isabelle: src/HOL/MicroJava/BV/BVNoTypeError.thy@6c907aad90ba (annotated)

42150 b0c0638c4aad tuned headers; wenzelm parents: 33954 diff changeset	1	(* Title: HOL/MicroJava/BV/BVNoTypeError.thy
13633 b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	2	Author: Gerwin Klein
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	3	*)
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	4
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	5	header {* \isaheader{Welltyped Programs produce no Type Errors} *}
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	6
33954 1bc3b688548c backported parts of abstract byte code verifier from AFP/Jinja haftmann parents: 32960 diff changeset	7	theory BVNoTypeError
1bc3b688548c backported parts of abstract byte code verifier from AFP/Jinja haftmann parents: 32960 diff changeset	8	imports "../JVM/JVMDefensive" BVSpecTypeSafe
1bc3b688548c backported parts of abstract byte code verifier from AFP/Jinja haftmann parents: 32960 diff changeset	9	begin
13633 b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	10
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	11	text {*
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	12	Some simple lemmas about the type testing functions of the
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	13	defensive JVM:
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	14	*}
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	15	lemma typeof_NoneD [simp,dest]:
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	16	"typeof (\<lambda>v. None) v = Some x \<Longrightarrow> \<not>isAddr v"
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	17	by (cases v) auto
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	18
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	19	lemma isRef_def2:
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	20	"isRef v = (v = Null \<or> (\<exists>loc. v = Addr loc))"
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	21	by (cases v) (auto simp add: isRef_def)
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	22
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	23	lemma app'Store[simp]:
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	24	"app' (Store idx, G, pc, maxs, rT, (ST,LT)) = (\<exists>T ST'. ST = T#ST' \<and> idx < length LT)"
52998 3295927cf777 tuned proofs; wenzelm parents: 46226 diff changeset	25	by (cases ST) auto
13633 b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	26
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	27	lemma app'GetField[simp]:
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	28	"app' (Getfield F C, G, pc, maxs, rT, (ST,LT)) =
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	29	(\<exists>oT vT ST'. ST = oT#ST' \<and> is_class G C \<and>
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	30	field (G,C) F = Some (C,vT) \<and> G \<turnstile> oT \<preceq> Class C)"
52998 3295927cf777 tuned proofs; wenzelm parents: 46226 diff changeset	31	by (cases ST) auto
13633 b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	32
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	33	lemma app'PutField[simp]:
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	34	"app' (Putfield F C, G, pc, maxs, rT, (ST,LT)) =
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	35	(\<exists>vT vT' oT ST'. ST = vT#oT#ST' \<and> is_class G C \<and>
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	36	field (G,C) F = Some (C, vT') \<and>
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	37	G \<turnstile> oT \<preceq> Class C \<and> G \<turnstile> vT \<preceq> vT')"
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	38	apply rule
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	39	defer
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	40	apply clarsimp
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	41	apply (cases ST)
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	42	apply simp
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	43	apply (cases "tl ST")
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	44	apply auto
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	45	done
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	46
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	47	lemma app'Checkcast[simp]:
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	48	"app' (Checkcast C, G, pc, maxs, rT, (ST,LT)) =
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	49	(\<exists>rT ST'. ST = RefT rT#ST' \<and> is_class G C)"
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	50	apply rule
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	51	defer
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	52	apply clarsimp
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	53	apply (cases ST)
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	54	apply simp
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	55	apply (cases "hd ST")
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	56	defer
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	57	apply simp
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	58	apply simp
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	59	done
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	60
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	61
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	62	lemma app'Pop[simp]:
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	63	"app' (Pop, G, pc, maxs, rT, (ST,LT)) = (\<exists>T ST'. ST = T#ST')"
52998 3295927cf777 tuned proofs; wenzelm parents: 46226 diff changeset	64	by (cases ST) auto
13633 b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	65
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	66
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	67	lemma app'Dup[simp]:
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	68	"app' (Dup, G, pc, maxs, rT, (ST,LT)) =
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	69	(\<exists>T ST'. ST = T#ST' \<and> length ST < maxs)"
52998 3295927cf777 tuned proofs; wenzelm parents: 46226 diff changeset	70	by (cases ST) auto
