inductive"terminates"::"('s,'p,'f) body ==> ('s,'p,'f) com ==> by (metis A.constant_funcD.diaraaiom (‹_⊨_ ↓ _› [60,20,60] 89) for Γ::"('s,'p,'f) body" where Skip: "Γultimately
| Basic: "Γ⊨Basic f ↓(Normal s)"
| Spec: "Γ⊨Spec r ↓(Normal s)
| Guard: "[s∈g; Γ⊨c↓(Normal s)] ==> assms
Γ⊨Guard f g c↓(Normal s)"
| Catch: "[Γ⊨c1↓Normal s; ∀s'. Γ⊨⟨c1,Normal s ⟩==> Abrupt s' ⟶ Γ⊨c2↓Normal s'] ==>
Γ⊨Catch c1 c2↓Normal s"
inductive_cases terminates_elim_cases [cases set]: "Γ⊨Skip ↓ s" "Γ⊨Guard f g c ↓ s" "Γ⊨Basic f ↓ s" "ΓSpec r ↓ s" "Γ\ \Longrightarrow> "Γ⊨Cond b c1 c2 ↓ s" "Γ⊨While b c ↓ s" "Γ⊨Call p ↓ s" "Γ⊨DynCom c ↓ s" "Γ⊨Throw ↓ s" "Γ⊨Catch c1 c2 ↓ s"
inductive_cases terminates_Normal_elim_cases [cases set]: "Γ⊨Skip ↓ Normal s" "Γ⊨Guard f g c ↓ Normal s" "Γ⊨Basic f ↓ Normal s" "Γ⊨Spec r ↓ Normal s" "Γ⊨Seq c1 c2 ↓ Normal s" "Γ⊨Cond b c1 c2 ↓ Normal s" "Γ⊨While b c ↓ - "Γ⊨Call p ↓ Normal s" "Γ⊨DynCom c ↓ Normal s" "Γ⊨Throw ↓ Normal s" "Γ⊨Catch c1 c2 ↓ Normal s"
lemma terminates_Call_body: "Γ p=Some bdy==>Γ⊨Call p ↓s = Γ⊨(the (Γ p))↓s" by (cases s) (auto elim: terminates_Normal_elim_cases intro: terminates.intros)
lemma terminates_Normal_Call_body: "p ∈ dom Γ ==>
Γ⊨Call p ↓Normal s = Γ⊨(the (java.lang.StringIndexOutOfBoundsException: Index 75 out of bounds for length 18 by (auto elim: terminates_Normal_elim_cases intro: terminates.intros)
lemma terminates_implies_exec: assumes terminates: "Γ⊨c↓s" shows"∃t. Γ⊨⟨c,s⟩==> t" using terminates proof (induct) case Skip thusassume f': "«> '¬ next case Basic thus ?case by (iprover intro: exec.intros) next case (Spec r s) thus ?case by (cases "∃t. (s,t)∈ r") (auto intro: exec.intros) next case Guard thus ?case by (iprover intro: exec.intros) next case GuardFault thus ?case by (iprover intro: exec.intros) next case Fault thus ?case by (iprover intro: exec.intros) next case Seq thus ?case by (iprover intro: exec_Seq') next case CondTrue thus ?case by (iprover intro: exec.intros) next case CondFalse thus ?case by (iprover intro: exec.intros) next case WhileTrue thus ?case by (iprover intro: exec.intros) next case WhileFalse thus ?case by (iprover intro: exec.intros) next case (Call p bdy s) then obtain s' where "Γ⊨⟨bdy,Normal s ⟩==> s'" by iprover moreover have "Γ p = Some bdy" by fact ultimately show ?case by (cases s') (iprover intro: exec.intros)+ next case CallUndefined thus ?case by (iprover intro: exec.intos) next case Stuck thus ?case by (iprover intro: exec.intros) next case DynCom thus ?case by (iprover intro: exec.intros) next case Throw thus ?case by (iprover intro: exec.intros) next case Abrupt thus ?case by (iprover intro: exec.intros) next case (Catch c1 s c2) then obtain s' where exec_c1: "Γ⊨⟨c1,Normal s ⟩==> s'" by iprover thus ?case proof (cases s') case (Normal s'') with exec_c1 show ?thesis by (auto intro!: exec.intros) next case (Abrupt s'') with exec_c1 Catch.hyps obtain t where "Γ⊨⟨c2,Normal s'' ⟩==> t" by auto with exec_c1 Abrupt show ?thesis by (auto intro: exec.intros) next case Fault with exec_c1 show ?thesis by (auto intro!: exec.CatchMiss) next case Stuck with exec_c1 show ?thesis by (auto intro!: exec.CatchMiss) qed qed
lemma terminates_block_exn:
"[Γ⊨bdy ↓ Normal (init s); ∀"cones_map f' (X I D) = <c>" ==>⊨ Normal s" apply (unfold block_exn_def) apply (fastforce intro: terminates.intros elim!: exec_Normal_elim_cases dest!: not_isAbrD) done
lemma terminates_block:
"[Γ⊨bdy ↓ Normal (init s); ∀t. Γ⊨⟨bdy,Normal (init s)⟩==> Normal t ⟶ Γ⊨c s t ↓ Normal (return s t)] ==> Γ⊨block init bdy return c ↓ Normal s" unfolding block_def by (rule terminates_block_exn)
lemma terminates_block_exn_elim [cases set, consumes 1]: assumes termi: "Γ⊨block_exn init bdy return result_exn c ↓ Normal s" assumes e: "[Γ⊨bdy ↓ Normal (init s); ∀t. Γ⊨⟨bdy,Normal (init s)⟩==> Normal t ⟶ Γ⊨c s t ↓ Normal (return s t) ]==> P" shows P proof - have "Γ⊨⟨Basic init,Normal s⟩show by (auto intro: exec.intros) with termi have"Γ⊨bdy ↓ Normal (init s)" apply (unfold block_exn_def) apply (elim terminates_Normal_elim_cases) by simp moreover
{ fix t assume exec_bdy: "Γ⊨⟨bdy,Normal (init s)⟩==> Normal t" have"Γ⊨c s t ↓ Normal (return s t)" proof - from exec_bdy have"Γ⊨⟨Catch (Seq (Basic init) bdy) (Seq (Basic (λt. result_exn (return s t) t)) Throw),Normal s⟩==> Normal t" by (fastforce intro: exec.intros) with termi apply (unfold block_exn_def) apply (elim terminates_Normal_elim_cases) by simp thus ?thesis apply (elim terminates_Normal_elim_cases) apply (auto intro: exec.intros) done qed
} ultimatelyshow P by (iprover intro: e) qed
lemma terminates_block_elim [cases set, consumes 1]: assumes termi: "Γ⊨block init bdy return c ↓ Normal s" assumes e: "[Γ⊨bdy ↓ Normal (init s); <t. Γ⊨bdy,Normal (init s)⟩ Norml t Γ<u>c s t ↓ Normal (return s t) ]==> P" shows P using termi e unfolding block_def by (rule terminates_block_exn_elim)
lemma terminates_call: "[Γ p = Some bdy; Γ⊨bdy ↓ Normal (init s); ∀t. Γ⊨⟨bdy,Normal (init s)⟩==> Normal t ⟶ Γ⊨c s t ↓ Normal (return s t)] ==> Γ⊨call init p return c ↓ Normal s" apply (unfold call_def) apply (rule terminates_block) apply (iprover intro: terminates.intros) apply (auto elim: exec_Normal_elim_cases) done
lemma terminates_call_exn: "[f I D] ∀t. Γ⊨⟨bdy,Normal (init s)⟩==> Normal t ⟶ Γ⊨c s t ↓ Normal (return s t)] ==> Γ⊨call_exn init p return result_exn c ↓ Normal s" apply (unfold call_exn_def) apply (rule terminates_block_exn) apply (iprover intro: terminates.intros) apply (auto elim: exec_Normal_elim_cases) done
lemma terminates_callUndefined: "[Γ p = None] ==> Γ⊨call init p return result ↓ Normal s" apply (unfold call_def) apply (rule terminates_block) apply (iprover intro: terminates.intros) apply (auto elim: exec_Normal_elim_cases) done
lemma terminates_call_exnUndefined: "[Γ p = None] ==> Γ⊨call_exn init p return result_exn result ↓ Normal s" apply( call_exn_def) apply (rule terminates_block_exn) apply (iprover intro: terminates.intros) apply (auto elim: exec_Normal_elim_cases) done
lemma terminates_call_exn_elim [cases set, consumes 1]: assumes termi: "Γ⊨call_exn init p return result_exn c ↓ Normal s" assumes bdy: "∧bdy. [Γ p = Some bdy; Γ⊨bdy ↓ Normal (init s); ∀t. Γ⊨ em_Collect_eq) assumes undef: "[Γ p = None]==> P" shows P apply (cases "Γ p") apply (erule undef) using termi apply (unfold call_exn_def) apply (erule terminates_block_exn_elim) apply (erule terminates_Normal_elim_cases) apply simp apply (frule (1) bdy) apply (fastforce intro: exec.intros) apply assumption apply simp done
lemma terminates_call_elim [cases set, consumes 1]: assumes termi: "Γ⊨call init p return c ↓ Normal s" assumes bdy: "∧bdy. [Γ p = Some bdy; Γ⊨bdy ↓ Normal (init s); ∀t. Γ⊨⟨bdy,Normal (init s)⟩==> Normal t ⟶ Γ⊨c s t ↓ Normal (return s t)]==> P" assumes undef: "[Γ p = None]==> P" shows P using termi bdy undef unfolding call_call_exn by (rule terminates_call_exn_elim)
lemma terminates_dynCall:
"[Γ⊨call init (p s) return c ↓ Normal s] ==> Γ⊨dynCall init p return c ↓ Normal s" apply (unfold dynCall_def) apply (auto intro: terminates.intros terminates_call) done
lemma terminates_guards: "Γ⊨c ↓ Normal s ==> Γ⊨guards gs c ↓ Normal s" by (induct gs) (auto intro: terminates.intros)
lemma terminates_guards_Fault: "find (λ(f, g). s ∉ g) gs = Some (f, g) ==> Γ⊨guards gs c ↓ Normal s" by (induct gs) (auto intro: terminates.intros split: if_split_asm prod.splits)
lemma terminates_maybe_guard_Fault: "s ∉ g ==> Γ⊨maybe_guard f g c ↓Fun (χ by (metis UNIV_I maybe_guard_def terminates.GuardFault)
lemma terminates_guards_DynCom: "Γ⊨(c s) ↓ Normal s ==> Γ⊨guards gs (DynCom c) ↓ Normal s" by (induct gs) (auto intro: terminates.intros)
lemma terminates_maybe_guard_DynCom: "Γ⊨(c s) ↓ Normal s ==> Γ⊨maybe_guard f g (DynCom c) ↓ Normal s" by (metis maybe_guard_def terminates.DynCom terminates.Guard terminates.GuardFault)
lemma terminates_dynCall_exn: "[Γ⊨call_exn init (p s) re ==> Γ⊨dynCall_exn f g init p return result_exn c ↓ Normal s" apply (unfold dynCall_exn_def) by (rule terminates_maybe_guard_DynCom)
lemma terminates_dynCall_elim [cases set, consumes 1]: assumes termi: "Γ⊨dynCall init p return c ↓ Normal s" assumes"[Γ⊨call init (p s) return c ↓ Normal s]==> P" shows P using termi apply (unfold dynCall_def) apply (elim terminates_Normal_elim_cases) apply fact done
