89 |
107 |
90 |
108 |
91 section "soundness" |
109 section "soundness" |
92 |
110 |
93 lemma Methd_sound: |
111 lemma Methd_sound: |
94 "\<lbrakk>G,A\<union> {{P} Methd-\<succ> {Q} | ms}|\<Turnstile>\<Colon>{{P} body G-\<succ> {Q} | ms}\<rbrakk> \<Longrightarrow> |
112 assumes recursive: "G,A\<union> {{P} Methd-\<succ> {Q} | ms}|\<Turnstile>\<Colon>{{P} body G-\<succ> {Q} | ms}" |
95 G,A|\<Turnstile>\<Colon>{{P} Methd-\<succ> {Q} | ms}" |
113 shows "G,A|\<Turnstile>\<Colon>{{P} Methd-\<succ> {Q} | ms}" |
96 apply (unfold ax_valids2_def mtriples_def) |
114 proof - |
97 apply (rule allI) |
115 { |
98 apply (induct_tac "n") |
116 fix n |
99 apply (clarify, tactic {* pair_tac "x" 1 *}, simp (no_asm)) |
117 assume recursive: "\<And> n. \<forall>t\<in>(A \<union> {{P} Methd-\<succ> {Q} | ms}). G\<Turnstile>n\<Colon>t |
100 apply (fast intro: Methd_triple_valid2_0) |
118 \<Longrightarrow> \<forall>t\<in>{{P} body G-\<succ> {Q} | ms}. G\<Turnstile>n\<Colon>t" |
101 apply (clarify, tactic {* pair_tac "xa" 1 *}, simp (no_asm)) |
119 have "\<forall>t\<in>A. G\<Turnstile>n\<Colon>t \<Longrightarrow> \<forall>t\<in>{{P} Methd-\<succ> {Q} | ms}. G\<Turnstile>n\<Colon>t" |
102 apply (drule triples_valid2_Suc) |
120 proof (induct n) |
103 apply (erule (1) notE impE) |
121 case 0 |
104 apply (drule_tac x = na in spec) |
122 show "\<forall>t\<in>{{P} Methd-\<succ> {Q} | ms}. G\<Turnstile>0\<Colon>t" |
105 apply (rule Methd_triple_valid2_SucI) |
123 proof - |
106 apply (simp (no_asm_use) add: ball_Un) |
124 { |
107 apply auto |
125 fix C sig |
108 done |
126 assume "(C,sig) \<in> ms" |
|
127 have "G\<Turnstile>0\<Colon>{Normal (P C sig)} Methd C sig-\<succ> {Q C sig}" |
|
128 by (rule Methd_triple_valid2_0) |
|
129 } |
|
130 thus ?thesis |
|
131 by (simp add: mtriples_def split_def) |
|
132 qed |
|
133 next |
|
134 case (Suc m) |
|
135 have hyp: "\<forall>t\<in>A. G\<Turnstile>m\<Colon>t \<Longrightarrow> \<forall>t\<in>{{P} Methd-\<succ> {Q} | ms}. G\<Turnstile>m\<Colon>t". |
|
136 have prem: "\<forall>t\<in>A. G\<Turnstile>Suc m\<Colon>t" . |
|
137 show "\<forall>t\<in>{{P} Methd-\<succ> {Q} | ms}. G\<Turnstile>Suc m\<Colon>t" |
|
138 proof - |
|
139 { |
|
140 fix C sig |
|
141 assume m: "(C,sig) \<in> ms" |
|
142 have "G\<Turnstile>Suc m\<Colon>{Normal (P C sig)} Methd C sig-\<succ> {Q C sig}" |
|
143 proof - |
|
144 from prem have prem_m: "\<forall>t\<in>A. G\<Turnstile>m\<Colon>t" |
|
145 by (rule triples_valid2_Suc) |
|
146 hence "\<forall>t\<in>{{P} Methd-\<succ> {Q} | ms}. G\<Turnstile>m\<Colon>t" |
|
147 by (rule hyp) |
|
148 with prem_m |
|
149 have "\<forall>t\<in>(A \<union> {{P} Methd-\<succ> {Q} | ms}). G\<Turnstile>m\<Colon>t" |
|
150 by (simp add: ball_Un) |
|
151 hence "\<forall>t\<in>{{P} body G-\<succ> {Q} | ms}. G\<Turnstile>m\<Colon>t" |
|
152 by (rule recursive) |
|
153 with m have "G\<Turnstile>m\<Colon>{Normal (P C sig)} body G C sig-\<succ> {Q C sig}" |
|
154 by (auto simp add: mtriples_def split_def) |
|
155 thus ?thesis |
|
156 by (rule Methd_triple_valid2_SucI) |
|
157 qed |
|
158 } |
|
159 thus ?thesis |
|
160 by (simp add: mtriples_def split_def) |
|
161 qed |
|
162 qed |
|
163 } |
|
164 with recursive show ?thesis |
|
165 by (unfold ax_valids2_def) blast |
|
166 qed |
109 |
167 |
110 |
168 |
111 lemma valids2_inductI: "\<forall>s t n Y' s'. G\<turnstile>s\<midarrow>t\<succ>\<midarrow>n\<rightarrow> (Y',s') \<longrightarrow> t = c \<longrightarrow> |
169 lemma valids2_inductI: "\<forall>s t n Y' s'. G\<turnstile>s\<midarrow>t\<succ>\<midarrow>n\<rightarrow> (Y',s') \<longrightarrow> t = c \<longrightarrow> |
112 Ball A (triple_valid2 G n) \<longrightarrow> (\<forall>Y Z. P Y s Z \<longrightarrow> |
170 Ball A (triple_valid2 G n) \<longrightarrow> (\<forall>Y Z. P Y s Z \<longrightarrow> |
113 (\<forall>L. s\<Colon>\<preceq>(G,L) \<longrightarrow> (\<forall>T C. (normal s \<longrightarrow> \<lparr>prg=G,cls=C,lcl=L\<rparr>\<turnstile>t\<Colon>T) \<longrightarrow> |
171 (\<forall>L. s\<Colon>\<preceq>(G,L) \<longrightarrow> |
114 Q Y' s' Z \<and> s'\<Colon>\<preceq>(G, L)))) \<Longrightarrow> |
172 (\<forall>T C A. (normal s \<longrightarrow> (\<lparr>prg=G,cls=C,lcl=L\<rparr>\<turnstile>t\<Colon>T) \<and> |
|
173 \<lparr>prg=G,cls=C,lcl=L\<rparr>\<turnstile>dom (locals (store s))\<guillemotright>t\<guillemotright>A) \<longrightarrow> |
|
174 Q Y' s' Z \<and> s'\<Colon>\<preceq>(G, L)))) \<Longrightarrow> |
115 G,A|\<Turnstile>\<Colon>{ {P} c\<succ> {Q}}" |
175 G,A|\<Turnstile>\<Colon>{ {P} c\<succ> {Q}}" |
116 apply (simp (no_asm) add: ax_valids2_def triple_valid2_def2) |
176 apply (simp (no_asm) add: ax_valids2_def triple_valid2_def2) |
117 apply clarsimp |
177 apply clarsimp |
118 done |
178 done |
119 |
179 |
120 ML_setup {* |
180 lemma da_good_approx_evalnE [consumes 4]: |
121 Delsimprocs [evaln_expr_proc,evaln_var_proc,evaln_exprs_proc,evaln_stmt_proc] |
181 assumes evaln: "G\<turnstile>s0 \<midarrow>t\<succ>\<midarrow>n\<rightarrow> (v, s1)" |
122 *} |
182 and wt: "\<lparr>prg=G,cls=C,lcl=L\<rparr>\<turnstile>t\<Colon>T" |
123 |
183 and da: "\<lparr>prg=G,cls=C,lcl=L\<rparr>\<turnstile> dom (locals (store s0)) \<guillemotright>t\<guillemotright> A" |
124 lemma Loop_sound: "\<lbrakk>G,A|\<Turnstile>\<Colon>{ {P} e-\<succ> {P'}}; |
184 and wf: "wf_prog G" |
125 G,A|\<Turnstile>\<Colon>{ {Normal (P'\<leftarrow>=True)} .c. {abupd (absorb (Cont l)) .; P}}\<rbrakk> \<Longrightarrow> |
185 and elim: "\<lbrakk>normal s1 \<Longrightarrow> nrm A \<subseteq> dom (locals (store s1)); |
126 G,A|\<Turnstile>\<Colon>{ {P} .l\<bullet> While(e) c. {(P'\<leftarrow>=False)\<down>=\<diamondsuit>}}" |
186 \<And> l. \<lbrakk>abrupt s1 = Some (Jump (Break l)); normal s0\<rbrakk> |
127 apply (rule valids2_inductI) |
187 \<Longrightarrow> brk A l \<subseteq> dom (locals (store s1)); |
128 apply ((rule allI)+, rule impI, tactic {* pair_tac "s" 1*}, tactic {* pair_tac "s'" 1*}) |
188 \<lbrakk>abrupt s1 = Some (Jump Ret);normal s0\<rbrakk> |
129 apply (erule evaln.induct) |
189 \<Longrightarrow>Result \<in> dom (locals (store s1)) |
130 apply simp_all (* takes half a minute *) |
190 \<rbrakk> \<Longrightarrow> P" |
131 apply clarify |
191 shows "P" |
132 apply (erule_tac V = "G,A|\<Turnstile>\<Colon>{ {?P'} .c. {?P}}" in thin_rl) |
192 proof - |
133 apply (simp_all (no_asm_use) add: ax_valids2_def triple_valid2_def2) |
193 from evaln have "G\<turnstile>s0 \<midarrow>t\<succ>\<rightarrow> (v, s1)" |
134 apply (tactic "smp_tac 1 1", tactic "smp_tac 3 1", force) |
194 by (rule evaln_eval) |
135 apply clarify |
195 from this wt da wf elim show P |
136 apply (rule wt_elim_cases, assumption) |
196 by (rule da_good_approxE') rules+ |
137 apply (tactic "smp_tac 1 1", tactic "smp_tac 1 1", tactic "smp_tac 3 1", |
197 qed |
138 tactic "smp_tac 2 1", tactic "smp_tac 1 1") |
198 |
139 apply (erule impE,simp (no_asm),blast) |
199 lemma validI: |
140 apply (simp add: imp_conjL split_tupled_all split_paired_All) |
200 assumes I: "\<And> n s0 L accC T C v s1 Y Z. |
141 apply (case_tac "the_Bool b") |
201 \<lbrakk>\<forall>t\<in>A. G\<Turnstile>n\<Colon>t; s0\<Colon>\<preceq>(G,L); |
142 apply clarsimp |
202 normal s0 \<Longrightarrow> \<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile>t\<Colon>T; |
143 apply (case_tac "a") |
203 normal s0 \<Longrightarrow> \<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile>dom (locals (store s0))\<guillemotright>t\<guillemotright>C; |
144 apply (simp_all) |
204 G\<turnstile>s0 \<midarrow>t\<succ>\<midarrow>n\<rightarrow> (v,s1); P Y s0 Z\<rbrakk> \<Longrightarrow> Q v s1 Z \<and> s1\<Colon>\<preceq>(G,L)" |
145 apply clarsimp |
205 shows "G,A|\<Turnstile>\<Colon>{ {P} t\<succ> {Q} }" |
146 apply (erule_tac V = "c = l\<bullet> While(e) c \<longrightarrow> ?P" in thin_rl) |
206 apply (simp add: ax_valids2_def triple_valid2_def2) |
147 apply (blast intro: conforms_absorb) |
207 apply (intro allI impI) |
148 apply blast+ |
208 apply (case_tac "normal s") |
|
209 apply clarsimp |
|
210 apply (rule I,(assumption|simp)+) |
|
211 |
|
212 apply (rule I,auto) |
149 done |
213 done |
150 |
214 |
151 declare subst_Bool_def2 [simp del] |
215 |
|
216 |
|
217 |
|
218 ML "Addsimprocs [wt_expr_proc,wt_var_proc,wt_exprs_proc,wt_stmt_proc]" |
|
219 |
|
220 lemma valid_stmtI: |
|
221 assumes I: "\<And> n s0 L accC C s1 Y Z. |
|
222 \<lbrakk>\<forall>t\<in>A. G\<Turnstile>n\<Colon>t; s0\<Colon>\<preceq>(G,L); |
|
223 normal s0\<Longrightarrow> \<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile>c\<Colon>\<surd>; |
|
224 normal s0\<Longrightarrow>\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile>dom (locals (store s0))\<guillemotright>\<langle>c\<rangle>\<^sub>s\<guillemotright>C; |
|
225 G\<turnstile>s0 \<midarrow>c\<midarrow>n\<rightarrow> s1; P Y s0 Z\<rbrakk> \<Longrightarrow> Q \<diamondsuit> s1 Z \<and> s1\<Colon>\<preceq>(G,L)" |
|
226 shows "G,A|\<Turnstile>\<Colon>{ {P} \<langle>c\<rangle>\<^sub>s\<succ> {Q} }" |
|
227 apply (simp add: ax_valids2_def triple_valid2_def2) |
|
228 apply (intro allI impI) |
|
229 apply (case_tac "normal s") |
|
230 apply clarsimp |
|
231 apply (rule I,(assumption|simp)+) |
|
232 |
|
233 apply (rule I,auto) |
|
234 done |
|
235 |
|
236 lemma valid_stmt_NormalI: |
|
237 assumes I: "\<And> n s0 L accC C s1 Y Z. |
|
238 \<lbrakk>\<forall>t\<in>A. G\<Turnstile>n\<Colon>t; s0\<Colon>\<preceq>(G,L); normal s0; \<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile>c\<Colon>\<surd>; |
|
239 \<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile>dom (locals (store s0))\<guillemotright>\<langle>c\<rangle>\<^sub>s\<guillemotright>C; |
|
240 G\<turnstile>s0 \<midarrow>c\<midarrow>n\<rightarrow> s1; (Normal P) Y s0 Z\<rbrakk> \<Longrightarrow> Q \<diamondsuit> s1 Z \<and> s1\<Colon>\<preceq>(G,L)" |
|
241 shows "G,A|\<Turnstile>\<Colon>{ {Normal P} \<langle>c\<rangle>\<^sub>s\<succ> {Q} }" |
|
242 apply (simp add: ax_valids2_def triple_valid2_def2) |
|
243 apply (intro allI impI) |
|
244 apply (elim exE conjE) |
|
245 apply (rule I) |
|
246 by auto |
|
247 |
|
248 lemma valid_var_NormalI: |
|
249 assumes I: "\<And> n s0 L accC T C vf s1 Y Z. |
|
250 \<lbrakk>\<forall>t\<in>A. G\<Turnstile>n\<Colon>t; s0\<Colon>\<preceq>(G,L); normal s0; |
|
251 \<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile>t\<Colon>=T; |
|
252 \<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile>dom (locals (store s0))\<guillemotright>\<langle>t\<rangle>\<^sub>v\<guillemotright>C; |
|
253 G\<turnstile>s0 \<midarrow>t=\<succ>vf\<midarrow>n\<rightarrow> s1; (Normal P) Y s0 Z\<rbrakk> |
|
254 \<Longrightarrow> Q (In2 vf) s1 Z \<and> s1\<Colon>\<preceq>(G,L)" |
|
255 shows "G,A|\<Turnstile>\<Colon>{ {Normal P} \<langle>t\<rangle>\<^sub>v\<succ> {Q} }" |
|
256 apply (simp add: ax_valids2_def triple_valid2_def2) |
|
257 apply (intro allI impI) |
|
258 apply (elim exE conjE) |
|
259 apply simp |
|
260 apply (rule I) |
|
261 by auto |
|
262 |
|
263 lemma valid_expr_NormalI: |
|
264 assumes I: "\<And> n s0 L accC T C v s1 Y Z. |
|
265 \<lbrakk>\<forall>t\<in>A. G\<Turnstile>n\<Colon>t; s0\<Colon>\<preceq>(G,L); normal s0; |
|
266 \<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile>t\<Colon>-T; |
|
267 \<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile>dom (locals (store s0))\<guillemotright>\<langle>t\<rangle>\<^sub>e\<guillemotright>C; |
|
268 G\<turnstile>s0 \<midarrow>t-\<succ>v\<midarrow>n\<rightarrow> s1; (Normal P) Y s0 Z\<rbrakk> |
|
269 \<Longrightarrow> Q (In1 v) s1 Z \<and> s1\<Colon>\<preceq>(G,L)" |
|
270 shows "G,A|\<Turnstile>\<Colon>{ {Normal P} \<langle>t\<rangle>\<^sub>e\<succ> {Q} }" |
|
271 apply (simp add: ax_valids2_def triple_valid2_def2) |
|
272 apply (intro allI impI) |
|
273 apply (elim exE conjE) |
|
274 apply simp |
|
275 apply (rule I) |
|
276 by auto |
|
277 |
|
278 lemma valid_expr_list_NormalI: |
|
279 assumes I: "\<And> n s0 L accC T C vs s1 Y Z. |
|
280 \<lbrakk>\<forall>t\<in>A. G\<Turnstile>n\<Colon>t; s0\<Colon>\<preceq>(G,L); normal s0; |
|
281 \<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile>t\<Colon>\<doteq>T; |
|
282 \<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile>dom (locals (store s0))\<guillemotright>\<langle>t\<rangle>\<^sub>l\<guillemotright>C; |
|
283 G\<turnstile>s0 \<midarrow>t\<doteq>\<succ>vs\<midarrow>n\<rightarrow> s1; (Normal P) Y s0 Z\<rbrakk> |
|
284 \<Longrightarrow> Q (In3 vs) s1 Z \<and> s1\<Colon>\<preceq>(G,L)" |
|
285 shows "G,A|\<Turnstile>\<Colon>{ {Normal P} \<langle>t\<rangle>\<^sub>l\<succ> {Q} }" |
|
286 apply (simp add: ax_valids2_def triple_valid2_def2) |
|
287 apply (intro allI impI) |
|
288 apply (elim exE conjE) |
|
289 apply simp |
|
290 apply (rule I) |
|
291 by auto |
|
292 |
|
293 lemma validE [consumes 5]: |
|
294 assumes valid: "G,A|\<Turnstile>\<Colon>{ {P} t\<succ> {Q} }" |
|
295 and P: "P Y s0 Z" |
|
296 and valid_A: "\<forall>t\<in>A. G\<Turnstile>n\<Colon>t" |
|
297 and conf: "s0\<Colon>\<preceq>(G,L)" |
|
298 and eval: "G\<turnstile>s0 \<midarrow>t\<succ>\<midarrow>n\<rightarrow> (v,s1)" |
|
299 and wt: "normal s0 \<Longrightarrow> \<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile>t\<Colon>T" |
|
300 and da: "normal s0 \<Longrightarrow> \<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile>dom (locals (store s0))\<guillemotright>t\<guillemotright>C" |
|
301 and elim: "\<lbrakk>Q v s1 Z; s1\<Colon>\<preceq>(G,L)\<rbrakk> \<Longrightarrow> concl" |
|
302 shows "concl" |
|
303 using prems |
|
304 by (simp add: ax_valids2_def triple_valid2_def2) fast |
|
305 (* why consumes 5?. If I want to apply this lemma in a context wgere |
|
306 \<not> normal s0 holds, |
|
307 I can chain "\<not> normal s0" as fact number 6 and apply the rule with |
|
308 cases. Auto will then solve premise 6 and 7. |
|
309 *) |
|
310 |
152 lemma all_empty: "(!x. P) = P" |
311 lemma all_empty: "(!x. P) = P" |
153 by simp |
312 by simp |
154 lemma sound_valid2_lemma: |
|
155 "\<lbrakk>\<forall>v n. Ball A (triple_valid2 G n) \<longrightarrow> P v n; Ball A (triple_valid2 G n)\<rbrakk> |
|
156 \<Longrightarrow>P v n" |
|
157 by blast |
|
158 ML {* |
|
159 val fullsimptac = full_simp_tac(simpset() delsimps [thm "all_empty"]); |
|
160 val sound_prepare_tac = EVERY'[REPEAT o thin_tac "?x \<in> ax_derivs G", |
|
161 full_simp_tac (simpset()addsimps[thm "ax_valids2_def",thm "triple_valid2_def2", |
|
162 thm "imp_conjL"] delsimps[thm "all_empty"]), |
|
163 Clarify_tac]; |
|
164 val sound_elim_tac = EVERY'[eresolve_tac (thms "evaln_elim_cases"), |
|
165 TRY o eresolve_tac (thms "wt_elim_cases"), fullsimptac, Clarify_tac]; |
|
166 val sound_valid2_tac = REPEAT o FIRST'[smp_tac 1, |
|
167 datac (thm "sound_valid2_lemma") 1]; |
|
168 val sound_forw_hyp_tac = |
|
169 EVERY'[smp_tac 3 |
|
170 ORELSE' EVERY'[dtac spec,dtac spec, dtac spec,etac impE, Fast_tac] |
|
171 ORELSE' EVERY'[dtac spec,dtac spec,etac impE, Fast_tac], |
|
172 fullsimptac, |
|
173 smp_tac 2,TRY o smp_tac 1, |
|
174 TRY o EVERY'[etac impE, TRY o rtac impI, |
|
175 atac ORELSE' (EVERY' [REPEAT o rtac exI,Blast_tac]), |
|
176 fullsimptac, Clarify_tac, TRY o smp_tac 1]] |
|
177 *} |
|
178 (* ### rtac conjI,rtac HOL.refl *) |
|
179 lemma Call_sound: |
|
180 "\<lbrakk>wf_prog G; G,A|\<Turnstile>\<Colon>{ {Normal P} e-\<succ> {Q}}; \<forall>a. G,A|\<Turnstile>\<Colon>{ {Q\<leftarrow>Val a} ps\<doteq>\<succ> {R a}}; |
|
181 \<forall>a vs invC declC l. G,A|\<Turnstile>\<Colon>{ {(R a\<leftarrow>Vals vs \<and>. |
|
182 (\<lambda>s. declC = invocation_declclass |
|
183 G mode (store s) a statT \<lparr>name=mn,parTs=pTs\<rparr> \<and> |
|
184 invC = invocation_class mode (store s) a statT \<and> |
|
185 l = locals (store s)) ;. |
|
186 init_lvars G declC \<lparr>name=mn,parTs=pTs\<rparr> mode a vs) \<and>. |
|
187 (\<lambda>s. normal s \<longrightarrow> G\<turnstile>mode\<rightarrow>invC\<preceq>statT)} |
|
188 Methd declC \<lparr>name=mn,parTs=pTs\<rparr>-\<succ> {set_lvars l .; S}}\<rbrakk> \<Longrightarrow> |
|
189 G,A|\<Turnstile>\<Colon>{ {Normal P} {accC,statT,mode}e\<cdot>mn({pTs}ps)-\<succ> {S}}" |
|
190 apply (tactic "EVERY'[sound_prepare_tac, sound_elim_tac, sound_valid2_tac] 1") |
|
191 apply (rename_tac x1 s1 x2 s2 ab bb v vs m pTsa statDeclC) |
|
192 apply (tactic "smp_tac 6 1") |
|
193 apply (tactic "sound_forw_hyp_tac 1") |
|
194 apply (tactic "sound_forw_hyp_tac 1") |
|
195 apply (drule max_spec2mheads) |
|
196 apply (drule (3) evaln_eval, drule (3) eval_ts) |
|
197 apply (drule (3) evaln_eval, frule (3) evals_ts) |
|
198 apply (drule spec,erule impE,rule exI, blast) |
|
199 (* apply (drule spec,drule spec,drule spec,erule impE,rule exI,blast) *) |
|
200 apply (case_tac "if is_static m then x2 else (np a') x2") |
|
201 defer 1 |
|
202 apply (rename_tac x, subgoal_tac "(Some x, s2)\<Colon>\<preceq>(G, L)" (* used two times *)) |
|
203 prefer 2 |
|
204 apply (force split add: split_if_asm) |
|
205 apply (simp del: if_raise_if_None) |
|
206 apply (tactic "smp_tac 2 1") |
|
207 apply (simp only: init_lvars_def2 invmode_Static_eq) |
|
208 apply (clarsimp simp del: resTy_mthd) |
|
209 apply (drule spec,erule swap,erule conforms_set_locals [OF _ lconf_empty]) |
|
210 apply clarsimp |
|
211 apply (drule Null_staticD) |
|
212 apply (drule eval_gext', drule (1) conf_gext, frule (3) DynT_propI) |
|
213 apply (erule impE) apply blast |
|
214 apply (subgoal_tac |
|
215 "G\<turnstile>invmode (mhd (statDeclC,m)) e |
|
216 \<rightarrow>invocation_class (invmode m e) s2 a' statT\<preceq>statT") |
|
217 defer apply simp |
|
218 apply (drule (3) DynT_mheadsD,simp,simp) |
|
219 apply (clarify, drule wf_mdeclD1, clarify) |
|
220 apply (frule ty_expr_is_type) apply simp |
|
221 apply (subgoal_tac "invmode (mhd (statDeclC,m)) e = IntVir \<longrightarrow> a' \<noteq> Null") |
|
222 defer apply simp |
|
223 apply (frule (2) wt_MethdI) |
|
224 apply clarify |
|
225 apply (drule (2) conforms_init_lvars) |
|
226 apply (simp) |
|
227 apply (assumption)+ |
|
228 apply simp |
|
229 apply (assumption)+ |
|
230 apply (rule impI) apply simp |
|
231 apply simp |
|
232 apply simp |
|
233 apply (rule Ball_weaken) |
|
234 apply assumption |
|
235 apply (force simp add: is_acc_type_def) |
