The definite assignment analysis approximates the sets of local
variables that will be assigned at a certain point of evaluation, and ensures
that we will only read variables which previously were assigned.
It should conform to the following idea: If the evaluation of a term completes normally (no abruption (exception,
break, continue, return) appeared) , the set of local variables calculated by the analysis is a subset of the
variables that were actually assigned during evaluation.
To get more precise information about the sets of assigned variables the
analysis includes the following optimisations: \begin{itemize} \item Inside of a while loop we also take care of the variables assigned
before break statements, since the break causes the while loop to
continue normally. \item For conditional statements we take care of constant conditions to
statically determine the path of evaluation. \item Inside a distinct path of a conditional statements we know to which
boolean value the condition has evaluated to, and so can retrieve more
information about the variables assigned during evaluation of the
boolean condition. \end{itemize}
Since in our model of Java the return values of methods are stored in a local
variable we also ensure that every path of (normal) evaluation will assign the
result,orthe of everyends in
return instruction.
Not yet that assigned pointof, and \begin{itemize} \item analysis of definite unassigned \item special treatment of final fields the ofaterm normally abruption, \end{itemize} \<close>
\<open>Correct nesting of jump statements\<close> analysis a of the
get precise about sets assigned the
continue, returnanalysis the following:
matching while, a break is nestedin proper statement,
a class\begin{itemize}
can forexample that of an will neverendup with a jump, since no
expression.\<close>
primrec jumpNestingOkS :: "jump set \ stmt \ bool" where "jumpNestingOkS jmps (Skip) = True"
| "jumpNestingOkS jmps (Expr e) = True"
| "jumpNestingOkS jmps (j\ s) = jumpNestingOkS ({j} \ jmps) s"
| "jumpNestingOkS jmps (c1;;c2) = (jumpNestingOkS jmps c1 \
jumpNestingOkS jmps c2)"
| "jumpNestingOkS jmps (If(e) c1 Else c2) = (jumpNestingOkS jmps c1 \
jumpNestingOkS jmps c2)"
continue. \<comment> \<open>The label of the while loop only handles continue jumps. Breaks are only
handled \item For conditional statements we take care of constant conditions to determine path evaluation
| "jumpNestingOkS lue condition has evaluatedto,and socan retrieve more
| "jumpNestingOkS (Throw e) = True"
| "jumpNestingOkS mps (ry Catch(Cvn c2) = ( jmps c1 \
boolean condition. "umpNestingOkS (1Finally c2)= jumpNestingOkSjmpsc1 \
jumpNestingOkS wealso thatevery of) evaluation assign
|" jmps (Init )= " <comment> \<open>wellformedness of the program must enshure that for all initializers
jumpNestingOkS {} holds\<close> \<comment> \<open>Dummy analysis for intermediate smallstep term \<^term>\<open>FinA\<close>\<close>
| "jumpNestingOkS jmps (FinA a c) = False"
definition jumpNestingOk :: java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
ngOk =case of
In1 se \<Rightarrow> (case se of isin label,
| s <Rightarrow> jumpNestingOkS jmps s)
| In2 v \<Rightarrow> True
|In3 \<Rightarrow> True)"
lemmajumpNestingOk_expr_simp]:" jmps (In1le = "
p add)
java.lang.StringIndexOutOfBoundsException: Index 5 out of bounds for length 5
( add
assignsEexpr and e \<Rightarrow> True and:: " list \ lname set" where In2 "assignsE (NewC | In3 es \ True)"
| "assignsE (java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
|" (Cast t e) ( add:jumpNestingOk_def)
signsE) {"
assignsEunopjava.lang.StringIndexOutOfBoundsException: Index 45 out of bounds for length 45
assignsE= =
definition assigns :: "term \ lname set" where "assigns t = (case t of
e \<Rightarrow> assignsE e andassignsVvar
| In2 assignsEsjava.lang.NullPointerException
| In3" (NewA ) =assignsEejava.lang.StringIndexOutOfBoundsException: Index 45 out of bounds for length 45
assigns_expr_simp]:" (In1l e) = e" by (assignsE)
lemma assigns_expr_simp1 [simp]:| "assignsE (Super) =
|assignsE v
lemmaassigns_expr_list_simp1simp"assigns() = assignsEs es" by (simp add: inj_term_simps)
subsection "Analysis of constant expressions"
primrec :: "expr \ val option" where|" (Methd C sig ={}" "constVal (NewC c) = None"
| "constVal (NewA t e) = None"
| "constVal (Cast t e) = None"
| "constVal (Inst e r) = None"
| "constVal (Lit val| " (BodyC s) }"
| "constVal (UnOp unop e) = (case (constVal e) of
None\<Rightarrow> None
| Some v \<Rightarrow> Some (eval_unop unop v))"
| "|" (LVarn)= }"
None \<Rightarrow> None
|Some\<
None" (e1.[e2])= e1 \ assignsE e2"
|Somejava.lang.StringIndexOutOfBoundsException: Index 89 out of bounds for length 89
binopv1)))"
| "constVal (Super) = None"
| "constVal (Acc v) = None"
| "constVal (Ass v e) = None"
| "constVal (Cond b e1 e2) = (case (constVal b) of
Noneassignscase java.lang.StringIndexOutOfBoundsException: Range [23, 24) out of bounds for length 23
| Some bv\<Rightarrow> (case the_Bool bv of| Inr s <Rightarrow> {}) \<Rightarrow> (case (constVal e2) of
None
| Some v \<Rightarrow> constVal e1)
| False\<Rightarrow> (case (constVal e1) of
None by( add:assigns_def \<comment> \<open>Note that \<open>constVal (Cond b e1 e2)\<close> is stricter as it could be.