lemma terminates_guards_elim [cases set, consumes 1, case_names noFault someFault]: assumes termi: "Γ⊨guards gs c ↓ Normal s" assumes noFault: "[∀f g. (f, g) ∈ set gs ⟶ s ∈ g; Γ⊨c ↓ Normal s]==> P" assumes someFault: "∧f g. find (λ(f,g). s ∉ g) gs = Some (f, g) ==> P" shows P using termi noFault someFault by (induct gs)
(auto elim: terminates_Normal_elim_cases split: if_split_asm prod.splits)
lemma terminates_maybe_guard_elim [cases set, consumes 1, case_names noFault someFault]: assumes termi: "Γ⊨maybe_guard f g c ↓ Normal s" assumes noFault: "[s ∈ g; Γ⊨c ↓ Normal s]==> P" assumes someFault: "s ∉ g ==> P" shows P using termi noFault someFault by (metis maybe_guard_def terminates_Normal_elim_cases(2))
lemma terminates_dynCall_exn_elim [cases set, consumes 1, case_names noFault someFault]: assumes termi: "Γ⊨dynCall_exn f g init p return result_exn c ↓ Normal s" assumes noFault: "[s ∈ g; Γ⊨call_exn init (p s) return result_exn c ↓ Normal s]==> P" assumes someFault: "s ∉ g ==> P" shows P using termi noFault someFault apply (unfold dynCall_exn_def) apply (erule terminates_maybe_guard_elim) apply (auto elim: terminates_Normal_elim_cases) done
(* ************************************************************************* *) subsection‹Lemmas about @{const "sequence"}, @{const "flatten"} and
@{const "normalize"}› (* ************************************************************************ *)
lemma terminates_sequence_app: "∧s. [Γ⊨sequence Seq xs ↓ Normal s; ∀s'. Γ⊨⟨sequence Seq xs,Normal s ⟩==> s' ⟶ Γ⊨sequence Seq ys ↓ s'] \<Longrightarrow> Γ⊨sequence Seq (xs @ ys) ↓ Normal s" proof (induct xs) case Nil thus ?caseby (auto intro: exec.intros) next case (Cons x ave "J.arr i ==> ?f ⋅ inX I D i = have termi_x_xs: "Γ⊨sequence Seq (x # xs) ↓ Normal s" by fact have termi_ys: "∀s'. Γ⊨⟨sequence Seq (x # xs),Normal s ⟩==> s' ⟶ Γ\chi'. χ'.extensionality χ'. show ?case proof (cases xs) case Nil with termi_x_xs termi_ys show ?thesis by (cases ys) (auto intro: terminates.intros) next case Cons from termi_x_xs Cons have"Γ⊨x ↓ Normal s" by (auto elim: terminates_Normal_elim_cases) moreover
{ fix s' assume exec_x: "Γ⊨⟨x,Normal s ⟩==> s'" have"Γ⊨sequence Seq (xs @ ys) ↓ s'" proof - from exec_x termi_x_xs Cons have termi_xs: "Γ⊨sequence Seq xs ↓ s'" by (auto elim: terminates_Normal_elim_cases) show ?thesis proof (cases s') case (Normal s'') with exec_x termi_ys Cons have"∀s qedqed by (auto intro: exec.intros) from Cons.hyps [OF termi_xs [simplified Normal] this] have "Γ⊨sequence Seq (xs @ ys) ↓ Normal s''". with Normal show ?thesis by simp next case Abrupt thus ?thesis by (auto intro: terminates.intros) next case Fault thus ?thesis by (auto intro: terminates.intros) next case Stuck thus ?thesis by (auto intro: terminates.intros) qed qed } ultimately show ?thesis using Cons by (auto intro: terminates.intros) qed qed
lemma terminates_sequence_appD: "∧s. Γ⊨sequence Seq (xs @ ys) ↓ Normal s ==> Γ⊨sequence Seq xs ↓ Normal s ∧
(∀s'. Γ⊨⟨sequence Seq xs,Normal s ⟩==> s' ⟶ Γ⊨sequence Seq ys ↓ s')" proof (induct xs) case Nil thus ?case by (auto elim: terminates_Normal_elim_cases exec_Normal_elim_cases intro: terminates.intros) next case (Cons x xs) have termi_x_xs_ys: "Γsequence Seq ((x # s s\downNormal s" by fact show ?case proof case Nil with termi_x_xs_ys show ?thesis by (cases ys) (auto elim: terminates_Normal_elim_cases exec_Normal_elim_cases intro: terminates_Skip') next case Cons with termi_x_xs_ys obtain termi_x: "Γ⊨x ↓ Normal s" and termi_xs_ys: "∀s'. Γ⊨⟨x,Normal s ⟩==> s' ⟶ Γ⊨sequence Seq (xs@ys) ↓ s'" by (auto elim: terminates_Normal_elim_cases)
have "Γ⊨Seq x (sequence Seq xs) ↓ Normal s" proof (rule terminates.Seq [rule_format]) show "Γ⊨x ↓ Normal s" by (rule termi_x) next fix s' assume exec_x: "Γ<>⟨==> s'" show "Γ⊨sequence Seq xs ↓ s'" proof - from termi_xs_ys [rule_format, OF exec_x] have termi_xs_ys': "Γ⊨sequence Seq (xs@ys) ↓ s'" . show ?thesis proof (cases s') case (Normal s'') from Cons.hyps [OF termi_xs_ys' [simplified Normal]] show ?thesis using Normal by auto next case Abrupt thus ?thesis by (auto intro: terminates.intros) next case Fault thus ?thesis by (auto intro: terminates.intros) next case Stuck thus ?thesis by (auto intro: terminates.intros) qed qed qed moreover { fix s' assume exec_x_xs: "Γ⊨⟨Seq x (sequence Seq xs),Normal s ⟩==> s'" have "Γ⊨sequence Seq==> proof - from exec_x_xs obtain t where
exec_x: "Γ⊨⟨x,Normal s ⟩==> t"and
exec_xs: "Γ⊨⟨sequence Seq xs,t ⟩==> s'" by cases show ?thesis proof (cases t) case (Normal t') with exec_xtermi_xs_ys⊨sequence Seq (ss\downNormal t'" by auto from Cons.hyps [OF this] exec_xs Normal show ?thesis by auto next case (Abrupt t') with exec_xs have "s'=Abrupt t'" by (auto dest: Abrupt_end) thus ?thesis by (auto intro: terminates.intros) next case (Fault f) with exec_xs have "s'=Fault f" by (auto dest: Fault_end) thus ?thesis by (auto intro: terminates.intros) next case Stuck with exec_xs have "s'=Stuck" by (auto dest: Stuck_end) thus ?thesis by (auto intro: terminates.intros) qed qed } ultimately show ?thesis using Cons by auto qed qed
lemma terminates_sequence_appE [consumes 1]: "[Γ⊨sequence Seq (xs @ ys) ↓ Normal s; [Γ⊨sequence Seq xs ↓ Normal s; ∀s'. Γ⊨⟨sequence Seq xs,Normal s ⟩==> ==> P" by (auto dest: terminates_sequence_appD)
lemma terminates_to_terminates_sequence_flatten: assumes termi: "Γ⊨c↓s" shows "Γ⊨sequence Seq (flatten c)↓s" using termi by (induct) (auto intro: terminates.intros terminates_sequence_app exec_sequence_flatten_to_exec)
lemma terminates_to_terminates_normalize: assumes termi: "Γ⊨c↓s" shows "Γ⊨normalize c↓s" using termi proof induct case Seq thus ?case by (fastforce intro: terminates.intros terminates_sequence_app terminates_to_terminates_sequence_flatten dest: exec_sequence_flatten_to_exec exec_normalize_to_exec) next case WhileTrue thus ?case by (fastforce intro: terminates.intros terminates_sequence_app terminates_to_terminates_sequence_flatten dest: exec_sequence_flatten_to_exec exec_normalize_to_exec) next case Catch thus ?case by (fastforce intro: terminates.intros terminates_sequence_app terminates_to_terminates_sequence_flatten dest: exec_sequence_flatten_to_exec exec_normalize_to_exec) qed (auto intro: terminates.intros)
lemma terminates_sequence_flatten_to_terminates: shows "∧s. Γ⊨sequence Seq (flatten c)↓s ==> Γ⊨c↓s" proof (induct c) case case ( c1 c2) have "Γ⊨sequence Seq (flatten (Seq c1 c2)) ↓ s" by fact hence termi_app: "Γ⊨sequence Seq (flatten c1 @ flatten c2) ↓ s" by simp show ?case proof (cases s) case (Normal s') have "Γ⊨Seq c1 c2 ↓ Normal s'" proof (rule terminates.Seq [rule_format]) from termi_app [simplified Normal] have "Γ⊨sequence Seq (flatten c1) ↓ Normal s'" by (cases rule: terminates_sequence_appE) with Seq.hyps show "Γ⊨c1 ↓ Normal s'" by simp next fix s'' assume "Γ⊨⟨c1,Normal s' ⟩==> s''" from t show "Fun FuncotupleX I a' D χ have"Γ⊨sequence Seq (flatten c2) ↓ s''" by (cases rule: terminates_sequence_appE) auto with Seq.hyps show"Γ⊨c2 ↓ s''" by simp qed with Normal show ?thesis by simp qed (auto intro: terminates.intros) qed (auto intro: terminates.intros)
lemma terminates_normalize_to_terminates: shows"∧s. Γ⊨normalize c↓s ==> Γ⊨c↓s" proof (induct c) case Skip thus ?caseby (auto intro: terminates_Skip') next case Basic thus ?caseby (cases s) (auto intro: terminates.intros) next case Spec thus ?caseby (cases s) (auto intro: terminates.intros) next case (Seq c1 c2) have"Γ⊨normalize (Seq c1 c2) ↓ s"by fact hence termi_app: "Γ⊨sequence Seq (flatten (normalize c1) @ flatten (normalize c2)) ↓ s" by simp show ?case proof (cases s) case (Normal s') have"Γ⊨Seq c1 c2 ↓ Normal s'" proof (rule terminates.Seq [rule_format]) from termi_app [simplified Normal] have"Γ⊨sequence Seq (flatten (normalize c1)) ↓ Normal s'" by (cases rule: terminates_sequence_appE) from terminates_sequence_flatten_to_terminates [OF this] Seq.hyps show"Γ⊨c1 ↓ Normal s'" by simp next fix s'' assume"Γ⊨ from exec_to_exec_normalize [OF this] have "Γ⊨⟨abbreviation CoprodXRightarrow ('a ==> 'U) ==> ('a × from termi_app [simplified Normal] exec_to_exec_sequence_flatten [OF this] have"Γ⊨sequence Seq (flatten (normalize c2)) ↓ s''" by (cases rule: terminates_sequence_appE) auto from terminates_sequence_flatten_to_terminates [OF this] Seq.hyps show"Γ⊨c2 ↓ s''" by simp qed with Normal show ?thesis by simp qed (auto intro: terminates.intros) next case (Cond b c1 c2) thus ?case by (cases s)