|
236 apply (tactic "smp_tac 2 1") |
|
237 apply simp |
|
238 apply (tactic "smp_tac 1 1") |
|
239 apply (erule_tac V = "?P \<longrightarrow> ?Q" in thin_rl) |
|
240 apply (erule impE) |
|
241 apply (rule exI)+ |
|
242 apply (subgoal_tac "is_static dm = (static m)") |
|
243 prefer 2 apply (simp add: member_is_static_simp) |
|
244 apply (simp only: ) |
|
245 apply (simp only: sig.simps) |
|
246 apply (force dest!: evaln_eval eval_gext' elim: conforms_return |
|
247 del: impCE simp add: init_lvars_def2) |
|
248 done |
|
249 |
313 |
250 corollary evaln_type_sound: |
314 corollary evaln_type_sound: |
251 assumes evaln: "G\<turnstile>s0 \<midarrow>t\<succ>\<midarrow>n\<rightarrow> (v,s1)" and |
315 assumes evaln: "G\<turnstile>s0 \<midarrow>t\<succ>\<midarrow>n\<rightarrow> (v,s1)" and |
252 wt: "\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile>t\<Colon>T" and |
316 wt: "\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile>t\<Colon>T" and |
|
317 da: "\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile>dom (locals (store s0)) \<guillemotright>t\<guillemotright> A" and |
253 conf_s0: "s0\<Colon>\<preceq>(G,L)" and |
318 conf_s0: "s0\<Colon>\<preceq>(G,L)" and |
254 wf: "wf_prog G" |
319 wf: "wf_prog G" |
255 shows "s1\<Colon>\<preceq>(G,L) \<and> (normal s1 \<longrightarrow> G,L,store s1\<turnstile>t\<succ>v\<Colon>\<preceq>T) \<and> |
320 shows "s1\<Colon>\<preceq>(G,L) \<and> (normal s1 \<longrightarrow> G,L,store s1\<turnstile>t\<succ>v\<Colon>\<preceq>T) \<and> |
256 (error_free s0 = error_free s1)" |
321 (error_free s0 = error_free s1)" |
257 proof - |
322 proof - |
258 from evaln wt conf_s0 wf |
323 from evaln have "G\<turnstile>s0 \<midarrow>t\<succ>\<rightarrow> (v,s1)" |
259 show ?thesis |
324 by (rule evaln_eval) |
260 by (blast dest: evaln_eval eval_type_sound) |
325 from this wt da wf conf_s0 show ?thesis |
|
326 by (rule eval_type_sound) |
261 qed |
327 qed |
262 |
328 |
263 lemma Init_sound: "\<lbrakk>wf_prog G; the (class G C) = c; |
329 corollary dom_locals_evaln_mono_elim [consumes 1]: |
264 G,A|\<Turnstile>\<Colon>{ {Normal ((P \<and>. Not \<circ> initd C) ;. supd (init_class_obj G C))} |
330 assumes |
265 .(if C = Object then Skip else Init (super c)). {Q}}; |
331 evaln: "G\<turnstile> s0 \<midarrow>t\<succ>\<midarrow>n\<rightarrow> (v,s1)" and |
266 \<forall>l. G,A|\<Turnstile>\<Colon>{ {Q \<and>. (\<lambda>s. l = locals (store s)) ;. set_lvars empty} |
332 hyps: "\<lbrakk>dom (locals (store s0)) \<subseteq> dom (locals (store s1)); |
267 .init c. {set_lvars l .; R}}\<rbrakk> \<Longrightarrow> |
333 \<And> vv s val. \<lbrakk>v=In2 vv; normal s1\<rbrakk> |
268 G,A|\<Turnstile>\<Colon>{ {Normal (P \<and>. Not \<circ> initd C)} .Init C. {R}}" |
334 \<Longrightarrow> dom (locals (store s)) |
269 apply (tactic "EVERY'[sound_prepare_tac, sound_elim_tac,sound_valid2_tac] 1") |
335 \<subseteq> dom (locals (store ((snd vv) val s)))\<rbrakk> \<Longrightarrow> P" |
270 apply (tactic {* instantiate_tac [("l24","\<lambda> n Y Z sa Y' s' L y a b aa ba ab bb. locals b")]*}) |
336 shows "P" |
271 apply (clarsimp simp add: split_paired_Ex) |
337 proof - |
272 apply (drule spec, drule spec, drule spec, erule impE) |
338 from evaln have "G\<turnstile> s0 \<midarrow>t\<succ>\<rightarrow> (v,s1)" by (rule evaln_eval) |
273 apply (erule_tac V = "All ?P" in thin_rl, fast) |
339 from this hyps show ?thesis |
274 apply clarsimp |
340 by (rule dom_locals_eval_mono_elim) rules+ |
275 apply (tactic "smp_tac 2 1", drule spec, erule impE, |
341 qed |
276 erule (3) conforms_init_class_obj) |
342 |
277 apply (frule (1) wf_prog_cdecl) |
343 |
278 apply (erule impE, rule exI,erule_tac V = "All ?P" in thin_rl, |
344 |
279 force dest: wf_cdecl_supD split add: split_if simp add: is_acc_class_def) |
345 lemma evaln_no_abrupt: |
280 apply clarify |
346 "\<And>s s'. \<lbrakk>G\<turnstile>s \<midarrow>t\<succ>\<midarrow>n\<rightarrow> (w,s'); normal s'\<rbrakk> \<Longrightarrow> normal s" |
281 apply (drule spec) |
347 by (erule evaln_cases,auto) |
282 apply (drule spec) |
348 |
283 apply (drule spec) |
349 declare inj_term_simps [simp] |
284 apply (erule impE) |
350 lemma ax_sound2: |
285 apply ( fast) |
351 assumes wf: "wf_prog G" |
286 apply (simp (no_asm_use) del: empty_def2) |
352 and deriv: "G,A|\<turnstile>ts" |
287 apply (tactic "smp_tac 2 1") |
353 shows "G,A|\<Turnstile>\<Colon>ts" |
288 apply (drule spec, erule impE, erule conforms_set_locals, rule lconf_empty) |
354 using deriv |
289 apply (erule impE,rule impI,rule exI,erule wf_cdecl_wt_init) |
355 proof (induct) |
290 apply clarsimp |
356 case (empty A) |
291 apply (erule (1) conforms_return) |
357 show ?case |
292 apply (frule wf_cdecl_wt_init) |
358 by (simp add: ax_valids2_def triple_valid2_def2) |
293 apply (subgoal_tac "(a, set_locals empty b)\<Colon>\<preceq>(G, empty)") |
359 next |
294 apply (frule (3) evaln_eval) |
360 case (insert A t ts) |
295 apply (drule eval_gext') |
361 have valid_t: "G,A|\<Turnstile>\<Colon>{t}" . |
296 apply force |
362 moreover have valid_ts: "G,A|\<Turnstile>\<Colon>ts" . |
297 |
363 { |
298 (* refer to case Init in eval_type_sound proof, to see whats going on*) |
364 fix n assume valid_A: "\<forall>t\<in>A. G\<Turnstile>n\<Colon>t" |
299 apply (subgoal_tac "(a,b)\<Colon>\<preceq>(G, L)") |
365 have "G\<Turnstile>n\<Colon>t" and "\<forall>t\<in>ts. G\<Turnstile>n\<Colon>t" |
300 apply (blast intro: conforms_set_locals) |
366 proof - |
301 |
367 from valid_A valid_t show "G\<Turnstile>n\<Colon>t" |
302 apply (drule evaln_type_sound) |
368 by (simp add: ax_valids2_def) |
303 apply (cases "C=Object") |
369 next |
304 apply force |
370 from valid_A valid_ts show "\<forall>t\<in>ts. G\<Turnstile>n\<Colon>t" |
305 apply (force dest: wf_cdecl_supD is_acc_classD) |
371 by (unfold ax_valids2_def) blast |
306 apply (erule (4) conforms_init_class_obj) |
372 qed |
307 apply blast |
373 hence "\<forall>t'\<in>insert t ts. G\<Turnstile>n\<Colon>t'" |
308 done |
374 by simp |
309 |
375 } |
310 lemma all_conjunct2: "\<forall>l. P' l \<and> P l \<Longrightarrow> \<forall>l. P l" |
376 thus ?case |
311 by fast |
377 by (unfold ax_valids2_def) blast |
312 |
378 next |
313 lemma all4_conjunct2: |
379 case (asm A ts) |
314 "\<forall>a vs D l. (P' a vs D l \<and> P a vs D l) \<Longrightarrow> \<forall>a vs D l. P a vs D l" |
380 have "ts \<subseteq> A" . |
315 by fast |
381 then show "G,A|\<Turnstile>\<Colon>ts" |
316 |
382 by (auto simp add: ax_valids2_def triple_valid2_def) |
317 |
383 next |
318 lemmas sound_lemmas = Init_sound Loop_sound Methd_sound |
384 case (weaken A ts ts') |
319 |
385 have "G,A|\<Turnstile>\<Colon>ts'" . |
320 lemma ax_sound2: "wf_prog G \<Longrightarrow> G,A|\<turnstile>ts \<Longrightarrow> G,A|\<Turnstile>\<Colon>ts" |
386 moreover have "ts \<subseteq> ts'" . |
321 apply (erule ax_derivs.induct) |
387 ultimately show "G,A|\<Turnstile>\<Colon>ts" |
322 prefer 22 (* Call *) |
388 by (unfold ax_valids2_def triple_valid2_def) blast |
323 apply (erule (1) Call_sound) apply simp apply force apply force |
389 next |
324 |
390 case (conseq A P Q t) |
325 apply (tactic {* TRYALL (eresolve_tac (thms "sound_lemmas") THEN_ALL_NEW |
391 have con: "\<forall>Y s Z. P Y s Z \<longrightarrow> |
326 eresolve_tac [asm_rl, thm "all_conjunct2", thm "all4_conjunct2"]) *}) |
392 (\<exists>P' Q'. |
327 |
393 (G,A\<turnstile>{P'} t\<succ> {Q'} \<and> G,A|\<Turnstile>\<Colon>{ {P'} t\<succ> {Q'} }) \<and> |
328 apply(tactic "COND (has_fewer_prems(30+9)) (ALLGOALS sound_prepare_tac) no_tac") |
394 (\<forall>Y' s'. (\<forall>Y Z'. P' Y s Z' \<longrightarrow> Q' Y' s' Z') \<longrightarrow> Q Y' s' Z))". |
329 |
395 show "G,A|\<Turnstile>\<Colon>{ {P} t\<succ> {Q} }" |
330 (*empty*) |
396 proof (rule validI) |
331 apply fast (* insert *) |
397 fix n s0 L accC T C v s1 Y Z |
332 apply fast (* asm *) |
398 assume valid_A: "\<forall>t\<in>A. G\<Turnstile>n\<Colon>t" |
333 (*apply fast *) (* cut *) |
399 assume conf: "s0\<Colon>\<preceq>(G,L)" |
334 apply fast (* weaken *) |
400 assume wt: "normal s0 \<Longrightarrow> \<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile>t\<Colon>T" |
335 apply (tactic "smp_tac 3 1", clarify, tactic "smp_tac 1 1", |
401 assume da: "normal s0 |
336 case_tac"fst s",clarsimp,erule (3) evaln_type_sound [THEN conjunct1], |
402 \<Longrightarrow> \<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile>dom (locals (store s0)) \<guillemotright>t\<guillemotright> C" |
337 clarsimp) (* conseq *) |
403 assume eval: "G\<turnstile>s0 \<midarrow>t\<succ>\<midarrow>n\<rightarrow> (v, s1)" |
338 apply (simp (no_asm_use) add: type_ok_def,fast)(* hazard *) |
404 assume P: "P Y s0 Z" |
339 apply force (* Abrupt *) |
405 show "Q v s1 Z \<and> s1\<Colon>\<preceq>(G, L)" |
340 |
406 proof - |
341 prefer 28 apply (simp add: evaln_InsInitV) |
407 from valid_A conf wt da eval P con |
342 prefer 28 apply (simp add: evaln_InsInitE) |
408 have "Q v s1 Z" |
343 prefer 28 apply (simp add: evaln_Callee) |
409 apply (simp add: ax_valids2_def triple_valid2_def2) |
344 prefer 28 apply (simp add: evaln_FinA) |
410 apply (tactic "smp_tac 3 1") |
345 |
411 apply clarify |
346 (* 27 subgoals *) |
412 apply (tactic "smp_tac 1 1") |
347 apply (tactic {* sound_elim_tac 1 *}) |
413 apply (erule allE,erule allE, erule mp) |
348 apply (tactic {* ALLGOALS sound_elim_tac *})(* LVar, Lit, Super, Nil, Skip,Do *) |
414 apply (intro strip) |
349 apply (tactic {* ALLGOALS (asm_simp_tac (noAll_simpset() |
415 apply (tactic "smp_tac 3 1") |
350 delsimps [thm "all_empty"])) *}) (* Done *) |
416 apply (tactic "smp_tac 2 1") |
351 (* for FVar *) |
417 apply (tactic "smp_tac 1 1") |
352 apply (frule wf_ws_prog) |
418 by blast |
353 apply (frule ty_expr_is_type [THEN type_is_class, |
419 moreover have "s1\<Colon>\<preceq>(G, L)" |
354 THEN accfield_declC_is_class]) |
420 proof (cases "normal s0") |
355 apply (simp (no_asm_use), simp (no_asm_use), simp (no_asm_use)) |
421 case True |
356 apply (frule_tac [4] wt_init_comp_ty) (* for NewA*) |
422 from eval wt [OF True] da [OF True] conf wf |
357 apply (tactic "ALLGOALS sound_valid2_tac") |
423 show ?thesis |
358 apply (tactic "TRYALL sound_forw_hyp_tac") (* UnOp, Cast, Inst, Acc, Expr *) |
424 by (rule evaln_type_sound [elim_format]) simp |
359 apply (tactic {* TRYALL (EVERY'[dtac spec, TRY o EVERY'[rotate_tac ~1, |
425 next |
360 dtac spec], dtac conjunct2, smp_tac 1, |
426 case False |
361 TRY o dres_inst_tac [("P","P'")] (thm "subst_Bool_the_BoolI")]) *}) |
427 with eval have "s1=s0" |
362 apply (frule_tac [15] x = x1 in conforms_NormI) (* for Fin *) |
428 by auto |
363 |
429 with conf show ?thesis by simp |
364 (* 15 subgoals *) |
430 qed |
365 (* FVar *) |
431 ultimately show ?thesis .. |
366 apply (tactic "sound_forw_hyp_tac 1") |
432 qed |
367 apply (clarsimp simp add: fvar_def2 Let_def split add: split_if_asm) |
433 qed |
368 |
434 next |
369 (* AVar *) |
435 case (hazard A P Q t) |
370 (* |
436 show "G,A|\<Turnstile>\<Colon>{ {P \<and>. Not \<circ> type_ok G t} t\<succ> {Q} }" |
371 apply (drule spec, drule spec, erule impE, fast) |
437 by (simp add: ax_valids2_def triple_valid2_def2 type_ok_def) fast |
372 apply (simp) |
438 next |
373 apply (tactic "smp_tac 2 1") |
439 case (Abrupt A P t) |
374 apply (tactic "smp_tac 1 1") |
440 show "G,A|\<Turnstile>\<Colon>{ {P\<leftarrow>arbitrary3 t \<and>. Not \<circ> normal} t\<succ> {P} }" |
375 apply (erule impE) |
441 proof (rule validI) |
376 apply (rule impI) |
442 fix n s0 L accC T C v s1 Y Z |
377 apply (rule exI)+ |
443 assume conf_s0: "s0\<Colon>\<preceq>(G, L)" |
378 apply blast |
444 assume eval: "G\<turnstile>s0 \<midarrow>t\<succ>\<midarrow>n\<rightarrow> (v, s1)" |
379 apply (clarsimp simp add: avar_def2) |
445 assume "(P\<leftarrow>arbitrary3 t \<and>. Not \<circ> normal) Y s0 Z" |
380 *) |
446 then obtain P: "P (arbitrary3 t) s0 Z" and abrupt_s0: "\<not> normal s0" |
381 apply (tactic "sound_forw_hyp_tac 1") |
447 by simp |
382 apply (clarsimp simp add: avar_def2) |
448 from eval abrupt_s0 obtain "s1=s0" and "v=arbitrary3 t" |
383 |
449 by auto |
384 (* NewC *) |
450 with P conf_s0 |
385 apply (clarsimp simp add: is_acc_class_def) |
451 show "P v s1 Z \<and> s1\<Colon>\<preceq>(G, L)" |
386 apply (erule (1) halloc_conforms, simp, simp) |
452 by simp |
387 |
453 qed |
388 (* NewA *) |
454 next |
389 apply (tactic "sound_forw_hyp_tac 1") |
455 case (LVar A P vn) |
390 apply (rule conjI,blast) |
456 show "G,A|\<Turnstile>\<Colon>{ {Normal (\<lambda>s.. P\<leftarrow>In2 (lvar vn s))} LVar vn=\<succ> {P} }" |
391 apply (erule (1) halloc_conforms, simp, simp, simp add: is_acc_type_def) |
457 proof (rule valid_var_NormalI) |
392 |
458 fix n s0 L accC T C vf s1 Y Z |
393 (* BinOp *) |
459 assume conf_s0: "s0\<Colon>\<preceq>(G, L)" |
394 apply (tactic "sound_forw_hyp_tac 1") |
460 assume normal_s0: "normal s0" |
395 apply (case_tac "need_second_arg binop v1") |
461 assume wt: "\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>LVar vn\<Colon>=T" |
396 apply fastsimp |
462 assume da: "\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile> dom (locals (store s0)) \<guillemotright>\<langle>LVar vn\<rangle>\<^sub>v\<guillemotright> C" |
397 apply simp |
463 assume eval: "G\<turnstile>s0 \<midarrow>LVar vn=\<succ>vf\<midarrow>n\<rightarrow> s1" |
398 |
464 assume P: "(Normal (\<lambda>s.. P\<leftarrow>In2 (lvar vn s))) Y s0 Z" |
399 (* Ass *) |
465 show "P (In2 vf) s1 Z \<and> s1\<Colon>\<preceq>(G, L)" |
400 apply (tactic "sound_forw_hyp_tac 1") |
466 proof |
401 apply (case_tac "aa") |
467 from eval normal_s0 obtain "s1=s0" "vf=lvar vn (store s0)" |
402 prefer 2 |
468 by (fastsimp elim: evaln_elim_cases) |
403 apply clarsimp |
469 with P show "P (In2 vf) s1 Z" |
404 apply (drule (3) evaln_type_sound) |
470 by simp |
405 apply (drule (3) evaln_eval) |
471 next |
406 apply (frule (3) eval_type_sound) |
472 from eval wt da conf_s0 wf |
407 apply clarsimp |
473 show "s1\<Colon>\<preceq>(G, L)" |
408 apply (frule wf_ws_prog) |
474 by (rule evaln_type_sound [elim_format]) simp |
409 apply (drule (2) conf_widen) |
475 qed |
410 apply (drule_tac "s1.0" = b in eval_gext') |
476 qed |
411 apply (clarsimp simp add: assign_conforms_def) |
477 next |
412 |
478 case (FVar A statDeclC P Q R accC e fn stat) |
413 |
479 have valid_init: "G,A|\<Turnstile>\<Colon>{ {Normal P} .Init statDeclC. {Q} }" . |
414 (* Cond *) |
480 have valid_e: "G,A|\<Turnstile>\<Colon>{ {Q} e-\<succ> {\<lambda>Val:a:. fvar statDeclC stat fn a ..; R} }" . |
415 apply (tactic "smp_tac 3 1") apply (tactic "smp_tac 2 1") |
481 show "G,A|\<Turnstile>\<Colon>{ {Normal P} {accC,statDeclC,stat}e..fn=\<succ> {R} }" |
416 apply (tactic "smp_tac 1 1") apply (erule impE) |
482 proof (rule valid_var_NormalI) |
417 apply (rule impI,rule exI) |
483 fix n s0 L accC' T V vf s3 Y Z |
418 apply (rule_tac x = "if the_Bool b then T1 else T2" in exI) |
484 assume valid_A: "\<forall>t\<in>A. G\<Turnstile>n\<Colon>t" |
419 apply (force split add: split_if) |
485 assume conf_s0: "s0\<Colon>\<preceq>(G,L)" |
420 apply assumption |
486 assume normal_s0: "normal s0" |
421 |
487 assume wt: "\<lparr>prg=G,cls=accC',lcl=L\<rparr>\<turnstile>{accC,statDeclC,stat}e..fn\<Colon>=T" |
422 (* Body *) |
488 assume da: "\<lparr>prg=G,cls=accC',lcl=L\<rparr> |
423 apply (tactic "sound_forw_hyp_tac 1") |
489 \<turnstile> dom (locals (store s0)) \<guillemotright>\<langle>{accC,statDeclC,stat}e..fn\<rangle>\<^sub>v\<guillemotright> V" |
424 apply (rule conforms_absorb,assumption) |
490 assume eval: "G\<turnstile>s0 \<midarrow>{accC,statDeclC,stat}e..fn=\<succ>vf\<midarrow>n\<rightarrow> s3" |
425 |
491 assume P: "(Normal P) Y s0 Z" |
426 (* Lab *) |
492 show "R \<lfloor>vf\<rfloor>\<^sub>v s3 Z \<and> s3\<Colon>\<preceq>(G, L)" |
427 apply (tactic "sound_forw_hyp_tac 1") |
493 proof - |
428 apply (rule conforms_absorb,assumption) |
494 from wt obtain statC f where |
429 |
495 wt_e: "\<lparr>prg=G, cls=accC, lcl=L\<rparr>\<turnstile>e\<Colon>-Class statC" and |
430 (* If *) |
496 accfield: "accfield G accC statC fn = Some (statDeclC,f)" and |
431 apply (tactic "sound_forw_hyp_tac 1") |
497 eq_accC: "accC=accC'" and |
432 apply (tactic "sound_forw_hyp_tac 1") |
498 stat: "stat=is_static f" and |
433 apply (force split add: split_if) |
499 T: "T=(type f)" |
434 |
500 by (cases) (auto simp add: member_is_static_simp) |
435 (* Throw *) |
501 from da eq_accC |
436 apply (drule (3) evaln_type_sound) |
502 have da_e: "\<lparr>prg=G, cls=accC, lcl=L\<rparr>\<turnstile>dom (locals (store s0))\<guillemotright>\<langle>e\<rangle>\<^sub>e\<guillemotright> V" |
437 apply clarsimp |
503 by cases simp |
438 apply (drule (3) Throw_lemma) |
504 from eval obtain a s1 s2 s2' where |
439 apply clarsimp |
505 eval_init: "G\<turnstile>s0 \<midarrow>Init statDeclC\<midarrow>n\<rightarrow> s1" and |
440 |
506 eval_e: "G\<turnstile>s1 \<midarrow>e-\<succ>a\<midarrow>n\<rightarrow> s2" and |
441 (* Try *) |
507 fvar: "(vf,s2')=fvar statDeclC stat fn a s2" and |
442 apply (frule (1) sxalloc_type_sound) |
508 s3: "s3 = check_field_access G accC statDeclC fn stat a s2'" |
443 apply (erule sxalloc_elim_cases2) |
509 using normal_s0 by (fastsimp elim: evaln_elim_cases) |
444 apply (tactic "smp_tac 3 1") |
510 have wt_init: "\<lparr>prg=G, cls=accC, lcl=L\<rparr>\<turnstile>(Init statDeclC)\<Colon>\<surd>" |
445 apply (clarsimp split add: option.split_asm) |
511 proof - |
446 apply (clarsimp split add: option.split_asm) |
512 from wf wt_e |
447 apply (tactic "smp_tac 1 1") |
513 have iscls_statC: "is_class G statC" |
448 apply (simp only: split add: split_if_asm) |
514 by (auto dest: ty_expr_is_type type_is_class) |
449 prefer 2 |
515 with wf accfield |
450 apply (tactic "smp_tac 3 1", erule_tac V = "All ?P" in thin_rl, clarsimp) |
516 have iscls_statDeclC: "is_class G statDeclC" |
451 apply (drule spec, erule_tac V = "All ?P" in thin_rl, drule spec, drule spec, |
517 by (auto dest!: accfield_fields dest: fields_declC) |
452 erule impE, force) |
518 thus ?thesis by simp |
453 apply (frule (2) Try_lemma) |
519 qed |
454 apply clarsimp |
520 obtain I where |
