isabelle: src/HOL/MicroJava/BV/LBVComplete.thy@6ff5d35749b0 (annotated)

8388 b66d3c49cb8d completeness of the lightweight bytecode verifier kleing parents: diff changeset	1	(* Title: HOL/MicroJava/BV/LBVComplete.thy
b66d3c49cb8d completeness of the lightweight bytecode verifier kleing parents: diff changeset	2	ID: $Id$
b66d3c49cb8d completeness of the lightweight bytecode verifier kleing parents: diff changeset	3	Author: Gerwin Klein
b66d3c49cb8d completeness of the lightweight bytecode verifier kleing parents: diff changeset	4	Copyright 2000 Technische Universitaet Muenchen
9054 0e48e7d4d4f9 minor tuning for pdf documents kleing parents: 9012 diff changeset	5	*)
8388 b66d3c49cb8d completeness of the lightweight bytecode verifier kleing parents: diff changeset	6
12911 704713ca07ea new document kleing parents: 12516 diff changeset	7	header {* \isaheader{Completeness of the LBV} *}
8388 b66d3c49cb8d completeness of the lightweight bytecode verifier kleing parents: diff changeset	8
17090 603f23d71ada small mods to code lemmas nipkow parents: 17087 diff changeset	9	theory LBVComplete
603f23d71ada small mods to code lemmas nipkow parents: 17087 diff changeset	10	imports LBVSpec Typing_Framework
603f23d71ada small mods to code lemmas nipkow parents: 17087 diff changeset	11	begin
9549 40d64cb4f4e6 BV and LBV specified in terms of app and step functions kleing parents: 9376 diff changeset	12
8388 b66d3c49cb8d completeness of the lightweight bytecode verifier kleing parents: diff changeset	13	constdefs
13078 1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	14	is_target :: "['s step_type, 's list, nat] \<Rightarrow> bool"
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	15	"is_target step phi pc' \<equiv>
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	16	\<exists>pc s'. pc' \<noteq> pc+1 \<and> pc < length phi \<and> (pc',s') \<in> set (step pc (phi!pc))"
8388 b66d3c49cb8d completeness of the lightweight bytecode verifier kleing parents: diff changeset	17
13078 1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	18	make_cert :: "['s step_type, 's list, 's] \<Rightarrow> 's certificate"
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	19	"make_cert step phi B \<equiv>
15425 6356d2523f73 [ .. (] -> [ ..< ] nipkow parents: 13365 diff changeset	20	map (\<lambda>pc. if is_target step phi pc then phi!pc else B) [0..<length phi] @ [B]"
13078 1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	21
13101 90b31354fe15 tuned kleing parents: 13078 diff changeset	22	lemma [code]:
90b31354fe15 tuned kleing parents: 13078 diff changeset	23	"is_target step phi pc' =
15425 6356d2523f73 [ .. (] -> [ ..< ] nipkow parents: 13365 diff changeset	24	list_ex (\<lambda>pc. pc' \<noteq> pc+1 \<and> pc' mem (map fst (step pc (phi!pc)))) [0..<length phi]"
17090 603f23d71ada small mods to code lemmas nipkow parents: 17087 diff changeset	25	by (force simp: list_ex_iff is_target_def mem_iff)
603f23d71ada small mods to code lemmas nipkow parents: 17087 diff changeset	26
13101 90b31354fe15 tuned kleing parents: 13078 diff changeset	27
13365 a2c4faad4d35 adapted to locale defs; wenzelm parents: 13101 diff changeset	28	locale (open) lbvc = lbv +
13078 1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	29	fixes phi :: "'a list" ("\<phi>")
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	30	fixes c :: "'a list"
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	31	defines cert_def: "c \<equiv> make_cert step \<phi> \<bottom>"
9012 d1bd2144ab5d switched to Isar proofs kleing parents: 8388 diff changeset	32
13078 1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	33	assumes mono: "mono r step (length \<phi>) A"
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	34	assumes pres: "pres_type step (length \<phi>) A"
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	35	assumes phi: "\<forall>pc < length \<phi>. \<phi>!pc \<in> A \<and> \<phi>!pc \<noteq> \<top>"
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	36	assumes bounded: "bounded step (length \<phi>)"
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	37
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	38	assumes B_neq_T: "\<bottom> \<noteq> \<top>"
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	39
8388 b66d3c49cb8d completeness of the lightweight bytecode verifier kleing parents: diff changeset	40
13078 1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	41	lemma (in lbvc) cert: "cert_ok c (length \<phi>) \<top> \<bottom> A"
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	42	proof (unfold cert_ok_def, intro strip conjI)
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	43	note [simp] = make_cert_def cert_def nth_append
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	44
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	45	show "c!length \<phi> = \<bottom>" by simp
9757 1024a2d80ac0 functional LBV style, dead code, type safety -> Isar kleing parents: 9664 diff changeset	46
13078 1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	47	fix pc assume pc: "pc < length \<phi>"
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	48	from pc phi B_A show "c!pc \<in> A" by simp
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	49	from pc phi B_neq_T show "c!pc \<noteq> \<top>" by simp
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	50	qed
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	51
