translations, using mostly abbreviation/notation; wenzelm parents: 32960 diff changeset	200	"_peek_res" :: "pttrn \<Rightarrow> 'a assn \<Rightarrow> 'a assn" ("\<lambda>_:. _" [0,3] 3)
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	201	translations
35067 af4c18c30593 modernized syntax translations, using mostly abbreviation/notation; wenzelm parents: 32960 diff changeset	202	"\<lambda>w:. P" == "CONST peek_res (\<lambda>w. P)"
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	203
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	204	lemma peek_res_def2 [simp]: "peek_res P Y = P Y Y"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	205	apply (unfold peek_res_def)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	206	apply (simp (no_asm))
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	207	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	208
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	209	lemma peek_res_subst_res [simp]: "peek_res P\<leftarrow>w = P w\<leftarrow>w"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	210	apply (rule ext)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	211	apply (simp (no_asm))
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	212	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	213
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	214	(* unused *)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	215	lemma peek_subst_res_allI:
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	216	"(\<And>a. T a (P (f a)\<leftarrow>f a)) \<Longrightarrow> \<forall>a. T a (peek_res P\<leftarrow>f a)"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	217	apply (rule allI)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	218	apply (simp (no_asm))
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	219	apply fast
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	220	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	221
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	222	subsection "ign-res"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	223
35416 d8d7d1b785af replaced a couple of constsdefs by definitions (also some old primrecs by modern ones) haftmann parents: 35069 diff changeset	224	definition ign_res :: " 'a assn \<Rightarrow> 'a assn" ("_\<down>" [1000] 1000) where
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	225	"P\<down> \<equiv> \<lambda>Y s Z. \<exists>Y. P Y s Z"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	226
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	227	lemma ign_res_def2 [simp]: "P\<down> Y s Z = (\<exists>Y. P Y s Z)"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	228	apply (unfold ign_res_def)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	229	apply (simp (no_asm))
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	230	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	231
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	232	lemma ign_ign_res [simp]: "P\<down>\<down> = P\<down>"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	233	apply (rule ext)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	234	apply (rule ext)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	235	apply (rule ext)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	236	apply (simp (no_asm))
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	237	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	238
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	239	lemma ign_subst_res [simp]: "P\<down>\<leftarrow>w = P\<down>"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	240	apply (rule ext)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	241	apply (rule ext)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	242	apply (rule ext)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	243	apply (simp (no_asm))
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	244	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	245
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	246	lemma peek_and_ign_res [simp]: "(P \<and>. p)\<down> = (P\<down> \<and>. p)"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	247	apply (rule ext)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	248	apply (rule ext)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	249	apply (rule ext)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	250	apply (simp (no_asm))
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	251	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	252
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	253	subsection "peek-st"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	254
35416 d8d7d1b785af replaced a couple of constsdefs by definitions (also some old primrecs by modern ones) haftmann parents: 35069 diff changeset	255	definition peek_st :: "(st \<Rightarrow> 'a assn) \<Rightarrow> 'a assn" where
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	256	"peek_st P \<equiv> \<lambda>Y s. P (store s) Y s"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	257
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	258	syntax
35067 af4c18c30593 modernized syntax translations, using mostly abbreviation/notation; wenzelm parents: 32960 diff changeset	259	"_peek_st" :: "pttrn \<Rightarrow> 'a assn \<Rightarrow> 'a assn" ("\<lambda>_.. _" [0,3] 3)
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	260	translations
35067 af4c18c30593 modernized syntax translations, using mostly abbreviation/notation; wenzelm parents: 32960 diff changeset	261	"\<lambda>s.. P" == "CONST peek_st (\<lambda>s. P)"
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	262
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	263	lemma peek_st_def2 [simp]: "(\<lambda>s.. Pf s) Y s = Pf (store s) Y s"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	264	apply (unfold peek_st_def)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	265	apply (simp (no_asm))
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	266	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	267
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	268	lemma peek_st_triv [simp]: "(\<lambda>s.. P) = P"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	269	apply (rule ext)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	270	apply (rule ext)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	271	apply (simp (no_asm))
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	272	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	273
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	274	lemma peek_st_st [simp]: "(\<lambda>s.. \<lambda>s'.. P s s') = (\<lambda>s.. P s s)"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	275	apply (rule ext)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	276	apply (rule ext)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	277	apply (simp (no_asm))
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	278	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	279
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	280	lemma peek_st_split [simp]: "(\<lambda>s.. \<lambda>Y s'. P s Y s') = (\<lambda>Y s. P (store s) Y s)"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	281	apply (rule ext)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	282	apply (rule ext)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	283	apply (simp (no_asm))
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	284	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	285
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	286	lemma peek_st_subst_res [simp]: "(\<lambda>s.. P s)\<leftarrow>w = (\<lambda>s.. P s\<leftarrow>w)"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	287	apply (rule ext)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	288	apply (simp (no_asm))
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	289	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	290
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	291	lemma peek_st_Normal [simp]: "(\<lambda>s..(Normal (P s))) = Normal (\<lambda>s.. P s)"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	292	apply (rule ext)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	293	apply (rule ext)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	294	apply (simp (no_asm))
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	295	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	296
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	297	subsection "ign-res-eq"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	298
35416 d8d7d1b785af replaced a couple of constsdefs by definitions (also some old primrecs by modern ones) haftmann parents: 35069 diff changeset	299	definition ign_res_eq :: "'a assn \<Rightarrow> res \<Rightarrow> 'a assn" ("_\<down>=_" [60,61] 60) where
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	300	"P\<down>=w \<equiv> \<lambda>Y:. P\<down> \<and>. (\<lambda>s. Y=w)"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	301
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	302	lemma ign_res_eq_def2 [simp]: "(P\<down>=w) Y s Z = ((\<exists>Y. P Y s Z) \<and> Y=w)"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	303	apply (unfold ign_res_eq_def)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	304	apply auto
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	305	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	306
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	307	lemma ign_ign_res_eq [simp]: "(P\<down>=w)\<down> = P\<down>"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	308	apply (rule ext)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	309	apply (rule ext)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	310	apply (rule ext)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	311	apply (simp (no_asm))
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	312	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	313
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	314	(* unused *)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	315	lemma ign_res_eq_subst_res: "P\<down>=w\<leftarrow>w = P\<down>"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	316	apply (rule ext)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	317	apply (rule ext)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	318	apply (rule ext)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	319	apply (simp (no_asm))
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	320	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	321
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	322	(* unused *)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	323	lemma subst_Bool_ign_res_eq: "((P\<leftarrow>=b)\<down>=x) Y s Z = ((P\<leftarrow>=b) Y s Z \<and> Y=x)"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	324	apply (simp (no_asm))
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	325	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	326
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	327	subsection "RefVar"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	328
35416 d8d7d1b785af replaced a couple of constsdefs by definitions (also some old primrecs by modern ones) haftmann parents: 35069 diff changeset	329	definition RefVar :: "(state \<Rightarrow> vvar \<times> state) \<Rightarrow> 'a assn \<Rightarrow> 'a assn" (infixr "..;" 13) where
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	330	"vf ..; P \<equiv> \<lambda>Y s. let (v,s') = vf s in P (Var v) s'"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	331
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	332	lemma RefVar_def2 [simp]: "(vf ..; P) Y s =
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	333	P (Var (fst (vf s))) (snd (vf s))"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	334	apply (unfold RefVar_def Let_def)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	335	apply (simp (no_asm) add: split_beta)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	336	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	337
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	338	subsection "allocation"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	339
35416 d8d7d1b785af replaced a couple of constsdefs by definitions (also some old primrecs by modern ones) haftmann parents: 35069 diff changeset	340	definition Alloc :: "prog \<Rightarrow> obj_tag \<Rightarrow> 'a assn \<Rightarrow> 'a assn" where
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	341	"Alloc G otag P \<equiv> \<lambda>Y s Z.
