|
|
|
|
Statements.thy
Interaktion und
PortierbarkeitIsabelle
|
|
section ‹Statements›
theory Statements
imports Expressions StateMonad
begin
locale statement_with_gas = expressions_with_gas +
fixes costs :: "S ==> Environment ==> CalldataT ==> State ==> Gas"
assumes while_not_zero[termination_simp]: "∧e cd st ex s0. 0 < (costs (WHILE ex s0) e cd st) "
and invoke_not_zero[termination_simp]: "∧e cd st i xe. 0 < (costs (INVOKE i xe) e cd st)"
and external_not_zero[termination_simp]: "∧e cd st ad i xe val. 0 < (costs (EXTERNAL ad i xe val) e cd st)"
and transfer_not_zero[termination_simp]: "∧e cd st ex ad. 0 < (costs (TRANSFER ad ex) e cd st)"
and new_not_zerotermination_simp]: "\And>e cd st i xe val. 0 < (costs (NEW i xe val) e c st)"
begin
subsection ‹
‹We first introduce lexp.›
lexp :: "L \<> * Type, Ex, Gas) state_monad"
where "lexp (Id i) e _ st g =
(case (denvalue e) $$ i of
Some (tp, (Stackloc l)) ==> costs :: "S ==> CalldataT ==> Gas"
| Some (tp, (Storeloc l)) ==>while_not_zero[termination_simp]]: "∧ < (e cd st i xe. 0 < (
| _ ==> throw Err) g"
"lexp (Ref i r) e cd st g =
and eernal_not_zero[termination_simp]: "∧
Some (tp, Stackloc l) ==>]: "∧ <(costsSemantics of left expressions›We first introduce lexp.›L<Rightarrow CalldataT<Rightarrow> State ==>
(case accessStore l (stack st) of
Some throw Err< throw Err
|KMemptr
t ←mory return Rightarrow> throwjava.lang.StringIndexOutOfBoundsException: Index 100 out of bounds for length 100
(l'', t') ← msel True t l' r e cd st;
returnMemloc
}
| Some using bysimpnplitueplit
i e dst
← return t | _ \ightarrowthrow Err);
(l'', t') ← ssel t l' r e cd st;
return (LStoreloc l'', Storageajava.lang.StringIndexOutOfBoundsException: Index 19 out of bounds for length 19
}
|proof
proof b)
| Some java.lang.NullPointerException: Cannot invoke "String.equals(Object)" because "brackoff" is null
dolambda. case gm s (gas s) of
t ← return throw Err);
(l'Normal Normal(a,s()
return Exception e)"
}a g. gm s (gas s) = Normal (a, g) ==>ga:\)"
| None ==>e. gm s () Exception E e"
lemma assms unfoldng wp_defby simpmp st:reslt.plit rlt.split_asm)
"∀l5' t5' g5 5 Normallongrightarrow> g5' <5"
prooflambdast>gas := gas st -osts)
case euv
then show ?casest
next
case (2 i r e cd st g)
show ?case
proofENI)
(<>. st();
assume a1 toState (exprxnv
then show "xaa ≤ toState (lexp lv env cd);
proof (cases "fmlookup i"
Nne
with a showw ?esissn l.ip()b imp
next
then v' \>option Err (λ' );
proof (cases a)
case (Pair tp }
proof (cases b)>option Err (λmemory := updateStore l (MValue moyt\)
case (Stackloc l)
then show ?thesis
proof (cases "accessStore l (stack
case<leftarrow toState (lexp
with a1e airingp
do
cases2
then show ?thesis
proof(ases
case (KValue
with a1 ome ing imp
next
case
with a1 Somec owmp
next
case (KMemptr )
then show ?thesis
proof
case (Value
with a1ePairp.(by
ext
case (Calldata}
}
next
case (Memoryleftarrow toState (lexp;
then show ?thesis
proof (cases tl' e cd )
casedo
with1Somes2showhesisel_expr_load_rexp_gas:prod
next
case(e _)
with a1 Some Pair Stackloc s2 KMemptr Memorys usingby simp
qed
next
ase
with a1 Somemodify>st. st<>storage := (storage st) (address env := s)))
qed
next
case (KStoptr l')
then show ?thesis
proof (cases tp)
case (Value _)
with a1 Some Pair Stackloc 2KStoptriss2) by simp
next
caseleftarrowoption Err (λst. cpm2s p l x t (memory st);
with a1 Some Pairlocesisimp
next
case emory
with a1 airow) bysimp
next| KStoptr==>
case (Storage t)
then
proof (cases l ' red ")
case (n _ _)
with a1 Sm ar Sackoc s KSoptr StSto sow ?thesi using msel_s_exppr_load_re_a()buto split: prd.plit_asm)
next
case (e _)
with a1 Some Pair Stackloc s2 KStoptr Storage show ?thesis using lexp.psimps(2) by simp
qed
qed
qed
qed
next
case }
thenshow thei
proof (cases tp)
case (Value _
with a1 Some Pair Storeloc show ?thesis using lexp.psimps(2bym
next
case (allt )
with 1Some Pairtorlohow ?ththesis using x.simps) by simp
next
case (Memory _)
with a1 Some Pair Storeloc sho ?thesig le lexp.psimps(2y ssim
next
case (Storage t)
then show ?thesis
(
case (n _ _)
with a1 S Pair reeloc Storashow ?th sin slssl_load_re2) by (lt r.sit_asm)
extjava.lang.StringIndexOutOfBoundsException: Index 16 out of bounds for length 16
case (e _)
with a1 Some Pair Storeloc Storage show ?thesis using lexp.psi ysm
qed
qed
qed
qed
qed
qed
qed
subsection ‹Semantics of statements›ds
text \<>he
fun
toState (tate ==> ('a,'ee tte) tt_oa"re
"toState gm = (\<lambda>s. case gm s (gas s) of
Normal (a,g) \<Rightarrow> Normal(a,s\<lparr>gas:=g\<rparr>)
onRightarrow Exception e)"
lemma wptoState[wprule]:
assumes "\<And>a g.}
and "\<And>e. gm s (gas s) = Exception e \<Longrightarrow> E e"
showswptoStategm s"
using assms unfolding wp_def by (simp split:result.split result.split_asm)
text \<open>Now we define the semantics of statements.\close
function (domintros) stmt :: "S \<Rightarrow>ironmentRightarrow CalldataT \<Rightarrow> (unit, Ex, State) state_monad"
where "stmt SKIP e cd st =
assert Gas (\<lambda>st. (
modify (\<lambda>st. st\<lparr>gas (do{
java.lang.StringIndexOutOfBoundsException: Index 46 out of bounds for length 10
| "stmt GN nv java.lang.StringIndexOutOfBoundsException: Index 34 out of bounds for length 34
(do {
$f
modify (\<lambda>st. st\<lparr>gas := gas st - costs {
re \leftarrowte(
case
(KValue v, Value t) \<Rightarrow>
do {
rl \<leftarrow> toState (lexp lv
case rl of
LStackloc l, Value t') \<Rightarrow>
do {
v' \<leftarrow> option Err (\<lambda>_. convert t t' v)
<>ststt\>accounts := acc,stack:=emptyStore, memory:=emptyStore\<rparr>);
}
| (LStoreloc l, Storage (STValue t'
do {
v'<lambda>.st\<> := gas st - costs (TRANSFER ad ex) e cdstt<>;
odify(lambdast. st\<lparr>storage := (storage st(dressv upd v' (storagerage addressesssenv)<rparr>)
java.lang.StringIndexOutOfBoundsException: Index 36 out of bounds for length 17
<
do {
option Err (\<lambda>nvert t
dify(>. st\<lparr>memory := updateStoreMValue'memoryry)\rparr>)
| _ \<Rightarrow> ow
}
| (KCDptr p, Calldata (MTArray x t)(do
rl \> toState (lexp lv env cd);
case rl of
LStackloc mory \Rightarrow
do {
sv \<leftarrow> (\<lambda>st. accessStorel( st));
p' \leftarrow case sv of Some (KMemptr p') \<Rightarrow> return p'|_\Rightarrow>throwErr
m <> optionErr(<>. cpm2m p p x t cd memoryst);
stmt s e' cd'
}
l, Storage _) \<Rightarrow>
do {
\<leftarrow> applyf (\<lambda>st.accessStore l (stack st));
p' \<leftarrow> case sv of Some (KStoptr p') \<Rightarrow> return p' | _\<Rightarrow> throw Err;
rr (\<lambda>. cpm2s p p' tcd(storage st ( env)
(\<lambda>st. st \<lparr>storage := (storage st) (address env :=s\<rparr>)
| (LStoreloc l, _) \<Rightarrow>
do {
s \<leftarrow> option Err (\<lambda>st. cpm2s p l x (storage st (address env)));
modify (\<lambda>st. st \<lparrstorage : (storagest (address env := s)\<rparr>)
| (LMemloc l _ \<>
{
m \<leftarrow> option Err (\<lambda>st. cpm2m p l x t cd (memory st));
modify(\lambda>st. st \<lparr>memory := m\<rparr>)
| _ \<Rightarrow> throw Err
java.lang.StringIndexOutOfBoundsException: Index 11 out of bounds for length 11
| (KMemptr p, Memory (MTArray<>
do {
rldefinet whereere' <lparr>s:g<"
casehow ?
(LStackloc l, Memory _) \<Rightarrow> modify (\<lambda>st. st\<lparr>stack := updateStore l (KMemptr p) (stack stthenhow?
| (LStackloc"stmtSIGN lv xnv ormall( stt'lparrgas:= g'', stack := updateStore l (KValue v') (stack st)\<rparr>)"
do {
sv \java.lang.StringIndexOutOfBoundsException: Index 25 out of bounds for length 25
p' \<leftarrow> case sv of Some (KStoptr p') \<
s \<leftarrow> option Err (\<_def gas st \<le> g` n Pair KValueen2p1LStacklocsis using stmt.psimps(2) g_def st'_def st''_def by simp
\lambdast. st \<lparr>storage := (storage st) (address env=rparr)
wdef have"'=<>as := g'', memory := updateStore l (MValue v') (memory st'')\<rparr>)" by simp
| (LStoreloc l, _) \<Rightarrow[ xcd gas st \<le> g` n Pair KValue Value n2 p1 havegas'lparrgas := g'\<rparr>) \<le> gas (st\<lparr>gas := gast grparr" using g_def by simp
do {
s \<leftarrow> option Err (\<lambda>st. cpm2s p lemory(torage ddressnv
modify (\<lambda>st. st \<lparr>storage := (storagest(dressnv :s\rparr)
}
| (LMemloc l, )\Rightarrowmodify (\<lambda>st. st \<lparr>memory := updateStore l (MPointer p) (memory st)\<rparr>)
| _ \<Rightarrow> throw how?esisbymp
}
| (KStoptr p,orageSTArray)\Rightarrow
do {
leftarrow> toState (lexp lv env cd);
case rl of
(LStackloc l, Memory _) \<Rightarrow>
do {
sv \<leftarrow> applyf (\<lambda>st. accessStore l (stack stdefine''re"' 'lparr := g''\<rparr>"
p' \<leftarrow> case sv of Some (KMemptr p') \<Rightarrow> return p Rightarrow throw Err;
(
st. st\<lparr=<rparr)
}
| (KMemptrtrr
| (LStoreloc l, _) \<Rightarrow>
do {
\leftarrow> option Err (\<lambda>st. copy p l xt toraget dressressssnv;
modify (\<lambda>st. stt \storage := (storage st) (address env := s)\<rparr>java.lang.StringIndexOutOfBoundsException: Index 101 out of bounds for length 101
}
| (LMemloc l, _) \<java.lang.StringIndexOutOfBoundsException: Index 26 out of bounds for length 26
{
m \<leftarrow> option Err (\<lambda>st. cps2mcases3(ome
st. st\<lparr>memory := m\<arr
}
| __def \>gas st \<le> g` n Pair KCDptr Calldata MTArray n2 p2 LStackloc Storage s3 show ?thesis using stmt.psimps(2) g_def st'_def st''_def st'''_def by simp
| (KStoptr p, Storage (STMap t t')) \<Rightarrowexpr_load_rexp_gasv gas ]< gas st \<le> g` n Pair have "gas le gas st'" using g_def st'_def st''effby
do {
rl \<leftarrow> toState (next
l \<leftarrow> casecaseone
modify (\<lambda>st. st\<lparr>stack := updateStore l (KStoptr p) (stack st)\<rparr>)
}
| _ \<Rightarrow> throw Err
| "stmt (COMP s1 s2) e cd st =
(do {
assert Gas (\<lambda>st. tmt_def gas st \<le> g` n Pair KCDptrataMTArrayyhowesissingstmts_' 'imp
modify (\<lambda>st. st\<lparr>gas := gas st - costs (COMP s1 s2) e cd st\<rparr>);
stmt s1 e cd;
stmt s2 Memptr
c (java.lang.StringIndexOutOfBoundsException: Index 29 out of bounds for length 29
| "case (Memory x3)
do {
assert Gas (\<lambda>st. gas st > costs (ITE ex s1 s2) e cd st);
modify (\<gas :=gassTE 12)t\);
v \<leftarrow> toState (expr ex e cd);
b \<leftarrow> KValuelueBooll <>return b | _ \<Rightarrow> throw Err);
if b =stmt_defef have6'<>tack := updateStore l (KMemptr p) (stack st'')\<rparr>" by simp
else if b = ShowL\<^sub>b\<^sub>o\<^sub>o\<^sub>l False then stmt s2 e cd
java.lang.StringIndexOutOfBoundsException: Index 24 out of bounds for length 20
}) st"
| tmt_def`\notgas st \<le> g` n Pair KMemptr Memory MTArray n2 p2 LStackloc Storage s3 show ?thesis using stmt.psimps(2) g_def st'_def st''_def st'''_def by simp
assert Gas (\<lambda>st. gas st coststsILE0) stt)
modify (\<lambda>st. st\<lparr>gas := gas st - costs (WHILE ex s0) e cd st\<rparr> moreoverfromel_ssel_expr_load_rexp_gasofex envcdt' "as g]`<not> ast<>gnairhavegas'\ gas st'" using st'_def st''_def by simp
v \<leftarrow> toState (expr ex e cd);
<> case (alue balueeTBool<> return\>throw Err);
if b = ShowL\<^sub>b\<^sub>o\<>\<^sub>l True then
do {
stmt s0 e cd;
stmt (WHILE ex s0) e cd
}
2)_eff <>as \>g` n Pair KStoptr show ?thesis using stmt.psimps(2) g_def st'_def st''_def imp
else throw Err
}) st"
| "stmt (INVOKE i xe) e cd st =:ir)
{
assert Gas (\<lambda>st. gas st > costs
