368 |
321 |
369 lemma evaln_Skip_eq [simp]: "G\<turnstile>s \<midarrow>Skip\<midarrow>n\<rightarrow> s' = (s = s')" |
322 lemma evaln_Skip_eq [simp]: "G\<turnstile>s \<midarrow>Skip\<midarrow>n\<rightarrow> s' = (s = s')" |
370 apply auto |
323 apply auto |
371 done |
324 done |
372 |
325 |
|
326 lemma evaln_eval: |
|
327 (assumes evaln: "G\<turnstile>s0 \<midarrow>t\<succ>\<midarrow>n\<rightarrow> (v,s1)" and |
|
328 wt: "\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile>t\<Colon>T" and |
|
329 conf_s0: "s0\<Colon>\<preceq>(G, L)" and |
|
330 wf: "wf_prog G" |
|
331 |
|
332 ) "G\<turnstile>s0 \<midarrow>t\<succ>\<rightarrow> (v,s1)" |
|
333 proof - |
|
334 from evaln |
|
335 show "\<And> L accC T. \<lbrakk>s0\<Colon>\<preceq>(G, L);\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile>t\<Colon>T\<rbrakk> |
|
336 \<Longrightarrow> G\<turnstile>s0 \<midarrow>t\<succ>\<rightarrow> (v,s1)" |
|
337 (is "PROP ?EqEval s0 s1 t v") |
|
338 proof (induct) |
|
339 case Abrupt |
|
340 show ?case by (rule eval.Abrupt) |
|
341 next |
|
342 case LVar |
|
343 show ?case by (rule eval.LVar) |
|
344 next |
|
345 case (FVar a accC' e fn n s0 s1 s2 s2' stat statDeclC v L accC T) |
|
346 have eval_initn: "G\<turnstile>Norm s0 \<midarrow>Init statDeclC\<midarrow>n\<rightarrow> s1" . |
|
347 have eval_en: "G\<turnstile>s1 \<midarrow>e-\<succ>a\<midarrow>n\<rightarrow> s2" . |
|
348 have hyp_init: "PROP ?EqEval (Norm s0) s1 (In1r (Init statDeclC)) \<diamondsuit>" . |
|
349 have hyp_e: "PROP ?EqEval s1 s2 (In1l e) (In1 a)" . |
|
350 have fvar: "(v, s2') = fvar statDeclC stat fn a s2" . |
|
351 have conf_s0: "Norm s0\<Colon>\<preceq>(G, L)" . |
|
352 have wt: "\<lparr>prg=G, cls=accC, lcl=L\<rparr>\<turnstile>In2 ({accC',statDeclC,stat}e..fn)\<Colon>T" . |
|
353 then obtain statC f where |
|
354 wt_e: "\<lparr>prg=G, cls=accC, lcl=L\<rparr>\<turnstile>e\<Colon>-Class statC" and |
|
355 accfield: "accfield G accC statC fn = Some (statDeclC,f)" and |
|
356 stat: "stat=is_static f" and |
|
357 accC': "accC'=accC" and |
|
358 T: "T=(Inl (type f))" |
|
359 by (rule wt_elim_cases) (auto simp add: member_is_static_simp) |
|
360 from wf wt_e |
|
361 have iscls_statC: "is_class G statC" |
|
362 by (auto dest: ty_expr_is_type type_is_class) |
|
363 with wf accfield |
|
364 have iscls_statDeclC: "is_class G statDeclC" |
|
365 by (auto dest!: accfield_fields dest: fields_declC) |
|
366 then |
|
367 have wt_init: "\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>(Init statDeclC)\<Colon>\<surd>" |
|
368 by simp |
|
369 from conf_s0 wt_init |
|
370 have eval_init: "G\<turnstile>Norm s0 \<midarrow>Init statDeclC\<rightarrow> s1" |
|
371 by (rule hyp_init) |
|
372 with wt_init conf_s0 wf |
|
373 have conf_s1: "s1\<Colon>\<preceq>(G, L)" |
|
374 by (blast dest: exec_ts) |
|
375 with hyp_e wt_e |
|
376 have eval_e: "G\<turnstile>s1 \<midarrow>e-\<succ>a\<rightarrow> s2" |
|
377 by blast |
|
378 with wf conf_s1 wt_e |
|
379 obtain conf_s2: "s2\<Colon>\<preceq>(G, L)" and |
|
380 conf_a: "normal s2 \<longrightarrow> G,store s2\<turnstile>a\<Colon>\<preceq>Class statC" |
|
381 by (auto dest!: eval_type_sound) |
|
382 obtain s3 where |
|
383 check: "s3 = check_field_access G accC statDeclC fn stat a s2'" |
|
384 by simp |
|
385 from accfield wt_e eval_init eval_e conf_s2 conf_a fvar stat check wf |
|
386 have eq_s3_s2': "s3=s2'" |
|
387 by (auto dest!: error_free_field_access) |
|
388 with eval_init eval_e fvar check accC' |
|
389 show "G\<turnstile>Norm s0 \<midarrow>{accC',statDeclC,stat}e..fn=\<succ>v\<rightarrow> s2'" |
|
390 by (auto intro: eval.FVar) |
|
391 next |
|
392 case AVar |
|
393 with wf show ?case |
|
394 apply - |
|
395 apply (erule wt_elim_cases) |
|
396 apply (blast intro!: eval.AVar dest: eval_type_sound) |
|
397 done |
|
398 next |
|
399 case NewC |
|
400 with wf show ?case |
|
401 apply - |
|
402 apply (erule wt_elim_cases) |
|
403 apply (blast intro!: eval.NewC dest: eval_type_sound is_acc_classD) |
|
404 done |
|
405 next |
|
406 case (NewA T a e i n s0 s1 s2 s3 L accC Ta) |
|
407 have hyp_init: "PROP ?EqEval (Norm s0) s1 (In1r (init_comp_ty T)) \<diamondsuit>" . |
|
408 have hyp_size: "PROP ?EqEval s1 s2 (In1l e) (In1 i)" . |
|
409 have "\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>In1l (New T[e])\<Colon>Ta" . |
|
410 then obtain |
|
411 wt_init: "\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>init_comp_ty T\<Colon>\<surd>" and |
|
412 wt_size: "\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>e\<Colon>-PrimT Integer" |
|
413 by (rule wt_elim_cases) (auto intro: wt_init_comp_ty dest: is_acc_typeD) |
|
414 have conf_s0: "Norm s0\<Colon>\<preceq>(G, L)" . |
|
415 from this wt_init |
|
416 have eval_init: "G\<turnstile>Norm s0 \<midarrow>init_comp_ty T\<rightarrow> s1" |
|
417 by (rule hyp_init) |
|
418 moreover |
|
419 from eval_init wt_init wf conf_s0 |
|
420 have "s1\<Colon>\<preceq>(G, L)" |
|
421 by (auto dest: eval_type_sound) |
|
422 from this wt_size |
|
423 have "G\<turnstile>s1 \<midarrow>e-\<succ>i\<rightarrow> s2" |
|
424 by (rule hyp_size) |
|
425 moreover note NewA |
|
426 ultimately show ?case |
|
427 by (blast intro!: eval.NewA) |
|
428 next |
|
429 case Cast |
|
430 with wf show ?case |
|
431 by - (erule wt_elim_cases, rule eval.Cast,auto dest: eval_type_sound) |
|
432 next |
|
433 case Inst |
|
434 with wf show ?case |
|
435 by - (erule wt_elim_cases, rule eval.Inst,auto dest: eval_type_sound) |
|
436 next |
|
437 case Lit |
|
438 show ?case by (rule eval.Lit) |
|
439 next |
|
440 case Super |
|
441 show ?case by (rule eval.Super) |
|
442 next |
|
443 case Acc |
|
444 then show ?case |
|
445 by - (erule wt_elim_cases, rule eval.Acc,auto dest: eval_type_sound) |
|
446 next |
|
447 case Ass |
|
448 with wf show ?case |
|
449 by - (erule wt_elim_cases, blast intro!: eval.Ass dest: eval_type_sound) |
|
450 next |
|
451 case (Cond b e0 e1 e2 n s0 s1 s2 v L accC T) |
|
452 have hyp_e0: "PROP ?EqEval (Norm s0) s1 (In1l e0) (In1 b)" . |
|
453 have hyp_if: "PROP ?EqEval s1 s2 |
|
454 (In1l (if the_Bool b then e1 else e2)) (In1 v)" . |
|
455 have conf_s0: "Norm s0\<Colon>\<preceq>(G, L)" . |
|
456 have wt: "\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>In1l (e0 ? e1 : e2)\<Colon>T" . |
|
457 then obtain T1 T2 statT where |
|
458 wt_e0: "\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>e0\<Colon>-PrimT Boolean" and |
|
459 wt_e1: "\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>e1\<Colon>-T1" and |
|
460 wt_e2: "\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>e2\<Colon>-T2" and |
|
461 statT: "G\<turnstile>T1\<preceq>T2 \<and> statT = T2 \<or> G\<turnstile>T2\<preceq>T1 \<and> statT = T1" and |
|
462 T : "T=Inl statT" |
|
463 by (rule wt_elim_cases) auto |
|
464 from conf_s0 wt_e0 |
|
465 have eval_e0: "G\<turnstile>Norm s0 \<midarrow>e0-\<succ>b\<rightarrow> s1" |
|
466 by (rule hyp_e0) |
|
467 moreover |
|
468 from eval_e0 conf_s0 wf wt_e0 |
|
469 have "s1\<Colon>\<preceq>(G, L)" |
|
470 by (blast dest: eval_type_sound) |
|
471 with wt_e1 wt_e2 statT hyp_if |
|
472 have "G\<turnstile>s1 \<midarrow>(if the_Bool b then e1 else e2)-\<succ>v\<rightarrow> s2" |
|
473 by (cases "the_Bool b") auto |
|
474 ultimately |
|
475 show ?case |
|
476 by (rule eval.Cond) |
|
477 next |
|
478 case (Call invDeclC a' accC' args e mn mode n pTs' s0 s1 s2 s4 statT |
|
479 v vs L accC T) |
|
480 (* Repeats large parts of the type soundness proof. One should factor |
|
481 out some lemmata about the relations and conformance of s2, s3 and s3'*) |
|
482 have evaln_e: "G\<turnstile>Norm s0 \<midarrow>e-\<succ>a'\<midarrow>n\<rightarrow> s1" . |
|
483 have evaln_args: "G\<turnstile>s1 \<midarrow>args\<doteq>\<succ>vs\<midarrow>n\<rightarrow> s2" . |
|
484 have invDeclC: "invDeclC |
|
485 = invocation_declclass G mode (store s2) a' statT |
|
486 \<lparr>name = mn, parTs = pTs'\<rparr>" . |
|
487 let ?InitLvars |
|
488 = "init_lvars G invDeclC \<lparr>name = mn, parTs = pTs'\<rparr> mode a' vs s2" |
|
489 obtain s3 s3' where |
|
490 init_lvars: "s3 = |
|
491 init_lvars G invDeclC \<lparr>name = mn, parTs = pTs'\<rparr> mode a' vs s2" and |