455 apply (fast elim!: conforms_deallocL) |
521 da_init: "\<lparr>prg=G,cls=accC,lcl=L\<rparr> |
456 |
522 \<turnstile> dom (locals (store s0)) \<guillemotright>\<langle>Init statDeclC\<rangle>\<^sub>s\<guillemotright> I" |
457 (* Fin *) |
523 by (auto intro: da_Init [simplified] assigned.select_convs) |
458 apply (tactic "sound_forw_hyp_tac 1") |
524 from valid_init P valid_A conf_s0 eval_init wt_init da_init |
459 apply (case_tac "x1", force) |
525 obtain Q: "Q \<diamondsuit> s1 Z" and conf_s1: "s1\<Colon>\<preceq>(G, L)" |
460 apply clarsimp |
526 by (rule validE) |
461 apply (drule (3) evaln_eval, drule (4) Fin_lemma) |
527 obtain |
462 done |
528 R: "R \<lfloor>vf\<rfloor>\<^sub>v s2' Z" and |
463 |
529 conf_s2: "s2\<Colon>\<preceq>(G, L)" and |
464 |
530 conf_a: "normal s2 \<longrightarrow> G,store s2\<turnstile>a\<Colon>\<preceq>Class statC" |
465 |
531 proof (cases "normal s1") |
466 declare subst_Bool_def2 [simp] |
532 case True |
467 |
533 obtain V' where |
|
534 da_e': |
|
535 "\<lparr>prg=G,cls=accC,lcl=L\<rparr> \<turnstile>dom (locals (store s1))\<guillemotright>\<langle>e\<rangle>\<^sub>e\<guillemotright> V'" |
|
536 proof - |
|
537 from eval_init |
|
538 have "(dom (locals (store s0))) \<subseteq> (dom (locals (store s1)))" |
|
539 by (rule dom_locals_evaln_mono_elim) |
|
540 with da_e show ?thesis |
|
541 by (rule da_weakenE) |
|
542 qed |
|
543 with valid_e Q valid_A conf_s1 eval_e wt_e |
|
544 obtain "R \<lfloor>vf\<rfloor>\<^sub>v s2' Z" and "s2\<Colon>\<preceq>(G, L)" |
|
545 by (rule validE) (simp add: fvar [symmetric]) |
|
546 moreover |
|
547 from eval_e wt_e da_e' conf_s1 wf |
|
548 have "normal s2 \<longrightarrow> G,store s2\<turnstile>a\<Colon>\<preceq>Class statC" |
|
549 by (rule evaln_type_sound [elim_format]) simp |
|
550 ultimately show ?thesis .. |
|
551 next |
|
552 case False |
|
553 with valid_e Q valid_A conf_s1 eval_e |
|
554 obtain "R \<lfloor>vf\<rfloor>\<^sub>v s2' Z" and "s2\<Colon>\<preceq>(G, L)" |
|
555 by (cases rule: validE) (simp add: fvar [symmetric])+ |
|
556 moreover from False eval_e have "\<not> normal s2" |
|
557 by auto |
|
558 hence "normal s2 \<longrightarrow> G,store s2\<turnstile>a\<Colon>\<preceq>Class statC" |
|
559 by auto |
|
560 ultimately show ?thesis .. |
|
561 qed |
|
562 from accfield wt_e eval_init eval_e conf_s2 conf_a fvar stat s3 wf |
|
563 have eq_s3_s2': "s3=s2'" |
|
564 using normal_s0 by (auto dest!: error_free_field_access evaln_eval) |
|
565 moreover |
|
566 from eval wt da conf_s0 wf |
|
567 have "s3\<Colon>\<preceq>(G, L)" |
|
568 by (rule evaln_type_sound [elim_format]) simp |
|
569 ultimately show ?thesis using Q by simp |
|
570 qed |
|
571 qed |
|
572 next |
|
573 case (AVar A P Q R e1 e2) |
|
574 have valid_e1: "G,A|\<Turnstile>\<Colon>{ {Normal P} e1-\<succ> {Q} }" . |
|
575 have valid_e2: "\<And> a. G,A|\<Turnstile>\<Colon>{ {Q\<leftarrow>In1 a} e2-\<succ> {\<lambda>Val:i:. avar G i a ..; R} }" |
|
576 using AVar.hyps by simp |
|
577 show "G,A|\<Turnstile>\<Colon>{ {Normal P} e1.[e2]=\<succ> {R} }" |
|
578 proof (rule valid_var_NormalI) |
|
579 fix n s0 L accC T V vf s2' Y Z |
|
580 assume valid_A: "\<forall>t\<in>A. G\<Turnstile>n\<Colon>t" |
|
581 assume conf_s0: "s0\<Colon>\<preceq>(G,L)" |
|
582 assume normal_s0: "normal s0" |
|
583 assume wt: "\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile>e1.[e2]\<Colon>=T" |
|
584 assume da: "\<lparr>prg=G,cls=accC,lcl=L\<rparr> |
|
585 \<turnstile> dom (locals (store s0)) \<guillemotright>\<langle>e1.[e2]\<rangle>\<^sub>v\<guillemotright> V" |
|
586 assume eval: "G\<turnstile>s0 \<midarrow>e1.[e2]=\<succ>vf\<midarrow>n\<rightarrow> s2'" |
|
587 assume P: "(Normal P) Y s0 Z" |
|
588 show "R \<lfloor>vf\<rfloor>\<^sub>v s2' Z \<and> s2'\<Colon>\<preceq>(G, L)" |
|
589 proof - |
|
590 from wt obtain |
|
591 wt_e1: "\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile>e1\<Colon>-T.[]" and |
|
592 wt_e2: "\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile>e2\<Colon>-PrimT Integer" |
|
593 by (rule wt_elim_cases) simp |
|
594 from da obtain E1 where |
|
595 da_e1: "\<lparr>prg=G,cls=accC,lcl=L\<rparr> \<turnstile>dom (locals (store s0))\<guillemotright>\<langle>e1\<rangle>\<^sub>e\<guillemotright> E1" and |
|
596 da_e2: "\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile> nrm E1 \<guillemotright>\<langle>e2\<rangle>\<^sub>e\<guillemotright> V" |
|
597 by (rule da_elim_cases) simp |
|
598 from eval obtain s1 a i s2 where |
|
599 eval_e1: "G\<turnstile>s0 \<midarrow>e1-\<succ>a\<midarrow>n\<rightarrow> s1" and |
|
600 eval_e2: "G\<turnstile>s1 \<midarrow>e2-\<succ>i\<midarrow>n\<rightarrow> s2" and |
|
601 avar: "avar G i a s2 =(vf, s2')" |
|
602 using normal_s0 by (fastsimp elim: evaln_elim_cases) |
|
603 from valid_e1 P valid_A conf_s0 eval_e1 wt_e1 da_e1 |
|
604 obtain Q: "Q \<lfloor>a\<rfloor>\<^sub>e s1 Z" and conf_s1: "s1\<Colon>\<preceq>(G, L)" |
|
605 by (rule validE) |
|
606 from Q have Q': "\<And> v. (Q\<leftarrow>In1 a) v s1 Z" |
|
607 by simp |
|
608 have "R \<lfloor>vf\<rfloor>\<^sub>v s2' Z" |
|
609 proof (cases "normal s1") |
|
610 case True |
|
611 obtain V' where |
|
612 "\<lparr>prg=G,cls=accC,lcl=L\<rparr> \<turnstile>dom (locals (store s1))\<guillemotright>\<langle>e2\<rangle>\<^sub>e\<guillemotright> V'" |
|
613 proof - |
|
614 from eval_e1 wt_e1 da_e1 wf True |
|
615 have "nrm E1 \<subseteq> dom (locals (store s1))" |
|
616 by (cases rule: da_good_approx_evalnE) rules |
|
617 with da_e2 show ?thesis |
|
618 by (rule da_weakenE) |
|
619 qed |
|
620 with valid_e2 Q' valid_A conf_s1 eval_e2 wt_e2 |
|
621 show ?thesis |
|
622 by (rule validE) (simp add: avar) |
|
623 next |
|
624 case False |
|
625 with valid_e2 Q' valid_A conf_s1 eval_e2 |
|
626 show ?thesis |
|
627 by (cases rule: validE) (simp add: avar)+ |
|
628 qed |
|
629 moreover |
|
630 from eval wt da conf_s0 wf |
|
631 have "s2'\<Colon>\<preceq>(G, L)" |
|
632 by (rule evaln_type_sound [elim_format]) simp |
|
633 ultimately show ?thesis .. |
|
634 qed |
|
635 qed |
|
636 next |
|
637 case (NewC A C P Q) |
|
638 have valid_init: "G,A|\<Turnstile>\<Colon>{ {Normal P} .Init C. {Alloc G (CInst C) Q} }". |
|
639 show "G,A|\<Turnstile>\<Colon>{ {Normal P} NewC C-\<succ> {Q} }" |
|
640 proof (rule valid_expr_NormalI) |
|
641 fix n s0 L accC T E v s2 Y Z |
|
642 assume valid_A: "\<forall>t\<in>A. G\<Turnstile>n\<Colon>t" |
|
643 assume conf_s0: "s0\<Colon>\<preceq>(G,L)" |
|
644 assume normal_s0: "normal s0" |
|
645 assume wt: "\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile>NewC C\<Colon>-T" |
|
646 assume da: "\<lparr>prg=G,cls=accC,lcl=L\<rparr> |
|
647 \<turnstile> dom (locals (store s0)) \<guillemotright>\<langle>NewC C\<rangle>\<^sub>e\<guillemotright> E" |
|
648 assume eval: "G\<turnstile>s0 \<midarrow>NewC C-\<succ>v\<midarrow>n\<rightarrow> s2" |
|
649 assume P: "(Normal P) Y s0 Z" |
|
650 show "Q \<lfloor>v\<rfloor>\<^sub>e s2 Z \<and> s2\<Colon>\<preceq>(G, L)" |
|
651 proof - |
|
652 from wt obtain is_cls_C: "is_class G C" |
|
653 by (rule wt_elim_cases) (auto dest: is_acc_classD) |
|
654 hence wt_init: "\<lparr>prg=G, cls=accC, lcl=L\<rparr>\<turnstile>Init C\<Colon>\<surd>" |
|
655 by auto |
|
656 obtain I where |
|
657 da_init: "\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile> dom (locals (store s0)) \<guillemotright>\<langle>Init C\<rangle>\<^sub>s\<guillemotright> I" |
|
658 by (auto intro: da_Init [simplified] assigned.select_convs) |
|
659 from eval obtain s1 a where |
|
660 eval_init: "G\<turnstile>s0 \<midarrow>Init C\<midarrow>n\<rightarrow> s1" and |
|
661 alloc: "G\<turnstile>s1 \<midarrow>halloc CInst C\<succ>a\<rightarrow> s2" and |
|
662 v: "v=Addr a" |
|
663 using normal_s0 by (fastsimp elim: evaln_elim_cases) |
|
664 from valid_init P valid_A conf_s0 eval_init wt_init da_init |
|
665 obtain "(Alloc G (CInst C) Q) \<diamondsuit> s1 Z" |
|
666 by (rule validE) |
|
667 with alloc v have "Q \<lfloor>v\<rfloor>\<^sub>e s2 Z" |
|
668 by simp |
|
669 moreover |
|
670 from eval wt da conf_s0 wf |
|
671 have "s2\<Colon>\<preceq>(G, L)" |
|
672 by (rule evaln_type_sound [elim_format]) simp |
|
673 ultimately show ?thesis .. |
|
674 qed |
|
675 qed |
|
676 next |
|
677 case (NewA A P Q R T e) |
|
678 have valid_init: "G,A|\<Turnstile>\<Colon>{ {Normal P} .init_comp_ty T. {Q} }" . |
|
679 have valid_e: "G,A|\<Turnstile>\<Colon>{ {Q} e-\<succ> {\<lambda>Val:i:. abupd (check_neg i) .; |
|
680 Alloc G (Arr T (the_Intg i)) R}}" . |
|
681 show "G,A|\<Turnstile>\<Colon>{ {Normal P} New T[e]-\<succ> {R} }" |
|
682 proof (rule valid_expr_NormalI) |
|
683 fix n s0 L accC arrT E v s3 Y Z |
|
684 assume valid_A: "\<forall>t\<in>A. G\<Turnstile>n\<Colon>t" |
|
685 assume conf_s0: "s0\<Colon>\<preceq>(G,L)" |
|
686 assume normal_s0: "normal s0" |
|
687 assume wt: "\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile>New T[e]\<Colon>-arrT" |
|
688 assume da: "\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile>dom (locals (store s0)) \<guillemotright>\<langle>New T[e]\<rangle>\<^sub>e\<guillemotright> E" |
|
689 assume eval: "G\<turnstile>s0 \<midarrow>New T[e]-\<succ>v\<midarrow>n\<rightarrow> s3" |
|
690 assume P: "(Normal P) Y s0 Z" |
|
691 show "R \<lfloor>v\<rfloor>\<^sub>e s3 Z \<and> s3\<Colon>\<preceq>(G, L)" |
|
692 proof - |
|
693 from wt obtain |
|
694 wt_init: "\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile>init_comp_ty T\<Colon>\<surd>" and |
|
695 wt_e: "\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile>e\<Colon>-PrimT Integer" |
|
696 by (rule wt_elim_cases) (auto intro: wt_init_comp_ty ) |
|
697 from da obtain |
|
698 da_e:"\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile> dom (locals (store s0)) \<guillemotright>\<langle>e\<rangle>\<^sub>e\<guillemotright> E" |
|
699 by cases simp |
|
700 from eval obtain s1 i s2 a where |
|
701 eval_init: "G\<turnstile>s0 \<midarrow>init_comp_ty T\<midarrow>n\<rightarrow> s1" and |
|
702 eval_e: "G\<turnstile>s1 \<midarrow>e-\<succ>i\<midarrow>n\<rightarrow> s2" and |
|
703 alloc: "G\<turnstile>abupd (check_neg i) s2 \<midarrow>halloc Arr T (the_Intg i)\<succ>a\<rightarrow> s3" and |
|
704 v: "v=Addr a" |
|
705 using normal_s0 by (fastsimp elim: evaln_elim_cases) |
|
706 obtain I where |
|
707 da_init: |
|
708 "\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile>dom (locals (store s0)) \<guillemotright>\<langle>init_comp_ty T\<rangle>\<^sub>s\<guillemotright> I" |
|
709 proof (cases "\<exists>C. T = Class C") |
|
710 case True |
|
711 thus ?thesis |
|
712 by - (rule that, (auto intro: da_Init [simplified] |
|
713 assigned.select_convs |
|
714 simp add: init_comp_ty_def)) |
|
715 (* simplified: to rewrite \<langle>Init C\<rangle> to In1r (Init C) *) |
|
716 next |
|
717 case False |
|
718 thus ?thesis |
|
719 by - (rule that, (auto intro: da_Skip [simplified] |
|
720 assigned.select_convs |
|
721 simp add: init_comp_ty_def)) |
|
722 (* simplified: to rewrite \<langle>Skip\<rangle> to In1r (Skip) *) |
|
723 qed |
|
724 with valid_init P valid_A conf_s0 eval_init wt_init |
|
725 obtain Q: "Q \<diamondsuit> s1 Z" and conf_s1: "s1\<Colon>\<preceq>(G, L)" |
|
726 by (rule validE) |
|
727 obtain E' where |
|
728 "\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile> dom (locals (store s1)) \<guillemotright>\<langle>e\<rangle>\<^sub>e\<guillemotright> E'" |
|
729 proof - |
|
730 from eval_init |
|
731 have "dom (locals (store s0)) \<subseteq> dom (locals (store s1))" |
|
732 by (rule dom_locals_evaln_mono_elim) |
|
733 with da_e show ?thesis |
|
734 by (rule da_weakenE) |
|
735 qed |
|
736 with valid_e Q valid_A conf_s1 eval_e wt_e |
|
737 have "(\<lambda>Val:i:. abupd (check_neg i) .; |
|
738 Alloc G (Arr T (the_Intg i)) R) \<lfloor>i\<rfloor>\<^sub>e s2 Z" |
|
739 by (rule validE) |
|
740 with alloc v have "R \<lfloor>v\<rfloor>\<^sub>e s3 Z" |
|
741 by simp |
|
742 moreover |
|
743 from eval wt da conf_s0 wf |
|
744 have "s3\<Colon>\<preceq>(G, L)" |
|
745 by (rule evaln_type_sound [elim_format]) simp |
|
746 ultimately show ?thesis .. |
|
747 qed |
|
748 qed |
|
749 next |
|
750 case (Cast A P Q T e) |
|
751 have valid_e: "G,A|\<Turnstile>\<Colon>{ {Normal P} e-\<succ> |
|
752 {\<lambda>Val:v:. \<lambda>s.. abupd (raise_if (\<not> G,s\<turnstile>v fits T) ClassCast) .; |
|
753 Q\<leftarrow>In1 v} }" . |
|
754 show "G,A|\<Turnstile>\<Colon>{ {Normal P} Cast T e-\<succ> {Q} }" |
|
755 proof (rule valid_expr_NormalI) |
|
756 fix n s0 L accC castT E v s2 Y Z |
|
757 assume valid_A: "\<forall>t\<in>A. G\<Turnstile>n\<Colon>t" |
|
758 assume conf_s0: "s0\<Colon>\<preceq>(G,L)" |
|
759 assume normal_s0: "normal s0" |
|
760 assume wt: "\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile>Cast T e\<Colon>-castT" |
|
761 assume da: "\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile>dom (locals (store s0)) \<guillemotright>\<langle>Cast T e\<rangle>\<^sub>e\<guillemotright> E" |
|
762 assume eval: "G\<turnstile>s0 \<midarrow>Cast T e-\<succ>v\<midarrow>n\<rightarrow> s2" |
|
763 assume P: "(Normal P) Y s0 Z" |
|
764 show "Q \<lfloor>v\<rfloor>\<^sub>e s2 Z \<and> s2\<Colon>\<preceq>(G, L)" |
|
765 proof - |
|
766 from wt obtain eT where |
|
767 wt_e: "\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>e\<Colon>-eT" |
|
768 by cases simp |
|
769 from da obtain |
|
770 da_e: "\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile> dom (locals (store s0)) \<guillemotright>\<langle>e\<rangle>\<^sub>e\<guillemotright> E" |
|
771 by cases simp |
|
772 from eval obtain s1 where |
|
773 eval_e: "G\<turnstile>s0 \<midarrow>e-\<succ>v\<midarrow>n\<rightarrow> s1" and |
|
774 s2: "s2 = abupd (raise_if (\<not> G,snd s1\<turnstile>v fits T) ClassCast) s1" |
|
775 using normal_s0 by (fastsimp elim: evaln_elim_cases) |
|
776 from valid_e P valid_A conf_s0 eval_e wt_e da_e |
|
777 have "(\<lambda>Val:v:. \<lambda>s.. abupd (raise_if (\<not> G,s\<turnstile>v fits T) ClassCast) .; |
|
778 Q\<leftarrow>In1 v) \<lfloor>v\<rfloor>\<^sub>e s1 Z" |
|
779 by (rule validE) |
|
780 with s2 have "Q \<lfloor>v\<rfloor>\<^sub>e s2 Z" |
|
781 by simp |
|
782 moreover |
|
783 from eval wt da conf_s0 wf |
|
784 have "s2\<Colon>\<preceq>(G, L)" |
|
785 by (rule evaln_type_sound [elim_format]) simp |
|
786 ultimately show ?thesis .. |
|
787 qed |
|
788 qed |
|
789 next |
|
790 case (Inst A P Q T e) |
|
791 assume valid_e: "G,A|\<Turnstile>\<Colon>{ {Normal P} e-\<succ> |
|
792 {\<lambda>Val:v:. \<lambda>s.. Q\<leftarrow>In1 (Bool (v \<noteq> Null \<and> G,s\<turnstile>v fits RefT T))} }" |
|
793 show "G,A|\<Turnstile>\<Colon>{ {Normal P} e InstOf T-\<succ> {Q} }" |
|
794 proof (rule valid_expr_NormalI) |
|
795 fix n s0 L accC instT E v s1 Y Z |
|
796 assume valid_A: "\<forall>t\<in>A. G\<Turnstile>n\<Colon>t" |
|
797 assume conf_s0: "s0\<Colon>\<preceq>(G,L)" |
|
798 assume normal_s0: "normal s0" |
|
799 assume wt: "\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile>e InstOf T\<Colon>-instT" |
|
800 assume da: "\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile>dom (locals (store s0))\<guillemotright>\<langle>e InstOf T\<rangle>\<^sub>e\<guillemotright> E" |
|
801 assume eval: "G\<turnstile>s0 \<midarrow>e InstOf T-\<succ>v\<midarrow>n\<rightarrow> s1" |
|
802 assume P: "(Normal P) Y s0 Z" |
|
803 show "Q \<lfloor>v\<rfloor>\<^sub>e s1 Z \<and> s1\<Colon>\<preceq>(G, L)" |
|
804 proof - |
|
805 from wt obtain eT where |
|
806 wt_e: "\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>e\<Colon>-eT" |
|
807 by cases simp |
|
808 from da obtain |
|
809 da_e: "\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile> dom (locals (store s0)) \<guillemotright>\<langle>e\<rangle>\<^sub>e\<guillemotright> E" |
|
810 by cases simp |
|
811 from eval obtain a where |
|
812 eval_e: "G\<turnstile>s0 \<midarrow>e-\<succ>a\<midarrow>n\<rightarrow> s1" and |
|
813 v: "v = Bool (a \<noteq> Null \<and> G,store s1\<turnstile>a fits RefT T)" |
|
814 using normal_s0 by (fastsimp elim: evaln_elim_cases) |
|
815 from valid_e P valid_A conf_s0 eval_e wt_e da_e |
|
816 have "(\<lambda>Val:v:. \<lambda>s.. Q\<leftarrow>In1 (Bool (v \<noteq> Null \<and> G,s\<turnstile>v fits RefT T))) |
|
817 \<lfloor>a\<rfloor>\<^sub>e s1 Z" |
|
818 by (rule validE) |
|
819 with v have "Q \<lfloor>v\<rfloor>\<^sub>e s1 Z" |
|
820 by simp |
|
821 moreover |
|
822 from eval wt da conf_s0 wf |
|
823 have "s1\<Colon>\<preceq>(G, L)" |
|
824 by (rule evaln_type_sound [elim_format]) simp |
|
825 ultimately show ?thesis .. |
|
826 qed |
|
827 qed |
|
828 next |
|
829 case (Lit A P v) |
|
830 show "G,A|\<Turnstile>\<Colon>{ {Normal (P\<leftarrow>In1 v)} Lit v-\<succ> {P} }" |
|
831 proof (rule valid_expr_NormalI) |
|
832 fix n L s0 s1 v' Y Z |
|
833 assume conf_s0: "s0\<Colon>\<preceq>(G, L)" |
|
834 assume normal_s0: " normal s0" |
|
835 assume eval: "G\<turnstile>s0 \<midarrow>Lit v-\<succ>v'\<midarrow>n\<rightarrow> s1" |
|
836 assume P: "(Normal (P\<leftarrow>In1 v)) Y s0 Z" |
|
837 show "P \<lfloor>v'\<rfloor>\<^sub>e s1 Z \<and> s1\<Colon>\<preceq>(G, L)" |
|
838 proof - |
|
839 from eval have "s1=s0" and "v'=v" |
|
840 using normal_s0 by (auto elim: evaln_elim_cases) |
|
841 with P conf_s0 show ?thesis by simp |
|
842 qed |
|
843 qed |
|
844 next |
|
845 case (UnOp A P Q e unop) |
|
846 assume valid_e: "G,A|\<Turnstile>\<Colon>{ {Normal P}e-\<succ>{\<lambda>Val:v:. Q\<leftarrow>In1 (eval_unop unop v)} }" |
|
847 show "G,A|\<Turnstile>\<Colon>{ {Normal P} UnOp unop e-\<succ> {Q} }" |
|
848 proof (rule valid_expr_NormalI) |
|
849 fix n s0 L accC T E v s1 Y Z |
|
850 assume valid_A: "\<forall>t\<in>A. G\<Turnstile>n\<Colon>t" |
|
851 assume conf_s0: "s0\<Colon>\<preceq>(G,L)" |
|
852 assume normal_s0: "normal s0" |
|
853 assume wt: "\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile>UnOp unop e\<Colon>-T" |
|
854 assume da: "\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile>dom (locals (store s0))\<guillemotright>\<langle>UnOp unop e\<rangle>\<^sub>e\<guillemotright>E" |
|
855 assume eval: "G\<turnstile>s0 \<midarrow>UnOp unop e-\<succ>v\<midarrow>n\<rightarrow> s1" |
|
856 assume P: "(Normal P) Y s0 Z" |
