|
8388
|
1 |
(* Title: HOL/MicroJava/BV/LBVComplete.thy
|
|
|
2 |
ID: $Id$
|
|
|
3 |
Author: Gerwin Klein
|
|
|
4 |
Copyright 2000 Technische Universitaet Muenchen
|
|
9054
|
5 |
*)
|
|
8388
|
6 |
|
|
9054
|
7 |
header {* Completeness of the LBV *}
|
|
8388
|
8 |
|
|
9012
|
9 |
theory LBVComplete = LBVSpec:;
|
|
|
10 |
|
|
|
11 |
ML_setup {* bind_thm ("widen_RefT", widen_RefT) *};
|
|
|
12 |
ML_setup {* bind_thm ("widen_RefT2", widen_RefT2) *};
|
|
8388
|
13 |
|
|
|
14 |
constdefs
|
|
|
15 |
is_approx :: "['a option list, 'a list] \\<Rightarrow> bool"
|
|
|
16 |
"is_approx a b \\<equiv> length a = length b \\<and> (\\<forall> n. n < length a \\<longrightarrow>
|
|
|
17 |
(a!n = None \\<or> a!n = Some (b!n)))"
|
|
|
18 |
|
|
|
19 |
contains_dead :: "[instr list, certificate, method_type, p_count] \\<Rightarrow> bool"
|
|
|
20 |
"contains_dead ins cert phi pc \\<equiv>
|
|
9376
|
21 |
(((\\<exists> branch. ins!pc = (Goto branch)) \\<or> ins!pc = Return) \\<or>
|
|
|
22 |
(\\<exists>m l. ins!pc = Invoke m l)) \\<longrightarrow> Suc pc < length phi \\<longrightarrow>
|
|
8388
|
23 |
cert ! (Suc pc) = Some (phi ! Suc pc)"
|
|
|
24 |
|
|
|
25 |
contains_targets :: "[instr list, certificate, method_type, p_count] \\<Rightarrow> bool"
|
|
|
26 |
"contains_targets ins cert phi pc \\<equiv>
|
|
9376
|
27 |
\\<forall> branch. (ins!pc = (Goto branch) \\<or> ins!pc = (Ifcmpeq branch)) \\<longrightarrow>
|
|
8388
|
28 |
(let pc' = nat (int pc+branch) in pc' < length phi \\<longrightarrow> cert!pc' = Some (phi!pc'))"
|
|
|
29 |
|
|
9012
|
30 |
fits :: "[instr list, certificate, method_type] \\<Rightarrow> bool"
|
|
|
31 |
"fits ins cert phi \\<equiv> is_approx cert phi \\<and> length ins < length phi \\<and>
|
|
|
32 |
(\\<forall> pc. pc < length ins \\<longrightarrow>
|
|
|
33 |
contains_dead ins cert phi pc \\<and>
|
|
|
34 |
contains_targets ins cert phi pc)"
|
|
|
35 |
|
|
8388
|
36 |
is_target :: "[instr list, p_count] \\<Rightarrow> bool"
|
|
|
37 |
"is_target ins pc \\<equiv>
|
|
|
38 |
\\<exists> pc' branch. pc' < length ins \\<and>
|
|
9376
|
39 |
(ins ! pc' = (Ifcmpeq branch) \\<or> ins ! pc' = (Goto branch)) \\<and>
|
|
8388
|
40 |
pc = (nat(int pc'+branch))"
|
|
|
41 |
|
|
|
42 |
maybe_dead :: "[instr list, p_count] \\<Rightarrow> bool"
|
|
|
43 |
"maybe_dead ins pc \\<equiv>
|
|
9376
|
44 |
\\<exists> pc'. pc = pc'+1 \\<and> ((\\<exists> branch. ins!pc' = (Goto branch)) \\<or>
|
|
|
45 |
ins!pc' = Return \\<or>
|
|
|
46 |
(\\<exists>m l. ins!pc' = Invoke m l))"
|
|
8388
|
47 |
|
|
|
48 |
|
|
|
49 |
mdot :: "[instr list, p_count] \\<Rightarrow> bool"
|
|
9012
|
50 |
"mdot ins pc \\<equiv> maybe_dead ins pc \\<or> is_target ins pc";
|
|
8388
|
51 |
|
|
|
52 |
|
|
|
53 |
consts
|
|
9012
|
54 |
option_filter_n :: "['a list, nat \\<Rightarrow> bool, nat] \\<Rightarrow> 'a option list";
|
|
8388
|
55 |
primrec
|
|
|
56 |
"option_filter_n [] P n = []"
|
|
|
57 |
"option_filter_n (h#t) P n = (if (P n) then Some h # option_filter_n t P (n+1)
|
|
9012
|
58 |
else None # option_filter_n t P (n+1))";
|
|
8388
|
59 |
|
|
|
60 |
constdefs
|
|
|
61 |
option_filter :: "['a list, nat \\<Rightarrow> bool] \\<Rightarrow> 'a option list"
|
|
|
62 |
"option_filter l P \\<equiv> option_filter_n l P 0"
|
|
|
63 |
|
|
|
64 |
make_cert :: "[instr list, method_type] \\<Rightarrow> certificate"
|
|
|
65 |
"make_cert ins phi \\<equiv> option_filter phi (mdot ins)"
|
|
|
66 |
|
|
|
67 |
make_Cert :: "[jvm_prog, prog_type] \\<Rightarrow> prog_certificate"
|
|
|
68 |
"make_Cert G Phi \\<equiv> \\<lambda> C sig.
|
|
|
69 |
let (C,x,y,mdecls) = \\<epsilon> (Cl,x,y,mdecls). (Cl,x,y,mdecls) \\<in> set G \\<and> Cl = C in
|
|
|
70 |
let (sig,rT,maxl,b) = \\<epsilon> (sg,rT,maxl,b). (sg,rT,maxl,b) \\<in> set mdecls \\<and> sg = sig in
|
|
9012
|
71 |
make_cert b (Phi C sig)";
|
|
8388
|
72 |
|
|
9012
|
73 |
|
|
|
74 |
lemma length_ofn: "\\<forall>n. length (option_filter_n l P n) = length l";
|
|
|
75 |
by (induct l) auto;
|
|
|
76 |
|
|
|
77 |
lemma is_approx_option_filter_n:
|
|
|
78 |
"\\<forall>n. is_approx (option_filter_n a P n) a" (is "?P a");
|
|
|
79 |
proof (induct a);
|
|
|
80 |
show "?P []"; by (auto simp add: is_approx_def);
|
|
|
81 |
|
|
|
82 |
fix l ls;
|
|
|
83 |
assume Cons: "?P ls";
|
|
|
84 |
|
|
|
85 |
show "?P (l#ls)";
|
|
|
86 |
proof (unfold is_approx_def, intro allI conjI impI);
|
|
|
87 |
fix n;
|
|
|
88 |
show "length (option_filter_n (l # ls) P n) = length (l # ls)";
|
|
|
89 |
by (simp only: length_ofn);
|
|
|
90 |
|
|
|
91 |
fix m;
|
|
|
92 |
assume "m < length (option_filter_n (l # ls) P n)";
|
|
|
93 |
hence m: "m < Suc (length ls)"; by (simp only: length_ofn) simp;
|
|
|
94 |
|
|
|
95 |
show "option_filter_n (l # ls) P n ! m = None \\<or>
|
|
|
96 |
option_filter_n (l # ls) P n ! m = Some ((l # ls) ! m)";
|
|
|
97 |
proof (cases "m");
|
|
|
98 |
assume "m = 0";
|
|
|
99 |
with m; show ?thesis; by simp;
|
|
|
100 |
next;
|
|
|
101 |
fix m'; assume Suc: "m = Suc m'";
|
|
|
102 |
from Cons;
|
|
|
103 |
show ?thesis;
|
|
|
104 |
proof (unfold is_approx_def, elim allE impE conjE);
|
|
|
105 |
from m Suc;
|
|
|
106 |
show "m' < length (option_filter_n ls P (Suc n))"; by (simp add: length_ofn);
|
|
|
107 |
|
|
|
108 |
assume "option_filter_n ls P (Suc n) ! m' = None \\<or>
|
|
|
109 |
option_filter_n ls P (Suc n) ! m' = Some (ls ! m')";
|
|
|
110 |
with m Suc;
|
|
|
111 |
show ?thesis; by auto;
|
|
|
112 |
qed;
|
|
|
113 |
qed;
|
|
|
114 |
qed;
|
|
|
115 |
qed;
|
|
|
116 |
|
|
|
117 |
lemma is_approx_option_filter: "is_approx (option_filter l P) l";
|
|
|
118 |
by (simp add: option_filter_def is_approx_option_filter_n);
|
|
|
119 |
|
|
|
120 |
lemma option_filter_Some:
|
|
|
121 |
"\\<lbrakk>n < length l; P n\\<rbrakk> \\<Longrightarrow> option_filter l P ! n = Some (l!n)";
