# HG changeset patch # User kleing # Date 969525769 -7200 # Node ID 7164dc0d24d8a3d57f8cf6115b511ce5a0e67526 # Parent 30693ebd16aee2f1644dd1a426f8d76b8e5a6b60 unsymbolized diff -r 30693ebd16ae -r 7164dc0d24d8 src/HOL/MicroJava/BV/BVSpec.thy --- a/src/HOL/MicroJava/BV/BVSpec.thy Wed Sep 20 21:20:41 2000 +0200 +++ b/src/HOL/MicroJava/BV/BVSpec.thy Thu Sep 21 10:42:49 2000 +0200 @@ -11,53 +11,53 @@ types method_type = "state_type option list" - class_type = "sig \ method_type" - prog_type = "cname \ class_type" + class_type = "sig => method_type" + prog_type = "cname => class_type" constdefs -wt_instr :: "[instr,jvm_prog,ty,method_type,p_count,p_count] \ bool" -"wt_instr i G rT phi max_pc pc \ +wt_instr :: "[instr,jvm_prog,ty,method_type,p_count,p_count] => bool" +"wt_instr i G rT phi max_pc pc == app i G rT (phi!pc) \ (\ pc' \ set (succs i pc). pc' < max_pc \ (G \ step i G (phi!pc) <=' phi!pc'))" -wt_start :: "[jvm_prog,cname,ty list,nat,method_type] \ bool" -"wt_start G C pTs mxl phi \ +wt_start :: "[jvm_prog,cname,ty list,nat,method_type] => bool" +"wt_start G C pTs mxl phi == G \ Some ([],(Ok (Class C))#((map Ok pTs))@(replicate mxl Err)) <=' phi!0" -wt_method :: "[jvm_prog,cname,ty list,ty,nat,instr list,method_type] \ bool" -"wt_method G C pTs rT mxl ins phi \ +wt_method :: "[jvm_prog,cname,ty list,ty,nat,instr list,method_type] => bool" +"wt_method G C pTs rT mxl ins phi == let max_pc = length ins in 0 < max_pc \ wt_start G C pTs mxl phi \ - (\pc. pc wt_instr (ins ! pc) G rT phi max_pc pc)" + (\pc. pc wt_instr (ins ! pc) G rT phi max_pc pc)" -wt_jvm_prog :: "[jvm_prog,prog_type] \ bool" -"wt_jvm_prog G phi \ +wt_jvm_prog :: "[jvm_prog,prog_type] => bool" +"wt_jvm_prog G phi == wf_prog (\G C (sig,rT,maxl,b). wt_method G C (snd sig) rT maxl b (phi C sig)) G" lemma wt_jvm_progD: -"wt_jvm_prog G phi \ (\wt. wf_prog wt G)" +"wt_jvm_prog G phi ==> (\wt. wf_prog wt G)" by (unfold wt_jvm_prog_def, blast) lemma wt_jvm_prog_impl_wt_instr: -"\ wt_jvm_prog G phi; method (G,C) sig = Some (C,rT,maxl,ins); pc < length ins \ - \ wt_instr (ins!pc) G rT (phi C sig) (length ins) pc"; +"[| wt_jvm_prog G phi; method (G,C) sig = Some (C,rT,maxl,ins); pc < length ins |] + ==> wt_instr (ins!pc) G rT (phi C sig) (length ins) pc"; by (unfold wt_jvm_prog_def, drule method_wf_mdecl, simp, simp add: wf_mdecl_def wt_method_def) lemma wt_jvm_prog_impl_wt_start: -"\ wt_jvm_prog G phi; method (G,C) sig = Some (C,rT,maxl,ins) \ \ +"[| wt_jvm_prog G phi; method (G,C) sig = Some (C,rT,maxl,ins) |] ==> 0 < (length ins) \ wt_start G C (snd sig) maxl (phi C sig)" by (unfold wt_jvm_prog_def, drule method_wf_mdecl, simp, simp add: wf_mdecl_def wt_method_def) (* for most instructions wt_instr collapses: *) lemma -"succs i pc = [pc+1] \ wt_instr i G rT phi max_pc pc = +"succs i pc = [pc+1] ==> wt_instr i G rT phi max_pc pc = (app i G rT (phi!pc) \ pc+1 < max_pc \ (G \ step i G (phi!pc) <=' phi!(pc+1)))" by (simp add: wt_instr_def) diff -r 30693ebd16ae -r 7164dc0d24d8 src/HOL/MicroJava/BV/BVSpecTypeSafe.thy --- a/src/HOL/MicroJava/BV/BVSpecTypeSafe.thy Wed Sep 20 21:20:41 2000 +0200 +++ b/src/HOL/MicroJava/BV/BVSpecTypeSafe.thy Thu Sep 21 10:42:49 2000 +0200 @@ -24,13 +24,13 @@ done lemma Load_correct: -"\ wf_prog wt G; +"[| wf_prog wt G; method (G,C) sig = Some (C,rT,maxl,ins); ins!pc = Load idx; wt_instr (ins!pc) G rT (phi C sig) (length ins) pc; Some state' = exec (G, None, hp, (stk,loc,C,sig,pc)#frs); - G,phi \JVM (None, hp, (stk,loc,C,sig,pc)#frs)\ \ -\ G,phi \JVM state'\" + G,phi \JVM (None, hp, (stk,loc,C,sig,pc)#frs)\ |] +==> G,phi \JVM state'\" apply (clarsimp simp add: defs1 map_eq_Cons) apply (rule conjI) apply (rule approx_loc_imp_approx_val_sup) @@ -39,13 +39,13 @@ done lemma Store_correct: -"\ wf_prog wt G; +"[| wf_prog wt G; method (G,C) sig = Some (C,rT,maxl,ins); ins!pc = Store idx; wt_instr (ins!pc) G rT (phi C sig) (length ins) pc; Some state' = exec (G, None, hp, (stk,loc,C,sig,pc)#frs); - G,phi \JVM (None, hp, (stk,loc,C,sig,pc)#frs)\ \ -\ G,phi \JVM state'\" + G,phi \JVM (None, hp, (stk,loc,C,sig,pc)#frs)\ |] +==> G,phi \JVM state'\" apply (clarsimp simp add: defs1 map_eq_Cons) apply (rule conjI) apply (blast intro: approx_stk_imp_approx_stk_sup) @@ -54,18 +54,18 @@ lemma conf_Intg_Integer [iff]: - "G,h \ Intg i \\ PrimT Integer" + "G,h \ Intg i ::\ PrimT Integer" by (simp add: conf_def) lemma Bipush_correct: -"\ wf_prog wt G; +"[| wf_prog wt G; method (G,C) sig = Some (C,rT,maxl,ins); ins!pc = Bipush i; wt_instr (ins!pc) G rT (phi C sig) (length ins) pc; Some state' = exec (G, None, hp, (stk,loc,C,sig,pc)#frs); - G,phi \JVM (None, hp, (stk,loc,C,sig,pc)#frs)\ \ -\ G,phi \JVM state'\" + G,phi \JVM (None, hp, (stk,loc,C,sig,pc)#frs)\ |] +==> G,phi \JVM state'\" apply (clarsimp simp add: defs1 approx_val_def sup_PTS_eq map_eq_Cons) apply (blast intro: approx_stk_imp_approx_stk_sup approx_loc_imp_approx_loc_sup) done @@ -73,7 +73,7 @@ lemma NT_subtype_conv: "G \ NT \ T = (T=NT \ (\C. T = Class C))" proof - - have "\T T'. G \ T' \ T \ T' = NT \ (T=NT | (\C. T = Class C))" + have "!!T T'. G \ T' \ T ==> T' = NT --> (T=NT | (\C. T = Class C))" apply (erule widen.induct) apply auto apply (case_tac R) @@ -86,13 +86,13 @@ qed lemma Aconst_null_correct: -"\ wf_prog wt G; +"[| wf_prog wt G; method (G,C) sig = Some (C,rT,maxl,ins); ins!pc = Aconst_null; wt_instr (ins!pc) G rT (phi C sig) (length ins) pc; Some state' = exec (G, None, hp, (stk,loc,C,sig,pc)#frs); - G,phi \JVM (None, hp, (stk,loc,C,sig,pc)#frs)\ \ -\ G,phi \JVM state'\" + G,phi \JVM (None, hp, (stk,loc,C,sig,pc)#frs)\ |] +==> G,phi \JVM state'\" apply (clarsimp simp add: defs1 map_eq_Cons) apply (rule conjI) apply (force simp add: approx_val_Null NT_subtype_conv) @@ -101,8 +101,8 @@ lemma Cast_conf2: - "\wf_prog ok G; G,h\v\\RefT rt; cast_ok G C h v; G\Class C\T; is_class G C\ - \ G,h\v\\T" + "[|wf_prog ok G; G,h\v::\RefT rt; cast_ok G C h v; G\Class C\T; is_class G C|] + ==> G,h\v::\T" apply (unfold cast_ok_def) apply (frule widen_Class) apply (elim exE disjE) @@ -114,26 +114,26 @@ lemma Checkcast_correct: -"\ wf_prog wt G; +"[| wf_prog wt G; method (G,C) sig = Some (C,rT,maxl,ins); ins!pc = Checkcast D; wt_instr (ins!pc) G rT (phi C sig) (length ins) pc; Some state' = exec (G, None, hp, (stk,loc,C,sig,pc)#frs) ; - G,phi \JVM (None, hp, (stk,loc,C,sig,pc)#frs)\ \ -\ G,phi \JVM state'\" + G,phi \JVM (None, hp, (stk,loc,C,sig,pc)#frs)\ |] +==> G,phi \JVM state'\" apply (clarsimp simp add: defs1 map_eq_Cons raise_xcpt_def approx_val_def) apply (blast intro: approx_stk_imp_approx_stk_sup approx_loc_imp_approx_loc_sup Cast_conf2) done lemma Getfield_correct: -"\ wf_prog wt G; +"[| wf_prog wt G; method (G,C) sig = Some (C,rT,maxl,ins); ins!pc = Getfield F D; wt_instr (ins!pc) G rT (phi C sig) (length ins) pc; Some state' = exec (G, None, hp, (stk,loc,C,sig,pc)#frs) ; - G,phi \JVM (None, hp, (stk,loc,C,sig,pc)#frs)\ \ -\ G,phi \JVM state'\" + G,phi \JVM (None, hp, (stk,loc,C,sig,pc)#frs)\ |] +==> G,phi \JVM state'\" apply (clarsimp simp add: defs1 raise_xcpt_def map_eq_Cons approx_val_def split: option.split) apply (frule conf_widen) apply assumption+ @@ -147,13 +147,13 @@ done lemma Putfield_correct: -"\ wf_prog wt G; +"[| wf_prog wt G; method (G,C) sig = Some (C,rT,maxl,ins); ins!pc = Putfield F D; wt_instr (ins!pc) G rT (phi C sig) (length ins) pc; Some state' = exec (G, None, hp, (stk,loc,C,sig,pc)#frs) ; - G,phi \JVM (None, hp, (stk,loc,C,sig,pc)#frs)\ \ -\ G,phi \JVM state'\" + G,phi \JVM (None, hp, (stk,loc,C,sig,pc)#frs)\ |] +==> G,phi \JVM state'\" apply (clarsimp simp add: defs1 raise_xcpt_def split: option.split List.split) apply (clarsimp simp add: approx_val_def) apply (frule conf_widen) @@ -174,13 +174,13 @@ by fast lemma New_correct: -"\ wf_prog wt G; +"[| wf_prog wt G; method (G,C) sig = Some (C,rT,maxl,ins); ins!pc = New cl_idx; wt_instr (ins!pc) G rT (phi C sig) (length ins) pc; Some state' = exec (G, None, hp, (stk,loc,C,sig,pc)#frs) ; - G,phi \JVM (None, hp, (stk,loc,C,sig,pc)#frs)\ \ -\ G,phi \JVM state'\" + G,phi \JVM (None, hp, (stk,loc,C,sig,pc)#frs)\ |] +==> G,phi \JVM state'\" apply (clarsimp simp add: NT_subtype_conv approx_val_def conf_def fun_upd_apply map_eq_Cons is_class_def raise_xcpt_def init_vars_def defs1 split: option.split) @@ -199,13 +199,13 @@ lemmas [simp del] = split_paired_Ex lemma Invoke_correct: -"\ wt_jvm_prog G phi; +"[| wt_jvm_prog G phi; method (G,C) sig = Some (C,rT,maxl,ins); ins ! pc = Invoke C' mn pTs; wt_instr (ins!pc) G rT (phi C sig) (length ins) pc; Some state' = exec (G, None, hp, (stk,loc,C,sig,pc)#frs) ; - G,phi \JVM (None, hp, (stk,loc,C,sig,pc)#frs)\ \ -\ G,phi \JVM state'\" + G,phi \JVM (None, hp, (stk,loc,C,sig,pc)#frs)\ |] +==> G,phi \JVM state'\" proof - assume wtprog: "wt_jvm_prog G phi" assume method: "method (G,C) sig = Some (C,rT,maxl,ins)" @@ -282,7 +282,7 @@ by simp with state' method ins - have Null_ok: "oX = Null \ ?thesis" + have Null_ok: "oX = Null ==> ?thesis" by (simp add: correct_state_def raise_xcpt_def) { fix ref @@ -434,13 +434,13 @@ lemmas [simp del] = map_append lemma Return_correct: -"\ wt_jvm_prog G phi; +"[| wt_jvm_prog G phi; method (G,C) sig = Some (C,rT,maxl,ins); ins ! pc = Return; wt_instr (ins!pc) G rT (phi C sig) (length ins) pc; Some state' = exec (G, None, hp, (stk,loc,C,sig,pc)#frs) ; - G,phi \JVM (None, hp, (stk,loc,C,sig,pc)#frs)\ \ -\ G,phi \JVM state'\" + G,phi \JVM (None, hp, (stk,loc,C,sig,pc)#frs)\ |] +==> G,phi \JVM state'\" apply (clarsimp simp add: neq_Nil_conv defs1 split: split_if_asm) apply (frule wt_jvm_prog_impl_wt_instr) apply (assumption, erule Suc_lessD) @@ -455,102 +455,102 @@ lemmas [simp] = map_append lemma Goto_correct: -"\ wf_prog wt G; +"[| wf_prog wt G; method (G,C) sig = Some (C,rT,maxl,ins); ins ! pc = Goto branch; wt_instr (ins!pc) G rT (phi C sig) (length ins) pc; Some state' = exec (G, None, hp, (stk,loc,C,sig,pc)#frs) ; - G,phi \JVM (None, hp, (stk,loc,C,sig,pc)#frs)\ \ -\ G,phi \JVM state'\" + G,phi \JVM (None, hp, (stk,loc,C,sig,pc)#frs)\ |] +==> G,phi \JVM state'\" apply (clarsimp simp add: defs1) apply (fast intro: approx_loc_imp_approx_loc_sup approx_stk_imp_approx_stk_sup) done lemma Ifcmpeq_correct: -"\ wf_prog wt G; +"[| wf_prog wt G; method (G,C) sig = Some (C,rT,maxl,ins); ins ! pc = Ifcmpeq branch; wt_instr (ins!pc) G rT (phi C sig) (length ins) pc; Some state' = exec (G, None, hp, (stk,loc,C,sig,pc)#frs) ; - G,phi \JVM (None, hp, (stk,loc,C,sig,pc)#frs)\ \ -\ G,phi \JVM state'\" + G,phi \JVM (None, hp, (stk,loc,C,sig,pc)#frs)\ |] +==> G,phi \JVM state'\" apply (clarsimp simp add: defs1) apply (fast intro: approx_loc_imp_approx_loc_sup approx_stk_imp_approx_stk_sup) done lemma Pop_correct: -"\ wf_prog wt G; +"[| wf_prog wt G; method (G,C) sig = Some (C,rT,maxl,ins); ins ! pc = Pop; wt_instr (ins!pc) G rT (phi C sig) (length ins) pc; Some state' = exec (G, None, hp, (stk,loc,C,sig,pc)#frs) ; - G,phi \JVM (None, hp, (stk,loc,C,sig,pc)#frs)\ \ -\ G,phi \JVM state'\" + G,phi \JVM (None, hp, (stk,loc,C,sig,pc)#frs)\ |] +==> G,phi \JVM state'\" apply (clarsimp simp add: defs1) apply (fast intro: approx_loc_imp_approx_loc_sup approx_stk_imp_approx_stk_sup) done lemma Dup_correct: -"\ wf_prog wt G; +"[| wf_prog wt G; method (G,C) sig = Some (C,rT,maxl,ins); ins ! pc = Dup; wt_instr (ins!pc) G rT (phi C sig) (length ins) pc; Some state' = exec (G, None, hp, (stk,loc,C,sig,pc)#frs) ; - G,phi \JVM (None, hp, (stk,loc,C,sig,pc)#frs)\ \ -\ G,phi \JVM state'\" + G,phi \JVM (None, hp, (stk,loc,C,sig,pc)#frs)\ |] +==> G,phi \JVM state'\" apply (clarsimp simp add: defs1 map_eq_Cons) apply (force intro: approx_stk_imp_approx_stk_sup approx_val_imp_approx_val_sup approx_loc_imp_approx_loc_sup simp add: defs1 map_eq_Cons) done lemma Dup_x1_correct: -"\ wf_prog wt G; +"[| wf_prog wt G; method (G,C) sig = Some (C,rT,maxl,ins); ins ! pc = Dup_x1; wt_instr (ins!pc) G rT (phi C sig) (length ins) pc; Some state' = exec (G, None, hp, (stk,loc,C,sig,pc)#frs) ; - G,phi \JVM (None, hp, (stk,loc,C,sig,pc)#frs)\ \ -\ G,phi \JVM state'\" + G,phi \JVM (None, hp, (stk,loc,C,sig,pc)#frs)\ |] +==> G,phi \JVM state'\" apply (clarsimp simp add: defs1 map_eq_Cons) apply (force intro: approx_stk_imp_approx_stk_sup approx_val_imp_approx_val_sup approx_loc_imp_approx_loc_sup simp add: defs1 map_eq_Cons) done lemma Dup_x2_correct: -"\ wf_prog wt G; +"[| wf_prog wt G; method (G,C) sig = Some (C,rT,maxl,ins); ins ! pc = Dup_x2; wt_instr (ins!pc) G rT (phi C sig) (length ins) pc; Some state' = exec (G, None, hp, (stk,loc,C,sig,pc)#frs) ; - G,phi \JVM (None, hp, (stk,loc,C,sig,pc)#frs)\ \ -\ G,phi \JVM state'\" + G,phi \JVM (None, hp, (stk,loc,C,sig,pc)#frs)\ |] +==> G,phi \JVM state'\" apply (clarsimp simp add: defs1 map_eq_Cons) apply (force intro: approx_stk_imp_approx_stk_sup approx_val_imp_approx_val_sup approx_loc_imp_approx_loc_sup simp add: defs1 map_eq_Cons) done lemma Swap_correct: -"\ wf_prog wt G; +"[| wf_prog wt G; method (G,C) sig = Some (C,rT,maxl,ins); ins ! pc = Swap; wt_instr (ins!pc) G rT (phi C sig) (length ins) pc; Some state' = exec (G, None, hp, (stk,loc,C,sig,pc)#frs) ; - G,phi \JVM (None, hp, (stk,loc,C,sig,pc)#frs)\ \ -\ G,phi \JVM state'\" + G,phi \JVM (None, hp, (stk,loc,C,sig,pc)#frs)\ |] +==> G,phi \JVM state'\" apply (clarsimp simp add: defs1 map_eq_Cons) apply (force intro: approx_stk_imp_approx_stk_sup approx_val_imp_approx_val_sup approx_loc_imp_approx_loc_sup simp add: defs1 map_eq_Cons) done lemma IAdd_correct: -"\ wf_prog wt G; +"[| wf_prog wt G; method (G,C) sig = Some (C,rT,maxl,ins); ins ! pc = IAdd; wt_instr (ins!pc) G rT (phi C sig) (length ins) pc; Some state' = exec (G, None, hp, (stk,loc,C,sig,pc)#frs) ; - G,phi \JVM (None, hp, (stk,loc,C,sig,pc)#frs)\ \ -\ G,phi \JVM state'\" + G,phi \JVM (None, hp, (stk,loc,C,sig,pc)#frs)\ |] +==> G,phi \JVM state'\" apply (clarsimp simp add: defs1 map_eq_Cons approx_val_def conf_def) apply (blast intro: approx_stk_imp_approx_stk_sup approx_val_imp_approx_val_sup approx_loc_imp_approx_loc_sup) done @@ -559,11 +559,11 @@ (** instr correct **) lemma instr_correct: -"\ wt_jvm_prog G phi; +"[| wt_jvm_prog G phi; method (G,C) sig = Some (C,rT,maxl,ins); Some state' = exec (G, None, hp, (stk,loc,C,sig,pc)#frs); - G,phi \JVM (None, hp, (stk,loc,C,sig,pc)#frs)\ \ -\ G,phi \JVM state'\" + G,phi \JVM (None, hp, (stk,loc,C,sig,pc)#frs)\ |] +==> G,phi \JVM state'\" apply (frule wt_jvm_prog_impl_wt_instr_cor) apply assumption+ apply (cases "ins!pc") @@ -583,13 +583,13 @@ lemma correct_state_impl_Some_method: "G,phi \JVM (None, hp, (stk,loc,C,sig,pc)#frs)\ - \ \meth. method (G,C) sig = Some(C,meth)" + ==> \meth. method (G,C) sig = Some(C,meth)" by (auto simp add: correct_state_def Let_def) lemma BV_correct_1 [rule_format]: -"\state. \ wt_jvm_prog G phi; G,phi \JVM state\\ - \ exec (G,state) = Some state' \ G,phi \JVM state'\" +"!!state. [| wt_jvm_prog G phi; G,phi \JVM state\|] + ==> exec (G,state) = Some state' --> G,phi \JVM state'\" apply (simp only: split_tupled_all) apply (rename_tac xp hp frs) apply (case_tac xp) @@ -605,12 +605,12 @@ lemma L0: - "\ xp=None; frs\[] \ \ (\state'. exec (G,xp,hp,frs) = Some state')" + "[| xp=None; frs\[] |] ==> (\state'. exec (G,xp,hp,frs) = Some state')" by (clarsimp simp add: neq_Nil_conv simp del: split_paired_Ex) lemma L1: - "\wt_jvm_prog G phi; G,phi \JVM (xp,hp,frs)\; xp=None; frs\[]\ - \ \state'. exec(G,xp,hp,frs) = Some state' \ G,phi \JVM state'\" + "[|wt_jvm_prog G phi; G,phi \JVM (xp,hp,frs)\; xp=None; frs\[]|] + ==> \state'. exec(G,xp,hp,frs) = Some state' \ G,phi \JVM state'\" apply (drule L0) apply assumption apply (fast intro: BV_correct_1) @@ -618,7 +618,7 @@ theorem BV_correct [rule_format]: -"\ wt_jvm_prog G phi; G \ s -jvm\ t \ \ G,phi \JVM s\ \ G,phi \JVM t\" +"[| wt_jvm_prog G phi; G \ s -jvm-> t |] ==> G,phi \JVM s\ --> G,phi \JVM t\" apply (unfold exec_all_def) apply (erule rtrancl_induct) apply simp @@ -627,8 +627,8 @@ theorem BV_correct_initial: -"\ wt_jvm_prog G phi; G \ s0 -jvm\ (None,hp,(stk,loc,C,sig,pc)#frs); G,phi \JVM s0 \\ - \ approx_stk G hp stk (fst (the (((phi C) sig) ! pc))) \ approx_loc G hp loc (snd (the (((phi C) sig) ! pc)))" +"[| wt_jvm_prog G phi; G \ s0 -jvm-> (None,hp,(stk,loc,C,sig,pc)#frs); G,phi \JVM s0 \|] + ==> approx_stk G hp stk (fst (the (((phi C) sig) ! pc))) \ approx_loc G hp loc (snd (the (((phi C) sig) ! pc)))" apply (drule BV_correct) apply assumption+ apply (simp add: correct_state_def correct_frame_def split_def split: option.splits) diff -r 30693ebd16ae -r 7164dc0d24d8 src/HOL/MicroJava/BV/Convert.thy --- a/src/HOL/MicroJava/BV/Convert.thy Wed Sep 20 21:20:41 2000 +0200 +++ b/src/HOL/MicroJava/BV/Convert.thy Thu Sep 21 10:42:49 2000 +0200 @@ -19,51 +19,52 @@ consts - strict :: "('a \ 'b err) \ ('a err \ 'b err)" + strict :: "('a => 'b err) => ('a err => 'b err)" primrec "strict f Err = Err" "strict f (Ok x) = f x" -consts - opt_map :: "('a \ 'b) \ ('a option \ 'b option)" -primrec - "opt_map f None = None" - "opt_map f (Some x) = Some (f x)" consts - val :: "'a err \ 'a" + val :: "'a err => 'a" primrec "val (Ok s) = s" constdefs (* lifts a relation to err with Err as top element *) - lift_top :: "('a \ 'b \ bool) \ ('a err \ 'b err \ bool)" - "lift_top P a' a \ case a of - Err \ True - | Ok t \ (case a' of Err \ False | Ok t' \ P t' t)" + lift_top :: "('a => 'b => bool) => ('a err => 'b err => bool)" + "lift_top P a' a == case a of + Err => True + | Ok t => (case a' of Err => False | Ok t' => P t' t)" (* lifts a relation to option with None as bottom element *) - lift_bottom :: "('a \ 'b \ bool) \ ('a option \ 'b option \ bool)" - "lift_bottom P a' a \ case a' of - None \ True - | Some t' \ (case a of None \ False | Some t \ P t' t)" + lift_bottom :: "('a => 'b => bool) => ('a option => 'b option => bool)" + "lift_bottom P a' a == case a' of + None => True + | Some t' => (case a of None => False | Some t => P t' t)" - sup_ty_opt :: "['code prog,ty err,ty err] \ bool" ("_ \_ <=o _") - "sup_ty_opt G \ lift_top (\t t'. G \ t \ t')" + sup_ty_opt :: "['code prog,ty err,ty err] => bool" ("_ \ _ <=o _" [71,71] 70) + "sup_ty_opt G == lift_top (\t t'. G \ t \ t')" + + sup_loc :: "['code prog,locvars_type,locvars_type] => bool" + ("_ \ _ <=l _" [71,71] 70) + "G \ LT <=l LT' == list_all2 (\t t'. (G \ t <=o t')) LT LT'" - sup_loc :: "['code prog,locvars_type,locvars_type] \ bool" - ("_ \ _ <=l _" [71,71] 70) - "G \ LT <=l LT' \ list_all2 (\t t'. (G \ t <=o t')) LT LT'" - - sup_state :: "['code prog,state_type,state_type] \ bool" + sup_state :: "['code prog,state_type,state_type] => bool" ("_ \ _ <=s _" [71,71] 70) - "G \ s <=s s' \ (G \ map Ok (fst s) <=l map Ok (fst s')) \ G \ snd s <=l snd s'" + "G \ s <=s s' == (G \ map Ok (fst s) <=l map Ok (fst s')) \ G \ snd s <=l snd s'" + + sup_state_opt :: "['code prog,state_type option,state_type option] => bool" + ("_ \ _ <=' _" [71,71] 70) + "sup_state_opt G == lift_bottom (\t t'. G \ t <=s t')" - sup_state_opt :: "['code prog,state_type option,state_type option] \ bool" - ("_ \ _ <=' _" [71,71] 70) - "sup_state_opt G \ lift_bottom (\t t'. G \ t <=s t')" - +syntax (HTML output) + sup_ty_opt :: "['code prog,ty err,ty err] => bool" ("_ |- _ <=o _") + sup_loc :: "['code prog,locvars_type,locvars_type] => bool" ("_ |- _ <=l _" [71,71] 70) + sup_state :: "['code prog,state_type,state_type] => bool" ("_ |- _ <=s _" [71,71] 70) + sup_state_opt :: "['code prog,state_type option,state_type option] => bool" ("_ |- _ <=' _" [71,71] 70) + lemma not_Err_eq [iff]: "(x \ Err) = (\a. x = Ok a)" @@ -223,7 +224,7 @@ by (simp add: sup_ty_opt_def) theorem sup_ty_opt_Ok: - "G \ a <=o (Ok b) \ \ x. a = Ok x" + "G \ a <=o (Ok b) ==> \ x. a = Ok x" by (clarsimp simp add: sup_ty_opt_def) lemma widen_PrimT_conv1 [simp]: @@ -250,10 +251,10 @@ theorem sup_loc_length: - "G \ a <=l b \ length a = length b" + "G \ a <=l b ==> length a = length b" proof - assume G: "G \ a <=l b" - have "\ b. (G \ a <=l b) \ length a = length b" + have "\ b. (G \ a <=l b) --> length a = length b" by (induct a, auto) with G show ?thesis by blast @@ -263,7 +264,7 @@ "[| G \ a <=l b; n < length a |] ==> G \ (a!n) <=o (b!n)" proof - assume a: "G \ a <=l b" "n < length a" - have "\ n b. (G \ a <=l b) \ n < length a \ (G \ (a!n) <=o (b!n))" + have "\ n b. (G \ a <=l b) --> n < length a --> (G \ (a!n) <=o (b!n))" (is "?P a") proof (induct a) show "?P []" by simp @@ -285,7 +286,7 @@ theorem all_nth_sup_loc: - "\b. length a = length b \ (\ n. n < length a \ (G \ (a!n) <=o (b!n))) \ + "\b. length a = length b --> (\ n. n < length a --> (G \ (a!n) <=o (b!n))) --> (G \ a <=l b)" (is "?P a") proof (induct a) show "?P []" by simp @@ -295,14 +296,14 @@ show "?P (l#ls)" proof (intro strip) fix b - assume f: "\n. n < length (l # ls) \ (G \ ((l # ls) ! n) <=o (b ! n))" + assume f: "\n. n < length (l # ls) --> (G \ ((l # ls) ! n) <=o (b ! n))" assume l: "length (l#ls) = length b" then obtain b' bs where b: "b = b'#bs" by - (cases b, simp, simp add: neq_Nil_conv, rule that) with f - have "\n. n < length ls \ (G \ (ls!n) <=o (bs!n))" + have "\n. n < length ls --> (G \ (ls!n) <=o (bs!n))" by auto with f b l IH @@ -318,7 +319,7 @@ proof - assume l: "length a = length b" - have "\b. length a = length b \ (G \ (a@x) <=l (b@y)) = ((G \ a <=l b) \ + have "\b. length a = length b --> (G \ (a@x) <=l (b@y)) = ((G \ a <=l b) \ (G \ x <=l y))" (is "?P a") proof (induct a) show "?P []" by simp @@ -384,7 +385,7 @@ theorem sup_loc_update [rule_format]: - "\ n y. (G \ a <=o b) \ n < length y \ (G \ x <=l y) \ + "\ n y. (G \ a <=o b) --> n < length y --> (G \ x <=l y) --> (G \ x[n := a] <=l y[n := b])" (is "?P x") proof (induct x) show "?P []" by simp @@ -427,7 +428,7 @@ by (auto simp add: sup_state_def map_eq_Cons sup_loc_Cons2) theorem sup_state_ignore_fst: - "G \ (a, x) <=s (b, y) \ G \ (c, x) <=s (c, y)" + "G \ (a, x) <=s (b, y) ==> G \ (c, x) <=s (c, y)" by (simp add: sup_state_def) theorem sup_state_rev_fst: @@ -460,15 +461,15 @@ theorem sup_ty_opt_trans [trans]: - "\G \ a <=o b; G \ b <=o c\ \ G \ a <=o c" + "[|G \ a <=o b; G \ b <=o c|] ==> G \ a <=o c" by (auto intro: lift_top_trans widen_trans simp add: sup_ty_opt_def) theorem sup_loc_trans [trans]: - "\G \ a <=l b; G \ b <=l c\ \ G \ a <=l c" + "[|G \ a <=l b; G \ b <=l c|] ==> G \ a <=l c" proof - assume G: "G \ a <=l b" "G \ b <=l c" - hence "\ n. n < length a \ (G \ (a!n) <=o (c!n))" + hence "\ n. n < length a --> (G \ (a!n) <=o (c!n))" proof (intro strip) fix n assume n: "n < length a" @@ -490,11 +491,11 @@ theorem sup_state_trans [trans]: - "\G \ a <=s b; G \ b <=s c\ \ G \ a <=s c" + "[|G \ a <=s b; G \ b <=s c|] ==> G \ a <=s c" by (auto intro: sup_loc_trans simp add: sup_state_def) theorem sup_state_opt_trans [trans]: - "\G \ a <=' b; G \ b <=' c\ \ G \ a <=' c" + "[|G \ a <=' b; G \ b <=' c|] ==> G \ a <=' c" by (auto intro: lift_bottom_trans sup_state_trans simp add: sup_state_opt_def) diff -r 30693ebd16ae -r 7164dc0d24d8 src/HOL/MicroJava/BV/Correct.thy --- a/src/HOL/MicroJava/BV/Correct.thy Wed Sep 20 21:20:41 2000 +0200 +++ b/src/HOL/MicroJava/BV/Correct.thy Thu Sep 21 10:42:49 2000 +0200 @@ -11,26 +11,26 @@ theory Correct = BVSpec: constdefs - approx_val :: "[jvm_prog,aheap,val,ty err] \ bool" -"approx_val G h v any \ case any of Err \ True | Ok T \ G,h\v\\T" + approx_val :: "[jvm_prog,aheap,val,ty err] => bool" +"approx_val G h v any == case any of Err => True | Ok T => G,h\v::\T" - approx_loc :: "[jvm_prog,aheap,val list,locvars_type] \ bool" -"approx_loc G hp loc LT \ list_all2 (approx_val G hp) loc LT" + approx_loc :: "[jvm_prog,aheap,val list,locvars_type] => bool" +"approx_loc G hp loc LT == list_all2 (approx_val G hp) loc LT" - approx_stk :: "[jvm_prog,aheap,opstack,opstack_type] \ bool" -"approx_stk G hp stk ST \ approx_loc G hp stk (map Ok ST)" + approx_stk :: "[jvm_prog,aheap,opstack,opstack_type] => bool" +"approx_stk G hp stk ST == approx_loc G hp stk (map Ok ST)" - correct_frame :: "[jvm_prog,aheap,state_type,nat,bytecode] \ frame \ bool" -"correct_frame G hp \ \(ST,LT) maxl ins (stk,loc,C,sig,pc). + correct_frame :: "[jvm_prog,aheap,state_type,nat,bytecode] => frame => bool" +"correct_frame G hp == \(ST,LT) maxl ins (stk,loc,C,sig,pc). approx_stk G hp stk ST \ approx_loc G hp loc LT \ pc < length ins \ length loc=length(snd sig)+maxl+1" - correct_frame_opt :: "[jvm_prog,aheap,state_type option,nat,bytecode] \ frame \ bool" -"correct_frame_opt G hp s \ case s of None \ \maxl ins f. False | Some t \ correct_frame G hp t" + correct_frame_opt :: "[jvm_prog,aheap,state_type option,nat,bytecode] => frame => bool" +"correct_frame_opt G hp s == case s of None => \maxl ins f. False | Some t => correct_frame G hp t" consts - correct_frames :: "[jvm_prog,aheap,prog_type,ty,sig,frame list] \ bool" + correct_frames :: "[jvm_prog,aheap,prog_type,ty,sig,frame list] => bool" primrec "correct_frames G hp phi rT0 sig0 [] = True" @@ -52,13 +52,13 @@ constdefs - correct_state :: "[jvm_prog,prog_type,jvm_state] \ bool" + correct_state :: "[jvm_prog,prog_type,jvm_state] => bool" ("_,_\JVM _\" [51,51] 50) -"correct_state G phi \ \(xp,hp,frs). +"correct_state G phi == \(xp,hp,frs). case xp of - None \ (case frs of - [] \ True - | (f#fs) \ G\h hp\ \ + None => (case frs of + [] => True + | (f#fs) => G\h hp\ \ (let (stk,loc,C,sig,pc) = f in \rT maxl ins s. @@ -66,11 +66,11 @@ phi C sig ! pc = Some s \ correct_frame G hp s maxl ins f \ correct_frames G hp phi rT sig fs)) - | Some x \ True" + | Some x => True" lemma sup_heap_newref: - "hp x = None \ hp \| hp(newref hp \ obj)" + "hp x = None ==> hp \| hp(newref hp \ obj)" apply (unfold hext_def) apply clarsimp apply (drule newref_None 1) back @@ -78,7 +78,7 @@ . lemma sup_heap_update_value: - "hp a = Some (C,od') \ hp \| hp (a \ (C,od))" + "hp a = Some (C,od') ==> hp \| hp (a \ (C,od))" by (simp add: hext_def) @@ -93,29 +93,29 @@ by (auto intro: null simp add: approx_val_def) lemma approx_val_imp_approx_val_assConvertible [rule_format]: - "wf_prog wt G \ approx_val G hp v (Ok T) \ G\ T\T' \ approx_val G hp v (Ok T')" + "wf_prog wt G ==> approx_val G hp v (Ok T) --> G\ T\T' --> approx_val G hp v (Ok T')" by (cases T) (auto intro: conf_widen simp add: approx_val_def) lemma approx_val_imp_approx_val_sup_heap [rule_format]: - "approx_val G hp v at \ hp \| hp' \ approx_val G hp' v at" + "approx_val G hp v at --> hp \| hp' --> approx_val G hp' v at" apply (simp add: approx_val_def split: err.split) apply (blast intro: conf_hext) . lemma approx_val_imp_approx_val_heap_update: - "\hp a = Some obj'; G,hp\ v\\T; obj_ty obj = obj_ty obj'\ - \ G,hp(a\obj)\ v\\T" + "[|hp a = Some obj'; G,hp\ v::\T; obj_ty obj = obj_ty obj'|] + ==> G,hp(a\obj)\ v::\T" by (cases v, auto simp add: obj_ty_def conf_def) lemma approx_val_imp_approx_val_sup [rule_format]: - "wf_prog wt G \ (approx_val G h v us) \ (G \ us <=o us') \ (approx_val G h v us')" + "wf_prog wt G ==> (approx_val G h v us) --> (G \ us <=o us') --> (approx_val G h v us')" apply (simp add: sup_PTS_eq approx_val_def split: err.split) apply (blast intro: conf_widen) . lemma approx_loc_imp_approx_val_sup: - "\wf_prog wt G; approx_loc G hp loc LT; idx < length LT; v = loc!idx; G \ LT!idx <=o at\ - \ approx_val G hp v at" + "[|wf_prog wt G; approx_loc G hp loc LT; idx < length LT; v = loc!idx; G \ LT!idx <=o at|] + ==> approx_val G hp v at" apply (unfold approx_loc_def) apply (unfold list_all2_def) apply (auto intro: approx_val_imp_approx_val_sup simp add: split_def all_set_conv_all_nth) @@ -129,8 +129,8 @@ by (simp add: approx_loc_def) lemma assConv_approx_stk_imp_approx_loc [rule_format]: - "wf_prog wt G \ (\tt'\set (zip tys_n ts). tt' \ widen G) - \ length tys_n = length ts \ approx_stk G hp s tys_n \ + "wf_prog wt G ==> (\tt'\set (zip tys_n ts). tt' \ widen G) + --> length tys_n = length ts --> approx_stk G hp s tys_n --> approx_loc G hp s (map Ok ts)" apply (unfold approx_stk_def approx_loc_def list_all2_def) apply (clarsimp simp add: all_set_conv_all_nth) @@ -140,7 +140,7 @@ lemma approx_loc_imp_approx_loc_sup_heap [rule_format]: - "\lvars. approx_loc G hp lvars lt \ hp \| hp' \ approx_loc G hp' lvars lt" + "\lvars. approx_loc G hp lvars lt --> hp \| hp' --> approx_loc G hp' lvars lt" apply (unfold approx_loc_def list_all2_def) apply (cases lt) apply simp @@ -150,7 +150,7 @@ . lemma approx_loc_imp_approx_loc_sup [rule_format]: - "wf_prog wt G \ approx_loc G hp lvars lt \ G \ lt <=l lt' \ approx_loc G hp lvars lt'" + "wf_prog wt G ==> approx_loc G hp lvars lt --> G \ lt <=l lt' --> approx_loc G hp lvars lt'" apply (unfold sup_loc_def approx_loc_def list_all2_def) apply (auto simp add: all_set_conv_all_nth) apply (auto elim: approx_val_imp_approx_val_sup) @@ -158,8 +158,8 @@ lemma approx_loc_imp_approx_loc_subst [rule_format]: - "\loc idx x X. (approx_loc G hp loc LT) \ (approx_val G hp x X) - \ (approx_loc G hp (loc[idx:=x]) (LT[idx:=X]))" + "\loc idx x X. (approx_loc G hp loc LT) --> (approx_val G hp x X) + --> (approx_loc G hp (loc[idx:=x]) (LT[idx:=X]))" apply (unfold approx_loc_def list_all2_def) apply (auto dest: subsetD [OF set_update_subset_insert] simp add: zip_update) . @@ -168,7 +168,7 @@ lemmas [cong] = conj_cong lemma approx_loc_append [rule_format]: - "\L1 l2 L2. length l1=length L1 \ + "\L1 l2 L2. length l1=length L1 --> approx_loc G hp (l1@l2) (L1@L2) = (approx_loc G hp l1 L1 \ approx_loc G hp l2 L2)" apply (unfold approx_loc_def list_all2_def) apply simp @@ -192,12 +192,12 @@ lemma approx_stk_imp_approx_stk_sup_heap [rule_format]: - "\lvars. approx_stk G hp lvars lt \ hp \| hp' \ approx_stk G hp' lvars lt" + "\lvars. approx_stk G hp lvars lt --> hp \| hp' --> approx_stk G hp' lvars lt" by (auto intro: approx_loc_imp_approx_loc_sup_heap simp add: approx_stk_def) lemma approx_stk_imp_approx_stk_sup [rule_format]: - "wf_prog wt G \ approx_stk G hp lvars st \ (G \ map Ok st <=l (map Ok st')) - \ approx_stk G hp lvars st'" + "wf_prog wt G ==> approx_stk G hp lvars st --> (G \ map Ok st <=l (map Ok st')) + --> approx_stk G hp lvars st'" by (auto intro: approx_loc_imp_approx_loc_sup simp add: approx_stk_def) lemma approx_stk_Nil [iff]: @@ -215,7 +215,7 @@ by (simp add: list_all2_Cons2 approx_stk_def approx_loc_def) lemma approx_stk_append_lemma: - "approx_stk G hp stk (S@ST') \ + "approx_stk G hp stk (S@ST') ==> (\s stk'. stk = s@stk' \ length s = length S \ length stk' = length ST' \ approx_stk G hp s S \ approx_stk G hp stk' ST')" by (simp add: list_all2_append2 approx_stk_def approx_loc_def) @@ -224,7 +224,7 @@ (** oconf **) lemma correct_init_obj: - "\is_class G C; wf_prog wt G\ \ + "[|is_class G C; wf_prog wt G|] ==> G,h \ (C, map_of (map (\(f,fT).