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	342	\<forall>s' a. G\<turnstile>s \<midarrow>halloc otag\<succ>a\<rightarrow> s'\<longrightarrow> P (Val (Addr a)) s' Z"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	343
35416 d8d7d1b785af replaced a couple of constsdefs by definitions (also some old primrecs by modern ones) haftmann parents: 35069 diff changeset	344	definition SXAlloc :: "prog \<Rightarrow> 'a assn \<Rightarrow> 'a assn" where
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	345	"SXAlloc G P \<equiv> \<lambda>Y s Z. \<forall>s'. G\<turnstile>s \<midarrow>sxalloc\<rightarrow> s' \<longrightarrow> P Y s' Z"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	346
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	347
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	348	lemma Alloc_def2 [simp]: "Alloc G otag P Y s Z =
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	349	(\<forall>s' a. G\<turnstile>s \<midarrow>halloc otag\<succ>a\<rightarrow> s'\<longrightarrow> P (Val (Addr a)) s' Z)"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	350	apply (unfold Alloc_def)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	351	apply (simp (no_asm))
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	352	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	353
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	354	lemma SXAlloc_def2 [simp]:
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	355	"SXAlloc G P Y s Z = (\<forall>s'. G\<turnstile>s \<midarrow>sxalloc\<rightarrow> s' \<longrightarrow> P Y s' Z)"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	356	apply (unfold SXAlloc_def)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	357	apply (simp (no_asm))
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	358	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	359
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	360	section "validity"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	361
35416 d8d7d1b785af replaced a couple of constsdefs by definitions (also some old primrecs by modern ones) haftmann parents: 35069 diff changeset	362	definition type_ok :: "prog \<Rightarrow> term \<Rightarrow> state \<Rightarrow> bool" where
13688 a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	363	"type_ok G t s \<equiv>
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	364	\<exists>L T C A. (normal s \<longrightarrow> \<lparr>prg=G,cls=C,lcl=L\<rparr>\<turnstile>t\<Colon>T \<and>
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	365	\<lparr>prg=G,cls=C,lcl=L\<rparr>\<turnstile>dom (locals (store s))\<guillemotright>t\<guillemotright>A )
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	366	\<and> s\<Colon>\<preceq>(G,L)"
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	367
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	368	datatype 'a triple = triple "('a assn)" "term" "('a assn)" (** should be
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	369	something like triple = \<forall>'a. triple ('a assn) term ('a assn) **)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	370	("{(1_)}/ _>/ {(1_)}" [3,65,3]75)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	371	types 'a triples = "'a triple set"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	372
35067 af4c18c30593 modernized syntax translations, using mostly abbreviation/notation; wenzelm parents: 32960 diff changeset	373	abbreviation
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	374	var_triple :: "['a assn, var ,'a assn] \<Rightarrow> 'a triple"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	375	("{(1_)}/ _=>/ {(1_)}" [3,80,3] 75)
35067 af4c18c30593 modernized syntax translations, using mostly abbreviation/notation; wenzelm parents: 32960 diff changeset	376	where "{P} e=> {Q} == {P} In2 e> {Q}"
af4c18c30593 modernized syntax translations, using mostly abbreviation/notation; wenzelm parents: 32960 diff changeset	377
af4c18c30593 modernized syntax translations, using mostly abbreviation/notation; wenzelm parents: 32960 diff changeset	378	abbreviation
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	379	expr_triple :: "['a assn, expr ,'a assn] \<Rightarrow> 'a triple"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	380	("{(1_)}/ _->/ {(1_)}" [3,80,3] 75)
35067 af4c18c30593 modernized syntax translations, using mostly abbreviation/notation; wenzelm parents: 32960 diff changeset	381	where "{P} e-> {Q} == {P} In1l e> {Q}"
af4c18c30593 modernized syntax translations, using mostly abbreviation/notation; wenzelm parents: 32960 diff changeset	382
af4c18c30593 modernized syntax translations, using mostly abbreviation/notation; wenzelm parents: 32960 diff changeset	383	abbreviation
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	384	exprs_triple :: "['a assn, expr list ,'a assn] \<Rightarrow> 'a triple"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	385	("{(1_)}/ _#>/ {(1_)}" [3,65,3] 75)
35067 af4c18c30593 modernized syntax translations, using mostly abbreviation/notation; wenzelm parents: 32960 diff changeset	386	where "{P} e#> {Q} == {P} In3 e> {Q}"
af4c18c30593 modernized syntax translations, using mostly abbreviation/notation; wenzelm parents: 32960 diff changeset	387
af4c18c30593 modernized syntax translations, using mostly abbreviation/notation; wenzelm parents: 32960 diff changeset	388	abbreviation
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	389	stmt_triple :: "['a assn, stmt, 'a assn] \<Rightarrow> 'a triple"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	390	("{(1_)}/ ._./ {(1_)}" [3,65,3] 75)
35067 af4c18c30593 modernized syntax translations, using mostly abbreviation/notation; wenzelm parents: 32960 diff changeset	391	where "{P} .c. {Q} == {P} In1r c> {Q}"
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	392
35067 af4c18c30593 modernized syntax translations, using mostly abbreviation/notation; wenzelm parents: 32960 diff changeset	393	notation (xsymbols)
af4c18c30593 modernized syntax translations, using mostly abbreviation/notation; wenzelm parents: 32960 diff changeset	394	triple ("{(1_)}/ _\<succ>/ {(1_)}" [3,65,3] 75) and
af4c18c30593 modernized syntax translations, using mostly abbreviation/notation; wenzelm parents: 32960 diff changeset	395	var_triple ("{(1_)}/ _=\<succ>/ {(1_)}" [3,80,3] 75) and
af4c18c30593 modernized syntax translations, using mostly abbreviation/notation; wenzelm parents: 32960 diff changeset	396	expr_triple ("{(1_)}/ _-\<succ>/ {(1_)}" [3,80,3] 75) and
af4c18c30593 modernized syntax translations, using mostly abbreviation/notation; wenzelm parents: 32960 diff changeset	397	exprs_triple ("{(1_)}/ _\<doteq>\<succ>/ {(1_)}" [3,65,3] 75)
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	398
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	399	lemma inj_triple: "inj (\<lambda>(P,t,Q). {P} t\<succ> {Q})"
13585 db4005b40cc6 Converted Fun to Isar style. paulson parents: 13384 diff changeset	400	apply (rule inj_onI)
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	401	apply auto
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	402	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	403
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	404	lemma triple_inj_eq: "({P} t\<succ> {Q} = {P'} t'\<succ> {Q'} ) = (P=P' \<and> t=t' \<and> Q=Q')"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	405	apply auto
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	406	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	407
35416 d8d7d1b785af replaced a couple of constsdefs by definitions (also some old primrecs by modern ones) haftmann parents: 35069 diff changeset	408	definition mtriples :: "('c \<Rightarrow> 'sig \<Rightarrow> 'a assn) \<Rightarrow> ('c \<Rightarrow> 'sig \<Rightarrow> expr) \<Rightarrow>
d8d7d1b785af replaced a couple of constsdefs by definitions (also some old primrecs by modern ones) haftmann parents: 35069 diff changeset	409	('c \<Rightarrow> 'sig \<Rightarrow> 'a assn) \<Rightarrow> ('c \<times> 'sig) set \<Rightarrow> 'a triples" ("{{(1_)}/ _-\<succ>/ {(1_)} \| _}"[3,65,3,65]75) where
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	410	"{{P} tf-\<succ> {Q} \| ms} \<equiv> (\<lambda>(C,sig). {Normal(P C sig)} tf C sig-\<succ> {Q C sig})`ms"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	411
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	412	consts
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	413
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	414	triple_valid :: "prog \<Rightarrow> nat \<Rightarrow> 'a triple \<Rightarrow> bool"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	415	( "_\<Turnstile>_:_" [61,0, 58] 57)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	416	ax_valids :: "prog \<Rightarrow> 'b triples \<Rightarrow> 'a triples \<Rightarrow> bool"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	417	("_,_\|\<Turnstile>_" [61,58,58] 57)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	418
35067 af4c18c30593 modernized syntax translations, using mostly abbreviation/notation; wenzelm parents: 32960 diff changeset	419	abbreviation
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	420	triples_valid:: "prog \<Rightarrow> nat \<Rightarrow> 'a triples \<Rightarrow> bool"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	421	( "_\|\|=_:_" [61,0, 58] 57)
35067 af4c18c30593 modernized syntax translations, using mostly abbreviation/notation; wenzelm parents: 32960 diff changeset	422	where "G\|\|=n:ts == Ball ts (triple_valid G n)"
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	423
35067 af4c18c30593 modernized syntax translations, using mostly abbreviation/notation; wenzelm parents: 32960 diff changeset	424	abbreviation
af4c18c30593 modernized syntax translations, using mostly abbreviation/notation; wenzelm parents: 32960 diff changeset	425	ax_valid :: "prog \<Rightarrow> 'b triples \<Rightarrow> 'a triple \<Rightarrow> bool"
af4c18c30593 modernized syntax translations, using mostly abbreviation/notation; wenzelm parents: 32960 diff changeset	426	( "_,_\|=_" [61,58,58] 57)
af4c18c30593 modernized syntax translations, using mostly abbreviation/notation; wenzelm parents: 32960 diff changeset	427	where "G,A \|=t == G,A\|\<Turnstile>{t}"
af4c18c30593 modernized syntax translations, using mostly abbreviation/notation; wenzelm parents: 32960 diff changeset	428
af4c18c30593 modernized syntax translations, using mostly abbreviation/notation; wenzelm parents: 32960 diff changeset	429	notation (xsymbols)
af4c18c30593 modernized syntax translations, using mostly abbreviation/notation; wenzelm parents: 32960 diff changeset	430	triples_valid ("_\|\<Turnstile>_:_" [61,0, 58] 57) and
af4c18c30593 modernized syntax translations, using mostly abbreviation/notation; wenzelm parents: 32960 diff changeset	431	ax_valid ("_,_\<Turnstile>_" [61,58,58] 57)
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	432
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	433	defs triple_valid_def: "G\<Turnstile>n:t \<equiv> case t of {P} t\<succ> {Q} \<Rightarrow>
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	434	\<forall>Y s Z. P Y s Z \<longrightarrow> type_ok G t s \<longrightarrow>
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	435	(\<forall>Y' s'. G\<turnstile>s \<midarrow>t\<succ>\<midarrow>n\<rightarrow> (Y',s') \<longrightarrow> Q Y' s' Z)"
35067 af4c18c30593 modernized syntax translations, using mostly abbreviation/notation; wenzelm parents: 32960 diff changeset	436
af4c18c30593 modernized syntax translations, using mostly abbreviation/notation; wenzelm parents: 32960 diff changeset	437	defs ax_valids_def:"G,A\|\<Turnstile>ts \<equiv> \<forall>n. G\|\<Turnstile>n:A \<longrightarrow> G\|\<Turnstile>n:ts"
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	438
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	439	lemma triple_valid_def2: "G\<Turnstile>n:{P} t\<succ> {Q} =
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	440	(\<forall>Y s Z. P Y s Z
13688 a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	441	\<longrightarrow> (\<exists>L. (normal s \<longrightarrow> (\<exists> C T A. \<lparr>prg=G,cls=C,lcl=L\<rparr>\<turnstile>t\<Colon>T \<and>
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	442	\<lparr>prg=G,cls=C,lcl=L\<rparr>\<turnstile>dom (locals (store s))\<guillemotright>t\<guillemotright>A)) \<and>
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	443	s\<Colon>\<preceq>(G,L))
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	444	\<longrightarrow> (\<forall>Y' s'. G\<turnstile>s \<midarrow>t\<succ>\<midarrow>n\<rightarrow> (Y',s')\<longrightarrow> Q Y' s' Z))"
