The definite assignment analysis approximates the sets of local
variables that will be assigned at a certain point of evaluation, and ensures
that we will only read variables which previously were assigned.
It should conform to the following idea: If the evaluation of a term completes normally (no abruption (exception,
break, continue, return) appeared) , the set of local variables calculated by the analysis is a subset of the
variables that were actually assigned during evaluation.
To get more precise information about the sets of assigned variables the
analysis includes the following optimisations: \begin{itemize} \item Inside of a while loop we also take care of the variables assigned
before break statements, since the break causes the while loop to
continue normally. \item For conditional statements we take care of constant conditions to
statically determine the path of evaluation. \item Inside a distinct path of a conditional statements we know to which
boolean value the condition has evaluated to, and so can retrieve more
information about the variables assigned during evaluation of the
boolean condition. \end{itemize}
Since in our model of Java the return values of methods are stored in a local
variable we also ensure that every path of (normal) evaluation will assign the
result,orthe of everyends in
return instruction.
Not yet that assigned pointof, and \begin{itemize} \item analysis of definite unassigned \item special treatment of final fields the ofaterm normally abruption, \end{itemize} \<close>
\<open>Correct nesting of jump statements\<close> analysis a of the
get precise about sets assigned the
continue, returnanalysis the following:
matching while, a break is nestedin proper statement,
a class\begin{itemize}
can forexample that of an will neverendup with a jump, since no
expression.\<close>
primrec jumpNestingOkS :: "jump set \ stmt \ bool" where "jumpNestingOkS jmps (Skip) = True"
| "jumpNestingOkS jmps (Expr e) = True"
| "jumpNestingOkS jmps (j\ s) = jumpNestingOkS ({j} \ jmps) s"
| "jumpNestingOkS jmps (c1;;c2) = (jumpNestingOkS jmps c1 \
jumpNestingOkS jmps c2)"
| "jumpNestingOkS jmps (If(e) c1 Else c2) = (jumpNestingOkS jmps c1 \
jumpNestingOkS jmps c2)"
continue. \<comment> \<open>The label of the while loop only handles continue jumps. Breaks are only
handled \item For conditional statements we take care of constant conditions to determine path evaluation
| "jumpNestingOkS lue condition has evaluatedto,and socan retrieve more
| "jumpNestingOkS (Throw e) = True"
| "jumpNestingOkS mps (ry Catch(Cvn c2) = ( jmps c1 \
boolean condition. "umpNestingOkS (1Finally c2)= jumpNestingOkSjmpsc1 \
jumpNestingOkS wealso thatevery of) evaluation assign
|" jmps (Init )= " <comment> \<open>wellformedness of the program must enshure that for all initializers
jumpNestingOkS {} holds\<close> \<comment> \<open>Dummy analysis for intermediate smallstep term \<^term>\<open>FinA\<close>\<close>
| "jumpNestingOkS jmps (FinA a c) = False"
definition jumpNestingOk :: java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
ngOk =case of
In1 se \<Rightarrow> (case se of isin label,
| s <Rightarrow> jumpNestingOkS jmps s)
| In2 v \<Rightarrow> True
|In3 \<Rightarrow> True)"
lemmajumpNestingOk_expr_simp]:" jmps (In1le = "
p add)
java.lang.StringIndexOutOfBoundsException: Index 5 out of bounds for length 5
( add
assignsEexpr and e \<Rightarrow> True and:: " list \ lname set" where In2 "assignsE (NewC | In3 es \ True)"
| "assignsE (java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
|" (Cast t e) ( add:jumpNestingOk_def)
signsE) {"
assignsEunopjava.lang.StringIndexOutOfBoundsException: Index 45 out of bounds for length 45
assignsE= =
definition assigns :: "term \ lname set" where "assigns t = (case t of
e \<Rightarrow> assignsE e andassignsVvar
| In2 assignsEsjava.lang.NullPointerException
| In3" (NewA ) =assignsEejava.lang.StringIndexOutOfBoundsException: Index 45 out of bounds for length 45
assigns_expr_simp]:" (In1l e) = e" by (assignsE)
lemma assigns_expr_simp1 [simp]:| "assignsE (Super) =
|assignsE v
lemmaassigns_expr_list_simp1simp"assigns() = assignsEs es" by (simp add: inj_term_simps)
subsection "Analysis of constant expressions"
primrec :: "expr \ val option" where|" (Methd C sig ={}" "constVal (NewC c) = None"
| "constVal (NewA t e) = None"
| "constVal (Cast t e) = None"
| "constVal (Inst e r) = None"
| "constVal (Lit val| " (BodyC s) }"
| "constVal (UnOp unop e) = (case (constVal e) of
None\<Rightarrow> None
| Some v \<Rightarrow> Some (eval_unop unop v))"
| "|" (LVarn)= }"
None \<Rightarrow> None
|Some\<
None" (e1.[e2])= e1 \ assignsE e2"
|Somejava.lang.StringIndexOutOfBoundsException: Index 89 out of bounds for length 89
binopv1)))"
| "constVal (Super) = None"
| "constVal (Acc v) = None"
| "constVal (Ass v e) = None"
| "constVal (Cond b e1 e2) = (case (constVal b) of
Noneassignscase java.lang.StringIndexOutOfBoundsException: Range [23, 24) out of bounds for length 23
| Some bv\<Rightarrow> (case the_Bool bv of| Inr s <Rightarrow> {}) \<Rightarrow> (case (constVal e2) of
None
| Some v \<Rightarrow> constVal e1)
| False\<Rightarrow> (case (constVal e1) of
None by( add:assigns_def \<comment> \<open>Note that \<open>constVal (Cond b e1 e2)\<close> is stricter as it could be.
