isabelle: src/HOL/Bali/AxSem.thy@af4c18c30593 (annotated)

12857 a4386cc9b1c3 tuned header; wenzelm parents: 12854 diff changeset	1	(* Title: HOL/Bali/AxSem.thy
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	2	ID: $Id$
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	3	Author: David von Oheimb
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	4	*)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	5
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	6	header {* Axiomatic semantics of Java expressions and statements
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	7	(see also Eval.thy)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	8	*}
16417 9bc16273c2d4 migrated theory headers to new format haftmann parents: 14981 diff changeset	9	theory AxSem imports Evaln TypeSafe begin
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	10
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	11	text {*
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	12	design issues:
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	13	\begin{itemize}
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	14	\item a strong version of validity for triples with premises, namely one that
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	15	takes the recursive depth needed to complete execution, enables
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	16	correctness proof
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	17	\item auxiliary variables are handled first-class (-> Thomas Kleymann)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	18	\item expressions not flattened to elementary assignments (as usual for
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	19	axiomatic semantics) but treated first-class => explicit result value
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	20	handling
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	21	\item intermediate values not on triple, but on assertion level
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	22	(with result entry)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	23	\item multiple results with semantical substitution mechnism not requiring a
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	24	stack
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	25	\item because of dynamic method binding, terms need to be dependent on state.
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	26	this is also useful for conditional expressions and statements
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	27	\item result values in triples exactly as in eval relation (also for xcpt
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	28	states)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	29	\item validity: additional assumption of state conformance and well-typedness,
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	30	which is required for soundness and thus rule hazard required of completeness
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	31	\end{itemize}
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	32
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	33	restrictions:
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	34	\begin{itemize}
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	35	\item all triples in a derivation are of the same type (due to weak
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	36	polymorphism)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	37	\end{itemize}
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	38	*}
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	39
13688 a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	40	types res = vals --{* result entry *}
35067 af4c18c30593 modernized syntax translations, using mostly abbreviation/notation; wenzelm parents: 32960 diff changeset	41
af4c18c30593 modernized syntax translations, using mostly abbreviation/notation; wenzelm parents: 32960 diff changeset	42	abbreviation (input)
af4c18c30593 modernized syntax translations, using mostly abbreviation/notation; wenzelm parents: 32960 diff changeset	43	Val where "Val x == In1 x"
af4c18c30593 modernized syntax translations, using mostly abbreviation/notation; wenzelm parents: 32960 diff changeset	44
af4c18c30593 modernized syntax translations, using mostly abbreviation/notation; wenzelm parents: 32960 diff changeset	45	abbreviation (input)
af4c18c30593 modernized syntax translations, using mostly abbreviation/notation; wenzelm parents: 32960 diff changeset	46	Var where "Var x == In2 x"
af4c18c30593 modernized syntax translations, using mostly abbreviation/notation; wenzelm parents: 32960 diff changeset	47
af4c18c30593 modernized syntax translations, using mostly abbreviation/notation; wenzelm parents: 32960 diff changeset	48	abbreviation (input)
af4c18c30593 modernized syntax translations, using mostly abbreviation/notation; wenzelm parents: 32960 diff changeset	49	Vals where "Vals x == In3 x"
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	50
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	51	syntax
24783 5a3e336a2e37 avoid internal names; wenzelm parents: 24038 diff changeset	52	"_Val" :: "[pttrn] => pttrn" ("Val:_" [951] 950)
5a3e336a2e37 avoid internal names; wenzelm parents: 24038 diff changeset	53	"_Var" :: "[pttrn] => pttrn" ("Var:_" [951] 950)
5a3e336a2e37 avoid internal names; wenzelm parents: 24038 diff changeset	54	"_Vals" :: "[pttrn] => pttrn" ("Vals:_" [951] 950)
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	55
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	56	translations
35067 af4c18c30593 modernized syntax translations, using mostly abbreviation/notation; wenzelm parents: 32960 diff changeset	57	"\<lambda>Val:v . b" == "(\<lambda>v. b) \<circ> CONST the_In1"
af4c18c30593 modernized syntax translations, using mostly abbreviation/notation; wenzelm parents: 32960 diff changeset	58	"\<lambda>Var:v . b" == "(\<lambda>v. b) \<circ> CONST the_In2"
af4c18c30593 modernized syntax translations, using mostly abbreviation/notation; wenzelm parents: 32960 diff changeset	59	"\<lambda>Vals:v. b" == "(\<lambda>v. b) \<circ> CONST the_In3"
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	60
13688 a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	61	--{* relation on result values, state and auxiliary variables *}
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	62	types 'a assn = "res \<Rightarrow> state \<Rightarrow> 'a \<Rightarrow> bool"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	63	translations
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	64	"res" <= (type) "AxSem.res"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	65	"a assn" <= (type) "vals \<Rightarrow> state \<Rightarrow> a \<Rightarrow> bool"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	66
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	67	constdefs
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	68	assn_imp :: "'a assn \<Rightarrow> 'a assn \<Rightarrow> bool" (infixr "\<Rightarrow>" 25)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	69	"P \<Rightarrow> Q \<equiv> \<forall>Y s Z. P Y s Z \<longrightarrow> Q Y s Z"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	70
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	71	lemma assn_imp_def2 [iff]: "(P \<Rightarrow> Q) = (\<forall>Y s Z. P Y s Z \<longrightarrow> Q Y s Z)"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	72	apply (unfold assn_imp_def)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	73	apply (rule HOL.refl)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	74	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	75
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	76
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	77	section "assertion transformers"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	78
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	79	subsection "peek-and"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	80
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	81	constdefs
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	82	peek_and :: "'a assn \<Rightarrow> (state \<Rightarrow> bool) \<Rightarrow> 'a assn" (infixl "\<and>." 13)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	83	"P \<and>. p \<equiv> \<lambda>Y s Z. P Y s Z \<and> p s"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	84
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	85	lemma peek_and_def2 [simp]: "peek_and P p Y s = (\<lambda>Z. (P Y s Z \<and> p s))"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	86	apply (unfold peek_and_def)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	87	apply (simp (no_asm))
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	88	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	89
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	90	lemma peek_and_Not [simp]: "(P \<and>. (\<lambda>s. \<not> f s)) = (P \<and>. Not \<circ> f)"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	91	apply (rule ext)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	92	apply (rule ext)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	93	apply (simp (no_asm))
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	94	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	95
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	96	lemma peek_and_and [simp]: "peek_and (peek_and P p) p = peek_and P p"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	97	apply (unfold peek_and_def)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	98	apply (simp (no_asm))
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	99	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	100
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	101	lemma peek_and_commut: "(P \<and>. p \<and>. q) = (P \<and>. q \<and>. p)"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	102	apply (rule ext)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	103	apply (rule ext)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	104	apply (rule ext)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	105	apply auto
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	106	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	107
35067 af4c18c30593 modernized syntax translations, using mostly abbreviation/notation; wenzelm parents: 32960 diff changeset	108	abbreviation
af4c18c30593 modernized syntax translations, using mostly abbreviation/notation; wenzelm parents: 32960 diff changeset	109	Normal :: "'a assn \<Rightarrow> 'a assn"
af4c18c30593 modernized syntax translations, using mostly abbreviation/notation; wenzelm parents: 32960 diff changeset	110	where "Normal P == P \<and>. normal"
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	111
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	112	lemma peek_and_Normal [simp]: "peek_and (Normal P) p = Normal (peek_and P p)"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	113	apply (rule ext)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	114	apply (rule ext)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	115	apply (rule ext)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	116	apply auto
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	117	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	118
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	119	subsection "assn-supd"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	120
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	121	constdefs
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	122	assn_supd :: "'a assn \<Rightarrow> (state \<Rightarrow> state) \<Rightarrow> 'a assn" (infixl ";." 13)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	123	"P ;. f \<equiv> \<lambda>Y s' Z. \<exists>s. P Y s Z \<and> s' = f s"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	124
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	125	lemma assn_supd_def2 [simp]: "assn_supd P f Y s' Z = (\<exists>s. P Y s Z \<and> s' = f s)"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	126	apply (unfold assn_supd_def)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	127	apply (simp (no_asm))
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	128	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	129
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	130	subsection "supd-assn"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	131
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	132	constdefs
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	133	supd_assn :: "(state \<Rightarrow> state) \<Rightarrow> 'a assn \<Rightarrow> 'a assn" (infixr ".;" 13)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	134	"f .; P \<equiv> \<lambda>Y s. P Y (f s)"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	135
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	136
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	137	lemma supd_assn_def2 [simp]: "(f .; P) Y s = P Y (f s)"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	138	apply (unfold supd_assn_def)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	139	apply (simp (no_asm))
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	140	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	141
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	142	lemma supd_assn_supdD [elim]: "((f .; Q) ;. f) Y s Z \<Longrightarrow> Q Y s Z"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	143	apply auto
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	144	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	145
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	146	lemma supd_assn_supdI [elim]: "Q Y s Z \<Longrightarrow> (f .; (Q ;. f)) Y s Z"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	147	apply (auto simp del: split_paired_Ex)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	148	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	149
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	150	subsection "subst-res"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	151
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	152	constdefs
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	153	subst_res :: "'a assn \<Rightarrow> res \<Rightarrow> 'a assn" ("_\<leftarrow>_" [60,61] 60)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	154	"P\<leftarrow>w \<equiv> \<lambda>Y. P w"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	155
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	156	lemma subst_res_def2 [simp]: "(P\<leftarrow>w) Y = P w"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	157	apply (unfold subst_res_def)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	158	apply (simp (no_asm))
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	159	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	160
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	161	lemma subst_subst_res [simp]: "P\<leftarrow>w\<leftarrow>v = P\<leftarrow>w"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	162	apply (rule ext)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	163	apply (simp (no_asm))
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	164	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	165
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	166	lemma peek_and_subst_res [simp]: "(P \<and>. p)\<leftarrow>w = (P\<leftarrow>w \<and>. p)"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	167	apply (rule ext)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	168	apply (rule ext)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	169	apply (simp (no_asm))
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	170	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	171
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	172	(*###Do not work for some strange (unification?) reason