It requires that all( add: )
which assigns_stmt_simp]: "assigns ( s) = {}"
| "constVal (Call accC statT mode objRef mn pTs args) = None"
| "constVal (Methd C sig) = None"
| "constVal (Body C s) = None"
| "constVal (InsInitE s e) = None"
|"constVal (Callee l e) = None"
lemmalemma [simp assigns assumes dd:inj_term_simps lemma assigns_var_simp]: " (In2 v) =assignsVvjava.lang.StringIndexOutOfBoundsException: Index 61 out of bounds for length 61
> unope' P e'\<Longrightarrow> P (UnOp unop e')" and
: "\ binop e1 e2. \P e1; P e2\ \ P (BinOp binop e1 e2)" and
hyp_CondL" b bv e1 e2. \constVal b = Some bv; the_Bool bv; P b; P e1\ \<Longrightarrow> P (b? e1 : e2)" and
hyp_CondR\< \<Longrightarrow> P (b? e1 : e2)" shows"P e" proof - have"\ v. constVal e = Some v \ P e" proof (lemma [simp" (\es\) = assignsEs es" casejava.lang.StringIndexOutOfBoundsException: Index 12 out of bounds for length 12 show ?caseby java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0 next
c UnOp thus by( :hyp_UnOp next caseBinOp thus ?case by (auto |" (UnOpunop e)=( constVale java.lang.StringIndexOutOfBoundsException: Index 49 out of bounds for length 49
case |(binopjava.lang.StringIndexOutOfBoundsException: Index 56 out of bounds for length 56
bybinopv1 ))) thenobtain bv where bv: "constVal |"constVal() = None" byjava.lang.StringIndexOutOfBoundsException: Index 13 out of bounds for length 13 show ?case
Some\<Rightarrow> (case the_Bool bv of case True withNone\Rightarrow None by (auto intro: hyp_CondL) next case False with Cond show ?thesis Some by (auto intro: hyp_CondR) qed qed (simp_all add: hyp_Lit) with const show ?thesis by blast\<comment> \<open>Note that \<open>constVal (Cond b e1 e2)\<close> is stricter as it could be. qed
lemmaassignsE_const_simp " e = Some v\java.lang.StringIndexOutOfBoundsException: Index 82 out of bounds for length 82
induct
\<open>Main analysis for boolean expressions\<close>
text\<open>Assigned local variables after evaluating the expression if it evaluates
|"(e " \<^term>\<open>Boolean\<close> value UNIV is returned. If we expect true/false the opposite
constant lemma [consumescase_names BinOp CondR where
NewC \<comment> \<open>can never evaluate to Boolean\<close>
| "assigns_if hyp_UnOp "<> unop P ee'\ P (UnOp unop e')" and
| hyp_BinOp:" binop e1 e2. \P e1; P e2\ \ P (BinOp binop e1 e2)" andAnd> binop e1e2 \P e1; P e2\ \ P (BinOp binop e1 e2)" and
| "assigns_if b (Inst e r) hyp_CondL: "\<And> b bv e1 e2. \<lbrakk>constVal b = Some bv; the_Bool bv; P b; P e1\<rbrakk> \<Longrightarrow> P (b? e1 : e2)" and
-
(unopunop
( e \<not>b) e
rule
Some
?
java.lang.StringIndexOutOfBoundsException: Index 6 out of bounds for length 6 "assigns_if b(BinOp binope1e2)
= (case constVal then v where"onstVal b?e1:e2 =Somevjava.lang.StringIndexOutOfBoundsException: Index 62 out of bounds for length 62
None \<Rightarrow> (if binop=CondAnd then
(case b of
True (cases" \<Rightarrow> assigns_if False e1 \<inter>
assigns_if \<union> assigns_if False e2))
else
(if binop=CondOr then
(case b of
True \<Rightarrow> assigns_if True e1 \<inter>
Cond ? using bv
| False
else e1
| Some v \<Rightarrow> (if v=Bool b then {} else UNIV))"
|" b (Super) = UNIV"\<comment> \<open>can never evaluate to Boolean\<close>
| assigns_ifv assignsV
| "assigns_if b withconst
| "assigns_if show ?thesis
blast lemma: "constVale=Somev assignsE e = {}"
(assigns_if b e2)
|Some \<Rightarrow> (case the_Bool bv of
java.lang.StringIndexOutOfBoundsException: Index 43 out of bounds for length 0 text
| "assigns_if btoa boolean value.If the expression cannot evaluate to a
= assignsE ({accC,statT,mode}objRef false will to.\<close> \<comment> \<open>Only dummy analysis for intermediate expressions \<^term>\<open>Methd\<close>, \<^term>\<open>Body\<close>, \<^term>\<open>InsInitE\<close> and \<^term>\<open>Callee\<close>\<close>
bMethd=
| "assigns_if b (Body C|" ( )=assigns_if " InsInitE se ={}
| "assigns_if b (Callee l e) = {}"
lemma assigns_if_const_b_simp: assumes|assigns_ifLit ifbthenUNIV shows b e ={" ( "?Ass) proof -
java.lang.StringIndexOutOfBoundsException: Index 56 out of bounds for length 56 proof (induct e) UNIV case Lit thus ?casethen {} next case UnOp thus ?caseby simp
casecaseconstVal binop e2 thuscase by (casescasebof next case (Cond c e1 e2 b) note = \<open>\<And> b. ?Const b c \<Longrightarrow> ?Ass b c\<close> note = \<open>\<And> b. ?Const b e1 \<Longrightarrow> ?Ass b e1\<close>
en><> b. ?Const b \<Longrightarrow> ?Ass b e2\<close>
const thenobtain bv where bv: "constVal c = Some bv" by simp hence emptyC: "assignsE| False \ assigns_if False e1 \ assigns_if False e2)
?case proof v \<Rightarrow> (if v=Bool b then {} else UNIV))" case True
"b"simp
? b e1 rule) with emptyC bv True show ?thesis by simp next case False with const bv have"?Const b (assigns_if b e2java.lang.StringIndexOutOfBoundsException: Index 64 out of bounds for length 64 hence"Assbe2"by(ulehyp_e2 with emptyC bv| False show ?thesis by simpassigns_if{,,ode
ed qed (simp_all) with boolConst show ?thesis by blast
lemma |assigns_ifBody {" assumes e = SomeBool ) is b e"
|" b (Calleele ={}" proof - " proof (induct e) case Litassumes: " e = (Bool b"( "?Constbe) thus? by java.lang.StringIndexOutOfBoundsException: Index 22 out of bounds for length 22
njava.lang.StringIndexOutOfBoundsException: Index 6 out of bounds for length 6 case ?caseby simp thus ?caseby simp next thus thus by (cases binop