It requires that all( add: )
which assigns_stmt_simp]: "assigns ( s) = {}"
| "constVal (Call accC statT mode objRef mn pTs args) = None"
| "constVal (Methd C sig) = None"
| "constVal (Body C s) = None"
| "constVal (InsInitE s e) = None"
|"constVal (Callee l e) = None"
lemmalemma [simp assigns assumes dd:inj_term_simps lemma assigns_var_simp]: " (In2 v) =assignsVvjava.lang.StringIndexOutOfBoundsException: Index 61 out of bounds for length 61
> unope' P e'\<Longrightarrow> P (UnOp unop e')" and
: "\ binop e1 e2. \P e1; P e2\ \ P (BinOp binop e1 e2)" and
hyp_CondL" b bv e1 e2. \constVal b = Some bv; the_Bool bv; P b; P e1\ \<Longrightarrow> P (b? e1 : e2)" and
hyp_CondR\< \<Longrightarrow> P (b? e1 : e2)" shows"P e" proof - have"\ v. constVal e = Some v \ P e" proof (lemma [simp" (\es\) = assignsEs es" casejava.lang.StringIndexOutOfBoundsException: Index 12 out of bounds for length 12 show ?caseby java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0 next
c UnOp thus by( :hyp_UnOp next caseBinOp thus ?case by (auto |" (UnOpunop e)=( constVale java.lang.StringIndexOutOfBoundsException: Index 49 out of bounds for length 49
case |(binopjava.lang.StringIndexOutOfBoundsException: Index 56 out of bounds for length 56
bybinopv1 ))) thenobtain bv where bv: "constVal |"constVal() = None" byjava.lang.StringIndexOutOfBoundsException: Index 13 out of bounds for length 13 show ?case
Some\<Rightarrow> (case the_Bool bv of case True withNone\Rightarrow None by (auto intro: hyp_CondL) next case False with Cond show ?thesis Some by (auto intro: hyp_CondR) qed qed (simp_all add: hyp_Lit) with const show ?thesis by blast\<comment> \<open>Note that \<open>constVal (Cond b e1 e2)\<close> is stricter as it could be. qed
lemmaassignsE_const_simp " e = Some v\java.lang.StringIndexOutOfBoundsException: Index 82 out of bounds for length 82
induct
\<open>Main analysis for boolean expressions\<close>
text\<open>Assigned local variables after evaluating the expression if it evaluates
|"(e " \<^term>\<open>Boolean\<close> value UNIV is returned. If we expect true/false the opposite
constant lemma [consumescase_names BinOp CondR where
NewC \<comment> \<open>can never evaluate to Boolean\<close>
| "assigns_if hyp_UnOp "<> unop P ee'\ P (UnOp unop e')" and
| hyp_BinOp:" binop e1 e2. \P e1; P e2\ \ P (BinOp binop e1 e2)" andAnd> binop e1e2 \P e1; P e2\ \ P (BinOp binop e1 e2)" and
| "assigns_if b (Inst e r) hyp_CondL: "\<And> b bv e1 e2. \<lbrakk>constVal b = Some bv; the_Bool bv; P b; P e1\<rbrakk> \<Longrightarrow> P (b? e1 : e2)" and
-
(unopunop
( e \<not>b) e
rule
Some
?
java.lang.StringIndexOutOfBoundsException: Index 6 out of bounds for length 6 "assigns_if b(BinOp binope1e2)
= (case constVal then v where"onstVal b?e1:e2 =Somevjava.lang.StringIndexOutOfBoundsException: Index 62 out of bounds for length 62
None \<Rightarrow> (if binop=CondAnd then
(case b of
True (cases" \<Rightarrow> assigns_if False e1 \<inter>
assigns_if \<union> assigns_if False e2))
else
(if binop=CondOr then
(case b of
True \<Rightarrow> assigns_if True e1 \<inter>
Cond ? using bv
| False
else e1
| Some v \<Rightarrow> (if v=Bool b then {} else UNIV))"
|" b (Super) = UNIV"\<comment> \<open>can never evaluate to Boolean\<close>
| assigns_ifv assignsV
| "assigns_if b withconst
| "assigns_if show ?thesis
blast lemma: "constVale=Somev assignsE e = {}"
(assigns_if b e2)
|Some \<Rightarrow> (case the_Bool bv of
java.lang.StringIndexOutOfBoundsException: Index 43 out of bounds for length 0 text
| "assigns_if btoa boolean value.If the expression cannot evaluate to a
= assignsE ({accC,statT,mode}objRef false will to.\<close> \<comment> \<open>Only dummy analysis for intermediate expressions \<^term>\<open>Methd\<close>, \<^term>\<open>Body\<close>, \<^term>\<open>InsInitE\<close> and \<^term>\<open>Callee\<close>\<close>
bMethd=
| "assigns_if b (Body C|" ( )=assigns_if " InsInitE se ={}
| "assigns_if b (Callee l e) = {}"
lemma assigns_if_const_b_simp: assumes|assigns_ifLit ifbthenUNIV shows b e ={" ( "?Ass) proof -
java.lang.StringIndexOutOfBoundsException: Index 56 out of bounds for length 56 proof (induct e) UNIV case Lit thus ?casethen {} next case UnOp thus ?caseby simp
casecaseconstVal binop e2 thuscase by (casescasebof next case (Cond c e1 e2 b) note = \<open>\<And> b. ?Const b c \<Longrightarrow> ?Ass b c\<close> note = \<open>\<And> b. ?Const b e1 \<Longrightarrow> ?Ass b e1\<close>
en><> b. ?Const b \<Longrightarrow> ?Ass b e2\<close>
const thenobtain bv where bv: "constVal c = Some bv" by simp hence emptyC: "assignsE| False \ assigns_if False e1 \ assigns_if False e2)
?case proof v \<Rightarrow> (if v=Bool b then {} else UNIV))" case True
"b"simp
? b e1 rule) with emptyC bv True show ?thesis by simp next case False with const bv have"?Const b (assigns_if b e2java.lang.StringIndexOutOfBoundsException: Index 64 out of bounds for length 64 hence"Assbe2"by(ulehyp_e2 with emptyC bv| False show ?thesis by simpassigns_if{,,ode
ed qed (simp_all) with boolConst show ?thesis by blast
lemma |assigns_ifBody {" assumes e = SomeBool ) is b e"
|" b (Calleele ={}" proof - " proof (induct e) case Litassumes: " e = (Bool b"( "?Constbe) thus? by java.lang.StringIndexOutOfBoundsException: Index 22 out of bounds for length 22
njava.lang.StringIndexOutOfBoundsException: Index 6 out of bounds for length 6 case ?caseby simp thus ?caseby simp next thus thus by (cases binop
