Quelle WellForm.thy Sprache: Isabelle

(*  Title:      HOL/Bali/WellForm.thy
    Author:     David von Oheimb and Norbert Schirmer
*)

subsection
theory imports begin

\<open>
static   and, see.thy

improvements over \<open>
\begin{itemize}
\item a method implementing or overwriting another method may have a result
      type widens  result ofthe method
      \item a method implementing or overwriting another method may have a result
\item if a method hides another method (both methods have to be static!)
  are  tothe type
  since the methods haveinstead identical)
  static methods
\item if an interface inherits more than one method with the same signature, the
  methods not identical types
\end{itemize}
simplifications the have  be and there  dynamic of
\begin{itemize}
\item Object and standard exceptions are assumed to be declared like normal
      classes
\end{itemize}
\<close>

subsubsection\item if an interface inherits more than one method with the same signature, the
text\openwell-formed declarationcommon for interfaces
\begin{itemize\item Object and standard exceptions are assumed to be declared like normal

definition
    \<open>well-formed field declaration (common part for classes and interfaces), (3
"wf_fdeclGP \java.lang.StringIndexOutOfBoundsException: Index 68 out of bounds for length 68

lemma                              (pars
apply wf_fdecl_def
java.lang.StringIndexOutOfBoundsException: Index 10 out of bounds for length 10
\item the local variables don't shadow the parameters

subsubsection\item the body statement is welltyped with respect to the
  (*well-formed method declaration,cf. 8.4, 8.4.1, 8.4.3, 8.4.5, 14.3.2, (9.4)*) parameters specialresult () and areassoziated
  \<close>

text \<open>
A method head is wellformed if:
\begin{itemize}
\item the signature and the method head agree in the number of parameters
\item all types of the parameters are visible
\item the result type is visible
\item the parameter names are unique
\end{itemize}
\<close>
definition
  wf_mhead :: "prog \<Rightarrow> pname \<Rightarrow> sig \<Rightarrow> mhead \<Rightarrow> bool" where
  "wf_mhead G P = (\<lambda> sig mh. length (parTs sig) = length (pars mh) \<and>
                            ( \<forall>T\<in>set (parTs sig). is_acc_type G P T) \<and>
                            is_acc_type G P (resTy mh) \<and>
                            distinct (pars mh))"

text \<open>
A method declaration is wellformed if:
\begin{itemize}
\item the method head is wellformed
\item the names of the local variables are unique
\item the types of the local variables must be accessible
\item the local variables don't shadow the parameters
\item the class of the method is defined
\item the body statement is welltyped with respect to the
      modified environment of local names, were the local variables,
      the parameters the special result variable (Res) and This are assoziated
      with there types.
\end{itemize}
\<close>

definition
  callee_lcl :: "qtname \<Rightarrow> sig \<Rightarrow> methd \<Rightarrow> lenv" where
  "callee_lcl C sig m =
    (\<lambda>k. (case k of
            EName e
            \<Rightarrow> (case e of
                  VNam v
                  \<Rightarrow>((table_of (lcls (mbody m)))(pars m [\<mapsto>] parTs sig)) v
                | Res \<Rightarrow> Some (resTy m))
          | This \<Rightarrow> if is_static m then None else Some (Class C)))"

definition
  parameters :: "methd \<Rightarrow> lname set" where
  "parameters m = set (map (EName \<circ> VNam) (pars m)) \<union> (if (static m) then {} else {This})"

definition
  wf_mdecl :: "prog \<Rightarrow> qtname \<Rightarrow> mdecl \<Rightarrow> bool" where
  "wf_mdecl G C =
      (\<lambda>(sig,m).
          wf_mhead G (pid C) sig (mhead m) \<and>
          unique (lcls (mbody m)) \<and>
          (\<forall>(vn,T)\<in>set (lcls (mbody m)). is_acc_type G (pid C) T) \<and>
          (\<forall>pn\<in>set (pars m). table_of (lcls (mbody m)) pn = None) \<and>
          jumpNestingOkS {Ret} (stmt (mbody m)) \<and>
          is_class G C \<and>
          \<lparr>prg=G,cls=C,lcl=callee_lcl C sig m\<rparr>\<turnstile>(stmt (mbody m))\<Colon>\<surd> \<and>
          (\<exists> A. \<lparr>prg=G,cls=C,lcl=callee_lcl C sig m\<rparr>
                \<turnstile> parameters m \<guillemotright>\<langle>stmt (mbody m)\<rangle>\<guillemotright> A
               \<and> Result \<in> nrm A))"

lemma callee_lcl_VNam_simp [simp]:
"callee_lcl C sig m (EName (VNam v))
  = ((table_of (lcls (mbody m)))(pars m [\<mapsto>] parTs sig)) v"
by (simp add: callee_lcl_def)

lemma callee_lcl_Res_simp [simp]:
"callee_lcl C sig m (EName Res) = Some (resTy m)"
by (simp add: callee_lcl_def)

lemma callee_lcl_This_simp [simp]:
"callee_lcl C sig m (This) = (if is_static m then None else Some (Class C))"
by (simp add: callee_lcl_def)

lemma callee_lcl_This_static_simp:
"is_static m \<Longrightarrow> callee_lcl C sig m (This) = None"
by simp

lemma callee_lcl_This_not_static_simp:
"\<not> is_static m \<Longrightarrow> callee_lcl C sig m (This) = Some (Class C)"
by simp

lemma wf_mheadI:
"\<lbrakk>length (parTs sig) = length (pars m); \<forall>T\<in>set (parTs sig). is_acc_type G P T;
  is_acc_type G P (resTy m); distinct (pars m)\<rbrakk> \<Longrightarrow>
  wf_mhead G P sig m"
apply (unfold wf_mhead_def)
apply (simp (no_asm_simp))
done

lemma wf_mdeclI: "\<lbrakk>
  wf_mhead G (pid C) sig (mhead m); unique (lcls (mbody m));
  (\<forall>pn\<in>set (pars m). table_of (lcls (mbody m)) pn = None);
  \<forall>(vn,T)\<in>set (lcls (mbody m)). is_acc_type G (pid C) T;
  jumpNestingOkS {Ret} (stmt (mbody m));
  is_class G C;
  \<lparr>prg=G,cls=C,lcl=callee_lcl C sig m\<rparr>\<turnstile>(stmt (mbody m))\<Colon>\<surd>;
  (\<exists> A. \<lparr>prg=G,cls=C,lcl=callee_lcl C sig m\<rparr> \<turnstile> parameters m \<guillemotright>\<langle>stmt (mbody m)\<rangle>\<guillemotright> A
        \<and> Result \<in> nrm A)
  \<rbrakk> \<Longrightarrow>
  wf_mdecl G C (sig,m)"
apply (unfold wf_mdecl_def)
apply simp
done

lemma wf_mdeclE [consumes 1]:
  "\<lbrakk>wf_mdecl G C (sig,m);
    \<lbrakk>wf_mhead G (pid C) sig (mhead m); unique (lcls (mbody m));
     \<forall>pn\<in>set (pars m). table_of (lcls (mbody m)) pn = None;
     \<forall>(vn,T)\<in>set (lcls (mbody m)). is_acc_type G (pid C) T;
     jumpNestingOkS {Ret} (stmt (mbody m));
     is_class G C;
     \<lparr>prg=G,cls=C,lcl=callee_lcl C sig m\<rparr>\<turnstile>(stmt (mbody m))\<Colon>\<surd>;
   (\<exists> A. \<lparr>prg=G,cls=C,lcl=callee_lcl C sig m\<rparr>\<turnstile> parameters m \<guillemotright>\<langle>stmt (mbody m)\<rangle>\<guillemotright> A
        \<and> Result \<in> nrm A)
    \<rbrakk> \<Longrightarrow> P
  \<rbrakk> \<Longrightarrow> P"
by (unfold wf_mdecl_def) simp

lemma wf_mdeclD1:
"wf_mdecl G C (sig,m) \<Longrightarrow>
   wf_mhead G (pid C) sig (mhead m) \<and> unique (lcls (mbody m)) \<and>
  (\<forall>pn\<in>set (pars m). table_of (lcls (mbody m)) pn = None) \<and>
  (\<forall>(vn,T)\<in>set (lcls (mbody m)). is_acc_type G (pid C) T)"
apply (unfold wf_mdecl_def)
apply simp
done

lemma wf_mdecl_bodyD:
"wf_mdecl G C (sig,m) \<Longrightarrow>
(\<exists>T. \<lparr>prg=G,cls=C,lcl=callee_lcl C sig m\<rparr>\<turnstile>Body C (stmt (mbody m))\<Colon>-T \<and>
      G\<turnstile>T\<preceq>(resTy m))"
apply (unfold wf_mdecl_def)
apply clarify
apply (rule_tac x="(resTy m)" in exI)
apply (unfold wf_mhead_def)
apply (auto simp add: wf_mhead_def is_acc_type_def intro: wt.Body )
done