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	173	lemma subst_res_Val_beta [simp]: "(\<lambda>Y. P (the_In1 Y))\<leftarrow>Val v = (\<lambda>Y. P v)"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	174	apply (rule ext)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	175	by simp
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	176
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	177	lemma subst_res_Var_beta [simp]: "(\<lambda>Y. P (the_In2 Y))\<leftarrow>Var vf = (\<lambda>Y. P vf)";
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	178	apply (rule ext)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	179	by simp
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	180
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	181	lemma subst_res_Vals_beta [simp]: "(\<lambda>Y. P (the_In3 Y))\<leftarrow>Vals vs = (\<lambda>Y. P vs)";
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	182	apply (rule ext)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	183	by simp
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	184	*)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	185
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	186	subsection "subst-Bool"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	187
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	188	constdefs
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	189	subst_Bool :: "'a assn \<Rightarrow> bool \<Rightarrow> 'a assn" ("_\<leftarrow>=_" [60,61] 60)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	190	"P\<leftarrow>=b \<equiv> \<lambda>Y s Z. \<exists>v. P (Val v) s Z \<and> (normal s \<longrightarrow> the_Bool v=b)"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	191
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	192	lemma subst_Bool_def2 [simp]:
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	193	"(P\<leftarrow>=b) Y s Z = (\<exists>v. P (Val v) s Z \<and> (normal s \<longrightarrow> the_Bool v=b))"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	194	apply (unfold subst_Bool_def)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	195	apply (simp (no_asm))
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	196	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	197
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	198	lemma subst_Bool_the_BoolI: "P (Val b) s Z \<Longrightarrow> (P\<leftarrow>=the_Bool b) Y s Z"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	199	apply auto
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	200	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	201
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	202	subsection "peek-res"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	203
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	204	constdefs
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	205	peek_res :: "(res \<Rightarrow> 'a assn) \<Rightarrow> 'a assn"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	206	"peek_res Pf \<equiv> \<lambda>Y. Pf Y Y"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	207
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	208	syntax
35067 af4c18c30593 modernized syntax translations, using mostly abbreviation/notation; wenzelm parents: 32960 diff changeset	209	"_peek_res" :: "pttrn \<Rightarrow> 'a assn \<Rightarrow> 'a assn" ("\<lambda>_:. _" [0,3] 3)
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	210	translations
35067 af4c18c30593 modernized syntax translations, using mostly abbreviation/notation; wenzelm parents: 32960 diff changeset	211	"\<lambda>w:. P" == "CONST peek_res (\<lambda>w. P)"
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	212
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	213	lemma peek_res_def2 [simp]: "peek_res P Y = P Y Y"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	214	apply (unfold peek_res_def)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	215	apply (simp (no_asm))
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	216	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	217
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	218	lemma peek_res_subst_res [simp]: "peek_res P\<leftarrow>w = P w\<leftarrow>w"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	219	apply (rule ext)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	220	apply (simp (no_asm))
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	221	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	222
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	223	(* unused *)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	224	lemma peek_subst_res_allI:
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	225	"(\<And>a. T a (P (f a)\<leftarrow>f a)) \<Longrightarrow> \<forall>a. T a (peek_res P\<leftarrow>f a)"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	226	apply (rule allI)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	227	apply (simp (no_asm))
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	228	apply fast
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	229	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	230
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	231	subsection "ign-res"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	232
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	233	constdefs
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	234	ign_res :: " 'a assn \<Rightarrow> 'a assn" ("_\<down>" [1000] 1000)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	235	"P\<down> \<equiv> \<lambda>Y s Z. \<exists>Y. P Y s Z"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	236
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	237	lemma ign_res_def2 [simp]: "P\<down> Y s Z = (\<exists>Y. P Y s Z)"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	238	apply (unfold ign_res_def)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	239	apply (simp (no_asm))
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	240	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	241
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	242	lemma ign_ign_res [simp]: "P\<down>\<down> = P\<down>"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	243	apply (rule ext)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	244	apply (rule ext)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	245	apply (rule ext)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	246	apply (simp (no_asm))
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	247	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	248
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	249	lemma ign_subst_res [simp]: "P\<down>\<leftarrow>w = P\<down>"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	250	apply (rule ext)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	251	apply (rule ext)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	252	apply (rule ext)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	253	apply (simp (no_asm))
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	254	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	255
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	256	lemma peek_and_ign_res [simp]: "(P \<and>. p)\<down> = (P\<down> \<and>. p)"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	257	apply (rule ext)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	258	apply (rule ext)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	259	apply (rule ext)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	260	apply (simp (no_asm))
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	261	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	262
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	263	subsection "peek-st"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	264
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	265	constdefs
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	266	peek_st :: "(st \<Rightarrow> 'a assn) \<Rightarrow> 'a assn"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	267	"peek_st P \<equiv> \<lambda>Y s. P (store s) Y s"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	268
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	269	syntax
35067 af4c18c30593 modernized syntax translations, using mostly abbreviation/notation; wenzelm parents: 32960 diff changeset	270	"_peek_st" :: "pttrn \<Rightarrow> 'a assn \<Rightarrow> 'a assn" ("\<lambda>_.. _" [0,3] 3)
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	271	translations
35067 af4c18c30593 modernized syntax translations, using mostly abbreviation/notation; wenzelm parents: 32960 diff changeset	272	"\<lambda>s.. P" == "CONST peek_st (\<lambda>s. P)"
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	273
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	274	lemma peek_st_def2 [simp]: "(\<lambda>s.. Pf s) Y s = Pf (store s) Y s"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	275	apply (unfold peek_st_def)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	276	apply (simp (no_asm))
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	277	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	278
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	279	lemma peek_st_triv [simp]: "(\<lambda>s.. P) = P"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	280	apply (rule ext)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	281	apply (rule ext)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	282	apply (simp (no_asm))
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	283	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	284
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	285	lemma peek_st_st [simp]: "(\<lambda>s.. \<lambda>s'.. P s s') = (\<lambda>s.. P s s)"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	286	apply (rule ext)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	287	apply (rule ext)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	288	apply (simp (no_asm))
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	289	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	290
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	291	lemma peek_st_split [simp]: "(\<lambda>s.. \<lambda>Y s'. P s Y s') = (\<lambda>Y s. P (store s) Y s)"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	292	apply (rule ext)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	293	apply (rule ext)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	294	apply (simp (no_asm))
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	295	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	296
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	297	lemma peek_st_subst_res [simp]: "(\<lambda>s.. P s)\<leftarrow>w = (\<lambda>s.. P s\<leftarrow>w)"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	298	apply (rule ext)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	299	apply (simp (no_asm))
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	300	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	301
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	302	lemma peek_st_Normal [simp]: "(\<lambda>s..(Normal (P s))) = Normal (\<lambda>s.. P s)"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	303	apply (rule ext)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	304	apply (rule ext)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	305	apply (simp (no_asm))
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	306	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	307
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	308	subsection "ign-res-eq"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	309
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	310	constdefs
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	311	ign_res_eq :: "'a assn \<Rightarrow> res \<Rightarrow> 'a assn" ("_\<down>=_" [60,61] 60)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	312	"P\<down>=w \<equiv> \<lambda>Y:. P\<down> \<and>. (\<lambda>s. Y=w)"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	313
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	314	lemma ign_res_eq_def2 [simp]: "(P\<down>=w) Y s Z = ((\<exists>Y. P Y s Z) \<and> Y=w)"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	315	apply (unfold ign_res_eq_def)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	316	apply auto
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	317	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	318
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	319	lemma ign_ign_res_eq [simp]: "(P\<down>=w)\<down> = P\<down>"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	320	apply (rule ext)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	321	apply (rule ext)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	322	apply (rule ext)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	323	apply (simp (no_asm))
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	324	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	325
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	326	(* unused *)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	327	lemma ign_res_eq_subst_res: "P\<down>=w\<leftarrow>w = P\<down>"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	328	apply (rule ext)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	329	apply (rule ext)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	330	apply (rule ext)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	331	apply (simp (no_asm))
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	332	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	333
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	334	(* unused *)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	335	lemma subst_Bool_ign_res_eq: "((P\<leftarrow>=b)\<down>=x) Y s Z = ((P\<leftarrow>=b) Y s Z \<and> Y=x)"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	336	apply (simp (no_asm))
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	337	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	338
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	339	subsection "RefVar"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	340
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	341	constdefs
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	342	RefVar :: "(state \<Rightarrow> vvar \<times> state) \<Rightarrow> 'a assn \<Rightarrow> 'a assn"(infixr "..;" 13)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	343	"vf ..; P \<equiv> \<lambda>Y s. let (v,s') = vf s in P (Var v) s'"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	344
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	345	lemma RefVar_def2 [simp]: "(vf ..; P) Y s =
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	346	P (Var (fst (vf s))) (snd (vf s))"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	347	apply (unfold RefVar_def Let_def)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	348	apply (simp (no_asm) add: split_beta)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	349	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	350
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	351	subsection "allocation"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	352
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	353	constdefs
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	354	Alloc :: "prog \<Rightarrow> obj_tag \<Rightarrow> 'a assn \<Rightarrow> 'a assn"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	355	"Alloc G otag P \<equiv> \<lambda>Y s Z.
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	356	\<forall>s' a. G\<turnstile>s \<midarrow>halloc otag\<succ>a\<rightarrow> s'\<longrightarrow> P (Val (Addr a)) s' Z"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	357