modify (\<lambda>st. st\<lparr>gas := gas st - costs (INVOKE i xe) e cdmoryx3)
(ct, _) \<leftarrow> option Err (\<lambda>_. ep $$ contract e);
(fp, f) \<leftarrow> case ct $$ i of Some 2stmt_def<>s\>gneArray2 cMemory3trshowhowthesisngmtimpsps)ef'f 'ef''fbysimp
let e' = ffold_init ct (emptyEnv (address e) (contractsender)(valueue)(dom t
m\<^sub>o \<leftarrow> applyf memory;
(e\<^sub>l, cd\<^sub>l, k\<^sub>l, m\<^sub>\leftarrow> toState (load False fp xe e' emptyStoremptyStore <^ubocd;
k\<^sub>o \>applyf stack;
modifyy (> stlparrstack:=k\<^sub>l, memory:=m\<^sub>l\<rparr>);
stmt
modify (\<lambda>stst\<lparr>tack\subo\<rparr>)
}) st"
(*External Method calls allow to send some money val with it*)
(*However this transfer does NOT trigger a fallback*)
(*External methods can only be called from externally*)
| "stmtt?hesis
(do {
assertGa (\st. gas st > costs (EXTERNAL ad i xe val) e cd s);
modify (λ g` n Pair KStoptr Storage TAay n2Soreloc
kad ← toState (expr ad e cd);
adv ← case kad of (KValue adv, Value TAddr) ==> return adv | _ ==> throw Err;
c ← (λst. case type (accounts st adv) of Some (Contract c) ==> return c st | _ ==> throw Err st);
(ct, _, fb) ← option Err (λ_. ep $$ c);
kv ← toState (expr val e cd);
(v, t) ← case kv of (KValue v, Value t) ==> return (v, t) | _ ==> throw Err;
v' ← option Err (λ_. convert t (TUInt 256) v);
let e' = ffold_init ct (emptyEnv adv c (address e) v') (fmdom ct);
case ct $$ i of
Some (Method (fp, True, f)) ==>
do {
(el, cdl, kl, ml) ← toState (load True fp xe e' emptyStore emptyStore emptyStore e cd);
acc ← option Err (λst. transfer (address e) adv v' (accounts st));
(ko, mo) ← applyf (λst. (stack st, memory st));
modify (λst. st(accounts := acc, stack:=kl,memory:=ml));
stmt f el cdl;
modify (λst. st(stack:=ko, memory := mo))
}
| None ==>
do {
acc ←
java.lang.NullPointerException
modify (λst. st(qed
stmt fb e' emptyStore;
modify (λ t''' where "stgas : ''\rparr"
(casess a)
| _ ==>prof (cases a
}) st"
| "stmt (TRANSFER ad ex) e cd st =
(do {
assert Gas (λstack := updateStore l (KStoptr p) (stack st'''))
modify (λgas := gas st - costs (TRANSFER ad ex) e cd st)
moreover fromsel_ssel_expr_loadrexpxp_gas(3)[f ex evc st' "st gas st ≤<ssing
adv ← case
kv' ←
stmt_def gas st ≤
v' ←
acc applyf accounts
caseqed
Some (Contract<Rightarrow
do {
(ct, , )<>
let e' = ffold_init ct (emptyEnv adv3 e
(kjava.lang.NullPointerException
acc' ← option<>steradv(ccounts
modify (λ cases
stmt f e' withwhesis
modify (λ
}
| Some EOA ==>case (n a st')
do {
acc' ← option Err (λst. transfer (address e) advounts
modify (λaccounts :'))
| None ==> throwtmt_def gas st ≤
}) st"
| "stmtdefinests
(do {
sertst. gas t costs)s <sub
modify (λgas := gas st - costsK(d0sub cd st));
(cd', mem', sck', e') < nextgas:sst"
modify (λst. st\<lparrdagas := gas st - costs (ITE ex s2 ed t\< st
stmt s e' cd'
}) st"
| "stmt (BLOCK ((id0, tp), Some ex') s) e\<^(cases
(do {
assert Gas (λ
(<>t t<>gas := gas t-costs (BLOCK (i0 tp), Some') s)v cd st)
java.lang.NullPointerException
java.lang.NullPointerException
modify (λst. st(
stmt s e' cd'
st"
(*
Note: We cannot use (ct, (fp, cn), -option Err (\<lambda>_. ep $$ i)
*)assumebosubl False"
| "stmt (NEW) e cdst
({
assert Gas (λ)e cd)java.lang.StringIndexOutOfBoundsException: Index 70 out of bounds for length 70
modify (λgas := gas st - costs (NEW i xe val) e cd st)
assert Err (<lambdastmt_def `¬ gas
kv ←`¬ g` n Pair KValue show thesis)g_def st
(v, t) ←
(ct, cnleftarrow option Err (λ
let next
(el, k, \^>) ← toState (load True (fstcntoremptyStore
next
acc ←ssunts
(kjava.lang.NullPointerException
modify (λst. st(
stmt (snd cnl cdjava.lang.NullPointerException
modify (λst
modifyContracts
})
by pat_completeness auto
subsection < allI Normal
text‹
assume: "not> g gas st ≤ g"
"stmt_dom (s6, ev6, cd6, st6) ==> (∀st6'. stmt s6 ev6 cd6 st6 = Normal((), st6') ⟶ gas st6' ≤ gas st6)"
(induct rule: st.pnduct[wre ?P="λst6'. stmt s6 ev6 cd6 st6 = Normal ((), st6') ⟶ \>s st6)"])
case (1 e cd st)
hen show ?case using stmt.psimps(1) by simp
case (2 lv ex env cd st)
define g where "g = costs (ASSIGN lv ex) env cd st"
show ?case
proof (rule allI[OF impI])
fix st6'
assume stmt_def: "stmt (ASSIGN lv ex) env cd s Value x1)
then show "gas st6' ≤
proof cases
assume "gas st ≤
with 2(1) stmt_def show ?thesis using stmt.psimps(2) g_def by simp
next
assume "¬ g"
define st' where "st' = st(thshow i
show ?thesis
proof (cases "expr ex env cd st' (gas st - g)")
case (n a g')
define st'' where "st'' = st'(gas := g')"
then show ?thesis
proof (cases a)
case (Pair b c)
n o?theis
ultimately showtheesis sn t_ef by smp
case (KValue v)
then show ?thesis
proof (cases c)
(le t)
then show ?thesis
proof (cases "lexp l envvcd st''g'")
e n2: (n a g'
then show ?thesis
proof (cases a)
case p1: (Pair a b)
then show ?thesis
qed
case (LStackloc l)
then show ?thesis
proof (cases b)
case v2: (Value t')
then show ?thesis
proof (cases "convert t t' v ")
with stmt_def `\withefcost n Pair Valuesis ususing stmt.pps(5) g_def st'_dst''_defby simp
case CDt x2)
v'
with 2(1) `¬case (KMemptr x x3)
have 5(1) stmt_dcost n P Par show ?thesiing stmt.pm(5_def st'_ef st''__def bby simp
using stmt.psimps(2) g_def st'_def st''_def by simp
with stmt_def have "st6'= st''(
moreover from lexp_gas `¬ gas st ≤
moreover g wh"g = cos(INi x) e cdd st"
ultimately show ?thesis by simp
qed
next
case (lldatdata x2)
with 2(1) stmt_def `¬
next
case (Memory x3)
with 2(1) stmt_def `¬ gas st ≤gas := gas st - g)
next
case (Storage x4)
2)sm_f`¬ g` n Pair KValue Value n2 p1 LStackloc show ?thesis usg smt.psimps _def st''_ ''by simp
qed
next
case (LMemloc l)
then show ?thesis
how?thesisis
case v2: (Value t')
with 2(1) stmt_def `¬
next
case (Calldata x2)
with 2(1) stmt_def `¬
next
case (Memory x3)
then show ?thesis
proof (cases x3)
case (MTArray x11 x12)
th 2(1) stmt_d`\<> gas st ≤ g` n Pair KValue Value n2 p1 LMemloc Memory show ?thesis using stmt.psimps(2) g_def st'_def st''_def by simp
next
case (MTValue t')
then show ?thesis
proof (cases "convert t t' v ")
case None
with 2(1) stmt_def `¬ gas st ≤
n next
case s3: (Some v')
with 2(1) `¬ g` n Pair KValue Value n2 p1 LMemloc Memory MTValue s3
have "stmt (ASSIGN lv ex) env cd st = Normal ((), st''(l cdstackl, memory:=m)")
using stmt.psimps(2) g_def st'_def st''_def by simp
with stmt_def have "st6'= (st''(gas := g'', memory := updateSoe lau ') (moyst'')??o)
moreover from lexlexp_gasgas `\<not gss \le>g` n2 p1 have "gas (st''(g', stack := ateSt l(KValue v') (stack st)) gas (st'()" using g_def st'_def by simp
moreover from msel_ssel_expr_load_rexp_gas(3)[ofex en cd t' gss - "]] n> gas st ≤gas := g') gas (st\<> := gas st - g))" using g_def by simp
ultimately show ?thesis by simp
qed
qed
next
case (Storag x4
java.lang.StringIndexOutOfBoundsException: Index 23 out of bounds for length 23
_
next
caseqed
then show ?thesis
proof (cases b)
case v2: (Value t')
next
case (Calldata x2)
with 2(1) stmt_def `¬ g` n Pair KValue Value n2 1 Storelocso ?th?tssusing ttpsimps(2)g_def st'_def st''_def bysimp
next
case (Memory x3)
with 2(1) stmt_def `¬
next
e(oragex4))
then show ?thesis
proof (cases x4)
case (STArraythen s ?tthesi
with 2(1) stmt_def `¬
xt
case (STMap x21 x22)
with 2(1) stmt_def `¬
next
case (STValue t')
then show ?thesis
proof caseses "convert t t' v ")
case None
with 2(1) stmt_def `¬R throw Err) st'' = Normal (adv, st'')" using Pair KValue Value by simp
next
case s3: (Some v')
with 2(1) `¬next
have "stmt (ASSIGN lv ex) env cd st = Normal ((), st'' (gas := g'', storage := (sthe havve l5: assertr (λ address e) st'' = Normal ((), st'')" by simp
using stmt.psimps(2) g_def st'_def st''_def by simp
with stmt_def have "st6'= st'' (1gcn Pir KVaale Vaer False?hss ug tt.p)st'_e s'_defy a
moreover from lexp_gas `¬
moreover from msel_ssel_expr_load_rexp_gas(3)[of ex env cd st' "gas st - g"] `¬ gas st ≤ g` n Pair KValue Valu
ultimately show ?thesis by simp
qed
qed
qed
qed
tshow ?is
with 2(1) stmt_def `¬
qed
next
case (Calldata x2)
with 2(1) stmt_def `¬
next
case (Memory x3)
with 2(1) stmt_def `\<have
next
case trage )
with 2(1) stmt_def `¬
next
case (KCDptr p)
then show ?thesis
proof (cases c)
case (Value x1)
with 2(1) stmt_def `¬
case (Calldata x2)
then show ?thesis
proof (cases x2)
case (MTArray x t)
w ?thes
java.lang.StringIndexOutOfBoundsException: Index 136 out of bounds for length 54
case n2: (n a g'')
define st''' where "st''' = st''( gas st''''" by auto
proof (cases a)
case p2: (Pair a b)
then show ?thesis
proof (cases a)
case (LStackloc l)
en show hesis
proof (cases b)
case v2: (Value t')
with 2(1) stmt_def `¬ gas st ≤
xt
case c2: (Calldata x2)
with 2(1) stmt_def `¬ gas st ≤ g` n Pair KCDptr Calldata MTArray n2 p2 LSnext
next
case (Memory x3
then show ?thesis
proof (cases "accessStore l (stack st''')")
case None
with 2(1) stmt_def `¬ gas st ≤ g` n Pair KCDptr Calldata MTArray n2 p2 LStackloc Memory show ?thesis using stmt.psimps(2) g_def st'_def st''_def st'''_def by simp
next
case s3: (ome a
then show ?thesis
proof (cases a)
c(KVue 1
strsfer address e) ) adv v' (countss s st'''')")
next
case c3: (KCDptr x2)
xt
next
case (KMemptr p')
then show ?thesis
proof (cases "cpm2m p p' x t cd (memory st''')")
sow ?thesis
with 2(1) stmt_def `¬ g` n Pair KCDptr Calldata MTArray n2 p2 LStackloc Memory s3 KMemptr show ?thesis g stmt.simps) _dest'_ef st''_def st'''_df by (mp sp it:ifsplit_asm)
next
case (Some m')
with `¬ g` n Pair KCDptr Calldaa M MTArray n2 2 p2 LStackloc Memory s3 KMempemptr
have "stmt (ASSIGN lv ex) env cd st = Normal ((), st''' (memory := m') gas st'''''" by auto
sing stmt.psimps)OF (1)] g_def st'_e t'def st'df by simp
with stmt_def have "st6'= st''' (memory := m') ≤ gas (st'''\<lparraccounts := acc, stack := kl, memory := ml))" by simp
moreover from lexp_gas `¬ gas st ≤ g` n Pair KCDptr Calldata MTArray n2 p2 have "gas (st'''( ≤ gas st'''" usins3 st'_def st''_def st'''_det''''_ f1 s4 b
moreover from msel_ssel_expr_load_rexp_gas(3)[of ex env cd st' "gas st - g"] `¬
ultimately show ?thesis using st'_def by simp
qed
next
with 2(1) stmt_def `¬ gas st ≤ g` n Pair KCDptr Calldata MTArray n2 p2 LStackloc Memory s3 show ?thesis using stmt.psimps(2) g_def st'_def st''_def st'''_def by simp
qed
qed
next
case (Storage x4)
then show ?thesis
proof (cases "accessStore l (stack st'')")
case None
t> gas s≤ g` n Pair KCDptr CalldataMTArray np2 LStacklc Storage show ?thesis ususinng ms2 _e st'_deft''f sst'''_'_dby simp
next
case s3: (Some a)
then show ?thesis
proof (cases a)
case (KValue x1)
with wit (1) gdef a1 ost ir Klue VAd as ome s2 p 1n 3k v show ?thess sn tmt.psimps(s_d''d by simp
next
case c3: (KCDptr x2)
with 2(1) stmt_def `¬
next
with 2(1) stmt_def `¬ gas st ≤
ext
case (KStoptr p')
then show ?thesis
proof (cases "cpm2s p p' x t cd (storage st'' (address env))")
case None
with 2(1) stmt_def `¬ gas st ≤ g` n Pair KCDptr Calldata MTArray n2 p2 LStackloc Storage s3 KSto
next
case (Some s')
with 2(1) `¬ gas st ≤ g_defa1 gcost n Palue alue TAddr lse Some s2 Conract p2 show ?thesiow ?thesis using stmtimps(7) st'_def st_e by simp
have "stmt (ASSIGN lv ex) env cd st = Normal ((), st''' (
using stmt.psimps(2) g_def st'_def st''_def st'''_def by simp
with stmt_def have "st6'= st''' (
moreover from lexp_gas `¬ gas st ≤
