# HG changeset patch # User streckem # Date 1035382142 -7200 # Node ID b95d12325b510c6458d7cb12cb4dab14af0bf89e # Parent eec2582923f634de53333e58a96d41b9c240b7c4 Added compiler diff -r eec2582923f6 -r b95d12325b51 src/HOL/IsaMakefile --- a/src/HOL/IsaMakefile Mon Oct 21 17:23:23 2002 +0200 +++ b/src/HOL/IsaMakefile Wed Oct 23 16:09:02 2002 +0200 @@ -487,6 +487,16 @@ HOL-MicroJava: HOL $(LOG)/HOL-MicroJava.gz $(LOG)/HOL-MicroJava.gz: $(OUT)/HOL MicroJava/ROOT.ML \ + MicroJava/Comp/AuxLemmas.thy \ + MicroJava/Comp/CorrComp.thy \ + MicroJava/Comp/CorrCompTp.thy \ + MicroJava/Comp/DefsComp.thy \ + MicroJava/Comp/Index.thy \ + MicroJava/Comp/LemmasComp.thy \ + MicroJava/Comp/NatCanonify.thy \ + MicroJava/Comp/TranslComp.thy \ + MicroJava/Comp/TranslCompTp.thy \ + MicroJava/Comp/TypeInf.thy \ MicroJava/J/Conform.thy MicroJava/J/Eval.thy MicroJava/J/JBasis.thy \ MicroJava/J/JTypeSafe.thy MicroJava/J/Decl.thy MicroJava/J/State.thy \ MicroJava/J/Term.thy MicroJava/J/Type.thy MicroJava/J/TypeRel.thy \ diff -r eec2582923f6 -r b95d12325b51 src/HOL/MicroJava/BV/Altern.thy --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/HOL/MicroJava/BV/Altern.thy Wed Oct 23 16:09:02 2002 +0200 @@ -0,0 +1,67 @@ + +theory Altern = BVSpec: + + +constdefs + check_type :: "jvm_prog \ nat \ nat \ state \ bool" + "check_type G mxs mxr s \ s \ states G mxs mxr" + + wt_instr_altern :: "[instr,jvm_prog,ty,method_type,nat,nat,p_count, + exception_table,p_count] \ bool" + "wt_instr_altern i G rT phi mxs mxr max_pc et pc \ + app i G mxs rT pc et (phi!pc) \ + check_type G mxs mxr (OK (phi!pc)) \ + (\(pc',s') \ set (eff i G pc et (phi!pc)). pc' < max_pc \ G \ s' <=' phi!pc')" + + wt_method_altern :: "[jvm_prog,cname,ty list,ty,nat,nat,instr list, + exception_table,method_type] \ bool" + "wt_method_altern G C pTs rT mxs mxl ins et phi \ + let max_pc = length ins in + 0 < max_pc \ + length phi = length ins \ + check_bounded ins et \ + wt_start G C pTs mxl phi \ + (\pc. pc wt_instr_altern (ins!pc) G rT phi mxs (1+length pTs+mxl) max_pc et pc)" + + +lemma wt_method_wt_method_altern : + "wt_method G C pTs rT mxs mxl ins et phi \ wt_method_altern G C pTs rT mxs mxl ins et phi" +apply (simp add: wt_method_def wt_method_altern_def) +apply (intro strip) +apply clarify +apply (drule spec, drule mp, assumption) +apply (simp add: check_types_def wt_instr_def wt_instr_altern_def check_type_def) +apply (auto intro: imageI) +done + + +lemma check_type_check_types [rule_format]: + "(\pc. pc < length phi \ check_type G mxs mxr (OK (phi ! pc))) + \ check_types G mxs mxr (map OK phi)" +apply (induct phi) +apply (simp add: check_types_def) +apply (simp add: check_types_def) +apply clarify +apply (frule_tac x=0 in spec) +apply (simp add: check_type_def) +apply auto +done + +lemma wt_method_altern_wt_method [rule_format]: + "wt_method_altern G C pTs rT mxs mxl ins et phi \ wt_method G C pTs rT mxs mxl ins et phi" +apply (simp add: wt_method_def wt_method_altern_def) +apply (intro strip) +apply clarify +apply (rule conjI) + (* show check_types *) +apply (rule check_type_check_types) +apply (simp add: wt_instr_altern_def) + + (* show wt_instr *) +apply (intro strip) +apply (drule spec, drule mp, assumption) +apply (simp add: wt_instr_def wt_instr_altern_def) +done + + +end diff -r eec2582923f6 -r b95d12325b51 src/HOL/MicroJava/BV/BVSpecTypeSafe.thy --- a/src/HOL/MicroJava/BV/BVSpecTypeSafe.thy Mon Oct 21 17:23:23 2002 +0200 +++ b/src/HOL/MicroJava/BV/BVSpecTypeSafe.thy Wed Oct 23 16:09:02 2002 +0200 @@ -242,7 +242,7 @@ qed qed - +declare raise_if_def [simp] text {* The requirement of lemma @{text uncaught_xcpt_correct} (that the exception is a valid reference on the heap) is always met diff -r eec2582923f6 -r b95d12325b51 src/HOL/MicroJava/BV/JVMType.thy --- a/src/HOL/MicroJava/BV/JVMType.thy Mon Oct 21 17:23:23 2002 +0200 +++ b/src/HOL/MicroJava/BV/JVMType.thy Wed Oct 23 16:09:02 2002 +0200 @@ -212,6 +212,11 @@ "(G \ YT <=l (X#XT)) = (\Y YT'. YT=Y#YT' \ (G \ Y <=o X) \ (G \ YT' <=l XT))" by (simp add: sup_loc_def Listn.le_def lesub_def list_all2_Cons2) +lemma sup_state_Cons: + "(G \ (x#xt, a) <=s (y#yt, b)) = + ((G \ x \ y) \ (G \ (xt,a) <=s (yt,b)))" + by (auto simp add: sup_state_def stk_convert lesub_def Product.le_def) + theorem sup_loc_length: "G \ a <=l b \ length a = length b" diff -r eec2582923f6 -r b95d12325b51 src/HOL/MicroJava/J/Conform.thy --- a/src/HOL/MicroJava/J/Conform.thy Mon Oct 21 17:23:23 2002 +0200 +++ b/src/HOL/MicroJava/J/Conform.thy Wed Oct 23 16:09:02 2002 +0200 @@ -6,7 +6,7 @@ header {* \isaheader{Conformity Relations for Type Soundness Proof} *} -theory Conform = State + WellType: +theory Conform = State + WellType + Exceptions: types 'c env_ = "'c prog \ (vname \ ty)" -- "same as @{text env} of @{text WellType.thy}" @@ -28,9 +28,14 @@ hconf :: "'c prog => aheap => bool" ("_ |-h _ [ok]" [51,51] 50) "G|-h h [ok] == \a obj. h a = Some obj --> G,h|-obj [ok]" + + xconf :: "aheap \ val option \ bool" + "xconf hp vo == preallocated hp \ (\ v. (vo = Some v) \ (\ xc. v = (Addr (XcptRef xc))))" - conforms :: "state => java_mb env_ => bool" ("_ ::<= _" [51,51] 50) - "s::<=E == prg E|-h heap s [ok] \ prg E,heap s|-locals s[::<=]localT E" + conforms :: "xstate => java_mb env_ => bool" ("_ ::<= _" [51,51] 50) + "s::<=E == prg E|-h heap (store s) [ok] \ + prg E,heap (store s)|-locals (store s)[::<=]localT E \ + xconf (heap (store s)) (abrupt s)" syntax (xsymbols) @@ -247,6 +252,12 @@ apply( auto simp add: length_Suc_conv) done +lemma lconf_restr: "\lT vn = None; G, h \ l [::\] lT(vn\T)\ \ G, h \ l [::\] lT" +apply (unfold lconf_def) +apply (intro strip) +apply (case_tac "n = vn") +apply auto +done section "oconf" @@ -277,29 +288,56 @@ done +section "xconf" + +lemma xconf_raise_if: "xconf h x \ xconf h (raise_if b xcn x)" +by (simp add: xconf_def raise_if_def) + + + section "conforms" -lemma conforms_heapD: "(h, l)::\(G, lT) ==> G\h h\" +lemma conforms_heapD: "(x, (h, l))::\(G, lT) ==> G\h h\" apply (unfold conforms_def) apply (simp) done -lemma conforms_localD: "(h, l)::\(G, lT) ==> G,h\l[::\]lT" +lemma conforms_localD: "(x, (h, l))::\(G, lT) ==> G,h\l[::\]lT" +apply (unfold conforms_def) +apply (simp) +done + +lemma conforms_xcptD: "(x, (h, l))::\(G, lT) ==> xconf h x" apply (unfold conforms_def) apply (simp) done -lemma conformsI: "[|G\h h\; G,h\l[::\]lT|] ==> (h, l)::\(G, lT)" +lemma conformsI: "[|G\h h\; G,h\l[::\]lT; xconf h x|] ==> (x, (h, l))::\(G, lT)" apply (unfold conforms_def) apply auto done -lemma conforms_hext: "[|(h,l)::\(G,lT); h\|h'; G\h h'\ |] ==> (h',l)::\(G,lT)" -apply( fast dest: conforms_localD elim!: conformsI lconf_hext) -done +lemma conforms_restr: "\lT vn = None; s ::\ (G, lT(vn\T)) \ \ s ::\ (G, lT)" +by (simp add: conforms_def, fast intro: lconf_restr) + +lemma conforms_xcpt_change: "\ (x, (h,l))::\ (G, lT); xconf h x \ xconf h x' \ \ (x', (h,l))::\ (G, lT)" +by (simp add: conforms_def) + + +lemma preallocated_hext: "\ preallocated h; h\|h'\ \ preallocated h'" +by (simp add: preallocated_def hext_def) + +lemma xconf_hext: "\ xconf h vo; h\|h'\ \ xconf h' vo" +by (simp add: xconf_def preallocated_def hext_def) + +lemma conforms_hext: "[|(x,(h,l))::\(G,lT); h\|h'; G\h h'\ |] + ==> (x,(h',l))::\(G,lT)" +by( fast dest: conforms_localD conforms_xcptD elim!: conformsI xconf_hext) + lemma conforms_upd_obj: - "[|(h,l)::\(G, lT); G,h(a\obj)\obj\; h\|h(a\obj)|] ==> (h(a\obj),l)::\(G, lT)" + "[|(x,(h,l))::\(G, lT); G,h(a\obj)\obj\; h\|h(a\obj)|] + ==> (x,(h(a\obj),l))::\(G, lT)" apply(rule conforms_hext) apply auto apply(rule hconfI) @@ -309,7 +347,8 @@ done lemma conforms_upd_local: -"[|(h, l)::\(G, lT); G,h\v::\T; lT va = Some T|] ==> (h, l(va\v))::\(G, lT)" +"[|(x,(h, l))::\(G, lT); G,h\v::\T; lT va = Some T|] + ==> (x,(h, l(va\v)))::\(G, lT)" apply (unfold conforms_def) apply( auto elim: lconf_upd) done diff -r eec2582923f6 -r b95d12325b51 