Quelle AxSem.thy Sprache: Isabelle

(*  Title:      HOL/Bali/AxSem.thyP\<forall>Y s Z. P Y s Z \<longrightarrow> type_ok G t s \<longrightarrow>
    Author:     David von Oheimb
*)

subsection
          (triples_validand
\<close>
theory

text datatype   'triple (aassn" 'a "(** should be
design issues:
\begin{itemize}
\item a strong version of validity for triples with premises, namely one that
      takes the recursive depth needed to complete execution, enables
      correctness proof
\item auxiliary variables are handled first-class (-> Thomas Kleymann)
\item expressions not flattened to elementary assignments (as usual for
      axiomatic semantics) but treated first-class => explicit result value
      handling
\item intermediate values not on triple, but on assertion level
      (with result entry)
\item multiple results with semantical substitution mechnism not requiring a
      stack
\item because of dynamic method binding, terms need to be dependent on state.
  this is also useful for conditional expressions and statements
\item result values in triples exactly as in eval relation (also for xcpt
      states)
\item validity: additional assumption of state conformance and well-typedness,
  which is required for soundness and thus rule hazard required of completeness
\end{itemize}

restrictions:
\begin{itemize}
\item all triples in a derivation are of the same type (due to weak
      polymorphism)
\end{itemize}
\<close>

type_synonym  res = vals \<comment> \<open>result entry\<close>

abbreviation (input)
  Val where "Val x == In1 x"

abbreviation (input)
  Var where "Var x == In2 x"

abbreviation (input)
  Vals where "Vals x == In3 x"

syntax
  "_Val"    :: "[pttrn] => pttrn"     (\<open>Val:_\<close>  [951] 950)
  "_Var"    :: "[pttrn] => pttrn"     (\<open>Var:_\<close>  [951] 950)
  "_Vals"   :: "[pttrn] => pttrn"     (\<open>Vals:_\<close> [951] 950)

translations
  "\<lambda>Val:v . b"  == "(\<lambda>v. b) \<circ> CONST the_In1"
  "\<lambda>Var:v . b"  == "(\<lambda>v. b) \<circ> CONST the_In2"
  "\<lambda>Vals:v. b"  == "(\<lambda>v. b) \<circ> CONST the_In3"

  \<comment> \<open>relation on result values, state and auxiliary variables\<close>
type_synonym 'a assn = "res \<Rightarrow> state \<Rightarrow> 'a \<Rightarrow> bool"
translations
  (type) "'a assn" <= (type) "vals \<Rightarrow> state \<Rightarrow> 'a \<Rightarrow> bool"

definition
  assn_imp :: "'a assn \<Rightarrow> 'a assn \<Rightarrow> bool" (infixr \<open>\<Rightarrow>\<close> 25)
  where "(P \<Rightarrow> Q) = (\<forall>Y s Z. P Y s Z \<longrightarrow> Q Y s Z)"

lemma assn_imp_def2 [iff]: "(P \<Rightarrow> Q) = (\<forall>Y s Z. P Y s Z \<longrightarrow> Q Y s Z)"
apply (unfold assn_imp_def)
apply (rule HOL.refl)
done

subsubsection "assertion transformers"

subsection "peek-and"

definition
  peek_and :: "'a assn \<Rightarrow> (state \<Rightarrow>  bool) \<Rightarrow> 'a assn" (infixl \<open>\<and>.\<close> 13)
  where "(P \<and>. p) = (\<lambda>Y s Z. P Y s Z \<and> p s)"

lemma peek_and_def2 [simp]: "peek_and P p Y s = (\<lambda>Z. (P Y s Z \<and> p s))"
apply (unfold peek_and_def)
apply (simp (no_asm))
done

lemma peek_and_Not [simp]: "(P \<and>. (\<lambda>s. \<not> f s)) = (P \<and>. Not \<circ> f)"
apply (rule ext)
apply (rule ext)
apply (simp (no_asm))
done

lemma peek_and_and [simp]: "peek_and (peek_and P p) p = peek_and P p"
apply (unfold peek_and_def)
apply (simp (no_asm))
done

lemma peek_and_commut: "(P \<and>. p \<and>. q) = (P \<and>. q \<and>. p)"
apply (rule ext)
apply (rule ext)
apply (rule ext)
apply auto
done

abbreviation
  Normal :: "'a assn \<Rightarrow> 'a assn"
  where "Normal P == P \<and>. normal"

lemma peek_and_Normal [simp]: "peek_and (Normal P) p = Normal (peek_and P p)"
apply (rule ext)
apply (rule ext)
apply (rule ext)
apply auto
done

subsection "assn-supd"

definition
  assn_supd :: "'a assn \<Rightarrow> (state \<Rightarrow> state) \<Rightarrow> 'a assn" (infixl \<open>;.\<close> 13)
  where "(P ;. f) = (\<lambda>Y s' Z. \<exists>s. P Y s Z \<and> s' = f s)"

lemma assn_supd_def2 [simp]: "assn_supd P f Y s' Z = (\<exists>s. P Y s Z \<and> s' = f s)"
apply (unfold assn_supd_def)
apply (simp (no_asm))
done

subsection "supd-assn"

definition
  supd_assn :: "(state \<Rightarrow> state) \<Rightarrow> 'a assn \<Rightarrow> 'a assn" (infixr \<open>.;\<close> 13)
  where "(f .; P) = (\<lambda>Y s. P Y (f s))"

lemma supd_assn_def2 [simp]: "(f .; P) Y s = P Y (f s)"
apply (unfold supd_assn_def)
apply (simp (no_asm))
done

lemma supd_assn_supdD [elim]: "((f .; Q) ;. f) Y s Z \<Longrightarrow> Q Y s Z"
apply auto
done

lemma supd_assn_supdI [elim]: "Q Y s Z \<Longrightarrow> (f .; (Q ;. f)) Y s Z"
apply (auto simp del: split_paired_Ex)
done

subsection "subst-res"

definition
  subst_res :: "'a assn \<Rightarrow> res \<Rightarrow> 'a assn" (\<open>_\<leftarrow>_\<close>  [60,61] 60)
  where "P\<leftarrow>w = (\<lambda>Y. P w)"

lemma subst_res_def2 [simp]: "(P\<leftarrow>w) Y = P w"
apply (unfold subst_res_def)
apply (simp (no_asm))
done

lemma subst_subst_res [simp]: "P\<leftarrow>w\<leftarrow>v = P\<leftarrow>w"
apply (rule ext)
apply (simp (no_asm))
done

lemma peek_and_subst_res [simp]: "(P \<and>. p)\<leftarrow>w = (P\<leftarrow>w \<and>. p)"
apply (rule ext)
apply (rule ext)
apply (simp (no_asm))
done

