# HG changeset patch # User kleing # Date 1045592027 -3600 # Node ID bb5eda7416e5aa06649ad9ff28bf0208c04e7049 # Parent 0fd39aa770950e6da01c749183292af8d68f5b11 check maxs in defensive machine diff -r 0fd39aa77095 -r bb5eda7416e5 src/HOL/MicroJava/BV/BVNoTypeError.thy --- a/src/HOL/MicroJava/BV/BVNoTypeError.thy Tue Feb 18 15:09:14 2003 +0100 +++ b/src/HOL/MicroJava/BV/BVNoTypeError.thy Tue Feb 18 19:13:47 2003 +0100 @@ -281,7 +281,7 @@ by (clarsimp simp add: app_def) with eff stk loc pc' - have "check_instr (ins!pc) G hp stk loc C sig pc frs'" + have "check_instr (ins!pc) G hp stk loc C sig pc maxs frs'" proof (cases "ins!pc") case (Getfield F C) with app stk loc phi obtain v vT stk' where @@ -391,7 +391,7 @@ apply (clarsimp simp add: neq_Nil_conv isRef_def2) done qed auto - hence "check G s" by (simp add: check_def meth) + hence "check G s" by (simp add: check_def meth pc) } ultimately have "check G s" by blast thus "exec_d G (Normal s) \ TypeError" .. @@ -419,6 +419,32 @@ done +lemma neq_TypeError_eq [simp]: "s \ TypeError = (\s'. s = Normal s')" + by (cases s, auto) + +theorem no_type_errors: + "wt_jvm_prog G Phi \ G,Phi \JVM s \ + \ G \ (Normal s) -jvmd\ t \ t \ TypeError" + apply (unfold exec_all_d_def) + apply (erule rtrancl_induct) + apply simp + apply (fold exec_all_d_def) + apply (auto dest: defensive_imp_aggressive BV_correct no_type_error) + done + +corollary no_type_errors_initial: + fixes G ("\") and Phi ("\") + assumes "wt_jvm_prog \ \" + assumes "is_class \ C" "method (\,C) (m,[]) = Some (C, b)" "m \ init" + defines start: "s \ start_state \ C m" + + assumes "\ \ (Normal s) -jvmd\ t" + shows "t \ TypeError" +proof - + have "\,\ \JVM s \" by (unfold start, rule BV_correct_initial) + thus ?thesis by - (rule no_type_errors) +qed + text {* As corollary we get that the aggressive and the defensive machine are equivalent for welltyped programs (if started in a conformant diff -r 0fd39aa77095 -r bb5eda7416e5 src/HOL/MicroJava/JVM/JVMDefensive.thy --- a/src/HOL/MicroJava/JVM/JVMDefensive.thy Tue Feb 18 15:09:14 2003 +0100 +++ b/src/HOL/MicroJava/JVM/JVMDefensive.thy Tue Feb 18 19:13:47 2003 +0100 @@ -36,21 +36,21 @@ consts check_instr :: "[instr, jvm_prog, aheap, opstack, locvars, - cname, sig, p_count, frame list] \ bool" + cname, sig, p_count, nat, frame list] \ bool" primrec - "check_instr (Load idx) G hp stk vars C sig pc frs = - (idx < length vars)" + "check_instr (Load idx) G hp stk vars C sig pc mxs frs = + (idx < length vars \ size stk < mxs)" - "check_instr (Store idx) G hp stk vars Cl sig pc frs = + "check_instr (Store idx) G hp stk vars Cl sig pc mxs frs = (0 < length stk \ idx < length vars)" - "check_instr (LitPush v) G hp stk vars Cl sig pc frs = - (\isAddr v)" + "check_instr (LitPush v) G hp stk vars Cl sig pc mxs frs = + (\isAddr v \ size stk < mxs)" - "check_instr (New C) G hp stk vars Cl sig pc frs = - is_class G C" + "check_instr (New C) G hp stk vars Cl sig pc mxs frs = + (is_class G C \ size stk < mxs)" - "check_instr (Getfield F C) G hp stk vars Cl sig pc frs = + "check_instr (Getfield F C) G hp stk vars Cl sig pc mxs frs = (0 < length stk \ is_class G C \ field (G,C) F \ None \ (let (C', T) = the (field (G,C) F); ref = hd stk in C' = C \ isRef ref \ (ref \ Null \ @@ -58,7 +58,7 @@ (let (D,vs) = the (hp (the_Addr ref)) in G \ D \C C \ vs (F,C) \ None \ G,hp \ the (vs (F,C)) ::\ T))))" - "check_instr (Putfield F C) G hp stk vars Cl sig pc frs = + "check_instr (Putfield F C) G hp stk vars Cl sig pc mxs frs = (1 < length stk \ is_class G C \ field (G,C) F \ None \ (let (C', T) = the (field (G,C) F); v = hd stk; ref = hd (tl stk) in C' = C \ isRef ref \ (ref \ Null \ @@ -66,10 +66,10 @@ (let (D,vs) = the (hp (the_Addr ref)) in G \ D \C C \ G,hp \ v ::\ T))))" - "check_instr (Checkcast C) G hp stk vars Cl sig pc frs = + "check_instr (Checkcast C) G hp stk vars Cl sig pc mxs frs = (0 < length stk \ is_class G C \ isRef (hd stk))" - "check_instr (Invoke C mn ps) G hp stk vars Cl sig pc frs = + "check_instr (Invoke C mn ps) G hp stk vars Cl sig pc mxs frs = (length ps < length stk \ (let n = length ps; v = stk!n in isRef v \ (v \ Null \ @@ -77,46 +77,46 @@ method (G,cname_of hp v) (mn,ps) \ None \ list_all2 (\v T. G,hp \ v ::\ T) (rev (take n stk)) ps)))" - "check_instr Return G hp stk0 vars Cl sig0 pc frs = + "check_instr Return G hp stk0 vars Cl sig0 pc mxs frs = (0 < length stk0 \ (0 < length frs \ method (G,Cl) sig0 \ None \ (let v = hd stk0; (C, rT, body) = the (method (G,Cl) sig0) in Cl = C \ G,hp \ v ::\ rT)))" - "check_instr Pop G hp stk vars Cl sig pc frs = + "check_instr Pop G hp stk vars Cl sig pc mxs frs = (0 < length stk)" - "check_instr Dup G hp stk vars Cl sig pc frs = - (0 < length stk)" + "check_instr Dup G hp stk vars Cl sig pc mxs frs = + (0 < length stk \ size stk < mxs)" - "check_instr Dup_x1 G hp stk vars Cl sig pc frs = + "check_instr Dup_x1 G hp stk vars Cl sig pc mxs frs = + (1 < length stk \ size stk < mxs)" + + "check_instr Dup_x2 G hp stk vars Cl sig pc mxs frs = + (2 < length stk \ size stk < mxs)" + + "check_instr Swap G hp stk vars Cl sig pc mxs frs = (1 < length stk)" - "check_instr Dup_x2 G hp stk vars Cl sig pc frs = - (2 < length stk)" - - "check_instr Swap G hp stk vars Cl sig pc frs = - (1 < length stk)" - - "check_instr IAdd G hp stk vars Cl sig pc frs = + "check_instr IAdd G hp stk vars Cl sig pc mxs frs = (1 < length stk \ isIntg (hd stk) \ isIntg (hd (tl stk)))" - "check_instr (Ifcmpeq b) G hp stk vars Cl sig pc frs = + "check_instr (Ifcmpeq b) G hp stk vars Cl sig pc mxs frs = (1 < length stk \ 0 \ int pc+b)" - "check_instr (Goto b) G hp stk vars Cl sig pc frs = + "check_instr (Goto b) G hp stk vars Cl sig pc mxs frs = (0 \ int pc+b)" - "check_instr Throw G hp stk vars Cl sig pc frs = + "check_instr Throw G hp stk vars Cl sig pc mxs frs = (0 < length stk \ isRef (hd stk))" constdefs check :: "jvm_prog \ jvm_state \ bool" "check G s \ let (xcpt, hp, frs) = s in (case frs of [] \ True | (stk,loc,C,sig,pc)#frs' \ - (let ins = fifth (the (method (G,C) sig)); i = ins!pc in - pc < size ins \ - check_instr i G hp stk loc C sig pc frs'))" + (let (C',rt,mxs,mxl,ins,et) = the (method (G,C) sig); i = ins!pc in + pc < size ins \ + check_instr i G hp stk loc C sig pc mxs frs'))" exec_d :: "jvm_prog \ jvm_state type_error \ jvm_state option type_error"