9559 1f99296758c2 tuned kleing parents: 9549 diff changeset	52	lemmas [simp del] = split_paired_Ex
1f99296758c2 tuned kleing parents: 9549 diff changeset	53
9012 d1bd2144ab5d switched to Isar proofs kleing parents: 8388 diff changeset	54
13078 1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	55	lemma (in lbvc) cert_target [intro?]:
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	56	"\<lbrakk> (pc',s') \<in> set (step pc (\<phi>!pc));
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	57	pc' \<noteq> pc+1; pc < length \<phi>; pc' < length \<phi> \<rbrakk>
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	58	\<Longrightarrow> c!pc' = \<phi>!pc'"
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	59	by (auto simp add: cert_def make_cert_def nth_append is_target_def)
9012 d1bd2144ab5d switched to Isar proofs kleing parents: 8388 diff changeset	60
9549 40d64cb4f4e6 BV and LBV specified in terms of app and step functions kleing parents: 9376 diff changeset	61
13078 1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	62	lemma (in lbvc) cert_approx [intro?]:
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	63	"\<lbrakk> pc < length \<phi>; c!pc \<noteq> \<bottom> \<rbrakk>
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	64	\<Longrightarrow> c!pc = \<phi>!pc"
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	65	by (auto simp add: cert_def make_cert_def nth_append)
13064 1f54a5fecaa6 first steps in semilattices.. kleing parents: 13006 diff changeset	66
1f54a5fecaa6 first steps in semilattices.. kleing parents: 13006 diff changeset	67
13078 1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	68	lemma (in lbv) le_top [simp, intro]:
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	69	"x <=_r \<top>"
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	70	by (insert top) simp
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	71
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	72
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	73	lemma (in lbv) merge_mono:
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	74	assumes less: "ss2 <=\|r\| ss1"
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	75	assumes x: "x \<in> A"
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	76	assumes ss1: "snd`set ss1 \<subseteq> A"
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	77	assumes ss2: "snd`set ss2 \<subseteq> A"
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	78	shows "merge c pc ss2 x <=_r merge c pc ss1 x" (is "?s2 <=_r ?s1")
13064 1f54a5fecaa6 first steps in semilattices.. kleing parents: 13006 diff changeset	79	proof-
13078 1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	80	have "?s1 = \<top> \<Longrightarrow> ?thesis" by simp
13070 fcfdefa4617b merge mono kleing parents: 13066 diff changeset	81	moreover {
13078 1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	82	assume merge: "?s1 \<noteq> T"
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	83	from x ss1 have "?s1 =
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	84	(if \<forall>(pc', s')\<in>set ss1. pc' \<noteq> pc + 1 \<longrightarrow> s' <=_r c!pc'
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	85	then (map snd [(p', t')\<in>ss1 . p'=pc+1]) ++_f x
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	86	else \<top>)"
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	87	by (rule merge_def)
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	88	with merge obtain
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	89	app: "\<forall>(pc',s')\<in>set ss1. pc' \<noteq> pc+1 \<longrightarrow> s' <=_r c!pc'"
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	90	(is "?app ss1") and
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	91	sum: "(map snd [(p',t')\<in>ss1 . p' = pc+1] ++_f x) = ?s1"
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	92	(is "?map ss1 ++_f x = _" is "?sum ss1 = _")
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	93	by (simp split: split_if_asm)
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	94	from app less
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	95	have "?app ss2" by (blast dest: trans_r lesub_step_typeD)
13070 fcfdefa4617b merge mono kleing parents: 13066 diff changeset	96	moreover {
13078 1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	97	from ss1 have map1: "set (?map ss1) \<subseteq> A" by auto
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	98	with x have "?sum ss1 \<in> A" by (auto intro!: plusplus_closed)
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	99	with sum have "?s1 \<in> A" by simp
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	100	moreover
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	101	have mapD: "\<And>x ss. x \<in> set (?map ss) \<Longrightarrow> \<exists>p. (p,x) \<in> set ss \<and> p=pc+1" by auto
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	102	from x map1
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	103	have "\<forall>x \<in> set (?map ss1). x <=_r ?sum ss1"
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	104	by clarify (rule pp_ub1)
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	105	with sum have "\<forall>x \<in> set (?map ss1). x <=_r ?s1" by simp
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	106	with less have "\<forall>x \<in> set (?map ss2). x <=_r ?s1"
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	107	by (fastsimp dest!: mapD lesub_step_typeD intro: trans_r)