13633 b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	71
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	72
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	73	lemma app'Dup_x1[simp]:
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	74	"app' (Dup_x1, G, pc, maxs, rT, (ST,LT)) =
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	75	(\<exists>T1 T2 ST'. ST = T1#T2#ST' \<and> length ST < maxs)"
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	76	by (cases ST, simp, cases "tl ST", auto)
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	77
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	78
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	79	lemma app'Dup_x2[simp]:
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	80	"app' (Dup_x2, G, pc, maxs, rT, (ST,LT)) =
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	81	(\<exists>T1 T2 T3 ST'. ST = T1#T2#T3#ST' \<and> length ST < maxs)"
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	82	by (cases ST, simp, cases "tl ST", simp, cases "tl (tl ST)", auto)
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	83
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	84
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	85	lemma app'Swap[simp]:
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	86	"app' (Swap, G, pc, maxs, rT, (ST,LT)) = (\<exists>T1 T2 ST'. ST = T1#T2#ST')"
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	87	by (cases ST, simp, cases "tl ST", auto)
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	88
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	89
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	90	lemma app'IAdd[simp]:
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	91	"app' (IAdd, G, pc, maxs, rT, (ST,LT)) =
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	92	(\<exists>ST'. ST = PrimT Integer#PrimT Integer#ST')"
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	93	apply (cases ST)
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	94	apply simp
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	95	apply simp
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	96	apply (case_tac a)
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	97	apply auto
58263 6c907aad90ba ported MicroJava to new datatypes blanchet parents: 56073 diff changeset	98	apply (rename_tac prim_ty, case_tac prim_ty)
13633 b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	99	apply auto
58263 6c907aad90ba ported MicroJava to new datatypes blanchet parents: 56073 diff changeset	100	apply (rename_tac prim_ty, case_tac prim_ty)
13633 b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	101	apply auto
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	102	apply (case_tac list)
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	103	apply auto
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	104	apply (case_tac a)
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	105	apply auto
58263 6c907aad90ba ported MicroJava to new datatypes blanchet parents: 56073 diff changeset	106	apply (rename_tac prim_ty, case_tac prim_ty)
13633 b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	107	apply auto
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	108	done
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	109
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	110
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	111	lemma app'Ifcmpeq[simp]:
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	112	"app' (Ifcmpeq b, G, pc, maxs, rT, (ST,LT)) =
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	113	(\<exists>T1 T2 ST'. ST = T1#T2#ST' \<and> 0 \<le> b + int pc \<and>
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	114	((\<exists>p. T1 = PrimT p \<and> T1 = T2) \<or>
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	115	(\<exists>r r'. T1 = RefT r \<and> T2 = RefT r')))"
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	116	apply auto
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	117	apply (cases ST)
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	118	apply simp
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	119	apply (cases "tl ST")
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	120	apply (case_tac a)
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	121	apply auto
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	122	done
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	123
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	124
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	125	lemma app'Return[simp]:
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	126	"app' (Return, G, pc, maxs, rT, (ST,LT)) =
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	127	(\<exists>T ST'. ST = T#ST'\<and> G \<turnstile> T \<preceq> rT)"
52998 3295927cf777 tuned proofs; wenzelm parents: 46226 diff changeset	128	by (cases ST) auto
13633 b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	129
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	130
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	131	lemma app'Throw[simp]:
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	132	"app' (Throw, G, pc, maxs, rT, (ST,LT)) =
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	133	(\<exists>ST' r. ST = RefT r#ST')"
52998 3295927cf777 tuned proofs; wenzelm parents: 46226 diff changeset	134	apply (cases ST)
3295927cf777 tuned proofs; wenzelm parents: 46226 diff changeset	135	apply simp
13633 b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	136	apply (cases "hd ST")
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	137	apply auto
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	138	done
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	139
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	140
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	141	lemma app'Invoke[simp]:
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	142	"app' (Invoke C mn fpTs, G, pc, maxs, rT, ST, LT) =
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	143	(\<exists>apTs X ST' mD' rT' b'.
