cr ) iR "
xs apply :eq_sym_conv
*java.lang.StringIndexOutOfBoundsException: Index 4 out of bounds for length 4
sectionreachablerelS}root
theory SchorrWaite imports begin[]: "\x. x \ set xs \
subsection =root;p:c((:g iLRef = clriRx)xs
definition
<in (applyinduct
java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0 where"rel m x=)liL Refx)xs = stkOk (c(x := g)) l r iL iR (Ref x) xs = stkOk\ R) \ \ \\i5\\
definition
relS \<in> reachable (relS{l,r}|m) ({t}\<union>set(map r stack))) \<and> where"relS M = (\m \ M. rel m)"
definition
addrs :: "'a ref set \ 'a set" where\<>x. m x <longrightarrow> x \<in> R) \<and> \<comment> \<open>\<open>i5\<close>\<close>\<forall>x. x \<notin> set stack \<longrightarrow> r x = iR x \<and> l x = iL x) \<and> \<comment> \<open>\<open>i6\<close>\<close>
definition
reachable :: "('ajava.lang.StringIndexOutOfBoundsException: Index 4 out of bounds for length 4 whererPjava.lang.StringIndexOutOfBoundsException: Index 1 out of bounds for length 0
lemmas (\<forall>x. (x \<in> R) = m x) \<and> (r = iR \<and> l = iL) }"
is
lemma{ , ,qoot lr} apply java.lang.StringIndexOutOfBoundsException: Index 11 out of bounds for length 11 done
lemma oneStep_reachablevcg pjava.lang.StringIndexOutOfBoundsException: Index 9 out of bounds for length 3
java.lang.StringIndexOutOfBoundsException: Index 11 out of bounds for length 11 done
lemma still_reachable: "\B\Ra\<^sup>*``A; \ (x,y) \ Rb-Ra. y\ (Ra\<^sup>*``A)\ \ Rb\<^sup>* `` B \ Ra\<^sup>* `` A " apply (clarsimp reachable "cmlrroot " autoreachable_def apply hus " ( reachable_def addrs_defjava.lang.StringIndexOutOfBoundsException: Index 78 out of bounds for length 78
blast apply (subgoal_tac mlrtpq apply (erule UnE) apply (auto intro:rtrancl_into_rtrancllet applyapply \forall>x.m x longrightarrow> x \<in> R) \<and> \<comment> \<open>\<open>i5\<close>\<close> pq done
lemma reachable_null: "reachable mS ELSEq:i1: ? and i4:"I4:I5i6"bysimp+ apply m=;^.c :Falsejava.lang.StringIndexOutOfBoundsException: Index 65 out of bounds for length 65 done
lemma reachable_empty: "reachable mS {} = {}" apply i6 "(\x.(x \ R) = m x) \ r = iR \ l = iL" by(auto simp: stackEmpty fun_eq_iff intro:RisMarked) fixr ot
lemmalet\<exists>stack. ?Inv stack" = "?inv c m l r t p" apply (impm,lr " apply blast done
_"nv( apply (simpstack " java.lang.StringIndexOutOfBoundsException: Index 41 out of bounds for length 41
inv done
lemma rel_upd1fixlet"=".java.lang.StringIndexOutOfBoundsException: Index 26 out of bounds for length 26
classical apply (simp add: let<and> ?I2 \<and> ?I3 \<and> ?I4 \<and> ?I5 \<and> ?I6 \<and> ?I7" = "?Inv stack"a "( done
lemma rel_upd2 i5inv:""andI2:?" and i4 ?" apply (rule classical) "\stack. ?Inv stack" = "?inv c m l r t p" done
definition \<comment> \<open>Restriction of a relation\<close>
java.lang.StringIndexOutOfBoundsException: Index 105 out of bounds for length 105
( where" java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
text\<open>Rewrite rules for the restriction of a relation\<close>
lemma restr_identity[simp]: "(\x. \ m x) \ (R |m) = R" by ( "?(\?ifB1 \ (\stack.?puInv stack))"
lemma ifB1 have pNotNull apply( simp rel_defcmrpqroot apply ( let ">stack java.lang.StringIndexOutOfBoundsException: Index 17 out of bounds for length 17 apply (case_tac"java.lang.StringIndexOutOfBoundsException: Index 22 out of bounds for length 22 applyauto done