|
857 show "Q \<lfloor>v\<rfloor>\<^sub>e s1 Z \<and> s1\<Colon>\<preceq>(G, L)" |
|
858 proof - |
|
859 from wt obtain eT where |
|
860 wt_e: "\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>e\<Colon>-eT" |
|
861 by cases simp |
|
862 from da obtain |
|
863 da_e: "\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile> dom (locals (store s0)) \<guillemotright>\<langle>e\<rangle>\<^sub>e\<guillemotright> E" |
|
864 by cases simp |
|
865 from eval obtain ve where |
|
866 eval_e: "G\<turnstile>s0 \<midarrow>e-\<succ>ve\<midarrow>n\<rightarrow> s1" and |
|
867 v: "v = eval_unop unop ve" |
|
868 using normal_s0 by (fastsimp elim: evaln_elim_cases) |
|
869 from valid_e P valid_A conf_s0 eval_e wt_e da_e |
|
870 have "(\<lambda>Val:v:. Q\<leftarrow>In1 (eval_unop unop v)) \<lfloor>ve\<rfloor>\<^sub>e s1 Z" |
|
871 by (rule validE) |
|
872 with v have "Q \<lfloor>v\<rfloor>\<^sub>e s1 Z" |
|
873 by simp |
|
874 moreover |
|
875 from eval wt da conf_s0 wf |
|
876 have "s1\<Colon>\<preceq>(G, L)" |
|
877 by (rule evaln_type_sound [elim_format]) simp |
|
878 ultimately show ?thesis .. |
|
879 qed |
|
880 qed |
|
881 next |
|
882 case (BinOp A P Q R binop e1 e2) |
|
883 assume valid_e1: "G,A|\<Turnstile>\<Colon>{ {Normal P} e1-\<succ> {Q} }" |
|
884 have valid_e2: "\<And> v1. G,A|\<Turnstile>\<Colon>{ {Q\<leftarrow>In1 v1} |
|
885 (if need_second_arg binop v1 then In1l e2 else In1r Skip)\<succ> |
|
886 {\<lambda>Val:v2:. R\<leftarrow>In1 (eval_binop binop v1 v2)} }" |
|
887 using BinOp.hyps by simp |
|
888 show "G,A|\<Turnstile>\<Colon>{ {Normal P} BinOp binop e1 e2-\<succ> {R} }" |
|
889 proof (rule valid_expr_NormalI) |
|
890 fix n s0 L accC T E v s2 Y Z |
|
891 assume valid_A: "\<forall>t\<in>A. G\<Turnstile>n\<Colon>t" |
|
892 assume conf_s0: "s0\<Colon>\<preceq>(G,L)" |
|
893 assume normal_s0: "normal s0" |
|
894 assume wt: "\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile>BinOp binop e1 e2\<Colon>-T" |
|
895 assume da: "\<lparr>prg=G,cls=accC,lcl=L\<rparr> |
|
896 \<turnstile>dom (locals (store s0)) \<guillemotright>\<langle>BinOp binop e1 e2\<rangle>\<^sub>e\<guillemotright> E" |
|
897 assume eval: "G\<turnstile>s0 \<midarrow>BinOp binop e1 e2-\<succ>v\<midarrow>n\<rightarrow> s2" |
|
898 assume P: "(Normal P) Y s0 Z" |
|
899 show "R \<lfloor>v\<rfloor>\<^sub>e s2 Z \<and> s2\<Colon>\<preceq>(G, L)" |
|
900 proof - |
|
901 from wt obtain e1T e2T where |
|
902 wt_e1: "\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile>e1\<Colon>-e1T" and |
|
903 wt_e2: "\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile>e2\<Colon>-e2T" and |
|
904 wt_binop: "wt_binop G binop e1T e2T" |
|
905 by cases simp |
|
906 have wt_Skip: "\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>Skip\<Colon>\<surd>" |
|
907 by simp |
|
908 (* |
|
909 obtain S where |
|
910 daSkip: "\<lparr>prg=G,cls=accC,lcl=L\<rparr> |
|
911 \<turnstile> dom (locals (store s1)) \<guillemotright>In1r Skip\<guillemotright> S" |
|
912 by (auto intro: da_Skip [simplified] assigned.select_convs) *) |
|
913 from da obtain E1 where |
|
914 da_e1: "\<lparr>prg=G,cls=accC,lcl=L\<rparr> \<turnstile> dom (locals (store s0)) \<guillemotright>\<langle>e1\<rangle>\<^sub>e\<guillemotright> E1" |
|
915 by cases simp+ |
|
916 from eval obtain v1 s1 v2 where |
|
917 eval_e1: "G\<turnstile>s0 \<midarrow>e1-\<succ>v1\<midarrow>n\<rightarrow> s1" and |
|
918 eval_e2: "G\<turnstile>s1 \<midarrow>(if need_second_arg binop v1 then \<langle>e2\<rangle>\<^sub>e else \<langle>Skip\<rangle>\<^sub>s) |
|
919 \<succ>\<midarrow>n\<rightarrow> (\<lfloor>v2\<rfloor>\<^sub>e, s2)" and |
|
920 v: "v=eval_binop binop v1 v2" |
|
921 using normal_s0 by (fastsimp elim: evaln_elim_cases) |
|
922 from valid_e1 P valid_A conf_s0 eval_e1 wt_e1 da_e1 |
|
923 obtain Q: "Q \<lfloor>v1\<rfloor>\<^sub>e s1 Z" and conf_s1: "s1\<Colon>\<preceq>(G,L)" |
|
924 by (rule validE) |
|
925 from Q have Q': "\<And> v. (Q\<leftarrow>In1 v1) v s1 Z" |
|
926 by simp |
|
927 have "(\<lambda>Val:v2:. R\<leftarrow>In1 (eval_binop binop v1 v2)) \<lfloor>v2\<rfloor>\<^sub>e s2 Z" |
|
928 proof (cases "normal s1") |
|
929 case True |
|
930 from eval_e1 wt_e1 da_e1 conf_s0 wf |
|
931 have conf_v1: "G,store s1\<turnstile>v1\<Colon>\<preceq>e1T" |
|
932 by (rule evaln_type_sound [elim_format]) (insert True,simp) |
|
933 from eval_e1 |
|
934 have "G\<turnstile>s0 \<midarrow>e1-\<succ>v1\<rightarrow> s1" |
|
935 by (rule evaln_eval) |
|
936 from da wt_e1 wt_e2 wt_binop conf_s0 True this conf_v1 wf |
|
937 obtain E2 where |
|
938 da_e2: "\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile> dom (locals (store s1)) |
|
939 \<guillemotright>(if need_second_arg binop v1 then \<langle>e2\<rangle>\<^sub>e else \<langle>Skip\<rangle>\<^sub>s)\<guillemotright> E2" |
|
940 by (rule da_e2_BinOp [elim_format]) rules |
|
941 from wt_e2 wt_Skip obtain T2 |
|
942 where "\<lparr>prg=G,cls=accC,lcl=L\<rparr> |
|
943 \<turnstile>(if need_second_arg binop v1 then \<langle>e2\<rangle>\<^sub>e else \<langle>Skip\<rangle>\<^sub>s)\<Colon>T2" |
|
944 by (cases "need_second_arg binop v1") auto |
|
945 note ve=validE [OF valid_e2,OF Q' valid_A conf_s1 eval_e2 this da_e2] |
|
946 (* chaining Q', without extra OF causes unification error *) |
|
947 thus ?thesis |
|
948 by (rule ve) |
|
949 next |
|
950 case False |
|
951 note ve=validE [OF valid_e2,OF Q' valid_A conf_s1 eval_e2] |
|
952 with False show ?thesis |
|
953 by rules |
|
954 qed |
|
955 with v have "R \<lfloor>v\<rfloor>\<^sub>e s2 Z" |
|
956 by simp |
|
957 moreover |
|
958 from eval wt da conf_s0 wf |
|
959 have "s2\<Colon>\<preceq>(G, L)" |
|
960 by (rule evaln_type_sound [elim_format]) simp |
|
961 ultimately show ?thesis .. |
|
962 qed |
|
963 qed |
|
964 next |
|
965 case (Super A P) |
|
966 show "G,A|\<Turnstile>\<Colon>{ {Normal (\<lambda>s.. P\<leftarrow>In1 (val_this s))} Super-\<succ> {P} }" |
|
967 proof (rule valid_expr_NormalI) |
|
968 fix n L s0 s1 v Y Z |
|
969 assume conf_s0: "s0\<Colon>\<preceq>(G, L)" |
|
970 assume normal_s0: " normal s0" |
|
971 assume eval: "G\<turnstile>s0 \<midarrow>Super-\<succ>v\<midarrow>n\<rightarrow> s1" |
|
972 assume P: "(Normal (\<lambda>s.. P\<leftarrow>In1 (val_this s))) Y s0 Z" |
|
973 show "P \<lfloor>v\<rfloor>\<^sub>e s1 Z \<and> s1\<Colon>\<preceq>(G, L)" |
|
974 proof - |
|
975 from eval have "s1=s0" and "v=val_this (store s0)" |
|
976 using normal_s0 by (auto elim: evaln_elim_cases) |
|
977 with P conf_s0 show ?thesis by simp |
|
978 qed |
|
979 qed |
|
980 next |
|
981 case (Acc A P Q var) |
|
982 have valid_var: "G,A|\<Turnstile>\<Colon>{ {Normal P} var=\<succ> {\<lambda>Var:(v, f):. Q\<leftarrow>In1 v} }" . |
|
983 show "G,A|\<Turnstile>\<Colon>{ {Normal P} Acc var-\<succ> {Q} }" |
|
984 proof (rule valid_expr_NormalI) |
|
985 fix n s0 L accC T E v s1 Y Z |
|
986 assume valid_A: "\<forall>t\<in>A. G\<Turnstile>n\<Colon>t" |
|
987 assume conf_s0: "s0\<Colon>\<preceq>(G,L)" |
|
988 assume normal_s0: "normal s0" |
|
989 assume wt: "\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile>Acc var\<Colon>-T" |
|
990 assume da: "\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile>dom (locals (store s0))\<guillemotright>\<langle>Acc var\<rangle>\<^sub>e\<guillemotright>E" |
|
991 assume eval: "G\<turnstile>s0 \<midarrow>Acc var-\<succ>v\<midarrow>n\<rightarrow> s1" |
|
992 assume P: "(Normal P) Y s0 Z" |
|
993 show "Q \<lfloor>v\<rfloor>\<^sub>e s1 Z \<and> s1\<Colon>\<preceq>(G, L)" |
|
994 proof - |
|
995 from wt obtain |
|
996 wt_var: "\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile>var\<Colon>=T" |
|
997 by cases simp |
|
998 from da obtain V where |
|
999 da_var: "\<lparr>prg=G,cls=accC,lcl=L\<rparr> \<turnstile> dom (locals (store s0)) \<guillemotright>\<langle>var\<rangle>\<^sub>v\<guillemotright> V" |
|
1000 by (cases "\<exists> n. var=LVar n") (insert da.LVar,auto elim!: da_elim_cases) |
|
1001 from eval obtain w upd where |
|
1002 eval_var: "G\<turnstile>s0 \<midarrow>var=\<succ>(v, upd)\<midarrow>n\<rightarrow> s1" |
|
1003 using normal_s0 by (fastsimp elim: evaln_elim_cases) |
|
1004 from valid_var P valid_A conf_s0 eval_var wt_var da_var |
|
1005 have "(\<lambda>Var:(v, f):. Q\<leftarrow>In1 v) \<lfloor>(v, upd)\<rfloor>\<^sub>v s1 Z" |
|
1006 by (rule validE) |
|
1007 then have "Q \<lfloor>v\<rfloor>\<^sub>e s1 Z" |
|
1008 by simp |
|
1009 moreover |
|
1010 from eval wt da conf_s0 wf |
|
1011 have "s1\<Colon>\<preceq>(G, L)" |
|
1012 by (rule evaln_type_sound [elim_format]) simp |
|
1013 ultimately show ?thesis .. |
|
1014 qed |
|
1015 qed |
|
1016 next |
|
1017 case (Ass A P Q R e var) |
|
1018 have valid_var: "G,A|\<Turnstile>\<Colon>{ {Normal P} var=\<succ> {Q} }" . |
|
1019 have valid_e: "\<And> vf. |
|
1020 G,A|\<Turnstile>\<Colon>{ {Q\<leftarrow>In2 vf} e-\<succ> {\<lambda>Val:v:. assign (snd vf) v .; R} }" |
|
1021 using Ass.hyps by simp |
|
1022 show "G,A|\<Turnstile>\<Colon>{ {Normal P} var:=e-\<succ> {R} }" |
|
1023 proof (rule valid_expr_NormalI) |
|
1024 fix n s0 L accC T E v s3 Y Z |
|
1025 assume valid_A: "\<forall>t\<in>A. G\<Turnstile>n\<Colon>t" |
|
1026 assume conf_s0: "s0\<Colon>\<preceq>(G,L)" |
|
1027 assume normal_s0: "normal s0" |
|
1028 assume wt: "\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile>var:=e\<Colon>-T" |
|
1029 assume da: "\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile>dom (locals (store s0))\<guillemotright>\<langle>var:=e\<rangle>\<^sub>e\<guillemotright>E" |
|
1030 assume eval: "G\<turnstile>s0 \<midarrow>var:=e-\<succ>v\<midarrow>n\<rightarrow> s3" |
|
1031 assume P: "(Normal P) Y s0 Z" |
|
1032 show "R \<lfloor>v\<rfloor>\<^sub>e s3 Z \<and> s3\<Colon>\<preceq>(G, L)" |
|
1033 proof - |
|
1034 from wt obtain varT where |
|
1035 wt_var: "\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile>var\<Colon>=varT" and |
|
1036 wt_e: "\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile>e\<Colon>-T" |
|
1037 by cases simp |
|
1038 from eval obtain w upd s1 s2 where |
|
1039 eval_var: "G\<turnstile>s0 \<midarrow>var=\<succ>(w, upd)\<midarrow>n\<rightarrow> s1" and |
|
1040 eval_e: "G\<turnstile>s1 \<midarrow>e-\<succ>v\<midarrow>n\<rightarrow> s2" and |
|
1041 s3: "s3=assign upd v s2" |
|
1042 using normal_s0 by (auto elim: evaln_elim_cases) |
|
1043 have "R \<lfloor>v\<rfloor>\<^sub>e s3 Z" |
|
1044 proof (cases "\<exists> vn. var = LVar vn") |
|
1045 case False |
|
1046 with da obtain V where |
|
1047 da_var: "\<lparr>prg=G,cls=accC,lcl=L\<rparr> |
|
1048 \<turnstile> dom (locals (store s0)) \<guillemotright>\<langle>var\<rangle>\<^sub>v\<guillemotright> V" and |
|
1049 da_e: "\<lparr>prg=G,cls=accC,lcl=L\<rparr> \<turnstile> nrm V \<guillemotright>\<langle>e\<rangle>\<^sub>e\<guillemotright> E" |
|
1050 by cases simp+ |
|
1051 from valid_var P valid_A conf_s0 eval_var wt_var da_var |
|
1052 obtain Q: "Q \<lfloor>(w,upd)\<rfloor>\<^sub>v s1 Z" and conf_s1: "s1\<Colon>\<preceq>(G,L)" |
|
1053 by (rule validE) |
|
1054 hence Q': "\<And> v. (Q\<leftarrow>In2 (w,upd)) v s1 Z" |
|
1055 by simp |
|
1056 have "(\<lambda>Val:v:. assign (snd (w,upd)) v .; R) \<lfloor>v\<rfloor>\<^sub>e s2 Z" |
|
1057 proof (cases "normal s1") |
|
1058 case True |
|
1059 obtain E' where |
|
1060 da_e': "\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile> dom (locals (store s1)) \<guillemotright>\<langle>e\<rangle>\<^sub>e\<guillemotright> E'" |
|
1061 proof - |
|
1062 from eval_var wt_var da_var wf True |
|
1063 have "nrm V \<subseteq> dom (locals (store s1))" |
|
1064 by (cases rule: da_good_approx_evalnE) rules |
|
1065 with da_e show ?thesis |
|
1066 by (rule da_weakenE) |
|
1067 qed |
|
1068 note ve=validE [OF valid_e,OF Q' valid_A conf_s1 eval_e wt_e da_e'] |
|
1069 show ?thesis |
|
1070 by (rule ve) |
|
1071 next |
|
1072 case False |
|
1073 note ve=validE [OF valid_e,OF Q' valid_A conf_s1 eval_e] |
|
1074 with False show ?thesis |
|
1075 by rules |
|
1076 qed |
|
1077 with s3 show "R \<lfloor>v\<rfloor>\<^sub>e s3 Z" |
|
1078 by simp |
|
1079 next |
|
1080 case True |
|
1081 then obtain vn where |
|
1082 vn: "var = LVar vn" |
|
1083 by auto |
|
1084 with da obtain E where |
|
1085 da_e: "\<lparr>prg=G,cls=accC,lcl=L\<rparr> \<turnstile> dom (locals (store s0)) \<guillemotright>\<langle>e\<rangle>\<^sub>e\<guillemotright> E" |
|
1086 by cases simp+ |
|
1087 from da.LVar vn obtain V where |
|
1088 da_var: "\<lparr>prg=G,cls=accC,lcl=L\<rparr> |
|
1089 \<turnstile> dom (locals (store s0)) \<guillemotright>\<langle>var\<rangle>\<^sub>v\<guillemotright> V" |
|
1090 by auto |
|
1091 from valid_var P valid_A conf_s0 eval_var wt_var da_var |
|
1092 obtain Q: "Q \<lfloor>(w,upd)\<rfloor>\<^sub>v s1 Z" and conf_s1: "s1\<Colon>\<preceq>(G,L)" |
|
1093 by (rule validE) |
|
1094 hence Q': "\<And> v. (Q\<leftarrow>In2 (w,upd)) v s1 Z" |
|
1095 by simp |
|
1096 have "(\<lambda>Val:v:. assign (snd (w,upd)) v .; R) \<lfloor>v\<rfloor>\<^sub>e s2 Z" |
|
1097 proof (cases "normal s1") |
|
1098 case True |
|
1099 obtain E' where |
|
1100 da_e': "\<lparr>prg=G,cls=accC,lcl=L\<rparr> |
|
1101 \<turnstile> dom (locals (store s1)) \<guillemotright>\<langle>e\<rangle>\<^sub>e\<guillemotright> E'" |
|
1102 proof - |
|
1103 from eval_var |
|
1104 have "dom (locals (store s0)) \<subseteq> dom (locals (store (s1)))" |
|
1105 by (rule dom_locals_evaln_mono_elim) |
|
1106 with da_e show ?thesis |
|
1107 by (rule da_weakenE) |
|
1108 qed |
|
1109 note ve=validE [OF valid_e,OF Q' valid_A conf_s1 eval_e wt_e da_e'] |
|
1110 show ?thesis |
|
1111 by (rule ve) |
|
1112 next |
|
1113 case False |
|
1114 note ve=validE [OF valid_e,OF Q' valid_A conf_s1 eval_e] |
|
1115 with False show ?thesis |
|
1116 by rules |
|
1117 qed |
|
1118 with s3 show "R \<lfloor>v\<rfloor>\<^sub>e s3 Z" |
|
1119 by simp |
|
1120 qed |
|
1121 moreover |
|
1122 from eval wt da conf_s0 wf |
|
1123 have "s3\<Colon>\<preceq>(G, L)" |
|
1124 by (rule evaln_type_sound [elim_format]) simp |
|
1125 ultimately show ?thesis .. |
|
1126 qed |
|
1127 qed |
|
1128 next |
|
1129 case (Cond A P P' Q e0 e1 e2) |
|
1130 have valid_e0: "G,A|\<Turnstile>\<Colon>{ {Normal P} e0-\<succ> {P'} }" . |
|
1131 have valid_then_else:"\<And> b. G,A|\<Turnstile>\<Colon>{ {P'\<leftarrow>=b} (if b then e1 else e2)-\<succ> {Q} }" |
|
1132 using Cond.hyps by simp |
|
1133 show "G,A|\<Turnstile>\<Colon>{ {Normal P} e0 ? e1 : e2-\<succ> {Q} }" |
|
1134 proof (rule valid_expr_NormalI) |
|
1135 fix n s0 L accC T E v s2 Y Z |
|
1136 assume valid_A: "\<forall>t\<in>A. G\<Turnstile>n\<Colon>t" |
|
1137 assume conf_s0: "s0\<Colon>\<preceq>(G,L)" |
|
1138 assume normal_s0: "normal s0" |
|
1139 assume wt: "\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile>e0 ? e1 : e2\<Colon>-T" |
|
1140 assume da: "\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile>dom (locals (store s0))\<guillemotright>\<langle>e0 ? e1:e2\<rangle>\<^sub>e\<guillemotright>E" |
|
1141 assume eval: "G\<turnstile>s0 \<midarrow>e0 ? e1 : e2-\<succ>v\<midarrow>n\<rightarrow> s2" |
|
1142 assume P: "(Normal P) Y s0 Z" |
|
1143 show "Q \<lfloor>v\<rfloor>\<^sub>e s2 Z \<and> s2\<Colon>\<preceq>(G, L)" |
|
1144 proof - |
|
1145 from wt obtain T1 T2 where |
|
1146 wt_e0: "\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile>e0\<Colon>-PrimT Boolean" and |
|
1147 wt_e1: "\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile>e1\<Colon>-T1" and |
|
1148 wt_e2: "\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile>e2\<Colon>-T2" |
|
1149 by cases simp |
|
1150 from da obtain E0 E1 E2 where |
|
1151 da_e0: "\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile> dom (locals (store s0)) \<guillemotright>\<langle>e0\<rangle>\<^sub>e\<guillemotright> E0" and |
|
1152 da_e1: "\<lparr>prg=G,cls=accC,lcl=L\<rparr> |
|
1153 \<turnstile>(dom (locals (store s0)) \<union> assigns_if True e0)\<guillemotright>\<langle>e1\<rangle>\<^sub>e\<guillemotright> E1" and |
|
1154 da_e2: "\<lparr>prg=G,cls=accC,lcl=L\<rparr> |
|
1155 \<turnstile>(dom (locals (store s0)) \<union> assigns_if False e0)\<guillemotright>\<langle>e2\<rangle>\<^sub>e\<guillemotright> E2" |
|
1156 by cases simp+ |
|
1157 from eval obtain b s1 where |
|
1158 eval_e0: "G\<turnstile>s0 \<midarrow>e0-\<succ>b\<midarrow>n\<rightarrow> s1" and |
|
1159 eval_then_else: "G\<turnstile>s1 \<midarrow>(if the_Bool b then e1 else e2)-\<succ>v\<midarrow>n\<rightarrow> s2" |
|
1160 using normal_s0 by (fastsimp elim: evaln_elim_cases) |
|
1161 from valid_e0 P valid_A conf_s0 eval_e0 wt_e0 da_e0 |
|
1162 obtain "P' \<lfloor>b\<rfloor>\<^sub>e s1 Z" and conf_s1: "s1\<Colon>\<preceq>(G,L)" |
|
1163 by (rule validE) |
|
1164 hence P': "\<And> v. (P'\<leftarrow>=(the_Bool b)) v s1 Z" |
|
1165 by (cases "normal s1") auto |
|
1166 have "Q \<lfloor>v\<rfloor>\<^sub>e s2 Z" |
|
1167 proof (cases "normal s1") |
|
1168 case True |
|
1169 note normal_s1=this |
|
1170 from wt_e1 wt_e2 obtain T' where |
|
1171 wt_then_else: |
|
1172 "\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile>(if the_Bool b then e1 else e2)\<Colon>-T'" |
|
1173 by (cases "the_Bool b") simp+ |
|
1174 have s0_s1: "dom (locals (store s0)) |
|
1175 \<union> assigns_if (the_Bool b) e0 \<subseteq> dom (locals (store s1))" |
|
1176 proof - |
|
1177 from eval_e0 |
|
1178 have eval_e0': "G\<turnstile>s0 \<midarrow>e0-\<succ>b\<rightarrow> s1" |
|
1179 by (rule evaln_eval) |
|
1180 hence |
|
1181 "dom (locals (store s0)) \<subseteq> dom (locals (store s1))" |
|
1182 by (rule dom_locals_eval_mono_elim) |
|
1183 moreover |
|
1184 from eval_e0' True wt_e0 |
|
1185 have "assigns_if (the_Bool b) e0 \<subseteq> dom (locals (store s1))" |
|
1186 by (rule assigns_if_good_approx') |
|
1187 ultimately show ?thesis by (rule Un_least) |
|
1188 qed |
|
1189 obtain E' where |
|
1190 da_then_else: |
|
1191 "\<lparr>prg=G,cls=accC,lcl=L\<rparr> |
|
1192 \<turnstile>dom (locals (store s1))\<guillemotright>\<langle>if the_Bool b then e1 else e2\<rangle>\<^sub>e\<guillemotright> E'" |
|
1193 proof (cases "the_Bool b") |
|
1194 case True |
|
1195 with that da_e1 s0_s1 show ?thesis |
|
1196 by simp (erule da_weakenE,auto) |
|
1197 next |
|
1198 case False |
|
