|
8245
|
1 |
(* Title: HOL/MicroJava/BV/BVLcorrect.ML
|
|
|
2 |
ID: $Id$
|
|
|
3 |
Author: Gerwin Klein
|
|
|
4 |
Copyright 1999 Technische Universitaet Muenchen
|
|
|
5 |
*)
|
|
|
6 |
|
|
|
7 |
|
|
|
8 |
Goalw[fits_def,fits_partial_def] "fits_partial phi 0 is G rT s0 s2 cert = fits phi is G rT s0 s2 cert";
|
|
|
9 |
by (Simp_tac 1);
|
|
|
10 |
qed "fits_eq_fits_partial";
|
|
|
11 |
|
|
|
12 |
|
|
|
13 |
Goal "\\<exists> l. n = length l";
|
|
|
14 |
by (induct_tac "n" 1);
|
|
|
15 |
by Auto_tac;
|
|
|
16 |
by (res_inst_tac [("x","x#l")] exI 1);
|
|
|
17 |
by (Simp_tac 1);
|
|
|
18 |
qed "exists_list";
|
|
|
19 |
|
|
|
20 |
|
|
|
21 |
Goal "\\<forall> s0 pc. wtl_inst_list is G rT s0 s2 cert (pc+length is) pc \
|
|
|
22 |
\ \\<longrightarrow> (\\<exists> phi. pc + length is = length phi \\<and> fits_partial phi pc is G rT s0 s2 cert)";
|
|
|
23 |
by (induct_tac "is" 1);
|
|
|
24 |
by (asm_full_simp_tac (simpset() addsimps [fits_partial_def, exists_list]) 1);
|
|
|
25 |
by (Clarify_tac 1);
|
|
|
26 |
by (Asm_full_simp_tac 1);
|
|
|
27 |
by (Clarify_tac 1);
|
|
|
28 |
by (eres_inst_tac [("x","ab")] allE 1);
|
|
|
29 |
by (eres_inst_tac [("x","ba")] allE 1);
|
|
|
30 |
by (eres_inst_tac [("x","Suc pc")] allE 1);
|
|
|
31 |
by (Asm_full_simp_tac 1);
|
|
|
32 |
by (Clarify_tac 1);
|
|
|
33 |
by (exhaust_tac "cert ! pc" 1);
|
|
|
34 |
by (res_inst_tac [("x","phi[pc:=(aa, b)]")] exI 1);
|
|
|
35 |
by (asm_full_simp_tac (simpset() addsimps [fits_partial_def]) 1);
|
|
|
36 |
by (Clarify_tac 1);
|
|
|
37 |
by (exhaust_tac "ac" 1);
|
|
|
38 |
by (Asm_full_simp_tac 1);
|
|
|
39 |
by (Asm_full_simp_tac 1);
|
|
|
40 |
by (Clarify_tac 1);
|
|
|
41 |
by (eres_inst_tac [("x","lista")] allE 1);
|
|
|
42 |
by (eres_inst_tac [("x","bb")] allE 1);
|
|
|
43 |
by (eres_inst_tac [("x","i")] allE 1);
|
|
|
44 |
by (Asm_full_simp_tac 1);
|
|
|
45 |
by (datac wtl_inst_option_unique 1 1);
|
|
|
46 |
by (Asm_full_simp_tac 1);
|
|
|
47 |
by (smp_tac 2 1);
|
|
|
48 |
be impE 1;
|
|
|
49 |
by (Force_tac 1);
|
|
|
50 |
ba 1;
|
|
|
51 |
by (res_inst_tac [("x","phi[pc:=ac]")] exI 1);
|
|
|
52 |
by (asm_full_simp_tac (simpset() addsimps [fits_partial_def]) 1);
|
|
|
53 |
by (Clarify_tac 1);
|
|
|
54 |
by (exhaust_tac "ad" 1);
|
|
|
55 |
by (Asm_full_simp_tac 1);
|
|
|
56 |
by (Asm_full_simp_tac 1);
|
|
|
57 |
by (Clarify_tac 1);
|
|
|
58 |
by (eres_inst_tac [("x","lista")] allE 1);