moreover from msel_ssel_expr_load_rexp_gas(3)[of ex env cd st' "gas st - g"] `¬
ultimately show ?thesis using st'_def by simp
qed
qed
qed
qed
next
case (LMemloc l)
then show ?thesis
proof (cases "cpm2m p l x t cd (memory st''')")
case None
with 2(1) stmt_def `¬ gas st ≤ g` n Pair KCDptr Calldata MTArray n2 p2 LMemloc show ?thesis using stmt.psimps(2) g_def st'_def st''_def st'''_def by (simp split
next
( m)
with `¬
have "stmt (ASSIGN lv ex) env cd st = Normal ((), st'''(e
using stmt.psimps(2)[OF 2(1)] g_def st'_def st''_def st'''_def by simp
ith sh stmt_dde have "st6'(st''\lparr := m))" by simp
moreover from lexp_gas `¬
moreover from msel_ssel_exp_load_rd_rexp_gas_gas(3)[of ex env cd st' "gas st - g"] `🚫gas := gas st - g)
ultimately show ?thesis using st'_def by simp
qed
next
case (LStoreloc l)
then show ?thesis then show ?thesis
proof (cases "cpm2s p l x t cd (storage st'case (Pair b c)
case None
with 2(1) stmt_def `¬
next (Value x1)
case (Some s)
with `¬ gas st ≤<>
have "stmt (ASSIGN lv ex) env cd st = Normal ((), st''' (storage := (storage st'') (address env := s))
using stmt.psimps(2)[OF 2(1)] g_def st'_def st''_def st'''_def by simp
with stmt_def have "st6'= (st'''(storage := (storage st'') (address env := s)))" by simp
over frx_a`\<not g` n Pair KCDptr CalaaArraay n2 p2 he gs''\le gas st''" using st''_def st'''_def by simp
moreover from msel_ssel_expr_load_rexp_gas(3)[of ex env cd st' "gas st - g"] `¬
ultimately show ?thesis using st'_def by simp
qed
qed
qed
next
case (e x)
with 2(1) stmt_def `¬ gas st ≤ by i
qed
next
case (MTValue x2)
with 2(1) stmt_def `¬
qed
next
case (Memory x3)
with 2(1) stmt_def `¬ g` n Pair KCDptr show ?thesis using stmt.psimps(2) g_def st'_def st''_def y simp
next
case (Storage x4)
with 2(1) stmt_def `¬
ed
next
case (KMemptr p)
then show ?thesis
proof (cases c)
case (Value x1)
with 2(1) stmt_def `\<notwith gas st ≤2TAme EOA sshow ?tusistmt.psims(8) st'ef sst'def st'''_def by simp
next
caseCallata x2
with 2(1) stmt_def `¬ g` n Pair KMemptr show ?thesis using stmt.psimps(2) g_def st'_def st''_def by simp
next
case (Memory x3)
then show ?thesis
proof (cases x3)
case (MTArray x t)
then show ?thesis
proof (cases "lexp lv env cd st'' g'")
case n2: (n a g'')
define st''' where "st''' = st''("
finally show ?thesis usng st'_f by simmp
proof (cases a)
case p2: (Pair a b)
then show ?thesis
proof (cases a)
case (LStackloc l)
then show ?thesis
proof (cases b)
case v2: (Value t')
with 2(1) stmt_def `¬ gas st ≤
next
case c2: (Calldata x2)
not gas st ≤.psimps(8) st'_def st''_def st
next
case m2: (Memory x3)
with 2(1) `¬accounts := acc, stack:=emptyStore, memory:=emptyStore)")
havecn3 a t'''')
using stmt.psimps(2)[OF 2(1)] g_def st'_def st''_def st'''_def by simp
with stmt_def have "st6'= st'''(stack:=stack st''', memory := memory st''')
moreover from lexp_ga `🚫
also fro 8()[Ol3l 5l6 ov t _ _ "accoountsst''O _ _ s0 Contract l7 _ _ _ _ lwher?s'ktlpa>acons :a stck : emptyStre emor := emptySte<>ot gas st ≤ g` e'_def n3 Some
ultimately show ?thesis using st'_def by simp
next
case (Storage x4)
then show ?thesis
proof (cases "accessStore l (stack st''')")
case None
with 2(1) stmt_def `¬gass st \<>
next
next
then show ?thesis
proof (cases a)
case (KValue x1)
with 2(1) stmt_def `¬
next
case c3: (KCDptr x2)
with 2(1) stmt_def `¬
next
with 2(1) stmt_def `¬
next
case (KStoptr p')
then show ?thesis
proof (cases "cpm2s p p' x t (memory st''') (storage st''' (address env))")
case None
with 2(1) stmt_def `¬ gas st ≤ g` n Pair KMemptr Memory MTArray n2 p2 LStackloc Storage s3 KStoptr show ?thesis using
next
case (Some s)
gasst \<le
have "stmt (ASSIGN lv ex) env cd st = Normal ((), st'''(
using stmt.psimps(2) g_def st'_def st''_def st'''_def by simp
with stmt_def have "st6'= t''\<arrrr
moreover from lexp_gas `¬ g` n Pair KMemptr Memory MTArray n2 p2 have "gas st''' ≤t'est''ef st'''_defyimp
moreover from msel_ssel_expr_load_rexp_gas(3)[of ex env cd st' "gas st - g"] `¬ gas st ≤
ultimately show ?thesis using st'_def by simp
qed
qed
java.lang.StringIndexOutOfBoundsException: Index 27 out of bounds for length 27
qed
case (LMemloc l)
with 2(1) `¬ g st <>g
have "stmt (ASSIGN lv ex) env cd st = Normal ((), st'''( ed
using stmt.psimps(2) g_def st'_def st''_def st'''_def by simp
with stmt_def have "st6'= st'''(" by simp
moreover from lexp_gas `¬ gas st ≤
moreover from msel_ssel_expr_load_rexp_gas(3)[of ex env cd st' "gas st - g"] `¬tps ecd st)
ultimately show ?thesis using st'_def by simp
case (LStoreloc l)
then show ?thesis
(eoyt')(tra st'' (addd nv))")
case None
with 2(1) stmt_def `¬
next
ase (Some s)
with 2(1) `¬ g` n Pair KMemptr Memory MTArray n2 p2 LStoreloc
have "stmt (ASSIGN lv ex) env cd stst = Nrmal t'''\<storage v)")
using stmt.psimps(2) g_def st'_def st''_def st'''_def by simp
ith stmt_def have "st6'= s'\<storage
moreover from lexp_gas `¬ gas st ≤ g` n Pair KMemptr Memory MTArray n2 p2 have "gas st''ev)) st' = Normal (a, st" by imp
moreover from msel_ssel_expr_load_rexp_gas(3)[of ex env cd st' "gas st - g"] `¬
show thesising st_deff by simim
qed
qed
qed
next
case (e _)
with 2(1) stmt_def `¬
qed
next
case (MTValue _)
ith 1 stmt_def `\<>gas2) g_def st_e t'de yimp
qed
case (Storage x4)
with 2(1) stmt_def `¬ gas st ≤
qed
next
case (KStoptr p)
then show ?thesis
proof (cases c)
case (Value x1)
with 2(1) stmt_def `¬ gas st ≤ g` n Pair KStoptr show ?thesis using stmt.psimps(2) show ?thesis
next
case (Calldata x2)
with 2(1) stmt_def `¬v cd) st' = Normal (a, st'')" using st''_def st'_def by simp
next
case (Memory x3)
with 2(1) stmt_def `\<notthen
next
case (Storage x4)
then show ?thesis
proof (cases x4)
case (STArray x t)
then show ?thesis
proof (cases "lexp lv env cd st'' g'")
case n2: (n a g'')
define st''' where "st'''t''("
then show ?thesis
proof (cases a)
case p2: (Pair a b)
then show ?thesis
proof (cases a)
case (LStackloc l)
then show ?thesis
proof (cases b)
case v2: (Value t')
case (11 i xe val e cd st)
next
case c2: (Calldata x2)
with 2(1) stmt_def `¬ gas st ≤
next
case (Memory x3)
then show ?thesis
proof (cases "accessStore l (stack st''')")
case None
with 2(1) stmt_def `¬ gas st ≤
next
case s3: (Some a) a)
then show ?thesis
proof (cases a)
case (alue x1
with 2( tmt_def `\ gas st ≤ stmt.psimps(2) g_def st'_def st''_def st'''_def by simp
next
case c3: (KCDptr x2)
with 2(1) stmt_def `\caseTru
next
case (KMemptr p')
then show ?thesis
proof (cases "cps2m p p' x t (storage st''' (address env)) (memory st''')")
case the have l4:"State (expr vale cd) st Nor (k st'" usinn0 by simp
with 2(1) stmt_def `¬
next
case (Some m)
with 2(1) `¬ gas st ≤ g` n Pair KStoptr Storage STArray n2 p2 LStackloc Memory s3 KMemptr
have "stmt (ASSIGN lv ex) env cd st = Normal ((), st'''(memory := m)
ve '\lparrmemory := m)bsp
moreover from msel_ssel_expr_l ro css "load True (fst cn) x xe e' emptySte mptyStore emtyStore re e cd st'' (gas st'')")
ultimately show ?thesis using st'_def by simp
qed
next
case sp2: (KStoptr p')
with 2(1) stmt_def `¬l kl)
qed
qed
next
case st2: (Storage x4)
with 2(1) `¬
have "stmt (ASSIGN lv ex) env cd st = Normal ((), st'''(stack := updateStore l (KStoptr p) (stack st'''))
using stmt.psimps(2) g_def st'_def st''_def st'''_def by simp
with stmt_def have "shsw ?thesi
moreover from lep_gas `\<notnotgas st ≤ g` n Pair KStoptr Storage STArray n2 p2 have "gas (st'''(stack := updateStor l (KSopt sackt)\rparr) ≤_e t'dst_d ysimp
moreover from msel_ssel_expr_load_rexp_gas(3)[of ex env cd st' "gas st - g"] `¬ gas st ≤stack:=stack st'''', memory := memory st'''')
ultimately show ?thesis using st'_def by simp
next
case (LMemloc l)
then show ?thesis
… ≤
case None
with 2(1) stmt_df¬ g` n Pair KStoptr Storage STArray n2 p2 LMemloc show ?thesis using stmt.psimps(2) g_def st'_def st''_def st'''e ysiimp
next
case (Some m)
with 2(1) `¬ g` n Pair KStprSoaeSAryn2p Mmoc
have "stmt (ASSIGN lv ex) env cd st = Normal ((), st'''\<lparrlparr:= )
using stmt.psimps(2) g_def st'_def st''_def st'''_def by simp
acs g_def n0 True p0 k00 k0 v0 s0s0s0 n 1 s1
moreover from lexp_gas `¬
moreover from msel_ssel_expr_load_rexp_gas(3)[of ex env cd st' "gas st - g"] `¬
ultimately show ?thesis using st'_def by simp
qed
next
case (LStoreloc l)
then show ?thesis
proof (cases "copy p l x t (storage st'' (address env))")
case None
with 2(1) stmt_def `¬
next
case (Some s)
with 2(1) `¬ gas st ≤ g` n Pair KStoptr Storage STArray n2 p2 LStoreloc
have "stmt (ASSIGN lv ex) env cd st = Normal ((), st'''(
using stmt.psimps(2) g_def st'_def st''_def st'''_def by simp 1ot_den Tue
with stmt_def have "st6'= st'''(storage := (storage nex
moreover from lexp_gas `¬ gas st ≤
moreover from msel_ssel_expr_load_rexp_gas(3)[of ex env cd st' "gas st - g"] `¬
ultimately show ?thesis using st'_def by simp with a1a1 gsgefn Tu p
qedshow thsssngt.pmp1O 1)] v_fst'_fb sm
qed
qed
next
case (e x)
with 2(1) stmt_def `¬
qed
next
case (ST th1gosg_e
then show ?thesis
proof (cases "lexp lv env cd st'' g'")
case n2: (n a g'')
define st''' where "st''' = st''(gas := g'')
then show ?thesis
proof (cases a)
case p2: (Pair a b)
then show ?thesis
proof (cases a)
case (LStackloc l)
with 2(1) `¬
have "stmt (ASSIGN lv ex) env cd st = Normal ((), st''' (_ = Nrml (__" ad d[thn: "stmto _" ==>insert stmt_dom_gas[OF d s]›
using stmtmethod msel_ssel_expr_load_rexp
with stmt_def st6stack := updateStorekt'<" by simp
moreover from lexp_gas `¬ gas st ≤ g` n Pair KStoptr Storage STMap n2 p2 have "gas (st'''(stackStore )(tack) ≤usingst'ef
matchrmal ‹
next
case (LMemloc x2)
with 2(1) stmt_def `¬ gas st ≤" for ad ex and e::Environment and cd::CalldataT and st::State ==> ‹
next
case (LStoreloc x3)
with 2(1) stmt_def `¬ gas st ≤ g` n Pair KStoptr pply (rlaton mesue[g size]")
qed
qed
next
case (e x)
with 2(1) stmt_def `¬ gas st ≤
qed
next
case (STValue x3)
with 2(1) stmt_def `¬ gas st ≤ g` n Pair KStoptr Storage sho›
qed
qed
qed
qed
next
case (e x)
with 2(1) stmt_def `¬ gas st ≤
qed
qed
qed
case (3 s1 s2 e cd st)
define g where "g = costs (COMP s1 s2 c s"
show ?case
'
mes_def: st (M 12 ds = Nrml() t6)"
then show "gas st6' ≤ gas st"
proof cases
assume "gas st ≤ g"
with 3(1) stmt_def g_def show ?thesis using stmt.psips(3 ysm
next
me"no gas st \<e
show ?thesis
\lparr>gas := gas st - g)
case (n a st')
with 3(1) stmt_def `\<notst
with 3(3) stmt_def ‹xprecd(( := gas st - costs (ASSIGN lv ex) ev cd st)) (gas st - costs (ASSIGN lv ex) ev cd st) = Normal ((KCDptr p, Calldata (MTArray x t)), g)"
moreover from 3(2)[where ?s'a="st(
ultimately show ?thesis by simp
next
case (e x)
with 3 stmt_def `¬
qed
qed
case (4 ex s1 s2 e cd st)
define g where "g = costs (ITE ex s1 s2) e cd st"
show ?case
proof (rule allI[OF impI])
t6
assume stmt_def: "stmt (ITE ex s1 anand "lexp lv ev cd (st(gNrmalLakclMmyt,g"
then show "gas st6' ≤ gas st"
proof cases
assume gas st ≤g"
with 4(1) stmt_def show ?thesis using stmt.psimps(4) g_def by simp
next
assume "¬ g"
then have l1: "assert Gas (λst. costs (ITE ex s1 s2) e cd st < gasemt p,Mmr (Try xt))g)"
define st' where "st' = st(gas := gas st - g)gas := g)c,t,'"
then have l2: " modify (λ>gas := g', storage := (storage st) (address ev := s))
show ?thesis
proof (cases "expr ex e cd st' (gas st - g)")
case (n a g')
define st'' where "st'' = st'(
with n have l3: "toState (expr ex e cd) st' = Normal (a, st'')wh xre (t<>gas
