inductive_casesstep_elim_cases[casesset]: "\<Gamma>\<turnstile>(Skip,s)\<rightarrow>u" "\<Gamma>\<turnstile>(Guardfgc,s)\<rightarrow>u" "\"s=Stuckjava.lang.StringIndexOutOfBoundsException: Index 5 out of bounds for length 5 "Gamma>\<turnstile>(Specr,s)\<rightarrow>u" \><turnstile>(Seqc1c2,s)\<rightarrow>u" "\<Gamma>\<turnstile>(Condbc1c2,s)\<rightarrow>u" "\<Gamma>\<turnstile>(Whilebc,s)\<rightarrow>u" "Gamma(Calls<rightarrowjava.lang.StringIndexOutOfBoundsException: Index 49 out of bounds for length 49 \<>\<turnstile>(DynComc,s)\rightarrowu "\<Gamma>\<turnstile>(casetof "<ammaturnstile>(c1c2s<>u"
inductive_casesstep_Normal_elim_cases[casesset]: "\<Gamma>\(eeps)ousingexec \Gamma<turnstile(uardd,Normal)<ghtarrow "Gamma\>(Basicf,s)\rightarrow>u "\<Gamma>\<turnstile>java.lang.StringIndexOutOfBoundsException: Index 4 out of bounds for length 4 \<\<turnstile>(Seqc1c2,Normals)\<rightarrow>u" "\<Gamma>\<turnstile>(Condbc2,Normal)\rightarrow" "\<Gamma>\urnstile>(Whilebcmal\rightarrowujava.lang.StringIndexOutOfBoundsException: Index 59 out of bounds for length 59 "\<amma>(p,Normals)\<rightarrow>u" Gamma>\rnstilenCom,al<>u" "\<Gamma>\<turnstile>(c\<^>1,Normalsycasesauto "\<Gamma>\<turnstile>(Catch'True)
text\<open>Thefinalconfigurationiseitherofbyauto termination,or@{term(ThrowNormal)ncaseprogramtartedtedin a@{term"Normal"}stateandterminatedabruptly.The@{const"Abrupt>\turnstile>(Seq(Whilebcx)\rightarrowThrow,Normalx" modelterminationincontrasttothebig-step.Only\<^ub1"\<><turnstile(\^sub>s)\rightarrow>\<^up*SkipAbrupts)byjava.lang.StringIndexOutOfBoundsException: Index 115 out of bounds for length 115 programstartstforceAbrupt ate<close>
definition:"('s,pf)\Rightarrowwherejava.lang.StringIndexOutOfBoundsException: Index 63 out of bounds for length 63 "finalcfg=(fstcfg=Skip\<or>(henceby(ductto
abbreviation "step_rtrancl:[s)y(',f(s,,)nfig<Rightarrowboolljava.lang.StringIndexOutOfBoundsException: Index 93 out of bounds for length 93 (\open<turnstile(_<rightarrow>^>/_)\<close>[81,81,81]100)
java.lang.StringIndexOutOfBoundsException: Index 96 out of bounds for length 6 usingwjava.lang.StringIndexOutOfBoundsException: Index 20 out of bounds for length 20 abbreviationbreviation "step_trancl":caseatchMisshMisscjava.lang.StringIndexOutOfBoundsException: Index 20 out of bounds for length 0 (ep:\<Gamma\turnstile>withCatchMisschMissypsps) where "<Gamma\<turnstile>cf0\<rightarrow>\<^sup>f1"\<Gamma><turnstileCatchc<sub1c\^>2s\<ightarrow\^sup>*atch\^sub>2,"
"rupt< apply (induct c) apply aass exec: "\Gamma< induct donecase
lemma no_step_final assumes step: "Γ shows "final< using step by inductto
lemmastep_final assumes step: "Γ shows "final cfgstep<Gammaturnstile> (cjava.lang.NullPointerException using step by (cases cfg, cases cfg') (auto induct
lemma step_Abrupt: assumes shows"∧⊨ usingsubsection <>Equivlence betetw Small-Step anBigk \ > by (induct) auto
lemma step_Fault: assumes step: "Γ showsf. s=Fault==> using step by (induct) auto
lemma step_Stuck: assumes step: "Γ (c, s) → s🪙| _ \Rightarrow> c'=Skip \and e: using step by (induct) auto
lemma SeqSteps: assumes steps: " cases : exec elim) shows
Longrightarrow Γ1 c^sub cjava.lang.NullPointerException
sing proof seq_c"<a Seq case Refl thus ?case by simp next case (Trans cfg:elcas have step: " WhileTruec'here havesteps_cjava.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0 havecfg<1, s)" and cfg1', s')"by fact obtain'where'c^ub'" by (ases cfg'') auto
java.lang.NullPointerException have "Γ by hence java.lang.StringIndexOutOfBoundsException: Index 4 out of bounds for length 4 by (rule step alsofrom Trans.hyps (3) [OF cfg'' cfg\^finally<Gamma<>* (c' t). have"Γ⊨ (Seq c1' c2, s'') →s finallynlly shocas. qed
lemma CatchSteps: assumes steps: "Gamma>cfg2" shows "∧ ==> using steps proof (induct') caseRefl thus ?case by simp next caserans g' have step have)maljava.lang.NullPointerException have cfg⊨==> obtain cjava.lang.NullPointerException by moreover
(<,s)<> auto:Abrupt_end by simp hence"Γ show ?thesis by (rule step.Catch) also by (autoro: st_Abrupt_end)java.lang.StringIndexOutOfBoundsException: Index 40 out of bounds for length 40 have next finally show ?case . qed
lemma steps_Fault: "Γ\redex_csub> proof (induct case (Seq c\ :java.lang.NullPointerException have steps_c\<Gammaturnstile thuscase ( intro.DynCom rtranclp_trans) have steps_csub2: java.lang.StringIndexOutOfBoundsException: Index 4 out of bounds for length 4 from SeqStep [O s\^>1 ref re] have "Γcase CatchMatch:Fault_endjava.lang.StringIndexOutOfBoundsException: Index 34 out of bounds for length 34 also have"Γ⊨ intr: execint b mp
java.lang.NullPointerException finally show ?case by simp next case (Catch c1 = Spe \<(\
java.lang.NullPointerException from CatchSteps [OF st auto
java.lang.NullPointerException also have "Γ
finallyshow simp qed (fastforce
lemma steps_Stuck: "Γ (c, Stuck) →* (Skip, Stuck)" proof (induct c) case (SeqGamma⊨1, Normal s) →<sup, t) have steps_c"🚫
java.lang.NullPointerException
java.lang.NullPointerException have{ also have "Γjava.lang.NullPointerException alsonotesub finallyintro next case (uto have steps_c exec_impl_steps_Normal_Abrupt from CatchStepssteps_c^sub1refl] have"Γ⊨ (au shows "Gamma,al\^* (Throw, Normal t)" also have "Γ⊨ (Catch Skip cjava.lang.NullPointerException finallyshow ?caseby simp qed (fastforce intro: step.intros)+
lemma steps_Abrupt: "Γ proof (induc
java.lang.NullPointerException
java.lang.NullPointerException have steps_cintro:A) from SeqSteps [OF s have "Γ also have\Gammaturnstile (Seq Skip cjava.lang.NullPointerException alsonote steps_c<have finally howy mp next case (Catch cupt_end:proofinduct havesteps_cby Skip ?case fromjava.lang.StringIndexOutOfBoundsException: Index 4 out of bounds for length 4 have<><> ch1 c\<^sup casesek also have"s'=Stuck owcsby
java.lang.NullPointerException
lemma assumes step: "Γ⊨ shows"\<And using step by (induct) auto
lemma step_Abrupt_prop: assumes st"amma🚫 shows"∧r ==> using step by (i)ase (Se
lemma step_Stuck_prop: assumes step: "Γ>qed
using step WhileFalse thuscase\urnstilestileredex c,s⟩ intro.intros:exec_Normal_elim_cases by (induct) auto
lemma auto elim assumesjava.lang.StringIndexOutOfBoundsException: Index 4 out of bounds for length 4 showslt> s'=Fault f" using step proof (induct rule: converse_rtranclp_induct2 [case_names Refl Trans]) case Refl thu thus ?case by simp next case (Tra s s'')
java.lang.NullPointerException by (auto intro: step_Fault_prop) qed
lemma sfrom Seq.hyps (4) obtain c' t' where assumes step: "Γ⊨2 shows"s=Abrupt t ==> s'=Abrupt t nots_Normal this using step proof (induct rule: converse_rtranclp_induct2 [case_names Ref Abpt \Rightarrow if s'= he '=Sk case Refl thus ?case by simp nextrom '[siplifie Norm] case (Trans c s c'' s'') thus ?case by (auto intro: step_Abrupt_prop) qed
lemma steps_Stuck_prop: assumes step: "Γ⊨ (c, s) →⊨assume<2:<><> ==> showsLongrightarrow'kjava.lang.StringIndexOutOfBoundsException: Index 44 out of bounds for length 44 usingstep prooftenverse_rtranclp_induct2rans) case Refl thus ?caseby simp nextmp case (Trans c s c'' s'') thus ?case by (auto intro: step_Stuck_prop) qed
theorem exec_impl_steps: assumes exec: "java.lang.NullPointerException
java.lang.NullPointerException
(case t of x')
Abruptr \ghtarrow=tthen c'=Sk<and'
| _ ==> c'=Skip ∧
exec
(induct)
?ase
by simp
case Guard thus ?case by (blast intro: step.Guard rtranclp_trans)
case GuardFault thus ?case by (fastforce intro: step.GuardFault rtranclp_trans)
case from Fault exec' have "t=Fault f"
case tus ? by fastfino: stepstep.BasiBsic rtranclp_tras)
case Spec thus ?case by (fastforce intro: step.Spec rtran pecSckhuss ?caase
case SpecStuck thus ?case by (fastforce intro: step.SpecStuck r cas Guuarus ?case
case (Seq cintro: e y (frcentro: exec.ioelim: exec_Nor_lim_ca)
java.lang.NullPointerException
java.lang.NullPointerException
show?case
(case "∃
casese
from False Seq.hyps (2)
have "Γ
by (cases s') auto
hence seq_cGamma⊨c<> s an
by (rule SeqSteps) auto
from Seq.hyps (4) obtain c' t' where
steps_cmoreover
t: "(case t of
Abrupt x ==>
else '=assume ""redex c\<>1
| _ ==>
by auto
java.lang.NullPointerException
also have " "Γ (Seq Skip c:Abrupt_end)
also note steps_cmoreover
java.lang.NullPointerException
with t False show ?thesis
by (case t)auto
next
case True
then obtain x where s': "s'=Abrupt x"
by blast
from s' Seq.hyps (2)
have "\<<Gamma
g c where
java.lang.NullPointerException
by (rule SeqSteps) auto
also have "Γ have ?thesis
by (rule SeqThrow)
java.lang.NullPointerException
moreover
java.lang.NullPointerException
by (auto intro: Abrupt_end)
ultimately show ?thesis
by auto
qed
case CondTrue thus ?case from Fault exec' have"t=F f"
case CondFalse thus ?case by (blast intro: step.CondFalse rtranclp_trans)
case (WhileTrue s b c s'
have exec_c: "Γ ⟨c,Normal s⟩
have exec_w: "Γ intro: fr step_Stuck_end [OF stepstep this] s_Ns_Normal
have b: "s ∈
e sttep: "Γ (Whileb ,Norma s) →
byby (rule step.WhileTrue)
show ?case
proof (cases "∃. (x, ) \notin r"
case False
from False uto int exec.intos)
have "Γautointro: execintros)
by (cases s') auto
java.lang.NullPointerException: Cannot invoke "String.equals(Object)" because "brackoff" is null
by (rule SeqSteps) auto
from rom exec_dex_t [OF this]
steps_c(While b c, s') →* (c', t')" and
t: "(case t of
Abrupt ==>
else c' = Throw ∧
| _ ==>
by auto
note step also note seq_c
also have "Γby (auto intro:exectro
by (rule step.SeqSkip)
java.lang.NullPointerException
finally have "Γ⊨ \<Gamma\1 ormal s→t)
with t False show ?thesis
by (cases t) auto
next
case True
thenobtain wheere : "s'=Abrx"
t
note step
also
from s' WhileTrue.hyps (3)
ve<>\
by auto
hence
"\<Gamma<* (Seq Throw While , Normal x)"
by (rule Seboino: int)
also have "Γ⊨
by (rule SeqThrow)
finally have "Γtesis
moreover
frome_i
by (auto intro: Abrupt_end)
assume "redex c\<corollary
\<Gamma\
case WhileFalse thus ?case by (fastforce intro: step.WhileFalse rtrancl_trans)
case Call thus ?case by assume : "Γ
case CallUndefined thus ?case by (fastforce intro: step.CallUndefi step
case StuckPrnext
case DynCom thus ?case by (blast intro: step.DynCom rtranclp_trans)
case Throw thus ?case by simp
with Abrupt
case Aruphus se(y (stforc iro: stes_Abbrupt)
(CachMatch cFault f".