|
|
|
59 |
by (eres_inst_tac [("x","bc")] allE 1);
|
|
|
60 |
by (eres_inst_tac [("x","i")] allE 1);
|
|
|
61 |
by (Asm_full_simp_tac 1);
|
|
|
62 |
by (datac wtl_inst_option_unique 1 1);
|
|
|
63 |
by (Asm_full_simp_tac 1);
|
|
|
64 |
by (smp_tac 2 1);
|
|
|
65 |
be impE 1;
|
|
|
66 |
by (Force_tac 1);
|
|
|
67 |
ba 1;
|
|
|
68 |
bind_thm ("exists_phi_partial", result() RS spec RS spec);
|
|
|
69 |
|
|
|
70 |
|
|
|
71 |
Goal "wtl_inst_list is G rT s0 s2 cert (length is) 0 \\<Longrightarrow> \\<exists> phi. fits phi is G rT s0 s2 cert";
|
|
|
72 |
by (cut_inst_tac [("is","is"),("G","G"),("rT","rT"),("s2.0","s2"),("x","0"),("xa","s0"),("cert","cert")] exists_phi_partial 1);
|
|
|
73 |
by (asm_full_simp_tac (simpset() addsimps [fits_eq_fits_partial]) 1);
|
|
|
74 |
by (Force_tac 1);
|
|
|
75 |
qed "exists_phi";
|
|
|
76 |
|
|
|
77 |
|
|
|
78 |
Goal "\\<lbrakk>wtl_inst_list is G rT s0 s3 cert (length is) 0; \
|
|
|
79 |
\fits phi is G rT s0 s3 cert\\<rbrakk> \\<Longrightarrow> \
|
|
|
80 |
\ \\<forall> pc t. pc < length is \\<longrightarrow> (cert ! pc) = Some t \\<longrightarrow> (phi ! pc) = t";
|
|
|
81 |
by (Clarify_tac 1);
|
|
|
82 |
by (forward_tac [wtl_partial] 1);
|
|
|
83 |
ba 1;
|
|
|
84 |
by (Clarify_tac 1);
|
|
|
85 |
by (asm_full_simp_tac (simpset() addsimps [fits_def,neq_Nil_conv]) 1);
|
|
|
86 |
by (Clarify_tac 1);
|
|
|
87 |
by (eres_inst_tac [("x","aa")] allE 1);
|
|
|
88 |
by (eres_inst_tac [("x","ys")] allE 1);
|
|
|
89 |
by (eres_inst_tac [("x","y")] allE 1);
|
|
|
90 |
by (Asm_full_simp_tac 1);
|
|
|
91 |
qed "fits_lemma1";
|
|
|
92 |
|
|
|
93 |
|
|
|
94 |
Goal "\\<lbrakk>wtl_inst_list a G rT s0 s1 cert (length (a@i#b)) 0; \
|
|
|
95 |
\ wtl_inst_option i G rT s1 s2 cert (length (a@i#b)) (length a); \
|
|
|
96 |
\ wtl_inst_list b G rT s2 s3 cert (length (a@i#b)) (Suc (length a)); \
|
|
|
97 |
\ fits phi (a@i#b) G rT s0 s3 cert \\<rbrakk> \\<Longrightarrow> \
|
|
|
98 |
\ b \\<noteq> [] \\<longrightarrow> G \\<turnstile> s2 <=s (phi ! (Suc (length a)))";
|
|
|
99 |
by (forward_tac [wtl_append] 1);
|
|
|
100 |
ba 1;
|
|
|
101 |
ba 1;
|
|
|
102 |
by (exhaust_tac "b=[]" 1);
|
|
|
103 |
by (Asm_full_simp_tac 1);
|
|
|
104 |
by (asm_full_simp_tac (simpset() addsimps [neq_Nil_conv]) 1);
|
|
|
105 |
by (Clarify_tac 1);
|
|
|
106 |
by (Asm_full_simp_tac 1);
|
|
|
107 |
by (Clarify_tac 1);
|
|
|
108 |
by (exhaust_tac "cert!(Suc (length a))" 1);