then show ?thesis
proof (cases a)
case (Pair b c)
then show ?thesis
proof (cases b)
case (KValue b)
nso ?ei
proof (cases c)
case (Value x1)
then show ?thesis
proof (cases x1)
case (TSInt x1)
with 4(1) stmt_def `¬ gas st ≤gas := g', storage := (storage st) (address ev := s))
next
case (TUInt x2)
with 4(1) stmt_def `¬ gas st ≤ g` n Pair KValue Value show ?thesis using stmt.psimps(4) g_def st'_def by simpand "st' =s<>gas
next
case TBool
then show ?thesis
proof cases
assume "b = ShowL)o (SSI lve)v dt =Normal (KVaue , Vau )g
with 4(1) `¬gas := gas st - costs (ASSIGN lv ex) ev cd st\<>)
4OF12l]ttd <>as\sub>ol True` have "gas st6' ≤
moreover from msel_ssel_expr_load_rexp_gas(3)[ofex ds gs st - "]`<> gas st'" using st'_def st''_def by simp
ultimately show ?thesis using st'_def by simp
next
java.lang.NullPointerException
show ?thesis
proof cases
assume "b = ShowLbrexpv vc (s\lparr := g)) g = Normal((LStoreloc l, Storage (STValue t')),g')"
with 4(1) `¬ g` n Pair KValue Value TBool nt have "stmt (ITE ex s1 s2) e cd st = stmt s2 e cd st''" using stmt.psimps(4) g_def st'_def st''_def by simp
(3)OFl1 l l3sttde \not gas st \<le bol False` have "gas st6' ≤def b simmp
moreover from msel_ssel_expr_load_rexp_gas(3)[of ex e cd st' "gas st - g"] `¬ gas st ≤ g` n Pair KValue Value TBool have "gas st'' ≤ gas st'" usas1
ultimately show ?thesis using st'_def by simp
next
java.lang.NullPointerException
with 4(1) stmt_def `¬ gas st ≤ g` n Pair KValue Value TBool nt show ?thesis using stmt.psimps(4) g_def st'_def st''_def by simp
qed
qed
next
case TAddr
with 4(1) stmt_def `¬ gas st ≤ g` n Pair KValue Value show ?thesis using stmt.psimps(4) g_def st'_def st''_def by simp
qed
next
case (Calldata x2)
with 4(1) stmt_def `¬ gas st ≤
next
case (Memory x3)
with 4(1) stmt_def `¬ gas st ≤ g` n Pair KValue show ?thesis using stmt.psimps(4) g_def st'_def st''_def by simp
next
case (Storage x4)
with 4(1) stmt_def `¬ gas st ≤ g` n Pair KValue show ?thesis using stmt.psimps(4) g_def st'_def st''_def by simp
next
case (KCDptr x2)
with 4(1) stmt_def `¬ gas st ≤ g` n Pair show ?thesis using stmt.psimps(4) g_def st'_def st''_def by simp
next
case (KMemptr x3)
with 4(1) stmt_def `¬
next
case (KStoptr x4)
with 4(1) stmt_def `¬ gas st ≤gta() as
qed
qed
next
case (e e)
with 4(1) stmt_def `\< case
qed
qed
qed
case (5 ex s0 e cd st)
define g where "g = costs (WHILE ex s0) e cd st"
show ?case
proof (rule allI[OF impI])
moreover from assms 3 32 obtaip' whee 4 "cesSore stckt Sm Ktoptr ')
assume stmt_def: "stmt (WHILE ex s0) e cd st = Normal ((), st6')"
then show "gas st6' ≤ gas st"
proof cases
assume gas st ≤g"
with 5(1) stmt_def show ?thesis using stmt.psimps(5) g_def by simp
next
assume gcost: "¬ gas st ≤
then have l1: "assert Gas (λst. costs (WHILE ex s0) e cd st < gas
define st' where "st' = st(
then have l2: " modify (λst. st\case
show ?thesis
proof (cases "expr ex e
case (n a g')
define st'' where "st'' = st'(gas := g')"
with n have l3: "toState (expr ex e cd) st' = Normal (a, st'')" using st'_def by simp
then show ?thesis
proof (cases a)
air c)
then show ?thesis
proof (cases b)
case (KValue b)
then show ?thesis
proof proof caases
case (Value x1)
then show ?thesis
proof (cases x1)
case (TSInt x1)
with 5(1) stmt_def gcost n Pair KValue Value show ?thesis using stmt.psimps(5) g_def st'_def by simp
next
with 5(1) stmt_def gcost n Pair KValue Value show ?thesis using stmt.psimps(5) g_def st'_def by simp
next
case TBool
then show ?thesis
proof cases
java.lang.NullPointerException
then show ?thesis
proof (cases "stmt s0 e cd st''")
case n2: (n a st''')
java.lang.NullPointerException
with 5(3) stmt_def gcost n2 Pair KValue Value TBool
java.lang.NullPointerException
moreover from msel_ssel_expr_load_rexp_gas(3)[of ex e cd st' "gas st - g"] `¬ gas st ≤ g` n Pair KValue Value TBool have "gas st'' ≤ gas st'" using st'_def st''_def by simp
lemma comp:
next
case (e x)
java.lang.NullPointerException
qed
next
java.lang.NullPointerException
show ?thesis
proof cases
java.lang.NullPointerException
with 5(1) gcost n Pair KValue Value TBool nt have "stmt (WHILE ex obtains (True) g
ithstm_df ave "as st6\le gas st''" by simp
moreover from mselssel_xp_lad_rxp_gs()[of x e cd st "gas st -g" \not> gas st e g` n Pair KValue Value TBool have "gas st'' ≤ gas st'" using st'_def st''_def by simp
ultimately show ?thesis using g_def st'_def st''_def by simp
next
assume "¬bol False"
with 5(1) stmt_def gcost n Pair KValue Value TBool nt show ?thesis using stmt.psimps(5) g_def st'_def st''_def by simp
qed
next
case TAddr
s nPai KVueVluesow theisuin tm.pimps5 _dfst_dfst'_de y im
qed
next
case (Calldata x2)
with 5(1) stmt_def gcost n Pair KValue show ?thesis using stmt.psimps(5) g_def st'_def st''_def by simp
next
case (Memory x3)
with 5(1) stmt_def gcost n Pair KValue show ?thesis using stmt.psimps(5) g_def st'_def st''_def by simp
next
case (Storage x4)
with 5(1) stmt_def gcost n Pair KValue show ?thesis using stmt.psimps(5) g_def st'_def st''_def by simp
qed
and s<> ol False), Value TBool), g)"
case (KCDptr x2)
with 5(1) stmt_def gcost n Pair show ?thesis using stmt.psimps(5) g_def st'_def st''_def by simp
proof
case (KMemptr x3)
with 5(1) stmt_def gcost n Pair show ?thesis using stmt.psimps(5) g_def st'_def st''_def by simp
next
So 4
with 5(1) stmt_def gcost n Pair show ?thesis using stmt.psimps(5) g_def st'_def st''_def by simp
qed
case (e e)
with 5(1) stmt_def gcost show ?thesis using stmt.psimps(5) g_def st'_def by simp
qed
qed
case (6 i xe e cd st)
define g where "g = costs (INVOKE i xe) e cd st"
show ?case
proof (rule allI[OF impI])
fix st6' assume a1: "stmt (INVOKE i xe) e cd st = Normal ((), st6')"
show"ass6'\le gas st"
proof (cases)
assume "gas st ≤ g"
with 6(1) a1 show ?thesis using stmt.psimps(6) g_def by simp
next
assumeoad FFasefp xe(e' ctemtyyStr pyStr (mem (s\<>gas st🚫
then have l1: "assert Gas (λ st) st = Normal ((), st) " using g_def by simp
define st' where "st' = st(gas := gas st - g)"
then have l2: "modify (λst. st(gas := gas st - costs (INVOKE i xpr-
then from aasmhav 1" st osIVK e)ev dst" by ip pltifspita)
proof (cases "ep $$ contract e")
Nne
java.lang.NullPointerException
next
case (Some x)
then have l3: "option Err (λa (x t') b simp
then show ?thesis
proof (cases x)
case (fields ct _ _)
then show ?thesis
proof (cases "fmlookup ct i")
case None
with 6(1) g_def a1 gcost Some fields sh assumes "stmt (XEN ' ale cs=o xs"
next
case s1: (Some a)
proof (cases a)
case (Method x1)
then show ?thesis
proof (cases x1)
case p1: (fields fp ext f)
then show ?thesis
proof (cases ext)
case True
6)a _df gs Soe filds s1 ethodp1ho ?hesi sin stt.pims(6st'_efb auto
case False
then have l4tack:=stack s,mmory: memory \rparr"
| Some (Method (fp, False, f)) ==> return (fp, f) | Some _ ==> throw Err) st' = Normal ((fp,f),st')" using s1 Method p1 by simp
<>o
where "mo = memory st'"
and "e' = ffold (init ct) (emptyEnv (address e) (contract e) (sender e) (svalue e)) (fmdom ct)"
then show ?thesis
casesod False fp xe ' mtytoe mptStoe m\^o e cd st' (gas st - g)")
case s4: (n a g')
define st'' where "st'' = st'(gas := g')
then show ?thesis
proof (cases a)
java.lang.NullPointerException
then have l5: "toState (load False fp xe e' emptyStore emptyStore m<gas := gas st - costs (EXTERNAL ad' i xe val) ev cd st)
definek^ub>o where k\^o = stack st'"
then show ?thesis
proof (cases "stmt f el cdgas := g)
case n2: (n a st''')
with a1 g_def gcost Some fields s1 Method p1 m\ fromasms 12345 hae 6: "ad \noteq> address ev" ev" by by (simp add: Let_def split: if_split_asm prod.split_asm result.split_asm Stackvalue.split_asm Type.split_asm Types.split_asm option.split_asm)
have "stmt (INVOKE i xe) e cd st = Normal ((), st'''(stack:=ko))"
using stmt.psimps(6)[OF 6(1)] st'_def st''_def by auto
with a1 have "gas st6' ≤
from62)[F l 2 3fields 4 __ _ l, were sg=st'\<>stackl)o_def e'_def
have "…Tyessli_soi.siameb.sltasmbolsl_s
java.lang.NullPointerException
finally show ?thesis using st'_def by simp
next
case (e x)
with 6(1) a1 g_def gcost Smoreove from sms1 3 456 ome 90hv st' '\lparrstack:=stack st, memory := memory st)tamakaespias y.lt_ Tye.ltampo.li_me.pts
qed
qed
x
java.lang.NullPointerException
qed
qed
qed
next
case (Function _)
with 6(1) g_def a1 gcost Some fields s1 show ?thesis using stmt.psimps(6) by simp
next
case (Var _)
th6 g_df a1 gco ome ields s1 how thess using st.pips() bsimp
qed
qed
qed
qed
qed
qed
casea "t t'<>tack:=stack st, memory := memory st)"
define g where "g = costs (EXTERNAL ad i xe val) e cd st"
show ?case
proof (rule allI[OF impI])
t6'ssma1"stt EXTENALad xeva) e cd t = Nrma (() t6)
show "gsst6egas st"
proof (cases)
assume "gas st ≤
with 7(1) a1 show ?thesis using stmt.psimps(7) g_def by simp
next
assume gcost: "¬sha 1ss st TASE de vc t smppi:
then have l1: "assert Gas (λst. costs (EXTERNAL ad i xe val) e cd st <gas
define st' where "st' = st(gas := gas st - g)"
: " oif (\bda>g := gas st - costs (EXTERNAL ad i xe val) e cd st)simp
then show ?thesis
oof cass"ep a ecds' (gas t-g"
case (n a0 g')
define st'' where "st'' = st'(gas := g')"
havel: "ttae (epr d ed)st' Norml (a,s') uig t_d bysip
w?ei
proof case a)
case (Pair b )
then show ?thesis
proof (cases b)
case (KValue adv)
then show ?thesis
roof(caes )
se(Vlue1)
then show ?thesis
proof (cases x1)
case (TSInt x1)
with 7(1) g_def a1 gcost n Pair KValue Value show ?thesis using stmt.psimps(7) st'_def by auto
next
case (TUInt x2)
with 7(1) g_def a1 gcost n Pair KValue Value show ?thesis using stmt.psimps(7) st'_def by auto
java.lang.StringIndexOutOfBoundsException: Index 49 out of bounds for length 26
sta KValue Valu how?tesis ig stm.pimp(7) s'df y ut
next
case TAddr
then have l4: "(case a0 of (KValue adv, Value TAddr) ==> return adv | (KValue adv, Value _) ==> th and "stmt s e' cd' (st() = Normal ((), st')"
| (_, b) ==> throw Err) st'' = Normal (adv, st'')" using Pair KValue Value by simp
then show ?thesis
proof (cases "adv = address e")
case True
withv> hash (addr e Shw\t (contracts (accounts st0 (addre e))
next
case False
then have l5: "assert Err (λ_. adv ≠ address e) st'' = Normal ((), st'')" by simp
then show ?thesis
proof (cases "type (accounts st'' adv)")
case None
with 7(1) g_def a1 gcost n Pair KValue Value TAddr False show ?thesis using stmt.psimps(7) st'_def st''_def by auto
next
case (Some x2)
ow?teis
fcs x2
case EOA
with 7(1) g_def a1 gcost n Pair KValue Value TAddr False Some show ?thesis using stmt.psimps(7) st'_def st''_def by auto
next
case (Contract c)
then have l6: "(λst. case type (accounts st adv) of Some (Contract c) ==>l cdl mgas := g)l, cdl k\<^>,l), g')" by (simp add:Let_defslit: pod.pli_a resesult.spli_a optin.pi_am
esis
proof (cases "ep $$ c")
one
with 7(1) g_def a1 gcost n Pair KValue Value TAddr False Contract Some show ?thesis using stmt.psimps(7) st'_def st''_def by auto
next
case s2: (Some x)
then show ?thesis
proof (cases x)
case p2: (fields ct x0 fb)
then have l7: "option Err (λ_. ep $$ c) st'' = Normal ((ct, x0, fb), st'')" using s2 by simp
then show ?thesis
proof (cases "expr val e cd st'' (gas st'')")
case n1: (n kv g'')
define st''' where "st''' = st''(gas := g'')
with n1 have l8: "toState (exroof (cses ule: mO (3)
then show ?thesis
