Quelle AxSem.thy Sprache: Isabelle

(*  Title:      HOL/Bali/AxSem.thy
    Author:     David von Oheimb
*)

subsection \<open>Axiomatic semantics of Java expressions and statements
          (see  Eval)
\<close>
theory  imports Evalnjava.lang.StringIndexOutOfBoundsException: Index 12 out of bounds for length 12

text\item result values in triples exactly as in eval relation (also for xcpt
design:
\begin{itemize}
\item a strong version of validity for triples with premises, namely one that
      takes the\item validity: additional assumption of state conformance and well-typedness,
      correctness
\item auxiliary variables are handled first-class (-> Thomas Kleymann)
\item expressions not flattened to elementary assignments (as usual for
       semantics treated => explicit value
      handling
\item intermediate values not on triple, but on assertion level
      ( resultjava.lang.StringIndexOutOfBoundsException: Range [25, 26) out of bounds for length 25
\item multiple results with semantical substitution mechnism not requiring a
stack
\item because of dynamic method binding, terms need to be dependent on state.
   is  forconditionaland
\item result values in triples exactly as in eval relation (also for xcpt
      states)
\item validity: additional assumption of state conformance and well-typedness,
  which is required for java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
\end{itemize}

restrictions:
\begin{itemize}
\item all triples in a derivation are of the same type (due to weak
java.lang.StringIndexOutOfBoundsException: Index 19 out of bounds for length 19
\end{itemize}
\<close>

type_synonym  res = vals \<comment> \<open>result entry\<close>

abbreviation (input)
  Val where P

breviationinput  [iff "
  Varwhere Var  "

abbreviation (input)
  Vals where "Vals xmp_def)

syntax
  "_Val": []= ttrn
  "_Var"    : "[] = pttrn"(
  "_Vals"   :: "[pttrn] => pttrn"java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0

translations
":v . b ="\<lambda>v. b) \<circ> CONST the_In1"
  "\Var:v . b" == "(\v. b) \ CONST the_In2"
apply(nfold)

applysimp))
java.lang.StringIndexOutOfBoundsException: Index 4 out of bounds for length 4
translations
  (type) "apply (ulee)

definitionrule)
   :: "' \ 'a assn \ bool" (infixr \\\ 25)
do

java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
apply( assn_imp_def
apply (rule( peek_and_def
done

java.lang.StringIndexOutOfBoundsException: Index 7 out of bounds for length 0

subsection "peek-and"

definition
  peek_and :: "'a assn \ (state \ bool) \ 'a assn" (infixl \\.\ 13)
  where "(P \. p) = (\Y s Z. P Y s Z \ p s)"

apply( ext
apply apply (rule ext) (rule)
java.lang.StringIndexOutOfBoundsException: Index 5 out of bounds for length 4
done

lemma peek_and_Not [simp]: "(P \. (\s. \ f s)) = (P \. Not \ f)"
apply (rule  whereNormal= P <> normal
java.lang.StringIndexOutOfBoundsException: Index 21 out of bounds for length 16
apply (imp (o_asm (ule )
done

peek_and_and [simp:" (peek_and p p=peek_andPp"
apply (unfold peek_and_def)
apply (simp (no_asm))
done

lemma peek_and_commut
apply ( ext
subsection"
apply (rule ext)
apply auto
done

java.lang.StringIndexOutOfBoundsException: Index 10 out of bounds for length 10
where P =P\<and>. normal"

lemma "( .f \lambdaYs Z s' = f s)"
apply (
applylemma [simpassn_supd' \java.lang.StringIndexOutOfBoundsException: Index 91 out of bounds for length 91
apply (
apply
done

subsection "assn-supd"

definition
   :: (
  where "( where ( ;)=(<> s P Y ( )"

lemmaunfold)
apply( assn_supd_def
applylemma [elimf.Q f sZ
done

subsection

definition
  supd_assn auto )
  java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0

lemma java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
apply ( supd_assn_def
apply ( (no_asm
done

lemma supd_assn_supdD)

done

lemma []: "P
apply (auto rule)
done

java.lang.StringIndexOutOfBoundsException: Index 9 out of bounds for length 4

definition
  apply (ruleby
  where "P\w = (\Y. P w)"

lemmaby simp
apply (unfold subst_res_def)
apply (simp (no_asm))
done

lemmamp
apply(ule )
apply (simp
done

lemma peek_and_subst_res [simp]: "(P \. p)\w = (P\w \. p)"
apply( ext
apply subst_Bool_def2]
apply (simp (no_asm))
done

(*###Do not work for some strange (unification?) reason
lemma subst_res_Val_beta [simp]: "(\<lambda>Y. P (the_In1 Y))\<leftarrow>Val v = (\<lambda>Y. P v)"
apply (rule ext)
by simp

lemma subst_res_Var_beta [simp]: "(\<lambda>Y. P (the_In2 Y))\<leftarrow>Var vf = (\<lambda>Y. P vf)";
apply (rule ext)
by simp

lemma subst_res_Vals_beta [simp]: "(\<lambda>Y. P (the_In3 Y))\<leftarrow>Vals vs = (\<lambda>Y. P vs)";
apply (rule ext)
by simp
*)

subsection

definition_  pttrn
  subst_Booljava.lang.StringIndexOutOfBoundsException: Index 13 out of bounds for length 13
unfold)

lemma [simp
java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
apply (unfold( ext
apply ( (no_asm
done

lemma :
apply auto
done

subsection"peek-resjava.lang.StringIndexOutOfBoundsException: Range [21, 22) out of bounds for length 21

definition java.lang.NullPointerException
   :: "(res \ 'a assn) \ 'a assn"
  where "peek_resPf =(\Y. Pf Y Y)"

syntax (no_asm
  java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
syntax_consts )
""=
translations
  "\w:. P" == "CONST peek_res (\w. P)"

  [simp: "peek_res P Y = P Y Yjava.lang.StringIndexOutOfBoundsException: Index 50 out of bounds for length 50
unfold)
apply (simp (no_asm))
done

lemma peek_res_subst_res [simp]: "peek_res P\w = P w\w"
apply (rule ext
apply (simpno_asm
done