(*
lemma static_Object_methodsE [elim!]:
"\<lbrakk>wf_mdecl G Object (sig, m);static m\<rbrakk> \<Longrightarrow> R"
apply (unfold wf_mdecl_def)
apply auto
done
*)

java.lang.StringIndexOutOfBoundsException: Index 99 out of bounds for length 99
  "wf_mhead G P sig m \ is_acc_type G P (resTy m)"
apply (unfold
apply auto
done

subsubsectionunfold)simp
  (* well-formed interface declaration, cf. 9.1, 9.1.2.1, 9.1.3, 9.4 *):

text \<open>
A interface declaration is wellformed if:
\begin{itemize}
\item the interface hierarchy is wellstructured
\item there is no class with the same name
\item the method heads are wellformed and not static and have Public access
\item the methods are uniquely named
\item all superinterfaces are accessible
\item the result type of a method overriding a method of Object widens to the
      result of overridden.
      Shadowing static methods is forbidden
\item the result type of a method overriding a set of methods defined in the
      superinterfacesclarify
\end{itemize}
\<close>
definition
  wf_idecljava.lang.NullPointerException
wf_idecl
java.lang.StringIndexOutOfBoundsException: Index 4 out of bounds for length 4
        ws_idecl G I (apply (unfoldapply autodone

applyunfoldwf_mhead_def

accmodimh=Public
        unique (imethods i) \<and>
        (\<forall> J\<in>set (isuperIfs i). is_acc_iface G (pid I) J) \<and>
        (table_of (A interface wellformed
\begin{itemize\item the interface hierarchy is wellstructured
          under  (\<lambda> new old. accmodi old \<noteq> Private)
          entails (\item the methods are uniquely named
                             is_static new =        type the overriddenmethod
        (set_option \<circ> table_of (imethods i)
               hidings widens of  result
               entails\<close>

lemma wf_idecl
  wf_mhead          G I ( i
apply (unfold
apply auto
done

lemma wf_idecl_hidings:
wf_idecl,)\<Longrightarrow>
  (\<lambda>s. set_option (table_of (imethods i) s))
  hidings Un_tables( (imethods
\<lambda>new old. G\<turnstile>resTy new\<preceq>resTy old"
apply (unfold wf_idecl_def o_def(lambda. java.lang.StringIndexOutOfBoundsException: Index 85 out of bounds for length 85
apply java.lang.StringIndexOutOfBoundsException: Index 10 out of bounds for length 10
done

lemma wf_idecl_hiding (lambda .
"wf_idecl G (java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
(table_ofGpid  \<and> \<not>is_static mh \<and> accmodi mh = Public"
           java.lang.StringIndexOutOfBoundsException: Index 4 out of bounds for length 4
under
             \<lambda>s. set_option (table_of (imethods i) s))
is_static  old"
apply (unfold wf_idecl_def)
apply simp
done

lemma wf_idecl_supD:
"\wf_idecl G (I,i); J \ set (isuperIfs i)\
  (unfold wf_idecl_def o_def)
apply (unfold
applyjava.lang.StringIndexOutOfBoundsException: Index 10 out of bounds for length 10
done

" class declarations"
  (* well-formed class declaration, cf. 8.1, 8.1.2.1, 8.1.2.2, 8.1.3, 8.1.4 and  ))"
   class method declaration, cf. 8.4.3.3, 8.4.6.1, 8.4.6.2, 8.4.6.3, 8.4.6.4 *)

text done
A class lemma:
\begin{itemize}
\item there is no interface with the same name
\item all superinterfaces are accessible and for all methods implementing
      an
don
      as " class declarations"
      (this actually   class java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
      interface methods\begin{itemize}
\item all field declarations are wellformed and the field names are unique
\item all method declarations are wellformed and the method names are unique
\item the initialization statement is welltyped
\item the classhierarchy is wellstructured
\item Unless the class is Object:
      \begin{itemize}

      \item for all methods overriding another method (of a superclass )the,  method andjava.lang.StringIndexOutOfBoundsException: Range [66, 65) out of bounds for length 73
            result\item the initialization statement is welltyped
            the
            access as the

  be  at  much.
            Remark: In  thejava.lang.StringIndexOutOfBoundsException: Index 42 out of bounds for length 42
            restrict the result: contrast  Languagewejava.lang.StringIndexOutOfBoundsException: Index 75 out of bounds for length 75
in),because  be,
            since there there dynamic .
( .vs1java.lang.StringIndexOutOfBoundsException: Index 38 out of bounds for length 38
speaking  rights
            necessary to, since the necessary the andaccess
called.
            But if a class gains more then one static method with the
signatureinheritanceis  the
            method selection depends on the access signature,  is
            e.g.
              Class static foo
D is  C  static()
              with default package access.
              D.foo() ? if this default.
foo  called java.lang.StringIndexOutOfBoundsException: Index 75 out of bounds for length 75
      \end{itemize}

\end{itemize}
\<close>
(* to Table *)\end{itemize}
definition
:btable
  where (  )java.lang.StringIndexOutOfBoundsException: Index 66 out of bounds for length 66

java.lang.StringIndexOutOfBoundsException: Index 68 out of bounds for length 68
by (java.lang.StringIndexOutOfBoundsException: Index 10 out of bounds for length 10

lemma
by (

definition
  wf_cdecl
  "wf_cdecl G =
     (\<lambda>(C,c).
      \<not>is_iface G C \<and>
      (\<forall>I\<in>set (superIfs c). is_acc_iface G (pid C) I \<and>
        (\<forall>s. \<forall> im \<in> imethds G I s.
            \<java.lang.StringIndexOutOfBoundsException: Index 91 out of bounds for length 91
                                     \<not> is_static cm \<and>
                                     accmodi
(java.lang.StringIndexOutOfBoundsException: Index 94 out of bounds for length 94
      (\<forall>m\<in>set (methods c). wf_mdecl G C m) \<and> unique (methods c) \<and>   C)( c) <and>
      jumpNestingOkS {} (init c) \<and>            table_of( (\<lambda> (s,m). (s,C,m)) (methods c))
      (\<exists> A. \<lparr>prg=G,cls=C,lcl=Map.empty\<rparr>\<turnstile> {} \<guillemotright>\<langle>init c\<rangle>\<guillemotright> A) \<and>
      >prg=lcl\<rparr>\<turnstile>(init c)\<Colon>\<surd> \<and> ws_cdecl G C (super c) \<and>
      (C \<noteq> Object \<longrightarrow>
            (is_acc_classsig>newold
             ( (lambda,m methods
             entails (\<lambda> new. \<forall> old sig.
                       (
                        \<longrightarrow> (G\<turnstile>resTy new\<preceq>resTy old \<and>
      (\<forall>I\<in>set (superIfs c). is_acc_iface G (pid C) I \<and>
                             \<not>is_static old)) \<and>
                       (G,sig\<turnstile>new hides old
                         \<longrightarrow> (accmodi old \<le> accmodi new \<and>
                              is_static old      (\<forall>f\<in>set (cfields c). wf_fdecl G (pid C) f) \<and> unique (cfields c) \<and>
            )))"