(*###Do not work for some strange (unification?) reason
lemma subst_res_Val_beta [simp]: "(\<lambda>Y. P (the_In1 Y))\<leftarrow>Val v = (\<lambda>Y. P v)"
apply (rule ext)
by simp

lemma subst_res_Var_beta [simp]: "(\<lambda>Y. P (the_In2 Y))\<leftarrow>Var vf = (\<lambda>Y. P vf)";
apply (rule ext)
by simp

lemma subst_res_Vals_beta [simp]: "(\<lambda>Y. P (the_In3 Y))\<leftarrow>Vals vs = (\<lambda>Y. P vs)";
apply (rule ext)
by simp
*)

java.lang.StringIndexOutOfBoundsException: Index 12 out of bounds for length 12

definition
  subst_Bool :: "'a assn \ bool \ 'a assn" (\_\=_\ [60,61] 60)
\=G

lemmajava.lang.StringIndexOutOfBoundsException: Index 131 out of bounds for length 131
"(P \ \expressions\
applyjava.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
apply (simpA< ( triple_valid_def)
done(simp(o_asm

lemmajava.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0

done

subsection "peek-res"

definition
'a assn) \ 'a assn"
  where "peek_res Pf = (\Y. Pf Y Y)"

syntax
  _peek_res" :: "pttrn \<Rightarrow> 'a assn \<Rightarrow> 'a assn"            (\<open>\<lambda>_:. _\<close> [0,3] 3)
syntax_consts
  "_peek_res" == peek_res
translations
  "w:. P" == "CONST peek_res (\w. P)"|: java.lang.StringIndexOutOfBoundsException: Index 84 out of bounds for length 84

lemmaG,A\<turnstile>{Normal P} e InstOf T-\<succ> {Q}"
applyjava.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
apply (simp
done

lemma  and ::" \ 'a triples \ 'a triple \ bool" (\_,_\_\ [61,58,58] 57)
apply (rule ext)
apply (simp| : "\G,A\{Normal P} e-\ {\Val:v:. Q\Val (eval_unop unop v)}\
done

(* unused *)
lemma peek_subst_res_allI>,|<>{}         A<>Normal  \ }java.lang.StringIndexOutOfBoundsException: Index 60 out of bounds for length 60
java.lang.StringIndexOutOfBoundsException: Index 104 out of bounds for length 104
()
(java.lang.StringIndexOutOfBoundsException: Index 21 out of bounds for length 21
apply     Aturnstile }            GA |turnstile"
|:" ,{Normal (\s.. P\Val (val_this s))} Super-\ {P}"

subsection

definition
  ign_res  Y 'Z)java.lang.StringIndexOutOfBoundsException: Index 46 out of bounds for length 46
  where "P\ = (\Y s Z. \Y. P Y s Z)"

lemma ign_res_def2
apply ( ign_res_def
apply
done Cond \lbrakkGA\<turnstile>{Normal P} e0-\<succ> {P'};

lemma ign_ign_res :  "GA
apply (ruleG,\<turnstile>{Normal P} e0 ? e1 : e2-\<succ> {Q}"
apply (rule,
apply rule
apply (simp (no_asm)java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
java.lang.StringIndexOutOfBoundsException: Index 4 out of bounds for length 4

  []:"\\w = P\"java.lang.NullPointerException
apply ((<
apply (rule \<lparr>name=mn,parTs=pTs\<rparr>-\<succ> {set_lvars l .; S}\<rbrakk> \<Longrightarrow>
apply (rule
apply|Methd
done

lemma [simp andjava.lang.StringIndexOutOfBoundsException: Index 76 out of bounds for length 76
|Body
apply (rule ext: \l>,java.lang.StringIndexOutOfBoundsException: Index 84 out of bounds for length 84
apply (rule)
apply (simp (no_asm  GG,A\<turnstile>{Normal P} Cast T e-\<succ> {Q}"
done

subsection "peek-st"

definition
  peek_st: (st
here =(<lambda>Y s. P (store s) Y s)"G,A\<turnstile>{Normal P} Body D c-\<succ> {R}"

syntax
  "_peek_st"   :: "pttrn java.lang.StringIndexOutOfBoundsException: Range [0, 52) out of bounds for length 0
syntax_consts
java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
java.lang.StringIndexOutOfBoundsException: Index 12 out of bounds for length 12
  "\s.. P" == "CONST peek_st (\s. P)"

lemma peek_st_def2 [simp]: "(\s.. Pf s) Y s = Pf (store s) Y s"
apply (unfold peek_st_def
apply (simpno_asm
java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0

lemma peek_st_triv [simp]: "(\s.. P) = P"
rule)
( ext
apply (
done

lemma peek_st_st [simp]: "(\s.. \s'.. P s s') = (\s.. P s s)"
apply (rule ext)
apply (rule
apply (simp (no_asm
done

lemma \          ,
  invocation_class(s   <and>
(rule
apply (simp  :   "| If: "\G,A \{Normal P} e-\ {P'};java.lang.StringIndexOutOfBoundsException: Index 77 out of bounds for length 77
one

peek_st_subst_res:(
apply     \<forall>b. G,A\<turnstile>{P'\<leftarrow>=b} .(if b then c;;While(e) c else Skip).{Q}\<rbrakk>
|BodyLoop
done

          ,
apply( ext
apply (ruleG,
apply (simp
done

|:",

definition
   ::"'java.lang.StringIndexOutOfBoundsException: Index 105 out of bounds for length 105
  where "PGAturnstile{ P} Throwe java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0

lemma ign_res_eq_def2 [
apply ( ign_res_eq_def
Gjava.lang.NullPointerException
:  \>java.lang.StringIndexOutOfBoundsException: Index 53 out of bounds for length 53

                                 A<
java.lang.StringIndexOutOfBoundsException: Index 16 out of bounds for length 16
apply (rule ext
apply ( ext
apply (simpG:"\G,A \{Normal P} e-\ {P'};
done

(* unused *)
lemma ign_res_eq_subst_res         \<Longrightarrow>              G,A\<turnstile>{Normal P} .While(e) c. {Q}"
java.lang.StringIndexOutOfBoundsException: Index 16 out of bounds for length 16
apply (rule ext)
apply (rule ext)
ply (no_asm
done