|
492 check: "s3' = |
|
493 check_method_access G accC' statT mode \<lparr>name = mn, parTs = pTs'\<rparr> a' s3" |
|
494 by simp |
|
495 have evaln_methd: |
|
496 "G\<turnstile>?InitLvars \<midarrow>Methd invDeclC \<lparr>name = mn, parTs = pTs'\<rparr>-\<succ>v\<midarrow>n\<rightarrow> s4" . |
|
497 have hyp_e: "PROP ?EqEval (Norm s0) s1 (In1l e) (In1 a')" . |
|
498 have hyp_args: "PROP ?EqEval s1 s2 (In3 args) (In3 vs)" . |
|
499 have hyp_methd: "PROP ?EqEval ?InitLvars s4 |
|
500 (In1l (Methd invDeclC \<lparr>name = mn, parTs = pTs'\<rparr>)) (In1 v)". |
|
501 have conf_s0: "Norm s0\<Colon>\<preceq>(G, L)" . |
|
502 have wt: "\<lparr>prg=G, cls=accC, lcl=L\<rparr> |
|
503 \<turnstile>In1l ({accC',statT,mode}e\<cdot>mn( {pTs'}args))\<Colon>T" . |
|
504 from wt obtain pTs statDeclT statM where |
|
505 wt_e: "\<lparr>prg=G, cls=accC, lcl=L\<rparr>\<turnstile>e\<Colon>-RefT statT" and |
|
506 wt_args: "\<lparr>prg=G, cls=accC, lcl=L\<rparr>\<turnstile>args\<Colon>\<doteq>pTs" and |
|
507 statM: "max_spec G accC statT \<lparr>name=mn,parTs=pTs\<rparr> |
|
508 = {((statDeclT,statM),pTs')}" and |
|
509 mode: "mode = invmode statM e" and |
|
510 T: "T =Inl (resTy statM)" and |
|
511 eq_accC_accC': "accC=accC'" |
|
512 by (rule wt_elim_cases) auto |
|
513 from conf_s0 wt_e hyp_e |
|
514 have eval_e: "G\<turnstile>Norm s0 \<midarrow>e-\<succ>a'\<rightarrow> s1" |
|
515 by blast |
|
516 with wf conf_s0 wt_e |
|
517 obtain conf_s1: "s1\<Colon>\<preceq>(G, L)" and |
|
518 conf_a': "normal s1 \<Longrightarrow> G, store s1\<turnstile>a'\<Colon>\<preceq>RefT statT" |
|
519 by (auto dest!: eval_type_sound) |
|
520 from conf_s1 wt_args hyp_args |
|
521 have eval_args: "G\<turnstile>s1 \<midarrow>args\<doteq>\<succ>vs\<rightarrow> s2" |
|
522 by blast |
|
523 with wt_args conf_s1 wf |
|
524 obtain conf_s2: "s2\<Colon>\<preceq>(G, L)" and |
|
525 conf_args: "normal s2 |
|
526 \<Longrightarrow> list_all2 (conf G (store s2)) vs pTs" |
|
527 by (auto dest!: eval_type_sound) |
|
528 from statM |
|
529 obtain |
|
530 statM': "(statDeclT,statM)\<in>mheads G accC statT \<lparr>name=mn,parTs=pTs'\<rparr>" and |
|
531 pTs_widen: "G\<turnstile>pTs[\<preceq>]pTs'" |
|
532 by (blast dest: max_spec2mheads) |
|
533 from check |
|
534 have eq_store_s3'_s3: "store s3'=store s3" |
|
535 by (cases s3) (simp add: check_method_access_def Let_def) |
|
536 obtain invC |
|
537 where invC: "invC = invocation_class mode (store s2) a' statT" |
|
538 by simp |
|
539 with init_lvars |
|
540 have invC': "invC = (invocation_class mode (store s3) a' statT)" |
|
541 by (cases s2,cases mode) (auto simp add: init_lvars_def2 ) |
|
542 show "G\<turnstile>Norm s0 \<midarrow>{accC',statT,mode}e\<cdot>mn( {pTs'}args) |
|
543 -\<succ>v\<rightarrow> (set_lvars (locals (store s2))) s4" |
|
544 proof (cases "normal s2") |
|
545 case False |
|
546 with init_lvars |
|
547 obtain keep_abrupt: "abrupt s3 = abrupt s2" and |
|
548 "store s3 = store (init_lvars G invDeclC \<lparr>name = mn, parTs = pTs'\<rparr> |
|
549 mode a' vs s2)" |
|
550 by (auto simp add: init_lvars_def2) |
|
551 moreover |
|
552 from keep_abrupt False check |
|
553 have eq_s3'_s3: "s3'=s3" |
|
554 by (auto simp add: check_method_access_def Let_def) |
|
555 moreover |
|
556 from eq_s3'_s3 False keep_abrupt evaln_methd init_lvars |
|
557 obtain "s4=s3'" |
|
558 "In1 v=arbitrary3 (In1l (Methd invDeclC \<lparr>name = mn, parTs = pTs'\<rparr>))" |
|
559 by auto |
|
560 moreover note False |
|
561 ultimately have |
|
562 "G\<turnstile>s3' \<midarrow>Methd invDeclC \<lparr>name = mn, parTs = pTs'\<rparr>-\<succ>v\<rightarrow> s4" |
|
563 by (auto) |
|
564 from eval_e eval_args invDeclC init_lvars check this |
|
565 show ?thesis |
|
566 by (rule eval.Call) |
|
567 next |
|
568 case True |
|
569 note normal_s2 = True |
|
570 with eval_args |
|
571 have normal_s1: "normal s1" |
|
572 by (cases "normal s1") auto |
|
573 with conf_a' eval_args |
|
574 have conf_a'_s2: "G, store s2\<turnstile>a'\<Colon>\<preceq>RefT statT" |
|
575 by (auto dest: eval_gext intro: conf_gext) |
|
576 show ?thesis |
|
577 proof (cases "a'=Null \<longrightarrow> is_static statM") |
|
578 case False |
|
579 then obtain not_static: "\<not> is_static statM" and Null: "a'=Null" |
|
580 by blast |
|
581 with normal_s2 init_lvars mode |
|
582 obtain np: "abrupt s3 = Some (Xcpt (Std NullPointer))" and |
|
583 "store s3 = store (init_lvars G invDeclC |
|
584 \<lparr>name = mn, parTs = pTs'\<rparr> mode a' vs s2)" |
|
585 by (auto simp add: init_lvars_def2) |
|
586 moreover |
|
587 from np check |
|
588 have eq_s3'_s3: "s3'=s3" |
|
589 by (auto simp add: check_method_access_def Let_def) |
|
590 moreover |
|
591 from eq_s3'_s3 np evaln_methd init_lvars |
|
592 obtain "s4=s3'" |
|
593 "In1 v=arbitrary3 (In1l (Methd invDeclC \<lparr>name = mn, parTs = pTs'\<rparr>))" |
|
594 by auto |
|
595 moreover note np |
|
596 ultimately have |
|
597 "G\<turnstile>s3' \<midarrow>Methd invDeclC \<lparr>name = mn, parTs = pTs'\<rparr>-\<succ>v\<rightarrow> s4" |
|
598 by (auto) |
|
599 from eval_e eval_args invDeclC init_lvars check this |
|
600 show ?thesis |
|
601 by (rule eval.Call) |
|
602 next |
|
603 case True |
|
604 with mode have notNull: "mode = IntVir \<longrightarrow> a' \<noteq> Null" |
|
605 by (auto dest!: Null_staticD) |
|
606 with conf_s2 conf_a'_s2 wf invC |
|
607 have dynT_prop: "G\<turnstile>mode\<rightarrow>invC\<preceq>statT" |
|
608 by (cases s2) (auto intro: DynT_propI) |
|
609 with wt_e statM' invC mode wf |
|
610 obtain dynM where |
|
611 dynM: "dynlookup G statT invC \<lparr>name=mn,parTs=pTs'\<rparr> = Some dynM" and |
|
612 acc_dynM: "G \<turnstile>Methd \<lparr>name=mn,parTs=pTs'\<rparr> dynM |
|
613 in invC dyn_accessible_from accC" |
|
614 by (force dest!: call_access_ok) |
|
615 with invC' check eq_accC_accC' |
|
616 have eq_s3'_s3: "s3'=s3" |
|
617 by (auto simp add: check_method_access_def Let_def) |
|
618 from dynT_prop wf wt_e statM' mode invC invDeclC dynM |
|
619 obtain |
|
620 wf_dynM: "wf_mdecl G invDeclC (\<lparr>name=mn,parTs=pTs'\<rparr>,mthd dynM)" and |
|
621 dynM': "methd G invDeclC \<lparr>name=mn,parTs=pTs'\<rparr> = Some dynM" and |
|
622 iscls_invDeclC: "is_class G invDeclC" and |
|
623 invDeclC': "invDeclC = declclass dynM" and |
|
624 invC_widen: "G\<turnstile>invC\<preceq>\<^sub>C invDeclC" and |
|
625 is_static_eq: "is_static dynM = is_static statM" and |
|
626 involved_classes_prop: |
|
627 "(if invmode statM e = IntVir |
|
628 then \<forall>statC. statT = ClassT statC \<longrightarrow> G\<turnstile>invC\<preceq>\<^sub>C statC |
|
629 else ((\<exists>statC. statT = ClassT statC \<and> G\<turnstile>statC\<preceq>\<^sub>C invDeclC) \<or> |
|
630 (\<forall>statC. statT \<noteq> ClassT statC \<and> invDeclC = Object)) \<and> |
|
631 statDeclT = ClassT invDeclC)" |
|
632 by (auto dest: DynT_mheadsD) |
|
633 obtain L' where |
|
634 L':"L'=(\<lambda> k. |
|
635 (case k of |
|
636 EName e |
|
637 \<Rightarrow> (case e of |
|
638 VNam v |
|
639 \<Rightarrow>(table_of (lcls (mbody (mthd dynM))) |
|
640 (pars (mthd dynM)[\<mapsto>]pTs')) v |
|
641 | Res \<Rightarrow> Some (resTy dynM)) |
|
642 | This \<Rightarrow> if is_static statM |
|
643 then None else Some (Class invDeclC)))" |
|
644 by simp |
|
645 from wf_dynM [THEN wf_mdeclD1, THEN conjunct1] normal_s2 conf_s2 wt_e |
|
646 wf eval_args conf_a' mode notNull wf_dynM involved_classes_prop |
|
647 have conf_s3: "s3\<Colon>\<preceq>(G,L')" |
|
648 apply - |
|
649 (*FIXME confomrs_init_lvars should be |
|
650 adjusted to be more directy applicable *) |
|
651 apply (drule conforms_init_lvars [of G invDeclC |
|
652 "\<lparr>name=mn,parTs=pTs'\<rparr>" dynM "store s2" vs pTs "abrupt s2" |
|
653 L statT invC a' "(statDeclT,statM)" e]) |
|
654 apply (rule wf) |
|
655 apply (rule conf_args,assumption) |
|
656 apply (simp add: pTs_widen) |
|
657 apply (cases s2,simp) |
|
658 apply (rule dynM') |
|
659 apply (force dest: ty_expr_is_type) |
|
660 apply (rule invC_widen) |
|
661 apply (force intro: conf_gext dest: eval_gext) |
|
662 apply simp |
|
663 apply simp |
|
664 apply (simp add: invC) |
|
665 apply (simp add: invDeclC) |