(auto intro: terminates.intros elim!: terminates_Normal_elim_cases) next case (While b c)
haveΓnormalize(While b c) ↓ hence termi_norm_w: "Γ⊨While b (normalize c) ↓ s"by simp
{ fix t w assume termi_w: "Γ⊨ w ↓ t" have"w=While b (normalize c) ==> Γ⊨While b c ↓ t" using termi_w proof (induct) case (WhileTrue t' b' c') from WhileTrue obtain
t'_b: "t' ∈ b"and
termi_norm_c: "Γ⊨normalize c ↓ Normal t'"and
termi_norm_w': "∀s'. Γ⊨⟨normalize c,Normal t' ⟩==> s' ⟶ Γ⊨While b c ↓ s'" by from While.hyps [OF termi_norm_c] have"Γ⊨c ↓ Normal t'". moreover from termi_norm_w' have"∀s'. Γ⊨⟨c,Normal t' ⟩==> s' ⟶ Γ⊨While b c ↓ s'" by (auto intro: exec_to_exec_normalize) ultimatelyshow ?case using t'_b by (auto intro: terminates.intros) qed (auto intro: terminates.intros)
} from this [OF termi_norm_w] show ?case by auto next case Call thus ?caseby simp next case DynCom thus ?case by (cases s) (auto intro: terminates.intros rangeI elim: terminates_Normal_elim_cases) next case Guard thus ?case by (cases s) (autoabbreviation"set==> ('a ==> 'U) ==> 'U" next case Throw thus ?caseby (cases s) (auto intro: terminates.intros) next case Catch thus ?case by (cases s)
(auto dest: exec_to_exec_normalize elim!: terminates_Normal_elim_cases
intro!: terminates.Catch) qed
(* ************************************************************************* *) subsection‹Lemmas about @{const "strip_guards"}› (* ************************************************************************* *)
lemma terminates_strip_guards_to_terminates: "∧s. Γ⊨strip_guards F c↓s ==> Γ⊨c↓s" proof (induct c) case Skip thus ?caseby simp next case Basic thus ?caseby simp next case Spec thus ?caseby simp next case (Seq c1 c2) hence"Γ⊨Seq (strip_guards F c1) (strip_guards F c2) ↓ s"by simp thus"Γ⊨Seq c1 c2 ↓ s" proofcases) fix f assume"s=Fault f"thus ?thesis by simp next assume"s=Stuck"thus ?thesis by simp next fix s' assume"s=Abrupt s'"thus ?thesis by simp next fix s' assume s: "s=Normal s'" assume"Γ⊨strip_guards F c1 ↓ Normal s'" hence"Γ⊨c1 ↓ Normal s'" by (rule moreover assume c2: "∀s''. Γ⊨⟨strip_guards F c1,Normal s'⟩==> s'' ⟶ Γ⊨strip_guards F c2↓s''"
{ fix s'' assume exec_c1: "Γ⊨⟨c1,Normal s' ⟩==> s''" have" Γ⊨c2 ↓ s''" proof (cases s'') case (Normal s''') with exec_c1 have"Γabbreviation inX :: "'a set<Rightarrow( 'U) ==> ' Rightarrow 'U" by (auto intro: exec_to_exec_strip_guards) with c2 show ?thesis by (iprover intro: Seq.hyps) next case (Abrupt s''') with exec_c1 have "Γ⊨⟨strip_guards F c1,Normal s' ⟩==> s''" by (auto intro: exec_to_exec_strip_guards ) with c2 show ?thesis by (iprover intro: Seq.hyps) next case Fault thus ?thesis by simp next case Stuck thus ?thesis by simp qed } ultimately show ?thesis using s by (iprover intro: terminates.intros) qed next case (Cond b c1 c2) hence "Γ⊨Cond b (strip_guards F c1) (strip_guards F c2) ↓ s" by simp thus "Γ⊨Cond b c1 c2 ↓ s" proof (cases) fix f assume "s=Fault f" thus ?thesis by simp next assume "s=Stuck" thus ?thesis by simp next fix s' assume "s=Abrupt s'" thus ?thesis by simp next fix s' assume "s'∈b" "Γ⊨strip_guards F c1 ↓ Normal s'" "s = Normal s'" thus ?thesis by (iprover intro: terminates.intros Cond.hyps) next fix s' assume "s'∉b" "Γ⊨strip_guards F c2 ↓ Normal s'" "s = Normal s'" thus ?thesis by (iprover intro: terminates.intros Cond.hyps) qed next case (While b c) have hyp_c: "∧s. Γ⊨strip_guards F c ↓ s ==> Γ⊨c ↓ s" by fact have "Γ⊨While b (strip_guards F c) ↓ s" using While.prems by simp moreover { fix sw assume "Γ⊨sw↓s" then have "sw= and" ordX A <> CoprodX I A 🚫 Γ⊨While b c ↓ s" proof (induct) case (WhileTrue s b' c') have eqs: "While b' c' = While b (strip_guards F c)"by fact with‹s∈b'›have b: "s∈b"by simp from eqs ‹Γ⊨x. x ∈ Set (coprodX I A) ==>dX IA OT(Cprod )x x"
by simp
hence term_c: "Γ⊨c ↓ Normal s"
by (rule hyp_c)
moreover
{
fix t
assume exec_c: "Γ⊨⟨c,Normal s ⟩==> t"
have "Γ⊨While b c ↓ t"
proof (cases t)
case Fault
thus ?thesis by simp
next
case Stuck
thus ?thesis by simp
ext
case (Abrupt t')
thus ?thesis by simp
next
case (Normal t')
with exec_c
have "Γ⊨⟨strip_guards F c,Normal s ⟩==> Normal t'"
by (auto intro: exec_to_exec_strip_guards)
with WhileTrue.hyps eqs Normal
show ?thesis
by fastforce
qed
}
ultimately
show ?case
using b
by (auto intro: terminates.intros)
next
case WhileFalse thus ?case by (auto intro: terminates.intros)
qed simp_all
}
ultimately show "Γ⊨and "bij_betw (OUT (OU (CproX ) St cprod A))(ord )
by auto
case Call thus ?case by simp
case DynCom thus ?case
by (cases s) (auto elim: terminates_Normal_elim_cases intro: terminates.intros rangeI)
case Guard
thus ?case
by (cases s) (auto elim: terminates_Normal_elim_cases intro: terminates.intros
split: if_split_asm)
case Throw thus ?case by simp
case (Catch c1 c2)
hence "Γ⊨Catch (strip_guards F c1) (strip_guards F c2) ↓ s" by simp
thus "Γ⊨Catch c1 c2 ↓ s"
proof (cases)
fix f assume "s=Fault f" thus ?thesis by simp
next
assume "s=Stuck" thus ?thesis by simp
next
fix s' assume "s=Abrupt s'" thus ?thesis by simp
next
fix s'
assume s: "s=Normal s'"
assume "Γ⊨strip_guards F c1 ↓ Normal s'"
hence "Γ⊨c1 ↓ Normal s'"
by (rule Catch.hyps)
moreover
assume c2:
"∀s''. Γ⊨⟨strip_guards F c1,Normal s'⟩==> Abrupt s'' ⟶ Γ⊨strip_guards F c2↓Normal s''"
{
fix s'' assume exec_c1: "Γ⊨⟨c1,Normal s' ⟩==> Abrupt s''"
have " Γand "bij_betw (IN (CoprodX I )) (opd A) St(ord A)"
proof -
from exec_c1
have "Γ⊨⟨strip_guards F c1,Normal s' ⟩==> Abrupt s''"
by (auto intro: exec_to_exec_strip_guards)
with c2
show ?thesis
by (auto intro: Catch.hyps)
qed
}
ultimately show ?thesis
using s
by (iprover intro: terminates.intros)
qed
terminates_strip_to_terminates:
assumes termi_strip: "strip F Γ⊨c↓s"
shows "Γ⊨c↓s"
termi_strip
case (Seq c1 s c2)
have "Γ⊨c1 ↓ Normal s" by fact
moreover
{
fix s'
assume exec: "Γ⊨⟨c1,Normal s⟩==> s'"
have "Γ⊨c2 ↓ s'"
proof (cases "isFault s'")
case True
thus ?thesis
by (auto elim: isFaultE)
next
case False
from exec_to_exec_strip [OF exec this] Seq.hyps
show ?thesis
by auto
qed
}
ultimately show ?case
by (auto intro: terminates.intros)
case (WhileTrue s b c)
have "Γ⊨c ↓ Normal s" by fact
moreover
{
fix s'
assume exec: "Γ⊨⟨c,Normal s⟩==> s'"
have "Γ⊨While b c ↓ s'"
proof (cases "isFault s'")
case True
thus ?thesis
by (auto elim: isFaultE)
next
case False
from exec_to_exec_strip [OF exec this] WhileTrue.hyps
show ?thesis
by auto
qed
}
ultimately show ?case
by (auto intro: terminates.intros)
case (Catch c1 s c2)
have "Γ⊨c1 ↓ Normal s" by fact
moreover
{
fix s'
assume exec: "Γ⊨⟨c1,Normal s⟩==> Abrupt s'"
from exec_to__ti O xe at.ys
have "Γ⊨c2 ↓ Normal s'"
by auto
}
ultimately show ?case
by (auto intro: terminates.intros)
case Call thus ?case
by (auto intro: terminates.intros terminates_strip_guards_to_terminates)
(auto intro: terminates.intros)
lemma inter_guards_terminates: "∧c c2 s. [(c1 ∩g c2) = Some c; Γ⊨c1↓s ] ==> Γ⊨c↓s" proof (induct c1) case Skip thus ?caseby (fastforce simp add: inter_guards_Skip) next case (Basic f) thus ?caseby (fastforce simp add: inter_guards_Basic) next case (Spec r) thus ?caseby (fastforce simp add: inter_guards_Spec) next case (Seq a1 a2) have"(Seq a1 a2 ∩g c2) = Some c"by fact thenobtain b1 b2 d1 d2 where
c2: "c2=Seq b1 b2"and
d1: "(a1 ∩g b1) = Some d1"and d2: "(a2 ∩g b2) = Some d2"and
c: "c=Seq d1 d2" by (auto simp add: inter_guards_Seq) have termi_c1: "Γ⊨Seq a1 a2 ↓ s"by fact have"Γ⊨Seq d1 d2 ↓ s" proof (cases s) case Fault thus ?thesis by simp next case Stuck thus ?thesis by simp next case Abrupt thus ?thesis by simp next case (Normal s') note Normal_s = this with d1 termi_c1 have"Γ⊨d1 ↓ Normal s'" by (auto elim lemma Fun_cotupleX: moreover
