wenzelm@12857: (* Title: HOL/Bali/WellType.thy schirmer@12854: ID: $Id$ schirmer@12854: Author: David von Oheimb schirmer@12854: *) schirmer@12854: header {* Well-typedness of Java programs *} schirmer@12854: haftmann@16417: theory WellType imports DeclConcepts begin schirmer@12854: schirmer@12854: text {* schirmer@12854: improvements over Java Specification 1.0: schirmer@12854: \begin{itemize} schirmer@12854: \item methods of Object can be called upon references of interface or array type schirmer@12854: \end{itemize} schirmer@12854: simplifications: schirmer@12854: \begin{itemize} schirmer@12854: \item the type rules include all static checks on statements and expressions, schirmer@12854: e.g. definedness of names (of parameters, locals, fields, methods) schirmer@12854: \end{itemize} schirmer@12854: design issues: schirmer@12854: \begin{itemize} schirmer@12854: \item unified type judgment for statements, variables, expressions, schirmer@12854: expression lists schirmer@12854: \item statements are typed like expressions with dummy type Void schirmer@12854: \item the typing rules take an extra argument that is capable of determining schirmer@12854: the dynamic type of objects. Therefore, they can be used for both schirmer@12854: checking static types and determining runtime types in transition semantics. schirmer@12854: \end{itemize} schirmer@12854: *} schirmer@12854: schirmer@12854: types lenv schirmer@13688: = "(lname, ty) table" --{* local variables, including This and Result*} schirmer@12854: schirmer@12854: record env = schirmer@13688: prg:: "prog" --{* program *} schirmer@13688: cls:: "qtname" --{* current package and class name *} schirmer@13688: lcl:: "lenv" --{* local environment *} schirmer@12854: schirmer@12854: translations schirmer@12854: "lenv" <= (type) "(lname, ty) table" schirmer@12854: "lenv" <= (type) "lname \ ty option" schirmer@12854: "env" <= (type) "\prg::prog,cls::qtname,lcl::lenv\" schirmer@12854: "env" <= (type) "\prg::prog,cls::qtname,lcl::lenv,\::'a\" schirmer@12854: schirmer@12854: schirmer@12854: schirmer@12854: syntax schirmer@13688: pkg :: "env \ pname" --{* select the current package from an environment *} schirmer@13688: translations schirmer@12854: "pkg e" == "pid (cls e)" schirmer@12854: schirmer@12854: section "Static overloading: maximally specific methods " schirmer@12854: schirmer@12854: types schirmer@12854: emhead = "ref_ty \ mhead" schirmer@12854: schirmer@13688: --{* Some mnemotic selectors for emhead *} schirmer@12854: constdefs schirmer@12854: "declrefT" :: "emhead \ ref_ty" schirmer@12854: "declrefT \ fst" schirmer@12854: schirmer@12854: "mhd" :: "emhead \ mhead" schirmer@12854: "mhd \ snd" schirmer@12854: schirmer@12854: lemma declrefT_simp[simp]:"declrefT (r,m) = r" schirmer@12854: by (simp add: declrefT_def) schirmer@12854: schirmer@12854: lemma mhd_simp[simp]:"mhd (r,m) = m" schirmer@12854: by (simp add: mhd_def) schirmer@12854: schirmer@12854: lemma static_mhd_simp[simp]: "static (mhd m) = is_static m" schirmer@12854: by (cases m) (simp add: member_is_static_simp mhd_def) schirmer@12854: schirmer@12854: lemma mhd_resTy_simp [simp]: "resTy (mhd m) = resTy m" schirmer@12854: by (cases m) simp schirmer@12854: schirmer@12854: lemma mhd_is_static_simp [simp]: "is_static (mhd m) = is_static m" schirmer@12854: by (cases m) simp schirmer@12854: schirmer@12854: lemma mhd_accmodi_simp [simp]: "accmodi (mhd m) = accmodi m" schirmer@12854: by (cases m) simp schirmer@12854: schirmer@12854: consts schirmer@12854: cmheads :: "prog \ qtname \ qtname \ sig \ emhead set" schirmer@12854: Objectmheads :: "prog \ qtname \ sig \ emhead set" schirmer@12854: accObjectmheads:: "prog \ qtname \ ref_ty \ sig \ emhead set" schirmer@12854: mheads :: "prog \ qtname \ ref_ty \ sig \ emhead set" schirmer@12854: defs schirmer@12854: cmheads_def: schirmer@12854: "cmheads G S C schirmer@12854: \ \sig. (\(Cls,mthd). (ClassT Cls,(mhead mthd))) ` o2s (accmethd G S C sig)" schirmer@12854: Objectmheads_def: schirmer@12854: "Objectmheads G S schirmer@12854: \ \sig. (\(Cls,mthd). (ClassT Cls,(mhead mthd))) schirmer@12854: ` o2s (filter_tab (\sig m. accmodi m \ Private) (accmethd G S Object) sig)" schirmer@12854: accObjectmheads_def: schirmer@12854: "accObjectmheads G S T schirmer@12854: \ if G\RefT T accessible_in (pid S) schirmer@12854: then Objectmheads G S schirmer@12854: else \sig. {}" schirmer@12854: primrec schirmer@12854: "mheads G S NullT = (\sig. {})" schirmer@12854: "mheads G S (IfaceT I) = (\sig. (\(I,h).(IfaceT I,h)) schirmer@12854: ` accimethds G (pid S) I sig \ schirmer@12854: accObjectmheads G S (IfaceT I) sig)" schirmer@12854: "mheads G S (ClassT C) = cmheads G S C" schirmer@12854: "mheads G S (ArrayT T) = accObjectmheads G S (ArrayT T)" schirmer@12854: schirmer@12854: constdefs schirmer@13688: --{* applicable methods, cf. 15.11.2.1 *} schirmer@12854: appl_methds :: "prog \ qtname \ ref_ty \ sig \ (emhead \ ty list)\ set" schirmer@12854: "appl_methds G S rt \ \ sig. schirmer@12854: {(mh,pTs') |mh pTs'. mh \ mheads G S rt \name=name sig,parTs=pTs'\ \ schirmer@12854: G\(parTs sig)[\]pTs'}" schirmer@12854: schirmer@13688: --{* more specific methods, cf. 15.11.2.2 *} schirmer@12854: more_spec :: "prog \ emhead \ ty list \ emhead \ ty list \ bool" schirmer@12854: "more_spec G \ \(mh,pTs). \(mh',pTs'). G\pTs[\]pTs'" schirmer@12854: (*more_spec G \\((d,h),pTs). \((d',h'),pTs'). G\RefT d\RefT d'\G\pTs[\]pTs'*) schirmer@12854: schirmer@13688: --{* maximally specific methods, cf. 15.11.2.2 *} schirmer@12854: max_spec :: "prog \ qtname \ ref_ty \ sig \ (emhead \ ty list)\ set" schirmer@12854: schirmer@12854: "max_spec G S rt sig \{m. m \appl_methds G S rt sig \ schirmer@12854: (\m'\appl_methds G S rt sig. more_spec G m' m \ m'=m)}" schirmer@12854: schirmer@12854: schirmer@12854: lemma max_spec2appl_meths: schirmer@12854: "x \ max_spec G S T sig \ x \ appl_methds G S T sig" schirmer@12854: by (auto simp: max_spec_def) schirmer@12854: schirmer@12854: lemma appl_methsD: "(mh,pTs')\appl_methds G S T \name=mn,parTs=pTs\ \ schirmer@12854: mh \ mheads G S T \name=mn,parTs=pTs'\ \ G\pTs[\]pTs'" schirmer@12854: by (auto simp: appl_methds_def) schirmer@12854: schirmer@12854: lemma max_spec2mheads: schirmer@12854: "max_spec G S rt \name=mn,parTs=pTs\ = insert (mh, pTs') A schirmer@12854: \ mh \ mheads G S rt \name=mn,parTs=pTs'\ \ G\pTs[\]pTs'" schirmer@12854: apply (auto dest: equalityD2 subsetD max_spec2appl_meths appl_methsD) schirmer@12854: done schirmer@12854: schirmer@12854: schirmer@12854: constdefs schirmer@12854: empty_dt :: "dyn_ty" schirmer@12854: "empty_dt \ \a. None" schirmer@12854: schirmer@12854: invmode :: "('a::type)member_scheme \ expr \ inv_mode" schirmer@12925: "invmode m e \ if is_static m schirmer@12925: then Static schirmer@12925: else if e=Super then SuperM else IntVir" schirmer@12854: schirmer@12854: lemma invmode_nonstatic [simp]: schirmer@12854: "invmode \access=a,static=False,\=x\ (Acc (LVar e)) = IntVir" schirmer@12854: apply (unfold invmode_def) schirmer@12925: apply (simp (no_asm) add: member_is_static_simp) schirmer@12925: done schirmer@12925: schirmer@12925: schirmer@12925: lemma invmode_Static_eq [simp]: "(invmode m e = Static) = is_static m" schirmer@12925: apply (unfold invmode_def) schirmer@12854: apply (simp (no_asm)) schirmer@12854: done schirmer@12854: schirmer@12854: schirmer@12925: lemma invmode_IntVir_eq: "(invmode m e = IntVir) = (\(is_static m) \ e\Super)" schirmer@12854: apply (unfold invmode_def) schirmer@12854: apply (simp (no_asm)) schirmer@12854: done schirmer@12854: schirmer@12854: lemma Null_staticD: schirmer@12925: "a'=Null \ (is_static m) \ invmode m e = IntVir \ a' \ Null" schirmer@12854: apply (clarsimp simp add: invmode_IntVir_eq) schirmer@12854: done schirmer@12854: schirmer@13688: section "Typing for unary operations" schirmer@13688: schirmer@13337: consts unop_type :: "unop \ prim_ty" schirmer@13337: primrec schirmer@13337: "unop_type UPlus = Integer" schirmer@13337: "unop_type UMinus = Integer" schirmer@13337: "unop_type UBitNot = Integer" schirmer@13337: "unop_type UNot = Boolean" schirmer@12854: schirmer@13337: consts wt_unop :: "unop \ ty \ bool" schirmer@13337: primrec schirmer@13337: "wt_unop UPlus t = (t = PrimT Integer)" schirmer@13337: "wt_unop UMinus t = (t = PrimT Integer)" schirmer@13337: "wt_unop UBitNot t = (t = PrimT Integer)" schirmer@13337: "wt_unop UNot t = (t = PrimT Boolean)" schirmer@13337: schirmer@13688: section "Typing for binary operations" schirmer@13688: schirmer@13337: consts binop_type :: "binop \ prim_ty" schirmer@13337: primrec schirmer@13337: "binop_type Mul = Integer" schirmer@13337: "binop_type Div = Integer" schirmer@13337: "binop_type Mod = Integer" schirmer@13337: "binop_type Plus = Integer" schirmer@13337: "binop_type Minus = Integer" schirmer@13337: "binop_type LShift = Integer" schirmer@13337: "binop_type RShift = Integer" schirmer@13337: "binop_type RShiftU = Integer" schirmer@13337: "binop_type Less = Boolean" schirmer@13337: "binop_type Le = Boolean" schirmer@13337: "binop_type Greater = Boolean" schirmer@13337: "binop_type Ge = Boolean" schirmer@13337: "binop_type Eq = Boolean" schirmer@13337: "binop_type Neq = Boolean" schirmer@13337: "binop_type BitAnd = Integer" schirmer@13337: "binop_type And = Boolean" schirmer@13337: "binop_type BitXor = Integer" schirmer@13337: "binop_type Xor = Boolean" schirmer@13337: "binop_type BitOr = Integer" schirmer@13337: "binop_type Or = Boolean" schirmer@13384: "binop_type CondAnd = Boolean" schirmer@13384: "binop_type CondOr = Boolean" schirmer@13337: schirmer@13337: consts wt_binop :: "prog \ binop \ ty \ ty \ bool" schirmer@13337: primrec schirmer@13337: "wt_binop G Mul t1 t2 = ((t1 = PrimT Integer) \ (t2 = PrimT Integer))" schirmer@13337: "wt_binop G Div t1 t2 = ((t1 = PrimT Integer) \ (t2 = PrimT