|
666 apply (force dest: wf_mdeclD1 is_acc_typeD) |
|
667 apply (cases s2, simp add: L' init_lvars |
|
668 cong add: lname.case_cong ename.case_cong) |
|
669 done |
|
670 from is_static_eq wf_dynM L' |
|
671 obtain mthdT where |
|
672 "\<lparr>prg=G,cls=invDeclC,lcl=L'\<rparr> |
|
673 \<turnstile>Body invDeclC (stmt (mbody (mthd dynM)))\<Colon>-mthdT" and |
|
674 mthdT_widen: "G\<turnstile>mthdT\<preceq>resTy dynM" |
|
675 by - (drule wf_mdecl_bodyD, |
|
676 simp cong add: lname.case_cong ename.case_cong) |
|
677 with dynM' iscls_invDeclC invDeclC' |
|
678 have |
|
679 "\<lparr>prg=G,cls=invDeclC,lcl=L'\<rparr> |
|
680 \<turnstile>(Methd invDeclC \<lparr>name = mn, parTs = pTs'\<rparr>)\<Colon>-mthdT" |
|
681 by (auto intro: wt.Methd) |
|
682 with conf_s3 hyp_methd init_lvars eq_s3'_s3 |
|
683 have "G\<turnstile>s3' \<midarrow>Methd invDeclC \<lparr>name = mn, parTs = pTs'\<rparr>-\<succ>v\<rightarrow> s4" |
|
684 by auto |
|
685 from eval_e eval_args invDeclC init_lvars check this |
|
686 show ?thesis |
|
687 by (rule eval.Call) |
|
688 qed |
|
689 qed |
|
690 next |
|
691 case Methd |
|
692 with wf show ?case |
|
693 by - (erule wt_elim_cases, rule eval.Methd, |
|
694 auto dest: eval_type_sound simp add: body_def2) |
|
695 next |
|
696 case Body |
|
697 with wf show ?case |
|
698 by - (erule wt_elim_cases, blast intro!: eval.Body dest: eval_type_sound) |
|
699 next |
|
700 case Nil |
|
701 show ?case by (rule eval.Nil) |
|
702 next |
|
703 case Cons |
|
704 with wf show ?case |
|
705 by - (erule wt_elim_cases, blast intro!: eval.Cons dest: eval_type_sound) |
|
706 next |
|
707 case Skip |
|
708 show ?case by (rule eval.Skip) |
|
709 next |
|
710 case Expr |
|
711 with wf show ?case |
|
712 by - (erule wt_elim_cases, rule eval.Expr,auto dest: eval_type_sound) |
|
713 next |
|
714 case Lab |
|
715 with wf show ?case |
|
716 by - (erule wt_elim_cases, rule eval.Lab,auto dest: eval_type_sound) |
|
717 next |
|
718 case Comp |
|
719 with wf show ?case |
|
720 by - (erule wt_elim_cases, blast intro!: eval.Comp dest: eval_type_sound) |
|
721 next |
|
722 case (If b c1 c2 e n s0 s1 s2 L accC T) |
|
723 have hyp_e: "PROP ?EqEval (Norm s0) s1 (In1l e) (In1 b)" . |
|
724 have hyp_then_else: |
|
725 "PROP ?EqEval s1 s2 (In1r (if the_Bool b then c1 else c2)) \<diamondsuit>" . |
|
726 have conf_s0: "Norm s0\<Colon>\<preceq>(G, L)" . |
|
727 have wt: "\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>In1r (If(e) c1 Else c2)\<Colon>T" . |
|
728 then obtain |
|
729 wt_e: "\<lparr>prg=G, cls=accC, lcl=L\<rparr>\<turnstile>e\<Colon>-PrimT Boolean" and |
|
730 wt_then_else: "\<lparr>prg=G, cls=accC, lcl=L\<rparr>\<turnstile>(if the_Bool b then c1 else c2)\<Colon>\<surd>" |
|
731 by (rule wt_elim_cases) (auto split add: split_if) |
|
732 from conf_s0 wt_e |
|
733 have eval_e: "G\<turnstile>Norm s0 \<midarrow>e-\<succ>b\<rightarrow> s1" |
|
734 by (rule hyp_e) |
|
735 moreover |
|
736 from eval_e wt_e conf_s0 wf |
|
737 have "s1\<Colon>\<preceq>(G, L)" |
|
738 by (blast dest: eval_type_sound) |
|
739 from this wt_then_else |
|
740 have "G\<turnstile>s1 \<midarrow>(if the_Bool b then c1 else c2)\<rightarrow> s2" |
|
741 by (rule hyp_then_else) |
|
742 ultimately |
|
743 show ?case |
|
744 by (rule eval.If) |
|
745 next |
|
746 case (Loop b c e l n s0 s1 s2 s3 L accC T) |
|
747 have hyp_e: "PROP ?EqEval (Norm s0) s1 (In1l e) (In1 b)" . |
|
748 have conf_s0: "Norm s0\<Colon>\<preceq>(G, L)" . |
|
749 have wt: "\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>In1r (l\<bullet> While(e) c)\<Colon>T" . |
|
750 then obtain wt_e: "\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>e\<Colon>-PrimT Boolean" and |
|
751 wt_c: "\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>c\<Colon>\<surd>" |
|
752 by (rule wt_elim_cases) (blast) |
|
753 from conf_s0 wt_e |
|
754 have eval_e: "G\<turnstile>Norm s0 \<midarrow>e-\<succ>b\<rightarrow> s1" |
|
755 by (rule hyp_e) |
|
756 moreover |
|
757 from eval_e wt_e conf_s0 wf |
|
758 have conf_s1: "s1\<Colon>\<preceq>(G, L)" |
|
759 by (blast dest: eval_type_sound) |
|
760 have "if normal s1 \<and> the_Bool b |
|
761 then (G\<turnstile>s1 \<midarrow>c\<rightarrow> s2 \<and> |
|
762 G\<turnstile>(abupd (absorb (Cont l)) s2) \<midarrow>l\<bullet> While(e) c\<rightarrow> s3) |
|
763 else s3 = s1" |
|
764 proof (cases "normal s1 \<and> the_Bool b") |
|
765 case True |
|
766 from Loop True have hyp_c: "PROP ?EqEval s1 s2 (In1r c) \<diamondsuit>" |
|
767 by (auto) |
|
768 from Loop True have hyp_w: "PROP ?EqEval (abupd (absorb (Cont l)) s2) |
|
769 s3 (In1r (l\<bullet> While(e) c)) \<diamondsuit>" |
|
770 by (auto) |
|
771 from conf_s1 wt_c |
|
772 have eval_c: "G\<turnstile>s1 \<midarrow>c\<rightarrow> s2" |
|
773 by (rule hyp_c) |
|
774 moreover |
|
775 from eval_c conf_s1 wt_c wf |
|
776 have "s2\<Colon>\<preceq>(G, L)" |
|
777 by (blast dest: eval_type_sound) |
|
778 then |
|
779 have "abupd (absorb (Cont l)) s2 \<Colon>\<preceq>(G, L)" |
|
780 by (cases s2) (auto intro: conforms_absorb) |
|
781 from this and wt |
|
782 have "G\<turnstile>abupd (absorb (Cont l)) s2 \<midarrow>l\<bullet> While(e) c\<rightarrow> s3" |
|
783 by (rule hyp_w) |
|
784 moreover note True |
|
785 ultimately |
|
786 show ?thesis |
|
787 by simp |
|
788 next |
|
789 case False |
|
790 with Loop have "s3 = s1" by simp |
|
791 with False |
|
792 show ?thesis |
|
793 by auto |
|
794 qed |
|
795 ultimately |
|
796 show ?case |
|
797 by (rule eval.Loop) |
|
798 next |
|
799 case Do |
|
800 show ?case by (rule eval.Do) |
|
801 next |
|
802 case Throw |
|
803 with wf show ?case |
|
804 by - (erule wt_elim_cases, rule eval.Throw,auto dest: eval_type_sound) |
|
805 next |
|
806 case (Try c1 c2 n s0 s1 s2 s3 catchC vn L accC T) |
|
807 have hyp_c1: "PROP ?EqEval (Norm s0) s1 (In1r c1) \<diamondsuit>" . |
|
808 have conf_s0:"Norm s0\<Colon>\<preceq>(G, L)" . |
|
809 have wt:"\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile>In1r (Try c1 Catch(catchC vn) c2)\<Colon>T" . |
|
810 then obtain |
|
811 wt_c1: "\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile>c1\<Colon>\<surd>" and |
|
812 wt_c2: "\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<lparr>lcl := L(VName vn\<mapsto>Class catchC)\<rparr>\<turnstile>c2\<Colon>\<surd>" |
|
813 by (rule wt_elim_cases) (auto) |
|
814 from conf_s0 wt_c1 |
|
815 have eval_c1: "G\<turnstile>Norm s0 \<midarrow>c1\<rightarrow> s1" |
|
816 by (rule hyp_c1) |
|
817 moreover |
|
818 have sxalloc: "G\<turnstile>s1 \<midarrow>sxalloc\<rightarrow> s2" . |
|
819 moreover |
|
820 from eval_c1 wt_c1 conf_s0 wf |
|
821 have "s1\<Colon>\<preceq>(G, L)" |
|
822 by (blast dest: eval_type_sound) |
|
823 with sxalloc wf |
|
824 have conf_s2: "s2\<Colon>\<preceq>(G, L)" |
|
825 by (auto dest: sxalloc_type_sound split: option.splits) |
|
826 have "if G,s2\<turnstile>catch catchC then G\<turnstile>new_xcpt_var vn s2 \<midarrow>c2\<rightarrow> s3 else s3 = s2" |
|
827 proof (cases "G,s2\<turnstile>catch catchC") |
|
828 case True |
|
829 note Catch = this |
|
830 with Try have hyp_c2: "PROP ?EqEval (new_xcpt_var vn s2) s3 (In1r c2) \<diamondsuit>" |
|
831 by auto |
|
832 show ?thesis |
|
833 proof (cases "normal s1") |
|
834 case True |
|
835 with sxalloc wf |
|
836 have eq_s2_s1: "s2=s1" |
|
837 by (auto dest: sxalloc_type_sound split: option.splits) |
|
838 with True |
|
839 have "\<not> G,s2\<turnstile>catch catchC" |
|
840 by (simp add: catch_def) |
|
841 with Catch show ?thesis |
|
842 by (contradiction) |
|
843 next |
|
844 case False |
|
845 with sxalloc wf |
|
846 obtain a |
|
847 where xcpt_s2: "abrupt s2 = Some (Xcpt (Loc a))" |
|
848 by (auto dest!: sxalloc_type_sound split: option.splits) |
|
849 with Catch |
|
850 have "G\<turnstile>obj_ty (the (globs (store s2) (Heap a)))\<preceq>Class catchC" |
|
851 by (cases s2) simp |
|
852 with xcpt_s2 conf_s2 wf |
|
853 have "new_xcpt_var vn s2\<Colon>\<preceq>(G, L(VName vn\<mapsto>Class catchC))" |
|
854 by (auto dest: Try_lemma) |
|
855 from this wt_c2 |
|
856 have "G\<turnstile>new_xcpt_var vn s2 \<midarrow>c2\<rightarrow> s3" |
|
857 by (auto intro: hyp_c2) |
|
858 with Catch |