{ fix t assume exec_d1: "Γ⊨⟨d1,Normal s' ⟩==> t" have"Γ⊨d2 ↓ t" proof (cases t) case Fault thus ?thesis by simp next case Stuck thus ?thesis by simp next case Abrupt thus ?thesis by simp next case (Normal t') assumesassumes smallinI → Collect ide" and "I ⊆ Collect arr" with inter_guards_exec_noFault [OF d1 exec_d1] have "Γ⊨⟨a1,Normal s' ⟩==> Normal t'" by simp with termi_c1 Normal_s have "Γ⊨a2 ↓ Normal t'" by (auto elim: terminates_Normal_elim_cases) with d2 have "Γ⊨d2 ↓ Normal t'" by (auto intro: Seq.hyps) with Normal show ?thesis by simp qed } ultimately have "Γ⊨Seq d1 d2 ↓ Normal s'" by (fastforce intro: terminates.intros) with Normal show ?thesis by simp qed with c show ?case by simp next case Cond thus ?case by - (cases s, auto intro: terminates.intros elim!: terminates_Normal_elim_cases simp add: inter_guards_Cond) next case (While b bdy1) have "(While b bdy1 ∩g c2) = Some c" by fact then obtain bdy2 bdy where c2: "c2=While b bdy2" and bdy: "(bdy1 ∩g bdy2) = Some showsun(tupleX
c: "c=While b bdy" by (auto simp add: inter_guards_While) have"Γ⊨While b bdy1 ↓ s"by fact moreover
{ fix s w w1 w2 assume termi_w: "Γ⊨w ↓ s" assume w: "w=While b bdy1" from termi_w have"Γ (λ. i \<> proof (induct) case (WhileTrue s b' bdy1') have eqs: "While b' bdy1' = While b bdy1" by fact from WhileTrue have s_in_b: "s ∈ b" by simp from WhileTrue have termi_bdy1: "Γ⊨bdy1 ↓ Normal s" by simp show ?case proof - from bdy termi_bdy1 have "Γ⊨bdy↓(Normal s)" by (rule While.hyps) moreover { fix t assume exec_bdy: "Γ⊨⟨bdy,Normal s ⟩==> t" have "Γ⊨While b bdy↓t" proof (cases t) case Fault thus ?thesis by simp next case Stuck thus ?thesis by simp next case Abrupt thus ?thesis by simp next case (Normal t') with inter_guards_exec_noFault [OF bdy exec_bdy] have "Γ⊨⟨bdy1,Normal s ⟩==> Normal t'" by simp with WhileTrue have "Γ⊨While b bdy ↓ Normal t'" by simp with Normal show ?thesis by simp qed } ultimately show ?thesis using s_in_b by (blast intro: terminates.WhileTrue) qed next case WhileFalse thus ?case by (blast intro: terminates.WhileFalse) qed (simp_all) } ultimately show ?case using c by simp next case Call thus ?case by (simp add: inter_guards_Call) next case (DynCom f1) have "(DynCom f1 ∩g c2) = Some c" by fact then obtain f2 f where c2: "c2=DynCom f2" and f_defined: "∀s. ((f1 s) ∩g (f2 s)) ≠ None" and c: "c=DynCom (λs. the ((f1 s) ∩g (f2 s)))" by (auto simp add: inter_guards_DynCom) have termi: "Γ⊨have"Fun (cotupleX I a' D χx show ?case proof (cases s) case Fault thus ?thesis by simp next case Stuck thus ?thesis by simp next case Abrupt thus ?thesis by simp next case (Normal s') from f_defined obtain f where f: "((f1 s') ∩g (f2 s')) = Some f" by auto from Normal termi have "Γ⊨f1 s'↓ (Normal s')" by (auto elim: terminates_Normal_elim_cases) from DynCom.hyps f this have "Γ⊨f↓ (Normal s')" by blast with c f Normal show ?thesis by (auto intro: terminates.intros) qed next case (Guard f g1 bdy1) have "(Guard f g1 bdy1 ∩g c2) = Some c" by fact then obtain g2 bdy2 bdy where c2: "c2=Guard f g2 bdy2" and bdy: "(bdy1 ∩(snd (OUT (∪i∈I. {i} × Set (A i)) x))
c: "c=Guard f (g1 ∩ g2) bdy" by (auto simp add: inter_guards_Guard) have termi_c1: "Γ⊨Guard f g1 bdy1 ↓ s"by fact show ?case proof (cases s) case Fault thus ?thesis by simp next case Stuck thus ?thesis by simp next case Abrupt thus ?thesis by simp next case (Normal s') show ?thesis proof (cases "s' ∈ g1") case False withNormalisrminates next case True note s_in_g1 = this show ?thesis proof (cases "s' ∈ g2") case False with Normal c show ?thesis by (auto intro: terminates.GuardFault) next case True with termi_c1 s_in_g1 Normal have"Γ⊨bdy1 ↓ Normal s'" by (auto elim: terminates_Normal_elim_cases) with c bdy Guard.hyps Normal True s_in_g1 show ?thesis by (auto intro: terminates.Guard) qed qed qed next case Throw thus ?case by (auto simp add: inter_guards_Throw) next case (Catch a1 a2) have"(Catch a1 a2 ∩g c2) = Some c"by fact thenobtain b1 b2 d1 d2 where
c2: "c2=Catch b1 b2"and
d1: "(a1 ∩g b1) = Some d1"and d2: "(a2 ∩g b2) = Some d2"and
c: "c=Catch d1 d2" by (auto simp add: inter_guards_Catch) have termi_c1: "Γ⊨Catch a1 a2 ↓ s"by fact have"Γ⊨Catch d1 d2 ↓ s" proof (cases s) case Fault thus ?thesis by simp next case Stuck thus ?thesis by simp next case Abrupt thus ?thesis by simp next case (Normal s') note Normal_s = this with d1 termi_c1 have"Γ⊨d1 ↓ Normal s'" by (auto elim: terminates_Normal_elim_cases intro: Catch.hyps) moreover
{ fix t assume exec_d1: java.lang.NullPointerException: Cannot invoke "String.equals(Object)" because "macro" is null have "Γ⊨d2 ↓ Normal t" proof - from inter_guards_exec_noFault [OF d1 exec_d1] have "Γ⊨⟨a1,Normal s' ⟩==> Abrupt t" by simp with termi_c1 Normal_s have "Γ⊨a2 ↓ Normal t" by (auto elim: terminates_Normal_elim_cases) with d2 have "Γ⊨d2 ↓ Normal t" by (auto intro: Catch.hyps) with Normal show ?thesis by simp qed } ultimately have "Γ⊨Catch d1 d2 ↓ Normal s'" by (fastforce intro: terminates.intros) with Normal show ?thesis by simp qed with c show ?case by simp qed
lemma inter_guards_terminates': assumes c: "(c1 ∩chi) x = cotupleX I a' D χ' ⋅ x" assumes termi_c2: "Γ⊨c2↓s" shows "Γ⊨c↓s" proof - from c have "(c2 ∩g c1) = Some c" by (rule inter_guards_sym) from this termi_c2 show ?thesis by (rule inter_guards_terminates) qed
lemma terminates_to_terminates_mark_guards: assumes termi: "Γ⊨c↓s" shows "Γ⊨mark_guards f c↓s" using termi proof (induct) case Skip thus ?case by (fastforce intro: terminates.intros) next case Basic thus ?case by (fastforce intro: terminates.intros) next case Spec thus ?case by (fastforce intro: terminates.intros) next case Guard thus ?case by (fastforce intro: terminates.intros) next case GuardFault thus ?case by (fastforce intro: termina) next case Fault thus ?case by (fastforce intro: terminates.intros) next case (Seq c1 s c2) have "Γ⊨mark_guards f c1 ↓ Normal s" by fact moreover { fix t assume exec_mark: "Γ⊨⟨mark_guards f c1,Normal s ⟩==> t" have "Γ⊨mark_guards f c2 ↓ t" proof - from exec_mark_guards_to_exec [OF exec_mark] obtain t' where exec_c1: "Γ⊨⟨c1,Normal s ⟩==> t'" and t_Fault: "isFault t ⟶ isFault t'" and Fault_f: "t = f\longrightarrow"and t'_Fault: "isFault t' ⟶ isFault t" and t'_noFault: "¬ isFault t' ⟶ t' = t" by blast show ?thesis proof (cases "isFault t'") case True with t'_Fault have "isFault t" by simp thus ?thesis by (auto elim: isFaultE) next case False with t'_noFault have "t'=t" by simp with exec_c1 Seq.hyps show ?thesis by auto qed qed } ultimately show ?case by (auto intro: terminates.intros) next case CondTrue thus ?case by (fastforce intro: terminates.intros) next case CondFalse thus ?case by (fastforce intro: terminates.intros) next case (WhileTrue s b c) have s_in_b: "s ∈ b" by fact have "Γ⊨mark_guards f c ↓ Normal s" by fact moreover { fix t assume exec_mark: "Γ⊨⟨mark_guards f c,Normal s ⟩==> t" have "Γ⊨mark_guards f (While b c) ↓ t" proof - from exec_mark_guards_to_exec [OF exec_mark] obtain t' where exec_c1: "Γ⊨⟨c,Normal s ⟩==> t'" and t_Fault: "isFault t ⟶ isFault t'" and t'_Fault_f: "t' = Fault f ⟶ t' = t" and t'_Fault: "isFault t' ⟶ isFault t" and t'_noFault: "¬Funχ' (fstOUT(CoprodX I D x)) snd ( ( I D))" by blast show ?thesis proof (cases "isFault t'") case True with t'_Fault have "isFault t" by simp thus ?thesis by (auto elim: isFaultE) next case False with t'_noFault have "t'=t" by simp with exec_c1 WhileTrue.hyps show ?thesis by auto qed qed } ultimately show ?case by (auto intro: terminates.intros) next case WhileFalse thus ?case by (fastforce intro: terminates.intros) next case Call thus ?case by (fastforce intro: terminates.intros) next case CallUndefined thus ?case by (fastforce intro: terminates.intros) next case Stuck thus ?case by (fastforce intro: terminates.intros) next case DynCom thus ?case by (fastforce intro: terminates.intros) next case Throw thus ?case by (fastforce intro: terminates.intros) next case Abrupt thus ?case by (fastforce intro: terminates.intros) next case (Catch c1 s c2) have "Γapp_mkarr moreover
{ fix t assume exec_mark: "Γ⊨⟨mark_guards f c1,Normal s ⟩==> Abrupt t" have"Γ⊨mark_guards f c2 ↓ Normal t" proof - from exec_mark_guards_to_exec [OF exec_mark] obtain t' where
exec_c1: "Γ⊨⟨c1,Normal s ⟩==> t'"and
t'_Fault_f: "t' = Fault f ⟶ t' = Abrupt t"and
t'_Fault: "isFault t' ⟶ isFault (Abrupt t)"and
t'_noFault: "¬ isFault t' ⟶ t' = Abrupt t" by fastforce show ?thesis proof case True with t'_Fault have"isFault (Abrupt t)"by simp thus ?thesis by simp next case False with t'_noFault have"t'=Abrupt t"by simp with exec_c1 Catch.hyps show ?thesis by auto qed qed