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	358	SXAlloc :: "prog \<Rightarrow> 'a assn \<Rightarrow> 'a assn"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	359	"SXAlloc G P \<equiv> \<lambda>Y s Z. \<forall>s'. G\<turnstile>s \<midarrow>sxalloc\<rightarrow> s' \<longrightarrow> P Y s' Z"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	360
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	361
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	362	lemma Alloc_def2 [simp]: "Alloc G otag P Y s Z =
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	363	(\<forall>s' a. G\<turnstile>s \<midarrow>halloc otag\<succ>a\<rightarrow> s'\<longrightarrow> P (Val (Addr a)) s' Z)"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	364	apply (unfold Alloc_def)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	365	apply (simp (no_asm))
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	366	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	367
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	368	lemma SXAlloc_def2 [simp]:
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	369	"SXAlloc G P Y s Z = (\<forall>s'. G\<turnstile>s \<midarrow>sxalloc\<rightarrow> s' \<longrightarrow> P Y s' Z)"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	370	apply (unfold SXAlloc_def)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	371	apply (simp (no_asm))
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	372	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	373
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	374	section "validity"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	375
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	376	constdefs
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	377	type_ok :: "prog \<Rightarrow> term \<Rightarrow> state \<Rightarrow> bool"
13688 a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	378	"type_ok G t s \<equiv>
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	379	\<exists>L T C A. (normal s \<longrightarrow> \<lparr>prg=G,cls=C,lcl=L\<rparr>\<turnstile>t\<Colon>T \<and>
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	380	\<lparr>prg=G,cls=C,lcl=L\<rparr>\<turnstile>dom (locals (store s))\<guillemotright>t\<guillemotright>A )
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	381	\<and> s\<Colon>\<preceq>(G,L)"
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	382
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	383	datatype 'a triple = triple "('a assn)" "term" "('a assn)" (** should be
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	384	something like triple = \<forall>'a. triple ('a assn) term ('a assn) **)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	385	("{(1_)}/ _>/ {(1_)}" [3,65,3]75)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	386	types 'a triples = "'a triple set"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	387
35067 af4c18c30593 modernized syntax translations, using mostly abbreviation/notation; wenzelm parents: 32960 diff changeset	388	abbreviation
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	389	var_triple :: "['a assn, var ,'a assn] \<Rightarrow> 'a triple"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	390	("{(1_)}/ _=>/ {(1_)}" [3,80,3] 75)
35067 af4c18c30593 modernized syntax translations, using mostly abbreviation/notation; wenzelm parents: 32960 diff changeset	391	where "{P} e=> {Q} == {P} In2 e> {Q}"
af4c18c30593 modernized syntax translations, using mostly abbreviation/notation; wenzelm parents: 32960 diff changeset	392
af4c18c30593 modernized syntax translations, using mostly abbreviation/notation; wenzelm parents: 32960 diff changeset	393	abbreviation
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	394	expr_triple :: "['a assn, expr ,'a assn] \<Rightarrow> 'a triple"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	395	("{(1_)}/ _->/ {(1_)}" [3,80,3] 75)
35067 af4c18c30593 modernized syntax translations, using mostly abbreviation/notation; wenzelm parents: 32960 diff changeset	396	where "{P} e-> {Q} == {P} In1l e> {Q}"
af4c18c30593 modernized syntax translations, using mostly abbreviation/notation; wenzelm parents: 32960 diff changeset	397
af4c18c30593 modernized syntax translations, using mostly abbreviation/notation; wenzelm parents: 32960 diff changeset	398	abbreviation
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	399	exprs_triple :: "['a assn, expr list ,'a assn] \<Rightarrow> 'a triple"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	400	("{(1_)}/ _#>/ {(1_)}" [3,65,3] 75)
35067 af4c18c30593 modernized syntax translations, using mostly abbreviation/notation; wenzelm parents: 32960 diff changeset	401	where "{P} e#> {Q} == {P} In3 e> {Q}"
af4c18c30593 modernized syntax translations, using mostly abbreviation/notation; wenzelm parents: 32960 diff changeset	402
af4c18c30593 modernized syntax translations, using mostly abbreviation/notation; wenzelm parents: 32960 diff changeset	403	abbreviation
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	404	stmt_triple :: "['a assn, stmt, 'a assn] \<Rightarrow> 'a triple"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	405	("{(1_)}/ ._./ {(1_)}" [3,65,3] 75)
35067 af4c18c30593 modernized syntax translations, using mostly abbreviation/notation; wenzelm parents: 32960 diff changeset	406	where "{P} .c. {Q} == {P} In1r c> {Q}"
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	407
35067 af4c18c30593 modernized syntax translations, using mostly abbreviation/notation; wenzelm parents: 32960 diff changeset	408	notation (xsymbols)
af4c18c30593 modernized syntax translations, using mostly abbreviation/notation; wenzelm parents: 32960 diff changeset	409	triple ("{(1_)}/ _\<succ>/ {(1_)}" [3,65,3] 75) and
af4c18c30593 modernized syntax translations, using mostly abbreviation/notation; wenzelm parents: 32960 diff changeset	410	var_triple ("{(1_)}/ _=\<succ>/ {(1_)}" [3,80,3] 75) and
af4c18c30593 modernized syntax translations, using mostly abbreviation/notation; wenzelm parents: 32960 diff changeset	411	expr_triple ("{(1_)}/ _-\<succ>/ {(1_)}" [3,80,3] 75) and
af4c18c30593 modernized syntax translations, using mostly abbreviation/notation; wenzelm parents: 32960 diff changeset	412	exprs_triple ("{(1_)}/ _\<doteq>\<succ>/ {(1_)}" [3,65,3] 75)
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	413
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	414	lemma inj_triple: "inj (\<lambda>(P,t,Q). {P} t\<succ> {Q})"
13585 db4005b40cc6 Converted Fun to Isar style. paulson parents: 13384 diff changeset	415	apply (rule inj_onI)
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	416	apply auto
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	417	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	418
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	419	lemma triple_inj_eq: "({P} t\<succ> {Q} = {P'} t'\<succ> {Q'} ) = (P=P' \<and> t=t' \<and> Q=Q')"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	420	apply auto
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	421	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	422
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	423	constdefs
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	424	mtriples :: "('c \<Rightarrow> 'sig \<Rightarrow> 'a assn) \<Rightarrow> ('c \<Rightarrow> 'sig \<Rightarrow> expr) \<Rightarrow>
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	425	('c \<Rightarrow> 'sig \<Rightarrow> 'a assn) \<Rightarrow> ('c \<times> 'sig) set \<Rightarrow> 'a triples"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	426	("{{(1_)}/ _-\<succ>/ {(1_)} \| _}"[3,65,3,65]75)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	427	"{{P} tf-\<succ> {Q} \| ms} \<equiv> (\<lambda>(C,sig). {Normal(P C sig)} tf C sig-\<succ> {Q C sig})`ms"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	428
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	429	consts
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	430
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	431	triple_valid :: "prog \<Rightarrow> nat \<Rightarrow> 'a triple \<Rightarrow> bool"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	432	( "_\<Turnstile>_:_" [61,0, 58] 57)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	433	ax_valids :: "prog \<Rightarrow> 'b triples \<Rightarrow> 'a triples \<Rightarrow> bool"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	434	("_,_\|\<Turnstile>_" [61,58,58] 57)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	435
35067 af4c18c30593 modernized syntax translations, using mostly abbreviation/notation; wenzelm parents: 32960 diff changeset	436	abbreviation
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	437	triples_valid:: "prog \<Rightarrow> nat \<Rightarrow> 'a triples \<Rightarrow> bool"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	438	( "_\|\|=_:_" [61,0, 58] 57)
35067 af4c18c30593 modernized syntax translations, using mostly abbreviation/notation; wenzelm parents: 32960 diff changeset	439	where "G\|\|=n:ts == Ball ts (triple_valid G n)"
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	440
35067 af4c18c30593 modernized syntax translations, using mostly abbreviation/notation; wenzelm parents: 32960 diff changeset	441	abbreviation
af4c18c30593 modernized syntax translations, using mostly abbreviation/notation; wenzelm parents: 32960 diff changeset	442	ax_valid :: "prog \<Rightarrow> 'b triples \<Rightarrow> 'a triple \<Rightarrow> bool"
af4c18c30593 modernized syntax translations, using mostly abbreviation/notation; wenzelm parents: 32960 diff changeset	443	( "_,_\|=_" [61,58,58] 57)
af4c18c30593 modernized syntax translations, using mostly abbreviation/notation; wenzelm parents: 32960 diff changeset	444	where "G,A \|=t == G,A\|\<Turnstile>{t}"
af4c18c30593 modernized syntax translations, using mostly abbreviation/notation; wenzelm parents: 32960 diff changeset	445
af4c18c30593 modernized syntax translations, using mostly abbreviation/notation; wenzelm parents: 32960 diff changeset	446	notation (xsymbols)
af4c18c30593 modernized syntax translations, using mostly abbreviation/notation; wenzelm parents: 32960 diff changeset	447	triples_valid ("_\|\<Turnstile>_:_" [61,0, 58] 57) and
af4c18c30593 modernized syntax translations, using mostly abbreviation/notation; wenzelm parents: 32960 diff changeset	448	ax_valid ("_,_\<Turnstile>_" [61,58,58] 57)
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	449
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	450	defs triple_valid_def: "G\<Turnstile>n:t \<equiv> case t of {P} t\<succ> {Q} \<Rightarrow>
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	451	\<forall>Y s Z. P Y s Z \<longrightarrow> type_ok G t s \<longrightarrow>
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	452	(\<forall>Y' s'. G\<turnstile>s \<midarrow>t\<succ>\<midarrow>n\<rightarrow> (Y',s') \<longrightarrow> Q Y' s' Z)"
35067 af4c18c30593 modernized syntax translations, using mostly abbreviation/notation; wenzelm parents: 32960 diff changeset	453
af4c18c30593 modernized syntax translations, using mostly abbreviation/notation; wenzelm parents: 32960 diff changeset	454	defs ax_valids_def:"G,A\|\<Turnstile>ts \<equiv> \<forall>n. G\|\<Turnstile>n:A \<longrightarrow> G\|\<Turnstile>n:ts"
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	455
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	456	lemma triple_valid_def2: "G\<Turnstile>n:{P} t\<succ> {Q} =
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	457	(\<forall>Y s Z. P Y s Z
13688 a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	458	\<longrightarrow> (\<exists>L. (normal s \<longrightarrow> (\<exists> C T A. \<lparr>prg=G,cls=C,lcl=L\<rparr>\<turnstile>t\<Colon>T \<and>
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	459	\<lparr>prg=G,cls=C,lcl=L\<rparr>\<turnstile>dom (locals (store s))\<guillemotright>t\<guillemotright>A)) \<and>
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	460	s\<Colon>\<preceq>(G,L))
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	461	\<longrightarrow> (\<forall>Y' s'. G\<turnstile>s \<midarrow>t\<succ>\<midarrow>n\<rightarrow> (Y',s')\<longrightarrow> Q Y' s' Z))"
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	462	apply (unfold triple_valid_def type_ok_def)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	463	apply (simp (no_asm))
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	464	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	465
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	466
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	467	declare split_paired_All [simp del] split_paired_Ex [simp del]
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	468	declare split_if [split del] split_if_asm [split del]
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	469	option.split [split del] option.split_asm [split del]
24019 67bde7cfcf10 tuned ML/simproc declarations; wenzelm parents: 23894 diff changeset	470	declaration {* K (Simplifier.map_ss (fn ss => ss delloop "split_all_tac")) *}
67bde7cfcf10 tuned ML/simproc declarations; wenzelm parents: 23894 diff changeset	471	declaration {* K (Classical.map_cs (fn cs => cs delSWrapper "split_all_tac")) *}
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	472
23747 b07cff284683 Renamed inductive2 to inductive. berghofe parents: 23563 diff changeset	473	inductive
21765 89275a3ed7be Adapted to new inductive definition package. berghofe parents: 20014 diff changeset	474	ax_derivs :: "prog \<Rightarrow> 'a triples \<Rightarrow> 'a triples \<Rightarrow> bool" ("_,_\|\<turnstile>_" [61,58,58] 57)
89275a3ed7be Adapted to new inductive definition package. berghofe parents: 20014 diff changeset	475	and ax_deriv :: "prog \<Rightarrow> 'a triples \<Rightarrow> 'a triple \<Rightarrow> bool" ("_,_\<turnstile>_" [61,58,58] 57)
89275a3ed7be Adapted to new inductive definition package. berghofe parents: 20014 diff changeset	476	for G :: prog
89275a3ed7be Adapted to new inductive definition package. berghofe parents: 20014 diff changeset	477	where
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	478
21765 89275a3ed7be Adapted to new inductive definition package. berghofe parents: 20014 diff changeset	479	"G,A \<turnstile>t \<equiv> G,A\|\<turnstile>{t}"
89275a3ed7be Adapted to new inductive definition package. berghofe parents: 20014 diff changeset	480
89275a3ed7be Adapted to new inductive definition package. berghofe parents: 20014 diff changeset	481	\| empty: " G,A\|\<turnstile>{}"
89275a3ed7be Adapted to new inductive definition package. berghofe parents: 20014 diff changeset	482	\| insert:"\<lbrakk>G,A\<turnstile>t; G,A\|\<turnstile>ts\<rbrakk> \<Longrightarrow>
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	483	G,A\|\<turnstile>insert t ts"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	484
21765 89275a3ed7be Adapted to new inductive definition package. berghofe parents: 20014 diff changeset	485	\| asm: "ts\<subseteq>A \<Longrightarrow> G,A\|\<turnstile>ts"
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	486
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	487	(* could be added for convenience and efficiency, but is not necessary
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	488	cut: "\<lbrakk>G,A'\|\<turnstile>ts; G,A\|\<turnstile>A'\<rbrakk> \<Longrightarrow>
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	489	G,A \|\<turnstile>ts"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	490	*)
21765 89275a3ed7be Adapted to new inductive definition package. berghofe parents: 20014 diff changeset	491	\| weaken:"\<lbrakk>G,A\|\<turnstile>ts'; ts \<subseteq> ts'\<rbrakk> \<Longrightarrow> G,A\|\<turnstile>ts"
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	492
21765 89275a3ed7be Adapted to new inductive definition package. berghofe parents: 20014 diff changeset	493	\| conseq:"\<forall>Y s Z . P Y s Z \<longrightarrow> (\<exists>P' Q'. G,A\<turnstile>{P'} t\<succ> {Q'} \<and> (\<forall>Y' s'.