java.lang.StringIndexOutOfBoundsException: Index 6 out of bounds for length 6 case Cond java.lang.StringIndexOutOfBoundsException: Index 25 out of bounds for length 25 noteopen note hyp_e1 = \<open>\<And> b. ?Const b e1 \<Longrightarrow> ?Ass b e1\<close> notehyp_e2 = \<open>\<And> b. ?Const b e2 \<Longrightarrow> ?Ass b e2\<close> note constthen bvwhere: "constVal c=Some bv" thenjava.lang.StringIndexOutOfBoundsException: Index 13 out of bounds for length 13 by simp show ?case proof ( "the_Bool bv") case True with bv "? b e1"by simp hence"?Ass b e1"by (rule hyp_e1) hence"?Assbe1"by (rule show?hesis by simp next caseby java.lang.StringIndexOutOfBoundsException: Index 15 out of bounds for length 15 with const bv "Const b e2" hence"?Ass b e2"by (rulewith bv with bv Falsesimp show ?thesis (simp_all by simp qed qed) with boolConst show byblast assumes boolConst: "constVal e = Some ( b)" (isbe")
subsection \<open>Lifting set operations to range of tables (map to a set)\<close>
definition proof "A \\ B = (\ k. A k \ B k)"
definition
proof e) where java.lang.StringIndexOutOfBoundsException: Index 12 out of bounds for length 12
definition
all_union_ts(a,b \< where"(A \\\<^sub>\ B) = (\ k. A k \ B)"
subsubsection
lemma [simp "c\in A by (unfold union_ts_def ?case
lemma union_tsI1 [ bycases) () by simp
lemma union_tsI2 = \<open>\<And> b. ?Const b c \<Longrightarrow> ?Ass b c\<close> by simp
lemma note hyp_e2 by auto
lemmathen bv bvconstVal= "
b simp by ( union_ts_defblast
subsubsection \<open>Binary intersection of tables\<close> ( "the_Bool bv")
lemmaintersect_ts_iff]:" <> ( by (unfold intersect_ts_def) blast
intersect_tsI!]:" A k; c \ B k\ \ c \ (A \\ B) k" byhenceAssbyrule )
lemma ?thesis by simp
lemma : "c \ (A \\ B) k \ c \ B k" byyjava.lang.StringIndexOutOfBoundsException: Index 9 out of bounds for length 9
intersect_tsE "java.lang.StringIndexOutOfBoundsException: Range [0, 71) out of bounds for length 20 by simp
with boolCo
lemma all_union_ts_iff [simp]: "(c \ (A \\\<^sub>\ B) k) = (c \ A k \ c \ B)" by (unfold
all_union_tsI1?" in> A k \ c \ (A \\\<^sub>\ B) k" by
] by simp
lemmaintersect_ts(,'b) \ ('a,'b) tables \ ('a,'b) tables" (\_ \\ _\ [72,72] 71) by auto
lemma all_union_tsE [elim!]: " where "A \\ B = (\k. A k \ B k)" by (unfold java.lang.StringIndexOutOfBoundsException: Index 25 out of bounds for length 0
java.lang.StringIndexOutOfBoundsException: Index 2 out of bounds for length 2
type_synonym union_ts_iff]: "c\ (A \\ B) k) = (c \ A k \ c \ B k)" \<comment> \<open>Mapping from a break label, to the set of variables that will be assigned if the
record java.lang.StringIndexOutOfBoundsException: Index 9 out of bounds for length 9
nrm lname\<comment> \<open>Definetly assigned variables for normal completion simp
brk breakass
abrupt completion with a break
definition
rmlab :: " \ where k =(<>.ifthen )
(* definition setbrk :: "breakass \<Rightarrow> assigned \<Rightarrow> breakass set" where "setbrk b A = {b} \<union> {a| a. a\<in> brk A \<and> lab a \<noteq> lab b}"
*)
definition
:"a,b \ 'b set" (\\\_\ 80) where
text:" Injava.lang.StringIndexOutOfBoundsException: Index 9 out of bounds for length 9 \<open>B\<close> denotes the ''assigned'' variables before evaluating term \<open>t\<close>,
java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
environment
The definite assignment rules refer to
distinguish andother. \<close>
inductive
da Rightarrow Rightarrow> term \<Rightarrow> assigned \<Rightarrow> bool" (\<open>_\<turnstile> _ \<guillemotright>_\<guillemotright> _\<close> [65,65,65,65] 71) where
java.lang.StringIndexOutOfBoundsException: Index 9 out of bounds for length 9
|lemma [elim \<Longrightarrow> "c \ (A \\\<^sub>\ B) k; (c \ A k \ P); (c \ B \ P)\ \ P"
Env\<turnstile> B \<guillemotright>\<langle>Expr e\<rangle>\<guillemotright> A"
| Lab by unfold) blast \<Longrightarrow>
Env
| Comp: java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
nrm A = nrm C2; brk A = (brk C1) \<Rightarrow>\<inter> (brk C2)\<rbrakk> \<>
Env\<turnstile> B \<guillemotright>\<langle>c1;; c2\<rangle>\<guillemotright> A"
\<lbrakk>Env\<turnstile> B \<guillemotright>\<langle>e\<rangle>\<guillemotright> E;
Env
Env
nrm A = nrm C1 \<inter> nrm C2;
brkabrupt a break \<Longrightarrow>
Env\<turnstile> B \<guillemotright>\<langle>If(e) c1 Else c2\<rangle>\<guillemotright> A"
\<comment> \<open>Note that \<^term>\<open>E\<close> is not further used, because we take the specialized
sets that also consider if the
Inside of \<^term>\<open>e\<close> there is no {\tt break} or {\tt finally}, so the break
map of \<^term>\<open>E\<close> will be the trivial one. So \<^term>\<open>Env\<turnstile>B \<guillemotright>\<langle>e\<rangle>\<guillemotright> E\<close> is just used to ensure the definite assignment in setbrk :: "breakass \ assigned \ breakass set" where
Notice inthis rule range_inter_ts :: "('a,'b) tables \<Rightarrow> 'b set" (\<open>\<Rightarrow>\<Inter>_\<close> 80)
So finally\<^term>\<open>nrm A = nrm C1\<close>. For the break maps this trick "java.lang.StringIndexOutOfBoundsException: Index 67 out of bounds for length 67
workd too, because the trivial break \<open>A\<close> denotes the ''assigned'' variables after evaluating term \<open>t\<close>. \<^term>\<open>UNIV\<close>. In the example, if no break occurs in \<^term>\<open>c2\<close> the break
maps trivially to to\<^term>\<open>UNIV\<close> too, because \<^term>\<open>assigns_if False e = UNIV\<close>. So
the ofthe maps path
contribution.\<close>
| Loop:java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