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	108	moreover
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	109	from map1 x have "x <=_r (?sum ss1)" by (rule pp_ub2)
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	110	with sum have "x <=_r ?s1" by simp
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	111	moreover
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	112	from ss2 have "set (?map ss2) \<subseteq> A" by auto
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	113	ultimately
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	114	have "?sum ss2 <=_r ?s1" using x by - (rule pp_lub)
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	115	}
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	116	moreover
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	117	from x ss2 have
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	118	"?s2 =
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	119	(if \<forall>(pc', s')\<in>set ss2. pc' \<noteq> pc + 1 \<longrightarrow> s' <=_r c!pc'
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	120	then map snd [(p', t')\<in>ss2 . p' = pc + 1] ++_f x
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	121	else \<top>)"
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	122	by (rule merge_def)
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	123	ultimately have ?thesis by simp
13070 fcfdefa4617b merge mono kleing parents: 13066 diff changeset	124	}
13078 1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	125	ultimately show ?thesis by (cases "?s1 = \<top>") auto
13064 1f54a5fecaa6 first steps in semilattices.. kleing parents: 13006 diff changeset	126	qed
1f54a5fecaa6 first steps in semilattices.. kleing parents: 13006 diff changeset	127
1f54a5fecaa6 first steps in semilattices.. kleing parents: 13006 diff changeset	128
13078 1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	129	lemma (in lbvc) wti_mono:
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	130	assumes less: "s2 <=_r s1"
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	131	assumes pc: "pc < length \<phi>"
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	132	assumes s1: "s1 \<in> A"
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	133	assumes s2: "s2 \<in> A"
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	134	shows "wti c pc s2 <=_r wti c pc s1" (is "?s2' <=_r ?s1'")
9549 40d64cb4f4e6 BV and LBV specified in terms of app and step functions kleing parents: 9376 diff changeset	135	proof -
13078 1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	136	from mono s2 have "step pc s2 <=\|r\| step pc s1" by - (rule monoD)
13071 f538a1dba7ee finished lbv completeness kleing parents: 13070 diff changeset	137	moreover
13078 1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	138	from pc cert have "c!Suc pc \<in> A" by - (rule cert_okD3)
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	139	moreover
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	140	from pres s1 pc
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	141	have "snd`set (step pc s1) \<subseteq> A" by (rule pres_typeD2)
13071 f538a1dba7ee finished lbv completeness kleing parents: 13070 diff changeset	142	moreover
f538a1dba7ee finished lbv completeness kleing parents: 13070 diff changeset	143	from pres s2 pc
13078 1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	144	have "snd`set (step pc s2) \<subseteq> A" by (rule pres_typeD2)
13071 f538a1dba7ee finished lbv completeness kleing parents: 13070 diff changeset	145	ultimately
13078 1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	146	show ?thesis by (simp add: wti merge_mono)
13071 f538a1dba7ee finished lbv completeness kleing parents: 13070 diff changeset	147	qed
9012 d1bd2144ab5d switched to Isar proofs kleing parents: 8388 diff changeset	148
13078 1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	149	lemma (in lbvc) wtc_mono:
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	150	assumes less: "s2 <=_r s1"
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	151	assumes pc: "pc < length \<phi>"
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	152	assumes s1: "s1 \<in> A"
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	153	assumes s2: "s2 \<in> A"
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	154	shows "wtc c pc s2 <=_r wtc c pc s1" (is "?s2' <=_r ?s1'")
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	155	proof (cases "c!pc = \<bottom>")
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	156	case True
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	157	moreover have "wti c pc s2 <=_r wti c pc s1" by (rule wti_mono)
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	158	ultimately show ?thesis by (simp add: wtc)
13071 f538a1dba7ee finished lbv completeness kleing parents: 13070 diff changeset	159	next
13078 1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	160	case False
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	161	have "?s1' = \<top> \<Longrightarrow> ?thesis" by simp
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	162	moreover {
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	163	assume "?s1' \<noteq> \<top>"
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	164	with False have c: "s1 <=_r c!pc" by (simp add: wtc split: split_if_asm)
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	165	with less have "s2 <=_r c!pc" ..