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	445	apply (unfold triple_valid_def type_ok_def)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	446	apply (simp (no_asm))
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	447	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	448
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	449
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	450	declare split_paired_All [simp del] split_paired_Ex [simp del]
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	451	declare split_if [split del] split_if_asm [split del]
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	452	option.split [split del] option.split_asm [split del]
24019 67bde7cfcf10 tuned ML/simproc declarations; wenzelm parents: 23894 diff changeset	453	declaration {* K (Simplifier.map_ss (fn ss => ss delloop "split_all_tac")) *}
67bde7cfcf10 tuned ML/simproc declarations; wenzelm parents: 23894 diff changeset	454	declaration {* K (Classical.map_cs (fn cs => cs delSWrapper "split_all_tac")) *}
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	455
23747 b07cff284683 Renamed inductive2 to inductive. berghofe parents: 23563 diff changeset	456	inductive
21765 89275a3ed7be Adapted to new inductive definition package. berghofe parents: 20014 diff changeset	457	ax_derivs :: "prog \<Rightarrow> 'a triples \<Rightarrow> 'a triples \<Rightarrow> bool" ("_,_\|\<turnstile>_" [61,58,58] 57)
89275a3ed7be Adapted to new inductive definition package. berghofe parents: 20014 diff changeset	458	and ax_deriv :: "prog \<Rightarrow> 'a triples \<Rightarrow> 'a triple \<Rightarrow> bool" ("_,_\<turnstile>_" [61,58,58] 57)
89275a3ed7be Adapted to new inductive definition package. berghofe parents: 20014 diff changeset	459	for G :: prog
89275a3ed7be Adapted to new inductive definition package. berghofe parents: 20014 diff changeset	460	where
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	461
21765 89275a3ed7be Adapted to new inductive definition package. berghofe parents: 20014 diff changeset	462	"G,A \<turnstile>t \<equiv> G,A\|\<turnstile>{t}"
89275a3ed7be Adapted to new inductive definition package. berghofe parents: 20014 diff changeset	463
89275a3ed7be Adapted to new inductive definition package. berghofe parents: 20014 diff changeset	464	\| empty: " G,A\|\<turnstile>{}"
89275a3ed7be Adapted to new inductive definition package. berghofe parents: 20014 diff changeset	465	\| insert:"\<lbrakk>G,A\<turnstile>t; G,A\|\<turnstile>ts\<rbrakk> \<Longrightarrow>
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	466	G,A\|\<turnstile>insert t ts"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	467
21765 89275a3ed7be Adapted to new inductive definition package. berghofe parents: 20014 diff changeset	468	\| asm: "ts\<subseteq>A \<Longrightarrow> G,A\|\<turnstile>ts"
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	469
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	470	(* could be added for convenience and efficiency, but is not necessary
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	471	cut: "\<lbrakk>G,A'\|\<turnstile>ts; G,A\|\<turnstile>A'\<rbrakk> \<Longrightarrow>
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	472	G,A \|\<turnstile>ts"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	473	*)
21765 89275a3ed7be Adapted to new inductive definition package. berghofe parents: 20014 diff changeset	474	\| weaken:"\<lbrakk>G,A\|\<turnstile>ts'; ts \<subseteq> ts'\<rbrakk> \<Longrightarrow> G,A\|\<turnstile>ts"
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	475
21765 89275a3ed7be Adapted to new inductive definition package. berghofe parents: 20014 diff changeset	476	\| conseq:"\<forall>Y s Z . P Y s Z \<longrightarrow> (\<exists>P' Q'. G,A\<turnstile>{P'} t\<succ> {Q'} \<and> (\<forall>Y' s'.
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	477	(\<forall>Y Z'. P' Y s Z' \<longrightarrow> Q' Y' s' Z') \<longrightarrow>
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	478	Q Y' s' Z ))
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	479	\<Longrightarrow> G,A\<turnstile>{P } t\<succ> {Q }"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	480
21765 89275a3ed7be Adapted to new inductive definition package. berghofe parents: 20014 diff changeset	481	\| hazard:"G,A\<turnstile>{P \<and>. Not \<circ> type_ok G t} t\<succ> {Q}"
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	482
28524 644b62cf678f arbitrary is undefined haftmann parents: 27226 diff changeset	483	\| Abrupt: "G,A\<turnstile>{P\<leftarrow>(undefined3 t) \<and>. Not \<circ> normal} t\<succ> {P}"
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	484
13688 a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	485	--{* variables *}
21765 89275a3ed7be Adapted to new inductive definition package. berghofe parents: 20014 diff changeset	486	\| LVar: " G,A\<turnstile>{Normal (\<lambda>s.. P\<leftarrow>Var (lvar vn s))} LVar vn=\<succ> {P}"
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	487
21765 89275a3ed7be Adapted to new inductive definition package. berghofe parents: 20014 diff changeset	488	\| FVar: "\<lbrakk>G,A\<turnstile>{Normal P} .Init C. {Q};
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	489	G,A\<turnstile>{Q} e-\<succ> {\<lambda>Val:a:. fvar C stat fn a ..; R}\<rbrakk> \<Longrightarrow>
12925 99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid. schirmer parents: 12859 diff changeset	490	G,A\<turnstile>{Normal P} {accC,C,stat}e..fn=\<succ> {R}"
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	491
21765 89275a3ed7be Adapted to new inductive definition package. berghofe parents: 20014 diff changeset	492	\| AVar: "\<lbrakk>G,A\<turnstile>{Normal P} e1-\<succ> {Q};
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	493	\<forall>a. G,A\<turnstile>{Q\<leftarrow>Val a} e2-\<succ> {\<lambda>Val:i:. avar G i a ..; R}\<rbrakk> \<Longrightarrow>
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	494	G,A\<turnstile>{Normal P} e1.[e2]=\<succ> {R}"
13688 a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	495	--{* expressions *}
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	496
21765 89275a3ed7be Adapted to new inductive definition package. berghofe parents: 20014 diff changeset	497	\| NewC: "\<lbrakk>G,A\<turnstile>{Normal P} .Init C. {Alloc G (CInst C) Q}\<rbrakk> \<Longrightarrow>
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	498	G,A\<turnstile>{Normal P} NewC C-\<succ> {Q}"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	499
21765 89275a3ed7be Adapted to new inductive definition package. berghofe parents: 20014 diff changeset	500	\| NewA: "\<lbrakk>G,A\<turnstile>{Normal P} .init_comp_ty T. {Q}; G,A\<turnstile>{Q} e-\<succ>
32960 69916a850301 eliminated hard tabulators, guessing at each author's individual tab-width; wenzelm parents: 28524 diff changeset	501	{\<lambda>Val:i:. abupd (check_neg i) .; Alloc G (Arr T (the_Intg i)) R}\<rbrakk> \<Longrightarrow>
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	502	G,A\<turnstile>{Normal P} New T[e]-\<succ> {R}"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	503
21765 89275a3ed7be Adapted to new inductive definition package. berghofe parents: 20014 diff changeset	504	\| Cast: "\<lbrakk>G,A\<turnstile>{Normal P} e-\<succ> {\<lambda>Val:v:. \<lambda>s..
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	505	abupd (raise_if (\<not>G,s\<turnstile>v fits T) ClassCast) .; Q\<leftarrow>Val v}\<rbrakk> \<Longrightarrow>
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	506	G,A\<turnstile>{Normal P} Cast T e-\<succ> {Q}"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	507
21765 89275a3ed7be Adapted to new inductive definition package. berghofe parents: 20014 diff changeset	508	\| Inst: "\<lbrakk>G,A\<turnstile>{Normal P} e-\<succ> {\<lambda>Val:v:. \<lambda>s..
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	509	Q\<leftarrow>Val (Bool (v\<noteq>Null \<and> G,s\<turnstile>v fits RefT T))}\<rbrakk> \<Longrightarrow>
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	510	G,A\<turnstile>{Normal P} e InstOf T-\<succ> {Q}"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	511
21765 89275a3ed7be Adapted to new inductive definition package. berghofe parents: 20014 diff changeset	512	\| Lit: "G,A\<turnstile>{Normal (P\<leftarrow>Val v)} Lit v-\<succ> {P}"
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	513
21765 89275a3ed7be Adapted to new inductive definition package. berghofe parents: 20014 diff changeset	514	\| UnOp: "\<lbrakk>G,A\<turnstile>{Normal P} e-\<succ> {\<lambda>Val:v:. Q\<leftarrow>Val (eval_unop unop v)}\<rbrakk>
13337 f75dfc606ac7 Added unary and binary operations like (+,-,<, ...); Added smallstep semantics (no proofs about it yet). schirmer parents: 12925 diff changeset	515	\<Longrightarrow>
f75dfc606ac7 Added unary and binary operations like (+,-,<, ...); Added smallstep semantics (no proofs about it yet). schirmer parents: 12925 diff changeset	516	G,A\<turnstile>{Normal P} UnOp unop e-\<succ> {Q}"
f75dfc606ac7 Added unary and binary operations like (+,-,<, ...); Added smallstep semantics (no proofs about it yet). schirmer parents: 12925 diff changeset	517
21765 89275a3ed7be Adapted to new inductive definition package. berghofe parents: 20014 diff changeset	518	\| BinOp:
13337 f75dfc606ac7 Added unary and binary operations like (+,-,<, ...); Added smallstep semantics (no proofs about it yet). schirmer parents: 12925 diff changeset	519	"\<lbrakk>G,A\<turnstile>{Normal P} e1-\<succ> {Q};
13384 a34e38154413 Added conditional and (&&) and or (\|\|). schirmer parents: 13337 diff changeset	520	\<forall>v1. G,A\<turnstile>{Q\<leftarrow>Val v1}
a34e38154413 Added conditional and (&&) and or (\|\|). schirmer parents: 13337 diff changeset	521	(if need_second_arg binop v1 then (In1l e2) else (In1r Skip))\<succ>
a34e38154413 Added conditional and (&&) and or (\|\|). schirmer parents: 13337 diff changeset	522	{\<lambda>Val:v2:. R\<leftarrow>Val (eval_binop binop v1 v2)}\<rbrakk>
13337 f75dfc606ac7 Added unary and binary operations like (+,-,<, ...); Added smallstep semantics (no proofs about it yet). schirmer parents: 12925 diff changeset	523	\<Longrightarrow>
f75dfc606ac7 Added unary and binary operations like (+,-,<, ...); Added smallstep semantics (no proofs about it yet). schirmer parents: 12925 diff changeset	524	G,A\<turnstile>{Normal P} BinOp binop e1 e2-\<succ> {R}"
f75dfc606ac7 Added unary and binary operations like (+,-,<, ...); Added smallstep semantics (no proofs about it yet). schirmer parents: 12925 diff changeset	525
21765 89275a3ed7be Adapted to new inductive definition package. berghofe parents: 20014 diff changeset	526	\| Super:" G,A\<turnstile>{Normal (\<lambda>s.. P\<leftarrow>Val (val_this s))} Super-\<succ> {P}"
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	527
21765 89275a3ed7be Adapted to new inductive definition package. berghofe parents: 20014 diff changeset	528	\| Acc: "\<lbrakk>G,A\<turnstile>{Normal P} va=\<succ> {\<lambda>Var:(v,f):. Q\<leftarrow>Val v}\<rbrakk> \<Longrightarrow>
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	529	G,A\<turnstile>{Normal P} Acc va-\<succ> {Q}"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	530
21765 89275a3ed7be Adapted to new inductive definition package. berghofe parents: 20014 diff changeset	531	\| Ass: "\<lbrakk>G,A\<turnstile>{Normal P} va=\<succ> {Q};
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	532	\<forall>vf. G,A\<turnstile>{Q\<leftarrow>Var vf} e-\<succ> {\<lambda>Val:v:. assign (snd vf) v .; R}\<rbrakk> \<Longrightarrow>
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	533	G,A\<turnstile>{Normal P} va:=e-\<succ> {R}"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	534
21765 89275a3ed7be Adapted to new inductive definition package. berghofe parents: 20014 diff changeset	535	\| Cond: "\<lbrakk>G,A \<turnstile>{Normal P} e0-\<succ> {P'};
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	536	\<forall>b. G,A\<turnstile>{P'\<leftarrow>=b} (if b then e1 else e2)-\<succ> {Q}\<rbrakk> \<Longrightarrow>
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	537	G,A\<turnstile>{Normal P} e0 ? e1 : e2-\<succ> {Q}"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	538
21765 89275a3ed7be Adapted to new inductive definition package. berghofe parents: 20014 diff changeset	539	\| Call:
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	540	"\<lbrakk>G,A\<turnstile>{Normal P} e-\<succ> {Q}; \<forall>a. G,A\<turnstile>{Q\<leftarrow>Val a} args\<doteq>\<succ> {R a};
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	541	\<forall>a vs invC declC l. G,A\<turnstile>{(R a\<leftarrow>Vals vs \<and>.
