# HG changeset patch # User kleing # Date 952606614 -3600 # Node ID e5b618f6824e04955f9de6ae488eff420adc01bd # Parent 130109a9b8c16096a3824e8663c21be569822e49 tuned for completeness of LBV diff -r 130109a9b8c1 -r e5b618f6824e src/HOL/MicroJava/BV/LBVCorrect.ML --- a/src/HOL/MicroJava/BV/LBVCorrect.ML Thu Mar 09 13:55:39 2000 +0100 +++ b/src/HOL/MicroJava/BV/LBVCorrect.ML Thu Mar 09 13:56:54 2000 +0100 @@ -5,12 +5,7 @@ *) -Goalw[fits_def,fits_partial_def] "fits_partial phi 0 is G rT s0 s2 cert = fits phi is G rT s0 s2 cert"; -by (Simp_tac 1); -qed "fits_eq_fits_partial"; - - -Goal "\\ l. n = length l"; +Goal "\\ l. n < length l"; by (induct_tac "n" 1); by Auto_tac; by (res_inst_tac [("x","x#l")] exI 1); @@ -19,7 +14,7 @@ Goal "\\ s0 pc. wtl_inst_list is G rT s0 s2 cert (pc+length is) pc \ -\ \\ (\\ phi. pc + length is = length phi \\ fits_partial phi pc is G rT s0 s2 cert)"; +\ \\ (\\ phi. pc + length is < length phi \\ fits_partial phi pc is G rT s0 s2 cert)"; by (induct_tac "is" 1); by (asm_full_simp_tac (simpset() addsimps [fits_partial_def, exists_list]) 1); by (Clarify_tac 1); @@ -68,21 +63,21 @@ bind_thm ("exists_phi_partial", result() RS spec RS spec); -Goal "wtl_inst_list is G rT s0 s2 cert (length is) 0 \\ \\ phi. fits phi is G rT s0 s2 cert"; +Goal "wtl_inst_list is G rT s0 s2 cert (length is) 0 \\ \\ phi. fits phi is G rT s0 s2 cert \\ length is < length phi"; by (cut_inst_tac [("is","is"),("G","G"),("rT","rT"),("s2.0","s2"),("x","0"),("xa","s0"),("cert","cert")] exists_phi_partial 1); -by (asm_full_simp_tac (simpset() addsimps [fits_eq_fits_partial]) 1); +by (asm_full_simp_tac (simpset() addsimps [fits_def]) 1); by (Force_tac 1); qed "exists_phi"; Goal "\\wtl_inst_list is G rT s0 s3 cert (length is) 0; \ -\fits phi is G rT s0 s3 cert\\ \\ \ -\ \\ pc t. pc < length is \\ (cert ! pc) = Some t \\ (phi ! pc) = t"; +\ fits phi is G rT s0 s3 cert\\ \\ \ +\ \\ pc t. pc < length is \\ (cert ! pc) = Some t \\ (phi ! pc) = t"; by (Clarify_tac 1); by (forward_tac [wtl_partial] 1); ba 1; by (Clarify_tac 1); -by (asm_full_simp_tac (simpset() addsimps [fits_def,neq_Nil_conv]) 1); +by (asm_full_simp_tac (simpset() addsimps [fits_def, fits_partial_def ,neq_Nil_conv]) 1); by (Clarify_tac 1); by (eres_inst_tac [("x","aa")] allE 1); by (eres_inst_tac [("x","ys")] allE 1); @@ -106,7 +101,7 @@ by (Asm_full_simp_tac 1); by (Clarify_tac 1); by (exhaust_tac "cert!