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	166	with False c have ?thesis by (simp add: wtc)
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	167	}
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	168	ultimately show ?thesis by (cases "?s1' = \<top>") auto
9376 c32c5696ec2a flat instruction set kleing parents: 9260 diff changeset	169	qed
9757 1024a2d80ac0 functional LBV style, dead code, type safety -> Isar kleing parents: 9664 diff changeset	170
9559 1f99296758c2 tuned kleing parents: 9549 diff changeset	171
13078 1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	172	lemma (in lbv) top_le_conv [simp]:
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	173	"\<top> <=_r x = (x = \<top>)"
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	174	by (insert semilat) (simp add: top top_le_conv)
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	175
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	176	lemma (in lbv) neq_top [simp, elim]:
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	177	"\<lbrakk> x <=_r y; y \<noteq> \<top> \<rbrakk> \<Longrightarrow> x \<noteq> \<top>"
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	178	by (cases "x = T") auto
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	179
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	180
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	181	lemma (in lbvc) stable_wti:
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	182	assumes stable: "stable r step \<phi> pc"
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	183	assumes pc: "pc < length \<phi>"
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	184	shows "wti c pc (\<phi>!pc) \<noteq> \<top>"
9559 1f99296758c2 tuned kleing parents: 9549 diff changeset	185	proof -
13078 1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	186	let ?step = "step pc (\<phi>!pc)"
13071 f538a1dba7ee finished lbv completeness kleing parents: 13070 diff changeset	187	from stable
13078 1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	188	have less: "\<forall>(q,s')\<in>set ?step. s' <=_r \<phi>!q" by (simp add: stable_def)
13071 f538a1dba7ee finished lbv completeness kleing parents: 13070 diff changeset	189
13078 1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	190	from cert pc
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	191	have cert_suc: "c!Suc pc \<in> A" by - (rule cert_okD3)
13071 f538a1dba7ee finished lbv completeness kleing parents: 13070 diff changeset	192	moreover
13078 1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	193	from phi pc have "\<phi>!pc \<in> A" by simp
13071 f538a1dba7ee finished lbv completeness kleing parents: 13070 diff changeset	194	with pres pc
13078 1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	195	have stepA: "snd`set ?step \<subseteq> A" by - (rule pres_typeD2)
13071 f538a1dba7ee finished lbv completeness kleing parents: 13070 diff changeset	196	ultimately
13078 1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	197	have "merge c pc ?step (c!Suc pc) =
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	198	(if \<forall>(pc',s')\<in>set ?step. pc'\<noteq>pc+1 \<longrightarrow> s' <=_r c!pc'
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	199	then map snd [(p',t')\<in>?step.p'=pc+1] ++_f c!Suc pc
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	200	else \<top>)" by (rule merge_def)
13071 f538a1dba7ee finished lbv completeness kleing parents: 13070 diff changeset	201	moreover {
f538a1dba7ee finished lbv completeness kleing parents: 13070 diff changeset	202	fix pc' s' assume s': "(pc', s') \<in> set ?step" and suc_pc: "pc' \<noteq> pc+1"
13078 1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	203	with less have "s' <=_r \<phi>!pc'" by auto
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	204	also
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	205	from bounded pc s' have "pc' < length \<phi>" by (rule boundedD)
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	206	with s' suc_pc pc have "c!pc' = \<phi>!pc'" ..
