isabelle: src/HOL/MicroJava/BV/LBVSpec.thy@854173fcd21c (annotated)

9757 1024a2d80ac0 functional LBV style, dead code, type safety -> Isar kleing parents: 9664 diff changeset	1	(* Title: HOL/MicroJava/BV/LBVSpec.thy
8245 6acc80f7f36f lightweight bytecode verifier with correctness proof kleing parents: diff changeset	2	Author: Gerwin Klein
6acc80f7f36f lightweight bytecode verifier with correctness proof kleing parents: diff changeset	3	Copyright 1999 Technische Universitaet Muenchen
9054 0e48e7d4d4f9 minor tuning for pdf documents kleing parents: 9012 diff changeset	4	*)
8245 6acc80f7f36f lightweight bytecode verifier with correctness proof kleing parents: diff changeset	5
12911 704713ca07ea new document kleing parents: 12516 diff changeset	6	header {* \isaheader{The Lightweight Bytecode Verifier} *}
9054 0e48e7d4d4f9 minor tuning for pdf documents kleing parents: 9012 diff changeset	7
27681 8cedebf55539 dropped locale (open) haftmann parents: 23464 diff changeset	8	theory LBVSpec
8cedebf55539 dropped locale (open) haftmann parents: 23464 diff changeset	9	imports SemilatAlg Opt
8cedebf55539 dropped locale (open) haftmann parents: 23464 diff changeset	10	begin
13062 4b1edf2f6bd2 small refactoring for lbv with semilattices kleing parents: 13006 diff changeset	11
8245 6acc80f7f36f lightweight bytecode verifier with correctness proof kleing parents: diff changeset	12	types
13078 1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	13	's certificate = "'s list"
8245 6acc80f7f36f lightweight bytecode verifier with correctness proof kleing parents: diff changeset	14
12516 d09d0f160888 exceptions kleing parents: 11085 diff changeset	15	consts
13078 1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	16	merge :: "'s certificate \<Rightarrow> 's binop \<Rightarrow> 's ord \<Rightarrow> 's \<Rightarrow> nat \<Rightarrow> (nat \<times> 's) list \<Rightarrow> 's \<Rightarrow> 's"
12516 d09d0f160888 exceptions kleing parents: 11085 diff changeset	17	primrec
13078 1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	18	"merge cert f r T pc [] x = x"
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	19	"merge cert f r T pc (s#ss) x = merge cert f r T pc ss (let (pc',s') = s in
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	20	if pc'=pc+1 then s' +_f x
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	21	else if s' <=_r (cert!pc') then x
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	22	else T)"
9757 1024a2d80ac0 functional LBV style, dead code, type safety -> Isar kleing parents: 9664 diff changeset	23
13062 4b1edf2f6bd2 small refactoring for lbv with semilattices kleing parents: 13006 diff changeset	24	constdefs
13078 1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	25	wtl_inst :: "'s certificate \<Rightarrow> 's binop \<Rightarrow> 's ord \<Rightarrow> 's \<Rightarrow>
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	26	's step_type \<Rightarrow> nat \<Rightarrow> 's \<Rightarrow> 's"
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	27	"wtl_inst cert f r T step pc s \<equiv> merge cert f r T pc (step pc s) (cert!(pc+1))"
8245 6acc80f7f36f lightweight bytecode verifier with correctness proof kleing parents: diff changeset	28
13078 1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	29	wtl_cert :: "'s certificate \<Rightarrow> 's binop \<Rightarrow> 's ord \<Rightarrow> 's \<Rightarrow> 's \<Rightarrow>
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	30	's step_type \<Rightarrow> nat \<Rightarrow> 's \<Rightarrow> 's"
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	31	"wtl_cert cert f r T B step pc s \<equiv>
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	32	if cert!pc = B then
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	33	wtl_inst cert f r T step pc s
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	34	else
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	35	if s <=_r (cert!pc) then wtl_inst cert f r T step pc (cert!pc) else T"
9757 1024a2d80ac0 functional LBV style, dead code, type safety -> Isar kleing parents: 9664 diff changeset	36
1024a2d80ac0 functional LBV style, dead code, type safety -> Isar kleing parents: 9664 diff changeset	37	consts
13078 1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	38	wtl_inst_list :: "'a list \<Rightarrow> 's certificate \<Rightarrow> 's binop \<Rightarrow> 's ord \<Rightarrow> 's \<Rightarrow> 's \<Rightarrow>
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	39	's step_type \<Rightarrow> nat \<Rightarrow> 's \<Rightarrow> 's"
8245 6acc80f7f36f lightweight bytecode verifier with correctness proof kleing parents: diff changeset	40	primrec
13101 90b31354fe15 tuned kleing parents: 13078 diff changeset	41	"wtl_inst_list [] cert f r T B step pc s = s"
90b31354fe15 tuned kleing parents: 13078 diff changeset	42	"wtl_inst_list (i#is) cert f r T B step pc s =
13078 1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	43	(let s' = wtl_cert cert f r T B step pc s in
13101 90b31354fe15 tuned kleing parents: 13078 diff changeset	44	if s' = T \<or> s = T then T else wtl_inst_list is cert f r T B step (pc+1) s')"
8245 6acc80f7f36f lightweight bytecode verifier with correctness proof kleing parents: diff changeset	45
6acc80f7f36f lightweight bytecode verifier with correctness proof kleing parents: diff changeset	46	constdefs
13078 1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	47	cert_ok :: "'s certificate \<Rightarrow> nat \<Rightarrow> 's \<Rightarrow> 's \<Rightarrow> 's set \<Rightarrow> bool"
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	48	"cert_ok cert n T B A \<equiv> (\<forall>i < n. cert!i \<in> A \<and> cert!i \<noteq> T) \<and> (cert!n = B)"
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	49
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	50	constdefs
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	51	bottom :: "'a ord \<Rightarrow> 'a \<Rightarrow> bool"
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	52	"bottom r B \<equiv> \<forall>x. B <=_r x"