(* unused *)
lemma |Throw
apply (simp (no_asm))
done

subsection "RefVar"

definition
  RefVar :: "(state \ vvar \ state) \ 'a assn \ 'a assn" (infixr \..;\ 13)
|Try  java.lang.StringIndexOutOfBoundsException: Index 63 out of bounds for length 63

lemma RefVar_def2 [simp]: "(vf ..; P) Y s =
  P (Var (fst (vf s))) (snd( <and>. (\<lambda>s. \<not>G,s\<turnstile>catch C)) \<Rightarrow> R\<rbrakk> \<Longrightarrow>
apply( RefVar_def
apply (simp java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
done

subsectionjava.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0

definition
   :: prog
where|Callee,

definition
  SXAlloc
  where" G P = (\Y s Z. \s'. G\s \sxalloc\ s' \ P Y s' Z)"

lemma Alloc_def2axioms
       java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
applyjava.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
apply simp))
done

lemma SXAlloc_def2
semantics\<close>
(
apply (simp:    ,\<turnstile>{Normal P} Callee l e-\<succ> {Q}"

subsubsection

definition
  type_ok
  " definition
    (\<exists>L T C A. (normal s \<longrightarrow> \<lparr>prg=G,cls=C,lcl=L\<rparr>\<turnstile>t\<Colon>T \<and>
                             \<lparr>prg=G,cls=C,lcl=L\<rparr>\<turnstile>dom (locals (store s))\<guillemotright>t\<guillemotright>A )
               \<and> s\<Colon>\<preceq>(G,L))"

datatype' = triple "(' )term" "' ) (** should be
something b y etac ax_derivsb y eatac ax_derivs

' "a"

abbreviation
var_triple  'java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
                                         (\<open>{(1_)}/ _=\<succ>/ {(1_)}\<close>    [3,80,3] 75)
byeatac 1 1

abbreviation
  expr_triplelemma ax_thin (no_asm

where}

abbreviation
  exprs_triple'assnexprlist' ]
                                         (java.lang.StringIndexOutOfBoundsException: Range [0, 84) out of bounds for length 72
edoteq= e<succ> {Q}"

abbreviation
t_triple "' ,stmt
                                         (\<open>{(1_)}/ ._./ {(1_)}\<close>     [3,65,3] 75)auto
{}..{}= P csucc> {Q}"

notation (ASCII
    (           rule,introtactic
  var_triplesubset_mtriples_iff1
  expr_triple  (  ,)

lemma inj_triple
apply (lemmaauto
apply auto
done

lemma triple_inj_eq: "({P} t\ {Q} = {P'} t'\ {Q'} ) = (P=P' \ t=t' \ Q=Q')"
apply auto
done

definition mtriplesdone
                ('c \ 'sig \ 'a assn) \ ('c \ 'sig) set \ 'a triples" (\{{(1_)}/ _-\/ {(1_)} | _}\[3,65,3,65]75) where
"{{P}tf-\ {Q} | ms} = (\(C,sig). {Normal(P C sig)} tf C sig-\ {Q C sig})`ms"

definition
   :" <> P \succ>{ }=(exists>ms'. ms'\ms \ ts = {{P} mb-\ {Q} | ms'})"

    "Glemma :
java.lang.StringIndexOutOfBoundsException: Range [6, 3) out of bounds for length 143
        \<forall>Y s Z. P Y s Z \<longrightarrow> type_ok G t s \<longrightarrow>java.lang.StringIndexOutOfBoundsException: Index 16 out of bounds for length 15
       forall>Y' s'. G\<turnstile>s \<midarrow>t\<succ>\<midarrow>n\<rightarrow> (Y',s') \<longrightarrow> Q Y' s' Z))"

abbreviation
  triples_valid:: "prog \ nat \ 'a triples \ bool" (\_|\_:_\ [61,0, 58] 57)
  where|

notation (ASCII tactic
  triples_valid                    fast_tac \<^context>)\<close>)

definition
  ax_valids :: "prog \ 'b triples \ 'a triples \ bool" (\_,_|\_\ [61,58,58] 57)
  where "(G,A|\ts) = (\n. G|\n:A \ G|\n:ts)"

abbreviation
  ax_valid :: " \ 'b triples \ 'a triple \ bool" (\_,_\_\ [61,58,58] 57)
   GA <>=GA\<Turnstile>{t}"

notation (java.lang.StringIndexOutOfBoundsException: Index 40 out of bounds for length 40
  ax_valid  ( \<open>_,_|=_\<close>   [61,58,58] 57)(ule HOL

lemma
( (\<forall>Y s Z. P Y s Z
  \<longrightarrow> (\<exists>L. (normal s \<longrightarrow> (\<exists> C T A. \<lparr>prg=G,cls=C,lcl=L\<rparr>\<turnstile>t\<Colon>T \<and> \<^context>)\<close>)

           \<Colon>\<preceq>(G,L))
  \<longrightarrow> (\<forall>Y' s'. G\<turnstile>s \<midarrow>t\<succ>\<midarrow>n\<rightarrow> (Y',s')\<longrightarrow> Q Y' s' Z))".Methd
apply ( triple_valid_def)
apply (simp (no_asm))
done

declare split_paired_AlleruleconjI
apply( HOL)
        .split[split
setup \<open>map_theory_simpset (fn ctxt => ctxt |> Simplifier.del_loop "split_all_tac")\<close>
setupsubsub "rules derivedfromconseq"

inductive
  ax_derivstext\<close>
andax_deriv ::" \ 'a triples \ 'a triple \ bool" (\_,_\_\ [61,58,58] 57)
for: java.lang.StringIndexOutOfBoundsException: Index 15 out of bounds for length 15
where\LongrightarrowGA\<turnstile>{P ::'a assn} t\<succ> {Q }"

apply ruleax_derivs)

| applyjava.lang.StringIndexOutOfBoundsException: Index 14 out of bounds for length 14
| insert thetriple
          G,A|\<turnstile>insert t ts"

| asm:   "ts\A \ G,A|\ts"

(* could be added for convenience and efficiency, but is not necessary
  cut:   "\<lbrakk>G,A'|\<turnstile>ts; G,A|\<turnstile>A'\<rbrakk> \<Longrightarrow>
           G,A |\<turnstile>ts"
*)
| weaken:" \Y s Z. P Y s Z \ (\Y' s'. (\Y Z'. P' Y s Z' \ Q' Y' s' Z') \

| conseq:"\Y s Z . P Y s Z \ (\P' Q'. G,A\{P'} t\ {Q'} \ (\Y' s'.
         (\<forall>Y   Z'. P' Y s Z' \<longrightarrow> Q' Y' s' Z') \<longrightarrow>
                                 Q  Y' s' Z ))
                                         \<Longrightarrow> G,A\<turnstile>{P } t\<succ> {Q }"

| hazard:applyblast

| Abrupt\<

  \<comment> \<open>variables\<close>
| LVar:  " G,A\{Normal (\s.. P\Var (lvar vn s))} LVar vn=\ {P}"

| FVar: "\G,A\{Normal P} .Init C. {Q};
          G,
                                 G,A\<turnstile>{Normal P} {accC,C,stat}e..fn=\<succ> {R}"

| AVar:  "\G,A\{Normal P} e1-\ {Q};
java.lang.StringIndexOutOfBoundsException: Index 131 out of bounds for length 131
                                 G,apply java.lang.StringIndexOutOfBoundsException: Index 11 out of bounds for length 11