proof (cases kv)
case p3: (Pair a b)
then show ?thesis
proof (cases a)
case k2: (KValue v)
then show ?thesis
proof (cases b)
case v: (Value t)
then have l9: "(case kv of (KValue v, Value t) ==> return (v, t) | (KValue v, _) ==> throw Err | (_, b) ==> throw Err) st''' = Normal ((v,t), st''')" using n1 p3 k2 by simp
show ?thesis
proof (cases "convert t (TUInt 256) v")
case None
with 7(1) g_def a1 gcost n Pair KValue Value TAddr False Contract Some s2 p2 None n1 p3 k2 v False show ?thesis using stmt.psimps(7)[OF 7(1)] st'_def st''_d nex
next
case s3: (Some v')
define e' where "e' = ffold (init ct) (emptyEnv adv c (address e) v') (fmdom ct)"
show ?thesis
okup
case None
show ?thesis
proof (cases "transfer (address e) adv v' (accounts st''')")
case n2: None
with 7(1) g_def a1 gcost n Pair KValue Value TAddr False Contract Some s2 p2 None n1 p3 k2 v False s3 show ?thesis using stmt.psimps(7)[OF 7(1)] st'_def st''_def st'''_def by simp
next
case scase 1c cb' t f l kl g'' acc st'')
then have l10: "option Err (λst. transfer (address e) adv v' (accounts st)) st''' = Normal (acc, st''')" by simp
define k s'
where "ko = stack st'''"
and "mo = memory st'''"
show ?thesis
proof (cases "stmt fb e' emptyStore (st'''(accounts := acc, stack:=emptyStore, memory:=emptyStore) ase ( (vt a 'v' ccnfs'
case n2: (n a st'''')
with g_def a1 gcost n Pair KValue Value TAddr False Contract Some s2 p2 None n1 p3 k2 v s4
have "stmt (EXTERNAL ad i xe val) e cd st = Normal ((), st''''(stack:=stack st''', memory := memory st'''))" mo()ave ty aca Se ctp"usntasertpes[OF(6 yi
using stmt.psimps(7)[OF 7(1)] st'_def st''_def st'''_def e'_def False s3 by simp
with a1 have "gas st6' ≤ proof (cases rule: blockNone[OF (2))
also from 7(3)[OF l1 l2 l3 l4 l5 l6 l7 _ _ l8 l9 _ _ _ None l10, where ?s'k="st'''" and ?s'l="st'''(
have "…
also from msel_ssel_expr_load_rexp_as3)of lecd t' "ast'']
have "…
lsse_ex_lodrp_ga()of decdst "ast-g"
have "… ≤
finally show ?thesis using st'_def by simp
next
case (e x)
with 7(1) g_def a1 gcost n Pair KValue Value TAddr False Some s2 Contract p2 None n1 p3 k2 v s4 s3 show ?thesis using stmt.p ultimtlswtes
qed
qed
next
case s1: (Some a)
then show ?thesis
proof (cases a)
case (Method x1)
then show ?thesis
proof (cases x1)
case p4: (fields fp ext f)
then show ?thesis
proof (cases ext)
case True
then show ?thesis
proof (cases "load True fp xe e' emptyStore emptyStore emptyStore e cd st''' (gas st''')")
case s4: (n a g''')
define st'''' where "st'''' = st'''(gas := g''')
then show ?thesis
proof (cases a)
case f1: (fields el cdl kl ml)
java.lang.NullPointerException
proof (cases "transfer (address e) adv v' (accounts st'''')")
case n2: None
with 7(1) g_def a1 gcost n Pair KValue Value TAddr False Some s2 Contract p2 s1 Method p4 n1 p3 k2 v s3 f1 e'_def True s4 show ?thesis using stmt.psimps(7)[of ad i xe val e cd st] st'_def st''_def st'''_def st''''_def by simp
next
case s5: (Some acc)
then have l11: "option Err (λst. transfer (address e) adv v' (accounts st)) st'''' = Normal (acc, st'''')" by simp
java.lang.NullPointerException
define mo where "mst 0
show ?thesis
proof (cases "stmt f el cdl (st''''(
case n2: (n a st''''')
java.lang.NullPointerException
have "stmt (EXTERNAL ad i xe val) e cd st = Normal ((), st'''''(stack:=stack st'''', memory := memory st''''))"
using stmt.psimps(7)[of ad i xe val e cd st] st'_def st''_def st'''_def st''''_def True False by simp
with a1 have "gas st6' ≤ gas st'''''" by auto
also from 7(2)[OF l1 l2 l3 l4 l5 l6 l7 _ _ l8 l9 _ _ _ s1 Method _ _ _ l10 _ _ _ l11, where ?s'm="st''''(
have "… ≤ gas (st''''(
also from msel_ssel_expr_load_rexp_gas(4)[of True fp xe e' emptyStore emptyStore emptyStore e cd st''' "gas st'''"]
have "… ≤msel›
also from msel_ssel_expr_load_rexp_gas(3)[of val e cd st'' "gas st''"]
have "… ≤mapping = fmpfi
t=\rparr>"
have "… MTal Bl) TR2[INT8] emp mtStr ystte🚫
finally show ?thesis using st'_def by s Normal ((STR ''.5, Tale Bo)1"bySldiSymxsoii_ye
next
e
qed
qed
qed
next
case (e x)
with 7(1) g_def a1 gcost n Pair KValue Value TAddr False Some s2 Contract p2 s1 Method p4 n1 p3 k2 v e'_def True s3 show ?thesis using stmt.psimps(7) st'_def st''_def st'''_def by simp
qed
next
case f: False
with 7(1) g_def a1 gcost n Pair KValue Value TAddr False Some s2 Contract p2 s1 Method p4 n1 p3 k2 v s3 show ?thesis using stmt.psimps(7) st'_def st''_def st'''_def by simp
qed
qed
next
case (Function _)
with 7(1) g_def a1 gcost n Pair KValue Value TAddr False Some s2 Contract p2 s1 n1 p3 k2 v s3 show ?thesis using stmt.psimps(7) st'_def st''_def st'''_def by simp
next
case (Var _)
with 7(1) g_def a1 gcost n Pair KValue Value TAddr False Some s2 Contract p2 s1 n1 p3 k2 v s3 show ?thesis using stmt.psimps(7) st'_def st''_def st'''_def by simp
qed
qed
qed
next
case (Calldata x2)
with 7(1) g_def a1 gcost n Pair KValue Value TAddr False Some s2 Contract p2 n1 p3 k2 show ?thesis using stmt.psimps(7) st'_def st''_def st'''_def by simp
next
case (Memory x3)
with 7(1) g_def a1 gcost n Pair KValue Value TAddr False Some s2 Contract p2 n1 p3 k2 show ?thesis using stmt.psimps(7) st'_def st''_def st'''_def by simp
next
case (Storage x4)
with 7(1) g_def a1 gcost n Pair KValue Value TAddr False Some s2 Contract p2 n1 p3 k2 show ?thesis using stmt.psimps(7) st'_def st''_def st'''_def by simp
qed
next
case (KCDptr x2)
with 7(1) g_def a1 gcost n Pair KValue Value TAddr False Some s2 Contract p2 n1 p3 show ?thesis using stmt.psimps(7) st'_def st''_def st'''_def by simp
next
case (KMemptr x3)
with 7(1) g_def a1 gcost n Pair KValue Value TAddr False Some s2 Contract p2 n1 p3 show ?thesis using stmt.psimps(7) st'_def st''_def st'''_def by simp
next
case (KStoptr x4)
with 7(1) g_def a1 gcost n Pair KValue Value TAddr False Some s2 Contract p2 n1 p3 show ?thesis using stmt.psimps(7) st'_def st''_def st'''_def by simp
qed
qed
next
case n2: (e x)
with 7(1) g_def a1 gcost n Pair KValue Value TAddr False Some s2 Contract p2 show ?thesis using stmt.psimps(7) st'_def st''_def by simp
qed
qed
qed
qed
qed
qed
qed
next
case (Calldata x2)
with 7(1) g_def a1 gcost n Pair KValue show ?thesis using stmt.psimps(7) st'_def st''_def by simp
next
case (Memory x3)
with 7(1) g_def a1 gcost n Pair KValue show ?thesis using stmt.psimps(7) st'_def st''_def by simp
next
case (Storage x4)
with 7(1) g_def a1 gcost n Pair KValue show ?thesis using stmt.psimps(7) st'_def st''_def by simp
qed
next
case (KCDptr x2)
with 7(1) g_def a1 gcost n Pair show ?thesis using stmt.psimps(7) st'_def st''_def by simp
next
case (KMemptr x3)
with 7(1) g_def a1 gcost n Pair show ?thesis using stmt.psimps(7) st'_def st''_def by simp
next
case (KStoptr x4)
with 7(1) g_def a1 gcost n Pair show ?thesis using stmt.psimps(7) st'_def st''_def by simp
qed
qed
next
case (e _)
with 7(1) g_def a1 gcost show ?thesis using stmt.psimps(7) st'_def by simp
qed
qed
qed
case (8 ad ex e cd st)
define g where "g = costs (TRANSFER ad ex) e cd st"
show ?case
proof (rule allI[OF impI])
fix st6' assume stmt_def: "stmt (TRANSFER ad ex) e cd st = Normal ((), st6')"
show "gas st6' ≤ gas st"
proof cases
assume "gas st ≤ g"
with 8 stmt_def g_def show ?thesis using stmt.psimps(8)[of ad ex e cd st] by simp
next
assume "¬ gas st ≤ g"
then have l1: "assert Gas (λst. costs (TRANSFER ad ex) e cd st < gas st) st = Normal ((), st) " using g_def by simp
define st' where "st' = st(gas := gas st - g)"
then have l2: " modify (λst. st(gas := gas st - costs (TRANSFER ad ex) e cd st)) st = Normal ((), st')" using g_def by simp
show ?thesis
proof (cases "expr ad e cd st' (gas st - g)")
case (n a0 g')
define st'' where "st'' = st'(gas := g')"
with n have l3: "toState (expr ad e cd) st' = Normal (a0, st'')" using st'_def by simp
then show ?thesis
proof (cases a0)
case (Pair b c)
then show ?thesis
proof (cases b)
case (KValue adv)
then show ?thesis
proof (cases c)
case (Value x1)
then show ?thesis
proof (cases x1)
case (TSInt x1)
with 8(1) stmt_def `¬ gas st ≤ g` n Pair KValue Value g_def show ?thesis using stmt.psimps(8) st'_def st''_def by simp
next
case (TUInt x2)
with 8(1) stmt_def `¬ gas st ≤ g` n Pair KValue Value g_def show ?thesis using stmt.psimps(8) st'_def st''_def by simp
next
case TBool
with 8(1) stmt_def `¬ gas st ≤ g` n Pair KValue Value g_def show ?thesis using stmt.psimps(8) st'_def st''_def by simp
next
case TAddr
then have l4: "(case a0 of (KValue adv, Value TAddr) ==> return adv | (KValue adv, Value _) ==> throw Err | (KValue adv, _) ==> throw Err
| (_, b) ==> throw Err) st'' = Normal (adv, st'')" using Pair KValue Value by simp
then show ?thesis
proof (cases "expr ex e cd st'' (gas st'')")
case n2: (n a1 g'')
define st''' where "st''' = st''(gas := g'')"
with n2 have l5: "toState (expr ex e cd) st'' = Normal (a1, st''')" by simp
then show ?thesis
proof (cases a1)
case p2: (Pair b c)
then show ?thesis
proof (cases b)
case k2: (KValue v)
then show ?thesis
proof (cases c)
case v2: (Value t)
then have l6: "(case a1 of (KValue v, Value t) ==> return (v, t) | (KValue v, _) ==> throw Err | (_, b) ==> throw Err) st''' = Normal ((v,t), st''')" using p2 k2 by simp
then show ?thesis
proof (cases "convert t (TUInt 256) v")
case None
with 8(1) stmt_def g_def `¬ gas st ≤ g` n Pair KValue Value n2 p2 k2 v2 TAddr show ?thesis using stmt.psimps(8) st'_def st''_def st'''_def by simp
next
case (Some v')
then show ?thesis
proof (cases "type (accounts st''' adv)")
case None
with 8(1) stmt_def g_def `¬ gas st ≤ g` n Pair KValue Value n2 p2 k2 v2 TAddr Some show ?thesis using stmt.psimps(8) st'_def st''_def st'''_def by simp
next
case s0: (Some a)
then show ?thesis
proof (cases a)
case EOA
then show ?thesis
proof (cases "transfer (address e) adv v' (accounts st''')")
case None
with 8(1) stmt_def g_def `¬ gas st ≤ g` n Pair KValue Value n2 p2 k2 v2 TAddr Some EOA s0 show ?thesis using stmt.psimps(8) st'_def st''_def st'''_def by simp
next
case s1: (Some acc)
then have l7: "option Err (λst. transfer (address e) adv v' (accounts st)) st''' = Normal (acc, st''')" using st'''_def by simp
with 8(1) `¬ gas st ≤ g` n Pair KValue Value n2 p2 k2 v2 TAddr Some EOA g_def s0
have "stmt (TRANSFER ad ex) e cd st = Normal ((),st'''(accounts:=acc))" using stmt.psimps(8)[of ad ex e cd st] st'_def st''_def st'''_def by simp
with stmt_def have "gas st6' = gas (st'''(accounts:=acc))" by auto
also from msel_ssel_expr_load_rexp_gas(3)[of ex e cd st'' "gas st''"]
have "… ≤ gas st''" using st'_def st''_def st'''_def n2 by fastforce
also from msel_ssel_expr_load_rexp_gas(3)[of ad e cd st' "gas st - g"]
have "… ≤ gas st'" using st'_def st''_def n by fastforce
finally show ?thesis using st'_def by simp
qed
next
case (Contract c)
then show ?thesis
proof (cases "ep $$ c")
case None
with 8(1) stmt_def g_def `¬ gas st ≤ g` n Pair KValue Value n2 p2 k2 v2 TAddr Contract Some s0 show ?thesis using stmt.psimps(8) st'_def st''_def st'''_def by simp
next
case s2: (Some a)
then show ?thesis
proof (cases a)
case p3: (fields ct cn f)
with s2 have l7: "option Err (λ_. ep $$ c) st''' = Normal ((ct, cn, f), st''')" by simp
define e' where "e' = ffold_init ct (emptyEnv adv c (address e) v') (fmdom ct)"
show ?thesis
proof (cases "transfer (address e) adv v' (accounts st''')")
case None