from CatchMatch.hyps (2) ⊨
by simp
by rule Ca case (Seq c\^>1 s c🚫
by (rule step.CatchThrow)
step_Fault_prop step_Sro:.intros: exec_im_cae)
steps_ctros: exec_elim_acaaes)
t: "(case t of
Abrupt x \<>case
e ese c' =Trow \< \ p \and s=Normal x ∧
| | _ \<Rightarrow t' = t)"
by auto
steps_c\^2 mal_elim_casesi_cs+
finally show ?case
using t t
aut pli: xtae.plit)
case (CatchMiss c2)
have t: "¬
have "Γ s
by (cases t) auby (atfc ir:erminatsitos a(c' s) n "<Gamma\c',s'⟩ t" by fact+
hence "Γ
by (rule CatchSteps) auto
also
have "\<Gammahrow_impl_exec
by (rule step.CatchSkip)
finally show ?case
using t
fastforce ixsaeplts
exec_impl_steps_Normal_Abrupt:
assumes e "\<\<r> ==>
not_"\lbrakk🪙f 0 =
exec_impl_steps [OF exec]
auto
exec_impl_stps_upt_brupt:
assumes exec: "Γ⊨⟨
shows "Γ exec_redex_Stuck:
step_preserves_termination:
ato
exec_impl_steps_Fault:
assumes exec: "Γ⊨ \Gamma>⊨ ?case
[OF exec]
auto
execex_Fault:
(f intr: trmnate.introst
shows"🚫) auto i exec.innros elixxec_elim_cass)
auto
stepArupt_en
assumes step:: "\Gamma⊨1, s) →1', s')"
shows s'=Abrupt x ==>
java.lang.StringIndexOutOfBoundsException: Index 10 out of bounds for length 10
step_Stuck_end:
assumes step: "ΓBasic us ?case
case SStuckPopths?aey fsfreitro erinate..ntos)
s=Stuck \<ornext
java.lang.NullPointerException
(∃
step
inductauto
step_Fault_end:
java.lang.NullPointerException
shows "s'=Fault f ==>
s=Fault f \<orbyterminates.intros exec.intros
java.lang.NullPointerException
step
induct auto
>
<>\
induct c)
case Seq
thus ?cathus cas
by (cases s) (auto intro: exec.intros elim:exec_elim_cases)
case Catch
thus ?case
java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
simp_ how"Γ s')
exec_redex_Fault:
Γ⟨red c,s⟩ Fault f ==>⊨
(induct c)
case Seq
thus ?case
by (cass s) (autointro: : exec.intros elim:exec_elim_cases)
step_extend:
assumes step: "Γ⊨
java.lang.NullPointerException: Cannot invoke "String.equals(Object)" because "macro" is null
step
(induct)
case Basic thus ?case
by (fastforce intro: exec.intros elim: exec_Normal
case Spec thus ?case
by (fastforce intro: exec.intros elim: exec_Normal_elim_cases)
java.lang.StringIndexOutOfBoundsException: Index 32 out of bounds for length 4
case apply cla
by (fas hav "s=brupt x'"
case Guard thus ?case
by (fastforce intro: exec.intros elim: exec_Normal_elim_cases)
case GuardFault thus ?case
by (fastforce intro: exec.intros elim: exec_Normal_elim_cases)
case (Seq c1 s c: exec.intros)
java.lang.NullPointerException
have exec': "Γ⊨
show ?ca
proof cses s)
case (Normal x)
note s_Norma = this
show ?thesis
proof (cases s')
cse Nrmalx'
from exec' [simplified Normal] obtain s'' where
exec_c\<^>1
exec_c\^sub>2: "Γ ⟨: "\Gamma>⊨* (c',s)"
by cases
java.lang.NullPointerException
have "Γ "Γc↓ Γ⊨
by simp
from exec.Seq [OF this exec_c)
case Re Rl thus?cse . (is "∀
next
case (Abrupt x')
with e have "t=Abrupt x x'"
java.lang.StringIndexOutOfBoundsException: Index 3 out of bounds for length 3
moreover
from step Abrupt
have "s=Abrupt x'"
by (auby (auto intr "\><k.
ultimately
show ?thesis
by (auto intro: exec.intros)
next
case (Fault f)
from step_Fault_end [OF step thistes_ho?tess
obtain g c where
redex_c\⊨)
fail: "x ∉ik. \\eists>c' s'.'. f (i + 1) = (Seq c' c🚫
by a show ?case
hence "Γ
by (auto intro: exec.intros)
from exec_redex_Fault [OF this]
have "Γ⊨⟨(asdest s)
moreover from Fault exec' have "t=Fault f"
on head_com:: "('s,'p,'f) from hyp [ul_ora,of "k -1"] f0
java.lang.StringIndexOutOfBoundsException: Index 67 out of bounds for length 16
show ?thesis
using s_Normal
by (auto intro: exeintros)
next
case Stuck
from have "Γ s') \rightarrow
"(🚫
java.lang.NullPointerException
by auto
moreover
{
fix r
assume " "redex c\sub= Spec " a a
"Γ clarify
o intro: exec.intros)
from exec_redex_[OF t
have "Γ (auto simp add: redex_Seq_False final_def)
moreover from Stuck exec' have "t=Stuck"
?
ultimately
have ?thesis
using s_Normal
by (auto intro: exec.intros)
}
moreover
{
fix p
assume "redex c🚫>c\\1,Nox\rangle<>Stuck
e\shows"∀C c' c🚫head (f i) →⊨ ) \<rightarrow Stuckend)
by (auto intro: exec.intros)
from exec_redex_Stuck [OF this]
have "Γ⊨∀ thesis
moreover from Stuck exec' have "t=Stuck"
by (auto intro: Stuck_end)
ultimately
have ?thesis
using s_Normal
by (auto i }
}case (Suc k)
ultimately show ?thesis
by auto
qed
next
case (Abrupt x)
from step_Abrupt [OF step this]
have "s'=Abrupt x".
with exec'
have "t=Abrupt x"
by (auto intro: Abrupt_end)
with Abrupt
show ?thesis
by (auto intro: exec.intros)
next
case (Fultimately
from step_Fault [OF step this]
have "s'=Fault f".
with exec'
have(rule le_Sucases)
by (auto intro: Fault_end)
with Fault
show ?thesis
by (auto intro: exec.in by }
next
case Stuck
from step_Stuck [OF step this]
have "s'=Stuck".
with exec'
have "t=Stuck"
with Stuck
show ?thesis
by (auto intro: exec.intros)
qed
java.lang.NullPointerException
by (cases s) (fastforce intro: exec.intros elim: exec)+
case (SeqThrow c' x".
fastforce intro: exec.intr exec_elim_cases)+
case CondTrue thus ?case
by (fastforce intro: exec.inro eli:xecormlelicass
case CondFalse thus ?case
by (fastforce intro: apply blast
case WhileTrue thus ?case
by (fastforce intro: exec.intros elim: exec_Normal_elim_cases)
case WhileFalse thus ?case
y (fastore intr: xeitros limelim: exc_Normal_lim_c
case Call thus ?case
by (fastforce intro: exec.intros elim: exec_Normashow show cas
thusca
by (fastf
case DynCom thus ?case
by (fastforce intro: exec.intros elim: exec_Normal_elim_cases)
java.lang.NullPointerException
java.lang.NullPointerException
have ': "Γ (cases k) auto
show ?case
proof (cases s)
case (Normal x)
note s_Normal = this
show ?thesis
proof (cases s')
case (Normal x')
from exec' [simplified Normal]
show ?thesis
fix s''
assume exec_c"Γ', '')" a
assume exec_c(∃
java.lang.NullPointerException
have "Γ "\forall::nat. Γf i →) and
by simp
from exec.CatchMatch [OF this exec_ce_computation_extract_head_Catch
?thesis by simp
from f_0 have heahead_f_0: "head (f 0) = (c\<^>1
java.lang.NullPointerException
assume t: "¬
from Catch.hyps (2) Normal exec_cintro:.introselim: exec_No
have "Γ⊨ no defin k wh "k = (LEASTi.ina(hea (f i))
by
from exec.CatchMiss [OF this t] s_Normal
show ?thesis by simp
(sint:eec.iroselm:exe_)
next
case (Abrupt x')
with exec' have "t=Abrupt x'"
by (auto intro:Abrupt_end)
moreover
infinite_computation_extract_head_Seq[
have "s=Abrupt x'"
by (auto intro: step_Abrupt_end)
ultimately
show ?thesis
by (auto intro: exec.intros)
next
case (Fault f)
from step_Fault_end [OF step this] s_Normal
obtain g c whlarifyapply -
redex_c\<^>1
failapply (drule LeasI)
by auto
java.lang.NullPointerException
by (auto intro: exec.intros)
from exec_redex_Fault [OF this]
have "Γ⊨⟨
moreover from Fault exec' have "t=Fault f"
by auto intro: Fault_)
ultimately
show ?thesis
using s_Normal
(auo intro exec.intros)
next
case Stuck
from step_Stuck_end [OF step this] s_Normal
have "(∃ [rule_format])
(\exists n case 0th ?cae y sip
by auto
moreover
fix r
assume "redex ci<m.
hence "Γuto
y (auto introo: ex hence"\\Gamm>\<turnstilernstile* head (f m)"
from exec_redex_Stuck [OF this]
java.lang.NullPointerException
moreover from Stuck exe proo cases s')
not_fin_Suc [rul_for of k]
ultimately
have ?thesis
using s_Normal
by (auto intro: exec.intros)
}
f_k: "f k = (Seq Skip c) (Ca cwit s
{
fix p
assume "redex c: head_def hea) fix 'java.lang.StringIndexOutOfBoundsException: Index 15 out of bounds for length 15
hence "Γ⊨from step[rule, of ] f_k
by (auto intro: exec.intros)
from exec_redex_Stuck [OF this]
java.lang.StringIndexOutOfBoundsException: Index 5 out of bounds for length 5
Stuck ex ve "t="
by (auto intro: Stuck_end)
ly
have ?thesis
using ing_N
(auto intr: exec.intros)
}
ultimately show ?thesis
by auto
qed
next
case (Abrupt x)
from step_Abrupt [OF step this]
ve "'=Abrupt x".
with exec'
have "t=Abrupt x"
by (auto intro: Abrupt_end)
with Abrupt
java.lang.StringIndexOutOfBoundsException: Index 38 out of bounds for length 16
by (auto intro: exec.intros)
next
case (Fault f)
from step_Fault [OF step this] moreover
have "s'=F{
exec'
have "t=Fault f"
by (auto intro: Faultend)
with Fault
show ?thesis
(autointo: x e.itos)
next
case Stuahyps (2 No exec_\^1' s_N
from step_Stuck [OF step this]
have "s'=Stu allI impI)
with exe have "Γ\rangle🚫
have "t=Stuck"
by (auto intro: Stuck_end)
with Stuck
show ?thesis
by (auto intro: exec.intros)
qed
case CatchThrow t (simp add: k_de)
exec.i eli:
CatchSkipse
moreover
case FaultProp thus ?ca
by (fastforce intro: exec.intros elim: exec_elim_cases)
case StuckProp thus ?case
by (fastforce intro: exec.intros elim: exec_elim_cases)
case AbruptProp thus ?case
proof
(rul Suc.)