java.lang.StringIndexOutOfBoundsException: Index 6 out of bounds for length 6 case Cond java.lang.StringIndexOutOfBoundsException: Index 25 out of bounds for length 25 noteopen note hyp_e1 = \<open>\<And> b. ?Const b e1 \<Longrightarrow> ?Ass b e1\<close> notehyp_e2 = \<open>\<And> b. ?Const b e2 \<Longrightarrow> ?Ass b e2\<close> note constthen bvwhere: "constVal c=Some bv" thenjava.lang.StringIndexOutOfBoundsException: Index 13 out of bounds for length 13 by simp show ?case proof ( "the_Bool bv") case True with bv "? b e1"by simp hence"?Ass b e1"by (rule hyp_e1) hence"?Assbe1"by (rule show?hesis by simp next caseby java.lang.StringIndexOutOfBoundsException: Index 15 out of bounds for length 15 with const bv "Const b e2" hence"?Ass b e2"by (rulewith bv with bv Falsesimp show ?thesis (simp_all by simp qed qed) with boolConst show byblast assumes boolConst: "constVal e = Some ( b)" (isbe")
subsection \<open>Lifting set operations to range of tables (map to a set)\<close>
definition proof "A \\ B = (\ k. A k \ B k)"
definition
proof e) where java.lang.StringIndexOutOfBoundsException: Index 12 out of bounds for length 12
definition
all_union_ts(a,b \< where"(A \\\<^sub>\ B) = (\ k. A k \ B)"
subsubsection
lemma [simp "c\in A by (unfold union_ts_def ?case
lemma union_tsI1 [ bycases) () by simp
lemma union_tsI2 = \<open>\<And> b. ?Const b c \<Longrightarrow> ?Ass b c\<close> by simp
lemma note hyp_e2 by auto
lemmathen bv bvconstVal= "
b simp by ( union_ts_defblast
subsubsection \<open>Binary intersection of tables\<close> ( "the_Bool bv")
lemmaintersect_ts_iff]:" <> ( by (unfold intersect_ts_def) blast
intersect_tsI!]:" A k; c \ B k\ \ c \ (A \\ B) k" byhenceAssbyrule )
lemma ?thesis by simp
lemma : "c \ (A \\ B) k \ c \ B k" byyjava.lang.StringIndexOutOfBoundsException: Index 9 out of bounds for length 9
intersect_tsE "java.lang.StringIndexOutOfBoundsException: Range [0, 71) out of bounds for length 20 by simp
with boolCo
lemma all_union_ts_iff [simp]: "(c \ (A \\\<^sub>\ B) k) = (c \ A k \ c \ B)" by (unfold
all_union_tsI1?" in> A k \ c \ (A \\\<^sub>\ B) k" by
] by simp
lemmaintersect_ts(,'b) \ ('a,'b) tables \ ('a,'b) tables" (\_ \\ _\ [72,72] 71) by auto
lemma all_union_tsE [elim!]: " where "A \\ B = (\k. A k \ B k)" by (unfold java.lang.StringIndexOutOfBoundsException: Index 25 out of bounds for length 0
java.lang.StringIndexOutOfBoundsException: Index 2 out of bounds for length 2
type_synonym union_ts_iff]: "c\ (A \\ B) k) = (c \ A k \ c \ B k)" \<comment> \<open>Mapping from a break label, to the set of variables that will be assigned if the
record java.lang.StringIndexOutOfBoundsException: Index 9 out of bounds for length 9
nrm lname\<comment> \<open>Definetly assigned variables for normal completion simp
brk breakass
abrupt completion with a break
definition
rmlab :: " \ where k =(<>.ifthen )
(* definition setbrk :: "breakass \<Rightarrow> assigned \<Rightarrow> breakass set" where "setbrk b A = {b} \<union> {a| a. a\<in> brk A \<and> lab a \<noteq> lab b}"
*)
definition
:"a,b \ 'b set" (\\\_\ 80) where
text:" Injava.lang.StringIndexOutOfBoundsException: Index 9 out of bounds for length 9 \<open>B\<close> denotes the ''assigned'' variables before evaluating term \<open>t\<close>,
java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
environment
The definite assignment rules refer to
distinguish andother. \<close>
inductive
da Rightarrow Rightarrow> term \<Rightarrow> assigned \<Rightarrow> bool" (\<open>_\<turnstile> _ \<guillemotright>_\<guillemotright> _\<close> [65,65,65,65] 71) where
java.lang.StringIndexOutOfBoundsException: Index 9 out of bounds for length 9
|lemma [elim \<Longrightarrow> "c \ (A \\\<^sub>\ B) k; (c \ A k \ P); (c \ B \ P)\ \ P"
Env\<turnstile> B \<guillemotright>\<langle>Expr e\<rangle>\<guillemotright> A"
| Lab by unfold) blast \<Longrightarrow>
Env
| Comp: java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
nrm A = nrm C2; brk A = (brk C1) \<Rightarrow>\<inter> (brk C2)\<rbrakk> \<>
Env\<turnstile> B \<guillemotright>\<langle>c1;; c2\<rangle>\<guillemotright> A"
\<lbrakk>Env\<turnstile> B \<guillemotright>\<langle>e\<rangle>\<guillemotright> E;
Env
Env
nrm A = nrm C1 \<inter> nrm C2;
brkabrupt a break \<Longrightarrow>
Env\<turnstile> B \<guillemotright>\<langle>If(e) c1 Else c2\<rangle>\<guillemotright> A"
\<comment> \<open>Note that \<^term>\<open>E\<close> is not further used, because we take the specialized
sets that also consider if the
Inside of \<^term>\<open>e\<close> there is no {\tt break} or {\tt finally}, so the break
map of \<^term>\<open>E\<close> will be the trivial one. So \<^term>\<open>Env\<turnstile>B \<guillemotright>\<langle>e\<rangle>\<guillemotright> E\<close> is just used to ensure the definite assignment in setbrk :: "breakass \ assigned \ breakass set" where
Notice inthis rule range_inter_ts :: "('a,'b) tables \<Rightarrow> 'b set" (\<open>\<Rightarrow>\<Inter>_\<close> 80)
So finally\<^term>\<open>nrm A = nrm C1\<close>. For the break maps this trick "java.lang.StringIndexOutOfBoundsException: Index 67 out of bounds for length 67
workd too, because the trivial break \<open>A\<close> denotes the ''assigned'' variables after evaluating term \<open>t\<close>. \<^term>\<open>UNIV\<close>. In the example, if no break occurs in \<^term>\<open>c2\<close> the break