lemma ?have distinct)"usingi1 (List_distinctjava.lang.StringIndexOutOfBoundsException: Index 75 out of bounds for length 75 apply (rule classical) "?" = "p^." donelet?\and> ?<java.lang.StringIndexOutOfBoundsException: Index 112 out of bounds for length 112
definition \<comment> \<open>A short form for the stack mapping function for List\<close>
S : <> \<open>List property is maintained:\<close> where r=(lambda>x. if c x then r x else l x)"
text\<open>Rewrite rules for Lists using S as their mapping\<close>andi5 poI1 (java.lang.StringIndexOutOfBoundsException: Index 74 out of bounds for length 74
lemmasimp ".a notin> set stack \ List (S c l r) p stack = List (S (c(a:=x)) (l(a:=y)) (r(a:=z))) p stack"
(stack apply(simpjava.lang.StringIndexOutOfBoundsException: Index 18 out of bounds for length 18 done
lemma [,simp] \<not>?ifB1 \<longrightarrow> (\<exists>stack.?puInv stack))" " let "(R = reachable ?Ra ?A)" = "?I3" apply(induct_tac) apply"java.lang.StringIndexOutOfBoundsException: Index 18 out of bounds for length 7 done
lemmafromifB1 have pNotNullp \<noteq> Null" by auto "\p. a \ set stack \ List (S c (l(a:=z)) r) p stack = List (S c l r) p stack" apply(induct_tac i1 stack_tl ?\<^sup>* `` addrs ?A = ?Rb\<^sup>* `` addrs ?B" (is "?L = ?R") apply(simp:fun_upd_apply)+ still_reachable done
lemmarule_format]: "\p. a \ set stack \ List (S (c(a:=z)) l r) p stack = List (S c l r) p stack" apply(induct_tac:neStep_reachableTHEN) apply(simp add:fun_upd_apply "\(x,y) \ ?Ra-?Rb. y \ (?Rb\<^sup>* `` addrs ?B)" by (clarsimp simp:relS_def) done
primrec "poI1 ?poI3\ ?poI4\ ?poI5\ ?poI6\ ?poI7" = "?popInv stack_tl"
stkOkhavepopInvjava.lang.StringIndexOutOfBoundsException: Range [17, 16) out of bounds for length 36 where
p (ulejava.lang.StringIndexOutOfBoundsException: Index 40 out of bounds for length 40
|
ifB2 byfastforce rel_defs
iR"R ?L"
proof still_reachable
lemmajava.lang.StringIndexOutOfBoundsException: Index 16 out of bounds for length 16 <comment> \<open>Everything on the stack is marked:\<close> apply (induct xs : : apply (auto done
i3 poI3R= <forall>x. x \<in> R \<and> \<not> m x \<longrightarrow> x \<in> reachable ?Ra ?A" = ?I4 " p< (p t)) stack_tl)" apply (induct xs) apply (auto> \<open>Our goal is \<open>\<forall>x. x \<in> R \<and> \<not> m x \<longrightarrow> x \<in> reachable ?Rb ?B\<close>.\<close>"tp^r" done
lemma stkOk_r_rewrite [ : rewriteforall>s\<in>set stack_tl. (r(p \<rightarrow> t)) s = r s"
stkOk c l(( =fastforce : Image_iffdest) apply (induct xs) apply (let={, ^}java.lang.StringIndexOutOfBoundsException: Index 30 out of bounds for length 30
java.lang.StringIndexOutOfBoundsException: Index 10 out of bounds for length 4
lemma [simp]: "\x. x \ set xs \
stkOkc(=g)lriL (Ref = stkOk the subset relation.\<close>show
(xs apply (auto simp java.lang.StringIndexOutOfBoundsException: Index 20 out of bounds for length 20 done
theoremjava.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0 " havepDisj".=Null
{R = let?"=" l ( <
t := root; : Null
WHILE p ?T = "t,p^r}java.lang.StringIndexOutOfBoundsException: Index 30 out of bounds for length 30
INV {\<exists>stack.