|
|
|
109 |
by (asm_full_simp_tac (simpset() addsimps [fits_def]) 1);
|
|
|
110 |
by (eres_inst_tac [("x","a@[i]")] allE 1);
|
|
|
111 |
by (eres_inst_tac [("x","ys")] allE 1);
|
|
|
112 |
by (eres_inst_tac [("x","y")] allE 1);
|
|
|
113 |
by (Asm_full_simp_tac 1);
|
|
|
114 |
by (pair_tac "s2" 1);
|
|
|
115 |
by (smp_tac 2 1);
|
|
|
116 |
be impE 1;
|
|
|
117 |
by (Force_tac 1);
|
|
|
118 |
by (Asm_full_simp_tac 1);
|
|
|
119 |
by (asm_full_simp_tac (simpset() addsimps [fits_def]) 1);
|
|
|
120 |
by (eres_inst_tac [("x","a@[i]")] allE 1);
|
|
|
121 |
by (eres_inst_tac [("x","ys")] allE 1);
|
|
|
122 |
by (eres_inst_tac [("x","y")] allE 1);
|
|
|
123 |
by (Asm_full_simp_tac 1);
|
|
|
124 |
by (pair_tac "s2" 1);
|
|
|
125 |
by (smp_tac 2 1);
|
|
|
126 |
by (Clarify_tac 1);
|
|
|
127 |
be impE 1;
|
|
|
128 |
by (Force_tac 1);
|
|
|
129 |
by (asm_full_simp_tac (simpset() addsimps [wtl_inst_option_def]) 1);
|
|
|
130 |
qed "wtl_suc_pc";
|
|
|
131 |
|
|
|
132 |
|
|
|
133 |
Goalw[fits_def] "\\<lbrakk>wtl_inst_list a G rT s0 s1 cert (length (a@i#b)) 0; \
|
|
|
134 |
\ wtl_inst_option i G rT s1 s2 cert (length (a@i#b)) (length a); \
|
|
|
135 |
\ fits phi (a@i#b) G rT s0 s3 cert; cert!(length a) = None; \
|
|
|
136 |
\ wtl_inst_list b G rT s2 s3 cert (length (a@i#b)) (Suc (length a))\\<rbrakk> \
|
|
|
137 |
\ \\<Longrightarrow> phi!(length a) = s1";
|
|
|
138 |
by (eres_inst_tac [("x","a")] allE 1);
|
|
|
139 |
by (eres_inst_tac [("x","b")] allE 1);
|
|
|
140 |
by (eres_inst_tac [("x","i")] allE 1);
|
|
|
141 |
by (eres_inst_tac [("x","s1")] allE 1);
|
|
|
142 |
by (Asm_full_simp_tac 1);
|
|
|
143 |
be impE 1;
|
|
|
144 |
by (pair_tac "s2" 1);
|
|
|
145 |
by (Force_tac 1);
|
|
|
146 |
ba 1;
|
|
|
147 |
qed "fits_lemma2";
|
|
|
148 |
|
|
|
149 |
|
|
|
150 |
fun ls g1 g2 = if g1 > g2 then ls g2 g1
|
|
|
151 |
else if g1 = g2 then [g1]
|
|
|
152 |
else g2::(ls g1 (g2-1))
|
|
|
153 |
fun GOALS t g1 g2 = EVERY (map t (ls g1 g2));
|
|
|
154 |
|
|
|
155 |
Goal "is=(i1@i#i2) \\<longrightarrow> wtl_inst_list (i1@i#i2) G rT s0 s3 cert (length is) 0 \\<longrightarrow> \
|
|
|
156 |
\ wtl_inst_list i1 G rT s0 s1 cert (length is) 0 \\<longrightarrow> \
|
|
|
157 |
\ wtl_inst_option i G rT s1 s2 cert (length is) (length i1) \\<longrightarrow> \
|
|
|
158 |
\ wtl_inst_list i2 G rT s2 s3 cert (length is) (Suc (length i1)) \\<longrightarrow> \
|
|
|