1199 with that da_e2 s0_s1 show ?thesis |
|
1200 by simp (erule da_weakenE,auto) |
|
1201 qed |
|
1202 with valid_then_else P' valid_A conf_s1 eval_then_else wt_then_else |
|
1203 show ?thesis |
|
1204 by (rule validE) |
|
1205 next |
|
1206 case False |
|
1207 with valid_then_else P' valid_A conf_s1 eval_then_else |
|
1208 show ?thesis |
|
1209 by (cases rule: validE) rules+ |
|
1210 qed |
|
1211 moreover |
|
1212 from eval wt da conf_s0 wf |
|
1213 have "s2\<Colon>\<preceq>(G, L)" |
|
1214 by (rule evaln_type_sound [elim_format]) simp |
|
1215 ultimately show ?thesis .. |
|
1216 qed |
|
1217 qed |
|
1218 next |
|
1219 case (Call A P Q R S accC' args e mn mode pTs' statT) |
|
1220 have valid_e: "G,A|\<Turnstile>\<Colon>{ {Normal P} e-\<succ> {Q} }" . |
|
1221 have valid_args: "\<And> a. G,A|\<Turnstile>\<Colon>{ {Q\<leftarrow>In1 a} args\<doteq>\<succ> {R a} }" |
|
1222 using Call.hyps by simp |
|
1223 have valid_methd: "\<And> a vs invC declC l. |
|
1224 G,A|\<Turnstile>\<Colon>{ {R a\<leftarrow>In3 vs \<and>. |
|
1225 (\<lambda>s. declC = |
|
1226 invocation_declclass G mode (store s) a statT |
|
1227 \<lparr>name = mn, parTs = pTs'\<rparr> \<and> |
|
1228 invC = invocation_class mode (store s) a statT \<and> |
|
1229 l = locals (store s)) ;. |
|
1230 init_lvars G declC \<lparr>name = mn, parTs = pTs'\<rparr> mode a vs \<and>. |
|
1231 (\<lambda>s. normal s \<longrightarrow> G\<turnstile>mode\<rightarrow>invC\<preceq>statT)} |
|
1232 Methd declC \<lparr>name=mn,parTs=pTs'\<rparr>-\<succ> {set_lvars l .; S} }" |
|
1233 using Call.hyps by simp |
|
1234 show "G,A|\<Turnstile>\<Colon>{ {Normal P} {accC',statT,mode}e\<cdot>mn( {pTs'}args)-\<succ> {S} }" |
|
1235 proof (rule valid_expr_NormalI) |
|
1236 fix n s0 L accC T E v s5 Y Z |
|
1237 assume valid_A: "\<forall>t\<in>A. G\<Turnstile>n\<Colon>t" |
|
1238 assume conf_s0: "s0\<Colon>\<preceq>(G,L)" |
|
1239 assume normal_s0: "normal s0" |
|
1240 assume wt: "\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile>{accC',statT,mode}e\<cdot>mn( {pTs'}args)\<Colon>-T" |
|
1241 assume da: "\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile>dom (locals (store s0)) |
|
1242 \<guillemotright>\<langle>{accC',statT,mode}e\<cdot>mn( {pTs'}args)\<rangle>\<^sub>e\<guillemotright> E" |
|
1243 assume eval: "G\<turnstile>s0 \<midarrow>{accC',statT,mode}e\<cdot>mn( {pTs'}args)-\<succ>v\<midarrow>n\<rightarrow> s5" |
|
1244 assume P: "(Normal P) Y s0 Z" |
|
1245 show "S \<lfloor>v\<rfloor>\<^sub>e s5 Z \<and> s5\<Colon>\<preceq>(G, L)" |
|
1246 proof - |
|
1247 from wt obtain pTs statDeclT statM where |
|
1248 wt_e: "\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile>e\<Colon>-RefT statT" and |
|
1249 wt_args: "\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile>args\<Colon>\<doteq>pTs" and |
|
1250 statM: "max_spec G accC statT \<lparr>name=mn,parTs=pTs\<rparr> |
|
1251 = {((statDeclT,statM),pTs')}" and |
|
1252 mode: "mode = invmode statM e" and |
|
1253 T: "T =(resTy statM)" and |
|
1254 eq_accC_accC': "accC=accC'" |
|
1255 by cases fastsimp+ |
|
1256 from da obtain C where |
|
1257 da_e: "\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile> (dom (locals (store s0)))\<guillemotright>\<langle>e\<rangle>\<^sub>e\<guillemotright> C" and |
|
1258 da_args: "\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile> nrm C \<guillemotright>\<langle>args\<rangle>\<^sub>l\<guillemotright> E" |
|
1259 by cases simp |
|
1260 from eval eq_accC_accC' obtain a s1 vs s2 s3 s3' s4 invDeclC where |
|
1261 evaln_e: "G\<turnstile>s0 \<midarrow>e-\<succ>a\<midarrow>n\<rightarrow> s1" and |
|
1262 evaln_args: "G\<turnstile>s1 \<midarrow>args\<doteq>\<succ>vs\<midarrow>n\<rightarrow> s2" and |
|
1263 invDeclC: "invDeclC = invocation_declclass |
|
1264 G mode (store s2) a statT \<lparr>name=mn,parTs=pTs'\<rparr>" and |
|
1265 s3: "s3 = init_lvars G invDeclC \<lparr>name=mn,parTs=pTs'\<rparr> mode a vs s2" and |
|
1266 check: "s3' = check_method_access G |
|
1267 accC' statT mode \<lparr>name = mn, parTs = pTs'\<rparr> a s3" and |
|
1268 evaln_methd: |
|
1269 "G\<turnstile>s3' \<midarrow>Methd invDeclC \<lparr>name=mn,parTs=pTs'\<rparr>-\<succ>v\<midarrow>n\<rightarrow> s4" and |
|
1270 s5: "s5=(set_lvars (locals (store s2))) s4" |
|
1271 using normal_s0 by (auto elim: evaln_elim_cases) |
|
1272 |
|
1273 from evaln_e |
|
1274 have eval_e: "G\<turnstile>s0 \<midarrow>e-\<succ>a\<rightarrow> s1" |
|
1275 by (rule evaln_eval) |
|
1276 |
|
1277 from eval_e _ wt_e wf |
|
1278 have s1_no_return: "abrupt s1 \<noteq> Some (Jump Ret)" |
|
1279 by (rule eval_expression_no_jump |
|
1280 [where ?Env="\<lparr>prg=G,cls=accC,lcl=L\<rparr>",simplified]) |
|
1281 (insert normal_s0,auto) |
|
1282 |
|
1283 from valid_e P valid_A conf_s0 evaln_e wt_e da_e |
|
1284 obtain "Q \<lfloor>a\<rfloor>\<^sub>e s1 Z" and conf_s1: "s1\<Colon>\<preceq>(G,L)" |
|
1285 by (rule validE) |
|
1286 hence Q: "\<And> v. (Q\<leftarrow>In1 a) v s1 Z" |
|
1287 by simp |
|
1288 obtain |
|
1289 R: "(R a) \<lfloor>vs\<rfloor>\<^sub>l s2 Z" and |
|
1290 conf_s2: "s2\<Colon>\<preceq>(G,L)" and |
|
1291 s2_no_return: "abrupt s2 \<noteq> Some (Jump Ret)" |
|
1292 proof (cases "normal s1") |
|
1293 case True |
|
1294 obtain E' where |
|
1295 da_args': |
|
1296 "\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile> dom (locals (store s1)) \<guillemotright>\<langle>args\<rangle>\<^sub>l\<guillemotright> E'" |
|
1297 proof - |
|
1298 from evaln_e wt_e da_e wf True |
|
1299 have "nrm C \<subseteq> dom (locals (store s1))" |
|
1300 by (cases rule: da_good_approx_evalnE) rules |
|
1301 with da_args show ?thesis |
|
1302 by (rule da_weakenE) |
|
1303 qed |
|
1304 with valid_args Q valid_A conf_s1 evaln_args wt_args |
|
1305 obtain "(R a) \<lfloor>vs\<rfloor>\<^sub>l s2 Z" "s2\<Colon>\<preceq>(G,L)" |
|
1306 by (rule validE) |
|
1307 moreover |
|
1308 from evaln_args |
|
1309 have e: "G\<turnstile>s1 \<midarrow>args\<doteq>\<succ>vs\<rightarrow> s2" |
|
1310 by (rule evaln_eval) |
|
1311 from this s1_no_return wt_args wf |
|
1312 have "abrupt s2 \<noteq> Some (Jump Ret)" |
|
1313 by (rule eval_expression_list_no_jump |
|
1314 [where ?Env="\<lparr>prg=G,cls=accC,lcl=L\<rparr>",simplified]) |
|
1315 ultimately show ?thesis .. |
|
1316 next |
|
1317 case False |
|
1318 with valid_args Q valid_A conf_s1 evaln_args |
|
1319 obtain "(R a) \<lfloor>vs\<rfloor>\<^sub>l s2 Z" "s2\<Colon>\<preceq>(G,L)" |
|
1320 by (cases rule: validE) rules+ |
|
1321 moreover |
|
1322 from False evaln_args have "s2=s1" |
|
1323 by auto |
|
1324 with s1_no_return have "abrupt s2 \<noteq> Some (Jump Ret)" |
|
1325 by simp |
|
1326 ultimately show ?thesis .. |
|
1327 qed |
|
1328 |
|
1329 obtain invC where |
|
1330 invC: "invC = invocation_class mode (store s2) a statT" |
|
1331 by simp |
|
1332 with s3 |
|
1333 have invC': "invC = (invocation_class mode (store s3) a statT)" |
|
1334 by (cases s2,cases mode) (auto simp add: init_lvars_def2 ) |
|
1335 obtain l where |
|
1336 l: "l = locals (store s2)" |
|
1337 by simp |
|
1338 |
|
1339 from eval wt da conf_s0 wf |
|
1340 have conf_s5: "s5\<Colon>\<preceq>(G, L)" |
|
1341 by (rule evaln_type_sound [elim_format]) simp |
|
1342 let "PROP ?R" = "\<And> v. |
|
1343 (R a\<leftarrow>In3 vs \<and>. |
|
1344 (\<lambda>s. invDeclC = invocation_declclass G mode (store s) a statT |
|
1345 \<lparr>name = mn, parTs = pTs'\<rparr> \<and> |
|
1346 invC = invocation_class mode (store s) a statT \<and> |
|
1347 l = locals (store s)) ;. |
|
1348 init_lvars G invDeclC \<lparr>name = mn, parTs = pTs'\<rparr> mode a vs \<and>. |
|
1349 (\<lambda>s. normal s \<longrightarrow> G\<turnstile>mode\<rightarrow>invC\<preceq>statT) |
|
1350 ) v s3' Z" |
|
1351 { |
|
1352 assume abrupt_s3: "\<not> normal s3" |
|
1353 have "S \<lfloor>v\<rfloor>\<^sub>e s5 Z" |
|
1354 proof - |
|
1355 from abrupt_s3 check have eq_s3'_s3: "s3'=s3" |
|
1356 by (auto simp add: check_method_access_def Let_def) |
|
1357 with R s3 invDeclC invC l abrupt_s3 |
|
1358 have R': "PROP ?R" |
|
1359 by auto |
|
1360 have conf_s3': "s3'\<Colon>\<preceq>(G, empty)" |
|
1361 (* we need an arbirary environment (here empty) that s2' conforms to |
|
1362 to apply validE *) |
|
1363 proof - |
|
1364 from s2_no_return s3 |
|
1365 have "abrupt s3 \<noteq> Some (Jump Ret)" |
|
1366 by (cases s2) (auto simp add: init_lvars_def2 split: split_if_asm) |
|
1367 moreover |
|
1368 obtain abr2 str2 where s2: "s2=(abr2,str2)" |
|
1369 by (cases s2) simp |
|
1370 from s3 s2 conf_s2 have "(abrupt s3,str2)\<Colon>\<preceq>(G, L)" |
|
1371 by (auto simp add: init_lvars_def2 split: split_if_asm) |
|
1372 ultimately show ?thesis |
|
1373 using s3 s2 eq_s3'_s3 |
|
1374 apply (simp add: init_lvars_def2) |
|
1375 apply (rule conforms_set_locals [OF _ wlconf_empty]) |
|
1376 by auto |
|
1377 qed |
|
1378 from valid_methd R' valid_A conf_s3' evaln_methd abrupt_s3 eq_s3'_s3 |
|
1379 have "(set_lvars l .; S) \<lfloor>v\<rfloor>\<^sub>e s4 Z" |
|
1380 by (cases rule: validE) simp+ |
|
1381 with s5 l show ?thesis |
|
1382 by simp |
|
1383 qed |
|
1384 } note abrupt_s3_lemma = this |
|
1385 |
|
1386 have "S \<lfloor>v\<rfloor>\<^sub>e s5 Z" |
|
1387 proof (cases "normal s2") |
|
1388 case False |
|
1389 with s3 have abrupt_s3: "\<not> normal s3" |
|
1390 by (cases s2) (simp add: init_lvars_def2) |
|
1391 thus ?thesis |
|
1392 by (rule abrupt_s3_lemma) |
|
1393 next |
|
1394 case True |
|
1395 note normal_s2 = this |
|
1396 with evaln_args |
|
1397 have normal_s1: "normal s1" |
|
1398 by (rule evaln_no_abrupt) |
|
1399 obtain E' where |
|
1400 da_args': |
|
1401 "\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile> dom (locals (store s1)) \<guillemotright>\<langle>args\<rangle>\<^sub>l\<guillemotright> E'" |
|
1402 proof - |
|
1403 from evaln_e wt_e da_e wf normal_s1 |
|
1404 have "nrm C \<subseteq> dom (locals (store s1))" |
|
1405 by (cases rule: da_good_approx_evalnE) rules |
|
1406 with da_args show ?thesis |
|
1407 by (rule da_weakenE) |
|
1408 qed |
|
1409 from evaln_args |
|
1410 have eval_args: "G\<turnstile>s1 \<midarrow>args\<doteq>\<succ>vs\<rightarrow> s2" |
|
1411 by (rule evaln_eval) |
|
1412 from evaln_e wt_e da_e conf_s0 wf |
|
1413 have conf_a: "G, store s1\<turnstile>a\<Colon>\<preceq>RefT statT" |
|
1414 by (rule evaln_type_sound [elim_format]) (insert normal_s1,simp) |
|
1415 with normal_s1 normal_s2 eval_args |
|
1416 have conf_a_s2: "G, store s2\<turnstile>a\<Colon>\<preceq>RefT statT" |
|
1417 by (auto dest: eval_gext intro: conf_gext) |
|
1418 from evaln_args wt_args da_args' conf_s1 wf |
|
1419 have conf_args: "list_all2 (conf G (store s2)) vs pTs" |
|
1420 by (rule evaln_type_sound [elim_format]) (insert normal_s2,simp) |
|
1421 from statM |
|
1422 obtain |
|
1423 statM': "(statDeclT,statM)\<in>mheads G accC statT \<lparr>name=mn,parTs=pTs'\<rparr>" |
|
1424 and |
|
1425 pTs_widen: "G\<turnstile>pTs[\<preceq>]pTs'" |
|
1426 by (blast dest: max_spec2mheads) |
|
1427 show ?thesis |
|
1428 proof (cases "normal s3") |
|
1429 case False |
|
1430 thus ?thesis |
|
1431 by (rule abrupt_s3_lemma) |
|
1432 next |
|
1433 case True |
|
1434 note normal_s3 = this |
|
1435 with s3 have notNull: "mode = IntVir \<longrightarrow> a \<noteq> Null" |
|
1436 by (cases s2) (auto simp add: init_lvars_def2) |
|
1437 from conf_s2 conf_a_s2 wf notNull invC |
|
1438 have dynT_prop: "G\<turnstile>mode\<rightarrow>invC\<preceq>statT" |
|
1439 by (cases s2) (auto intro: DynT_propI) |
|
1440 |
|
1441 with wt_e statM' invC mode wf |
|
1442 obtain dynM where |
|
1443 dynM: "dynlookup G statT invC \<lparr>name=mn,parTs=pTs'\<rparr> = Some dynM" and |
|
1444 acc_dynM: "G \<turnstile>Methd \<lparr>name=mn,parTs=pTs'\<rparr> dynM |
|
1445 in invC dyn_accessible_from accC" |
|
1446 by (force dest!: call_access_ok) |
|
1447 with invC' check eq_accC_accC' |
|
1448 have eq_s3'_s3: "s3'=s3" |
|
1449 by (auto simp add: check_method_access_def Let_def) |
|
1450 |
|
1451 with dynT_prop R s3 invDeclC invC l |
|
1452 have R': "PROP ?R" |
|
1453 by auto |
|
1454 |
|
1455 from dynT_prop wf wt_e statM' mode invC invDeclC dynM |
|
1456 obtain |
|
1457 dynM: "dynlookup G statT invC \<lparr>name=mn,parTs=pTs'\<rparr> = Some dynM" and |
|
1458 wf_dynM: "wf_mdecl G invDeclC (\<lparr>name=mn,parTs=pTs'\<rparr>,mthd dynM)" and |
|
1459 dynM': "methd G invDeclC \<lparr>name=mn,parTs=pTs'\<rparr> = Some dynM" and |
|
1460 iscls_invDeclC: "is_class G invDeclC" and |
|
1461 invDeclC': "invDeclC = declclass dynM" and |
|
1462 invC_widen: "G\<turnstile>invC\<preceq>\<^sub>C invDeclC" and |
|
1463 resTy_widen: "G\<turnstile>resTy dynM\<preceq>resTy statM" and |
|
1464 is_static_eq: "is_static dynM = is_static statM" and |
|
1465 involved_classes_prop: |
|
1466 "(if invmode statM e = IntVir |
|
1467 then \<forall>statC. statT = ClassT statC \<longrightarrow> G\<turnstile>invC\<preceq>\<^sub>C statC |
|
1468 else ((\<exists>statC. statT = ClassT statC \<and> G\<turnstile>statC\<preceq>\<^sub>C invDeclC) \<or> |
|
1469 (\<forall>statC. statT \<noteq> ClassT statC \<and> invDeclC = Object)) \<and> |
|
1470 statDeclT = ClassT invDeclC)" |
|
1471 by (cases rule: DynT_mheadsE) simp |
|
1472 obtain L' where |
|
1473 L':"L'=(\<lambda> k. |
|
1474 (case k of |
|
1475 EName e |
|
1476 \<Rightarrow> (case e of |
|
1477 VNam v |
|
1478 \<Rightarrow>(table_of (lcls (mbody (mthd dynM))) |
|
1479 (pars (mthd dynM)[\<mapsto>]pTs')) v |
|
1480 | Res \<Rightarrow> Some (resTy dynM)) |
|
1481 | This \<Rightarrow> if is_static statM |
|
1482 then None else Some (Class invDeclC)))" |
|
1483 by simp |
|
1484 from wf_dynM [THEN wf_mdeclD1, THEN conjunct1] normal_s2 conf_s2 wt_e |
|
1485 wf eval_args conf_a mode notNull wf_dynM involved_classes_prop |
|
1486 have conf_s3: "s3\<Colon>\<preceq>(G,L')" |
|
1487 apply - |
|
1488 (* FIXME confomrs_init_lvars should be |
|
1489 adjusted to be more directy applicable *) |
|
1490 apply (drule conforms_init_lvars [of G invDeclC |
|
1491 "\<lparr>name=mn,parTs=pTs'\<rparr>" dynM "store s2" vs pTs "abrupt s2" |
|
1492 L statT invC a "(statDeclT,statM)" e]) |
|
1493 apply (rule wf) |
|
1494 apply (rule conf_args) |
|
1495 apply (simp add: pTs_widen) |
|
1496 apply (cases s2,simp) |
|
1497 apply (rule dynM') |
|
1498 apply (force dest: ty_expr_is_type) |
|
1499 apply (rule invC_widen) |
|
1500 apply (force intro: conf_gext dest: eval_gext) |
|
1501 apply simp |
|
1502 apply simp |
|
1503 apply (simp add: invC) |
|
1504 apply (simp add: invDeclC) |
|
1505 apply (simp add: normal_s2) |
|
1506 apply (cases s2, simp add: L' init_lvars_def2 s3 |
|
1507 cong add: lname.case_cong ename.case_cong) |
|
1508 done |
|
1509 with eq_s3'_s3 have conf_s3': "s3'\<Colon>\<preceq>(G,L')" by simp |
|
1510 from is_static_eq wf_dynM L' |
|
1511 obtain mthdT where |
|
1512 "\<lparr>prg=G,cls=invDeclC,lcl=L'\<rparr> |
|
1513 \<turnstile>Body invDeclC (stmt (mbody (mthd dynM)))\<Colon>-mthdT" and |
|
1514 mthdT_widen: "G\<turnstile>mthdT\<preceq>resTy dynM" |
|
1515 by - (drule wf_mdecl_bodyD, |
|
1516 auto simp add: callee_lcl_def |
|
1517 cong add: lname.case_cong ename.case_cong) |
|
1518 with dynM' iscls_invDeclC invDeclC' |
|
1519 have |
|
1520 wt_methd: |
|
1521 "\<lparr>prg=G,cls=invDeclC,lcl=L'\<rparr> |
|
1522 \<turnstile>(Methd invDeclC \<lparr>name = mn, parTs = pTs'\<rparr>)\<Colon>-mthdT" |
|
1523 by (auto intro: wt.Methd) |
|
1524 obtain M where |
|
1525 da_methd: |
|
1526 "\<lparr>prg=G,cls=invDeclC,lcl=L'\<rparr> |
|
1527 \<turnstile> dom (locals (store s3')) |
|
1528 \<guillemotright>\<langle>Methd invDeclC \<lparr>name=mn,parTs=pTs'\<rparr>\<rangle>\<^sub>e\<guillemotright> M" |
|
1529 proof - |
|
1530 from wf_dynM |
|
1531 obtain M' where |
|
1532 da_body: |
|
1533 "\<lparr>prg=G, cls=invDeclC |
|
1534 ,lcl=callee_lcl invDeclC \<lparr>name = mn, parTs = pTs'\<rparr> (mthd dynM) |
|
1535 \<rparr> \<turnstile> parameters (mthd dynM) \<guillemotright>\<langle>stmt (mbody (mthd dynM))\<rangle>\<guillemotright> M'" and |
|
1536 res: "Result \<in> nrm M'" |
|
1537 by (rule wf_mdeclE) rules |
|
1538 from da_body is_static_eq L' have |
|
1539 "\<lparr>prg=G, cls=invDeclC,lcl=L'\<rparr> |
|
1540 \<turnstile> parameters (mthd dynM) \<guillemotright>\<langle>stmt (mbody (mthd dynM))\<rangle>\<guillemotright> M'" |
|
1541 by (simp add: callee_lcl_def |
|
1542 cong add: lname.case_cong ename.case_cong) |
|
1543 moreover have "parameters (mthd dynM) \<subseteq> dom (locals (store s3'))" |
|
1544 proof - |
|
1545 from is_static_eq |
|
1546 have "(invmode (mthd dynM) e) = (invmode statM e)" |
|
1547 by (simp add: invmode_def) |
|
1548 with s3 dynM' is_static_eq normal_s2 mode |
|
1549 have "parameters (mthd dynM) = dom (locals (store s3))" |
|
1550 using dom_locals_init_lvars |
|
1551 [of "mthd dynM" G invDeclC "\<lparr>name=mn,parTs=pTs'\<rparr>" e a vs s2] |
|
1552 by simp |
|
1553 thus ?thesis using eq_s3'_s3 by simp |
|
1554 qed |
|
1555 ultimately obtain M2 where |
|
1556 da: |
|
1557 "\<lparr>prg=G, cls=invDeclC,lcl=L'\<rparr> |
|
1558 \<turnstile> dom (locals (store s3')) \<guillemotright>\<langle>stmt (mbody (mthd dynM))\<rangle>\<guillemotright> M2" and |
|
1559 M2: "nrm M' \<subseteq> nrm M2" |
|
1560 by (rule da_weakenE) |
|
1561 from res M2 have "Result \<in> nrm M2" |
|
1562 by blast |
|
1563 moreover from wf_dynM |
|
1564 have "jumpNestingOkS {Ret} (stmt (mbody (mthd dynM)))" |
|
1565 by (rule wf_mdeclE) |
|
1566 ultimately |
|
1567 obtain M3 where |
|
1568 "\<lparr>prg=G, cls=invDeclC,lcl=L'\<rparr> \<turnstile> dom (locals (store s3')) |
|
1569 \<guillemotright>\<langle>Body (declclass dynM) (stmt (mbody (mthd dynM)))\<rangle>\<guillemotright> M3" |
|
1570 using da |
|
1571 by (rules intro: da.Body assigned.select_convs) |
|
1572 from _ this [simplified] |
|
1573 show ?thesis |
|
1574 by (rule da.Methd [simplified,elim_format]) |
|
1575 (auto intro: dynM') |
|
1576 qed |
|
1577 from valid_methd R' valid_A conf_s3' evaln_methd wt_methd da_methd |
|
1578 have "(set_lvars l .; S) \<lfloor>v\<rfloor>\<^sub>e s4 Z" |
|
1579 by (cases rule: validE) rules+ |
|
1580 with s5 l show ?thesis |
|
1581 by simp |
|
1582 qed |
|
1583 qed |
|