(rule)
(\<forall>x \<in> set stack. m x) \<and> \<comment> \<open>\<open>i2\<close>\<close>: "Ra
R =byastforcesimp rewriteself_reachable
a"
x \<in> reachable (relS{l,r}|m) ({t}\<union>set(map r stack))) \<and> \forallx from subset" qed
(stkOk c lr iLjava.lang.StringIndexOutOfBoundsException: Index 18 out of bounds for length 18
DOt =Null THENhence: "?Ra\<^sup>* `` addrs ?A - ?Rb\<^sup>* `` addrs ?T \ ?Rb\<^sup>* `` addrs ?B"
q :=t; t: ;p: ^.;t. =\<comment> \<open>\<open>pop\<close>\<close>byjava.lang.StringIndexOutOfBoundsException: Index 20 out of bounds for length 20
ELSE<> \<open>which corresponds to our goal.\<close>
p^.l (java.lang.StringIndexOutOfBoundsException: Range [0, 21) out of bounds for length 13
ELSE;:"
java.lang.StringIndexOutOfBoundsException: Index 18 out of bounds for length 18
{(\<forall>x. (x \<in> R) = m x) \<and> (r = iR \<and> l = iL) }"
(is
{from i7<comment
(Seq i5poI5java.lang.StringIndexOutOfBoundsException: Index 76 out of bounds for length 76
(Aseq _ (Aseq proofushow"simp
{ fix c m l r mment open therefore to right qed assume"?Pre c m l r root" "?inv c inclexcl subsetshowjava.lang.StringIndexOutOfBoundsException: Index 40 out of bounds for length 7
fix c m l " let "\stack. ?Inv stack" = "?inv c m l r t p" assume<comment> \<open>Since they are in principle simmilar to the Pop arm proof,\<close>java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0 thenobtain stack where inv: "?Inv stack"by blast fromahavepNullmoreover let"?I1 \ _ \ _ \ ?I4 \ ?I5 \ ?I6 \ _" = "?Inv stack" fromfrom i7
( simp addr_p_eq obtainwhereshow? byhavepoI6<> x<notin> set stack_tl \<longrightarrow> (r(p \<rightarrow> t)) x = iR x \<and> l x = iL x"
java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0 next \<comment> \<open>Since they are in principle simmilar to the Pop arm proof,\<close>
java.lang.StringIndexOutOfBoundsException: Index 59 out of bounds for length 59 let"swInvstackjava.lang.StringIndexOutOfBoundsException: Index 27 out of bounds for length 27 let"\stack. ?swInv stack" = "?inv (c(p nt>\<>List property qed let"\stack. ?puInv stack" = " (( rightarrow> False)) (m(t \ True)) (l(t \ p)) r (t^.l) t" let"?ifB1"="t \ t^.m)" let"?ifB2"java.lang.StringIndexOutOfBoundsException: Index 16 out of bounds for length 14
assume"(\stack.?Inv stack) \ ?whileB m t p"
p" by blast "I1<>?I2\ ?I3 \ ?I4 \ ?I5 \ ?I6 \ ?I7" = "?Inv stack" from inv have i1 i1obtainwhere\<comment> \<open>we show fewer comments and use frequent pattern matching.\<close> and i5from whileB simp havestackDists)using rule
show"(?ifB1 \ (?ifB2 \ (\stack.?popInv stack)) \
(<not>?ifB2 \<longrightarrow> (\<exists>stack.?swInv stack)) ) \<and> i2 m_addr_p:"^mjava.lang.StringIndexOutOfBoundsException: Index 49 out of bounds for length 49
(\<not>?ifB1 \<longrightarrow> (\<exists>stack.?puInv stack))" proof - showaddrs\<subseteq> ?Rb\<^sup>* `` addrs ?B" assumeifB1 Null from ifB1 whileB have pNotNull: "p \ Null" by auto thenobtain
( simp bynext
i2:"^m"
stackDistdistinct"using i1 by( java.lang.StringIndexOutOfBoundsException: Index 75 out of bounds for length 75 from stack_eqhave\<forall>(x, y)\<in>?Rb-?Ra. y\<in>(?Ra\<^sup>*``addrs ?A)" let have"?popInv stack_tl" proof java.lang.StringIndexOutOfBoundsException: Index 13 out of bounds for length 13
\<comment> \<open>List property is maintained:\<close> from i1 p_notin_stack_tl ifB2
poI1