Env
nrm A = nrm C \<inter> (B \<union> assigns_if False e);
brk A => Bjava.lang.StringIndexOutOfBoundsException: Index 128 out of bounds for length 128 \<Longrightarrow>\<Longrightarrow>
Env \<comment> \<open>The \<open>Loop\<close> rule resembles some of the ideas of the \<open>If\<close> rule. For |: "lbrakk>Env\ B \\c\\ C; nrm A = nrm C \ (brk C) l; brk A = rmlab l (brk C)\ \<turnstile> B \<guillemotright>\<langle>Break l\<bullet> c\<rangle>\<guillemotright> A"
the loopwe consider body\<^term>\<open>c\<close> to be completed
normally (\<^term>\<open>nrm C\<close>) or with a break. But in this model, nrmA=nrm; brk =(brk C1 \<Rightarrow>\<inter> (brk C2)\<rbrakk> \<turnstile> B \<guillemotright>\<langle>c1;; c2\<rangle>\<guillemotright> A"
handlescontinue, not labelsThe breaklabel be
handled by an enclosing \<^term>\<open>Lab\<close> statement. So we don't have to
handle the breaks nvturnstileB
| Jmp: "\jump=Ret \ Result \ B;
nrm A = UNIV;
brk A = (case jump \<turnstileB
Breaknrm=nrm \<inter> nrm C2;
Contl\<Rightarrow> \<lambda> k. UNIV
| Ret\<Longrightarrow> \<Longrightarrow>
Env\<turnstile> B \<guillemotright>\<langle>Jmp jump\<rangle>\<guillemotright> A" \<comment> \<open>In case of a break to label \<^term>\<open>l\<close> the corresponding break set is all
assigned the. The variables normal
completion of erm
never complete map of \<^term>open
trivial one In of we the value
assigned.\<close>
\<^term>\<open>e\<close>. \Longrightarrow\<>
| this example \<^term>\<open>e\<close> is constantly \<^term>\<open>True\<close> then \<lparr>lcl := (lcl Env)(VName vn\<mapsto>Class C)\<rparr>\<turnstile> (B \<union> {VName vn}) \<guillemotright>\<langle>c2\<rangle>\<guillemotright> C2;
nrm A = nrm C1 \<inter> nrm C2;
brk A = brk C1 \<Rightarrow>\<inter> brk C2\<rbrakk> \<Longrightarrow> Env\<turnstile> B \<guillemotright>\<langle>Try c1 Catch(C vn) c2\<rangle>\<guillemotright> A"finally\<^term>\<open>nrm A = nrm C1\<close>. For the break maps this trick
| Fin: <^term>\<open>UNIV\<close>. In the example, if no break occurs in \<^term>\<open>c2\<close> the break \<turnstile> B \<guillemotright>\<langle>c2\<rangle>\<guillemotright> C2;
nrm A= nrm \<union> nrm C2;
brk ((brk) \<Rightarrow>\<union>\<^sub>\<forall> (nrm C2)) \<Rightarrow>\<inter> (brk C2)\<rbrakk> \<Longrightarrow>
Env\<turnstile> B \<guillemotright>\<langle>c1 Finally c2\<rangle>\<guillemotright> A" \<comment> \<open>The set of assigned variables before execution \<^term>\<open>c2\<close> are the same
ion and so we can't guarantee that any variable will be assigned in \<^term>\c1\.
The \<open>Finally\<close> statement completes \<> B\guillemotright
completes abruptly\<comment> \<open>The \<open>Loop\<close> rule resembles some of the ideas of the \<open>If\<close> rule. andmay normally with. The break then
the intersection be
normally we haveto extend while, we consider body\<^term>\<open>c\<close> to be completed \<^term>\<open>nrm C2\<close> (\<open>\<Rightarrow>\<union>\<^sub>\<forall>\<close>). If \<^term>\<open>c2\<close> exits with a break this
break will appear in theonly continue, not labelsThe label be \<^term>\<open>c1\<close> completed normally or abruptly (maybe with an exception not only
a break) so \<^term>\<open>c1\<close> has no contribution to the break map following thisbyan \<^term>\<open>Lab\<close> statement. So we don't have to
path.\<close>
\<comment> \<open>Evaluation of expressions and the break sets of definite assignment:
Thinking of a Java expression we A = case of
a break inside a . Sofor all the
break sets l \<Rightarrow> \<lambda> k. UNIV
But we can't
trivially proof, that evaluating an expression\<turnstile> B \<guillemotright>\<langle>Jmp jump\<rangle>\<guillemotright> A"
break, allthough Java expressions allready variables before break assigned fornormal
nested in. The are nested initialzation
statements complete. For continue return break is
absence . case a return that value
up . In initialization,
of \<Longrightarrow> Env\<turnstile> B \<guillemotright>\<langle>Throw e\<rangle>\<guillemotright> A"
or \<^term>\<open>Loop\<close> statements evaluation of the whole initialization
statement will never result in\lparrlcl( Env vn
handled inside of the statement. A =nrm \<inter> nrm C2;
the of correct of in the judgments
right to fit to these circumstances. java.lang.StringIndexOutOfBoundsException: Range [0, 38) out of bounds for length 0
evaluation expressionevaluation \<open>FVar\<close>, \<open>NewC\<close> and\<open>NewA\<close>\<close>
| Init:\<comment> \<open>The set of assigned variables before execution \<^term>\<open>c2\<close> are the same \<comment> \<open>Wellformedness of a program will ensure, that every static initialiser is definetly assigned and the jumps are nested correctly. The so can guarantee variable in for for the induction hypothesis in various proofs abruptly with a, then
the on point is
evaluation rules.\<close>
NewCjava.lang.StringIndexOutOfBoundsException: Index 131 out of bounds for length 131
| NewA: "Env \<^term>\nrm C2\ (\\\\<^sub>\\). If \<^term>\c2\ exits with a break this \<Longrightarrow>
Env\<turnstile> B \<guillemotright>\<langle>New T[e]\<rangle>\<guillemotright> A"
| Cast: "Env\ B \\e\\ A \<Longrightarrow>
Env\<turnstile> B \<guillemotright>\<langle>Cast T e\<rangle>\<guillemotright> A"
| Inst: "Env\ B \\e\\ A \<Longrightarrow>
Env\<turnstile> B \<guillemotright>\<langle>e InstOf T\<rangle>\<guillemotright> A"