|
|
|
122 |
proof -;
|
|
|
123 |
|
|
|
124 |
assume 1: "n < length l" "P n";
|
|
|
125 |
|
|
|
126 |
have "\\<forall>n n'. n < length l \\<longrightarrow> P (n+n') \\<longrightarrow> option_filter_n l P n' ! n = Some (l!n)"
|
|
|
127 |
(is "?P l");
|
|
|
128 |
proof (induct l);
|
|
|
129 |
show "?P []"; by simp;
|
|
|
130 |
|
|
|
131 |
fix l ls; assume Cons: "?P ls";
|
|
|
132 |
show "?P (l#ls)";
|
|
|
133 |
proof (intro);
|
|
|
134 |
fix n n';
|
|
|
135 |
assume l: "n < length (l # ls)";
|
|
|
136 |
assume P: "P (n + n')";
|
|
|
137 |
show "option_filter_n (l # ls) P n' ! n = Some ((l # ls) ! n)";
|
|
|
138 |
proof (cases "n");
|
|
|
139 |
assume "n=0";
|
|
|
140 |
with P; show ?thesis; by simp;
|
|
|
141 |
next;
|
|
|
142 |
fix m; assume "n = Suc m";
|
|
|
143 |
with l P Cons;
|
|
|
144 |
show ?thesis; by simp;
|
|
|
145 |
qed;
|
|
|
146 |
qed;
|
|
|
147 |
qed;
|
|
|
148 |
|
|
|
149 |
with 1;
|
|
|
150 |
show ?thesis; by (auto simp add: option_filter_def);
|
|
|
151 |
qed;
|
|
|
152 |
|
|
|
153 |
lemma option_filter_contains_dead:
|
|
|
154 |
"contains_dead ins (option_filter phi (mdot ins)) phi pc";
|
|
|
155 |
by (auto intro: option_filter_Some simp add: contains_dead_def mdot_def maybe_dead_def);
|
|
|
156 |
|
|
|
157 |
lemma option_filter_contains_targets:
|
|
|
158 |
"pc < length ins \\<Longrightarrow> contains_targets ins (option_filter phi (mdot ins)) phi pc";
|
|
|
159 |
proof (simp add: contains_targets_def, intro allI impI conjI);
|
|
|
160 |
|
|
|
161 |
fix branch;
|
|
9376
|
162 |
assume 1: "ins ! pc = Goto branch"
|
|
9012
|
163 |
"nat (int pc + branch) < length phi"
|
|
|
164 |
"pc < length ins";
|
|
|
165 |
|
|
|
166 |
show "option_filter phi (mdot ins) ! nat (int pc + branch) = Some (phi ! nat (int pc + branch))";
|
|
|
167 |
proof (rule option_filter_Some);
|
|
|
168 |
from 1; show "nat (int pc + branch) < length phi"; by simp;
|
|
|
169 |
from 1;
|
|
|
170 |
have "is_target ins (nat (int pc + branch))"; by (auto simp add: is_target_def);
|
|
|
171 |
thus "mdot ins (nat (int pc + branch))"; by (simp add: mdot_def);
|
|
|
172 |
qed;
|
|
|
173 |
|
|
|
174 |
next;
|
|
|
175 |
fix branch;
|
|
9376
|
176 |
assume 2: "ins ! pc = Ifcmpeq branch"
|
|
9012
|
177 |
"nat (int pc + branch) < length phi"
|
|
|
178 |
"pc < length ins";
|
|
|
179 |
|
|
|
180 |
show "option_filter phi (mdot ins) ! nat (int pc + branch) = Some (phi ! nat (int pc + branch))";
|
|
|
181 |
proof (rule option_filter_Some);
|
|
|
182 |
from 2; show "nat (int pc + branch) < length phi"; by simp;
|
|
|
183 |
from 2;
|
|
|
184 |
have "is_target ins (nat (int pc + branch))"; by (auto simp add: is_target_def);
|
|
|
185 |
thus "mdot ins (nat (int pc + branch))"; by (simp add: mdot_def);
|
|
|
186 |
qed;
|
|
|
187 |
|
|
|
188 |
qed;
|
|
|
189 |
|
|
|
190 |
|
|
|
191 |
lemma fits_make_cert:
|
|
|
192 |
"length ins < length phi \\<Longrightarrow> fits ins (make_cert ins phi) phi";
|
|
|
193 |
proof -;
|
|
|
194 |
assume l: "length ins < length phi";
|
|
|
195 |
|
|
|
196 |
thus "fits ins (make_cert ins phi) phi";
|
|
|
197 |
proof (unfold fits_def make_cert_def, intro conjI allI impI);
|
|
|
198 |
show "is_approx (option_filter phi (mdot ins)) phi"; by (rule is_approx_option_filter);
|
|
|
199 |
show "length ins < length phi"; .;
|
|
|
200 |
|
|
|
201 |
fix pc;
|
|
|
202 |
show "contains_dead ins (option_filter phi (mdot ins)) phi pc"; by (rule option_filter_contains_dead);
|
|
|
203 |
|
|
|
204 |
assume "pc < length ins";
|
|
|
205 |
thus "contains_targets ins (option_filter phi (mdot ins)) phi pc"; by (rule option_filter_contains_targets);
|
|
|
206 |
qed;
|
|
|
207 |
qed;
|
|
|
208 |
|
|
|
209 |
|
|
|
210 |
|
|
|
211 |
lemma append_length_n: "\\<forall>n. n \\<le> length x \\<longrightarrow> (\\<exists>a b. x = a@b \\<and> length a = n)" (is "?P x");
|
|
|
212 |
proof (induct "?P" "x");
|
|
|
213 |
show "?P []"; by simp;
|
|
|
214 |
|
|
|
215 |
fix l ls; assume Cons: "?P ls";
|
|
|
216 |
|
|
|
217 |
show "?P (l#ls)";
|
|
|
218 |
proof (intro allI impI);
|
|
|
219 |
fix n;
|
|
|
220 |
assume l: "n \\<le> length (l # ls)";
|
|
|
221 |
|
|
|
222 |
show "\\<exists>a b. l # ls = a @ b \\<and> length a = n";
|
|
|
223 |
proof (cases n);
|
|
|
224 |
assume "n=0"; thus ?thesis; by simp;
|
|
|
225 |
next;
|
|
|
226 |
fix "n'"; assume s: "n = Suc n'";
|
|
|
227 |
with l;
|
|
|
228 |
have "n' \\<le> length ls"; by simp;
|
|
|
229 |
hence "\\<exists>a b. ls = a @ b \\<and> length a = n'"; by (rule Cons [rulify]);
|
|
|
230 |
thus ?thesis;
|
|
|
231 |
proof elim;
|
|
|
232 |
fix a b;
|
|
|
233 |
assume "ls = a @ b" "length a = n'";
|
|
|
234 |
with s;
|
|
|
235 |
have "l # ls = (l#a) @ b \\<and> length (l#a) = n"; by simp;
|
|
|
236 |
thus ?thesis; by blast;
|
|
|
237 |
qed;
|
|
|
238 |
qed;
|
|
|
239 |
qed;
|
|
|
240 |
qed;
|
|
|
241 |
|
|
|
242 |
|
|
|
243 |
|
|
|
244 |
lemma rev_append_cons:
|
|
|
245 |
"\\<lbrakk>n < length x\\<rbrakk> \\<Longrightarrow> \\<exists>a b c. x = (rev a) @ b # c \\<and> length a = n";
|
|
|
246 |
proof -;
|
|
|
247 |
assume n: "n < length x";
|
|
|
248 |
hence "n \\<le> length x"; by simp;
|
|
|
249 |
hence "\\<exists>a b. x = a @ b \\<and> length a = n"; by (rule append_length_n [rulify]);
|
|
|
250 |
thus ?thesis;
|
|
|
251 |
proof elim;
|
|
|
252 |
fix r d; assume x: "x = r@d" "length r = n";
|
|
|
253 |
with n;
|
|
9182
|
254 |
have "\\<exists>b c. d = b#c"; by (simp add: neq_Nil_conv);
|
|
9012
|
255 |
|
|
9182
|
256 |
thus ?thesis;
|
|
9012
|
257 |
proof elim;
|
|
9182
|
258 |
fix b c;
|
|
|
259 |
assume "d = b#c";
|
|
9012
|
260 |
with x;
|
|
9182
|
261 |
have "x = (rev (rev r)) @ b # c \\<and> length (rev r) = n"; by simp;
|
|
9012
|
262 |
thus ?thesis; by blast;
|
|
|
263 |
qed;
|
|
|
264 |
qed;
|
|
|
265 |