1584 with conf_s5 show ?thesis by rules |
|
1585 qed |
|
1586 qed |
|
1587 next |
|
1588 -- {* |
|
1589 \par |
|
1590 *} (* dummy text command to break paragraph for latex; |
|
1591 large paragraphs exhaust memory of debian pdflatex *) |
|
1592 case (Methd A P Q ms) |
|
1593 have valid_body: "G,A \<union> {{P} Methd-\<succ> {Q} | ms}|\<Turnstile>\<Colon>{{P} body G-\<succ> {Q} | ms}". |
|
1594 show "G,A|\<Turnstile>\<Colon>{{P} Methd-\<succ> {Q} | ms}" |
|
1595 by (rule Methd_sound) |
|
1596 next |
|
1597 case (Body A D P Q R c) |
|
1598 have valid_init: "G,A|\<Turnstile>\<Colon>{ {Normal P} .Init D. {Q} }". |
|
1599 have valid_c: "G,A|\<Turnstile>\<Colon>{ {Q} .c. |
|
1600 {\<lambda>s.. abupd (absorb Ret) .; R\<leftarrow>In1 (the (locals s Result))} }". |
|
1601 show "G,A|\<Turnstile>\<Colon>{ {Normal P} Body D c-\<succ> {R} }" |
|
1602 proof (rule valid_expr_NormalI) |
|
1603 fix n s0 L accC T E v s4 Y Z |
|
1604 assume valid_A: "\<forall>t\<in>A. G\<Turnstile>n\<Colon>t" |
|
1605 assume conf_s0: "s0\<Colon>\<preceq>(G,L)" |
|
1606 assume normal_s0: "normal s0" |
|
1607 assume wt: "\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile>Body D c\<Colon>-T" |
|
1608 assume da: "\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile>dom (locals (store s0))\<guillemotright>\<langle>Body D c\<rangle>\<^sub>e\<guillemotright>E" |
|
1609 assume eval: "G\<turnstile>s0 \<midarrow>Body D c-\<succ>v\<midarrow>n\<rightarrow> s4" |
|
1610 assume P: "(Normal P) Y s0 Z" |
|
1611 show "R \<lfloor>v\<rfloor>\<^sub>e s4 Z \<and> s4\<Colon>\<preceq>(G, L)" |
|
1612 proof - |
|
1613 from wt obtain |
|
1614 iscls_D: "is_class G D" and |
|
1615 wt_init: "\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile>Init D\<Colon>\<surd>" and |
|
1616 wt_c: "\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile>c\<Colon>\<surd>" |
|
1617 by cases auto |
|
1618 obtain I where |
|
1619 da_init:"\<lparr>prg=G,cls=accC,lcl=L\<rparr> \<turnstile> dom (locals (store s0)) \<guillemotright>\<langle>Init D\<rangle>\<^sub>s\<guillemotright> I" |
|
1620 by (auto intro: da_Init [simplified] assigned.select_convs) |
|
1621 from da obtain C where |
|
1622 da_c: "\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile> (dom (locals (store s0)))\<guillemotright>\<langle>c\<rangle>\<^sub>s\<guillemotright> C" and |
|
1623 jmpOk: "jumpNestingOkS {Ret} c" |
|
1624 by cases simp |
|
1625 from eval obtain s1 s2 s3 where |
|
1626 eval_init: "G\<turnstile>s0 \<midarrow>Init D\<midarrow>n\<rightarrow> s1" and |
|
1627 eval_c: "G\<turnstile>s1 \<midarrow>c\<midarrow>n\<rightarrow> s2" and |
|
1628 v: "v = the (locals (store s2) Result)" and |
|
1629 s3: "s3 =(if \<exists>l. abrupt s2 = Some (Jump (Break l)) \<or> |
|
1630 abrupt s2 = Some (Jump (Cont l)) |
|
1631 then abupd (\<lambda>x. Some (Error CrossMethodJump)) s2 else s2)"and |
|
1632 s4: "s4 = abupd (absorb Ret) s3" |
|
1633 using normal_s0 by (fastsimp elim: evaln_elim_cases) |
|
1634 obtain C' where |
|
1635 da_c': "\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile> (dom (locals (store s1)))\<guillemotright>\<langle>c\<rangle>\<^sub>s\<guillemotright> C'" |
|
1636 proof - |
|
1637 from eval_init |
|
1638 have "(dom (locals (store s0))) \<subseteq> (dom (locals (store s1)))" |
|
1639 by (rule dom_locals_evaln_mono_elim) |
|
1640 with da_c show ?thesis by (rule da_weakenE) |
|
1641 qed |
|
1642 from valid_init P valid_A conf_s0 eval_init wt_init da_init |
|
1643 obtain Q: "Q \<diamondsuit> s1 Z" and conf_s1: "s1\<Colon>\<preceq>(G,L)" |
|
1644 by (rule validE) |
|
1645 from valid_c Q valid_A conf_s1 eval_c wt_c da_c' |
|
1646 have R: "(\<lambda>s.. abupd (absorb Ret) .; R\<leftarrow>In1 (the (locals s Result))) |
|
1647 \<diamondsuit> s2 Z" |
|
1648 by (rule validE) |
|
1649 have "s3=s2" |
|
1650 proof - |
|
1651 from eval_init [THEN evaln_eval] wf |
|
1652 have s1_no_jmp: "\<And> j. abrupt s1 \<noteq> Some (Jump j)" |
|
1653 by - (rule eval_statement_no_jump [OF _ _ _ wt_init], |
|
1654 insert normal_s0,auto) |
|
1655 from eval_c [THEN evaln_eval] _ wt_c wf |
|
1656 have "\<And> j. abrupt s2 = Some (Jump j) \<Longrightarrow> j=Ret" |
|
1657 by (rule jumpNestingOk_evalE) (auto intro: jmpOk simp add: s1_no_jmp) |
|
1658 moreover note s3 |
|
1659 ultimately show ?thesis |
|
1660 by (force split: split_if) |
|
1661 qed |
|
1662 with R v s4 |
|
1663 have "R \<lfloor>v\<rfloor>\<^sub>e s4 Z" |
|
1664 by simp |
|
1665 moreover |
|
1666 from eval wt da conf_s0 wf |
|
1667 have "s4\<Colon>\<preceq>(G, L)" |
|
1668 by (rule evaln_type_sound [elim_format]) simp |
|
1669 ultimately show ?thesis .. |
|
1670 qed |
|
1671 qed |
|
1672 next |
|
1673 case (Nil A P) |
|
1674 show "G,A|\<Turnstile>\<Colon>{ {Normal (P\<leftarrow>\<lfloor>[]\<rfloor>\<^sub>l)} []\<doteq>\<succ> {P} }" |
|
1675 proof (rule valid_expr_list_NormalI) |
|
1676 fix s0 s1 vs n L Y Z |
|
1677 assume conf_s0: "s0\<Colon>\<preceq>(G,L)" |
|
1678 assume normal_s0: "normal s0" |
|
1679 assume eval: "G\<turnstile>s0 \<midarrow>[]\<doteq>\<succ>vs\<midarrow>n\<rightarrow> s1" |
|
1680 assume P: "(Normal (P\<leftarrow>\<lfloor>[]\<rfloor>\<^sub>l)) Y s0 Z" |
|
1681 show "P \<lfloor>vs\<rfloor>\<^sub>l s1 Z \<and> s1\<Colon>\<preceq>(G, L)" |
|
1682 proof - |
|
1683 from eval obtain "vs=[]" "s1=s0" |
|
1684 using normal_s0 by (auto elim: evaln_elim_cases) |
|
1685 with P conf_s0 show ?thesis |
|
1686 by simp |
|
1687 qed |
|
1688 qed |
|
1689 next |
|
1690 case (Cons A P Q R e es) |
|
1691 have valid_e: "G,A|\<Turnstile>\<Colon>{ {Normal P} e-\<succ> {Q} }". |
|
1692 have valid_es: "\<And> v. G,A|\<Turnstile>\<Colon>{ {Q\<leftarrow>\<lfloor>v\<rfloor>\<^sub>e} es\<doteq>\<succ> {\<lambda>Vals:vs:. R\<leftarrow>\<lfloor>(v # vs)\<rfloor>\<^sub>l} }" |
|
1693 using Cons.hyps by simp |
|
1694 show "G,A|\<Turnstile>\<Colon>{ {Normal P} e # es\<doteq>\<succ> {R} }" |
|
1695 proof (rule valid_expr_list_NormalI) |
|
1696 fix n s0 L accC T E v s2 Y Z |
|
1697 assume valid_A: "\<forall>t\<in>A. G\<Turnstile>n\<Colon>t" |
|
1698 assume conf_s0: "s0\<Colon>\<preceq>(G,L)" |
|
1699 assume normal_s0: "normal s0" |
|
1700 assume wt: "\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile>e # es\<Colon>\<doteq>T" |
|
1701 assume da: "\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile>dom (locals (store s0)) \<guillemotright>\<langle>e # es\<rangle>\<^sub>l\<guillemotright> E" |
|
1702 assume eval: "G\<turnstile>s0 \<midarrow>e # es\<doteq>\<succ>v\<midarrow>n\<rightarrow> s2" |
|
1703 assume P: "(Normal P) Y s0 Z" |
|
1704 show "R \<lfloor>v\<rfloor>\<^sub>l s2 Z \<and> s2\<Colon>\<preceq>(G, L)" |
|
1705 proof - |
|
1706 from wt obtain eT esT where |
|
1707 wt_e: "\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile>e\<Colon>-eT" and |
|
1708 wt_es: "\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile>es\<Colon>\<doteq>esT" |
|
1709 by cases simp |
|
1710 from da obtain E1 where |
|
1711 da_e: "\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile> (dom (locals (store s0)))\<guillemotright>\<langle>e\<rangle>\<^sub>e\<guillemotright> E1" and |
|
1712 da_es: "\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile> nrm E1 \<guillemotright>\<langle>es\<rangle>\<^sub>l\<guillemotright> E" |
|
1713 by cases simp |
|
1714 from eval obtain s1 ve vs where |
|
1715 eval_e: "G\<turnstile>s0 \<midarrow>e-\<succ>ve\<midarrow>n\<rightarrow> s1" and |
|
1716 eval_es: "G\<turnstile>s1 \<midarrow>es\<doteq>\<succ>vs\<midarrow>n\<rightarrow> s2" and |
|
1717 v: "v=ve#vs" |
|
1718 using normal_s0 by (fastsimp elim: evaln_elim_cases) |
|
1719 from valid_e P valid_A conf_s0 eval_e wt_e da_e |
|
1720 obtain Q: "Q \<lfloor>ve\<rfloor>\<^sub>e s1 Z" and conf_s1: "s1\<Colon>\<preceq>(G,L)" |
|
1721 by (rule validE) |
|
1722 from Q have Q': "\<And> v. (Q\<leftarrow>\<lfloor>ve\<rfloor>\<^sub>e) v s1 Z" |
|
1723 by simp |
|
1724 have "(\<lambda>Vals:vs:. R\<leftarrow>\<lfloor>(ve # vs)\<rfloor>\<^sub>l) \<lfloor>vs\<rfloor>\<^sub>l s2 Z" |
|
1725 proof (cases "normal s1") |
|
1726 case True |
|
1727 obtain E' where |
|
1728 da_es': "\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile> dom (locals (store s1)) \<guillemotright>\<langle>es\<rangle>\<^sub>l\<guillemotright> E'" |
|
1729 proof - |
|
1730 from eval_e wt_e da_e wf True |
|
1731 have "nrm E1 \<subseteq> dom (locals (store s1))" |
|
1732 by (cases rule: da_good_approx_evalnE) rules |
|
1733 with da_es show ?thesis |
|
1734 by (rule da_weakenE) |
|
1735 qed |
|
1736 from valid_es Q' valid_A conf_s1 eval_es wt_es da_es' |
|
1737 show ?thesis |
|
1738 by (rule validE) |
|
1739 next |
|
1740 case False |
|
1741 with valid_es Q' valid_A conf_s1 eval_es |
|
1742 show ?thesis |
|
1743 by (cases rule: validE) rules+ |
|
1744 qed |
|
1745 with v have "R \<lfloor>v\<rfloor>\<^sub>l s2 Z" |
|
1746 by simp |
|
1747 moreover |
|
1748 from eval wt da conf_s0 wf |
|
1749 have "s2\<Colon>\<preceq>(G, L)" |
|
1750 by (rule evaln_type_sound [elim_format]) simp |
|
1751 ultimately show ?thesis .. |
|
1752 qed |
|
1753 qed |
|
1754 next |
|
1755 case (Skip A P) |
|
1756 show "G,A|\<Turnstile>\<Colon>{ {Normal (P\<leftarrow>\<diamondsuit>)} .Skip. {P} }" |
|
1757 proof (rule valid_stmt_NormalI) |
|
1758 fix s0 s1 n L Y Z |
|
1759 assume conf_s0: "s0\<Colon>\<preceq>(G,L)" |
|
1760 assume normal_s0: "normal s0" |
|
1761 assume eval: "G\<turnstile>s0 \<midarrow>Skip\<midarrow>n\<rightarrow> s1" |
|
1762 assume P: "(Normal (P\<leftarrow>\<diamondsuit>)) Y s0 Z" |
|
1763 show "P \<diamondsuit> s1 Z \<and> s1\<Colon>\<preceq>(G, L)" |
|
1764 proof - |
|
1765 from eval obtain "s1=s0" |
|
1766 using normal_s0 by (fastsimp elim: evaln_elim_cases) |
|
1767 with P conf_s0 show ?thesis |
|
1768 by simp |
|
1769 qed |
|
1770 qed |
|
1771 next |
|
1772 case (Expr A P Q e) |
|
1773 have valid_e: "G,A|\<Turnstile>\<Colon>{ {Normal P} e-\<succ> {Q\<leftarrow>\<diamondsuit>} }". |
|
1774 show "G,A|\<Turnstile>\<Colon>{ {Normal P} .Expr e. {Q} }" |
|
1775 proof (rule valid_stmt_NormalI) |
|
1776 fix n s0 L accC C s1 Y Z |
|
1777 assume valid_A: "\<forall>t\<in>A. G\<Turnstile>n\<Colon>t" |
|
1778 assume conf_s0: "s0\<Colon>\<preceq>(G,L)" |
|
1779 assume normal_s0: "normal s0" |
|
1780 assume wt: "\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile>Expr e\<Colon>\<surd>" |
|
1781 assume da: "\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile>dom (locals (store s0)) \<guillemotright>\<langle>Expr e\<rangle>\<^sub>s\<guillemotright> C" |
|
1782 assume eval: "G\<turnstile>s0 \<midarrow>Expr e\<midarrow>n\<rightarrow> s1" |
|
1783 assume P: "(Normal P) Y s0 Z" |
|
1784 show "Q \<diamondsuit> s1 Z \<and> s1\<Colon>\<preceq>(G, L)" |
|
1785 proof - |
|
1786 from wt obtain eT where |
|
1787 wt_e: "\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>e\<Colon>-eT" |
|
1788 by cases simp |
|
1789 from da obtain E where |
|
1790 da_e: "\<lparr>prg=G,cls=accC, lcl=L\<rparr>\<turnstile>dom (locals (store s0))\<guillemotright>\<langle>e\<rangle>\<^sub>e\<guillemotright>E" |
|
1791 by cases simp |
|
1792 from eval obtain v where |
|
1793 eval_e: "G\<turnstile>s0 \<midarrow>e-\<succ>v\<midarrow>n\<rightarrow> s1" |
|
1794 using normal_s0 by (fastsimp elim: evaln_elim_cases) |
|
1795 from valid_e P valid_A conf_s0 eval_e wt_e da_e |
|
1796 obtain Q: "(Q\<leftarrow>\<diamondsuit>) \<lfloor>v\<rfloor>\<^sub>e s1 Z" and "s1\<Colon>\<preceq>(G,L)" |
|
1797 by (rule validE) |
|
1798 thus ?thesis by simp |
|
1799 qed |
|
1800 qed |
|
1801 next |
|
1802 case (Lab A P Q c l) |
|
1803 have valid_c: "G,A|\<Turnstile>\<Colon>{ {Normal P} .c. {abupd (absorb l) .; Q} }". |
|
1804 show "G,A|\<Turnstile>\<Colon>{ {Normal P} .l\<bullet> c. {Q} }" |
|
1805 proof (rule valid_stmt_NormalI) |
|
1806 fix n s0 L accC C s2 Y Z |
|
1807 assume valid_A: "\<forall>t\<in>A. G\<Turnstile>n\<Colon>t" |
|
1808 assume conf_s0: "s0\<Colon>\<preceq>(G,L)" |
|
1809 assume normal_s0: "normal s0" |
|
1810 assume wt: "\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile>l\<bullet> c\<Colon>\<surd>" |
|
1811 assume da: "\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile>dom (locals (store s0)) \<guillemotright>\<langle>l\<bullet> c\<rangle>\<^sub>s\<guillemotright> C" |
|
1812 assume eval: "G\<turnstile>s0 \<midarrow>l\<bullet> c\<midarrow>n\<rightarrow> s2" |
|
1813 assume P: "(Normal P) Y s0 Z" |
|
1814 show "Q \<diamondsuit> s2 Z \<and> s2\<Colon>\<preceq>(G, L)" |
|
1815 proof - |
|
1816 from wt obtain |
|
1817 wt_c: "\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>c\<Colon>\<surd>" |
|
1818 by cases simp |
|
1819 from da obtain E where |
|
1820 da_c: "\<lparr>prg=G,cls=accC, lcl=L\<rparr>\<turnstile>dom (locals (store s0))\<guillemotright>\<langle>c\<rangle>\<^sub>s\<guillemotright>E" |
|
1821 by cases simp |
|
1822 from eval obtain s1 where |
|
1823 eval_c: "G\<turnstile>s0 \<midarrow>c\<midarrow>n\<rightarrow> s1" and |
|
1824 s2: "s2 = abupd (absorb l) s1" |
|
1825 using normal_s0 by (fastsimp elim: evaln_elim_cases) |
|
1826 from valid_c P valid_A conf_s0 eval_c wt_c da_c |
|
1827 obtain Q: "(abupd (absorb l) .; Q) \<diamondsuit> s1 Z" |
|
1828 by (rule validE) |
|
1829 with s2 have "Q \<diamondsuit> s2 Z" |
|
1830 by simp |
|
1831 moreover |
|
1832 from eval wt da conf_s0 wf |
|
1833 have "s2\<Colon>\<preceq>(G, L)" |
|
1834 by (rule evaln_type_sound [elim_format]) simp |
|
1835 ultimately show ?thesis .. |
|
1836 qed |
|
1837 qed |
|
1838 next |
|
1839 case (Comp A P Q R c1 c2) |
|
1840 have valid_c1: "G,A|\<Turnstile>\<Colon>{ {Normal P} .c1. {Q} }" . |
|
1841 have valid_c2: "G,A|\<Turnstile>\<Colon>{ {Q} .c2. {R} }" . |
|
1842 show "G,A|\<Turnstile>\<Colon>{ {Normal P} .c1;; c2. {R} }" |
|
1843 proof (rule valid_stmt_NormalI) |
|
1844 fix n s0 L accC C s2 Y Z |
|
1845 assume valid_A: "\<forall>t\<in>A. G\<Turnstile>n\<Colon>t" |
|
1846 assume conf_s0: "s0\<Colon>\<preceq>(G,L)" |
|
1847 assume normal_s0: "normal s0" |
|
1848 assume wt: "\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile>(c1;; c2)\<Colon>\<surd>" |
|
1849 assume da: "\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile>dom (locals (store s0))\<guillemotright>\<langle>c1;;c2\<rangle>\<^sub>s\<guillemotright>C" |
|
1850 assume eval: "G\<turnstile>s0 \<midarrow>c1;; c2\<midarrow>n\<rightarrow> s2" |
|
1851 assume P: "(Normal P) Y s0 Z" |
|
1852 show "R \<diamondsuit> s2 Z \<and> s2\<Colon>\<preceq>(G,L)" |
|
1853 proof - |
|
1854 from eval obtain s1 where |
|
1855 eval_c1: "G\<turnstile>s0 \<midarrow>c1 \<midarrow>n\<rightarrow> s1" and |
|
1856 eval_c2: "G\<turnstile>s1 \<midarrow>c2 \<midarrow>n\<rightarrow> s2" |
|
1857 using normal_s0 by (fastsimp elim: evaln_elim_cases) |
|
1858 from wt obtain |
|
1859 wt_c1: "\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>c1\<Colon>\<surd>" and |
|
1860 wt_c2: "\<lparr>prg = G, cls = accC, lcl = L\<rparr>\<turnstile>c2\<Colon>\<surd>" |
|
1861 by cases simp |
|
1862 from da obtain C1 C2 where |
|
1863 da_c1: "\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile> dom (locals (store s0)) \<guillemotright>\<langle>c1\<rangle>\<^sub>s\<guillemotright> C1" and |
|
1864 da_c2: "\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile>nrm C1 \<guillemotright>\<langle>c2\<rangle>\<^sub>s\<guillemotright> C2" |
|
1865 by cases simp |
|
1866 from valid_c1 P valid_A conf_s0 eval_c1 wt_c1 da_c1 |
|
1867 obtain Q: "Q \<diamondsuit> s1 Z" and conf_s1: "s1\<Colon>\<preceq>(G,L)" |
|
1868 by (rule validE) |
|
1869 have "R \<diamondsuit> s2 Z" |
|
1870 proof (cases "normal s1") |
|
1871 case True |
|
1872 obtain C2' where |
|
1873 "\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile> dom (locals (store s1)) \<guillemotright>\<langle>c2\<rangle>\<^sub>s\<guillemotright> C2'" |
|
1874 proof - |
|
1875 from eval_c1 wt_c1 da_c1 wf True |
|
1876 have "nrm C1 \<subseteq> dom (locals (store s1))" |
|
1877 by (cases rule: da_good_approx_evalnE) rules |
|
1878 with da_c2 show ?thesis |
|
1879 by (rule da_weakenE) |
|
1880 qed |
|
1881 with valid_c2 Q valid_A conf_s1 eval_c2 wt_c2 |
|
1882 show ?thesis |
|
1883 by (rule validE) |
|
1884 next |
|
1885 case False |
|
1886 from valid_c2 Q valid_A conf_s1 eval_c2 False |
|
1887 show ?thesis |
|
1888 by (cases rule: validE) rules+ |
|
1889 qed |
|
1890 moreover |
|
1891 from eval wt da conf_s0 wf |
|
1892 have "s2\<Colon>\<preceq>(G, L)" |
|
1893 by (rule evaln_type_sound [elim_format]) simp |
|
1894 ultimately show ?thesis .. |
|
1895 qed |
|
1896 qed |
|
1897 next |
|
1898 case (If A P P' Q c1 c2 e) |
|
1899 have valid_e: "G,A|\<Turnstile>\<Colon>{ {Normal P} e-\<succ> {P'} }" . |
|
1900 have valid_then_else: "\<And> b. G,A|\<Turnstile>\<Colon>{ {P'\<leftarrow>=b} .(if b then c1 else c2). {Q} }" |
|
1901 using If.hyps by simp |
|
1902 show "G,A|\<Turnstile>\<Colon>{ {Normal P} .If(e) c1 Else c2. {Q} }" |
|
1903 proof (rule valid_stmt_NormalI) |
|
1904 fix n s0 L accC C s2 Y Z |
|
1905 assume valid_A: "\<forall>t\<in>A. G\<Turnstile>n\<Colon>t" |
|
1906 assume conf_s0: "s0\<Colon>\<preceq>(G,L)" |
|
1907 assume normal_s0: "normal s0" |
|
1908 assume wt: "\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile>If(e) c1 Else c2\<Colon>\<surd>" |
|
1909 assume da: "\<lparr>prg=G,cls=accC,lcl=L\<rparr> |
|
1910 \<turnstile>dom (locals (store s0))\<guillemotright>\<langle>If(e) c1 Else c2\<rangle>\<^sub>s\<guillemotright>C" |
|
1911 assume eval: "G\<turnstile>s0 \<midarrow>If(e) c1 Else c2\<midarrow>n\<rightarrow> s2" |
|
1912 assume P: "(Normal P) Y s0 Z" |
|
1913 show "Q \<diamondsuit> s2 Z \<and> s2\<Colon>\<preceq>(G,L)" |
|
1914 proof - |
|
1915 from eval obtain b s1 where |
|
1916 eval_e: "G\<turnstile>s0 \<midarrow>e-\<succ>b\<midarrow>n\<rightarrow> s1" and |
|
1917 eval_then_else: "G\<turnstile>s1 \<midarrow>(if the_Bool b then c1 else c2)\<midarrow>n\<rightarrow> s2" |
|
1918 using normal_s0 by (auto elim: evaln_elim_cases) |
|
1919 from wt obtain |
|
1920 wt_e: "\<lparr>prg=G, cls=accC, lcl=L\<rparr>\<turnstile>e\<Colon>-PrimT Boolean" and |
|
1921 wt_then_else: "\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile>(if the_Bool b then c1 else c2)\<Colon>\<surd>" |
|