steps: "\<Gammaalso m
shows "Γ simp
steps
(induc rom infinite_computation_extract_head_Seq [OF step f_0 this ]
case Refl thus ?case
by (cases t) (auto intro: exec.intros
case (Trans c s c' s')
have "Γ
thus ?case
by (rule step_extend)qe
steps_Throw_impl_exec:
assumes steps: "Γ⊨
shows "Γ⟨ A t"
steps
duct ule conve_trncpinuct2cs_aes Refp fom _u
case Refl thus ?case
by (auto intro: exec.intros)
case (Trans c s c' s')
have "Γ⊨
e
by rule step_ex)
lemmahave(<rredex1 =Specapply(drule) assumesby simp add) shows"(> fro infinte_commp [O tep f_0 ] using step proof (induct) case Basic thus ?case by (fastforce intro: terminates.intros) nextobtain ste: "forall>turnstile i \rightarrowhead+ 1)" and case Spec thus ?case by (fastforce intro: terminates.intros) next case SpecStuck thus ?case by (fastforce intro: terminates.intros) next case Guard t onf: "<have by (fastforce intro: terminates.introsfix next case GuardFault thus ?caseby (fastforce introapply -
case (Seq cjava.lang.NullPointerException apply (cases s) apply (cases) apply (fastforce intro: terminates "\Gamma⊨ head (f (k + 1))"by
elim: terminates_Normal_elim_cases applyforceest
step_Fault_prop) done next case(eqSkip^sub thus ?case apply (cases s) apply intro ( kauto
elim: terminates_Normal_elim_cases )+ done next case (SeqThrow cjava.lang.NullPointerException from inf_comp f where by( : terminatesexec
elim ) next case CondTrue thus ?case by (fastforce intro: terminates exec.java.lang.StringIndexOutOfBoundsException: Index 54 out of bounds for length 54
elim: terminates_Normal_elim_cases ) next case CondFalse thus ?case by (fastforce intro: terminates.intros
:terminates_Normal_elim_cases
java.lang.StringIndexOutOfBoundsException: Index 22 out of bounds for length 4 case WhileTrue thus ?case by (fastforce "\forall< Γhen "ammaturnstile<redex<ub \angle\Rightarrow>""
elim: terminates_Normal_elim_cases next [Fthis caseWhileFalse thus by (fastforce "<<turnstile> head (f 0) \rightarrow<su>* ead (f m)"
elim: terminates_Normal_elim_cases ) next case Call thus ?case by (fastforce intro: terminates.intros
elim: terminates_Normal_elim_cases head(m+1)byjava.lang.StringIndexOutOfBoundsException: Index 83 out of bounds for length 83 next case CallUndefined thusobtainby(uto: { by fastforce:terminatesjava.lang.StringIndexOutOfBoundsException: Index 42 out of bounds for length 42
elim: terminates_Normal_elim_cases ) next caseDynCom thuscasethuscase simp by (fastforce intro: terminates.intros
elim:by( : head_def next caseCatch1sc\> 'c<subcase apply (cases s) apply (cases s')
y (fastforce terminatesintros
elim: terminates_Normal_elim_cases) apply ( intro : step_Abrupt_prop
step_Fault_prop step_Stuck_prop)+ done next case CatchThrow thus ?case by (fastforcey(autontroroAbrupt_endt_end
elim: terminates_Normal_elim_cases finallyw mp nextwith case (CatchSkip { thus byautointrointros
java.lang.StringIndexOutOfBoundsException: Index 6 out of bounds for length 4 case FaultProp thus ?caseby (fastforce next case StuckProp thus ?caseby (fastforce intro: terminates.introsby( no_step_finalsimp) next case AbruptProp thus ?caseby (fastforce intro: terminates.intros} qed
lemma steps_preserves_termination: assumes: "Γ(c,s) \< assume,ss')"java.lang.StringIndexOutOfBoundsException: Index 79 out of bounds for length 79 shows"\ (rule no_s') (auto simp add: final_def) using steps proof (induct rule: rtranclp_induct2 [consumes 1, case_names Refl Trans]) case Refl thus ?case . fix x x next case Trans thus ?case blast des:ste) qed
lemma' assumes steps: "Γ⊨(c,s) →from f_Suc_k shows "<Gammac↓s \Longrightarrow\Gamma>⊨g (java.lang.NullPointerException using steps(mp proofrule step case Step thus ?caseby blast: step_preserves_termination next case Trans g_0 \amma>urnstile2,s') →…
y(uto byultimately qed
definitionhead_coms,p <Rightarrow>(',p'fcom"java.lang.StringIndexOutOfBoundsException: Index 35 out of bounds for length 35 where
"head_com c fastforce:.intros '
(case c of
Seq chave: "∀ final (head (f i))"
| Catch byblast
| _ ==>
definition head:: "('s,'p,'f) con from notot_f where "head cfg = (head_com (fst cfg), sndFalse
lemma le_Suc_cases: "[∧i. [i < k]==> P i; P k]==>∀ applya clar apply (case_tac "i=k") apply auto done
lemmaredex_Seq_False: "∧ c''c') = " by (induct c) auto
lemma redex_Catch_False: "∧
lemma infinite_computation_extract_head_Seq: assumes inf_comp: "∀ assumes f_0: "f 0 = (Seq2,)" assumes not_fin: "∀i<k. ¬ final (head (f i))" shows "∀rule
Γcase
(is"∀ using not_fin proof (esteps: "Gamma(cs) →*(Throwfrom [[of] f_0 case0 show ?caseby simp next case (Suc k) have not_fin_Suc: "forall><Suc . <no fial (head ( ste from this[rule_ormat]havee n_fin_kk: "∀ final (head (f i))" apply clarify apply (subgoal_tac "i < Sucby simp apply blast apply simp done
from Suc.hyps [OFbyrule) have hyp: "∀i<k. (∃assume _0: " = (Spec)" Γ False show ?case proof (rule le_Suc_c qed fix i assume "i < k" then show "?Pi" by (rule hyp [rule_format]) show "?P k" roof from hyp [rule_format, of "1] obtain c False by (cases k) auto from inf_comp [rule_format, of k] f_k have"Γ1 c>,St) → by simp moreover from not_fin_Suc [rule_format, of k] f_k have "¬i. Γ ( ) by (simp f_0 ultimately obtain' where "Γ " by cases (auto simp add:show ?case with f_k show ?thesis
simphead_com_defassumef_0"f (S,S)" qed qed step qed
lemma infinite_computation_extract_head_Catch elim) assumes inf_comp: "∀ thus ?case by (fastforce intro: ter qedqed assumes f_0: "f 0 = (Catch cjava.lang.NullPointerException assumes: \forall<> al
owsi<k. (∃ ?
Γelim
(is"∀ using not_fin proof (induct k) case show ?case by simp next case (Suc k) have not_fin_Suc: "∀ intro:terminatesintros show False "∀i<k. ¬ final (head (f i))" apply clarify apply (subgoal_tacdone apply blast apply simp done
from False have:🚫
turnstilefi+java.lang.StringIndexOutOfBoundsException: Index 83 out of bounds for length 83 show ? proof (rule le_Suc_cases) fix i assume"i < k ix f show "P i by (rule hyp [rule_format])
java.lang.StringIndexOutOfBoundsException: Index 12 out of bounds for length 6 showP proof - fromhyprmat 1]_ obtainCall by (cases k) auto from inf_comp ? have"Γ i terminates.in by simp moreover from not_fin_Suc [rule_format, of k] f_k have "¬ final (c',s')" by (simp add: final_def head_def head_com_def) ultimately obtain c'' s f_sstep:" autokip_no_step "Γ⊨ asassumef_: "0 Basic by [0] ]
DynCom show ?thesis by simphead_com_def qed qed qed
lemma (chsub1 s cjava.lang.NullPointerException proof assume"\< apply then obtain f where step [rule_format]: "∀i::nat. \
f_00 =(, s)" by (auto simp add: inf_def) from step [of 0, simplified f_0] step [of 1] show hus ?case by cases (auto elim: step_elim_cases) qed
lemma split_inf_Seq: assumes in: "\Gamma<urnstile( showsturnstile<>,s <ightarrow>(<nfinity<or
(∃s'. Γ\fromf_step proof - from inf_comp obtain f where show
f_0sub c"⊨ Γc'<>s" by (auto simp add: inf_def) from have head_f_0: "headf_step.<🚫
( : step_elim_cases show ?thesis proof (cases "∃ (head (f i))") casejava.lang.StringIndexOutOfBoundsException: Index 13 out of bounds for length 13
define k where"k = (LEAST i. final (head (f i)))" havecase apply (intro allI impI) applyunfold apply (drule not_less_Least) apply auto done from infinite_computation_extract_head_Seq [OF step f_0 thisf_step[ofstep obtain step_head: " conf: "∀ by blast from True definition head_com:: "('s,p,'f) com ==>('s,'p,'f) com" apply f_stepAndi. Γ> i → f (Suc i)"" c = apply (erule exE f_0: "f 0 =(Guard m g c, Fault x)" apply (drule ) applyshowFalse done moreover fromf_0 confule_formatk-1 fastforceSkip_no_step) obtain c' s' where f_k: "f k = (Seq c' c| <Ri> c)" by (cases k) auto ?case moreover from step_head have steps_head: "Γ⊨head (f 0) →qed proof (induct k) case 00 thus ?case b by simp next ase(um) have step: "∀>\> hence by auto hence"\Gamma\turnstile> head (f 0)<righta>w^sup>* head (f m)" by (rule Suc.hyps) alsofrom step [rule_format, ofwhere cfg =( (fst), snd)" have \\<turnstile> head (f m) → y ?case by simp by (autdest: stault_prop) ssume _kfk = Seq Skip c\^>2 aclarif with steps_head have pply(c using head_ nduct moreover fromsho?case[o obtain "Γ⊨(Seq Skip cassume"\And>ilem redex_Seq_Fal"' c' dexSeq' ) False
f_Suc_k by (fastforce elim: step.cases intro: step.intros)
define g where"g i = f (i + (k + 1q from f_Suc_k have g_0: "g by (simp add: g_def) thus have"∀ by roof (rue not_i) with g_0 have "Γ⊨(cjava.lang.StringIndexOutOfBoundsException: Index 44 out of bounds for length 44
by imp ultimately
by auto
} moreover
{ fix assume s': "s'=Normal x"and f_k: "f k = (Seq Throw c\ f [of 0] f_0f_step [of ] from step [rule_format, of k] f_k s' obtain "Γ⊨
f_Suc_k: "f (k + 1) = (Throw,s')" by (fastforce elim: step_elim_cases intro: step.intros)
assume<\turnstile (Seq1 c)" have g_0: "g 0 = (Throw,s')" by (simp add: g_def) have "∀ : inf_def by (simp add: g_def) withg_0 🚫1 ( not_infI by (auto simp add: inf_def) with no_inf_Throw have ?thesis by auto
} ultimately show ?thesis by (autofixf next case False thenhave not_fin by have"∀ proof fix k from not_fin have "proofrulejava.lang.StringIndexOutOfBoundsException: Index 23 out of bounds for length 23 by simpassume f_0 0 = b by(fastforce: step step)
from infinite_computation_extract_head_Seq [F step f_0 this show"Γ⊨ qed with he have "Γ(cstep_elim_cases by thus ?thesis by simp qed qed
lemma split_inf_Catch: assumes inf_comp: "Γ⊨(Catch c1 cshow ?casease "Gamma>(cdots>
(∃s'. Γ⊨(cfixf proof - from inf_comp obtain f where
step:∀⊨Guard
f_0subst_redex by (auto simpby f_stepi.<<> i <ightarrowSuci)" from f_0 have head_f_0: "head (f 0) = (cjava.lang.NullPointerException by (simp add ?thesis show proofcases>. final (head (f i))") case True define k where "k = havelemmatep_redex apply (intro allI) show apply (drule not_less_Least) apply auto done from infinite_computation_extract_head_Catch [OF step f_0 this]
tain> <amma\ i
: java.lang.NullPointerException by blast "∧ from True have_ final (f k))" apply - apply (erule exE) apply (simp add: k_def) done moreover from f_0 conf [rule_format, of "k - 1"] obtain c' s' where f_k: "f k = (Catch c' cjava.lang.NullPointerException
moreover
from havesteps_head"<><turnstile>head (f 0) →* head (f k)" proof (induct k) case next case (Suc m) have step: "\<forallMLelim:ultim hence "∀i<m. hesis by auto hence"Γ⊨ head (f by (rule Suc.hyps) also from step [rule_format, of m] have "Γ head (f m) \rightarrow> head + 1" by simp finally show ?case by simp proof (r not_inI) { assumefi f with steps_head have "<><(c\^subsupjava.lang.StringIndexOutOfBoundsException: Index 9 out of bounds for length 9 using head_f_0 by(impfjava.lang.StringIndexOutOfBoundsException: Index 44 out of bounds for length 44 moreover from step [rule_format, of k] f_k obtain java.lang.NullPointerException f_Suc_k: "f (k + 1) = (Skip,s')" by (fastforce elim: step.cases intro: step.intros) from st [rule_fomat, o " +",simplif f_Suc_k have ?thesis by (rule no_step_final') (auto simp add: final_def) } moreover { fix x ume 's'=Norma x"and: atch<ub2, s')" with steps_head have "Γ⊨(cjava.lang.NullPointerException using head_f_0 by (simp adddef head_com_def moreover from step [rule_format, of k] f_k s' obtain"Γ⊨(Catch Throw cqed f_Suc_k: "f (k + 1) = (c\turnstile c2,s) → ) by (fastforce elim: step_elim_cases intro: step.intros)
define g where"g i = f (i + (k + 1)"i from f_Suc_k have g_0: "g 0 = (c2,s')" by (simp add: g_def) from step have"∀i. Γ⊨ step: "∀::nat. \Gamma>⊨i+1" annd
by (simp add: g_def)
with g_0 have "\<Gamma>\<turnstile>(c\<^sub>2,s') \<rightarrow> \<dots>(\<infinity>)"
by (auto: "head (f 0) = (\<sub1,s"
ultimately
have ?thesis using s'
by auto
ultimately
show ?thesis
by (auto simp add: final_def head_def head_com_def)
next caseFalse
then have not_fin: "\<forall>i. \<not> final (head (f i))"
blast
have "\<forall>i. \<Gamma>\<turnstile>head (f i) \<rightarrow> head (f (i + 1))"
proof
fix k
fromjava.lang.StringIndexOutOfBoundsException: Index 18 out of bounds for length 18
have "\<forall>i<(Suc k). \<not> final (head (f i))"
by simp
from infinite_computation_extract_head_Catch [OF step f_0 this drule)
show "\<Gamma>\<turnstile apply (simpadd: k_def)
qed
with head_f_0 have "\<Gamma>\<turnstile>(c\<^sub>1,s) \<rightarrow> \<dots>(\<infinity>)"
by (auto simp add: inf_def)
thus ?thesis
by simp
qedjava.lang.StringIndexOutOfBoundsException: Index 5 out of bounds for length 5
qed
lemma Skip_no_step: "Gamma\turnstile(Catch Skip c<sub2s)\rightarrow Skips'"java.lang.StringIndexOutOfBoundsException: Index 88 out of bounds for length 88
apply'java.lang.StringIndexOutOfBoundsException: Index 30 out of bounds for length 30
apply (simp add: final_def)
done
:\not\,)\rightarrowdots(<>"
proof (induct c)
}
?