( conseq12applyerule)
                                 G

  "\G,A\{Normal P} .init_comp_ty T. {Q}; G,A\{Q} e-\
          {\<lambda>Val:i:. abupd (check_neg i) .; Alloc G (Arr T (the_Intg i)) R}\<rbrakk> \<Longrightarrow>
                                 G, \<forall>Y s Z. P Y s Z \<longrightarrow> (\<forall>Y' s'. (\<forall>Y Z'. P' Y s Z' \<longrightarrow> Q' Y' s' Z') \<longrightarrow>

| Cast')
          abupd
                                 java.lang.StringIndexOutOfBoundsException: Index 34 out of bounds for length 4

| Inst: java.lang.StringIndexOutOfBoundsException: Index 35 out of bounds for length 35
                  Q\<leftarrow>Val (Bool (v\<noteq>Null \<and> G,s\<turnstile>v fits RefT T))}\<rbrakk> \<Longrightarrow>
                                 A

| Lit:                          "G,A\ \ G,A\{P::'a assn} t\ {Q::'a assn}"

|java.lang.StringIndexOutOfBoundsException: Index 11 out of bounds for length 11
          \<Longrightarrow>
          G,

java.lang.StringIndexOutOfBoundsException: Index 8 out of bounds for length 8
   "\G,A\{Normal P} e1-\ {Q};
     <forall>v1. G,A\<turnstile>{Q\<leftarrow>Val v1} rule (* unused *))
               if binopv1thent\<succ>
               {\<lambda>Val:v2:. R\<leftarrow>Val (eval_binop binop v1 v2)}\<rbrakk>
    \<Longrightarrow>
    G,A\<turnstile>{Normal P} BinOp binop e1 e2-\<succ> {R}"

| java.lang.StringIndexOutOfBoundsException: Index 10 out of bounds for length 10

|Accjava.lang.StringIndexOutOfBoundsException: Index 123 out of bounds for length 123
                                 G

  ",(A:apply auto
     \<forall>vf. G,A\<turnstile>{Q\<leftarrow>Var vf} e-\<succ> {\<lambda>Val:v:. assign (snd vf) v .; R}\<rbrakk> \<Longrightarrow>
                                 (java.lang.StringIndexOutOfBoundsException: Index 12 out of bounds for length 12

:"<>GA P'
rule
                                 G,java.lang.StringIndexOutOfBoundsException: Index 4 out of bounds for length 4

java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
java.lang.NullPointerException
   java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
       =  mode s a statTconseq12
         l   <Longrightarrow> G,A\<turnstile>{P::(res \<times> state) assn} t\<succ> {P}" 1 )
      java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
lemma: G(:java.lang.StringIndexOutOfBoundsException: Index 4 out of bounds for length 4
Methd declC : "apply (rule ax_derivs(
applyjava.lang.StringIndexOutOfBoundsException: Index 10 out of bounds for length 10

|java.lang.StringIndexOutOfBoundsException: Index 12 out of bounds for length 12
lemma ax_di:

java.lang.StringIndexOutOfBoundsException: Index 58 out of bounds for length 58
  G,A\<turnstile>{Q} .c. {\<lambda>s.. abupd (absorb Ret) .; R\<leftarrow>(In1 (the (locals s Result)))}\<rbrakk>
    \<Longrightarrow>
                                 applyruleax_escape java.lang.StringIndexOutOfBoundsException: Range [10, 7) out of bounds for length 10
ap safe
  \<comment> \<open>expression lists\<close>( conseq12)+

| Nil(* unused *)(<

ax_supd_shuffle
\<
                           \turnstileNormalees>



|java.lang.StringIndexOutOfBoundsException: Index 4 out of bounds for length 4

|  (ule)
                                 G, clarify

| Lab \<                   GA\<turnstile>{P \<and>. Not \<circ> C} t\<succ> {Q}\<rbrakk> \<Longrightarrow> G,A\<turnstile>{P} t\<succ> {Q}"
                           G,A\<turnstile>{Normal P} .l\<bullet> c. {Q}"apply

|
          G,java.lang.StringIndexOutOfBoundsException: Index 34 out of bounds for length 34
                                 )  "s java.lang.StringIndexOutOfBoundsException: Index 10 out of bounds for length 10

",\


(* unfolding variant of Loop, not needed herejava.lang.StringIndexOutOfBoundsException: Index 4 out of bounds for length 4
  LoopU:"\<lbrakk>G,A \<turnstile>{Normal P} e-\<succ> {P'};
          \<forall>b. G,A\<turnstile>{P'\<leftarrow>=b} .(if b then c;;While(e) c else Skip).{Q}\<rbrakk>
         \<Longrightarrow>              G,A\<turnstile>{Normal P} .While(e) c. {Q}"
*)
: java.lang.NullPointerException

:

:"

| Throw:"\G,A\{Normal P} e-\ {\Val:a:. abupd (throw a) .; Q\\}\ \ (unfold dapt_pre_def)
                                 G,A\<turnstile>{Normal P} .Throw e. {Q}" xapplyconseq1

| applysimp:  java.lang.StringIndexOutOfBoundsException: Index 39 out of bounds for length 0
          GA\<turnstile>{Q \<and>. (\<lambda>s.  G,s\<turnstile>catch C) ;. new_xcpt_var vn} .c2. {R};
              ( <and>. (\<lambda>s. \<not>G,s\<turnstile>catch C)) \<Rightarrow> R\<rbrakk> \<Longrightarrow> conseq1
                                 done

| java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
( ))
              .
                                 G,A\foralljava.lang.StringIndexOutOfBoundsException: Index 4 out of bounds for length 4

| Done:                        :

Longrightarrow
GA<>Normal
              .(if C= \Longrightarrow> ,A<turnstile>{P} t\<succ> {Q}"
      \<forall>l. G,A\<turnstile>{Q \<and>. (\<lambda>s. l = locals (store s)) ;. set_lvars Map.empty}no_asm
              .init (force elimlemma:
                           GA<turnstile>{Normal (P \<and>. Not \<circ> initd C)} .Init C. {R}"

\<comment> \<open>Some dummy rules for the intermediate terms \<open>Callee\<close>,
\<open>InsInitE\<close>, \<open>InsInitV\<close>, \<open>FinA\<close> only used by the smallstep
semantics.\<close>
:  G,\<turnstile>{Normal P} InsInitV c v=\<succ> {Q}"
|InsInitE: "GA{Normal P} InsInitE c e-\ {Q}"
| Callee:    " G,Alemma ax_subst_Var_allI:
|FinA GA\<turnstile>{Normal P} .FinA a c. {Q}"
(*
axioms
*)

apply( elim java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
adapt_pre'assnjava.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
adapt_preQ  (<java.lang.StringIndexOutOfBoundsException: Index 133 out of bounds for length 133

subsubsection "ulesmplete

lemma cut_valid: apply( elim:conseq1
apply (unfold ax_valids_def)
apply fast
done