(*
definition wf_cdecl :: "prog \<Rightarrow> cdecl \<Rightarrow> bool" where
"wf_cdecl G \<equiv>
   \<lambda>(C,c).
      \<not>is_iface G C \<and>
      (\<forall>I\<in>set (superIfs c). is_acc_iface G (pid C) I \<and>
        (\<forall>s. \<forall> im \<in> imethds G I s.
            (\<exists> cm \<in> methd  G C s: G\<turnstile>resTy (mthd cm)\<preceq>resTy (mthd im) \<and>
                                     \<not> is_static cm \<and>
                                     accmodi im \<le> accmodi cm))) \<and>
      (\<forall>f\<in>set (cfields c). wf_fdecl G (pid C) f) \<and> unique (cfields c) \<and>
      (\<forall>m\<in>set (methods c). wf_mdecl G C m) \<and> unique (methods c) \<and>
      \<lparr>prg=G,cls=C,lcl=empty\<rparr>\<turnstile>(init c)\<Colon>\<surd> \<and> ws_cdecl G C (super c) \<and>
      (C \<noteq> Object \<longrightarrow>
            (is_acc_class G (pid C) (super c) \<and>
            (table_of (map (\<lambda> (s,m). (s,C,m)) (methods c))
              hiding methd G (super c)
              under (\<lambda> new old. G\<turnstile>new overrides old)
              entails (\<lambda> new old.
                           (G\<turnstile>resTy (mthd new)\<preceq>resTy (mthd old) \<and>
                            accmodi old \<le> accmodi new \<and>
                           \<not> is_static old)))  \<and>
            (table_of (map (\<lambda> (s,m). (s,C,m)) (methods c))
              hiding methd G (super c)
              under (\<lambda> new old. G\<turnstile>new hides old)
              entails (\<lambda> new old. is_static old \<and>
                                  accmodi old \<le> accmodi new))  \<and>
            (table_of (cfields c) hiding accfield G C (super c)
              entails (\<lambda> newF oldF. accmodi oldF \<le> access newF))))"
*)

lemma wf_cdeclE
"\wf_cdecl G (C,c);
   \<lbrakk>\<not>is_iface G C;
    (<>\<>set is_acc_iface C  \<and>
        (\<forall>s. \<forall> im \<in> imethds G I s.
            (\<exists> cm \<in> methd  G C s: G\<turnstile>resTy cm\<preceq>resTy im \<and>
                                     \<not> is_static cm \<and>
                                     accmodi
      \<forall>f\<in>set (cfields c). wf_fdecl G (pid C) f; unique (cfields c);  ) java.lang.StringIndexOutOfBoundsException: Index 29 out of bounds for length 29
       unfold)
      jumpNestingOkS
java.lang.StringIndexOutOfBoundsException: Index 4 out of bounds for length 4
      \<lparr>prg=G,cls=C,lcl=Map.empty\<rparr>\<turnstile>(init c)\<Colon>\<surd>;  )
      ws_cdecl
( wf_cdecl_def
            (
            (table_of ( wf_cdecl_impD
             entails (\<lambda> new. \<forall> old sig. \<Longrightarrow> is_acc_iface G (pid C) I \<and>
                       ,\<turnstile\<^sub>S old
                         im
                             accmodi
                             \<not>is_static old)) \<and>
                       (G,sig\<turnstile>new hides old    C  cjava.lang.StringIndexOutOfBoundsException: Index 90 out of bounds for length 90
                 ,\<turnstile\<^sub>S old
                              is_static old))accmodi
            ))\<rbrakk> \<Longrightarrow> P
  \<rbrakk> \<Longrightarrow> P"
by (unfold wf_cdecl_def) simp old

lemma wf_cdecl_unique:
"wf_cdecljava.lang.StringIndexOutOfBoundsException: Index 4 out of bounds for length 4
apply (unfold
apply autoG\<>(C) overrides
done

lemma wf_cdecl_fdecl:
"\wf_cdecl G (C,c); f\set (cfields c)\ \ wf_fdecl G (pid C) f"
apply (unfold)
java.lang.StringIndexOutOfBoundsException: Index 10 out of bounds for length 10
done

lemma wf_cdecl_mdecl:
"
apply (unfold wf_cdecl_def)
apply java.lang.StringIndexOutOfBoundsException: Index 9 out of bounds for length 4
done

lemma wf_cdecl_impD:
"
\<Longrightarrow> is_acc_iface G (pid C) I \<and>
)
(
                                   accmodi im \<le> accmodi cm))"
  wf_cdecl_def
auto
done

lemma wf_cdecl_supD
"\wf_cdecl G (C,c); C \ Object\ \ lemma wf_cdecl_wt_init:
is_acc_classpid c)
   (table_of (map (\<lambda> (s,m). (s,C,m)) (methods c)) ( wf_cdecl_def
java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
                 (G,sig\<turnstile>new overrides\<^sub>S old
                   declaration is wellformed if:
                       accmodi\item the class ObjectC of Object is defined
                       \<not>is_static old)) \<and>
(Gsig
                   \<longrightarrow> (accmodi old \<le> accmodi new \<and>
old
apply (unfold wf_cdecl_def  this  by  class  the
apply auto
done

lemma wf_cdecl_overrides_SomeD:
"\wf_cdecl G (C,c); C \ Object; table_of (methods c) sig = Some newM;\
  Gwf_prog;java.lang.StringIndexOutOfBoundsException: Index 51 out of bounds for length 51
\<rbrakk> \<Longrightarrow>  G\<turnstile>resTy newM\<preceq>resTy old \<and>
       accmodi old \<le> accmodi newM \<and>
       \<not> is_static old"
apply (drule (1) wf_cdecl_supD)
apply (clarify)
apply (drule entailsD)
apply   (blast intro: table_of_map_SomeI)
apply (drule_tac x=
apply dest : msig_def
done

:
"\wf_cdecl G (C,c); C \ Object; table_of (methods c) sig = Some newM;
  G,sig
\<rbrakk> \<Longrightarrow>  accmodi old \<le> access newM \<and>
       is_static
apply (drule:
apply (clarify)
apply entailsD
apply   (blast intro
apply (drule_tac x="old" in:
apply (auto
done

lemma java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
" G(,)\java.lang.StringIndexOutOfBoundsException: Index 113 out of bounds for length 113
apply (unfold wf_cdecl_def ))
applyjava.lang.StringIndexOutOfBoundsException: Index 10 out of bounds for length 10
done


  (* well-formed program, cf. 8.1, 9.1 *)

text \<open>
A program declaration is wellformed if:
\begin{itemize}
\item the class ObjectC of Object is defined
\item every method of Object has an access modifier distinct from Package.
       is
      necessary since every simp)
      We must know
      interface wf_prog_Object_methd
      the interface (see \<open>implement_dynmethd and class_mheadsD\<close>)
\item all standard Exceptions are defined
\item all defined interfaces are wellformed
\item all defined classes are wellformed
\end{itemize}
\<close>
definition
( simpis_public_def:)
"wf_prog Gjava.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
                 \<in> set cs \<and>
(> \in>set m\<noteq> Package) \<and>
                (init
                (\<forall>i\<in>set is. wf_idecl G i) \<and> unique is \<and>
                (\<forall>c\<in>set cs. wf_cdecl G c) \<and> unique cs)"

lemma wf_prog_idecl: "\iface G I = Some i; wf_prog G\ \ wf_idecl G (I,i)"
apply (                                  =[]\<rparr>"
apply simp
apply   []:java.lang.StringIndexOutOfBoundsException: Index 25 out of bounds for length 25
done

lemma wf_prog_cdecl: done
applylemma simp"
apply simp
apply (fast dest: map_of_SomeD simp java.lang.NullPointerException

lemma wf_prog_Object_mdecls:
"wf_prog G \ (\ m\set Object_mdecls. accmodi m \ Package)"
apply unfold)
apply simp no_asm_simp
done

lemma:
"\wf_prog G; class G C = Some c; C \ Object \
  ( (no_asm_simp: is_public_def
auto: wf_cdecl_supD