(f,default_val fT)) (fields(G,C)))) \" apply (unfold oconf_def lconf_def) apply (simp add: map_of_map) @@ -233,13 +233,13 @@ lemma oconf_imp_oconf_field_update [rule_format]: - "\map_of (fields (G, oT)) FD = Some T; G,hp\v\\T; G,hp\(oT,fs)\ \ - \ G,hp\(oT, fs(FD\v))\" + "[|map_of (fields (G, oT)) FD = Some T; G,hp\v::\T; G,hp\(oT,fs)\ |] + ==> G,hp\(oT, fs(FD\v))\" by (simp add: oconf_def lconf_def) lemma oconf_imp_oconf_heap_newref [rule_format]: -"hp x = None \ G,hp\obj\ \ G,hp\obj'\ \ G,(hp(newref hp\obj'))\obj\" +"hp x = None --> G,hp\obj\ --> G,hp\obj'\ --> G,(hp(newref hp\obj'))\obj\" apply (unfold oconf_def lconf_def) apply simp apply (fast intro: conf_hext sup_heap_newref) @@ -247,8 +247,8 @@ lemma oconf_imp_oconf_heap_update [rule_format]: - "hp a = Some obj' \ obj_ty obj' = obj_ty obj'' \ G,hp\obj\ - \ G,hp(a\obj'')\obj\" + "hp a = Some obj' --> obj_ty obj' = obj_ty obj'' --> G,hp\obj\ + --> G,hp(a\obj'')\obj\" apply (unfold oconf_def lconf_def) apply simp apply (force intro: approx_val_imp_approx_val_heap_update) @@ -259,14 +259,14 @@ lemma hconf_imp_hconf_newref [rule_format]: - "hp x = None \ G\h hp\ \ G,hp\obj\ \ G\h hp(newref hp\obj)\" + "hp x = None --> G\h hp\ --> G,hp\obj\ --> G\h hp(newref hp\obj)\" apply (simp add: hconf_def) apply (fast intro: oconf_imp_oconf_heap_newref) . lemma hconf_imp_hconf_field_update [rule_format]: "map_of (fields (G, oT)) (F, D) = Some T \ hp oloc = Some(oT,fs) \ - G,hp\v\\T \ G\h hp\ \ G\h hp(oloc \ (oT, fs((F,D)\v)))\" + G,hp\v::\T \ G\h hp\ --> G\h hp(oloc \ (oT, fs((F,D)\v)))\" apply (simp add: hconf_def) apply (force intro: oconf_imp_oconf_heap_update oconf_imp_oconf_field_update simp add: obj_ty_def) @@ -277,10 +277,10 @@ lemmas [simp del] = fun_upd_apply lemma correct_frames_imp_correct_frames_field_update [rule_format]: - "\rT C sig. correct_frames G hp phi rT sig frs \ - hp a = Some (C,od) \ map_of (fields (G, C)) fl = Some fd \ - G,hp\v\\fd - \ correct_frames G (hp(a \ (C, od(fl\v)))) phi rT sig frs"; + "\rT C sig. correct_frames G hp phi rT sig frs --> + hp a = Some (C,od) --> map_of (fields (G, C)) fl = Some fd --> + G,hp\v::\fd + --> correct_frames G (hp(a \ (C, od(fl\v)))) phi rT sig frs"; apply (induct frs) apply simp apply (clarsimp simp add: correct_frame_def) (*takes long*) @@ -300,8 +300,8 @@ . lemma correct_frames_imp_correct_frames_newref [rule_format]: - "\rT C sig. hp x = None \ correct_frames G hp phi rT sig frs \ oconf G hp obj - \ correct_frames G (hp(newref hp \ obj)) phi rT sig frs" + "\rT C sig. hp x = None --> correct_frames G hp phi rT sig frs \ oconf G hp obj + --> correct_frames G (hp(newref hp \ obj)) phi rT sig frs" apply (induct frs) apply simp apply (clarsimp simp add: correct_frame_def) diff -r 30693ebd16ae -r 7164dc0d24d8 src/HOL/MicroJava/BV/LBVComplete.thy --- a/src/HOL/MicroJava/BV/LBVComplete.thy Wed Sep 20 21:20:41 2000 +0200 +++ b/src/HOL/MicroJava/BV/LBVComplete.thy Thu Sep 21 10:42:49 2000 +0200 @@ -9,30 +9,30 @@ theory LBVComplete = BVSpec + LBVSpec + StepMono: constdefs - contains_targets :: "[instr list, certificate, method_type, p_count] \ bool" - "contains_targets ins cert phi pc \ + contains_targets :: "[instr list, certificate, method_type, p_count] => bool" + "contains_targets ins cert phi pc == \pc' \ set (succs (ins!pc) pc). - pc' \ pc+1 \ pc' < length ins \ cert!pc' = phi!pc'" + pc' \ pc+1 \ pc' < length ins --> cert!pc' = phi!pc'" - fits :: "[instr list, certificate, method_type] \ bool" - "fits ins cert phi \ \pc. pc < length ins \ + fits :: "[instr list, certificate, method_type] => bool" + "fits ins cert phi == \pc. pc < length ins --> contains_targets ins cert phi pc \ (cert!pc = None \ cert!pc = phi!pc)" - is_target :: "[instr list, p_count] \ bool" - "is_target ins pc \ + is_target :: "[instr list, p_count] => bool" + "is_target ins pc == \pc'. pc \ pc'+1 \ pc' < length ins \ pc \ set (succs (ins!pc') pc')" constdefs - make_cert :: "[instr list, method_type] \ certificate" - "make_cert ins phi \ + make_cert :: "[instr list, method_type] => certificate" + "make_cert ins phi == map (\pc. if is_target ins pc then phi!pc else None) [0..length ins(]" - make_Cert :: "[jvm_prog, prog_type] \ prog_certificate" - "make_Cert G Phi \ \ C sig. - let (C,x,y,mdecls) = \ (Cl,x,y,mdecls). (Cl,x,y,mdecls) \ set G \ Cl = C; - (sig,rT,maxl,b) = \ (sg,rT,maxl,b). (sg,rT,maxl,b) \ set mdecls \ sg = sig + make_Cert :: "[jvm_prog, prog_type] => prog_certificate" + "make_Cert G Phi == \ C sig. + let (C,x,y,mdecls) = SOME (Cl,x,y,mdecls). (Cl,x,y,mdecls) \ set G \ Cl = C; + (sig,rT,maxl,b) = SOME (sg,rT,maxl,b). (sg,rT,maxl,b) \ set mdecls \ sg = sig in make_cert b (Phi C sig)" @@ -197,14 +197,14 @@ have app: "app (ins!pc) G rT (phi!pc)" by (simp add: wt_instr_def) from wt pc - have pc': "\pc'. pc' \ set (succs (ins!pc) pc) ==> pc' < length ins" + have pc': "!!pc'. pc' \ set (succs (ins!pc) pc) ==> pc' < length ins" by (simp add: wt_instr_def) let ?s' = "step (ins!pc) G (phi!pc)" from wt fits pc - have cert: "!!pc'. \pc' \ set (succs (ins!pc) pc); pc' < max_pc; pc' \ pc+1\ - \ G \ ?s' <=' cert!pc'" + have cert: "!!pc'. [|pc' \ set (succs (ins!pc) pc); pc' < max_pc; pc' \ pc+1|] + ==> G \ ?s' <=' cert!pc'" by (auto dest: fitsD simp add: wt_instr_def) from app pc cert pc' @@ -324,14 +324,14 @@ *} theorem wt_imp_wtl_inst_list: -"\ pc. (\pc'. pc' < length all_ins \ - wt_instr (all_ins ! pc') G rT phi (length all_ins) pc') \ - fits all_ins cert phi \ - (\l. pc = length l \ all_ins = l@ins) \ - pc < length all_ins \ - (\ s. (G \ s <=' (phi!pc)) \ +"\ pc. (\pc'. pc' < length all_ins --> + wt_instr (all_ins ! pc') G rT phi (length all_ins) pc') --> + fits all_ins cert phi --> + (\l. pc = length l \ all_ins = l@ins) --> + pc < length all_ins --> + (\ s. (G \ s <=' (phi!pc)) --> wtl_inst_list ins G rT cert (length all_ins) pc s \ Err)" -(is "\pc. ?wt \ ?fits \ ?l pc ins \ ?len pc \ ?wtl pc ins" +(is "\pc. ?wt --> ?fits --> ?l pc ins --> ?len pc --> ?wtl pc ins" is "\pc. ?C pc ins" is "?P ins") proof (induct "?P" "ins") case Nil @@ -343,7 +343,7 @@ show "?P (i#ins')" proof (intro allI impI, elim exE conjE) fix pc s l - assume wt : "\pc'. pc' < length all_ins \ + assume wt : "\pc'. pc' < length all_ins --> wt_instr (all_ins ! pc') G rT phi (length all_ins) pc'" assume fits: "fits all_ins cert phi" assume l : "pc < length all_ins" @@ -362,7 +362,7 @@ from Cons have "?C (Suc pc) ins'" by blast with wt fits pc - have IH: "?len (Suc pc) \ ?wtl (Suc pc) ins'" by auto + have IH: "?len (Suc pc) --> ?wtl (Suc pc) ins'" by auto show "wtl_inst_list (i#ins') G rT cert (length all_ins) pc s \ Err" proof (cases "?len (Suc pc)") @@ -422,20 +422,10 @@ by (rule fits_imp_wtl_method_complete) qed -lemma unique_set: -"(a,b,c,d)\set l \ unique l \ (a',b',c',d') \ set l \ - a = a' \ b=b' \ c=c' \ d=d'" - by (induct "l") auto - -lemma unique_epsilon: - "(a,b,c,d)\set l \ unique l \ - (\ (a',b',c',d'). (a',b',c',d') \ set l \ a'=a) = (a,b,c,d)" - by (auto simp add: unique_set) - theorem wtl_complete: "wt_jvm_prog G Phi ==> wtl_jvm_prog G (make_Cert G Phi)" -proof (simp only: wt_jvm_prog_def) +proof (unfold wt_jvm_prog_def) assume wfprog: "wf_prog (\G C (sig,rT,maxl,b). wt_method G C (snd sig) rT maxl b (Phi C sig)) G" @@ -449,12 +439,12 @@ (\(sig,rT,mb)\set ms. wf_mhead G sig rT \ (\(maxl,b). wt_method G C (snd sig) rT maxl b (Phi C sig)) mb) \ unique ms \ - (case sc of None \ C = Object - | Some D \ + (case sc of None => C = Object + | Some D => is_class G D \ (D, C) \ (subcls1 G)^* \ (\(sig,rT,b)\set ms. - \D' rT' b'. method (G, D) sig = Some (D', rT', b') \ G\rT\rT'))" + \D' rT' b'. method (G, D) sig = Some (D', rT', b') --> G\rT\rT'))" "(a, aa, ab, b) \ set G" assume uG : "unique G" diff -r 30693ebd16ae -r 7164dc0d24d8 src/HOL/MicroJava/BV/LBVCorrect.thy --- a/src/HOL/MicroJava/BV/LBVCorrect.thy Wed Sep 20 21:20:41 2000 +0200 +++ b/src/HOL/MicroJava/BV/LBVCorrect.thy Thu Sep 21 10:42:49 2000 +0200 @@ -11,31 +11,31 @@ lemmas [simp del] = split_paired_Ex split_paired_All constdefs -fits :: "[method_type,instr list,jvm_prog,ty,state_type option,certificate] \ bool" -"fits phi is G rT s0 cert \ - (\pc s1. pc < length is \ - (wtl_inst_list (take pc is) G rT cert (length is) 0 s0 = Ok s1 \ - (case cert!pc of None \ phi!pc = s1 - | Some t \ phi!pc = Some t)))" +fits :: "[method_type,instr list,jvm_prog,ty,state_type option,certificate] => bool" +"fits phi is G rT s0 cert == + (\pc s1. pc < length is --> + (wtl_inst_list (take pc is) G rT cert (length is) 0 s0 = Ok s1 --> + (case cert!pc of None => phi!pc = s1 + | Some t => phi!pc = Some t)))" constdefs -make_phi :: "[instr list,jvm_prog,ty,state_type option,certificate] \ method_type" -"make_phi is G rT s0 cert \ +make_phi :: "[instr list,jvm_prog,ty,state_type option,certificate] => method_type" +"make_phi is G rT s0 cert == map (\pc. case cert!pc of - None \ val (wtl_inst_list (take pc is) G rT cert (length is) 0 s0) - | Some t \ Some t) [0..length is(]" + None => val (wtl_inst_list (take pc is) G rT cert (length is) 0 s0) + | Some t => Some t) [0..length is(]" lemma fitsD_None: - "\fits phi is G rT s0 cert; pc < length is; + "[|fits phi is G rT s0 cert; pc < length is; wtl_inst_list (take pc is) G rT cert (length is) 0 s0 = Ok s1; - cert ! pc = None\ \ phi!pc = s1" + cert ! pc = None|] ==> phi!pc = s1" by (auto simp add: fits_def) lemma fitsD_Some: - "\fits phi is G rT s0 cert; pc < length is; + "[|fits phi is G rT s0 cert; pc < length is; wtl_inst_list (take pc is) G rT cert (length is) 0 s0 = Ok s1; - cert ! pc = Some t\ \ phi!pc = Some t" + cert ! pc = Some t|] ==> phi!pc = Some t" by (auto simp add: fits_def) lemma make_phi_Some: @@ -62,7 +62,7 @@ lemma fits_lemma1: "[| wtl_inst_list is G rT cert (length is) 0 s = Ok s'; fits phi is G rT s cert |] - ==> \pc t. pc < length is \ cert!pc = Some t \ phi!pc = Some t" + ==> \pc t. pc < length is --> cert!pc = Some t --> phi!pc = Some t" proof (intro strip) fix pc t assume "wtl_inst_list is G rT cert (length is) 0 s = Ok s'" @@ -114,11 +114,11 @@ "wtl_cert l G rT s'' cert (length is) (Suc pc) = Ok x" by (auto simp add: wtl_append min_def simp del: append_take_drop_id) - hence c1: "\t. cert!Suc pc = Some t ==> G \ s'' <=' cert!Suc pc" + hence c1: "!!t. cert!Suc pc = Some t ==> G \ s'' <=' cert!Suc pc" by (simp add: wtl_cert_def split: if_splits) moreover from fits pc wts - have c2: "\t. cert!Suc pc = Some t ==> phi!Suc pc = cert!Suc pc" + have c2: "!!t. cert!Suc pc = Some t ==> phi!Suc pc = cert!Suc pc" by - (drule fitsD_Some, auto) moreover from fits pc wts @@ -150,7 +150,7 @@ from fits wtl pc have cert_Some: - "\t pc. [| pc < length is; cert!pc = Some t |] ==> phi!pc = Some t" + "!!t pc. [| pc < length is; cert!pc = Some t |] ==> phi!pc = Some t" by (auto dest: fits_lemma1) from fits wtl pc @@ -236,7 +236,7 @@ by (rule fitsD_None) moreover from fits pc wt0 - have "\t. cert!0 = Some t ==> phi!0 = cert!0" + have "!!t. cert!0 = Some t ==> phi!0 = cert!0" by - (drule fitsD_Some, auto) moreover from pc @@ -247,7 +247,7 @@ "wtl_cert x G rT s cert (length is) 0 = Ok s'" by simp (elim, rule that, simp) hence - "\t. cert!0 = Some t ==> G \ s <=' cert!0" + "!!t. cert!0 = Some t ==> G \ s <=' cert!0" by (simp add: wtl_cert_def split: if_splits) ultimately @@ -268,7 +268,7 @@ with wtl have allpc: - "\pc. pc < length ins \ wt_instr (ins ! pc) G rT phi (length ins) pc" + "\pc. pc < length ins --> wt_instr (ins ! pc) G rT phi (length ins) pc" by (blast intro: wtl_fits_wt) from pc wtl fits @@ -279,15 +279,6 @@ show ?thesis by (auto simp add: wt_method_def) qed -lemma unique_set: - "(a,b,c,d)\set l \ unique l \ (a',b',c',d') \ set l \ - a = a' \ b=b' \ c=c' \ d=d'" - by (induct "l") auto - -lemma unique_epsilon: - "(a,b,c,d)\set l \ unique l \ - (\ (a',b',c',d'). (a',b',c',d') \ set l \ a'=a) = (a,b,c,d)" - by (auto simp add: unique_set) theorem wtl_correct: "wtl_jvm_prog G cert ==> \ Phi. wt_jvm_prog G Phi" @@ -304,9 +295,9 @@ (is "\Phi. ?Q Phi") proof (intro exI) let "?Phi" = "\ C sig. - let (C,x,y,mdecls) = \ (Cl,x,y,mdecls). (Cl,x,y,mdecls) \ set G \ Cl = C; - (sig,rT,maxl,b) = \ (sg,rT,maxl,b). (sg,rT,maxl,b) \ set mdecls \ sg = sig - in \ phi. wt_method G C (snd sig) rT maxl b phi" + let (C,x,y,mdecls) = SOME (Cl,x,y,mdecls). (Cl,x,y,mdecls) \ set G \ Cl = C; + (sig,rT,maxl,b) = SOME (sg,rT,maxl,b). (sg,rT,maxl,b) \ set mdecls \ sg = sig + in SOME phi. wt_method G C (snd sig) rT maxl b phi" from wtl_prog show "?Q ?Phi" proof (unfold wf_cdecl_def, intro) @@ -328,8 +319,8 @@ wt_method G a (snd sig) rT maxl b ((\(C,x,y,mdecls). (\(sig,rT,maxl,b). Eps (wt_method G C (snd sig) rT maxl b)) - (\(sg,rT,maxl,b). (sg, rT, maxl, b) \ set mdecls \ sg = sig)) - (\(Cl,x,y,mdecls). (Cl, x, y, mdecls) \ set G \ Cl = a))) mb) m" + (SOME (sg,rT,maxl,b). (sg, rT, maxl, b) \ set mdecls \ sg = sig)) + (SOME (Cl,x,y,mdecls). (Cl, x, y, mdecls) \ set G \ Cl = a))) mb) m" by - (drule bspec, assumption, clarsimp dest!: wtl_method_correct, clarsimp intro!: someI simp add: unique_epsilon) diff -r 30693ebd16ae -r 7164dc0d24d8 src/HOL/MicroJava/BV/LBVSpec.thy --- a/src/HOL/MicroJava/BV/LBVSpec.thy Wed Sep 20 21:20:41 2000 +0200 +++ b/src/HOL/MicroJava/BV/LBVSpec.thy Thu Sep 21 10:42:49 2000 +0200 @@ -11,44 +11,36 @@ types certificate = "state_type option list" - class_certificate = "sig \ certificate" - prog_certificate = "cname \ class_certificate" + class_certificate = "sig => certificate" + prog_certificate = "cname => class_certificate" constdefs check_cert :: "[instr, jvm_prog, state_type option, certificate, p_count, p_count] - \ bool" - "check_cert i G s cert pc max_pc \ \pc' \ set (succs i pc). pc' < max_pc \ - (pc' \ pc+1 \ G \ step i G s <=' cert!pc')" + => bool" + "check_cert i G s cert pc max_pc == \pc' \ set (succs i pc). pc' < max_pc \ + (pc' \ pc+1 --> G \ step i G s <=' cert!pc')" wtl_inst :: "[instr,jvm_prog,ty,state_type option,certificate,p_count,p_count] - \ state_type option err" - "wtl_inst i G rT s cert max_pc pc \ + => state_type option err" + "wtl_inst i G rT s cert max_pc pc == if app i G rT s \ check_cert i G s cert pc max_pc then if pc+1 mem (succs i pc) then Ok (step i G s) else Ok (cert!(pc+1)) else Err"; -lemma wtl_inst_Ok: -"(wtl_inst i G rT s cert max_pc pc = Ok s') = - (app i G rT s \ (\pc' \ set (succs i pc). - pc' < max_pc \ (pc' \ pc+1 \ G \ step i G s <=' cert!pc')) \ - (if pc+1 \ set (succs i pc) then s' = step i G s else s' = cert!(pc+1)))" - by (auto simp add: wtl_inst_def check_cert_def set_mem_eq); - - constdefs wtl_cert :: "[instr,jvm_prog,ty,state_type option,certificate,p_count,p_count] - \ state_type option err" - "wtl_cert i G rT s cert max_pc pc \ + => state_type option err" + "wtl_cert i G rT s cert max_pc pc == case cert!pc of - None \ wtl_inst i G rT s cert max_pc pc - | Some s' \ if G \ s <=' (Some s') then + None => wtl_inst i G rT s cert max_pc pc + | Some s' => if G \ s <=' (Some s') then wtl_inst i G rT (Some s') cert max_pc pc else Err" consts wtl_inst_list :: "[instr list,jvm_prog,ty,certificate,p_count,p_count, - state_type option] \ state_type option err" + state_type option] => state_type option err" primrec "wtl_inst_list [] G rT cert max_pc pc s = Ok s" "wtl_inst_list (i#is) G rT cert max_pc pc s = @@ -57,19 +49,26 @@ constdefs - wtl_method :: "[jvm_prog,cname,ty list,ty,nat,instr list,certificate] \ bool" - "wtl_method G C pTs rT mxl ins cert \ + wtl_method :: "[jvm_prog,cname,ty list,ty,nat,instr list,certificate] => bool" + "wtl_method G C pTs rT mxl ins cert == let max_pc = length ins in 0 < max_pc \ wtl_inst_list ins G rT cert max_pc 0 (Some ([],(Ok (Class C))#((map Ok pTs))@(replicate mxl Err))) \ Err" - wtl_jvm_prog :: "[jvm_prog,prog_certificate] \ bool" - "wtl_jvm_prog G cert \ + wtl_jvm_prog :: "[jvm_prog,prog_certificate] => bool" + "wtl_jvm_prog G cert == wf_prog (\G C (sig,rT,maxl,b). wtl_method G C (snd sig) rT maxl b (cert C sig)) G" -text {* \medskip *} + + +lemma wtl_inst_Ok: +"(wtl_inst i G rT s cert max_pc pc = Ok s') = + (app i G rT s \ (\pc' \ set (succs i pc). + pc' < max_pc \ (pc' \ pc+1 --> G \ step i G s <=' cert!pc')) \ + (if pc+1 \ set (succs i pc) then s' = step i G s else s' = cert!