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	144	ST = (rev apTs) @ X # ST' \<and>
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	145	length apTs = length fpTs \<and> is_class G C \<and>
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	146	(\<forall>(aT,fT)\<in>set(zip apTs fpTs). G \<turnstile> aT \<preceq> fT) \<and>
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	147	method (G,C) (mn,fpTs) = Some (mD', rT', b') \<and> G \<turnstile> X \<preceq> Class C)"
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	148	(is "?app ST LT = ?P ST LT")
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	149	proof
55524 f41ef840f09d folded 'list_all2' with the relator generated by 'datatype_new' blanchet parents: 53024 diff changeset	150	assume "?P ST LT" thus "?app ST LT" by (auto simp add: list_all2_iff)
13633 b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	151	next
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	152	assume app: "?app ST LT"
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	153	hence l: "length fpTs < length ST" by simp
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	154	obtain xs ys where xs: "ST = xs @ ys" "length xs = length fpTs"
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	155	proof -
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	156	have "ST = take (length fpTs) ST @ drop (length fpTs) ST" by simp
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	157	moreover from l have "length (take (length fpTs) ST) = length fpTs"
32443 16464c3f86bd tuned proofs nipkow parents: 24340 diff changeset	158	by simp
13633 b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	159	ultimately show ?thesis ..
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	160	qed
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	161	obtain apTs where
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	162	"ST = (rev apTs) @ ys" and "length apTs = length fpTs"
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	163	proof -
23467 d1b97708d5eb tuned proofs -- avoid implicit prems; wenzelm parents: 22271 diff changeset	164	from xs(1) have "ST = rev (rev xs) @ ys" by simp
d1b97708d5eb tuned proofs -- avoid implicit prems; wenzelm parents: 22271 diff changeset	165	then show thesis by (rule that) (simp add: xs(2))
13633 b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	166	qed
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	167	moreover
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	168	from l xs obtain X ST' where "ys = X#ST'" by (auto simp add: neq_Nil_conv)
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	169	ultimately
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	170	have "ST = (rev apTs) @ X # ST'" "length apTs = length fpTs" by auto
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	171	with app
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	172	show "?P ST LT"
55524 f41ef840f09d folded 'list_all2' with the relator generated by 'datatype_new' blanchet parents: 53024 diff changeset	173	apply (clarsimp simp add: list_all2_iff)
52998 3295927cf777 tuned proofs; wenzelm parents: 46226 diff changeset	174	apply (intro exI conjI)
13633 b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	175	apply auto
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	176	done
32443 16464c3f86bd tuned proofs nipkow parents: 24340 diff changeset	177	qed
13633 b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	178
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	179	lemma approx_loc_len [simp]:
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	180	"approx_loc G hp loc LT \<Longrightarrow> length loc = length LT"
55524 f41ef840f09d folded 'list_all2' with the relator generated by 'datatype_new' blanchet parents: 53024 diff changeset	181	by (simp add: approx_loc_def list_all2_iff)
13633 b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	182
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	183	lemma approx_stk_len [simp]:
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	184	"approx_stk G hp stk ST \<Longrightarrow> length stk = length ST"
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	185	by (simp add: approx_stk_def)
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	186
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	187	lemma isRefI [intro, simp]: "G,hp \<turnstile> v ::\<preceq> RefT T \<Longrightarrow> isRef v"
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	188	apply (drule conf_RefTD)
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	189	apply (auto simp add: isRef_def)
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	190	done
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	191
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	192	lemma isIntgI [intro, simp]: "G,hp \<turnstile> v ::\<preceq> PrimT Integer \<Longrightarrow> isIntg v"
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	193	apply (unfold conf_def)
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	194	apply auto
22271 51a80e238b29 Adapted to new inductive definition package. berghofe parents: 18551 diff changeset	195	apply (erule widen.cases)
13633 b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	196	apply auto
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	197	apply (cases v)
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	198	apply auto
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	199	done
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	200
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	201	lemma list_all2_approx:
52998 3295927cf777 tuned proofs; wenzelm parents: 46226 diff changeset	202	"list_all2 (approx_val G hp) s (map OK S) = list_all2 (conf G hp) s S"
3295927cf777 tuned proofs; wenzelm parents: 46226 diff changeset	203	apply (induct S arbitrary: s)
13633 b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	204	apply (auto simp add: list_all2_Cons2 approx_val_def)
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	205	done
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	206
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	207	lemma list_all2_conf_widen:
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	208	"wf_prog mb G \<Longrightarrow>
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	209	list_all2 (conf G hp) a b \<Longrightarrow>
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	210	list_all2 (\<lambda>x y. G \<turnstile> x \<preceq> y) b c \<Longrightarrow>
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	211	list_all2 (conf G hp) a c"
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	212	apply (rule list_all2_trans)
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	213	defer
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	214	apply assumption
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	215	apply assumption
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	216	apply (drule conf_widen, assumption+)
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	217	done
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	218
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	219
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	220	text {*
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	221	The main theorem: welltyped programs do not produce type errors if they
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	222	are started in a conformant state.