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	542	(\<lambda>s. declC=invocation_declclass G mode (store s) a statT \<lparr>name=mn,parTs=pTs\<rparr> \<and>
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	543	invC = invocation_class mode (store s) a statT \<and>
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	544	l = locals (store s)) ;.
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	545	init_lvars G declC \<lparr>name=mn,parTs=pTs\<rparr> mode a vs) \<and>.
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	546	(\<lambda>s. normal s \<longrightarrow> G\<turnstile>mode\<rightarrow>invC\<preceq>statT)}
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	547	Methd declC \<lparr>name=mn,parTs=pTs\<rparr>-\<succ> {set_lvars l .; S}\<rbrakk> \<Longrightarrow>
12925 99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid. schirmer parents: 12859 diff changeset	548	G,A\<turnstile>{Normal P} {accC,statT,mode}e\<cdot>mn({pTs}args)-\<succ> {S}"
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	549
21765 89275a3ed7be Adapted to new inductive definition package. berghofe parents: 20014 diff changeset	550	\| Methd:"\<lbrakk>G,A\<union> {{P} Methd-\<succ> {Q} \| ms} \|\<turnstile> {{P} body G-\<succ> {Q} \| ms}\<rbrakk> \<Longrightarrow>
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	551	G,A\|\<turnstile>{{P} Methd-\<succ> {Q} \| ms}"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	552
21765 89275a3ed7be Adapted to new inductive definition package. berghofe parents: 20014 diff changeset	553	\| Body: "\<lbrakk>G,A\<turnstile>{Normal P} .Init D. {Q};
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	554	G,A\<turnstile>{Q} .c. {\<lambda>s.. abupd (absorb Ret) .; R\<leftarrow>(In1 (the (locals s Result)))}\<rbrakk>
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	555	\<Longrightarrow>
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	556	G,A\<turnstile>{Normal P} Body D c-\<succ> {R}"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	557
13688 a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	558	--{* expression lists *}
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	559
21765 89275a3ed7be Adapted to new inductive definition package. berghofe parents: 20014 diff changeset	560	\| Nil: "G,A\<turnstile>{Normal (P\<leftarrow>Vals [])} []\<doteq>\<succ> {P}"
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	561
21765 89275a3ed7be Adapted to new inductive definition package. berghofe parents: 20014 diff changeset	562	\| Cons: "\<lbrakk>G,A\<turnstile>{Normal P} e-\<succ> {Q};
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	563	\<forall>v. G,A\<turnstile>{Q\<leftarrow>Val v} es\<doteq>\<succ> {\<lambda>Vals:vs:. R\<leftarrow>Vals (v#vs)}\<rbrakk> \<Longrightarrow>
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	564	G,A\<turnstile>{Normal P} e#es\<doteq>\<succ> {R}"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	565
13688 a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	566	--{* statements *}
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	567
21765 89275a3ed7be Adapted to new inductive definition package. berghofe parents: 20014 diff changeset	568	\| Skip: "G,A\<turnstile>{Normal (P\<leftarrow>\<diamondsuit>)} .Skip. {P}"
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	569
21765 89275a3ed7be Adapted to new inductive definition package. berghofe parents: 20014 diff changeset	570	\| Expr: "\<lbrakk>G,A\<turnstile>{Normal P} e-\<succ> {Q\<leftarrow>\<diamondsuit>}\<rbrakk> \<Longrightarrow>
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	571	G,A\<turnstile>{Normal P} .Expr e. {Q}"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	572
21765 89275a3ed7be Adapted to new inductive definition package. berghofe parents: 20014 diff changeset	573	\| Lab: "\<lbrakk>G,A\<turnstile>{Normal P} .c. {abupd (absorb l) .; Q}\<rbrakk> \<Longrightarrow>
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	574	G,A\<turnstile>{Normal P} .l\<bullet> c. {Q}"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	575
21765 89275a3ed7be Adapted to new inductive definition package. berghofe parents: 20014 diff changeset	576	\| Comp: "\<lbrakk>G,A\<turnstile>{Normal P} .c1. {Q};
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	577	G,A\<turnstile>{Q} .c2. {R}\<rbrakk> \<Longrightarrow>
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	578	G,A\<turnstile>{Normal P} .c1;;c2. {R}"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	579
21765 89275a3ed7be Adapted to new inductive definition package. berghofe parents: 20014 diff changeset	580	\| If: "\<lbrakk>G,A \<turnstile>{Normal P} e-\<succ> {P'};
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	581	\<forall>b. G,A\<turnstile>{P'\<leftarrow>=b} .(if b then c1 else c2). {Q}\<rbrakk> \<Longrightarrow>
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	582	G,A\<turnstile>{Normal P} .If(e) c1 Else c2. {Q}"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	583	(* unfolding variant of Loop, not needed here
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	584	LoopU:"\<lbrakk>G,A \<turnstile>{Normal P} e-\<succ> {P'};
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	585	\<forall>b. G,A\<turnstile>{P'\<leftarrow>=b} .(if b then c;;While(e) c else Skip).{Q}\<rbrakk>
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	586	\<Longrightarrow> G,A\<turnstile>{Normal P} .While(e) c. {Q}"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	587	*)
21765 89275a3ed7be Adapted to new inductive definition package. berghofe parents: 20014 diff changeset	588	\| Loop: "\<lbrakk>G,A\<turnstile>{P} e-\<succ> {P'};
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	589	G,A\<turnstile>{Normal (P'\<leftarrow>=True)} .c. {abupd (absorb (Cont l)) .; P}\<rbrakk> \<Longrightarrow>
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	590	G,A\<turnstile>{P} .l\<bullet> While(e) c. {(P'\<leftarrow>=False)\<down>=\<diamondsuit>}"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	591
21765 89275a3ed7be Adapted to new inductive definition package. berghofe parents: 20014 diff changeset	592	\| Jmp: "G,A\<turnstile>{Normal (abupd (\<lambda>a. (Some (Jump j))) .; P\<leftarrow>\<diamondsuit>)} .Jmp j. {P}"
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	593
21765 89275a3ed7be Adapted to new inductive definition package. berghofe parents: 20014 diff changeset	594	\| Throw:"\<lbrakk>G,A\<turnstile>{Normal P} e-\<succ> {\<lambda>Val:a:. abupd (throw a) .; Q\<leftarrow>\<diamondsuit>}\<rbrakk> \<Longrightarrow>
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	595	G,A\<turnstile>{Normal P} .Throw e. {Q}"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	596
21765 89275a3ed7be Adapted to new inductive definition package. berghofe parents: 20014 diff changeset	597	\| Try: "\<lbrakk>G,A\<turnstile>{Normal P} .c1. {SXAlloc G Q};
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	598	G,A\<turnstile>{Q \<and>. (\<lambda>s. G,s\<turnstile>catch C) ;. new_xcpt_var vn} .c2. {R};
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	599	(Q \<and>. (\<lambda>s. \<not>G,s\<turnstile>catch C)) \<Rightarrow> R\<rbrakk> \<Longrightarrow>
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	600	G,A\<turnstile>{Normal P} .Try c1 Catch(C vn) c2. {R}"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	601
21765 89275a3ed7be Adapted to new inductive definition package. berghofe parents: 20014 diff changeset	602	\| Fin: "\<lbrakk>G,A\<turnstile>{Normal P} .c1. {Q};
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	603	\<forall>x. G,A\<turnstile>{Q \<and>. (\<lambda>s. x = fst s) ;. abupd (\<lambda>x. None)}
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	604	.c2. {abupd (abrupt_if (x\<noteq>None) x) .; R}\<rbrakk> \<Longrightarrow>
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	605	G,A\<turnstile>{Normal P} .c1 Finally c2. {R}"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	606
21765 89275a3ed7be Adapted to new inductive definition package. berghofe parents: 20014 diff changeset	607	\| Done: "G,A\<turnstile>{Normal (P\<leftarrow>\<diamondsuit> \<and>. initd C)} .Init C. {P}"
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	608
21765 89275a3ed7be Adapted to new inductive definition package. berghofe parents: 20014 diff changeset	609	\| Init: "\<lbrakk>the (class G C) = c;
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	610	G,A\<turnstile>{Normal ((P \<and>. Not \<circ> initd C) ;. supd (init_class_obj G C))}
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	611	.(if C = Object then Skip else Init (super c)). {Q};
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	612	\<forall>l. G,A\<turnstile>{Q \<and>. (\<lambda>s. l = locals (store s)) ;. set_lvars empty}
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	613	.init c. {set_lvars l .; R}\<rbrakk> \<Longrightarrow>
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	614	G,A\<turnstile>{Normal (P \<and>. Not \<circ> initd C)} .Init C. {R}"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	615
13337 f75dfc606ac7 Added unary and binary operations like (+,-,<, ...); Added smallstep semantics (no proofs about it yet). schirmer parents: 12925 diff changeset	616	-- {* Some dummy rules for the intermediate terms @{text Callee},
f75dfc606ac7 Added unary and binary operations like (+,-,<, ...); Added smallstep semantics (no proofs about it yet). schirmer parents: 12925 diff changeset	617	@{text InsInitE}, @{text InsInitV}, @{text FinA} only used by the smallstep
f75dfc606ac7 Added unary and binary operations like (+,-,<, ...); Added smallstep semantics (no proofs about it yet). schirmer parents: 12925 diff changeset	618	semantics.