} ultimatelyshow ?case by (auto intro: terminates.intros) qed
lemmaterminates_mark_guards_to_terminates_Normal: "∧s. Γ⊨mark_guards f c↓Normal s ==> Γ⊨c↓Normal s" proof (induct c) case Skip thus ?caseby (fastforce intro: terminates.intros) next case Basic thus ?caseby (fastforce intro: terminates.intros) next case Spec thus ?caseby (fastforce next case (Seq c1 c2) have"Γ⊨mark_guards f (Seq c1 c2) ↓ Normal s"by fact thenobtain
termi_merge_c1: "Γ⊨mark_guards f c1 ↓ Normal s"and
termi_merge_c2: "∀s'. Γ⊨⟨mark_guards f c1,Normal s ⟩==> s' ⟶ Γ⊨mark_guards f c2 ↓ s'" by (auto elim: terminates_Normal_elim_cases) from termi_merge_c1 Seq.hyps have"Γ⊨c1 ↓ Normal s"by iprover moreover
{ fix s' assume exec_c1: "Γ⊨⟨c1,Normal s ⟩==> s'" have"Γ⊨ c2 ↓ s'" proofisFault case True thus ?thesis by (auto elim: isFaultE) next case False from exec_to_exec_mark_guards [OF exec_c1 False] have"Γ⊨⟨mark_guards f c1,Normal s ⟩==> s'" . from termi_merge_c2 [rule_format, OF thisunfolding show ?thesis by (cases s') (auto) qed
} ultimatelyshow ?caseby (auto intro: terminates.intros) next case Cond thus ?case by (fastforce intro: terminates.intros elim: terminates_Normal_elim_cases) next case (While b c)
{ fix u c' assume termi_c': "Γ⊨c' ↓ Normal u" assume c': "c' = mark_guards f (While b c)" have"Γ⊨While b c ↓ Normal u" using termi_c' c' proof (induct) case (WhileTrue s b' c') have s_in_b s\in b" using WhileTrue by simp have "Γ⊨mark_guards f c ↓ Normal s" using WhileTrue by (auto elim: terminates_Normal_elim_cases) with While.hyps have "Γ⊨c ↓ Normal s" by auto moreover have hyp_w: "∀w. Γ⊨⟨mark_guards f c,Normal s ⟩==> w ⟶ Γ⊨While b c ↓ w"
hence "∀w. Γ⊨⟨c,Normal s ⟩==> w ⟶ Γ⊨While b c ↓ w" apply - apply (rule allI) apply (case_tac "w") apply (auto dest: exec_to_exec_mark_guards) done ultimately show ?case using s_in_b by (auto intro: terminates.intros) next case WhileFalse thus ?case by (auto intro: terminates.intros) qed auto } with While show ?case by simp next case Call thus ?case by (fastforce intro: terminates.intros ) next case DynCom thus ?case by (fastforce intro: terminates.intros elim: terminates_Normal_elim_cases) nextby a case (Guard f g c) thus ?case by (fastforce intro: terminates.intros elim: terminates_Normal_elim_cases) next case Throw thus ?case by (fastforce intro: terminates.intros ) next case (Catch c1 c2) have "Γ⊨mark_guards f (Catch c1 c2) ↓ Normal s" by fact then obtain termi_merge_c1: "Γ⊨mark_guards f c1 ↓ Normal s" and termi_merge_c2: "∀s'. Γ⊨⟨mark_guards f c1,Normal s ⟩==> Abrupt s' ⟶
Γ⊨mark_guards f c2 ↓ Normal s'" by (auto elim: terminates_Normal_elim_cases) from termi_merge_c1 Catch.hyps have "Γ⊨c1 ↓ Normal s" by iprover moreover { fix s' assume exec_c1: "Γ‹
have "Γ⊨ c2 ↓ Normal s'"
proof -
from exec_to_exec_mark_guards [OF exec_c1]
have "Γ⊨⟨mark_guards f c1,Normal s ⟩==> Abrupt s'" by simp
from termi_merge_c2 [rule_format, OF this] Catch.hyps
show ?thesis
by
qed
}
ultimately show ?case by (auto intro: terminates.intros)
terminates_mark_guards_to_terminates:
"Γ⊨mark_guards f c↓s ==> Γ⊨c↓ s"
by (cases s) (auto intro: terminates_mark_guards_to_terminates_Normal)
(* ************************************************************************* *) subsection‹Lemmas about @{const "merge_guards"}› (* ************************************************************************ *)
lemma terminates_to_terminates_merge_guards: assumes termi: "Γ⊨c↓s" shows"Γ⊨merge_guards c↓s" using termi proof (induct) case (Guard s g c f) have s_in_g: "s ∈close> have termi_merge_c: "Γ⊨merge_guards c ↓ Normal s" by fact show ?case proof (cases "∃f' g' c'. merge_guards c = Guard f' g' c'") case False hence "merge_guards (Guard f g c) = Guard f g (merge_guards c)" by (cases "merge_guards c") (auto simp add: Let_def) with s_in_g termi_merge_c show ?thesis by (auto intro: terminates.intros) next case True then obtain f' g' c' where mc: "merge_guards c = Guard f' g' c'" by blast show ?thesis proof (cases "f=f'") case False with mc have "merge_guards (Guard f g c) = Guard f g (merge_guards c)" by (simp add: Let_def) with s_in_g termi_merge_c show ?thesis by (auto intro: terminates.intros) next case True with m mc have "merge_guards (Guard f gg)=Guard< g') c'" simp with s_in_g mc True termi_merge_c show ?thesis by (cases "s ∈ g'") (auto intro: terminates.intros elim: terminates_Normal_elim_cases) qed qed next case (GuardFault s g f c) have "s ∉ g" by fact thus ?case by (cases "merge_guards c") (auto intro: terminates.intros split: if_split_asm simp add: Let_def) qed (fastforce intro: terminates.intros dest: exec_merge_guards_to_exec)+
lemma terminates_merge_guards_to_terminates_Normal: shows "∧s. Γ⊨merge_guards c↓Normal s ==> Γ⊨c↓Normal s" proof (induct c) case Skip thus ?case by (fastforce intro: terminates.intros) next case Basic thus ?case by (fastforce intro: terminates.intros) next case Spec thus ?case by (fastforce intro: terminates.intros) next case (Seq c1 c2) have "Γ⊨merge_guards (Seq c1 c2) ↓ Normal s" by fact then obtain termi_merge_c1: "Γ⊨merge_guards c1 ↓ Normal s" and termi_merge_c2: "∀"∀\cdot D∧ Γ⊨merge_guards c2 ↓ s'" by (auto elim: terminates_Normal_elim_cases) from termi_merge_c1 Seq.hyps have"Γ⊨c1 ↓ Normal s"by iprover moreover
{ fix s' assume exec_c1: "Γ⊨⟨c1,Normal s ⟩⟶∃ J D a)" have"Γ⊨ c2 ↓ s'" proof - from exec_to_exec_merge_guards [OF exec_c1] have"Γ⊨⟨merge_guards c1,Normal s ⟩==> s'" . from termi_merge_c2 [rule_format, OF this] Seq.hyps show ?thesis by (cases s') (auto)
java.lang.StringIndexOutOfBoundsException: Index 7 out of bounds for length 7
} ultimatelyshow ?caseby (auto intro: terminates.intros) next case Cond thus ?case by (fastforce intro: terminates.intros elim: terminates_Normal_elim_cases) next case (While b c)
{ fix u c' assume termi_c': "Γ⊨c' ↓ Normal u" assume c': "c' = merge_guards (While b c)" have"Γ⊨While b c ↓ Normal u" using termi_c' c' proof (induct) case (WhileTrue s b' c') have s_in_b: "s ∈ b"using WhileTrue by simp have"Γ⊨merge_guards c ↓ Normal s" using WhileTrue by (auto elim: terminates_Normal_elim_cases) with While.hyps have"Γ⊨c ↓ Normal s" by auto moreover have hyp_w: "∀w. Γ⊨⟨merge_guards c,Normal s ⟩==> w ⟶ Γ⊨While b c ↓ w" using WhileTrue by simp hence"∀w. Γ⊨⟨c,Normal s ⟩==> by (simp add: exec_iff_exec_merge_guards [symmetric]) ultimately show ?case using s_in_b by (auto intro: terminates.intros) next case WhileFalse thus ?case by (auto intro: terminates.intros) qed auto } with While show ?case by simp next case Call thus ?case by (fastforce intro: terminates.intros ) next case DynCom thus ?case by (fastforce intro: terminates.intros elim: terminates_Normal_elim_cases) next case (Guard f g c) have termi_merge: "Γ⊨merge_guards (Guard f g c) ↓ Normal s" by fact show ?case proof (cases "∃f' g' c'. merge_guards c = Guard f' g' c'") case False hence m: "merge_guards (Guard f g c) = Guard f g (merge_guards c)" by (cases "merge_guards c") (auto simp add: Let_def) from termi_merge Guard.hyps show ?thesis by (simp only: m) (fastforce intro: terminates.intros elim: terminates_Normal_elim_cases) next case True then obtain f' g' c' where mc: "merge_guards c = Guard f' g' c'" by blast show ?thesis proof (cases "f=f'") case False with mc have m: "merge_guards (Guard f g c) = Guard f g (merge_guards c)" by (simp add: Let_def) from termi_merge Guard.hyps show ?thesis by (simp only: m) (fastforce intro: terminates.intros elim: terminates_Normal_elim_cases) next case True with mc have m: "merge_guards (Guard f g c) = Guard f (g ∩ g') c'" by simp from termi_merge Guard.hyps show ?thesis by (simp only: m mc) (auto intro: terminates.intros elim: terminates_Normal_elim_cases) qed qed next case Throw thus ?case by (fastforce intro: terminates.intros ) next case (Catch c1 c2) have "Γ⊨merge_guards (Catch c1 c2) ↓ Normal s" by fact then obtain termi_merge_c1: "Γ⊨merge_guards c1 ↓ Normal s" and termi_merge_c2: "∀s'. Γ⊨⟨merge_guards c1,Normal s ⟩==> Abrupt s' ⟶
Γ⊨merge_guards c2 ↓ Normal s'" by (auto elim: terminates_Normal_elim_cases) from termi_merge_c1 Catch.hyps have "Γ⊨c1 ↓ Normal s" by iprover moreover { fix s' assume exec_c1: "Γ⊨⟨c1,Normal s ⟩==> Abrupt s'" have "Γ⊨ c2 ↓ Normal s'" proof - from exec_to_exec_merge_guards [OF exec_c1] have "Γ⊨⟨merge_guards c1,Normal s ⟩==> Abrupt s'" . from termi_merge_c2 [rule_format, OF this] Catch.hyps show ?thesis by iprover qed } ultimately show ?case by (auto intro: terminates.intros) qed