qed;
|
|
|
266 |
|
|
|
267 |
lemma widen_NT: "G \\<turnstile> b \\<preceq> NT \\<Longrightarrow> b = NT";
|
|
|
268 |
proof (cases b);
|
|
|
269 |
case RefT;
|
|
|
270 |
thus "G\\<turnstile>b\\<preceq>NT \\<Longrightarrow> b = NT"; by - (cases ref_ty, auto);
|
|
|
271 |
qed auto;
|
|
|
272 |
|
|
|
273 |
lemma widen_Class: "G \\<turnstile> b \\<preceq> Class C \\<Longrightarrow> \\<exists>r. b = RefT r";
|
|
|
274 |
by (cases b) auto;
|
|
|
275 |
|
|
|
276 |
lemma all_widen_is_sup_loc:
|
|
|
277 |
"\\<forall>b. length a = length b \\<longrightarrow> (\\<forall>x\\<in>set (zip a b). x \\<in> widen G) = (G \\<turnstile> (map Some a) <=l (map Some b))"
|
|
|
278 |
(is "\\<forall>b. length a = length b \\<longrightarrow> ?Q a b" is "?P a");
|
|
|
279 |
proof (induct "a");
|
|
|
280 |
show "?P []"; by simp;
|
|
|
281 |
|
|
|
282 |
fix l ls; assume Cons: "?P ls";
|
|
|
283 |
|
|
|
284 |
show "?P (l#ls)";
|
|
|
285 |
proof (intro allI impI);
|
|
|
286 |
fix b;
|
|
|
287 |
assume "length (l # ls) = length (b::ty list)";
|
|
|
288 |
with Cons;
|
|
|
289 |
show "?Q (l # ls) b"; by - (cases b, auto);
|
|
|
290 |
qed;
|
|
|
291 |
qed;
|
|
|
292 |
|
|
|
293 |
lemma method_inv_pseudo_mono:
|
|
9376
|
294 |
"\\<lbrakk>fits ins cert phi; i = ins!pc; i = Invoke mname list; pc < length ins;
|
|
9012
|
295 |
wf_prog wf_mb G; G \\<turnstile> (x, y) <=s s1; wtl_inst (ins!pc) G rT s1 s1' cert mpc pc\\<rbrakk>
|
|
|
296 |
\\<Longrightarrow> \\<exists>s2'. wtl_inst i G rT (x, y) s2' cert mpc pc \\<and> \
|
|
|
297 |
((G \\<turnstile> s2' <=s s1') \\<or> (\\<exists> s. cert ! (Suc pc) = Some s \\<and> (G \\<turnstile> s2' <=s s)))";
|
|
9376
|
298 |
proof -
|
|
9012
|
299 |
assume fits: "fits ins cert phi" and
|
|
9376
|
300 |
i: "i = ins ! pc" "i = Invoke mname list" and
|
|
9012
|
301 |
pc: "pc < length ins" and
|
|
|
302 |
wfp: "wf_prog wf_mb G" and
|
|
|
303 |
"wtl_inst (ins!pc) G rT s1 s1' cert mpc pc" and
|
|
|
304 |
lt: "G \\<turnstile> (x, y) <=s s1";
|
|
|
305 |
|
|
9376
|
306 |
thus ?thesis
|
|
|
307 |
proof (clarsimp_tac simp del: split_paired_Ex)
|
|
9012
|
308 |
fix apTs X ST' y' s;
|
|
|
309 |
|
|
|
310 |
assume G: "G \\<turnstile> (x, y) <=s (rev apTs @ X # ST', y')";
|
|
|
311 |
assume lapTs: "length apTs = length list";
|
|
|
312 |
assume "cert ! Suc pc = Some s";
|
|
|
313 |
assume wtl: "s = s1' \\<and> X = NT \\<or>
|
|
|
314 |
G \\<turnstile> s1' <=s s \\<and>
|
|
|
315 |
(\\<exists>C. X = Class C \\<and>
|
|
|
316 |
(\\<forall>x\\<in>set (zip apTs list). x \\<in> widen G) \\<and>
|
|
|
317 |
(\\<exists>D rT. (\\<exists>b. method (G, C) (mname, list) = Some (D, rT, b)) \\<and>
|
|
|
318 |
(rT # ST', y') = s1'))" (is "?NT \\<or> ?ClassC");
|
|
|
319 |
|
|
|
320 |
from G;
|
|
|
321 |
have "\\<exists>a b c. x = rev a @ b # c \\<and> length a = length apTs";
|
|
|
322 |
by - (rule rev_append_cons, simp add: sup_state_length_fst);
|
|
|
323 |
|
|
|
324 |
thus "\\<exists>s2'. (\\<exists>apTs X ST'.
|
|
|
325 |
x = rev apTs @ X # ST' \\<and>
|
|
|
326 |
length apTs = length list \\<and>
|
|
|
327 |
(s = s2' \\<and> X = NT \\<or>
|
|
|
328 |
G \\<turnstile> s2' <=s s \\<and>
|
|
|
329 |
(\\<exists>C. X = Class C \\<and>
|
|
|
330 |
(\\<forall>x\\<in>set (zip apTs list). x \\<in> widen G) \\<and>
|
|
|
331 |
(\\<exists>D rT. (\\<exists>b. method (G, C) (mname, list) = Some (D, rT, b)) \\<and>
|
|
|
332 |
(rT # ST', y) = s2')))) \\<and>
|
|
|
333 |
(G \\<turnstile> s2' <=s s1' \\<or> G \\<turnstile> s2' <=s s)" (is "\\<exists>s2'. ?P s2'");
|
|
|
334 |
proof elim;
|
|
|
335 |
fix a b c;
|
|
|
336 |
assume rac: "x = rev a @ b # c";
|
|
|
337 |
with G;
|
|
|
338 |
have x: "G \\<turnstile> (rev a @ b # c, y) <=s (rev apTs @ X # ST', y')"; by simp;
|
|
|
339 |
|
|
|
340 |
assume l: "length a = length apTs";
|
|
|
341 |
hence "length (rev a) = length (rev apTs)"; by simp;
|
|
|
342 |
|
|
|
343 |
with x;
|
|
|
344 |
have "G \\<turnstile> (rev a, y) <=s (rev apTs, y') \\<and> G \\<turnstile> (b # c, y) <=s (X # ST', y')";
|
|
|
345 |
by - (rule sup_state_append_fst [elimify], blast+);
|
|
|
346 |
|
|
|
347 |
hence x2: "G \\<turnstile> (a, y) <=s (apTs, y') \\<and> G \\<turnstile> b\\<preceq>X \\<and> G \\<turnstile> (c, y) <=s (ST', y')";
|
|
|
348 |
by (simp add: sup_state_rev_fst sup_state_Cons1);
|
|
|
349 |
|
|
9376
|
350 |
show ?thesis
|
|
9012
|
351 |
proof (cases "X = NT");
|
|
|
352 |
case True;
|
|
|
353 |
with x2;
|
|
|
354 |
have "b = NT"; by (clarsimp_tac simp add: widen_NT);
|
|
|
355 |
|
|
|
356 |
with rac l lapTs;
|
|
|
357 |
have "?P s"; by auto;
|
|
|
358 |
thus ?thesis; by blast;
|
|
|
359 |
|
|
|
360 |
next;
|
|
|
361 |
case False;
|
|
|
362 |
|
|
|
363 |
with wtl;
|
|
|
364 |
have "\\<exists>C. X = Class C"; by clarsimp_tac;
|
|
|
365 |
with x2;
|
|
|
366 |
have "\\<exists>r. b = RefT r"; by (auto simp add: widen_Class);
|
|
|
367 |
|
|
|
368 |
thus ?thesis;
|
|
|
369 |
proof elim;
|
|
|
370 |
fix r;
|
|
|
371 |
assume b: "b = RefT r";
|
|
|
372 |
show ?thesis;
|
|
|
373 |
proof (cases r);
|
|
|
374 |
case NullT;
|
|
|
375 |
with b rac x2 l lapTs wtl False;
|
|
|
376 |
have "?P s"; by auto;
|
|
|
377 |
thus ?thesis; by blast;
|
|
|
378 |
next;
|
|
|
379 |
case ClassT;
|
|
|
380 |
|
|
|
381 |
from False wtl;
|
|
|
382 |
have wtlC: "?ClassC"; by simp;
|
|
|
383 |
|
|
|
384 |
with b ClassT;
|
|
|
385 |
show ?thesis;
|
|
|
386 |
proof (elim exE conjE);
|
|
|
387 |
fix C D rT body;
|
|
|
388 |
assume ClassC: "X = Class C";
|
|
|
389 |
assume zip: "\\<forall>x\\<in>set (zip apTs list). x \\<in> widen G";
|
|
|
390 |
assume s1': "(rT # ST', y') = s1'";
|
|
|
391 |
assume s: "G \\<turnstile> s1' <=s s";
|
|
|
392 |
assume method: "method (G, C) (mname, list) = Some (D, rT, body)";
|
|
|
393 |
|
|
|
394 |
from ClassC b ClassT x2;
|
|
|
395 |