|
859 show ?thesis |
|
860 by simp |
|
861 qed |
|
862 next |
|
863 case False |
|
864 with Try |
|
865 have "s3=s2" |
|
866 by simp |
|
867 with False |
|
868 show ?thesis |
|
869 by simp |
|
870 qed |
|
871 ultimately |
|
872 show ?case |
|
873 by (rule eval.Try) |
|
874 next |
|
875 case Fin |
|
876 with wf show ?case |
|
877 by -(erule wt_elim_cases, blast intro!: eval.Fin |
|
878 dest: eval_type_sound intro: conforms_NormI) |
|
879 next |
|
880 case (Init C c n s0 s1 s2 s3 L accC T) |
|
881 have cls: "the (class G C) = c" . |
|
882 have conf_s0: "Norm s0\<Colon>\<preceq>(G, L)" . |
|
883 have wt: "\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>In1r (Init C)\<Colon>T" . |
|
884 with cls |
|
885 have cls_C: "class G C = Some c" |
|
886 by - (erule wt_elim_cases,auto) |
|
887 have "if inited C (globs s0) then s3 = Norm s0 |
|
888 else (G\<turnstile>Norm (init_class_obj G C s0) |
|
889 \<midarrow>(if C = Object then Skip else Init (super c))\<rightarrow> s1 \<and> |
|
890 G\<turnstile>set_lvars empty s1 \<midarrow>init c\<rightarrow> s2 \<and> s3 = restore_lvars s1 s2)" |
|
891 proof (cases "inited C (globs s0)") |
|
892 case True |
|
893 with Init have "s3 = Norm s0" |
|
894 by simp |
|
895 with True show ?thesis |
|
896 by simp |
|
897 next |
|
898 case False |
|
899 with Init |
|
900 obtain |
|
901 hyp_init_super: |
|
902 "PROP ?EqEval (Norm ((init_class_obj G C) s0)) s1 |
|
903 (In1r (if C = Object then Skip else Init (super c))) \<diamondsuit>" |
|
904 and |
|
905 hyp_init_c: |
|
906 "PROP ?EqEval ((set_lvars empty) s1) s2 (In1r (init c)) \<diamondsuit>" and |
|
907 s3: "s3 = (set_lvars (locals (store s1))) s2" |
|
908 by (simp only: if_False) |
|
909 from conf_s0 wf cls_C False |
|
910 have conf_s0': "(Norm ((init_class_obj G C) s0))\<Colon>\<preceq>(G, L)" |
|
911 by (auto dest: conforms_init_class_obj) |
|
912 moreover |
|
913 from wf cls_C |
|
914 have wt_init_super: |
|
915 "\<lparr>prg = G, cls = accC, lcl = L\<rparr> |
|
916 \<turnstile>(if C = Object then Skip else Init (super c))\<Colon>\<surd>" |
|
917 by (cases "C=Object") |
|
918 (auto dest: wf_prog_cdecl wf_cdecl_supD is_acc_classD) |
|
919 ultimately |
|
920 have eval_init_super: |
|
921 "G\<turnstile>Norm ((init_class_obj G C) s0) |
|
922 \<midarrow>(if C = Object then Skip else Init (super c))\<rightarrow> s1" |
|
923 by (rule hyp_init_super) |
|
924 with conf_s0' wt_init_super wf |
|
925 have "s1\<Colon>\<preceq>(G, L)" |
|
926 by (blast dest: eval_type_sound) |
|
927 then |
|
928 have "(set_lvars empty) s1\<Colon>\<preceq>(G, empty)" |
|
929 by (cases s1) (auto dest: conforms_set_locals ) |
|
930 with wf cls_C |
|
931 have eval_init_c: "G\<turnstile>(set_lvars empty) s1 \<midarrow>init c\<rightarrow> s2" |
|
932 by (auto intro!: hyp_init_c dest: wf_prog_cdecl wf_cdecl_wt_init) |
|
933 from False eval_init_super eval_init_c s3 |
|
934 show ?thesis |
|
935 by simp |
|
936 qed |
|
937 from cls this |
|
938 show ?case |
|
939 by (rule eval.Init) |
|
940 qed |
|
941 qed |
|
942 |
|
943 lemma Suc_le_D_lemma: "\<lbrakk>Suc n <= m'; (\<And>m. n <= m \<Longrightarrow> P (Suc m)) \<rbrakk> \<Longrightarrow> P m'" |
|
944 apply (frule Suc_le_D) |
|
945 apply fast |
|
946 done |
|
947 |
|
948 lemma evaln_nonstrict [rule_format (no_asm), elim]: |
|
949 "\<And>ws. G\<turnstile>s \<midarrow>t\<succ>\<midarrow>n\<rightarrow> ws \<Longrightarrow> \<forall>m. n\<le>m \<longrightarrow> G\<turnstile>s \<midarrow>t\<succ>\<midarrow>m\<rightarrow> ws" |
|
950 apply (simp (no_asm_simp) only: split_tupled_all) |
|
951 apply (erule evaln.induct) |
|
952 apply (tactic {* ALLGOALS (EVERY'[strip_tac, TRY o etac (thm "Suc_le_D_lemma"), |
|
953 REPEAT o smp_tac 1, |
|
954 resolve_tac (thms "evaln.intros") THEN_ALL_NEW TRY o atac]) *}) |
|
955 (* 3 subgoals *) |
|
956 apply (auto split del: split_if) |
|
957 done |
|
958 |
|
959 lemmas evaln_nonstrict_Suc = evaln_nonstrict [OF _ le_refl [THEN le_SucI]] |
|
960 |
|
961 lemma evaln_max2: "\<lbrakk>G\<turnstile>s1 \<midarrow>t1\<succ>\<midarrow>n1\<rightarrow> ws1; G\<turnstile>s2 \<midarrow>t2\<succ>\<midarrow>n2\<rightarrow> ws2\<rbrakk> \<Longrightarrow> |
|
962 G\<turnstile>s1 \<midarrow>t1\<succ>\<midarrow>max n1 n2\<rightarrow> ws1 \<and> G\<turnstile>s2 \<midarrow>t2\<succ>\<midarrow>max n1 n2\<rightarrow> ws2" |
|
963 apply (fast intro: le_maxI1 le_maxI2) |
|
964 done |
|
965 |
|
966 lemma evaln_max3: |
|
967 "\<lbrakk>G\<turnstile>s1 \<midarrow>t1\<succ>\<midarrow>n1\<rightarrow> ws1; G\<turnstile>s2 \<midarrow>t2\<succ>\<midarrow>n2\<rightarrow> ws2; G\<turnstile>s3 \<midarrow>t3\<succ>\<midarrow>n3\<rightarrow> ws3\<rbrakk> \<Longrightarrow> |
|
968 G\<turnstile>s1 \<midarrow>t1\<succ>\<midarrow>max (max n1 n2) n3\<rightarrow> ws1 \<and> |
|
969 G\<turnstile>s2 \<midarrow>t2\<succ>\<midarrow>max (max n1 n2) n3\<rightarrow> ws2 \<and> |
|
970 G\<turnstile>s3 \<midarrow>t3\<succ>\<midarrow>max (max n1 n2) n3\<rightarrow> ws3" |
|
971 apply (drule (1) evaln_max2, erule thin_rl) |
|
972 apply (fast intro!: le_maxI1 le_maxI2) |
|
973 done |
|
974 |
|
975 lemma le_max3I1: "(n2::nat) \<le> max n1 (max n2 n3)" |
|
976 proof - |
|
977 have "n2 \<le> max n2 n3" |
|
978 by (rule le_maxI1) |
|
979 also |
|
980 have "max n2 n3 \<le> max n1 (max n2 n3)" |
|
981 by (rule le_maxI2) |
|
982 finally |
|
983 show ?thesis . |
|
984 qed |
|
985 |
|
986 lemma le_max3I2: "(n3::nat) \<le> max n1 (max n2 n3)" |
|
987 proof - |
|
988 have "n3 \<le> max n2 n3" |
|
989 by (rule le_maxI2) |
|
990 also |
|
991 have "max n2 n3 \<le> max n1 (max n2 n3)" |
|
992 by (rule le_maxI2) |
|
993 finally |
|
994 show ?thesis . |
|
995 qed |
|
996 |
|
997 |
|
998 lemma eval_evaln: |
|
999 (assumes eval: "G\<turnstile>s0 \<midarrow>t\<succ>\<rightarrow> (v,s1)" and |
|
1000 wt: "\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile>t\<Colon>T" and |
|
1001 conf_s0: "s0\<Colon>\<preceq>(G, L)" and |
|
1002 wf: "wf_prog G" |
|
1003 ) "\<exists>n. G\<turnstile>s0 \<midarrow>t\<succ>\<midarrow>n\<rightarrow> (v,s1)" |
|
1004 proof - |
|
1005 from eval |
|
1006 show "\<And> L accC T. \<lbrakk>s0\<Colon>\<preceq>(G, L);\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile>t\<Colon>T\<rbrakk> |
|
1007 \<Longrightarrow> \<exists> n. G\<turnstile>s0 \<midarrow>t\<succ>\<midarrow>n\<rightarrow> (v,s1)" |
|
1008 (is "PROP ?EqEval s0 s1 t v") |
|
1009 proof (induct) |
|
1010 case (Abrupt s t xc L accC T) |
|
1011 obtain n where |
|
1012 "G\<turnstile>(Some xc, s) \<midarrow>t\<succ>\<midarrow>n\<rightarrow> (arbitrary3 t, Some xc, s)" |
|
1013 by (rules intro: evaln.Abrupt) |
|
1014 then show ?case .. |
|
1015 next |
|
1016 case Skip |
|
1017 show ?case by (blast intro: evaln.Skip) |
|
1018 next |
|
1019 case (Expr e s0 s1 v L accC T) |
|
1020 then obtain n where |
|
1021 "G\<turnstile>Norm s0 \<midarrow>e-\<succ>v\<midarrow>n\<rightarrow> s1" |
|
1022 by (rules elim!: wt_elim_cases) |
|
1023 then have "G\<turnstile>Norm s0 \<midarrow>Expr e\<midarrow>n\<rightarrow> s1" |
|
1024 by (rule evaln.Expr) |
|
1025 then show ?case .. |
|
1026 next |
|
1027 case (Lab c l s0 s1 L accC T) |
|
1028 then obtain n where |
|
1029 "G\<turnstile>Norm s0 \<midarrow>c\<midarrow>n\<rightarrow> s1" |
|
1030 by (rules elim!: wt_elim_cases) |
|
1031 then have "G\<turnstile>Norm s0 \<midarrow>l\<bullet> c\<midarrow>n\<rightarrow> abupd (absorb (Break l)) s1" |
|
1032 by (rule evaln.Lab) |
|
1033 then show ?case .. |
|
1034 next |
|
1035 case (Comp c1 c2 s0 s1 s2 L accC T) |
|
1036 with wf obtain n1 n2 where |
|
1037 "G\<turnstile>Norm s0 \<midarrow>c1\<midarrow>n1\<rightarrow> s1" |
|
1038 "G\<turnstile>s1 \<midarrow>c2\<midarrow>n2\<rightarrow> s2" |
|
1039 by (blast elim!: wt_elim_cases dest: eval_type_sound) |
|
1040 then have "G\<turnstile>Norm s0 \<midarrow>c1;; c2\<midarrow>max n1 n2\<rightarrow> s2" |
|
1041 by (blast intro: evaln.Comp dest: evaln_max2 ) |
|
1042 then show ?case .. |
|
1043 next |
|
1044 case (If b c1 c2 e s0 s1 s2 L accC T) |
|
1045 with wf obtain |
|
1046 "\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>e\<Colon>-PrimT Boolean" |
|