(Suc (length a))" 1); - by (asm_full_simp_tac (simpset() addsimps [fits_def]) 1); + by (asm_full_simp_tac (simpset() addsimps [fits_def, fits_partial_def]) 1); by (eres_inst_tac [("x","a@[i]")] allE 1); by (eres_inst_tac [("x","ys")] allE 1); by (eres_inst_tac [("x","y")] allE 1); @@ -116,7 +111,7 @@ be impE 1; by (Force_tac 1); by (Asm_full_simp_tac 1); -by (asm_full_simp_tac (simpset() addsimps [fits_def]) 1); +by (asm_full_simp_tac (simpset() addsimps [fits_def, fits_partial_def]) 1); by (eres_inst_tac [("x","a@[i]")] allE 1); by (eres_inst_tac [("x","ys")] allE 1); by (eres_inst_tac [("x","y")] allE 1); @@ -130,15 +125,19 @@ qed "wtl_suc_pc"; -Goalw[fits_def] "\\wtl_inst_list a G rT s0 s1 cert (length (a@i#b)) 0; \ +Goal "\\wtl_inst_list a G rT s0 s1 cert (length (a@i#b)) 0; \ \ wtl_inst_option i G rT s1 s2 cert (length (a@i#b)) (length a); \ \ fits phi (a@i#b) G rT s0 s3 cert; cert!(length a) = None; \ \ wtl_inst_list b G rT s2 s3 cert (length (a@i#b)) (Suc (length a))\\ \ \ \\ phi!(length a) = s1"; +by (asm_full_simp_tac (simpset() addsimps [fits_def, fits_partial_def]) 1); by (eres_inst_tac [("x","a")] allE 1); by (eres_inst_tac [("x","b")] allE 1); by (eres_inst_tac [("x","i")] allE 1); -by (eres_inst_tac [("x","s1")] allE 1); +by (Asm_full_simp_tac 1); +by (pair_tac "s1" 1); +by (eres_inst_tac [("x","x")] allE 1); +by (eres_inst_tac [("x","y")] allE 1); by (Asm_full_simp_tac 1); be impE 1; by (pair_tac "s2" 1); @@ -146,7 +145,6 @@ ba 1; qed "fits_lemma2"; - fun ls g1 g2 = if g1 > g2 then ls g2 g1 else if g1 = g2 then [g1] else g2::(ls g1 (g2-1)) @@ -177,7 +175,9 @@ by (thin_tac "\\pc t.\ \ pc < length (i1 @ i # i2) \\ \ \ cert ! pc = Some t \\ phi ! pc = t" 1); - by (force_tac (claset(), simpset() addsimps [wt_instr_def,wtl_inst_option_def]) 1); + by (pair_tac "s1" 1); + by (asm_full_simp_tac (simpset() addsimps [wt_instr_def,wtl_inst_option_def]) 1); + by (Force_tac 1); by (exhaust_tac "meth_ret" 1); by (asm_full_simp_tac (simpset() addsimps [wt_instr_def,wtl_inst_option_def]) 1); by (exhaust_tac "branch" 2); @@ -230,14 +230,12 @@ by (Force_tac 1); qed "wtl_inst_list_correct"; -Goalw[fits_def] "\\is \\ []; wtl_inst_list is G rT s0 s2 cert (length is) 0; \ -\ fits phi is G rT s0 s2 cert\\ \\ G \\ s0 <=s phi ! 0"; +Goal "\\is \\ []; wtl_inst_list is G rT s0 s2 cert (length is) 0; \ +\ fits phi is G rT s0 s2 cert\\ \\ G \\ s0 <=s phi ! 