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	207	hence "\<phi>!pc' = c!pc'" ..
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	208	finally have "s' <=_r c!pc'" .
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	209	} hence "\<forall>(pc',s')\<in>set ?step. pc'\<noteq>pc+1 \<longrightarrow> s' <=_r c!pc'" by auto
13071 f538a1dba7ee finished lbv completeness kleing parents: 13070 diff changeset	210	moreover
13078 1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	211	from pc have "Suc pc = length \<phi> \<or> Suc pc < length \<phi>" by auto
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	212	hence "map snd [(p',t')\<in>?step.p'=pc+1] ++_f c!Suc pc \<noteq> \<top>"
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	213	(is "?map ++_f _ \<noteq> _")
13071 f538a1dba7ee finished lbv completeness kleing parents: 13070 diff changeset	214	proof (rule disjE)
13078 1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	215	assume pc': "Suc pc = length \<phi>"
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	216	with cert have "c!Suc pc = \<bottom>" by (simp add: cert_okD2)
13071 f538a1dba7ee finished lbv completeness kleing parents: 13070 diff changeset	217	moreover
13078 1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	218	from pc' bounded pc
13071 f538a1dba7ee finished lbv completeness kleing parents: 13070 diff changeset	219	have "\<forall>(p',t')\<in>set ?step. p'\<noteq>pc+1" by clarify (drule boundedD, auto)
f538a1dba7ee finished lbv completeness kleing parents: 13070 diff changeset	220	hence "[(p',t')\<in>?step.p'=pc+1] = []" by (blast intro: filter_False)
f538a1dba7ee finished lbv completeness kleing parents: 13070 diff changeset	221	hence "?map = []" by simp
13078 1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	222	ultimately show ?thesis by (simp add: B_neq_T)
13071 f538a1dba7ee finished lbv completeness kleing parents: 13070 diff changeset	223	next
13078 1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	224	assume pc': "Suc pc < length \<phi>"
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	225	from pc' phi have "\<phi>!Suc pc \<in> A" by simp
13071 f538a1dba7ee finished lbv completeness kleing parents: 13070 diff changeset	226	moreover note cert_suc
f538a1dba7ee finished lbv completeness kleing parents: 13070 diff changeset	227	moreover from stepA
13078 1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	228	have "set ?map \<subseteq> A" by auto
13071 f538a1dba7ee finished lbv completeness kleing parents: 13070 diff changeset	229	moreover
f538a1dba7ee finished lbv completeness kleing parents: 13070 diff changeset	230	have "\<And>s. s \<in> set ?map \<Longrightarrow> \<exists>t. (Suc pc, t) \<in> set ?step" by auto
13078 1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	231	with less have "\<forall>s' \<in> set ?map. s' <=_r \<phi>!Suc pc" by auto
13071 f538a1dba7ee finished lbv completeness kleing parents: 13070 diff changeset	232	moreover
13078 1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	233	from pc' have "c!Suc pc <=_r \<phi>!Suc pc"
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	234	by (cases "c!Suc pc = \<bottom>") (auto dest: cert_approx)
13071 f538a1dba7ee finished lbv completeness kleing parents: 13070 diff changeset	235	ultimately
13078 1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	236	have "?map ++_f c!Suc pc <=_r \<phi>!Suc pc" by (rule pp_lub)
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	237	moreover
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	238	from pc' phi have "\<phi>!Suc pc \<noteq> \<top>" by simp
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	239	ultimately
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	240	show ?thesis by auto
9559 1f99296758c2 tuned kleing parents: 9549 diff changeset	241	qed
13071 f538a1dba7ee finished lbv completeness kleing parents: 13070 diff changeset	242	ultimately
13078 1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	243	have "merge c pc ?step (c!Suc pc) \<noteq> \<top>" by simp
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	244	thus ?thesis by (simp add: wti)
9376 c32c5696ec2a flat instruction set kleing parents: 9260 diff changeset	245	qed
9012 d1bd2144ab5d switched to Isar proofs kleing parents: 8388 diff changeset	246
13078 1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	247	lemma (in lbvc) wti_less:
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	248	assumes stable: "stable r step \<phi> pc"
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	249	assumes suc_pc: "Suc pc < length \<phi>"
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	250	shows "wti c pc (\<phi>!pc) <=_r \<phi>!Suc pc" (is "?wti <=_r _")