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	223	*}
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	224	theorem no_type_error:
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	225	assumes welltyped: "wt_jvm_prog G Phi" and conforms: "G,Phi \<turnstile>JVM s \<surd>"
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	226	shows "exec_d G (Normal s) \<noteq> TypeError"
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	227	proof -
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	228	from welltyped obtain mb where wf: "wf_prog mb G" by (fast dest: wt_jvm_progD)
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	229
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	230	obtain xcp hp frs where s [simp]: "s = (xcp, hp, frs)" by (cases s)
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	231
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	232	from conforms have "xcp \<noteq> None \<or> frs = [] \<Longrightarrow> check G s"
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	233	by (unfold correct_state_def check_def) auto
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	234	moreover {
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	235	assume "\<not>(xcp \<noteq> None \<or> frs = [])"
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	236	then obtain stk loc C sig pc frs' where
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	237	xcp [simp]: "xcp = None" and
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	238	frs [simp]: "frs = (stk,loc,C,sig,pc)#frs'"
56073 29e308b56d23 enhanced simplifier solver for preconditions of rewrite rule, can now deal with conjunctions nipkow parents: 55524 diff changeset	239	by (clarsimp simp add: neq_Nil_conv)
13633 b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	240
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	241	from conforms obtain ST LT rT maxs maxl ins et where
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	242	hconf: "G \<turnstile>h hp \<surd>" and
18551 be0705186ff5 class now an keyword, quoted where necessary haftmann parents: 16417 diff changeset	243	"class": "is_class G C" and
13633 b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	244	meth: "method (G, C) sig = Some (C, rT, maxs, maxl, ins, et)" and
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	245	phi: "Phi C sig ! pc = Some (ST,LT)" and
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	246	frame: "correct_frame G hp (ST,LT) maxl ins (stk,loc,C,sig,pc)" and
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	247	frames: "correct_frames G hp Phi rT sig frs'"
56073 29e308b56d23 enhanced simplifier solver for preconditions of rewrite rule, can now deal with conjunctions nipkow parents: 55524 diff changeset	248	by (auto simp add: correct_state_def)
13633 b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	249
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	250	from frame obtain
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	251	stk: "approx_stk G hp stk ST" and
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	252	loc: "approx_loc G hp loc LT" and
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	253	pc: "pc < length ins" and
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	254	len: "length loc = length (snd sig) + maxl + 1"
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	255	by (auto simp add: correct_frame_def)
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	256
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	257	note approx_val_def [simp]
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	258
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	259	from welltyped meth conforms
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	260	have "wt_instr (ins!pc) G rT (Phi C sig) maxs (length ins) et pc"
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	261	by simp (rule wt_jvm_prog_impl_wt_instr_cor)
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	262	then obtain
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	263	app': "app (ins!pc) G maxs rT pc et (Phi C sig!pc) " and
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	264	eff: "\<forall>(pc', s')\<in>set (eff (ins ! pc) G pc et (Phi C sig ! pc)). pc' < length ins"
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	265	by (simp add: wt_instr_def phi) blast
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	266
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	267	from eff
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	268	have pc': "\<forall>pc' \<in> set (succs (ins!pc) pc). pc' < length ins"
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	269	by (simp add: eff_def) blast
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	270
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	271	from app' phi
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	272	have app:
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	273	"xcpt_app (ins!pc) G pc et \<and> app' (ins!pc, G, pc, maxs, rT, (ST,LT))"
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	274	by (clarsimp simp add: app_def)
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	275
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	276	with eff stk loc pc'
13822 bb5eda7416e5 check maxs in defensive machine kleing parents: 13678 diff changeset	277	have "check_instr (ins!pc) G hp stk loc C sig pc maxs frs'"
13633 b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	278	proof (cases "ins!pc")
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	279	case (Getfield F C)
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	280	with app stk loc phi obtain v vT stk' where
18551 be0705186ff5 class now an keyword, quoted where necessary haftmann parents: 16417 diff changeset	281	"class": "is_class G C" and
13633 b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	282	field: "field (G, C) F = Some (C, vT)" and
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	283	stk: "stk = v # stk'" and
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	284	conf: "G,hp \<turnstile> v ::\<preceq> Class C"
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	285	apply clarsimp
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	286	apply (blast dest: conf_widen [OF wf])
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	287	done
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	288	from conf have isRef: "isRef v" ..