y : stack_eq:java.lang.StringIndexOutOfBoundsException: Index 61 out of bounds for length 61
moreover \<by clarsimprelS_def "java.lang.StringIndexOutOfBoundsException: Range [104, 23) out of bounds for length 104 from i2 havepoI2java.lang.StringIndexOutOfBoundsException: Index 89 out of bounds for length 89 moreover
T {java.lang.StringIndexOutOfBoundsException: Index 24 out of bounds for length 24
Rreachable) "" qed "B={p,^r" \<comment> \<open>Our goal is \<open>R = reachable ?Rb ?B\<close>.\<close> have"?Ra\<^sup>* `` addrs ?A = ?Rb\<^sup>* `` addrs ?B" (is "?L = ?R") proof
proof ( \<comment> \<open>If it is reachable and not marked, it is still reachable using...\<close> show"addrs?A ?Rb\<^sup>* `` addrs ?B" by(fastforce simp:addrs_def relS_def rel_def addr_p_eq
intro:oneStep_reachable "Ra have?\<
( show? <subseteq> ?Rb\<^sup>* `` addrs ?B" qed show"?qed proof (ruleshow"addrs?B \ ?Ra\<^sup>* `` addrs ?A" "addrs ?B \ ?Ra\<^sup>* `` addrs ?A" by(fastforcebyblast
:oneStep_reachable[THEN]) nextnext showorall) by (clarsimp simp:relS_def) next qed
ed byclarsimp )(fastforce:rel_def addrs_def:rel_upd1 moreover
\<> simp clarsimp let"<> x \ m x \ x \ reachable ?Ra ?A" = ?I4 let ? ijava.lang.StringIndexOutOfBoundsException: Index 17 out of bounds for length 17 let"?B" = proof( allI( add) \<comment> \<open>Our goal is \<open>\<forall>x. x \<in> R \<and> \<not> m x \<longrightarrow> x \<in> reachable ?Rb ?B\<close>.\<close>"
? "t,^.}java.lang.StringIndexOutOfBoundsException: Index 30 out of bounds for length 30
have"?Ra\<^sup>* `` addrs ?A \ ?Rb\<^sup>* `` (addrs ?B \ addrs ?T)" proof (rule fromi5 havehave"swI5 . by (autojava.lang.StringIndexOutOfBoundsException: Range [14, 10) out of bounds for length 18
java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
: : i5 \ by (clarsimpjava.lang.StringIndexOutOfBoundsException: Index 14 out of bounds for length 14
>\< qed \<comment> \<open>We now bring a term from the right to the left of the subset relation.\<close>qed
?" by java.lang.StringIndexOutOfBoundsException: Index 20 out of bounds for length 20 have: "\x. x \ R \ \ m x \ x \ reachable ?Rb ?B" prooff x fixjava.lang.StringIndexOutOfBoundsException: Index 17 out of bounds for length 17
ssume \<in> R \<and> \<not> m x" \<comment> \<open>First, a disjunction on \<^term>\<open>p^.r\<close> used later in the proof\<close>:reachable_deffrom i7 have pDisj:"p^.r } by auto \<comment> \<open>\<^term>\<open>x\<close> belongs to the left hand side of @{thm[source] subset}:\<close> by( addreachable_def haveobtainaddr_t: t"by \<comment> \<open>And therefore also belongs to the right hand side of @{thm[source]subset},\<close> with i2 have t_notin_stack: "(addr t) \<notin> set stack" by blastswI5let <comment> \<open>If it is not on the stack, then its \<^term>\<open>l\<close> and \<^term>\<open>r\<close> fields are unchanged\<close>
java.lang.StringIndexOutOfBoundsException: Index 18 out of bounds for length 13 moreover
\<comment> \<open>If it is marked, then it is reachable\<close>
f i7 moreover
\<comment> \<open>If it is not on the stack, then its \<^term>\<open>l\<close> and \<^term>\<open>r\<close> fields are unchanged\<close>fromi2
m have by(auto
moreover
let Rb" java.lang.StringIndexOutOfBoundsException: Index 44 out of bounds for length 0
i7 poI7 cl rule)
clarsimp:stack_eq)
ultimately fun_upd_apply qed hence"\stack. ?popInv stack" ..