159 |
\ fits phi (i1@i#i2) G rT s0 s3 cert \\<longrightarrow> \
|
|
|
160 |
\ wt_instr i G rT phi (length is) (length i1)";
|
|
|
161 |
by (Clarify_tac 1);
|
|
|
162 |
by (forward_tac [wtl_suc_pc] 1);
|
|
|
163 |
by (TRYALL atac);
|
|
|
164 |
by (forward_tac [fits_lemma1] 1);
|
|
|
165 |
ba 1;
|
|
|
166 |
by (exhaust_tac "cert!(length i1)" 1);
|
|
|
167 |
by (forward_tac [fits_lemma2] 1);
|
|
|
168 |
by (TRYALL atac);
|
|
|
169 |
by (exhaust_tac "i" 1);
|
|
|
170 |
by (exhaust_tac "check_object" 4);
|
|
|
171 |
by (exhaust_tac "manipulate_object" 3);
|
|
|
172 |
by (exhaust_tac "create_object" 2);
|
|
|
173 |
by (exhaust_tac "load_and_store" 1);
|
|
|
174 |
by (GOALS (force_tac (claset(),
|
|
|
175 |
simpset() addsimps [wt_instr_def,wtl_inst_option_def])) 1 8);
|
|
|
176 |
by (exhaust_tac "meth_inv" 1);
|
|
|
177 |
by (thin_tac "\\<forall>pc t.\
|
|
|
178 |
\ pc < length (i1 @ i # i2) \\<longrightarrow> \
|
|
|
179 |
\ cert ! pc = Some t \\<longrightarrow> phi ! pc = t" 1);
|
|
|
180 |
by (force_tac (claset(), simpset() addsimps [wt_instr_def,wtl_inst_option_def]) 1);
|
|
|
181 |
by (exhaust_tac "meth_ret" 1);
|
|
|
182 |
by (asm_full_simp_tac (simpset() addsimps [wt_instr_def,wtl_inst_option_def]) 1);
|
|
|
183 |
by (exhaust_tac "branch" 2);
|
|
|
184 |
by (exhaust_tac "op_stack" 1);
|
|
|
185 |
by (GOALS (asm_full_simp_tac (simpset() addsimps [wt_instr_def,wtl_inst_option_def])
|
|
|
186 |
THEN_MAYBE' Force_tac) 1 7);
|
|
|
187 |
by (forw_inst_tac [("x","length i1")] spec 1);
|
|
|
188 |
by (eres_inst_tac [("x","a")] allE 1);
|
|
|
189 |
by (exhaust_tac "i" 1);
|
|
|
190 |
by (exhaust_tac "check_object" 4);
|
|
|
191 |
by (exhaust_tac "manipulate_object" 3);
|
|
|
192 |
by (exhaust_tac "create_object" 2);
|
|
|
193 |
by (exhaust_tac "load_and_store" 1);
|
|
|
194 |
by (GOALS (asm_full_simp_tac (simpset() addsimps [wt_instr_def,wtl_inst_option_def])
|
|
|
195 |
THEN' Force_tac) 1 8);
|
|
|
196 |
by (exhaust_tac "meth_inv" 1);
|
|
|
197 |
by (thin_tac "\\<forall>pc t.\
|
|
|
198 |
\ pc < length (i1 @ i # i2) \\<longrightarrow> \
|
|
|
199 |
\ cert ! pc = Some t \\<longrightarrow> phi ! pc = t" 1);
|
|
|
200 |
by (force_tac (claset(), simpset() addsimps [wt_instr_def,wtl_inst_option_def]) 1);
|
|
|
201 |
by (exhaust_tac "branch" 3);
|
|
|
202 |
by (exhaust_tac "op_stack" 2);
|
|
|
203 |
by (exhaust_tac "meth_ret" 1);
|
|
|
204 |