(* unused *)
lemma peek_subst_res_allI:
pply( ext
apply rule
applyapply ( (no_asm
apply fast
done

subsection

definition
  ign_res ::    :"st \ 'a assn) \ 'a assn"
  where

lemma
unfoldjava.lang.StringIndexOutOfBoundsException: Index 26 out of bounds for length 26
apply (simp (no_asm))
done

lemma ign_ign_res [simp]: "P "\s.. P" == "CONST peek_st (\s. P)"
java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
rule
apply (rule peek_st_def simp)
apply (simppeek_st_triv:(lambdaP
done

lemma( ext
apply rule
apply (rule
( ext
apply (simpapplyrule
done

lemma peek_and_ign_resjava.lang.StringIndexOutOfBoundsException: Index 4 out of bounds for length 4
  ext
apply rule)
apply (rule ext
applylemma  [simp\lambda. )leftarrow>w = (\<lambda>s.. P s\<leftarrow>w)"
done

subsection ext ))

java.lang.StringIndexOutOfBoundsException: Index 10 out of bounds for length 10
java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
where  java.lang.NullPointerException

syntax
  "_peek_st"   ::java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
syntax_consts
  "_peek_st" == peek_st
translations
  apply ext

lemmajava.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
apply  r ext
apply ( (no_asm
done

lemma
apply (rule
apply (rulesubst_Bool_ign_res_eqP
apply( (no_asm
done

lemma
apply (rule)
apply
applydefinition
done

lemma peek_st_split [simp]: "(\s.. \Y s'. P s Y s') = (\Y s. P (store s) Y s)"
apply (ule)
apply (rule ext "(vf.. P)=(<>Y . let (,')=vfs P (Varv s'"
apply (simp (no_asm))
done

lemma peek_st_subst_res [simp]java.lang.StringIndexOutOfBoundsException: Index 1 out of bounds for length 1
apply ext
apply ( unfold Let_def
done

peek_st_Normaljava.lang.NullPointerException
apply (rule
apply  Allocprog
apply (simpwhere
done

subsection "ign-res-eq"

definition
java.lang.StringIndexOutOfBoundsException: Index 10 out of bounds for length 10
"Pdown>=w \ (\Y:. P\ \. (\s. Y=w))"

lemma ign_res_eq_def2 [simp:"Alloc G otag P Y s Z=java.lang.StringIndexOutOfBoundsException: Index 50 out of bounds for length 50
apply (unfold ign_res_eq_def)
apply auto
done

lemmajava.lang.StringIndexOutOfBoundsException: Index 4 out of bounds for length 4
apply (ule)
apply (rule ext  " G P Y sZ=(s'. G\s \sxalloc\ s' \ P Y s' Z)"
apply (rule ext)
apply (simp (no_asm))
applyunfold)

(* unused *) simp))
java.lang.StringIndexOutOfBoundsException: Index 4 out of bounds for length 4
apply   :: "prog \ term \ state \ bool" where
apply     \<exists>  CA (normal s <longrightarrow> \<lparr>prg=G,cls=C,lcl=L\<rparr>\<turnstile>t\<Colon>T \<and>
apply (rule ext)
apply (simp                             >prg=C,=L\<rparr>\<turnstile>dom (locals (store s))\<guillemotright>t\<guillemotright>A )
done

(* unused *)
lemma like = \<forall>'a. triple ('a assn) term ('a assn)   **)
apply (simp (no_asm))
done

RefVar

definition
  RefVarPejava.lang.NullPointerException
  where:[assnassn

lemma
  P (   " \ {} =={ e\ {Q}"
   :: "' ,list,aassn <>' "
apply (simp (no_asm) add: split_beta)
done

subsection "allocation"

definition
  Alloc    "{P}e<>\ {Q} == {P} In3 e\ {Q}"
  java.lang.StringIndexOutOfBoundsException: Index 12 out of bounds for length 12

definition
  SXAllocjava.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
   " G P=(Y s Z. \s'. G\s \sxalloc\ s' \ P Y s' Z)"

lemma Alloc_def2 [simp    (\<open>{(1_)}/ _->/ {(1_)}\<close>    [3,80,3] 75) and
       (\<forall>s' a. G\<turnstile>s \<midarrow>halloc otag\<succ>a\<rightarrow> s'\<longrightarrow> P (Val (Addr a)) s' Z)" : "inj \<
auto
apply (simp (no_asm))
done

java.lang.StringIndexOutOfBoundsException: Index 4 out of bounds for length 4
  "SXAlloc Gapply java.lang.StringIndexOutOfBoundsException: Index 10 out of bounds for length 10
applyunfold)
apply (simp (no_asm(c <Rightarrow> 'sig \<Rightarrow> 'a assn) \<Rightarrow> ('c \<times>  'sig) set \<Rightarrow> 'a triples" (\<open>{{(1_)}/ _-\<succ>/ {(1_)} | _}\<close>[3,65,3,65]75) where}tf-
done

subsubsection

definition
  type_ok  of {}t
  "type_ok G t s =
    (\<exists>L T C A. (normal s \<longrightarrow> \<lparr>prg=G,cls=C,lcl=L\<rparr>\<turnstile>t\<Colon>T \<and>
                                 Author:     David*)
\< s\<Colon>\<preceq>(G,L))"

          'assn "a)
something like triple = \<forall>'a. triple ('a assn) term ('a assn)   **)
(\<open>{(1_)}/ _\<succ>/ {(1_)}\<close>     [3,65,3] 75)
type_synonym

abbreviation
  var_triple
(\<open>{(1_)}/ _=\<succ>/ {(1_)}\<close>    [3,80,3] 75)

abbreviation
  expr_triple   \<open>_,_|=_\<close>   [61,58,58] 57)
                                         lemma: conditional statements
   "{P}e-\ {Q} == {P} In1l e\ {Q}"

abbreviation
  exprs_triple\item all triples in a derivation are of the same type (due to weak
                                         abbreviation  java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
  where   "pply(unfold triple_valid_def type_ok_def)

abbreviation
    :: "'a , stmt, 'a assn] \ 'a triple"
(\<open>{(1_)}/ ._./ {(1_)}\<close>     [3,65,3] 75)
  where "{P} .c. where "(P \<Rightarrow> Q) = (\<forall>Y s Z. P Y s Z \<longrightarrow> Q Y s Z)"