f75dfc606ac7 Added unary and binary operations like (+,-,<, ...); Added smallstep semantics (no proofs about it yet). schirmer parents: 12925 diff changeset	619	*}
21765 89275a3ed7be Adapted to new inductive definition package. berghofe parents: 20014 diff changeset	620	\| InsInitV: " G,A\<turnstile>{Normal P} InsInitV c v=\<succ> {Q}"
89275a3ed7be Adapted to new inductive definition package. berghofe parents: 20014 diff changeset	621	\| InsInitE: " G,A\<turnstile>{Normal P} InsInitE c e-\<succ> {Q}"
89275a3ed7be Adapted to new inductive definition package. berghofe parents: 20014 diff changeset	622	\| Callee: " G,A\<turnstile>{Normal P} Callee l e-\<succ> {Q}"
89275a3ed7be Adapted to new inductive definition package. berghofe parents: 20014 diff changeset	623	\| FinA: " G,A\<turnstile>{Normal P} .FinA a c. {Q}"
13688 a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	624	(*
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	625	axioms
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	626	*)
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	627
35416 d8d7d1b785af replaced a couple of constsdefs by definitions (also some old primrecs by modern ones) haftmann parents: 35069 diff changeset	628	definition adapt_pre :: "'a assn \<Rightarrow> 'a assn \<Rightarrow> 'a assn \<Rightarrow> 'a assn" where
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	629	"adapt_pre P Q Q'\<equiv>\<lambda>Y s Z. \<forall>Y' s'. \<exists>Z'. P Y s Z' \<and> (Q Y' s' Z' \<longrightarrow> Q' Y' s' Z)"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	630
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	631
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	632	section "rules derived by induction"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	633
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	634	lemma cut_valid: "\<lbrakk>G,A'\|\<Turnstile>ts; G,A\|\<Turnstile>A'\<rbrakk> \<Longrightarrow> G,A\|\<Turnstile>ts"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	635	apply (unfold ax_valids_def)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	636	apply fast
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	637	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	638
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	639	(*if cut is available
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	640	Goal "\<lbrakk>G,A'\|\<turnstile>ts; A' \<subseteq> A; \<forall>P Q t. {P} t\<succ> {Q} \<in> A' \<longrightarrow> (\<exists>T. (G,L)\<turnstile>t\<Colon>T) \<rbrakk> \<Longrightarrow>
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	641	G,A\|\<turnstile>ts"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	642	b y etac ax_derivs.cut 1;
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	643	b y eatac ax_derivs.asm 1 1;
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	644	qed "ax_thin";
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	645	*)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	646	lemma ax_thin [rule_format (no_asm)]:
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	647	"G,(A'::'a triple set)\|\<turnstile>(ts::'a triple set) \<Longrightarrow> \<forall>A. A' \<subseteq> A \<longrightarrow> G,A\|\<turnstile>ts"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	648	apply (erule ax_derivs.induct)
23894 1a4167d761ac tactics: avoid dynamic reference to accidental theory context (via ML_Context.the_context etc.); wenzelm parents: 23747 diff changeset	649	apply (tactic "ALLGOALS(EVERY'[clarify_tac @{claset}, REPEAT o smp_tac 1])")
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	650	apply (rule ax_derivs.empty)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	651	apply (erule (1) ax_derivs.insert)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	652	apply (fast intro: ax_derivs.asm)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	653	(apply (fast intro: ax_derivs.cut) )
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	654	apply (fast intro: ax_derivs.weaken)
13337 f75dfc606ac7 Added unary and binary operations like (+,-,<, ...); Added smallstep semantics (no proofs about it yet). schirmer parents: 12925 diff changeset	655	apply (rule ax_derivs.conseq, intro strip, tactic "smp_tac 3 1",clarify, tactic "smp_tac 1 1",rule exI, rule exI, erule (1) conjI)
f75dfc606ac7 Added unary and binary operations like (+,-,<, ...); Added smallstep semantics (no proofs about it yet). schirmer parents: 12925 diff changeset	656	(* 37 subgoals *)
f75dfc606ac7 Added unary and binary operations like (+,-,<, ...); Added smallstep semantics (no proofs about it yet). schirmer parents: 12925 diff changeset	657	prefer 18 (* Methd *)
23563 42f2f90b51a6 simplified a proof paulson parents: 21765 diff changeset	658	apply (rule ax_derivs.Methd, drule spec, erule mp, fast)
42f2f90b51a6 simplified a proof paulson parents: 21765 diff changeset	659	apply (tactic {* TRYALL (resolve_tac ((funpow 5 tl) (thms "ax_derivs.intros"))) *})
42f2f90b51a6 simplified a proof paulson parents: 21765 diff changeset	660	apply auto
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	661	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	662
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	663	lemma ax_thin_insert: "G,(A::'a triple set)\<turnstile>(t::'a triple) \<Longrightarrow> G,insert x A\<turnstile>t"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	664	apply (erule ax_thin)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	665	apply fast
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	666	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	667
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	668	lemma subset_mtriples_iff:
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	669	"ts \<subseteq> {{P} mb-\<succ> {Q} \| ms} = (\<exists>ms'. ms'\<subseteq>ms \<and> ts = {{P} mb-\<succ> {Q} \| ms'})"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	670	apply (unfold mtriples_def)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	671	apply (rule subset_image_iff)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	672	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	673
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	674	lemma weaken:
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	675	"G,(A::'a triple set)\|\<turnstile>(ts'::'a triple set) \<Longrightarrow> !ts. ts \<subseteq> ts' \<longrightarrow> G,A\|\<turnstile>ts"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	676	apply (erule ax_derivs.induct)
13337 f75dfc606ac7 Added unary and binary operations like (+,-,<, ...); Added smallstep semantics (no proofs about it yet). schirmer parents: 12925 diff changeset	677	(42 subgoals)
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	678	apply (tactic "ALLGOALS strip_tac")
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	679	apply (tactic {* ALLGOALS(REPEAT o (EVERY'[dtac (thm "subset_singletonD"),
26342 0f65fa163304 more antiquotations; wenzelm parents: 24783 diff changeset	680	etac disjE, fast_tac (@{claset} addSIs [thm "ax_derivs.empty"])]))*})
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	681	apply (tactic "TRYALL hyp_subst_tac")
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	682	apply (simp, rule ax_derivs.empty)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	683	apply (drule subset_insertD)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	684	apply (blast intro: ax_derivs.insert)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	685	apply (fast intro: ax_derivs.asm)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	686	(apply (blast intro: ax_derivs.cut) )
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	687	apply (fast intro: ax_derivs.weaken)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	688	apply (rule ax_derivs.conseq, clarify, tactic "smp_tac 3 1", blast(* unused *))
13337 f75dfc606ac7 Added unary and binary operations like (+,-,<, ...); Added smallstep semantics (no proofs about it yet). schirmer parents: 12925 diff changeset	689	(37 subgoals)
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	690	apply (tactic {* TRYALL (resolve_tac ((funpow 5 tl) (thms "ax_derivs.intros"))
23894 1a4167d761ac tactics: avoid dynamic reference to accidental theory context (via ML_Context.the_context etc.); wenzelm parents: 23747 diff changeset	691	THEN_ALL_NEW fast_tac @{claset}) *})
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	692	(1 subgoal)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	693	apply (clarsimp simp add: subset_mtriples_iff)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	694	apply (rule ax_derivs.Methd)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	695	apply (drule spec)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	696	apply (erule impE)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	697	apply (rule exI)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	698	apply (erule conjI)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	699	apply (rule HOL.refl)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	700	oops (* dead end, Methd is to blame *)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	701
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	702
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	703	section "rules derived from conseq"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	704
13688 a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	705	text {* In the following rules we often have to give some type annotations like:
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	706	@{term "G,(A::'a triple set)\<turnstile>{P::'a assn} t\<succ> {Q}"}.
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	707	Given only the term above without annotations, Isabelle would infer a more
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	708	general type were we could have
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	709	different types of auxiliary variables in the assumption set (@{term A}) and
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	710	in the triple itself (@{term P} and @{term Q}). But
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	711	@{text "ax_derivs.Methd"} enforces the same type in the inductive definition of
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	712	the derivation. So we have to restrict the types to be able to apply the
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	713	rules.