lemma
apply(  Let_def
(rule
apply  (simp_all (no_asm)  [simp
apply  (auto simp )
             dest no_asm_simp:)
done

class_Object
"wf_prog G \
  class G Object by introjava.lang.StringIndexOutOfBoundsException: Index 31 out of bounds for length 31
init,=undefined]
apply (unfold wf_prog_def Let_def ObjectC_def)
apply (fast dest: )
done

methd_Object] " G \ methd G Object =
  table_of  [elim\lbrakk\<turnstile>U\<preceq>T; G\<turnstile>S\<preceq>U; wf_prog G\<rbrakk> \<Longrightarrow> G\<turnstile>S\<preceq>T"
apply (java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
apply (auto simp add: Let_def G
done

lemma wf_prog_Object_methd:
" "\<lbrakk>is_class G C; wf_prog G\<rbrakk> \<Longrightarrow> unique (DeclConcepts.fields G C)">is_classGC wf_prog
erule)

lemma wf_prog_Object_is_public[intro]:
" G
by (auto simp add: is_public_def desterulewf_prog_cdecl wf_cdecl_unique conjunct1

lemma class_SXcpt [simpjava.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
"wf_prog G \
   G ( )=Some
                                   init=Skip,
                                   super=   <>  (DeclConcepts G D)  = Some
                                                            (1 unique_fields
                                   superIfs=[]
apply
apply (fast dest"lbrakk> .fields Somef G;is_class G \java.lang.StringIndexOutOfBoundsException: Index 108 out of bounds for length 108
done

lemma wf_ObjectC [simp]:
" G = java.lang.StringIndexOutOfBoundsException: Index 86 out of bounds for length 86
  (wf_mdecl G Objectjava.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
apply (unfold wf_cdecl_defjava.lang.StringIndexOutOfBoundsException: Index 87 out of bounds for length 87
apply (auto intro: da.Skip)
done

lemma [,elimG
applyapplyjava.lang.StringIndexOutOfBoundsException: Index 13 out of bounds for length 13
done

  [,elim
apply (simp (no_asm_simp m, )
accessible_in_RefT_simp
done

lemma SXcpt_is_class
apply (simpno_asm_simp
done

lemma SXcpt_is_acc_class [simp,elim!]:
"G
applyfast
                               accessible_in_RefT_simp ,  wf_cdecl_mdeclmap_of_SomeD
done

lemma fields_Object [simp]: "wf_proglemma methd_rT_is_acc_type:
by (force intro: fields_emptyI)

lemma accfield_Object [simp\<Longrightarrow> is_acc_type G (pid C) (resTy m)"
"wf_prog G \ accfield G S Object = Map.empty"
apply (unfold accfield_def(The same is true for the
applylemma:
done

lemma fields_Throwable\<Longrightarrow> is_type G (resTy m)"
"wf_prog G \ DeclConcepts.fields G (SXcpt Throwable) = []"
by (force  drule

[]   .  )[java.lang.StringIndexOutOfBoundsException: Index 94 out of bounds for length 94
apply (case_tac "xn = Throwable")
apply  (simpjava.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
by"<> G; G S = Somem;

lemmas widen_trans = ws_widen_trans [OF     C=Some
\<Longrightarrow> is_type G (resTy m)"
apply (erule (2)widen_trans
done

lemma Xcpt_subcls_Throwable [simp
methd_Object_SomeD
apply\lbrakkGmethd
apply auto

lemma unique_fields' % zPxy]forjava.lang.StringIndexOutOfBoundsException: Index 70 out of bounds for length 70
"im
apply (java.lang.StringIndexOutOfBoundsException: Index 65 out of bounds for length 65
apply  (erule wf_ws_prog)
apply (erule (1) wf_prog_cdecl [THEN wf_cdecl_unique [THEN conjunct1 G  : iface_rec_induct
done


java.lang.NullPointerException
  is_class G D" \ imethds G I sig"
   \<Longrightarrow> table_of (DeclConcepts.fields G D) fn = Some f"
omeI
apply new
apply (erule if_I have:" \ (?inherited \\ ?new) sig"
applyerule
done

lemma fields_is_type [elim dest  is_acc_ifaceD
java.lang.NullPointerException
      is_type G (type
apply (frule wf_ws_prog auto wf_idecl_mhead
apply ( dest THEN]
                   wf_prog_cdecl
             simp add: wf_fdecl_def2 dest)
done

rule_format
"\m \ imethds G I sig; wf_prog G; is_iface G I\ \
         if_I
  \<not> is_static m \<and> accmodi m = Public"  by simp)
frule
( ) [ conjunct1
apply clarify byauto hidings_entailsD
apply (frule_tac I="(decliface m)"java.lang.StringIndexOutOfBoundsException: Index 35 out of bounds for length 9
apply (drule wf_idecl_mhead)
apply (erule map_of_SomeD)
apply (cases m,
done

lemma methd_wf_mdecl:
"\methd G C sig = Some m; wf_prog G; class G C = Some y\ \
  G\<turnstile>C\<preceq>\<^sub>C (declclass m) \<and> is_class G (declclass m) \<and> "
wf_mdecl m sig m)
apply (frule wf_ws_prog)
apply  obtain c where
apply fast
apply clarsimp
apply (frule (1) wf_prog_cdecl: declclass
donebyautohidesD)

(*
This lemma doesn't hold!
lemma methd_rT_is_acc_type:
"\<lbrakk>wf_prog G;methd G C C sig = Some (D,m);
    class G C = Some y\<rbrakk>
\<Longrightarrow> is_acc_type G (pid C) (resTy m)"
The result Type is only visible in the scope of defining class D
"is_vis_type G (pid D) (resTy m)" but not necessarily in scope of class C!
(The same is true for the type of pramaters of a method)
*)

lemma"( new\turnstile( new,) hides( ,oldM
"\wf_prog G;methd G C sig = Some m;
    class G C = Some wf_cdecl  blast)
\<Longrightarrow> is_type G (resTy m)"
apply ( new
apply clarify
apply (drule wf_mdeclD1)
apply clarify
apply (drule open>Compare this lemma about static
apply (cases m, simp add: is_acc_type_def \<^term>\<open>G \<turnstile>new overrides old\<close>.
done

lemma:
"\wf_prog G;accmethd G S C sig = Some m;
    class G C = Some y\<rbrakk>
\<Longrightarrow> is_type G (resTy m)"
auto:accmethd_def
         intro.  with we the

lemma methd_Object_SomeD:
"\wf_prog G;methd G Object sig = Some m\
\<Longrightarrow> declclass m = Object"
auto simp )

lemmas

lemma wf_imethdsD
akkjava.lang.NullPointerException
\<Longrightarrow> \<not>is_static im \<and> accmodi im = Public"
proof -
   : " "is_iface \<in> imethds G I sig"

  have "wf_prog G \
         (\<forall> i im. iface G I = Some i \<longrightarrow> im \<in> imethds G I sig
                  \<longrightarrow> \<not>is_static im \<and> accmodi im = Public)" (is "?P G I")
  proof (induct G      newmsig
     : old) java.lang.StringIndexOutOfBoundsException: Index 53 out of bounds for length 53
     : "<> iJ G I i \ ws_prog G \ J \ set (isuperIfs i)
                 \<Longrightarrow> ?P G J"
    assume wf: "wf_prog G" andauto: stat_overrides_commonD
           im: "im \ imethds G I sig"
    show "\is_static im \ accmodi im = Public"
    proof -
"n_tables (imethds G set( i))"
      let ?new = "(set_option \ table_of (map (\(s, mh). (s, I, mh)) (imethods i)))"
      from if_I wf im have imethds:" have " Gdeclclass blast
        by (simp add: imethds_rec)
      from wf if_I have
        wf_supI: "\ J. J \ set (isuperIfs i) \ (\ j. iface G J = Some j)"
        by (blast dest: wf_prog_idecl wf_idecl_supD is_acc_ifaceD)
       wf if_I
        \foralljava.lang.StringIndexOutOfBoundsException: Index 93 out of bounds for length 93
        byjava.lang.StringIndexOutOfBoundsException: Index 3 out of bounds for length 3
      then have new_ok:assumesGturnstile
                         \<longrightarrow>  \<not> is_static im \<and> accmodi im = Public"
        by ? (is)
      show ?thesis
        proof (cases ()
java.lang.StringIndexOutOfBoundsException: Index 19 out of bounds for length 19
          from True wf( stat_overridesR
          show ?thesis by (auto     : "
        next
          case False
          from False wf wf_supI if_I -
          show ?thesis by (autofrom stat_override
        qed
      java.lang.StringIndexOutOfBoundsException: Index 9 out of bounds for length 9
     stat_override
    "
qed