1047 "\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>(if the_Bool b then c1 else c2)\<Colon>\<surd>" |
|
1048 by (cases "the_Bool b") (auto elim!: wt_elim_cases) |
|
1049 with If wf obtain n1 n2 where |
|
1050 "G\<turnstile>Norm s0 \<midarrow>e-\<succ>b\<midarrow>n1\<rightarrow> s1" |
|
1051 "G\<turnstile>s1 \<midarrow>(if the_Bool b then c1 else c2)\<midarrow>n2\<rightarrow> s2" |
|
1052 by (blast dest: eval_type_sound) |
|
1053 then have "G\<turnstile>Norm s0 \<midarrow>If(e) c1 Else c2\<midarrow>max n1 n2\<rightarrow> s2" |
|
1054 by (blast intro: evaln.If dest: evaln_max2) |
|
1055 then show ?case .. |
|
1056 next |
|
1057 case (Loop b c e l s0 s1 s2 s3 L accC T) |
|
1058 have eval_e: "G\<turnstile>Norm s0 \<midarrow>e-\<succ>b\<rightarrow> s1" . |
|
1059 have hyp_e: "PROP ?EqEval (Norm s0) s1 (In1l e) (In1 b)" . |
|
1060 have conf_s0: "Norm s0\<Colon>\<preceq>(G, L)" . |
|
1061 have wt: "\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>In1r (l\<bullet> While(e) c)\<Colon>T" . |
|
1062 then obtain wt_e: "\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>e\<Colon>-PrimT Boolean" and |
|
1063 wt_c: "\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>c\<Colon>\<surd>" |
|
1064 by (rule wt_elim_cases) (blast) |
|
1065 from conf_s0 wt_e |
|
1066 obtain n1 where |
|
1067 "G\<turnstile>Norm s0 \<midarrow>e-\<succ>b\<midarrow>n1\<rightarrow> s1" |
|
1068 by (rules dest: hyp_e) |
|
1069 moreover |
|
1070 from eval_e wt_e conf_s0 wf |
|
1071 have conf_s1: "s1\<Colon>\<preceq>(G, L)" |
|
1072 by (rules dest: eval_type_sound) |
|
1073 obtain n2 where |
|
1074 "if normal s1 \<and> the_Bool b |
|
1075 then (G\<turnstile>s1 \<midarrow>c\<midarrow>n2\<rightarrow> s2 \<and> |
|
1076 G\<turnstile>(abupd (absorb (Cont l)) s2)\<midarrow>l\<bullet> While(e) c\<midarrow>n2\<rightarrow> s3) |
|
1077 else s3 = s1" |
|
1078 proof (cases "normal s1 \<and> the_Bool b") |
|
1079 case True |
|
1080 from Loop True have hyp_c: "PROP ?EqEval s1 s2 (In1r c) \<diamondsuit>" |
|
1081 by (auto) |
|
1082 from Loop True have hyp_w: "PROP ?EqEval (abupd (absorb (Cont l)) s2) |
|
1083 s3 (In1r (l\<bullet> While(e) c)) \<diamondsuit>" |
|
1084 by (auto) |
|
1085 from Loop True have eval_c: "G\<turnstile>s1 \<midarrow>c\<rightarrow> s2" |
|
1086 by simp |
|
1087 from conf_s1 wt_c |
|
1088 obtain m1 where |
|
1089 evaln_c: "G\<turnstile>s1 \<midarrow>c\<midarrow>m1\<rightarrow> s2" |
|
1090 by (rules dest: hyp_c) |
|
1091 moreover |
|
1092 from eval_c conf_s1 wt_c wf |
|
1093 have "s2\<Colon>\<preceq>(G, L)" |
|
1094 by (rules dest: eval_type_sound) |
|
1095 then |
|
1096 have "abupd (absorb (Cont l)) s2 \<Colon>\<preceq>(G, L)" |
|
1097 by (cases s2) (auto intro: conforms_absorb) |
|
1098 from this and wt |
|
1099 obtain m2 where |
|
1100 "G\<turnstile>abupd (absorb (Cont l)) s2 \<midarrow>l\<bullet> While(e) c\<midarrow>m2\<rightarrow> s3" |
|
1101 by (blast dest: hyp_w) |
|
1102 moreover note True and that |
|
1103 ultimately show ?thesis |
|
1104 by simp (rules intro: evaln_nonstrict le_maxI1 le_maxI2) |
|
1105 next |
|
1106 case False |
|
1107 with Loop have "s3 = s1" |
|
1108 by simp |
|
1109 with False that |
|
1110 show ?thesis |
|
1111 by auto |
|
1112 qed |
|
1113 ultimately |
|
1114 have "G\<turnstile>Norm s0 \<midarrow>l\<bullet> While(e) c\<midarrow>max n1 n2\<rightarrow> s3" |
|
1115 apply - |
|
1116 apply (rule evaln.Loop) |
|
1117 apply (rules intro: evaln_nonstrict intro: le_maxI1) |
|
1118 |
|
1119 apply (auto intro: evaln_nonstrict intro: le_maxI2) |
|
1120 done |
|
1121 then show ?case .. |
|
1122 next |
|
1123 case (Do j s L accC T) |
|
1124 have "G\<turnstile>Norm s \<midarrow>Do j\<midarrow>n\<rightarrow> (Some (Jump j), s)" |
|
1125 by (rule evaln.Do) |
|
1126 then show ?case .. |
|
1127 next |
|
1128 case (Throw a e s0 s1 L accC T) |
|
1129 then obtain n where |
|
1130 "G\<turnstile>Norm s0 \<midarrow>e-\<succ>a\<midarrow>n\<rightarrow> s1" |
|
1131 by (rules elim!: wt_elim_cases) |
|
1132 then have "G\<turnstile>Norm s0 \<midarrow>Throw e\<midarrow>n\<rightarrow> abupd (throw a) s1" |
|
1133 by (rule evaln.Throw) |
|
1134 then show ?case .. |
|
1135 next |
|
1136 case (Try catchC c1 c2 s0 s1 s2 s3 vn L accC T) |
|
1137 have hyp_c1: "PROP ?EqEval (Norm s0) s1 (In1r c1) \<diamondsuit>" . |
|
1138 have eval_c1: "G\<turnstile>Norm s0 \<midarrow>c1\<rightarrow> s1" . |
|
1139 have conf_s0: "Norm s0\<Colon>\<preceq>(G, L)" . |
|
1140 have wt: "\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile>In1r (Try c1 Catch(catchC vn) c2)\<Colon>T" . |
|
1141 then obtain |
|
1142 wt_c1: "\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile>c1\<Colon>\<surd>" and |
|
1143 wt_c2: "\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<lparr>lcl := L(VName vn\<mapsto>Class catchC)\<rparr>\<turnstile>c2\<Colon>\<surd>" |
|
1144 by (rule wt_elim_cases) (auto) |
|
1145 from conf_s0 wt_c1 |
|
1146 obtain n1 where |
|
1147 "G\<turnstile>Norm s0 \<midarrow>c1\<midarrow>n1\<rightarrow> s1" |
|
1148 by (blast dest: hyp_c1) |
|
1149 moreover |
|
1150 have sxalloc: "G\<turnstile>s1 \<midarrow>sxalloc\<rightarrow> s2" . |
|
1151 moreover |
|
1152 from eval_c1 wt_c1 conf_s0 wf |
|
1153 have "s1\<Colon>\<preceq>(G, L)" |
|
1154 by (blast dest: eval_type_sound) |
|
1155 with sxalloc wf |
|
1156 have conf_s2: "s2\<Colon>\<preceq>(G, L)" |
|
1157 by (auto dest: sxalloc_type_sound split: option.splits) |
|
1158 obtain n2 where |
|
1159 "if G,s2\<turnstile>catch catchC then G\<turnstile>new_xcpt_var vn s2 \<midarrow>c2\<midarrow>n2\<rightarrow> s3 else s3 = s2" |
|
1160 proof (cases "G,s2\<turnstile>catch catchC") |
|
1161 case True |
|
1162 note Catch = this |
|
1163 with Try have hyp_c2: "PROP ?EqEval (new_xcpt_var vn s2) s3 (In1r c2) \<diamondsuit>" |
|
1164 by auto |
|
1165 show ?thesis |
|
1166 proof (cases "normal s1") |
|
1167 case True |
|
1168 with sxalloc wf |
|
1169 have eq_s2_s1: "s2=s1" |
|
1170 by (auto dest: sxalloc_type_sound split: option.splits) |
|
1171 with True |
|
1172 have "\<not> G,s2\<turnstile>catch catchC" |
|
1173 by (simp add: catch_def) |
|
1174 with Catch show ?thesis |
|
1175 by (contradiction) |
|
1176 next |
|
1177 case False |
|
1178 with sxalloc wf |
|
1179 obtain a |
|
1180 where xcpt_s2: "abrupt s2 = Some (Xcpt (Loc a))" |
|
1181 by (auto dest!: sxalloc_type_sound split: option.splits) |
|
1182 with Catch |
|
1183 have "G\<turnstile>obj_ty (the (globs (store s2) (Heap a)))\<preceq>Class catchC" |
|
1184 by (cases s2) simp |
|
1185 with xcpt_s2 conf_s2 wf |
|
1186 have "new_xcpt_var vn s2\<Colon>\<preceq>(G, L(VName vn\<mapsto>Class catchC))" |
|
1187 by (auto dest: Try_lemma) |
|
1188 (* FIXME extract lemma for this conformance, also usefull for |
|
1189 eval_type_sound and evaln_eval *) |
|
1190 from this wt_c2 |
|
1191 obtain m where "G\<turnstile>new_xcpt_var vn s2 \<midarrow>c2\<midarrow>m\<rightarrow> s3" |
|
1192 by (auto dest: hyp_c2) |
|
1193 with True that |
|
1194 show ?thesis |
|
1195 by simp |
|
1196 qed |
|
1197 next |
|
1198 case False |
|
1199 with Try |
|
1200 have "s3=s2" |
|
1201 by simp |
|
1202 with False and that |
|
1203 show ?thesis |
|
1204 by simp |
|
1205 qed |
|
1206 ultimately |
|
1207 have "G\<turnstile>Norm s0 \<midarrow>Try c1 Catch(catchC vn) c2\<midarrow>max n1 n2\<rightarrow> s3" |
|
1208 by (auto intro!: evaln.Try le_maxI1 le_maxI2) |
|
1209 then show ?case .. |
|
1210 next |
|
1211 case (Fin c1 c2 s0 s1 s2 x1 L accC T) |
|
1212 with wf obtain n1 n2 where |
|
1213 "G\<turnstile>Norm s0 \<midarrow>c1\<midarrow>n1\<rightarrow> (x1, s1)" |
|
1214 "G\<turnstile>Norm s1 \<midarrow>c2\<midarrow>n2\<rightarrow> s2" |
|
1215 by (blast elim!: wt_elim_cases |
|
1216 dest: eval_type_sound intro: conforms_NormI) |
|
1217 then have |
|
1218 "G\<turnstile>Norm s0 \<midarrow>c1 Finally c2\<midarrow>max n1 n2\<rightarrow> abupd (abrupt_if (x1 \<noteq> None) x1) s2" |
|
1219 by (blast intro: evaln.Fin dest: evaln_max2) |
|
1220 then show ?case .. |
|
1221 next |
|
1222 case (Init C c s0 s1 s2 s3 L accC T) |
|
1223 have cls: "the (class G C) = c" . |
|
1224 have conf_s0: "Norm s0\<Colon>\<preceq>(G, L)" . |
|
1225 have wt: "\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>In1r (Init C)\<Colon>T" . |