proof
fix f
assume f_step: "\<And>i. \<Gamma>\<turnstile>f i \<rightarrow> f (Suc i)"
assumef_0: "f 0=( Stuck"
from f_step [of 0] f_0
ow False
by (auto elim: Skip_no_step)
qed
next case (Basic g)
thus ?case
(rulenot_infI
fix f
assume f_step: "\<And>i. \<Gamma>\<turnstile>f i \<rightarrow> f (Suc i)"
assume f_0: "f 0 = (Basic g, Stuck)"
from f_step [of 0] f_0 f_step [of 1]
show False
by (fastforce elim: Skip_no_step step_elim_cases)
qed
next case (Spec r)
thuscase
proof (rule not_infI)
x java.lang.StringIndexOutOfBoundsException: Index 9 out of bounds for length 9
assume f_step: "\<And>i. \<Gamma>\<turnstile>f i \<rightarrow> f (Suc i)"
assumefastforceelim:step_elim_cases:step.intros)
from f_step [of 0] f_0 f_step [of 1]
show False
by fastforceelim: step_elim_cases
qed
next case (Seq c\<^sub>1 c\<^sub>2)
show ?case
java.lang.StringIndexOutOfBoundsException: Range [25, 7) out of bounds for length 7
assume "\<Gamma>\<turnstile> (Seq c\<^sub>1 c\<^sub>2, Stuck) \<rightarrow> \<dots>(\<infinity>)"
from OF].hyps
show False
by (by(imp: g_def)
qed
ext case (Cond 0have\Gamma\<>c<sub2,'\rightarrow \\infinity (imp : inf_def)
showcase
proof (rule not_infI)
fix f
assume f_step: "\<And>i. \<Gamma>\<turnstile>f i \<rightarrow> f (Suc i)"
assume hence \not\exists. \<>i f( i ijava.lang.StringIndexOutOfBoundsException: Index 57 out of bounds for length 57
from f_step [of 0] f_0 f_step [of 1]
show False
by (fastforce elim: Skip_no_step step_elim_cases)
qed ultimately
next case (While b c)
proof (rule not_infI)
fix next
assume f_step: "\<And>i. \<Gamma>\<turnstile>f i \<rightarrow> f (Suc f0: " = (java.lang.StringIndexOutOfBoundsException: Range [19, 14) out of bounds for length 14
assume f_0: "f 0 = by blast
from f_step [of 0] f_0 f_step [of 1] False
by (fastforce elim: Skip_no_step step_elim_cases)
qed
next case (Call p)
show ?case
proof (rule not_infIhave "\foralli<Suck). \not final(( i"
fix
assume f_step: "\<And>i. by simpsimp
assume f_0: "f 0 = (Call p, Stuck)"
from f_step [of0] f_0 f_step [ 1]
show False
by (fastforce elim: Skip_no_step step_elim_cases)
qed
next case (DynCom d)
proof (rule not_infI)
fix f
assume f_step: "\<And>i. \<Gamma>\<turnstile>f i \ next
assume f_0: "f 0 = (DynCom d, Stuck)"
from f_step [of 0] f_0 f_step [of 1]
show False
by (fastforce elim: Skip_no_step step_elim_cases)
qed
next case (Guard m g c)
show ?case
proof (rule not_infI)
fix f
assume f_step: "\<And>i. \<Gamma>\<turnstile>f i \<rightarrow> f (Suc i)"
assume f_0: "f 0 = (Guard m g c, Stuck)"
from f_step [of 0] f_0 f_step [of 1]
show False
by (fastforce elim: Skip_no_step step_elim_cases)
qed
next caseThrow
show ?case
proof (rule not_infI)
fix f
assume f_step: "\<And>i. \<Gamma>\<turnstile>f i \<rightarrow> f (Suc i)"
assume f_0: "f 0 = (Throw, Stuck)"
from f_step [of 0] f_0 f_step [of 1]
show False
by (fastforce elim: Skip_no_step step_elim_cases)
qed
next case (Catch c\<^sub>1 c\<^sub>2)
show ?case
proof
assume "\<Gamma>\<turnstile> (Catch c\<^sub>1 c\<^sub>2, Stuck) \<rightarrow> \<dots>(\<infinity>)"
from split_inf_Catch [OF this] Catch.hyps
show False
by (auto dest: steps_Stuck_prop)
qed
qed
lemma not_inf_Fault: "\<not> \<Gamma>\<turnstile>(c,Fault x) \<rightarrow> \<dots>(\<infinity>)"
proof (induct c) case Skip
show ?case
proof (rule not_infI)
fix f
assume f_step: "\<And>i. \<Gamma>\<turnstile>f i \<rightarrow> f (Suc i)"
assume f_0: "f 0 = (Skip, Fault x)"
from f_step [of 0] f_0 False
by (auto elim: Skip_no_step)
qed
next case (Basic g)
thus ?case
proof (rule not_infI)
fix f
f_step \<> <Gamma<> <>f ( i"
assume f_0: "f 0 = (Basic g, Fault x)"
from f_step [of 0] f_0 f_step [of 1]
show False
by (fastforce elim: Skip_no_step step_elim_cases)
qed
next case (Spec r)
thus ?case
proof (rule not_infI)
fix f
assume f_step: "\<And>i. \<Gamma>\<turnstile>f i \<rightarrow> f (Suc i show java.lang.StringIndexOutOfBoundsException: Index 14 out of bounds for length 14
assume f_0: "f 0 = (Spec r, Fault x)"
from f_step [of 0] f_0 f_step [of 1]
showFalse
by (fastforce elim: Skip_no_step step_elim_cases)
next case (Seq c\<^sub>1 c\<^sub>2)
show ?case
proof
assume "\<Gamma>\<turnstile> (Seq c\<^sub>1 c\<^sub>2, Fault x) \<rightarrow> \<dots>(\<infinity>)"
from split_inf_Seq [OF this] Seq.hyps
show False
by (auto dest: steps_Fault_prop)
qed
next case (Cond b c\<^sub>1 c\<^sub>2)
show ?case
proof (rule not_infI)
fix f
assume f_step: "\<And>i. \<Gamma>\<turnstile>f i \<rightarrow> f (Suc i)"
assume f_0: "f 0 = (Cond b c\<^sub>1 c\<^sub>2, Fault x)"
from f_step [of 0] f_0 f_step [of 1]
show False
by (fastforce elim: Skip_no_step step_elim_cases)
qed
next case (While b c)
show ?case
proof (rule not_infI)
fix f
assume f_step: "\<And>i. \<Gamma>\<turnstile>f i \<rightarrow> f (Suc i)"
assume f_0: "f 0 = (While b c, Fault x)"
from f_step [of 0] f_0 f_step [of 1]
show False
by (fastforce elim: Skip_no_step step_elim_cases)
qed
next case (Call p)
show ?case
proof (rule not_infI)
fix f
assume f_step: "\<And>i. \<Gamma>\<turnstile proof (rule not_infI)
assume f_0: "f 0 = (Call p, Fault x)"
from
show False
by (fastforce elim: Skip_no_step step_elim_cases)
qed
next case (DynCom d)
show ?case
proof (rule not_infI)
fix f
assume f_step: "\<And>i. \<Gamma>\<turnstile>f i \<rightarrow> f (Suc i)"
assume f_0: "f 0 = (DynCom d, Fault x)"
from f_step [of 0] f_0 f_step [of 1]
show False
by (fastforce elim: Skip_no_step step_elim_cases)
qed
next case (Guard m g c)
show ?case
proof (rule not_infI)
fix f
assume f_step: "\<And>i. \<Gamma>\<turnstile>f i \<rightarrow> f (Suc i)"
assumef_0"f 0 =(Guardm gc,Fault x)"
from f_step [of 0] f_0 f_step [of 1]
show False
by (fastforce elim: Skip_no_step step_elim_cases)
qed
next caseThrow
show ?case
proof (rule not_infI)
fix f
assume f_step: "\<And>i. \<Gamma>\<turnstile>f i \<rightarrow> f (Suc i)"
assume f_0: "f 0 = (Throw, Fault x)"
from f_step [of 0] f_0 f_step [of 1]
show False
by (fastforce elim: Skip_no_step step_elim_cases)
qed
next case (Catch c\<^sub>1 c\<^sub>2) case
proof
assumeGamma<>(Catch\^> <>,Faultx)<ightarrow> <ots>(infinity"
from split_inf_Catch [OF this] Catch.hyps
show False
by (auto dest: steps_Fault_prop)
qed
qed
lemma not_inf_Abrupt: "\<not> \<Gamma>\<turnstile>(c,Abrupt s) \<rightarrow> \<dots>(\<infinity>)"
proof (induct c) case Skip
show ?case
proof (rule not_infI)
fix f
assume:"\Andi.\Gamma\turnstilefi \> Suci)
assume f_0: "f 0 = (Skip, Abrupt s)"
from f_step [of 0] f_0
show False
by (auto elim: Skip_no_step)
qed
next case (Basic g)
thus ? assume : \<>. <><turnstilef i \rightarrowf (Suci)
proof (rule not_infI)
fix f
assume f_step: "\<And>i. \<Gamma>\<turnstile>f i \<rightarrow> f (Suc i)"
assume f_0: "f 0 = (Basic g, Abrupt s)"
from f_step [of 0] f_0 f_step [of 1]
show False
by (fastforce elim: Skip_no_step step_elim_cases)
qed
next case (Spec r)
thus ?case
proof (rule not_infI)
fix f
assume f_step: "\<And>i. \<Gamma>\<turnstile>f i \<rightarrow> f (Suc i)"
assumef_0:f0 (pecr,brupt s)
from f_step [of 0] f_0 f_step [of 1]
show False
by (fastforce elim: Skip_no_step step_elim_cases)
qed
next case (Seq c\<^sub>1 c\<^sub>2)
show ?case
proof
java.lang.StringIndexOutOfBoundsException: Index 4 out of bounds for length 4
from split_inf_Seq [OF this] Seq.hyps
show False
by (auto dest: steps_Abrupt_prop)
qed
next case (Cond b c\<^sub>1 c\<^sub>applyerule'java.lang.StringIndexOutOfBoundsException: Index 30 out of bounds for length 30
show ?case
proof (rule not_infI)
f
assume f_step: "\<And>i. \<Gamma>\<turnstile>f i \<rightarrow> f (Suc i)"
assume f_0: "f 0 = (Cond b c\<^sub>1 c\<^sub>2, Abrupt s)"
from f_step [of 0] f_0 f_step [of 1]
show False
by (fastforce elim: Skip_no_step step_elim_cases)
qed
next case (While b c)
show?ase
proof (rule not_infI)
fix f
assume f_step: "\<And>i. \<Gamma>\<turnstile>f i \<rightarrow> f (Suc i)"
assume f_0: "f 0 = (While b c, Abrupt s)"
from f_step [of 0] f_0 f_step [of 1]
show False
by (case Basic
qed
next case (Call p)
showcase
proof (rule not_infI)
fix f
assume f_step:assumef_0 "f =( g )"
assume f_0: "f 0 = (Call p,ep[f1
from f_stepshow
show
by (fastforce elim: Skip_no_step step_elim_cases)
qed
next case (DynCom d)
show case(Spec)
proof (rule not_infI)
fix f
assume f_step: "\<And>i. \<Gamma>\<turnstile>f i \<rightarrow> f (Suc i)"
assume f_0: "f 0 = (DynCom d, Abrupt s)"
from f_step [of 0] f_0 f_step [of 1]
show False
by (fastforce elim: Skip_no_step step_elim_cases)
qed
next case (Guard m g c)
show ?case
proof (rule not_infI)
fix f
by(fastforce elim Skip_no_stepstep_elim_cases
assume f_0: "f 0 = (Guard m g c, Abrupt s)"
fromf_step ]f_0 [of
show False
( hyp_c1 <><Gamma<turnstile(Normal)rightarrow\<><nfinity>"byjava.lang.StringIndexOutOfBoundsException: Index 102 out of bounds for length 102
qed
next caseThrow
show ?case
proof (rule not_infI)
fix f
assume f_step: "\<And>i. \<Gamma>\<turnstile>f i \<rightarrow> f (Suc i)"
assume f_0: "f 0 = (Throw, Abrupt s)"
from f_step [of 0] f_0 f_step [of 1]
show frombf_step]f_0
by auto:steps_Stuck_prop)
qed
next caseautoelim)
show ?case
proof
assumeGamma< Catch<sub<sub s rightarrow>infinity>java.lang.StringIndexOutOfBoundsException: Index 106 out of bounds for length 106
from split_inf_Catch [OF this] Catch.hyps
by (auto dest: steps_Abrupt_prop)
qed
qed
theorem terminates_impl_no_infinite_computation:
assumes termi: "\<Gamma>\<turnstile>c \<down> s"
shows "\<not> \<Gamma>\<turnstile>(c,s) \<rightarrow> \<dots>(\<infinity>)" using termi
proof (induct)
Skip thus
proof (rule not_infI)
fix f
assume f_step: "\<And>i. \<Gamma>\<turnstile>f i \<rightarrow> f (Suc i)"