(pc+1)))" + by (auto simp add: wtl_inst_def check_cert_def set_mem_eq); lemma strict_Some [simp]: "(strict f x = Ok y) = (\ z. x = Ok z \ f z = Ok y)" @@ -127,7 +126,7 @@ qed lemma take_Suc: - "\n. n < length l \ take (Suc n) l = (take n l)@[l!n]" (is "?P l") + "\n. n < length l --> take (Suc n) l = (take n l)@[l!n]" (is "?P l") proof (induct l) show "?P []" by simp @@ -191,4 +190,14 @@ by (auto simp add: wtl_append min_def) qed +lemma unique_set: +"(a,b,c,d)\set l --> unique l --> (a',b',c',d') \ set l --> + a = a' --> b=b' \ c=c' \ d=d'" + by (induct "l") auto + +lemma unique_epsilon: + "(a,b,c,d)\set l --> unique l --> + (SOME (a',b',c',d'). (a',b',c',d') \ set l \ a'=a) = (a,b,c,d)" + by (auto simp add: unique_set) + end diff -r 30693ebd16ae -r 7164dc0d24d8 src/HOL/MicroJava/BV/Step.thy --- a/src/HOL/MicroJava/BV/Step.thy Wed Sep 20 21:20:41 2000 +0200 +++ b/src/HOL/MicroJava/BV/Step.thy Thu Sep 21 10:42:49 2000 +0200 @@ -12,7 +12,7 @@ text "Effect of instruction on the state type:" consts -step' :: "instr \ jvm_prog \ state_type \ state_type" +step' :: "instr \ jvm_prog \ state_type => state_type" recdef step' "{}" "step' (Load idx, G, (ST, LT)) = (val (LT ! idx) # ST, LT)" @@ -40,13 +40,13 @@ (* "step' (i,G,s) = None" *) constdefs - step :: "instr \ jvm_prog \ state_type option \ state_type option" - "step i G \ opt_map (\s. step' (i,G,s))" + step :: "instr => jvm_prog => state_type option => state_type option" + "step i G == option_map (\s. step' (i,G,s))" text "Conditions under which step is applicable:" consts -app' :: "instr \ jvm_prog \ ty \ state_type \ bool" +app' :: "instr \ jvm_prog \ ty \ state_type => bool" recdef app' "{}" "app' (Load idx, G, rT, s) = (idx < length (snd s) \ @@ -88,13 +88,13 @@ constdefs - app :: "instr \ jvm_prog \ ty \ state_type option \ bool" - "app i G rT s \ case s of None \ True | Some t \ app' (i,G,rT,t)" + app :: "instr => jvm_prog => ty => state_type option => bool" + "app i G rT s == case s of None => True | Some t => app' (i,G,rT,t)" text {* program counter of successor instructions: *} consts -succs :: "instr \ p_count \ p_count list" +succs :: "instr => p_count => p_count list" primrec "succs (Load idx) pc = [pc+1]" @@ -117,13 +117,13 @@ "succs (Invoke C mn fpTs) pc = [pc+1]" -lemma 1: "2 < length a \ (\l l' l'' ls. a = l#l'#l''#ls)" +lemma 1: "2 < length a ==> (\l l' l'' ls. a = l#l'#l''#ls)" proof (cases a) fix x xs assume "a = x#xs" "2 < length a" thus ?thesis by - (cases xs, simp, cases "tl xs", auto) qed auto -lemma 2: "\(2 < length a) \ a = [] \ (\ l. a = [l]) \ (\ l l'. a = [l,l'])" +lemma 2: "\(2 < length a) ==> a = [] \ (\ l. a = [l]) \ (\ l l'. a = [l,l'])" proof -; assume "\(2 < length a)" hence "length a < (Suc 2)" by simp @@ -136,7 +136,7 @@ hence "\ l. x = [l]" by - (cases x, auto) } note 0 = this - have "length a = 2 \ \l l'. a = [l,l']" by (cases a, auto dest: 0) + have "length a = 2 ==> \l l'. a = [l,l']" by (cases a, auto dest: 0) with * show ?thesis by (auto dest: 0) qed @@ -149,7 +149,6 @@ by (simp add: app_def) - lemma appLoad[simp]: "(app (Load idx) G rT (Some s)) = (idx < length (snd s) \ (snd s) ! idx \ Err)" by (simp add: app_def) @@ -264,7 +263,7 @@ method (G,C) (mn,fpTs) = Some (mD', rT', b'))" (is "?app s = ?P s") proof (cases (open) s) case Pair - have "?app (a,b) \ ?P (a,b)" + have "?app (a,b) ==> ?P (a,b)" proof - assume app: "?app (a,b)" hence "a = (rev (rev (take (length fpTs) a))) @ (drop (length fpTs) a) \ @@ -286,7 +285,7 @@ with app show ?thesis by (auto simp add: app_def) blast qed - with Pair have "?app s \ ?P s" by simp + with Pair have "?app s ==> ?P s" by simp thus ?thesis by (auto simp add: app_def) qed diff -r 30693ebd16ae -r 7164dc0d24d8 src/HOL/MicroJava/BV/StepMono.thy --- a/src/HOL/MicroJava/BV/StepMono.thy Wed Sep 20 21:20:41 2000 +0200 +++ b/src/HOL/MicroJava/BV/StepMono.thy Thu Sep 21 10:42:49 2000 +0200 @@ -14,7 +14,7 @@ lemma sup_loc_some [rule_format]: -"\ y n. (G \ b <=l y) \ n < length y \ y!n = Ok t \ +"\ y n. (G \ b <=l y) --> n < length y --> y!n = Ok t --> (\t. b!n = Ok t \ (G \ (b!n) <=o (y!n)))" (is "?P b") proof (induct (open) ?P b) show "?P []" by simp @@ -41,9 +41,9 @@ lemma all_widen_is_sup_loc: -"\b. length a = length b \ +"\b. length a = length b --> (\x\set (zip a b). x \ widen G) = (G \ (map Ok a) <=l (map Ok b))" - (is "\b. length a = length b \ ?Q a b" is "?P a") + (is "\b. length a = length b --> ?Q a b" is "?P a") proof (induct "a") show "?P []" by simp @@ -60,7 +60,7 @@ lemma append_length_n [rule_format]: -"\n. n \ length x \ (\a b. x = a@b \ length a = n)" (is "?P x") +"\n. n \ length x --> (\a b. x = a@b \ length a = n)" (is "?P x") proof (induct (open) ?P x) show "?P []" by simp @@ -94,7 +94,7 @@ lemma rev_append_cons: -"\n < length x\ \ \a b c. x = (rev a) @ b # c \ length a = n" +"[|n < length x|] ==> \a b c. x = (rev a) @ b # c \ length a = n" proof - assume n: "n < length x" hence "n \ length x" by simp @@ -118,7 +118,7 @@ lemma app_mono: -"\G \ s <=' s'; app i G rT s'\ \ app i G rT s"; +"[|G \ s <=' s'; app i G rT s'|] ==> app i G rT s"; proof - { fix s1 s2 diff -r 30693ebd16ae -r 7164dc0d24d8 src/HOL/MicroJava/J/Conform.ML --- a/src/HOL/MicroJava/J/Conform.ML Wed Sep 20 21:20:41 2000 +0200 +++ b/src/HOL/MicroJava/J/Conform.ML Thu Sep 21 10:42:49 2000 +0200 @@ -6,25 +6,25 @@ section "hext"; -val hextI = prove_goalw thy [hext_def] "\\h. \ -\ \\a C fs . h a = Some (C,fs) \\ \ -\ (\\fs'. h' a = Some (C,fs')) \\ h\\|h'" (K [Auto_tac ]); +val hextI = prove_goalw thy [hext_def] "!!h. \ +\ \\a C fs . h a = Some (C,fs) --> \ +\ (\\fs'. h' a = Some (C,fs')) ==> h\\|h'" (K [Auto_tac ]); val hext_objD = prove_goalw thy [hext_def] -"\\h. \\h\\|h'; h a = Some (C,fs) \\ \\ \\fs'. h' a = Some (C,fs')" +"!!h. [|h\\|h'; h a = Some (C,fs) |] ==> \\fs'. h' a = Some (C,fs')" (K [Force_tac 1]); val hext_refl = prove_goal thy "h\\|h" (K [ rtac hextI 1, Fast_tac 1]); -val hext_new = prove_goal thy "\\h. h a = None \\ h\\|h(a\\x)" (K [ +val hext_new = prove_goal thy "!!h. h a = None ==> h\\|h(a\\x)" (K [ rtac hextI 1, safe_tac HOL_cs, ALLGOALS (case_tac "aa = a"), Auto_tac]); -val hext_trans = prove_goal thy "\\h. \\h\\|h'; h'\\|h''\\ \\ h\\|h''" (K [ +val hext_trans = prove_goal thy "!!h. [|h\\|h'; h'\\|h''|] ==> h\\|h''" (K [ rtac hextI 1, safe_tac HOL_cs, fast_tac (HOL_cs addDs [hext_objD]) 1]); @@ -32,7 +32,7 @@ Addsimps [hext_refl, hext_new]; val hext_upd_obj = prove_goal thy -"\\h. h a = Some (C,fs) \\ h\\|h(a\\(C,fs'))" (K [ +"!!h. h a = Some (C,fs) ==> h\\|h(a\\(C,fs'))" (K [ rtac hextI 1, safe_tac HOL_cs, ALLGOALS (case_tac "aa = a"), @@ -42,37 +42,37 @@ section "conf"; val conf_Null = prove_goalw thy [conf_def] -"G,h\\Null\\\\T = G\\RefT NullT\\T" (K [Simp_tac 1]); +"G,h\\Null::\\T = G\\RefT NullT\\T" (K [Simp_tac 1]); Addsimps [conf_Null]; val conf_litval = prove_goalw thy [conf_def] -"typeof (\\v. None) v = Some T \\ G,h\\v\\\\T" (K [ +"typeof (\\v. None) v = Some T --> G,h\\v::\\T" (K [ rtac val_.induct 1, Auto_tac]) RS mp; -Goalw [conf_def] "G,s\\Unit\\\\PrimT Void"; +Goalw [conf_def] "G,s\\Unit::\\PrimT Void"; by( Simp_tac 1); qed "conf_VoidI"; -Goalw [conf_def] "G,s\\Bool b\\\\PrimT Boolean"; +Goalw [conf_def] "G,s\\Bool b::\\PrimT Boolean"; by( Simp_tac 1); qed "conf_BooleanI"; -Goalw [conf_def] "G,s\\Intg i\\\\PrimT Integer"; +Goalw [conf_def] "G,s\\Intg i::\\PrimT Integer"; by( Simp_tac 1); qed "conf_IntegerI"; Addsimps [conf_VoidI, conf_BooleanI, conf_IntegerI]; val conf_AddrI = prove_goalw thy [conf_def] -"\\G. \\h a = Some obj; G\\obj_ty obj\\T\\ \\ G,h\\Addr a\\\\T" +"!!G. [|h a = Some obj; G\\obj_ty obj\\T|] ==> G,h\\Addr a::\\T" (K [Asm_full_simp_tac 1]); val conf_obj_AddrI = prove_goalw thy [conf_def] - "\\G. \\h a = Some (C,fs); G\\C\\C D\\ \\ G,h\\Addr a\\\\ Class D" + "!!G. [|h a = Some (C,fs); G\\C\\C D|] ==> G,h\\Addr a::\\ Class D" (K [Asm_full_simp_tac 1]); -Goalw [conf_def] "is_type G T \\ G,h\\default_val T\\\\T"; +Goalw [conf_def] "is_type G T --> G,h\\default_val T::\\T"; by (res_inst_tac [("y","T")] ty.exhaust 1); by (etac ssubst 1); by (res_inst_tac [("y","prim_ty")] prim_ty.exhaust 1); @@ -80,7 +80,7 @@ qed_spec_mp "defval_conf"; val conf_upd_obj = prove_goalw thy [conf_def] -"h a = Some (C,fs) \\ (G,h(a\\(C,fs'))\\x\\\\T) = (G,h\\x\\\\T)" (fn _ => [ +"h a = Some (C,fs) --> (G,h(a\\(C,fs'))\\x::\\T) = (G,h\\x::\\T)" (fn _ => [ rtac impI 1, rtac val_.induct 1, ALLGOALS Simp_tac, @@ -88,14 +88,14 @@ ALLGOALS Asm_simp_tac]) RS mp; val conf_widen = prove_goalw thy [conf_def] -"\\G. wf_prog wf_mb G \\ G,h\\x\\\\T \\ G\\T\\T' \\ G,h\\x\\\\T'" (K [ +"!!G. wf_prog wf_mb G ==> G,h\\x::\\T --> G\\T\\T' --> G,h\\x::\\T'" (K [ rtac val_.induct 1, ALLGOALS Simp_tac, ALLGOALS (fast_tac (HOL_cs addIs [widen_trans]))]) RS mp RS mp; bind_thm ("conf_widen", conf_widen); val conf_hext' = prove_goalw thy [conf_def] - "\\h. h\\|h' \\ (\\v T. G,h\\v\\\\T \\ G,h'\\v\\\\T)" (K [ + "!!h. h\\|h' ==> (\\v T. G,h\\v::\\T --> G,h'\\v::\\T)" (K [ REPEAT (rtac allI 1), rtac val_.induct 1, ALLGOALS Simp_tac, @@ -107,36 +107,36 @@ bind_thm ("conf_hext", conf_hext); val new_locD = prove_goalw thy [conf_def] - "\\h a = None; G,h\\Addr t\\\\T\\ \\ t\\a" (fn prems => [ + "[|h a = None; G,h\\Addr t::\\T|] ==> t\\a" (fn prems => [ cut_facts_tac prems 1, Full_simp_tac 1, safe_tac HOL_cs, Asm_full_simp_tac 1]); Goalw [conf_def] - "G,h\\a'\\\\RefT T \\ a' = Null | \ + "G,h\\a'::\\RefT T --> a' = Null | \ \ (\\a obj T'. a' = Addr a \\ h a = Some obj \\ obj_ty obj = T' \\ G\\T'\\RefT T)"; by(induct_tac "a'" 1); by(Auto_tac); qed_spec_mp "conf_RefTD"; -val conf_NullTD = prove_goal thy "\\G. G,h\\a'\\\\RefT NullT \\ a' = Null" (K [ +val conf_NullTD = prove_goal thy "!!G. G,h\\a'::\\RefT NullT ==> a' = Null" (K [ dtac conf_RefTD 1, Step_tac 1, Auto_tac]); -val non_npD = prove_goal thy "\\G. \\a' \\ Null; G,h\\a'\\\\RefT t\\ \\ \ +val non_npD = prove_goal thy "!!G. [|a' \\ Null; G,h\\a'::\\RefT t|] ==> \ \ \\a C fs. a' = Addr a \\ h a = Some (C,fs) \\ G\\Class C\\RefT t" (K [ dtac conf_RefTD 1, Step_tac 1, Auto_tac]); -val non_np_objD = prove_goal thy "\\G. \\a' \\ Null; G,h\\a'\\\\ Class C; C \\ Object\\ \\ \ +val non_np_objD = prove_goal thy "!!G. [|a' \\ Null; G,h\\a'::\\ Class C; C \\ Object|] ==> \ \ (\\a C' fs. a' = Addr a \\ h a = Some (C',fs) \\ G\\C'\\C C)" (K[fast_tac (claset() addDs [non_npD]) 1]); -Goal "a' \\ Null \\ wf_prog wf_mb G \\ G,h\\a'\\\\RefT t \\\ -\ (\\C. t = ClassT C \\ C \\ Object) \\ \ +Goal "a' \\ Null --> wf_prog wf_mb G --> G,h\\a'::\\RefT t -->\ +\ (\\C. t = ClassT C --> C \\ Object) --> \ \ (\\a C fs. a' = Addr a \\ h a = Some (C,fs) \\ G\\Class C\\RefT t)"; by(rtac impI 1); by(rtac impI 1); @@ -150,7 +150,7 @@ by(Fast_tac 1); qed_spec_mp "non_np_objD'"; -Goal "wf_prog wf_mb G \\ \\Ts Ts'. list_all2 (conf G h) vs Ts \\ list_all2 (\\T T'. G\\T\\T') Ts Ts' \\ list_all2 (conf G h) vs Ts'"; +Goal "wf_prog wf_mb G ==> \\Ts Ts'. list_all2 (conf G h) vs Ts --> list_all2 (\\T T'. G\\T\\T') Ts Ts' --> list_all2 (conf G h) vs Ts'"; by(induct_tac "vs" 1); by(ALLGOALS Clarsimp_tac); by(forward_tac [list_all2_lengthD RS sym] 1); @@ -166,30 +166,30 @@ section "lconf"; val lconfD = prove_goalw thy [lconf_def] - "\\X. \\ G,h\\vs[\\\\]Ts; Ts n = Some T \\ \\ G,h\\(the (vs n))\\\\T" + "!!X. [| G,h\\vs[::\\]Ts; Ts n = Some T |] ==> G,h\\(the (vs n))::\\T" (K [Force_tac 1]); val lconf_hext = prove_goalw thy [lconf_def] - "\\X. \\ G,h\\l[\\\\]L; h\\|h' \\ \\ G,h'\\l[\\\\]L" (K [ + "!!X. [| G,h\\l[::\\]L; h\\|h' |] ==> G,h'\\l[::\\]L" (K [ fast_tac (claset() addEs [conf_hext]) 1]); AddEs [lconf_hext]; -Goalw [lconf_def] "\\X. \\ G,h\\l[\\\\]lT; \ -\ G,h\\v\\\\T; lT va = Some T \\ \\ G,h\\l(va\\v)[\\\\]lT"; +Goalw [lconf_def] "!!X. [| G,h\\l[::\\]lT; \ +\ G,h\\v::\\T; lT va = Some T |] ==> G,h\\l(va\\v)[::\\]lT"; by( Clarify_tac 1); by( case_tac "n = va" 1); by Auto_tac; qed "lconf_upd"; -Goal "\\x. P x \\ R (dv x) x \\ (\\x. map_of fs f = Some x \\ P x) \\ \ -\ (\\T. map_of fs f = Some T \\ \ +Goal "\\x. P x --> R (dv x) x ==> (\\x. map_of fs f = Some x --> P x) --> \ +\ (\\T. map_of fs f = Some T --> \ \ (\\v. map_of (map (\\(f,ft). (f, dv ft)) fs) f = Some v \\ R v T))"; by( induct_tac "fs" 1); by Auto_tac; qed_spec_mp "lconf_init_vars_lemma"; Goalw [lconf_def, init_vars_def] -"\\n. \\T. map_of fs n = Some T \\ is_type G T \\ G,h\\init_vars fs[\\\\]map_of fs"; +"\\n. \\T. map_of fs n = Some T --> is_type G T ==> G,h\\init_vars fs[::\\]map_of fs"; by Auto_tac; by( rtac lconf_init_vars_lemma 1); by( atac 3); @@ -200,10 +200,10 @@ AddSIs [lconf_init_vars]; val lconf_ext = prove_goalw thy [lconf_def] -"\\X. \\G,s\\l[\\\\]L; G,s\\v\\\\T\\ \\ G,s\\l(vn\\v)[\\\\]L(vn\\T)" +"!!X. [|G,s\\l[::\\]L; G,s\\v::\\T|] ==> G,s\\l(vn\\v)[::\\]L(vn\\T)" (K [Auto_tac]); -Goalw [lconf_def] "G,h\\l[\\\\]L \\ \\vs Ts. nodups vns \\ length Ts = length vns \\ list_all2 (\\v T. G,h\\v\\\\T) vs Ts \\ G,h\\l(vns[\\]vs)[\\\\]L(vns[\\]Ts)"; +Goalw [lconf_def] "G,h\\l[::\\]L ==> \\vs Ts. nodups vns --> length Ts = length vns --> list_all2 (\\v T. G,h\\v::\\T) vs Ts --> G,h\\l(vns[\\]vs)[::\\]L(vns[\\]Ts)"; by( induct_tac "vns" 1); by( ALLGOALS Clarsimp_tac); by( forward_tac [list_all2_lengthD] 1); @@ -214,10 +214,10 @@ section "oconf"; val oconf_hext = prove_goalw thy [oconf_def] -"\\X. G,h\\obj\\ \\ h\\|h' \\ G,h'\\obj\\" (K [Fast_tac 1]); +"!!X. G,h\\obj\\ ==> h\\|h' ==> G,h'\\obj\\" (K [Fast_tac 1]); val oconf_obj = prove_goalw thy [oconf_def,lconf_def] "G,h\\(C,fs)\\ = \ -\ (\\T f. map_of(fields (G,C)) f = Some T \\ (\\v. fs f = Some v \\ G,h\\v\\\\T))"(K [ +\ (\\T f. map_of(fields (G,C)) f = Some T --> (\\v. fs f = Some v \\ G,h\\v::\\T))"(K [ Auto_tac]); val oconf_objD = oconf_obj RS iffD1 RS spec RS spec RS mp; @@ -225,11 +225,11 @@ section "hconf"; -Goalw [hconf_def] "\\G\\h h\\; h a = Some obj\\ \\ G,h\\obj\\"; +Goalw [hconf_def] "[|G\\h h\\; h a = Some obj|] ==> G,h\\obj\\"; by (Fast_tac 1); qed "hconfD"; -Goalw [hconf_def] "\\a obj. h a=Some obj \\ G,h\\obj\\ \\ G\\h h\\"; +Goalw [hconf_def] "\\a obj. h a=Some obj --> G,h\\obj\\ ==> G\\h h\\"; by (Fast_tac 1); qed "hconfI"; @@ -237,25 +237,25 @@ section "conforms"; val conforms_heapD = prove_goalw thy [conforms_def] - "(h, l)\\\\(G, lT) \\ G\\h h\\" + "(h, l)::\\(G, lT) ==> G\\h h\\" (fn prems => [cut_facts_tac prems 1, Asm_full_simp_tac 1]); val conforms_localD = prove_goalw thy [conforms_def] - "(h, l)\\\\(G, lT) \\ G,h\\l[\\\\]lT" (fn prems => [ + "(h, l)::\\(G, lT) ==> G,h\\l[::\\]lT" (fn prems => [ cut_facts_tac prems 1, Asm_full_simp_tac 1]); val conformsI = prove_goalw thy [conforms_def] -"\\G\\h h\\; G,h\\l[\\\\]lT\\ \\ (h, l)\\\\(G, lT)" (fn prems => [ +"[|G\\h h\\; G,h\\l[::\\]lT|] ==> (h, l)::\\(G, lT)" (fn prems => [ cut_facts_tac prems 1, Simp_tac 1, Auto_tac]); -Goal "\\(h,l)\\\\(G,lT); h\\|h'; G\\h h'\\ \\ \\ (h',l)\\\\(G,lT)"; +Goal "[|(h,l)::\\(G,lT); h\\|h'; G\\h h'\\ |] ==> (h',l)::\\(G,lT)"; by( fast_tac (HOL_cs addDs [conforms_localD] addSEs [conformsI, lconf_hext]) 1); qed "conforms_hext"; -Goal "\\(h,l)\\\\(G, lT); G,h(a\\obj)\\obj\\; h\\|h(a\\obj)\\ \\ (h(a\\obj),l)\\\\(G, lT)"; +Goal "[|(h,l)::\\(G, lT); G,h(a\\obj)\\obj\\; h\\|h(a\\obj)|] ==> (h(a\\obj),l)::\\(G, lT)"; by( rtac conforms_hext 1); by Auto_tac; by( rtac hconfI 1); @@ -265,7 +265,7 @@ qed "conforms_upd_obj"; Goalw [conforms_def] -"\\(h, l)\\\\(G, lT); G,h\\v\\\\T; lT va = Some T\\ \\ \ -\ (h, l(va\\v))\\\\(G, lT)"; +"[|(h, l)::\\(G, lT); G,h\\v::\\T; lT va = Some T|] ==> \ +\ (h, l(va\\v))::\\(G, lT)"; by( auto_tac (claset() addEs [lconf_upd], simpset())); qed "conforms_upd_local"; diff -r 30693ebd16ae -r 7164dc0d24d8 src/HOL/MicroJava/J/Conform.thy --- a/src/HOL/MicroJava/J/Conform.thy Wed Sep 20 21:20:41 2000 +0200 +++ b/src/HOL/MicroJava/J/Conform.thy Thu Sep 21 10:42:49 2000 +0200 @@ -12,23 +12,23 @@ constdefs - hext :: "aheap \\ aheap \\ bool" ( "_\\|_" [51,51] 50) - "h\\|h' \\ \\a C fs. h a = Some(C,fs) \\ (\\fs'. h' a = Some(C,fs'))" + hext :: "aheap => aheap => bool" ( "_\\|_" [51,51] 50) + "h\\|h' == \\a C fs. h a = Some(C,fs) --> (\\fs'. h' a = Some(C,fs'))" - conf :: "'c prog \\ aheap \\ val \\ ty \\ bool" ( "_,_\\_\\\\_" [51,51,51,51] 50) - "G,h\\v\\\\T \\ \\T'. typeof (option_map obj_ty o h) v = Some T' \\ G\\T'\\T" + conf :: "'c prog => aheap => val => ty => bool" ( "_,_\\_::\\_" [51,51,51,51] 50) + "G,h\\v::\\T == \\T'. typeof (option_map obj_ty o h) v = Some T' \\ G\\T'\\T" - lconf :: "'c prog \\ aheap \\ ('a \\ val) \\ ('a \\ ty) \\ bool" - ("_,_\\_[\\\\]_" [51,51,51,51] 50) - "G,h\\vs[\\\\]Ts \\ \\n T. Ts n = Some T \\ (\\v. vs n = Some v \\ G,h\\v\\\\T)" + lconf :: "'c prog => aheap => ('a \\ val) => ('a \\ ty) => bool" + ("_,_\\_[::\\]_" [51,51,51,51] 50) + "G,h\\vs[::\\]Ts == \\n T. Ts n = Some T --> (\\v. vs n = Some v \\ G,h\\v::\\T)" - oconf :: "'c prog \\ aheap \\ obj \\ bool" ("_,_\\_\\" [51,51,51] 50) - "G,h\\obj\\ \\ G,h\\snd obj[\\\\]map_of (fields (G,fst obj))" + oconf :: "'c prog => aheap => obj => bool" ("_,_\\_\\" [51,51,51] 50) + "G,h\\obj\\ == G,h\\snd obj[::\\]map_of (fields (G,fst obj))" - hconf :: "'c prog \\ aheap \\ bool" ("_\\h _\\" [51,51] 50) - "G\\h h\\ \\ \\a obj. h a = Some obj \\ G,h\\obj\\" + hconf :: "'c prog => aheap => bool" ("_\\h _\\" [51,51] 50) + "G\\h h\\ == \\a obj. h a = Some obj --> G,h\\obj\\" - conforms :: "state \\ java_mb env_ \\ bool" ("_\\\\_" [51,51] 50) - "s\\\\E \\ prg E\\h heap s\\ \\ prg E,heap s\\locals s[\\\\]localT E" + conforms :: "state => java_mb env_ => bool" ("_::\\_" [51,51] 50) + "s::\\E == prg E\\h heap s\\ \\ prg E,heap s\\locals s[::\\]localT E" end diff -r 30693ebd16ae -r 7164dc0d24d8 src/HOL/MicroJava/J/Decl.ML --- a/src/HOL/MicroJava/J/Decl.ML Wed Sep 20 21:20:41 2000 +0200 +++ b/src/HOL/MicroJava/J/Decl.ML Thu Sep 21 10:42:49 2000 +0200 @@ -8,8 +8,8 @@ rtac finite_map_of 1]); val is_classI = prove_goalw thy [is_class_def] -"\\G. class G C = Some c \\ is_class G C" (K [Auto_tac]); +"!!G. class G C = Some c ==> is_class G C" (K [Auto_tac]); val is_classD = prove_goalw thy [is_class_def] -"\\G. is_class G C \\ \\sc fs ms. class G C = Some (sc,fs,ms)" (K [ +"!!G. is_class G C ==> \\sc fs ms. class G C = Some (sc,fs,ms)" (K [ not_None_tac 1, pair_tac "y" 1, pair_tac "ya" 1, Auto_tac]); diff -r 30693ebd16ae -r 7164dc0d24d8 src/HOL/MicroJava/J/Decl.thy --- a/src/HOL/MicroJava/J/Decl.thy Wed Sep 20 21:20:41 2000 +0200 +++ b/src/HOL/MicroJava/J/Decl.thy Thu Sep 21 10:42:49 2000 +0200 @@ -32,26 +32,26 @@ defs - ObjectC_def "ObjectC \\ (Object, (None, [], []))" + ObjectC_def "ObjectC == (Object, (None, [], []))" types 'c prog = "'c cdecl list" consts - class :: "'c prog \\ (cname \\ 'c class)" + class :: "'c prog => (cname \\ 'c class)" - is_class :: "'c prog \\ cname \\ bool" - is_type :: "'c prog \\ ty \\ bool" + is_class :: "'c prog => cname => bool" + is_type :: "'c prog => ty => bool" defs - class_def "class \\ map_of" + class_def "class == map_of" - is_class_def "is_class G C \\ class G C \\ None" + is_class_def "is_class G C == class G C \\ None" primrec "is_type G (PrimT pt) = True" -"is_type G (RefT t) = (case t of NullT \\ True | ClassT C \\ is_class G C)" +"is_type G (RefT t) = (case t of NullT => True | ClassT C => is_class G C)" end diff -r 30693ebd16ae -r 7164dc0d24d8 src/HOL/MicroJava/J/Eval.ML --- a/src/HOL/MicroJava/J/Eval.ML Wed Sep 20 21:20:41 2000 +0200 +++ b/src/HOL/MicroJava/J/Eval.ML Thu Sep 21 10:42:49 2000 +0200 @@ -4,44 +4,44 @@ Copyright 1999 Technische Universitaet Muenchen *) -Goal "\\new_Addr (heap s) = (a,x); \ -\ s' = c_hupd (heap s(a\\(C,init_vars (fields (G,C))))) (x,s)\\ \\ \ -\ G\\Norm s -NewC C\\Addr a\\ s'"; +Goal "[|new_Addr (heap s) = (a,x); \ +\ s' = c_hupd (heap s(a\\(C,init_vars (fields (G,C))))) (x,s)|] ==> \ +\ G\\Norm s -NewC C\\Addr a-> s'"; by (hyp_subst_tac 1); br eval_evals_exec.NewC 1; by Auto_tac; qed "NewCI"; -Goal "\\s s'. (G\\(x,s) -e \\ v \\ (x',s') \\ x'=None \\ x=None) \\ \ -\ (G\\(x,s) -es[\\]vs\\ (x',s') \\ x'=None \\ x=None) \\ \ -\ (G\\(x,s) -c \\ (x',s') \\ x'=None \\ x=None)"; +Goal "!!s s'. (G\\(x,s) -e \\ v -> (x',s') --> x'=None --> x=None) \\ \ +\ (G\\(x,s) -es[\\]vs-> (x',s') --> x'=None --> x=None) \\ \ +\ (G\\(x,s) -c -> (x',s') --> x'=None --> x=None)"; by(split_all_tac 1); by(rtac eval_evals_exec.induct 1); by(rewtac c_hupd_def); by(ALLGOALS Asm_full_simp_tac); qed "eval_evals_exec_no_xcpt"; -val eval_no_xcpt = prove_goal thy "\\X. G\\(x,s) -e\\v\\ (None,s') \\ x=None" (K [ +val eval_no_xcpt = prove_goal thy "!!X. G\\(x,s) -e\\v-> (None,s') ==> x=None" (K [ dtac (eval_evals_exec_no_xcpt RS conjunct1 RS mp) 1, Fast_tac 1]); -val evals_no_xcpt = prove_goal thy "\\X. G\\(x,s) -e[\\]v\\ (None,s') \\ x=None" (K [ +val evals_no_xcpt = prove_goal thy "!!X. G\\(x,s) -e[\\]v-> (None,s') ==> x=None" (K [ dtac (eval_evals_exec_no_xcpt RS conjunct2 RS conjunct1 RS mp) 1, Fast_tac 1]); val eval_evals_exec_xcpt = prove_goal thy -"\\s s'. (G\\(x,s) -e \\ v \\ (x',s') \\ x=Some xc \\ x'=Some xc \\ s'=s) \\ \ -\ (G\\(x,s) -es[\\]vs\\ (x',s') \\ x=Some xc \\ x'=Some xc \\ s'=s) \\ \ -\ (G\\(x,s) -c \\ (x',s') \\ x=Some xc \\ x'=Some xc \\ s'=s)" +"!!s s'. (G\\(x,s) -e \\ v -> (x',s') --> x=Some xc --> x'=Some xc \\ s'=s) \\ \ +\ (G\\(x,s) -es[\\]vs-> (x',s') --> x=Some xc --> x'=Some xc \\ s'=s) \\ \ +\ (G\\(x,s) -c -> (x',s') --> x=Some xc --> x'=Some xc \\ s'=s)" (K [ split_all_tac 1, rtac eval_evals_exec.induct 1, rewtac c_hupd_def, ALLGOALS Asm_full_simp_tac]); val eval_xcpt = prove_goal thy -"\\X. G\\(Some xc,s) -e\\v\\ (x',s') \\ x'=Some xc \\ s'=s" (K [ +"!!X. G\\(Some xc,s) -e\\v-> (x',s') ==> x'=Some xc \\ s'=s" (K [ dtac (eval_evals_exec_xcpt RS conjunct1 RS mp) 1, Fast_tac 1]); val exec_xcpt = prove_goal thy -"\\X. G\\(Some xc,s) -s0\\ (x',s') \\ x'=Some xc \\ s'=s" (K [ +"!!X. G\\(Some xc,s) -s0-> (x',s') ==> x'=Some xc \\ s'=s" (K [ dtac (eval_evals_exec_xcpt RS conjunct2 RS conjunct2 RS mp) 1, Fast_tac 1]); diff -r 30693ebd16ae -r 7164dc0d24d8 src/HOL/MicroJava/J/Eval.thy --- a/src/HOL/MicroJava/J/Eval.thy Wed Sep 20 21:20:41 2000 +0200 +++ b/src/HOL/MicroJava/J/Eval.thy Thu Sep 21 10:42:49 2000 +0200 @@ -10,118 +10,118 @@ Eval = State + WellType + consts - eval :: "java_mb prog \\ (xstate \\ expr \\ val \\ xstate) set" - evals :: "java_mb prog \\ (xstate \\ expr list \\ val list \\ xstate) set" - exec :: "java_mb prog \\ (xstate \\ stmt \\ xstate) set" + eval :: "java_mb prog => (xstate \\ expr \\ val \\ xstate) set" + evals :: "java_mb prog => (xstate \\ expr list \\ val list \\ xstate) set" + exec :: "java_mb prog => (xstate \\ stmt \\ xstate) set" syntax - eval :: "[java_mb prog,xstate,expr,val,xstate] \\ bool "("_\\_ -_\\_\\ _"[51,82,82,82,82]81) + eval :: "[java_mb prog,xstate,expr,val,xstate] => bool "("_\\_ -_\\_-> _"[51,82,82,82,82]81) evals:: "[java_mb prog,xstate,expr list, - val list,xstate] \\ bool "("_\\_ -_[\\]_\\ _"[51,82,51,51,82]81) - exec :: "[java_mb prog,xstate,stmt, xstate] \\ bool "("_\\_ -_\\ _" [51,82,82, 82]81) + val list,xstate] => bool "("_\\_ -_[\\]_-> _"[51,82,51,51,82]81) + exec :: "[java_mb prog,xstate,stmt, xstate] => bool "("_\\_ -_-> _" [51,82,82, 82]81) translations - "G\\s -e \\ v\\ (x,s')" <= "(s, e, v, x, s') \\ eval G" - "G\\s -e \\ v\\ s' " == "(s, e, v, s' ) \\ eval G" - "G\\s -e[\\]v\\ (x,s')" <= "(s, e, v, x, s') \\ evals G" - "G\\s -e[\\]v\\ s' " == "(s, e, v, s' ) \\ evals G" - "G\\s -c \\ (x,s')" <= "(s, c, x, s') \\ exec G" - "G\\s -c \\ s' " == "(s, c, s') \\ exec G" + "G\\s -e \\ v-> (x,s')" <= "(s, e, v, x, s') \\ eval G" + "G\\s -e \\ v-> s' " == "(s, e, v, s' ) \\ eval G" + "G\\s -e[\\]v-> (x,s')" <= "(s, e, v, x, s') \\ evals G" + "G\\s -e[\\]v-> s' " == "(s, e, v, s' ) \\ evals G" + "G\\s -c -> (x,s')" <= "(s, c, x, s') \\ exec G" + "G\\s -c -> s' " == "(s, c, s') \\ exec G" inductive "eval G" "evals G" "exec G" intrs (* evaluation of expressions *) (* cf. 15.5 *) - XcptE "G\\(Some xc,s) -e\\arbitrary\\ (Some xc,s)" + XcptE "G\\(Some xc,s) -e\\arbitrary-> (Some xc,s)" (* cf. 15.8.1 *) - NewC "\\h = heap s; (a,x) = new_Addr h; - h'= h(a\\(C,init_vars (fields (G,C))))\\ \\ - G\\Norm s -NewC C\\Addr a\\ c_hupd h' (x,s)" + NewC "[|h = heap s; (a,x) = new_Addr h; + h'= h(a\\(C,init_vars (fields (G,C))))|] ==> + G\\Norm s -NewC C\\Addr a-> c_hupd h' (x,s)" (* cf. 15.15 *) - Cast "\\G\\Norm s0 -e\\v\\ (x1,s1); - x2=raise_if (\\ cast_ok G C (heap s1) v) ClassCast x1\\ \\ - G\\Norm s0 -Cast C e\\v\\ (x2,s1)" + Cast "[|G\\Norm s0 -e\\v-> (x1,s1); + x2=raise_if (\\ cast_ok G C (heap s1) v) ClassCast x1|] ==> + G\\Norm s0 -Cast C e\\v-> (x2,s1)" (* cf. 15.7.1 *) - Lit "G\\Norm s -Lit v\\v\\ Norm s" + Lit "G\\Norm s -Lit v\\v-> Norm s" - BinOp "\\G\\Norm s -e1\\v1\\ s1; - G\\s1 -e2\\v2\\ s2; - v = (case bop of Eq \\ Bool (v1 = v2) - | Add \\ Intg (the_Intg v1 + the_Intg v2))\\ \\ - G\\Norm s -BinOp bop e1 e2\\v\\ s2" + BinOp "[|G\\Norm s -e1\\v1-> s1; + G\\s1 -e2\\v2-> s2; + v = (case bop of Eq => Bool (v1 = v2) + | Add => Intg (the_Intg v1 + the_Intg v2))|] ==> + G\\Norm s -BinOp bop e1 e2\\v-> s2" (* cf. 15.13.1, 15.2 *) - LAcc "G\\Norm s -LAcc v\\the (locals s v)\\ Norm s" + LAcc "G\\Norm s -LAcc v\\the (locals s v)-> Norm s" (* cf. 15.25.1 *) - LAss "\\G\\Norm s -e\\v\\ (x,(h,l)); - l' = (if x = None then l(va\\v) else l)\\ \\ - G\\Norm s -va\\=e\\v\\ (x,(h,l'))" + LAss "[|G\\Norm s -e\\v-> (x,(h,l)); + l' = (if x = None then l(va\\v) else l)|] ==> + G\\Norm s -va::=e\\v-> (x,(h,l'))" (* cf. 15.10.1, 15.2 *) - FAcc "\\G\\Norm s0 -e\\a'\\ (x1,s1); - v = the (snd (the (heap s1 (the_Addr a'))) (fn,T))\\ \\ - G\\Norm s0 -{T}e..fn\\v\\ (np a' x1,s1)" + FAcc "[|G\\Norm s0 -e\\a'-> (x1,s1); + v = the (snd (the (heap s1 (the_Addr a'))) (fn,T))|] ==> + G\\Norm s0 -{T}e..fn\\v-> (np a' x1,s1)" (* cf. 15.25.1 *) - FAss "\\G\\ Norm s0 -e1\\a'\\ (x1,s1); a = the_Addr a'; - G\\(np a' x1,s1) -e2\\v \\ (x2,s2); + FAss "[|G\\ Norm s0 -e1\\a'-> (x1,s1); a = the_Addr a'; + G\\(np a' x1,s1) -e2\\v -> (x2,s2); h = heap s2; (c,fs) = the (h a); - h' = h(a\\(c,(fs((fn,T)\\v))))\\ \\ - G\\Norm s0 -{T}e1..fn:=e2\\v\\ c_hupd h' (x2,s2)" + h' = h(a\\(c,(fs((fn,T)\\v))))|] ==> + G\\Norm s0 -{T}e1..fn:=e2\\v-> c_hupd h' (x2,s2)" (* cf. 15.11.4.1, 15.11.4.2, 15.11.4.4, 15.11.4.5, 14.15 *) - Call "\\G\\Norm s0 -e\\a'\\ s1; a = the_Addr a'; - G\\s1 -ps[\\]pvs\\ (x,(h,l)); dynT = fst (the (h a)); + Call "[|G\\Norm s0 -e\\a'-> s1; a = the_Addr a'; + G\\s1 -ps[\\]pvs-> (x,(h,l)); dynT = fst (the (h a)); (md,rT,pns,lvars,blk,res) = the (method (G,dynT) (mn,pTs)); - G\\(np a' x,(h,(init_vars lvars)(pns[\\]pvs)(This\\a'))) -blk\\ s3; - G\\ s3 -res\\v \\ (x4,s4)\\ \\ - G\\Norm s0 -e..mn({pTs}ps)\\v\\ (x4,(heap s4,l))" + G\\(np a' x,(h,(init_vars lvars)(pns[\\]pvs)(This\\a'))) -blk-> s3; + G\\ s3 -res\\v -> (x4,s4)|] ==> + G\\Norm s0 -e..mn({pTs}ps)\\v-> (x4,(heap s4,l))" (* evaluation of expression lists *) (* cf. 15.5 *) - XcptEs "G\\(Some xc,s) -e[\\]arbitrary\\ (Some xc,s)" + XcptEs "G\\(Some xc,s) -e[\\]arbitrary-> (Some xc,s)" (* cf. 15.11.??? *) Nil - "G\\Norm s0 -[][\\][]\\ Norm s0" + "G\\Norm s0 -[][\\][]-> Norm s0" (* cf. 15.6.4 *) - Cons "\\G\\Norm s0 -e \\ v \\ s1; - G\\ s1 -es[\\]vs\\ s2\\ \\ - G\\Norm s0 -e#es[\\]v#vs\\ s2" + Cons "[|G\\Norm s0 -e \\ v -> s1; + G\\ s1 -es[\\]vs-> s2|] ==> + G\\Norm s0 -e#es[\\]v#vs-> s2" (* execution of statements *) (* cf. 14.1 *) - XcptS "G\\(Some xc,s) -s0\\ (Some xc,s)" + XcptS "G\\(Some xc,s) -s0-> (Some xc,s)" (* cf. 14.5 *) - Skip "G\\Norm s -Skip\\ Norm s" + Skip "G\\Norm s -Skip-> Norm s" (* cf. 14.7 *) - Expr "\\G\\Norm s0 -e\\v\\ s1\\ \\ - G\\Norm s0 -Expr e\\ s1" + Expr "[|G\\Norm s0 -e\\v-> s1|] ==> + G\\Norm s0 -Expr e-> s1" (* cf. 14.2 *) - Comp "\\G\\Norm s0 -s \\ s1; - G\\ s1 -t \\ s2\\ \\ - G\\Norm s0 -(s;; t)\\ s2" + Comp "[|G\\Norm s0 -s -> s1; + G\\ s1 -t -> s2|] ==> + G\\Norm s0 -(s;; t)-> s2" (* cf. 14.8.2 *) - Cond "\\G\\Norm s0 -e \\v\\ s1; - G\\ s1 -(if the_Bool v then s else t)\\ s2\\ \\ - G\\Norm s0 -(If(e) s Else t)\\ s2" + Cond "[|G\\Norm s0 -e \\v-> s1; + G\\ s1 -(if the_Bool v then s else t)-> s2|] ==> + G\\Norm s0 -(If(e) s Else t)-> s2" (* cf. 14.10, 14.10.1 *) - Loop "\\G\\Norm s0 -(If(e) (s;; While(e) s) Else Skip)\\ s1\\ \\ - G\\Norm s0 -(While(e) s)\\ s1" + Loop "[|G\\Norm s0 -(If(e) (s;; While(e) s) Else Skip)-> s1|] ==> + G\\Norm s0 -(While(e) s)-> s1" end diff -r 30693ebd16ae -r 7164dc0d24d8 src/HOL/MicroJava/J/Example.ML --- a/src/HOL/MicroJava/J/Example.ML Wed Sep 20 21:20:41 2000 +0200 +++ b/src/HOL/MicroJava/J/Example.ML Thu Sep 21 10:42:49 2000 +0200 @@ -11,7 +11,7 @@ val map_of_Cons1 = prove_goalw Map.thy [get_def thy "map_of_list"] "map_of ((x,y)#ps) x = Some y" (K [Simp_tac 1]); val map_of_Cons2 = prove_goalw Map.thy [get_def thy "map_of_list"] -"\\X. x\\k \\ map_of ((k,y)#ps) x = map_of ps x" (K [Asm_simp_tac 1]); +"!!X. x\\k ==> map_of ((k,y)#ps) x = map_of ps x" (K [Asm_simp_tac 1]); Delsimps[map_of_Cons]; (* sic! *) Addsimps[map_of_Cons1, map_of_Cons2]; @@ -30,12 +30,12 @@ Simp_tac 1]); Addsimps [class_tprg_Object, class_tprg_Base, class_tprg_Ext]; -Goal "\\X. (Object,C) \\ (subcls1 tprg)^+ \\ R"; +Goal "!!X. (Object,C) \\ (subcls1 tprg)^+ ==> R"; by (auto_tac (claset() addSDs [tranclD,subcls1D],simpset())); qed "not_Object_subcls"; AddSEs [not_Object_subcls]; -Goal "tprg\\Object\\C C \\ C = Object"; +Goal "tprg\\Object\\C C ==> C = Object"; be rtrancl_induct 1; by Auto_tac; bd subcls1D 1; @@ -43,16 +43,16 @@ qed "subcls_ObjectD"; AddSDs[subcls_ObjectD]; -Goal "\\X. (Base, Ext) \\ (subcls1 tprg)^+ \\ R"; +Goal "!!X. (Base, Ext) \\ (subcls1 tprg)^+ ==> R"; by (auto_tac (claset() addSDs [tranclD,subcls1D],simpset())); qed "not_Base_subcls_Ext"; AddSEs [not_Base_subcls_Ext]; -Goalw [class_def, ObjectC_def, BaseC_def, ExtC_def] "class tprg C = Some z \\ C=Object \\ C=Base \\ C=Ext"; +Goalw [class_def, ObjectC_def, BaseC_def, ExtC_def] "class tprg C = Some z ==> C=Object \\ C=Base \\ C=Ext"; by (auto_tac (claset(),simpset()addsimps[]addsplits[split_if_asm])); qed "class_tprgD"; -Goal "(C,C) \\ (subcls1 tprg)^+ \\ R"; +Goal "(C,C) \\ (subcls1 tprg)^+ ==> R"; by (auto_tac (claset() addSDs [tranclD,subcls1D],simpset())); by (ftac class_tprgD 1); by (auto_tac (claset() addSDs [],simpset())); @@ -196,7 +196,7 @@ fun t thm = resolve_tac ty_expr_ty_exprs_wt_stmt.intrs 1 thm; Goalw [test_def] "(tprg, empty(e\\Class Base))\\\ -\ Expr(e\\=NewC Ext);; Expr(LAcc e..foo({?pTs'}[Lit Null]))\\"; +\ Expr(e::=NewC Ext);; Expr(LAcc e..foo({?pTs'}[Lit Null]))\\"; (* ?pTs' = [Class Base] *) by t; (* ;; *) by t; (* Expr *) @@ -225,8 +225,8 @@ Delsplits[split_if]; Addsimps[init_vars_def,c_hupd_def,cast_ok_def]; Goalw [test_def] -" \\new_Addr (heap (snd s0)) = (a, None)\\ \\ \ -\ tprg\\s0 -test\\ ?s"; +" [|new_Addr (heap (snd s0)) = (a, None)|] ==> \ +\ tprg\\s0 -test-> ?s"; (* ?s = s3 *) by e; (* ;; *) by e; (* Expr *) diff -r 30693ebd16ae -r 7164dc0d24d8 src/HOL/MicroJava/J/Example.thy --- a/src/HOL/MicroJava/J/Example.thy Wed Sep 20 21:20:41 2000 +0200 +++ b/src/HOL/MicroJava/J/Example.thy Thu Sep 21 10:42:49 2000 +0200 @@ -35,8 +35,8 @@ consts - cnam_ :: "cnam_ \\ cname" - vnam_ :: "vnam_ \\ vnam" + cnam_ :: "cnam_ => cname" + vnam_ :: "vnam_ => vnam" rules (* cnam_ and vnam_ are intended to be isomorphic to cnam and vnam *) @@ -74,18 +74,18 @@ defs - foo_Base_def "foo_Base \\ ([x],[],Skip,LAcc x)" - BaseC_def "BaseC \\ (Base, (Some Object, + foo_Base_def "foo_Base == ([x],[],Skip,LAcc x)" + BaseC_def "BaseC == (Base, (Some Object, [(vee, PrimT Boolean)], [((foo,[Class Base]),Class Base,foo_Base)]))" - foo_Ext_def "foo_Ext \\ ([x],[],Expr( {Ext}Cast Ext + foo_Ext_def "foo_Ext == ([x],[],Expr( {Ext}Cast Ext (LAcc x)..vee:=Lit (Intg #1)), Lit Null)" - ExtC_def "ExtC \\ (Ext, (Some Base , + ExtC_def "ExtC == (Ext, (Some Base , [(vee, PrimT Integer)], [((foo,[Class Base]),Class Ext,foo_Ext)]))" - test_def "test \\ Expr(e\\=NewC Ext);; + test_def "test == Expr(e::=NewC Ext);; Expr(LAcc e..foo({[Class Base]}[Lit Null]))" diff -r 30693ebd16ae -r 7164dc0d24d8 src/HOL/MicroJava/J/JBasis.ML --- a/src/HOL/MicroJava/J/JBasis.ML Wed Sep 20 21:20:41 2000 +0200 +++ b/src/HOL/MicroJava/J/JBasis.ML Thu Sep 21 10:42:49 2000 +0200 @@ -7,25 +7,25 @@ val strip_tac1 = SELECT_GOAL (safe_tac (HOL_cs delrules [conjI, disjE, impCE])); Goalw [image_def] - "x \\ f``A \\ \\y. y \\ A \\ x = f y"; + "x \\ f``A ==> \\y. y \\ A \\ x = f y"; by(Auto_tac); qed "image_rev"; fun case_tac1 s i = EVERY [case_tac s i, rotate_tac ~1 i, rotate_tac ~1 (i+1)]; val select_split = prove_goalw Prod.thy [split_def] - "(\\(x,y). P x y) = (\\xy. P (fst xy) (snd xy))" (K [rtac refl 1]); + "(SOME (x,y). P x y) = (SOME xy. P (fst xy) (snd xy))" (K [rtac refl 1]); val split_beta = prove_goal Prod.thy "(\\(x,y). P x y) z = P (fst z) (snd z)" (fn _ => [stac surjective_pairing 1, stac split 1, rtac refl 1]); val split_beta2 = prove_goal Prod.thy "(\\(x,y). P x y) (w,z) = P w z" (fn _ => [Auto_tac]); -val splitE2 = prove_goal Prod.thy "\\Q (split P z); \\x y. \\z = (x, y); Q (P x y)\\ \\ R\\ \\ R" (fn prems => [ +val splitE2 = prove_goal Prod.thy "[|Q (split P z); !!x y. [|z = (x, y); Q (P x y)|] ==> R|] ==> R" (fn prems => [ REPEAT (resolve_tac (prems@[surjective_pairing]) 1), rtac (split_beta RS subst) 1, rtac (hd prems) 1]); -val splitE2' = prove_goal Prod.thy "\\((\\(x,y). P x y) z) w; \\x y. \\z = (x, y); (P x y) w\\ \\ R\\ \\ R" (fn prems => [ +val splitE2' = prove_goal Prod.thy "[|((\\(x,y). P x y) z) w; !!x y. [|z = (x, y); (P x y) w|] ==> R|] ==> R" (fn prems => [ REPEAT (resolve_tac (prems@[surjective_pairing]) 1), res_inst_tac [("P1","P")] (split_beta RS subst) 1, rtac (hd prems) 1]); @@ -33,7 +33,7 @@ fun pair_tac s = res_inst_tac [("p",s)] PairE THEN' hyp_subst_tac; -val BallE = prove_goal thy "\\Ball A P; x \\ A \\ Q; P x \\ Q \\ \\ Q" +val BallE = prove_goal thy "[|Ball A P; x \\ A ==> Q; P x ==> Q |] ==> Q" (fn prems => [rtac ballE 1, resolve_tac prems 1, eresolve_tac prems 1, eresolve_tac prems 1]); @@ -43,7 +43,7 @@ (* To HOL.ML *) -val ex1_some_eq_trivial = prove_goal HOL.thy "\\ \\!x. P x; P y \\ \\ Eps P = y" +val ex1_some_eq_trivial = prove_goal HOL.thy "[| \\!x. P x; P y |] ==> Eps P = y" (fn prems => [ cut_facts_tac prems 1, rtac some_equality 1, @@ -74,7 +74,7 @@ asm_full_simp_tac (simpset() delsimps [split_paired_All,split_paired_Ex])]; val optionE = prove_goal thy - "\\ opt = None \\ P; \\x. opt = Some x \\ P \\ \\ P" + "[| opt = None ==> P; !!x. opt = Some x ==> P |] ==> P" (fn prems => [ case_tac "opt = None" 1, eresolve_tac prems 1, @@ -87,7 +87,7 @@ rotate_tac ~1 i , asm_full_simp_tac HOL_basic_ss i]; val option_map_SomeD = prove_goalw thy [option_map_def] - "\\x. option_map f x = Some y \\ \\z. x = Some z \\ f z = y" (K [ + "!!x. option_map f x = Some y ==> \\z. x = Some z \\ f z = y" (K [ option_case_tac2 "x" 1, Auto_tac]); @@ -120,19 +120,19 @@ by (auto_tac (claset() addDs [fst_in_set_lemma],simpset()addsimps[inj_eq])); qed_spec_mp "unique_map_inj"; -Goal "\\l. unique l \\ unique (map (split (\\k. Pair (k, C))) l)"; +Goal "!!l. unique l ==> unique (map (split (\\k. Pair (k, C))) l)"; by(etac unique_map_inj 1); by(rtac injI 1); by Auto_tac; qed "unique_map_Pair"; -Goal "\\M = N; \\x. x\\N \\ f x = g x\\ \\ f``M = g``N"; +Goal "[|M = N; !!x. x\\N ==> f x = g x|] ==> f``M = g``N"; by(rtac set_ext 1); by(simp_tac (simpset() addsimps image_def::premises()) 1); qed "image_cong"; val split_Pair_eq = prove_goal Prod.thy -"\\X. ((x, y), z) \\ split (\\x. Pair (x, Y)) `` A \\ y = Y" (K [ +"!!X. ((x, y), z) \\ split (\\x. Pair (x, Y)) `` A ==> y = Y" (K [ etac imageE 1, split_all_tac 1, auto_tac(claset_of Prod.thy,simpset_of Prod.thy)]); @@ -140,7 +140,7 @@ (* More about Maps *) -val override_SomeD = prove_goalw thy [override_def] "(s \\ t) k = Some x \\ \ +val override_SomeD = prove_goalw thy [override_def] "(s \\ t) k = Some x ==> \ \ t k = Some x | t k = None \\ s k = Some x" (fn prems => [ cut_facts_tac prems 1, case_tac "\\x. t k = Some x" 1, @@ -153,7 +153,7 @@ Addsimps [fun_upd_same, fun_upd_other]; -Goal "unique xys \\ (map_of xys x = Some y) = ((x,y) \\ set xys)"; +Goal "unique xys --> (map_of xys x = Some y) = ((x,y) \\ set xys)"; by(induct_tac "xys" 1); by(Simp_tac 1); by(force_tac (claset(), simpset() addsimps [unique_Cons]) 1); @@ -162,7 +162,7 @@ val in_set_get = unique_map_of_Some_conv RS iffD2; val get_in_set = unique_map_of_Some_conv RS iffD1; -Goal "(\\(x,y)\\set l. P x y) \\ (\\x. \\y. map_of l x = Some y \\ P x y)"; +Goal "(\\(x,y)\\set l. P x y) --> (\\x. \\y. map_of l x = Some y --> P x y)"; by(induct_tac "l" 1); by(ALLGOALS Simp_tac); by Safe_tac; @@ -170,37 +170,37 @@ bind_thm("Ball_set_table",result() RS mp); val table_mono = prove_goal thy -"unique l' \\ (\\xy. (xy)\\set l \\ (xy)\\set l') \\\ -\ (\\k y. map_of l k = Some y \\ map_of l' k = Some y)" (fn _ => [ +"unique l' --> (\\xy. (xy)\\set l --> (xy)\\set l') -->\ +\ (\\k y. map_of l k = Some y --> map_of l' k = Some y)" (fn _ => [ induct_tac "l" 1, Auto_tac, fast_tac (HOL_cs addSIs [in_set_get]) 1]) RS mp RS mp RS spec RS spec RS mp; -val table_map_Some' = prove_goal thy "map_of t k = Some (k', x) \\ \ +val table_map_Some' = prove_goal thy "map_of t k = Some (k', x) --> \ \ map_of (map (\\u. ((fst u, fst (snd u)), snd (snd u))) t) (k, k') = Some x" (K [ induct_tac "t" 1, ALLGOALS Simp_tac, case_tac1 "k = fst a" 1, Auto_tac]) RS mp; val table_map_Some = prove_goal thy -"map_of (map (\\((k,k'),x). (k,(k',x))) t) k = Some (k',x) \\ \ +"map_of (map (\\((k,k'),x). (k,(k',x))) t) k = Some (k',x) --> \ \map_of t (k, k') = Some x" (K [ induct_tac "t" 1, Auto_tac]) RS mp; -val table_mapf_Some = prove_goal thy "\\f. \\x y. f x = f y \\ x = y \\ \ -\ map_of (map (\\(k,x). (k,f x)) t) k = Some (f x) \\ map_of t k = Some x" (K [ +val table_mapf_Some = prove_goal thy "!!f. \\x y. f x = f y --> x = y ==> \ +\ map_of (map (\\(k,x). (k,f x)) t) k = Some (f x) --> map_of t k = Some x" (K [ induct_tac "t" 1, Auto_tac]) RS mp; val table_mapf_SomeD = prove_goal thy -"map_of (map (\\(k,x). (k, f x)) t) k = Some z \\ (\\y. (k,y)\\set t \\ z = f y)"(K [ +"map_of (map (\\(k,x). (k, f x)) t) k = Some z --> (\\y. (k,y)\\set t \\ z = f y)"(K [ induct_tac "t" 1, Auto_tac]) RS mp; val table_mapf_Some2 = prove_goal thy -"\\k. map_of (map (\\(k,x). (k,C,x)) t) k = Some (D,x) \\ C = D \\ map_of t k = Some x" (K [ +"!!k. map_of (map (\\(k,x). (k,C,x)) t) k = Some (D,x) ==> C = D \\ map_of t k = Some x" (K [ forward_tac [table_mapf_SomeD] 1, Auto_tac, rtac table_mapf_Some 1, diff -r 30693ebd16ae -r 7164dc0d24d8 src/HOL/MicroJava/J/JBasis.thy --- a/src/HOL/MicroJava/J/JBasis.thy Wed Sep 20 21:20:41 2000 +0200 +++ b/src/HOL/MicroJava/J/JBasis.thy Thu Sep 21 10:42:49 2000 +0200 @@ -10,7 +10,7 @@ constdefs - unique :: "('a \\ 'b) list \\ bool" - "unique \\ nodups \\ map fst" + unique :: "('a \\ 'b) list => bool" + "unique == nodups \\ map fst" end diff -r 30693ebd16ae -r 7164dc0d24d8 src/HOL/MicroJava/J/JTypeSafe.ML --- a/src/HOL/MicroJava/J/JTypeSafe.ML Wed Sep 20 21:20:41 2000 +0200 +++ b/src/HOL/MicroJava/J/JTypeSafe.ML Thu Sep 21 10:42:49 2000 +0200 @@ -9,16 +9,16 @@ Addsimps [split_beta]; -Goal "\\h a = None; (h, l)\\\\(G, lT); wf_prog wf_mb G; is_class G C\\ \\ \ -\ (h(a\\(C,(init_vars (fields (G,C))))), l)\\\\(G, lT)"; +Goal "[|h a = None; (h, l)::\\(G, lT); wf_prog wf_mb G; is_class G C|] ==> \ +\ (h(a\\(C,(init_vars (fields (G,C))))), l)::\\(G, lT)"; by( etac conforms_upd_obj 1); by( rewtac oconf_def); by( auto_tac (claset() addSDs [is_type_fields, map_of_SomeD], simpset())); qed "NewC_conforms"; Goalw [cast_ok_def] - "\\ wf_prog wf_mb G; G,h\\v\\\\Class C; G\\C\\? D; cast_ok G D h v\\ \ -\ \\ G,h\\v\\\\Class D"; + "[| wf_prog wf_mb G; G,h\\v::\\Class C; G\\C\\? D; cast_ok G D h v|] \ +\ ==> G,h\\v::\\Class D"; by( case_tac1 "v = Null" 1); by( Asm_full_simp_tac 1); by( dtac widen_RefT 1); @@ -28,9 +28,9 @@ by( auto_tac (claset() addSIs [conf_AddrI], simpset() addsimps [obj_ty_def])); qed "Cast_conf"; -Goal "\\ wf_prog wf_mb G; field (G,C) fn = Some (fd, ft); (h,l)\\\\(G,lT); \ -\ x' = None \\ G,h\\a'\\\\ Class C; np a' x' = None \\ \\ \ -\ G,h\\the (snd (the (h (the_Addr a'))) (fn, fd))\\\\ft"; +Goal "[| wf_prog wf_mb G; field (G,C) fn = Some (fd, ft); (h,l)::\\(G,lT); \ +\ x' = None --> G,h\\a'::\\ Class C; np a' x' = None |] ==> \ +\ G,h\\the (snd (the (h (the_Addr a'))) (fn, fd))::\\ft"; by( dtac np_NoneD 1); by( etac conjE 1); by( mp_tac 1); @@ -47,15 +47,15 @@ qed "FAcc_type_sound"; Goal - "\\ wf_prog wf_mb G; a = the_Addr a'; (c, fs) = the (h a); \ -\ (G, lT)\\v\\T'; G\\T'\\ft; \ -\ (G, lT)\\aa\\Class C; \ + "[| wf_prog wf_mb G; a = the_Addr a'; (c, fs) = the (h a); \ +\ (G, lT)\\v::T'; G\\T'\\ft; \ +\ (G, lT)\\aa::Class C; \ \ field (G,C) fn = Some (fd, ft); h''\\|h'; \ -\ x' = None \\ G,h'\\a'\\\\ Class C; h'\\|h; \ -\ (h, l)\\\\(G, lT); G,h\\x\\\\T'; np a' x' = None\\ \\ \ +\ x' = None --> G,h'\\a'::\\ Class C; h'\\|h; \ +\ (h, l)::\\(G, lT); G,h\\x::\\T'; np a' x' = None|] ==> \ \ h''\\|h(a\\(c,(fs((fn,fd)\\x)))) \\ \ -\ (h(a\\(c,(fs((fn,fd)\\x)))), l)\\\\(G, lT) \\ \ -\ G,h(a\\(c,(fs((fn,fd)\\x))))\\x\\\\T'"; +\ (h(a\\(c,(fs((fn,fd)\\x)))), l)::\\(G, lT) \\ \ +\ G,h(a\\(c,(fs((fn,fd)\\x))))\\x::\\T'"; by( dtac np_NoneD 1); by( etac conjE 1); by( Asm_full_simp_tac 1); @@ -91,11 +91,11 @@ by( fast_tac (HOL_cs addDs [conforms_heapD RS hconfD, oconf_objD]) 1); qed "FAss_type_sound"; -Goalw [wf_mhead_def] "\\ wf_prog wf_mb G; list_all2 (conf G h) pvs pTs; \ +Goalw [wf_mhead_def] "[| wf_prog wf_mb G; list_all2 (conf G h) pvs pTs; \ \ list_all2 (\\T T'. G\\T\\T') pTs pTs'; wf_mhead G (mn,pTs') rT; \ \ length pTs' = length pns; nodups pns; \ \ Ball (set lvars) (split (\\vn. is_type G)) \ -\ \\ \\ G,h\\init_vars lvars(pns[\\]pvs)[\\\\]map_of lvars(pns[\\]pTs')"; +\ |] ==> G,h\\init_vars lvars(pns[\\]pvs)[::\\]map_of lvars(pns[\\]pTs')"; by( Clarsimp_tac 1); by( rtac lconf_ext_list 1); by( rtac (Ball_set_table RS lconf_init_vars) 1); @@ -106,17 +106,17 @@ qed "Call_lemma2"; Goalw [wf_java_prog_def] - "\\ wf_java_prog G; a' \\ Null; (h, l)\\\\(G, lT); \ + "[| wf_java_prog G; a' \\ Null; (h, l)::\\(G, lT); \ \ max_spec G C (mn,pTsa) = {((mda,rTa),pTs')}; xc\\|xh; xh\\|h; \ \ list_all2 (conf G h) pvs pTsa;\ \ (md, rT, pns, lvars, blk, res) = \ \ the (method (G,fst (the (h (the_Addr a')))) (mn, pTs'));\ -\ \\lT. (h, init_vars lvars(pns[\\]pvs)(This\\a'))\\\\(G, lT) \\ \ -\ (G, lT)\\blk\\ \\ h\\|xi \\ (xi, xl)\\\\(G, lT); \ -\ \\lT. (xi, xl)\\\\(G, lT) \\ (\\T. (G, lT)\\res\\T \\ \ -\ xi\\|h' \\ (h', xj)\\\\(G, lT) \\ (x' = None \\ G,h'\\v\\\\T)); \ -\ G,xh\\a'\\\\ Class C \\ \\ \ -\ xc\\|h' \\ (h', l)\\\\(G, lT) \\ (x' = None \\ G,h'\\v\\\\rTa)"; +\ \\lT. (h, init_vars lvars(pns[\\]pvs)(This\\a'))::\\(G, lT) --> \ +\ (G, lT)\\blk\\ --> h\\|xi \\ (xi, xl)::\\(G, lT); \ +\ \\lT. (xi, xl)::\\(G, lT) --> (\\T. (G, lT)\\res::T --> \ +\ xi\\|h' \\ (h', xj)::\\(G, lT) \\ (x' = None --> G,h'\\v::\\T)); \ +\ G,xh\\a'::\\ Class C |] ==> \ +\ xc\\|h' \\ (h', l)::\\(G, lT) \\ (x' = None --> G,h'\\v::\\rTa)"; by( dtac (insertI1 RSN (2,(equalityD2 RS subsetD))) 1); by( dtac (max_spec2appl_meths RS appl_methsD) 1); by( Clarify_tac 1); @@ -139,9 +139,9 @@ by( thin_tac "?E\\?blk\\" 1); by( etac conjE 1); by( EVERY'[dtac spec, mp_tac] 1); -(*by( thin_tac "?E\\\\(G, pT')" 1);*) +(*by( thin_tac "?E::\\(G, pT')" 1);*) by( EVERY'[dtac spec, mp_tac] 1); -by( thin_tac "?E\\res\\?rT" 1); +by( thin_tac "?E\\res::?rT" 1); by( strip_tac1 1); by( rtac conjI 1); by( fast_tac (HOL_cs addIs [hext_trans]) 1); @@ -167,16 +167,16 @@ val forward_hyp_tac = ALLGOALS (TRY o (EVERY' [dtac spec, mp_tac, (mp_tac ORELSE' (dtac spec THEN' mp_tac)), REPEAT o (etac conjE)])); Goal -"wf_java_prog G \\ \ -\ (G\\(x,(h,l)) -e \\v \\ (x', (h',l')) \\ \ -\ (\\lT. (h ,l )\\\\(G,lT) \\ (\\T . (G,lT)\\e \\ T \\ \ -\ h\\|h' \\ (h',l')\\\\(G,lT) \\ (x'=None \\ G,h'\\v \\\\ T )))) \\ \ -\ (G\\(x,(h,l)) -es[\\]vs\\ (x', (h',l')) \\ \ -\ (\\lT. (h ,l )\\\\(G,lT) \\ (\\Ts. (G,lT)\\es[\\]Ts \\ \ -\ h\\|h' \\ (h',l')\\\\(G,lT) \\ (x'=None \\ list_all2 (\\v T. G,h'\\v\\\\T) vs Ts)))) \\ \ -\ (G\\(x,(h,l)) -c \\ (x', (h',l')) \\ \ -\ (\\lT. (h ,l )\\\\(G,lT) \\ (G,lT)\\c \\ \\ \ -\ h\\|h' \\ (h',l')\\\\(G,lT)))"; +"wf_java_prog G ==> \ +\ (G\\(x,(h,l)) -e \\v -> (x', (h',l')) --> \ +\ (\\lT. (h ,l )::\\(G,lT) --> (\\T . (G,lT)\\e :: T --> \ +\ h\\|h' \\ (h',l')::\\(G,lT) \\ (x'=None --> G,h'\\v ::\\ T )))) \\ \ +\ (G\\(x,(h,l)) -es[\\]vs-> (x', (h',l')) --> \ +\ (\\lT. (h ,l )::\\(G,lT) --> (\\Ts. (G,lT)\\es[::]Ts --> \ +\ h\\|h' \\ (h',l')::\\(G,lT) \\ (x'=None --> list_all2 (\\v T. G,h'\\v::\\T) vs Ts)))) \\ \ +\ (G\\(x,(h,l)) -c -> (x', (h',l')) --> \ +\ (\\lT. (h ,l )::\\(G,lT) --> (G,lT)\\c \\ --> \ +\ h\\|h' \\ (h',l')::\\(G,lT)))"; by( rtac eval_evals_exec.induct 1); by( rewtac c_hupd_def); @@ -298,24 +298,24 @@ THEN_ALL_NEW Asm_simp_tac) 1); qed "eval_evals_exec_type_sound"; -Goal "\\E s s'. \ -\ \\ G=prg E; wf_java_prog G; G\\(x,s) -e\\v \\ (x',s'); s\\\\E; E\\e\\T \\ \ -\ \\ s'\\\\E \\ (x'=None \\ G,heap s'\\v\\\\T)"; +Goal "!!E s s'. \ +\ [| G=prg E; wf_java_prog G; G\\(x,s) -e\\v -> (x',s'); s::\\E; E\\e::T |] \ +\ ==> s'::\\E \\ (x'=None --> G,heap s'\\v::\\T)"; by( split_all_tac 1); bd (eval_evals_exec_type_sound RS conjunct1 RS mp RS spec RS mp) 1; by Auto_tac; qed "eval_type_sound"; -Goal "\\E s s'. \ -\ \\ G=prg E; wf_java_prog G; G\\(x,s) -s0\\ (x',s'); s\\\\E; E\\s0\\ \\ \ -\ \\ s'\\\\E"; +Goal "!!E s s'. \ +\ [| G=prg E; wf_java_prog G; G\\(x,s) -s0-> (x',s'); s::\\E; E\\s0\\ |] \ +\ ==> s'::\\E"; by( split_all_tac 1); bd (eval_evals_exec_type_sound RS conjunct2 RS conjunct2 RS mp RS spec RS mp) 1; by Auto_tac; qed "exec_type_sound"; -Goal "\\G=prg E; wf_java_prog G; G\\(x,s) -e\\a'\\ Norm s'; a' \\ Null;\ -\ s\\\\E; E\\e\\Class C; method (G,C) sig \\ None\\ \\ \ +Goal "[|G=prg E; wf_java_prog G; G\\(x,s) -e\\a'-> Norm s'; a' \\ Null;\ +\ s::\\E; E\\e::Class C; method (G,C) sig \\ None|] ==> \ \ method (G,fst (the (heap s' (the_Addr a')))) sig \\ None"; by( datac eval_type_sound 4 1); by( not_None_tac 1); diff -r 30693ebd16ae -r 7164dc0d24d8 src/HOL/MicroJava/J/State.ML --- a/src/HOL/MicroJava/J/State.ML Wed Sep 20 21:20:41 2000 +0200 +++ b/src/HOL/MicroJava/J/State.ML Thu Sep 21 10:42:49 2000 +0200 @@ -10,7 +10,7 @@ Addsimps [obj_ty_def2]; val new_AddrD = prove_goalw thy [new_Addr_def] -"\\X. (a,x) = new_Addr h \\ h a = None \\ x = None | x = Some OutOfMemory" (K[ +"!!X. (a,x) = new_Addr h ==> h a = None \\ x = None | x = Some OutOfMemory" (K[ asm_full_simp_tac (simpset() addsimps [Pair_fst_snd_eq,select_split]) 1, rtac someI 1, rtac disjI2 1, @@ -40,20 +40,20 @@ Addsimps [raise_if_True,raise_if_False,raise_if_Some,raise_if_Some2,if_None_eq]; val raise_if_SomeD = prove_goalw thy [raise_if_def] - "raise_if c x y = Some z \\ c \\ Some z = Some x | y = Some z" + "raise_if c x y = Some z --> c \\ Some z = Some x | y = Some z" (K [split_tac [split_if] 1,Auto_tac]) RS mp; val raise_if_NoneD = prove_goalw thy [raise_if_def] - "raise_if c x y = None \\ \\ c \\ y = None" + "raise_if c x y = None --> \\ c \\ y = None" (K [split_tac [split_if] 1,Auto_tac]) RS mp; val np_NoneD = (prove_goalw thy [np_def, raise_if_def] - "np a' x' = None \\ x' = None \\ a' \\ Null" (fn _ => [ + "np a' x' = None --> x' = None \\ a' \\ Null" (fn _ => [ split_tac [split_if] 1, Auto_tac ])) RS mp; val np_None = (prove_goalw thy [np_def, raise_if_def] - "a' \\ Null \\ np a' x' = x'" (fn _ => [ + "a' \\ Null --> np a' x' = x'" (fn _ => [ split_tac [split_if] 1, Auto_tac ])) RS mp; val np_Some = prove_goalw thy [np_def, raise_if_def] "np a' (Some xc) = Some xc" diff -r 30693ebd16ae -r 7164dc0d24d8 src/HOL/MicroJava/J/State.thy --- a/src/HOL/MicroJava/J/State.thy Wed Sep 20 21:20:41 2000 +0200 +++ b/src/HOL/MicroJava/J/State.thy Thu Sep 21 10:42:49 2000 +0200 @@ -15,11 +15,11 @@ constdefs - obj_ty :: "obj \\ ty" - "obj_ty obj \\ Class (fst obj)" + obj_ty :: "obj => ty" + "obj_ty obj == Class (fst obj)" - init_vars :: "('a \\ ty) list \\ ('a \\ val)" - "init_vars \\ map_of o map (\\(n,T). (n,default_val T))" + init_vars :: "('a \\ ty) list => ('a \\ val)" + "init_vars == map_of o map (\\(n,T). (n,default_val T))" datatype xcpt (* exceptions *) = NullPointer @@ -37,9 +37,9 @@ = "xcpt option \\ state" syntax - heap :: "state \\ aheap" - locals :: "state \\ locals" - Norm :: "state \\ xstate" + heap :: "state => aheap" + locals :: "state => locals" + Norm :: "state => xstate" translations "heap" => "fst" @@ -48,19 +48,19 @@ constdefs - new_Addr :: "aheap \\ loc \\ xcpt option" - "new_Addr h \\ \\(a,x). (h a = None \\ x = None) | x = Some OutOfMemory" + new_Addr :: "aheap => loc \\ xcpt option" + "new_Addr h == SOME (a,x). (h a = None \\ x = None) | x = Some OutOfMemory" - raise_if :: "bool \\ xcpt \\ xcpt option \\ xcpt option" - "raise_if c x xo \\ if c \\ (xo = None) then Some x else xo" + raise_if :: "bool => xcpt => xcpt option => xcpt option" + "raise_if c x xo == if c \\ (xo = None) then Some x else xo" - np :: "val \\ xcpt option \\ xcpt option" - "np v \\ raise_if (v = Null) NullPointer" + np :: "val => xcpt option => xcpt option" + "np v == raise_if (v = Null) NullPointer" - c_hupd :: "aheap \\ xstate \\ xstate" - "c_hupd h'\\ \\(xo,(h,l)). if xo = None then (None,(h',l)) else (xo,(h,l))" + c_hupd :: "aheap => xstate => xstate" + "c_hupd h'== \\(xo,(h,l)). if xo = None then (None,(h',l)) else (xo,(h,l))" - cast_ok :: "'c prog \\ cname \\ aheap \\ val \\ bool" - "cast_ok G C h v \\ v = Null \\ G\\obj_ty (the (h (the_Addr v)))\\ Class C" + cast_ok :: "'c prog => cname => aheap => val => bool" + "cast_ok G C h v == v = Null \\ G\\obj_ty (the (h (the_Addr v)))\\ Class C" end diff -r 30693ebd16ae -r 7164dc0d24d8 src/HOL/MicroJava/J/Term.thy --- a/src/HOL/MicroJava/J/Term.thy Wed Sep 20 21:20:41 2000 +0200 +++ b/src/HOL/MicroJava/J/Term.thy Thu Sep 21 10:42:49 2000 +0200 @@ -16,7 +16,7 @@ | Lit val (* literal value, also references *) | BinOp binop expr expr (* binary operation *) | LAcc vname (* local (incl. parameter) access *) - | LAss vname expr (* local assign *) ("_\\=_" [ 90,90]90) + | LAss vname expr (* local assign *) ("_::=_" [ 90,90]90) | FAcc cname expr vname (* field access *) ("{_}_.._"[10,90,99 ]90) | FAss cname expr vname expr (* field ass. *)("{_}_.._:=_"[10,90,99,90]90) diff -r 30693ebd16ae -r 7164dc0d24d8 src/HOL/MicroJava/J/Type.thy --- a/src/HOL/MicroJava/J/Type.thy Wed Sep 20 21:20:41 2000 +0200 +++ b/src/HOL/MicroJava/J/Type.thy Thu Sep 21 10:42:49 2000 +0200 @@ -31,7 +31,7 @@ syntax NT :: " ty" - Class :: "cname \\ ty" + Class :: "cname => ty" translations "NT" == "RefT NullT" "Class C" == "RefT (ClassT C)" diff -r 30693ebd16ae -r 7164dc0d24d8 src/HOL/MicroJava/J/TypeRel.ML --- a/src/HOL/MicroJava/J/TypeRel.ML Wed Sep 20 21:20:41 2000 +0200 +++ b/src/HOL/MicroJava/J/TypeRel.ML Thu Sep 21 10:42:49 2000 +0200 @@ -4,11 +4,11 @@ Copyright 1999 Technische Universitaet Muenchen *) -val subcls1D = prove_goalw thy [subcls1_def] "\\G. G\\C\\C1D \\ \ +val subcls1D = prove_goalw thy [subcls1_def] "!!G. G\\C\\C1D ==> \ \ \\fs ms. class G C = Some (Some D,fs,ms)" (K [Auto_tac]); val subcls1I = prove_goalw thy [subcls1_def] -"\\G. \\ class G C = Some (Some D,rest) \\ \\ G\\C\\C1D" (K [Auto_tac]); +"!!G. [| class G C = Some (Some D,rest) |] ==> G\\C\\C1D" (K [Auto_tac]); val subcls1_def2 = prove_goalw thy [subcls1_def,is_class_def] "subcls1 G = \ \ (SIGMA C:{C. is_class G C} . {D. fst (the (class G C)) = Some D})" @@ -32,7 +32,7 @@ auto_tac (claset() addDs lemmata, simpset())]); -Goalw [is_class_def] "(C,D) \\ (subcls1 G)^+ \\ is_class G C"; +Goalw [is_class_def] "(C,D) \\ (subcls1 G)^+ ==> is_class G C"; by(etac trancl_trans_induct 1); by (auto_tac (HOL_cs addSDs [subcls1D],simpset())); qed "subcls_is_class"; @@ -81,16 +81,16 @@ qed "widen_PrimT_RefT"; AddIffs [widen_PrimT_RefT]; -val widen_RefT = prove_typerel "G\\RefT R\\T \\ \\t. T=RefT t" - [prove_widen_lemma "G\\S\\T \\ S=RefT R \\ (\\t. T=RefT t)"]; +val widen_RefT = prove_typerel "G\\RefT R\\T ==> \\t. T=RefT t" + [prove_widen_lemma "G\\S\\T ==> S=RefT R --> (\\t. T=RefT t)"]; bind_thm ("widen_RefT", widen_RefT); -val widen_RefT2 = prove_typerel "G\\S\\RefT R \\ \\t. S=RefT t" - [prove_widen_lemma "G\\S\\T \\ T=RefT R \\ (\\t. S=RefT t)"]; +val widen_RefT2 = prove_typerel "G\\S\\RefT R ==> \\t. S=RefT t" + [prove_widen_lemma "G\\S\\T ==> T=RefT R --> (\\t. S=RefT t)"]; bind_thm ("widen_RefT2", widen_RefT2); -val widen_Class = prove_typerel "G\\Class C\\T \\ \\D. T=Class D" - [ prove_widen_lemma "G\\S\\T \\ S = Class C \\ (\\D. T=Class D)"]; +val widen_Class = prove_typerel "G\\Class C\\T ==> \\D. T=Class D" + [ prove_widen_lemma "G\\S\\T ==> S = Class C --> (\\D. T=Class D)"]; bind_thm ("widen_Class", widen_Class); Goal "(G\\Class C\\RefT NullT) = False"; @@ -108,7 +108,7 @@ qed "widen_Class_Class"; AddIffs [widen_Class_Class]; -Goal "G\\S\\U \\ \\T. G\\U\\T \\ G\\S\\T"; +Goal "G\\S\\U ==> \\T. G\\U\\T --> G\\S\\T"; by( etac widen.induct 1); by Safe_tac; by( ALLGOALS (forward_tac [widen_Class, widen_RefT])); diff -r 30693ebd16ae -r 7164dc0d24d8 src/HOL/MicroJava/J/TypeRel.thy --- a/src/HOL/MicroJava/J/TypeRel.thy Wed Sep 20 21:20:41 2000 +0200 +++ b/src/HOL/MicroJava/J/TypeRel.thy Thu Sep 21 10:42:49 2000 +0200 @@ -9,15 +9,15 @@ TypeRel = Decl + consts - subcls1 :: "'c prog \\ (cname \\ cname) set" (* subclass *) - widen :: "'c prog \\ (ty \\ ty ) set" (* widening *) - cast :: "'c prog \\ (cname \\ cname) set" (* casting *) + subcls1 :: "'c prog => (cname \\ cname) set" (* subclass *) + widen :: "'c prog => (ty \\ ty ) set" (* widening *) + cast :: "'c prog => (cname \\ cname) set" (* casting *) syntax - subcls1 :: "'c prog \\ [cname, cname] \\ bool" ("_\\_\\C1_" [71,71,71] 70) - subcls :: "'c prog \\ [cname, cname] \\ bool" ("_\\_\\C _" [71,71,71] 70) - widen :: "'c prog \\ [ty , ty ] \\ bool" ("_\\_\\_" [71,71,71] 70) - cast :: "'c prog \\ [cname, cname] \\ bool" ("_\\_\\? _"[71,71,71] 70) + subcls1 :: "'c prog => [cname, cname] => bool" ("_\\_\\C1_" [71,71,71] 70) + subcls :: "'c prog => [cname, cname] => bool" ("_\\_\\C _" [71,71,71] 70) + widen :: "'c prog => [ty , ty ] => bool" ("_\\_\\_" [71,71,71] 70) + cast :: "'c prog => [cname, cname] => bool" ("_\\_\\? _"[71,71,71] 70) translations "G\\C \\C1 D" == "(C,D) \\ subcls1 G" @@ -28,23 +28,23 @@ defs (* direct subclass, cf. 8.1.3 *) - subcls1_def "subcls1 G \\ {(C,D). \\c. class G C = Some c \\ fst c = Some D}" + subcls1_def "subcls1 G == {(C,D). \\c. class G C = Some c \\ fst c = Some D}" consts - method :: "'c prog \\ cname \\ ( sig \\ cname \\ ty \\ 'c)" - field :: "'c prog \\ cname \\ ( vname \\ cname \\ ty)" - fields :: "'c prog \\ cname \\ ((vname \\ cname) \\ ty) list" + method :: "'c prog \\ cname => ( sig \\ cname \\ ty \\ 'c)" + field :: "'c prog \\ cname => ( vname \\ cname \\ ty)" + fields :: "'c prog \\ cname => ((vname \\ cname) \\ ty) list" constdefs (* auxiliary relations for recursive definitions below *) subcls1_rel :: "(('c prog \\ cname) \\ ('c prog \\ cname)) set" - "subcls1_rel \\ {((G,C),(G',C')). G = G' \\ wf ((subcls1 G)^-1) \\ G\\C'\\C1C}" + "subcls1_rel == {((G,C),(G',C')). G = G' \\ wf ((subcls1 G)^-1) \\ G\\C'\\C1C}" (* methods of a class, with inheritance, overriding and hiding, cf. 8.4.6 *) recdef method "subcls1_rel" - "method (G,C) = (if wf((subcls1 G)^-1) then (case class G C of None \\ empty - | Some (sc,fs,ms) \\ (case sc of None \\ empty | Some D \\ + "method (G,C) = (if wf((subcls1 G)^-1) then (case class G C of None => empty + | Some (sc,fs,ms) => (case sc of None => empty | Some D => if is_class G D then method (G,D) else arbitrary) \\ map_of (map (\\(s, m ). @@ -53,25 +53,25 @@ (* list of fields of a class, including inherited and hidden ones *) recdef fields "subcls1_rel" - "fields (G,C) = (if wf((subcls1 G)^-1) then (case class G C of None \\ arbitrary - | Some (sc,fs,ms) \\ map (\\(fn,ft). ((fn,C),ft)) fs@ - (case sc of None \\ [] | Some D \\ + "fields (G,C) = (if wf((subcls1 G)^-1) then (case class G C of None => arbitrary + | Some (sc,fs,ms) => map (\\(fn,ft). ((fn,C),ft)) fs@ + (case sc of None => [] | Some D => if is_class G D then fields (G,D) else arbitrary)) else arbitrary)" defs - field_def "field \\ map_of o (map (\\((fn,fd),ft). (fn,(fd,ft)))) o fields" + field_def "field == map_of o (map (\\((fn,fd),ft). (fn,(fd,ft)))) o fields" inductive "widen G" intrs (*widening, viz. method invocation conversion, cf. 5.3 i.e. sort of syntactic subtyping *) refl "G\\ T \\ T" (* identity conv., cf. 5.1.1 *) - subcls "G\\C\\C D \\ G\\Class C \\ Class D" + subcls "G\\C\\C D ==> G\\Class C \\ Class D" null "G\\ NT \\ RefT R" inductive "cast G" intrs (* casting conversion, cf. 5.5 / 5.1.5 *) (* left out casts on primitve types *) - widen "G\\C\\C D \\ G\\C \\? D" - subcls "G\\D\\C C \\ G\\C \\? D" + widen "G\\C\\C D ==> G\\C \\? D" + subcls "G\\D\\C C ==> G\\C \\? D" end diff -r 30693ebd16ae -r 7164dc0d24d8 src/HOL/MicroJava/J/Value.thy --- a/src/HOL/MicroJava/J/Value.thy Wed Sep 20 21:20:41 2000 +0200 +++ b/src/HOL/MicroJava/J/Value.thy Thu Sep 21 10:42:49 2000 +0200 @@ -22,9 +22,9 @@ translations "val" <= (type) "val_" consts - the_Bool :: "val \\ bool" - the_Intg :: "val \\ int" - the_Addr :: "val \\ loc" + the_Bool :: "val => bool" + the_Intg :: "val => int" + the_Addr :: "val => loc" primrec "the_Bool (Bool b) = b" @@ -36,8 +36,8 @@ "the_Addr (Addr a) = a" consts - defpval :: "prim_ty \\ val" (* default value for primitive types *) - default_val :: "ty \\ val" (* default value for all types *) + defpval :: "prim_ty => val" (* default value for primitive types *) + default_val :: "ty => val" (* default value for all types *) primrec "defpval Void = Unit" diff -r 30693ebd16ae -r 7164dc0d24d8 src/HOL/MicroJava/J/WellForm.ML --- a/src/HOL/MicroJava/J/WellForm.ML Wed Sep 20 21:20:41 2000 +0200 +++ b/src/HOL/MicroJava/J/WellForm.ML Thu Sep 21 10:42:49 2000 +0200 @@ -5,22 +5,22 @@ *) val class_wf = prove_goalw thy [wf_prog_def, Let_def, class_def] - "\\X. \\class G C = Some c; wf_prog wf_mb G\\ \\ wf_cdecl wf_mb G (C,c)" (K [ + "!!X. [|class G C = Some c; wf_prog wf_mb G|] ==> wf_cdecl wf_mb G (C,c)" (K [ Asm_full_simp_tac 1, fast_tac (set_cs addDs [get_in_set]) 1]); val class_Object = prove_goalw thy [wf_prog_def, Let_def, ObjectC_def,class_def] - "\\X. wf_prog wf_mb G \\ class G Object = Some (None, [], [])" (K [ + "!!X. wf_prog wf_mb G ==> class G Object = Some (None, [], [])" (K [ safe_tac set_cs, dtac in_set_get 1, Auto_tac]); Addsimps [class_Object]; val is_class_Object = prove_goalw thy [is_class_def] - "\\X. wf_prog wf_mb G \\ is_class G Object" (K [Asm_simp_tac 1]); + "!!X. wf_prog wf_mb G ==> is_class G Object" (K [Asm_simp_tac 1]); Addsimps [is_class_Object]; -Goal "\\G\\C\\C1D; wf_prog wf_mb G\\ \\ D \\ C \\ \\(D,C)\\(subcls1 G)^+"; +Goal "[|G\\C\\C1D; wf_prog wf_mb G|] ==> D \\ C \\ \\(D,C)\\(subcls1 G)^+"; by( forward_tac [r_into_trancl] 1); by( dtac subcls1D 1); by( strip_tac1 1); @@ -31,26 +31,26 @@ qed "subcls1_wfD"; val wf_cdecl_supD = prove_goalw thy [wf_cdecl_def] -"\\X. \\wf_cdecl wf_mb G (C, sc, r); C \\ Object\\ \\ \\D. sc = Some D \\ is_class G D" (K [ +"!!X. [|wf_cdecl wf_mb G (C, sc, r); C \\ Object|] ==> \\D. sc = Some D \\ is_class G D" (K [ pair_tac "r" 1, asm_full_simp_tac (simpset() addsplits [option.split_asm]) 1]); -Goal "\\wf_prog wf_mb G; (C,D)\\(subcls1 G)^+\\ \\ \\(D,C)\\(subcls1 G)^+"; +Goal "[|wf_prog wf_mb G; (C,D)\\(subcls1 G)^+|] ==> \\(D,C)\\(subcls1 G)^+"; by(etac tranclE 1); by(TRYALL(fast_tac (HOL_cs addSDs [subcls1_wfD] addIs [trancl_trans]))); qed "subcls_asym"; -val subcls_irrefl = prove_goal thy "\\X. \\wf_prog wf_mb G; (C,D)\\(subcls1 G)^+\\ \\ C \\ D" (K [ +val subcls_irrefl = prove_goal thy "!!X. [|wf_prog wf_mb G; (C,D)\\(subcls1 G)^+|] ==> C \\ D" (K [ etac trancl_trans_induct 1, fast_tac (HOL_cs addDs [subcls1_wfD]) 1, fast_tac (HOL_cs addDs [subcls_asym]) 1]); val acyclic_subcls1 = prove_goalw thy [acyclic_def] - "\\X. wf_prog wf_mb G \\ acyclic (subcls1 G)" (K [ + "!!X. wf_prog wf_mb G ==> acyclic (subcls1 G)" (K [ strip_tac1 1, fast_tac (HOL_cs addDs [subcls_irrefl]) 1]); -val wf_subcls1 = prove_goal thy "\\X. wf_prog wf_mb G \\ wf ((subcls1 G)^-1)" (K [ +val wf_subcls1 = prove_goal thy "!!X. wf_prog wf_mb G ==> wf ((subcls1 G)^-1)" (K [ rtac finite_acyclic_wf 1, stac finite_converse 1, rtac finite_subcls1 1, @@ -58,7 +58,7 @@ etac acyclic_subcls1 1]); val major::prems = goal thy - "\\wf_prog wf_mb G; \\C. \\D. (C,D)\\(subcls1 G)^+ \\ P D \\ P C\\ \\ P C"; + "[|wf_prog wf_mb G; !!C. \\D. (C,D)\\(subcls1 G)^+ --> P D ==> P C|] ==> P C"; by(cut_facts_tac [major RS wf_subcls1] 1); by(dtac wf_trancl 1); by(asm_full_simp_tac (HOL_ss addsimps [trancl_converse]) 1); @@ -67,10 +67,10 @@ by(Auto_tac); qed "subcls_induct"; -val prems = goal thy "\\is_class G C; wf_prog wf_mb G; P Object; \ -\\\C D fs ms. \\C \\ Object; is_class G C; class G C = Some (Some D,fs,ms) \\ \ -\ wf_cdecl wf_mb G (C, Some D,fs,ms) \\ G\\C\\C1D \\ is_class G D \\ P D\\ \\ P C\ -\ \\ \\ P C"; +val prems = goal thy "[|is_class G C; wf_prog wf_mb G; P Object; \ +\!!C D fs ms. [|C \\ Object; is_class G C; class G C = Some (Some D,fs,ms) \\ \ +\ wf_cdecl wf_mb G (C, Some D,fs,ms) \\ G\\C\\C1D \\ is_class G D \\ P D|] ==> P C\ +\ |] ==> P C"; by( cut_facts_tac prems 1); by( rtac impE 1); by( atac 2); @@ -95,18 +95,18 @@ by( etac subcls1I 1); qed "subcls1_induct"; -Goal "\\wf ((subcls1 G)^-1); \\D fs ms. class G C = Some (Some D,fs,ms) \\ is_class G D\\ \\ method (G,C) = \ -\ (case class G C of None \\ empty | Some (sc,fs,ms) \\ \ -\ (case sc of None \\ empty | Some D \\ method (G,D)) \\ \ +Goal "[|wf ((subcls1 G)^-1); \\D fs ms. class G C = Some (Some D,fs,ms) --> is_class G D|] ==> method (G,C) = \ +\ (case class G C of None => empty | Some (sc,fs,ms) => \ +\ (case sc of None => empty | Some D => method (G,D)) \\ \ \ map_of (map (\\(s,m). (s,(C,m))) ms))"; by( stac (method_TC RS (wf_subcls1_rel RS (hd method.simps))) 1); by( asm_simp_tac (simpset() addsplits[option.split]) 1); auto(); qed "method_rec_lemma"; -Goal "wf_prog wf_mb G \\ method (G,C) = \ -\ (case class G C of None \\ empty | Some (sc,fs,ms) \\ \ -\ (case sc of None \\ empty | Some D \\ method (G,D)) \\ \ +Goal "wf_prog wf_mb G ==> method (G,C) = \ +\ (case class G C of None => empty | Some (sc,fs,ms) => \ +\ (case sc of None => empty | Some D => method (G,D)) \\ \ \ map_of (map (\\(s,m). (s,(C,m))) ms))"; by(rtac method_rec_lemma 1); by( clarsimp_tac (claset(), simpset() addsimps [wf_subcls1,empty_def] @@ -119,16 +119,16 @@ by( Asm_full_simp_tac 1); qed "method_rec"; -Goal "\\wf ((subcls1 G)^-1); class G C = Some (sc,fs,ms); \\C. sc = Some C \\ is_class G C\\ \\ fields (G,C) = \ +Goal "[|wf ((subcls1 G)^-1); class G C = Some (sc,fs,ms); \\C. sc = Some C --> is_class G C|] ==> fields (G,C) = \ \ map (\\(fn,ft). ((fn,C),ft)) fs @ \ -\ (case sc of None \\ [] | Some D \\ fields (G,D))"; +\ (case sc of None => [] | Some D => fields (G,D))"; by( stac (fields_TC RS (wf_subcls1_rel RS (hd fields.simps))) 1); by( asm_simp_tac (simpset() addsplits[option.split]) 1); qed "fields_rec_lemma"; -Goal "\\class G C = Some (sc,fs,ms); wf_prog wf_mb G\\ \\ fields (G,C) = \ +Goal "[|class G C = Some (sc,fs,ms); wf_prog wf_mb G|] ==> fields (G,C) = \ \ map (\\(fn,ft). ((fn,C),ft)) fs @ \ -\ (case sc of None \\ [] | Some D \\ fields (G,D))"; +\ (case sc of None => [] | Some D => fields (G,D))"; by(rtac fields_rec_lemma 1); by( asm_simp_tac (simpset() addsimps [wf_subcls1,empty_def]) 1); ba 1; @@ -142,16 +142,16 @@ by( Asm_full_simp_tac 1); qed "fields_rec"; -val method_Object = prove_goal thy "\\X. wf_prog wf_mb G \\ method (G,Object) = empty" +val method_Object = prove_goal thy "!!X. wf_prog wf_mb G ==> method (G,Object) = empty" (K [stac method_rec 1,Auto_tac]); -val fields_Object = prove_goal thy "\\X. wf_prog wf_mb G \\ fields (G,Object) = []"(K [ +val fields_Object = prove_goal thy "!!X. wf_prog wf_mb G ==> fields (G,Object) = []"(K [ stac fields_rec 1,Auto_tac]); Addsimps [method_Object, fields_Object]; val field_Object = prove_goalw thy [field_def] - "\\X. wf_prog wf_mb G \\ field (G,Object) = empty" (K [Asm_simp_tac 1]); + "!!X. wf_prog wf_mb G ==> field (G,Object) = empty" (K [Asm_simp_tac 1]); Addsimps [field_Object]; -Goal "\\is_class G C; wf_prog wf_mb G\\ \\ G\\C\\C Object"; +Goal "[|is_class G C; wf_prog wf_mb G|] ==> G\\C\\C Object"; by(etac subcls1_induct 1); by( atac 1); by( Fast_tac 1); @@ -160,18 +160,18 @@ qed "subcls_C_Object"; val is_type_rTI = prove_goalw thy [wf_mhead_def] - "\\sig. wf_mhead G sig rT \\ is_type G rT" + "!!sig. wf_mhead G sig rT ==> is_type G rT" (K [split_all_tac 1, Auto_tac]); -Goal "\\(C',C)\\(subcls1 G)^+; wf_prog wf_mb G\\ \\ \ -\ x \\ set (fields (G,C)) \\ x \\ set (fields (G,C'))"; +Goal "[|(C',C)\\(subcls1 G)^+; wf_prog wf_mb G|] ==> \ +\ x \\ set (fields (G,C)) --> x \\ set (fields (G,C'))"; by(etac trancl_trans_induct 1); by( safe_tac (HOL_cs addSDs [subcls1D])); by(stac fields_rec 1); by( Auto_tac); qed_spec_mp "fields_mono"; -Goal "\\is_class G C; wf_prog wf_mb G\\ \\ \ +Goal "[|is_class G C; wf_prog wf_mb G|] ==> \ \ \\((fn,fd),fT)\\set (fields (G,C)). G\\C\\C fd"; by( etac subcls1_induct 1); by( atac 1); @@ -193,7 +193,7 @@ by( Asm_full_simp_tac 1); qed "widen_fields_defpl'"; -Goal "\\is_class G C; wf_prog wf_mb G; ((fn,fd),fT) \\ set (fields (G,C))\\ \\ \ +Goal "[|is_class G C; wf_prog wf_mb G; ((fn,fd),fT) \\ set (fields (G,C))|] ==> \ \ G\\C\\C fd"; by( datac widen_fields_defpl' 1 1); (*###################*) @@ -202,7 +202,7 @@ qed "widen_fields_defpl"; -Goal "\\is_class G C; wf_prog wf_mb G\\ \\ unique (fields (G,C))"; +Goal "[|is_class G C; wf_prog wf_mb G|] ==> unique (fields (G,C))"; by( etac subcls1_induct 1); by( atac 1); by( safe_tac (HOL_cs addSDs [wf_cdecl_supD])); @@ -226,7 +226,7 @@ qed "unique_fields"; Goal -"\\wf_prog wf_mb G; G\\C'\\C C; map_of(fields (G,C )) f = Some ft\\ \\ \ +"[|wf_prog wf_mb G; G\\C'\\C C; map_of(fields (G,C )) f = Some ft|] ==> \ \ map_of (fields (G,C')) f = Some ft"; by( dtac rtranclD 1); by( Auto_tac); @@ -240,17 +240,17 @@ val cfs_fields_lemma = prove_goalw thy [field_def] -"\\X. field (G,C) fn = Some (fd, fT) \\ map_of(fields (G,C)) (fn, fd) = Some fT" +"!!X. field (G,C) fn = Some (fd, fT) ==> map_of(fields (G,C)) (fn, fd) = Some fT" (K [rtac table_map_Some 1, Asm_full_simp_tac 1]); -val widen_cfs_fields = prove_goal thy "\\X. \\field (G,C) fn = Some (fd, fT);\ -\ G\\C'\\C C; wf_prog wf_mb G\\ \\ map_of (fields (G,C')) (fn, fd) = Some fT" (K[ +val widen_cfs_fields = prove_goal thy "!!X. [|field (G,C) fn = Some (fd, fT);\ +\ G\\C'\\C C; wf_prog wf_mb G|] ==> map_of (fields (G,C')) (fn, fd) = Some fT" (K[ fast_tac (HOL_cs addIs [widen_fields_mono, cfs_fields_lemma]) 1]); bind_thm ("widen_cfs_fields",widen_cfs_fields); -Goal "wf_prog wf_mb G \\ method (G,C) sig = Some (md,mh,m)\ -\ \\ G\\C\\C md \\ wf_mdecl wf_mb G md (sig,(mh,m))"; +Goal "wf_prog wf_mb G ==> method (G,C) sig = Some (md,mh,m)\ +\ --> G\\C\\C md \\ wf_mdecl wf_mb G md (sig,(mh,m))"; by( case_tac "is_class G C" 1); by( forw_inst_tac [("C","C")] method_rec 2); by( asm_full_simp_tac (simpset() addsimps [is_class_def] @@ -264,7 +264,7 @@ by( Asm_full_simp_tac 1); by( dtac override_SomeD 1); by( etac disjE 1); -by( thin_tac "?P \\ ?Q" 1); +by( thin_tac "?P --> ?Q" 1); by( Clarify_tac 2); by( rtac rtrancl_trans 2); by( atac 3); @@ -277,8 +277,8 @@ by( Asm_full_simp_tac 1); qed_spec_mp "method_wf_mdecl"; -Goal "\\G\\T\\C T'; wf_prog wf_mb G\\ \\ \ -\ \\D rT b. method (G,T') sig = Some (D,rT ,b) \\\ +Goal "[|G\\T\\C T'; wf_prog wf_mb G|] ==> \ +\ \\D rT b. method (G,T') sig = Some (D,rT ,b) -->\ \ (\\D' rT' b'. method (G,T) sig = Some (D',rT',b') \\ G\\rT'\\rT)"; by( dtac rtranclD 1); by( etac disjE 1); @@ -312,15 +312,15 @@ Goal - "\\ G\\ C\\C D; wf_prog wf_mb G; \ -\ method (G,D) sig = Some (md, rT, b) \\ \ -\ \\ \\mD' rT' b'. method (G,C) sig= Some(mD',rT',b') \\ G\\rT'\\rT"; + "[| G\\ C\\C D; wf_prog wf_mb G; \ +\ method (G,D) sig = Some (md, rT, b) |] \ +\ ==> \\mD' rT' b'. method (G,C) sig= Some(mD',rT',b') \\ G\\rT'\\rT"; by(auto_tac (claset() addDs [subcls_widen_methd,method_wf_mdecl], simpset() addsimps [wf_mdecl_def,wf_mhead_def,split_def])); qed "subtype_widen_methd"; -Goal "wf_prog wf_mb G \\ \\D. method (G,C) sig = Some(D,mh,code) \\ is_class G D \\ method (G,D) sig = Some(D,mh,code)"; +Goal "wf_prog wf_mb G ==> \\D. method (G,C) sig = Some(D,mh,code) --> is_class G D \\ method (G,D) sig = Some(D,mh,code)"; by( case_tac "is_class G C" 1); by( forw_inst_tac [("C","C")] method_rec 2); by( asm_full_simp_tac (simpset() addsimps [is_class_def] @@ -341,7 +341,7 @@ qed_spec_mp "method_in_md"; -Goal "\\is_class G C; wf_prog wf_mb G\\ \\ \ +Goal "[|is_class G C; wf_prog wf_mb G|] ==> \ \ \\f\\set (fields (G,C)). is_type G (snd f)"; by( etac subcls1_induct 1); by( atac 1); diff -r 30693ebd16ae -r 7164dc0d24d8 src/HOL/MicroJava/J/WellForm.thy --- a/src/HOL/MicroJava/J/WellForm.thy Wed Sep 20 21:20:41 2000 +0200 +++ b/src/HOL/MicroJava/J/WellForm.thy Thu Sep 21 10:42:49 2000 +0200 @@ -20,28 +20,28 @@ constdefs - wf_fdecl :: "'c prog \\ fdecl \\ bool" -"wf_fdecl G \\ \\(fn,ft). is_type G ft" + wf_fdecl :: "'c prog => fdecl => bool" +"wf_fdecl G == \\(fn,ft). is_type G ft" - wf_mhead :: "'c prog \\ sig \\ ty \\ bool" -"wf_mhead G \\ \\(mn,pTs) rT. (\\T\\set pTs. is_type G T) \\ is_type G rT" + wf_mhead :: "'c prog => sig => ty => bool" +"wf_mhead G == \\(mn,pTs) rT. (\\T\\set pTs. is_type G T) \\ is_type G rT" - wf_mdecl :: "'c wf_mb \\ 'c wf_mb" -"wf_mdecl wf_mb G C \\ \\(sig,rT,mb). wf_mhead G sig rT \\ wf_mb G C (sig,rT,mb)" + wf_mdecl :: "'c wf_mb => 'c wf_mb" +"wf_mdecl wf_mb G C == \\(sig,rT,mb). wf_mhead G sig rT \\ wf_mb G C (sig,rT,mb)" - wf_cdecl :: "'c wf_mb \\ 'c prog \\ 'c cdecl \\ bool" -"wf_cdecl wf_mb G \\ + wf_cdecl :: "'c wf_mb => 'c prog => 'c cdecl => bool" +"wf_cdecl wf_mb G == \\(C,(sc,fs,ms)). (\\f\\set fs. wf_fdecl G f ) \\ unique fs \\ (\\m\\set ms. wf_mdecl wf_mb G C m) \\ unique ms \\ - (case sc of None \\ C = Object - | Some D \\ + (case sc of None => C = Object + | Some D => is_class G D \\ \\ G\\D\\C C \\ (\\(sig,rT,b)\\set ms. \\D' rT' b'. - method(G,D) sig = Some(D',rT',b') \\ G\\rT\\rT'))" + method(G,D) sig = Some(D',rT',b') --> G\\rT\\rT'))" - wf_prog :: "'c wf_mb \\ 'c prog \\ bool" -"wf_prog wf_mb G \\ + wf_prog :: "'c wf_mb => 'c prog => bool" +"wf_prog wf_mb G == let cs = set G in ObjectC \\ cs \\ (\\c\\cs. wf_cdecl wf_mb G c) \\ unique G" end diff -r 30693ebd16ae -r 7164dc0d24d8 src/HOL/MicroJava/J/WellType.ML --- a/src/HOL/MicroJava/J/WellType.ML Wed Sep 20 21:20:41 2000 +0200 +++ b/src/HOL/MicroJava/J/WellType.ML Thu Sep 21 10:42:49 2000 +0200 @@ -5,15 +5,15 @@ *) Goal -"\\ method (G,C) sig = Some (md,rT,b); wf_prog wf_mb G; G\\T''\\C C\\\ -\ \\ \\md' rT' b'. method (G,T'') sig = Some (md',rT',b') \\ G\\rT'\\rT"; +"[| method (G,C) sig = Some (md,rT,b); wf_prog wf_mb G; G\\T''\\C C|]\ +\ ==> \\md' rT' b'. method (G,T'') sig = Some (md',rT',b') \\ G\\rT'\\rT"; by( dtac subcls_widen_methd 1); by Auto_tac; qed "widen_methd"; Goal -"\\method (G,C) sig = Some (md,rT,b); G\\T''\\C C; wf_prog wf_mb G\\ \\ \ +"[|method (G,C) sig = Some (md,rT,b); G\\T''\\C C; wf_prog wf_mb G|] ==> \ \ \\T' rT' b. method (G,T'') sig = Some (T',rT',b) \\ \ \ G\\rT'\\rT \\ G\\T''\\C T' \\ wf_mhead G sig rT' \\ wf_mb G T' (sig,rT',b)"; by( datac widen_methd 2 1); @@ -25,25 +25,25 @@ qed "Call_lemma"; -Goal "wf_prog wf_mb G \\ method (G,Object) sig = None"; +Goal "wf_prog wf_mb G ==> method (G,Object) sig = None"; by (Asm_simp_tac 1); qed "method_Object"; Addsimps [method_Object]; Goalw [max_spec_def] - "x \\ max_spec G C sig \\ x \\ appl_methds G C sig"; + "x \\ max_spec G C sig ==> x \\ appl_methds G C sig"; by (Fast_tac 1); qed"max_spec2appl_meths"; Goalw [appl_methds_def] -"((md,rT),pTs')\\appl_methds G C (mn, pTs) \\ \ +"((md,rT),pTs')\\appl_methds G C (mn, pTs) ==> \ \ \\D b. md = Class D \\ method (G,C) (mn, pTs') = Some (D,rT,b) \ \ \\ list_all2 (\\T T'. G\\T\\T') pTs pTs'"; by (Fast_tac 1); qed "appl_methsD"; val is_type_typeof = prove_goal thy - "(\\a. v \\ Addr a) \\ (\\T. typeof t v = Some T \\ is_type G T)" (K [ + "(\\a. v \\ Addr a) --> (\\T. typeof t v = Some T \\ is_type G T)" (K [ rtac val_.induct 1, Fast_tac 5, ALLGOALS Simp_tac]) RS mp; diff -r 30693ebd16ae -r 7164dc0d24d8 src/HOL/MicroJava/J/WellType.thy --- a/src/HOL/MicroJava/J/WellType.thy Wed Sep 20 21:20:41 2000 +0200 +++ b/src/HOL/MicroJava/J/WellType.thy Thu Sep 21 10:42:49 2000 +0200 @@ -24,8 +24,8 @@ syntax - prg :: "'c env \\ 'c prog" - localT :: "'c env \\ (vname \\ ty)" + prg :: "'c env => 'c prog" + localT :: "'c env => (vname \\ ty)" translations @@ -34,29 +34,29 @@ consts - more_spec :: "'c prog \\ (ty \\ 'x) \\ ty list \\ - (ty \\ 'x) \\ ty list \\ bool" - appl_methds :: "'c prog \\ cname \\ sig \\ ((ty \\ ty) \\ ty list) set" - max_spec :: "'c prog \\ cname \\ sig \\ ((ty \\ ty) \\ ty list) set" + more_spec :: "'c prog => (ty \\ 'x) \\ ty list => + (ty \\ 'x) \\ ty list => bool" + appl_methds :: "'c prog => cname => sig => ((ty \\ ty) \\ ty list) set" + max_spec :: "'c prog => cname => sig => ((ty \\ ty) \\ ty list) set" defs - more_spec_def "more_spec G \\ \\((d,h),pTs). \\((d',h'),pTs'). G\\d\\d' \\ + more_spec_def "more_spec G == \\((d,h),pTs). \\((d',h'),pTs'). G\\d\\d' \\ list_all2 (\\T T'. G\\T\\T') pTs pTs'" (* applicable methods, cf. 15.11.2.1 *) - appl_methds_def "appl_methds G C \\ \\(mn, pTs). + appl_methds_def "appl_methds G C == \\(mn, pTs). {((Class md,rT),pTs') |md rT mb pTs'. method (G,C) (mn, pTs') = Some (md,rT,mb) \\ list_all2 (\\T T'. G\\T\\T') pTs pTs'}" (* maximally specific methods, cf. 15.11.2.2 *) - max_spec_def "max_spec G C sig \\ {m. m \\appl_methds G C sig \\ + max_spec_def "max_spec G C sig == {m. m \\appl_methds G C sig \\ (\\m'\\appl_methds G C sig. - more_spec G m' m \\ m' = m)}" + more_spec G m' m --> m' = m)}" consts - typeof :: "(loc \\ ty option) \\ val \\ ty option" + typeof :: "(loc => ty option) => val => ty option" primrec "typeof dt Unit = Some (PrimT Void)" @@ -71,19 +71,19 @@ consts - ty_expr :: "java_mb env \\ (expr \\ ty ) set" - ty_exprs:: "java_mb env \\ (expr list \\ ty list) set" - wt_stmt :: "java_mb env \\ stmt set" + ty_expr :: "java_mb env => (expr \\ ty ) set" + ty_exprs:: "java_mb env => (expr list \\ ty list) set" + wt_stmt :: "java_mb env => stmt set" syntax -ty_expr :: "java_mb env \\ [expr , ty ] \\ bool" ("_\\_\\_" [51,51,51]50) -ty_exprs:: "java_mb env \\ [expr list, ty list] \\ bool" ("_\\_[\\]_"[51,51,51]50) -wt_stmt :: "java_mb env \\ stmt \\ bool" ("_\\_ \\" [51,51 ]50) +ty_expr :: "java_mb env => [expr , ty ] => bool" ("_\\_::_" [51,51,51]50) +ty_exprs:: "java_mb env => [expr list, ty list] => bool" ("_\\_[::]_"[51,51,51]50) +wt_stmt :: "java_mb env => stmt => bool" ("_\\_ \\" [51,51 ]50) translations - "E\\e \\ T" == "(e,T) \\ ty_expr E" - "E\\e[\\]T" == "(e,T) \\ ty_exprs E" + "E\\e :: T" == "(e,T) \\ ty_expr E" + "E\\e[::]T" == "(e,T) \\ ty_exprs E" "E\\c \\" == "c \\ wt_stmt E" inductive "ty_expr E" "ty_exprs E" "wt_stmt E" intrs @@ -91,98 +91,98 @@ (* well-typed expressions *) (* cf. 15.8 *) - NewC "\\is_class (prg E) C\\ \\ - E\\NewC C\\Class C" + NewC "[|is_class (prg E) C|] ==> + E\\NewC C::Class C" (* cf. 15.15 *) - Cast "\\E\\e\\Class C; - prg E\\C\\? D\\ \\ - E\\Cast D e\\Class D" + Cast "[|E\\e::Class C; + prg E\\C\\? D|] ==> + E\\Cast D e::Class D" (* cf. 15.7.1 *) - Lit "\\typeof (\\v. None) x = Some T\\ \\ - E\\Lit x\\T" + Lit "[|typeof (\\v. None) x = Some T|] ==> + E\\Lit x::T" (* cf. 15.13.1 *) - LAcc "\\localT E v = Some T; is_type (prg E) T\\ \\ - E\\LAcc v\\T" + LAcc "[|localT E v = Some T; is_type (prg E) T|] ==> + E\\LAcc v::T" - BinOp "\\E\\e1\\T; - E\\e2\\T; + BinOp "[|E\\e1::T; + E\\e2::T; if bop = Eq then T' = PrimT Boolean - else T' = T \\ T = PrimT Integer\\ \\ - E\\BinOp bop e1 e2\\T'" + else T' = T \\ T = PrimT Integer|] ==> + E\\BinOp bop e1 e2::T'" (* cf. 15.25, 15.25.1 *) - LAss "\\E\\LAcc v\\T; - E\\e\\T'; - prg E\\T'\\T\\ \\ - E\\v\\=e\\T'" + LAss "[|E\\LAcc v::T; + E\\e::T'; + prg E\\T'\\T|] ==> + E\\v::=e::T'" (* cf. 15.10.1 *) - FAcc "\\E\\a\\Class C; - field (prg E,C) fn = Some (fd,fT)\\ \\ - E\\{fd}a..fn\\fT" + FAcc "[|E\\a::Class C; + field (prg E,C) fn = Some (fd,fT)|] ==> + E\\{fd}a..fn::fT" (* cf. 15.25, 15.25.1 *) - FAss "\\E\\{fd}a..fn\\T; - E\\v \\T'; - prg E\\T'\\T\\ \\ - E\\{fd}a..fn:=v\\T'" + FAss "[|E\\{fd}a..fn::T; + E\\v ::T'; + prg E\\T'\\T|] ==> + E\\{fd}a..fn:=v::T'" (* cf. 15.11.1, 15.11.2, 15.11.3 *) - Call "\\E\\a\\Class C; - E\\ps[\\]pTs; - max_spec (prg E) C (mn, pTs) = {((md,rT),pTs')}\\ \\ - E\\a..mn({pTs'}ps)\\rT" + Call "[|E\\a::Class C; + E\\ps[::]pTs; + max_spec (prg E) C (mn, pTs) = {((md,rT),pTs')}|] ==> + E\\a..mn({pTs'}ps)::rT" (* well-typed expression lists *) (* cf. 15.11.??? *) - Nil "E\\[][\\][]" + Nil "E\\[][::][]" (* cf. 15.11.??? *) - Cons "\\E\\e\\T; - E\\es[\\]Ts\\ \\ - E\\e#es[\\]T#Ts" + Cons "[|E\\e::T; + E\\es[::]Ts|] ==> + E\\e#es[::]T#Ts" (* well-typed statements *) Skip "E\\Skip\\" - Expr "\\E\\e\\T\\ \\ + Expr "[|E\\e::T|] ==> E\\Expr e\\" - Comp "\\E\\s1\\; - E\\s2\\\\ \\ + Comp "[|E\\s1\\; + E\\s2\\|] ==> E\\s1;; s2\\" (* cf. 14.8 *) - Cond "\\E\\e\\PrimT Boolean; + Cond "[|E\\e::PrimT Boolean; E\\s1\\; - E\\s2\\\\ \\ + E\\s2\\|] ==> E\\If(e) s1 Else s2\\" (* cf. 14.10 *) - Loop "\\E\\e\\PrimT Boolean; - E\\s\\\\ \\ + Loop "[|E\\e::PrimT Boolean; + E\\s\\|] ==> E\\While(e) s\\" constdefs wf_java_mdecl :: java_mb prog => cname => java_mb mdecl => bool -"wf_java_mdecl G C \\ \\((mn,pTs),rT,(pns,lvars,blk,res)). +"wf_java_mdecl G C == \\((mn,pTs),rT,(pns,lvars,blk,res)). length pTs = length pns \\ nodups pns \\ unique lvars \\ (\\pn\\set pns. map_of lvars pn = None) \\ (\\(vn,T)\\set lvars. is_type G T) & (let E = (G,map_of lvars(pns[\\]pTs)(This\\Class C)) in - E\\blk\\ \\ (\\T. E\\res\\T \\ G\\T\\rT))" + E\\blk\\ \\ (\\T. E\\res::T \\ G\\T\\rT))" wf_java_prog :: java_mb prog => bool -"wf_java_prog G \\ wf_prog wf_java_mdecl G" +"wf_java_prog G == wf_prog wf_java_mdecl G" end diff -r 30693ebd16ae -r 7164dc0d24d8 src/HOL/MicroJava/JVM/JVMExec.thy --- a/src/HOL/MicroJava/JVM/JVMExec.thy Wed Sep 20 21:20:41 2000 +0200 +++ b/src/HOL/MicroJava/JVM/JVMExec.thy Thu Sep 21 10:42:49 2000 +0200 @@ -9,7 +9,7 @@ JVMExec = JVMExecInstr + consts - exec :: "jvm_prog \\ jvm_state \\ jvm_state option" + exec :: "jvm_prog \\ jvm_state => jvm_state option" (** exec is not recursive. recdef is just used for pattern matching **) recdef exec "{}" @@ -25,7 +25,7 @@ constdefs - exec_all :: "[jvm_prog,jvm_state,jvm_state] \\ bool" ("_ \\ _ -jvm\\ _" [61,61,61]60) - "G \\ s -jvm\\ t \\ (s,t) \\ {(s,t). exec(G,s) = Some t}^*" + exec_all :: "[jvm_prog,jvm_state,jvm_state] => bool" ("_ \\ _ -jvm-> _" [61,61,61]60) + "G \\ s -jvm-> t == (s,t) \\ {(s,t). exec(G,s) = Some t}^*" end diff -r 30693ebd16ae -r 7164dc0d24d8 src/HOL/MicroJava/JVM/JVMExecInstr.thy --- a/src/HOL/MicroJava/JVM/JVMExecInstr.thy Wed Sep 20 21:20:41 2000 +0200 +++ b/src/HOL/MicroJava/JVM/JVMExecInstr.thy Thu Sep 21 10:42:49 2000 +0200 @@ -9,7 +9,7 @@ JVMExecInstr = JVMInstructions + JVMState + consts -exec_instr :: "[instr, jvm_prog, aheap, opstack, locvars, cname, sig, p_count, frame list] \\ jvm_state" +exec_instr :: "[instr, jvm_prog, aheap, opstack, locvars, cname, sig, p_count, frame list] => jvm_state" primrec "exec_instr (Load idx) G hp stk vars Cl sig pc frs = (None, hp, ((vars ! idx) # stk, vars, Cl, sig, pc+1)#frs)" diff -r 30693ebd16ae -r 7164dc0d24d8 src/HOL/MicroJava/JVM/JVMState.thy --- a/src/HOL/MicroJava/JVM/JVMState.thy Wed Sep 20 21:20:41 2000 +0200 +++ b/src/HOL/MicroJava/JVM/JVMState.thy Thu Sep 21 10:42:49 2000 +0200 @@ -32,8 +32,8 @@ (** exceptions **) constdefs - raise_xcpt :: "bool \\ xcpt \\ xcpt option" -"raise_xcpt c x \\ (if c then Some x else None)" + raise_xcpt :: "bool => xcpt => xcpt option" +"raise_xcpt c x == (if c then Some x else None)" (** runtime state **) @@ -45,6 +45,6 @@ (** dynamic method lookup **) constdefs - dyn_class :: "'code prog \\ sig \\ cname \\ cname" -"dyn_class \\ \\(G,sig,C). fst(the(method(G,C) sig))" + dyn_class :: "'code prog \\ sig \\ cname => cname" +"dyn_class == \\(G,sig,C). fst(the(method(G,C) sig))" end diff -r 30693ebd16ae -r 7164dc0d24d8 src/HOL/MicroJava/JVM/Store.ML --- a/src/HOL/MicroJava/JVM/Store.ML Wed Sep 20 21:20:41 2000 +0200 +++ b/src/HOL/MicroJava/JVM/Store.ML Thu Sep 21 10:42:49 2000 +0200 @@ -5,6 +5,6 @@ *) Goalw [newref_def] - "hp x = None \\ hp (newref hp) = None"; + "hp x = None --> hp (newref hp) = None"; by (fast_tac (claset() addIs [someI2_ex] addss (simpset())) 1); qed_spec_mp "newref_None"; diff -r 30693ebd16ae -r 7164dc0d24d8 src/HOL/MicroJava/JVM/Store.thy --- a/src/HOL/MicroJava/JVM/Store.thy Wed Sep 20 21:20:41 2000 +0200 +++ b/src/HOL/MicroJava/JVM/Store.thy Thu Sep 21 10:42:49 2000 +0200 @@ -12,7 +12,7 @@ Store = Conform + constdefs - newref :: "('a \\ 'b) \\ 'a" - "newref s \\ \\v. s v = None" + newref :: "('a \\ 'b) => 'a" + "newref s == SOME v. s v = None" end