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	289	moreover {
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	290	assume "v \<noteq> Null"
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	291	with conf field isRef wf
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	292	have "\<exists>D vs. hp (the_Addr v) = Some (D,vs) \<and> G \<turnstile> D \<preceq>C C"
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	293	by (auto dest!: non_np_objD)
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	294	}
18551 be0705186ff5 class now an keyword, quoted where necessary haftmann parents: 16417 diff changeset	295	ultimately show ?thesis using Getfield field "class" stk hconf wf
13633 b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	296	apply clarsimp
46226 e88e980ed735 tuned proofs; wenzelm parents: 44890 diff changeset	297	apply (fastforce dest!: hconfD widen_cfs_fields oconf_objD)
13633 b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	298	done
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	299	next
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	300	case (Putfield F C)
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	301	with app stk loc phi obtain v ref vT stk' where
18551 be0705186ff5 class now an keyword, quoted where necessary haftmann parents: 16417 diff changeset	302	"class": "is_class G C" and
13633 b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	303	field: "field (G, C) F = Some (C, vT)" and
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	304	stk: "stk = v # ref # stk'" and
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	305	confv: "G,hp \<turnstile> v ::\<preceq> vT" and
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	306	confr: "G,hp \<turnstile> ref ::\<preceq> Class C"
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	307	apply clarsimp
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	308	apply (blast dest: conf_widen [OF wf])
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	309	done
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	310	from confr have isRef: "isRef ref" ..
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	311	moreover {
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	312	assume "ref \<noteq> Null"
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	313	with confr field isRef wf
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	314	have "\<exists>D vs. hp (the_Addr ref) = Some (D,vs) \<and> G \<turnstile> D \<preceq>C C"
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	315	by (auto dest: non_np_objD)
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	316	}
18551 be0705186ff5 class now an keyword, quoted where necessary haftmann parents: 16417 diff changeset	317	ultimately show ?thesis using Putfield field "class" stk confv
13633 b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	318	by clarsimp
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	319	next
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	320	case (Invoke C mn ps)
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	321	with app
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	322	obtain apTs X ST' where
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	323	ST: "ST = rev apTs @ X # ST'" and
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	324	ps: "length apTs = length ps" and
22271 51a80e238b29 Adapted to new inductive definition package. berghofe parents: 18551 diff changeset	325	w: "\<forall>(x, y)\<in>set (zip apTs ps). G \<turnstile> x \<preceq> y" and
13633 b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	326	C: "G \<turnstile> X \<preceq> Class C" and
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	327	mth: "method (G, C) (mn, ps) \<noteq> None"
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	328	by (simp del: app'.simps) blast
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	329
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	330	from ST stk
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	331	obtain aps x stk' where
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	332	stk': "stk = aps @ x # stk'" and
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	333	aps: "approx_stk G hp aps (rev apTs)" and
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	334	x: "G,hp \<turnstile> x ::\<preceq> X" and
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	335	l: "length aps = length apTs"
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	336	by (auto dest!: approx_stk_append)
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	337
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	338	from stk' l ps
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	339	have [simp]: "stk!length ps = x" by (simp add: nth_append)