by (GOALS (asm_full_simp_tac (simpset() addsimps [wt_instr_def,wtl_inst_option_def])
|
|
|
205 |
THEN_MAYBE' Force_tac) 1 8);
|
|
|
206 |
qed "wtl_lemma";
|
|
|
207 |
|
|
|
208 |
Goal "\\<lbrakk>wtl_inst_list is G rT s0 s2 cert (length is) 0; \
|
|
|
209 |
\ fits phi is G rT s0 s2 cert\\<rbrakk> \
|
|
|
210 |
\ \\<Longrightarrow> \\<forall>pc. pc < length is \\<longrightarrow> wt_instr (is ! pc) G rT phi (length is) pc";
|
|
|
211 |
by (Clarify_tac 1);
|
|
|
212 |
by (forward_tac [wtl_partial] 1);
|
|
|
213 |
ba 1;
|
|
|
214 |
by (Clarify_tac 1);
|
|
|
215 |
by (asm_full_simp_tac (simpset() addsimps [neq_Nil_conv]) 1);
|
|
|
216 |
by (Clarify_tac 1);
|
|
|
217 |
by (Asm_full_simp_tac 1);
|
|
|
218 |
by (Clarify_tac 1);
|
|
|
219 |
by (cut_inst_tac [("is","a@y#ys"),("i1.0","a"),("i2.0","ys"),("i","y"),("G","G"),("rT","rT"),("s0.0","s0"),("cert","cert"),("phi","phi"),("s1.0","(aa,ba)"),("s2.0","(ab,b)"),("s3.0","s2")] wtl_lemma 1);
|
|
|
220 |
by (asm_full_simp_tac (simpset() addsimps [nth_append]) 1);
|
|
|
221 |
qed "wtl_fits_wt";
|
|
|
222 |
|
|
|
223 |
|
|
|
224 |
Goal "wtl_inst_list is G rT s0 s2 cert (length is) 0 \\<Longrightarrow> \
|
|
|
225 |
\ \\<exists> phi. \\<forall>pc. pc < length is \\<longrightarrow> wt_instr (is ! pc) G rT phi (length is) pc";
|
|
|
226 |
by (forward_tac [exists_phi] 1);
|
|
|
227 |
by (Clarify_tac 1);
|
|
|
228 |
by (forward_tac [wtl_fits_wt] 1);
|
|
|
229 |
ba 1;
|
|
|
230 |
by (Force_tac 1);
|
|
|
231 |
qed "wtl_inst_list_correct";
|
|
|
232 |
|
|
|
233 |
Goalw[fits_def] "\\<lbrakk>is \\<noteq> []; wtl_inst_list is G rT s0 s2 cert (length is) 0; \
|
|
|
234 |
\ fits phi is G rT s0 s2 cert\\<rbrakk> \\<Longrightarrow> G \\<turnstile> s0 <=s phi ! 0";
|
|
|
235 |
by (forw_inst_tac [("pc'","0")] wtl_partial 1);
|
|
|
236 |
by (Asm_full_simp_tac 1);
|
|
|
237 |
by (asm_full_simp_tac (simpset() addsimps [neq_Nil_conv]) 1);
|
|
|
238 |
by (Clarify_tac 1);
|
|
|
239 |
by (Asm_full_simp_tac 1);
|
|
|
240 |
by (Clarify_tac 1);
|
|
|
241 |
by (eres_inst_tac [("x","[]")] allE 1);
|
|
|
242 |
by (eres_inst_tac [("x","ys")] allE 1);
|
|
|
243 |
by (eres_inst_tac [("x","y")] allE 1);
|
|
|
244 |
by (Asm_full_simp_tac 1);
|
|
|
245 |
be impE 1;
|
|
|
246 |
by (Force_tac 1);
|
|
|
247 |
by (exhaust_tac "cert ! 0" 1);
|
|
|
248 |
by (auto_tac (claset(), simpset() addsimps [wtl_inst_option_def]));
|
|
|
249 |
qed "fits_first";
|
|
|
250 |