with 8(1) stmt_def g_def `¬ gas st ≤ g` n Pair KValue Value n2 p2 k2 v2 TAddr Contract Some s2 p3 s0 show ?thesis using stmt.psimps(8) st'_def st''_def st'''_def by simp
next
case s3: (Some acc)
then have l8: "option Err (λst. transfer (address e) adv v' (accounts st)) st''' = Normal (acc, st''')" by simp
then show ?thesis
proof (cases "stmt f e' emptyStore (st'''(accounts := acc, stack:=emptyStore, memory:=emptyStore))")
case n3: (n a st'''')
with 8(1) `¬ gas st ≤ g` n Pair KValue Value n2 p2 k2 v2 TAddr Some s2 p3 g_def Contract s3 s0
have "stmt (TRANSFER ad ex) e cd st = Normal ((),st''''(stack:=stack st''', memory := memory st'''))" using e'_def stmt.psimps(8)[of ad ex e cd st] st'_def st''_def st'''_def by simp
with stmt_def have "gas st6' ≤ gas st''''" by auto
also from 8(2)[OF l1 l2 l3 l4 l5 l6, of v t _ _ "accounts st'''" "st'''", OF _ _ _ s0 Contract l7 _ _ _ _ _ l8, where ?s'k="st'''(accounts := acc, stack := emptyStore, memory := emptyStore)"] `¬ gas st ≤ g` e'_def n3 Some
have "… ≤ gas (st'''(accounts := acc, stack := emptyStore, memory := emptyStore))" by simp
also from msel_ssel_expr_load_rexp_gas(3)[of ex e cd st'' "gas st''"]
have "… ≤ gas st''" using st'_def st''_def st'''_def n2 by fastforce
also from msel_ssel_expr_load_rexp_gas(3)[of ad e cd st' "gas st - g"]
have "… ≤ gas st'" using st'_def st''_def n by fastforce
finally show ?thesis using st'_def by simp
next
case (e x)
with 8(1) `¬ gas st ≤ g` n Pair KValue Value n2 p2 k2 v2 TAddr Some s2 p3 g_def e'_def stmt_def Contract s3 s0 show ?thesis using stmt.psimps(8)[of ad ex e cd st] st'_def st''_def st'''_def by simp
qed
qed
qed
qed
qed
qed
qed
next
case (Calldata x2)
with 8(1) stmt_def `¬ gas st ≤ g` n Pair KValue Value TAddr n2 p2 k2 g_def show ?thesis using stmt.psimps(8) st'_def st''_def st'''_def by simp
next
case (Memory x3)
with 8(1) stmt_def `¬ gas st ≤ g` n Pair KValue Value TAddr n2 p2 k2 g_def show ?thesis using stmt.psimps(8) st'_def st''_def st'''_def by simp
next
case (Storage x4)
with 8(1) stmt_def `¬ gas st ≤ g` n Pair KValue Value TAddr n2 p2 k2 g_def show ?thesis using stmt.psimps(8) st'_def st''_def st'''_def by simp
qed
next
case (KCDptr x2)
with 8(1) stmt_def `¬ gas st ≤ g` n Pair KValue Value TAddr n2 p2 g_def show ?thesis using stmt.psimps(8) st'_def st''_def st'''_def by simp
next
case (KMemptr x3)
with 8(1) stmt_def `¬ gas st ≤ g` n Pair KValue Value TAddr n2 p2 g_def show ?thesis using stmt.psimps(8) st'_def st''_def st'''_def by simp
next
case (KStoptr x4)
with 8(1) stmt_def `¬ gas st ≤ g` n Pair KValue Value TAddr n2 p2 g_def show ?thesis using stmt.psimps(8) st'_def st''_def st'''_def by simp
qed
qed
next
case (e e)
with 8(1) stmt_def `¬ gas st ≤ g` n Pair KValue Value TAddr g_def show ?thesis using stmt.psimps(8) st'_def st''_def by simp
qed
qed
next
case (Calldata x2)
with 8(1) stmt_def `¬ gas st ≤ g` n Pair KValue g_def show ?thesis using stmt.psimps(8) st'_def st''_def by simp
next
case (Memory x3)
with 8(1) stmt_def `¬ gas st ≤ g` n Pair KValue g_def show ?thesis using stmt.psimps(8) st'_def st''_def by simp
next
case (Storage x4)
with 8(1) stmt_def `¬ gas st ≤ g` n Pair KValue g_def show ?thesis using stmt.psimps(8) st'_def st''_def by simp
qed
next
case (KCDptr x2)
with 8(1) stmt_def `¬ gas st ≤ g` n Pair g_def show ?thesis using stmt.psimps(8) st'_def st''_def by simp
next
case (KMemptr x3)
with 8(1) stmt_def `¬ gas st ≤ g` n Pair g_def show ?thesis using stmt.psimps(8) st'_def st''_def by simp
next
case (KStoptr x4)
with 8(1) stmt_def `¬ gas st ≤ g` n Pair g_def show ?thesis using stmt.psimps(8) st'_def st''_def by simp
qed
qed
next
case (e e)
with 8(1) stmt_def `¬ gas st ≤ g` g_def show ?thesis using stmt.psimps(8) st'_def by simp
qed
qed
qed
case (9 id0 tp s ev cd st)
define g where "g = costs (BLOCK ((id0, tp), None) s) ev cd st"
show ?case
proof (rule allI[OF impI])
fix st6' assume stmt_def: "stmt (BLOCK ((id0, tp), None) s) ev cd st = Normal ((), st6')"
show "gas st6' ≤ gas st"
proof cases
assume "gas st ≤ g"
with 9 stmt_def g_def show ?thesis using stmt.psimps(9) by simp
next
assume "¬ gas st ≤ g"
then have l1: "assert Gas (λst. costs (BLOCK ((id0, tp), None) s) ev cd st < gas st) st = Normal ((), st) " using g_def by simp
define st' where "st' = st(gas := gas st - g)"
then have l2: "modify (λst. st(gas := gas st - costs (BLOCK ((id0, tp), None) s) ev cd st)) st = Normal ((), st')" using g_def by simp
show ?thesis
proof (cases "decl id0 tp None False cd (memory st') (storage st') (cd, (memory st'), (stack st'), ev)")
case n2: None
with 9 stmt_def `¬ gas st ≤ g` g_def show ?thesis using stmt.psimps(9) st'_def by simp
next
case (Some a)
then have l3: "option Err (λst. decl id0 tp None False cd (memory st) (storage st) (cd, memory st, stack st, ev)) st' = Normal (a, st')" by simp
then show ?thesis
proof (cases a)
case (fields cd' mem' sck' e')
with 9(1) stmt_def `¬ gas st ≤ g` g_def have "stmt (BLOCK ((id0, tp), None) s) ev cd st = stmt s e' cd' (st(gas := gas st - g, stack := sck', memory := mem'))" using stmt.psimps(9)[OF 9(1)] Some st'_def by simp
with 9(2)[OF l1 l2 l3] stmt_def `¬ gas st ≤ g` fields g_def have "gas st6' ≤ gas (st(gas := gas st - g, stack := sck', memory := mem'))" using st'_def by fastforce
then show ?thesis by simp
qed
qed
qed
qed
case (10 id0 tp ex' s ev cd st)
define g where "g = costs (BLOCK ((id0, tp), Some ex') s) ev cd st"
show ?case
proof (rule allI[OF impI])
fix st6' assume stmt_def: "stmt (BLOCK ((id0, tp), Some ex') s) ev cd st = Normal ((), st6')"
show "gas st6' ≤ gas st"
proof cases
assume "gas st ≤ g"
with 10 stmt_def g_def show ?thesis using stmt.psimps(10) by simp
next
assume "¬ gas st ≤ g"
then have l1: "assert Gas (λst. costs (BLOCK ((id0, tp), Some ex') s) ev cd st < gas st) st = Normal ((), st) " using g_def by simp
define st' where "st' = st(gas := gas st - g)"
then have l2: "modify (λst. st(gas := gas st - costs (BLOCK ((id0, tp), Some ex') s) ev cd st)) st = Normal ((), st')" using g_def by simp
show ?thesis
proof (cases "expr ex' ev cd st' (gas st - g)")
case (n a g')
define st'' where "st'' = st'(gas := g')"
with n have l3: "toState (expr ex' ev cd) st' = Normal (a, st'')" using st''_def st'_def by simp
then show ?thesis
proof (cases a)
case (Pair v t)
then show ?thesis
proof (cases "decl id0 tp (Some (v, t)) False cd (memory st'') (storage st'') (cd, memory st'', stack st'', ev)")
case None
with 10(1) stmt_def `¬ gas st ≤ g` n Pair g_def show ?thesis using stmt.psimps(10) st'_def st''_def by simp
next
case s2: (Some a)
then have l4: "option Err (λst. decl id0 tp (Some (v, t)) False cd (memory st) (storage st) (cd, memory st, stack st, ev)) st'' = Normal (a, st'')" by simp
then show ?thesis
proof (cases a)
case (fields cd' mem' sck' e')
with 10(1) stmt_def `¬ gas st ≤ g` n Pair s2 g_def have "stmt (BLOCK ((id0, tp), Some ex') s) ev cd st = stmt s e' cd' (st''(stack := sck', memory := mem'))" using stmt.psimps(10)[of id0 tp ex' s ev cd st] st'_def st''_def by simp
with 10(2)[OF l1 l2 l3 Pair l4 fields, where s'd="st''(stack := sck', memory := mem')"] n stmt_def `¬ gas st ≤ g` s2 fields g_def have "gas st6' ≤ gas st''" by simp
moreover from msel_ssel_expr_load_rexp_gas(3)[of ex' ev cd st' "gas st - g"] n have "gas st'' ≤ gas st'" using st'_def st''_def by fastforce
ultimately show ?thesis using st'_def by simp
qed
qed
qed
next
case (e e)
with 10 stmt_def `¬ gas st ≤ g` g_def show ?thesis using stmt.psimps(10) st'_def by simp
qed
qed
qed
case (11 i xe val e cd st)
define g where "g = costs (NEW i xe val) e cd st"
show ?case
proof (rule allI[OF impI])
fix st6' assume a1: "stmt (NEW i xe val) e cd st = Normal ((), st6')"
show "gas st6' ≤ gas st"
proof (cases)
assume "gas st ≤ g"
with 11(1) a1 show ?thesis using stmt.psimps(11) g_def by simp
next
assume gcost: "¬ gas st ≤ g"
then have l1: "assert Gas (λst. costs (NEW i xe val) e cd st < gas st) st = Normal ((), st) " using g_def by simp
define st' where "st' = st(gas := gas st - g)"
then have l2: "modify (λst. st(gas := gas st - costs (NEW i xe val) e cd st)) st = Normal ((), st')" using g_def by simp
define adv where "adv = hash (address e) (ShowLnat (contracts (accounts st' (address e))))"
then show ?thesis
proof (cases "type (accounts st' adv) = None")
case True
then show ?thesis
proof (cases "expr val e cd st' (gas st')")
case n0: (n kv g')
define st'' where "st'' = st'(gas := g')"
then have l4: "toState (expr val e cd) st' = Normal (kv, st'')" using n0 by simp
then show ?thesis
proof (cases kv)
case p0: (Pair a b)
then show ?thesis
proof (cases a)
case k0: (KValue v)
then show ?thesis
proof (cases b)
case v0: (Value t)
then show ?thesis
proof (cases "ep $$ i")
case None
with a1 gcost g_def True n0 p0 k0 v0
show ?thesis using stmt.psimps(11)[OF 11(1)] adv_def st'_def st''_def by simp
next
case s0: (Some a)
then have l5: "option Err (λ_. ep $$ i) st'' = Normal (a, st'')" by simp
then show ?thesis
proof (cases a)
case f0: (fields ct cn _)
define e' where "e' = ffold_init ct (emptyEnv adv i (address e) v) (fmdom ct)"
then show ?thesis
proof (cases "load True (fst cn) xe e' emptyStore emptyStore emptyStore e cd st'' (gas st'')")
case n1: (n a g'')
define st''' where "st''' = st''(gas := g'')"
then have l6: "toState (load True (fst cn) xe e' emptyStore emptyStore emptyStore e cd) st'' = Normal (a, st''')" using n1 by simp
then show ?thesis
proof (cases a)
case f1: (fields el cdl kl ml)
define st'''' where "st'''' = st'''(accounts:=(accounts st''')(adv := (bal = ShowLint 0, type = Some (Contract i), contracts = 0)), storage:=(storage st''')(adv := {$$}))"
then show ?thesis
proof (cases "transfer (address e) adv v (accounts st'''')")
case None
with a1 gcost g_def True n0 p0 k0 v0 s0 f0 n1 f1
show ?thesis using stmt.psimps(11)[OF 11(1)] adv_def e'_def st'_def st''_def st'''_def st''''_def by (simp add:Let_def)
next
case s1: (Some acc)
define st''''' where "st''''' = st''''(accounts := acc, stack:=kl, memory:=ml)"
then show ?thesis
proof (cases "stmt (snd cn) el cdl st'''''")
case (n a st'''''')
define st''''''' where "st''''''' = st''''''(stack:=stack st'''', memory := memory st'''')"
define st'''''''' where "st'''''''' = incrementAccountContracts (address e) st'''''''"
from a1 gcost g_def True n0 p0 k0 v0 s0 f0 n1 f1 s1 n have "st6' = st''''''''"
using st'_def st''_def st'''_def st''''_def st'''''_def st'''''''_def st''''''''_def
stmt.psimps(11)[OF 11(1)] adv_def e'_def by (simp add:Let_def)
then have "gas st6' = gas st''''''''" by simp
also have "… ≤ gas st'''''''" using st''''''''_def incrementAccountContracts_def by simp
also have "… ≤ gas st''''''" using st'''''''_def by simp
also have "… ≤ gas st'''''" using 11(2)[OF l1 l2 _ _ l4 _ _ l5 _ _ e'_def l6, where ?s'h="st''''" and ?s'i="st''''" and ?s'j="st''''" and ?s'k="st''''(accounts := acc, stack := kl, memory := ml)", of st' "()"] p0 k0 v0 f0 f1 s1 n True st''''_def st'''''_def adv_def by simp
also have "… ≤ gas st''''" using st'''''_def by simp
also have "… ≤ gas st'''" using st''''_def by simp
also have "… ≤ gas st''" using st'''_def msel_ssel_expr_load_rexp_gas(4) n1 f1 by simp
also have "… ≤ gas st'" using st''_def msel_ssel_expr_load_rexp_gas(3) n0 p0 by simp
also have "… ≤ gas st" using st'_def by simp
finally show ?thesis .