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	494	(\<forall>Y Z'. P' Y s Z' \<longrightarrow> Q' Y' s' Z') \<longrightarrow>
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	495	Q Y' s' Z ))
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	496	\<Longrightarrow> G,A\<turnstile>{P } t\<succ> {Q }"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	497
21765 89275a3ed7be Adapted to new inductive definition package. berghofe parents: 20014 diff changeset	498	\| hazard:"G,A\<turnstile>{P \<and>. Not \<circ> type_ok G t} t\<succ> {Q}"
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	499
28524 644b62cf678f arbitrary is undefined haftmann parents: 27226 diff changeset	500	\| Abrupt: "G,A\<turnstile>{P\<leftarrow>(undefined3 t) \<and>. Not \<circ> normal} t\<succ> {P}"
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	501
13688 a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	502	--{* variables *}
21765 89275a3ed7be Adapted to new inductive definition package. berghofe parents: 20014 diff changeset	503	\| LVar: " G,A\<turnstile>{Normal (\<lambda>s.. P\<leftarrow>Var (lvar vn s))} LVar vn=\<succ> {P}"
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	504
21765 89275a3ed7be Adapted to new inductive definition package. berghofe parents: 20014 diff changeset	505	\| FVar: "\<lbrakk>G,A\<turnstile>{Normal P} .Init C. {Q};
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	506	G,A\<turnstile>{Q} e-\<succ> {\<lambda>Val:a:. fvar C stat fn a ..; R}\<rbrakk> \<Longrightarrow>
12925 99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid. schirmer parents: 12859 diff changeset	507	G,A\<turnstile>{Normal P} {accC,C,stat}e..fn=\<succ> {R}"
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	508
21765 89275a3ed7be Adapted to new inductive definition package. berghofe parents: 20014 diff changeset	509	\| AVar: "\<lbrakk>G,A\<turnstile>{Normal P} e1-\<succ> {Q};
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	510	\<forall>a. G,A\<turnstile>{Q\<leftarrow>Val a} e2-\<succ> {\<lambda>Val:i:. avar G i a ..; R}\<rbrakk> \<Longrightarrow>
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	511	G,A\<turnstile>{Normal P} e1.[e2]=\<succ> {R}"
13688 a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	512	--{* expressions *}
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	513
21765 89275a3ed7be Adapted to new inductive definition package. berghofe parents: 20014 diff changeset	514	\| NewC: "\<lbrakk>G,A\<turnstile>{Normal P} .Init C. {Alloc G (CInst C) Q}\<rbrakk> \<Longrightarrow>
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	515	G,A\<turnstile>{Normal P} NewC C-\<succ> {Q}"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	516
21765 89275a3ed7be Adapted to new inductive definition package. berghofe parents: 20014 diff changeset	517	\| NewA: "\<lbrakk>G,A\<turnstile>{Normal P} .init_comp_ty T. {Q}; G,A\<turnstile>{Q} e-\<succ>
32960 69916a850301 eliminated hard tabulators, guessing at each author's individual tab-width; wenzelm parents: 28524 diff changeset	518	{\<lambda>Val:i:. abupd (check_neg i) .; Alloc G (Arr T (the_Intg i)) R}\<rbrakk> \<Longrightarrow>
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	519	G,A\<turnstile>{Normal P} New T[e]-\<succ> {R}"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	520
21765 89275a3ed7be Adapted to new inductive definition package. berghofe parents: 20014 diff changeset	521	\| Cast: "\<lbrakk>G,A\<turnstile>{Normal P} e-\<succ> {\<lambda>Val:v:. \<lambda>s..
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	522	abupd (raise_if (\<not>G,s\<turnstile>v fits T) ClassCast) .; Q\<leftarrow>Val v}\<rbrakk> \<Longrightarrow>
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	523	G,A\<turnstile>{Normal P} Cast T e-\<succ> {Q}"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	524
21765 89275a3ed7be Adapted to new inductive definition package. berghofe parents: 20014 diff changeset	525	\| Inst: "\<lbrakk>G,A\<turnstile>{Normal P} e-\<succ> {\<lambda>Val:v:. \<lambda>s..
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	526	Q\<leftarrow>Val (Bool (v\<noteq>Null \<and> G,s\<turnstile>v fits RefT T))}\<rbrakk> \<Longrightarrow>
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	527	G,A\<turnstile>{Normal P} e InstOf T-\<succ> {Q}"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	528
21765 89275a3ed7be Adapted to new inductive definition package. berghofe parents: 20014 diff changeset	529	\| Lit: "G,A\<turnstile>{Normal (P\<leftarrow>Val v)} Lit v-\<succ> {P}"
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	530
21765 89275a3ed7be Adapted to new inductive definition package. berghofe parents: 20014 diff changeset	531	\| UnOp: "\<lbrakk>G,A\<turnstile>{Normal P} e-\<succ> {\<lambda>Val:v:. Q\<leftarrow>Val (eval_unop unop v)}\<rbrakk>
13337 f75dfc606ac7 Added unary and binary operations like (+,-,<, ...); Added smallstep semantics (no proofs about it yet). schirmer parents: 12925 diff changeset	532	\<Longrightarrow>
f75dfc606ac7 Added unary and binary operations like (+,-,<, ...); Added smallstep semantics (no proofs about it yet). schirmer parents: 12925 diff changeset	533	G,A\<turnstile>{Normal P} UnOp unop e-\<succ> {Q}"
f75dfc606ac7 Added unary and binary operations like (+,-,<, ...); Added smallstep semantics (no proofs about it yet). schirmer parents: 12925 diff changeset	534
21765 89275a3ed7be Adapted to new inductive definition package. berghofe parents: 20014 diff changeset	535	\| BinOp:
13337 f75dfc606ac7 Added unary and binary operations like (+,-,<, ...); Added smallstep semantics (no proofs about it yet). schirmer parents: 12925 diff changeset	536	"\<lbrakk>G,A\<turnstile>{Normal P} e1-\<succ> {Q};
13384 a34e38154413 Added conditional and (&&) and or (\|\|). schirmer parents: 13337 diff changeset	537	\<forall>v1. G,A\<turnstile>{Q\<leftarrow>Val v1}
a34e38154413 Added conditional and (&&) and or (\|\|). schirmer parents: 13337 diff changeset	538	(if need_second_arg binop v1 then (In1l e2) else (In1r Skip))\<succ>
a34e38154413 Added conditional and (&&) and or (\|\|). schirmer parents: 13337 diff changeset	539	{\<lambda>Val:v2:. R\<leftarrow>Val (eval_binop binop v1 v2)}\<rbrakk>
13337 f75dfc606ac7 Added unary and binary operations like (+,-,<, ...); Added smallstep semantics (no proofs about it yet). schirmer parents: 12925 diff changeset	540	\<Longrightarrow>
f75dfc606ac7 Added unary and binary operations like (+,-,<, ...); Added smallstep semantics (no proofs about it yet). schirmer parents: 12925 diff changeset	541	G,A\<turnstile>{Normal P} BinOp binop e1 e2-\<succ> {R}"
f75dfc606ac7 Added unary and binary operations like (+,-,<, ...); Added smallstep semantics (no proofs about it yet). schirmer parents: 12925 diff changeset	542
21765 89275a3ed7be Adapted to new inductive definition package. berghofe parents: 20014 diff changeset	543	\| Super:" G,A\<turnstile>{Normal (\<lambda>s.. P\<leftarrow>Val (val_this s))} Super-\<succ> {P}"
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	544
21765 89275a3ed7be Adapted to new inductive definition package. berghofe parents: 20014 diff changeset	545	\| Acc: "\<lbrakk>G,A\<turnstile>{Normal P} va=\<succ> {\<lambda>Var:(v,f):. Q\<leftarrow>Val v}\<rbrakk> \<Longrightarrow>
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	546	G,A\<turnstile>{Normal P} Acc va-\<succ> {Q}"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	547
21765 89275a3ed7be Adapted to new inductive definition package. berghofe parents: 20014 diff changeset	548	\| Ass: "\<lbrakk>G,A\<turnstile>{Normal P} va=\<succ> {Q};
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	549	\<forall>vf. G,A\<turnstile>{Q\<leftarrow>Var vf} e-\<succ> {\<lambda>Val:v:. assign (snd vf) v .; R}\<rbrakk> \<Longrightarrow>
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	550	G,A\<turnstile>{Normal P} va:=e-\<succ> {R}"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	551
21765 89275a3ed7be Adapted to new inductive definition package. berghofe parents: 20014 diff changeset	552	\| Cond: "\<lbrakk>G,A \<turnstile>{Normal P} e0-\<succ> {P'};
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	553	\<forall>b. G,A\<turnstile>{P'\<leftarrow>=b} (if b then e1 else e2)-\<succ> {Q}\<rbrakk> \<Longrightarrow>
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	554	G,A\<turnstile>{Normal P} e0 ? e1 : e2-\<succ> {Q}"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	555
21765 89275a3ed7be Adapted to new inductive definition package. berghofe parents: 20014 diff changeset	556	\| Call:
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	557	"\<lbrakk>G,A\<turnstile>{Normal P} e-\<succ> {Q}; \<forall>a. G,A\<turnstile>{Q\<leftarrow>Val a} args\<doteq>\<succ> {R a};
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	558	\<forall>a vs invC declC l. G,A\<turnstile>{(R a\<leftarrow>Vals vs \<and>.
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	559	(\<lambda>s. declC=invocation_declclass G mode (store s) a statT \<lparr>name=mn,parTs=pTs\<rparr> \<and>
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	560	invC = invocation_class mode (store s) a statT \<and>
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	561	l = locals (store s)) ;.
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	562	init_lvars G declC \<lparr>name=mn,parTs=pTs\<rparr> mode a vs) \<and>.