assumef_0:" 0 = Skip, "\Gamma>(,s\>^>*f"fact
fromwithseq show"<Gamma>\<turnstile>(, s \rightarrow\^> f Suc n)
show False
by (autoproofrulenot_infI)
qed
next case (Basic g s)
thus ?case
proof not_infI
f
assume f_step: "\<And>i. \<Gamma>\<turnstile>f i \<rightarrow> f (Suc i)"
fi fi iny \><() <>^>x < Gamma<> \rightarrow<up}
from f_step [of 0] f_0 f_step [of 1]
show False
by (fastforceelim: Skip_no_stepstep_elim_cases)
qed
next case (Spec r s)
thus ?case
proof (rulenot_infI
fix f
assume f_step: "\<And>i. \<Gamma>\<turnstile>f i \<rightarrow> f (Suc i)"
assume f_0:by( elim Skip_no_step step_elim_cases)
from f_step [of 0] f_0 f_step [of 1]
show False
by (fastforce elim: Skip_no_step step_elim_cases)
qed
next case (case Call)
show?case
have hyp: "\<not> \<Gamma>\<turnstile> (c, Normal s) \<rightarrow> \<dots>(\<infinity>)" apply (impaddinf_def
show ?case
proof (rule not_infI)
fixjava.lang.StringIndexOutOfBoundsException: Index 9 out of bounds for length 9
assume f_step: "\<And>i. \<Gamma>\<turnstile>f i \<rightarrow> f (Suc i)"
assume f_0: "f 0 = (Guard m g c, Normal s)"
by ( elim: Skip_no_step step_elim_cases
have1 =,java.lang.StringIndexOutOfBoundsException: Index 4 out of bounds for length 4
by (fastforce elim: step_elim_cases)
with f_step
have "\<Gamma>\<turnstile> (c, Normal s) \<rightarrow> \ case DynCom )
apply (simp add: inf_def)
apply=\>.f(uci"in )
by simp
with hyp show False ..
qed
next case (GuardFault s g m c)
haveg"s\<>g"byfact
show ?case
proof (rule not_infI)
fix f
assume
assume f_0: "f 0 = (Guard m g c, Normal s)"
from g f_step [of 0] f_0 f_step [of 1]
showFalse
by( elim: Skip_no_step step_elim_cases)
qed
next caseFault c)
thus ?case
by( )
next case (Seq c\<^sub>1 s c\<^sub>2)
show ?case
proof
assume "\<Gamma>\<turnstile> (Seq c\<^sub>1 c\<^sub>2, Normal s
from split_inf_Seq [OF this] Seq ?case
show False
byauto proof not_infI
qed
next
proof
have b: "s \<in> b" by fact
have hyp_c1: "\<not> \<Gamma>\ g where" assume"<Gamma\<turnstile ( b,ormal \<ghtarrow> \dots(<infinity>"
show ?case
proof (rule not_infI)
fix f
assume f_step: "\<And>i. \<Gamma>\<turnstile>f i \<rightarrow> f (Suc i)"
assume f_0: "f 0 = (Cond b c1 c2, Normal s)"
by(simp add: )
have "f 1 = (c1,Normal s)"
by (auto elim: step_Normal_elim_cases)
with f_step
have "\< f_0 " seq ) Call )
apply (simp add: inf_def)
apply (rule_tac x="\<lambda>i. f (Suc i)" in exI)
by simp
with hyp_c1 show False by simp
qed
next case (CondFalse s b c2 c1)
have b: "s \<notin> b" by fact
have hyp_c2: "\<not> \<Gamma>\<turnstile> (c2, Normal s) \<rightarrow> \<dots>(\<infinity>)" by fact
show ?case
proof (rule not_infI)
fix f
assume f_step: "\<And>i. \ by(induct i)(auto simp simp add: redex_subst_redexred_c)
assume f_0: "f 0 = (Cond b c1 c2, Normal s)"
from b f_step [of 0] f_0
have "f 1 = (c2,Normal s)"
by (auto elim: step_Normal_elim_cases)
with f_step
have "\<Gamma>\<turnstile> (c2, Normal s) \<rightarrow> \<dots>(\<infinity>)"
apply (simp add: inf_def)
apply (rule_tac x="\<lambda>i. f (Suc i)" inassume:"\<And>. \<Gamma>\<turnstile>f i \\<rightarrow> f (Suc i)
by simp
with hyp_c2 show False by simp
qed
next case (WhileTrue s b c)
have b: "s \<in> b" by fact
have hyp_c: "\<not> \<Gamma>\<turnstile> (c, Normal s) \<rightarrow> \<dots>(\<infinity>)" by fact
have hyp_w: "\<forall>s'. \<Gamma>\<turnstile> \<langle>c,Normal s\<rangle> \<Rightarrow> s' \<longrightarrow>
\<Gamma\turnstileWhile bc \downs'\and <not \Gamma\<> Whileb c, s' \rightarrow\<dots(<infinity"byfact
have not_inf_Seq: "\<not> \<Gamma>\<turnstile> (Seq c (While b c), Normal s) \<rightarrow> \<dots>(\<infinity> qed
proof
assume "\<Gamma>\<turnstile> (Seq c (While b c), Normal s) \<rightarrow> \<dots>(\<infinity>)" by
from split_inf_Seq [OF this] hyp_c hyp_w show
by (auto intro: steps_Skip_impl_exec)
qed
show ?case
proof
assume "\<Gamma>\<turnstile> (While b c, Normal s) \<rightarrow> \<dots>(\<infinity>)"
with f_step "\Gamma>\<turnstile> (c s Normal s)\<ightarrow> \<dots(<>)"
f_step: "\<And>i. \<Gamma>\<turnstile>f i \<rightarrow> f (Suc i)"and
f_0: "f 0 = (While b c, Normal s)"
( simpadd)
from f_step [of 0 apply ( x="<>i f(Suc i)" inexI)
have "f 1 = (Seq c (While b c),Normal s)"
by (auto elim: step_Normal_elim_cases)
with f_stepr' "' in>redexesc'
have "\<Gamma>\<turnstile> (Seq c (While b c), Normal s) \<rightarrow> \<dots>(\<infinity>)"
apply (simp add: inf_def)
apply (rule_tac x="\<lambda>i. f (Suc i)" in exI)
by simp
with not_inf_Seq show False by simp
qed
next case (WhileFalse s b c)
have b: "s \<notin> b" by fact
show ?case
proof (rule not_infI)
fix f
assume f_step: "\<And>i. \<Gamma>\<turnstile>f i \<rightarrow> f (Suc i)"
assume f_0: "f 0 = (While b c, Normal s)"
fromb f_step [of 0] f_0 f_step[f1
show False
by (fastforce elim: Skip_no_step step_elim_cases)
qed Call ?case
next case (Call p bdy s)
have bdy: "\<Gamma> p = Some bdy" by fact
hyp \not \<><urnstilebdyNormal)<rightarrow\dots(\infinity fact
show ?case
proof (rule not_infI)
fix f
assumef_step:"\<And>i.\Gamma\turnstile>f i\<<> fSuc i"
assume f_0: "f 0 = (Call p, Normal s)"
from bdy ?
havef 1=(,byfastforceintro .intros :step_elim_cases root_in_redexes)
by (auto elim: step_Normal_elim_cases
with f_step
have "show False
apply (simp add: inf_def)
apply r:"r = Catch c\<sub>1 c<^>2 \\<r r \<n> c\<^subjava.lang.StringIndexOutOfBoundsException: Index 5 out of bounds for length 5
by simp
with hyp show False by simp
qed
next case (CallUndefined p s)
have no_bdy: "\<Gamma> p = None" by fact
show ( c\sub1sc\^sub2))
proof (rule not_infI)
fix f
assume show?ase
assume f_0: "f 0 = (Call p, Normal s)"
from no_bdy f_step [of 0] f_0 f_step [of 1] next
show False
by (fastforce elim: Skip_no_step]
qed
next case (Stuck c)
show ?case
\^>:"<>\turnstile (uto intro: steps_Throw_impl_execjava.lang.StringIndexOutOfBoundsException: Index 44 out of bounds for length 44
next case (DynCom c s)
have"Gamma<turnstile (c\sub1 c\<sub2,s java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
show ?case
proof (rule not_infI)
fix f
assume f_step: "\<And>i. \<Gamma>\<turnstile>f i \<rightarrow> f (Suc i)"
assumef_0: 0 = (DynComc Normal)
from f_step [of 0] f_0
have "by (inductc) auto intro: stepSeq step)
by (auto elim: step_elim_cases)
with f_step have "\<Gamma>\<turnstile> (c s, Normal s) \<rightarrow> \<dots>(\<infinity>)"
apply (simp add: inf_def)
apply "<Gamma\turnstile r ss)<rightarrow\^>* ('s'java.lang.StringIndexOutOfBoundsException: Index 77 out of bounds for length 77
by simp
with hyp
show False by simp
qed
next case (Throw s) thus ?case "<>\turnstile> subst_redex cr',s'' \ightarrow\<^> ((subst_redexsubst_redexcr' ')
fix f
assume f_step: "\<And>i. \<Gamma>\<turnstile>f i \<rightarrow> f (Suc i)"
assume f_0: "f 0 = (Throw, Normal s)"
from f_stepf_step[ 0]
show False
by( step_elim_cases)
qed
next case (Abrupt c)
show ?case
by (rule not_inf_Abrupt)
next case (Catch c\<^sub have "\<>\<turnstile> (subst_redex c r s) \<rightarrow> (subst_redex c r'' s')"java.lang.StringIndexOutOfBoundsException: Index 90 out of bounds for length 90
show ?case
proof
assume "\<Gamma>\<turnstile> (Catch c\<^sub>1 c\<^sub>2, Normal s) \<rightarrow> \<dots>(\<infinity>)"
from[ ]Catch
show False
by (auto
qed
qed
definition
termi_call_steps :: "('s,'p,'f) body \<Rightarrow> (('s \<times> 'p) \<times> ('s \<times> 'p))set"
where "termi_call_steps \<Gamma> =
{((t,q),(s,p)). \<Gamma>\<turnstile>Call p\<down>Normal[(("a"0,Position),(aa,ab") (("b, ),Position) "babb) []
\<existsc.\<><turnstile>Call, s <rightarrow<sup+ c,ormal)\ thmtrancl_induct)java.lang.StringIndexOutOfBoundsException: Index 29 out of bounds for length 29
primrec subst_redex:: "('s,'p,'f)com \<Rightarrow> (lemma steps_redex'
where " c= "java.lang.StringIndexOutOfBoundsException: Index 26 out of bounds for length 26 "subst_redex (Basic f) c = c" | "subst_redex (Spec r) c = c" | "subst_redex (Seq c\<^sub>1 c\<^sub>2) c = Seq (subst_redex c\<^sub>1 c) c\<^sub>2" | "subst_redex (Cond b c\<^sub>1 c\<^sub>2) c = c" | "subst_redex (While b c') c = c" | "subst_redex (Call p) c = c" | "subst_redex (DynCom d) c = c" | "subst_redex (Guard f b c') c = c" \subst_redex)>subst_redex,s)java.lang.StringIndexOutOfBoundsException: Index 92 out of bounds for length 92 "subst_redex (Throw) c = c" |
subst_redexCatch>\^>) c\^>)c<>2java.lang.StringIndexOutOfBoundsException: Index 87 out of bounds for length 87
caseTrans r'') "subst_redex c (redex c) = c"
by (induct c) auto
lemma redex_subst_redex: "redex (subst_redex c r) = redex r"
by (induct c) auto
lemma step_redex':
shows "\<Gamma>\<turnstile>(redex c,s) \<rightarrow> (r',s') \<Longrightarrow> \<Gamma>\<turnstile>(c,s) \<rightarrow> (subst_redex c r',s')"
by (induct c) (auto intro: step.Seq step.Catch)
lemma where
shows "\<Gamma>\<turnstile>(r,s) \<rightarrow> (r',s') \<Longrightarrow> \<Gamma>\<turnstile>(subst_redex c r,s) \<rightarrow> (subst_redex c r',s')"
by (induct c) (auto intro: step.Seq step.Catch)
steps_redex
assumes steps: "\<Gamma>\<turnstile> (r, s) \<rightarrow>\<^sup>* (r', s')"
shows "\<And>c. \<Gamma>\<turnstile>(subst_redex c r byiprover using steps
proof (induct rule: converse_rtranclp_induct2 [case_names Refl show case Refl
showGamma\turnstile(subst_redex ' s' <rightarrow<sup* subst_redexcr' s)java.lang.StringIndexOutOfBoundsException: Index 97 out of bounds for length 97
by simp
next case (Trans (uleexI =]rule) using java.lang.StringIndexOutOfBoundsException: Index 9 out of bounds for length 9
step_redex [OFthis
have "\<Gamma>\<turnstile> (subst_redex c r, s) \<rightarrow> (subst_redex c r'', s'')".