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	53
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	54
27681 8cedebf55539 dropped locale (open) haftmann parents: 23464 diff changeset	55	locale lbv = Semilat +
13078 1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	56	fixes T :: "'a" ("\<top>")
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	57	fixes B :: "'a" ("\<bottom>")
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	58	fixes step :: "'a step_type"
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	59	assumes top: "top r \<top>"
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	60	assumes T_A: "\<top> \<in> A"
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	61	assumes bot: "bottom r \<bottom>"
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	62	assumes B_A: "\<bottom> \<in> A"
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	63
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	64	fixes merge :: "'a certificate \<Rightarrow> nat \<Rightarrow> (nat \<times> 'a) list \<Rightarrow> 'a \<Rightarrow> 'a"
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	65	defines mrg_def: "merge cert \<equiv> LBVSpec.merge cert f r \<top>"
13062 4b1edf2f6bd2 small refactoring for lbv with semilattices kleing parents: 13006 diff changeset	66
13078 1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	67	fixes wti :: "'a certificate \<Rightarrow> nat \<Rightarrow> 'a \<Rightarrow> 'a"
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	68	defines wti_def: "wti cert \<equiv> wtl_inst cert f r \<top> step"
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	69
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	70	fixes wtc :: "'a certificate \<Rightarrow> nat \<Rightarrow> 'a \<Rightarrow> 'a"
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	71	defines wtc_def: "wtc cert \<equiv> wtl_cert cert f r \<top> \<bottom> step"
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	72
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	73	fixes wtl :: "'b list \<Rightarrow> 'a certificate \<Rightarrow> nat \<Rightarrow> 'a \<Rightarrow> 'a"
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	74	defines wtl_def: "wtl ins cert \<equiv> wtl_inst_list ins cert f r \<top> \<bottom> step"
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	75
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	76
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	77	lemma (in lbv) wti:
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	78	"wti c pc s \<equiv> merge c pc (step pc s) (c!(pc+1))"
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	79	by (simp add: wti_def mrg_def wtl_inst_def)
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	80
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	81	lemma (in lbv) wtc:
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	82	"wtc c pc s \<equiv> if c!pc = \<bottom> then wti c pc s else if s <=_r c!pc then wti c pc (c!pc) else \<top>"
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	83	by (unfold wtc_def wti_def wtl_cert_def)
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	84
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	85
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	86	lemma cert_okD1 [intro?]:
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	87	"cert_ok c n T B A \<Longrightarrow> pc < n \<Longrightarrow> c!pc \<in> A"
13062 4b1edf2f6bd2 small refactoring for lbv with semilattices kleing parents: 13006 diff changeset	88	by (unfold cert_ok_def) fast
4b1edf2f6bd2 small refactoring for lbv with semilattices kleing parents: 13006 diff changeset	89
13078 1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	90	lemma cert_okD2 [intro?]:
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	91	"cert_ok c n T B A \<Longrightarrow> c!n = B"
13071 f538a1dba7ee finished lbv completeness kleing parents: 13062 diff changeset	92	by (simp add: cert_ok_def)
f538a1dba7ee finished lbv completeness kleing parents: 13062 diff changeset	93
13078 1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	94	lemma cert_okD3 [intro?]:
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	95	"cert_ok c n T B A \<Longrightarrow> B \<in> A \<Longrightarrow> pc < n \<Longrightarrow> c!Suc pc \<in> A"
13071 f538a1dba7ee finished lbv completeness kleing parents: 13062 diff changeset	96	by (drule Suc_leI) (auto simp add: le_eq_less_or_eq dest: cert_okD1 cert_okD2)
f538a1dba7ee finished lbv completeness kleing parents: 13062 diff changeset	97
13078 1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	98	lemma cert_okD4 [intro?]:
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	99	"cert_ok c n T B A \<Longrightarrow> pc < n \<Longrightarrow> c!pc \<noteq> T"
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	100	by (simp add: cert_ok_def)
13062 4b1edf2f6bd2 small refactoring for lbv with semilattices kleing parents: 13006 diff changeset	101
4b1edf2f6bd2 small refactoring for lbv with semilattices kleing parents: 13006 diff changeset	102	declare Let_def [simp]
4b1edf2f6bd2 small refactoring for lbv with semilattices kleing parents: 13006 diff changeset	103
4b1edf2f6bd2 small refactoring for lbv with semilattices kleing parents: 13006 diff changeset	104	section "more semilattice lemmas"
4b1edf2f6bd2 small refactoring for lbv with semilattices kleing parents: 13006 diff changeset	105
13078 1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	106
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	107	lemma (in lbv) sup_top [simp, elim]:
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	108	assumes x: "x \<in> A"
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	109	shows "x +_f \<top> = \<top>"
13062 4b1edf2f6bd2 small refactoring for lbv with semilattices kleing parents: 13006 diff changeset	110	proof -
13078 1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	111	from top have "x +_f \<top> <=_r \<top>" ..