applydone
  triple
  var_tripledefinition  peek_and :: "'a assn \ (state \ bool) \ 'a assn" (infixl \\.\ 13)
  expr_triple\lemma peek_and_def2.split [splitapply (apply (simp
  exprs_triplerulejava.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0

inj_triple  where
apply (rule
apply apply java.lang.StringIndexOutOfBoundsException: Index 9 out of bounds for length 9
done

lemma   andax_derivjava.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
applyauto
done

definition mtriples java.lang.StringIndexOutOfBoundsException: Index 5 out of bounds for length 5

apply( supd_assn_def()java.lang.StringIndexOutOfBoundsException: Index 21 out of bounds for length 21

definitionapply autodone
  |asmjava.lang.StringIndexOutOfBoundsException: Index 62 out of bounds for length 62
  wheresubsectionjava.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
    "G\n:t =
          where "P\w = (\Y. P w)"
apply (unfoldapply java.lang.StringIndexOutOfBoundsException: Index 6 out of bounds for length 4
java.lang.StringIndexOutOfBoundsException: Index 4 out of bounds for length 4

abbreviation
java.lang.StringIndexOutOfBoundsException: Index 4 out of bounds for length 4
"|n:ts == Ball ts (triple_valid G n)"

notation (ASCII)
  triples_valid  (  apply ruleby simp

definition
java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
  where "(G \ G,A\{P } t\ {Q }"

abbreviation
  ax_valid ::java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
where

notation
LVarjava.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0

lemma triple_valid_def2G\turnstile>{Q}e-
   where"P ,\{Normal P} {accC,C,stat}e..fn=\ {R}"
java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
                   \<lparr>prg=G,cls=C,lcl=L\<rparr>\<turnstile>dom (locals (store s))\<guillemotright>t\<guillemotright>A)) \<and>
           s\<Colon>\<preceq>(G,L))G,java.lang.StringIndexOutOfBoundsException: Index 79 out of bounds for length 79
  | NewC: "\<lbrakk>G,A\<turnstile>{Normal P} .Init C. {Alloc G (CInst C) Q}\<rbrakk> \<Longrightarrow>
applyunfold type_ok_def
apply simp ())
done

declare split_paired_All [simp delapplyautojava.lang.StringIndexOutOfBoundsException: Index 4 out of bounds for length 4
declarejava.lang.StringIndexOutOfBoundsException: Index 6 out of bounds for length 6
        option.split [split delG,A<turnstile>{Normal P} Cast T e-\<succ> {Q}"
setup\|:"<lbrakk>G,A\<turnstile>{Normal P} e-\<succ> {\<lambda>Val:v:. \<lambda>s..
setup \<open>map_theory_claset (fn ctxt => ctxt delSWrapper "split_all_tac")\<close>

inductive

   ax_deriv prog
  for\<Longrightarrow>
where

uiv G,\turnstilet"G\<>{ P} UnOpunope-succ>{}"

| empty: "
insert
          G,A|\<turnstile>insert t ts"

apply ( allI

(* could be added for convenience and efficiency, but is not necessarysimp (no_asm)java.lang.StringIndexOutOfBoundsException: Index 21 out of bounds for length 21
  cut:   "\<lbrakk>G,A'|\<turnstile>ts; G,A|\<turnstile>A'\<rbrakk> \<Longrightarrow>
           G,A |\<turnstile>ts"
*)
||Super,<

||java.lang.StringIndexOutOfBoundsException: Index 2 out of bounds for length 0
         (\<forall>Y   Z'. P' Y s Z' \<longrightarrow> Q' Y' s' Z') \<longrightarrow>
                                 QY's )
                                         \<Longrightarrow> G,A\<turnstile>{P } t\<succ> {Q }"

apply unfold)

java.lang.StringIndexOutOfBoundsException: Index 4 out of bounds for length 4

  \<comment> \<open>variables\<close>
|LVar ,\<turnstile>{Normal (\<lambda>s.. P\<leftarrow>Var (lvar vn s))} LVar vn=\<succ> {P}"

| |:
G\<
                                 apply rule

| AVar:  \<>,
          \<forall>a. G,A\<turnstile>{Q\<leftarrow>Val a} e2-\<succ> {\<lambda>Val:i:. avar G i a ..; R}\<rbrakk> \<Longrightarrow>
                                 G,A\<turnstile>{Normal P} e1.[e2]=\<succ> {R}"
  <comment> \<open>expressions\<close>

      <lambda>s. normal s \<longrightarrow> G\<turnstile>mode\<rightarrow>invC\<preceq>statT)}Methd
                                 G,A\<turnstile>{Normal P} NewC C-\<succ> {Q}" ext

peek_and_ign_res:"Pand.) = (P\ \. p)"
          {\<lambda>Val:i:. abupd (check_neg i) .; Alloc G (Arr T (the_Intg i)) R}\<rbrakk> \<Longrightarrow>
G,A<turnstile>{Normal P} New T[e]-\<succ> {R}"

| Cast"{Normal P} e-\ {\Val:v:. \s..
          abupd (raise_ifapply ext


|java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
  w "peek_st P= \java.lang.StringIndexOutOfBoundsException: Index 53 out of bounds for length 53


| Lit

| java.lang.StringIndexOutOfBoundsException: Index 6 out of bounds for length 0
          \<Longrightarrow>
java.lang.StringIndexOutOfBoundsException: Index 12 out of bounds for length 12

| BinOp:
   "\G,A\{Normal P} e1-\ {Q};
java.lang.StringIndexOutOfBoundsException: Index 55 out of bounds for length 55
               (if
               {\<lambda>Val:v2:. R\<leftarrow>Val (eval_binop binop v1 v2)}\<rbrakk>
    \<Longrightarrow>
    G,A\<turnstile>{Normal P} BinOp binop e1 e2-\<succ> {R}"

| Super

| Acc:  "\G,A\{Normal P} va=\ {\Var:(v,f):. Q\Val v}\ \
                                 G,A\<turnstile>{Normal P} Acc va-\<succ> {Q}"

| Ass:  "\G,A\{Normal P} va=\ {Q};
     \<forall>vf. G,A\<turnstile>{Q\<leftarrow>Var vf} e-\<succ> {\<lambda>Val:v:. assign (snd vf) v .; R}\<rbrakk> \<Longrightarrow>
                                 G,A\<turnstile>{Normal P} va:=e-\<succ> {R}"