|
1226 with cls |
|
1227 have cls_C: "class G C = Some c" |
|
1228 by - (erule wt_elim_cases,auto) |
|
1229 obtain n where |
|
1230 "if inited C (globs s0) then s3 = Norm s0 |
|
1231 else (G\<turnstile>Norm (init_class_obj G C s0) |
|
1232 \<midarrow>(if C = Object then Skip else Init (super c))\<midarrow>n\<rightarrow> s1 \<and> |
|
1233 G\<turnstile>set_lvars empty s1 \<midarrow>init c\<midarrow>n\<rightarrow> s2 \<and> |
|
1234 s3 = restore_lvars s1 s2)" |
|
1235 proof (cases "inited C (globs s0)") |
|
1236 case True |
|
1237 with Init have "s3 = Norm s0" |
|
1238 by simp |
|
1239 with True that show ?thesis |
|
1240 by simp |
|
1241 next |
|
1242 case False |
|
1243 with Init |
|
1244 obtain |
|
1245 hyp_init_super: |
|
1246 "PROP ?EqEval (Norm ((init_class_obj G C) s0)) s1 |
|
1247 (In1r (if C = Object then Skip else Init (super c))) \<diamondsuit>" |
|
1248 and |
|
1249 hyp_init_c: |
|
1250 "PROP ?EqEval ((set_lvars empty) s1) s2 (In1r (init c)) \<diamondsuit>" and |
|
1251 s3: "s3 = (set_lvars (locals (store s1))) s2" and |
|
1252 eval_init_super: |
|
1253 "G\<turnstile>Norm ((init_class_obj G C) s0) |
|
1254 \<midarrow>(if C = Object then Skip else Init (super c))\<rightarrow> s1" |
|
1255 by (simp only: if_False) |
|
1256 from conf_s0 wf cls_C False |
|
1257 have conf_s0': "(Norm ((init_class_obj G C) s0))\<Colon>\<preceq>(G, L)" |
|
1258 by (auto dest: conforms_init_class_obj) |
|
1259 moreover |
|
1260 from wf cls_C |
|
1261 have wt_init_super: |
|
1262 "\<lparr>prg = G, cls = accC, lcl = L\<rparr> |
|
1263 \<turnstile>(if C = Object then Skip else Init (super c))\<Colon>\<surd>" |
|
1264 by (cases "C=Object") |
|
1265 (auto dest: wf_prog_cdecl wf_cdecl_supD is_acc_classD) |
|
1266 ultimately |
|
1267 obtain m1 where |
|
1268 "G\<turnstile>Norm ((init_class_obj G C) s0) |
|
1269 \<midarrow>(if C = Object then Skip else Init (super c))\<midarrow>m1\<rightarrow> s1" |
|
1270 by (rules dest: hyp_init_super) |
|
1271 moreover |
|
1272 from eval_init_super conf_s0' wt_init_super wf |
|
1273 have "s1\<Colon>\<preceq>(G, L)" |
|
1274 by (rules dest: eval_type_sound) |
|
1275 then |
|
1276 have "(set_lvars empty) s1\<Colon>\<preceq>(G, empty)" |
|
1277 by (cases s1) (auto dest: conforms_set_locals ) |
|
1278 with wf cls_C |
|
1279 obtain m2 where |
|
1280 "G\<turnstile>(set_lvars empty) s1 \<midarrow>init c\<midarrow>m2\<rightarrow> s2" |
|
1281 by (blast dest!: hyp_init_c |
|
1282 dest: wf_prog_cdecl intro!: wf_cdecl_wt_init) |
|
1283 moreover note s3 and False and that |
|
1284 ultimately show ?thesis |
|
1285 by simp (rules intro: evaln_nonstrict le_maxI1 le_maxI2) |
|
1286 qed |
|
1287 from cls this have "G\<turnstile>Norm s0 \<midarrow>Init C\<midarrow>n\<rightarrow> s3" |
|
1288 by (rule evaln.Init) |
|
1289 then show ?case .. |
|
1290 next |
|
1291 case (NewC C a s0 s1 s2 L accC T) |
|
1292 with wf obtain n where |
|
1293 "G\<turnstile>Norm s0 \<midarrow>Init C\<midarrow>n\<rightarrow> s1" |
|
1294 by (blast elim!: wt_elim_cases dest: is_acc_classD) |
|
1295 with NewC |
|
1296 have "G\<turnstile>Norm s0 \<midarrow>NewC C-\<succ>Addr a\<midarrow>n\<rightarrow> s2" |
|
1297 by (rules intro: evaln.NewC) |
|
1298 then show ?case .. |
|
1299 next |
|
1300 case (NewA T a e i s0 s1 s2 s3 L accC Ta) |
|
1301 hence "\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>init_comp_ty T\<Colon>\<surd>" |
|
1302 by (auto elim!: wt_elim_cases |
|
1303 intro!: wt_init_comp_ty dest: is_acc_typeD) |
|
1304 with NewA wf obtain n1 n2 where |
|
1305 "G\<turnstile>Norm s0 \<midarrow>init_comp_ty T\<midarrow>n1\<rightarrow> s1" |
|
1306 "G\<turnstile>s1 \<midarrow>e-\<succ>i\<midarrow>n2\<rightarrow> s2" |
|
1307 by (blast elim!: wt_elim_cases dest: eval_type_sound) |
|
1308 moreover |
|
1309 have "G\<turnstile>abupd (check_neg i) s2 \<midarrow>halloc Arr T (the_Intg i)\<succ>a\<rightarrow> s3" . |
|
1310 ultimately |
|
1311 have "G\<turnstile>Norm s0 \<midarrow>New T[e]-\<succ>Addr a\<midarrow>max n1 n2\<rightarrow> s3" |
|
1312 by (blast intro: evaln.NewA dest: evaln_max2) |
|
1313 then show ?case .. |
|
1314 next |
|
1315 case (Cast castT e s0 s1 s2 v L accC T) |
|
1316 with wf obtain n where |
|
1317 "G\<turnstile>Norm s0 \<midarrow>e-\<succ>v\<midarrow>n\<rightarrow> s1" |
|
1318 by (rules elim!: wt_elim_cases) |
|
1319 moreover |
|
1320 have "s2 = abupd (raise_if (\<not> G,snd s1\<turnstile>v fits castT) ClassCast) s1" . |
|
1321 ultimately |
|
1322 have "G\<turnstile>Norm s0 \<midarrow>Cast castT e-\<succ>v\<midarrow>n\<rightarrow> s2" |
|
1323 by (rule evaln.Cast) |
|
1324 then show ?case .. |
|
1325 next |
|
1326 case (Inst T b e s0 s1 v L accC T') |
|
1327 with wf obtain n where |
|
1328 "G\<turnstile>Norm s0 \<midarrow>e-\<succ>v\<midarrow>n\<rightarrow> s1" |
|
1329 by (rules elim!: wt_elim_cases) |
|
1330 moreover |
|
1331 have "b = (v \<noteq> Null \<and> G,snd s1\<turnstile>v fits RefT T)" . |
|
1332 ultimately |
|
1333 have "G\<turnstile>Norm s0 \<midarrow>e InstOf T-\<succ>Bool b\<midarrow>n\<rightarrow> s1" |
|
1334 by (rule evaln.Inst) |
|
1335 then show ?case .. |
|
1336 next |
|
1337 case (Lit s v L accC T) |
|
1338 have "G\<turnstile>Norm s \<midarrow>Lit v-\<succ>v\<midarrow>n\<rightarrow> Norm s" |
|
1339 by (rule evaln.Lit) |
|
1340 then show ?case .. |
|
1341 next |
|
1342 case (Super s L accC T) |
|
1343 have "G\<turnstile>Norm s \<midarrow>Super-\<succ>val_this s\<midarrow>n\<rightarrow> Norm s" |
|
1344 by (rule evaln.Super) |
|
1345 then show ?case .. |
|
1346 next |
|
1347 case (Acc f s0 s1 v va L accC T) |
|
1348 with wf obtain n where |
|
1349 "G\<turnstile>Norm s0 \<midarrow>va=\<succ>(v, f)\<midarrow>n\<rightarrow> s1" |
|
1350 by (rules elim!: wt_elim_cases) |
|
1351 then |
|
1352 have "G\<turnstile>Norm s0 \<midarrow>Acc va-\<succ>v\<midarrow>n\<rightarrow> s1" |
|
1353 by (rule evaln.Acc) |
|
1354 then show ?case .. |
|
1355 next |
|
1356 case (Ass e f s0 s1 s2 v var w L accC T) |
|
1357 with wf obtain n1 n2 where |
|
1358 "G\<turnstile>Norm s0 \<midarrow>var=\<succ>(w, f)\<midarrow>n1\<rightarrow> s1" |
|
1359 "G\<turnstile>s1 \<midarrow>e-\<succ>v\<midarrow>n2\<rightarrow> s2" |
|
1360 by (blast elim!: wt_elim_cases dest: eval_type_sound) |
|
1361 then |
|
1362 have "G\<turnstile>Norm s0 \<midarrow>var:=e-\<succ>v\<midarrow>max n1 n2\<rightarrow> assign f v s2" |
|
1363 by (blast intro: evaln.Ass dest: evaln_max2) |
|
1364 then show ?case .. |
|
1365 next |
|
1366 case (Cond b e0 e1 e2 s0 s1 s2 v L accC T) |
|
1367 have hyp_e0: "PROP ?EqEval (Norm s0) s1 (In1l e0) (In1 b)" . |
|
1368 have hyp_if: "PROP ?EqEval s1 s2 |
|
1369 (In1l (if the_Bool b then e1 else e2)) (In1 v)" . |
|
1370 have conf_s0: "Norm s0\<Colon>\<preceq>(G, L)" . |
|
1371 have wt: "\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>In1l (e0 ? e1 : e2)\<Colon>T" . |
|
1372 then obtain T1 T2 statT where |
|
1373 wt_e0: "\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>e0\<Colon>-PrimT Boolean" and |
|
1374 wt_e1: "\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>e1\<Colon>-T1" and |
|
1375 wt_e2: "\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>e2\<Colon>-T2" and |
|
1376 statT: "G\<turnstile>T1\<preceq>T2 \<and> statT = T2 \<or> G\<turnstile>T2\<preceq>T1 \<and> statT = T1" and |
|
1377 T : "T=Inl statT" |
|
1378 by (rule wt_elim_cases) auto |
|
1379 have eval_e0: "G\<turnstile>Norm s0 \<midarrow>e0-\<succ>b\<rightarrow> s1" . |
|
1380 from conf_s0 wt_e0 |
|
1381 obtain n1 where |
|
1382 "G\<turnstile>Norm s0 \<midarrow>e0-\<succ>b\<midarrow>n1\<rightarrow> s1" |
|
1383 by (rules dest: hyp_e0) |
|
1384 moreover |
|
1385 from eval_e0 conf_s0 wf wt_e0 |
|
1386 have "s1\<Colon>\<preceq>(G, L)" |
|
1387 by (blast dest: eval_type_sound) |
|
1388 with wt_e1 wt_e2 statT hyp_if obtain n2 where |
|
1389 "G\<turnstile>s1 \<midarrow>(if the_Bool b then e1 else e2)-\<succ>v\<midarrow>n2\<rightarrow> s2" |
|
1390 by (cases "the_Bool b") force+ |
|
1391 ultimately |
|
1392 have "G\<turnstile>Norm s0 \<midarrow>e0 ? e1 : e2-\<succ>v\<midarrow>max n1 n2\<rightarrow> s2" |
|
1393 by (blast intro: evaln.Cond dest: evaln_max2) |
|
