(* Title: HOL/Hoare/SchorrWaite.thy Author: Farhad Mehta Copyright 2003 TUM
*)
section
SchorrWaite
HeapSyntax begin SchorrWaite
java.lang.StringIndexOutOfBoundsException: Index 62 out of bounds for length 62
definition \<comment> \<open>Relations induced by a mapping\<close>rel(m y"
:( Rightarrow :: (ajava.lang.NullPointerException where, x= "
definition
relS java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
elS\>
=relS_def
clarsimponly
definitionblast
reachable :: java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
apply
rel_defs
appl java.lang.StringIndexOutOfBoundsException: Index 11 out of bounds for length 11
apply(ruleequalityI erule ,assumption java.lang.StringIndexOutOfBoundsException: Index 11 out of bounds for length 11 apply doneclarsimp :Image_iff
lemma } }java.lang.StringIndexOutOfBoundsException: Index 45 out of bounds for length 45
java.lang.StringIndexOutOfBoundsException: Index 11 out of bounds for length 11 donejava.lang.StringIndexOutOfBoundsException: Index 11 out of bounds for length 11
: addrs_def java.lang.StringIndexOutOfBoundsException: Index 11 out of bounds for length 11 applyclarsimprule applyerule) apply( add(imp: ) done
reachable_empty} "
(autointro applyblast done
lemma still_reachable_eq: ( classical
java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
) done
lemma reachable_null: "reachable mS {Null} =
( dd addrs_def done
lemma reachable_empty apply( add addrs_def done
lemma apply apply blast( done ( add addrs_def
java.lang.StringIndexOutOfBoundsException: Index 4 out of bounds for length 4 apply( addreachable_def) apply blastwhere =(y(x,) done
[]: "\java.lang.StringIndexOutOfBoundsException: Index 92 out of bounds for length 92
classical apply (by( add elim done
definition \<comment> \<open>Restriction of a relation\<close>
restr (auto simp rel_def)
( (\<open>(\<open>notation=\<open>mixfix relation restriction\<close>\<close>_/ | _)\<close> [50, 51] 50)xy
estr,)(,)
text\<open>Rewrite rules for the restriction of a relation\<close><open>Rewrite rules for the restriction of a relation\<close>
<>x. by simp )
lemmarestr_rtrancl
(applysimpadd)
java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0 by (auto simp
lemmarestr_upd rq: ))(( =))=(=) apply (
( a b) apply ( \forall>p.a\notin stack
auto donejava.lang.NullPointerException
lemmaapply stack ,]java.lang.StringIndexOutOfBoundsException: Index 25 out of bounds for length 25
auto:)
lemma rel_upd3:apply add S_def:restr_def apply java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
( add fun_upd_apply done java.lang.StringIndexOutOfBoundsException: Range [0, 53) out of bounds for length 23
definition
<> \<open>A short form for the stack mapping function for List\<close>)
S :: java.lang.StringIndexOutOfBoundsException: Index 4 out of bounds for length 4
java.lang.StringIndexOutOfBoundsException: Index 58 out of bounds for length 58
text\foralljava.lang.StringIndexOutOfBoundsException: Index 5 out of bounds for length 5
lemma [|stkOk_cons cltptkl )()java.lang.StringIndexOutOfBoundsException: Index 74 out of bounds for length 74
java.lang.StringIndexOutOfBoundsException: Index 4 out of bounds for length 4 apply stack
java.lang.StringIndexOutOfBoundsException: Index 37 out of bounds for length 37 done
lemma
simp
( text applysimp:fun_upd_applyS_def( addfun_upd_apply)+ done
lemma java.lang.StringIndexOutOfBoundsException: Index 60 out of bounds for length 60 " apply(induct_tacjava.lang.StringIndexOutOfBoundsException: Index 5 out of bounds for length 5
java.lang.StringIndexOutOfBoundsException: Index 37 out of bounds for length 37 done
primrec lemmac : txs L t java.lang.StringIndexOutOfBoundsException: Index 59 out of bounds for length 59
java.lang.StringIndexOutOfBoundsException: Index 4 out of bounds for length 4 where
stkOk_nil: "stkOk stkOkc((x:=g)stkOkcl r(:g)iLRefx =stkOk l R( )xsjava.lang.StringIndexOutOfBoundsException: Index 72 out of bounds for length 72
|lemma]: "\x. x \ set xs \