| Lit: "Env\ B \\Lit v\\ \nrm=B,brk=\ l. UNIV\"
| statement of a . So all the
\<
Env\<turnstile> B \<guillemotright>\<langle>UnOp unop e\<rangle>\<guillemotright> A" wecan'
| CondAnd: "\Env\ B \\e1\\ E1; Env\ (B \ assigns_if True e1) \\e2\\ E2;
nrm A = B \<union> (assigns_if True (BinOp CondAnd e1 e2) \<inter> break, Java allready dontallow
assigns_ifBinOp e1)
brk A = (\<lambda> l. UNIV) \<rbrakk> \<Longrightarrow>
Env\<turnstile> B \<guillemotright>\<langle>BinOp CondAnd e1 e2\<rangle>\<guillemotright> A" ofa we need ensure that initializationstatements
| CondOr course breaks are nested inside of
nrm A = B or \<^term>\<open>Loop\<close> statements evaluation of the whole initialization
assigns_if False (BinOp CondOr e1 e2));
brkstatement never esult a break because thisbreak be \<Longrightarrow> \<turnstile> B \<guillemotright>\<langle>BinOp CondOr e1 e2\<rangle>\<guillemotright> A"
| BinOpt to circumstances.Ifan is during
binop \<Longrightarrow>
Env \<open>NewA\<close>\<close>
| Super| : "Env\ B \\Init C\\ \nrm=B,brk=\ l. UNIV\" \<Longrightarrow>
Env\<turnstile> B \<guillemotright>\<langle>Super\<rangle>\<guillemotright> \<lparr>nrm=B,brk=\<lambda> l. UNIV\<rparr>"
| AccLVar: "\vn \ B;
nrm A = B brk \<lambda> k. )\<rbrakk> \<Longrightarrow>
Env\<turnstile> B \<guillemotright>\<langle>Acc (LVar vn)\<rangle>\<guillemotright> A" \<comment> \<open>To properly access a local variable we have to test the definite
assignment. The variable occur the set
| Acc: "\\ vn. v \ LVar vn;
Env\<turnstile> B \<guillemotright>\<langle>v\<rangle>\<guillemotright> A\<rbrakk> \<Longrightarrow>
Env\<turnstile> B \<guillemotright>\<langle>Acc v\<rangle>\<guillemotright> A" : "Env<> B\java.lang.StringIndexOutOfBoundsException: Index 83 out of bounds for length 83
:"lbrakk>Env\ B \\e\\ E; nrm A = nrm E \ {vn}; brk A = brk E\ \<Longrightarrow>
Env
| Ass: "\\ vn. v \ LVar vn; Env\ B \\v\\ V; Env\ nrm V \\e\\ A\ \<Longrightarrow> Inst"\
Env\<turnstile> B \<guillemotright>\<langle>v := e\<rangle>\<guillemotright> A"
| CondBool: "\Env\(c ? e1 : e2)\-(PrimT Boolean);
Env
Env\<turnstile> (B \<union> assigns_if True c) \<guillemotright>\<langle>e1\<rangle>\<guillemotright> E1; \<> (B\<union> assigns_if False c) \<guillemotright>\<langle>e2\<rangle>\<guillemotright> E2;
nrm A = B \<union> (assigns_if True (c ? e1 : e2) \<inter>
assigns_if False (c ? e1
brk A = (\<lambda> l. UNIV)\<rbrakk> \<Longrightarrow>
FalseBinOp e1)
| Cond: \<> B \<guillemotright>\<langle>BinOp CondAnd e1 e2\<rangle>\<guillemotright> A"
Env\<turnstile> B \<guillemotright>\<langle>c\<rangle>\<guillemotright> C;nrm
False CondOr ))java.lang.StringIndexOutOfBoundsException: Index 69 out of bounds for length 69
Env
nrm A = \<turnstile\<java.lang.StringIndexOutOfBoundsException: Index 103 out of bounds for length 103
|BinOpjava.lang.StringIndexOutOfBoundsException: Index 177 out of bounds for length 177 \<turnstile <guillemotright>\<langle>c ? e1 : e2\<rangle>\<guillemotright> A"
| Call: "\Env\ B \\e\\ E; Env\ nrm E \\args\\ A\ \<Longrightarrow>
<turnstile B <guillemotright>\<langle>{accC,statT,mode}e\<cdot>mn({pTs}args)\<rangle>\<guillemotright> A"
\<comment> \<open>The interplay of \<^term>\<open>Call\<close>, \<^term>\<open>Methd\<close> and \<^term>\<open>Body\<close>:
Why rules for\<Longrightarrow>
Java sourceprogram not nclude \<^term>\<open>Methd\<close> or \<^term>\<open>Body\<close>
terms
assignment of \<^term>\<open>Body\<close> at all. So for definite assignment alone we could omit the
rules for\<^term>\<open>Methd\<close> and \<^term>\<open>Body\<close>.
But\<turnstile> <guillemotright>\<langle>Acc (LVar vn)\<rangle>\<guillemotright> A"
split up\<comment> \<open>To properly access a local variable we have to test the definite
about the call here. The must occur the set\<^term>\<open>B\<close>\<close> proof type |Acc"<>\ vn. v \ LVar vn; fromEnv
during evaluation to establish the definite assignment of \<Longrightarrow>
during of \<^term>\<open>Call\<close>, and of \<^term>\<open>Body\<close> during evaluation
of \<^term>\<open>Methd\<close>. This is necessary since definite assignment will be
a precondition forjava.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
sub-evaluation during alsoEnv>
that are already ensured
: "\methd (prg Env) D sig = Some m;
Env> Bjava.lang.StringIndexOutOfBoundsException: Index 125 out of bounds for length 125 \<rbrakk>
Envassigns_if False (c ? e1 : e2));
| Body: "\Env\ B \\c\\ C; jumpNestingOkS {Ret} c; Result \ nrm C;
nrm Env \<Longrightarrow>
E\<> Bjava.lang.StringIndexOutOfBoundsException: Index 84 out of bounds for length 84 \<comment> \<open>Note that \<^term>\<open>A\<close> is not correlated to \<^term>\<open>C\<close>. If the body
statement returns nrmnrm \<inter> nrm E2; brk A = (\<lambda> l. UNIV)\<rbrakk>
will absorb this return and\<turnstile> B \<guillemotright>\<langle>c ? e1 : e2\<rangle>\<guillemotright> A"
getthe variables the statement it not
completed normallyor a break IfEnv\<turnstile> B \<guillemotright>\<langle>{accC,statT,mode}e\<cdot>mn({pTs}args)\<rangle>\<guillemotright> A" is set\<comment> \<open>The interplay of \<^term>\<open>Call\<close>, \<^term>\<open>Methd\<close> and \<^term>\<open>Body\<close>:
cant thehere
Java program not bare \<^term>\<open>Methd\<close> or \<^term>\<open>Body\<close> for. terms introduced. definite
rule by the conformance predicatejava.lang.NullPointerException
| LVar: for\<^term>\<open>Methd\<close> and \<^term>\<open>Body\<close>.