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	714	*}
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	715	lemma conseq12: "\<lbrakk>G,(A::'a triple set)\<turnstile>{P'::'a assn} t\<succ> {Q'};
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	716	\<forall>Y s Z. P Y s Z \<longrightarrow> (\<forall>Y' s'. (\<forall>Y Z'. P' Y s Z' \<longrightarrow> Q' Y' s' Z') \<longrightarrow>
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	717	Q Y' s' Z)\<rbrakk>
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	718	\<Longrightarrow> G,A\<turnstile>{P ::'a assn} t\<succ> {Q }"
13688 a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	719	apply (rule ax_derivs.conseq)
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	720	apply clarsimp
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	721	apply blast
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	722	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	723
13688 a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	724	-- {* Nice variant, since it is so symmetric we might be able to memorise it. *}
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	725	lemma conseq12': "\<lbrakk>G,(A::'a triple set)\<turnstile>{P'::'a assn} t\<succ> {Q'}; \<forall>s Y' s'.
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	726	(\<forall>Y Z. P' Y s Z \<longrightarrow> Q' Y' s' Z) \<longrightarrow>
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	727	(\<forall>Y Z. P Y s Z \<longrightarrow> Q Y' s' Z)\<rbrakk>
13688 a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	728	\<Longrightarrow> G,A\<turnstile>{P::'a assn } t\<succ> {Q }"
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	729	apply (erule conseq12)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	730	apply fast
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	731	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	732
13688 a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	733	lemma conseq12_from_conseq12': "\<lbrakk>G,(A::'a triple set)\<turnstile>{P'::'a assn} t\<succ> {Q'};
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	734	\<forall>Y s Z. P Y s Z \<longrightarrow> (\<forall>Y' s'. (\<forall>Y Z'. P' Y s Z' \<longrightarrow> Q' Y' s' Z') \<longrightarrow>
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	735	Q Y' s' Z)\<rbrakk>
13688 a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	736	\<Longrightarrow> G,A\<turnstile>{P::'a assn} t\<succ> {Q }"
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	737	apply (erule conseq12')
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	738	apply blast
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	739	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	740
13688 a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	741	lemma conseq1: "\<lbrakk>G,(A::'a triple set)\<turnstile>{P'::'a assn} t\<succ> {Q}; P \<Rightarrow> P'\<rbrakk>
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	742	\<Longrightarrow> G,A\<turnstile>{P::'a assn} t\<succ> {Q}"
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	743	apply (erule conseq12)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	744	apply blast
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	745	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	746
13688 a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	747	lemma conseq2: "\<lbrakk>G,(A::'a triple set)\<turnstile>{P::'a assn} t\<succ> {Q'}; Q' \<Rightarrow> Q\<rbrakk>
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	748	\<Longrightarrow> G,A\<turnstile>{P::'a assn} t\<succ> {Q}"
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	749	apply (erule conseq12)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	750	apply blast
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	751	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	752
13688 a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	753	lemma ax_escape:
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	754	"\<lbrakk>\<forall>Y s Z. P Y s Z
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	755	\<longrightarrow> G,(A::'a triple set)\<turnstile>{\<lambda>Y' s' (Z'::'a). (Y',s') = (Y,s)}
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	756	t\<succ>
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	757	{\<lambda>Y s Z'. Q Y s Z}
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	758	\<rbrakk> \<Longrightarrow> G,A\<turnstile>{P::'a assn} t\<succ> {Q::'a assn}"
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	759	apply (rule ax_derivs.conseq)
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	760	apply force
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	761	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	762
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	763	(* unused *)
13688 a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	764	lemma ax_constant: "\<lbrakk> C \<Longrightarrow> G,(A::'a triple set)\<turnstile>{P::'a assn} t\<succ> {Q}\<rbrakk>
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	765	\<Longrightarrow> G,A\<turnstile>{\<lambda>Y s Z. C \<and> P Y s Z} t\<succ> {Q}"
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	766	apply (rule ax_escape (* unused *))
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	767	apply clarify
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	768	apply (rule conseq12)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	769	apply fast
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	770	apply auto
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	771	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	772	(*alternative (more direct) proof:
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	773	apply (rule ax_derivs.conseq) )( unused )(
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	774	apply (fast)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	775	*)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	776
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	777
13688 a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	778	lemma ax_impossible [intro]:
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	779	"G,(A::'a triple set)\<turnstile>{\<lambda>Y s Z. False} t\<succ> {Q::'a assn}"
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	780	apply (rule ax_escape)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	781	apply clarify
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	782	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	783
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	784	(* unused *)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	785	lemma ax_nochange_lemma: "\<lbrakk>P Y s; All (op = w)\<rbrakk> \<Longrightarrow> P w s"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	786	apply auto
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	787	done
13688 a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	788
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	789	lemma ax_nochange:
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	790	"G,(A::(res \<times> state) triple set)\<turnstile>{\<lambda>Y s Z. (Y,s)=Z} t\<succ> {\<lambda>Y s Z. (Y,s)=Z}
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	791	\<Longrightarrow> G,A\<turnstile>{P::(res \<times> state) assn} t\<succ> {P}"
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	792	apply (erule conseq12)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	793	apply auto
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	794	apply (erule (1) ax_nochange_lemma)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	795	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	796
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	797	(* unused *)
13688 a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	798	lemma ax_trivial: "G,(A::'a triple set)\<turnstile>{P::'a assn} t\<succ> {\<lambda>Y s Z. True}"
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	799	apply (rule ax_derivs.conseq(* unused *))
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	800	apply auto
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	801	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	802
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	803	(* unused *)
13688 a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	804	lemma ax_disj:
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	805	"\<lbrakk>G,(A::'a triple set)\<turnstile>{P1::'a assn} t\<succ> {Q1}; G,A\<turnstile>{P2::'a assn} t\<succ> {Q2}\<rbrakk>
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	806	\<Longrightarrow> G,A\<turnstile>{\<lambda>Y s Z. P1 Y s Z \<or> P2 Y s Z} t\<succ> {\<lambda>Y s Z. Q1 Y s Z \<or> Q2 Y s Z}"
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	807	apply (rule ax_escape (* unused *))
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	808	apply safe
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	809	apply (erule conseq12, fast)+
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	810	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	811
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	812	(* unused *)
13688 a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	813	lemma ax_supd_shuffle:
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	814	"(\<exists>Q. G,(A::'a triple set)\<turnstile>{P::'a assn} .c1. {Q} \<and> G,A\<turnstile>{Q ;. f} .c2. {R}) =
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	815	(\<exists>Q'. G,A\<turnstile>{P} .c1. {f .; Q'} \<and> G,A\<turnstile>{Q'} .c2. {R})"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	816	apply (best elim!: conseq1 conseq2)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	817	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	818
13688 a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	819	lemma ax_cases: "
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	820	\<lbrakk>G,(A::'a triple set)\<turnstile>{P \<and>. C} t\<succ> {Q::'a assn};
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	821	G,A\<turnstile>{P \<and>. Not \<circ> C} t\<succ> {Q}\<rbrakk> \<Longrightarrow> G,A\<turnstile>{P} t\<succ> {Q}"
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	822	apply (unfold peek_and_def)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	823	apply (rule ax_escape)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	824	apply clarify
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	825	apply (case_tac "C s")
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	826	apply (erule conseq12, force)+
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	827	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	828	(*alternative (more direct) proof:
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	829	apply (rule rtac ax_derivs.conseq) )( unused )(
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	830	apply clarify
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	831	apply (case_tac "C s")
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	832	apply force+
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	833	*)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	834
13688 a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	835	lemma ax_adapt: "G,(A::'a triple set)\<turnstile>{P::'a assn} t\<succ> {Q}
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	836	\<Longrightarrow> G,A\<turnstile>{adapt_pre P Q Q'} t\<succ> {Q'}"
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	837	apply (unfold adapt_pre_def)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	838	apply (erule conseq12)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	839	apply fast
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	840	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	841
13688 a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	842	lemma adapt_pre_adapts: "G,(A::'a triple set)\<Turnstile>{P::'a assn} t\<succ> {Q}
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	843	\<longrightarrow> G,A\<Turnstile>{adapt_pre P Q Q'} t\<succ> {Q'}"
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	844	apply (unfold adapt_pre_def)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	845	apply (simp add: ax_valids_def triple_valid_def2)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	846	apply fast
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	847	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	848
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	849
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	850	lemma adapt_pre_weakest:
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	851	"\<forall>G (A::'a triple set) t. G,A\<Turnstile>{P} t\<succ> {Q} \<longrightarrow> G,A\<Turnstile>{P'} t\<succ> {Q'} \<Longrightarrow>
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	852	P' \<Rightarrow> adapt_pre P Q (Q'::'a assn)"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	853	apply (unfold adapt_pre_def)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	854	apply (drule spec)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	855	apply (drule_tac x = "{}" in spec)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	856	apply (drule_tac x = "In1r Skip" in spec)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	857	apply (simp add: ax_valids_def triple_valid_def2)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	858	oops
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	859
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	860	lemma peek_and_forget1_Normal:
13688 a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	861	"G,(A::'a triple set)\<turnstile>{Normal P} t\<succ> {Q::'a assn}
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	862	\<Longrightarrow> G,A\<turnstile>{Normal (P \<and>. p)} t\<succ> {Q}"
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	863	apply (erule conseq1)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	864	apply (simp (no_asm))
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	865	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	866
13688 a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	867	lemma peek_and_forget1:
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	868	"G,(A::'a triple set)\<turnstile>{P::'a assn} t\<succ> {Q}
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	869	\<Longrightarrow> G,A\<turnstile>{P \<and>. p} t\<succ> {Q}"
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	870	apply (erule conseq1)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	871	apply (simp (no_asm))
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	872	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	873
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	874	lemmas ax_NormalD = peek_and_forget1 [of _ _ _ _ _ normal]
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	875