lemma wf_prog_hidesD:
  assumes hides: "G \new hides old" and wf: "wf_prog G"
  shows
   "accmodi old \ accmodi new \
     qed
proof -
  from hides
  obtain c where
    clsNew: "class G (declclass new) = Some c" and
    neqObj: "declclass new \ Object"
    by (auto dest: hidesD declared_in_classD)
  with hides newM where
    newM: "table_of (methods c) (msig new) = Some show"?verrides old
     new: "new = (declclass new,(msig new),newM)" and
     old: "old = ( new inter oldjava.lang.StringIndexOutOfBoundsException: Index 33 out of bounds for length 33
          "msig new = msig old"
    by (cases new,cases old)
       (auto
         simp add: cdeclaredmethd_def declared_in_def)
  with hides
  have hides':
                      : " old \ Package" and
    by auto
from wf
  have "wf_cdecl G (declclass new,c)" : "\Method old declared_in (declclass old)" and
   wf_cdecl_hides_SomeD  neqObj ']
  with new old "
  show\> .
    by (cases new, cases oldproof-
qed

\<open>Compare this lemma about static
overridingbyauto adddeclared_in_def)
dynamic overriding \<^term>\<open>G \<turnstile>new overrides old\<close>.
Conforming result types )
iscls_C subcls
   ? (isjava.lang.StringIndexOutOfBoundsException: Index 30 out of bounds for length 30
no restrictions on the accesscase
precondition with efford  guaranteethe modifier
restriction show "P Object old"
\<open>wf_prog_dyn_override_prop\<close>.
\<close>
:
  assumes stat_overrideassume cls_C C=
  shows       neq_C_Obj <noteq> Object" and
   "G\resTy new\resTy old \
    accmodi old \<le> accmodi new \<and>
    \<not> is_static old"
proof -
  from stat_override
  obtain c where
    clsNew: "class inheritable: "G
    neqObj: G<>java.lang.StringIndexOutOfBoundsException: Index 63 out of bounds for length 63
    by G prec
         rule)
    newMfrom  neq_C_Obj
new(,)"and
     old: "old = (by( dest wf_cdecl_supD is_acc_classD)
            old
    by (cases: "\java.lang.StringIndexOutOfBoundsException: Index 68 out of bounds for length 68
       (auto dest:and "not is_static
         simp
  with -
':
        "G,( old_declared "
    by auto old dest)
  from clsNewshowthesis
  have "wf_cdecl G (declclass new,c)" by (blast cases\<turnstile>mid (msig old) undeclared_in C")
  note wf_cdecl_overrides_SomeD inheritable member_super
  with new old
   ?
    by (casesshow
qed

lemma static_to_dynamic_overriding:
  assumes stat_override: "G\new overrides\<^sub>S old" and wf : "wf_prog G"
  shows"mid ( old) =memberid "
proof
          new
  show                  :java.lang.NullPointerException
  proof (induct)
    case (Direct new old superNew)
    then have stat_override:"G\new overrides\<^sub>S old"
       (ule.Direct
    from stat_override wf
    y_widen
      not_static_old: "\ is_static old"
      by( dest)
     not_private_new\<noteq> Private"
    proof
      from stat_override
      have "accmodi old \ Private"
java.lang.StringIndexOutOfBoundsException: Range [12, 9) out of bounds for length 20
      moreover
      from stat_override wf
      aveaccmodi\<le> accmodi new"
        by (auto dest: wf_prog_stat_overridesD                member_super subcls_new_old
      ultimately
      show ?thesis
        by (auto dest: acc_modi_bottom)
    qed
    with Direct resTy_widen not_static_old
    show "?Overrides new old"
      by (auto intro           True
  next
    case (Indirect new inter old)
    then show "?Overrides new old"
      by( introoverridesR)
  qed
qed

lemma non_Package_instance_method_inheritance:
   old_inheritable\<>  ( ) java.lang.StringIndexOutOfBoundsException: Index 79 out of bounds for length 79
              accmodi_old: "accmodi old \ Package" and
          instance_method: "\ is_static old" and
                   subcls:
             old_declared: "G\Method old declared_in (declclass old)" and
wfG
  shows "G\Method old member_of C \
   (\<exists> new. G\<turnstile> new overrides\<^sub>S old \<and> G\<turnstile>Method new member_of C)"
proof -
  from wf have ws: "ws_prog G" by auto rule)
  from old_declared have iscls_declC_old
    by (auto simp add: declared_in_def java.lang.StringIndexOutOfBoundsException: Index 40 out of bounds for length 13
  from subcls have  iscls_C: "is_class G C"
    by (blast dest:  subcls_is_class)
fromws
  show ?thesis (is "?P C old")
  proof (induct rule:ws_class_induct
    case Object
    assumeG\<turnstile>Object\<prec>\<^sub>C declclass old"
    then show "?P Object old"
      by blast( dest: hyp_member_super)
  next
        next
    assume cls_C: "class G C = Some c" and
       neq_C_Obj: "C \ Object" and
             hyp: "\G \Method old inheritable_in pid (super c);
                   G\<turnstile>super c\<prec>\<^sub>C declclass old\<rbrakk> \<Longrightarrow> ?P (super c) old" and
     inheritable:         casesaccmodi ( simp addinheritable_in_def
         subclsC: "G have "?P( c) old
    from neq_C_Obj
    have super show
byrule)
    from wf cls_C "
    havewith instance_method
      by auto:w wf_cdecl_supD)
    have hyp_member_super: "?P C old"
      if member_super: "G\Method old member_of (super c)"
               \<
               obtain where
    for old
    proof:  Gjava.lang.StringIndexOutOfBoundsException: Index 81 out of bounds for length 81
      from member_super
      have old_declared: "Ghaveaccmodiold\<
bycases( dest)
      show ?thesis
      proof (cases "G\mid (msig old) undeclared_in C")
        case True
        with inheritable super accessible_super member_super
        have "G\Method old member_of C"
          by (cases old) (auto intro:moreover
        then show ?thesis
          by"notis_static java.lang.StringIndexOutOfBoundsException: Index 41 out of bounds for length 41
      next
        case False
then  where
             "G\new_member declared_in C" and
             "mid (msig old) = memberid new_member"
          by (auto dest: not_undeclared_declared)
        then obtain new where
        proof
: "msigold=msig new and
            declC_new: "declclass new = C"
          by (cases new_member) auto ?thesis
        then have member_new: "G\Method new member_of C"
          by (cases new) (auto intro: membersassume"new. G \ new overrides\<^sub>S super_new \
        fromG
        have super_new_override ?
                       blast stat_overridesRIndirect
                    dest: r_into_trancl intro: trancl_rtrancl_trancl)
qed
         ( "is_static new"java.lang.StringIndexOutOfBoundsException: Index 37 out of bounds for length 37
          case False
          with eq_sig declC_new new >Method inheritable_in )java.lang.StringIndexOutOfBoundsException: Index 79 out of bounds for length 79
               super: \<not> is_static old" and
havejava.lang.NullPointerException
            by (auto intro!old_declared
           member_new ?thesis
            by blast
        next
          casejava.lang.StringIndexOutOfBoundsException: Index 19 out of bounds for length 19
          with    accmodi_old subcls wf
          have"
            by   showthesis
          with wf
          have "is_static old"
            by (blast dest
           instance_method
          showassumes: "G\ new overrides old" and
             (contradiction
        qed
      qed
qed
    from cls_C
    have "G\(super c)\\<^sub>C declclass old"
      by (rule subcls_superD)
    then
    show?Cold
    proof       : "G<>Method new declared_in declclass new"
      case Eq : "msig = msig old"
      assume"superc "
      with" turnstileMethod old inheritable_in pid declclassnew"and
      have           accmodi
        by (cases old) (auto intro: members.Immediate)
      with inheritable instance_method            G<>  declared_in
show
        by (blast "? new old"
    next
      case SubclscaseInheritance
assume
      moreover
      from inheritable accmodi_old
      have "G \Method old inheritable_in pid (super c)"
        by subcls_new_old show
ultimately
      have "?P (super c) old"
                 Inherited
      then ?
      proof
        assume"\turnstile> superc"
        with inheritable instance_method
        showjava.lang.StringIndexOutOfBoundsException: Index 9 out of bounds for length 9
          by (blast dest: hyp_member_super ?thesis