| FVar: "Env\ B \\e\\ A
<Longrightarrow
Env\<turnstile> B \<guillemotright>\<langle>{accC,statDeclC,stat}e..fn\<rangle>\<guillemotright> A" the call in\<^term>\<open>Body\<close> term to make sure that we can
| : "\ B \\[]::expr list\\ \nrm=B, brk=\ l. UNIV\"
| Cons: "\Env\ B \\e::expr\\ E; Env\ nrm E \\es\\ A\ \<Longrightarrow>
Env rules, and therefor we have to establish the definite assignment of the
declare inj_term_sym_simps [simp] declare assigns_if.simps a forand so can some declare [simp] split_paired_Ex del setup\<open>map_theory_simpset (fn ctxt => ctxt |> Simplifier.del_loop "split_all_tac")\<close>: \<> sig ;
inductive_cases [cases]: "Env\ B \\Skip\\ A" "Env\ B \In1r Skip\ A" "Env\ B \\Expr e\\ A" "Env B \In1r (Expr e)\ A" "Env\ B \\l\ c\\ A" "Env\ B \In1r (l\ c)\ A" "Env\ B \\c1;; c2\\ A" "\B\In1r (c1;; c2)\ A" "Env\ B \\If(e) c1 Else c2\\ A" "Env\ B \In1r (If(e) c1 Else c2)\ A" "Env\ B \\l\ While(e) c\\ A" "Env\ B \In1r (l\ While(e) c)\ A" "Env\ B \\Jmp jump\\ A" "Env\ B \In1r (Jmp jump)\ A" "\B\guillemotright\langleThrowe\\ A" "Env\ B \In1r (Throw e)\ A"
Envjava.lang.NullPointerException "Env\ B \In1r (Try c1 Catch(C vn) c2)\ A"
Env \<guillemotright>\<langle>c1 Finally c2\<rangle>\<guillemotright> A" "\ B \In1r (c1 Finally c2)\ A" "Env\ B \\Init C\\ A" "Env\ B \In1r (Init C)\ A" "Env\ B \\NewC C\\ A" "Env\ B \In1l (NewC C)\ A" "Env\ B \\New T[e]\\ A" "\In1l (New T[e])\ A" "Env\ B \\Cast T e\\ A" "Env\ B \In1l (Cast T e)\ A"
B \<guillemotright>\<langle>e InstOf T\<rangle>\<guillemotright> A" "Env B \In1l (e InstOf T)\ A" "Env\ B \\Lit v\\ A" "Env\ B \In1l (Lit v)\ A" "Env\ B \\UnOp unop e\\ A" "Env\ B \In1l (UnOp unop e)\ A" "Env\ B \\BinOp binop e1 e2\\ A"
Env "Env\ B \\Super\\ A" "Env\ B \In1l (Super)\ A" "Env\ B \\Acc v\\ A" "Env\ B \In1l (Acc v)\ A" "Env\ B \\v := e\\ A" "Env\ B \In1l (v := e)\ A" "Env\ B \\c ? e1 : e2\\ A" "Env\ B \In1l (c ? e1 : e2)\ A"
java.lang.NullPointerException "Env\ B \In1l ({accC,statT,mode}e\mn({pTs}args))\ A" "Env\ B \\Methd C sig\\ A" "\java.lang.StringIndexOutOfBoundsException: Index 76 out of bounds for length 76 "Env\ B \\Body D c\\ A" "Env\ B \In1l (Body D c)\ A" "Env\ B \\LVar vn\\ A" "Env\ B \In2 (LVar vn)\ A"
java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0 "Env\ B \In2 ({accC,statDeclC,stat}e..fn)\ A" "Env\ B \\e1.[e2]\\ A" "Env\ B \In2 (e1.[e2])\ A" "Env\ B \\[]::expr list\\ A" "Env\ B \In3 ([]::expr list)\ A" "Env B \\e#es\\ A" "Env\ B \In3 (e#es)\ A" declare inj_term_sym_simps [simp del] declareassigns_if [simp declare split_paired_All [simp] split_paired_Exsetup\<open>map_theory_simpset (fn ctxt => ctxt |> Simplifier.del_loop "split_all_tac")\<close> setup\<open>map_theory_simpset (fn ctxt => ctxt |> Simplifier.add_loop ("split_all_tac", split_all_tac))\<close>
(* To be able to eliminate both the versions with the overloaded brackets: (B \<guillemotright>\<langle>Skip\<rangle>\<guillemotright> A) and with the explicit constructor (B \<guillemotright>In1r Skip\<guillemotright> A), every rule appears in both versions
*)
lemma da_Skip: "A = \nrm=B,brk=\ l. UNIV\ \ Env\ B \\Skip\\ A" by (auto intro: da.SkipEnv
lemma da_NewC: java.lang.StringIndexOutOfBoundsException: Index 97 out of bounds for length 97 by( introNewC
lemma da_Super: " "java.lang.StringIndexOutOfBoundsException: Index 90 out of bounds for length 90 by( intro: da.Super
lemmaEnv by (auto intro: da\turnstile java.lang.StringIndexOutOfBoundsException: Index 71 out of bounds for length 71
(* For boolean expressions:
The following holds: "assignsE e \<subseteq> assigns_if True e \<inter> assigns_if False e" but not vice versa: "assigns_if True e \<inter> assigns_if False e \<subseteq> assignsE e"
assigns_if True (a || b) = assigns_if True a \<inter> (assigns_if False a \<union> assigns_if True b) = {} \<inter> ({} \<union> {y}) = {} assigns_if False (a || b) = assigns_if False a \<union> assigns_if False b = {} \<union> {y} = {y}
assigns_ifE True e = assigns_if True (a || b) \<union> assigns_if True c = {} \<union> {y} = {y} assigns_ifE False e = assigns_if False (a || b) \<inter> (assigns_if True (a || b) \<union> assigns_if False c) = {y} \<inter> ({} \<union> {y}) = {y}
assignsE e = {}
*)
: assumes. [simp \<subseteq> assigns_if True e \<inter> assigns_if False e" (is "?Incl e") proof - obtain vv where using typeof.simps (B \<guillemotright>\<langle>Skip\<rangle>\<guillemotright> A) and with the explicit constructor (B \<guillemotright>In1r Skip\<guillemotright> A), have"?Boolean e \ ?Incl e" proof (induct e) case (Cast Tlemmada_Skip " =\nrm=B,brk=\ l. UNIV\ \ Env\ B \\Skip\\ A" haveE<>\Colon(PrimTBoolean)" proof - from\<open>E\<turnstile>(Cast T e)\<Colon>- (PrimT Boolean)\<close> obtain Te wherelemmada_NewC " = lparr>nrm=B,brk=\ l. UNIV\ \ Env\ B \\NewC C\\ A"
by cases thus ?thesis by - (drule cast_Boolean2,simp) qed with Cast.hyps showcase by simp next case (java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0 thus? by - (erule wt_elim_cases next case (UnOp unop e)