13688 a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	876	lemma peek_and_forget2:
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	877	"G,(A::'a triple set)\<turnstile>{P::'a assn} t\<succ> {Q \<and>. p}
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	878	\<Longrightarrow> G,A\<turnstile>{P} t\<succ> {Q}"
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	879	apply (erule conseq2)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	880	apply (simp (no_asm))
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	881	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	882
13688 a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	883	lemma ax_subst_Val_allI:
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	884	"\<forall>v. G,(A::'a triple set)\<turnstile>{(P' v )\<leftarrow>Val v} t\<succ> {(Q v)::'a assn}
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	885	\<Longrightarrow> \<forall>v. G,A\<turnstile>{(\<lambda>w:. P' (the_In1 w))\<leftarrow>Val v} t\<succ> {Q v}"
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	886	apply (force elim!: conseq1)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	887	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	888
13688 a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	889	lemma ax_subst_Var_allI:
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	890	"\<forall>v. G,(A::'a triple set)\<turnstile>{(P' v )\<leftarrow>Var v} t\<succ> {(Q v)::'a assn}
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	891	\<Longrightarrow> \<forall>v. G,A\<turnstile>{(\<lambda>w:. P' (the_In2 w))\<leftarrow>Var v} t\<succ> {Q v}"
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	892	apply (force elim!: conseq1)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	893	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	894
13688 a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	895	lemma ax_subst_Vals_allI:
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	896	"(\<forall>v. G,(A::'a triple set)\<turnstile>{( P' v )\<leftarrow>Vals v} t\<succ> {(Q v)::'a assn})
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	897	\<Longrightarrow> \<forall>v. G,A\<turnstile>{(\<lambda>w:. P' (the_In3 w))\<leftarrow>Vals v} t\<succ> {Q v}"
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	898	apply (force elim!: conseq1)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	899	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	900
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	901
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	902	section "alternative axioms"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	903
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	904	lemma ax_Lit2:
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	905	"G,(A::'a triple set)\<turnstile>{Normal P::'a assn} Lit v-\<succ> {Normal (P\<down>=Val v)}"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	906	apply (rule ax_derivs.Lit [THEN conseq1])
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	907	apply force
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	908	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	909	lemma ax_Lit2_test_complete:
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	910	"G,(A::'a triple set)\<turnstile>{Normal (P\<leftarrow>Val v)::'a assn} Lit v-\<succ> {P}"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	911	apply (rule ax_Lit2 [THEN conseq2])
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	912	apply force
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	913	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	914
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	915	lemma ax_LVar2: "G,(A::'a triple set)\<turnstile>{Normal P::'a assn} LVar vn=\<succ> {Normal (\<lambda>s.. P\<down>=Var (lvar vn s))}"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	916	apply (rule ax_derivs.LVar [THEN conseq1])
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	917	apply force
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	918	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	919
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	920	lemma ax_Super2: "G,(A::'a triple set)\<turnstile>
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	921	{Normal P::'a assn} Super-\<succ> {Normal (\<lambda>s.. P\<down>=Val (val_this s))}"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	922	apply (rule ax_derivs.Super [THEN conseq1])
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	923	apply force
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	924	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	925
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	926	lemma ax_Nil2:
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	927	"G,(A::'a triple set)\<turnstile>{Normal P::'a assn} []\<doteq>\<succ> {Normal (P\<down>=Vals [])}"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	928	apply (rule ax_derivs.Nil [THEN conseq1])
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	929	apply force
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	930	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	931
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	932
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	933	section "misc derived structural rules"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	934
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	935	(* unused *)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	936	lemma ax_finite_mtriples_lemma: "\<lbrakk>F \<subseteq> ms; finite ms; \<forall>(C,sig)\<in>ms.
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	937	G,(A::'a triple set)\<turnstile>{Normal (P C sig)::'a assn} mb C sig-\<succ> {Q C sig}\<rbrakk> \<Longrightarrow>
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	938	G,A\|\<turnstile>{{P} mb-\<succ> {Q} \| F}"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	939	apply (frule (1) finite_subset)
24038 18182c4aec9e replaced make_imp by rev_mp; wenzelm parents: 24019 diff changeset	940	apply (erule rev_mp)
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	941	apply (erule thin_rl)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	942	apply (erule finite_induct)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	943	apply (unfold mtriples_def)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	944	apply (clarsimp intro!: ax_derivs.empty ax_derivs.insert)+
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	945	apply force
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	946	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	947	lemmas ax_finite_mtriples = ax_finite_mtriples_lemma [OF subset_refl]
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	948
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	949	lemma ax_derivs_insertD:
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	950	"G,(A::'a triple set)\|\<turnstile>insert (t::'a triple) ts \<Longrightarrow> G,A\<turnstile>t \<and> G,A\|\<turnstile>ts"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	951	apply (fast intro: ax_derivs.weaken)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	952	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	953
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	954	lemma ax_methods_spec:
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	955	"\<lbrakk>G,(A::'a triple set)\|\<turnstile>split f ` ms; (C,sig) \<in> ms\<rbrakk>\<Longrightarrow> G,A\<turnstile>((f C sig)::'a triple)"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	956	apply (erule ax_derivs.weaken)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	957	apply (force del: image_eqI intro: rev_image_eqI)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	958	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	959
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	960	(* this version is used to avoid using the cut rule *)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	961	lemma ax_finite_pointwise_lemma [rule_format]: "\<lbrakk>F \<subseteq> ms; finite ms\<rbrakk> \<Longrightarrow>
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	962	((\<forall>(C,sig)\<in>F. G,(A::'a triple set)\<turnstile>(f C sig::'a triple)) \<longrightarrow> (\<forall>(C,sig)\<in>ms. G,A\<turnstile>(g C sig::'a triple))) \<longrightarrow>
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	963	G,A\|\<turnstile>split f ` F \<longrightarrow> G,A\|\<turnstile>split g ` F"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	964	apply (frule (1) finite_subset)
24038 18182c4aec9e replaced make_imp by rev_mp; wenzelm parents: 24019 diff changeset	965	apply (erule rev_mp)
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	966	apply (erule thin_rl)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	967	apply (erule finite_induct)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	968	apply clarsimp+
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	969	apply (drule ax_derivs_insertD)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	970	apply (rule ax_derivs.insert)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	971	apply (simp (no_asm_simp) only: split_tupled_all)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	972	apply (auto elim: ax_methods_spec)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	973	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	974	lemmas ax_finite_pointwise = ax_finite_pointwise_lemma [OF subset_refl]
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	975
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	976	lemma ax_no_hazard:
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	977	"G,(A::'a triple set)\<turnstile>{P \<and>. type_ok G t} t\<succ> {Q::'a assn} \<Longrightarrow> G,A\<turnstile>{P} t\<succ> {Q}"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	978	apply (erule ax_cases)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	979	apply (rule ax_derivs.hazard [THEN conseq1])
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	980	apply force
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	981	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	982
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	983	lemma ax_free_wt:
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	984	"(\<exists>T L C. \<lparr>prg=G,cls=C,lcl=L\<rparr>\<turnstile>t\<Colon>T)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	985	\<longrightarrow> G,(A::'a triple set)\<turnstile>{Normal P} t\<succ> {Q::'a assn} \<Longrightarrow>
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	986	G,A\<turnstile>{Normal P} t\<succ> {Q}"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	987	apply (rule ax_no_hazard)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	988	apply (rule ax_escape)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	989	apply clarify
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	990	apply (erule mp [THEN conseq12])
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	991	apply (auto simp add: type_ok_def)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	992	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	993
27226 5a3e5e46d977 sum3_instantiate: proper context; wenzelm parents: 26480 diff changeset	994	ML {* bind_thms ("ax_Abrupts", sum3_instantiate @{context} @{thm ax_derivs.Abrupt}) *}
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	995	declare ax_Abrupts [intro!]
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	996
21765 89275a3ed7be Adapted to new inductive definition package. berghofe parents: 20014 diff changeset	997	lemmas ax_Normal_cases = ax_cases [of _ _ _ normal]
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	998
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	999	lemma ax_Skip [intro!]: "G,(A::'a triple set)\<turnstile>{P\<leftarrow>\<diamondsuit>} .Skip. {P::'a assn}"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1000	apply (rule ax_Normal_cases)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1001	apply (rule ax_derivs.Skip)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1002	apply fast
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1003	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1004	lemmas ax_SkipI = ax_Skip [THEN conseq1, standard]
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1005
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1006
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1007	section "derived rules for methd call"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1008
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1009	lemma ax_Call_known_DynT:
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1010	"\<lbrakk>G\<turnstile>IntVir\<rightarrow>C\<preceq>statT;
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1011	\<forall>a vs l. G,A\<turnstile>{(R a\<leftarrow>Vals vs \<and>. (\<lambda>s. l = locals (store s)) ;.
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1012	init_lvars G C \<lparr>name=mn,parTs=pTs\<rparr> IntVir a vs)}
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1013	Methd C \<lparr>name=mn,parTs=pTs\<rparr>-\<succ> {set_lvars l .; S};
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1014	\<forall>a. G,A\<turnstile>{Q\<leftarrow>Val a} args\<doteq>\<succ>
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1015	{R a \<and>. (\<lambda>s. C = obj_class (the (heap (store s) (the_Addr a))) \<and>
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1016	C = invocation_declclass
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1017	G IntVir (store s) a statT \<lparr>name=mn,parTs=pTs\<rparr> )};
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1018	G,(A::'a triple set)\<turnstile>{Normal P} e-\<succ> {Q::'a assn}\<rbrakk>
12925 99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid. schirmer parents: 12859 diff changeset	1019	\<Longrightarrow> G,A\<turnstile>{Normal P} {accC,statT,IntVir}e\<cdot>mn({pTs}args)-\<succ> {S}"
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1020	apply (erule ax_derivs.Call)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1021	apply safe
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1022	apply (erule spec)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1023	apply (rule ax_escape, clarsimp)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1024	apply (drule spec, drule spec, drule spec,erule conseq12)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1025	apply force
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1026	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1027
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1028
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1029	lemma ax_Call_Static:
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1030	"\<lbrakk>\<forall>a vs l. G,A\<turnstile>{R a\<leftarrow>Vals vs \<and>. (\<lambda>s. l = locals (store s)) ;.