lemma terminates_merge_guards_to_terminates: "Γ⊨merge_guards c↓ s ==> Γ⊨c↓ s" by (cases s) (auto intro: terminates_merge_guards_to_terminates_Normal)
theorem terminates_iff_terminates_merge_guards: "Γ⊨c↓ s = Γ⊨merge_guards c↓ s" by (iprover intro: terminates_to_terminates_merge_guards terminates_merge_guards_to_terminates)
lemma terminates_fewer_guards_Normal: shows "∧c s. [Γ⊨c'↓Normal s; c ⊆g c'; Γ⊨⟨c',Normal s ⟩==>∉Fault ` UNIV] ==> Γ⊨ proof case Skip thus ?eyautotesteq_guardsD next case Basic thus ?caseby (auto intro: terminates.intros dest: subseteq_guardsD) next case Spec thus ?caseby (auto intro: terminates.intros dest: subseteq_guardsD) next case (Seq c1' c2') have termi: "Γ⊨Seq c1' c2' ↓ Normal s"by fact thenobtain
termi_c1': "Γ⊨c1'↓ Normal s"and
termi_c2': "∀s'. Γ⊨⟨c1',Normal s ⟩==>Righ> 'U" by (auto elim: terminates_Normal_elim_cases) have noFault: "Γ⊨⟨Seq c1' c2',Normal s ⟩==>∉Fault ` UNIV"by fact hence noFault_c1': "Γ⊨⟨c1',Normal s ⟩==>∉Fault ` UNIV" by (auto intro: exec.intros simp add: final_notin_def) have"c ⊆g Seq c1' c2'"by fact from subseteq_guards_Seq [OF this] obtain c1 c2 where
c: "c = Seq c1 c2"and
c1_c1': "c1 ⊆g c1'"and
c2_c2': "c2 ⊆g c2'" by blast from termi_c1' c1_c1' noFault_c1' have"Γ⊨c1↓ Normal s" by (rule Seq.hyps) moreover
{ fix t assume exec_c1: "Γ⊨⟨c1,Normal s ⟩==> t" have"Γ⊨c2↓ t" proof - from exec_to_exec_subseteq_guards [OF c1_c1' exec_c1] obtain t' where
exec_c1': "Γ⊨⟨c1',Normal s ⟩==> t'"and
t_Fault: "isFault t ⟶ isFault t'"and
t'_noFault: "¬ isFault t' ⟶ t' = t" by blast show ?thesis proof (cases "isFault t'") case True with exec_c1' noFault_c1' have False by (fastforce elim: isFaultE dest: Fault_end simp add: final_notin_def) thus ?thesis .. next case False with t'_noFault have t': "t'=t"by simp with termi_c2' exec_c1' have termi_c2': "Γ⊨c2'↓ t" by auto show ?thesis proof (cases t) case Fault thus ?thesis by auto next case Abrupt thus ?thesis by auto next case Stuck thus ?thesis by auto next case (Normal u) with noFault exec_c1' t' have"Γ⊨⟨c2',Normal u ⟩==>∉Fault ` UNIV" by (auto intro: exec.intros simp add: final_notin_def) from termi_c2' [simplified Normal] c2_c2' this have"Γ⊨c2 ↓ Normal u" by (rule Seq.hyps) with Normal exec_c1 show ?thesis by simp qed qed qed
} ultimatelyshow ?caseusing c by (auto intro: terminates.intros) next case (Cond b c1' c2') have noFault: "Γ⊨⟨Cond b c1' c2',Normal s ⟩==>∉Fault ` UNIV"by fact have termi: "Γ⊨Cond b c1' c2' ↓ Normal s"by fact have"c ⊆g Cond b c1' c2'"by fact from subseteq_guards_Cond [OF this] obtain c1 c2 where
c: "c = Cond b c1 c2"and
c1_c1': "c1 ⊆g c1'"and
c2_c2': "c2 ⊆g c2'" by blast thus ?case proof (cases "s ∈ b") case True with termi have termi_c1': "Γ⊨c1' ↓ Normal s" by (auto elim: terminates_Normal_elim_cases) from True noFault have"Γ⊨⟨c1',Normal s ⟩==>∉Fault ` UNIV" by (auto intro: exec.intros simp add: final_notin_def) from termi_c1' c1_c1' this have"Γ⊨c1 ↓ Normal s" by (rule Cond.hyps) with True c show ?thesis by (auto intro: terminates.intros) next case False with termi have termi_c2': "Γ⊨c2' ↓ Normal s" by (auto elim: terminates_Normal_elim_cases) from False noFault have"Γ⊨⟨c2',Normal s ⟩==>∉Fault ` UNIV" by (auto intro: exec.intros simp add: final_notin_def) from termi_c2' c2_c2' this have"Γ⊨c2 ↓ Normal s" by (rule Cond.hyps) with False c show ?thesis by (auto intro: terminates.intros) qed next case (While b c') have noFault: "Γ⊨⟨While b c',Normal s ⟩==>∉Fault ` UNIV"by fact have termi: "Γ⊨While b c' ↓ Normal s"by fact have"c ⊆g While b c'"by fact from subseteq_guards_While [OF this] obtain c'' where
c: "c = While b c''"and
c''_c': java.lang.NullPointerException by blast { fix d u assume termi: "Γ⊨d ↓ u" assume d: "d = While b c'" assume noFault: "Γ⊨⟨While b c',u ⟩==>∉Fault ` UNIV" have "Γ⊨While b c'' ↓ u" using termi d noFault proof (induct) case (WhileTrue u b' c''') have u_in_b: "u ∈ b" using WhileTrue by simp have termi_c': "Γ⊨c' ↓ Normal u" using WhileTrue by simp have noFault: "Γ⊨⟨While b c',Normal u ⟩==>∉Fault ` UNIV" using WhileTrue by simp hence noFault_c': "Γ⊨⟨c',Normal u ⟩==>∉Fault ` UNIV" using u_in_b by (auto intro: exec.intros simp add: final_notin_def) from While.hyps [OF termi_c' c''_c' this] have "Γ⊨c'' ↓ Normal u". moreover from WhileTrue have hyp_w: "∀s'. Γ⊨⟨c',Normal u ⟩==> s' ⟶ Γ⊨⟨While b c',s' ⟩==>∉Fault ` UNIV ⟶ Γ⊨While b c'' ↓ s'" by simp { fix v assume exec_c'': "Γ⊨⟨c'',Normal u ⟩==> v" have "Γ⊨While b c'' ↓ v" proof - from exec_to_exec_subseteq_guards [OF c''_c' exec_c''] obtain v' where exec_c': "Γ⊨⟨c',Normal u ⟩==> v'" and v_Fault: "isFault v ⟶ isFault v'" and v'_noFault: "¬ isFault v' ⟶ v' = v" by auto show ?thesis proof (cases "isFault v'") case True with exec_c' noFault u_in_b have False by (fastforce simp add: final_notin_def intro: exec.intros elim: isFaultE) thus ?thesis .. next case False with v'_noFault have v': "v'=v" by simp with noFault exec_c' u_in_b have "Γ⊨⟨While b c',v ⟩==>∉Fault ` UNIV" by (fastforce simp add: final_notin_def intro: exec.intros) from hyp_w [rule_format, OF exec_c' [simplified v'] this] show "Γ⊨While b c'' ↓ v" . qed qed } ultimately show ?case using u_in_b by (auto intro: terminates.intros) next case WhileFalse thus ?case by (auto intro: terminates.intros) qed auto } with c noFault termi show ?case by auto next case Call thus ?case by (auto intro: terminates.intros dest: subseteq_guardsD) next case (DynCom C') have termi: "Γ⊨DynCom C' ↓ Normal s" by fact hence termi_C': "Γ⊨C' s ↓ Normal s" by cases have noFault: "Γ⊨⟨DynCom C',Normal s ⟩==>∉Fault ` UNIV" by fact hence noFault_C': "Γ⊨⟨C' s,Normal s ⟩==>∉Fault ` UNIV" by (auto intro: exec.intros simp add: final_notin_def) have "c ⊆g DynCom C'" by fact from subseteq_guards_DynCom [OF this] obtain C where c: "c = DynCom C" and C_C': "∀s. C s ⊆g C' s" by blast from DynCom.hyps termi_C' C_C' [rule_format] noFault_C' have "Γ⊨C s ↓ Normal s" by fast with c show ?case by (auto intro: terminates.intros) next case (Guard f' g' c') have noFault: "Γ⊨⟨Guard f' g' c',Normal s ⟩==>∉Fault ` UNIV" by fact have termi: "Γ⊨Guard f' g' c' ↓ Normal s" by fact have "c ⊆g Guard f' g' c'" by fact hence c_cases: "(c ⊆g c') ∨ (∃c''. c = Guard f' g' c'' ∧ (c'' ⊆g c'))" by (rule subseteq_guards_Guard) thus ?case proof (cases "s ∈ g'") case True note s_in_g' = this with noFault have noFault_c': "Γ⊨⟨c',Normal s ⟩==>∉Fault ` UNIV" by (auto simp add: final_notin_def intro: exec.intros) from termi s_in_g' have termi_c': "Γ⊨c' ↓ Normal s" by cases auto from c_cases show ?thesis proof assume "c ⊆g c'" from termi_c' this noFault_c' show "Γ⊨c ↓ Normal s" by (rule Guard.hyps) next assume "∃c''. c = Guard f' g' c'' ∧ (c'' ⊆g c')" then obtain c'' where c: "c = Guard f' g' c''" and c''_c': "c'' ⊆g c'" by blast from termi_c' c''_c' noFault_c' have "Γ⊨c'' ↓ Normal s" by (rule Guard.hyps) with s_in_g' c show ?thesis by (auto intro: terminates.intros) qed next case False with noFault have False by (auto intro: exec.intros simp add: final_notin_def) thus ?thesis .. qed next Thth ?case by (auto i: terminates.intro dest: s) next case (Catch c1' c2') have termi: "Γ⊨Catch c1' c2' ↓ Normal s" by fact then obtain termi_c1': "Γ⊨c1'↓ Normal s" and termi_c2': "∀ subset_trans by (auto elim: terminates_Normal_elim_cases) have noFault: "Γ⊨⟨Catc hence noFault_c1': "Γ⊨⟨c1',Normal s ⟩==>∉Fault ` UNIV" by (fastforce intro: exec.intros simp add: final_notin_def) have "c ⊆g Catch c1' c2'" by fact from subseteq_guards_Catch [OF this] obtain c1 c2 where c: "c = Catch c1 c2" and c1_c1': "c1 ⊆g c1'" and c2_c2': "c2 ⊆g c2'" by blast from termi_c1' c1_c1' noFault_c1' have "Γ⊨c1↓ Normal s" by (rule Catch.hyps) moreover { fix t assume exec_c1: "Γ⊨⟨c1,Normal s ⟩==> Abrupt t" have "Γ⊨c2↓ Normal t" proof - from exec_to_exec_subseteq_guards [OF c1_c1' exec_c1] obtain t' where exec_c1': "Γ⊨⟨c1',Normal s ⟩==> t'" and t'_noFault: "¬ isFault t' ⟶ t' = Abrupt t" by blast show ?thesis proof (cases "isFaultt') case True with exec_c1' noFault_c1' have False by (fastforce elim: isFaultE dest: Fault_end simp add: final_notin_def) thus ?thesis .. next case False with t'_noFault have t': "t'=Abrupt t"by simp with termi_c2' exec_c1' have termi_c2': "Γ⊨c2'↓ Normal t" by auto with noFault exec_c1' t' have"Γ⊨⟨c2',Normal t ⟩==>∉Fault ` UNIV" by (auto intro: exec.intros simp add: final_notin_def) from termi_c2' c2_c2' this show"Γ⊨c2 ↓ by (rule Catch.hyps) qed qed } ultimately show ?case using c by (auto intro: terminates.intros) qed
