113 (s\<le>|snd (the_In2 v)\<preceq>T\<Colon>\<preceq>(G,L)) |
113 (s\<le>|snd (the_In2 v)\<preceq>T\<Colon>\<preceq>(G,L)) |
114 else G,s\<turnstile>the_In1 v\<Colon>\<preceq>T |
114 else G,s\<turnstile>the_In1 v\<Colon>\<preceq>T |
115 | Inr Ts \<Rightarrow> list_all2 (conf G s) (the_In3 v) Ts)" |
115 | Inr Ts \<Rightarrow> list_all2 (conf G s) (the_In3 v) Ts)" |
116 |
116 |
117 text \<open> |
117 text \<open> |
118 With @{term rconf} we describe the conformance of the result value of a term. |
118 With \<^term>\<open>rconf\<close> we describe the conformance of the result value of a term. |
119 This definition gets rather complicated because of the relations between the |
119 This definition gets rather complicated because of the relations between the |
120 injections of the different terms, types and values. The main case distinction |
120 injections of the different terms, types and values. The main case distinction |
121 is between single values and value lists. In case of value lists, every |
121 is between single values and value lists. In case of value lists, every |
122 value has to conform to its type. For single values we have to do a further |
122 value has to conform to its type. For single values we have to do a further |
123 case distinction, between values of variables @{term "\<exists>var. t=In2 var" } and |
123 case distinction, between values of variables \<^term>\<open>\<exists>var. t=In2 var\<close> and |
124 ordinary values. Values of variables are modelled as pairs consisting of the |
124 ordinary values. Values of variables are modelled as pairs consisting of the |
125 current value and an update function which will perform an assignment to the |
125 current value and an update function which will perform an assignment to the |
126 variable. This stems form the decision, that we only have one evaluation rule |
126 variable. This stems form the decision, that we only have one evaluation rule |
127 for each kind of variable. The decision if we read or write to the |
127 for each kind of variable. The decision if we read or write to the |
128 variable is made by syntactic enclosing rules. So conformance of |
128 variable is made by syntactic enclosing rules. So conformance of |
129 variable-values must ensure that both the current value and an update will |
129 variable-values must ensure that both the current value and an update will |
130 conform to the type. With the introduction of definite assignment of local |
130 conform to the type. With the introduction of definite assignment of local |
131 variables we have to do another case distinction. For the notion of conformance |
131 variables we have to do another case distinction. For the notion of conformance |
132 local variables are allowed to be @{term None}, since the definedness is not |
132 local variables are allowed to be \<^term>\<open>None\<close>, since the definedness is not |
133 ensured by conformance but by definite assignment. Field and array variables |
133 ensured by conformance but by definite assignment. Field and array variables |
134 must contain a value. |
134 must contain a value. |
135 \<close> |
135 \<close> |
136 |
136 |
137 |
137 |
1897 obtain "s2\<Colon>\<preceq>(G, L)" and "error_free s2" |
1897 obtain "s2\<Colon>\<preceq>(G, L)" and "error_free s2" |
1898 by (rule hyp_then_else [elim_format]) (simp add: error_free_s1) |
1898 by (rule hyp_then_else [elim_format]) (simp add: error_free_s1) |
1899 with wt show ?thesis |
1899 with wt show ?thesis |
1900 by simp |
1900 by simp |
1901 qed |
1901 qed |
1902 \<comment> \<open>Note that we don't have to show that @{term b} really is a boolean |
1902 \<comment> \<open>Note that we don't have to show that \<^term>\<open>b\<close> really is a boolean |
1903 value. With @{term the_Bool} we enforce to get a value of boolean |
1903 value. With \<^term>\<open>the_Bool\<close> we enforce to get a value of boolean |
1904 type. So execution will be type safe, even if b would be |
1904 type. So execution will be type safe, even if b would be |
1905 a string, for example. We might not expect such a behaviour to be |
1905 a string, for example. We might not expect such a behaviour to be |
1906 called type safe. To remedy the situation we would have to change |
1906 called type safe. To remedy the situation we would have to change |
1907 the evaulation rule, so that it only has a type safe evaluation if |
1907 the evaulation rule, so that it only has a type safe evaluation if |
1908 we actually get a boolean value for the condition. That b is actually |
1908 we actually get a boolean value for the condition. That b is actually |
1909 a boolean value is part of @{term hyp_e}. See also Loop\<close> |
1909 a boolean value is part of \<^term>\<open>hyp_e\<close>. See also Loop\<close> |
1910 next |
1910 next |
1911 case (Loop s0 e b s1 c s2 l s3 L accC T A) |
1911 case (Loop s0 e b s1 c s2 l s3 L accC T A) |
1912 note eval_e = \<open>G\<turnstile>Norm s0 \<midarrow>e-\<succ>b\<rightarrow> s1\<close> |
1912 note eval_e = \<open>G\<turnstile>Norm s0 \<midarrow>e-\<succ>b\<rightarrow> s1\<close> |
1913 note hyp_e = \<open>PROP ?TypeSafe (Norm s0) s1 (In1l e) (In1 b)\<close> |
1913 note hyp_e = \<open>PROP ?TypeSafe (Norm s0) s1 (In1l e) (In1 b)\<close> |
1914 note conf_s0 = \<open>Norm s0\<Colon>\<preceq>(G, L)\<close> |
1914 note conf_s0 = \<open>Norm s0\<Colon>\<preceq>(G, L)\<close> |