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1031	init_lvars G C \<lparr>name=mn,parTs=pTs\<rparr> Static any_Addr vs}
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1032	Methd C \<lparr>name=mn,parTs=pTs\<rparr>-\<succ> {set_lvars l .; S};
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1033	G,A\<turnstile>{Normal P} e-\<succ> {Q};
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1034	\<forall> a. G,(A::'a triple set)\<turnstile>{Q\<leftarrow>Val a} args\<doteq>\<succ> {(R::val \<Rightarrow> 'a assn) a
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1035	\<and>. (\<lambda> s. C=invocation_declclass
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1036	G Static (store s) a statT \<lparr>name=mn,parTs=pTs\<rparr>)}
12925 99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid. schirmer parents: 12859 diff changeset	1037	\<rbrakk> \<Longrightarrow> G,A\<turnstile>{Normal P} {accC,statT,Static}e\<cdot>mn({pTs}args)-\<succ> {S}"
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1038	apply (erule ax_derivs.Call)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1039	apply safe
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1040	apply (erule spec)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1041	apply (rule ax_escape, clarsimp)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1042	apply (erule_tac V = "?P \<longrightarrow> ?Q" in thin_rl)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1043	apply (drule spec,drule spec,drule spec, erule conseq12)
20014 729a45534001 fixed let-simproc schirmer parents: 19685 diff changeset	1044	apply (force simp add: init_lvars_def Let_def)
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1045	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1046
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1047	lemma ax_Methd1:
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1048	"\<lbrakk>G,A\<union>{{P} Methd-\<succ> {Q} \| ms}\|\<turnstile> {{P} body G-\<succ> {Q} \| ms}; (C,sig)\<in> ms\<rbrakk> \<Longrightarrow>
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1049	G,A\<turnstile>{Normal (P C sig)} Methd C sig-\<succ> {Q C sig}"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1050	apply (drule ax_derivs.Methd)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1051	apply (unfold mtriples_def)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1052	apply (erule (1) ax_methods_spec)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1053	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1054
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1055	lemma ax_MethdN:
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1056	"G,insert({Normal P} Methd C sig-\<succ> {Q}) A\<turnstile>
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1057	{Normal P} body G C sig-\<succ> {Q} \<Longrightarrow>
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1058	G,A\<turnstile>{Normal P} Methd C sig-\<succ> {Q}"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1059	apply (rule ax_Methd1)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1060	apply (rule_tac [2] singletonI)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1061	apply (unfold mtriples_def)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1062	apply clarsimp
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1063	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1064
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1065	lemma ax_StatRef:
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1066	"G,(A::'a triple set)\<turnstile>{Normal (P\<leftarrow>Val Null)} StatRef rt-\<succ> {P::'a assn}"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1067	apply (rule ax_derivs.Cast)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1068	apply (rule ax_Lit2 [THEN conseq2])
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1069	apply clarsimp
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1070	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1071
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1072	section "rules derived from Init and Done"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1073
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1074	lemma ax_InitS: "\<lbrakk>the (class G C) = c; C \<noteq> Object;
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1075	\<forall>l. G,A\<turnstile>{Q \<and>. (\<lambda>s. l = locals (store s)) ;. set_lvars empty}
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1076	.init c. {set_lvars l .; R};
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1077	G,A\<turnstile>{Normal ((P \<and>. Not \<circ> initd C) ;. supd (init_class_obj G C))}
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1078	.Init (super c). {Q}\<rbrakk> \<Longrightarrow>
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1079	G,(A::'a triple set)\<turnstile>{Normal (P \<and>. Not \<circ> initd C)} .Init C. {R::'a assn}"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1080	apply (erule ax_derivs.Init)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1081	apply (simp (no_asm_simp))
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1082	apply assumption
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1083	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1084
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1085	lemma ax_Init_Skip_lemma:
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1086	"\<forall>l. G,(A::'a triple set)\<turnstile>{P\<leftarrow>\<diamondsuit> \<and>. (\<lambda>s. l = locals (store s)) ;. set_lvars l'}
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1087	.Skip. {(set_lvars l .; P)::'a assn}"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1088	apply (rule allI)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1089	apply (rule ax_SkipI)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1090	apply clarsimp
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1091	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1092
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1093	lemma ax_triv_InitS: "\<lbrakk>the (class G C) = c;init c = Skip; C \<noteq> Object;
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1094	P\<leftarrow>\<diamondsuit> \<Rightarrow> (supd (init_class_obj G C) .; P);
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1095	G,A\<turnstile>{Normal (P \<and>. initd C)} .Init (super c). {(P \<and>. initd C)\<leftarrow>\<diamondsuit>}\<rbrakk> \<Longrightarrow>
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1096	G,(A::'a triple set)\<turnstile>{Normal P\<leftarrow>\<diamondsuit>} .Init C. {(P \<and>. initd C)::'a assn}"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1097	apply (rule_tac C = "initd C" in ax_cases)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1098	apply (rule conseq1, rule ax_derivs.Done, clarsimp)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1099	apply (simp (no_asm))
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1100	apply (erule (1) ax_InitS)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1101	apply simp
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1102	apply (rule ax_Init_Skip_lemma)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1103	apply (erule conseq1)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1104	apply force
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1105	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1106
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1107	lemma ax_Init_Object: "wf_prog G \<Longrightarrow> G,(A::'a triple set)\<turnstile>
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1108	{Normal ((supd (init_class_obj G Object) .; P\<leftarrow>\<diamondsuit>) \<and>. Not \<circ> initd Object)}
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1109	.Init Object. {(P \<and>. initd Object)::'a assn}"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1110	apply (rule ax_derivs.Init)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1111	apply (drule class_Object, force)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1112	apply (simp_all (no_asm))
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1113	apply (rule_tac [2] ax_Init_Skip_lemma)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1114	apply (rule ax_SkipI, force)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1115	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1116
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1117	lemma ax_triv_Init_Object: "\<lbrakk>wf_prog G;
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1118	(P::'a assn) \<Rightarrow> (supd (init_class_obj G Object) .; P)\<rbrakk> \<Longrightarrow>
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1119	G,(A::'a triple set)\<turnstile>{Normal P\<leftarrow>\<diamondsuit>} .Init Object. {P \<and>. initd Object}"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1120	apply (rule_tac C = "initd Object" in ax_cases)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1121	apply (rule conseq1, rule ax_derivs.Done, clarsimp)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1122	apply (erule ax_Init_Object [THEN conseq1])
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1123	apply force
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1124	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1125
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1126
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1127	section "introduction rules for Alloc and SXAlloc"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1128
13688 a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	1129	lemma ax_SXAlloc_Normal:
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	1130	"G,(A::'a triple set)\<turnstile>{P::'a assn} .c. {Normal Q}
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	1131	\<Longrightarrow> G,A\<turnstile>{P} .c. {SXAlloc G Q}"
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1132	apply (erule conseq2)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1133	apply (clarsimp elim!: sxalloc_elim_cases simp add: split_tupled_all)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1134	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1135
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1136	lemma ax_Alloc:
13688 a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	1137	"G,(A::'a triple set)\<turnstile>{P::'a assn} t\<succ>
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	1138	{Normal (\<lambda>Y (x,s) Z. (\<forall>a. new_Addr (heap s) = Some a \<longrightarrow>
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	1139	Q (Val (Addr a)) (Norm(init_obj G (CInst C) (Heap a) s)) Z)) \<and>.
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	1140	heap_free (Suc (Suc 0))}
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1141	\<Longrightarrow> G,A\<turnstile>{P} t\<succ> {Alloc G (CInst C) Q}"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1142	apply (erule conseq2)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1143	apply (auto elim!: halloc_elim_cases)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1144	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1145
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1146	lemma ax_Alloc_Arr:
13688 a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	1147	"G,(A::'a triple set)\<turnstile>{P::'a assn} t\<succ>
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	1148	{\<lambda>Val:i:. Normal (\<lambda>Y (x,s) Z. \<not>the_Intg i<0 \<and>
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	1149	(\<forall>a. new_Addr (heap s) = Some a \<longrightarrow>
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	1150	Q (Val (Addr a)) (Norm (init_obj G (Arr T (the_Intg i)) (Heap a) s)) Z)) \<and>.
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	1151	heap_free (Suc (Suc 0))}
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	1152	\<Longrightarrow>
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1153	G,A\<turnstile>{P} t\<succ> {\<lambda>Val:i:. abupd (check_neg i) .; Alloc G (Arr T(the_Intg i)) Q}"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1154	apply (erule conseq2)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1155	apply (auto elim!: halloc_elim_cases)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1156	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1157
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1158	lemma ax_SXAlloc_catch_SXcpt:
13688 a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	1159	"\<lbrakk>G,(A::'a triple set)\<turnstile>{P::'a assn} t\<succ>
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	1160	{(\<lambda>Y (x,s) Z. x=Some (Xcpt (Std xn)) \<and>
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	1161	(\<forall>a. new_Addr (heap s) = Some a \<longrightarrow>
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	1162	Q Y (Some (Xcpt (Loc a)),init_obj G (CInst (SXcpt xn)) (Heap a) s) Z))
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	1163	\<and>. heap_free (Suc (Suc 0))}\<rbrakk>
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	1164	\<Longrightarrow>
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	1165	G,A\<turnstile>{P} t\<succ> {SXAlloc G (\<lambda>Y s Z. Q Y s Z \<and> G,s\<turnstile>catch SXcpt xn)}"
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1166	apply (erule conseq2)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1167	apply (auto elim!: sxalloc_elim_cases halloc_elim_cases)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1168	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1169
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1170	end

author	haftmann
	Fri, 11 Jun 2010 17:14:02 +0200
changeset 37407	61dd8c145da7
parent 35431	8758fe1fc9f8
child 37956	ee939247b2fb
permissions	-rw-r--r--