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	340	from stk' l ps
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	341	have [simp]: "take (length ps) stk = aps" by simp
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	342	from w ps
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	343	have widen: "list_all2 (\<lambda>x y. G \<turnstile> x \<preceq> y) apTs ps"
55524 f41ef840f09d folded 'list_all2' with the relator generated by 'datatype_new' blanchet parents: 53024 diff changeset	344	by (simp add: list_all2_iff)
13633 b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	345
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	346	from stk' l ps have "length ps < length stk" by simp
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	347	moreover
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	348	from wf x C
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	349	have x: "G,hp \<turnstile> x ::\<preceq> Class C" by (rule conf_widen)
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	350	hence "isRef x" by simp
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	351	moreover
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	352	{ assume "x \<noteq> Null"
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	353	with x
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	354	obtain D fs where
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	355	hp: "hp (the_Addr x) = Some (D,fs)" and
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	356	D: "G \<turnstile> D \<preceq>C C"
56073 29e308b56d23 enhanced simplifier solver for preconditions of rewrite rule, can now deal with conjunctions nipkow parents: 55524 diff changeset	357	by - (drule non_npD, assumption, clarsimp)
13633 b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	358	hence "hp (the_Addr x) \<noteq> None" (is ?P1) by simp
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	359	moreover
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	360	from wf mth hp D
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	361	have "method (G, cname_of hp x) (mn, ps) \<noteq> None" (is ?P2)
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	362	by (auto dest: subcls_widen_methd)
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	363	moreover
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	364	from aps have "list_all2 (conf G hp) aps (rev apTs)"
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	365	by (simp add: list_all2_approx approx_stk_def approx_loc_def)
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	366	hence "list_all2 (conf G hp) (rev aps) (rev (rev apTs))"
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	367	by (simp only: list_all2_rev)
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	368	hence "list_all2 (conf G hp) (rev aps) apTs" by simp
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	369	with wf widen
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	370	have "list_all2 (conf G hp) (rev aps) ps" (is ?P3)
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	371	by - (rule list_all2_conf_widen)
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	372	ultimately
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	373	have "?P1 \<and> ?P2 \<and> ?P3" by blast
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	374	}
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	375	moreover
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	376	note Invoke
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	377	ultimately
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	378	show ?thesis by simp
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	379	next
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	380	case Return with stk app phi meth frames
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	381	show ?thesis
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	382	apply clarsimp
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	383	apply (drule conf_widen [OF wf], assumption)
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	384	apply (clarsimp simp add: neq_Nil_conv isRef_def2)
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	385	done
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	386	qed auto
13822 bb5eda7416e5 check maxs in defensive machine kleing parents: 13678 diff changeset	387	hence "check G s" by (simp add: check_def meth pc)
13633 b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	388	} ultimately
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	389	have "check G s" by blast
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	390	thus "exec_d G (Normal s) \<noteq> TypeError" ..
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	391	qed
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	392