23464 bc2563c37b1a tuned proofs -- avoid implicit prems; wenzelm parents: 23281 diff changeset	112	moreover from x T_A have "\<top> <=_r x +_f \<top>" ..
13078 1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	113	ultimately show ?thesis ..
13062 4b1edf2f6bd2 small refactoring for lbv with semilattices kleing parents: 13006 diff changeset	114	qed
4b1edf2f6bd2 small refactoring for lbv with semilattices kleing parents: 13006 diff changeset	115
13078 1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	116	lemma (in lbv) plusplussup_top [simp, elim]:
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	117	"set xs \<subseteq> A \<Longrightarrow> xs ++_f \<top> = \<top>"
13062 4b1edf2f6bd2 small refactoring for lbv with semilattices kleing parents: 13006 diff changeset	118	by (induct xs) auto
13078 1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	119
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	120
13062 4b1edf2f6bd2 small refactoring for lbv with semilattices kleing parents: 13006 diff changeset	121
27681 8cedebf55539 dropped locale (open) haftmann parents: 23464 diff changeset	122	lemma (in Semilat) pp_ub1':
13078 1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	123	assumes S: "snd`set S \<subseteq> A"
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	124	assumes y: "y \<in> A" and ab: "(a, b) \<in> set S"
23281 e26ec695c9b3 changed filter syntax from : to <- nipkow parents: 16417 diff changeset	125	shows "b <=_r map snd [(p', t') \<leftarrow> S . p' = a] ++_f y"
13078 1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	126	proof -
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	127	from S have "\<forall>(x,y) \<in> set S. y \<in> A" by auto
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	128	with semilat y ab show ?thesis by - (rule ub1')
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	129	qed
13062 4b1edf2f6bd2 small refactoring for lbv with semilattices kleing parents: 13006 diff changeset	130
13078 1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	131	lemma (in lbv) bottom_le [simp, intro]:
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	132	"\<bottom> <=_r x"
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	133	by (insert bot) (simp add: bottom_def)
13062 4b1edf2f6bd2 small refactoring for lbv with semilattices kleing parents: 13006 diff changeset	134
13078 1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	135	lemma (in lbv) le_bottom [simp]:
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	136	"x <=_r \<bottom> = (x = \<bottom>)"
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	137	by (blast intro: antisym_r)
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	138
13062 4b1edf2f6bd2 small refactoring for lbv with semilattices kleing parents: 13006 diff changeset	139
4b1edf2f6bd2 small refactoring for lbv with semilattices kleing parents: 13006 diff changeset	140
4b1edf2f6bd2 small refactoring for lbv with semilattices kleing parents: 13006 diff changeset	141	section "merge"
4b1edf2f6bd2 small refactoring for lbv with semilattices kleing parents: 13006 diff changeset	142
13078 1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	143	lemma (in lbv) merge_Nil [simp]:
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	144	"merge c pc [] x = x" by (simp add: mrg_def)
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	145
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	146	lemma (in lbv) merge_Cons [simp]:
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	147	"merge c pc (l#ls) x = merge c pc ls (if fst l=pc+1 then snd l +_f x
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	148	else if snd l <=_r (c!fst l) then x
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	149	else \<top>)"
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	150	by (simp add: mrg_def split_beta)
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	151
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	152	lemma (in lbv) merge_Err [simp]:
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	153	"snd`set ss \<subseteq> A \<Longrightarrow> merge c pc ss \<top> = \<top>"
13062 4b1edf2f6bd2 small refactoring for lbv with semilattices kleing parents: 13006 diff changeset	154	by (induct ss) auto
8245 6acc80f7f36f lightweight bytecode verifier with correctness proof kleing parents: diff changeset	155
13078 1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	156	lemma (in lbv) merge_not_top:
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	157	"\<And>x. snd`set ss \<subseteq> A \<Longrightarrow> merge c pc ss x \<noteq> \<top> \<Longrightarrow>
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	158	\<forall>(pc',s') \<in> set ss. (pc' \<noteq> pc+1 \<longrightarrow> s' <=_r (c!pc'))"
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	159	(is "\<And>x. ?set ss \<Longrightarrow> ?merge ss x \<Longrightarrow> ?P ss")
13062 4b1edf2f6bd2 small refactoring for lbv with semilattices kleing parents: 13006 diff changeset	160	proof (induct ss)
4b1edf2f6bd2 small refactoring for lbv with semilattices kleing parents: 13006 diff changeset	161	show "?P []" by simp
4b1edf2f6bd2 small refactoring for lbv with semilattices kleing parents: 13006 diff changeset	162	next
13078 1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	163	fix x ls l
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	164	assume "?set (l#ls)" then obtain set: "snd`set ls \<subseteq> A" by simp
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	165	assume merge: "?merge (l#ls) x"
13062 4b1edf2f6bd2 small refactoring for lbv with semilattices kleing parents: 13006 diff changeset	166	moreover
23464 bc2563c37b1a tuned proofs -- avoid implicit prems; wenzelm parents: 23281 diff changeset	167	obtain pc' s' where l: "l = (pc',s')" by (cases l)
13062 4b1edf2f6bd2 small refactoring for lbv with semilattices kleing parents: 13006 diff changeset	168	ultimately
23464 bc2563c37b1a tuned proofs -- avoid implicit prems; wenzelm parents: 23281 diff changeset	169	obtain x' where merge': "?merge ls x'" by simp
bc2563c37b1a tuned proofs -- avoid implicit prems; wenzelm parents: 23281 diff changeset	170	assume "\<And>x. ?set ls \<Longrightarrow> ?merge ls x \<Longrightarrow> ?P ls" hence "?P ls" using set merge' .