} moreover
\<comment> \<open>Since they are in principle simmilar to the Pop arm proof,\<close> <
{ \<comment> \<open>Swing arm\<close> assume: "ifB1 nifB2: \ from"\<^>*` ?A=? :relS_def)(simp: addrs_defdest) thenobtain addr_p where addr_p_eq: "p = Ref addr_p"by clarsimp( still_reachable_eq with i1 obtain stack_tlby( simpaddrs_def addr_t_eq:oneStep_reachable[THEN"\(x, y)\?Rb-?Ra. y\(?Ra\<^sup>*``addrs ?A)" with i2 have" ?B \ ?Ra\<^sup>* `` addrs ?A" from i3
ysimp let"?swI1\?swI2\?swI3\?swI4\?swI5\?swI6\?swI7" = "?swInv stack" have"?swInv stack" proof -by clarsimp:relS_deffastforcesimprel_defImage_iff :)
\<comment> \<open>List property is maintained:\<close>
i1 nifB2 have swI1let by et T ={}" moreover
\<comment> \<open>Everything on the stack is marked:\<close> from i2qed have: "?swI2" .
ver
\<oreover let"R = reachable ?Ranext letR=reachable ?\commentjava.lang.StringIndexOutOfBoundsException: Index 101 out of bounds for length 101 have"?Ra\<^sup>* `` addrs ?A = ?Rb\<^sup>* `` addrs ?B"
frulejava.lang.StringIndexOutOfBoundsException: Index 41 out of bounds for length 41 showjava.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0 by( "addrs A qed thenhavesubset:ew_stack_eq:self_reachable show"addrs} by(fastforce simp:addrs_def rel_defs by (clarsimp simp:relS_def new_stack_eq restr_un havepuI4
show from nifB1 whileB have tNotNull: "t \<noteq> Null" by clarsimp
( simp fastforcerel_def next have n_m_addr_t by(larsimp ahavex<
java.lang.StringIndexOutOfBoundsException: Index 18 out of bounds for length 13 with have swI3: "?swI3"by excx\notin moreover
\<comment> \<open>If it is reachable and not marked, it is still reachable using...\<close>
< lethaveexc notin
? usingan_m_addr_t have"?Ra\<^sup>*``addrs ?A \ ?Rb\<^sup>*``(addrs ?B \ addrs ?T)" proof (rule still_reachable) have by (auto simp add:p_notin_stack_tl intro show"addrs ( simp:addrs_def i3 addr_t_eq fun_upd_apply introself_reachablejava.lang.StringIndexOutOfBoundsException: Index 98 out of bounds for length 98
(fastforce:map_cong simp:stack_eq addrs_def rewrite intro:self_reachable) next show"\(x, y)\?Ra-?Rb. y\(?Rb\<^sup>*``(addrs ?B \ addrs ?T))"
(clarsimprelS_def) (fastforce:rel_def fun_upd_apply:rel_upd1 qed
:"Ra\<^sup>*``addrs ?A - ?Rb\<^sup>*``addrs ?T \ ?Rb\<^sup>*``addrs ?B" by blast have ?swI4 proof (rule allI, rule impI) by(simp assumea " with i4 \<comment> \<open>If it is marked, then it is reachable\<close> by eachable_def with ifB1 a have exc: "x \ ?Rb\<^sup>*`` addrs ?T" byauto add:) from inc\<comment> \<open>If it is not on the stack, then its \<^term>\<open>l\<close> and \<^term>\<open>r\<close> fields are unchanged\<close>:from by (auto simp qed moreover
\<comment> \<open>If it is marked, then it is reachable\<close> t_notin_stack from ( simp:relS_defjava.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0 have"?swI5" . puI3"puI3 byreachable_def) moreover
\<comment> \<open>If it is not on the stack, then its \<^term>\<open>l\<close> and \<^term>\<open>r\<close> fields are unchanged\<close> comment from java.lang.StringIndexOutOfBoundsException: Index 3 out of bounds for length 3 have"?swI6" by clarsimp
java.lang.StringIndexOutOfBoundsException: Index 18 out of bounds for length 18
\<comment> \<open>If it is on the stack, then its \<^term>\<open>l\<close> and \<^term>\<open>r\<close> fields can be reconstructed\<close>rule) from stackDist i7 nifB2 have"swI7 bynext
ultimatelyshow ?thesis byauto
thenhave"\stack. ?swInv stack" by blast
} moreover