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	393
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	394	text {*
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	395	The theorem above tells us that, in welltyped programs, the
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	396	defensive machine reaches the same result as the aggressive
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	397	one (after arbitrarily many steps).
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	398	*}
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	399	theorem welltyped_aggressive_imp_defensive:
53024 e0968e1f6fe9 more symbolic notation; wenzelm parents: 52998 diff changeset	400	"wt_jvm_prog G Phi \<Longrightarrow> G,Phi \<turnstile>JVM s \<surd> \<Longrightarrow> G \<turnstile> s \<midarrow>jvm\<rightarrow> t
e0968e1f6fe9 more symbolic notation; wenzelm parents: 52998 diff changeset	401	\<Longrightarrow> G \<turnstile> (Normal s) \<midarrow>jvmd\<rightarrow> (Normal t)"
13633 b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	402	apply (unfold exec_all_def)
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	403	apply (erule rtrancl_induct)
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	404	apply (simp add: exec_all_d_def)
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	405	apply simp
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	406	apply (fold exec_all_def)
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	407	apply (frule BV_correct, assumption+)
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	408	apply (drule no_type_error, assumption, drule no_type_error_commutes, simp)
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	409	apply (simp add: exec_all_d_def)
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	410	apply (rule rtrancl_trans, assumption)
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	411	apply blast
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	412	done
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	413
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	414
13822 bb5eda7416e5 check maxs in defensive machine kleing parents: 13678 diff changeset	415	lemma neq_TypeError_eq [simp]: "s \<noteq> TypeError = (\<exists>s'. s = Normal s')"
bb5eda7416e5 check maxs in defensive machine kleing parents: 13678 diff changeset	416	by (cases s, auto)
bb5eda7416e5 check maxs in defensive machine kleing parents: 13678 diff changeset	417
bb5eda7416e5 check maxs in defensive machine kleing parents: 13678 diff changeset	418	theorem no_type_errors:
bb5eda7416e5 check maxs in defensive machine kleing parents: 13678 diff changeset	419	"wt_jvm_prog G Phi \<Longrightarrow> G,Phi \<turnstile>JVM s \<surd>
53024 e0968e1f6fe9 more symbolic notation; wenzelm parents: 52998 diff changeset	420	\<Longrightarrow> G \<turnstile> (Normal s) \<midarrow>jvmd\<rightarrow> t \<Longrightarrow> t \<noteq> TypeError"
13822 bb5eda7416e5 check maxs in defensive machine kleing parents: 13678 diff changeset	421	apply (unfold exec_all_d_def)
bb5eda7416e5 check maxs in defensive machine kleing parents: 13678 diff changeset	422	apply (erule rtrancl_induct)
bb5eda7416e5 check maxs in defensive machine kleing parents: 13678 diff changeset	423	apply simp
bb5eda7416e5 check maxs in defensive machine kleing parents: 13678 diff changeset	424	apply (fold exec_all_d_def)
bb5eda7416e5 check maxs in defensive machine kleing parents: 13678 diff changeset	425	apply (auto dest: defensive_imp_aggressive BV_correct no_type_error)
bb5eda7416e5 check maxs in defensive machine kleing parents: 13678 diff changeset	426	done
bb5eda7416e5 check maxs in defensive machine kleing parents: 13678 diff changeset	427
bb5eda7416e5 check maxs in defensive machine kleing parents: 13678 diff changeset	428	corollary no_type_errors_initial:
bb5eda7416e5 check maxs in defensive machine kleing parents: 13678 diff changeset	429	fixes G ("\<Gamma>") and Phi ("\<Phi>")
23467 d1b97708d5eb tuned proofs -- avoid implicit prems; wenzelm parents: 22271 diff changeset	430	assumes wt: "wt_jvm_prog \<Gamma> \<Phi>"
d1b97708d5eb tuned proofs -- avoid implicit prems; wenzelm parents: 22271 diff changeset	431	assumes is_class: "is_class \<Gamma> C"
d1b97708d5eb tuned proofs -- avoid implicit prems; wenzelm parents: 22271 diff changeset	432	and method: "method (\<Gamma>,C) (m,[]) = Some (C, b)"
d1b97708d5eb tuned proofs -- avoid implicit prems; wenzelm parents: 22271 diff changeset	433	and m: "m \<noteq> init"
13822 bb5eda7416e5 check maxs in defensive machine kleing parents: 13678 diff changeset	434	defines start: "s \<equiv> start_state \<Gamma> C m"
bb5eda7416e5 check maxs in defensive machine kleing parents: 13678 diff changeset	435