0"; by (forw_inst_tac [("pc'","0")] wtl_partial 1); by (Asm_full_simp_tac 1); -by (asm_full_simp_tac (simpset() addsimps [neq_Nil_conv]) 1); -by (Clarify_tac 1); -by (Asm_full_simp_tac 1); -by (Clarify_tac 1); +by (asm_full_simp_tac (simpset() addsimps [fits_def, fits_partial_def, neq_Nil_conv]) 1); +by (Clarsimp_tac 1); by (eres_inst_tac [("x","[]")] allE 1); by (eres_inst_tac [("x","ys")] allE 1); by (eres_inst_tac [("x","y")] allE 1); diff -r 130109a9b8c1 -r e5b618f6824e src/HOL/MicroJava/BV/LBVCorrect.thy --- a/src/HOL/MicroJava/BV/LBVCorrect.thy Thu Mar 09 13:55:39 2000 +0100 +++ b/src/HOL/MicroJava/BV/LBVCorrect.thy Thu Mar 09 13:56:54 2000 +0100 @@ -10,19 +10,14 @@ constdefs fits :: "[method_type,instr list,jvm_prog,ty,state_type,state_type,certificate] \\ bool" -"fits phi is G rT s0 s2 cert \\ (\\ a b i s1. (a@(i#b) = is) \\ - wtl_inst_list a G rT s0 s1 cert (length is) 0 \\ - wtl_inst_list (i#b) G rT s1 s2 cert (length is) (length a) \\ - ((cert!(length a) = None \\ phi!(length a) = s1) \\ - (\\ t. cert!(length a) = Some t \\ phi!(length a) = t)))" - +"fits phi is G rT s0 s2 cert \\ fits_partial phi 0 is G rT s0 s2 cert" fits_partial :: "[method_type,nat,instr list,jvm_prog,ty,state_type,state_type,certificate] \\ bool" "fits_partial phi pc is G rT s0 s2 cert \\ (\\ a b i s1. (a@(i#b) = is) \\ wtl_inst_list a G rT s0 s1 cert (pc+length is) pc \\ wtl_inst_list (i#b) G rT s1 s2 cert (pc+length is) (pc+length a) \\ - ((cert!(pc+length a) = None \\ phi!(pc+length a) = s1) \\ - (\\ t. cert!(pc+length a) = Some t \\ phi!(pc+length a) = t)))" + ((cert!(pc+length a) = None \\ phi!(pc+length a) = s1) \\ + (\\ t. cert!(pc+length a) = Some t \\ phi!(pc+length a) = t)))" end diff -r 130109a9b8c1 -r e5b618f6824e src/HOL/MicroJava/BV/LBVSpec.thy --- a/src/HOL/MicroJava/BV/LBVSpec.thy Thu Mar 09 13:55:39 2000 +0100 +++ b/src/HOL/MicroJava/BV/LBVSpec.thy Thu Mar 09 13:56:54 2000 +0100 @@ -6,7 +6,7 @@ Specification of a lightweight bytecode verifier *) -LBVSpec = Convert + BVSpec + +LBVSpec = BVSpec + types certificate = "state_type option list" @@ -53,9 +53,9 @@ pc+1 < max_pc \\ is_class G C \\ (\\T oT ST'. field (G,C) F = Some(C,T) \\ - ST = oT # ST' \\ - G \\ oT \\ (Class C) \\ - (T # ST' , LT) = s'))" + ST = oT # ST' \\ + G \\ oT \\ (Class C) \\ + (T # ST' , LT) = s'))" "wtl_MO (Putfield F C) G s s' max_pc pc = (let (ST,LT) = s @@ -66,7 +66,7 @@ field (G,C) F = Some(C,T) \\ ST = vT # oT # ST' \\ G \\ oT \\ (Class C) \\ - G \\ vT \\ T \\ + G \\ vT \\ T \\ (ST' , LT) = s'))" @@ -136,7 +136,9 @@ (let (ST,LT) = s in pc+1 < max_pc \\ (nat(int pc+branch)) < max_pc \\ - (\\ts ts' ST'. ST = ts # ts' # ST' \\ (G \\ ts \\ ts' \\ G \\ ts' \\ ts) \\ + (\\ts ts' ST'. ST = ts # ts' # ST' \\ + ((\\p. ts = PrimT p \\ ts' = PrimT p) \\ + (\\r r'. ts = RefT r \\ ts' = RefT r')) \\ ((ST' , LT) = s') \\ cert ! (nat(int pc+branch)) \\ None \\ G \\ (ST' , LT) <=s the (cert ! (nat(int pc+branch)))))" @@ -147,22 +149,22 @@ (nat(int pc+branch)) < max_pc \\ cert ! (nat(int pc+branch)) \\ None \\ G \\ (ST , LT) <=s the (cert ! (nat(int pc+branch)))) \\ (cert ! (pc+1) = Some s'))" - - (* (pc+1 < max_pc \\ ((cert ! (pc+1)) \\ None \\ s' = the (cert ! (pc+1)))) \\ - (\\ pc+1 < max_pc \\ s = s'))" *) consts - wtl_MI :: "[meth_inv,jvm_prog,state_type,state_type,p_count,p_count] \\ bool" + wtl_MI :: "[meth_inv,jvm_prog,state_type,state_type,certificate,p_count,p_count] \\ bool" primrec -"wtl_MI (Invoke mn fpTs) G s s' max_pc pc = +"wtl_MI (Invoke mn fpTs) G s s' cert max_pc pc = (let (ST,LT) = s in pc+1 < max_pc \\ - (\\apTs C ST'. ST = (rev apTs) @ (Class C # ST') \\ + (\\apTs X ST'. ST = (rev apTs) @ (X # ST') \\ length apTs = length fpTs \\ - (\\(aT,fT)\\set(zip apTs fpTs). G \\ aT \\ fT) \\ - (\\D rT b. method (G,C) (mn,fpTs) = Some(D,rT,b) \\ - (rT # ST' , LT) = s')))" + (\\s''. cert ! (pc+1) = Some s'' \\ + ((s'' = s' \\ X = NT) \\ + ((G \\ s' <=s s'') \\ (\\C. X = Class C \\ + (\\(aT,fT)\\set(zip apTs fpTs). G \\ aT \\ fT) \\ + (\\D rT b. method (G,C) (mn,fpTs) = Some(D,rT,b) \\ + (rT # ST' , LT) = s')))))))" consts wtl_MR :: "[meth_ret,jvm_prog,ty,state_type,state_type,certificate,p_count,p_count] \\ bool" @@ -172,9 +174,6 @@ in (\\T ST'. ST = T # ST' \\ G \\ T \\ rT)) \\ (cert ! (pc+1) = Some s'))" -(* - (pc+1 < max_pc \\ ((cert ! (pc+1)) \\ None \\ s' = the (cert ! (pc+1)))) \\ - (\\ pc+1 < max_pc \\ s' = s))" *) consts @@ -184,7 +183,7 @@ "wtl_inst (CO ins) G rT s s' cert max_pc pc = wtl_CO ins G s s' max_pc pc" "wtl_inst (MO ins) G rT s s' cert max_pc pc = wtl_MO ins G s s' max_pc pc" "wtl_inst (CH ins) G rT s s' cert max_pc pc = wtl_CH ins G s s' max_pc pc" - "wtl_inst (MI ins) G rT s s' cert max_pc pc = wtl_MI ins G s s' max_pc pc" + "wtl_inst (MI ins) G rT s s' cert max_pc pc = wtl_MI ins G s s' cert max_pc pc" "wtl_inst (MR ins) G rT s s' cert max_pc pc = wtl_MR ins G rT s s' cert max_pc pc" "wtl_inst (OS ins) G rT s s' cert max_pc pc = wtl_OS ins s s' max_pc pc" "wtl_inst (BR ins) G rT s s' cert max_pc pc = wtl_BR ins G s s' cert max_pc pc" @@ -203,9 +202,6 @@ primrec "wtl_inst_list [] G rT s0 s2 cert max_pc pc = (s0 = s2)" - (* None \\ (s0 = s2) - | Some s0' \\ (s0' = s2))" *) - "wtl_inst_list (instr#is) G rT s0 s2 cert max_pc pc = (\\s1. wtl_inst_option instr G rT s0 s1 cert max_pc pc \\ wtl_inst_list is G rT s1 s2 cert max_pc (pc+1))"