1922 by cases (simp split: split_if) |
|
1923 from da obtain E S where |
|
1924 da_e: "\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile> dom (locals (store s0)) \<guillemotright>\<langle>e\<rangle>\<^sub>e\<guillemotright> E" and |
|
1925 da_then_else: |
|
1926 "\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile> |
|
1927 (dom (locals (store s0)) \<union> assigns_if (the_Bool b) e) |
|
1928 \<guillemotright>\<langle>if the_Bool b then c1 else c2\<rangle>\<^sub>s\<guillemotright> S" |
|
1929 by cases (cases "the_Bool b",auto) |
|
1930 from valid_e P valid_A conf_s0 eval_e wt_e da_e |
|
1931 obtain "P' \<lfloor>b\<rfloor>\<^sub>e s1 Z" and conf_s1: "s1\<Colon>\<preceq>(G,L)" |
|
1932 by (rule validE) |
|
1933 hence P': "\<And>v. (P'\<leftarrow>=the_Bool b) v s1 Z" |
|
1934 by (cases "normal s1") auto |
|
1935 have "Q \<diamondsuit> s2 Z" |
|
1936 proof (cases "normal s1") |
|
1937 case True |
|
1938 have s0_s1: "dom (locals (store s0)) |
|
1939 \<union> assigns_if (the_Bool b) e \<subseteq> dom (locals (store s1))" |
|
1940 proof - |
|
1941 from eval_e |
|
1942 have eval_e': "G\<turnstile>s0 \<midarrow>e-\<succ>b\<rightarrow> s1" |
|
1943 by (rule evaln_eval) |
|
1944 hence |
|
1945 "dom (locals (store s0)) \<subseteq> dom (locals (store s1))" |
|
1946 by (rule dom_locals_eval_mono_elim) |
|
1947 moreover |
|
1948 from eval_e' True wt_e |
|
1949 have "assigns_if (the_Bool b) e \<subseteq> dom (locals (store s1))" |
|
1950 by (rule assigns_if_good_approx') |
|
1951 ultimately show ?thesis by (rule Un_least) |
|
1952 qed |
|
1953 with da_then_else |
|
1954 obtain S' where |
|
1955 "\<lparr>prg=G,cls=accC,lcl=L\<rparr> |
|
1956 \<turnstile>dom (locals (store s1))\<guillemotright>\<langle>if the_Bool b then c1 else c2\<rangle>\<^sub>s\<guillemotright> S'" |
|
1957 by (rule da_weakenE) |
|
1958 with valid_then_else P' valid_A conf_s1 eval_then_else wt_then_else |
|
1959 show ?thesis |
|
1960 by (rule validE) |
|
1961 next |
|
1962 case False |
|
1963 with valid_then_else P' valid_A conf_s1 eval_then_else |
|
1964 show ?thesis |
|
1965 by (cases rule: validE) rules+ |
|
1966 qed |
|
1967 moreover |
|
1968 from eval wt da conf_s0 wf |
|
1969 have "s2\<Colon>\<preceq>(G, L)" |
|
1970 by (rule evaln_type_sound [elim_format]) simp |
|
1971 ultimately show ?thesis .. |
|
1972 qed |
|
1973 qed |
|
1974 next |
|
1975 case (Loop A P P' c e l) |
|
1976 have valid_e: "G,A|\<Turnstile>\<Colon>{ {P} e-\<succ> {P'} }". |
|
1977 have valid_c: "G,A|\<Turnstile>\<Colon>{ {Normal (P'\<leftarrow>=True)} |
|
1978 .c. |
|
1979 {abupd (absorb (Cont l)) .; P} }" . |
|
1980 show "G,A|\<Turnstile>\<Colon>{ {P} .l\<bullet> While(e) c. {P'\<leftarrow>=False\<down>=\<diamondsuit>} }" |
|
1981 proof (rule valid_stmtI) |
|
1982 fix n s0 L accC C s3 Y Z |
|
1983 assume valid_A: "\<forall>t\<in>A. G\<Turnstile>n\<Colon>t" |
|
1984 assume conf_s0: "s0\<Colon>\<preceq>(G,L)" |
|
1985 assume wt: "normal s0 \<Longrightarrow> \<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile>l\<bullet> While(e) c\<Colon>\<surd>" |
|
1986 assume da: "normal s0 \<Longrightarrow> \<lparr>prg=G,cls=accC,lcl=L\<rparr> |
|
1987 \<turnstile> dom (locals (store s0)) \<guillemotright>\<langle>l\<bullet> While(e) c\<rangle>\<^sub>s\<guillemotright> C" |
|
1988 assume eval: "G\<turnstile>s0 \<midarrow>l\<bullet> While(e) c\<midarrow>n\<rightarrow> s3" |
|
1989 assume P: "P Y s0 Z" |
|
1990 show "(P'\<leftarrow>=False\<down>=\<diamondsuit>) \<diamondsuit> s3 Z \<and> s3\<Colon>\<preceq>(G,L)" |
|
1991 proof - |
|
1992 --{* From the given hypothesises @{text valid_e} and @{text valid_c} |
|
1993 we can only reach the state after unfolding the loop once, i.e. |
|
1994 @{term "P \<diamondsuit> s2 Z"}, where @{term s2} is the state after executing |
|
1995 @{term c}. To gain validity of the further execution of while, to |
|
1996 finally get @{term "(P'\<leftarrow>=False\<down>=\<diamondsuit>) \<diamondsuit> s3 Z"} we have to get |
|
1997 a hypothesis about the subsequent unfoldings (the whole loop again), |
|
1998 too. We can achieve this, by performing induction on the |
|
1999 evaluation relation, with all |
|
2000 the necessary preconditions to apply @{text valid_e} and |
|
2001 @{text valid_c} in the goal. |
|
2002 *} |
|
2003 { |
|
2004 fix t s s' v |
|
2005 assume "G\<turnstile>s \<midarrow>t\<succ>\<midarrow>n\<rightarrow> (v, s')" |
|
2006 hence "\<And> Y' T E. |
|
2007 \<lbrakk>t = \<langle>l\<bullet> While(e) c\<rangle>\<^sub>s; \<forall>t\<in>A. G\<Turnstile>n\<Colon>t; P Y' s Z; s\<Colon>\<preceq>(G, L); |
|
2008 normal s \<Longrightarrow> \<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile>t\<Colon>T; |
|
2009 normal s \<Longrightarrow> \<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile>dom (locals (store s))\<guillemotright>t\<guillemotright>E |
|
2010 \<rbrakk>\<Longrightarrow> (P'\<leftarrow>=False\<down>=\<diamondsuit>) v s' Z" |
|
2011 (is "PROP ?Hyp n t s v s'") |
|
2012 proof (induct) |
|
2013 case (Loop b c' e' l' n' s0' s1' s2' s3' Y' T E) |
|
2014 have while: "(\<langle>l'\<bullet> While(e') c'\<rangle>\<^sub>s::term) = \<langle>l\<bullet> While(e) c\<rangle>\<^sub>s" . |
|
2015 hence eqs: "l'=l" "e'=e" "c'=c" by simp_all |
|
2016 have valid_A: "\<forall>t\<in>A. G\<Turnstile>n'\<Colon>t". |
|
2017 have P: "P Y' (Norm s0') Z". |
|
2018 have conf_s0': "Norm s0'\<Colon>\<preceq>(G, L)" . |
|
2019 have wt: "\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile>\<langle>l\<bullet> While(e) c\<rangle>\<^sub>s\<Colon>T" |
|
2020 using Loop.prems eqs by simp |
|
2021 have da: "\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile> |
|
2022 dom (locals (store ((Norm s0')::state)))\<guillemotright>\<langle>l\<bullet> While(e) c\<rangle>\<^sub>s\<guillemotright>E" |
|
2023 using Loop.prems eqs by simp |
|
2024 have evaln_e: "G\<turnstile>Norm s0' \<midarrow>e-\<succ>b\<midarrow>n'\<rightarrow> s1'" |
|
2025 using Loop.hyps eqs by simp |
|
2026 show "(P'\<leftarrow>=False\<down>=\<diamondsuit>) \<diamondsuit> s3' Z" |
|
2027 proof - |
|
2028 from wt obtain |
|
2029 wt_e: "\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile>e\<Colon>-PrimT Boolean" and |
|
2030 wt_c: "\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile>c\<Colon>\<surd>" |
|
2031 by cases (simp add: eqs) |
|
2032 from da obtain E S where |
|
2033 da_e: "\<lparr>prg=G,cls=accC,lcl=L\<rparr> |
|
2034 \<turnstile> dom (locals (store ((Norm s0')::state))) \<guillemotright>\<langle>e\<rangle>\<^sub>e\<guillemotright> E" and |
|
2035 da_c: "\<lparr>prg=G,cls=accC,lcl=L\<rparr> |
|
2036 \<turnstile> (dom (locals (store ((Norm s0')::state))) |
|
2037 \<union> assigns_if True e) \<guillemotright>\<langle>c\<rangle>\<^sub>s\<guillemotright> S" |
|
2038 by cases (simp add: eqs) |
|
2039 from evaln_e |
|
2040 have eval_e: "G\<turnstile>Norm s0' \<midarrow>e-\<succ>b\<rightarrow> s1'" |
|
2041 by (rule evaln_eval) |
|
2042 from valid_e P valid_A conf_s0' evaln_e wt_e da_e |
|
2043 obtain P': "P' \<lfloor>b\<rfloor>\<^sub>e s1' Z" and conf_s1': "s1'\<Colon>\<preceq>(G,L)" |
|
2044 by (rule validE) |
|
2045 show "(P'\<leftarrow>=False\<down>=\<diamondsuit>) \<diamondsuit> s3' Z" |
|
2046 proof (cases "normal s1'") |
|
2047 case True |
|
2048 note normal_s1'=this |
|
2049 show ?thesis |
|
2050 proof (cases "the_Bool b") |
|
2051 case True |
|
2052 with P' normal_s1' have P'': "(Normal (P'\<leftarrow>=True)) \<lfloor>b\<rfloor>\<^sub>e s1' Z" |
|
2053 by auto |
|
2054 from True Loop.hyps obtain |
|
2055 eval_c: "G\<turnstile>s1' \<midarrow>c\<midarrow>n'\<rightarrow> s2'" and |
|
2056 eval_while: |
|
2057 "G\<turnstile>abupd (absorb (Cont l)) s2' \<midarrow>l\<bullet> While(e) c\<midarrow>n'\<rightarrow> s3'" |
|
2058 by (simp add: eqs) |
|
2059 from True Loop.hyps have |
|
2060 hyp: "PROP ?Hyp n' \<langle>l\<bullet> While(e) c\<rangle>\<^sub>s |
|
2061 (abupd (absorb (Cont l')) s2') \<diamondsuit> s3'" |
|
2062 apply (simp only: True if_True eqs) |
|
2063 apply (elim conjE) |
|
2064 apply (tactic "smp_tac 3 1") |
|
2065 apply fast |
|
2066 done |
|
2067 from eval_e |
|
2068 have s0'_s1': "dom (locals (store ((Norm s0')::state))) |
|
2069 \<subseteq> dom (locals (store s1'))" |
|
2070 by (rule dom_locals_eval_mono_elim) |
|
2071 obtain S' where |
|
2072 da_c': |
|
2073 "\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile>(dom (locals (store s1')))\<guillemotright>\<langle>c\<rangle>\<^sub>s\<guillemotright> S'" |
|
2074 proof - |
|
2075 note s0'_s1' |
|
2076 moreover |
|
2077 from eval_e normal_s1' wt_e |
|
2078 have "assigns_if True e \<subseteq> dom (locals (store s1'))" |
|
2079 by (rule assigns_if_good_approx' [elim_format]) |
|
2080 (simp add: True) |
|
2081 ultimately |
|
2082 have "dom (locals (store ((Norm s0')::state))) |
|
2083 \<union> assigns_if True e \<subseteq> dom (locals (store s1'))" |
|
2084 by (rule Un_least) |
|
2085 with da_c show ?thesis |
|
2086 by (rule da_weakenE) |
|
2087 qed |
|
2088 with valid_c P'' valid_A conf_s1' eval_c wt_c |
|
2089 obtain "(abupd (absorb (Cont l)) .; P) \<diamondsuit> s2' Z" and |
|
2090 conf_s2': "s2'\<Colon>\<preceq>(G,L)" |
|
2091 by (rule validE) |
|
2092 hence P_s2': "P \<diamondsuit> (abupd (absorb (Cont l)) s2') Z" |
|
2093 by simp |
|
2094 from conf_s2' |
|
2095 have conf_absorb: "abupd (absorb (Cont l)) s2' \<Colon>\<preceq>(G, L)" |
|
2096 by (cases s2') (auto intro: conforms_absorb) |
|
2097 moreover |
|
2098 obtain E' where |
|
2099 da_while': |
|
2100 "\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile> |
|
2101 dom (locals(store (abupd (absorb (Cont l)) s2'))) |
|
2102 \<guillemotright>\<langle>l\<bullet> While(e) c\<rangle>\<^sub>s\<guillemotright> E'" |
|
2103 proof - |
|
2104 note s0'_s1' |
|
2105 also |
|
2106 from eval_c |
|
2107 have "G\<turnstile>s1' \<midarrow>c\<rightarrow> s2'" |
|
2108 by (rule evaln_eval) |
|
2109 hence "dom (locals (store s1')) \<subseteq> dom (locals (store s2'))" |
|
2110 by (rule dom_locals_eval_mono_elim) |
|
2111 also |
|
2112 have "\<dots>\<subseteq>dom (locals (store (abupd (absorb (Cont l)) s2')))" |
|
2113 by simp |
|
2114 finally |
|
2115 have "dom (locals (store ((Norm s0')::state))) \<subseteq> \<dots>" . |
|
2116 with da show ?thesis |
|
2117 by (rule da_weakenE) |
|
2118 qed |
|
2119 from valid_A P_s2' conf_absorb wt da_while' |
|
2120 show "(P'\<leftarrow>=False\<down>=\<diamondsuit>) \<diamondsuit> s3' Z" |
|
2121 using hyp by (simp add: eqs) |
|
2122 next |
|
2123 case False |
|
2124 with Loop.hyps obtain "s3'=s1'" |
|
2125 by simp |
|
2126 with P' False show ?thesis |
|
2127 by auto |
|
2128 qed |
|
2129 next |
|
2130 case False |
|
2131 note abnormal_s1'=this |
|
2132 have "s3'=s1'" |
|
2133 proof - |
|
2134 from False obtain abr where abr: "abrupt s1' = Some abr" |
|
2135 by (cases s1') auto |
|
2136 from eval_e _ wt_e wf |
|
2137 have no_jmp: "\<And> j. abrupt s1' \<noteq> Some (Jump j)" |
|
2138 by (rule eval_expression_no_jump |
|
2139 [where ?Env="\<lparr>prg=G,cls=accC,lcl=L\<rparr>",simplified]) |
|
2140 simp |
|
2141 show ?thesis |
|
2142 proof (cases "the_Bool b") |
|
2143 case True |
|
2144 with Loop.hyps obtain |
|
2145 eval_c: "G\<turnstile>s1' \<midarrow>c\<midarrow>n'\<rightarrow> s2'" and |
|
2146 eval_while: |
|
2147 "G\<turnstile>abupd (absorb (Cont l)) s2' \<midarrow>l\<bullet> While(e) c\<midarrow>n'\<rightarrow> s3'" |
|
2148 by (simp add: eqs) |
|
2149 from eval_c abr have "s2'=s1'" by auto |
|
2150 moreover from calculation no_jmp |
|
2151 have "abupd (absorb (Cont l)) s2'=s2'" |
|
2152 by (cases s1') (simp add: absorb_def) |
|
2153 ultimately show ?thesis |
|
2154 using eval_while abr |
|
2155 by auto |
|
2156 next |
|
2157 case False |
|
2158 with Loop.hyps show ?thesis by simp |
|
2159 qed |
|
2160 qed |
|
2161 with P' False show ?thesis |
|
2162 by auto |
|
2163 qed |
|
2164 qed |
|
2165 next |
|
2166 case (Abrupt n' s t' abr Y' T E) |
|
2167 have t': "t' = \<langle>l\<bullet> While(e) c\<rangle>\<^sub>s". |
|
2168 have conf: "(Some abr, s)\<Colon>\<preceq>(G, L)". |
|
2169 have P: "P Y' (Some abr, s) Z". |
|
2170 have valid_A: "\<forall>t\<in>A. G\<Turnstile>n'\<Colon>t". |
|
2171 show "(P'\<leftarrow>=False\<down>=\<diamondsuit>) (arbitrary3 t') (Some abr, s) Z" |
|
2172 proof - |
|
2173 have eval_e: |
|
2174 "G\<turnstile>(Some abr,s) \<midarrow>\<langle>e\<rangle>\<^sub>e\<succ>\<midarrow>n'\<rightarrow> (arbitrary3 \<langle>e\<rangle>\<^sub>e,(Some abr,s))" |
|
2175 by auto |
|
2176 from valid_e P valid_A conf eval_e |
|
2177 have "P' (arbitrary3 \<langle>e\<rangle>\<^sub>e) (Some abr,s) Z" |
|
2178 by (cases rule: validE [where ?P="P"]) simp+ |
|
2179 with t' show ?thesis |
|
2180 by auto |
|
2181 qed |
|
2182 qed (simp_all) |
|
2183 } note generalized=this |
|
2184 from eval _ valid_A P conf_s0 wt da |
|
2185 have "(P'\<leftarrow>=False\<down>=\<diamondsuit>) \<diamondsuit> s3 Z" |
|
2186 by (rule generalized) simp_all |
|
2187 moreover |
|
2188 have "s3\<Colon>\<preceq>(G, L)" |
|
2189 proof (cases "normal s0") |
|
2190 case True |
|
2191 from eval wt [OF True] da [OF True] conf_s0 wf |
|
2192 show ?thesis |
|
2193 by (rule evaln_type_sound [elim_format]) simp |
|
2194 next |
|
2195 case False |
|
2196 with eval have "s3=s0" |
|
2197 by auto |
|
2198 with conf_s0 show ?thesis |
|
2199 by simp |
|
2200 qed |
|
2201 ultimately show ?thesis .. |
|
2202 qed |
|
2203 qed |
|
2204 next |
|
2205 case (Jmp A P j) |
|
2206 show "G,A|\<Turnstile>\<Colon>{ {Normal (abupd (\<lambda>a. Some (Jump j)) .; P\<leftarrow>\<diamondsuit>)} .Jmp j. {P} }" |
|
2207 proof (rule valid_stmt_NormalI) |
|
2208 fix n s0 L accC C s1 Y Z |
|
2209 assume valid_A: "\<forall>t\<in>A. G\<Turnstile>n\<Colon>t" |
|
2210 assume conf_s0: "s0\<Colon>\<preceq>(G,L)" |
|
2211 assume normal_s0: "normal s0" |
|
2212 assume wt: "\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile>Jmp j\<Colon>\<surd>" |
|
2213 assume da: "\<lparr>prg=G,cls=accC,lcl=L\<rparr> |
|
2214 \<turnstile>dom (locals (store s0))\<guillemotright>\<langle>Jmp j\<rangle>\<^sub>s\<guillemotright>C" |
|
2215 assume eval: "G\<turnstile>s0 \<midarrow>Jmp j\<midarrow>n\<rightarrow> s1" |
|
2216 assume P: "(Normal (abupd (\<lambda>a. Some (Jump j)) .; P\<leftarrow>\<diamondsuit>)) Y s0 Z" |
|
2217 show "P \<diamondsuit> s1 Z \<and> s1\<Colon>\<preceq>(G,L)" |
|
2218 proof - |
|
2219 from eval obtain s where |
|
2220 s: "s0=Norm s" "s1=(Some (Jump j), s)" |
|
2221 using normal_s0 by (auto elim: evaln_elim_cases) |
|
2222 with P have "P \<diamondsuit> s1 Z" |
|
2223 by simp |
|
2224 moreover |
|
2225 from eval wt da conf_s0 wf |
|
2226 have "s1\<Colon>\<preceq>(G,L)" |
|
2227 by (rule evaln_type_sound [elim_format]) simp |
|
2228 ultimately show ?thesis .. |
|
2229 qed |
|
2230 qed |
|
2231 next |
|
2232 case (Throw A P Q e) |
|
2233 have valid_e: "G,A|\<Turnstile>\<Colon>{ {Normal P} e-\<succ> {\<lambda>Val:a:. abupd (throw a) .; Q\<leftarrow>\<diamondsuit>} }". |
|
2234 show "G,A|\<Turnstile>\<Colon>{ {Normal P} .Throw e. {Q} }" |
|
2235 proof (rule valid_stmt_NormalI) |
|
2236 fix n s0 L accC C s2 Y Z |
|
2237 assume valid_A: "\<forall>t\<in>A. G\<Turnstile>n\<Colon>t" |
|
2238 assume conf_s0: "s0\<Colon>\<preceq>(G,L)" |
|
2239 assume normal_s0: "normal s0" |
|
2240 assume wt: "\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile>Throw e\<Colon>\<surd>" |
|
2241 assume da: "\<lparr>prg=G,cls=accC,lcl=L\<rparr> |
|
2242 \<turnstile>dom (locals (store s0))\<guillemotright>\<langle>Throw e\<rangle>\<^sub>s\<guillemotright>C" |
|
2243 assume eval: "G\<turnstile>s0 \<midarrow>Throw e\<midarrow>n\<rightarrow> s2" |
|
2244 assume P: "(Normal P) Y s0 Z" |
|
2245 show "Q \<diamondsuit> s2 Z \<and> s2\<Colon>\<preceq>(G,L)" |
|
2246 proof - |
|
2247 from eval obtain s1 a where |
|
2248 eval_e: "G\<turnstile>s0 \<midarrow>e-\<succ>a\<midarrow>n\<rightarrow> s1" and |
|
2249 s2: "s2 = abupd (throw a) s1" |
|
2250 using normal_s0 by (auto elim: evaln_elim_cases) |
|
2251 from wt obtain T where |
|
2252 wt_e: "\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile>e\<Colon>-T" |
|
2253 by cases simp |
|
2254 from da obtain E where |
|
2255 da_e: "\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile> dom (locals (store s0)) \<guillemotright>\<langle>e\<rangle>\<^sub>e\<guillemotright> E" |
|
2256 by cases simp |
|
2257 from valid_e P valid_A conf_s0 eval_e wt_e da_e |
|
2258 obtain "(\<lambda>Val:a:. abupd (throw a) .; Q\<leftarrow>\<diamondsuit>) \<lfloor>a\<rfloor>\<^sub>e s1 Z" |
|
2259 by (rule validE) |
|
2260 with s2 have "Q \<diamondsuit> s2 Z" |
|
2261 by simp |
|
2262 moreover |
|
2263 from eval wt da conf_s0 wf |
|
2264 have "s2\<Colon>\<preceq>(G,L)" |
|
2265 by (rule evaln_type_sound [elim_format]) simp |
|
2266 ultimately show ?thesis .. |
|
2267 qed |
|
2268 qed |
|
2269 next |
|
2270 case (Try A C P Q R c1 c2 vn) |
|
2271 have valid_c1: "G,A|\<Turnstile>\<Colon>{ {Normal P} .c1. {SXAlloc G Q} }". |
|
2272 have valid_c2: "G,A|\<Turnstile>\<Colon>{ {Q \<and>. (\<lambda>s. G,s\<turnstile>catch C) ;. new_xcpt_var vn} |
|
2273 .c2. |
|
2274 {R} }". |
|
2275 have Q_R: "(Q \<and>. (\<lambda>s. \<not> G,s\<turnstile>catch C)) \<Rightarrow> R" . |
|
2276 show "G,A|\<Turnstile>\<Colon>{ {Normal P} .Try c1 Catch(C vn) c2. {R} }" |
|
2277 proof (rule valid_stmt_NormalI) |
|
2278 fix n s0 L accC E s3 Y Z |
|
2279 assume valid_A: "\<forall>t\<in>A. G\<Turnstile>n\<Colon>t" |
|
2280 assume conf_s0: "s0\<Colon>\<preceq>(G,L)" |
|
2281 assume normal_s0: "normal s0" |
|
2282 assume wt: "\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile>Try c1 Catch(C vn) c2\<Colon>\<surd>" |
|
2283 assume da: "\<lparr>prg=G,cls=accC,lcl=L\<rparr> |
|
2284 \<turnstile>dom (locals (store s0)) \<guillemotright>\<langle>Try c1 Catch(C vn) c2\<rangle>\<^sub>s\<guillemotright> E" |
|
2285 assume eval: "G\<turnstile>s0 \<midarrow>Try c1 Catch(C vn) c2\<midarrow>n\<rightarrow> s3" |
|
2286 assume P: "(Normal P) Y s0 Z" |
|
2287 show "R \<diamondsuit> s3 Z \<and> s3\<Colon>\<preceq>(G,L)" |
|
2288 proof - |
|
2289 from eval obtain s1 s2 where |
|
2290 eval_c1: "G\<turnstile>s0 \<midarrow>c1\<midarrow>n\<rightarrow> s1" and |