?case by - (erule wt_elim_cases
(fastforce simp add: assignsE_const_simp next case (BinOp binop e1 e2The following holds: "assignsE e \ assigns_if True e \ assigns_if False e" from BinOp.prems obtain e1T "assigns_if True e \ assigns_if False e \ assignsE e" where and"(binop_type binop) = Boolean" by (elim wt_elim_cases with BinOp.hyps show ?case by (cases binop) (auto simp addassigns_if False a = {} next case (Cond c e1 e2assigns_if False b = {y}
assigns_if True c = {y} note hyp_e1 = \<open>?Boolean e1 \<Longrightarrow> ?Incl e1\<close> note hyp_e2 = \<open>?Boolean e2 \<Longrightarrow> ?Incl e2\<close> note wt = \<open>E\<turnstile>(c ? e1 : e2)\<Colon>-PrimT Boolean\<close> thenobtain
boolean_cassigns_if False (a || b) = assigns_if False a \<union> assigns_if False b
boolean_e1: "E\e1\-PrimT Boolean" and
boolean_e2: "E\e2\-PrimT Boolean" by (elim wt_elim_cases) assigns_ifE True e = assigns_if True (a || b) \<union> assigns_if True c show ?case proof = {y} \<inter> ({} \<union> {y}) = {y} case None with boolean_e1 boolean_e2 show assignsE_subseteq_assigns_ifs using hyp_e2 by () next case (Some) show ?thesis
java.lang.StringIndexOutOfBoundsException: Range [11, 7) out of bounds for length 33
( T e) with Some show ?thesis using hyp_e1 boolean_e1 - next case False with Some show ?thesis using hyp_e2 boolean_e2 by auto qed qed next show"\x. E\Lit vv\-PrimT Boolean" by (rule ex_lit)
edsimp_all add: ) with boolEx showthesis by blast qed
(* Trick: If you have a rule with the abstract term injections: e.g: da.Skip "B \<guillemotright>\<langle>Skip\<rangle>\<guillemotright> A" and the current goal state as an concrete injection: e.g: "B \<guillemotright>In1r Skip\<guillemotright> A" you can convert the rule by: da.Skip [simplified] if inj_term_simps is in the simpset
*)
lemma [simp ( l A java.lang.StringIndexOutOfBoundsException: Index 53 out of bounds for length 53 by( add)
[simp"l by (simp add: rmlab_def)
lemma rmlab_other_label[simp]: "l\l'\ (rmlab l A) l' = A l'" by (auto simp add: rmlab_def)
lemma range_inter_ts_subseteq [intro]: "\ k. A k \ B k \ \\A \ \\B" by (autosimp: range_inter_ts_def)
() " by (auto simp add: range_inter_ts_def)
lemma: assumes daOwith.hyps "B \ B'" and
da Env '\java.lang.StringIndexOutOfBoundsException: Index 69 out of bounds for length 69 "(nrm A \ nrm A') \ (\ l. (brk A l \ brk A' l))" proof - from da have"\ B' A'. \Env\ B' \t\ A'; B \ B'\ \<Longrightarrow> (nrm A \<subseteq> nrm A') \<and> (\<forall> l. (brk A l \<subseteq> brk A' l))"
( "PROP? Env Bt" proof (induct) case Skip thenshow ?caseby cases simp: "E\c\-PrimT Boolean" and next case Expr
s show ?casebyshow next case (Lab Env B c C A l B' A'
A open Cjava.lang.StringIndexOutOfBoundsException: Index 97 out of bounds for length 97 note\<open>PROP ?Hyp Env B \<langle>c\<rangle> C\<close>) moreover bv note proof" obtain C' where"Env\ B' \\c\\ C'" and A': "nrm A' = Some ?thesis hyp_e2 by java.lang.StringIndexOutOfBoundsException: Index 62 out of bounds for length 62 using"\x. E\Lit vv\-PrimT Boolean" by simp ultimately (simp_all:ex_lit havenrm then have"nrm C \ brk C l \ nrm C' \ brk C' l" by auto moreover from hyp_brk have"rmlab l (brk(* Trick: by (cases "l=l'") simp_all moreoverand the current goal state as an e.g: "B \In1r Skip\ A" ultimatelyshow ?caseif inj_term_simps isin the simpset by simp next case (Comp Env B c1 C1 c2 C2 A B' A') noteby (simp add: rmlab_def) from\<open>Env\<turnstile> B' \<guillemotright>\<langle>c1;; c2\<rangle>\<guillemotright> A'\<close> obtain C1'lemma [simp]: "l=l \ (rmlab l A) l' = UNIV" by( add: )
da_c2:java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
A: "nrm A' = C2""brk '=brkC1 <>\ brk C2'" by cases
le range_inter_ts_subseteq]: \forallk k moreovernote auto add) moreovernote ultimatelyhavelemma': "\ k. A k \ B k \ x \ \\A \ x \ \\B"
java.lang.StringIndexOutOfBoundsException: Index 13 out of bounds for length 13 note da_monotone with C1' have C2' B \ B'" and by auto with A A' C1' show ?case by auto next case( EnvB e c1 c2 A B'A) note A=\<open>nrm A = nrm C1 \<inter> nrm C2\<close> \<open>brk A = brk C1 \<Rightarrow>\<inter> brk C2\<close>
(isPROPEnv obtain C1
from.prems.hyps '" A'=nrm C1\interC2brk=brk\<Rightarrow>\<inter> brk C2'" by cases auto note java.lang.StringIndexOutOfBoundsException: Range [0, 37) out of bounds for length 34 moreovernote B' = \B \ B'\ moreovernote da_c1 ultimatelyobtain C1 by blast "Env\ B' \\c\\ C'" note\<open>PROP ?Hyp Env (B \<union> assigns_if False e) \<langle>c2\<rangle> C2\<close> with da_c2 B' obtainC2" by blast with A A' C1' show ?case by auto next case (Loop Env B e E c C A l B' A') note A = \<open>nrm A = nrm C \<inter> (B \<union> assigns_if False e)\<close> \<open>brk A = brk C\<close> from\<open>Env\<turnstile> B' \<guillemotright>\<langle>l\<bullet> While(e) c\<rangle>\<guillemotright> A'\<close> obtain C' where
da_c': "Env\ B' \ assigns_if True e \\c\\ C'" and