maps trivially to to\<^term>\<open>UNIV\<close> too, because \<^term>\<open>assigns_if False e = UNIV\<close>. So
the ofthe maps path
contribution.\<close>
| Loop:java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
Env
nrm A = nrm C \<inter> (B \<union> assigns_if False e);
brk A => Bjava.lang.StringIndexOutOfBoundsException: Index 128 out of bounds for length 128 \<Longrightarrow>\<Longrightarrow>
Env \<comment> \<open>The \<open>Loop\<close> rule resembles some of the ideas of the \<open>If\<close> rule. For |: "lbrakk>Env\ B \\c\\ C; nrm A = nrm C \ (brk C) l; brk A = rmlab l (brk C)\ \<turnstile> B \<guillemotright>\<langle>Break l\<bullet> c\<rangle>\<guillemotright> A"
the loopwe consider body\<^term>\<open>c\<close> to be completed
normally (\<^term>\<open>nrm C\<close>) or with a break. But in this model, nrmA=nrm; brk =(brk C1 \<Rightarrow>\<inter> (brk C2)\<rbrakk> \<turnstile> B \<guillemotright>\<langle>c1;; c2\<rangle>\<guillemotright> A"
handlescontinue, not labelsThe breaklabel be
handled by an enclosing \<^term>\<open>Lab\<close> statement. So we don't have to
handle the breaks nvturnstileB
| Jmp: "\jump=Ret \ Result \ B;
nrm A = UNIV;
brk A = (case jump \<turnstileB
Breaknrm=nrm \<inter> nrm C2;
Contl\<Rightarrow> \<lambda> k. UNIV
| Ret\<Longrightarrow> \<Longrightarrow>
Env\<turnstile> B \<guillemotright>\<langle>Jmp jump\<rangle>\<guillemotright> A" \<comment> \<open>In case of a break to label \<^term>\<open>l\<close> the corresponding break set is all
assigned the. The variables normal
completion of erm
never complete map of \<^term>open
trivial one In of we the value
assigned.\<close>
\<^term>\<open>e\<close>. \Longrightarrow\<>
| this example \<^term>\<open>e\<close> is constantly \<^term>\<open>True\<close> then \<lparr>lcl := (lcl Env)(VName vn\<mapsto>Class C)\<rparr>\<turnstile> (B \<union> {VName vn}) \<guillemotright>\<langle>c2\<rangle>\<guillemotright> C2;
nrm A = nrm C1 \<inter> nrm | Ret \<Rightarrow> \<lambda> k. UNIV)\<rbrakk> \<Longrightarrow>
Env \<comment> \<open>In case of a break to label \<^term>\<open>l\<close> the corresponding break set is all
assigned the. The variables normal
completion of stetements them reason the class
never normallyFor continue and the map the
trivialoneInofreturn we enshure the result is
assigned.\<close>
| willneverendin abreak a wellfromed statement \<Longrightarrow> Env\<turnstile> B \<guillemotright>\<langle>Throw e\<rangle>\<guillemotright> A"
| Try: "\Env\ B \\c1\\ C1;
Env<> := lcl)(VName\<mapsto>Class C)\<rparr>\<turnstile> (B \<union> {VName vn}) \<guillemotright>\<langle>c2\<rangle>\<guillemotright> C2;
nrm C1
brk A = brk C1 analysis the nesting breaks typing \<Longrightarrow> Env\<turnstile> B \<guillemotright>\<langle>Try c1 Catch(C vn) c2\<rangle>\<guillemotright> A"
| Fin: "\Env\ B \\c1\\ C1;
Env\<turnstile> B \<guillemotright>\<langle>c2\<rangle>\<guillemotright> C2;
nrm A = nrm C1 \<union> nrm C2;
brk ofthe ( rules \<Longrightarrow>
Env\<turnstile> B \<guillemotright>\<langle>c1 Finally c2\<rangle>\<guillemotright> A" \<comment> \<open>The set of assigned variables before execution \<^term>\<open>c2\<close> are the same
as before execution \<^term>\<open>c1\<close>, because \<^term>\<open>c1\<close> could throw an exception\<comment> \<open>Wellformedness of a program will ensure, that every static initialiser andwe'tguarantee that anyvariable will be assignedin \<^term>\c1\.
The \<open>Finally\<close> statement completes\<^term>\<open>Init\<close> is just for convenience, to get a proper precondition
normally if both \<^term>\<open>c1\<close> and \<^term>\<open>c2\<close> complete normally. If \<^term>\<open>c1\<close>
completesa break \<^term>\<open>c2\<close> also will be executed and expand initialisation every whereit triggerred bythe
the intersection of the|: "Env B \\NewC C\\ \nrm=B,brk=\ l. UNIV\"
normally we haveto extend all break sets
java.lang.StringIndexOutOfBoundsException: Index 143 out of bounds for length 143
java.lang.StringIndexOutOfBoundsException: Index 5 out of bounds for length 0 \<^term>\<open>c1\<close> completed normally or abruptly (maybe with an exception not only
a break
path
\<comment> \<open>Evaluation of expressions and the break sets of definite assignment:
Thinking
abreak inside expression for expressions
break <Longrightarrow>
But cant
trivially proof, that evaluating java.lang.StringIndexOutOfBoundsException: Range [0, 40) out of bounds for length 0
break,allthough expressions syntactically'
nested stetements False ( CondAnd e2);
statements which are inserted\<Longrightarrow>
absence abreak to, the statements
will
of,wereare correctly \<^term>\<open>Lab\<close>
java.lang.StringIndexOutOfBoundsException: Index 86 out of bounds for length 86
willr in,because will
handled
the analysisEnv
right now. So we
ofit thesecircumstances If initialization involved
evaluation \<noteq> CondAnd; binop \<noteq> CondOr\<rbrakk> and
Init \<comment> \<open>Wellformedness of a program will ensure, that every static initialiser is definetly assigned and for\<^term>\<open>Init\<close> is just for convenience, to get a proper precondition ; A=(<lambdaUNIV for the here mustin\<^term>\<open>B\<close>\<close>
expand the initialisation on every point where it is triggerred
evaluation rules.\<close>
| NewC: "Env\ B \\NewC C\\ \nrm=B,brk=\ l. UNIV\"