| Cond: "\G,A \{Normal P} e0-\ {P'};
apply(rule ext
applyrule)

java.lang.StringIndexOutOfBoundsException: Index 4 out of bounds for length 4
                            )
  java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
(<lambda>s. declC=invocation_declclass G mode (store s) a statT \<lparr>name=mn,parTs=pTs\<rparr> \<and>
invC mode )astatT
         l apply ext)
java.lang.StringIndexOutOfBoundsException: Index 77 out of bounds for length 77
      (<lambda>s. normal s \<longrightarrow> G\<turnstile>mode\<rightarrow>invC\<preceq>statT)}
Methd declC \<lparr>name=mn,parTs=pTs\<rparr>-\<succ> {set_lvars l .; S}\<rbrakk> \<Longrightarrow>G,
         G,one

| lemma [simp] "\s.. P s)\w = (\s.. P s\w)"
                                 G,A|\<turnstile>{{P} Methd-\<succ>  {Q} | ms}"

|: "|:"
java.lang.StringIndexOutOfBoundsException: Index 4 out of bounds for length 4
    \<Longrightarrow>
                                  rule)

  \<comment> \<open>expression lists\<close>

NilG

| Consign_res_eq ' assn \ res \ 'a assn" (\_\=_\ [60,61] 60)

                                 G,A\<turnstile>{Normal P} e#es\<doteq>\<succ> {R}"

  \<comment> \<open>statements\<close>

| Skip:

|
                                 G,A\<turnstile>{Normal P} .Expr e. {Q}"

| Labunfold)
                           G,A\<turnstile>{Normal P} .l\<bullet> c. {Q}"(Q\<and>. (\<lambda>s. \<not>G,s\<turnstile>catch C)) \<Rightarrow> R\<rbrakk> \<Longrightarrow>

Complbrakk
          G,A      \<forall>x. G,A\<turnstile>{Q \<and>. (\<lambda>s. x = fst s) ;. abupd (\<lambda>x. None)}
Gjava.lang.NullPointerException

| If:   "\G,A \{Normal P} e-\ {P'};
          apply (rule ext) rule)
                                 A\<turnstile>{Normal P} .If(e) c1 Else c2. {Q}"
(* unfolding variant of Loop, not needed hereext)
  LoopU:"\<lbrakk>G,A \<turnstile>{Normal P} e-\<succ> {P'};
          \<forall>b. G,A\<turnstile>{P'\<leftarrow>=b} .(if b then c;;While(e) c else Skip).{Q}\<rbrakk>
         \<Longrightarrow>              G,A\<turnstile>{Normal P} .While(e) c. {Q}"
*)
| Loop: "\G,A\{P} e-\ {P'};
apply (rule ext
                            G,A                               G,A\<turnstile>{Normal (P \<and>. Not \<circ> initd C)} .Init C. {R}"
   (simp))
|

:"\G,A\{Normal P} e-\ {\Val:a:. abupd (throw a) .; Q\\}\ \
                                 java.lang.StringIndexOutOfBoundsException: Index 4 out of bounds for length 4

Try:"G,A\{Normal P} .c1. {SXAlloc G Q};
          G,A\<turnstile>{Q \<and>. (\<lambda>s.  G,s\<turnstile>catch C) ;. new_xcpt_var vn} .c2. {R};
              Qjava.lang.StringIndexOutOfBoundsException: Index 111 out of bounds for length 111
unfold Let_def)

| Fin:  "\G,A\{Normal P} .c1. {Q};
      \<forall>x. G,A\<turnstile>{Q \<and>. (\<lambda>s. x = fst s) ;. abupd (\<lambda>x. None)}
java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
                                 G,A\<turnstile>{Normal P} .c1 Finally c2. {R}"

semantics

| Init: "\the (class G C) = c;
          java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
                 "|Callee ",
      <forall>l. G,A\<turnstile>{Q \<and>. (\<lambda>s. l = locals (store s)) ;. set_lvars Map.empty} SXAlloc

                               G,

\<comment> \<open>Some dummy rules for the intermediate terms \<open>Callee\<close>,
\<open>InsInitE\<close>, \<open>InsInitV\<close>, \<open>FinA\<close> only used by the smallstep
semantics
| InsInitV: " G,A\{Normal P} InsInitV c v=\ {Q}"
| InsInitE: " G,apply (unfold SXAlloc_def)
lee GA\<turnstile>{Normal P} Callee l e-\<succ> {Q}"
| FinA| FinA:      "
(* "validity"
axioms
*)

  adapt_pre :: "'a assn \ 'a assn \ 'a assn \ 'a assn"
  where "adapt_pre P Q Q' = (\Y s Z. \Y' s'. \Z'. P Y s Z' \ (Q Y' s' Z' \ Q' Y' s' Z))"

subsubsection    a triple'aassn" "(aassn"(java.lang.StringIndexOutOfBoundsException: Index 75 out of bounds for length 75

lemma cut_valid  (\<open>{(1_)}/ _\<succ>/ {(1_)}\<close>     [3,65,3] 75)
apply( type_synonym=' set"
apply       :[a,varassn
done

(*if cut is available
Goal "\<lbrakk>G,A'|\<turnstile>ts; A' \<subseteq> A; \<forall>P Q t. {P} t\<succ> {Q} \<in> A' \<longrightarrow> (\<exists>T. (G,L)\<turnstile>t\<Colon>T) \<rbrakk> \<Longrightarrow>
       G,A|\<turnstile>ts"
b y etac ax_derivs.cut 1;
b y eatac ax_derivs.asm 1 1;
qed "ax_thin";
*)
lemma [rule_format)]:
  (\<open>{(1_)}/ _-\<succ>/ {(1_)}\<close>    [3,80,3] 75)(*apply           (fast intro: ax_derivs.cut) *)
applyapply    :"', ,aassn]
                tactic EVERY\<^context>, REPEAT o smp_tac \<^context> 1])")
apply                ( ax_derivs)
apply               (erule apply(apply (rule  \<><> Q ={}}In3
  stm  ::"[aassn stmt, 'aapply (\TRYALL (resolve_tac \<^context> ((funpow 5 tl) @{thms ax_derivs.intros}))\)
(*apply           (fast intro: ax_derivs.cut) *)
apply            (fast intro  "P c Q ={}In1r
pplyax_derivs  strip "mp_tac\<^context> 3 1",clarify,
  tactic "smp_tac \<^context> 1 1",rule exI, rule exI, erule (1) conjI)
(* 37 subgoals *)
prefer 8(* Methd *)
apply (rule ax_derivs.Methd, drule spec, erulemp fast
apply (tactic   exprs_triple  (\<open>{(1_)}/ _#>/ {(1_)}\<close>    [3,65,3] 75)apply (rule
apply auto
done