1394 then show ?case .. |
|
1395 next |
|
1396 case (Call invDeclC a' accC' args e mn mode pTs' s0 s1 s2 s3 s3' s4 statT |
|
1397 v vs L accC T) |
|
1398 (* Repeats large parts of the type soundness proof. One should factor |
|
1399 out some lemmata about the relations and conformance of s2, s3 and s3'*) |
|
1400 have eval_e: "G\<turnstile>Norm s0 \<midarrow>e-\<succ>a'\<rightarrow> s1" . |
|
1401 have eval_args: "G\<turnstile>s1 \<midarrow>args\<doteq>\<succ>vs\<rightarrow> s2" . |
|
1402 have invDeclC: "invDeclC |
|
1403 = invocation_declclass G mode (store s2) a' statT |
|
1404 \<lparr>name = mn, parTs = pTs'\<rparr>" . |
|
1405 have |
|
1406 init_lvars: "s3 = |
|
1407 init_lvars G invDeclC \<lparr>name = mn, parTs = pTs'\<rparr> mode a' vs s2" . |
|
1408 have |
|
1409 check: "s3' = |
|
1410 check_method_access G accC' statT mode \<lparr>name = mn, parTs = pTs'\<rparr> a' s3" . |
|
1411 have eval_methd: |
|
1412 "G\<turnstile>s3' \<midarrow>Methd invDeclC \<lparr>name = mn, parTs = pTs'\<rparr>-\<succ>v\<rightarrow> s4" . |
|
1413 have hyp_e: "PROP ?EqEval (Norm s0) s1 (In1l e) (In1 a')" . |
|
1414 have hyp_args: "PROP ?EqEval s1 s2 (In3 args) (In3 vs)" . |
|
1415 have hyp_methd: "PROP ?EqEval s3' s4 |
|
1416 (In1l (Methd invDeclC \<lparr>name = mn, parTs = pTs'\<rparr>)) (In1 v)". |
|
1417 have conf_s0: "Norm s0\<Colon>\<preceq>(G, L)" . |
|
1418 have wt: "\<lparr>prg=G, cls=accC, lcl=L\<rparr> |
|
1419 \<turnstile>In1l ({accC',statT,mode}e\<cdot>mn( {pTs'}args))\<Colon>T" . |
|
1420 from wt obtain pTs statDeclT statM where |
|
1421 wt_e: "\<lparr>prg=G, cls=accC, lcl=L\<rparr>\<turnstile>e\<Colon>-RefT statT" and |
|
1422 wt_args: "\<lparr>prg=G, cls=accC, lcl=L\<rparr>\<turnstile>args\<Colon>\<doteq>pTs" and |
|
1423 statM: "max_spec G accC statT \<lparr>name=mn,parTs=pTs\<rparr> |
|
1424 = {((statDeclT,statM),pTs')}" and |
|
1425 mode: "mode = invmode statM e" and |
|
1426 T: "T =Inl (resTy statM)" and |
|
1427 eq_accC_accC': "accC=accC'" |
|
1428 by (rule wt_elim_cases) auto |
|
1429 from conf_s0 wt_e |
|
1430 obtain n1 where |
|
1431 evaln_e: "G\<turnstile>Norm s0 \<midarrow>e-\<succ>a'\<midarrow>n1\<rightarrow> s1" |
|
1432 by (rules dest: hyp_e) |
|
1433 from wf eval_e conf_s0 wt_e |
|
1434 obtain conf_s1: "s1\<Colon>\<preceq>(G, L)" and |
|
1435 conf_a': "normal s1 \<Longrightarrow> G, store s1\<turnstile>a'\<Colon>\<preceq>RefT statT" |
|
1436 by (auto dest!: eval_type_sound) |
|
1437 from conf_s1 wt_args |
|
1438 obtain n2 where |
|
1439 evaln_args: "G\<turnstile>s1 \<midarrow>args\<doteq>\<succ>vs\<midarrow>n2\<rightarrow> s2" |
|
1440 by (blast dest: hyp_args) |
|
1441 from wt_args conf_s1 eval_args wf |
|
1442 obtain conf_s2: "s2\<Colon>\<preceq>(G, L)" and |
|
1443 conf_args: "normal s2 |
|
1444 \<Longrightarrow> list_all2 (conf G (store s2)) vs pTs" |
|
1445 by (auto dest!: eval_type_sound) |
|
1446 from statM |
|
1447 obtain |
|
1448 statM': "(statDeclT,statM)\<in>mheads G accC statT \<lparr>name=mn,parTs=pTs'\<rparr>" and |
|
1449 pTs_widen: "G\<turnstile>pTs[\<preceq>]pTs'" |
|
1450 by (blast dest: max_spec2mheads) |
|
1451 from check |
|
1452 have eq_store_s3'_s3: "store s3'=store s3" |
|
1453 by (cases s3) (simp add: check_method_access_def Let_def) |
|
1454 obtain invC |
|
1455 where invC: "invC = invocation_class mode (store s2) a' statT" |
|
1456 by simp |
|
1457 with init_lvars |
|
1458 have invC': "invC = (invocation_class mode (store s3) a' statT)" |
|
1459 by (cases s2,cases mode) (auto simp add: init_lvars_def2 ) |
|
1460 obtain n3 where |
|
1461 "G\<turnstile>Norm s0 \<midarrow>{accC',statT,mode}e\<cdot>mn( {pTs'}args)-\<succ>v\<midarrow>n3\<rightarrow> |
|
1462 (set_lvars (locals (store s2))) s4" |
|
1463 proof (cases "normal s2") |
|
1464 case False |
|
1465 with init_lvars |
|
1466 obtain keep_abrupt: "abrupt s3 = abrupt s2" and |
|
1467 "store s3 = store (init_lvars G invDeclC \<lparr>name = mn, parTs = pTs'\<rparr> |
|
1468 mode a' vs s2)" |
|
1469 by (auto simp add: init_lvars_def2) |
|
1470 moreover |
|
1471 from keep_abrupt False check |
|
1472 have eq_s3'_s3: "s3'=s3" |
|
1473 by (auto simp add: check_method_access_def Let_def) |
|
1474 moreover |
|
1475 from eq_s3'_s3 False keep_abrupt eval_methd init_lvars |
|
1476 obtain "s4=s3'" |
|
1477 "In1 v=arbitrary3 (In1l (Methd invDeclC \<lparr>name = mn, parTs = pTs'\<rparr>))" |
|
1478 by auto |
|
1479 moreover note False evaln.Abrupt |
|
1480 ultimately obtain m where |
|
1481 "G\<turnstile>s3' \<midarrow>Methd invDeclC \<lparr>name = mn, parTs = pTs'\<rparr>-\<succ>v\<midarrow>m\<rightarrow> s4" |
|
1482 by force |
|
1483 from evaln_e evaln_args invDeclC init_lvars eq_s3'_s3 this |
|
1484 have |
|
1485 "G\<turnstile>Norm s0 \<midarrow>{accC',statT,mode}e\<cdot>mn( {pTs'}args)-\<succ>v\<midarrow>max n1 (max n2 m)\<rightarrow> |
|
1486 (set_lvars (locals (store s2))) s4" |
|
1487 by (auto intro!: evaln.Call le_maxI1 le_max3I1 le_max3I2) |
|
1488 with that show ?thesis |
|
1489 by rules |
|
1490 next |
|
1491 case True |
|
1492 note normal_s2 = True |
|
1493 with eval_args |
|
1494 have normal_s1: "normal s1" |
|
1495 by (cases "normal s1") auto |
|
1496 with conf_a' eval_args |
|
1497 have conf_a'_s2: "G, store s2\<turnstile>a'\<Colon>\<preceq>RefT statT" |
|
1498 by (auto dest: eval_gext intro: conf_gext) |
|
1499 show ?thesis |
|
1500 proof (cases "a'=Null \<longrightarrow> is_static statM") |
|
1501 case False |
|
1502 then obtain not_static: "\<not> is_static statM" and Null: "a'=Null" |
|
1503 by blast |
|
1504 with normal_s2 init_lvars mode |
|
1505 obtain np: "abrupt s3 = Some (Xcpt (Std NullPointer))" and |
|
1506 "store s3 = store (init_lvars G invDeclC |
|
1507 \<lparr>name = mn, parTs = pTs'\<rparr> mode a' vs s2)" |
|
1508 by (auto simp add: init_lvars_def2) |
|
1509 moreover |
|
1510 from np check |
|
1511 have eq_s3'_s3: "s3'=s3" |
|
1512 by (auto simp add: check_method_access_def Let_def) |
|
1513 moreover |
|
1514 from eq_s3'_s3 np eval_methd init_lvars |
|
1515 obtain "s4=s3'" |
|
1516 "In1 v=arbitrary3 (In1l (Methd invDeclC \<lparr>name = mn, parTs = pTs'\<rparr>))" |
|
1517 by auto |
|
1518 moreover note np |
|
1519 ultimately obtain m where |
|
1520 "G\<turnstile>s3' \<midarrow>Methd invDeclC \<lparr>name = mn, parTs = pTs'\<rparr>-\<succ>v\<midarrow>m\<rightarrow> s4" |
|
1521 by force |
|
1522 from evaln_e evaln_args invDeclC init_lvars eq_s3'_s3 this |
|
1523 have |
|
1524 "G\<turnstile>Norm s0 \<midarrow>{accC',statT,mode}e\<cdot>mn( {pTs'}args)-\<succ>v\<midarrow>max n1 (max n2 m)\<rightarrow> |
|
1525 (set_lvars (locals (store s2))) s4" |
|
1526 by (auto intro!: evaln.Call le_maxI1 le_max3I1 le_max3I2) |
|
1527 with that show ?thesis |
|
1528 by rules |
|
1529 next |
|
1530 case True |
|
1531 with mode have notNull: "mode = IntVir \<longrightarrow> a' \<noteq> Null" |
|
1532 by (auto dest!: Null_staticD) |
|
1533 with conf_s2 conf_a'_s2 wf invC |
|
1534 have dynT_prop: "G\<turnstile>mode\<rightarrow>invC\<preceq>statT" |
|
1535 by (cases s2) (auto intro: DynT_propI) |
|
1536 with wt_e statM' invC mode wf |
|
1537 obtain dynM where |
|
1538 dynM: "dynlookup G statT invC \<lparr>name=mn,parTs=pTs'\<rparr> = Some dynM" and |
|
1539 acc_dynM: "G \<turnstile>Methd \<lparr>name=mn,parTs=pTs'\<rparr> dynM |
|
1540 in invC dyn_accessible_from accC" |
|
1541 by (force dest!: call_access_ok) |
|
1542 with invC' check eq_accC_accC' |
|
1543 have eq_s3'_s3: "s3'=s3" |
|
1544 by (auto simp add: check_method_access_def Let_def) |
|
1545 from dynT_prop wf wt_e statM' mode invC invDeclC dynM |
|
1546 obtain |
|
1547 wf_dynM: "wf_mdecl G invDeclC (\<lparr>name=mn,parTs=pTs'\<rparr>,mthd dynM)" and |
|
1548 dynM': "methd G invDeclC \<lparr>name=mn,parTs=pTs'\<rparr> = Some dynM" and |
|
1549 iscls_invDeclC: "is_class G invDeclC" and |
|
1550 invDeclC': "invDeclC = declclass dynM" and |
|
1551 invC_widen: "G\<turnstile>invC\<preceq>\<^sub>C invDeclC" and |
|
1552 is_static_eq: "is_static dynM = is_static statM" and |
|
1553 involved_classes_prop: |
|
1554 "(if invmode statM e = IntVir |
|
1555 then \<forall>statC. statT = ClassT statC \<longrightarrow> G\<turnstile>invC\<preceq>\<^sub>C statC |