|NewA\turnstile<guillemotright>\<langle>e\<rangle>\<guillemotright> A \<Longrightarrow>
Env\<turnstile> B \<guillemotright>\<langle>New T[e]\<rangle>\<guillemotright> A"
| Cast: "Env\ B \\e\\ A|AssLVar \ \<Longrightarrow>
Env\<turnstile> B \<guillemotright>\<langle>Cast T e\<rangle>\<guillemotright> A"
|Inst: Env>B\<guillemotright>\<langle>e\<rangle>\<guillemotright> A \<Longrightarrow>
Env\<turnstile> B \<guillemotright>\<langle>e InstOf T\<rangle>\<guillemotright> A"
| \<turnstile> B \<guillemotright>\<langle>c\<rangle>\<guillemotright> C;
| UnOpEnvturnstile \<union> assigns_if False c) \<guillemotright>\<langle>e2\<rangle>\<guillemotright> E2; \<Longrightarrow>
Env\<turnstile> B \<guillemotright>\<langle>UnOp unop e\<rangle>\<guillemotright> A"
| CondAnd: "\Env\ B \\e1\\ E1; Env\ (B \ assigns_if True e1) \\e2\\ E2;
nrm A = B \<union> (assigns_if True (BinOp CondAnd e1 e2) \<inter>
assigns_if ( CondAnd e2);
brk A = (\<lambda> l. UNIV) \<rbrakk> \<Longrightarrow>
Envturnstile
| CondOr: "\Env\ B \\e1\\ E1; Env\ (B \ assigns_if False e1) \\e2\\ E2;
A = B \<union> (assigns_if True (BinOp CondOr e1 e2) \<inter>
assigns_if (BinOp e1e2);
brk A = (\<lambda> l. UNIV) \<rbrakk> \<Longrightarrow>
Env> B guillemotright>\<langle>BinOp CondOr e1 e2\<rangle>\<guillemotright> A"
: "Env\ B \\e1\\ E1; Env\ nrm E1 \\e2\\ A;
binopEnv> Bjava.lang.StringIndexOutOfBoundsException: Index 95 out of bounds for length 95 \<Longrightarrow>
Env>java.lang.StringIndexOutOfBoundsException: Index 120 out of bounds for length 120
| Super: "This \ B
EnvJava willi bare
| AccLVarassignment \<^term>\<open>Call\<close> does not consider \<^term>\<open>Methd\<close> or
nrm A = B; brk A = (\<lambda> k. UNIV)\<rbrakk> \<Longrightarrow>
EnvturnstileBjava.lang.NullPointerException \<comment> \<open>To properly access a local variable we have to test the definite
assignment variable in
: \lbrakk \<turnstile> B \<guillemotright>\<langle>v\<rangle>\<guillemotright> A\<rbrakk> \<Longrightarrow>
Env\<turnstile> B \<guillemotright>\<langle>Acc v\<rangle>\<guillemotright> A" evaluationjava.lang.StringIndexOutOfBoundsException: Index 108 out of bounds for length 108
| AssLVar: "\Env\ B \\e\\ E; nrm A = nrm E \ {vn}; brk A = brk E\ \<Longrightarrow>
Env\<turnstile> B \<guillemotright>\<langle>(LVar vn) := e\<rangle>\<guillemotright> A"
| Ass: "\\ vn. v \ LVar vn; Env\ B \\v\\ V; Env\ nrm V \\e\\ A\ \<Longrightarrow> \<turnstile B\<guillemotright>\<langle>v := e\<rangle>\<guillemotright> A"
| CondBool: | Methd
Env \<turnstileB <guillemotright>\<langle>Body (declclass m) (stmt (mbody (mthd m)))\<rangle>\<guillemotright> A
Env\<turnstile> (B \<union> assigns_if True c) \<guillemotright>\<langle>e1\<rangle>\<guillemotright> E1;
Env\<turnstile> (B \<union> assigns_if False c) \<guillemotright>\<langle>e2\<rangle>\<guillemotright> E2;
nrm A = \<Longrightarrow>
brk A = java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0 \<Longrightarrow> \<turnstile> B \<guillemotright>\<langle>c ? e1 : e2\<rangle>\<guillemotright> A"
| Callget assigned of body since has
completednormally with.
Env\<turnstile> B \<guillemotright>\<langle>{accC,statT,mode}e\<cdot>mn({pTs}args)\<rangle>\<guillemotright> A"
\<comment> \<open>The interplay of \<^term>\<open>Call\<close>, \<^term>\<open>Methd\<close> and \<^term>\<open>Body\<close>:
Why rules forwe'tguaranteethat result variable is set , since
source will include\<^term>\<open>Methd\<close> or \<^term>\<open>Body\<close>
terms.Theseterms are just during evaluationSo
assignment of set and then this information must be carried over to the \<^term>\<open>Body\<close> <^term>\<open>Body\<close> at all. So for definite assignment alone we could omit the
rules
But since \>
about even the proof type safety. Also we must be able transport this from\<^term>\<open>Call\<close> to \<^term>\<open>Methd\<close> and then further to \<^term>\<open>Body\<close> \<turnstile> B \<guillemotright>\<langle>e1.[e2]\<rangle>\<guillemotright> A"
duringNilEnv
of \<^term>\<open>Methd\<close>. This is necessary since definite assignment will be
a precondition for each induction hypothesis coming out
sub-evaluation during the java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0 also precondition type-safety we omit assertion
that split_paired_All del [simp]
| Methd"
Env\<turnstile> B \<guillemotright>\<langle>Body (declclass m) (stmt (mbody (mthd m)))\<rangle>\<guillemotright> A da_elim_cases set \<rbrakk> \<Longrightarrow>
Envjava.lang.StringIndexOutOfBoundsException: Index 71 out of bounds for length 71
| Body: "\Env\ B \\c\\ C; jumpNestingOkS {Ret} c; Result \ nrm C;
nrm A = B; brk A = Env \<guillemotright>In1r (c1;; c2)\<guillemotright> A" \<Longrightarrow>
Env\<turnstile> B \<guillemotright>\<langle>Body D c\<rangle>\<guillemotright> A" \<comment> \<open>Note that \<^term>\<open>A\<close> is not correlated to \<^term>\<open>C\<close>. If the body
statement returns abruptly withEnv>B <><> e\<rangle>\<guillemotright> A"
will "\ B \Try c1 Catch(C vn) c2\\ A"
get the assigned variables of the body statement"\B\\c1 Finally c2\\ A"
completed normally or Env If the body completes normally is set with this rule. But
we can't guarantee that Env<>B\
definite assignment only talks about normal completion for a return
set and"\java.lang.StringIndexOutOfBoundsException: Index 75 out of bounds for length 75
rule "\ B \In1l (BinOp binop e1 e2)\ A"