(*if cut is available
Goal "\<lbrakk>G,A'|\<turnstile>ts; A' \<subseteq> A; \<forall>P Q t. {P} t\<succ> {Q} \<in> A' \<longrightarrow> (\<exists>T. (G,L)\<turnstile>t\<Colon>T) \<rbrakk> \<Longrightarrow>
       G,A|\<turnstile>ts"
b y etac ax_derivs.cut 1;
b y eatac ax_derivs.asm 1 1;
qed "ax_thin";
*)
lemmaax_thin
lemma
apply (erule ax_derivs.lemmaax_Lit2_test_complete:
                 ALLGOALS
apply                (rule ax_derivs
apply               (erule (1) ax_derivs
apply              (fast introlemmaax_LVar2G(:'java.lang.StringIndexOutOfBoundsException: Index 134 out of bounds for length 134
(*apply           (fast intro: ax_derivs.cut) *)
apply( intro .weaken
apply           rule.conseq  strip
tactic \<^context> 1 1",rule exI, rule exI, erule (1) conjI)
(* 37 subgoals *)
prefer 8(* Methd *)
ule,druleerulefast
tactic
apply(* unused *)
done

lemma ax_thin_insert
apply lemma:
apply fast
doneapply (erule thin_rlapply (erule finite_induct)

lemmadone
ts
apply (unfoldlemma ax_derivs_insertD
apply (rule
done

lemma weaken:
"G,lemmaax_finite_mtriples_lemma:java.lang.StringIndexOutOfBoundsException: Index 96 out of bounds for length 96
apply (erule ax_derivs" G,A|\{{P} mb-\ {Q} | F}"
(*42 subgoals*)
       tacticstrip_tac
apply       (tactic \<open>ALLGOALS(REPEAT o (EVERY'[dresolve_tac \<^context> @{thms subset_singletonD},thin_rl)apply (erule ax_derivsunfold)
         eresolve_tac \<^context> [disjE],
         fast_tac (\<^context> addSIs @{thms ax_derivs.empty})]))\<close>)
       tactichyp_subst_tac
       simprule.java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
drule)
apply( introax_derivsjava.lang.StringIndexOutOfBoundsException: Index 4 out of bounds for length 4
apply     (fast : ax_derivs)
(*apply  (blast intro: ax_derivs.cut) *): ax_derivscut
apply  (fast.weaken
apply  (ule ax_derivs( : image_eqI rev_image_eqI
(*37 subgoals*)
  clarsimpjava.lang.StringIndexOutOfBoundsException: Index 16 out of bounds for length 16
                   THEN_ALL_NEW  rule.insert
(*1 subgoal*)
apply (clarsimp simp elim)
apply (rule ax_derivsdone
apply (drule specjava.lang.StringIndexOutOfBoundsException: Index 18 out of bounds for length 18
( impEjava.lang.StringIndexOutOfBoundsException: Index 18 out of bounds for length 18
apply  (rule)
apply  (erule  G(A:a  )<>Pjava.lang.StringIndexOutOfBoundsException: Index 131 out of bounds for length 131
   HOL. erulerev_mp
oops (* dead end, Methd is to blame *)

subsubsection

\<open>In the following rules we often have to give some type annotations like:lemmaax_free_wt
   \<longrightarrow> G,(A::'a triple set)\<turnstile>{Normal P} t\<succ> {Q::'a assn} \<Longrightarrow>
Given only the above annotations, Isabelle infer  GA\<turnstile>{Normal P} t\<succ> {Q}"
  were have
different types ofapply( ax_escape
in triple (\<^term>\<open>P\<close> and \<^term>\<open>Q\<close>). But
\<open>ax_derivs.Methd\<close> enforces the same type in the inductive definition of
the. So haveto  ( addjava.lang.StringIndexOutOfBoundsException: Index 35 out of bounds for length 35
rules.declare [intro
\<close>
lemma:
java.lang.StringIndexOutOfBoundsException: Range [0, 10) out of bounds for length 0
lemmaax_no_hazard
  \<Longrightarrow>  G,A\<turnstile>{P ::'a assn} t\<succ> {Q }"
( ax_derivsapply (erule)
apply clarsimp
blast
doneapply force

\<comment> \<open>Nice variant, since it is so symmetric we might be able to memorise it.\<close>
lemma conseq12  =ax_Skip ]
       (\<forall>Y Z. P' Y s Z \<longrightarrow> Q' Y' s' Z) \<longrightarrow>
java.lang.StringIndexOutOfBoundsException: Index 71 out of bounds for length 71
  \<Longrightarrow>  G,A\<turnstile>{P::'a assn } t\<succ> {Q }"
  conseq12
apply fast
done

lemma conseq12_from_conseq12': "\G,(A::'a triple set)\{P'::'a assn} t\ {Q'};
\<forall>Y s Z. P Y s Z \<longrightarrow> (\<forall>Y' s'. (\<forall>Y Z'. P' Y s Z' \<longrightarrow> Q' Y' s' Z') \<longrightarrow>
  Q Y' s' Z)\<rbrakk>
  \<Longrightarrow>  G,A\<turnstile>{P::'a assn} t\<succ> {Q }"
apply (erule')
apply blast
done

lemma conseq1java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
<Longrightarrow> G,A\<turnstile>{P::'a assn} t\<succ> {Q}"
apply (erule        a
apply blast
done

lemma conseq2: "\G,(A::'a triple set)\{P::'a assn} t\ {Q'}; Q' \ Q\
\<Longrightarrow> G,A\<turnstile>{P::'a assn} t\<succ> {Q}"
applyapplyrulejava.lang.StringIndexOutOfBoundsException: Index 28 out of bounds for length 28
apply blast erule.Call    [ conseq1
done

lemma ax_escapeapplyuleclarsimp
"\\Y s Z. P Y s Z
  \<longrightarrow> G,(A::'a triple set)\<turnstile>{\<lambda>Y' s' (Z'::'a). (Y',s') = (Y,s)}
                             t\<succ>
                            lemma:
\<rbrakk> \<Longrightarrow>  G,A\<turnstile>{P::'a assn} t\<succ> {Q::'a assn}"
apply rule.conseq
apply force
done

(* unused *)
ax_constant
\<Longrightarrow> G,A\<turnstile>{\<lambda>Y s Z. C \<and> P Y s Z} t\<succ> {Q}"
apply( ax_escape
applyGStatic s)a \<lparr>name=mn,parTs=pTs\<rparr>)}
apply (rule conseq12)
apply  fast
apply auto