Integer))" schirmer@13337: "wt_binop G Mod t1 t2 = ((t1 = PrimT Integer) \ (t2 = PrimT Integer))" schirmer@13337: "wt_binop G Plus t1 t2 = ((t1 = PrimT Integer) \ (t2 = PrimT Integer))" schirmer@13337: "wt_binop G Minus t1 t2 = ((t1 = PrimT Integer) \ (t2 = PrimT Integer))" schirmer@13337: "wt_binop G LShift t1 t2 = ((t1 = PrimT Integer) \ (t2 = PrimT Integer))" schirmer@13337: "wt_binop G RShift t1 t2 = ((t1 = PrimT Integer) \ (t2 = PrimT Integer))" schirmer@13337: "wt_binop G RShiftU t1 t2 = ((t1 = PrimT Integer) \ (t2 = PrimT Integer))" schirmer@13337: "wt_binop G Less t1 t2 = ((t1 = PrimT Integer) \ (t2 = PrimT Integer))" schirmer@13337: "wt_binop G Le t1 t2 = ((t1 = PrimT Integer) \ (t2 = PrimT Integer))" schirmer@13337: "wt_binop G Greater t1 t2 = ((t1 = PrimT Integer) \ (t2 = PrimT Integer))" schirmer@13337: "wt_binop G Ge t1 t2 = ((t1 = PrimT Integer) \ (t2 = PrimT Integer))" schirmer@13337: "wt_binop G Eq t1 t2 = (G\t1\t2 \ G\t2\t1)" schirmer@13337: "wt_binop G Neq t1 t2 = (G\t1\t2 \ G\t2\t1)" schirmer@13337: "wt_binop G BitAnd t1 t2 = ((t1 = PrimT Integer) \ (t2 = PrimT Integer))" schirmer@13337: "wt_binop G And t1 t2 = ((t1 = PrimT Boolean) \ (t2 = PrimT Boolean))" schirmer@13337: "wt_binop G BitXor t1 t2 = ((t1 = PrimT Integer) \ (t2 = PrimT Integer))" schirmer@13337: "wt_binop G Xor t1 t2 = ((t1 = PrimT Boolean) \ (t2 = PrimT Boolean))" schirmer@13337: "wt_binop G BitOr t1 t2 = ((t1 = PrimT Integer) \ (t2 = PrimT Integer))" schirmer@13337: "wt_binop G Or t1 t2 = ((t1 = PrimT Boolean) \ (t2 = PrimT Boolean))" schirmer@13384: "wt_binop G CondAnd t1 t2 = ((t1 = PrimT Boolean) \ (t2 = PrimT Boolean))" schirmer@13384: "wt_binop G CondOr t1 t2 = ((t1 = PrimT Boolean) \ (t2 = PrimT Boolean))" schirmer@13337: schirmer@13688: section "Typing for terms" schirmer@13384: schirmer@12854: types tys = "ty + ty list" schirmer@12854: translations schirmer@12854: "tys" <= (type) "ty + ty list" schirmer@12854: berghofe@21765: berghofe@21765: inductive2 berghofe@21765: wt :: "env \ dyn_ty \ [term,tys] \ bool" ("_,_\_\_" [51,51,51,51] 50) berghofe@21765: and wt_stmt :: "env \ dyn_ty \ stmt \ bool" ("_,_\_\\" [51,51,51 ] 50) berghofe@21765: and ty_expr :: "env \ dyn_ty \ [expr ,ty ] \ bool" ("_,_\_\-_" [51,51,51,51] 50) berghofe@21765: and ty_var :: "env \ dyn_ty \ [var ,ty ] \ bool" ("_,_\_\=_" [51,51,51,51] 50) berghofe@21765: and ty_exprs :: "env \ dyn_ty \ [expr list, ty list] \ bool" berghofe@21765: ("_,_\_\\_" [51,51,51,51] 50) berghofe@21765: where berghofe@21765: berghofe@21765: "E,dt\s\\ \ E,dt\In1r s\Inl (PrimT Void)" berghofe@21765: | "E,dt\e\-T \ E,dt\In1l e\Inl T" berghofe@21765: | "E,dt\e\=T \ E,dt\In2 e\Inl T" berghofe@21765: | "E,dt\e\\T \ E,dt\In3 e\Inr T" berghofe@21765: berghofe@21765: --{* well-typed statements *} berghofe@21765: berghofe@21765: | Skip: "E,dt\Skip\\" berghofe@21765: berghofe@21765: | Expr: "\E,dt\e\-T\ \ berghofe@21765: E,dt\Expr e\\" berghofe@21765: --{* cf. 14.6 *} berghofe@21765: | Lab: "E,dt\c\\ \ berghofe@21765: E,dt\l\ c\\" berghofe@21765: berghofe@21765: | Comp: "\E,dt\c1\\; berghofe@21765: E,dt\c2\\\ \ berghofe@21765: E,dt\c1;; c2\\" berghofe@21765: berghofe@21765: --{* cf. 14.8 *} berghofe@21765: | If: "\E,dt\e\-PrimT Boolean; berghofe@21765: E,dt\c1\\; berghofe@21765: E,dt\c2\\\ \ berghofe@21765: E,dt\If(e) c1 Else c2\\" berghofe@21765: berghofe@21765: --{* cf. 14.10 *} berghofe@21765: | Loop: "\E,dt\e\-PrimT Boolean; berghofe@21765: E,dt\c\\\ \ berghofe@21765: E,dt\l\ While(e) c\\" berghofe@21765: --{* cf. 14.13, 14.15, 14.16 *} berghofe@21765: | Jmp: "E,dt\Jmp jump\\" schirmer@12854: berghofe@21765: --{* cf. 14.16 *} berghofe@21765: | Throw: "\E,dt\e\-Class tn; berghofe@21765: prg E\tn\\<^sub>C SXcpt Throwable\ \ berghofe@21765: E,dt\Throw e\\" berghofe@21765: --{* cf. 14.18 *} berghofe@21765: | Try: "\E,dt\c1\\; prg E\tn\\<^sub>C SXcpt Throwable; berghofe@21765: lcl E (VName vn)=None; E \lcl := lcl E(VName vn\Class tn)\,dt\c2\\\ berghofe@21765: \ berghofe@21765: E,dt\Try c1 Catch(tn vn) c2\\" berghofe@21765: berghofe@21765: --{* cf. 14.18 *} berghofe@21765: | Fin: "\E,dt\c1\\; E,dt\c2\\\ \ berghofe@21765: E,dt\c1 Finally c2\\" berghofe@21765: berghofe@21765: | Init: "\is_class (prg E) C\ \ berghofe@21765: E,dt\Init C\\" berghofe@21765: --{* @{term Init} is created on the fly during evaluation (see Eval.thy). berghofe@21765: The class isn't necessarily accessible from the points @{term Init} berghofe@21765: is called. Therefor we only demand @{term is_class} and not berghofe@21765: @{term is_acc_class} here. berghofe@21765: *} berghofe@21765: berghofe@21765: --{* well-typed expressions *} berghofe@21765: berghofe@21765: --{* cf. 15.8 *} berghofe@21765: | NewC: "\is_acc_class (prg E) (pkg E) C\ \ berghofe@21765: E,dt\NewC C\-Class C" berghofe@21765: --{* cf. 15.9 *} berghofe@21765: | NewA: "\is_acc_type (prg E) (pkg E) T; berghofe@21765: E,dt\i\-PrimT Integer\ \ berghofe@21765: E,dt\New T[i]\-T.[]" berghofe@21765: berghofe@21765: --{* cf. 15.15 *} berghofe@21765: | Cast: "\E,dt\e\-T; is_acc_type (prg E) (pkg E) T'; berghofe@21765: prg E\T\? T'\ \ berghofe@21765: E,dt\Cast T' e\-T'" berghofe@21765: berghofe@21765: --{* cf. 15.19.2 *} berghofe@21765: | Inst: "\E,dt\e\-RefT T; is_acc_type (prg E) (pkg E) (RefT T'); berghofe@21765: prg E\RefT T\? RefT T'\ \ berghofe@21765: E,dt\e InstOf T'\-PrimT Boolean" berghofe@21765: berghofe@21765: --{* cf. 15.7.1 *} berghofe@21765: | Lit: "\typeof dt x = Some T\ \ berghofe@21765: E,dt\Lit x\-T" schirmer@12854: berghofe@21765: | UnOp: "\E,dt\e\-Te; wt_unop unop Te; T=PrimT (unop_type unop)\ berghofe@21765: \ berghofe@21765: E,dt\UnOp unop e\-T" berghofe@21765: berghofe@21765: | BinOp: "\E,dt\e1\-T1; E,dt\e2\-T2; wt_binop (prg E) binop T1 T2; berghofe@21765: T=PrimT (binop_type binop)\ berghofe@21765: \ berghofe@21765: E,dt\BinOp binop e1 e2\-T" berghofe@21765: berghofe@21765: --{* cf. 15.10.2, 15.11.1 *} berghofe@21765: | Super: "\lcl E This = Some (Class C); C \ Object; berghofe@21765: class (prg E) C = Some c\ \ berghofe@21765: E,dt\Super\-Class (super c)" berghofe@21765: berghofe@21765: --{* cf. 15.13.1, 15.10.1, 15.12 *} berghofe@21765: | Acc: "\E,dt\va\=T\ \ berghofe@21765: E,dt\Acc va\-T" berghofe@21765: berghofe@21765: --{* cf. 15.25, 15.25.1 *} berghofe@21765: | Ass: "\E,dt\va\=T; va \ LVar This; berghofe@21765: E,dt\v \-T'; berghofe@21765: prg E\T'\T\ \ berghofe@21765: E,dt\va:=v\-T'" berghofe@21765: berghofe@21765: --{* cf. 15.24 *} berghofe@21765: | Cond: "\E,dt\e0\-PrimT Boolean; berghofe@21765: E,dt\e1\-T1; E,dt\e2\-T2; berghofe@21765: prg E\T1\T2 \