stkOkr t (xs applystkOk(:g)iR stkOkiLxs
java.lang.StringIndexOutOfBoundsException: Index 4 out of bounds for length 4
[:"
stkOk (x:g iLtxs l iL t " apply (induct xs) apply (auto simp:eq_sym_conv=root=Null;
lemmasimpjava.lang.StringIndexOutOfBoundsException: Index 63 out of bounds for length 63
r= l txs apply ( ( ) apply(auto)
one
R subsection
apply (induct SchorrWaiteAlgorithm applyauto:java.lang.StringIndexOutOfBoundsException: Index 30 out of bounds for length 30 done
lemma simp\<And>x. x \<notin> set xs \<Longrightarrow>
stkOk ) ( )xs (Ref" applyxs apply (auto:eq_sym_conv done
lemma [simp]: "\x. x \ set xs \
=) r ( )xs\<in> R) \<and> \<comment> \<open>\<open>i5\<close>\<close>(\<forall>x. x \<in> R \<and> \<not>m x \<longrightarrow> \<comment> \<open>\<open>i4\<close>\<close>
q =t : ;p: ^. q := ;t:p^rp. pl\<comment> \<open>\<open>swing\<close>\<close> apply simp)p. =qpc= done
open>The Schorr-Waite algorithm\<close>
SchorrWaiteAlgorithm "java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
c, , )? l }
t eqapply java.lang.StringIndexOutOfBoundsException: Index 11 out of bounds for length 11
WHILEjava.lang.StringIndexOutOfBoundsException: Index 3 out of bounds for length 3
INV
(Scjava.lang.StringIndexOutOfBoundsException: Index 4 out of bounds for length 4 \forallin
R= (java.lang.StringIndexOutOfBoundsException: Index 29 out of bounds for length 26
x \<in> reachable (relS{l,r}|m) ({t}\<union>set(map r stack))) \<and>r auto
<.<
(fix c m l r t p q
("
DO = \<or> t^.m THEN invInv blast
java.lang.StringIndexOutOfBoundsException: Index 4 out of bounds for length 4
q =; =prp^r= ^l
^java.lang.StringIndexOutOfBoundsException: Index 4 out of bounds for length 4
:""and?"and i5 ? : "I6
p^:True= OD
{(<forall>x. (x \<in> R) = m x) \<and> (r = iR \<and> l = iL) }" from tDisj i4
( " cml tpqojava.lang.StringIndexOutOfBoundsException: Index 26 out of bounds for length 26
c, ,,t java.lang.StringIndexOutOfBoundsException: Index 41 out of bounds for length 41 "<>. ?Inv "<
(Aseq?(( proof) \<exists>stack. ?popInv stack" = "?inv c m l (r(p \<rightarrow> t)) p (p^.r)"apply (simp>. ?swInv= " c( \ False)) (m(t \ True)) (l(t \ p)) r (t^.l) t"
c m "ifB2 = ^cjava.lang.StringIndexOutOfBoundsException: Index 26 out of bounds for length 26 assume"Pre rule)
?java.lang.StringIndexOutOfBoundsException: Index 94 out of bounds for length 94 next inv : "?"and: ?obtain :? " byjava.lang.StringIndexOutOfBoundsException: Index 82 out of bounds for length 82 fix c m l r t p q let\<exists>stack. ?Inv stack" = "?inv c m l r t p" assume ?clr restr ::"('a \<times> 'a) set \<Rightarrow> ('a \<Rightarrow> bool) \<Rightarrow> ('a \<times> 'a) set"
(java.lang.StringIndexOutOfBoundsException: Index 74 out of bounds for length 74 letjava.lang.NullPointerException
v have" [ byjava.lang.StringIndexOutOfBoundsException: Index 55 out of bounds for length 55
a :" :p=Ref"by
i5"x.(x \ R) = m x) \ r = iR \ l = iL" by(auto simp: stackEmpty fun_eq_iff intro:RisMarked)
java.lang.StringIndexOutOfBoundsException: Index 6 out of bounds for length 6 fixl t \<exists. b java.lang.StringIndexOutOfBoundsException: Index 17 out of bounds for length 17 let"a=q)
ists
java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0 let"stack puInvstack = "?inv :" (stackby )
ifB1t \<or> t^.m)" letifB2c
poI1java.lang.StringIndexOutOfBoundsException: Range [112, 35) out of bounds for length 112 thenobtain java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0 letjava.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
inv Sc java.lang.StringIndexOutOfBoundsException: Index 58 out of bounds for length 58 and : "?I5"andhaveh : ( cl(java.lang.StringIndexOutOfBoundsException: Index 74 out of bounds for length 74 have stackDistjava.lang.StringIndexOutOfBoundsException: Range [70, 64) out of bounds for length 0
induct_tac
java.lang.StringIndexOutOfBoundsException: Index 74 out of bounds for length 74 proof stack
java.lang.StringIndexOutOfBoundsException: Index 18 out of bounds for length 7 assume ?