(*alternative (more direct) proof:
apply (rule ax_derivs.conseq) *)
apply (fast)
*)

lemma  [introjava.lang.StringIndexOutOfBoundsException: Index 29 out of bounds for length 29
  "G,(A::'a triple
lemmaax_Methd1
\,union>{{P} Methd-\<succ> {Q} | ms}|\<turnstile> {{P} body G-\<succ> {Q} | ms}; (C,sig)\<in> ms\<rbrakk> \<Longrightarrow>
donedrule)

(* unused *)
lemmajava.lang.StringIndexOutOfBoundsException: Index 11 out of bounds for length 11
apply auto

lemma :
                Cjava.lang.NullPointerException
  \<Longrightarrow> G,A\<turnstile>{P::(res \<times> state) assn} t\<succ> {P}"
apply ( conseq12
apply java.lang.StringIndexOutOfBoundsException: Index 10 out of bounds for length 10
apply( (1) )
done

(* unused *)
lemma ax_trivial: "G,(A::'ajava.lang.StringIndexOutOfBoundsException: Index 28 out of bounds for length 28
apply applyerule)
applyauto
applV  Pjava.lang.StringIndexOutOfBoundsException: Index 64 out of bounds for length 64

(* unused *)
lemma ax_disj "rules derived Init and Done"
"\G,(A::'a triple set)\{P1::'a assn} t\ {Q1}; G,A\{P2::'a assn} t\ {Q2}\
  \<Longrightarrow>  G,A\<turnstile>{\<lambda>Y s Z. P1 Y s Z \<or> P2 Y s Z} t\<succ> {\<lambda>Y s Z. Q1 Y s Z \<or> Q2 Y s Z}" :
apply (rule ax_escape.init c. {et_lvars. }
apply safe
pply  ( apply (drule ax_derivs
done  .apply unfold)

(* unused *)
ax_supd_shuffle
"
       (\<exists>Q'. G,A\<turnstile>{P} .c1. {f .; Q'} \<and> G,A\<turnstile>{Q'} .c2. {R})" no_asm_simp
lemma
done

lemma ax_cases: "
<>,A' set)\{P \. C} t\ {Q::'a assn};
                   G,A\<turnstile>{P \<and>. Not \<circ> C} t\<succ> {Q}\<rbrakk> \<Longrightarrow> G,A\<turnstile>{P} t\<succ> {Q}". {(set_lvars;P::assn
apply unfold)
apply (rule ax_escape)
apply clarify
apply (ase_tac" "
apply  java.lang.StringIndexOutOfBoundsException: Index 4 out of bounds for length 4
done
(*alternative (more direct) proof:
apply (rule rtac ax_derivs.conseq) *)
apply clarify
apply (case_tac( ax_Lit2 conseq2G(:' set)turnstile{Normal P\} .Init C. {(P \. initd C)::'a assn}"><>}. C.(P . initd C)::'a assn}"
apply  force
*)

GA:  )\<turnstile>{P::'a assn} t\<succ> {Q}
  \<Longrightarrow> G,A\<turnstile>{adapt_pre P Q Q'} t\<succ> {Q'}" : "

apply (erule apply simp
apply fast
   init.{apply( conseq1

lemma adapt_pre_adapts: "G,java.lang.StringIndexOutOfBoundsException: Index 4 out of bounds for length 4
\<longrightarrow> G,A\<Turnstile>{adapt_pre P Q Q'} t\<succ> {Q'}"
apply ( adapt_pre_def
.Init Object <and>. initd Object)::'a assn}"
apply fast
done

lemma adapt_pre_weakest:
"<>G A:' set) t ,\Turnstile{java.lang.StringIndexOutOfBoundsException: Index 137 out of bounds for length 137
  P'apply erule.Init)
apply( adapt_pre_defsimp)
apply (drule specassumption
apply( x = "{} pec)
apply (drule_tac
java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
oops

peek_and_forget1_Normal
rule_tac "in )
\<Longrightarrow> G,A\<turnstile>{Normal (P \<and>. p)} t\<succ> {Q}"
apply( conseq1
apply (simp (no_asm))
done

lemma peek_and_forget1:applyforce
"G,(A::'java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
\<Longrightarrow> G,A\<turnstile>{P \<and>. p} t\<succ> {Q}"
apply (erule
apply (simp (no_asm))
done

G(:' set){P::'a assn} .c. {Normal Q}

lemma \<Longrightarrow> G,A\<turnstile>{P} .c. {SXAlloc G Q}"
"G,apply( elim!:pply rule conseq1 rule., clarsimpjava.lang.StringIndexOutOfBoundsException: Index 52 out of bounds for length 52
\<Longrightarrow> G,A\<turnstile>{P} t\<succ> {Q}"
apply (erule conseq2)
apply (simp (no_asm))
done

lemma ax_subst_Val_allI:
"apply(ruleax_Init_Skip_lemma)java.lang.StringIndexOutOfBoundsException: Index 32 out of bounds for length 32
\<Longrightarrow>  \<forall>v. G,A\<turnstile>{(\<lambda>w:. P' (the_In1 w))\<leftarrow>Val v} t\<succ> {Q v}"done
apply (lemma ax_Init_Object: "wf_prog G \ G,(A::'a triple set)\
done

lemma ax_subst_Var_allI
"\v. G,(A::'a triple set)\{(P' v )\Var v} t\ {(Q v)::'a assn}
\<Longrightarrow>  \<forall>v. G,A\<turnstile>{(\<lambda>w:. P' (the_In2 w))\<leftarrow>Var v} t\<succ> {Q v}"
apply (force elim!: conseq1 ( conseq2

lemma ax_subst_Vals_allI:
"(v. G,(A::'a triple set)\{( P' v )\Vals v} t\ {(Q v)::'a assn})
\<Longrightarrow>  \<forall>v. G,A\<turnstile>{(\<lambda>w:. P' (the_In3 w))\<leftarrow>Vals v} t\<succ> {Q v}"
apply (force elimjava.lang.NullPointerException
done

subsubsection "alternative axioms"

lemma ax_Lit2:
  "Gongrightarrow>
apply (rule\turnstile,:aset
apply force C=applyauto
done
lemma ax_Lit2_test_complete:
",:atripleset)<>{Normal PVal v)::'a assn} Lit v-\ {P}"Valv):a } Lit v-\ {P}"
apply(ax_Lit2 conseq2
apply force
done

lemma
apply (rule
force
done

lemma ax_Super2: "G(A:'atriple set)\
  {NormalA\<turnstile>{P} t\<succ> {SXAlloc G (\<lambda>Y s Z. Q Y s Z \<and> G,s\<turnstile>catch SXcpt xn)}"
apply (rule ax_derivsauto!:sxalloc_elim_cases(:triple
apply force
done