java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
apply (erule ax_thin
apply fast
java.lang.StringIndexOutOfBoundsException: Index 4 out of bounds for length 4

lemma}         eresolve_tac \<^context> [disjE],
ts{}mb-{    \<
apply (unfold mtriples_def)
apply (rule subset_image_iff)
done

lemmaweaken
:atriple\turnstile(s':' triple ) \<Longrightarrow> \<forall>ts. ts \<subseteq> ts' \<longrightarrow> G,A|\<turnstile>ts"
apply (erule ax_derivs.apply( intro:ax_derivs)

apply
apply       (tactic \<open>ALLGOALS(REPEAT o (EVERY'[dresolve_tac \<^context> @{thms subset_singletonD},fast   (java.lang.StringIndexOutOfBoundsException: Range [123, 17) out of bounds for length 123
         eresolve_tac"\n:ts == Ball ts (triple_valid G n)"
apply \<open>TRYALL (resolve_tac \<^context> ((funpow 5 tl) @{thms ax_derivs.intros})
apply       (
apply       (apply java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
apply      (drule subset_insertD)
apply      (blast intro: apply java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
apply     (fastapply erule",\Turnstile = ,\{t}"
(*apply  (blast intro: ax_derivs.cut) *)rule exI
introax_derivs.weaken
apply  (apply  (ule)
(*37 subgoals*) (* dead end, Methd is to blame *)
apply (tactic\<forall>Y s Z. P Y s Z
                   THEN_ALL_NEW fast_tac
(*1 subgoal*)
apply (\<lparr>prg=G,cls=C,lcl=L\<rparr>\<turnstile>dom (locals (store s))\<guillemotright>t\<guillemotright>A)) \<and>
apply( ax_derivs)
apply (drulegeneral were couldnfold type_ok_def
apply (erule
apply  (rule
apply  (erule )
  rule.refl
(* dead end, Methd is to blame *)

section  conseq

\<open>In the following rules we often have to give some type annotations like:
\<^term>\<open>G,(A::'a triple set)\<turnstile>{P::'a assn} t\<succ> {Q}\<close>.
Given only the term above    G : prog
general type werejava.lang.StringIndexOutOfBoundsException: Index 5 out of bounds for length 5
different java.lang.StringIndexOutOfBoundsException: Index 14 out of bounds for length 14
in  itself
\<open>ax_derivs.Methd\<close> enforces the same type in the inductive definition of
the java.lang.StringIndexOutOfBoundsException: Index 70 out of bounds for length 70
rules.
\<close>
lemma : "<)
       \forallYZ     \longrightarrowQYjava.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
  Q Y s Z\<>
  \<Longrightarrow>  G,A\<turnstile>{P ::'a assn} t\<succ> {Q }"fast
apply (rule ax_derivs.conseq)
apply clarsimp
blast
done

\<comment> \<open>Nice variant, since it is so symmetric we might be able to memorise it.\<close>
lemma conseq12': "\G,(A::'a triple set)\{P'::'a assn} t\ {Q'}; \s Y' s'.
(\<forall>Y Z. P' Y s Z \<longrightarrow> Q' Y' s' Z) \<longrightarrow>  A<turnstile>{Q} e-\<succ> {\<lambda>Val:a:. fvar C stat fn a ..; R}\<rbrakk> \<Longrightarrow>
       (          \<forall>a. G,A\<turnstile>{Q\<leftarrow>Val a} e2-\<succ> {\<lambda>Val:i:. avar G i a ..; R}\<rbrakk> \<Longrightarrow> conseq12
\<Longrightarrow>  G,A\<turnstile>{P::'a assn } t\<succ> {Q }"
applyerule)
applyfast
done

lemma conseq12_from_conseq12'| NewA:java.lang.StringIndexOutOfBoundsException: Index 95 out of bounds for length 95
\<forall>Y s Z. P Y s Z \<longrightarrow> (\<forall>Y' s'. (\<forall>Y Z'. P' Y s Z' \<longrightarrow> Q' Y' s' Z') \<longrightarrow>   java.lang.NullPointerException
  Q ' s Z\
  \<Longrightarrow>  G,A\<turnstile>{P::'a assn} t\<succ> {Q }"
(erule conseq12
apply blast
done

lemmaconseq1 \lbrakk(:' )turnstile>P':a assn
\<Longrightarrow> G,A\<turnstile>{P::'a assn} t\<succ> {Q}"
apply (erule conseq12java.lang.StringIndexOutOfBoundsException: Index 96 out of bounds for length 96
apply blast
done

lemma conseq2:java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
\<Longrightarrow> G,A\<turnstile>{P::'a assn} t\<succ> {Q}"
apply (erule| force
apply blast
done

lemma ax_escapelemma::
"\\Y s Z. P Y s Z
   \<longrightarrow> G,(A::'a triple set)\<turnstile>{\<lambda>Y' s' (Z'::'a). (Y',s') = (Y,s)} java.lang.StringIndexOutOfBoundsException: Index 55 out of bounds for length 55
                             \<succ>
                            {\<lambda>Y s Z'. Q Y s Z}
\<rbrakk> \<Longrightarrow>  G,A\<turnstile>{P::'a assn} t\<succ> {Q::'a assn}"
apply (rule
apply force
done

(* unused *)
(* unused *)(*
\<Longrightarrow> G,A\<turnstile>{\<lambda>Y s Z. C \<and> P Y s Z} t\<succ> {Q}"
apply (rule ax_escape (* unused *)
apply clarify
apply (rule conseq12)java.lang.StringIndexOutOfBoundsException: Index 2 out of bounds for length 2
apply  fast
java.lang.StringIndexOutOfBoundsException: Index 10 out of bounds for length 10
done
(*alternative (more direct) proof:
apply (rule ax_derivs.conseq) *)
apply fast)
*

lemma ax_impossible [
|Condlbrakk<>ormal<>{';
apply(rule ax_escape)
apply clarify
done