also
have "\<Gamma>\<turnstile> (subst_redex c r'', s'') \<rightarrow>\<^sup>* (subst_redex c r', s')" by fact
finally show ?case .
qed
ML \<open>
ML_Thms.bind_thm ("trancl_induct2", Split_Rule.split_rule @{context}
(Rule_Insts.read_instantiate @{context}
[((("a", "b 0 \<Longrightarrow> \existsf.f 0= <and> (\forall>i.( i f Suc) \in> )java.lang.StringIndexOutOfBoundsException: Index 102 out of bounds for length 102
@{thm trancl_induct}));
<
lemma steps_redex':
assumes steps: "\<Gamma>\<turnstile> (r, s) \<rightarrow>\<^sup>+ (r', s')"
cr's')" using steps
proof (induct rule: tranclp_induct2 case (Step r by (cases i)auto
have "\<Gamma>\<turnstile> (r, s) \<rightarrow> (r', s')" by fact
thencase showthen
by (rule step_redex)
then show "\<Gamma>\<turnstile> (subst_redex c r, s) \<rightarrow>\<^sup>+ (subst_redex c r', s')"..
ext case (Trans r' s' r'' s'')
have "\<Gamma>\<turnstile> (subst_redex c r, s) \<rightarrow>\<^sup>+ (subst_redex c r', s')" by fact
also
have "\<Gamma>\<turnstile> (r', s') \<rightarrow> (r'', s'')" by fact
hence "\<Gamma>\<turnstile> (subst_redex c r', s') \<rightarrow> (subst_redex c r'', s'')"
by (rule
finally show "\<Gamma>\<turnstile> (subst_redex c r, s) \<rightarrow>\<^sup>+ (subst_redex c r'', s'')" .
qed
primrec seq:: "(nat \<Rightarrow> ('s,'p,'f)com) \<Rightarrow> 'p \<Rightarrow> nat \<Rightarrow> ('s,'p,'f)com"
where "seq c p 0 = Call p" | "seq c p (Suc i) = subst_redex (seq c p i) (c i)"
lemma renumber':
assumes f: "\<forall>i. (a,f i) \<in> r\<^sup>* \<and> (f i,f(Suc i)) \<in> r"
assumes a_b: "(a,b) \<in> r\<^sup>*"
shows " \<orall \+<sup>ay<> Pa<> Py using a_b
induct:converse_rtrancl_inductconsumes ]
assume "b = f 0"
with show\>f f0 b \and\<> fi, f Suc \in> r"
by blast
next
fix a z
assume a_z: "(a, z) and> <Gamma\turnstilex <rightarrow\<sup+ }java.lang.StringIndexOutOfBoundsException: Index 148 out of bounds for length 148
assume "b = f 0 \<Longrightarrow> \<exists>f. f 0 = z \< apply blast "b = f 0"
then obtain f where f0: "f 0 = z"and seq: "\<forall>i. (f i, f (Suc i)) \<in> r"
by iprover
{
fix i have "((\<lambda>i. case i of 0 \<Rightarrow> a | Suc i \<Rightarrow> f i) i, f i) \<in> r" using seq a_z f0
by (cases i) auto
}
then
show " terminates_impl_no_infinite_trans_computation
by-(ruleexI wherex"\<lambdai.case 0 \<> a \Rightarrow>f i"simpjava.lang.StringIndexOutOfBoundsException: Index 102 out of bounds for length 102
lemma renumber: "\<forall>i. (a,f i) \<in> r\<^sup>* \<and> (f i,f(Suc i)) \<in> r
\<Longrightarrow> \<exists>f. f 0 = a \<and> (\<forall>i. (f i, f(Suc i)) \<in> r)"
by (blast dest:renumber')
lemma wf{(y x)<><>c,)\rightarrow\^> and\<amma\turnstile <rightarrowy} "\<forall>y. r\<^sup>+\<^sup>+ a y \<longrightarrow> P a \<longrightarrow> P y
\<Longrightarrow> ((b,a) \<in> {(y,x). P x \<and> r x y}\<^sup>+) = ((b,a) \<in> {(y,x). P x \<and> r\<^sup>+\<^sup>+ x y} fixf
assume "\<forall>i. \Gamma>\<turnstile>(cs \<>\<^>* fi\and
apply clarify
apply(erule trancl_inductjava.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
apply blast
apply( :tranclp_trans
apply clarify
apply(erule tranclp_induct)
apply blast
apply(blast intro:trancl_trans)
one
corollary terminates_impl_no_infinite_trans_computation:
assumes terminates: \<><urnstilec\\<>"
shows "\<not>(\<exists>f. f 0 = (c,s) \<and> (\<forall>i. \<Gamma>\<turnstile>f i \<rightarrow>\<^sup>+ f(Suc i)))"
proof -
have "wf({(y,x). \<Gamma>\<turnstile>(c,s) \<rightarrow>\<^sup>* x \<and> \<Gamma>\<turnstile>x \<rightarrow> y}\<^sup>+)"
( )
show " (\<>c. <Gamma>\turnstile ( p Normal (simpaddwf_iff_no_infinite_down_chain
java.lang.StringIndexOutOfBoundsException: Index 14 out of bounds for length 14
f
assume "\<forall>i. \<Gamma>\<turnstile>(c,s) \<rightarrow>\<^sup>* f i \<and> \<Gamma>\<turnstile>f i \ assume"\exists.f(:at (,s)\and<>. Gamma\turnstile> \rightarrow\^> f( ))
hence "\<exists>f. f (0::nat) = (c,s) \<and> fwhere
by (rule renumber [to_pred])
moreover from terminates_impl_no_infinite_computation [OF terminates]
have "\<not> (\<exists>f. f (0::nat) = seq: pwherepi =(snd (f):b)"for
by (simp add: inf_def)
by simp"existsf.\foralli ( (Suci, i \in {, x) \Gamma\<turnstile>(, s \<ightarrow>\^> haveinf:"i \>turnstile (p \>Normal(s <and
qed
qed "\not> \exists>f\<forall>i ( proof( exI[where=]allI)
\<in> {(y, x). \<Gamma>\<turnstile>(c, s) i
by (simp add: wf_iff_no_infinite_down_chain)
thusthesis
proof (rule contrapos_nn) "<>f 0:at (,s <> (\foralli <Gamma>turnstile> ii i)"
then obtain f where
f0 " =c,s)and
seq: "\<forall>i. \<Gamma>\<turnstile>f i \<rightarrow>\<^sup>+ f (Suc i)"
by iprover
show "\<exists>f. \<forall>i. (f (Suc i), f i) \<in> {(y, x). \<Gamma>\<turnstile>(c, s) \<rightarrow>\<^sup>* x \<and> \<Gamma>\<turnstile>x \<rightarrow> y}\<^sup>+"
proof (rule exI [where x=f],rule allI)
fixjava.lang.StringIndexOutOfBoundsException: Index 11 out of bounds for length 11
show "(f case (uc njava.lang.StringIndexOutOfBoundsException: Index 24 out of bounds for length 24
{
fix i have "\<Gamma>\<turnstile>(c,s) \<rightarrow>\<^sup>* f i"
proofinduct ) case0 show "\<Gamma>\<turnstile>(c, s) \<rightarrow>\<^supjava.lang.StringIndexOutOfBoundsException: Index 13 out of bounds for length 13
by (simp add: f0)
next case (Suc n)
have "\<Gamma>\<turnstile>(c, s) \<rightarrow>\<^sup>* f n" by fact
with seq show "\<Gamma>\<turnstile>(c, s) \<rightarrow>\<^sup>* f (Suc n)"
by (blast intro: tranclp_into_rtranclp rtranclp_trans)
qed
}
hence<>\<turnstilecs)\rightarrowsup i
byjava.lang.StringIndexOutOfBoundsException: Index 20 out of bounds for length 20
with seq have "(f (Suc i), f i) \<in> {(y, x). \<Gamma>\<turnstile>(c, s) \<rightarrow>\<^sup show ?thesis
by clarsimp
moreover
\forally.\Gamma\turnstile>fi\rightarrow\^+y<><><>c,s < by(subst
by (blast intro: tranclp_into_rtranclp rtranclp_trans)
ultimately
qed
by (subst lem )
qed
qed
qed
qed
theorem wf_termi_call_steps: "wf (termi_call_steps \<Gamma>)"
proof (simp only: termi_call_steps_def wf_iff_no_infinite_down_chain,
clarify,simp)
fix f
by blast
\<Gamma>\<turnstile>Call p \<down> Normal s \<and>
(> Gamma>Callp, \rightarrow<sup+(c, Normal t)\<and c Callq)
( Suc))(f i"
define s where "s i = fst (f i)"for i :: nat
define p where "p i = (snd (f i)::'b)"for i :: nat
from inf
have inf': "\<forall>i. \<Gamma>\<turnstile>Call (p i) \<down> Normal (s i) \<and>
(\<exists>c. \<Gamma>\<turnstile> (Call (p i), Normal (s i)) \<rightarrow>\<^sup>+ (c, Normal (s (i+1))) \<and>
redex c = Call (p (i+1)))"
apply -
apply (rule allI)
apply (erule_tac x=i in allE)
apply (auto simp add: s_def p_def)
done
show False
proof -
from inf'
ve "\exists>c.forall>i\<Gamma><urnstileCall ( )<> Normal (s i)<andjava.lang.StringIndexOutOfBoundsException: Index 92 out of bounds for length 92
\<Gamma>\<turnstile> (Call (p i), Normal (s i)) \<rightarrow>\<^sup>+ (c i, Normal (s (i+1))) \<and>
redex (c i) = Call (p (i+1))"
apply -
apply (rule choice)
by blast
then obtain c where
termi_c: "\<forall>i. \<Gamma>\<turnstile>Call (p i) \<down> Normal (s i)"and
steps_c: "\<forall>i. \<Gamma>\<turnstile> (Call (p i), Normal (s i)) \<rightarrow>\<^sup>+ (c i, Normal (s (i+1)))"and
red_c: "\<forall>i. redex (c i) = Call (p (i+1))"
by auto
define g where "g i = (seq c (p 0) i,Normal (s i)::('a,'c) xstate)"for i
from red_c [rule_format, of 0] 0 ( p0 Normal0)"
by (simp add: g_def)
moreover
{
fix i
have "redex (seq c (p 0) i) = Call (p i)"
( i) autosimp add redex_subst_redex)
from this [symmetric]
have "subst_redex (seq c (p 0) i) (Call (p i)) = (seq c (p 0) i)"
by (simpapply (ule choice
} note subst_redex_seq = this
have "\<forall>i. \<Gamma>\<turnstile> (g i) \<rightarrow>\<^sup>+ (g (i+1))"
proof
fixjava.lang.StringIndexOutOfBoundsException: Index 11 out of bounds for length 11
from steps_c [rule_format, of i]
have "\<Gamma>\<turnstile> (Call (p i), Normal (s i)) \<rightarrow>\<^sup>+ (c i, Normal (s (i + 1)))".