have "G \\<turnstile> cname \\<preceq>C C"; by simp;
|
|
|
396 |
with method wfp;
|
|
|
397 |
have "\\<exists>D' rT' b'. method (G, cname) (mname, list) = Some (D', rT', b') \\<and> G \\<turnstile> rT'\\<preceq>rT";
|
|
|
398 |
by - (rule subcls_widen_methd, blast);
|
|
|
399 |
|
|
|
400 |
thus ?thesis;
|
|
|
401 |
proof elim;
|
|
|
402 |
fix D' rT' body';
|
|
|
403 |
assume method': "method (G, cname) (mname, list) = Some (D', rT', body')" "G\\<turnstile>rT'\\<preceq>rT";
|
|
|
404 |
|
|
|
405 |
have "?P (rT'#c,y)" (is "(\\<exists> apTs X ST'. ?A apTs X ST') \\<and> ?B");
|
|
|
406 |
proof (intro conjI);
|
|
|
407 |
from s1' method' x2;
|
|
|
408 |
show "?B"; by (auto simp add: sup_state_Cons1);
|
|
|
409 |
|
|
|
410 |
from b ClassT rac l lapTs method';
|
|
|
411 |
have "?A a (Class cname) c";
|
|
|
412 |
proof (simp, intro conjI);
|
|
|
413 |
|
|
|
414 |
from method' x2;
|
|
|
415 |
have s': "G \\<turnstile> (rT' # c, y) <=s (rT # ST', y')";
|
|
|
416 |
by (auto simp add: sup_state_Cons1);
|
|
|
417 |
from s s1';
|
|
|
418 |
have "G \\<turnstile> (rT # ST', y') <=s s"; by simp;
|
|
|
419 |
with s';
|
|
|
420 |
show "G \\<turnstile> (rT' # c, y) <=s s"; by (rule sup_state_trans);
|
|
|
421 |
|
|
|
422 |
from x2;
|
|
|
423 |
have 1: "G \\<turnstile> map Some a <=l map Some apTs"; by (simp add: sup_state_def);
|
|
|
424 |
from lapTs zip;
|
|
|
425 |
have "G \\<turnstile> map Some apTs <=l map Some list"; by (simp add: all_widen_is_sup_loc);
|
|
|
426 |
with 1;
|
|
|
427 |
have "G \\<turnstile> map Some a <=l map Some list"; by (rule sup_loc_trans);
|
|
|
428 |
with l lapTs;
|
|
|
429 |
show "\\<forall>x\\<in>set (zip a list). x \\<in> widen G"; by (simp add: all_widen_is_sup_loc);
|
|
|
430 |
|
|
|
431 |
qed;
|
|
|
432 |
thus "\\<exists> apTs X ST'. ?A apTs X ST'"; by blast;
|
|
|
433 |
qed;
|
|
|
434 |
thus ?thesis; by blast;
|
|
9376
|
435 |
qed
|
|
|
436 |
qed
|
|
|
437 |
qed
|
|
|
438 |
qed
|
|
|
439 |
qed
|
|
|
440 |
qed
|
|
|
441 |
qed
|
|
|
442 |
qed
|
|
9012
|
443 |
|
|
|
444 |
lemma sup_loc_some:
|
|
|
445 |
"\\<forall> y n. (G \\<turnstile> b <=l y) \\<longrightarrow> n < length y \\<longrightarrow> y!n = Some t \\<longrightarrow> (\\<exists>t. b!n = Some t \\<and> (G \\<turnstile> (b!n) <=o (y!n)))" (is "?P b");
|
|
|
446 |
proof (induct "?P" b);
|
|
|
447 |
show "?P []"; by simp;
|
|
|
448 |
|
|
|
449 |
case Cons;
|
|
|
450 |
show "?P (a#list)";
|
|
|
451 |
proof (clarsimp_tac simp add: list_all2_Cons1 sup_loc_def);
|
|
|
452 |
fix z zs n;
|
|
|
453 |
assume * :
|
|
|
454 |
"G \\<turnstile> a <=o z" "list_all2 (sup_ty_opt G) list zs"
|
|
|
455 |
"n < Suc (length zs)" "(z # zs) ! n = Some t";
|
|
|
456 |
|
|
|
457 |
show "(\\<exists>t. (a # list) ! n = Some t) \\<and> G \\<turnstile>(a # list) ! n <=o Some t";
|
|
|
458 |
proof (cases n);
|
|
|
459 |
case 0;
|
|
|
460 |
with *; show ?thesis; by (simp add: sup_ty_opt_some);
|
|
|
461 |
next;
|
|
|
462 |
case Suc;
|
|
|
463 |
with Cons *;
|
|
|
464 |
show ?thesis; by (simp add: sup_loc_def);
|
|
|
465 |
qed;
|
|
|
466 |
qed;
|
|
|
467 |
qed;
|
|
|
468 |
|
|
|
469 |
lemma mono_load:
|
|
|
470 |
"\\<lbrakk>G \\<turnstile> (a, b) <=s (x, y); n < length y; y!n = Some t\\<rbrakk> \\<Longrightarrow> \\<exists>ts. b!n = Some ts \\<and> G \\<turnstile> (ts#a, b) <=s (t#x, y)";
|
|
|
471 |
proof (clarsimp_tac simp add: sup_state_def);
|
|
|
472 |
assume "G \\<turnstile> b <=l y" "n < length y" "y!n = Some t";
|
|
|
473 |
thus "\\<exists>ts. b ! n = Some ts \\<and> G\\<turnstile>ts\\<preceq>t";
|
|
|
474 |
by (rule sup_loc_some [rulify, elimify], clarsimp_tac);
|
|
|
475 |
qed;
|
|
|
476 |
|
|
|
477 |
lemma mono_store:
|
|
|
478 |
"\\<lbrakk>G \\<turnstile> (a, b) <=s (ts # ST', y); n < length y\\<rbrakk> \\<Longrightarrow>
|
|
|
479 |
\\<exists> t a'. a = t#a' \\<and> G \\<turnstile> (a', b[n := Some t]) <=s (ST', y[n := Some ts])";
|
|
|
480 |
proof (clarsimp_tac simp add: sup_state_def sup_loc_Cons2);
|
|
|
481 |
fix Y YT';
|
|
|
482 |
assume * : "n < length y" "G \\<turnstile> b <=l y" "G \\<turnstile>Y <=o Some ts" "G \\<turnstile> YT' <=l map Some ST'";
|
|
|
483 |
assume "map Some a = Y # YT'";
|
|
|
484 |
hence "map Some (tl a) = YT' \\<and> Some (hd a) = Y \\<and> (\\<exists>y yt. a = y # yt)";
|
|
|
485 |
by (rule map_hd_tl);
|
|
|
486 |
with *;
|
|
|
487 |
show "\\<exists>t a'. a = t # a' \\<and> G \\<turnstile> map Some a' <=l map Some ST' \\<and> G \\<turnstile> b[n := Some t] <=l y[n := Some ts]";
|
|
|
488 |
by (clarsimp_tac simp add: sup_loc_update);
|
|
|
489 |
qed;
|
|
|
490 |
|
|
|
491 |
|
|
|
492 |
lemma PrimT_PrimT: "(G \\<turnstile> xb \\<preceq> PrimT p) = (xb = PrimT p)";
|
|
|
493 |
proof;
|
|
|
494 |
show "xb = PrimT p \\<Longrightarrow> G \\<turnstile> xb \\<preceq> PrimT p"; by blast;
|
|
|
495 |
|
|
|
496 |
show "G\\<turnstile> xb \\<preceq> PrimT p \\<Longrightarrow> xb = PrimT p";
|
|
9376
|
497 |
proof (cases xb);
|
|
9012
|
498 |
fix prim;
|
|
|
499 |
assume "xb = PrimT prim" "G\\<turnstile>xb\\<preceq>PrimT p";
|
|
|
500 |
thus ?thesis; by simp;
|
|
|
501 |
next;
|
|
|
502 |
fix ref;
|
|
|
503 |
assume "G\\<turnstile>xb\\<preceq>PrimT p" "xb = RefT ref";
|
|
|
504 |
thus ?thesis; by simp (rule widen_RefT [elimify], auto);
|
|
|
505 |
qed;
|
|
|
506 |
qed;
|
|
|
507 |
|
|
|
508 |
|
|
|
509 |
lemma wtl_inst_pseudo_mono:
|
|
|
510 |
"\\<lbrakk>wtl_inst i G rT s1 s1' cert mpc pc; fits ins cert phi; pc < length ins; wf_prog wf_mb G;
|
|
|
511 |
G \\<turnstile> s2 <=s s1; i = ins!pc\\<rbrakk> \\<Longrightarrow>
|
|
|
512 |
\\<exists> s2'. wtl_inst (ins!pc) G rT s2 s2' cert mpc pc \\<and> (G \\<turnstile> s2' <=s s1' \\<or> (\\<exists>s. cert!(Suc pc) = Some s \\<and> G \\<turnstile> s2' <=s s))";
|
|
|
513 |
proof (simp only:);
|
|
|
514 |