src/HOL/MicroJava/J/Eval.thy --- a/src/HOL/MicroJava/J/Eval.thy Mon Oct 21 17:23:23 2002 +0200 +++ b/src/HOL/MicroJava/J/Eval.thy Wed Oct 23 16:09:02 2002 +0200 @@ -8,6 +8,30 @@ theory Eval = State + WellType: + + -- "Auxiliary notions" + +constdefs + fits :: "java_mb prog \ state \ val \ ty \ bool" ("_,_\_ fits _"[61,61,61,61]60) + "G,s\a' fits T \ case T of PrimT T' \ False | RefT T' \ a'=Null \ G\obj_ty(lookup_obj s a')\T" + +constdefs + catch ::"java_mb prog \ xstate \ cname \ bool" ("_,_\catch _"[61,61,61]60) + "G,s\catch C\ case abrupt s of None \ False | Some a \ G,store s\ a fits Class C" + + + +constdefs + lupd :: "vname \ val \ state \ state" ("lupd'(_\_')"[10,10]1000) + "lupd vn v \ \ (hp,loc). (hp, (loc(vn\v)))" + +constdefs + new_xcpt_var :: "vname \ xstate \ xstate" + "new_xcpt_var vn \ \(x,s). Norm (lupd(vn\the x) s)" + + + -- "Evaluation relations" + consts eval :: "java_mb prog => (xstate \ expr \ val \ xstate) set" evals :: "java_mb prog => (xstate \ expr list \ val list \ xstate) set" diff -r eec2582923f6 -r b95d12325b51 src/HOL/MicroJava/J/Exceptions.thy --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/HOL/MicroJava/J/Exceptions.thy Wed Oct 23 16:09:02 2002 +0200 @@ -0,0 +1,65 @@ +(* Title: HOL/MicroJava/J/Exceptions.thy + ID: $Id$ + Author: Gerwin Klein, Martin Strecker + Copyright 2002 Technische Universitaet Muenchen +*) + +theory Exceptions = State: + +text {* a new, blank object with default values in all fields: *} +constdefs + blank :: "'c prog \ cname \ obj" + "blank G C \ (C,init_vars (fields(G,C)))" + + start_heap :: "'c prog \ aheap" + "start_heap G \ empty (XcptRef NullPointer \ blank G (Xcpt NullPointer)) + (XcptRef ClassCast \ blank G (Xcpt ClassCast)) + (XcptRef OutOfMemory \ blank G (Xcpt OutOfMemory))" + + +consts + cname_of :: "aheap \ val \ cname" + +translations + "cname_of hp v" == "fst (the (hp (the_Addr v)))" + + +constdefs + preallocated :: "aheap \ bool" + "preallocated hp \ \x. \fs. hp (XcptRef x) = Some (Xcpt x, fs)" + +lemma preallocatedD: + "preallocated hp \ \fs. hp (XcptRef x) = Some (Xcpt x, fs)" + by (unfold preallocated_def) fast + +lemma preallocatedE [elim?]: + "preallocated hp \ (\fs. hp (XcptRef x) = Some (Xcpt x, fs) \ P hp) \ P hp" + by (fast dest: preallocatedD) + +lemma cname_of_xcp: + "raise_if b x None = Some xcp \ preallocated hp + \ cname_of (hp::aheap) xcp = Xcpt x" +proof - + assume "raise_if b x None = Some xcp" + hence "xcp = Addr (XcptRef x)" + by (simp add: raise_if_def split: split_if_asm) + moreover + assume "preallocated hp" + then obtain fs where "hp (XcptRef x) = Some (Xcpt x, fs)" .. + ultimately + show ?thesis by simp +qed + +lemma preallocated_start: + "preallocated (start_heap G)" + apply (unfold preallocated_def) + apply (unfold start_heap_def) + apply (rule allI) + apply (case_tac x) + apply (auto simp add: blank_def) + done + + + +end + diff -r eec2582923f6 -r b95d12325b51 src/HOL/MicroJava/J/JListExample.thy --- a/src/HOL/MicroJava/J/JListExample.thy Mon Oct 21 17:23:23 2002 +0200 +++ b/src/HOL/MicroJava/J/JListExample.thy Wed Oct 23 16:09:02 2002 +0200 @@ -62,10 +62,10 @@ cname ("string") vnam ("string") mname ("string") - loc ("int") + loc_ ("int") consts_code - "new_Addr" ("new'_addr {* %x. case x of None => True | Some y => False *}/ {* None *}") + "new_Addr" ("new'_addr {* %x. case x of None => True | Some y => False *}/ {* None *} {* Loc *}") "arbitrary" ("(raise ERROR)") "arbitrary" :: "val" ("{* Unit *}") @@ -83,8 +83,8 @@ "l4_nam" ("\"l4\"") ML {* -fun new_addr p none hp = - let fun nr i = if p (hp i) then (i, none) else nr (i+1); +fun new_addr p none loc hp = + let fun nr i = if p (hp (loc i)) then (loc i, none) else nr (i+1); in nr 0 end; *} @@ -114,14 +114,14 @@ locs l2_name; locs l3_name; locs l4_name; -snd (the (heap 0)) (val_name, "list"); -snd (the (heap 0)) (next_name, "list"); -snd (the (heap 1)) (val_name, "list"); -snd (the (heap 1)) (next_name, "list"); -snd (the (heap 2)) (val_name, "list"); -snd (the (heap 2)) (next_name, "list"); -snd (the (heap 3)) (val_name, "list"); -snd (the (heap 3)) (next_name, "list"); +snd (the (heap (Loc 0))) (val_name, "list"); +snd (the (heap (Loc 0))) (next_name, "list"); +snd (the (heap (Loc 1))) (val_name, "list"); +snd (the (heap (Loc 1))) (next_name, "list"); +snd (the (heap (Loc 2))) (val_name, "list"); +snd (the (heap (Loc 2))) (next_name, "list"); +snd (the (heap (Loc 3))) (val_name, "list"); +snd (the (heap (Loc 3))) (next_name, "list"); *} diff -r eec2582923f6 -r b95d12325b51 src/HOL/MicroJava/J/JTypeSafe.thy --- a/src/HOL/MicroJava/J/JTypeSafe.thy Mon Oct 21 17:23:23 2002 +0200 +++ b/src/HOL/MicroJava/J/JTypeSafe.thy Wed Oct 23 16:09:02 2002 +0200 @@ -11,8 +11,8 @@ declare split_beta [simp] lemma NewC_conforms: -"[|h a = None; (h, l)::\(G, lT); wf_prog wf_mb G; is_class G C|] ==> - (h(a\(C,(init_vars (fields (G,C))))), l)::\(G, lT)" +"[|h a = None; (x,(h, l))::\(G, lT); wf_prog wf_mb G; is_class G C|] ==> + (x,(h(a\(C,(init_vars (fields (G,C))))), l))::\(G, lT)" apply( erule conforms_upd_obj) apply( unfold oconf_def) apply( auto dest!: fields_is_type) @@ -30,8 +30,10 @@ apply( auto intro!: conf_AddrI simp add: obj_ty_def) done + + lemma FAcc_type_sound: -"[| wf_prog wf_mb G; field (G,C) fn = Some (fd, ft); (h,l)::\(G,lT); +"[| wf_prog wf_mb G; field (G,C) fn = Some (fd, ft); (x,(h,l))::\(G,lT); x' = None --> G,h\a'::\ Class C; np a' x' = None |] ==> G,h\the (snd (the (h (the_Addr a'))) (fn, fd))::\ft" apply( drule np_NoneD) @@ -52,9 +54,9 @@ (G, lT)\aa::Class C; field (G,C) fn = Some (fd, ft); h''\|h'; x' = None --> G,h'\a'::\ Class C; h'\|h; - (h, l)::\(G, lT); G,h\x::\T'; np a' x' = None|] ==> + Norm (h, l)::\(G, lT); G,h\x::\T'; np a' x' = None|] ==> h''\|h(a\(c,(fs((fn,fd)\x)))) \ - (h(a\(c,(fs((fn,fd)\x)))), l)::\(G, lT) \ + Norm(h(a\(c,(fs((fn,fd)\x)))), l)::\(G, lT) \ G,h(a\(c,(fs((fn,fd)\x))))\x::\T'" apply( drule np_NoneD) apply( erule conjE) @@ -90,6 +92,8 @@ apply( fast dest: conforms_heapD [THEN hconfD] oconf_objD) done + + lemma Call_lemma2: "[| wf_prog wf_mb G; list_all2 (conf G h) pvs pTs; list_all2 (\T T'. G\T\T') pTs pTs'; wf_mhead G (mn,pTs') rT; length pTs' = length pns; distinct pns; @@ -106,17 +110,18 @@ done lemma Call_type_sound: - "[| wf_java_prog G; a' \ Null; (h, l)::\(G, lT); class G C = Some y; + "[| wf_java_prog G; a' \ Null; Norm (h, l)::\(G, lT); class G C = Some y; max_spec G C (mn,pTsa) = {((mda,rTa),pTs')}; xc\|xh; xh\|h; list_all2 (conf G h) pvs pTsa; (md, rT, pns, lvars, blk, res) = the (method (G,fst (the (h (the_Addr a')))) (mn, pTs')); - \lT. (h, init_vars lvars(pns[\]pvs)(This\a'))::\(G, lT) --> - (G, lT)\blk\ --> h\|xi \ (xi, xl)::\(G, lT); - \lT. (xi, xl)::\(G, lT) --> (\T. (G, lT)\res::T --> - xi\|h' \ (h', xj)::\(G, lT) \ (x' = None --> G,h'\v::\T)); - G,xh\a'::\ Class C |] ==> - xc\|h' \ (h', l)::\(G, lT) \ (x' = None --> G,h'\v::\rTa)" + \lT. (np a' None, h, init_vars lvars(pns[\]pvs)(This\a'))::\(G, lT) --> + (G, lT)\blk\ --> h\|xi \ (xcptb, xi, xl)::\(G, lT); + \lT. (xcptb,xi, xl)::\(G, lT) --> (\T. (G, lT)\res::T --> + xi\|h' \ (x',h', xj)::\(G, lT) \ (x' = None --> G,h'\v::\T)); + G,xh\a'::\ Class C + |] ==> + xc\|h' \ (x',(h', l))::\(G, lT) \ (x' = None --> G,h'\v::\rTa)" apply( drule max_spec2mheads) apply( clarify) apply( drule (2) non_np_objD') @@ -126,14 +131,15 @@ apply( drule (3) Call_lemma) apply( clarsimp simp add: wf_java_mdecl_def) apply( erule_tac V = "method ?sig ?x = ?y" in thin_rl) -apply( drule spec, erule impE) -apply( erule_tac [2] notE impE, tactic "assume_tac 2") +apply( drule spec, erule impE, erule_tac [2] notE impE, tactic "assume_tac 2") apply( rule conformsI) apply( erule conforms_heapD) apply( rule lconf_ext) apply( force elim!: Call_lemma2) apply( erule conf_hext, erule (1) conf_obj_AddrI) -apply( erule_tac V = "?E\?blk\" in thin_rl) +apply( erule_tac V = "?E\?blk\" in thin_rl) +apply (simp add: conforms_def) + apply( erule conjE) apply( drule spec, erule (1) impE) apply( drule spec, erule (1) impE) @@ -149,11 +155,16 @@ apply( tactic "assume_tac 2") prefer 2 apply( fast elim!: widen_trans) -apply( erule conforms_hext) +apply (rule conforms_xcpt_change) +apply( rule conforms_hext) apply assumption +(* apply( erule conforms_hext)*) apply( erule (1) hext_trans) apply( erule conforms_heapD) +apply (simp add: conforms_def) done + + declare split_if [split del] declare fun_upd_apply [simp del] declare fun_upd_same [simp] @@ -165,17 +176,19 @@ Unify.search_bound := 40; Unify.trace_bound := 40 *} + + theorem eval_evals_exec_type_sound: "wf_java_prog G ==> (G\(x,(h,l)) -e \v -> (x', (h',l')) --> - (\lT. (h ,l )::\(G,lT) --> (\T . (G,lT)\e :: T --> - h\|h' \ (h',l')::\(G,lT) \ (x'=None --> G,h'\v ::\ T )))) \ + (\lT. (x,(h ,l ))::\(G,lT) --> (\T . (G,lT)\e :: T --> + h\|h' \ (x',(h',l'))::\(G,lT) \ (x'=None --> G,h'\v ::\ T )))) \ (G\(x,(h,l)) -es[\]vs-> (x', (h',l')) --> - (\lT. (h ,l )::\(G,lT) --> (\Ts. (G,lT)\es[::]Ts --> - h\|h' \ (h',l')::\(G,lT) \ (x'=None --> list_all2 (\v T. G,h'\v::\T) vs Ts)))) \ + (\lT. (x,(h ,l ))::\(G,lT) --> (\Ts. (G,lT)\es[::]Ts --> + h\|h' \ (x',(h',l'))::\(G,lT) \ (x'=None --> list_all2 (\v T. G,h'\v::\T) vs Ts)))) \ (G\(x,(h,l)) -c -> (x', (h',l')) --> - (\lT. (h ,l )::\(G,lT) --> (G,lT)\c \ --> - h\|h' \ (h',l')::\(G,lT)))" + (\lT. (x,(h ,l ))::\(G,lT) --> (G,lT)\c \ --> + h\|h' \ (x',(h',l'))::\(G,lT)))" apply( rule eval_evals_exec_induct) apply( unfold c_hupd_def) @@ -187,12 +200,14 @@ apply(tactic "ALLGOALS (EVERY' [REPEAT o (etac conjE), REPEAT o hyp_subst_tac])") -- "Level 7" - -- "15 NewC" +apply (drule sym) apply( drule new_AddrD) apply( erule disjE) prefer 2 apply( simp (no_asm_simp)) +apply (rule conforms_xcpt_change, assumption) +apply (simp (no_asm_simp) add: xconf_def) apply( clarsimp) apply( rule conjI) apply( force elim!: NewC_conforms) @@ -216,6 +231,7 @@ apply( simp split add: binop.split) -- "12 LAcc" +apply simp apply( fast elim: conforms_localD [THEN lconfD]) -- "for FAss" @@ -234,7 +250,7 @@ apply( fast intro: hext_trans) -- "10 Expr" -prefer 6 +prefer 7 apply( fast) -- "9 ???" @@ -242,18 +258,28 @@ -- "8 Cast" prefer 8 -apply (rule impI) -apply (drule raise_if_NoneD) -apply (clarsimp) -apply (fast elim: Cast_conf) +apply (rule conjI) + apply (fast intro: conforms_xcpt_change xconf_raise_if) + + apply clarify + apply (drule raise_if_NoneD) + apply (clarsimp) + apply (rule Cast_conf) + apply assumption+ -- "7 LAss" apply (fold fun_upd_def) apply( tactic {* (eresolve_tac (thms "ty_expr_ty_exprs_wt_stmt.elims") THEN_ALL_NEW Full_simp_tac) 1 *}) +apply (intro strip) +apply (case_tac E) +apply (simp) apply( blast intro: conforms_upd_local conf_widen) -- "6 FAcc" +apply (rule conjI) + apply (simp add: np_def) + apply (fast intro: conforms_xcpt_change xconf_raise_if) apply( fast elim!: FAcc_type_sound) -- "5 While" @@ -264,22 +290,34 @@ apply (tactic "forward_hyp_tac") --- "4 Cons" -prefer 3 +-- "4 Cond" +prefer 4 +apply (case_tac "the_Bool v") +apply simp +apply( fast dest: evals_no_xcpt intro: conf_hext hext_trans) +apply simp apply( fast dest: evals_no_xcpt intro: conf_hext hext_trans) -- "3 ;;" prefer 3 -apply( fast intro: hext_trans) +apply( fast dest: evals_no_xcpt intro: conf_hext hext_trans) + -- "2 FAss" -apply( case_tac "x2 = None") -prefer 2 -apply( simp (no_asm_simp)) -apply( fast intro: hext_trans) -apply( simp) -apply( drule eval_no_xcpt) -apply( erule FAss_type_sound, rule HOL.refl, assumption+) +apply (subgoal_tac "(np a' x1, ab, ba) ::\ (G, lT)") + prefer 2 + apply (simp add: np_def) + apply (fast intro: conforms_xcpt_change xconf_raise_if) +apply( case_tac "x2") + -- "x2 = None" + apply (simp) + apply (tactic forward_hyp_tac, clarify) + apply( drule eval_no_xcpt) + apply( erule FAss_type_sound, rule HOL.refl, assumption+) + -- "x2 = Some a" + apply ( simp (no_asm_simp)) + apply( fast intro: hext_trans) + apply( tactic prune_params_tac) -- "Level 52" @@ -302,15 +340,21 @@ apply( simp) apply( drule eval_xcpt) apply( simp) -apply( fast elim: hext_trans) -apply( drule (1) ty_expr_is_type) +apply (rule conjI) + apply( fast elim: hext_trans) + apply (rule conforms_xcpt_change, assumption) apply (simp (no_asm_simp) add: xconf_def) +apply(clarsimp) + +apply( drule ty_expr_is_type, simp) apply(clarsimp) apply(unfold is_class_def) apply(clarsimp) + apply(rule Call_type_sound); prefer 11 apply blast apply (simp (no_asm_simp))+ + done ML{* Unify.search_bound := 20; @@ -318,8 +362,8 @@ *} lemma eval_type_sound: "!!E s s'. - [| G=prg E; wf_java_prog G; G\(x,s) -e\v -> (x',s'); s::\E; E\e::T |] - ==> s'::\E \ (x'=None --> G,heap s'\v::\T)" + [| G=prg E; wf_java_prog G; G\(x,s) -e\v -> (x',s'); (x,s)::\E; E\e::T |] + ==> (x',s')::\E \ (x'=None --> G,heap s'\v::\T)" apply( simp (no_asm_simp) only: split_tupled_all) apply (drule eval_evals_exec_type_sound [THEN conjunct1, THEN mp, THEN spec, THEN mp]) @@ -327,8 +371,8 @@ done lemma exec_type_sound: "!!E s s'. - [| G=prg E; wf_java_prog G; G\(x,s) -s0-> (x',s'); s::\E; E\s0\ |] - ==> s'::\E" + [| G=prg E; wf_java_prog G; G\(x,s) -s0-> (x',s'); (x,s)::\E; E\s0\ |] + ==> (x',s')::\E" apply( simp (no_asm_simp) only: split_tupled_all) apply (drule eval_evals_exec_type_sound [THEN conjunct2, THEN conjunct2, THEN mp, THEN spec, THEN mp]) @@ -337,7 +381,7 @@ theorem all_methods_understood: "[|G=prg E; wf_java_prog G; G\(x,s) -e\a'-> Norm s'; a' \ Null; - s::\E; E\e::Class C; method (G,C) sig \ None|] ==> + (x,s)::\E; E\e::Class C; method (G,C) sig \ None|] ==> method (G,fst (the (heap s' (the_Addr a')))) sig \ None" apply( drule (4) eval_type_sound) apply(clarsimp) diff -r eec2582923f6 -r b95d12325b51 src/HOL/MicroJava/J/State.thy --- a/src/HOL/MicroJava/J/State.thy Mon Oct 21 17:23:23 2002 +0200 +++ b/src/HOL/MicroJava/J/State.thy Wed Oct 23 16:09:02 2002 +0200 @@ -25,26 +25,33 @@ locals = "vname \ val" -- "simple state, i.e. variable contents" state = "aheap \ locals" -- "heap, local parameter including This" - xstate = "xcpt option \ state" -- "state including exception information" + xstate = "val option \ state" -- "state including exception information" syntax heap :: "state => aheap" locals :: "state => locals" Norm :: "state => xstate" + abrupt :: "xstate \ val option" + store :: "xstate \ state" + lookup_obj :: "state \ val \ obj" translations "heap" => "fst" "locals" => "snd" "Norm s" == "(None,s)" + "abrupt" => "fst" + "store" => "snd" + "lookup_obj s a'" == "the (heap s (the_Addr a'))" + constdefs - new_Addr :: "aheap => loc \ xcpt option" - "new_Addr h == SOME (a,x). (h a = None \ x = None) | x = Some OutOfMemory" + raise_if :: "bool \ xcpt \ val option \ val option" + "raise_if b x xo \ if b \ (xo = None) then Some (Addr (XcptRef x)) else xo" - raise_if :: "bool => xcpt => xcpt option => xcpt option" - "raise_if c x xo == if c \ (xo = None) then Some x else xo" + new_Addr :: "aheap => loc \ val option" + "new_Addr h \ SOME (a,x). (h a = None \ x = None) | x = Some (Addr (XcptRef OutOfMemory))" - np :: "val => xcpt option => xcpt option" + np :: "val => val option => val option" "np v == raise_if (v = Null) NullPointer" c_hupd :: "aheap => xstate => xstate" @@ -58,17 +65,18 @@ apply (simp (no_asm)) done -lemma new_AddrD: -"(a,x) = new_Addr h ==> h a = None \ x = None | x = Some OutOfMemory" + +lemma new_AddrD: "new_Addr hp = (ref, xcp) \ + hp ref = None \ xcp = None \ xcp = Some (Addr (XcptRef OutOfMemory))" +apply (drule sym) apply (unfold new_Addr_def) apply(simp add: Pair_fst_snd_eq Eps_split) apply(rule someI) apply(rule disjI2) -apply(rule_tac "r" = "snd (?a,Some OutOfMemory)" in trans) +apply(rule_tac "r" = "snd (?a,Some (Addr (XcptRef OutOfMemory)))" in trans) apply auto done - lemma raise_if_True [simp]: "raise_if True x y \ None" apply (unfold raise_if_def) apply auto @@ -92,7 +100,7 @@ done lemma