13062 4b1edf2f6bd2 small refactoring for lbv with semilattices kleing parents: 13006 diff changeset	171	moreover
13078 1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	172	from merge set
23464 bc2563c37b1a tuned proofs -- avoid implicit prems; wenzelm parents: 23281 diff changeset	173	have "pc' \<noteq> pc+1 \<longrightarrow> s' <=_r (c!pc')" by (simp add: l split: split_if_asm)
13062 4b1edf2f6bd2 small refactoring for lbv with semilattices kleing parents: 13006 diff changeset	174	ultimately
23464 bc2563c37b1a tuned proofs -- avoid implicit prems; wenzelm parents: 23281 diff changeset	175	show "?P (l#ls)" by (simp add: l)
13062 4b1edf2f6bd2 small refactoring for lbv with semilattices kleing parents: 13006 diff changeset	176	qed
4b1edf2f6bd2 small refactoring for lbv with semilattices kleing parents: 13006 diff changeset	177
9012 d1bd2144ab5d switched to Isar proofs kleing parents: 8390 diff changeset	178
13078 1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	179	lemma (in lbv) merge_def:
13062 4b1edf2f6bd2 small refactoring for lbv with semilattices kleing parents: 13006 diff changeset	180	shows
13078 1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	181	"\<And>x. x \<in> A \<Longrightarrow> snd`set ss \<subseteq> A \<Longrightarrow>
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	182	merge c pc ss x =
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	183	(if \<forall>(pc',s') \<in> set ss. pc'\<noteq>pc+1 \<longrightarrow> s' <=_r c!pc' then
23281 e26ec695c9b3 changed filter syntax from : to <- nipkow parents: 16417 diff changeset	184	map snd [(p',t') \<leftarrow> ss. p'=pc+1] ++_f x
13078 1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	185	else \<top>)"
13062 4b1edf2f6bd2 small refactoring for lbv with semilattices kleing parents: 13006 diff changeset	186	(is "\<And>x. _ \<Longrightarrow> _ \<Longrightarrow> ?merge ss x = ?if ss x" is "\<And>x. _ \<Longrightarrow> _ \<Longrightarrow> ?P ss x")
4b1edf2f6bd2 small refactoring for lbv with semilattices kleing parents: 13006 diff changeset	187	proof (induct ss)
4b1edf2f6bd2 small refactoring for lbv with semilattices kleing parents: 13006 diff changeset	188	fix x show "?P [] x" by simp
4b1edf2f6bd2 small refactoring for lbv with semilattices kleing parents: 13006 diff changeset	189	next
13078 1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	190	fix x assume x: "x \<in> A"
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	191	fix l::"nat \<times> 'a" and ls
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	192	assume "snd`set (l#ls) \<subseteq> A"
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	193	then obtain l: "snd l \<in> A" and ls: "snd`set ls \<subseteq> A" by auto
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	194	assume "\<And>x. x \<in> A \<Longrightarrow> snd`set ls \<subseteq> A \<Longrightarrow> ?P ls x"
23464 bc2563c37b1a tuned proofs -- avoid implicit prems; wenzelm parents: 23281 diff changeset	195	hence IH: "\<And>x. x \<in> A \<Longrightarrow> ?P ls x" using ls by iprover
13062 4b1edf2f6bd2 small refactoring for lbv with semilattices kleing parents: 13006 diff changeset	196	obtain pc' s' where [simp]: "l = (pc',s')" by (cases l)
4b1edf2f6bd2 small refactoring for lbv with semilattices kleing parents: 13006 diff changeset	197	hence "?merge (l#ls) x = ?merge ls
13078 1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	198	(if pc'=pc+1 then s' +_f x else if s' <=_r c!pc' then x else \<top>)"
13062 4b1edf2f6bd2 small refactoring for lbv with semilattices kleing parents: 13006 diff changeset	199	(is "?merge (l#ls) x = ?merge ls ?if'")
4b1edf2f6bd2 small refactoring for lbv with semilattices kleing parents: 13006 diff changeset	200	by simp
4b1edf2f6bd2 small refactoring for lbv with semilattices kleing parents: 13006 diff changeset	201	also have "\<dots> = ?if ls ?if'"
4b1edf2f6bd2 small refactoring for lbv with semilattices kleing parents: 13006 diff changeset	202	proof -
13078 1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	203	from l have "s' \<in> A" by simp
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	204	with x have "s' +_f x \<in> A" by simp
23464 bc2563c37b1a tuned proofs -- avoid implicit prems; wenzelm parents: 23281 diff changeset	205	with x T_A have "?if' \<in> A" by auto
13062 4b1edf2f6bd2 small refactoring for lbv with semilattices kleing parents: 13006 diff changeset	206	hence "?P ls ?if'" by (rule IH) thus ?thesis by simp
4b1edf2f6bd2 small refactoring for lbv with semilattices kleing parents: 13006 diff changeset	207	qed
4b1edf2f6bd2 small refactoring for lbv with semilattices kleing parents: 13006 diff changeset	208	also have "\<dots> = ?if (l#ls) x"
13078 1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	209	proof (cases "\<forall>(pc', s')\<in>set (l#ls). pc'\<noteq>pc+1 \<longrightarrow> s' <=_r c!pc'")
13062 4b1edf2f6bd2 small refactoring for lbv with semilattices kleing parents: 13006 diff changeset	210	case True
13078 1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	211	hence "\<forall>(pc', s')\<in>set ls. pc'\<noteq>pc+1 \<longrightarrow> s' <=_r c!pc'" by auto
13062 4b1edf2f6bd2 small refactoring for lbv with semilattices kleing parents: 13006 diff changeset	212	moreover