assume 1 : "wtl_inst (ins ! pc) G rT s1 s1' cert mpc pc" "G \\<turnstile> s2 <=s s1" "pc < length ins";
|
|
|
515 |
assume 2 : "fits ins cert phi" "wf_prog wf_mb G" "i = ins!pc";
|
|
|
516 |
|
|
|
517 |
have 3: "\\<exists> a b. s2 = (a,b)"; by simp;
|
|
|
518 |
|
|
|
519 |
show ?thesis;
|
|
9376
|
520 |
proof (cases "ins ! pc", insert 1, insert 3);
|
|
9012
|
521 |
|
|
9376
|
522 |
case Load
|
|
|
523 |
with 1 3
|
|
|
524 |
show ?thesis; by (elim, clarsimp_tac) (rule mono_load [elimify], auto simp add: sup_state_length_snd);
|
|
|
525 |
next
|
|
|
526 |
case Store;
|
|
|
527 |
with 1 3;
|
|
|
528 |
show ?thesis; by (elim, clarsimp_tac) (rule mono_store [elimify], auto simp add: sup_state_length_snd);
|
|
|
529 |
next
|
|
|
530 |
case Getfield;
|
|
|
531 |
with 1 3;
|
|
9012
|
532 |
show ?thesis;
|
|
9376
|
533 |
proof (elim, clarsimp_tac simp add: sup_state_Cons2);
|
|
|
534 |
fix oT x;
|
|
|
535 |
assume "G \\<turnstile> x \\<preceq> oT" "G \\<turnstile> oT \\<preceq> Class cname";
|
|
|
536 |
show "G \\<turnstile> x \\<preceq> Class cname"; by (rule widen_trans);
|
|
9012
|
537 |
qed;
|
|
9376
|
538 |
next
|
|
|
539 |
case Putfield;
|
|
|
540 |
with 1 3;
|
|
9012
|
541 |
show ?thesis;
|
|
9376
|
542 |
proof (elim, clarsimp_tac simp add: sup_state_Cons2);
|
|
|
543 |
fix x xa vT oT T;
|
|
|
544 |
assume "G \\<turnstile> x \\<preceq> vT" "G \\<turnstile> vT \\<preceq> T";
|
|
|
545 |
hence * : "G \\<turnstile> x \\<preceq> T"; by (rule widen_trans);
|
|
9012
|
546 |
|
|
9376
|
547 |
assume "G \\<turnstile> xa \\<preceq> oT" "G \\<turnstile> oT \\<preceq> Class cname";
|
|
|
548 |
hence "G \\<turnstile> xa \\<preceq> Class cname"; by (rule widen_trans);
|
|
|
549 |
|
|
|
550 |
with *
|
|
|
551 |
show "(G \\<turnstile> xa \\<preceq> Class cname) \\<and> (G \\<turnstile> x \\<preceq> T)"; by blast;
|
|
|
552 |
qed
|
|
|
553 |
next
|
|
|
554 |
case Checkcast;
|
|
|
555 |
with 1 3;
|
|
|
556 |
show ?thesis; by (elim, clarsimp_tac simp add: sup_state_Cons2) (rule widen_RefT2);
|
|
|
557 |
next
|
|
|
558 |
case Invoke;
|
|
9012
|
559 |
with 1 2 3;
|
|
|
560 |
show ?thesis; by elim (rule method_inv_pseudo_mono [elimify], simp+);
|
|
9376
|
561 |
next
|
|
|
562 |
case Return;
|
|
9012
|
563 |
with 1 3;
|
|
|
564 |
show ?thesis;
|
|
9376
|
565 |
proof (elim, clarsimp_tac simp add: sup_state_Cons2 simp del: split_paired_Ex);
|
|
|
566 |
fix x T;
|
|
|
567 |
assume "G\\<turnstile>x\\<preceq>T" "G\\<turnstile>T\\<preceq>rT";
|
|
|
568 |
thus "G\\<turnstile>x\\<preceq>rT"; by (rule widen_trans);
|
|
|
569 |
qed
|
|
|
570 |
next
|
|
|
571 |
case Goto;
|
|
|
572 |
with 1 3;
|
|
9012
|
573 |
show ?thesis;
|
|
9376
|
574 |
proof (elim, clarsimp_tac simp del: split_paired_Ex);
|
|
|
575 |
fix a b x y;
|
|
|
576 |
assume "G \\<turnstile> (a, b) <=s s1" "G \\<turnstile> s1 <=s (x, y)";
|
|
|
577 |
thus "G \\<turnstile> (a, b) <=s (x, y)"; by (rule sup_state_trans);
|
|
|
578 |
qed
|
|
|
579 |
next
|
|
|
580 |
case Ifcmpeq;
|
|
|
581 |
with 1 3;
|
|
|
582 |
show ?thesis
|
|
|
583 |
proof (elim, clarsimp_tac simp add: sup_state_Cons2, intro conjI);
|
|
|
584 |
fix xt' b ST' y c d;
|
|
|
585 |
assume "G \\<turnstile> (xt', b) <=s (ST', y)" "G \\<turnstile> (ST', y) <=s (c, d)";
|
|
|
586 |
thus "G \\<turnstile> (xt', b) <=s (c, d)"; by (rule sup_state_trans);
|
|
9012
|
587 |
next;
|
|
9376
|
588 |
fix ts ts' x xa;
|
|
|
589 |
assume * :
|
|
|
590 |
"(\\<exists>p. ts = PrimT p \\<and> ts' = PrimT p) \\<or> (\\<exists>r. ts = RefT r) \\<and> (\\<exists>r'. ts' = RefT r')";
|
|
|
591 |
|
|
|
592 |
assume x: "G\\<turnstile>x\\<preceq>ts" "G\\<turnstile>xa\\<preceq>ts'";
|
|
|
593 |
|
|
|
594 |
show "(\\<exists>p. x = PrimT p \\<and> xa = PrimT p) \\<or> (\\<exists>r. x = RefT r) \\<and> (\\<exists>r'. xa = RefT r')";
|
|
|
595 |
proof (cases x);
|
|
|
596 |
case PrimT;
|
|
|
597 |
with * x;
|
|
|
598 |
show ?thesis; by (auto simp add: PrimT_PrimT);
|
|
9012
|
599 |
next;
|
|
9376
|
600 |
case RefT;
|
|
|
601 |
hence 1: "\\<exists>r. x = RefT r"; by blast;
|
|
|
602 |
|
|
|
603 |
have "\\<exists>r'. xa = RefT r'";
|
|
|
604 |
proof (cases xa);
|
|
|
605 |
case PrimT;
|
|
|
606 |
with RefT * x;
|
|
|
607 |
have "False"; by auto (rule widen_RefT [elimify], auto);
|
|
|
608 |
thus ?thesis; by blast;
|
|
|
609 |
qed blast;
|
|
9012
|
610 |
|
|
9376
|
611 |
with 1
|
|
|
612 |
show ?thesis by blast
|
|
|
613 |
qed
|
|
|
614 |
qed
|
|
|
615 |
qed (elim, clarsimp_tac simp add: sup_state_Cons1 sup_state_Cons2 PrimT_PrimT)+
|
|
|
616 |
qed
|
|
9012
|
617 |
|
|
|
618 |
lemma wtl_inst_last_mono:
|
|
|
619 |
"\\<lbrakk>wtl_inst i G rT s1 s1' cert (Suc pc) pc; G \\<turnstile> s2 <=s s1\\<rbrakk> \\<Longrightarrow>
|
|
|
620 |
\\<exists>s2'. wtl_inst i G rT s2 s2' cert (Suc pc) pc \\<and> (G \\<turnstile> s2' <=s s1')";
|
|
|
621 |
proof -;
|
|
|
622 |
assume * : "wtl_inst i G rT s1 s1' cert (Suc pc) pc" "G \\<turnstile> s2 <=s s1";
|
|
|
623 |
|
|
9376
|
624 |
show ?thesis
|
|
|
625 |
proof (cases i, insert *)
|
|
|
626 |
case Return with *
|
|
|
627 |
show ?thesis
|
|
|
628 |
by (clarsimp_tac simp del: split_paired_Ex simp add: sup_state_Cons2)
|
|
|
629 |
(rule widen_trans, blast+);
|
|
|
630 |
next
|
|
|
631 |
case Goto with *
|
|
|
632 |
show ?thesis
|
|
9012
|
633 |
by (clarsimp_tac simp del: split_paired_Ex simp add: sup_state_Cons2)
|
|
|
634 |
(rule sup_state_trans, blast+);
|
|
9376
|
635 |
qed auto
|
|
|
636 |
qed
|
|
|
637 |
|
|
9012
|
638 |
|
|
|
639 |
lemma wtl_option_last_mono:
|
|
|
640 |
"\\<lbrakk>wtl_inst_option i G rT s1 s1' cert mpc pc; mpc = Suc pc; G \\<turnstile> s2 <=s s1\\<rbrakk> \\<Longrightarrow>
|
|
|
641 |
\\<exists>s2'. wtl_inst_option i G rT s2 s2' cert mpc pc \\<and> (G \\<turnstile> s2' <=s s1')";
|
|
|
642 |
proof (simp only: );
|
|
|
643 |
assume G: "G \\<turnstile> s2 <=s s1";