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	563	(\<lambda>s. normal s \<longrightarrow> G\<turnstile>mode\<rightarrow>invC\<preceq>statT)}
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	564	Methd declC \<lparr>name=mn,parTs=pTs\<rparr>-\<succ> {set_lvars l .; S}\<rbrakk> \<Longrightarrow>
12925 99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid. schirmer parents: 12859 diff changeset	565	G,A\<turnstile>{Normal P} {accC,statT,mode}e\<cdot>mn({pTs}args)-\<succ> {S}"
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	566
21765 89275a3ed7be Adapted to new inductive definition package. berghofe parents: 20014 diff changeset	567	\| Methd:"\<lbrakk>G,A\<union> {{P} Methd-\<succ> {Q} \| ms} \|\<turnstile> {{P} body G-\<succ> {Q} \| ms}\<rbrakk> \<Longrightarrow>
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	568	G,A\|\<turnstile>{{P} Methd-\<succ> {Q} \| ms}"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	569
21765 89275a3ed7be Adapted to new inductive definition package. berghofe parents: 20014 diff changeset	570	\| Body: "\<lbrakk>G,A\<turnstile>{Normal P} .Init D. {Q};
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	571	G,A\<turnstile>{Q} .c. {\<lambda>s.. abupd (absorb Ret) .; R\<leftarrow>(In1 (the (locals s Result)))}\<rbrakk>
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	572	\<Longrightarrow>
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	573	G,A\<turnstile>{Normal P} Body D c-\<succ> {R}"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	574
13688 a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	575	--{* expression lists *}
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	576
21765 89275a3ed7be Adapted to new inductive definition package. berghofe parents: 20014 diff changeset	577	\| Nil: "G,A\<turnstile>{Normal (P\<leftarrow>Vals [])} []\<doteq>\<succ> {P}"
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	578
21765 89275a3ed7be Adapted to new inductive definition package. berghofe parents: 20014 diff changeset	579	\| Cons: "\<lbrakk>G,A\<turnstile>{Normal P} e-\<succ> {Q};
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	580	\<forall>v. G,A\<turnstile>{Q\<leftarrow>Val v} es\<doteq>\<succ> {\<lambda>Vals:vs:. R\<leftarrow>Vals (v#vs)}\<rbrakk> \<Longrightarrow>
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	581	G,A\<turnstile>{Normal P} e#es\<doteq>\<succ> {R}"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	582
13688 a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	583	--{* statements *}
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	584
21765 89275a3ed7be Adapted to new inductive definition package. berghofe parents: 20014 diff changeset	585	\| Skip: "G,A\<turnstile>{Normal (P\<leftarrow>\<diamondsuit>)} .Skip. {P}"
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	586
21765 89275a3ed7be Adapted to new inductive definition package. berghofe parents: 20014 diff changeset	587	\| Expr: "\<lbrakk>G,A\<turnstile>{Normal P} e-\<succ> {Q\<leftarrow>\<diamondsuit>}\<rbrakk> \<Longrightarrow>
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	588	G,A\<turnstile>{Normal P} .Expr e. {Q}"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	589
21765 89275a3ed7be Adapted to new inductive definition package. berghofe parents: 20014 diff changeset	590	\| Lab: "\<lbrakk>G,A\<turnstile>{Normal P} .c. {abupd (absorb l) .; Q}\<rbrakk> \<Longrightarrow>
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	591	G,A\<turnstile>{Normal P} .l\<bullet> c. {Q}"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	592
21765 89275a3ed7be Adapted to new inductive definition package. berghofe parents: 20014 diff changeset	593	\| Comp: "\<lbrakk>G,A\<turnstile>{Normal P} .c1. {Q};
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	594	G,A\<turnstile>{Q} .c2. {R}\<rbrakk> \<Longrightarrow>
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	595	G,A\<turnstile>{Normal P} .c1;;c2. {R}"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	596
21765 89275a3ed7be Adapted to new inductive definition package. berghofe parents: 20014 diff changeset	597	\| If: "\<lbrakk>G,A \<turnstile>{Normal P} e-\<succ> {P'};
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	598	\<forall>b. G,A\<turnstile>{P'\<leftarrow>=b} .(if b then c1 else c2). {Q}\<rbrakk> \<Longrightarrow>
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	599	G,A\<turnstile>{Normal P} .If(e) c1 Else c2. {Q}"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	600	(* unfolding variant of Loop, not needed here
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	601	LoopU:"\<lbrakk>G,A \<turnstile>{Normal P} e-\<succ> {P'};
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	602	\<forall>b. G,A\<turnstile>{P'\<leftarrow>=b} .(if b then c;;While(e) c else Skip).{Q}\<rbrakk>
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	603	\<Longrightarrow> G,A\<turnstile>{Normal P} .While(e) c. {Q}"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	604	*)
21765 89275a3ed7be Adapted to new inductive definition package. berghofe parents: 20014 diff changeset	605	\| Loop: "\<lbrakk>G,A\<turnstile>{P} e-\<succ> {P'};
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	606	G,A\<turnstile>{Normal (P'\<leftarrow>=True)} .c. {abupd (absorb (Cont l)) .; P}\<rbrakk> \<Longrightarrow>
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	607	G,A\<turnstile>{P} .l\<bullet> While(e) c. {(P'\<leftarrow>=False)\<down>=\<diamondsuit>}"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	608
21765 89275a3ed7be Adapted to new inductive definition package. berghofe parents: 20014 diff changeset	609	\| Jmp: "G,A\<turnstile>{Normal (abupd (\<lambda>a. (Some (Jump j))) .; P\<leftarrow>\<diamondsuit>)} .Jmp j. {P}"
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	610
21765 89275a3ed7be Adapted to new inductive definition package. berghofe parents: 20014 diff changeset	611	\| Throw:"\<lbrakk>G,A\<turnstile>{Normal P} e-\<succ> {\<lambda>Val:a:. abupd (throw a) .; Q\<leftarrow>\<diamondsuit>}\<rbrakk> \<Longrightarrow>
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	612	G,A\<turnstile>{Normal P} .Throw e. {Q}"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	613
21765 89275a3ed7be Adapted to new inductive definition package. berghofe parents: 20014 diff changeset	614	\| Try: "\<lbrakk>G,A\<turnstile>{Normal P} .c1. {SXAlloc G Q};
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	615	G,A\<turnstile>{Q \<and>. (\<lambda>s. G,s\<turnstile>catch C) ;. new_xcpt_var vn} .c2. {R};
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	616	(Q \<and>. (\<lambda>s. \<not>G,s\<turnstile>catch C)) \<Rightarrow> R\<rbrakk> \<Longrightarrow>
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	617	G,A\<turnstile>{Normal P} .Try c1 Catch(C vn) c2. {R}"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	618
21765 89275a3ed7be Adapted to new inductive definition package. berghofe parents: 20014 diff changeset	619	\| Fin: "\<lbrakk>G,A\<turnstile>{Normal P} .c1. {Q};
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	620	\<forall>x. G,A\<turnstile>{Q \<and>. (\<lambda>s. x = fst s) ;. abupd (\<lambda>x. None)}
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	621	.c2. {abupd (abrupt_if (x\<noteq>None) x) .; R}\<rbrakk> \<Longrightarrow>
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	622	G,A\<turnstile>{Normal P} .c1 Finally c2. {R}"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	623
21765 89275a3ed7be Adapted to new inductive definition package. berghofe parents: 20014 diff changeset	624	\| Done: "G,A\<turnstile>{Normal (P\<leftarrow>\<diamondsuit> \<and>. initd C)} .Init C. {P}"
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	625
21765 89275a3ed7be Adapted to new inductive definition package. berghofe parents: 20014 diff changeset	626	\| Init: "\<lbrakk>the (class G C) = c;
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	627	G,A\<turnstile>{Normal ((P \<and>. Not \<circ> initd C) ;. supd (init_class_obj G C))}
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	628	.(if C = Object then Skip else Init (super c)). {Q};
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	629	\<forall>l. G,A\<turnstile>{Q \<and>. (\<lambda>s. l = locals (store s)) ;. set_lvars empty}
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	630	.init c. {set_lvars l .; R}\<rbrakk> \<Longrightarrow>
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	631	G,A\<turnstile>{Normal (P \<and>. Not \<circ> initd C)} .Init C. {R}"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	632
13337 f75dfc606ac7 Added unary and binary operations like (+,-,<, ...); Added smallstep semantics (no proofs about it yet). schirmer parents: 12925 diff changeset	633	-- {* Some dummy rules for the intermediate terms @{text Callee},
f75dfc606ac7 Added unary and binary operations like (+,-,<, ...); Added smallstep semantics (no proofs about it yet). schirmer parents: 12925 diff changeset	634	@{text InsInitE}, @{text InsInitV}, @{text FinA} only used by the smallstep
f75dfc606ac7 Added unary and binary operations like (+,-,<, ...); Added smallstep semantics (no proofs about it yet). schirmer parents: 12925 diff changeset	635	semantics.
f75dfc606ac7 Added unary and binary operations like (+,-,<, ...); Added smallstep semantics (no proofs about it yet). schirmer parents: 12925 diff changeset	636	*}
21765 89275a3ed7be Adapted to new inductive definition package. berghofe parents: 20014 diff changeset	637	\| InsInitV: " G,A\<turnstile>{Normal P} InsInitV c v=\<succ> {Q}"
89275a3ed7be Adapted to new inductive definition package. berghofe parents: 20014 diff changeset	638	\| InsInitE: " G,A\<turnstile>{Normal P} InsInitE c e-\<succ> {Q}"
89275a3ed7be Adapted to new inductive definition package. berghofe parents: 20014 diff changeset	639	\| Callee: " G,A\<turnstile>{Normal P} Callee l e-\<succ> {Q}"
89275a3ed7be Adapted to new inductive definition package. berghofe parents: 20014 diff changeset	640	\| FinA: " G,A\<turnstile>{Normal P} .FinA a c. {Q}"
13688 a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	641	(*
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	642	axioms
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	643	*)
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	644
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	645	constdefs
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	646	adapt_pre :: "'a assn \<Rightarrow> 'a assn \<Rightarrow> 'a assn \<Rightarrow> 'a assn"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	647	"adapt_pre P Q Q'\<equiv>\<lambda>Y s Z. \<forall>Y' s'. \<exists>Z'. P Y s Z' \<and> (Q Y' s' Z' \<longrightarrow> Q' Y' s' Z)"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	648
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	649
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	650	section "rules derived by induction"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	651
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	652	lemma cut_valid: "\<lbrakk>G,A'\|\<Turnstile>ts; G,A\|\<Turnstile>A'\<rbrakk> \<Longrightarrow> G,A\|\<Turnstile>ts"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	653	apply (unfold ax_valids_def)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	654	apply fast
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	655	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	656
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	657	(*if cut is available
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	658	Goal "\<lbrakk>G,A'\|\<turnstile>ts; A' \<subseteq> A; \<forall>P Q t. {P} t\<succ> {Q} \<in> A' \<longrightarrow> (\<exists>T. (G,L)\<turnstile>t\<Colon>T) \<rbrakk> \<Longrightarrow>
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	659	G,A\|\<turnstile>ts"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	660	b y etac ax_derivs.cut 1;
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	661	b y eatac ax_derivs.asm 1 1;
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	662	qed "ax_thin";
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	663	*)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	664	lemma ax_thin [rule_format (no_asm)]:
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	665	"G,(A'::'a triple set)\|\<turnstile>(ts::'a triple set) \<Longrightarrow> \<forall>A. A' \<subseteq> A \<longrightarrow> G,A\|\<turnstile>ts"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	666	apply (erule ax_derivs.induct)
23894 1a4167d761ac tactics: avoid dynamic reference to accidental theory context (via ML_Context.the_context etc.); wenzelm parents: 23747 diff changeset	667	apply (tactic "ALLGOALS(EVERY'[clarify_tac @{claset}, REPEAT o smp_tac 1])")
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	668	apply (rule ax_derivs.empty)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	669	apply (erule (1) ax_derivs.insert)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	670	apply (fast intro: ax_derivs.asm)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	671	(apply (fast intro: ax_derivs.cut) )
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	672	apply (fast intro: ax_derivs.weaken)
13337 f75dfc606ac7 Added unary and binary operations like (+,-,<, ...); Added smallstep semantics (no proofs about it yet). schirmer parents: 12925 diff changeset	673	apply (rule ax_derivs.conseq, intro strip, tactic "smp_tac 3 1",clarify, tactic "smp_tac 1 1",rule exI, rule exI, erule (1) conjI)
f75dfc606ac7 Added unary and binary operations like (+,-,<, ...); Added smallstep semantics (no proofs about it yet). schirmer parents: 12925 diff changeset	674	(* 37 subgoals *)
f75dfc606ac7 Added unary and binary operations like (+,-,<, ...); Added smallstep semantics (no proofs about it yet). schirmer parents: 12925 diff changeset	675	prefer 18 (* Methd *)
23563 42f2f90b51a6 simplified a proof paulson parents: 21765 diff changeset	676	apply (rule ax_derivs.Methd, drule spec, erule mp, fast)
42f2f90b51a6 simplified a proof paulson parents: 21765 diff changeset	677	apply (tactic {* TRYALL (resolve_tac ((funpow 5 tl) (thms "ax_derivs.intros"))) *})
42f2f90b51a6 simplified a proof paulson parents: 21765 diff changeset	678	apply auto
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	679	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	680
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	681	lemma ax_thin_insert: "G,(A::'a triple set)\<turnstile>(t::'a triple) \<Longrightarrow> G,insert x A\<turnstile>t"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	682	apply (erule ax_thin)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	683	apply fast
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	684	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	685
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	686	lemma subset_mtriples_iff:
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	687	"ts \<subseteq> {{P} mb-\<succ> {Q} \| ms} = (\<exists>ms'. ms'\<subseteq>ms \<and> ts = {{P} mb-\<succ> {Q} \| ms'})"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	688	apply (unfold mtriples_def)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	689	apply (rule subset_image_iff)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	690	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	691
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	692	lemma weaken:
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	693	"G,(A::'a triple set)\|\<turnstile>(ts'::'a triple set) \<Longrightarrow> !ts. ts \<subseteq> ts' \<longrightarrow> G,A\|\<turnstile>ts"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	694	apply (erule ax_derivs.induct)
13337 f75dfc606ac7 Added unary and binary operations like (+,-,<, ...); Added smallstep semantics (no proofs about it yet). schirmer parents: 12925 diff changeset	695	(42 subgoals)