4b1edf2f6bd2 small refactoring for lbv with semilattices kleing parents: 13006 diff changeset	213	from True have
23281 e26ec695c9b3 changed filter syntax from : to <- nipkow parents: 16417 diff changeset	214	"map snd [(p',t')\<leftarrow>ls . p'=pc+1] ++_f ?if' =
e26ec695c9b3 changed filter syntax from : to <- nipkow parents: 16417 diff changeset	215	(map snd [(p',t')\<leftarrow>l#ls . p'=pc+1] ++_f x)"
13062 4b1edf2f6bd2 small refactoring for lbv with semilattices kleing parents: 13006 diff changeset	216	by simp
4b1edf2f6bd2 small refactoring for lbv with semilattices kleing parents: 13006 diff changeset	217	ultimately
4b1edf2f6bd2 small refactoring for lbv with semilattices kleing parents: 13006 diff changeset	218	show ?thesis using True by simp
4b1edf2f6bd2 small refactoring for lbv with semilattices kleing parents: 13006 diff changeset	219	next
13078 1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	220	case False
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	221	moreover
23281 e26ec695c9b3 changed filter syntax from : to <- nipkow parents: 16417 diff changeset	222	from ls have "set (map snd [(p', t')\<leftarrow>ls . p' = Suc pc]) \<subseteq> A" by auto
13078 1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	223	ultimately show ?thesis by auto
13062 4b1edf2f6bd2 small refactoring for lbv with semilattices kleing parents: 13006 diff changeset	224	qed
4b1edf2f6bd2 small refactoring for lbv with semilattices kleing parents: 13006 diff changeset	225	finally show "?P (l#ls) x" .
4b1edf2f6bd2 small refactoring for lbv with semilattices kleing parents: 13006 diff changeset	226	qed
4b1edf2f6bd2 small refactoring for lbv with semilattices kleing parents: 13006 diff changeset	227
13078 1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	228	lemma (in lbv) merge_not_top_s:
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	229	assumes x: "x \<in> A" and ss: "snd`set ss \<subseteq> A"
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	230	assumes m: "merge c pc ss x \<noteq> \<top>"
23281 e26ec695c9b3 changed filter syntax from : to <- nipkow parents: 16417 diff changeset	231	shows "merge c pc ss x = (map snd [(p',t') \<leftarrow> ss. p'=pc+1] ++_f x)"
13062 4b1edf2f6bd2 small refactoring for lbv with semilattices kleing parents: 13006 diff changeset	232	proof -
13078 1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	233	from ss m have "\<forall>(pc',s') \<in> set ss. (pc' \<noteq> pc+1 \<longrightarrow> s' <=_r c!pc')"
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	234	by (rule merge_not_top)
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	235	with x ss m show ?thesis by - (drule merge_def, auto split: split_if_asm)
13062 4b1edf2f6bd2 small refactoring for lbv with semilattices kleing parents: 13006 diff changeset	236	qed
4b1edf2f6bd2 small refactoring for lbv with semilattices kleing parents: 13006 diff changeset	237
4b1edf2f6bd2 small refactoring for lbv with semilattices kleing parents: 13006 diff changeset	238	section "wtl-inst-list"
10042 7164dc0d24d8 unsymbolized kleing parents: 9757 diff changeset	239
10812 ead84e90bfeb merged semilattice orders with <=' from Convert.thy (now defined in JVMType.thy) kleing parents: 10638 diff changeset	240	lemmas [iff] = not_Err_eq
ead84e90bfeb merged semilattice orders with <=' from Convert.thy (now defined in JVMType.thy) kleing parents: 10638 diff changeset	241
13078 1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	242	lemma (in lbv) wtl_Nil [simp]: "wtl [] c pc s = s"
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	243	by (simp add: wtl_def)
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	244
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	245	lemma (in lbv) wtl_Cons [simp]:
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	246	"wtl (i#is) c pc s =
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	247	(let s' = wtc c pc s in if s' = \<top> \<or> s = \<top> then \<top> else wtl is c (pc+1) s')"
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	248	by (simp add: wtl_def wtc_def)
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	249
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	250	lemma (in lbv) wtl_Cons_not_top:
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	251	"wtl (i#is) c pc s \<noteq> \<top> =
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	252	(wtc c pc s \<noteq> \<top> \<and> s \<noteq> T \<and> wtl is c (pc+1) (wtc c pc s) \<noteq> \<top>)"
10812 ead84e90bfeb merged semilattice orders with <=' from Convert.thy (now defined in JVMType.thy) kleing parents: 10638 diff changeset	253	by (auto simp del: split_paired_Ex)
9549 40d64cb4f4e6 BV and LBV specified in terms of app and step functions kleing parents: 9376 diff changeset	254
13078 1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	255	lemma (in lbv) wtl_top [simp]: "wtl ls c pc \<top> = \<top>"
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	256	by (cases ls) auto
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	257
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	258	lemma (in lbv) wtl_not_top:
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	259	"wtl ls c pc s \<noteq> \<top> \<Longrightarrow> s \<noteq> \<top>"