|
2291 sxalloc: "G\<turnstile>s1 \<midarrow>sxalloc\<rightarrow> s2" and |
|
2292 s3: "if G,s2\<turnstile>catch C |
|
2293 then G\<turnstile>new_xcpt_var vn s2 \<midarrow>c2\<midarrow>n\<rightarrow> s3 |
|
2294 else s3 = s2" |
|
2295 using normal_s0 by (fastsimp elim: evaln_elim_cases) |
|
2296 from wt obtain |
|
2297 wt_c1: "\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile>c1\<Colon>\<surd>" and |
|
2298 wt_c2: "\<lparr>prg=G,cls=accC,lcl=L(VName vn\<mapsto>Class C)\<rparr>\<turnstile>c2\<Colon>\<surd>" |
|
2299 by cases simp |
|
2300 from da obtain C1 C2 where |
|
2301 da_c1: "\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile> dom (locals (store s0)) \<guillemotright>\<langle>c1\<rangle>\<^sub>s\<guillemotright> C1" and |
|
2302 da_c2: "\<lparr>prg=G,cls=accC,lcl=L(VName vn\<mapsto>Class C)\<rparr> |
|
2303 \<turnstile> (dom (locals (store s0)) \<union> {VName vn}) \<guillemotright>\<langle>c2\<rangle>\<^sub>s\<guillemotright> C2" |
|
2304 by cases simp |
|
2305 from valid_c1 P valid_A conf_s0 eval_c1 wt_c1 da_c1 |
|
2306 obtain sxQ: "(SXAlloc G Q) \<diamondsuit> s1 Z" and conf_s1: "s1\<Colon>\<preceq>(G,L)" |
|
2307 by (rule validE) |
|
2308 from sxalloc sxQ |
|
2309 have Q: "Q \<diamondsuit> s2 Z" |
|
2310 by auto |
|
2311 have "R \<diamondsuit> s3 Z" |
|
2312 proof (cases "\<exists> x. abrupt s1 = Some (Xcpt x)") |
|
2313 case False |
|
2314 from sxalloc wf |
|
2315 have "s2=s1" |
|
2316 by (rule sxalloc_type_sound [elim_format]) |
|
2317 (insert False, auto split: option.splits abrupt.splits ) |
|
2318 with False |
|
2319 have no_catch: "\<not> G,s2\<turnstile>catch C" |
|
2320 by (simp add: catch_def) |
|
2321 moreover |
|
2322 from no_catch s3 |
|
2323 have "s3=s2" |
|
2324 by simp |
|
2325 ultimately show ?thesis |
|
2326 using Q Q_R by simp |
|
2327 next |
|
2328 case True |
|
2329 note exception_s1 = this |
|
2330 show ?thesis |
|
2331 proof (cases "G,s2\<turnstile>catch C") |
|
2332 case False |
|
2333 with s3 |
|
2334 have "s3=s2" |
|
2335 by simp |
|
2336 with False Q Q_R show ?thesis |
|
2337 by simp |
|
2338 next |
|
2339 case True |
|
2340 with s3 have eval_c2: "G\<turnstile>new_xcpt_var vn s2 \<midarrow>c2\<midarrow>n\<rightarrow> s3" |
|
2341 by simp |
|
2342 from conf_s1 sxalloc wf |
|
2343 have conf_s2: "s2\<Colon>\<preceq>(G, L)" |
|
2344 by (auto dest: sxalloc_type_sound |
|
2345 split: option.splits abrupt.splits) |
|
2346 from exception_s1 sxalloc wf |
|
2347 obtain a |
|
2348 where xcpt_s2: "abrupt s2 = Some (Xcpt (Loc a))" |
|
2349 by (auto dest!: sxalloc_type_sound |
|
2350 split: option.splits abrupt.splits) |
|
2351 with True |
|
2352 have "G\<turnstile>obj_ty (the (globs (store s2) (Heap a)))\<preceq>Class C" |
|
2353 by (cases s2) simp |
|
2354 with xcpt_s2 conf_s2 wf |
|
2355 have conf_new_xcpt: "new_xcpt_var vn s2 \<Colon>\<preceq>(G, L(VName vn\<mapsto>Class C))" |
|
2356 by (auto dest: Try_lemma) |
|
2357 obtain C2' where |
|
2358 da_c2': |
|
2359 "\<lparr>prg=G,cls=accC,lcl=L(VName vn\<mapsto>Class C)\<rparr> |
|
2360 \<turnstile> (dom (locals (store (new_xcpt_var vn s2)))) \<guillemotright>\<langle>c2\<rangle>\<^sub>s\<guillemotright> C2'" |
|
2361 proof - |
|
2362 have "(dom (locals (store s0)) \<union> {VName vn}) |
|
2363 \<subseteq> dom (locals (store (new_xcpt_var vn s2)))" |
|
2364 proof - |
|
2365 from eval_c1 |
|
2366 have "dom (locals (store s0)) |
|
2367 \<subseteq> dom (locals (store s1))" |
|
2368 by (rule dom_locals_evaln_mono_elim) |
|
2369 also |
|
2370 from sxalloc |
|
2371 have "\<dots> \<subseteq> dom (locals (store s2))" |
|
2372 by (rule dom_locals_sxalloc_mono) |
|
2373 also |
|
2374 have "\<dots> \<subseteq> dom (locals (store (new_xcpt_var vn s2)))" |
|
2375 by (cases s2) (simp add: new_xcpt_var_def, blast) |
|
2376 also |
|
2377 have "{VName vn} \<subseteq> \<dots>" |
|
2378 by (cases s2) simp |
|
2379 ultimately show ?thesis |
|
2380 by (rule Un_least) |
|
2381 qed |
|
2382 with da_c2 show ?thesis |
|
2383 by (rule da_weakenE) |
|
2384 qed |
|
2385 from Q eval_c2 True |
|
2386 have "(Q \<and>. (\<lambda>s. G,s\<turnstile>catch C) ;. new_xcpt_var vn) |
|
2387 \<diamondsuit> (new_xcpt_var vn s2) Z" |
|
2388 by auto |
|
2389 from valid_c2 this valid_A conf_new_xcpt eval_c2 wt_c2 da_c2' |
|
2390 show "R \<diamondsuit> s3 Z" |
|
2391 by (rule validE) |
|
2392 qed |
|
2393 qed |
|
2394 moreover |
|
2395 from eval wt da conf_s0 wf |
|
2396 have "s3\<Colon>\<preceq>(G,L)" |
|
2397 by (rule evaln_type_sound [elim_format]) simp |
|
2398 ultimately show ?thesis .. |
|
2399 qed |
|
2400 qed |
|
2401 next |
|
2402 case (Fin A P Q R c1 c2) |
|
2403 have valid_c1: "G,A|\<Turnstile>\<Colon>{ {Normal P} .c1. {Q} }". |
|
2404 have valid_c2: "\<And> abr. G,A|\<Turnstile>\<Colon>{ {Q \<and>. (\<lambda>s. abr = fst s) ;. abupd (\<lambda>x. None)} |
|
2405 .c2. |
|
2406 {abupd (abrupt_if (abr \<noteq> None) abr) .; R} }" |
|
2407 using Fin.hyps by simp |
|
2408 show "G,A|\<Turnstile>\<Colon>{ {Normal P} .c1 Finally c2. {R} }" |
|
2409 proof (rule valid_stmt_NormalI) |
|
2410 fix n s0 L accC E s3 Y Z |
|
2411 assume valid_A: "\<forall>t\<in>A. G\<Turnstile>n\<Colon>t" |
|
2412 assume conf_s0: "s0\<Colon>\<preceq>(G,L)" |
|
2413 assume normal_s0: "normal s0" |
|
2414 assume wt: "\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile>c1 Finally c2\<Colon>\<surd>" |
|
2415 assume da: "\<lparr>prg=G,cls=accC,lcl=L\<rparr> |
|
2416 \<turnstile>dom (locals (store s0)) \<guillemotright>\<langle>c1 Finally c2\<rangle>\<^sub>s\<guillemotright> E" |
|
2417 assume eval: "G\<turnstile>s0 \<midarrow>c1 Finally c2\<midarrow>n\<rightarrow> s3" |
|
2418 assume P: "(Normal P) Y s0 Z" |
|
2419 show "R \<diamondsuit> s3 Z \<and> s3\<Colon>\<preceq>(G,L)" |
|
2420 proof - |
|
2421 from eval obtain s1 abr1 s2 where |
|
2422 eval_c1: "G\<turnstile>s0 \<midarrow>c1\<midarrow>n\<rightarrow> (abr1, s1)" and |
|
2423 eval_c2: "G\<turnstile>Norm s1 \<midarrow>c2\<midarrow>n\<rightarrow> s2" and |
|
2424 s3: "s3 = (if \<exists>err. abr1 = Some (Error err) |
|
2425 then (abr1, s1) |
|
2426 else abupd (abrupt_if (abr1 \<noteq> None) abr1) s2)" |
|
2427 using normal_s0 by (fastsimp elim: evaln_elim_cases) |
|
2428 from wt obtain |
|
2429 wt_c1: "\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile>c1\<Colon>\<surd>" and |
|
2430 wt_c2: "\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile>c2\<Colon>\<surd>" |
|
2431 by cases simp |
|
2432 from da obtain C1 C2 where |
|
2433 da_c1: "\<lparr>prg=G,cls=accC,lcl=L\<rparr> \<turnstile> dom (locals (store s0)) \<guillemotright>\<langle>c1\<rangle>\<^sub>s\<guillemotright> C1" and |
|
2434 da_c2: "\<lparr>prg=G,cls=accC,lcl=L\<rparr> \<turnstile> dom (locals (store s0)) \<guillemotright>\<langle>c2\<rangle>\<^sub>s\<guillemotright> C2" |
|
2435 by cases simp |
|
2436 from valid_c1 P valid_A conf_s0 eval_c1 wt_c1 da_c1 |
|
2437 obtain Q: "Q \<diamondsuit> (abr1,s1) Z" and conf_s1: "(abr1,s1)\<Colon>\<preceq>(G,L)" |
|
2438 by (rule validE) |
|
2439 from Q |
|
2440 have Q': "(Q \<and>. (\<lambda>s. abr1 = fst s) ;. abupd (\<lambda>x. None)) \<diamondsuit> (Norm s1) Z" |
|
2441 by auto |
|
2442 from eval_c1 wt_c1 da_c1 conf_s0 wf |
|
2443 have "error_free (abr1,s1)" |
|
2444 by (rule evaln_type_sound [elim_format]) (insert normal_s0,simp) |
|
2445 with s3 have s3': "s3 = abupd (abrupt_if (abr1 \<noteq> None) abr1) s2" |
|
2446 by (simp add: error_free_def) |
|
2447 from conf_s1 |
|
2448 have conf_Norm_s1: "Norm s1\<Colon>\<preceq>(G,L)" |
|
2449 by (rule conforms_NormI) |
|
2450 obtain C2' where |
|
2451 da_c2': "\<lparr>prg=G,cls=accC,lcl=L\<rparr> |
|
2452 \<turnstile> dom (locals (store ((Norm s1)::state))) \<guillemotright>\<langle>c2\<rangle>\<^sub>s\<guillemotright> C2'" |
|
2453 proof - |
|
2454 from eval_c1 |
|
2455 have "dom (locals (store s0)) \<subseteq> dom (locals (store (abr1,s1)))" |
|
2456 by (rule dom_locals_evaln_mono_elim) |
|
2457 hence "dom (locals (store s0)) |
|
2458 \<subseteq> dom (locals (store ((Norm s1)::state)))" |
|
2459 by simp |
|
2460 with da_c2 show ?thesis |
|
2461 by (rule da_weakenE) |
|
2462 qed |
|
2463 from valid_c2 Q' valid_A conf_Norm_s1 eval_c2 wt_c2 da_c2' |
|
2464 have "(abupd (abrupt_if (abr1 \<noteq> None) abr1) .; R) \<diamondsuit> s2 Z" |
|
2465 by (rule validE) |
|
2466 with s3' have "R \<diamondsuit> s3 Z" |
|
2467 by simp |
|
2468 moreover |
|
2469 from eval wt da conf_s0 wf |
|
2470 have "s3\<Colon>\<preceq>(G,L)" |
|
2471 by (rule evaln_type_sound [elim_format]) simp |
|
2472 ultimately show ?thesis .. |
|
2473 qed |
|
2474 qed |
|
2475 next |
|
2476 case (Done A C P) |
|
2477 show "G,A|\<Turnstile>\<Colon>{ {Normal (P\<leftarrow>\<diamondsuit> \<and>. initd C)} .Init C. {P} }" |
|
2478 proof (rule valid_stmt_NormalI) |
|
2479 fix n s0 L accC E s3 Y Z |
|
2480 assume valid_A: "\<forall>t\<in>A. G\<Turnstile>n\<Colon>t" |
|
2481 assume conf_s0: "s0\<Colon>\<preceq>(G,L)" |
|
2482 assume normal_s0: "normal s0" |
|
2483 assume wt: "\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile>Init C\<Colon>\<surd>" |
|
2484 assume da: "\<lparr>prg=G,cls=accC,lcl=L\<rparr> |
|
2485 \<turnstile>dom (locals (store s0)) \<guillemotright>\<langle>Init C\<rangle>\<^sub>s\<guillemotright> E" |
|
2486 assume eval: "G\<turnstile>s0 \<midarrow>Init C\<midarrow>n\<rightarrow> s3" |
|
2487 assume P: "(Normal (P\<leftarrow>\<diamondsuit> \<and>. initd C)) Y s0 Z" |
|
2488 show "P \<diamondsuit> s3 Z \<and> s3\<Colon>\<preceq>(G,L)" |
|
2489 proof - |
|
2490 from P have inited: "inited C (globs (store s0))" |
|
2491 by simp |
|
2492 with eval have "s3=s0" |
|
2493 using normal_s0 by (auto elim: evaln_elim_cases) |
|
2494 with P conf_s0 show ?thesis |
|
2495 by simp |
|
2496 qed |
|
2497 qed |
|
2498 next |
|
2499 case (Init A C P Q R c) |
|
2500 have c: "the (class G C) = c". |
|
2501 have valid_super: |
|
2502 "G,A|\<Turnstile>\<Colon>{ {Normal (P \<and>. Not \<circ> initd C ;. supd (init_class_obj G C))} |
|
2503 .(if C = Object then Skip else Init (super c)). |
|
2504 {Q} }". |
|
2505 have valid_init: |
|
2506 "\<And> l. G,A|\<Turnstile>\<Colon>{ {Q \<and>. (\<lambda>s. l = locals (snd s)) ;. set_lvars empty} |
|
2507 .init c. |
|
2508 {set_lvars l .; R} }" |
|
2509 using Init.hyps by simp |
|
2510 show "G,A|\<Turnstile>\<Colon>{ {Normal (P \<and>. Not \<circ> initd C)} .Init C. {R} }" |
|
2511 proof (rule valid_stmt_NormalI) |
|
2512 fix n s0 L accC E s3 Y Z |
|
2513 assume valid_A: "\<forall>t\<in>A. G\<Turnstile>n\<Colon>t" |
|
2514 assume conf_s0: "s0\<Colon>\<preceq>(G,L)" |
|
2515 assume normal_s0: "normal s0" |
|
2516 assume wt: "\<lparr>prg=G,cls=accC,lcl=L\<rparr>\<turnstile>Init C\<Colon>\<surd>" |
|
2517 assume da: "\<lparr>prg=G,cls=accC,lcl=L\<rparr> |
|
2518 \<turnstile>dom (locals (store s0)) \<guillemotright>\<langle>Init C\<rangle>\<^sub>s\<guillemotright> E" |
|
2519 assume eval: "G\<turnstile>s0 \<midarrow>Init C\<midarrow>n\<rightarrow> s3" |
|
2520 assume P: "(Normal (P \<and>. Not \<circ> initd C)) Y s0 Z" |
|
2521 show "R \<diamondsuit> s3 Z \<and> s3\<Colon>\<preceq>(G,L)" |
|
2522 proof - |
|
2523 from P have not_inited: "\<not> inited C (globs (store s0))" by simp |
|
2524 with eval c obtain s1 s2 where |
|
2525 eval_super: |
|
2526 "G\<turnstile>Norm ((init_class_obj G C) (store s0)) |
|
2527 \<midarrow>(if C = Object then Skip else Init (super c))\<midarrow>n\<rightarrow> s1" and |
|
2528 eval_init: "G\<turnstile>(set_lvars empty) s1 \<midarrow>init c\<midarrow>n\<rightarrow> s2" and |
|
2529 s3: "s3 = (set_lvars (locals (store s1))) s2" |
|
2530 using normal_s0 by (auto elim!: evaln_elim_cases) |
|
2531 from wt c have |
|
2532 cls_C: "class G C = Some c" |
|
2533 by cases auto |
|
2534 from wf cls_C have |
|
2535 wt_super: "\<lparr>prg=G,cls=accC,lcl=L\<rparr> |
|
2536 \<turnstile>(if C = Object then Skip else Init (super c))\<Colon>\<surd>" |
|
2537 by (cases "C=Object") |
|
2538 (auto dest: wf_prog_cdecl wf_cdecl_supD is_acc_classD) |
|
2539 obtain S where |
|
2540 da_super: |
|
2541 "\<lparr>prg=G,cls=accC,lcl=L\<rparr> |
|
2542 \<turnstile> dom (locals (store ((Norm |
|
2543 ((init_class_obj G C) (store s0)))::state))) |
|
2544 \<guillemotright>\<langle>if C = Object then Skip else Init (super c)\<rangle>\<^sub>s\<guillemotright> S" |
|
2545 proof (cases "C=Object") |
|
2546 case True |
|
2547 with da_Skip show ?thesis |
|
2548 using that by (auto intro: assigned.select_convs) |
|
2549 next |
|
2550 case False |
|
2551 with da_Init show ?thesis |
|
2552 by - (rule that, auto intro: assigned.select_convs) |
|
2553 qed |
|
2554 from normal_s0 conf_s0 wf cls_C not_inited |
|
2555 have conf_init_cls: "(Norm ((init_class_obj G C) (store s0)))\<Colon>\<preceq>(G, L)" |
|
2556 by (auto intro: conforms_init_class_obj) |
|
2557 from P |
|
2558 have P': "(Normal (P \<and>. Not \<circ> initd C ;. supd (init_class_obj G C))) |
|
2559 Y (Norm ((init_class_obj G C) (store s0))) Z" |
|
2560 by auto |
|
2561 |
|
2562 from valid_super P' valid_A conf_init_cls eval_super wt_super da_super |
|
2563 obtain Q: "Q \<diamondsuit> s1 Z" and conf_s1: "s1\<Colon>\<preceq>(G,L)" |
|
2564 by (rule validE) |
|
2565 |
|
2566 from cls_C wf have wt_init: "\<lparr>prg=G, cls=C,lcl=empty\<rparr>\<turnstile>(init c)\<Colon>\<surd>" |
|
2567 by (rule wf_prog_cdecl [THEN wf_cdecl_wt_init]) |
|
2568 from cls_C wf obtain I where |
|
2569 "\<lparr>prg=G,cls=C,lcl=empty\<rparr>\<turnstile> {} \<guillemotright>\<langle>init c\<rangle>\<^sub>s\<guillemotright> I" |
|
2570 by (rule wf_prog_cdecl [THEN wf_cdeclE,simplified]) blast |
|
2571 (* simplified: to rewrite \<langle>init c\<rangle> to In1r (init c) *) |
|
2572 then obtain I' where |
|
2573 da_init: |
|
2574 "\<lparr>prg=G,cls=C,lcl=empty\<rparr>\<turnstile>dom (locals (store ((set_lvars empty) s1))) |
|
2575 \<guillemotright>\<langle>init c\<rangle>\<^sub>s\<guillemotright> I'" |
|
2576 by (rule da_weakenE) simp |
|
2577 have conf_s1_empty: "(set_lvars empty) s1\<Colon>\<preceq>(G, empty)" |
|
2578 proof - |
|
2579 from eval_super have |
|
2580 "G\<turnstile>Norm ((init_class_obj G C) (store s0)) |
|
2581 \<midarrow>(if C = Object then Skip else Init (super c))\<rightarrow> s1" |
|
2582 by (rule evaln_eval) |
|
2583 from this wt_super wf |
|
2584 have s1_no_ret: "\<And> j. abrupt s1 \<noteq> Some (Jump j)" |
|
2585 by - (rule eval_statement_no_jump |
|
2586 [where ?Env="\<lparr>prg=G,cls=accC,lcl=L\<rparr>"], auto split: split_if) |
|
2587 with conf_s1 |
|
2588 show ?thesis |
|
2589 by (cases s1) (auto intro: conforms_set_locals) |
|
2590 qed |
|
2591 |
|
2592 obtain l where l: "l = locals (store s1)" |
|
2593 by simp |
|
2594 with Q |
|
2595 have Q': "(Q \<and>. (\<lambda>s. l = locals (snd s)) ;. set_lvars empty) |
|
2596 \<diamondsuit> ((set_lvars empty) s1) Z" |
|
2597 by auto |
|
2598 from valid_init Q' valid_A conf_s1_empty eval_init wt_init da_init |
|
2599 have "(set_lvars l .; R) \<diamondsuit> s2 Z" |
|
2600 by (rule validE) |
|
2601 with s3 l have "R \<diamondsuit> s3 Z" |
|
2602 by simp |
|
2603 moreover |
|
2604 from eval wt da conf_s0 wf |
|
2605 have "s3\<Colon>\<preceq>(G,L)" |
|
2606 by (rule evaln_type_sound [elim_format]) simp |
|
2607 ultimately show ?thesis .. |
|
2608 qed |
|
2609 qed |
|
2610 next |
|
2611 case (InsInitV A P Q c v) |
|
2612 show "G,A|\<Turnstile>\<Colon>{ {Normal P} InsInitV c v=\<succ> {Q} }" |
|
2613 proof (rule valid_var_NormalI) |
|
2614 fix s0 vf n s1 L Z |
|
2615 assume "normal s0" |
|
2616 moreover |
|
2617 assume "G\<turnstile>s0 \<midarrow>InsInitV c v=\<succ>vf\<midarrow>n\<rightarrow> s1" |
|
2618 ultimately have "False" |
|
2619 by (cases s0) (simp add: evaln_InsInitV) |
|
2620 thus "Q \<lfloor>vf\<rfloor>\<^sub>v s1 Z \<and> s1\<Colon>\<preceq>(G, L)".. |
|
2621 qed |
|
2622 next |
|
2623 case (InsInitE A P Q c e) |
|
2624 show "G,A|\<Turnstile>\<Colon>{ {Normal P} InsInitE c e-\<succ> {Q} }" |
|
2625 proof (rule valid_expr_NormalI) |
|
2626 fix s0 v n s1 L Z |
|
2627 assume "normal s0" |
|
2628 moreover |
|
2629 assume "G\<turnstile>s0 \<midarrow>InsInitE c e-\<succ>v\<midarrow>n\<rightarrow> s1" |
|
2630 ultimately have "False" |
|
2631 by (cases s0) (simp add: evaln_InsInitE) |
|
2632 thus "Q \<lfloor>v\<rfloor>\<^sub>e s1 Z \<and> s1\<Colon>\<preceq>(G, L)".. |
|
2633 qed |
|
2634 next |
|
2635 case (Callee A P Q e l) |
|
2636 show "G,A|\<Turnstile>\<Colon>{ {Normal P} Callee l e-\<succ> {Q} }" |
|
2637 proof (rule valid_expr_NormalI) |
|
2638 fix s0 v n s1 L Z |
|
2639 assume "normal s0" |
|
2640 moreover |
|
2641 assume "G\<turnstile>s0 \<midarrow>Callee l e-\<succ>v\<midarrow>n\<rightarrow> s1" |
|
2642 ultimately have "False" |
|
2643 by (cases s0) (simp add: evaln_Callee) |
|
2644 thus "Q \<lfloor>v\<rfloor>\<^sub>e s1 Z \<and> s1\<Colon>\<preceq>(G, L)".. |
|
2645 qed |
|
2646 next |
|
2647 case (FinA A P Q a c) |
|
2648 show "G,A|\<Turnstile>\<Colon>{ {Normal P} .FinA a c. {Q} }" |
|
2649 proof (rule valid_stmt_NormalI) |
|
2650 fix s0 v n s1 L Z |
|
2651 assume "normal s0" |
|
2652 moreover |
|
2653 assume "G\<turnstile>s0 \<midarrow>FinA a c\<midarrow>n\<rightarrow> s1" |
|
2654 ultimately have "False" |
|
2655 by (cases s0) (simp add: evaln_FinA) |
|
2656 thus "Q \<diamondsuit> s1 Z \<and> s1\<Colon>\<preceq>(G, L)".. |
|
2657 qed |
|
2658 qed |
|
2659 declare inj_term_simps [simp del] |
|
2660 |
468 theorem ax_sound: |
2661 theorem ax_sound: |
469 "wf_prog G \<Longrightarrow> G,(A::'a triple set)|\<turnstile>(ts::'a triple set) \<Longrightarrow> G,A|\<Turnstile>ts" |
2662 "wf_prog G \<Longrightarrow> G,(A::'a triple set)|\<turnstile>(ts::'a triple set) \<Longrightarrow> G,A|\<Turnstile>ts" |
470 apply (subst ax_valids2_eq [symmetric]) |
2663 apply (subst ax_valids2_eq [symmetric]) |
471 apply assumption |
2664 apply assumption |
472 apply (erule (1) ax_sound2) |
2665 apply (erule (1) ax_sound2) |
473 done |
2666 done |
474 |
2667 |
|
2668 lemma sound_valid2_lemma: |
|
2669 "\<lbrakk>\<forall>v n. Ball A (triple_valid2 G n) \<longrightarrow> P v n; Ball A (triple_valid2 G n)\<rbrakk> |
|
2670 \<Longrightarrow>P v n" |
|
2671 by blast |
475 |
2672 |
476 end |
2673 end |