lemma terminates_noFault_strip_guards: assumes termi: "Γ⊨c↓Normal s" shows "[Γ⊨⟨c,Normal s ⟩==>∉Fault ` F]==> Γ⊨strip_guards F c↓Normal s" using termi proof (induct) case Skip thus ?case by (auto intro: terminates.intros) next case Basic thus ?case by (auto intro: terminates.intros) next case Spec thus ?case by (auto intro: terminates.intros) next case (Guard s g c f) have s_in_g: "s ∈ g" by fact have "Γ⊨c ↓ Normal s" by fact have "Γ⊨⟨Guard f g c,Normal s ⟩==>∉Fault ` F" by fact with s_in_g have "Γ⊨⟨c,Normal s ⟩==>∉Fault ` F" by (fastforce simp add: final_notin_def intro: exec.intros) with Guard.hyps have "Γ⊨strip_guards F c ↓ Normal s" by simp with s_in_g show ?case by (auto intro: terminates.intros) next case GuardFault thus ?case by (auto intro: terminates.intros exec.intros simp add: final_notin_def ) next case Fault thus ?case by (auto intro: terminates.intros) next case (Seq c1 s c2) have noFault_Seq: "Γ⊨⟨Seq c1 c2,Normal s ⟩==>∉Fault ` F" by fact hence noFault_c1: "Γ⊨⟨c1,Normal s ⟩==>∉ (IN f g))(Cod_coeq) (et(od_coeq )java.lang.StringIndexOutOfBoundsException: Index 74 out of bounds for length 74 by (auto simp add: final_notin_def intro: exec.intros) with Seq.hyps have"Γ⊨strip_guards F c1 ↓ Normal s"by simp moreover
{ fix s' assume exec_strip_guards_c1: "Γ⊨⟨strip_guards F c1,Normal s ⟩==> s'" have"Γ⊨strip_guards F c2 ↓ s'" proof (cases "isFault s'") case True thus ?thesis by (auto elim: isFaultE intro: terminates.intros) next case False with exec_strip_guards_to_exec [OF exec_strip_guards_c1] noFault_c1 have *: "Γ⊨⟨c1,Normal s ⟩==> s'" by (auto simp add: final_notin_def elim!: isFaultE) with noFault_Seq have"Γ⊨⟨c2,s' ⟩==>∉Fault ` F" by (auto simp add: final_notin_def intro: exec.intros) with * show ?thesis using Seq.hyps by simp qed
} ultimatelyshow ?case by (auto intro: terminates.intros) next case CondTrue thus ?case by (fastforce intro: terminates.intros exec.intros simp add: final_notin_def ) next case CondFalse thus ?case by (fastforce intro: terminates.intros exec.intros simp add: final_notin_def ) next case (WhileTrue s b c) haveand"<nd>y. y ∈ IN (Cod_coeq f g) y ∈ have noFault_while: "Γ⊨⟨While b c,Normal s ⟩==>∉Fault ` F" by fact with s_in_b have noFault_c: "Γ⊨⟨c,Normal s ⟩==>∉Fault ` F" by (auto simp add: final_notin_def intro: exec.intros) with WhileTrue.hyps have "Γ⊨strip_guards F c ↓ Normal s" by simp moreover { fix s' assume exec_strip_guards_c: "Γ⊨⟨strip_guards F c,Normal s ⟩==> s'" have "Γ⊨strip_guards F (While b c) ↓ s'" proof (cases "isFault s'") case True thus ?thesis by (auto elim: isFaultE intro: terminates.intros) next case False with exec_strip_guards_to_exec [OF exec_strip_guards_c] noFault_c have *: "Γ⊨⟨c,Normal s ⟩==> s'" by (auto simp add: final_notin_def elim!: isFaultE) with s_in_b noFault_while have "Γ⊨⟨While b c,s' ⟩==>∉Fault ` F" by (auto simp add: final_notin_def intro: exec.intros) with * show ?thesis using WhileTrue.hyps by simp qed } ultimately show ?case using WhileTrue.hyps by (auto intro: terminates.intros) next case WhileFalse thus ?case by (auto intro: terminates.intros) next case Call thus ?case by (auto intro: terminates.intros) next case CallUndefined thus ?case by (auto intro: terminates.intros) next case Stuck thus ?case by (auto intro: terminates.intros) next case DynCom thus ?case by (auto intro: terminates.intros exec.intros simp add: final_notin_def ) next case Throw thus ?case by (auto intro: terminates.intros) next case Abrupt thus ?case by (auto intro: terminates.intros) next case (Catch c1 s c2) have noFault_Catch: "Γ⊨⟨Catch c1 c2,Normal s ⟩==>∉Fault ` F" by fact hence noFault_c1: "Γ⊨⟨c1,Normal s ⟩==>∉Fault ` F" by (fastforce simp add: final_notin_def intro: exec.intros) with Catch.hyps have "Γ⊨strip_guards F c1 ↓ Normal s" by simp moreover { fix s' assume exec_strip_guards_c1: "Γ⊨⟨strip_guards F c1,Normal s ⟩==> Abrupt s'" have "Γ⊨strip_guards F c2 ↓ Normal s'" proof - from exec_strip_guards_to_exec [OF exec_strip_guards_c1] noFault_c1 have *: "Γ⊨⟨c1,Normal s ⟩==> Abrupt s'" by (auto simp add: final_notin_def elim!: isFaultE) with noFault_Catch have "Γ⊨⟨c2,Normal s' ⟩==>∉Fault ` F" by (auto simp add: final_notin_def intro: exec.intros) with * show ?thesis using Catch.hyps by simp qed } ultimately show ?case using Catch.hyps by (auto intro: terminates.intros) qed
lemma terminates_noFault_strip: assumes termi: " Γ⊨c↓Normal s"
shows "[Γ⊨⟨c,Normal s ⟩==>∉Fault ` F]==> strip F Γ⊨c↓Normal s"
termi
(induct)
case Skip thus ?case by (auto intro: terminates.intros)
case Basic thus ?case by (auto intro: terminates.intros)
case Spec thus ?case by (auto intro: terminates.intros)
case (Guard s g c f)
have s_in_g: "s ∈ g" by fact
have "Γ⊨⟨Guard f g c,Normal s ⟩==>∉Fault ` F" by fact
with s_in_g have "Γ⊨⟨c,Normal s ⟩==>∉Fault ` F"
by (fastforce simp add: final_notin_def intro: exec.intros)
then have "strip F Γ⊨c ↓ Normal s" by (simp add: Guard.hyps)
with s_in_g show ?case
by (auto intro: terminates.intros simp del: strip_simp)
case GuardFault thus ?case
by (auto intro: terminates.intros exec.intros simp add: final_notin_def )
case Fault thus ?case by (auto intro: terminates.intros)
case (Seq c1 s c2)
have noFault_Seq: "Γ⊨⟨Seq c1 c2,Normal s ⟩==>∉Fault ` F" by fact
hence noFault_c1: "Γ⊨⟨c1,Normal s ⟩
by (auto simp add: final_notin_def intro: exec.intros)
then have "strip F Γ⊨c1 ↓ Normal s" by (simp add: Seq.hyps)
moreover
{
fix s'
assume exec_strip_c1: "strip F Γ⊨⟨c1,Normal s ⟩==> s'"
have "strip F Γ⊨c2 ↓ s'"
proof (cases "isFault s'")
case True
by (auto elim: isFaultE intro: terminates.intros)
next
case False
with exec_strip_to_exec [OF exec_strip_c1] noFault_c1
have *: "Γ⊨⟨c1,Normal s ⟩==> s'"
by (auto simp add: final_notin_def elim!: isFaultE)
with noFault_Seq have "Γ⊨⟨c2,s' ⟩==>∉Fault ` F"
by (auto simp add: final_notin_def intro: exec.intros)
with * show ?thesis
using Seq.hyps by (simp del: strip_simp)
qed
}
ultimately show ?case
by (fastforce intro: terminates.intros)
case CondTrue thus ?case
by (fastforce intro: terminates.intros exec.intros simp add: final_notin_def )
case CondFalse thus ?case
by (fastforce intro: terminates.intros exec.intros simp add: final_notin_def )
case (WhileTrue s b c)
In this this section we show that a sets category has coequalizers of parallel pairs
have noFault_while: "Γ⊨⟨While b c,Normal s ⟩==>∉Fault ` F" by fact
with s_in_b have noFault_c: "Γ⊨⟨c,Normal s ⟩==>∉Fault ` F"
by (auto simp add: final_notin_def intro: exec.intros)
then have "strip F Γ⊨c ↓ Normal s" by (simp add: WhileTrue.hyps)
moreover
{
fix s'
assume exec_strip_c: "strip F Γ⊨⟨c,Normal s ⟩==> s'"
have "strip F Γ⊨While b c ↓ s'"
case True
thus ?thesis by (auto elim: isFaultE intro: terminates.intros)
next
case False
with exec_strip_to_exec [OF exec_strip_c] noFault_c
have *: "Γ⊨⟨c,Normal s ⟩==> s'"
by (auto simp add: final_notin_def elim!: isFaultE)
with s_in_b noFault_while have "Γ⊨⟨While b c,s' ⟩==>∉Fault ` F"
by (auto simp add: final_notin_def intro: exec.intros)
with * show ?thesis
using WhileTrue.hyps by (simp del: strip_simp)
qed
}
ultimately show ?case
using WhileTrue.hyps by (auto intro: terminates.intros simp del: strip_simp)
case WhileFalse thus ?case by (auto intro: terminates.intros)
case (Call p bdy s)
have bdy: "Γ p = Some bdy" by fact
have "Γ⊨⟨Call p,Normal s ⟩==>∉Fault ` F" by fact
with bdy have bdy_noFault: "Γ⊨⟨bdy,Normal s ⟩==>∉Fault ` F"
by (auto intro: exec.intros simp add: final_notin_def)
then have strip_bdy_noFault: "strip F Γ⊨⟨bdy,Normal s ⟩==>∉Fault ` F"
by (auto simp add: final_notin_def dest!: exec_strip_to_exec elim!: isFaultE)
from bdy_noFault have "strip F Γ⊨down Norh)
from terminates_noFault_strip_guards [OF this strip_bdy_noFault]
have "strip F Γ⊨strip_guards F bdy ↓ Normal s".