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	260	by (cases "s=\<top>") auto
9012 d1bd2144ab5d switched to Isar proofs kleing parents: 8390 diff changeset	261
13078 1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	262	lemma (in lbv) wtl_append [simp]:
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	263	"\<And>pc s. wtl (a@b) c pc s = wtl b c (pc+length a) (wtl a c pc s)"
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	264	by (induct a) auto
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	265
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	266	lemma (in lbv) wtl_take:
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	267	"wtl is c pc s \<noteq> \<top> \<Longrightarrow> wtl (take pc' is) c pc s \<noteq> \<top>"
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	268	(is "?wtl is \<noteq> _ \<Longrightarrow> _")
9183 cd4494dc789a tuned for ProofGeneral 3.2 kleing parents: 9054 diff changeset	269	proof -
13078 1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	270	assume "?wtl is \<noteq> \<top>"
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	271	hence "?wtl (take pc' is @ drop pc' is) \<noteq> \<top>" by simp
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	272	thus ?thesis by (auto dest!: wtl_not_top simp del: append_take_drop_id)
9757 1024a2d80ac0 functional LBV style, dead code, type safety -> Isar kleing parents: 9664 diff changeset	273	qed
9012 d1bd2144ab5d switched to Isar proofs kleing parents: 8390 diff changeset	274
9757 1024a2d80ac0 functional LBV style, dead code, type safety -> Isar kleing parents: 9664 diff changeset	275	lemma take_Suc:
13078 1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	276	"\<forall>n. n < length l \<longrightarrow> take (Suc n) l = (take n l)@[l!n]" (is "?P l")
9757 1024a2d80ac0 functional LBV style, dead code, type safety -> Isar kleing parents: 9664 diff changeset	277	proof (induct l)
1024a2d80ac0 functional LBV style, dead code, type safety -> Isar kleing parents: 9664 diff changeset	278	show "?P []" by simp
12516 d09d0f160888 exceptions kleing parents: 11085 diff changeset	279	next
d09d0f160888 exceptions kleing parents: 11085 diff changeset	280	fix x xs assume IH: "?P xs"
9757 1024a2d80ac0 functional LBV style, dead code, type safety -> Isar kleing parents: 9664 diff changeset	281	show "?P (x#xs)"
1024a2d80ac0 functional LBV style, dead code, type safety -> Isar kleing parents: 9664 diff changeset	282	proof (intro strip)
12516 d09d0f160888 exceptions kleing parents: 11085 diff changeset	283	fix n assume "n < length (x#xs)"
d09d0f160888 exceptions kleing parents: 11085 diff changeset	284	with IH show "take (Suc n) (x # xs) = take n (x # xs) @ [(x # xs) ! n]"
d09d0f160888 exceptions kleing parents: 11085 diff changeset	285	by (cases n, auto)
9183 cd4494dc789a tuned for ProofGeneral 3.2 kleing parents: 9054 diff changeset	286	qed
cd4494dc789a tuned for ProofGeneral 3.2 kleing parents: 9054 diff changeset	287	qed
9012 d1bd2144ab5d switched to Isar proofs kleing parents: 8390 diff changeset	288
13078 1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	289	lemma (in lbv) wtl_Suc:
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	290	assumes suc: "pc+1 < length is"
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	291	assumes wtl: "wtl (take pc is) c 0 s \<noteq> \<top>"
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	292	shows "wtl (take (pc+1) is) c 0 s = wtc c pc (wtl (take pc is) c 0 s)"
9183 cd4494dc789a tuned for ProofGeneral 3.2 kleing parents: 9054 diff changeset	293	proof -
13062 4b1edf2f6bd2 small refactoring for lbv with semilattices kleing parents: 13006 diff changeset	294	from suc have "take (pc+1) is=(take pc is)@[is!pc]" by (simp add: take_Suc)
32642 026e7c6a6d08 be more cautious wrt. simp rules: inf_absorb1, inf_absorb2, sup_absorb1, sup_absorb2 are no simp rules by default any longer haftmann parents: 32443 diff changeset	295	with suc wtl show ?thesis by (simp add: min_max.inf_absorb2)
9183 cd4494dc789a tuned for ProofGeneral 3.2 kleing parents: 9054 diff changeset	296	qed
9012 d1bd2144ab5d switched to Isar proofs kleing parents: 8390 diff changeset	297
13078 1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	298	lemma (in lbv) wtl_all:
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	299	assumes all: "wtl is c 0 s \<noteq> \<top>" (is "?wtl is \<noteq> _")
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	300	assumes pc: "pc < length is"
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	301	shows "wtc c pc (wtl (take pc is) c 0 s) \<noteq> \<top>"
9183 cd4494dc789a tuned for ProofGeneral 3.2 kleing parents: 9054 diff changeset	302	proof -
13062 4b1edf2f6bd2 small refactoring for lbv with semilattices kleing parents: 13006 diff changeset	303	from pc have "0 < length (drop pc is)" by simp
12516 d09d0f160888 exceptions kleing parents: 11085 diff changeset	304	then obtain i r where Cons: "drop pc is = i#r"
15109 bba563cdd997 proof mod nipkow parents: 13365 diff changeset	305	by (auto simp add: neq_Nil_conv simp del: length_drop drop_eq_Nil)
9757 1024a2d80ac0 functional LBV style, dead code, type safety -> Isar kleing parents: 9664 diff changeset	306	hence "i#r = drop pc is" ..