whileB: "
then addr_p > withobtain"\
java.lang.StringIndexOutOfBoundsException: Index 17 out of bounds for length 17 with simp haveinduct_tac: [THENjava.lang.StringIndexOutOfBoundsException: Index 65 out of bounds for length 65
stackDist addrjava.lang.StringIndexOutOfBoundsException: Index 93 out of bounds for length 93 let?\>poI2qed "popInvstack_tl"showRjava.lang.StringIndexOutOfBoundsException: Index 36 out of bounds for length 36 proof(ule)
|:
i1
java.lang.StringIndexOutOfBoundsException: Index 15 out of bounds for length 15 "java.lang.StringIndexOutOfBoundsException: Index 36 out of bounds for length 36
moreovernext
java.lang.StringIndexOutOfBoundsException: Index 70 out of bounds for length 70
i2 :by(:relS_def moreover( simprel_defaddrs_defrel_upd2
\<comment> \<open>Everything is still reachable:\<close> let( Ra)" let "(R = reachable ?Ra ?A)" let"? ((x=g) iLiR clarsimp simp:relS_def)simpjava.lang.StringIndexOutOfBoundsException: Index 43 out of bounds for length 43 comment> \<open>If it is reachable and not marked, it is still reachable using...\<close> \<comment> \<open>Our goal is \<open>R = reachable ?Rb ?B\<close>.\<close> have let?" =" java.lang.StringIndexOutOfBoundsException: Range [34, 33) out of bounds for length 77 show T={ ^."
java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0 show"addrs ?A \ ?Rb\<^sup>* `` addrs ?B" by(fastforce simp:addrs_def relS_def rel_def addr_p_eq
intro "java.lang.StringIndexOutOfBoundsException: Range [87, 35) out of bounds for length 87 show"\(x,y) \ ?Ra-?Rb. y \ (?Rb\<^sup>* `` addrs ?B)" by (clarsimp simp:relS_def)
fastforceaddImage_iff :rel_upd1 qed "R L" proof ? t pr" show"addrs ?B \ ?Ra\<^sup>* `` addrs ?A" by(fastforce simpjava.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
( simp
java.lang.StringIndexOutOfBoundsException: Index 16 out of bounds for length 16 "\(x, y)\?Rb-?Ra. y\(?Ra\<^sup>*``addrs ?A)"
)
(fastforce "st qed qedproof allIrule) with i3 java.lang.StringIndexOutOfBoundsException: Index 4 out of bounds for length 4 moreover
\comment let""RSpDisj "Rb relS{,rp\rightarrow> by auto
java.lang.StringIndexOutOfBoundsException: Index 146 out of bounds for length 146 let={,p."
java.lang.StringIndexOutOfBoundsException: Index 96 out of bounds for length 96 proof still_reachable have rewrite: "\s\set stack_tl. (r(p \ t)) s = r s" by java.lang.StringIndexOutOfBoundsException: Index 20 out of bounds for length 20
A <*addrs
( :map_cong addrs_def: show (assume:x by (clarsimp simp:restr_def relS_def)
(fastforce simp(<>.m fromincl show
java.lang.StringIndexOutOfBoundsException: Index 13 out of bounds for length 13 \<comment> \<open>We now bring a term from the right to the left of the subset relation.\<close>
subset\<^sup>* `` addrs ?A - ?Rb\<^sup>* `` addrs ?T \<subseteq> ?Rb\<^sup>* `` addrs ?B"
blast
<> <>Andalso belongs tojava.lang.StringIndexOutOfBoundsException: Index 18 out of bounds for length 18 proofrulepoI6 fix x " moreover
java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
auto \>\<open>\<^term>\<open>x\<close> belongs to the left hand side of @{thm[source] subset}:\<close> have incl: "x \ ?Ra\<^sup>*``addrs ?A" using a i4 by (simp only:reachable_def, clarsimp) have excl:{
mment>\<>Andalso belongs the hand \<comment> \<open>which corresponds to our goal.\<close>
qed
reovernext
java.lang.StringIndexOutOfBoundsException: Index 73 out of bounds for length 73 from poI5\forallx java.lang.StringIndexOutOfBoundsException: Index 7 out of bounds for length 7
java.lang.StringIndexOutOfBoundsException: Index 18 out of bounds for length 18
clarsimp) from
:\<xx\<
(auto simp: addr_p_eq stack_eq)
moreoverhence\<exists>stack. ?popInv stack" ..