9757 1024a2d80ac0 functional LBV style, dead code, type safety -> Isar kleing parents: 9664 diff changeset	251	proof -
13078 1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	252	let ?step = "step pc (\<phi>!pc)"
13071 f538a1dba7ee finished lbv completeness kleing parents: 13070 diff changeset	253
13078 1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	254	from stable
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	255	have less: "\<forall>(q,s')\<in>set ?step. s' <=_r \<phi>!q" by (simp add: stable_def)
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	256
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	257	from suc_pc have pc: "pc < length \<phi>" by simp
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	258	with cert have cert_suc: "c!Suc pc \<in> A" by - (rule cert_okD3)
13071 f538a1dba7ee finished lbv completeness kleing parents: 13070 diff changeset	259	moreover
13078 1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	260	from phi pc have "\<phi>!pc \<in> A" by simp
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	261	with pres pc have stepA: "snd`set ?step \<subseteq> A" by - (rule pres_typeD2)
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	262	moreover
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	263	from stable pc have "?wti \<noteq> \<top>" by (rule stable_wti)
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	264	hence "merge c pc ?step (c!Suc pc) \<noteq> \<top>" by (simp add: wti)
13071 f538a1dba7ee finished lbv completeness kleing parents: 13070 diff changeset	265	ultimately
13078 1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	266	have "merge c pc ?step (c!Suc pc) =
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	267	map snd [(p',t')\<in>?step.p'=pc+1] ++_f c!Suc pc" by (rule merge_not_top_s)
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	268	hence "?wti = \<dots>" (is "_ = (?map ++_f _)" is "_ = ?sum") by (simp add: wti)
13071 f538a1dba7ee finished lbv completeness kleing parents: 13070 diff changeset	269	also {
13078 1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	270	from suc_pc phi have "\<phi>!Suc pc \<in> A" by simp
13071 f538a1dba7ee finished lbv completeness kleing parents: 13070 diff changeset	271	moreover note cert_suc
13078 1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	272	moreover from stepA have "set ?map \<subseteq> A" by auto
13071 f538a1dba7ee finished lbv completeness kleing parents: 13070 diff changeset	273	moreover
f538a1dba7ee finished lbv completeness kleing parents: 13070 diff changeset	274	have "\<And>s. s \<in> set ?map \<Longrightarrow> \<exists>t. (Suc pc, t) \<in> set ?step" by auto
13078 1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	275	with less have "\<forall>s' \<in> set ?map. s' <=_r \<phi>!Suc pc" by auto
13071 f538a1dba7ee finished lbv completeness kleing parents: 13070 diff changeset	276	moreover
13078 1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	277	from suc_pc have "c!Suc pc <=_r \<phi>!Suc pc"
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	278	by (cases "c!Suc pc = \<bottom>") (auto dest: cert_approx)
13071 f538a1dba7ee finished lbv completeness kleing parents: 13070 diff changeset	279	ultimately
13078 1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	280	have "?sum <=_r \<phi>!Suc pc" by (rule pp_lub)
13071 f538a1dba7ee finished lbv completeness kleing parents: 13070 diff changeset	281	}
f538a1dba7ee finished lbv completeness kleing parents: 13070 diff changeset	282	finally show ?thesis .
f538a1dba7ee finished lbv completeness kleing parents: 13070 diff changeset	283	qed
9012 d1bd2144ab5d switched to Isar proofs kleing parents: 8388 diff changeset	284
13078 1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	285	lemma (in lbvc) stable_wtc:
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	286	assumes stable: "stable r step phi pc"
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	287	assumes pc: "pc < length \<phi>"
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	288	shows "wtc c pc (\<phi>!pc) \<noteq> \<top>"
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	289	proof -
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	290	have wti: "wti c pc (\<phi>!pc) \<noteq> \<top>" by (rule stable_wti)
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	291	show ?thesis
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	292	proof (cases "c!pc = \<bottom>")
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	293	case True with wti show ?thesis by (simp add: wtc)
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	294	next
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	295	case False
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	296	with pc have "c!pc = \<phi>!pc" ..