        assume "\new. G \ new overrides\<^sub>S old \ G \Method new member_of super c"
        then super_new
          super_new_override:  "G assume stat_override_new': "G \ new' overrides\<^sub>S old"
            super_new_member  " new' = msig "
          by dest:stat_overrides_commonD
          wf
        have "accmodi old \ accmodi super_new"
          byGjava.lang.NullPointerException
inheritable
        have "G \Method super_new inheritable_in pid C"
          by (auto simp         case Immediate
                      split: acc_modi.splits
                       dest: acc_modi_le_Dests)
        moreover
        fromsuper_new_override
        have "\ is_static super_new"
          by (auto dest: stat_overrides_commonD)
        moreover
        note super_new_member
        ultimately          new_declared'
          by (auto dest: hyp_member_super)
thesis
        proof
          assume "G \Method super_new member_of C"
          with super_new_override
          show ?thesis
            by blast
        next
          assume "\new. G \ new overrides\<^sub>S super_new \
                  G \<turnstile>Method new member_of C" eq_sig_new_new
          with super_new_override show ?thesis
            by (blast intro: stat_overridesR.Indirect)
        qed
    qed
    qed
  qed
qed

lemma non_Package_instance_method_inheritance_cases:accmodi
   assume old
              accmodi_old     accmodi_old
          :"not is_staticold and
                   subcls
             old_declared: "G\Method old declared_in (declclass old)" and
                       wf: "wf_prog G"
  obtains (Inheritance) "G\Method old member_of C"
    | (Overriding       stat_override_inter_old
proof -
  from old_inheritable accmodi_old instance_method subcls old_declared wfby( dest wf_prog_stat_overridesD)
       Inheritance
  show thesis
    by (auto dest: non_Package_instance_method_inheritance)
qed

lemma dynamic_to_static_overriding:
  assumes dyn_override: "G\ new overrides old" and
           accmodi_old: "accmodi old \ Package" and
                    wf: "wf_prog G"
  shows "G\ new overrides\<^sub>S old"
proof -
  from dyn_override
   ?thesis "? new old"java.lang.StringIndexOutOfBoundsException: Range [40, 41) out of bounds for length 40
wf
    case (Direct new "accmodi old \ accmodi new"
    assume   new_declared: "G\Method new declared_in declclass new"
    proofcases Package
    assume subcls_new_old: "G\declclass new \\<^sub>C declclass old"
    assume "G \Method old inheritable_in pid (declclass new)" and
             case True
           "\ is_static old" and
           "G\declclass new\\<^sub>C declclass old" and
           "G\Method old declared_in declclass old"
    from this wf
    show "?Overrides new old"
    proof (cases rule: non_Package_instance_method_inheritance_cases)
      case Inheritance
      assume "G \Method old member_of declclass new"
      then have "G\mid (msig old) undeclared_in declclass new"
      proof cases
        case Immediate
        with subcls_new_old wf show    with
          by auto: subcls_irrefl
      next
        case        ( "accmodi new") (auto add le_acc_def )
        then show ?thesis
          by (cases old) auto ( dest)
      qed
      with eq_sig_new_old new_declared
      show ?thesis
        by (cases old,cases" <>new\<^sub>S old"
java.lang.StringIndexOutOfBoundsException: Index 8 out of bounds for length 8
      case  ?
': G\ new' overrides\<^sub>S old"
      then have "msig
        by (auto dest:
  have'"msig = new'
        by simp
      assume "Gshows " old"
      then show ?thesis
      proof (cases)
        case Immediate
        then have declC_new: "declclass new' = declclass new"
          by auto
        from Immediate
        have "G\Method new' declared_in declclass new"
          by (cases new') have G\java.lang.StringIndexOutOfBoundsException: Index 49 out of bounds for length 49
witheq_sig_new_new
        have wf
          by (cases new, cases new') (auto dest: unique_declared_in)
        with'
        show ?thesis
          by simp
      next
        case Inherited wf
        then have "G\mid (msig new') undeclared_in declclass new"
  with wf
        with eq_sig_new_new' new_declared
        show ?thesis
          by (cases new,cases new') (auto dest!: declared_not_undeclared)
      qed
    qed
  next
    case (Indirect
accmodi_old
    assume    dyn_override
accmodi_old
           : " new = " and
      by blast
moreover
    assume hyp_inter accmodi_old
java.lang.StringIndexOutOfBoundsException: Index 12 out of bounds for length 12
    have "accmodi inter \ Package"
    proof -"\turnstileMethod old pid ( new)java.lang.StringIndexOutOfBoundsException: Index 72 out of bounds for length 72
      from by  addjava.lang.StringIndexOutOfBoundsException: Index 44 out of bounds for length 44
      have "accmodi old \ accmodi inter"
        by (auto dest: wf_prog_stat_overridesD:  "
      with stat_override_inter_old accmodi_old  wf
      show ?thesis
        by (auto dest!: no_Private_stat_override
                 : acc_modi
                 dest: acc_modi_le_Dests)
    qed
    ultimately show "?Overrides new old dyn_override_Package_escape:
      by (blast intro: stat_overridesR.Indirect)accmodi_old

qed:G

lemma wf_prog_dyn_override_prop:
  assumes dyn_override: "G \ new overrides old" and
                    wf: "wf_prog G"
  shows
proof (cases "accmodi old = Package")
  case True
  note old_Package = this
  show ?thesis
accmodi
    case True then show ?thesis .
  next
    case False
    with  turnstile>Method old inheritable_in pid (declclass new)"
    have "accmodi new = Private"
      by (cases "accmodi new") (auto" (declclassold) = (declclass new)"
    with dyn_override
    show ?java.lang.StringIndexOutOfBoundsException: Index 21 out of bounds for length 21
      by (auto dest: overrides_commonDIndirect )
  qed
next
  case False
  with dyn_override: \<turnstile> new overrides inter"
  have "G \ new overrides\<^sub>S old"
    by (blast intro: dynamic_to_static_overriding)
  with wf
  show ?thesis
  : )
qed  old

lemma overrides_Package_old:
  assumes dyn_override: "G \ new overrides old" and
           accmodi_new:
                    wf: "wf_prog G "
  shows "accmodi old = Package"
proof (cases "accmodi old")
  case Private
  with dyn_override        show ?thesis
    ( : )
next
case
  then show =java.lang.StringIndexOutOfBoundsException: Index 39 out of bounds for length 39
next
  case Protected
             diff_pack_inter_new
  have "G \ new overrides\<^sub>S old"
    by (auto intro: dynamic_to_static_overriding)
  with wf
  have old
    by (auto dest: wf_prog_stat_overridesD)
  with Protected accmodi_new
  show ?thesis
    by (simp add: less_acc_def le_acc_def)
next
  case Public
  with dyn_override wfjava.lang.StringIndexOutOfBoundsException: Index 18 out of bounds for length 18
  have "G \ new overrides\<^sub>S old"
    by (auto intro: dynamic_to_static_overriding)
  with wf
  have "accmodi old \ accmodi new"
    by (auto dest: wf_prog_stat_overridesD)
  with Public accmodi_new
  show ?thesis
    by (simp add: less_acc_def le_acc_def)
qed