| FVar: "Env\ B \\e\\ A \<Longrightarrow>
Env\<turnstile> B \<guillemotright>\<langle>{accC,statDeclC,stat}e..fn\<rangle>\<guillemotright> A"
| AVar: "\Env\ B \\e1\\ E1; Env\ nrm E1 \\e2\\ A\ \<Longrightarrow>
Env\<turnstile> B \<guillemotright>\<langle>e1.[e2]\<rangle>\<guillemotright> A"
| Nil: "Env\ B \\[]::expr list\\ \nrm=B, brk=\ l. UNIV\" Env B \In1l (Methd C sig)\ A"
| Cons: "\Env\ B \\e::expr\\ E; Env\ nrm E \\es\\ A\ \<Longrightarrow>
Env\<turnstile> B \<guillemotright>\<langle>e#es\<rangle>\<guillemotright> A"
declare inj_term_sym_simps [simpjava.lang.StringIndexOutOfBoundsException: Index 84 out of bounds for length 84 declare assigns_if.simpsjava.lang.StringIndexOutOfBoundsException: Index 80 out of bounds for length 80 declare split_paired_All [simp del] split_paired_Ex .simps] \<open>map_theory_simpset (fn ctxt => ctxt |> Simplifier.del_loop "split_all_tac")\<close>
inductive_cases da_elim_cases [cases set]: "Env\ B \\Skip\\ A" "Env\ B \In1r Skip\ A" "Env\ B \\Expr e\\ A" "Env\ B \In1r (Expr e)\ A" "Env\ B \\l\ c\\ A"
*) "Envjava.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0 "Env\ B \In1r (c1;; c2)\ A" "\ B \\If(e) c1 Else c2\\ A" "Env\ B \In1r (If(e) c1 Else c2)\ A" "Env B \\l\ While(e) c\\ A" "Env\ B \In1r (l\ While(e) c)\ A" " autointro: da.NewC)
java.lang.StringIndexOutOfBoundsException: Index 1 out of bounds for length 1 "Env\ B \\Throw e\\ A" "Env\ B \In1r (Throw e)\ A" "\B\ "Env\ B \In1r (Try c1 Catch(C vn) c2)\ A" "nv B \\c1 Finally c2\\ A" "Env\ B \In1r (c1 Finally c2)\ A"
autoda.Super) " "Env\ B \\NewC C\\ A" "Env<> B In1l (NewC C)\ A" "Env\ B \\New T[e]\\ A" "Env\ B \In1l (New T[e])\ A" "Env\ B \\Cast T e\\ A" "(java.lang.StringIndexOutOfBoundsException: Index 2 out of bounds for length 2 "Env\ B \\e InstOf T\\ A" "Env\ B \In1l (e InstOf T)\ A" "Env\ B \\Lit v\\ A" "Env\ B \In1l (Lit v)\ A" "Env\ B \\UnOp unop e\\ A" "Env\ B \In1l (UnOp unop e)\ A" "Env\ B \\BinOp binop e1 e2\\ A" "Env\ B \In1l (BinOp binop e1 e2)\ A" "Env\ B \\Super\\ A" "Env\ B \In1l (Super)\ A" "Env\ B \\Acc v\\ A" "Env\ B \In1l (Acc v)\ A" "Env\ B \\v := e\\ A" "Env\ B \In1l (v := e)\ A" "Env\ B \\c ? e1 : e2\\ A" "Envassigns_if True c = {y} "Envjava.lang.StringIndexOutOfBoundsException: Range [0, 108) out of bounds for length 0 "Env\ B \In1l ({accC,statT,mode}e\mn({pTs}args))\ A" "Env\ B \\Methd C sig\\ A" "Env\ B \In1l (Methd C sig)\ A" "Env\ B \\Body D c\\ A" "Env\ B \In1l (Body D c)\ A" "Env\ B \\LVar vn\\ A" "Env\ B \In2 (LVar vn)\ A" "Env\ B \\{accC,statDeclC,stat}e..fn\\ A" "Env\ B \In2 ({accC,statDeclC,stat}e..fn)\ A" "Env\ B \\e1.[e2]\\ A" "Env\ B \In2 (e1.[e2])\ A" "Env\ B \\[]::expr list\\ A" "Env\ B \In3 ([]::expr list)\ A" "Env\ B \\e#es\\ A"
java.lang.StringIndexOutOfBoundsException: Index 2 out of bounds for length 2 declarelemmaassignsE_subseteq_assigns_ifs declare assigns_ifsimps] declare shows "assignsE e setup\<open>map_theory_simpset (fn ctxt => ctxt |> Simplifier.add_loop ("split_all_tac", split_all_tac))\<close>
(* To be able to eliminate both the versions with the overloaded brackets: (B \<guillemotright>\<langle>Skip\<rangle>\<guillemotright> A) and with the explicit constructor (B \<guillemotright>In1r Skip\<guillemotright> A), every rule appears in both versions
*)
:A by (auto "\turnstilee<>- PrimT
:A=\< by (auto intro: da"prg E\Te\? PrimT Boolean"
java.lang.StringIndexOutOfBoundsException: Index 1 out of bounds for length 1 lemma da_Lit: ?case by (auto intro: da
lemma da_Super: "\This \ B;A = \nrm=B,brk=\ l. UNIV\\ \ Env\ B \\Super\\ A" by (auto intro: da.Superthuscase
lemma java.lang.StringIndexOutOfBoundsException: Index 6 out of bounds for length 6 by (autothus
(* For boolean expressions:
The following holds: "assignsE e \<subseteq> assigns_if True e \<inter> assigns_if False e" but not vice versa: "assigns_if True e \<inter> assigns_if False e \<subseteq> assignsE e"
assigns_if True (a || b) = assigns_if True a \<inter> (assigns_if False a \<union> assigns_if True b) = {} \<inter> ({} \<union> {y}) = {} assigns_if False (a || b) = assigns_if False a \<union> assigns_if False b = {} \<union> {y} = {y}
assigns_ifE True e = assigns_if True (a || b) \<union> assigns_if True c = {} \<union> {y} = {y} assigns_ifE False e = assigns_if False (a || b) \<inter> (assigns_if True (a || b) \<union> assigns_if False c) = {y} \<inter> ({} \<union> {y}) = {y}
assignsE e = {}
*)
lemma: assumes boolEx hyp_e1 showsauto proof - obtain vv ( bvjava.lang.StringIndexOutOfBoundsException: Index 20 out of bounds for length 20 using typeof. proof (cases "the_Bool bv") have"?Boolean e \ ?Incl e" proof (induct e) case(ast have"E\e\- (PrimT Boolean)" proof from\<open>E\<turnstile>(Cast T e)\<Colon>- (PrimT Boolean)\<close> obtain Te where"E\e\-Te" "prg E\Te\? PrimT Boolean" by cases simp
java.lang.StringIndexOutOfBoundsException: Index 6 out of bounds for length 6 by - (drule q (simp_allex_lit qed ? with Cast.hyps show ?case by simp next case (Lit val) thus ?case by - you can convert the rule byif inj_term_simps isin
rmlab_same_label]:"rmlabl)l= UNIV" case (UnOp unop e) thus ?case by - (erule wt_elim_cases (imp: rmlab_def
(fastforcelemmarmlab_same_label1]: l='\ (rmlab l A) l' = UNIV" next case (BinOp java.lang.StringIndexOutOfBoundsException: Index 84 out of bounds for length 84 from BinOp.prems obtain by (auto simp add: range_inter_ts addrange_inter_ts_def where"E\e1\-e1T" and "E\e2\-e2T" and "wt_binop (prg E) binop e1T e2T" and"binop_type binop =Booleanjava.lang.StringIndexOutOfBoundsException: Index 46 out of bounds for length 46 by (elim wt_elim_cases da_monotone