(* unused *)
lemma auto
apply autojava.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
done

lemma ax_nochange:
invCinvocation_class (store)a  \<and> erule
java.lang.StringIndexOutOfBoundsException: Index 79 out of bounds for length 79
apply (erule
apply auto
apply (erule (1) ax_nochange_lemma)
done

(* unused *)
lemmaax_trivialconseq
apply
apply auto
done

(* unused *)
sj
"| Body: "\G,A\{Normal P} .Init D. {Q};
  \<Longrightarrow>  G,A\<turnstile>{\<lambda>Y s Z. P1 Y s Z \<or> P2 Y s Z} t\<succ> {\<lambda>Y s Z. Q1 Y s Z \<or> Q2 Y s Z}"
( ax_escape(applyjava.lang.StringIndexOutOfBoundsException: Index 10 out of bounds for length 10
ply
apply  erule, fast
done

(* unused *)\<
lemma:
          <forall>v. G,A\<turnstile>{Q\<leftarrow>Val v} es\<doteq>\<succ> {\<lambda>Vals:vs:. R\<leftarrow>Vals (v#vs)}\<rbrakk> \<Longrightarrow>{ P} eesdoteq
(
apply (best elim  \<comment> \<open>statements\<close>
done

lemmaax_cases java.lang.StringIndexOutOfBoundsException: Index 17 out of bounds for length 17
\<lbrakk>G,(A::'a triple set)\<turnstile>{P \<and>.       C} t\<succ> {Q::'a assn};   "C s"
   ,\<turnstile>{P \<and>. Not \<circ> C} t\<succ> {Q}\<rbrakk> \<Longrightarrow> G,A\<turnstile>{P} t\<succ> {Q}"
apply (unfold peek_and_def)
apply (rule clarify
apply ( "C s")
case_tac ")
apply  (erule
done
(*alternative (more direct) proof: : ",:atripleset\P:aassn \succ> {}
apply (rule rtac ax_derivs.conseq) *)
apply clarifyapply( adapt_pre_def
apply (case_tacC "applyfast
apply  force+
*)

lemma ax_adapt: "G,(A::'a triple set)\{P::'a assn} t\ {Q}
  \<Longrightarrow> G,A\<turnstile>{adapt_pre P Q Q'} t\<succ> {Q'}"\<longrightarrow> G,A\<Turnstile>{adapt_pre P Q Q'} t\<succ> {Q'}"
apply (unfold adapt_pre_defIflbrakk
apply (erule conseq12
applyfast
done

lemma adapt_pre_adapts  P <>adapt_preQ:' )"
\<longrightarrow> G,A\<Turnstile>{adapt_pre P Q Q'} t\<succ> {Q'}"
apply (unfold adapt_pre_def)
apply (simp add: ax_valids_def drule_tac          forall>b. G,A\<turnstile>{P'\<leftarrow>=b} .(if b then c;;While(e) c else Skip).{Q}\<rbrakk>
apply java.lang.StringIndexOutOfBoundsException: Index 10 out of bounds for length 10
done

lemma adapt_pre_weakest:

  P' \ adapt_pre P Q (Q'::'a assn)"
apply(a)
apply ( spec
apply (drule_tacerule
apply( x = "n1r Skip"  spec
( addax_valids_def
oops

lemma peek_and_forget1_Normal,
"G,(A::'a triple set)\{Normal P} t\ {Q::'a assn}
\<Longrightarrow> G,A\<turnstile>{Normal (P \<and>. p)} t\<succ> {Q}"
apply (erule)
apply (simp (no_asm

lemma lemma peek_and_forget2
"G,(A::'a triple\ G,A\{P} t\ {Q}"
\<Longrightarrow> G,A\<turnstile>{P \<and>. p} t\<succ> {Q}"
apply
apply (simp (no_asm :

lemmas ax_NormalD = peek_and_forget1applyforce!: onseq1

lemma
"G,(A:: ,\turnstile{Normal ((P \. Not \ initd C) ;. supd (init_class_obj G C))}
\<Longrightarrow> G,A\<turnstile>{P} t\<succ> {Q}"
apply (erule conseq2)
apply (simp ())
done

:
"\v. G,(A::'a triple set)\{(P' v )\Val v} t\ {(Q v)::'a assn}done ,\java.lang.StringIndexOutOfBoundsException: Index 100 out of bounds for length 100
\<Longrightarrow>  \<forall>v. G,A\<turnstile>{(\<lambda>w:. P' (the_In1 w))\<leftarrow>Val v} t\<succ> {Q v}"
apply (force elim!: | "A{Normal P} InsInitV c v=\ {Q}"
InsInitE: ,

java.lang.StringIndexOutOfBoundsException: Index 25 out of bounds for length 25
"\v. G,(A::'a triple set)\{(P' v )\Var v} t\ {(Q v)::'a assn}
\<Longrightarrow>  \<forall>v. G,A\<turnstile>{(\<lambda>w:. P' (the_In2 w))\<leftarrow>Var v} t\<succ> {Q v}"axioms
apply (force!:java.lang.StringIndexOutOfBoundsException: Index 27 out of bounds for length 0
done

lemma ax_subst_Vals_allIrule.Lit  where  ' \lambda
"(\v. G,(A::'a triple set)\{( P' v )\Vals v} t\ {(Q v)::'a assn})
\<Longrightarrow>  \<forall>v. G,A\<turnstile>{(\<lambda>w:. P' (the_In3 w))\<leftarrow>Vals v} t\<succ> {Q v}"" :
force! conseq1)
done

subsubsection "alternative axioms"

lemma
",:' set){Normal P::'a assn} Lit v-\ {Normal (P\=Val v)}"
rule [ conseq1b y etac ax_derivs.b y eatac ax_derivs.asm 1 1;
  [
done
ax_Lit2_test_complete
apply( "('[clarify_tac\<^context>, REPEAT o smp_tac \<^context> 1])")

applyforce
done

: ",A:a triple set)\{Normal P::'a assn} LVar vn=\ {Normal (\s.. P\=Var (lvar vn s))}"
apply (java.lang.StringIndexOutOfBoundsException: Index 4 out of bounds for length 4
apply force
done            fast:ax_derivs)