|
1556 else ((\<exists>statC. statT = ClassT statC \<and> G\<turnstile>statC\<preceq>\<^sub>C invDeclC) \<or> |
|
1557 (\<forall>statC. statT \<noteq> ClassT statC \<and> invDeclC = Object)) \<and> |
|
1558 statDeclT = ClassT invDeclC)" |
|
1559 by (auto dest: DynT_mheadsD) |
|
1560 obtain L' where |
|
1561 L':"L'=(\<lambda> k. |
|
1562 (case k of |
|
1563 EName e |
|
1564 \<Rightarrow> (case e of |
|
1565 VNam v |
|
1566 \<Rightarrow>(table_of (lcls (mbody (mthd dynM))) |
|
1567 (pars (mthd dynM)[\<mapsto>]pTs')) v |
|
1568 | Res \<Rightarrow> Some (resTy dynM)) |
|
1569 | This \<Rightarrow> if is_static statM |
|
1570 then None else Some (Class invDeclC)))" |
|
1571 by simp |
|
1572 from wf_dynM [THEN wf_mdeclD1, THEN conjunct1] normal_s2 conf_s2 wt_e |
|
1573 wf eval_args conf_a' mode notNull wf_dynM involved_classes_prop |
|
1574 have conf_s3: "s3\<Colon>\<preceq>(G,L')" |
|
1575 apply - |
|
1576 (*FIXME confomrs_init_lvars should be |
|
1577 adjusted to be more directy applicable *) |
|
1578 apply (drule conforms_init_lvars [of G invDeclC |
|
1579 "\<lparr>name=mn,parTs=pTs'\<rparr>" dynM "store s2" vs pTs "abrupt s2" |
|
1580 L statT invC a' "(statDeclT,statM)" e]) |
|
1581 apply (rule wf) |
|
1582 apply (rule conf_args,assumption) |
|
1583 apply (simp add: pTs_widen) |
|
1584 apply (cases s2,simp) |
|
1585 apply (rule dynM') |
|
1586 apply (force dest: ty_expr_is_type) |
|
1587 apply (rule invC_widen) |
|
1588 apply (force intro: conf_gext dest: eval_gext) |
|
1589 apply simp |
|
1590 apply simp |
|
1591 apply (simp add: invC) |
|
1592 apply (simp add: invDeclC) |
|
1593 apply (force dest: wf_mdeclD1 is_acc_typeD) |
|
1594 apply (cases s2, simp add: L' init_lvars |
|
1595 cong add: lname.case_cong ename.case_cong) |
|
1596 done |
|
1597 with is_static_eq wf_dynM L' |
|
1598 obtain mthdT where |
|
1599 "\<lparr>prg=G,cls=invDeclC,lcl=L'\<rparr> |
|
1600 \<turnstile>Body invDeclC (stmt (mbody (mthd dynM)))\<Colon>-mthdT" |
|
1601 by - (drule wf_mdecl_bodyD, |
|
1602 simp cong add: lname.case_cong ename.case_cong) |
|
1603 with dynM' iscls_invDeclC invDeclC' |
|
1604 have |
|
1605 "\<lparr>prg=G,cls=invDeclC,lcl=L'\<rparr> |
|
1606 \<turnstile>(Methd invDeclC \<lparr>name = mn, parTs = pTs'\<rparr>)\<Colon>-mthdT" |
|
1607 by (auto intro: wt.Methd) |
|
1608 with conf_s3 eq_s3'_s3 hyp_methd |
|
1609 obtain m where |
|
1610 "G\<turnstile>s3' \<midarrow>Methd invDeclC \<lparr>name = mn, parTs = pTs'\<rparr>-\<succ>v\<midarrow>m\<rightarrow> s4" |
|
1611 by (blast) |
|
1612 from evaln_e evaln_args invDeclC init_lvars eq_s3'_s3 this |
|
1613 have |
|
1614 "G\<turnstile>Norm s0 \<midarrow>{accC',statT,mode}e\<cdot>mn( {pTs'}args)-\<succ>v\<midarrow>max n1 (max n2 m)\<rightarrow> |
|
1615 (set_lvars (locals (store s2))) s4" |
|
1616 by (auto intro!: evaln.Call le_maxI1 le_max3I1 le_max3I2) |
|
1617 with that show ?thesis |
|
1618 by rules |
|
1619 qed |
|
1620 qed |
|
1621 then show ?case .. |
|
1622 next |
|
1623 case (Methd D s0 s1 sig v L accC T) |
|
1624 then obtain n where |
|
1625 "G\<turnstile>Norm s0 \<midarrow>body G D sig-\<succ>v\<midarrow>n\<rightarrow> s1" |
|
1626 by - (erule wt_elim_cases, force simp add: body_def2) |
|
1627 then have "G\<turnstile>Norm s0 \<midarrow>Methd D sig-\<succ>v\<midarrow>Suc n\<rightarrow> s1" |
|
1628 by (rule evaln.Methd) |
|
1629 then show ?case .. |
|
1630 next |
|
1631 case (Body D c s0 s1 s2 L accC T) |
|
1632 with wf obtain n1 n2 where |
|
1633 "G\<turnstile>Norm s0 \<midarrow>Init D\<midarrow>n1\<rightarrow> s1" |
|
1634 "G\<turnstile>s1 \<midarrow>c\<midarrow>n2\<rightarrow> s2" |
|
1635 by (blast elim!: wt_elim_cases dest: eval_type_sound) |
|
1636 then have |
|
1637 "G\<turnstile>Norm s0 \<midarrow>Body D c-\<succ>the (locals (store s2) Result)\<midarrow>max n1 n2 |
|
1638 \<rightarrow> abupd (absorb Ret) s2" |
|
1639 by (blast intro: evaln.Body dest: evaln_max2) |
|
1640 then show ?case .. |
|
1641 next |
|
1642 case (LVar s vn L accC T) |
|
1643 obtain n where |
|
1644 "G\<turnstile>Norm s \<midarrow>LVar vn=\<succ>lvar vn s\<midarrow>n\<rightarrow> Norm s" |
|
1645 by (rules intro: evaln.LVar) |
|
1646 then show ?case .. |
|
1647 next |
|
1648 case (FVar a accC e fn s0 s1 s2 s2' s3 stat statDeclC v L accC' T) |
|
1649 have eval_init: "G\<turnstile>Norm s0 \<midarrow>Init statDeclC\<rightarrow> s1" . |
|
1650 have eval_e: "G\<turnstile>s1 \<midarrow>e-\<succ>a\<rightarrow> s2" . |
|
1651 have check: "s3 = check_field_access G accC statDeclC fn stat a s2'" . |
|
1652 have hyp_init: "PROP ?EqEval (Norm s0) s1 (In1r (Init statDeclC)) \<diamondsuit>" . |
|
1653 have hyp_e: "PROP ?EqEval s1 s2 (In1l e) (In1 a)" . |
|
1654 have fvar: "(v, s2') = fvar statDeclC stat fn a s2" . |
|
1655 have conf_s0: "Norm s0\<Colon>\<preceq>(G, L)" . |
|
1656 have wt: "\<lparr>prg=G, cls=accC', lcl=L\<rparr>\<turnstile>In2 ({accC,statDeclC,stat}e..fn)\<Colon>T" . |
|
1657 then obtain statC f where |
|
1658 wt_e: "\<lparr>prg=G, cls=accC, lcl=L\<rparr>\<turnstile>e\<Colon>-Class statC" and |
|
1659 accfield: "accfield G accC statC fn = Some (statDeclC,f)" and |
|
1660 stat: "stat=is_static f" and |
|
1661 accC': "accC'=accC" and |
|
1662 T: "T=(Inl (type f))" |
|
1663 by (rule wt_elim_cases) (auto simp add: member_is_static_simp) |
|
1664 from wf wt_e |
|
1665 have iscls_statC: "is_class G statC" |
|
1666 by (auto dest: ty_expr_is_type type_is_class) |
|
1667 with wf accfield |
|
1668 have iscls_statDeclC: "is_class G statDeclC" |
|
1669 by (auto dest!: accfield_fields dest: fields_declC) |
|
1670 then |
|
1671 have wt_init: "\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>(Init statDeclC)\<Colon>\<surd>" |
|
1672 by simp |
|
1673 from conf_s0 wt_init |
|
1674 obtain n1 where |
|
1675 evaln_init: "G\<turnstile>Norm s0 \<midarrow>Init statDeclC\<midarrow>n1\<rightarrow> s1" |
|
1676 by (rules dest: hyp_init) |
|
1677 from eval_init wt_init conf_s0 wf |
|
1678 have conf_s1: "s1\<Colon>\<preceq>(G, L)" |
|
1679 by (blast dest: eval_type_sound) |
|
1680 with wt_e |
|
1681 obtain n2 where |
|
1682 evaln_e: "G\<turnstile>s1 \<midarrow>e-\<succ>a\<midarrow>n2\<rightarrow> s2" |
|
1683 by (blast dest: hyp_e) |
|
1684 from eval_e wf conf_s1 wt_e |
|
1685 obtain conf_s2: "s2\<Colon>\<preceq>(G, L)" and |
|
1686 conf_a: "normal s2 \<longrightarrow> G,store s2\<turnstile>a\<Colon>\<preceq>Class statC" |
|
1687 by (auto dest!: eval_type_sound) |
|
1688 from accfield wt_e eval_init eval_e conf_s2 conf_a fvar stat check wf |
|
1689 have eq_s3_s2': "s3=s2'" |
|
1690 by (auto dest!: error_free_field_access) |
|
1691 with evaln_init evaln_e fvar accC' |
|
1692 have "G\<turnstile>Norm s0 \<midarrow>{accC,statDeclC,stat}e..fn=\<succ>v\<midarrow>max n1 n2\<rightarrow> s3" |
|
1693 by (auto intro: evaln.FVar dest: evaln_max2) |
|
1694 then show ?case .. |
|
1695 next |
|
1696 case (AVar a e1 e2 i s0 s1 s2 s2' v L accC T) |
|
1697 with wf obtain n1 n2 where |
|
1698 "G\<turnstile>Norm s0 \<midarrow>e1-\<succ>a\<midarrow>n1\<rightarrow> s1" |
|
1699 "G\<turnstile>s1 \<midarrow>e2-\<succ>i\<midarrow>n2\<rightarrow> s2" |
|
1700 by (blast elim!: wt_elim_cases dest: eval_type_sound) |
|
1701 moreover |
|
1702 have "(v, s2') = avar G i a s2" . |
|
1703 ultimately |
|
1704 have "G\<turnstile>Norm s0 \<midarrow>e1.[e2]=\<succ>v\<midarrow>max n1 n2\<rightarrow> s2'" |
|
1705 by (blast intro!: evaln.AVar dest: evaln_max2) |
|
1706 then show ?case .. |
|
1707 next |
|
1708 case (Nil s0 L accC T) |
|
1709 show ?case by (rules intro: evaln.Nil) |
|
1710 next |
|
1711 case (Cons e es s0 s1 s2 v vs L accC T) |
|
1712 with wf obtain n1 n2 where |
|
1713 "G\<turnstile>Norm s0 \<midarrow>e-\<succ>v\<midarrow>n1\<rightarrow> s1" |
|
1714 "G\<turnstile>s1 \<midarrow>es\<doteq>\<succ>vs\<midarrow>n2\<rightarrow> s2" |
|
1715 by (blast elim!: wt_elim_cases dest: eval_type_sound) |
|
1716 then |
|
1717 have "G\<turnstile>Norm s0 \<midarrow>e # es\<doteq>\<succ>v # vs\<midarrow>max n1 n2\<rightarrow> s2" |
|
1718 by (blast intro!: evaln.Cons dest: evaln_max2) |
|
1719 then show ?case .. |
|
1720 qed |
|
1721 qed |
|
1722 |
373 end |
1723 end |