BinOp show ?case by (cases':"\B t\ A'" next case (Cond c e1 e2) note hyp_c showsnrm\<subseteq> nrm A') \<and> (\<forall> l. (brk A l \<subseteq> brk A' l))" note hyp_e1 = \<open>?Boolean e1 \<Longrightarrow> ?Incl e1\<close> note hyp_e2 = \<open>?Boolean e2 \<Longrightarrow> ?Incl e2\<close> note wt is Hyp A)java.lang.StringIndexOutOfBoundsException: Index 35 out of bounds for length 35 thenobtain
boolean_c\<turnstile>c\<Colon>-PrimT Boolean" and
boolean_e1: "E\e1\-PrimT Boolean" and
boolean_e2 by (elim wt_elim_cases
?case proof (cases "constVal c") java.lang.StringIndexOutOfBoundsException: Index 6 out of bounds for length 6 case None with boolean_e1 boolean_e2 show ?thesisnote =\<>nrm A=nrm <inter> brk C l\<close> \<open>brk A = rmlab l (brk C)\<close> using hyp_e1 hyp_e2 by (auto next case (Some) show ?thesis \<open>B \<subseteq> B'\<close> proof (cases "the_Bool bv") case True with Some show ?thesis using hyp_e1 boolean_e1 by auto next case False withshow ? using boolean_e2auto qed qed next show by (rule cases qed add ) with boolEx " C \ nrm C'" and hyp_brk: "(\l. brk C l \ brk C' l)" by auto show ?thesis by blast qed
(* Trick: If you have a rule with the abstract term injections: e.g: da.Skip "B \<guillemotright>\<langle>Skip\<rangle>\<guillemotright> A" and the current goal state as an concrete injection: e.g: "B \<guillemotright>In1r Skip\<guillemotright> A" you can convert the rule by: da.Skip [simplified] if inj_term_simps is in the simpset
*)
lemma java.lang.StringIndexOutOfBoundsException: Index 6 out of bounds for length 6 bysimprmlab_def
rmlab_same_label1l'
simprmlab_def
lemma rmlab_other_label [simp]: "l\l'\ (rmlab l A) l' = A l'" by (auto simp 'nrm' A '\Rightarrow\ brk C2'"
mma [intro"<> . A \ B k \ \\A \ \\B" by( simp: range_inter_ts_def
range_inter_ts_subseteq by (auto simp add byauto
lemma:
da_c2 "java.lang.StringIndexOutOfBoundsException: Index 26 out of bounds for length 26
da': "Env\ B' \t\ A'" shows If eE C1 C2'' from da have"\ B' A'. \Env\ B' \t\ A'; B \ B'\ \<Longrightarrow> (nrm A \<subseteq> nrm A') \<and> (\<forall> l. (brk A l \<subseteq> brk A' l))" is" ?Hyp B t A") proof (induct) case Skip thenshow ?caseby cases simp next caseExpr
Exprprems Expr show ?caseby cases simp A: nrm = ' <> nrm '" " A' C1'\<Rightarrow>\<inter> brk C2'" next case (Lab Env B c C A l B' A') note A = \<open>nrm A = nrm C \<inter> brk C l\<close> \<open>brk A = rmlab l (brk C)\<close> note\<open>PROP ?Hyp Env B \<langle>c\<rangle> C\<close> moreover note\<open>B \<subseteq> B'\<close> moreover obtain C' where\<turnstile> B' \<guillemotright>\<langle>c\<rangle>\<guillemotright> C'" and A': "nrm A' = nrm C' \ brk C' l" "brk A' = rmlab l (brk C')" using Lab.prems ': nrmC2\ nrm C2'" "(\l. brk C2 l \ brk C2' l)" by cases simp ultimately have"nrm C \ nrm C'" and hyp_brk: "(\l. brk C l \ brk C' l)" by auto then have"nrm C \ brk C l \ nrm C' \ brk C' l" by auto moreover from hyp_brk have"rmlab l (brk C) l' \ rmlab l (brk C') l'" for l' by ( moreovernote A A' ultimatelyshow ?case by simp next case (Comp B c1 c2 A 'A) note A = \<open>nrm A = nrm C2\<close> \<open>brk A = brk C1 \<Rightarrow>\<inter> brk C2\<close> from\<open>Env\<turnstile> B' \<guillemotright>\<langle>c1;; c2\<rangle>\<guillemotright> A'\<close> obtain C1' C2' where da_c1: "Env\ B' \\c1\\ C1'" and
da_c2: "Env\ nrm C1' \\c2\\ C2'" and
A': "nrm A' = nrm C2'" "brk A' = brk C1' \\ brk C2'"
cases notenote'
m \<open>B \<subseteq> B'\<close> moreovernote da_c1 ultimatelyhave C1': "nrm C1 \ nrm C1'" "(\l. brk C1 l \ brk C1' l)" by auto note\<open>PROP ?Hyp Env (nrm C1) \<langle>c2\<rangle> C2\<close> with da_c2 have C2': "nrm C2 \ nrm C2'" "(\l. brk C2 l \ brk C2' l)" by auto with A A' C1' show ?case by auto next case (If Env B e E c1 C1 c2 C2 A B' A') note= from\<open>Env\<turnstile> B' \<guillemotright>\<langle>If(e) c1 Else c2\<rangle>\<guillemotright> A'\<close>showthesis obtain C1' C2' where da_c1: "Env\ B' \ assigns_if True e \\c1\\ C1'" and
da_c2:"\ ' assigns_if False e \\c2\\ C2'" and
A': "nrm A' = nrm C1' \ nrm C2'" "brk A' = brk C1' \\ brk C2'" by cases auto note\<open>PROP ?Hyp Env (B \<union> assigns_if True e) \<langle>c1\<rangle> C1\<close>'C' moreoverbycasesbv "l=l')auto moreovernote da_c1 ultimatelyqed by blast note\< with da_c2 B' obtain C2by java.lang.StringIndexOutOfBoundsException: Index 13 out of bounds for length 13 by blast with showcasethuscase ( da_elim_cases by auto next case (Loop Env B e E c C A l B' A') notejava.lang.NullPointerException \
java.lang.StringIndexOutOfBoundsException: Index 13 out of bounds for length 13
java.lang.StringIndexOutOfBoundsException: Range [22, 12) out of bounds for length 85
da_c': '=brk