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	696	apply (tactic "ALLGOALS strip_tac")
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	697	apply (tactic {* ALLGOALS(REPEAT o (EVERY'[dtac (thm "subset_singletonD"),
26342 0f65fa163304 more antiquotations; wenzelm parents: 24783 diff changeset	698	etac disjE, fast_tac (@{claset} addSIs [thm "ax_derivs.empty"])]))*})
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	699	apply (tactic "TRYALL hyp_subst_tac")
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	700	apply (simp, rule ax_derivs.empty)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	701	apply (drule subset_insertD)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	702	apply (blast intro: ax_derivs.insert)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	703	apply (fast intro: ax_derivs.asm)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	704	(apply (blast intro: ax_derivs.cut) )
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	705	apply (fast intro: ax_derivs.weaken)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	706	apply (rule ax_derivs.conseq, clarify, tactic "smp_tac 3 1", blast(* unused *))
13337 f75dfc606ac7 Added unary and binary operations like (+,-,<, ...); Added smallstep semantics (no proofs about it yet). schirmer parents: 12925 diff changeset	707	(37 subgoals)
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	708	apply (tactic {* TRYALL (resolve_tac ((funpow 5 tl) (thms "ax_derivs.intros"))
23894 1a4167d761ac tactics: avoid dynamic reference to accidental theory context (via ML_Context.the_context etc.); wenzelm parents: 23747 diff changeset	709	THEN_ALL_NEW fast_tac @{claset}) *})
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	710	(1 subgoal)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	711	apply (clarsimp simp add: subset_mtriples_iff)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	712	apply (rule ax_derivs.Methd)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	713	apply (drule spec)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	714	apply (erule impE)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	715	apply (rule exI)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	716	apply (erule conjI)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	717	apply (rule HOL.refl)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	718	oops (* dead end, Methd is to blame *)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	719
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	720
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	721	section "rules derived from conseq"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	722
13688 a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	723	text {* In the following rules we often have to give some type annotations like:
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	724	@{term "G,(A::'a triple set)\<turnstile>{P::'a assn} t\<succ> {Q}"}.
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	725	Given only the term above without annotations, Isabelle would infer a more
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	726	general type were we could have
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	727	different types of auxiliary variables in the assumption set (@{term A}) and
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	728	in the triple itself (@{term P} and @{term Q}). But
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	729	@{text "ax_derivs.Methd"} enforces the same type in the inductive definition of
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	730	the derivation. So we have to restrict the types to be able to apply the
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	731	rules.
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	732	*}
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	733	lemma conseq12: "\<lbrakk>G,(A::'a triple set)\<turnstile>{P'::'a assn} t\<succ> {Q'};
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	734	\<forall>Y s Z. P Y s Z \<longrightarrow> (\<forall>Y' s'. (\<forall>Y Z'. P' Y s Z' \<longrightarrow> Q' Y' s' Z') \<longrightarrow>
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	735	Q Y' s' Z)\<rbrakk>
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	736	\<Longrightarrow> G,A\<turnstile>{P ::'a assn} t\<succ> {Q }"
13688 a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	737	apply (rule ax_derivs.conseq)
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	738	apply clarsimp
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	739	apply blast
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	740	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	741
13688 a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	742	-- {* Nice variant, since it is so symmetric we might be able to memorise it. *}
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	743	lemma conseq12': "\<lbrakk>G,(A::'a triple set)\<turnstile>{P'::'a assn} t\<succ> {Q'}; \<forall>s Y' s'.
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	744	(\<forall>Y Z. P' Y s Z \<longrightarrow> Q' Y' s' Z) \<longrightarrow>
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	745	(\<forall>Y Z. P Y s Z \<longrightarrow> Q Y' s' Z)\<rbrakk>
13688 a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	746	\<Longrightarrow> G,A\<turnstile>{P::'a assn } t\<succ> {Q }"
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	747	apply (erule conseq12)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	748	apply fast
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	749	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	750
13688 a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	751	lemma conseq12_from_conseq12': "\<lbrakk>G,(A::'a triple set)\<turnstile>{P'::'a assn} t\<succ> {Q'};
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	752	\<forall>Y s Z. P Y s Z \<longrightarrow> (\<forall>Y' s'. (\<forall>Y Z'. P' Y s Z' \<longrightarrow> Q' Y' s' Z') \<longrightarrow>
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	753	Q Y' s' Z)\<rbrakk>
13688 a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	754	\<Longrightarrow> G,A\<turnstile>{P::'a assn} t\<succ> {Q }"
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	755	apply (erule conseq12')
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	756	apply blast
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	757	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	758
13688 a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	759	lemma conseq1: "\<lbrakk>G,(A::'a triple set)\<turnstile>{P'::'a assn} t\<succ> {Q}; P \<Rightarrow> P'\<rbrakk>
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	760	\<Longrightarrow> G,A\<turnstile>{P::'a assn} t\<succ> {Q}"
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	761	apply (erule conseq12)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	762	apply blast
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	763	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	764
13688 a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	765	lemma conseq2: "\<lbrakk>G,(A::'a triple set)\<turnstile>{P::'a assn} t\<succ> {Q'}; Q' \<Rightarrow> Q\<rbrakk>
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	766	\<Longrightarrow> G,A\<turnstile>{P::'a assn} t\<succ> {Q}"
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	767	apply (erule conseq12)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	768	apply blast
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	769	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	770
13688 a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	771	lemma ax_escape:
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	772	"\<lbrakk>\<forall>Y s Z. P Y s Z
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	773	\<longrightarrow> G,(A::'a triple set)\<turnstile>{\<lambda>Y' s' (Z'::'a). (Y',s') = (Y,s)}
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	774	t\<succ>
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	775	{\<lambda>Y s Z'. Q Y s Z}
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	776	\<rbrakk> \<Longrightarrow> G,A\<turnstile>{P::'a assn} t\<succ> {Q::'a assn}"
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	777	apply (rule ax_derivs.conseq)
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	778	apply force
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	779	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	780
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	781	(* unused *)
13688 a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	782	lemma ax_constant: "\<lbrakk> C \<Longrightarrow> G,(A::'a triple set)\<turnstile>{P::'a assn} t\<succ> {Q}\<rbrakk>
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	783	\<Longrightarrow> G,A\<turnstile>{\<lambda>Y s Z. C \<and> P Y s Z} t\<succ> {Q}"
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	784	apply (rule ax_escape (* unused *))
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	785	apply clarify
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	786	apply (rule conseq12)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	787	apply fast
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	788	apply auto
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	789	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	790	(*alternative (more direct) proof:
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	791	apply (rule ax_derivs.conseq) )( unused )(
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	792	apply (fast)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	793	*)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	794
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	795
13688 a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	796	lemma ax_impossible [intro]:
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	797	"G,(A::'a triple set)\<turnstile>{\<lambda>Y s Z. False} t\<succ> {Q::'a assn}"
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	798	apply (rule ax_escape)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	799	apply clarify
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	800	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	801
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	802	(* unused *)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	803	lemma ax_nochange_lemma: "\<lbrakk>P Y s; All (op = w)\<rbrakk> \<Longrightarrow> P w s"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	804	apply auto
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	805	done
13688 a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	806
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	807	lemma ax_nochange:
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	808	"G,(A::(res \<times> state) triple set)\<turnstile>{\<lambda>Y s Z. (Y,s)=Z} t\<succ> {\<lambda>Y s Z. (Y,s)=Z}
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	809	\<Longrightarrow> G,A\<turnstile>{P::(res \<times> state) assn} t\<succ> {P}"
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	810	apply (erule conseq12)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	811	apply auto
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	812	apply (erule (1) ax_nochange_lemma)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	813	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	814
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	815	(* unused *)
13688 a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	816	lemma ax_trivial: "G,(A::'a triple set)\<turnstile>{P::'a assn} t\<succ> {\<lambda>Y s Z. True}"
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	817	apply (rule ax_derivs.conseq(* unused *))
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	818	apply auto
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	819	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	820
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	821	(* unused *)
13688 a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	822	lemma ax_disj:
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	823	"\<lbrakk>G,(A::'a triple set)\<turnstile>{P1::'a assn} t\<succ> {Q1}; G,A\<turnstile>{P2::'a assn} t\<succ> {Q2}\<rbrakk>
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	824	\<Longrightarrow> G,A\<turnstile>{\<lambda>Y s Z. P1 Y s Z \<or> P2 Y s Z} t\<succ> {\<lambda>Y s Z. Q1 Y s Z \<or> Q2 Y s Z}"
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	825	apply (rule ax_escape (* unused *))
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	826	apply safe
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	827	apply (erule conseq12, fast)+
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	828	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	829
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	830	(* unused *)
13688 a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	831	lemma ax_supd_shuffle:
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	832	"(\<exists>Q. G,(A::'a triple set)\<turnstile>{P::'a assn} .c1. {Q} \<and> G,A\<turnstile>{Q ;. f} .c2. {R}) =
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	833	(\<exists>Q'. G,A\<turnstile>{P} .c1. {f .; Q'} \<and> G,A\<turnstile>{Q'} .c2. {R})"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	834	apply (best elim!: conseq1 conseq2)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	835	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	836
13688 a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	837	lemma ax_cases: "
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	838	\<lbrakk>G,(A::'a triple set)\<turnstile>{P \<and>. C} t\<succ> {Q::'a assn};
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	839	G,A\<turnstile>{P \<and>. Not \<circ> C} t\<succ> {Q}\<rbrakk> \<Longrightarrow> G,A\<turnstile>{P} t\<succ> {Q}"
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	840	apply (unfold peek_and_def)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	841	apply (rule ax_escape)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	842	apply clarify
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	843	apply (case_tac "C s")
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	844	apply (erule conseq12, force)+
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	845	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	846	(*alternative (more direct) proof:
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	847	apply (rule rtac ax_derivs.conseq) )( unused )(
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	848	apply clarify
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	849	apply (case_tac "C s")
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	850	apply force+
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	851	*)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	852
13688 a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	853	lemma ax_adapt: "G,(A::'a triple set)\<turnstile>{P::'a assn} t\<succ> {Q}
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	854	\<Longrightarrow> G,A\<turnstile>{adapt_pre P Q Q'} t\<succ> {Q'}"
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	855	apply (unfold adapt_pre_def)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	856	apply (erule conseq12)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	857	apply fast
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	858	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	859
13688 a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	860	lemma adapt_pre_adapts: "G,(A::'a triple set)\<Turnstile>{P::'a assn} t\<succ> {Q}