next
case (e e)
with a1 gcost g_def n0 True p0 k0 v0 s0 f0 n1 f1 s1
show ?thesis using stmt.psimps(11)[OF 11(1)] adv_def e'_def st'_def st''_def st'''_def st''''_def st'''''_def by (simp add:Let_def)
qed
qed
qed
next
case (e e)
with a1 gcost g_def n0 True p0 k0 v0 s0 f0
show ?thesis using stmt.psimps(11)[OF 11(1)] adv_def e'_def st'_def st''_def by (simp add:Let_def)
qed
qed
qed
next
case (Calldata x2)
with a1 gcost g_def n0 True p0 k0
show ?thesis using stmt.psimps(11)[OF 11(1)] adv_def st'_def by simp
next
case (Memory x3)
with a1 gcost g_def n0 True p0 k0
show ?thesis using stmt.psimps(11)[OF 11(1)] adv_def st'_def by simp
next
case (Storage x4)
with a1 gcost g_def n0 True p0 k0
show ?thesis using stmt.psimps(11)[OF 11(1)] adv_def st'_def by simp
qed
next
case (KCDptr x2)
with a1 gcost g_def n0 True p0
show ?thesis using stmt.psimps(11)[OF 11(1)] adv_def st'_def by simp
next
case (KMemptr x3)
with a1 gcost g_def n0 True p0
show ?thesis using stmt.psimps(11)[OF 11(1)] adv_def st'_def by simp
next
case (KStoptr x4)
with a1 gcost g_def n0 True p0
show ?thesis using stmt.psimps(11)[OF 11(1)] adv_def st'_def by simp
qed
qed
next
case (e e)
with a1 gcost g_def True
show ?thesis using stmt.psimps(11)[OF 11(1)] adv_def st'_def by simp
qed
next
case False
with a1 gcost g_def
show ?thesis using stmt.psimps(11)[OF 11(1)] adv_def st'_def by (simp split:if_split_asm)
qed
qed
qed
‹Termination function›
‹Now we can prove termination using the lemma above.›
sgas
where "sgas l = gas (snd (snd (snd l)))"
ssize
where "ssize l = size (fst l)"
stmt_dom_gas =
match premises in s: "stmt _ _ _ _ = Normal (_,_)" and d[thin]: "stmt_dom _" ==> ‹insert stmt_dom_gas[OF d s]›
msel_ssel_expr_load_rexp =
match premises in e[thin]: "expr _ _ _ _ _ = Normal (_,_)" ==> ‹insert msel_ssel_expr_load_rexp_gas(3)[OF e]› |
match premises in l[thin]: "load _ _ _ _ _ _ _ _ _ _ _ = Normal (_,_)" ==> ‹insert msel_ssel_expr_load_rexp_gas(4)[OF l, THEN conjunct1]›
costs =
match premises in "costs (WHILE ex s0) e cd st < _" for ex s0 and e::Environment and cd::CalldataT and st::State ==> ‹insert while_not_zero[of (unchecked) ex s0 e cd st]› |
match premises in "costs (INVOKE i xe) e cd st < _" for i xe and e::Environment and cd::CalldataT and st::State ==> ‹insert invoke_not_zero[of (unchecked) i xe e cd st]› |
match premises in "costs (EXTERNAL ad i xe val) e cd st < _" for ad i xe val and e::Environment and cd::CalldataT and st::State ==> ‹insert external_not_zero[of (unchecked) ad i xe val e cd st]› |
match premises in "costs (TRANSFER ad ex) e cd st < _" for ad ex and e::Environment and cd::CalldataT and st::State ==> ‹insert transfer_not_zero[of (unchecked) ad ex e cd st]› |
match premises in "costs (NEW i xe val) e cd st < _" for i xe val and e::Environment and cd::CalldataT and st::State ==> ‹insert new_not_zero[of (unchecked) i xe val e cd st]›
stmt
apply (relation "measures [sgas, ssize]")
apply (auto split: if_split_asm result.split_asm Stackvalue.split_asm Type.split_asm Types.split_asm option.split_asm Member.split_asm bool.split_asm atype.split_asm)
apply ((stmt_dom_gas | msel_ssel_expr_load_rexp)+, costs?, simp)+
done
‹Gas Reduction›
‹
The following corollary is a generalization of @{thm [source] msel_ssel_expr_load_rexp_dom_gas}.
We first prove that the function is defined for all input values and then obtain the final result as a corollary.
›
stmt_dom: "stmt_dom (s6, ev6, cd6, st6)"
apply (induct rule: stmt.induct[where ?P="λs6 ev6 cd6 st6. stmt_dom (s6, ev6, cd6, st6)"])
apply (simp_all add: stmt.domintros(1-10))
apply (rule stmt.domintros(11), force)
done
stmt_gas = stmt_dom_gas[OF stmt_dom]
skip:
assumes "stmt SKIP ev cd st = Normal (x, st')"
shows "gas st > costs SKIP ev cd st"
and "st' = st(gas := gas st - costs SKIP ev cd st)"
using assms by (auto split:if_split_asm)
assign:
assumes "stmt (ASSIGN lv ex) ev cd st = Normal (xx, st')"
obtains (1) v t g l t' g' v'
where "expr ex ev cd (st(gas := gas st - costs (ASSIGN lv ex) ev cd st)) (gas st - costs (ASSIGN lv ex) ev cd st) = Normal ((KValue v, Value t), g)"
and "lexp lv ev cd (st(gas := g)) g = Normal((LStackloc l, Value t'),g')"
and "convert t t' v = Some v'"
and "st' = st(gas := g', stack := updateStore l (KValue v') (stack st))"
| (2) v t g l t' g' v'
where "expr ex ev cd (st(gas := gas st - costs (ASSIGN lv ex) ev cd st)) (gas st - costs (ASSIGN lv ex) ev cd st) = Normal ((KValue v, Value t), g)"
and "lexp lv ev cd (st(gas := g)) g = Normal((LStoreloc l, Storage (STValue t')),g')"
and "convert t t' v = Some v'"
and "st' = st(gas := g', storage := (storage st) (address ev := (fmupd l v' (storage st (address ev)))))"
| (3) v t g l t' g' v'
where "expr ex ev cd (st(gas := gas st - costs (ASSIGN lv ex) ev cd st)) (gas st - costs (ASSIGN lv ex) ev cd st) = Normal ((KValue v, Value t), g)"
and "lexp lv ev cd (st(gas := g)) g = Normal((LMemloc l, Memory (MTValue t')),g')"
and "convert t t' v = Some v'"
and "st' = st(gas := g', memory := updateStore l (MValue v') (memory st))"
| (4) p x t g l t' g' p' m
where "expr ex ev cd (st(gas := gas st - costs (ASSIGN lv ex) ev cd st)) (gas st - costs (ASSIGN lv ex) ev cd st) = Normal ((KCDptr p, Calldata (MTArray x t)), g)"
and "lexp lv ev cd (st(gas := g)) g = Normal((LStackloc l, Memory t'),g')"
and "accessStore l (stack st) = Some (KMemptr p')"
and "cpm2m p p' x t cd (memory st) = Some m"
and "st' = st(gas := g', memory := m)"
| (5) p x t g l t' g' p' s
where "expr ex ev cd (st(gas := gas st - costs (ASSIGN lv ex) ev cd st)) (gas st - costs (ASSIGN lv ex) ev cd st) = Normal ((KCDptr p, Calldata (MTArray x t)), g)"
and "lexp lv ev cd (st(gas := g)) g = Normal((LStackloc l, Storage t'),g')"
and "accessStore l (stack st) = Some (KStoptr p')"
and "cpm2s p p' x t cd (storage st (address ev)) = Some s"
and "st' = st(gas := g', storage := (storage st) (address ev := s))"
| (6) p x t g l t' g' s
where "expr ex ev cd (st(gas := gas st - costs (ASSIGN lv ex) ev cd st)) (gas st - costs (ASSIGN lv ex) ev cd st) = Normal ((KCDptr p, Calldata (MTArray x t)), g)"
and "lexp lv ev cd (st(gas := g)) g = Normal((LStoreloc l, t'),g')"
and "cpm2s p l x t cd (storage st (address ev)) = Some s"
and "st' = st(gas := g', storage := (storage st) (address ev := s))"
| (7) p x t g l t' g' m
where "expr ex ev cd (st(gas := gas st - costs (ASSIGN lv ex) ev cd st)) (gas st - costs (ASSIGN lv ex) ev cd st) = Normal ((KCDptr p, Calldata (MTArray x t)), g)"
and "lexp lv ev cd (st(gas := g)) g = Normal((LMemloc l, t'),g')"
and "cpm2m p l x t cd (memory st) = Some m"
and "st' = st(gas := g', memory := m)"
| (8) p x t g l t' g'
where "expr ex ev cd (st(gas := gas st - costs (ASSIGN lv ex) ev cd st)) (gas st - costs (ASSIGN lv ex) ev cd st) = Normal ((KMemptr p, Memory (MTArray x t)), g)"
and "lexp lv ev cd (st(gas := g)) g = Normal((LStackloc l, Memory t'),g')"
and "st' = st(gas := g', stack := updateStore l (KMemptr p) (stack st))"
| (9) p x t g l t' g' p' s
where "expr ex ev cd (st(gas := gas st - costs (ASSIGN lv ex) ev cd st)) (gas st - costs (ASSIGN lv ex) ev cd st) = Normal ((KMemptr p, Memory (MTArray x t)), g)"
and "lexp lv ev cd (st(gas := g)) g = Normal((LStackloc l, Storage t'),g')"
and "accessStore l (stack st) = Some (KStoptr p')"
and "cpm2s p p' x t (memory st) (storage st (address ev)) = Some s"
and "st' = st(gas := g', storage := (storage st) (address ev := s))"
| (10) p x t g l t' g' s
where "expr ex ev cd (st(gas := gas st - costs (ASSIGN lv ex) ev cd st)) (gas st - costs (ASSIGN lv ex) ev cd st) = Normal ((KMemptr p, Memory (MTArray x t)), g)"
and "lexp lv ev cd (st(gas := g)) g = Normal((LStoreloc l, t'),g')"
and "cpm2s p l x t (memory st) (storage st (address ev)) = Some s"
and "st' = st(gas := g', storage := (storage st) (address ev := s))"
| (11) p x t g l t' g'
where "expr ex ev cd (st(gas := gas st - costs (ASSIGN lv ex) ev cd st)) (gas st - costs (ASSIGN lv ex) ev cd st) = Normal ((KMemptr p, Memory (MTArray x t)), g)"
and "lexp lv ev cd (st(gas := g)) g = Normal((LMemloc l, t'),g')"
and "st' = st(gas := g', memory := updateStore l (MPointer p) (memory st))"
| (12) p x t g l t' g' p' m
where "expr ex ev cd (st(gas := gas st - costs (ASSIGN lv ex) ev cd st)) (gas st - costs (ASSIGN lv ex) ev cd st) = Normal ((KStoptr p, Storage (STArray x t)), g)"
and "lexp lv ev cd (st(gas := g)) g = Normal((LStackloc l, Memory t'),g')"
and "accessStore l (stack st) = Some (KMemptr p')"
and "cps2m p p' x t (storage st (address ev)) (memory st) = Some m"
and "st' = st(gas := g', memory := m)"
| (13) p x t g l t' g'
where "expr ex ev cd (st(gas := gas st - costs (ASSIGN lv ex) ev cd st)) (gas st - costs (ASSIGN lv ex) ev cd st) = Normal ((KStoptr p, Storage (STArray x t)), g)"
and "lexp lv ev cd (st(gas := g)) g = Normal((LStackloc l, Storage t'),g')"
and "st' = st(gas := g', stack := updateStore l (KStoptr p) (stack st))"
| (14) p x t g l t' g' s
where "expr ex ev cd (st(gas := gas st - costs (ASSIGN lv ex) ev cd st)) (gas st - costs (ASSIGN lv ex) ev cd st) = Normal ((KStoptr p, Storage (STArray x t)), g)"
and "lexp lv ev cd (st(gas := g)) g = Normal((LStoreloc l, t'),g')"
and "copy p l x t (storage st (address ev)) = Some s"
and "st' = st(gas := g', storage := (storage st) (address ev := s))"
| (15) p x t g l t' g' m
where "expr ex ev cd (st(gas := gas st - costs (ASSIGN lv ex) ev cd st)) (gas st - costs (ASSIGN lv ex) ev cd st) = Normal ((KStoptr p, Storage (STArray x t)), g)"
and "lexp lv ev cd (st(gas := g)) g = Normal((LMemloc l, t'),g')"
and "cps2m p l x t (storage st (address ev)) (memory st) = Some m"
and "st' = st(gas := g', memory := m)"
| (16) p t t' g l t'' g'
where "expr ex ev cd (st(gas := gas st - costs (ASSIGN lv ex) ev cd st)) (gas st - costs (ASSIGN lv ex) ev cd st) = Normal ((KStoptr p, Storage (STMap t t')), g)"
and "lexp lv ev cd (st(gas := g)) g = Normal((LStackloc l, t''),g')"
and "st' = st(gas := g', stack := updateStore l (KStoptr p) (stack st))"
-
from assms consider
(1) v t g where "expr ex ev cd (st(gas := gas st - costs (ASSIGN lv ex) ev cd st)) (gas st - costs (ASSIGN lv ex) ev cd st) = Normal ((KValue v, Value t), g)"
| (2) p x t g where "expr ex ev cd (st(gas := gas st - costs (ASSIGN lv ex) ev cd st)) (gas st - costs (ASSIGN lv ex) ev cd st) = Normal ((KCDptr p, Calldata (MTArray x t)), g)"
| (3) p x t g where "expr ex ev cd (st(gas := gas st - costs (ASSIGN lv ex) ev cd st)) (gas st - costs (ASSIGN lv ex) ev cd st) = Normal ((KMemptr p, Memory (MTArray x t)), g)"