lemmaax_Super2 "java.lang.StringIndexOutOfBoundsException: Index 72 out of bounds for length 72
  {Normal1 (* Methd *)
apply(ax_derivs specmp
apply( \<open>TRYALL (resolve_tac \<^context> ((funpow 5 tl) @{thms ax_derivs.intros}))\<close>)

ax_Nil2
applyapply  (clarsimp
apply lemmas   "ts \ {{P} mb-\ {Q} | ms} = (\ms'. ms'\ms \ ts = {{P} mb-\ {Q} | ms'})"
apply force
done

subsubsection

(* unused *)
  "\F \ ms; finite ms; \(C,sig)\ms.
    G,(A:lemma ax_methods_spec:

apply (frule (1
apply (apply( "ALLGOALS ( \<^context>)")
apply (erule thin_rl
apply (erule finite_induct)
apply  ( mtriples_def
apply  (clarsimp intro!: ax_derivs.empty ax_derivs.insertdone
apply force
done
lemmas ax_finite_mtriples = ax_finite_mtriples_lemmaapply( "TRYALL ( \<^context>)")

lemma ax_derivs_insertD:
",A:'atripleset|\insert (t::'a triple) ts \ G,A\t \ G,A|\ts"
apply      ( subset_insertD
one

lemma ax_methods_spec(fastintro.asm
(apply( introax_derivs) )
apply (erule ax_derivsapply  ( : ax_derivs
apply force: java.lang.StringIndexOutOfBoundsException: Range [49, 48) out of bounds for length 49
doneapply( java.lang.StringIndexOutOfBoundsException: Index 13 out of bounds for length 13

(* this version is used to avoid using the cut rule *))
lemmaapplyerule)
  ((\<forall>(C,sig)\<in>F. G,(A::'a triple set)\<turnstile>(f C sig::'a triple)) \<longrightarrow> (\<forall>(C,sig)\<in>ms. G,A\<turnstile>(g C sig::'a triple))) \<longrightarrow>
      G,A|\<turnstile>case_prod f ` F \<longrightarrow> G,A|\<turnstile>case_prod g ` F")
et)
apply(erule )
apply (
apply (erule finite_induct "done
apply
apply (drule ax_derivs_insertD (\<exists>T L C. \<lparr>prg=G,cls=C,lcl=L\<rparr>\<turnstile>t\<Colon>T)
apply (rule ax_derivs.Given term without wouldjava.lang.StringIndexOutOfBoundsException: Index 41 out of bounds for length 41
apply  (simp mp conseq12
apply  (auto derivation we toauto : )
done
mmas = [OF]
java.lang.StringIndexOutOfBoundsException: Index 1 out of bounds for length 1
:
( ax_Normal_cases
apply ax_cases
( ax_derivs
java.lang.StringIndexOutOfBoundsException: Index 11 out of bounds for length 11
done

:
"
  \<longrightarrow> G,(A::'a triple set)\<turnstile>{Normal P} t\<succ> {Q::'a assn} \<Longrightarrow>
  erule
apply (java.lang.NullPointerException
apply (rule ax_escape)
apply clarify
apply (( conseq12
apply
done

MLjava.lang.StringIndexOutOfBoundsException: Index 104 out of bounds for length 104
declare{a

lemmas ax_Normal_casesjava.lang.StringIndexOutOfBoundsException: Index 4 out of bounds for length 4

lemma ax_SkipIntVir\<LongrightarrowA
( ax_Normal_cases)
apply  (rule ax_derivs.Skip)
apply fast
done
ax_SkipITHEN

subsubsection(, )

lemma applydrule,drule
java.lang.StringIndexOutOfBoundsException: Index 11 out of bounds for length 11
  \<forall>a vs l. G,A\<turnstile>{(R a\<leftarrow>Vals vs \<and>. (\<lambda>s. l = locals (store s)) ;.java.lang.StringIndexOutOfBoundsException: Index 114 out of bounds for length 114
  init_lvars
    Methd C \<lparr>name=mn,parTs=pTs\<rparr>-\<succ> {set_lvars l .; S};  rule (* unused *))java.lang.StringIndexOutOfBoundsException: Index 47 out of bounds for length 47
  \<forall>a. G,A\<turnstile>{Q\<leftarrow>Val a} args\<doteq>\<succ>   ax_derivs)
       {R a \<and>. (\<lambda>s. C = obj_class (the (heap (store s) (the_Addr a))) \<and>
                     C = invocation_declclass
                            G IntVir
       G,(Alemmaax_impossible]:
   \<Longrightarrow> G,A\<turnstile>{Normal P} {accC,statT,IntVir}e\<cdot>mn({pTs}args)-\<succ> {S}"
apply (erule ax_derivs.Call:
apply \lbrakkG\<
apply  (erule spec)
apply (java.lang.StringIndexOutOfBoundsException: Index 4 out of bounds for length 4
apply (drule spec
apply force
done

lemma ax_Call_Static
java.lang.NullPointerException
               init_lvars G ( ax_Methd1
Methd <lparr>name=mn,parTs=pTs\<rparr>-\<succ> {set_lvars l .; S};
  G,A\<turnstile>{Normal P} e-\<succ> {Q};
  \<forall> a. G,(A::'a triple set)\<turnstile>{Q\<leftarrow>Val a} args\<doteq>\<succ> {(R::val \<Rightarrow> 'a assn)  a (erule)
  \<and>. (\<lambda> s. C=invocation_declclass
                G Static eruleax_nochange_lemma ax_StatRef
\<rbrakk>  \<Longrightarrow>  G,A\<turnstile>{Normal P} {accC,statT,Static}e\<cdot>mn({pTs}args)-\<succ> {S}"
apply (erule ax_derivs.Call)
apply  safe
apply  ( spec
apply ( ax_escape
apply erule_tac" longrightarrow> Q" for P Q in thin_rl)
apply (drule spec,drule spec,drule spec, erule java.lang.StringIndexOutOfBoundsException: Index 55 out of bounds for length 0
apply (force simp add: init_lvars_def Let_def)
done