|
|
|
251 |
|
|
|
252 |
Goal "wtl_method G C pTs rT mxl ins cert \\<Longrightarrow> \\<exists> phi. wt_method G C pTs rT mxl ins phi";
|
|
|
253 |
by (asm_full_simp_tac (simpset() addsimps [wtl_method_def, wt_method_def, wt_start_def]) 1);
|
|
|
254 |
by (Clarify_tac 1);
|
|
|
255 |
by (forward_tac [exists_phi] 1);
|
|
|
256 |
by (Clarify_tac 1);
|
|
|
257 |
by (forward_tac [wtl_fits_wt] 1);
|
|
|
258 |
ba 1;
|
|
|
259 |
by (res_inst_tac [("x","phi")] exI 1);
|
|
|
260 |
by (auto_tac (claset(), simpset() addsimps [fits_first]));
|
|
|
261 |
qed "wtl_method_correct";
|
|
|
262 |
|
|
|
263 |
Goal "(a,b,c,d)\\<in>set l \\<longrightarrow> unique l \\<longrightarrow> (a',b',c',d') \\<in> set l \\<longrightarrow> a = a' \\<longrightarrow> b=b' \\<and> c=c' \\<and> d=d'";
|
|
|
264 |
by (induct_tac "l" 1);
|
|
|
265 |
by Auto_tac;
|
|
|
266 |
qed_spec_mp "unique_set";
|
|
|
267 |
|
|
|
268 |
Goal "(a,b,c,d)\\<in>set l \\<longrightarrow> unique l \\<longrightarrow> (\\<epsilon> (a',b',c',d'). (a',b',c',d') \\<in> set l \\<and> a'=a) = (a,b,c,d)";
|
|
|
269 |
by (auto_tac (claset(), simpset() addsimps [unique_set]));
|
|
|
270 |
qed_spec_mp "unique_epsilon";
|
|
|
271 |
|
|
|
272 |
Goalw[wtl_jvm_prog_def,wt_jvm_prog_def] "wtl_jvm_prog G cert ==> \\<exists> Phi. wt_jvm_prog G Phi";
|
|
|
273 |
by (asm_full_simp_tac (simpset() addsimps [wf_prog_def, wf_cdecl_def, wf_mdecl_def]) 1);
|
|
|
274 |
by (res_inst_tac [("x",
|
|
|
275 |
"\\<lambda> C sig.\
|
|
|
276 |
\ let (C,x,y,mdecls) = \\<epsilon> (Cl,x,y,mdecls). (Cl,x,y,mdecls) \\<in> set G \\<and> Cl = C in\
|
|
|
277 |
\ let (sig,rT,maxl,b) = \\<epsilon> (sg,rT,maxl,b). (sg,rT,maxl,b) \\<in> set mdecls \\<and> sg = sig in\
|
|
|
278 |
\ \\<epsilon> phi. wt_method G C (snd sig) rT maxl b phi")] exI 1);
|
|
|
279 |
by Safe_tac;
|
|
|
280 |
by (GOALS Force_tac 1 3);
|
|
|
281 |
by (GOALS Force_tac 2 3);
|
|
|
282 |
by (eres_inst_tac [("x","(a, aa, ab, b)")] BallE 1);
|
|
|
283 |
by (Asm_full_simp_tac 1);
|
|
|
284 |
by (Clarify_tac 1);
|
|
|
285 |
by (eres_inst_tac [("x","((ac, ba), ad, ae, bb)")] BallE 1);
|
|
|
286 |
by (Asm_full_simp_tac 1);
|
|
|
287 |
by (Clarify_tac 1);
|
|
|
288 |
bd wtl_method_correct 1;
|
|
|
289 |
by (Clarify_tac 1);
|
|
|
290 |
by (asm_full_simp_tac (simpset() addsimps [unique_epsilon]) 1);
|
|
|
291 |
br selectI 1;
|
|
|
292 |
ba 1;
|
|
|
293 |
qed "wtl_correct";
|
|
|
294 |
|