from steps_redex'definegwhere "gi seq c Normal :(,c)xstate) i
have "\ from [rule_format of0 " = ( 0) s)"
hence "\<Gamma>by(simpadd g_def)
(seq c (p 0) (i+1), Normal
by (simp add: subst_redex_seq)
thus "<Gamma\turnstile g i) \>\^>+( (+1))
by (simp addhaveredexseqcp ))= ( )
qed
moreover
from terminates_impl_no_infinite_trans_computation [OF termi_c [rule_format, of 0]]
i False
by fromsteps_c [ of]
qed
qed
lemma no_infinite_computation_implies_wf:
assumes not_inf: "\<not> \<Gamma>\<turnstile> (c, s) \<rightarrow> \<dots>(\<infinity>)"
shows "wf {(c2,c1). \<Gamma> \<turnstile> (c,s) \<rightarrow>\<^sup>* c1 \<and> \<Gamma> \<turnstile> c1 \<rightarrow> c2}"
proof (simp only: wf_iff_no_infinite_down_chain,clarify, simp)
fix f
\forall\Gamma\turnstile>c,s)\<><sup* i <><Gamma\turnstile i\<> Suc)java.lang.StringIndexOutOfBoundsException: Index 130 out of bounds for length 130
hence "\<exists>f. f 0 = (c, s) \<and> (\<forall>i. \<Gamma>\<turnstile>f i \<rightarrow> f (Suc i))"
by( renumber[to_pred])
moreover from not_inf
have "\<not> (\<exists>f. f 0 = (c, s) \<and> (\<forall>i. \<Gamma>\<turnstile>f i \<rightarrow> f (Suc i)))"
simpaddinf_def)
ultimately show False
by simp
qed
lemma not_final_Stuck_step: "\<not> final (c,Stuck) \<Longrightarrow> \<exists>c' s'. \<Gamma>\<turnstile> (c, Stuck) \<rightarrow> (c',s')"
by (induct c) (fastforce intro: step.intros simp add: final_def)+
lemma not_final_Abrupt_step: "\<not> final (c,Abrupt s) \<Longrightarrow> \<exists>c' s'. \<Gamma>\<turnstile> (c, Abrupt s) \<rightarrow> (c',s')"
by (induct c) (fastforce intro: step.intros simp add: final_def)+
not_final_Fault_step "\<not> final (c,Fault f) \<Longrightarrow> \<exists>c' s'. \<Gamma>\<turnstile> (c, Fault f) \<rightarrow> (c',s')"
by (induct c) (fastforce intro: step.intros simp add: final_def)+
lemma not_final_Normal_step:
grightarrow\existsc's' \<Gamma>\<turnstile> (c, Normal s) \<rightarrow> (c',s')"
proof (induct c) case Skip thus ?case by (fastforce intro: step.intros simp add: final_def)
next case Basic thus ?case by (fastforce intro: step.intros)
next case (Spec r)
thus ?case
by (cases "\<exists>t. (s,t) \<in> r") (fastforce intro: step.intros)+
java.lang.StringIndexOutOfBoundsException: Index 4 out of bounds for length 4 case (Seq c\<^sub>1 c\<^sub>2)
thus ?case
by c\sub,Normal" (fastforce : .ntros add )
next case (Cond b c1 c2)
java.lang.StringIndexOutOfBoundsException: Index 12 out of bounds for length 12
by (cases "s \<in> b") (fastforce intro: step.intros)+
next case (While b c)
show ?case
by (cases "sqed
next case (Call p)
show ?case
by (cases "\<Gamma> p") (fastforce intro: step.intros)+
next case DynCom thus ?case by (fastforce intro: step.intros)
next case (Guard f g c)
show ?case
by("\<>g)(fastforce:.intros)
next caseThrow
thus ?case by (fastforce intro: step.intros simp add: final_def)
next case (Catch c\<^sub>1 c\<^sub>2)
thus ?case
by ( (induct) ( intro step. simpadd:)
qed
al_termi "final (c,s) \<Longrightarrow> \<Gamma>\<turnstile>c\<down>s"
by (cases s) (auto simp add: final_def terminates.intros)
lemma split_computation:
assumes steps: "\<Gamma>\<turnstile> (c, s) \<rightarrow>\<^sup>* (c\<^sub>f, s\<^sub>f)"
assumes not_final: "\<not> final (c,s)"
assumesfinal " (c\^subf,s<sub>)"
shows "\<exists>c' s'. \<Gamma>\<turnstile> (c, s) \<rightarrow> (c',s') \<and> \<Gamma>\<turnstile> (c', s') \<rightarrow>\<^supjava.lang.StringIndexOutOfBoundsException: Index 4 out of bounds for length 4 using steps not_final final
( :converse_rtranclp_induct2case_names ]java.lang.StringIndexOutOfBoundsException: Index 70 out of bounds for length 70 case Refl thus ?case by simp
next case (Trans c s c' s')
thus ?case by auto
qed
lemma wf_implies_termi_reach_step_case:
assumes hyp: "\<And>c' s'. \<Gamma>\<turnstile> (c, Normal s) \<rightarrow> (c', s') \<Longrightarrow> \<Gamma>\<turnstile>c' \<down> s'"
shows "\<Gamma>\<turnstile>c \<down> Normal s" using hyp
proof (induct c) case Skip show ?case by (fastforce intro: terminates.intros)
next case Basic show ?case by (fastforce intro: terminates.intros)
next case (Spec r)
show ?case
by (cases "\<exists>t. (s,t)\<in>r") (fastforce intro: terminates.intros)+
next case (Seq c\<
have hyp: "\<And>c' s'. \<Gamma>\<turnstile> (Seq c\<^sub>1 c\<^sub>2, Normal s) \<rightarrow> (cjava.lang.StringIndexOutOfBoundsException: Index 3 out of bounds for length 3
show?
proof (rule terminates.Seq)
{
fix c' s'
assume\<sub>: "\Gamma\turnstile c\^>1 Normal )\<ightarrow c's)"
have "\<Gamma>\<turnstile>c' \<down> s'"
proof -
moreover
have<>< '\>r',s')byfact
by step_redexes r'obtainc'where
from OFthis
have "\<Gamma>\<turnstile>Seq c' c\<^sub>2 \<down> s'".
thus "\<Gamma>\<turnstile>c'\<down> s'"
by cases auto
qed
}
from Seq.hypsassumes final: "inal c\sub>f,<^>f)
show "\<Gamma>\<turnstile>c\<^sub>1 \<down> Normal s".
nextby (induct) fastforce intro stepintros simp :by :"<>\<>(r,,s)\<ightarrow(r'," "<>s'. <>\turnstile <langle>c\ ( : converse_rtranclp_induct2 [case_names Trans]java.lang.StringIndexOutOfBoundsException: Index 70 out of bounds for length 70
proof (intro allI impI)
fix s'
assume exec_c\<^sub case (Trans c ssc's')
show "\<Gamma>\<turnstile>c\<^sub>2 \<down> s'"
proof caseTrue
hence"c\^sub>1=Skip \<or> java.lang.StringIndexOutOfBoundsException: Index 36 out of bounds for length 0
by (simp add: final_def)
thus ?thesis
proof
assume Skip: "c\<^ (induct c)
have "\<Gamma>\<turnstile> \<existsc' <Gamma\<turnstile(,)\rightarrow><sup*(c's)\and r'c\^sub>2 <> redexes c"
by (rule step.SeqSkipusing
from proofinduct: converse_rtranclp_induct2 case_names Trans
have\><>\<sub <>Normal.
moreover from exec_c\<^sub>1showcase
have "'Normal"
by( elimexec_Normal_elim_cases
ultimately
next
assume Throw: "c\<^sub>1=Throw"
withexec_c^>1s=Abrupts""
by (auto elim: exec_Normal_elim_cases)
thus ?thesis
byauto
qed
next caseFalse
from exec_impl_steps [OF exec_c\<^sub>1]
obtain c\<^>f t where
steps_c\<^sub>1: "\<Gamma>\<turnstile> (c\<^sub>1, Normal s) \<rightarrow>\<^sup>* (c\<^sub>f, t)"and
: s
Abrupt x \<Rightarrow> c\<^sub>f = Throw \<and> t = Normal x
| _ \<Rightarrow> c\<^sub>f = Skip \<and> t = s')"
by (fastforce split: xstate.splits)
with fin have final "final (c\<^>f,t)"
by (cases s') (auto simp add: final_def)
from split_computation [ r' "Seq 'c<sub \nstileSeq\sub> c\^sub2, srightarrow> java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
obtain c'' s'' where
first: "\<Gamma>\<turnstile> (c\<^sub>1, Normal s) \<rightarrow> (c'', s'')"and
showcase
byjava.lang.StringIndexOutOfBoundsException: Index 18 out of bounds for length 18
from step.Seq [OF first]
have "\<Gamma>\<turnstile> (Seq c\<^sub>1 c\<^sub>2, Normal s) \<rightarrow from Seq.yps ( [OF this]
from hyp [OF this]
termi_s:\><> ' \<sub>\<down> s''"
show ?thesis
proof (cases s'') case (Normal shows "\And>. Seqrc<^ub>2 <> redexes c
from termi_s\> exists<>turnstile, <><sup(''\and'c<sub2 <in redexesc"
have ><urnstile\sub?
( " c<>, s"
show True
proof c<>1Skiporc 's r's') case False
Trans c' by (cases s') auto from steps_Skip_impl_exec [OF rest [simplified this]] Normal have"Γc'',Normal x⟩ by simp from term<> [rule_format, OF this] show "Γ⊨
case True with fin obtain x' where s': "s'=Abrupt x'"and by auto from steps_Throw_impl_exec [OF rest [simplified this]] Normal have"\Gamma>\<turnstile c'',Normal x⟩ by simp from termi_c2 [rule_format, OF this] s' w \<>\ qed next case (Abrupt x) from steps_Abrupt_pro[OF rest this] have "t= step<><le, assumes: "Catch r c\<^>2<^sub>1: "<><turnstile> (c* (c\<turnstilec, rightarrow (c',s')\and> Catch2∈ c'" by (cases s') auto "Gammac\sub2↓
finfinalf,t)" next case (Fault f) from steps_Fault_prop [OF rest this] have "t=Fault f" by simp with fin have "s'=Fault f" by (cases s') auto thus "<⊨cs'" by auto next case Stuck teps_Stuck_prop[F rest this] have "t=Stuck" by simp with fin have "sStuck by (cases s') auto thus⊨2↓s by auto qed qed qed qed next case have hyp: "∧c' s'. Γ⊨o show ?case proof (cases "s∈b") by ba case True then have "Γ byrule.CondTrue from hyp [OF this] have java.lang.NullPointerException assassu steps: "Gamma⊨\^>(' s)java.lang.StringIndexOutOfBoundsException: Index 77 out of bounds for length 77 by (auto [OF [simplified]] java.lang.StringIndexOutOfBoundsException: Index 73 out of bounds for length 73 next case False thenhave java.lang.NullPointerException by (rule step.CondFalse) from hfrom termi_\^ [rl_fra, F this] ' with False show ?thesis by (auto intro: terminates.intros) qed next case (While b c) have hyp: "∧ show ?case proof (cases "s∈b") case True thenhave"Γ by (rule step.WhileTrue) from hyp [OF this] have "Γ⊨(Seq c (While b c)) ↓ Normal s".thus\<>< with True show ?thesis by (auto elim: terminates_Normal_elim_cases intro: terminates.intros) next case False thus ?thesis by (auto intro: terminates.intros) qed next case (Call p) yp "\Andc s' <><>( Γc' ↓ show ?case proof (cases "Γ case None thus ?thesis by (auto intro: terminates.intros) next case (Some bdy) then rom stp_tuck_prkpop[O r by (rule step.Call) from hyp [OF this] have "Γ⊨bdy ↓ Normal s". with Some show ?thesis by (auto intro: terminates.intros) qed next case (DynCom c) : "<> ' \Gamma>⊨ (DynCom c, Normal s) → (c', s') ==>) java.lang.StringIndexOutOfBoundsException: Index 20 out of bounds for length 20 have"Γ by (rule step.DynCom) from hyp [OF this] have "Γ⊨ctarrow \^> sub2) thenshow ?case by (auto intro: terminates.intros) next case (Guard f g c) have hyp: "∧c' s'. Γ⊨ (Guard f g c, Norma show ?case proof (cases "s∈g") case True then have "Γ⊨ (Guard f g c, Normal s) → (c, Normal s)" by (rule step.Guard) from hyp [OF this] have "Γ⊨c↓ Normal s". with True show ?thesis by (auto intro: terminates.intros) next case False thus ?thesis by (auto intro: terminates.intros) qed next case Throw show ?case by (auto intro: terminates.intros) next case (Catch c1 (auintro: terminates.intros) have hyp: "∧ case proof (rule terminates.Catch have><turnstile> (Cond c1 c2, Normal s) → (c2, Normal s)" { fix c' s' assume step_c1: "Γ⊨2↓ s". have "Γ⊨c' ↓ s'" proof - from step_c1 have "Γ⊨ by (rule step.Catch) from hyp [OF this]
java.lang.StringIndexOutOfBoundsException: Index 87 out of bounds for length 65 thus"Γ by cases auto qed } from Catch.hyps (1) [OF this] show "Γ⊨c\<turnstileb) Normal s".