| (4) p x t g where "expr ex ev cd (st(gas := gas st - costs (ASSIGN lv ex) ev cd st)) (gas st - costs (ASSIGN lv ex) ev cd st) = Normal ((KStoptr p, Storage (STArray x t)), g)"
| (5) p t t' g where "expr ex ev cd (st(gas := gas st - costs (ASSIGN lv ex) ev cd st)) (gas st - costs (ASSIGN lv ex) ev cd st) = Normal ((KStoptr p, Storage (STMap t t')), g)"
by (auto split:if_split_asm result.split_asm Stackvalue.split_asm Type.split_asm MTypes.split_asm STypes.split_asm)
then show ?thesis
proof cases
case 1
with assms consider
(11) l t' g' where "lexp lv ev cd (st(gas := g)) g = Normal((LStackloc l, Value t'),g')"
| (12) l t' g' where "lexp lv ev cd (st(gas := g)) g = Normal((LStoreloc l, Storage (STValue t')),g')"
| (13) l t' g' where "lexp lv ev cd (st(gas := g)) g = Normal((LMemloc l, Memory (MTValue t')),g')"
by (auto split:if_split_asm result.split_asm Type.split_asm LType.split_asm MTypes.split_asm STypes.split_asm)
then show ?thesis
proof cases
case 11
with 1 assms show ?thesis using that(1) by (auto split:if_split_asm result.split_asm Type.split_asm LType.split_asm MTypes.split_asm STypes.split_asm option.split_asm)
next
case 12
with 1 assms show ?thesis using that(2) by (auto split:if_split_asm result.split_asm Type.split_asm LType.split_asm MTypes.split_asm STypes.split_asm option.split_asm)
next
case 13
with 1 assms show ?thesis using that(3) by (auto split:if_split_asm result.split_asm Type.split_asm LType.split_asm MTypes.split_asm STypes.split_asm option.split_asm)
qed
next
case 2
with assms consider
(21) l t' g' where "lexp lv ev cd (st(gas := g)) g = Normal((LStackloc l, Memory t'),g')"
| (22) l t' g' where "lexp lv ev cd (st(gas := g)) g = Normal((LStackloc l, Storage t'),g')"
| (23) l t' g' where "lexp lv ev cd (st(gas := g)) g = Normal((LStoreloc l, t'),g')"
| (24) l t' g' where "lexp lv ev cd (st(gas := g)) g = Normal((LMemloc l, t'),g')"
by (auto split:if_split_asm result.split_asm Type.split_asm LType.split_asm MTypes.split_asm STypes.split_asm)
then show ?thesis
proof cases
case 21
moreover from assms 2 21 obtain p' where 3: "accessStore l (stack st) = Some (KMemptr p')"
by (auto split:if_split_asm result.split_asm Type.split_asm LType.split_asm MTypes.split_asm STypes.split_asm option.split_asm Stackvalue.split_asm)
moreover from assms 2 21 3 obtain m where "cpm2m p p' x t cd (memory st) = Some m"
by (auto split:if_split_asm result.split_asm Type.split_asm LType.split_asm MTypes.split_asm STypes.split_asm option.split_asm Stackvalue.split_asm)
ultimately show ?thesis using that(4) assms 2 21
by (auto split:if_split_asm result.split_asm Type.split_asm LType.split_asm MTypes.split_asm STypes.split_asm option.split_asm Stackvalue.split_asm)
next
case 22
moreover from assms 2 22 obtain p' where 3: "accessStore l (stack st) = Some (KStoptr p')"
by (auto split:if_split_asm result.split_asm Type.split_asm LType.split_asm MTypes.split_asm STypes.split_asm option.split_asm Stackvalue.split_asm)
moreover from assms 2 22 3 4 obtain s where "cpm2s p p' x t cd (storage st (address ev)) = Some s"
by (auto split:if_split_asm result.split_asm Type.split_asm LType.split_asm MTypes.split_asm STypes.split_asm option.split_asm Stackvalue.split_asm)
ultimately show ?thesis using that(5) assms 2 22
by (auto split:if_split_asm result.split_asm Type.split_asm LType.split_asm MTypes.split_asm STypes.split_asm option.split_asm Stackvalue.split_asm)
next
case 23
moreover from assms 2 23 3 4 obtain s where "cpm2s p l x t cd (storage st (address ev)) = Some s"
by (auto split:if_split_asm result.split_asm Type.split_asm LType.split_asm MTypes.split_asm STypes.split_asm option.split_asm Stackvalue.split_asm)
ultimately show ?thesis using that(6) assms 2
by (auto split:if_split_asm result.split_asm Type.split_asm LType.split_asm MTypes.split_asm STypes.split_asm option.split_asm Stackvalue.split_asm)
next
case 24
moreover from assms 2 24 obtain m where "cpm2m p l x t cd (memory st) = Some m"
by (auto split:if_split_asm result.split_asm Type.split_asm LType.split_asm MTypes.split_asm STypes.split_asm option.split_asm Stackvalue.split_asm)
ultimately show ?thesis using that(7) assms 2
by (auto split:if_split_asm result.split_asm Type.split_asm LType.split_asm MTypes.split_asm STypes.split_asm option.split_asm Stackvalue.split_asm)
qed
next
case 3
with assms consider
(31) l t' g' where "lexp lv ev cd (st(gas := g)) g = Normal((LStackloc l, Memory t'),g')"
| (32) l t' g' where "lexp lv ev cd (st(gas := g)) g = Normal((LStackloc l, Storage t'),g')"
| (33) l t' g' where "lexp lv ev cd (st(gas := g)) g = Normal((LStoreloc l, t'),g')"
| (34) l t' g' where "lexp lv ev cd (st(gas := g)) g = Normal((LMemloc l, t'),g')"
by (auto split:if_split_asm result.split_asm Type.split_asm LType.split_asm MTypes.split_asm STypes.split_asm)
then show ?thesis
proof cases
case 31
then show ?thesis using that(8) assms 3 by (auto split:if_split_asm)
next
case 32
moreover from assms 3 32 obtain p' where 4: "accessStore l (stack st) = Some (KStoptr p')"
by (auto split:if_split_asm result.split_asm Type.split_asm LType.split_asm MTypes.split_asm STypes.split_asm option.split_asm Stackvalue.split_asm)
moreover from assms 3 32 4 5 obtain s where "cpm2s p p' x t (memory st) (storage st (address ev)) = Some s"
by (auto split:if_split_asm result.split_asm Type.split_asm LType.split_asm MTypes.split_asm STypes.split_asm option.split_asm Stackvalue.split_asm)
ultimately show ?thesis using that(9) assms 3
by (auto split:if_split_asm result.split_asm Type.split_asm LType.split_asm MTypes.split_asm STypes.split_asm option.split_asm Stackvalue.split_asm)
next
case 33
moreover from assms 3 33 3 4 obtain s where "cpm2s p l x t (memory st) (storage st (address ev)) = Some s"
by (auto split:if_split_asm result.split_asm Type.split_asm LType.split_asm MTypes.split_asm STypes.split_asm option.split_asm Stackvalue.split_asm)
ultimately show ?thesis using that(10) assms 3
by (auto split:if_split_asm result.split_asm Type.split_asm LType.split_asm MTypes.split_asm STypes.split_asm option.split_asm Stackvalue.split_asm)
next
case 34
then show ?thesis using that(11) assms 3
by (auto split:if_split_asm result.split_asm Type.split_asm LType.split_asm MTypes.split_asm STypes.split_asm option.split_asm Stackvalue.split_asm)
qed
next
case 4
with assms consider
(41) l t' g' where "lexp lv ev cd (st(gas := g)) g = Normal((LStackloc l, Memory t'),g')"
| (42) l t' g' where "lexp lv ev cd (st(gas := g)) g = Normal((LStackloc l, Storage t'),g')"
| (43) l t' g' where "lexp lv ev cd (st(gas := g)) g = Normal((LStoreloc l, t'),g')"
| (44) l t' g' where "lexp lv ev cd (st(gas := g)) g = Normal((LMemloc l, t'),g')"
by (auto split:if_split_asm result.split_asm Type.split_asm LType.split_asm MTypes.split_asm STypes.split_asm)
then show ?thesis
proof cases
case 41
moreover from assms 4 41 obtain p' where 5: "accessStore l (stack st) = Some (KMemptr p')"
by (auto split:if_split_asm result.split_asm Type.split_asm LType.split_asm MTypes.split_asm STypes.split_asm option.split_asm Stackvalue.split_asm)
moreover from assms 4 41 5 6 obtain m where "cps2m p p' x t (storage st (address ev)) (memory st) = Some m"
by (auto split:if_split_asm result.split_asm Type.split_asm LType.split_asm MTypes.split_asm STypes.split_asm option.split_asm Stackvalue.split_asm)
ultimately show ?thesis using that(12) assms 4
by (auto split:if_split_asm result.split_asm Type.split_asm LType.split_asm MTypes.split_asm STypes.split_asm option.split_asm Stackvalue.split_asm)
next
case 42
then show ?thesis using that(13) assms 4
by (auto split:if_split_asm result.split_asm Type.split_asm LType.split_asm MTypes.split_asm STypes.split_asm option.split_asm Stackvalue.split_asm)
next
case 43
moreover from assms 4 43 5 obtain s where "copy p l x t (storage st (address ev)) = Some s"
by (auto split:if_split_asm result.split_asm Type.split_asm LType.split_asm MTypes.split_asm STypes.split_asm option.split_asm Stackvalue.split_asm)
ultimately show ?thesis using that(14) assms 4
by (auto split:if_split_asm result.split_asm Type.split_asm LType.split_asm MTypes.split_asm STypes.split_asm option.split_asm Stackvalue.split_asm)
next
case 44
moreover from assms 4 44 5 obtain m where "cps2m p l x t (storage st (address ev)) (memory st) = Some m"
by (auto split:if_split_asm result.split_asm Type.split_asm LType.split_asm MTypes.split_asm STypes.split_asm option.split_asm Stackvalue.split_asm)
ultimately show ?thesis using that(15) assms 4
by (auto split:if_split_asm result.split_asm Type.split_asm LType.split_asm MTypes.split_asm STypes.split_asm option.split_asm Stackvalue.split_asm)
qed
next
case 5
then show ?thesis using that(16) assms
by (auto split:if_split_asm result.split_asm Type.split_asm LType.split_asm MTypes.split_asm STypes.split_asm option.split_asm Stackvalue.split_asm)
qed
comp:
assumes "stmt (COMP s1 s2) ev cd st = Normal (x, st')"
obtains (1) st''
where "gas st > costs (COMP s1 s2) ev cd st"
and "stmt s1 ev cd (st(gas := gas st - costs (COMP s1 s2) ev cd st)) = Normal((), st'')"
and "stmt s2 ev cd st'' = Normal((), st')"
using assms by (simp split:if_split_asm result.split_asm prod.split_asm)
ite:
assumes "stmt (ITE ex s1 s2) ev cd st = Normal (x, st')"
obtains (True) g
where "gas st > costs (ITE ex s1 s2) ev cd st"
and "expr ex ev cd (st(gas := gas st - costs (ITE ex s1 s2) ev cd st)) (gas st - costs (ITE ex s1 s2) ev cd st) = Normal((KValue (ShowLbool True), Value TBool), g)"
and "stmt s1 ev cd (st(gas := g)) = Normal((), st')"
(False) g
where "gas st > costs (ITE ex s1 s2) ev cd st"
and "expr ex ev cd (st(gas := gas st - costs (ITE ex s1 s2) ev cd st)) (gas st - costs (ITE ex s1 s2) ev cd st) = Normal((KValue (ShowLbool False), Value TBool), g)"
and "stmt s2 ev cd (st(gas := g)) = Normal((), st')"
using assms by (simp split:if_split_asm result.split_asm prod.split_asm Stackvalue.split_asm Type.split_asm Types.split_asm)
while:
assumes "stmt (WHILE ex s0) ev cd st = Normal (x, st')"
obtains (True) g st''
where "gas st > costs (WHILE ex s0) ev cd st"
and "expr ex ev cd (st(gas := gas st - costs (WHILE ex s0) ev cd st)) (gas st - costs (WHILE ex s0) ev cd st) = Normal((KValue (ShowLbool True), Value TBool), g)"
and "stmt s0 ev cd (st(gas := g)) = Normal((), st'')"
and "stmt (WHILE ex s0) ev cd st'' = Normal ((), st')"
| (False) g
where "gas st > costs (WHILE ex s0) ev cd st"
and "expr ex ev cd (st(gas := gas st - costs (WHILE ex s0) ev cd st)) (gas st - costs (WHILE ex s0) ev cd st) = Normal((KValue (ShowL | | |