|
|
|
644 |
assume w: "wtl_inst_option i G rT s1 s1' cert (Suc pc) pc";
|
|
|
645 |
|
|
|
646 |
show "\\<exists>s2'. wtl_inst_option i G rT s2 s2' cert (Suc pc) pc \\<and> (G \\<turnstile> s2' <=s s1')";
|
|
|
647 |
proof (cases "cert!pc");
|
|
|
648 |
case None;
|
|
|
649 |
with G w;
|
|
|
650 |
show ?thesis; by (simp add: wtl_inst_option_def wtl_inst_last_mono del: split_paired_Ex);
|
|
|
651 |
next;
|
|
|
652 |
case Some;
|
|
|
653 |
with G w;
|
|
|
654 |
have o: "G \\<turnstile> s1 <=s a \\<and> wtl_inst i G rT a s1' cert (Suc pc) pc";
|
|
|
655 |
by (simp add: wtl_inst_option_def);
|
|
|
656 |
hence w' : "wtl_inst i G rT a s1' cert (Suc pc) pc"; ..;
|
|
|
657 |
|
|
|
658 |
from o G;
|
|
|
659 |
have G' : "G \\<turnstile> s2 <=s a"; by - (rule sup_state_trans, blast+);
|
|
|
660 |
|
|
|
661 |
from o;
|
|
|
662 |
have "\\<exists>s2'. wtl_inst i G rT a s2' cert (Suc pc) pc \\<and> G \\<turnstile> s2' <=s s1'";
|
|
|
663 |
by elim (rule wtl_inst_last_mono, auto);
|
|
|
664 |
|
|
|
665 |
with Some w G';
|
|
|
666 |
show ?thesis; by (auto simp add: wtl_inst_option_def);
|
|
|
667 |
qed;
|
|
|
668 |
qed;
|
|
|
669 |
|
|
|
670 |
lemma wt_instr_imp_wtl_inst:
|
|
|
671 |
"\\<lbrakk>wt_instr (ins!pc) G rT phi max_pc pc; fits ins cert phi;
|
|
|
672 |
pc < length ins; length ins = max_pc\\<rbrakk> \\<Longrightarrow>
|
|
|
673 |
\\<exists> s. wtl_inst (ins!pc) G rT (phi!pc) s cert max_pc pc \\<and> G \\<turnstile> s <=s phi ! Suc pc";
|
|
9376
|
674 |
proof -
|
|
9012
|
675 |
assume * : "wt_instr (ins!pc) G rT phi max_pc pc" "fits ins cert phi"
|
|
9376
|
676 |
"pc < length ins" "length ins = max_pc"
|
|
|
677 |
|
|
|
678 |
have xy: "\\<exists> x y. phi!pc = (x,y)" by simp
|
|
9012
|
679 |
|
|
9376
|
680 |
show ?thesis
|
|
|
681 |
proof (cases "ins!pc", insert *, insert xy);
|
|
|
682 |
case Return with * xy
|
|
|
683 |
show ?thesis
|
|
|
684 |
by (elim, clarsimp_tac simp add: fits_def contains_dead_def simp del: split_paired_Ex);
|
|
|
685 |
next
|
|
|
686 |
case Goto with * xy
|
|
|
687 |
show ?thesis;
|
|
|
688 |
by (clarsimp_tac simp add: fits_def contains_dead_def contains_targets_def simp del: split_paired_Ex);
|
|
|
689 |
next
|
|
|
690 |
case Ifcmpeq with * xy
|
|
9012
|
691 |
show ?thesis;
|
|
9376
|
692 |
by (clarsimp_tac simp add: fits_def contains_dead_def contains_targets_def simp del: split_paired_Ex);
|
|
|
693 |
next
|
|
|
694 |
case Invoke with * xy
|
|
|
695 |
show ?thesis
|
|
|
696 |
proof (elim, clarsimp_tac simp del: split_paired_Ex)
|
|
|
697 |
fix y apTs X ST';
|
|
|
698 |
assume pc : "Suc pc < length ins";
|
|
|
699 |
assume phi : "phi ! pc = (rev apTs @ X # ST', y)" "length apTs = length list";
|
|
|
700 |
assume ** :
|
|
|
701 |
"X = NT \\<or> (\\<exists>C. X = Class C \\<and>
|
|
|
702 |
(\\<forall>x\\<in>set (zip apTs list). x \\<in> widen G) \\<and>
|
|
|
703 |
(\\<exists>D rT. (\\<exists>b. method (G, C) (mname, list) = Some (D, rT, b)) \\<and> G \\<turnstile> (rT # ST', y) <=s phi ! Suc pc))"
|
|
|
704 |
(is "?NT \\<or> ?CL");
|
|
|
705 |
|
|
|
706 |
from Invoke pc *;
|
|
|
707 |
have cert: "cert ! Suc pc = Some (phi ! Suc pc)"; by (clarsimp_tac simp add: fits_def contains_dead_def);
|
|
9012
|
708 |
|
|
9376
|
709 |
show "\\<exists>s. (\\<exists>apTsa Xa ST'a.
|
|
|
710 |
rev apTs @ X # ST' = rev apTsa @ Xa # ST'a \\<and>
|
|
|
711 |
length apTsa = length list \\<and>
|
|
9012
|
712 |
(\\<exists>s''. cert ! Suc pc = Some s'' \\<and>
|
|
|
713 |
(s'' = s \\<and> Xa = NT \\<or>
|
|
|
714 |
G \\<turnstile> s <=s s'' \\<and>
|
|
|
715 |
(\\<exists>C. Xa = Class C \\<and>
|
|
|
716 |
(\\<forall>x\\<in>set (zip apTsa list). x \\<in> widen G) \\<and>
|
|
|
717 |
(\\<exists>D rT. (\\<exists>b. method (G, C) (mname, list) = Some (D, rT, b)) \\<and> (rT # ST'a, y) = s))))) \\<and>
|
|
9376
|
718 |
G \\<turnstile> s <=s phi ! Suc pc" (is "\\<exists>s. ?P s");
|
|
|
719 |
proof (cases "X=NT");
|
|
|
720 |
case True
|
|
|
721 |
with cert phi **
|
|
|
722 |
have "?P (phi ! Suc pc)" by (force simp del: split_paired_Ex)
|
|
|
723 |
thus ?thesis by blast
|
|
|
724 |
next
|
|
|
725 |
case False
|
|
|
726 |
with **
|
|
9012
|
727 |
|
|
9376
|
728 |
have "?CL" by simp
|
|
9012
|
729 |
|
|
9376
|
730 |
thus ?thesis
|
|
|
731 |
proof (elim exE conjE);
|
|
|
732 |
fix C D rT b;
|
|
|
733 |
assume "X = Class C" "\\<forall>x\\<in>set (zip apTs list). x \\<in> widen G"
|
|
|
734 |
"G \\<turnstile> (rT # ST', y) <=s phi ! Suc pc"
|
|
|
735 |
"method (G, C) (mname, list) = Some (D, rT, b)";
|
|
|
736 |
with cert phi;
|
|
|
737 |
have "?P (rT #ST', y)" by (force simp del: split_paired_Ex)
|
|
|
738 |
thus ?thesis by blast
|
|
|
739 |
qed
|
|
|
740 |
qed
|
|
|
741 |
qed
|
|
|
742 |
qed (elim, force)+
|
|
|
743 |
qed
|
|
9012
|
744 |
|
|
|
745 |
|
|
|
746 |
lemma wt_instr_imp_wtl_option:
|
|
|
747 |
"\\<lbrakk>fits ins cert phi; pc < length ins; wt_instr (ins!pc) G rT phi max_pc pc; max_pc = length ins\\<rbrakk> \\<Longrightarrow>
|
|
|
748 |
\\<exists> s. wtl_inst_option (ins!pc) G rT (phi!pc) s cert max_pc pc \\<and> G \\<turnstile> s <=s phi ! Suc pc";
|
|
9376
|
749 |
proof -
|
|
9012
|
750 |
assume fits : "fits ins cert phi" "pc < length ins"
|
|
|
751 |
and "wt_instr (ins!pc) G rT phi max_pc pc"
|
|
|
752 |
"max_pc = length ins";
|
|
|
753 |
|
|
|
754 |
hence * : "\\<exists> s. wtl_inst (ins!pc) G rT (phi!pc) s cert max_pc pc \\<and> G \\<turnstile> s <=s phi ! Suc pc";
|
|
|
755 |
by - (rule wt_instr_imp_wtl_inst, simp+);
|
|
|
756 |
|
|
|
757 |
show ?thesis;
|
|
|
758 |
proof (cases "cert ! pc");
|
|
|
759 |
case None;
|
|
|
760 |
with *;
|
|
|
761 |
show ?thesis; by (simp add: wtl_inst_option_def);
|
|
|
762 |
|
|
|
763 |
next;
|
|
|
764 |
case Some;
|
|
|
765 |
|
|
|
766 |
from fits;
|
|
|
767 |
have "pc < length phi"; by (clarsimp_tac simp add: fits_def);