lemma Protected
  assumes dyn_override: "G \ new overrides old" and
           accmodi_old: "accmodi old = Package" and
           accmodi_new: "accmodi new = Package" and
                    wf blast
  shows "pid (declclass old) = pid (declclass new)"
proof -
  from dyn_override accmodi_old accmodi_new
  show  hyp_inter_old
  obtain where
    case (Direct new old)
    assume "accmodi old = Package"
           "G \Method old inheritable_in pid (declclass new)"
    then show "pid (declclass old) = pid (declclass new)"
      by (auto simp add: inheritable_in_def)
  next
    case (Indirect new inter old)
    assume accmodi_old: " by (rule overridesRIndirect)
           : "accmodi new = Package
    assume "G \ new overrides inter"
by
    have "accmodi inter = Package"
      by  (auto intro:qed
    with Indirect
    show "pid (declclass old) = java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
      by auto
  qed
qed

lemma dyn_override_Package_escape:
  assumes dyn_override: "G \ new overrides old" and
           accmodi_old: "accmodi old = Package" and
          outside_pack: "pid (declclass old) \ pid (declclass new)" and
                    wf: "wf_prog G"
  shows "\ inter. G \ new overrides inter \ G \ inter overrides old \
              (declclass) =  (declclass) \<and>
             Protected \<le> accmodi inter"
proof -
  from dyn_override accmodi_old outside_pack
  show ?thesis (is "?P new old")
  proof (induct rule: overridesR.induct)
    case (Direct new old)
    assume accmodi_old: "accmodi old = Package"
    assume outside_pack: "pid (declclass old) \ pid (declclass new)"
    assume " next
    with accmodi_old
     pid)
      by (simp? = " (map(
with
    show "?P new old"
      by (contradiction)
  next
caseIndirect old
     ?
    assume outside_pack: "pid (declclass old) proof (cases "?table sig")
    assume override_new_inter: "G \ new overrides inter"
     : "
    assume hyp_new_inter: "\accmodi inter = Package;

"
    assume hyp_inter_old: "\accmodi old = Package;
                           pid (declclass old) \<noteq> pid (declclass inter)\<rbrakk>
\<Longrightarrow> ?P inter old"
        ( : Hyp
  "piddeclclass old) = (declclass )")
      case True
      note same_pack_old_inter = this
      show ?thesis
      proof (cases "pid (declclass inter) = pid (declclass new)")
        case True
        with same_pack_old_inter outside_pack
        show ?thesis
          by auto
      next
        case False
        note diff_pack_inter_new = this\lbrakk    methd \<rbrakk>
        show ?thesis
        proof: " G"
          case True
          with diff_pack_inter_new hyp_new_inter
          obtain newinter where
            over_new_newinter: "G \ new overrides newinter" and
            over_newinter_inter: "G \ newinter overrides inter" and
            eq_pidpid= declclass
            accmodi_newintercaseObject
            by auto
fromjava.lang.StringIndexOutOfBoundsException: Index 53 out of bounds for length 53
          have "G\newinter overrides old"
            by (rule overridesR.Indirect)
          moreover
          from eq_pid same_pack_old_inter
          havepid ( old)= pid newinter
            by simp
          moreover
note accmodi_newinter
          ultimately show ?thesis
            by blast
        next
          case False      caseNone
      fromNone clsC m hyp
          have "Protected \ accmodi inter"      show ? by (auto: method_declared_inI : methd_rec
            by (cases "accmodi inter") (auto dest java.lang.StringIndexOutOfBoundsException: Index 15 out of bounds for length 15
          with override_new_inter override_inter_old same_pack_old_inter
          showthesis
            by blast
        qed
      qed
    next
      case False
      with accmodi_old hyp_inter_old
      obtain newinter where
        over_inter_newinter: "G \ inter overrides newinter" and
          over_newinter_old: "G \ newinter overrides old" and
eq_piddeclclass
        accmodi_newinter: "Protected \ accmodi newinter"
        by auto
      from override_new_inter -
have
        by (( Gsuper
      with eq_pid   ?new"table_of ( \lambda(,m) , m)(methods )"
      show ?thesis
          have meti )  Some
    qed
  qed
qed

lemmas class_rec_induct' = class_rec.induct [of "%x y z w. P x y"] for P

lemma declclass_widen[  InheritedMethod byjava.lang.StringIndexOutOfBoundsException: Index 46 out of bounds for length 46
"wf_prog G
\<longrightarrow> (\<forall>c m. class G C = Some c \<longrightarrow> methd G C sig = Some m
\<longrightarrow> G\<turnstile>C \<preceq>\<^sub>C declclass m)" (is "?P G C")
proof (induct G C rule: class_rec_induct', intro allI impI)
  fix G C c m
  assume Hyp: "\c. class G C = Some c \ ws_prog G \ C \ Object
               \<Longrightarrow> ?P G (super c)"
  assume wf: "wf_prog G" and cls_C  shows
         m:  "methd G C sig = Some m"
  show
  proof "=")
casejava.lang.StringIndexOutOfBoundsException: Index 14 out of bounds for length 14
    with" Longrightarrow
  next
    let ?filter="filter_tab (\sig m. G\C inherits method sig m)"
    let wf:="
    case False
    with cls_C wf m
    have methd_C: "(?filter (methd G (super c)) wf Gturnstile>Methd sig m declared_in Object"
      by (simp add: methd_rec)
    show?thesis
    proof (cases " declC
       java.lang.StringIndexOutOfBoundsException: Index 15 out of bounds for length 15
      from this methd_C have "?filterjava.lang.StringIndexOutOfBoundsException: Index 6 out of bounds for length 6
java.lang.StringIndexOutOfBoundsException: Index 15 out of bounds for length 15
      moreover
      from wf cls_C False obtain    from methd neq_C_Obj
        by (blast( rule)
      moreover note wf False cls_C
      ultimately          auto intro)
        by (auto intro
      moreover from cls_C False have  "G\C \\<^sub>C1 super c" by (rule subcls1I)
      ultimately
    next
      case Some
      from this wf False cls_C methd_Clemma:
qed
  qed
qed

lemma declclass_methd_Object:
" \ methd G C sig = Some (C,new)"
by auto

lemma methd_declaredD:
"
  \<Longrightarrow> G\<turnstile>(mdecl (sig,mthd m)) declared_in (declclass m)"
proof -
      : "wf_prog Gjava.lang.StringIndexOutOfBoundsException: Index 27 out of bounds for length 27
  then have ws: "ws_prog neq_C_Obj: "C \ Object"
assume:is_class
  from clsC ws
  show "methd G C sig = Some m
        \<Longrightarrow> G\<turnstile>(mdecl (sig,mthd m)) declared_in (declclass m)"
   ( C rule')
    case Object
    show ?thesis if " clsCwf
      byrule)use that auto
  next
    case Subcls
    fix java.lang.StringIndexOutOfBoundsException: Index 11 out of bounds for length 11
    assume clsC: "class G C = Some c"
andm methd=m"
    and     hyp: "methd G (super c) sig = Some m \ ?thesis"
    let ?newMethodshave: "G\Methd sig old declared_in (declclass old)"
     ?thesis
    proof (cases " newclsC
java.lang.StringIndexOutOfBoundsException: Index 15 out of bounds for length 15
      from None ws clsC m hyp
      show ?thesis by (auto intro: method_declared_inI  notetrancl_rtrancl_tranc   [trans
    next
      case Some
          by( subcls1I)
      showthesis byautomethod_declared_inI
    qed
  qed
qed