raise_if_SomeD [rule_format (no_asm)]: - "raise_if c x y = Some z \ c \ Some z = Some x | y = Some z" + "raise_if c x y = Some z \ c \ Some z = Some (Addr (XcptRef x)) | y = Some z" apply (unfold raise_if_def) apply auto done @@ -119,7 +127,7 @@ apply auto done -lemma np_Null [simp]: "np Null None = Some NullPointer" +lemma np_Null [simp]: "np Null None = Some (Addr (XcptRef NullPointer))" apply (unfold np_def raise_if_def) apply auto done @@ -130,7 +138,7 @@ done lemma np_raise_if [simp]: "(np Null (raise_if c xc None)) = - Some (if c then xc else NullPointer)" + Some (Addr (XcptRef (if c then xc else NullPointer)))" apply (unfold raise_if_def) apply (simp (no_asm)) done diff -r eec2582923f6 -r b95d12325b51 src/HOL/MicroJava/J/WellForm.thy --- a/src/HOL/MicroJava/J/WellForm.thy Mon Oct 21 17:23:23 2002 +0200 +++ b/src/HOL/MicroJava/J/WellForm.thy Wed Oct 23 16:09:02 2002 +0200 @@ -170,6 +170,18 @@ lemmas fields_rec = wf_subcls1 [THEN [2] fields_rec_lemma]; +lemma field_rec: "\class G C = Some (D, fs, ms); wf_prog wf_mb G\ +\ field (G, C) = + (if C = Object then empty else field (G, D)) ++ + map_of (map (\(s, f). (s, C, f)) fs)" +apply (simp only: field_def) +apply (frule fields_rec, assumption) +apply (rule HOL.trans) +apply (simp add: o_def) +apply (simp (no_asm_use) + add: split_beta split_def o_def map_compose [THEN sym] del: map_compose) +done + lemma method_Object [simp]: "method (G, Object) sig = Some (D, mh, code) \ wf_prog wf_mb G \ D = Object" apply (frule class_Object, clarify) @@ -177,6 +189,19 @@ apply (auto dest: map_of_SomeD) done + +lemma fields_Object [simp]: "\ ((vn, C), T) \ set (fields (G, Object)); wf_prog wf_mb G \ + \ C = Object" +apply (frule class_Object) +apply clarify +apply (subgoal_tac "fields (G, Object) = map (\(fn,ft). ((fn,Object),ft)) fs") +apply (simp add: image_iff split_beta) +apply auto +apply (rule trans) +apply (rule fields_rec, assumption+) +apply simp +done + lemma subcls_C_Object: "[|is_class G C; wf_prog wf_mb G|] ==> G\C\C Object" apply(erule subcls1_induct) apply( assumption) @@ -312,6 +337,19 @@ apply( fast intro: subcls1I) done + +lemma wf_prog_wf_mhead: "\ wf_prog wf_mb G; (C, D, fds, mths) \ set G; + ((mn, pTs), rT, jmb) \ set mths \ + \ wf_mhead G (mn, pTs) rT" +apply (simp add: wf_prog_def wf_cdecl_def) +apply (erule conjE)+ +apply (drule bspec, assumption) +apply simp +apply (erule conjE)+ +apply (drule bspec, assumption) +apply (simp add: wf_mdecl_def) +done + lemma subcls_widen_methd [rule_format (no_asm)]: "[|G\T\C T'; wf_prog wf_mb G|] ==> \D rT b. method (G,T') sig = Some (D,rT ,b) --> @@ -377,6 +415,55 @@ apply (simp add: override_def map_of_map split add: option.split) done + +lemma fields_in_fd [rule_format (no_asm)]: "\ wf_prog wf_mb G; is_class G C\ + \ \ vn D T. (((vn,D),T) \ set (fields (G,C)) + \ (is_class G D \ ((vn,D),T) \ set (fields (G,D))))" +apply (erule (1) subcls1_induct) + +apply clarify +apply (frule fields_Object, assumption+) +apply (simp only: is_class_Object) apply simp + +apply clarify +apply (frule fields_rec) +apply assumption + +apply (case_tac "Da=C") +apply blast (* case Da=C *) + +apply (subgoal_tac "((vn, Da), T) \ set (fields (G, D))") apply blast +apply (erule thin_rl) +apply (rotate_tac 1) +apply (erule thin_rl, erule thin_rl, erule thin_rl, + erule thin_rl, erule thin_rl, erule thin_rl) +apply auto +done + +lemma field_in_fd [rule_format (no_asm)]: "\ wf_prog wf_mb G; is_class G C\ + \ \ vn D T. (field (G,C) vn = Some(D,T) + \ is_class G D \ field (G,D) vn = Some(D,T))" +apply (erule (1) subcls1_induct) + +apply clarify +apply (frule field_fields) +apply (drule map_of_SomeD) +apply (drule fields_Object, assumption+) +apply simp + +apply clarify +apply (subgoal_tac "((field (G, D)) ++ map_of (map (\(s, f). (s, C, f)) fs)) vn = Some (Da, T)") +apply (simp (no_asm_use) only: override_Some_iff) +apply (erule disjE) +apply (simp (no_asm_use) add: map_of_map) apply blast +apply blast +apply (rule trans [THEN sym], rule sym, assumption) +apply (rule_tac x=vn in fun_cong) +apply (rule trans, rule field_rec, assumption+) +apply (simp (no_asm_use)) apply blast +done + + lemma widen_methd: "[| method (G,C) sig = Some (md,rT,b); wf_prog wf_mb G; G\T''\C C|] ==> \md' rT' b'. method (G,T'') sig = Some (md',rT',b') \ G\rT'\rT" @@ -384,6 +471,15 @@ apply auto done +lemma widen_field: "\ (field (G,C) fn) = Some (fd, fT); wf_prog wf_mb G; is_class G C \ + \ G\C\C fd" +apply (rule widen_fields_defpl) +apply (simp add: field_def) +apply (rule map_of_SomeD) +apply (rule table_of_remap_SomeD) +apply assumption+ +done + lemma Call_lemma: "[|method (G,C) sig = Some (md,rT,b); G\T''\C C; wf_prog wf_mb G; class G C = Some y|] ==> \T' rT' b. method (G,T'') sig = Some (T',rT',b) \ diff -r eec2582923f6 -r b95d12325b51 src/HOL/MicroJava/J/WellType.thy --- a/src/HOL/MicroJava/J/WellType.thy Mon Oct 21 17:23:23 2002 +0200 +++ b/src/HOL/MicroJava/J/WellType.thy Wed Oct 23 16:09:02 2002 +0200 @@ -96,15 +96,21 @@ apply auto done +lemma typeof_default_val: "\T. (typeof dt (default_val ty) = Some T) \ G\ T \ ty" +apply (case_tac ty) +apply (case_tac prim_ty) +apply auto +done + types java_mb = "vname list \ (vname \ ty) list \ stmt \ expr" -- "method body with parameter names, local variables, block, result expression." -- "local variables might include This, which is hidden anyway" consts - ty_expr :: "java_mb env => (expr \ ty ) set" - ty_exprs:: "java_mb env => (expr list \ ty list) set" - wt_stmt :: "java_mb env => stmt set" + ty_expr :: "(java_mb env \ expr \ ty ) set" + ty_exprs:: "(java_mb env \ expr list \ ty list) set" + wt_stmt :: "(java_mb env \ stmt ) set" syntax (xsymbols) ty_expr :: "java_mb env => [expr , ty ] => bool" ("_ \ _ :: _" [51,51,51]50) @@ -118,11 +124,11 @@ translations - "E\e :: T" == "(e,T) \ ty_expr E" - "E\e[::]T" == "(e,T) \ ty_exprs E" - "E\c \" == "c \ wt_stmt E" + "E\e :: T" == "(E,e,T) \ ty_expr" + "E\e[::]T" == "(E,e,T) \ ty_exprs" + "E\c \" == "(E,c) \ wt_stmt" -inductive "ty_expr E" "ty_exprs E" "wt_stmt E" intros +inductive "ty_expr" "ty_exprs" "wt_stmt" intros NewC: "[| is_class (prg E) C |] ==> E\NewC C::Class C" -- "cf. 15.8" @@ -150,7 +156,7 @@ -- "cf. 15.25, 15.25.1" LAss: "[| v ~= This; E\LAcc v::T; - E\e::T'; + E\e::T'; prg E\T'\T |] ==> E\v::=e::T'" @@ -204,6 +210,7 @@ E\s\ |] ==> E\While(e) s\" + constdefs wf_java_mdecl :: "java_mb prog => cname => java_mb mdecl => bool" @@ -222,9 +229,22 @@ translations "wf_java_prog" == "wf_prog wf_java_mdecl" +lemma wf_java_prog_wf_java_mdecl: "\ + wf_java_prog G; (C, D, fds, mths) \ set G; jmdcl \ set mths \ + \ wf_java_mdecl G C jmdcl" +apply (simp add: wf_prog_def) +apply (simp add: wf_cdecl_def) +apply (erule conjE)+ +apply (drule bspec, assumption) +apply simp +apply (erule conjE)+ +apply (drule bspec, assumption) +apply (simp add: wf_mdecl_def split_beta) +done -lemma wt_is_type: "wf_prog wf_mb G \ ((G,L)\e::T \ is_type G T) \ - ((G,L)\es[::]Ts \ Ball (set Ts) (is_type G)) \ ((G,L)\c \ \ True)" +lemma wt_is_type: "(E\e::T \ wf_prog wf_mb (prg E) \ is_type (prg E) T) \ + (E\es[::]Ts \ wf_prog wf_mb (prg E) \ Ball (set Ts) (is_type (prg E))) \ + (E\c \ \ True)" apply (rule ty_expr_ty_exprs_wt_stmt.induct) apply auto apply ( erule typeof_empty_is_type) @@ -237,6 +257,6 @@ simp add: wf_mdecl_def) done -lemmas ty_expr_is_type = wt_is_type [THEN conjunct1,THEN mp, COMP swap_prems_rl] +lemmas ty_expr_is_type = wt_is_type [THEN conjunct1,THEN mp, rule_format] end diff -r eec2582923f6 -r b95d12325b51 src/HOL/MicroJava/ROOT.ML --- a/src/HOL/MicroJava/ROOT.ML Mon Oct 21 17:23:23 2002 +0200 +++ b/src/HOL/MicroJava/ROOT.ML Wed Oct 23 16:09:02 2002 +0200 @@ -3,6 +3,7 @@ add_path "J"; add_path "JVM"; add_path "BV"; +add_path "Comp"; no_document use_thy "While_Combinator"; @@ -14,3 +15,6 @@ use_thy "LBVJVM"; use_thy "BVNoTypeError"; use_thy "BVExample"; + +use_thy "CorrComp"; +use_thy "CorrCompTp";