\<comment> \<open>If it is on the stack, then its \<^term>\<open>l\<close> and \<^term>\<open>r\<close> fields can be reconstructed\<close>
java.lang.StringIndexOutOfBoundsException: Index 97 out of bounds for length 97 by ? "
ultimately
java.lang.StringIndexOutOfBoundsException: Index 11 out of bounds for length 11
i1? ct<java.lang.StringIndexOutOfBoundsException: Index 99 out of bounds for length 99
} moreover
from ifB1 whileB have pNotNull: "p \<noteq> Null" by clarsimp \<comment> \<open>Since they are in principle simmilar to the Pop arm proof,\<close>I1
{
assume ifB1: "?ifB1"andwithswI2".
ifB1 bysimp then addr_p :istinct java.lang.StringIndexOutOfBoundsException: Range [51, 50) out of bounds for length 71 with have withhavem_addr_p p.m" by clarsimp from stack_eqhave: " (stack) using i1 by ruleList_distinct) byjava.lang.StringIndexOutOfBoundsException: Index 17 out of bounds for length 17 by :relS_defsimprel_def ?\<and> ?poI2\<and> ?poI3\<and> ?poI4\<and> ?poI5\<and> ?poI6\<and> ?poI7" = "?popInv stack_tl"
hjava.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0 proof -
\<comment> \<open>List property is maintained:\<close>haveshowjava.lang.NullPointerException from i1 have comment:)(l by\"java.lang.StringIndexOutOfBoundsException: Index 106 out of bounds for length 106 moreover
\<comment> \<open>Everything on the stack is marked:\<close>"\sup>* "=reachable"=?java.lang.StringIndexOutOfBoundsException: Index 46 out of bounds for length 46
swI3"bysimp :java.lang.StringIndexOutOfBoundsException: Index 56 out of bounds for length 56 have swI2: "?swI2" moreover
showby simp introjava.lang.StringIndexOutOfBoundsException: Index 69 out of bounds for length 69
show\ byclarsimp:) next show"\(x, y)\?Rb-?Ra. y\(?Ra\<^sup>*``addrs ?A)" :relS_def simprel_def dest) by (clarsimp simp >\(reachable_def qed
3 have swI3: "?swI3"by (simphaveexc: have?java.lang.StringIndexOutOfBoundsException: Index 20 out of bounds for length 20 moreovera \java.lang.StringIndexOutOfBoundsException: Index 50 out of bounds for length 50
\<comment> \<open>If it is reachable and not marked, it is still reachable using...\<close> letletT={,p."
exc notin> ?Rb\<^sup>*`` addrs ?T" let ?T = "{t}" havefrom proof still_reachable by(uto add)
show"addrs java.lang.StringIndexOutOfBoundsException: Index 18 out of bounds for length 18 by (fastforce cong:map_cong simp by(fastforcecongmap_congsimp from
java.lang.StringIndexOutOfBoundsException: Index 14 out of bounds for length 14 show"\(x, y)\?Ra-?Rb. y\(?Rb\<^sup>*``(addrs ?B \ addrs ?T))" by (clarsimp simprelS_defrestr_def qed thenhave: "?Ra\<^sup>*``addrs ?A - ?Rb\<^sup>*``addrs ?T \ ?Rb\<^sup>*``addrs ?B" by blast have ?swI4 proof ( poI4
ix
x with addr_p_eq \a " \ R \ \ m x" by (simp only, clarsimpstackDist nifB2 with ifB1then"stack. ?swInv stack" by blast
exc:" <> Rb<^sup>*`` addrs ?T" by (auto from inc
( simp:reachable_def
java.lang.StringIndexOutOfBoundsException: Index 13 out of bounds for length 13 moreover
\<comment> \<open>If it is marked, then it is reachable\<close> from i5 have"?" . moreover
java.lang.StringIndexOutOfBoundsException: Index 146 out of bounds for length 146 from i6 stack_eq obtain< \<open>List property is maintained:\<close> haveswI6 by clarsimp moreover
java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
romi7nifB2 have"?swI7" by (clarsimp simp java.lang.StringIndexOutOfBoundsException: Index 111 out of bounds for length 111
still_reachable
java.lang.StringIndexOutOfBoundsException: Index 11 out of bounds for length 11 have : addrs_defself_reachable
}byblast java.lang.StringIndexOutOfBoundsException: Index 97 out of bounds for length 97 moreover