lemma ax_Nil2 ax_Alloc:
",A:'a triple set)\{Normal P::'a assn} []\\ {Normal (P\=Vals [])}"
apply( ax_derivs.Nil conseq1java.lang.StringIndexOutOfBoundsException: Index 41 out of bounds for length 41
apply force
done

subsubsection miscstructural

(* unused *)   \<Longrightarrow> G,A\<turnstile>{P} t\<succ> {Alloc G (CInst C) Q}"
lemmaapplyauto!: )
    java.lang.StringIndexOutOfBoundsException: Index 4 out of bounds for length 4
       G,A|\<turnstile>{{P} mb-\<succ> {Q} | F}"
apply (frule (1) finite_subset)
apply (erule rev_mp
apply (erule thin_rl)
apply (erule finite_induct)
apply  (unfold mtriples_def)
pply  ( intro:ax_derivs ax_derivs)+
apply force
done
lemmas ax_finite_mtriples = ax_finite_mtriples_lemma [java.lang.StringIndexOutOfBoundsException: Index 55 out of bounds for length 20

lemma (erule conseq2
"G (auto elim!: halloc_elim_cases)
apply (fast intro: ax_derivs
done

lemmaax_methods_spec
" "\G,(A::'a triple set)\{P::'a assn} t\
apply (erule ax_derivs.weaken)
( delimage_eqI intro: rev_image_eqI)
done

(* this version is used to avoid using the cut rule *)
lemma ax_finite_pointwise_lemmarule_format"<>F \ ms; finite ms\ \
  ((\<forall>(C,sig)\<in>F. G,(A::'a triple set)\<turnstile>(f C sig::'a triple)) \<longrightarrow> (\<forall>(C,sig)\<in>ms. G,A\<turnstile>(g C sig::'a triple))) \<longrightarrow>
GAjava.lang.StringIndexOutOfBoundsException: Index 88 out of bounds for length 88
apply (frule (1) finite_subset)
apply (erule rev_mp
apply (erule (erule)
apply (erule auto!: sxalloc_elim_caseshalloc_elim_cases
apply  clarsimp+
apply (drule
apply (rule ax_derivs.insert)
apply  (simp (no_asm_simp) only: split_tupled_all)
apply  (auto elim: ax_methods_spec)
done
lemmas ax_finite_pointwise = ax_finite_pointwise_lemma [OF subset_refl]

lemma ax_no_hazard:
  "G,(A::'a triple set)\{P \. type_ok G t} t\ {Q::'a assn} \ G,A\{P} t\ {Q}"
apply (erule ax_cases)
apply (rule ax_derivs.hazard [THEN conseq1])
apply force
done

lemma ax_free_wt:
"(\T L C. \prg=G,cls=C,lcl=L\\t\T)
  \<longrightarrow> G,(A::'a triple set)\<turnstile>{Normal P} t\<succ> {Q::'a assn} \<Longrightarrow>
  G,A\<turnstile>{Normal P} t\<succ> {Q}"
apply (rule ax_no_hazard)
apply (rule ax_escape)
apply clarify
apply (erule mp [THEN conseq12])
apply  (auto simp add: type_ok_def)
done

ML \<open>ML_Thms.bind_thms ("ax_Abrupts", sum3_instantiate \<^context> @{thm ax_derivs.Abrupt})\<close>
declare ax_Abrupts [intro!]

lemmas ax_Normal_cases = ax_cases [of _ _ _ normal]

lemma ax_Skip [intro!]: "G,(A::'a triple set)\{P\\} .Skip. {P::'a assn}"
apply (rule ax_Normal_cases)
apply  (rule ax_derivs.Skip)
apply fast
done
lemmas ax_SkipI = ax_Skip [THEN conseq1]

subsubsection "derived rules for methd call"

lemma ax_Call_known_DynT:
"\G\IntVir\C\statT;
  \<forall>a vs l. G,A\<turnstile>{(R a\<leftarrow>Vals vs \<and>. (\<lambda>s. l = locals (store s)) ;.
  init_lvars G C \<lparr>name=mn,parTs=pTs\<rparr> IntVir a vs)}
    Methd C \<lparr>name=mn,parTs=pTs\<rparr>-\<succ> {set_lvars l .; S};
  \<forall>a. G,A\<turnstile>{Q\<leftarrow>Val a} args\<doteq>\<succ>
       {R a \<and>. (\<lambda>s. C = obj_class (the (heap (store s) (the_Addr a))) \<and>
                     C = invocation_declclass
                            G IntVir (store s) a statT \<lparr>name=mn,parTs=pTs\<rparr> )};
       G,(A::'a triple set)\{Normal P} e-\ {Q::'a assn}\
   \<Longrightarrow> G,A\<turnstile>{Normal P} {accC,statT,IntVir}e\<cdot>mn({pTs}args)-\<succ> {S}"
apply (erule ax_derivs.Call)
apply  safe
apply  (erule spec)
apply (rule ax_escape, clarsimp)
apply (drule spec, drule spec, drule spec,erule conseq12)
apply force
done

lemma ax_Call_Static:
"\\a vs l. G,A\{R a\Vals vs \. (\s. l = locals (store s)) ;.
               init_lvars G C \<lparr>name=mn,parTs=pTs\<rparr> Static any_Addr vs}
              Methd C \<lparr>name=mn,parTs=pTs\<rparr>-\<succ> {set_lvars l .; S};
  G,A\<turnstile>{Normal P} e-\<succ> {Q};
  \<forall> a. G,(A::'a triple set)\<turnstile>{Q\<leftarrow>Val a} args\<doteq>\<succ> {(R::val \<Rightarrow> 'a assn)  a
  \<and>. (\<lambda> s. C=invocation_declclass
                G Static (store s) a statT \<lparr>name=mn,parTs=pTs\<rparr>)}
\<rbrakk>  \<Longrightarrow>  G,A\<turnstile>{Normal P} {accC,statT,Static}e\<cdot>mn({pTs}args)-\<succ> {S}"
apply (erule ax_derivs.Call)
apply  safe
apply  (erule spec)
apply (rule ax_escape, clarsimp)
apply (erule_tac V = "P \ Q" for P Q in thin_rl)
apply (drule spec,drule spec,drule spec, erule conseq12)
apply (force simp add: init_lvars_def Let_def)
done

lemma ax_Methd1:
"\G,A\{{P} Methd-\ {Q} | ms}|\ {{P} body G-\ {Q} | ms}; (C,sig)\ ms\ \
       G,A\<turnstile>{Normal (P C sig)} Methd C sig-\<succ> {Q C sig}"
apply (drule ax_derivs.Methd)
apply (unfold mtriples_def)
apply (erule (1) ax_methods_spec)
done