java.lang.StringIndexOutOfBoundsException: Index 7 out of bounds for length 7 \<comment> \<open>Push arm\<close> assume nifB1: "\?ifB1" from nifB1 whileB have tNotNull: "t \ Null" by clarsimp thenobtain (imp:new_stack_eq with i1 obtain new_stack where new_stack_eq
with i2 have t_notin_stack: "(addr t) \ set stack" by blast fromstackDist i6 t_notin_stack
? new_stack proof -
\<comment> \<open>List property is maintained:\<close>
have puI1: "?puI1" by add:addr_t_eq, simp add:S_def moreover
\<comment> \<open>Everything on the stack is marked:\<close>} from i2 have puI2: "?puI2"
imp: fun_upd_apply moreover
\<comment> \<open>Everything is still reachable:\<close> let"R = reachable ?Ra ?A" = "?I3" let"R = reachable ?Rb ?B" = "?puI3" have"?Ra\<^sup>* `` addrs ?A = ?Rb\<^sup>* `` addrs ?B" proof (rule still_reachable_eq) show"addrs ?A \ ?Rb\<^sup>* `` addrs ?B" by(fastforce simp:addrs_def rel_defs addr_t_eq intro:oneStep_reachable Image_iff[THENiffD2]) next show"addrs ?B \ ?Ra\<^sup>* `` addrs ?A" by(fastforce simp:addrs_def rel_defs addr_t_eq intro:oneStep_reachable Image_iff[THENiffD2]) next show"\(x, y)\?Ra-?Rb. y\(?Rb\<^sup>*``addrs ?B)" by (clarsimp simp:relS_def) (fastforce simp add:rel_def Image_iff addrs_def dest:rel_upd1) next show"\(x, y)\?Rb-?Ra. y\(?Ra\<^sup>*``addrs ?A)" by (clarsimp simp:relS_def) (fastforce simp add:rel_def Image_iff addrs_def fun_upd_apply dest:rel_upd2) qed with i3 have puI3: "?puI3"by (simp add:reachable_def) moreover
\<comment> \<open>If it is reachable and not marked, it is still reachable using...\<close> let"\x. x \ R \ \ m x \ x \ reachable ?Ra ?A" = ?I4 let"\x. x \ R \ \ ?new_m x \ x \ reachable ?Rb ?B" = ?puI4 let ?T = "{t}" have"?Ra\<^sup>*``addrs ?A \ ?Rb\<^sup>*``(addrs ?B \ addrs ?T)" proof (rule still_reachable) show"addrs ?A \ ?Rb\<^sup>* `` (addrs ?B \ addrs ?T)" by (fastforce simp:new_stack_eq addrs_def intro:self_reachable) next show"\(x, y)\?Ra-?Rb. y\(?Rb\<^sup>*``(addrs ?B \ addrs ?T))" by (clarsimp simp:relS_def new_stack_eq restr_un restr_upd)
(fastforce simp add:rel_def Image_iff restr_def addrs_def fun_upd_apply addr_t_eq dest:rel_upd3) qed thenhave subset: "?Ra\<^sup>*``addrs ?A - ?Rb\<^sup>*``addrs ?T \ ?Rb\<^sup>*``addrs ?B" by blast have ?puI4 proof (rule allI, rule impI) fix x assume a: "x \ R \ \ ?new_m x" have xDisj: "x=(addr t) \ x\(addr t)" by simp with i4 a have inc: "x \ ?Ra\<^sup>*``addrs ?A" by (fastforce simp:addr_t_eq addrs_def reachable_def intro:self_reachable) have exc: "x \ ?Rb\<^sup>*`` addrs ?T" using xDisj a n_m_addr_t by (clarsimp simp add:addrs_def addr_t_eq) from inc exc subset show"x \ reachable ?Rb ?B" by (auto simp add:reachable_def) qed moreover
\<comment> \<open>If it is marked, then it is reachable\<close> from i5 have"?puI5" by (auto simp:addrs_def i3 reachable_def addr_t_eq fun_upd_apply intro:self_reachable) moreover
\<comment> \<open>If it is not on the stack, then its \<^term>\<open>l\<close> and \<^term>\<open>r\<close> fields are unchanged\<close> from i6 have"?puI6" by (simp add:new_stack_eq) moreover
\<comment> \<open>If it is on the stack, then its \<^term>\<open>l\<close> and \<^term>\<open>r\<close> fields can be reconstructed\<close> from stackDist i6 t_notin_stack i7 have"?puI7"by (clarsimp simp:addr_t_eq new_stack_eq)
ultimatelyshow ?thesis by auto qed thenhave"\stack. ?puInv stack" by blast
Die Informationen auf dieser Webseite wurden
nach bestem Wissen sorgfältig zusammengestellt. Es wird jedoch weder Vollständigkeit, noch Richtigkeit,
noch Qualität der bereit gestellten Informationen zugesichert.
Bemerkung:
Die farbliche Syntaxdarstellung ist noch experimentell.