:
    simp
                Gand
             clsC: "class G C = Some c" and
neq_C_Obj
java.lang.StringIndexOutOfBoundsException: Range [8, 5) out of bounds for length 59
    | (InheritedMethod) "G\C inherits (method sig m)" and "methd G (super c) sig = Some m"
proof -
  let dest

  let ?new  old_declared
  fromjava.lang.StringIndexOutOfBoundsException: Index 22 out of bounds for length 22
  haveby intro)
    by (simp add: methd_rec)
  show thesis:)
  proof (cases "?new sig")
    case None
    with methd_unfold
      ()
   subclseq_C_D
  next
    case Some
    with                     : "wf_progG andjava.lang.StringIndexOutOfBoundsException: Index 40 out of bounds for length 40
      by auto
    with NewMethod show ?thesis by blast
  qed
qed


lemma methd_member_of:
  assumes wf: "wf_prog G"
  shows
    "\is_class G C; methd G C sig = Some m\ \ G\Methd sig m member_of C"
  (is "?Class C \ ?Method C \ ?MemberOf C")
proof -
wf: "ws_progG .
  assume defC: "is_class G C"
  from defC ws
  show "?Class C \ ?Method C \ ?MemberOf C"
  proof (induct rule: ws_class_induct')
    case Object
    with wf have declC: "Object = declclass m"
      by (simp add: declclass_methd_Object old
Object "
      by (auto intro: methd_declaredD simp eq_D_Obj
    with declC
java.lang.StringIndexOutOfBoundsException: Index 6 out of bounds for length 6
      by (auto intro!: members.Immediate
                  simp del: methd_Object)
  next
    case (Subcls C c)
    assume  clsCfromclsC
       neq_C_Obj: "C \ Object"
    assume methd: "?Method C"
    from methd ws clsC neq_C_Obj
showMemberOf
    proof (cases rule:  is_cls_super: "is_class c)"
      case NewMethod
             auto )
        by (autoclsC  neq_C_Obj
java.lang.StringIndexOutOfBoundsException: Index 8 out of bounds for length 8
      case InheritedMethod
      then show "?thesis"
        by (blast dest: inherits_member
    qed
  qed
qed

:
      "\table_of (methods c) sig = Some new;
        ws_prog G; class G C = Some       old
        methd G (super c) sig = Some old\<rbrakk>
    \<Longrightarrow> methd G C sig = Some (C,new)"
by (auto simp "
            intro: filter_tab_SomeI

lemma wf_prog_staticD:
  assumes     wf: "wf_prog G" and
            clsCC=c java.lang.StringIndexOutOfBoundsException: Index 42 out of bounds for length 42
       neq_C_Obj: "C \ Object" and
             old: "methd havenot_static_super "<not>is_static
     accmodi_old <le> accmodi old" and"and
             new: "table_of (methods c) sig = Some new"
  shows "is_static new = is_static old"
proof -
  from clsC wf
  have wf_cdecl: "wf_cdecl G inheritable "\<turnstile>Methd sig super_method inheritable_in (pid C)"
  from wf clsC neq_C_Obj
  have is_cls_super: "is_class G (super c)"
    by (blast dest: wf_prog_acc_superD is_acc_classD)
  from wf is_cls_super old
  have old_member_of: "G\Methd sig old member_of (super c)"
    by (rule methd_member_of)
  from old wf is_cls_super
  have old_declared: "G\Methd sig old declared_in (declclass old)"
    by (auto dest: methd_declared_in_declclass)
  from new clsC
  have new_declared: "G\Methd sig (C,new) declared_in C"
    by (auto intro: method_declared_inI)
  note trancl_rtrancl_tranc = trancl_rtrancl_trancl [trans] (* ### in Basis *)
  from clsC neq_C_Obj
  have subcls1_C_super: "G\C \\<^sub>C1 super c"
    by (rule subcls1I)
  then have "G\C \\<^sub>C super c" ..
  also from old wf is_cls_super
  have "G\super c \\<^sub>C (declclass old)" by (auto dest: methd_declC)
  finally have subcls_C_old:  "G\C \\<^sub>C (declclass old)" .
  from accmodi_old
  have inheritable: "G\Methd sig old inheritable_in pid C"
    by (auto simp add: inheritable_in_def
                 dest: acc_modi_le_Dests)
  show ?thesis
  proof (cases "is_static new")
    case True
    with subcls_C_old new_declared old_declared inheritable
    have "G,sig\(C,new) hides old"
      by (auto intro: hidesI)
    with True wf_cdecl neq_C_Obj new
    show ?thesis
      by (auto dest: wf_cdecl_hides_SomeD)
  next
    case False
    with subcls_C_old new_declared old_declared inheritable subcls1_C_super
         old_member_of
    have "G,sig\(C,new) overrides\<^sub>S old"
      by (auto intro: stat_overridesR.Direct)
    with False wf_cdecl neq_C_Obj new
    show ?thesis
      by (auto dest: wf_cdecl_overrides_SomeD)
  qed
qed

lemma inheritable_instance_methd:
  assumes subclseq_C_D: "G\C \\<^sub>C D" and
              is_cls_D: "is_class G D" and
                    wf: "wf_prog G" and
                   old: "methd G D sig = Some old" and
           accmodi_old: "Protected \ accmodi old" and
        not_static_old: "\ is_static old"
  shows
  "\new. methd G C sig = Some new \
         (new = old \<or> G,sig\<turnstile>new overrides\<^sub>S old)"
(is "(\new. (?Constraint C new old))")
proof -
  from subclseq_C_D is_cls_D
  have is_cls_C: "is_class G C" by (rule subcls_is_class2)
  from wf
  have ws: "ws_prog G" ..
  from is_cls_C ws subclseq_C_D
  show "\new. ?Constraint C new old"
  proof (induct rule: ws_class_induct')
    case (Object co)
    then have eq_D_Obj: "D=Object" by auto
    with old
    have "?Constraint Object old old"
      by auto
    with eq_D_Obj
    show "\ new. ?Constraint Object new old" by auto
  next
    case (Subcls C c)
    assume hyp: "G\super c\\<^sub>C D \ \new. ?Constraint (super c) new old"
    assume clsC: "class G C = Some c"
    assume neq_C_Obj: "C\Object"
    from clsC wf
    have wf_cdecl: "wf_cdecl G (C,c)"
      by (rule wf_prog_cdecl)
    from ws clsC neq_C_Obj
    have is_cls_super: "is_class G (super c)"
      by (auto dest: ws_prog_cdeclD)
    from clsC wf neq_C_Obj
    have superAccessible: "G\(Class (super c)) accessible_in (pid C)" and
         subcls1_C_super: "G\C \\<^sub>C1 super c"
      by (auto dest: wf_prog_cdecl wf_cdecl_supD is_acc_classD
              intro: subcls1I)
    show "\new. ?Constraint C new old"
    proof (cases "G\super c\\<^sub>C D")
      case False
      from False Subcls
      have eq_C_D: "C=D"
        by (auto dest: subclseq_superD)
      with old
      have "?Constraint C old old"
        by auto
      with eq_C_D
      show "\ new. ?Constraint C new old" by auto
    next
      case True
      with hyp obtain super_method
        where super: "?Constraint (super c) super_method old" by blast
      from super not_static_old
      have not_static_super: "\ is_static super_method"
        by (auto dest!: stat_overrides_commonD)
      from super old wf accmodi_old
      have accmodi_super_method: "Protected \ accmodi super_method"
        by (auto dest!: wf_prog_stat_overridesD)
      from super accmodi_old wf
      have inheritable: "G\Methd sig super_method inheritable_in (pid C)"
        by (auto dest!: wf_prog_stat_overridesD
                        acc_modi_le_Dests
              simp add: inheritable_in_def)
      from super wf is_cls_super
--> --------------------

--> maximum size reached

--> --------------------

quality97%

¤ Die Informationen auf dieser Webseite wurden nach bestem Wissen sorgfältig zusammengestellt. Es wird jedoch weder Vollständigkeit, noch Richtigkeit, noch Qualität der bereit gestellten Informationen zugesichert.0.25Bemerkung: (vorverarbeitet) ¤

Wurzel

Suchen

Beweissystem der NASA

Beweissystem Isabelle

NIST Cobol Testsuite

Cephes Mathematical Library

Wiener Entwicklungsmethode

Haftungshinweis

Die Informationen auf dieser Webseite wurden nach bestem Wissen sorgfältig zusammengestellt. Es wird jedoch weder Vollständigkeit, noch Richtigkeit, noch Qualität der bereit gestellten Informationen zugesichert.

Bemerkung:

Die farbliche Syntaxdarstellung ist noch experimentell.