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	297	with False wti show ?thesis by (simp add: wtc)
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	298	qed
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	299	qed
9012 d1bd2144ab5d switched to Isar proofs kleing parents: 8388 diff changeset	300
13078 1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	301	lemma (in lbvc) wtc_less:
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	302	assumes stable: "stable r step \<phi> pc"
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	303	assumes suc_pc: "Suc pc < length \<phi>"
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	304	shows "wtc c pc (\<phi>!pc) <=_r \<phi>!Suc pc" (is "?wtc <=_r _")
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	305	proof (cases "c!pc = \<bottom>")
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	306	case True
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	307	moreover have "wti c pc (\<phi>!pc) <=_r \<phi>!Suc pc" by (rule wti_less)
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	308	ultimately show ?thesis by (simp add: wtc)
13071 f538a1dba7ee finished lbv completeness kleing parents: 13070 diff changeset	309	next
13078 1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	310	case False
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	311	from suc_pc have pc: "pc < length \<phi>" by simp
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	312	hence "?wtc \<noteq> \<top>" by - (rule stable_wtc)
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	313	with False have "?wtc = wti c pc (c!pc)"
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	314	by (unfold wtc) (simp split: split_if_asm)
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	315	also from pc False have "c!pc = \<phi>!pc" ..
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	316	finally have "?wtc = wti c pc (\<phi>!pc)" .
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	317	also have "wti c pc (\<phi>!pc) <=_r \<phi>!Suc pc" by (rule wti_less)
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	318	finally show ?thesis .
13071 f538a1dba7ee finished lbv completeness kleing parents: 13070 diff changeset	319	qed
f538a1dba7ee finished lbv completeness kleing parents: 13070 diff changeset	320
f538a1dba7ee finished lbv completeness kleing parents: 13070 diff changeset	321
13078 1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	322	lemma (in lbvc) wt_step_wtl_lemma:
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	323	assumes wt_step: "wt_step r \<top> step \<phi>"
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	324	shows "\<And>pc s. pc+length ls = length \<phi> \<Longrightarrow> s <=_r \<phi>!pc \<Longrightarrow> s \<in> A \<Longrightarrow> s\<noteq>\<top> \<Longrightarrow>
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	325	wtl ls c pc s \<noteq> \<top>"
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	326	(is "\<And>pc s. _ \<Longrightarrow> _ \<Longrightarrow> _ \<Longrightarrow> _ \<Longrightarrow> ?wtl ls pc s \<noteq> _")
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	327	proof (induct ls)
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	328	fix pc s assume "s\<noteq>\<top>" thus "?wtl [] pc s \<noteq> \<top>" by simp
13071 f538a1dba7ee finished lbv completeness kleing parents: 13070 diff changeset	329	next
13078 1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	330	fix pc s i ls
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	331	assume "\<And>pc s. pc+length ls=length \<phi> \<Longrightarrow> s <=_r \<phi>!pc \<Longrightarrow> s \<in> A \<Longrightarrow> s\<noteq>\<top> \<Longrightarrow>
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	332	?wtl ls pc s \<noteq> \<top>"
9757 1024a2d80ac0 functional LBV style, dead code, type safety -> Isar kleing parents: 9664 diff changeset	333	moreover
13078 1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	334	assume pc_l: "pc + length (i#ls) = length \<phi>"
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	335	hence suc_pc_l: "Suc pc + length ls = length \<phi>" by simp
13071 f538a1dba7ee finished lbv completeness kleing parents: 13070 diff changeset	336	ultimately
13078 1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	337	have IH: "\<And>s. s <=_r \<phi>!Suc pc \<Longrightarrow> s \<in> A \<Longrightarrow> s \<noteq> \<top> \<Longrightarrow> ?wtl ls (Suc pc) s \<noteq> \<top>" .