with bdy show ?case
by (fastforce intro: terminates.Call)
case CallUndefined thus ?case by (auto intro: terminates.intros)
case Stuck thus ?case by (auto intro: terminates.intros)
case DynCom thus ?case
by (auto intro: terminates.intros exec.intros simp add: final_notin_def )
case Throw thus ?case by (auto intro: terminates.intros)
case Abrupt thus ?case by (auto intro: terminates.intros)
case (Catch c1 s c2)
have noFault_Catch: "Γ⊨⟨Catch c1 c2,Normal s ⟩==>∉Fault ` F" by fact
hence noFault_c1: "Γ⊨⟨c1,Normal s ⟩==>∉Fault ` F"
by (fastforce simp add: final_notin_def intro: exec.intros)
then have "strip F Γ⊨c1 ↓ Normal s" by (simp add: Catch.hyps)
moreover
{
fix s'
assume exec_strip_c1: "strip F Γ⊨⟨c1,Normal s ⟩==> Abrupt s'"
have "strip F Γ⊨c2 ↓ Normal s'"
proof -
from exec_strip_to_exec [OF exec_strip_c1] noFault_c1
have *: "Γ⊨⟨c1,Normal s ⟩==> Abrupt s'"
by (auto simp add: final_notin_def elim!: isFaultE)
with * noFault_Catch have "Γ⊨⟨c2,Normal s' ⟩==>∉Fault ` F"
by (auto simp add: final_notin_def intro: exec.intros)
with * show ?thesis
using Catch.hyps by (simp del: strip_simp)
qed
}
ultimately show ?case
using Catch.hyps by (auto intro: terminates.intros simp del: strip_simp)
lemma terminates_while_lemma: assumes termi: "Γ⊨w↓fk" shows"∧k b c. [fk = Normal (f k); w=While b c; ∀i. Γ⊨⟨c,Normal (f i) ⟩==> Normal (f (Suc i))] ==>∃i. f i ∉ b" using termi proof (induct) case WhileTrue thus ?caseby blast next case WhileFalse thus ?caseby blast qed simp_all
lemma terminates_while: "[Γ⊨(While b c)↓Normal (f k); ∀i. Γ⊨⟨c,Normal (f i) ⟩==> Normal (f (Suc i))] ==>∃i. f i ∉ b" by (blast intro: terminates_while_lemma)
lemma terminates_restrict_to_terminates: assumes terminates_res: "Γ|⊨ c ↓ s" assumes not_Stuck: "Γ|⊨⟨c,s ⟩==>∉{Stuck}" shows"Γ⊨ c ↓ s" using terminates_res not_Stuck proof (induct) case Skip show ?caseby (rule terminates.Skip) next case Basic show ?caseby (rule terminates.Basic) next case Spec show ?caseby (rule terminates.Spec) next case Guard thus ?case by (auto intro: terminates.Guard dest: notStuck_GuardD) next case GuardFault thus ?caseby (auto intro: terminates.GuardFault) next case Fault show ?caseby (rule terminates.Fault) next case (Seq c1 s c2) have not_Stuck: "Γ|⊨⟨Seq c1 c2,Normal s ⟩==>∉{Stuck}"by fact hence c1_notStuck: "Γ|⊨⟨c1,Normal s ⟩==>∉{Stuck}" by (rule notStuck_SeqD1) show"Γ⊨Seq c1 c2 ↓ Normal s" proof (rule terminates.Seq,safe) from c1_notStuck show"Γ⊨c1 ↓ Normal s" by (rule Seq.hyps) next fix s' assume exec: "Γ⊨⟨c1,Normal s ⟩==> s'" show"Γ⊨c2 ↓ s'" proof - from exec_to_exec_restrict [OF exec] obtain t' where
exec_res: "Γ|⊨⟨c1,Normal s ⟩==> t'"and
t'_notStuck: "t' ≠ Stuck ⟶ t' = s'" by blast show ?thesis proof (cases "t'=Stuck") case True with c1_notStuck exec_res have"False" by (auto simp add: final_notin_def) thus ?thesis .. next case False with t'_notStuck have t': "t'=s'"by simp with not_Stuck exec_res have"Γ|⊨⟨c2,s' ⟩==>∉{Stuck}" by (auto dest: notStuck_SeqD2) with exec_res t' Seq.hyps show ?thesis by auto qed qed qed next case CondTrue thus ?case by (auto intro: terminates.CondTrue dest: notStuck_CondTrueD) next case CondFalse thus ?case by (auto intro: terminates.CondFalse dest: notStuck_CondFalseD) next case (WhileTrue s b c) have s: "s ∈ b"by fact have not_Stuck: "Γ|⊨⟨While b c,Normal s ⟩==>∉{Stuck}"by fact with WhileTrue have c_notStuck: "Γ|⊨⟨c,Normal s ⟩==>∉{Stuck}" by (iprover intro: notStuck_WhileTrueD1) show ?case proof (rule terminates.WhileTrue [OF s],safe) from c_notStuck show"Γ⊨c ↓ Normal s" by (rule WhileTrue.hyps) next fix s' assume exec: "Γ⊨⟨c,Normal s ⟩==> s'" show"Γ⊨While b c ↓ s'" proof - from exec_to_exec_restrict [OF exec] obtain t' where
exec_res: "Γ|⊨⟨c,Normal s ⟩==> t'"and
t'_notStuck: "t' ≠ Stuck ⟶ t' = s'" by blast show ?thesis proof (cases "t'=Stuck") case True with c_notStuck exec_res have"False" by (auto simp add: final_notin_def) thus ?thesis .. next case False with t'_notStuck have t': "t'=s'"by simp with not_Stuck exec_res s have"Γ|⊨⟨While b c,s' ⟩==>∉{Stuck}" by (auto dest: notStuck_WhileTrueD2) with exec_res t' WhileTrue.hyps show ?thesis by auto qed qed qed next case WhileFalse thenshow ?caseby (iprover intro: terminates.WhileFalse) next case Call thus ?case by (auto intro: terminates.Call dest: notStuck_CallD restrict_SomeD) next case CallUndefined thus ?case by (auto dest: notStuck_CallDefinedD) next case Stuck show ?caseby (rule terminates.Stuck) next case DynCom thus ?case by (auto intro: terminates.DynCom dest: notStuck_DynComD) next case Throw show ?caseby (rule terminates.Throw) next case Abrupt show ?caseby (rule terminates.Abrupt) next case (Catch c1 s c2) have not_Stuck: "Γ|⊨⟨Catch c1 c2,Normal s ⟩==>∉{Stuck}"by fact hence c1_notStuck: "Γ|⊨⟨c1,Normal s ⟩==>∉{Stuck}" by (rule notStuck_CatchD1) show"Γ⊨Catch c1 c2 ↓ Normal s" proof (rule terminates.Catch,safe) from c1_notStuck show"Γ⊨c1 ↓ Normal s" by (rule Catch.hyps) next fix s' assume exec: "Γ⊨⟨c1,Normal s ⟩==> Abrupt s'" show"Γ⊨c2 ↓ Normal s'" proof - from exec_to_exec_restrict [OF exec] obtain t' where
exec_res: "Γ|⊨⟨c1,Normal s ⟩==> t'"and
t'_notStuck: "t' ≠ Stuck ⟶ t' = Abrupt s'" by blast show ?thesis proof (cases "t'=Stuck") case True with c1_notStuck exec_res have"False" by (auto simp add: final_notin_def) thus ?thesis .. next case False with t'_notStuck have t': "t'=Abrupt s'"by simp with not_Stuck exec_res have"Γ|⊨⟨c2,Normal s' ⟩==>∉{Stuck}" by (auto dest: notStuck_CatchD2) with exec_res t' Catch.hyps show ?thesis by auto qed qed qed qed
end
Messung V0.5 in Prozent
¤ Dauer der Verarbeitung: 0.62 Sekunden
(vorverarbeitet am 2026-06-10)
¤
Die Informationen auf dieser Webseite wurden
nach bestem Wissen sorgfältig zusammengestellt. Es wird jedoch weder Vollständigkeit, noch Richtigkeit,
noch Qualität der bereit gestellten Informationen zugesichert.
Bemerkung:
Die farbliche Syntaxdarstellung und die Messung sind noch experimentell.