lemma ax_MethdN:
"G,insert({Normal P} Methd C sig-\ {Q}) A\
          {Normal P} body G C sig-\<succ> {Q} \<Longrightarrow>
      G,A\<turnstile>{Normal P} Methd   C sig-\<succ> {Q}"
apply (rule ax_Methd1)
apply  (rule_tac [2] singletonI)
apply (unfold mtriples_def)
apply clarsimp
done

lemma ax_StatRef:
  "G,(A::'a triple set)\{Normal (P\Val Null)} StatRef rt-\ {P::'a assn}"
apply (rule ax_derivs.Cast)
apply (rule ax_Lit2 [THEN conseq2])
apply clarsimp
done

subsubsection "rules derived from Init and Done"

  lemma ax_InitS: "\the (class G C) = c; C \ Object;
     \<forall>l. G,A\<turnstile>{Q \<and>. (\<lambda>s. l = locals (store s)) ;. set_lvars Map.empty}
            .init c. {set_lvars l .; R};
         G,A\<turnstile>{Normal ((P \<and>. Not \<circ> initd C) ;. supd (init_class_obj G C))}
  .Init (super c). {Q}\<rbrakk> \<Longrightarrow>
  G,(A::'a triple set)\{Normal (P \. Not \ initd C)} .Init C. {R::'a assn}"
apply (erule ax_derivs.Init)
apply  (simp (no_asm_simp))
apply assumption
done

lemma ax_Init_Skip_lemma:
"\l. G,(A::'a triple set)\{P\\ \. (\s. l = locals (store s)) ;. set_lvars l'}
  .Skip. {(set_lvars l .; P)::'a assn}"
apply (rule allI)
apply (rule ax_SkipI)
apply clarsimp
done

lemma ax_triv_InitS: "\the (class G C) = c;init c = Skip; C \ Object;
       P\<leftarrow>\<diamondsuit> \<Rightarrow> (supd (init_class_obj G C) .; P);
       G,A\<turnstile>{Normal (P \<and>. initd C)} .Init (super c). {(P \<and>. initd C)\<leftarrow>\<diamondsuit>}\<rbrakk> \<Longrightarrow>
       G,(A::'a triple set)\{Normal P\\} .Init C. {(P \. initd C)::'a assn}"
apply (rule_tac C = "initd C" in ax_cases)
apply  (rule conseq1, rule ax_derivs.Done, clarsimp)
apply (simp (no_asm))
apply (erule (1) ax_InitS)
apply  simp
apply  (rule ax_Init_Skip_lemma)
apply (erule conseq1)
apply force
done

lemma ax_Init_Object: "wf_prog G \ G,(A::'a triple set)\
  {Normal ((supd (init_class_obj G Object) .; P\<leftarrow>\<diamondsuit>) \<and>. Not \<circ> initd Object)}
       .Init Object. {(P \<and>. initd Object)::'a assn}"
apply (rule ax_derivs.Init)
apply   (drule class_Object, force)
apply (simp_all (no_asm))
apply (rule_tac [2] ax_Init_Skip_lemma)
apply (rule ax_SkipI, force)
done

lemma ax_triv_Init_Object: "\wf_prog G;
       (P::'a assn) \ (supd (init_class_obj G Object) .; P)\ \
  G,(A::'a triple set)\{Normal P\\} .Init Object. {P \. initd Object}"
apply (rule_tac C = "initd Object" in ax_cases)
apply  (rule conseq1, rule ax_derivs.Done, clarsimp)
apply (erule ax_Init_Object [THEN conseq1])
apply force
done

subsubsection "introduction rules for Alloc and SXAlloc"

lemma ax_SXAlloc_Normal:
"G,(A::'a triple set)\{P::'a assn} .c. {Normal Q}
\<Longrightarrow> G,A\<turnstile>{P} .c. {SXAlloc G Q}"
apply (erule conseq2)
apply (clarsimp elim!: sxalloc_elim_cases simp add: split_tupled_all)
done

lemma ax_Alloc:
  "G,(A::'a triple set)\{P::'a assn} t\
     {Normal (\<lambda>Y (x,s) Z. (\<forall>a. new_Addr (heap s) = Some a \<longrightarrow>
      Q (Val (Addr a)) (Norm(init_obj G (CInst C) (Heap a) s)) Z)) \<and>.
      heap_free (Suc (Suc 0))}
   \<Longrightarrow> G,A\<turnstile>{P} t\<succ> {Alloc G (CInst C) Q}"
apply (erule conseq2)
apply (auto elim!: halloc_elim_cases)
done

lemma ax_Alloc_Arr:
"G,(A::'a triple set)\{P::'a assn} t\
   {\<lambda>Val:i:. Normal (\<lambda>Y (x,s) Z. \<not>the_Intg i<0 \<and>
    (\<forall>a. new_Addr (heap s) = Some a \<longrightarrow>
    Q (Val (Addr a)) (Norm (init_obj G (Arr T (the_Intg i)) (Heap a) s)) Z)) \<and>.
    heap_free (Suc (Suc 0))}
\<Longrightarrow>
G,A\<turnstile>{P} t\<succ> {\<lambda>Val:i:. abupd (check_neg i) .; Alloc G (Arr T(the_Intg i)) Q}"
apply (erule conseq2)
apply (auto elim!: halloc_elim_cases)
done

lemma ax_SXAlloc_catch_SXcpt:
"\G,(A::'a triple set)\{P::'a assn} t\
     {(\<lambda>Y (x,s) Z. x=Some (Xcpt (Std xn)) \<and>
      (\<forall>a. new_Addr (heap s) = Some a \<longrightarrow>
      Q Y (Some (Xcpt (Loc a)),init_obj G (CInst (SXcpt xn)) (Heap a) s) Z))
      \<and>. heap_free (Suc (Suc 0))}\<rbrakk>
\<Longrightarrow>
G,A\<turnstile>{P} t\<succ> {SXAlloc G (\<lambda>Y s Z. Q Y s Z \<and> G,s\<turnstile>catch SXcpt xn)}"
apply (erule conseq2)
apply (auto elim!: sxalloc_elim_cases halloc_elim_cases)
done

end

quality99%

¤ Die Informationen auf dieser Webseite wurden nach bestem Wissen sorgfältig zusammengestellt. Es wird jedoch weder Vollständigkeit, noch Richtigkeit, noch Qualität der bereit gestellten Informationen zugesichert.0.23Bemerkung: (vorverarbeitet) ¤

Wurzel

Suchen

Beweissystem der NASA

Beweissystem Isabelle

NIST Cobol Testsuite

Cephes Mathematical Library

Wiener Entwicklungsmethode

Haftungshinweis

Die Informationen auf dieser Webseite wurden nach bestem Wissen sorgfältig zusammengestellt. Es wird jedoch weder Vollständigkeit, noch Richtigkeit, noch Qualität der bereit gestellten Informationen zugesichert.

Bemerkung:

Die farbliche Syntaxdarstellung ist noch experimentell.