53024 e0968e1f6fe9 more symbolic notation; wenzelm parents: 52998 diff changeset	436	assumes s: "\<Gamma> \<turnstile> (Normal s) \<midarrow>jvmd\<rightarrow> t"
13822 bb5eda7416e5 check maxs in defensive machine kleing parents: 13678 diff changeset	437	shows "t \<noteq> TypeError"
bb5eda7416e5 check maxs in defensive machine kleing parents: 13678 diff changeset	438	proof -
23467 d1b97708d5eb tuned proofs -- avoid implicit prems; wenzelm parents: 22271 diff changeset	439	from wt is_class method have "\<Gamma>,\<Phi> \<turnstile>JVM s \<surd>"
d1b97708d5eb tuned proofs -- avoid implicit prems; wenzelm parents: 22271 diff changeset	440	unfolding start by (rule BV_correct_initial)
d1b97708d5eb tuned proofs -- avoid implicit prems; wenzelm parents: 22271 diff changeset	441	from wt this s show ?thesis by (rule no_type_errors)
13822 bb5eda7416e5 check maxs in defensive machine kleing parents: 13678 diff changeset	442	qed
bb5eda7416e5 check maxs in defensive machine kleing parents: 13678 diff changeset	443
13633 b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	444	text {*
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	445	As corollary we get that the aggressive and the defensive machine
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	446	are equivalent for welltyped programs (if started in a conformant
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	447	state or in the canonical start state)
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	448	*}
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	449	corollary welltyped_commutes:
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	450	fixes G ("\<Gamma>") and Phi ("\<Phi>")
23467 d1b97708d5eb tuned proofs -- avoid implicit prems; wenzelm parents: 22271 diff changeset	451	assumes wt: "wt_jvm_prog \<Gamma> \<Phi>" and *: "\<Gamma>,\<Phi> \<turnstile>JVM s \<surd>"
53024 e0968e1f6fe9 more symbolic notation; wenzelm parents: 52998 diff changeset	452	shows "\<Gamma> \<turnstile> (Normal s) \<midarrow>jvmd\<rightarrow> (Normal t) = \<Gamma> \<turnstile> s \<midarrow>jvm\<rightarrow> t"
23467 d1b97708d5eb tuned proofs -- avoid implicit prems; wenzelm parents: 22271 diff changeset	453	apply rule
d1b97708d5eb tuned proofs -- avoid implicit prems; wenzelm parents: 22271 diff changeset	454	apply (erule defensive_imp_aggressive, rule welltyped_aggressive_imp_defensive)
d1b97708d5eb tuned proofs -- avoid implicit prems; wenzelm parents: 22271 diff changeset	455	apply (rule wt)
d1b97708d5eb tuned proofs -- avoid implicit prems; wenzelm parents: 22271 diff changeset	456	apply (rule *)
d1b97708d5eb tuned proofs -- avoid implicit prems; wenzelm parents: 22271 diff changeset	457	apply assumption
d1b97708d5eb tuned proofs -- avoid implicit prems; wenzelm parents: 22271 diff changeset	458	done
13633 b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	459
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	460	corollary welltyped_initial_commutes:
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	461	fixes G ("\<Gamma>") and Phi ("\<Phi>")
23467 d1b97708d5eb tuned proofs -- avoid implicit prems; wenzelm parents: 22271 diff changeset	462	assumes wt: "wt_jvm_prog \<Gamma> \<Phi>"
d1b97708d5eb tuned proofs -- avoid implicit prems; wenzelm parents: 22271 diff changeset	463	assumes is_class: "is_class \<Gamma> C"
d1b97708d5eb tuned proofs -- avoid implicit prems; wenzelm parents: 22271 diff changeset	464	and method: "method (\<Gamma>,C) (m,[]) = Some (C, b)"
d1b97708d5eb tuned proofs -- avoid implicit prems; wenzelm parents: 22271 diff changeset	465	and m: "m \<noteq> init"
13633 b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	466	defines start: "s \<equiv> start_state \<Gamma> C m"
53024 e0968e1f6fe9 more symbolic notation; wenzelm parents: 52998 diff changeset	467	shows "\<Gamma> \<turnstile> (Normal s) \<midarrow>jvmd\<rightarrow> (Normal t) = \<Gamma> \<turnstile> s \<midarrow>jvm\<rightarrow> t"
13633 b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	468	proof -
23467 d1b97708d5eb tuned proofs -- avoid implicit prems; wenzelm parents: 22271 diff changeset	469	from wt is_class method have "\<Gamma>,\<Phi> \<turnstile>JVM s \<surd>"
d1b97708d5eb tuned proofs -- avoid implicit prems; wenzelm parents: 22271 diff changeset	470	unfolding start by (rule BV_correct_initial)
d1b97708d5eb tuned proofs -- avoid implicit prems; wenzelm parents: 22271 diff changeset	471	with wt show ?thesis by (rule welltyped_commutes)
13633 b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	472	qed
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	473
b03a36b8d528 type safety with defensive machine kleing parents: diff changeset	474	end

author	blanchet
	Tue, 09 Sep 2014 20:51:36 +0200
changeset 58263	6c907aad90ba
parent 56073	29e308b56d23
child 58886	8a6cac7c7247
permissions	-rw-r--r--