13078 1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	307	with all have take: "?wtl (take pc is@i#r) \<noteq> \<top>" by simp
12516 d09d0f160888 exceptions kleing parents: 11085 diff changeset	308	from pc have "is!pc = drop pc is ! 0" by simp
d09d0f160888 exceptions kleing parents: 11085 diff changeset	309	with Cons have "is!pc = i" by simp
32642 026e7c6a6d08 be more cautious wrt. simp rules: inf_absorb1, inf_absorb2, sup_absorb1, sup_absorb2 are no simp rules by default any longer haftmann parents: 32443 diff changeset	310	with take pc show ?thesis by (auto simp add: min_max.inf_absorb2)
9183 cd4494dc789a tuned for ProofGeneral 3.2 kleing parents: 9054 diff changeset	311	qed
9012 d1bd2144ab5d switched to Isar proofs kleing parents: 8390 diff changeset	312
13062 4b1edf2f6bd2 small refactoring for lbv with semilattices kleing parents: 13006 diff changeset	313	section "preserves-type"
4b1edf2f6bd2 small refactoring for lbv with semilattices kleing parents: 13006 diff changeset	314
13078 1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	315	lemma (in lbv) merge_pres:
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	316	assumes s0: "snd`set ss \<subseteq> A" and x: "x \<in> A"
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	317	shows "merge c pc ss x \<in> A"
13062 4b1edf2f6bd2 small refactoring for lbv with semilattices kleing parents: 13006 diff changeset	318	proof -
23281 e26ec695c9b3 changed filter syntax from : to <- nipkow parents: 16417 diff changeset	319	from s0 have "set (map snd [(p', t')\<leftarrow>ss . p'=pc+1]) \<subseteq> A" by auto
e26ec695c9b3 changed filter syntax from : to <- nipkow parents: 16417 diff changeset	320	with x have "(map snd [(p', t')\<leftarrow>ss . p'=pc+1] ++_f x) \<in> A"
23464 bc2563c37b1a tuned proofs -- avoid implicit prems; wenzelm parents: 23281 diff changeset	321	by (auto intro!: plusplus_closed semilat)
13078 1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	322	with s0 x show ?thesis by (simp add: merge_def T_A)
13062 4b1edf2f6bd2 small refactoring for lbv with semilattices kleing parents: 13006 diff changeset	323	qed
4b1edf2f6bd2 small refactoring for lbv with semilattices kleing parents: 13006 diff changeset	324
4b1edf2f6bd2 small refactoring for lbv with semilattices kleing parents: 13006 diff changeset	325
13078 1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	326	lemma pres_typeD2:
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	327	"pres_type step n A \<Longrightarrow> s \<in> A \<Longrightarrow> p < n \<Longrightarrow> snd`set (step p s) \<subseteq> A"
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	328	by auto (drule pres_typeD)
13062 4b1edf2f6bd2 small refactoring for lbv with semilattices kleing parents: 13006 diff changeset	329
13078 1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	330
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	331	lemma (in lbv) wti_pres [intro?]:
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	332	assumes pres: "pres_type step n A"
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	333	assumes cert: "c!(pc+1) \<in> A"
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	334	assumes s_pc: "s \<in> A" "pc < n"
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	335	shows "wti c pc s \<in> A"
13062 4b1edf2f6bd2 small refactoring for lbv with semilattices kleing parents: 13006 diff changeset	336	proof -
13078 1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	337	from pres s_pc have "snd`set (step pc s) \<subseteq> A" by (rule pres_typeD2)
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	338	with cert show ?thesis by (simp add: wti merge_pres)
13062 4b1edf2f6bd2 small refactoring for lbv with semilattices kleing parents: 13006 diff changeset	339	qed
4b1edf2f6bd2 small refactoring for lbv with semilattices kleing parents: 13006 diff changeset	340
4b1edf2f6bd2 small refactoring for lbv with semilattices kleing parents: 13006 diff changeset	341
13078 1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	342	lemma (in lbv) wtc_pres:
23464 bc2563c37b1a tuned proofs -- avoid implicit prems; wenzelm parents: 23281 diff changeset	343	assumes pres: "pres_type step n A"
bc2563c37b1a tuned proofs -- avoid implicit prems; wenzelm parents: 23281 diff changeset	344	assumes cert: "c!pc \<in> A" and cert': "c!(pc+1) \<in> A"
bc2563c37b1a tuned proofs -- avoid implicit prems; wenzelm parents: 23281 diff changeset	345	assumes s: "s \<in> A" and pc: "pc < n"
13078 1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	346	shows "wtc c pc s \<in> A"
13062 4b1edf2f6bd2 small refactoring for lbv with semilattices kleing parents: 13006 diff changeset	347	proof -
23464 bc2563c37b1a tuned proofs -- avoid implicit prems; wenzelm parents: 23281 diff changeset	348	have "wti c pc s \<in> A" using pres cert' s pc ..