A': "nrm A' = nrm C' \ (B' \ assigns_if False e)" "brk A' = brk C'"note = by cases auto note\<open>PROP ?Hyp Env (B \<union> assigns_if True e) \<langle>c\<rangle> C\<close> moreovernote\<open>PROP ?Hyp (Env\<lparr>lcl := (lcl Env)(VName vn\<mapsto>Class C)\<rparr>) moreovernote da_c' ultimatelyobtain C': "nrm C \ nrm C'" "(\l. brk C l \ brk C' l)" byblast withA'Bjava.lang.StringIndexOutOfBoundsException: Index 16 out of bounds for length 16 have"nrm A by blast moreover have"brk A l' \ brk A' l'" for l' proof (cases "constVal e") case Nonewhere':"\\c1\\ C1'" and with'C' show ?thesis by (cases "l=l'") auto next case(Some bv) with A A' C' show ?thesis by (cases "the_Bool bv", cases "l=l'") auto by cases auto ultimately ?case byauto next case (Jmp jump B A Env B' A') thus?caseby(elim da_elim_cases) (auto split jump) next case hyp_c2 \<open>PROP ?Hyp Env B \<langle>c2\<rangle> C2\<close> next case (Try Env B c1 C1 vn C c2 C2 A B' A') note A = obtainnrm <subseteq> nrm C2'" "(\<forall>l. brk C2 l \<subseteq> brk C2' l)" from\<open>Env\<turnstile> B' \<guillemotright>\<langle>Try c1 Catch(C vn) c2\<rangle>\<guillemotright> A'\<close>(drule hyp_c2)
C1' C2' where da_c1': "Env\ B' \\c1\\ C1'" and
da_c2': by auto \<guillemotright>\<langle>c2\<rangle>\<guillemotright> C2'" and
A': "nrm A' = nrm C1' \ nrm C2'" " A' = brk C1' \\ brk C2'" by cases autocaseNewC ?caseby ( da_elim_cases) auto note\<open>PROP ?Hyp Env B \<langle>c1\<rangle> C1\<close> noteB =\<open>B \<subseteq> B'\<close> moreovernote da_c1' ultimatelyobtain C1': "nrm C1 \ nrm C1'" "(\l. brk C1 l \ brk C1' l)" by blast note\<open>PROP ?Hyp (Env\<lparr>lcl := (lcl Env)(VName vn\<mapsto>Class C)\<rparr>)
(B \<union> {VName vn}) \<langle>c2\<rangle> C2\<close> with B' case Inst thus ?case by (elim da_elim_cases) auto obtain"nrm C2 \ nrm C2'" "(\l. brk C2 l \ brk C2' l)" by blast with C1' A A' show ?case by auto next case( Env B c1 c2 C2 'A) note A = \<open>nrm A = nrm C1 \<union> nrm C2\<close> \<open>brk A = (brk C1 \<Rightarrow>\<union>\<^sub>\<forall> nrm C2) \<Rightarrow>\<inter> (brk C2)\<close> from\<open>Env\<turnstile> B' \<guillemotright>\<langle>c1 Finally c2\<rangle>\<guillemotright> A'\<close> obtain C1' C2'
da_c1Env
da_c2': "Env\ B' \\c2\\ C2'" and
A' "nrm A nrmC1 \ nrm C2'" "brk A' = (brk C1' \\\<^sub>\ nrm C2') \\ (brk C2')" by cases auto note\<open>PROP ?Hyp Env B \<langle>c1\<rangle> C1\<close> moreover A': nrm A' =B \ moreovernoteda_c1 ultimatelyobtain C1': "nrm C1 assigns_if False (BinOp CondAnd e1 e2)" by blast note hyp_c2 = \<open>PROP ?Hyp Env B \<langle>c2\<rangle> C2\<close> from'B'java.lang.StringIndexOutOfBoundsException: Index 19 out of bounds for length 19 obtain"nrm C2 \ nrm C2'" "(\l. brk C2 l \ brk C2' l)" by - (drule hyp_c2,auto) with A A' C1' show ?java.lang.StringIndexOutOfBoundsException: Index 14 out of bounds for length 14 by auto next case Init thus ?casenext next case NewC thus ?caseby (elim da_elim_cases) auto next case NewA thus ?caseby (elim da_elim_casesnext next case Cast thus ?casecaseSuper ?case elim) auto next
Inst ?caseby ( da_elim_cases) auto nextjava.lang.StringIndexOutOfBoundsException: Index 7 out of bounds for length 7 casethus ( da_elim_cases next case UnOp thus elim) java.lang.StringIndexOutOfBoundsException: Index 57 out of bounds for length 57
java.lang.StringIndexOutOfBoundsException: Index 7 out of bounds for length 7
(ondAnd Be1 e2 E2 A B'A'java.lang.StringIndexOutOfBoundsException: Index 45 out of bounds for length 45 note A = \<open>nrm A = B \<union>
True BinOp e1 e2 \<inter>
assigns_if False (BinOp CondAndassigns_if (c ? e1e2 \<open>brk A = (\<lambda>l. UNIV)\<close> from\<open>Env\<turnstile> B' \<guillemotright>\<langle>BinOp CondAnd e1 e2\<rangle>\<guillemotright> A'\<close> obtain' nrmA'= B
assigns_if True note\<open>Env\<turnstile> (c ? e1 : e2)\<Colon>- (PrimT Boolean)\<close>
False (BinOp e1 e2)java.lang.StringIndexOutOfBoundsException: Index 72 out of bounds for length 72 "brkA'=(\l. UNIV)" by cases auto note' =\<>B \ B'\ with A A' show ?case by auto next case CondOr thus ?caseby (elim (elim) (auto simp add inj_term_simps next case BinOp thus ?caseby (elim da_elim_cases B java.lang.NullPointerException next case Super thus ?caseby (elim next case AccLVar A=\<> A nrm \<inter> nrm E2\<close> \<open>brk A = (\<lambda>l. UNIV)\<close> next case Acc thus ?caseby (elim da_elim_cases) auto next case AssLVar thus ?caseby (elim da_elim_cases) auto next case Ass thus ?caseby (elim da_elim_cases) auto next case (CondBool Env c e1 e2 B C E1 E2 A B' A') note A = \<open>nrm A = B \<union>
assigns_if True (c ? e1 : e2) \<inter>
assigns_if False (c ? e1 : e2)\<close> \<open>brk A = (\<lambda>l. UNIV)\<close> note\<open>Env\<turnstile> (c ? e1 : e2)\<Colon>- (PrimT Boolean)\<close> moreover note\<open>Env\<turnstile> B' \<guillemotright>\<langle>c ? e1 : e2\<rangle>\<guillemotright> A'\<close> ultimately obtain A': "nrm A' = B' \
assigns_if True (c ? e1 : e2) \<inter>
assigns_if False (c ? e1 : e2)" "brk A' = (\l. UNIV)" by (elim da_elim_cases) (auto simp add: inj_term_simps) (* inj_term_simps needed to handle wt (defined without \<langle>\<rangle>) *) note B' = \B \ B'\ with A A' show ?case by auto next case (Cond Env c e1 e2 B C E1 E2 A B' A') note A = \<open>nrm A = nrm E1 \<inter> nrm E2\<close> \<open>brk A = (\<lambda>l. UNIV)\<close> note not_bool = \<open>\<not> Env\<turnstile> (c ? e1 : e2)\<Colon>- (PrimT Boolean)\<close>
--> --------------------
--> maximum size reached
--> --------------------
¤ Dauer der Verarbeitung: 0.55 Sekunden
(vorverarbeitet)
¤
Die Informationen auf dieser Webseite wurden
nach bestem Wissen sorgfältig zusammengestellt. Es wird jedoch weder Vollständigkeit, noch Richtigkeit,
noch Qualität der bereit gestellten Informationen zugesichert.
Bemerkung:
Die farbliche Syntaxdarstellung ist noch experimentell.