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	861	\<longrightarrow> G,A\<Turnstile>{adapt_pre P Q Q'} t\<succ> {Q'}"
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	862	apply (unfold adapt_pre_def)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	863	apply (simp add: ax_valids_def triple_valid_def2)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	864	apply fast
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	865	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	866
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	867
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	868	lemma adapt_pre_weakest:
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	869	"\<forall>G (A::'a triple set) t. G,A\<Turnstile>{P} t\<succ> {Q} \<longrightarrow> G,A\<Turnstile>{P'} t\<succ> {Q'} \<Longrightarrow>
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	870	P' \<Rightarrow> adapt_pre P Q (Q'::'a assn)"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	871	apply (unfold adapt_pre_def)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	872	apply (drule spec)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	873	apply (drule_tac x = "{}" in spec)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	874	apply (drule_tac x = "In1r Skip" in spec)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	875	apply (simp add: ax_valids_def triple_valid_def2)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	876	oops
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	877
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	878	lemma peek_and_forget1_Normal:
13688 a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	879	"G,(A::'a triple set)\<turnstile>{Normal P} t\<succ> {Q::'a assn}
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	880	\<Longrightarrow> G,A\<turnstile>{Normal (P \<and>. p)} t\<succ> {Q}"
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	881	apply (erule conseq1)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	882	apply (simp (no_asm))
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	883	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	884
13688 a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	885	lemma peek_and_forget1:
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	886	"G,(A::'a triple set)\<turnstile>{P::'a assn} t\<succ> {Q}
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	887	\<Longrightarrow> G,A\<turnstile>{P \<and>. p} t\<succ> {Q}"
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	888	apply (erule conseq1)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	889	apply (simp (no_asm))
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	890	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	891
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	892	lemmas ax_NormalD = peek_and_forget1 [of _ _ _ _ _ normal]
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	893
13688 a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	894	lemma peek_and_forget2:
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	895	"G,(A::'a triple set)\<turnstile>{P::'a assn} t\<succ> {Q \<and>. p}
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	896	\<Longrightarrow> G,A\<turnstile>{P} t\<succ> {Q}"
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	897	apply (erule conseq2)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	898	apply (simp (no_asm))
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	899	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	900
13688 a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	901	lemma ax_subst_Val_allI:
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	902	"\<forall>v. G,(A::'a triple set)\<turnstile>{(P' v )\<leftarrow>Val v} t\<succ> {(Q v)::'a assn}
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	903	\<Longrightarrow> \<forall>v. G,A\<turnstile>{(\<lambda>w:. P' (the_In1 w))\<leftarrow>Val v} t\<succ> {Q v}"
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	904	apply (force elim!: conseq1)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	905	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	906
13688 a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	907	lemma ax_subst_Var_allI:
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	908	"\<forall>v. G,(A::'a triple set)\<turnstile>{(P' v )\<leftarrow>Var v} t\<succ> {(Q v)::'a assn}
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	909	\<Longrightarrow> \<forall>v. G,A\<turnstile>{(\<lambda>w:. P' (the_In2 w))\<leftarrow>Var v} t\<succ> {Q v}"
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	910	apply (force elim!: conseq1)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	911	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	912
13688 a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	913	lemma ax_subst_Vals_allI:
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	914	"(\<forall>v. G,(A::'a triple set)\<turnstile>{( P' v )\<leftarrow>Vals v} t\<succ> {(Q v)::'a assn})
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	915	\<Longrightarrow> \<forall>v. G,A\<turnstile>{(\<lambda>w:. P' (the_In3 w))\<leftarrow>Vals v} t\<succ> {Q v}"
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	916	apply (force elim!: conseq1)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	917	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	918
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	919
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	920	section "alternative axioms"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	921
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	922	lemma ax_Lit2:
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	923	"G,(A::'a triple set)\<turnstile>{Normal P::'a assn} Lit v-\<succ> {Normal (P\<down>=Val v)}"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	924	apply (rule ax_derivs.Lit [THEN conseq1])
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	925	apply force
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	926	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	927	lemma ax_Lit2_test_complete:
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	928	"G,(A::'a triple set)\<turnstile>{Normal (P\<leftarrow>Val v)::'a assn} Lit v-\<succ> {P}"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	929	apply (rule ax_Lit2 [THEN conseq2])
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	930	apply force
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	931	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	932
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	933	lemma ax_LVar2: "G,(A::'a triple set)\<turnstile>{Normal P::'a assn} LVar vn=\<succ> {Normal (\<lambda>s.. P\<down>=Var (lvar vn s))}"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	934	apply (rule ax_derivs.LVar [THEN conseq1])
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	935	apply force
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	936	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	937
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	938	lemma ax_Super2: "G,(A::'a triple set)\<turnstile>
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	939	{Normal P::'a assn} Super-\<succ> {Normal (\<lambda>s.. P\<down>=Val (val_this s))}"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	940	apply (rule ax_derivs.Super [THEN conseq1])
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	941	apply force
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	942	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	943
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	944	lemma ax_Nil2:
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	945	"G,(A::'a triple set)\<turnstile>{Normal P::'a assn} []\<doteq>\<succ> {Normal (P\<down>=Vals [])}"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	946	apply (rule ax_derivs.Nil [THEN conseq1])
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	947	apply force
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	948	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	949
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	950
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	951	section "misc derived structural rules"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	952
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	953	(* unused *)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	954	lemma ax_finite_mtriples_lemma: "\<lbrakk>F \<subseteq> ms; finite ms; \<forall>(C,sig)\<in>ms.
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	955	G,(A::'a triple set)\<turnstile>{Normal (P C sig)::'a assn} mb C sig-\<succ> {Q C sig}\<rbrakk> \<Longrightarrow>
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	956	G,A\|\<turnstile>{{P} mb-\<succ> {Q} \| F}"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	957	apply (frule (1) finite_subset)
24038 18182c4aec9e replaced make_imp by rev_mp; wenzelm parents: 24019 diff changeset	958	apply (erule rev_mp)
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	959	apply (erule thin_rl)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	960	apply (erule finite_induct)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	961	apply (unfold mtriples_def)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	962	apply (clarsimp intro!: ax_derivs.empty ax_derivs.insert)+
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	963	apply force
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	964	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	965	lemmas ax_finite_mtriples = ax_finite_mtriples_lemma [OF subset_refl]
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	966
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	967	lemma ax_derivs_insertD:
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	968	"G,(A::'a triple set)\|\<turnstile>insert (t::'a triple) ts \<Longrightarrow> G,A\<turnstile>t \<and> G,A\|\<turnstile>ts"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	969	apply (fast intro: ax_derivs.weaken)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	970	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	971
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	972	lemma ax_methods_spec:
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	973	"\<lbrakk>G,(A::'a triple set)\|\<turnstile>split f ` ms; (C,sig) \<in> ms\<rbrakk>\<Longrightarrow> G,A\<turnstile>((f C sig)::'a triple)"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	974	apply (erule ax_derivs.weaken)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	975	apply (force del: image_eqI intro: rev_image_eqI)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	976	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	977
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	978	(* this version is used to avoid using the cut rule *)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	979	lemma ax_finite_pointwise_lemma [rule_format]: "\<lbrakk>F \<subseteq> ms; finite ms\<rbrakk> \<Longrightarrow>
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	980	((\<forall>(C,sig)\<in>F. G,(A::'a triple set)\<turnstile>(f C sig::'a triple)) \<longrightarrow> (\<forall>(C,sig)\<in>ms. G,A\<turnstile>(g C sig::'a triple))) \<longrightarrow>
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	981	G,A\|\<turnstile>split f ` F \<longrightarrow> G,A\|\<turnstile>split g ` F"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	982	apply (frule (1) finite_subset)
24038 18182c4aec9e replaced make_imp by rev_mp; wenzelm parents: 24019 diff changeset	983	apply (erule rev_mp)
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	984	apply (erule thin_rl)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	985	apply (erule finite_induct)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	986	apply clarsimp+
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	987	apply (drule ax_derivs_insertD)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	988	apply (rule ax_derivs.insert)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	989	apply (simp (no_asm_simp) only: split_tupled_all)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	990	apply (auto elim: ax_methods_spec)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	991	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	992	lemmas ax_finite_pointwise = ax_finite_pointwise_lemma [OF subset_refl]
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	993
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	994	lemma ax_no_hazard:
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	995	"G,(A::'a triple set)\<turnstile>{P \<and>. type_ok G t} t\<succ> {Q::'a assn} \<Longrightarrow> G,A\<turnstile>{P} t\<succ> {Q}"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	996	apply (erule ax_cases)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	997	apply (rule ax_derivs.hazard [THEN conseq1])
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	998	apply force
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	999	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1000
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1001	lemma ax_free_wt:
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1002	"(\<exists>T L C. \<lparr>prg=G,cls=C,lcl=L\<rparr>\<turnstile>t\<Colon>T)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1003	\<longrightarrow> G,(A::'a triple set)\<turnstile>{Normal P} t\<succ> {Q::'a assn} \<Longrightarrow>
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1004	G,A\<turnstile>{Normal P} t\<succ> {Q}"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1005	apply (rule ax_no_hazard)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1006	apply (rule ax_escape)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1007	apply clarify
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1008	apply (erule mp [THEN conseq12])
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1009	apply (auto simp add: type_ok_def)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1010	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1011
27226 5a3e5e46d977 sum3_instantiate: proper context; wenzelm parents: 26480 diff changeset	1012	ML {* bind_thms ("ax_Abrupts", sum3_instantiate @{context} @{thm ax_derivs.Abrupt}) *}
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1013	declare ax_Abrupts [intro!]
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1014
21765 89275a3ed7be Adapted to new inductive definition package. berghofe parents: 20014 diff changeset	1015	lemmas ax_Normal_cases = ax_cases [of _ _ _ normal]
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1016
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1017	lemma ax_Skip [intro!]: "G,(A::'a triple set)\<turnstile>{P\<leftarrow>\<diamondsuit>} .Skip. {P::'a assn}"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1018	apply (rule ax_Normal_cases)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1019	apply (rule ax_derivs.Skip)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1020	apply fast
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1021	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1022	lemmas ax_SkipI = ax_Skip [THEN conseq1, standard]
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1023
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1024
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1025	section "derived rules for methd call"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1026
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1027	lemma ax_Call_known_DynT:
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1028	"\<lbrakk>G\<turnstile>IntVir\<rightarrow>C\<preceq>statT;
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1029	\<forall>a vs l. G,A\<turnstile>{(R a\<leftarrow>Vals vs \<and>. (\<lambda>s. l = locals (store s)) ;.