A': "nrm A' = nrm C' \ (B' \ assigns_if False e)" "brk A' = brk C'" by cases auto note\<open>PROP ?Hyp Env (B \<union> assigns_if True e) \<langle>c\<rangle> C\<close> Env C1 C2 B ' by auto moreover da_c ultimatelyobtain C oreovernote by blast with A A' B'
by blast moreover have"brk A l' \ brk A' l'" for l' proof (cases "constVal e") case None
A \<open>nrm A = nrm C1 \<inter> nrm C2\<close> \<open>brk A = brk C1 \<Rightarrow>\<inter> brk C2\<close>
?java.lang.StringIndexOutOfBoundsException: Index 18 out of bounds for length 18 by (cases "l=l'") auto:EnvBjava.lang.StringIndexOutOfBoundsException: Index 130 out of bounds for length 130 next case (Some bv) withAA C' show ?thesis
( "the_Bool ", casesl" java.lang.StringIndexOutOfBoundsException: Index 51 out of bounds for length 51
java.lang.StringIndexOutOfBoundsException: Index 7 out of bounds for length 7 ultimatelyopen>PROP ?Hyp Env (B \<union> assigns_if False e) \<langle>c2\<rangle> C2\<close> byauto next case (Jmp jump B A Env B' A') thus ?caseby (elim da_elim_cases) (auto split: jump.splits) next
Throw ? by(lim) auto next case ( java.lang.StringIndexOutOfBoundsException: Index 6 out of bounds for length 6 note A = \<open>nrm A = nrm C1 \<inter> nrm C2\<close> \<open>brk A = brk C1 \<Rightarrow>\<inter> brk C2\<close> from<open>Env\<turnstile> B' \<guillemotright>\<langle>Try c1 Catch(C vn) c2\<rangle>\<guillemotright> A'\<close> obtain C1' from \Env\ B' \\l\ While(e) c\\ A'\ whereobtainC'
da_c2': "Env\lcl := (lcl Env)(VName vn\Class C)\\ B' \ {VName vn} \<guillemotright>\<langle>c2\<rangle>\<guillemotright> C2'" and
A': "nrm A' = nrm C1' \ nrm C2'" "brkA C1'\<> brk ' by cases auto note\<open>PROP ?Hyp Env B \<langle>c1\<rangle> C1\<close> moreover B' =\B \ B'\ moreovernote da_c1' ultimatelyobtain C1': "nrm C1 \ nrm C1'" "(\l. brk C1 l \ brk C1' l)" by blast
(B \<union> {VName vn}) \<langle>c2\<rangle> C2\<close> with B' da_c2'
by A A ' with C1' A A' show ?case by auto next case (Fin Env B c1 C1 c2 C2 A B' A') note A = \<open>nrm A = nrm C1 \<union> nrm C2\<close> \<open>brk A = (brk C1 \<Rightarrow>\<union>\<^sub>\<forall> nrm C2) \<Rightarrow>\<inter> (brk C2)\<close> from\<open>Env\<turnstile> B' \<guillemotright>\<langle>c1 Finally c2\<rangle>\<guillemotright> A'\<close> obtain C1' C2'
da_c1 Env>'\\c1\\ C1'" and withAA
A': "nrm A' = nrm C1' \ nrm C2'"
(Somejava.lang.StringIndexOutOfBoundsException: Index 20 out of bounds for length 20
cases show
java.lang.StringIndexOutOfBoundsException: Index 6 out of bounds for length 6
elim auto:.splits by note= from da_c2' java.lang.StringIndexOutOfBoundsException: Index 6 out of bounds for length 6 " C2\java.lang.StringIndexOutOfBoundsException: Index 86 out of bounds for length 86 by - drule,auto withobtainC2 show ?case by next case Init thus ?caseby (elim da_elim_cases) auto nextbrk thusbyelim next case NewA thus ?caseby (elimmoreover' java.lang.StringIndexOutOfBoundsException: Index 54 out of bounds for length 54 next case Cast thus\<open>PROP ?Hyp (Env\<lparr>lcl := (lcl Env)(VName vn\<mapsto>Class C)\<rparr>) next
Inst nextnrm
java.lang.StringIndexOutOfBoundsException: Index 14 out of bounds for length 14 next case Fin C1 AB ' next case (CondAnd Env B e1 E1 e2 E2 A B' A') note A = \<open>nrm A = B \<union>
assigns_if Truewhere': "\ B'\<guillemotright>\<langle>c1\<rangle>\<guillemotright> C1'" and
assigns_if False A: '= ' \<open>brk A = (\<lambda>l. UNIV)\<close> from\<open>Env\<turnstile> B' \<guillemotright>\<langle>BinOp CondAnd e1 e2\<rangle>\<guillemotright> A'\<close> obtain"' '
assigns_if '
java.lang.StringIndexOutOfBoundsException: Index 72 out of bounds for length 72 "brk A da_c2'B by cases auto note B' = \B \ B'\ with A A' show ?case by autocase next case CondOr next
java.lang.StringIndexOutOfBoundsException: Index 7 out of bounds for length 7 case BinOp thus ?next
java.lang.StringIndexOutOfBoundsException: Index 7 out of bounds for length 7 thusby( da_elim_cases next casethuselim next case Acc thus ?caseby (elim da_elim_cases Lit ?caseby(lim) auto next caseAssLVar ?caseby(elim da_elim_casesauto next case Assnext nextcase( Env E1 E2 A) case (CondBool Env c e1 e2 B C E1 E2 A B' A') note A = \<open>nrm A = B \<union> assigns_if( CondAnd)\<inter>
True : ) \<inter>
assigns_if False (c ? e1
A:" '\union>
moreover note assigns_if CondAnd" ultimately obtain A': "nrm A' = B
assigns_if True B open
assigns_if False (c ? e1 : e2 "brk A' = (\l. UNIV)" by da_elim_cases:) (* inj_term_simps needed to handle wt (defined without \<langle>\<rangle>) *) note' = B \ B'\ with A A' show ?case by auto next case (Cond noteopennrm= E1 notejava.lang.StringIndexOutOfBoundsException: Index 7 out of bounds for length 7
--> --------------------
Die Informationen auf dieser Webseite wurden
nach bestem Wissen sorgfältig zusammengestellt. Es wird jedoch weder Vollständigkeit, noch Richtigkeit,
noch Qualität der bereit gestellten Informationen zugesichert.
Bemerkung:
Die farbliche Syntaxdarstellung ist noch experimentell.