|
|
|
768 |
with fits Some;
|
|
|
769 |
have "cert ! pc = Some (phi!pc)"; by (auto simp add: fits_def is_approx_def);
|
|
|
770 |
|
|
|
771 |
with *;
|
|
|
772 |
show ?thesis; by (simp add: wtl_inst_option_def);
|
|
|
773 |
qed;
|
|
|
774 |
qed;
|
|
|
775 |
|
|
9376
|
776 |
|
|
9012
|
777 |
lemma wtl_option_pseudo_mono:
|
|
|
778 |
"\\<lbrakk>wtl_inst_option i G rT s1 s1' cert mpc pc; fits ins cert phi; pc < length ins;
|
|
|
779 |
wf_prog wf_mb G; G \\<turnstile> s2 <=s s1; i = ins!pc\\<rbrakk> \\<Longrightarrow>
|
|
|
780 |
\\<exists> s2'. wtl_inst_option (ins!pc) G rT s2 s2' cert mpc pc \\<and>
|
|
|
781 |
(G \\<turnstile> s2' <=s s1' \\<or> (\\<exists>s. cert!(Suc pc) = Some s \\<and> G \\<turnstile> s2' <=s s))";
|
|
|
782 |
proof -;
|
|
|
783 |
assume wtl: "wtl_inst_option i G rT s1 s1' cert mpc pc" and
|
|
|
784 |
fits: "fits ins cert phi" "pc < length ins"
|
|
|
785 |
"wf_prog wf_mb G" "G \\<turnstile> s2 <=s s1" "i = ins!pc";
|
|
|
786 |
|
|
|
787 |
show ?thesis;
|
|
|
788 |
proof (cases "cert!pc");
|
|
|
789 |
case None;
|
|
|
790 |
with wtl fits;
|
|
|
791 |
show ?thesis;
|
|
|
792 |
by - (rule wtl_inst_pseudo_mono [elimify], (simp add: wtl_inst_option_def)+);
|
|
|
793 |
next;
|
|
|
794 |
case Some;
|
|
|
795 |
with wtl fits;
|
|
|
796 |
|
|
|
797 |
have G: "G \\<turnstile> s2 <=s a";
|
|
|
798 |
by - (rule sup_state_trans, (simp add: wtl_inst_option_def)+);
|
|
|
799 |
|
|
|
800 |
from Some wtl;
|
|
|
801 |
have "wtl_inst i G rT a s1' cert mpc pc"; by (simp add: wtl_inst_option_def);
|
|
|
802 |
|
|
|
803 |
with G fits;
|
|
|
804 |
have "\\<exists> s2'. wtl_inst (ins!pc) G rT a s2' cert mpc pc \\<and>
|
|
|
805 |
(G \\<turnstile> s2' <=s s1' \\<or> (\\<exists>s. cert!(Suc pc) = Some s \\<and> G \\<turnstile> s2' <=s s))";
|
|
|
806 |
by - (rule wtl_inst_pseudo_mono, (simp add: wtl_inst_option_def)+);
|
|
|
807 |
|
|
|
808 |
with Some G;
|
|
|
809 |
show ?thesis; by (simp add: wtl_inst_option_def);
|
|
9376
|
810 |
qed
|
|
9012
|
811 |
qed;
|
|
|
812 |
|
|
|
813 |
|
|
|
814 |
(* main induction over instruction list *)
|
|
|
815 |
theorem wt_imp_wtl_inst_list:
|
|
|
816 |
"\\<forall> pc. (\\<forall>pc'. pc' < length ins \\<longrightarrow> wt_instr (ins ! pc') G rT phi (pc+length ins) (pc+pc')) \\<longrightarrow>
|
|
|
817 |
wf_prog wf_mb G \\<longrightarrow>
|
|
|
818 |
fits all_ins cert phi \\<longrightarrow> (\\<exists> l. pc = length l \\<and> all_ins=l@ins) \\<longrightarrow> pc < length all_ins \\<longrightarrow>
|
|
|
819 |
(\\<forall> s. (G \\<turnstile> s <=s (phi!pc)) \\<longrightarrow>
|
|
|
820 |
(\\<exists>s'. wtl_inst_list ins G rT s s' cert (pc+length ins) pc))"
|
|
|
821 |
(is "\\<forall>pc. ?C pc ins" is "?P ins");
|
|
|
822 |
proof (induct "?P" "ins");
|
|
|
823 |
case Nil;
|
|
|
824 |
show "?P []"; by simp;
|
|
|
825 |
next;
|
|
|
826 |
case Cons;
|
|
|
827 |
|
|
|
828 |
show "?P (a#list)";
|
|
|
829 |
proof (intro allI impI, elim exE conjE);
|
|
|
830 |
fix pc s l;
|
|
|
831 |
assume 1: "wf_prog wf_mb G" "fits all_ins cert phi";
|
|
|
832 |
assume 2: "pc < length all_ins" "G \\<turnstile> s <=s phi ! pc"
|
|
|
833 |
"all_ins = l @ a # list" "pc = length l";
|
|
|
834 |
|
|
|
835 |
from Cons;
|
|
|
836 |
have IH: "?C (Suc pc) list"; by blast;
|
|
|
837 |
|
|
|
838 |
assume 3: "\\<forall>pc'. pc' < length (a # list) \\<longrightarrow>
|
|
|
839 |
wt_instr ((a # list) ! pc') G rT phi (pc + length (a # list)) (pc + pc')";
|
|
|
840 |
hence 4: "\\<forall>pc'. pc' < length list \\<longrightarrow>
|
|
|
841 |
wt_instr (list ! pc') G rT phi (Suc pc + length list) (Suc pc + pc')"; by auto;
|
|
|
842 |
|
|
|
843 |
from 2;
|
|
9182
|
844 |
have 5: "a = all_ins ! pc"; by (simp add: nth_append);
|
|
9012
|
845 |
|
|
|
846 |
|
|
|
847 |
show "\\<exists>s'. wtl_inst_list (a # list) G rT s s' cert (pc + length (a # list)) pc";
|
|
|
848 |
proof (cases list);
|
|
|
849 |
case Nil;
|
|
|
850 |
|
|
|
851 |
with 1 2 3 5;
|
|
|
852 |
have "\\<exists>s'. wtl_inst_option a G rT (phi ! pc) s' cert (Suc (length l)) pc";
|
|
|
853 |
by - (rule wt_instr_imp_wtl_option [elimify], force+);
|
|
|
854 |
|
|
|
855 |
with Nil 1 2 5;
|
|
|
856 |
have "\\<exists>s'. wtl_inst_option a G rT s s' cert (Suc (length l)) pc";
|
|
|
857 |
by elim (rule wtl_option_pseudo_mono [elimify], force+);
|
|
|
858 |
|
|
|
859 |
with Nil 2;
|
|
|
860 |
show ?thesis; by auto;
|
|
|
861 |
next;
|
|
|
862 |
fix i' ins';
|
|
|
863 |
assume Cons2: "list = i' # ins'";
|
|
|
864 |
|
|
|
865 |
with IH 1 2 3;
|
|
|
866 |
have * : "\\<forall> s. (G \\<turnstile> s <=s (phi!(Suc pc))) \\<longrightarrow>
|
|
|
867 |
(\\<exists>s'. wtl_inst_list list G rT s s' cert ((Suc pc)+length list) (Suc pc))";
|
|
|
868 |
by (elim impE) force+;
|
|
|
869 |
|
|
|
870 |
from 3;
|
|
|
871 |
have "wt_instr a G rT phi (pc + length (a # list)) pc"; by auto;
|
|
|
872 |
|
|
|
873 |
with 1 2 5;
|
|
|
874 |
have "\\<exists>s1'. wtl_inst_option a G rT (phi!pc) s1' cert (Suc (pc + length list)) pc \\<and> G \\<turnstile> s1' <=s phi ! Suc pc";
|
|
|
875 |
by - (rule wt_instr_imp_wtl_option [elimify], assumption+, simp+);
|
|
|
876 |
|
|
|
877 |
hence "\\<exists>s1. wtl_inst_option a G rT s s1 cert (Suc (pc + length list)) pc \\<and>
|
|
|
878 |
(G \\<turnstile> s1 <=s (phi ! (Suc pc)) \\<or> (\\<exists>s. cert ! Suc pc = Some s \\<and> G \\<turnstile> s1 <=s s))";
|
|
|
879 |
proof elim;
|
|
|
880 |
fix s1';
|
|
|
881 |
assume "wtl_inst_option a G rT (phi!pc) s1' cert (Suc (pc + length list)) pc" and
|
|
|
882 |
a :"G \\<turnstile> s1' <=s phi ! Suc pc";
|
|
|
883 |
with 1 2 5;
|
|
|
884 |
have "\\<exists>s1. wtl_inst_option a G rT s s1 cert (Suc (pc + length list)) pc \\<and>
|
|
|
885 |
((G \\<turnstile> s1 <=s s1') \\<or> (\\<exists>s. cert ! Suc pc = Some s \\<and> G \\<turnstile> s1 <=s s))";