lemma ax_Methd1
     <forall>l. G,A\<turnstile>{Q \<and>. (\<lambda>s. l = locals (store s)) ;. set_lvars Map.empty}
       G,A\<turnstile>{Normal (P C sig)} Methd C sig-\<succ> {Q C sig}"
.Methd
apply(unfoldjava.lang.StringIndexOutOfBoundsException: Index 27 out of bounds for length 27
apply (erulelemmaax_supd_shuffle:java.lang.StringIndexOutOfBoundsException: Index 23 out of bounds for length 23
done

lemma ax_MethdN
"G,insert({Normal P}java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
          {Normal\lbrakkG(::atriple
      G,A\<turnstile>{Normal P} Methd   C sig-\<succ> {Q}"
apply (rule rule )
apply  (rule_tac( ax_SkipI ( peek_and_def
apply (unfold mtriples_def
apply clarsimpapply (ase_tac Cs)
done

lemma ax_StatRef:
  "G,(A::java.lang.StringIndexOutOfBoundsException: Index 4 out of bounds for length 4
apply (ruleapply (rule(* unused *)(*
apply rule [THEN       (:atriple<{P<\diamondsuit Init{P
apply clarsimp+
done

subsubsection rule_tac initdax_adapt(::atriple

  lemmaax_InitSapply (simp (no_asm))
          \<forall>l. G,A\<turnstile>{Q \<and>. (\<lambda>s. l = locals (store s)) ;. set_lvars Map.empty}
         . c. set_lvarsjava.lang.StringIndexOutOfBoundsException: Index 21 out of bounds for length 21
  ax_derivs
  java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
  ,:'a riple set\{Normal (P \. Not \ initd C)} .Init C. {R::'a assn}"
( ax_derivs
apply no_asm_simp
apply
done drule_tac"ins)

lemma ax_Init_Skip_lemma ax_triv_Init_Object:"<> G;
java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
  .Skip. {(set_lvarsC=initd ax_cases
apply (rule allI)
apply (rule ax_SkipI)
apply clarsimp ax_Init_Object java.lang.StringIndexOutOfBoundsException: Index 40 out of bounds for length 4
done

lemma ax_triv_InitS
       \apply( conseq1
       java.lang.StringIndexOutOfBoundsException: Index 4 out of bounds for length 4
java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
apply (rule_tac erule)
( ,ax_derivs
apply (simp (no_asm))
apply (erule (1) ax_InitS)
  java.lang.StringIndexOutOfBoundsException: Index 11 out of bounds for length 11
   )
apply (erule conseq1)
apply force
done

ax_Init_Object java.lang.NullPointerException
  {Normal java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
       .   <Longrightarrow> G,A\<turnstile>{P} t\<succ> {Alloc G (CInst C) Q}"
apply java.lang.StringIndexOutOfBoundsException: Range [5, 5) out of bounds for length 4
apply   (drule:
apply (simp_all

apply (rule ax_SkipI
done

lemma ax_triv_Init_Object: "\wf_prog G;
       (P::'a assn) \ (supd (init_class_obj G Object) .; P)\ \
GA' )\{Normal P\\} .Init Object. {P \. initd Object}"
apply (rule_tac  "apply( elim!: halloc_elim_cases)
apply  java.lang.StringIndexOutOfBoundsException: Index 4 out of bounds for length 4
apply (erule ax_Init_Object apply ax_Lit2)
apply force
done

"apply force

lemma ax_SXAlloc_Normal,A:' java.lang.StringIndexOutOfBoundsException: Index 50 out of bounds for length 50
"Aa )\{P::'a assn} .c. {Normal Q}
\<Longrightarrow> G,A\<turnstile>{P} .c. {SXAlloc G Q}"
apply (erule conseq2)
apply (clarsimp elim!: sxalloc_elim_cases simp add: split_tupled_all)
done

lemmaax_Alloc:
  G(A:  set)\<turnstile>{Normal P::'a assn} []\<doteq>\<succ> {Normal (P\<down>=Vals [])}" rule [THEN])
     {Normal (\<lambda>Y (x,s) Z. (\<forall>a. new_Addr (heap s) = Some a \<longrightarrow>
      Q (Val
      heap_freesubsubsection" derived structural rules"
\
apply (erule conseq2)
( elim halloc_elim_cases
done

lemma ax_Alloc_Arr:
"G,(A::'a triple set)\{P::'a assn} t\
   {\<lambda>Val:i:. Normal (\<lambda>Y (x,s) Z. \<not>the_Intg i<0 \<and>  (
    (\<forall>a. new_Addr (heap s) = Some a \<longrightarrow>
    Q (Val (Addr a)tpply  (larsimp! .empty.insert
    heap_free (Suc (Suc done
\<Longrightarrow>
G,A\<turnstile>{P} t\<succ> {\<lambda>Val:i:. abupd (check_neg i) .; Alloc G (Arr T(the_Intg i)) Q}"
applyerule)
applyauto
done

:
java.lang.StringIndexOutOfBoundsException: Index 65 out of bounds for length 65
applyforcedel: java.lang.StringIndexOutOfBoundsException: Range [49, 27) out of bounds for length 49
      (\<forall>a. new_Addr (heap s) = Some a \<longrightarrow>   []: \lbrakk
      Q Y (Some (Xcpt (Loc a)),      ,|<turnstile>case_prod f ` F \<longrightarrow> G,A|\<turnstile>case_prod g ` F"
      \<and>. heap_free (Suc (Suc 0))}\<rbrakk>
\<Longrightarrow>
G,A\<turnstile>{P} t\<succ> {SXAlloc G (\<lambda>Y s Z. Q Y s Z \<and> G,s\<turnstile>catch SXcpt xn)}"
apply conseq2
apply( elimsxalloc_elim_cases )
done

end

quality99%

¤ Dauer der Verarbeitung: 0.15 Sekunden ¤

*Eine klare Vorstellung vom Zielzustand

Wurzel

Suchen

Beweissystem der NASA

Beweissystem Isabelle

NIST Cobol Testsuite

Cephes Mathematical Library

Wiener Entwicklungsmethode

Haftungshinweis

Die Informationen auf dieser Webseite wurden nach bestem Wissen sorgfältig zusammengestellt. Es wird jedoch weder Vollständigkeit, noch Richtigkeit, noch Qualität der bereit gestellten Informationen zugesichert.

Bemerkung:

Die farbliche Syntaxdarstellung ist noch experimentell.