13071 f538a1dba7ee finished lbv completeness kleing parents: 13070 diff changeset	338
13078 1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	339	from pc_l obtain pc: "pc < length \<phi>" by simp
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	340	with wt_step have stable: "stable r step \<phi> pc" by (simp add: wt_step_def)
13071 f538a1dba7ee finished lbv completeness kleing parents: 13070 diff changeset	341	moreover
13078 1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	342	assume s_phi: "s <=_r \<phi>!pc"
13071 f538a1dba7ee finished lbv completeness kleing parents: 13070 diff changeset	343	ultimately
13078 1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	344	have wt_phi: "wtc c pc (\<phi>!pc) \<noteq> \<top>" by - (rule stable_wtc)
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	345
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	346	from phi pc have phi_pc: "\<phi>!pc \<in> A" by simp
13071 f538a1dba7ee finished lbv completeness kleing parents: 13070 diff changeset	347	moreover
13078 1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	348	assume s: "s \<in> A"
9757 1024a2d80ac0 functional LBV style, dead code, type safety -> Isar kleing parents: 9664 diff changeset	349	ultimately
13078 1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	350	have wt_s_phi: "wtc c pc s <=_r wtc c pc (\<phi>!pc)" using s_phi by - (rule wtc_mono)
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	351	with wt_phi have wt_s: "wtc c pc s \<noteq> \<top>" by simp
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	352	moreover
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	353	assume s: "s \<noteq> \<top>"
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	354	ultimately
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	355	have "ls = [] \<Longrightarrow> ?wtl (i#ls) pc s \<noteq> \<top>" by simp
13071 f538a1dba7ee finished lbv completeness kleing parents: 13070 diff changeset	356	moreover {
13078 1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	357	assume "ls \<noteq> []"
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	358	with pc_l have suc_pc: "Suc pc < length \<phi>" by (auto simp add: neq_Nil_conv)
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	359	with stable have "wtc c pc (phi!pc) <=_r \<phi>!Suc pc" by (rule wtc_less)
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	360	with wt_s_phi have "wtc c pc s <=_r \<phi>!Suc pc" by (rule trans_r)
13071 f538a1dba7ee finished lbv completeness kleing parents: 13070 diff changeset	361	moreover
13078 1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	362	from cert suc_pc have "c!pc \<in> A" "c!(pc+1) \<in> A"
13071 f538a1dba7ee finished lbv completeness kleing parents: 13070 diff changeset	363	by (auto simp add: cert_ok_def)
13078 1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	364	with pres have "wtc c pc s \<in> A" by (rule wtc_pres)
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	365	ultimately
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	366	have "?wtl ls (Suc pc) (wtc c pc s) \<noteq> \<top>" using IH wt_s by blast
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	367	with s wt_s have "?wtl (i#ls) pc s \<noteq> \<top>" by simp
13071 f538a1dba7ee finished lbv completeness kleing parents: 13070 diff changeset	368	}
13078 1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	369	ultimately show "?wtl (i#ls) pc s \<noteq> \<top>" by (cases ls) blast+
9580 d955914193e0 tuned kleing parents: 9559 diff changeset	370	qed
9012 d1bd2144ab5d switched to Isar proofs kleing parents: 8388 diff changeset	371
13078 1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	372
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	373	theorem (in lbvc) wtl_complete:
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	374	assumes "wt_step r \<top> step \<phi>"
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	375	assumes "s <=_r \<phi>!0" and "s \<in> A" and "s \<noteq> \<top>" and "length ins = length phi"
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	376	shows "wtl ins c 0 s \<noteq> \<top>"
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	377	proof -
13071 f538a1dba7ee finished lbv completeness kleing parents: 13070 diff changeset	378	have "0+length ins = length phi" by simp
13078 1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	379	thus ?thesis by - (rule wt_step_wtl_lemma)
13071 f538a1dba7ee finished lbv completeness kleing parents: 13070 diff changeset	380	qed
10592 fc0b575a2cf7 BCV Integration kleing parents: 10496 diff changeset	381
9549 40d64cb4f4e6 BV and LBV specified in terms of app and step functions kleing parents: 9376 diff changeset	382
40d64cb4f4e6 BV and LBV specified in terms of app and step functions kleing parents: 9376 diff changeset	383	end

author	paulson
	Wed, 19 Jul 2006 11:55:26 +0200
changeset 20153	6ff5d35749b0
parent 17090	603f23d71ada
child 23281	e26ec695c9b3
permissions	-rw-r--r--