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1030	init_lvars G C \<lparr>name=mn,parTs=pTs\<rparr> IntVir a vs)}
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1031	Methd C \<lparr>name=mn,parTs=pTs\<rparr>-\<succ> {set_lvars l .; S};
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1032	\<forall>a. G,A\<turnstile>{Q\<leftarrow>Val a} args\<doteq>\<succ>
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1033	{R a \<and>. (\<lambda>s. C = obj_class (the (heap (store s) (the_Addr a))) \<and>
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1034	C = invocation_declclass
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1035	G IntVir (store s) a statT \<lparr>name=mn,parTs=pTs\<rparr> )};
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1036	G,(A::'a triple set)\<turnstile>{Normal P} e-\<succ> {Q::'a assn}\<rbrakk>
12925 99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid. schirmer parents: 12859 diff changeset	1037	\<Longrightarrow> G,A\<turnstile>{Normal P} {accC,statT,IntVir}e\<cdot>mn({pTs}args)-\<succ> {S}"
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1038	apply (erule ax_derivs.Call)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1039	apply safe
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1040	apply (erule spec)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1041	apply (rule ax_escape, clarsimp)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1042	apply (drule spec, drule spec, drule spec,erule conseq12)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1043	apply force
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1044	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1045
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1046
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1047	lemma ax_Call_Static:
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1048	"\<lbrakk>\<forall>a vs l. G,A\<turnstile>{R a\<leftarrow>Vals vs \<and>. (\<lambda>s. l = locals (store s)) ;.
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1049	init_lvars G C \<lparr>name=mn,parTs=pTs\<rparr> Static any_Addr vs}
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1050	Methd C \<lparr>name=mn,parTs=pTs\<rparr>-\<succ> {set_lvars l .; S};
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1051	G,A\<turnstile>{Normal P} e-\<succ> {Q};
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1052	\<forall> a. G,(A::'a triple set)\<turnstile>{Q\<leftarrow>Val a} args\<doteq>\<succ> {(R::val \<Rightarrow> 'a assn) a
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1053	\<and>. (\<lambda> s. C=invocation_declclass
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1054	G Static (store s) a statT \<lparr>name=mn,parTs=pTs\<rparr>)}
12925 99131847fb93 Added check for field/method access to operational semantics and proved the acesses valid. schirmer parents: 12859 diff changeset	1055	\<rbrakk> \<Longrightarrow> G,A\<turnstile>{Normal P} {accC,statT,Static}e\<cdot>mn({pTs}args)-\<succ> {S}"
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1056	apply (erule ax_derivs.Call)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1057	apply safe
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1058	apply (erule spec)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1059	apply (rule ax_escape, clarsimp)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1060	apply (erule_tac V = "?P \<longrightarrow> ?Q" in thin_rl)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1061	apply (drule spec,drule spec,drule spec, erule conseq12)
20014 729a45534001 fixed let-simproc schirmer parents: 19685 diff changeset	1062	apply (force simp add: init_lvars_def Let_def)
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1063	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1064
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1065	lemma ax_Methd1:
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1066	"\<lbrakk>G,A\<union>{{P} Methd-\<succ> {Q} \| ms}\|\<turnstile> {{P} body G-\<succ> {Q} \| ms}; (C,sig)\<in> ms\<rbrakk> \<Longrightarrow>
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1067	G,A\<turnstile>{Normal (P C sig)} Methd C sig-\<succ> {Q C sig}"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1068	apply (drule ax_derivs.Methd)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1069	apply (unfold mtriples_def)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1070	apply (erule (1) ax_methods_spec)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1071	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1072
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1073	lemma ax_MethdN:
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1074	"G,insert({Normal P} Methd C sig-\<succ> {Q}) A\<turnstile>
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1075	{Normal P} body G C sig-\<succ> {Q} \<Longrightarrow>
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1076	G,A\<turnstile>{Normal P} Methd C sig-\<succ> {Q}"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1077	apply (rule ax_Methd1)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1078	apply (rule_tac [2] singletonI)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1079	apply (unfold mtriples_def)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1080	apply clarsimp
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1081	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1082
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1083	lemma ax_StatRef:
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1084	"G,(A::'a triple set)\<turnstile>{Normal (P\<leftarrow>Val Null)} StatRef rt-\<succ> {P::'a assn}"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1085	apply (rule ax_derivs.Cast)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1086	apply (rule ax_Lit2 [THEN conseq2])
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1087	apply clarsimp
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1088	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1089
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1090	section "rules derived from Init and Done"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1091
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1092	lemma ax_InitS: "\<lbrakk>the (class G C) = c; C \<noteq> Object;
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1093	\<forall>l. G,A\<turnstile>{Q \<and>. (\<lambda>s. l = locals (store s)) ;. set_lvars empty}
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1094	.init c. {set_lvars l .; R};
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1095	G,A\<turnstile>{Normal ((P \<and>. Not \<circ> initd C) ;. supd (init_class_obj G C))}
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1096	.Init (super c). {Q}\<rbrakk> \<Longrightarrow>
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1097	G,(A::'a triple set)\<turnstile>{Normal (P \<and>. Not \<circ> initd C)} .Init C. {R::'a assn}"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1098	apply (erule ax_derivs.Init)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1099	apply (simp (no_asm_simp))
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1100	apply assumption
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1101	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1102
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1103	lemma ax_Init_Skip_lemma:
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1104	"\<forall>l. G,(A::'a triple set)\<turnstile>{P\<leftarrow>\<diamondsuit> \<and>. (\<lambda>s. l = locals (store s)) ;. set_lvars l'}
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1105	.Skip. {(set_lvars l .; P)::'a assn}"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1106	apply (rule allI)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1107	apply (rule ax_SkipI)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1108	apply clarsimp
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1109	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1110
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1111	lemma ax_triv_InitS: "\<lbrakk>the (class G C) = c;init c = Skip; C \<noteq> Object;
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1112	P\<leftarrow>\<diamondsuit> \<Rightarrow> (supd (init_class_obj G C) .; P);
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1113	G,A\<turnstile>{Normal (P \<and>. initd C)} .Init (super c). {(P \<and>. initd C)\<leftarrow>\<diamondsuit>}\<rbrakk> \<Longrightarrow>
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1114	G,(A::'a triple set)\<turnstile>{Normal P\<leftarrow>\<diamondsuit>} .Init C. {(P \<and>. initd C)::'a assn}"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1115	apply (rule_tac C = "initd C" in ax_cases)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1116	apply (rule conseq1, rule ax_derivs.Done, clarsimp)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1117	apply (simp (no_asm))
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1118	apply (erule (1) ax_InitS)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1119	apply simp
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1120	apply (rule ax_Init_Skip_lemma)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1121	apply (erule conseq1)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1122	apply force
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1123	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1124
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1125	lemma ax_Init_Object: "wf_prog G \<Longrightarrow> G,(A::'a triple set)\<turnstile>
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1126	{Normal ((supd (init_class_obj G Object) .; P\<leftarrow>\<diamondsuit>) \<and>. Not \<circ> initd Object)}
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1127	.Init Object. {(P \<and>. initd Object)::'a assn}"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1128	apply (rule ax_derivs.Init)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1129	apply (drule class_Object, force)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1130	apply (simp_all (no_asm))
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1131	apply (rule_tac [2] ax_Init_Skip_lemma)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1132	apply (rule ax_SkipI, force)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1133	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1134
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1135	lemma ax_triv_Init_Object: "\<lbrakk>wf_prog G;
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1136	(P::'a assn) \<Rightarrow> (supd (init_class_obj G Object) .; P)\<rbrakk> \<Longrightarrow>
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1137	G,(A::'a triple set)\<turnstile>{Normal P\<leftarrow>\<diamondsuit>} .Init Object. {P \<and>. initd Object}"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1138	apply (rule_tac C = "initd Object" in ax_cases)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1139	apply (rule conseq1, rule ax_derivs.Done, clarsimp)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1140	apply (erule ax_Init_Object [THEN conseq1])
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1141	apply force
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1142	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1143
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1144
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1145	section "introduction rules for Alloc and SXAlloc"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1146
13688 a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	1147	lemma ax_SXAlloc_Normal:
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	1148	"G,(A::'a triple set)\<turnstile>{P::'a assn} .c. {Normal Q}
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	1149	\<Longrightarrow> G,A\<turnstile>{P} .c. {SXAlloc G Q}"
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1150	apply (erule conseq2)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1151	apply (clarsimp elim!: sxalloc_elim_cases simp add: split_tupled_all)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1152	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1153
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1154	lemma ax_Alloc:
13688 a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	1155	"G,(A::'a triple set)\<turnstile>{P::'a assn} t\<succ>
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	1156	{Normal (\<lambda>Y (x,s) Z. (\<forall>a. new_Addr (heap s) = Some a \<longrightarrow>
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	1157	Q (Val (Addr a)) (Norm(init_obj G (CInst C) (Heap a) s)) Z)) \<and>.
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	1158	heap_free (Suc (Suc 0))}
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1159	\<Longrightarrow> G,A\<turnstile>{P} t\<succ> {Alloc G (CInst C) Q}"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1160	apply (erule conseq2)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1161	apply (auto elim!: halloc_elim_cases)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1162	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1163
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1164	lemma ax_Alloc_Arr:
13688 a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	1165	"G,(A::'a triple set)\<turnstile>{P::'a assn} t\<succ>
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	1166	{\<lambda>Val:i:. Normal (\<lambda>Y (x,s) Z. \<not>the_Intg i<0 \<and>
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	1167	(\<forall>a. new_Addr (heap s) = Some a \<longrightarrow>
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	1168	Q (Val (Addr a)) (Norm (init_obj G (Arr T (the_Intg i)) (Heap a) s)) Z)) \<and>.
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	1169	heap_free (Suc (Suc 0))}
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	1170	\<Longrightarrow>
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1171	G,A\<turnstile>{P} t\<succ> {\<lambda>Val:i:. abupd (check_neg i) .; Alloc G (Arr T(the_Intg i)) Q}"
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1172	apply (erule conseq2)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1173	apply (auto elim!: halloc_elim_cases)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1174	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1175
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1176	lemma ax_SXAlloc_catch_SXcpt:
13688 a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	1177	"\<lbrakk>G,(A::'a triple set)\<turnstile>{P::'a assn} t\<succ>
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	1178	{(\<lambda>Y (x,s) Z. x=Some (Xcpt (Std xn)) \<and>
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	1179	(\<forall>a. new_Addr (heap s) = Some a \<longrightarrow>
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	1180	Q Y (Some (Xcpt (Loc a)),init_obj G (CInst (SXcpt xn)) (Heap a) s) Z))
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	1181	\<and>. heap_free (Suc (Suc 0))}\<rbrakk>
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	1182	\<Longrightarrow>
a0b16d42d489 "Definite Assignment Analysis" included, with proof of correctness. Large adjustments of type safety proof and soundness proof of the axiomatic semantics were necessary. Completeness proof of the loop rule of the axiomatic semantic was altered. So the additional polymorphic variants of some rules could be removed. schirmer parents: 13585 diff changeset	1183	G,A\<turnstile>{P} t\<succ> {SXAlloc G (\<lambda>Y s Z. Q Y s Z \<and> G,s\<turnstile>catch SXcpt xn)}"
12854 00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1184	apply (erule conseq2)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1185	apply (auto elim!: sxalloc_elim_cases halloc_elim_cases)
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1186	done
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1187
00d4a435777f Isabelle/Bali sources; schirmer parents: diff changeset	1188	end

author	wenzelm
	Wed, 10 Feb 2010 00:45:16 +0100
changeset 35067	af4c18c30593
parent 32960	69916a850301
child 35069	09154b995ed8
permissions	-rw-r--r--