{
assume nifB1: "\?ifB1"
java.lang.StringIndexOutOfBoundsException: Index 70 out of bounds for length 70 whereaddr_t_eq addr_t withbyclarsimprelS_def :java.lang.StringIndexOutOfBoundsException: Index 70 out of bounds for length 20 fromnifB1n_m_addr_t withi2t_notin_stack ( simpi4incin> ?Ra\<^sup>*``addrs ?A" let"?puI1
java.lang.StringIndexOutOfBoundsException: Index 17 out of bounds for length 17 proof
from i1 t_notin_stack haveletjava.lang.NullPointerException
simp:addr_t_eq, simp:S_defT=using moreover
\<comment> \<open>Everything on the stack is marked:\<close>moreover from i2 java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
f i5 by"puI5 moreover
\<comment> \<open>Everything is still reachable:\<close> by( congby : restr_defsimp addrs_defdest) let"R = reachable ?Rb ? thenhavesubset ?\<^sup>*``addrs ?A - ?Rb\<^sup>*``addrs ?T \ ?Rb\<^sup>*``addrs ?B" have"?Ra\<^sup>* `` addrs ?A = ?Rb\<^sup>* `` addrs ?B" proof"?" show by :x\<in> R \<and>\<not> m x"
have (:,clarsimp
fastforce:addrs_def addr_t_eq:oneStep_reachable[THEN]) next
( simpaddaddrs_def by (clarsimp simp java.lang.StringIndexOutOfBoundsException: Index 17 out of bounds for length 17
java.lang.StringIndexOutOfBoundsException: Index 14 out of bounds for length 14 showfromi6 java.lang.StringIndexOutOfBoundsException: Index 44 out of bounds for length 44 byclarsimp) qed with i3qed have: ?"by (simp add:reachable_defjava.lang.StringIndexOutOfBoundsException: Index 56 out of bounds for length 56
show\><open>If it is on the stack, then its \<^term>\<open>l\<close> and \<^term>\<open>r\<close> fields can be reconstructed\<close> let"\x. x \ R \ \ m x \ x \ reachable ?Ra ?A" = ?I4 let"\x. x \ R \ \ ?new_m x \ x \ reachable ?Rb ?B" = ?puI4 let ?T =moreover have"?Ra\<^sup>*``addrs ?A \ ?Rb\<^sup>*``(addrs ?B \ addrs ?T)" proof rulejava.lang.StringIndexOutOfBoundsException: Index 38 out of bounds for length 38 showaddrs ?A <subseteq> ?Rb\<^sup>* `` (addrs ?B \<union> addrs ?T)" by (fastforce ?"
show"\(x, y)\?Ra-?Rb. y\(?Rb\<^sup>*``(addrs ?B \ addrs ?T))" by (clarsimp simp:relS_def new_stack_eq restr_un restr_upd)
(fastforce simp add:rel_def qed
by blast have ?puI4 proof (rule allI, rule impI fix x assume a: "x \ R \ \ ?new_m x" have xDisj: "x=(addr t) \ x\(addr t)" by simp with i4 a have inc: "x \ ?Ra\<^sup>*``addrs ?A" by (fastforce simp:addr_t_eq addrs_def reachable_def intro:self_reachable) have exc: "x \ ?Rb\<^sup>*`` addrs ?T" using xDisj a n_m_addr_t
java.lang.StringIndexOutOfBoundsException: Index 3 out of bounds for length 3 from inc exc subset show"x \ reachable ?Rb ?B" by (auto simp add:reachable_def) qed moreover
\<comment> \<open>If it is marked, then it is reachable\<close> from i5 have"?puI5" by (auto simp:addrs_def i3 reachable_def addr_t_eq fun_upd_apply intro:self_reachable) moreover
\<comment> \<open>If it is not on the stack, then its \<^term>\<open>l\<close> and \<^term>\<open>r\<close> fields are unchanged\<close> from i6 have"?puI6" by( add) moreover
\<comment> \<open>If it is on the stack, then its \<^term>\<open>l\<close> and \<^term>\<open>r\<close> fields can be reconstructed\<close>
stackDist i7 have"? have "?uInv"
ultimatelyshow ?thesis by auto qed (simp new_stack_eqadd) thenhave
java.lang.StringIndexOutOfBoundsException: Index 7 out of bounds for length 7 ultimately by (s addnew_stack_eq) qed
} qed
Die Informationen auf dieser Webseite wurden
nach bestem Wissen sorgfältig zusammengestellt. Es wird jedoch weder Vollständigkeit, noch Richtigkeit,
noch Qualität der bereit gestellten Informationen zugesichert.
Bemerkung:
Die farbliche Syntaxdarstellung ist noch experimentell.