bc2563c37b1a tuned proofs -- avoid implicit prems; wenzelm parents: 23281 diff changeset	349	moreover have "wti c pc (c!pc) \<in> A" using pres cert' cert pc ..
13078 1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	350	ultimately show ?thesis using T_A by (simp add: wtc)
13062 4b1edf2f6bd2 small refactoring for lbv with semilattices kleing parents: 13006 diff changeset	351	qed
4b1edf2f6bd2 small refactoring for lbv with semilattices kleing parents: 13006 diff changeset	352
13078 1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	353
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	354	lemma (in lbv) wtl_pres:
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	355	assumes pres: "pres_type step (length is) A"
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	356	assumes cert: "cert_ok c (length is) \<top> \<bottom> A"
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	357	assumes s: "s \<in> A"
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	358	assumes all: "wtl is c 0 s \<noteq> \<top>"
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	359	shows "pc < length is \<Longrightarrow> wtl (take pc is) c 0 s \<in> A"
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	360	(is "?len pc \<Longrightarrow> ?wtl pc \<in> A")
13062 4b1edf2f6bd2 small refactoring for lbv with semilattices kleing parents: 13006 diff changeset	361	proof (induct pc)
13078 1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	362	from s show "?wtl 0 \<in> A" by simp
13062 4b1edf2f6bd2 small refactoring for lbv with semilattices kleing parents: 13006 diff changeset	363	next
23464 bc2563c37b1a tuned proofs -- avoid implicit prems; wenzelm parents: 23281 diff changeset	364	fix n assume IH: "Suc n < length is"
bc2563c37b1a tuned proofs -- avoid implicit prems; wenzelm parents: 23281 diff changeset	365	then have n: "n < length is" by simp
bc2563c37b1a tuned proofs -- avoid implicit prems; wenzelm parents: 23281 diff changeset	366	from IH have n1: "n+1 < length is" by simp
bc2563c37b1a tuned proofs -- avoid implicit prems; wenzelm parents: 23281 diff changeset	367	assume prem: "n < length is \<Longrightarrow> ?wtl n \<in> A"
bc2563c37b1a tuned proofs -- avoid implicit prems; wenzelm parents: 23281 diff changeset	368	have "wtc c n (?wtl n) \<in> A"
bc2563c37b1a tuned proofs -- avoid implicit prems; wenzelm parents: 23281 diff changeset	369	using pres _ _ _ n
bc2563c37b1a tuned proofs -- avoid implicit prems; wenzelm parents: 23281 diff changeset	370	proof (rule wtc_pres)
bc2563c37b1a tuned proofs -- avoid implicit prems; wenzelm parents: 23281 diff changeset	371	from prem n show "?wtl n \<in> A" .
bc2563c37b1a tuned proofs -- avoid implicit prems; wenzelm parents: 23281 diff changeset	372	from cert n show "c!n \<in> A" by (rule cert_okD1)
bc2563c37b1a tuned proofs -- avoid implicit prems; wenzelm parents: 23281 diff changeset	373	from cert n1 show "c!(n+1) \<in> A" by (rule cert_okD1)
bc2563c37b1a tuned proofs -- avoid implicit prems; wenzelm parents: 23281 diff changeset	374	qed
13078 1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	375	also
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	376	from all n have "?wtl n \<noteq> \<top>" by - (rule wtl_take)
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	377	with n1 have "wtc c n (?wtl n) = ?wtl (n+1)" by (rule wtl_Suc [symmetric])
1dd711c6b93c flattened, uses locales kleing parents: 13074 diff changeset	378	finally show "?wtl (Suc n) \<in> A" by simp
13062 4b1edf2f6bd2 small refactoring for lbv with semilattices kleing parents: 13006 diff changeset	379	qed
4b1edf2f6bd2 small refactoring for lbv with semilattices kleing parents: 13006 diff changeset	380
9183 cd4494dc789a tuned for ProofGeneral 3.2 kleing parents: 9054 diff changeset	381	end

author	bulwahn
	Thu, 12 Nov 2009 20:38:57 +0100
changeset 33649	854173fcd21c
parent 32642	026e7c6a6d08
permissions	-rw-r--r--