|
|
|
886 |
by - (rule wtl_option_pseudo_mono [elimify], simp+);
|
|
|
887 |
|
|
|
888 |
with a;
|
|
|
889 |
show ?thesis;
|
|
|
890 |
proof (elim, intro);
|
|
|
891 |
fix s1;
|
|
|
892 |
assume "G \\<turnstile> s1 <=s s1'" "G \\<turnstile> s1' <=s phi ! Suc pc";
|
|
|
893 |
show "G \\<turnstile> s1 <=s phi ! Suc pc"; by (rule sup_state_trans);
|
|
|
894 |
qed auto;
|
|
|
895 |
qed;
|
|
|
896 |
|
|
|
897 |
thus ?thesis;
|
|
|
898 |
proof (elim exE conjE);
|
|
|
899 |
fix s1;
|
|
|
900 |
assume wto: "wtl_inst_option a G rT s s1 cert (Suc (pc + length list)) pc";
|
|
|
901 |
assume Gs1: "G \\<turnstile> s1 <=s phi ! Suc pc \\<or> (\\<exists>s. cert ! Suc pc = Some s \\<and> G \\<turnstile> s1 <=s s)";
|
|
|
902 |
|
|
|
903 |
have "\\<exists>s'. wtl_inst_list list G rT s1 s' cert ((Suc pc)+length list) (Suc pc)";
|
|
|
904 |
proof (cases "G \\<turnstile> s1 <=s phi ! Suc pc");
|
|
|
905 |
case True;
|
|
|
906 |
with Gs1;
|
|
|
907 |
have "G \\<turnstile> s1 <=s phi ! Suc pc"; by simp;
|
|
|
908 |
with *;
|
|
|
909 |
show ?thesis; by blast;
|
|
|
910 |
next;
|
|
|
911 |
case False;
|
|
|
912 |
with Gs1;
|
|
|
913 |
have "\\<exists>c. cert ! Suc pc = Some c \\<and> G \\<turnstile> s1 <=s c"; by simp;
|
|
|
914 |
thus ?thesis;
|
|
|
915 |
proof elim;
|
|
|
916 |
from 1 2 Cons Cons2;
|
|
|
917 |
have "Suc pc < length phi"; by (clarsimp_tac simp add: fits_def is_approx_def);
|
|
|
918 |
|
|
|
919 |
with 1;
|
|
|
920 |
have cert: "cert ! (Suc pc) = None \\<or> cert ! (Suc pc) = Some (phi ! Suc pc)";
|
|
|
921 |
by (clarsimp_tac simp add: fits_def is_approx_def);
|
|
|
922 |
|
|
|
923 |
fix c;
|
|
|
924 |
assume "cert ! Suc pc = Some c";
|
|
|
925 |
with cert;
|
|
|
926 |
have c: "c = phi ! Suc pc"; by simp;
|
|
|
927 |
assume "G \\<turnstile> s1 <=s c";
|
|
|
928 |
with c;
|
|
|
929 |
have "G \\<turnstile> s1 <=s phi ! Suc pc"; by simp;
|
|
|
930 |
with *;
|
|
|
931 |
show ?thesis; by blast;
|
|
|
932 |
qed;
|
|
|
933 |
qed;
|
|
|
934 |
with wto;
|
|
|
935 |
show ?thesis; by (auto simp del: split_paired_Ex);
|
|
|
936 |
qed;
|
|
|
937 |
qed;
|
|
|
938 |
qed;
|
|
|
939 |
qed;
|
|
|
940 |
|
|
|
941 |
|
|
|
942 |
lemma fits_imp_wtl_method_complete:
|
|
|
943 |
"\\<lbrakk>wt_method G C pTs rT mxl ins phi; fits ins cert phi; wf_prog wf_mb G\\<rbrakk> \\<Longrightarrow> wtl_method G C pTs rT mxl ins cert";
|
|
|
944 |
by (simp add: wt_method_def wtl_method_def del: split_paired_Ex)
|
|
|
945 |
(rule wt_imp_wtl_inst_list [rulify, elimify], auto simp add: wt_start_def simp del: split_paired_Ex);
|
|
|
946 |
|
|
|
947 |
|
|
|
948 |
lemma wtl_method_complete:
|
|
|
949 |
"\\<lbrakk>wt_method G C pTs rT mxl ins phi; wf_prog wf_mb G\\<rbrakk> \\<Longrightarrow> wtl_method G C pTs rT mxl ins (make_cert ins phi)";
|
|
|
950 |
proof -;
|
|
|
951 |
assume * : "wt_method G C pTs rT mxl ins phi" "wf_prog wf_mb G";
|
|
|
952 |
|
|
|
953 |
hence "fits ins (make_cert ins phi) phi";
|
|
|
954 |
by - (rule fits_make_cert, simp add: wt_method_def);
|
|
|
955 |
|
|
|
956 |
with *;
|
|
|
957 |
show ?thesis; by - (rule fits_imp_wtl_method_complete);
|
|
|
958 |
qed;
|
|
|
959 |
|
|
|
960 |
lemma unique_set:
|
|
|
961 |
"(a,b,c,d)\\<in>set l \\<longrightarrow> unique l \\<longrightarrow> (a',b',c',d') \\<in> set l \\<longrightarrow> a = a' \\<longrightarrow> b=b' \\<and> c=c' \\<and> d=d'";
|
|
|
962 |
by (induct "l") auto;
|
|
|
963 |
|
|
|
964 |
lemma unique_epsilon:
|
|
|
965 |
"(a,b,c,d)\\<in>set l \\<longrightarrow> unique l \\<longrightarrow> (\\<epsilon> (a',b',c',d'). (a',b',c',d') \\<in> set l \\<and> a'=a) = (a,b,c,d)";
|
|
|
966 |
by (auto simp add: unique_set);
|
|
|
967 |
|
|
|
968 |
|
|
|
969 |
theorem wtl_complete: "\\<lbrakk>wt_jvm_prog G Phi\\<rbrakk> \\<Longrightarrow> wtl_jvm_prog G (make_Cert G Phi)";
|
|
|
970 |
proof (simp only: wt_jvm_prog_def);
|
|
|
971 |
|
|
|
972 |
assume wfprog: "wf_prog (\\<lambda>G C (sig,rT,maxl,b). wt_method G C (snd sig) rT maxl b (Phi C sig)) G";
|
|
|
973 |
|
|
|
974 |
thus ?thesis;
|
|
|
975 |
proof (simp add: wtl_jvm_prog_def wf_prog_def wf_cdecl_def wf_mdecl_def, auto);
|
|
|
976 |
fix a aa ab b ac ba ad ae bb;
|
|
|
977 |
assume 1 : "\\<forall>(C,sc,fs,ms)\\<in>set G.
|
|
|
978 |
Ball (set fs) (wf_fdecl G) \\<and>
|
|
|
979 |
unique fs \\<and>
|
|
|
980 |
(\\<forall>(sig,rT,mb)\\<in>set ms. wf_mhead G sig rT \\<and> (\\<lambda>(maxl,b). wt_method G C (snd sig) rT maxl b (Phi C sig)) mb) \\<and>
|
|
|
981 |
unique ms \\<and>
|
|
|
982 |
(case sc of None \\<Rightarrow> C = Object
|
|
|
983 |
| Some D \\<Rightarrow>
|
|
|
984 |
is_class G D \\<and>
|
|
|
985 |
(D, C) \\<notin> (subcls1 G)^* \\<and>
|
|
|
986 |
(\\<forall>(sig,rT,b)\\<in>set ms. \\<forall>D' rT' b'. method (G, D) sig = Some (D', rT', b') \\<longrightarrow> G\\<turnstile>rT\\<preceq>rT'))"
|
|
|
987 |
"(a, aa, ab, b) \\<in> set G";
|
|
|
988 |
|
|
|
989 |
assume uG : "unique G";
|
|
|
990 |
assume b : "((ac, ba), ad, ae, bb) \\<in> set b";
|
|
|
991 |
|
|
|
992 |
from 1;
|
|
|
993 |
show "wtl_method G a ba ad ae bb (make_Cert G Phi a (ac, ba))";
|
|
|
994 |
proof (rule bspec [elimify], clarsimp_tac);
|
|
|
995 |
assume ub : "unique b";
|
|
|
996 |
assume m: "\\<forall>(sig,rT,mb)\\<in>set b. wf_mhead G sig rT \\<and> (\\<lambda>(maxl,b). wt_method G a (snd sig) rT maxl b (Phi a sig)) mb";
|
|
|
997 |
from m b;
|
|
|
998 |
show ?thesis;
|
|
|
999 |
proof (rule bspec [elimify], clarsimp_tac);
|
|
|
1000 |
assume "wt_method G a ba ad ae bb (Phi a (ac, ba))";
|
|
|
1001 |
with wfprog uG ub b 1;
|
|
|
1002 |
show ?thesis;
|
|
|
1003 |
by - (rule wtl_method_complete [elimify], assumption+, simp add: make_Cert_def unique_epsilon);
|
|
|
1004 |
qed;
|
|
|
1005 |
qed;
|
|
|
1006 |
qed;
|
|
|
1007 |
qed;
|
|
|
1008 |
|
|
|
1009 |
end;
|