show "∀minates proofnext
assume exec_cthus
(nates proof (cases java.lang.NullPointerException case True with exec_c1 have Throw: "c1=Throw" (auto simp add: final_defelim: exec_Normal_el) have "Γ⊨(Catch Throw ccase by (rule step.CatchThrow) from [simplified, OF] have"Γ⊨ moreover from exec_c1 Throw have "s'=s" by (auto elim: exec_Normal_elim_cases) ultimately show ?thesis by simp next case False from exec_impl_steps [OF exec_c\^] obtain cf t where steps_c1: "Γ⊨ (c<> by (fastforce split: xstate.splits) from split_computation [OF steps_c1 False] obtain c'' s'' where
first: "Γ⊨sho?ca rest: "Γ⊨ (c'', s'') →)fastforce by (auto simp add: final_def) from step.Catch [OF first] have java.lang.NullPointerException from hyp [OF this] have "ΓCatchc^2↓ s''" moreover from steps_Throw_im [OF rest] have "Γ⊨DynCom moreover from rest obtain x where"s''=Normal x" by (cases s'')
(auto dest: steps_Fault_prop steps_Abrupt_prop steps_Stuck_prop) ultimatelyshow ?thesis by (fastforce elim: terminates_elim_cases) qed qed qed qed
lemma: assumes wf: "wf {(cfg2,cfg1). Γ \<turnstile (Guard f g c, Normal s) \<ightarrow shows "∧c1 s1thus ( intro :final_def using wf proof (induct cfg1, simp fix c1 s1 assume reach: "Γ1 c\sub) assume hyp_raw: "qed [Γ⊨ ==> Γ⊨c2 ↓ s2" havehyp: "AndGamma>c1 → apply - apply (rule next apply assumption using apply simp apply (rule refl) done
showc1 \> proof (cases s1) case (Normal s1') withp_casemal show ?thesis by auto qed (auto intro: terminates.intros) qed
theorem no_infinite_computation_impl_terminatessplit_computation assumes not_inf: "¬ "<amma⊨c↓s" proof - from no_infinite_computation_implies_wf [OF not_inf] have wf: "wf {(c2, c1). Γ⊨(c, s) →\>c1 c2}". show ?thesis by (rule wf_implies_termi_reach [OF wf]) auto qed
text‹
an important lemma for the completeness proof of the Hoare-logic for
correctness we need a generalisation of @{const "redex"} that not only
tself blf butt all thhe enclosingstatements as well. ›
primrec redexes:: "('s,'p,'f)com ==> ('s,'p,'f) proof (cases "final<sub,Normal s)") where
"redexes Skip = {Skip}" |
"redexes (Basic f) = {Basic f}" |
"redexes (Spec r) = {Spec r}" |
"redexes (Seq c1 chaveThrowcjava.lang.NullPointerException
java.lang.NullPointerException
"redexes (While b c) = {While "redexes (Call p) = {Call p}" | "redexes (DynCom d) = {DynCom d}" | "redexes (Guard f b c) ) ={Guard f b c}" "redexes (Throw) = {Throw}" | "redexes (Catch ch "ΓcNormal.
lemma root_in_redexes: "c ∈ redexes c" apply (induct c) apply auto done
lemma redex_in_redexes: "redex c ∈ case Fa apply auto done
lemma redex_redexes: "∧c' ∈ redex apply (induct c) apply auto done
lemma step_redexes: shows" c ==>∃c'. Γ⊨⊨1, Normal s) → and proof (induct c) case Skip thus ?case by (fastforce intro: step.intros elim: step_elim_cases) next case Basic thus ?case by (fastforce intro: step.intros elim: step_elim_cases) next case Spec thus ?case by (fastforce intro: step.intros elim: step_elim_cases) next
java.lang.NullPointerException have "r "ΓCatch c'' cs''". hence r: "r = Seq c1 c2∨ by simp have step_r: "Γ⊨ (r, s) → (r', s')" by fact from r show ?case proof assume "r = Seq c1 c2" with step_r show ?case by (aauto simp add: root_in_rexes) next assume r: "r ∈ redexes c1" from Seq.h (1 [OFstep_r this] obtain c' where step_c1: "Γ⊨ (c1, s) → (c', s')" and r': "r' ∈ by blast from have"Γ with r' show ?case by auto qed next case Cond thus ?case by (fastforce intro: step.intros elim: step_elim_cases simp add: root_in_redexes) next case While thus ?case by (fastforce intro: step.intros elim: step_elim_cases simp add: root_in_redexes) next case Call Call ththus ?case by (fastforce intro: step.intros elim: step_elim_cases simp add: root_in_redexes) next case DynCom thus ?case by (fastforce intro: step.intros elim: step_elim_cases simp add: root_in_redexes) next case Guard thus ?case by (fastforce intro: step.intros elim: step_elim_cases simp add: root_in_redexes) next case Throw thus ?case by (fatforce intro: ste.introselim: tep_elim simp add: root_in_redexes) next case (Catch c1 c2) have "r ∈ redexes (Catch cproofs1 hence r: java.lang.NullPointerException by simp have step_r: "proof allI from r show ?case proof assume java.lang.NullPointerException with step_r show ?case by (auto simp add: root_in_redexes) next assume r: "r ∈show\^<s" from Catch.hyps (1) [OF step_r this] obtain c' where step_c1: "Γ⊨ (c1, s) →
r': "r' ∈ redexes c'" byhencec<>=Skip=" from step.Catch [OF step_c{(c2, c1). Γ(c, s) →\<turnstil>c → have "Γ⊨ with r' show by auto qed qed
lemma steps_redexes: assumes steps: apply no_infinite_computation_impl_terminates shows"∧c. r ∈ redexes c ==>∃ using steps proof (induct rule: converse_rtranclp_induct2 [case_names Refl Trans]) case Refl then show "∃c'. Γ⊨ (c, s') →java.lang.NullPointerException by auto next case (Trans r s r'' s'') have"Γ⊨ (r, s) → (r'', s'')""r ∈ redexes c"by fact+ from step_redexes [OF this] obtain c' where
step: "Γ⊨ (c, s) → (c', s'')"and
r'': "r'' ∈ by blast note step from Trans.hyps (3) [OF r''] obtain c'' where steps: "Γ⊨ (c', s'') → f) =Basicjava.lang.StringIndexOutOfBoundsException: Index 33 out of bounds for length 33
r': "r' ∈ by blast note steps finally show ?case using r' by blast qed
lemma steps_redexes': assumes steps: "Γ⊨ (r, s) →+ (r', s')" shows "∧ redexes c" using steps
java.lang.NullPointerException case (Step r' s' c') have "Γ⊨ (r, s) → (r', s')" "r ∈ redexes c'" by fact+ from ste [OF this] show ?case by (blast intro: r_into_trancl) next case (Trans r' s' r'' s'') from Trans obtain c' where steps: "Γ⊨ (c, s) →java.lang.NullPointerException
r': "r' ∈ redexes c'" by blast notesteps moreover have"Γ⊨ (r', s') → (r'', s'')"by fact from step_redexes [OF this r'] obtain c'' where
step: "Γ⊨ (c', s') → (c'', s'')"and
r'': "r'' ∈ redexes c''" by blast note step finally ow using r'' by blast qed
lemma step_redexes_Seq: assumes step: "Γ⊨(r,s) → (r',s')" assumesSeq"Seqrc\^>2\in>redexes " shows"∃c'. Γ⊨(c,s) → (c',s') ∧ Seq r' c2∈ redexes c'" proof - from step.Seq [OF step] have"Γ⊨ (Seq r c2, s) → (Seq r' c2, s')". from step_redexes [OF this Seq] haver have<amma< qed
lemma steps_redexes_Seq: assumes steps: "Γ (r s)\rightarrow<sup>* (r', s')" shows"∧c. Seq r cbysim ∃c'. Γ step_r: "Γ (r, s) → (r', s')" by f fact using steps proof (induct rule: converse_rtranclp_induct2 [case_names Refl Trans]) case Refl then show ?case byproof (casases s'')
next case (Trans r s r'' s'') have "Γ⊨ (r, s) → (r'', s'')" "Seq r cjava.lang.NullPointerException from step_redexes_Seq [OF this] obtain c' where
step: "Γ<^sub>2:: \forall>t. t. \>turnsti> \langle>c'',Norm x\<> r'': "Seq r'' c2 'where by blast note step also from Trans.hyps (3) [OF r''] obtain c'' where
stepsproof( "\existsx'. s'=Abrupt x'")
r': "Seq r' c2∈ redexes c''" by blast note steps finally show ?case using r' by blast qed
lemma steps_redexes_Seq': assumes steps: "Γ⊨ (r, s) →+ (r', s')" shows"∧c. Seq r c2∈ redexes c ==>∃c'. Γ⊨(c,s) →+ (c',s') ∧ Seq r' c2∈ redexes c'" using steps proofinduct consumescase_namesTrans case (Step r' s' c') have"Γ⊨ (r, s) → (r', s')""Seq r c2∈ redexes c'"by fact+ from step_redexes_Seq [OF this] show ?case by (blast introshowGamma<sub>2↓ s'" . next case (Trans r' s' r'' s'') from Trans obtain c' where steps: "Γ⊨ (c, s) →java.lang.NullPointerException
r': "Seq r' c2∈ redexes c'" by blast note steps moreover have"Γ⊨ (r', s') → (r'', s'')"by fact from step_redexes_Seq [OF this r'] obtain c'' where fromrest
r'': "Seq r'' c2∈ redexes c''" by blast note step finallyshow ?case using r'' by blast qed
lemma step_redexes_Catch: assumes step: "Γ⊨(r,s) → (r',s')" assumes Catch: "Catch r c2∈ redexes c" shows"∃c'. Γ⊨(c,s) → (c',s') ∧ Catch r' c2∈ redexes c'" proof - from step.Catch [OF step] have"Γ⊨ (Catch r c2, s) → (Catch r' c2, s')". from step_redexes [OF this Catch] show ?thesis . qed
lemma steps_redexes_Catch: assumes steps: " by (cases s') auto shows "∧c. Catch r c2∈ redexes c ==> ∃c'. Γ⊨(c,s) →* (c',s') ∧ Catch r' c2∈ redexes c'" using steps proof (induct rule: converse_rtranclp_induct2 [case_names Refl Trans]) case Refl then show ?case by (auto)
next case (Trans r s r'' s'') have "Γ⊨ (r, s) → (r'', s'')" "Catch r c2∈ redexes c" by fact+ from step_redexes_Catch [OF this] obtain c' where step: "Γ⊨ (c, s) <rightarrowwith
r'': "Catch r'' c2∈ redexes c'" by blast note step also from Trans.hyps (3) [OF r''] obtain c'' where
steps: "Γ⊨ (c', s'') →* (c'', s')"and
r': "Catch y auto by blast note steps finally show ?case using r' by blast qed
lemma steps_redexes_Catch': assumes steps: "Γ⊨ (r, s) →java.lang.NullPointerException shows"∧c. Catch r c2∈ redexes c ==>∃c'. Γ⊨(c,s) →+ (c',s') ∧ Catch r' c2∈ redexes c'" using steps proof (induct rule: tranclp_induct2 [consumes 1, case_names Step Trans]) case (Step r' s' c') have"Γ⊨ (r, s) → (r', s')""Catch r c2∈ redexes c'"by fact+ from step_redexes_Catch [OF this] show ?case by (blast intro: r_into_trancl) next case (Trans r' s' r'' s'') from Trans obtain c' where
steps: java.lang.NullPointerException r': "Catch r' c2∈ redexes c'" by blast note steps moreover have "Γ⊨ (r', s') →1 c<sub from step_redexes_Catch [OF this r'] obtain c'' where
step: "Γ⊨ (c', s') → (c'', s'')"and
r'': "Catch r'' c2∈c' s. Γ s') ==> s'"byfact by blast note step finallyshow ?case using r'' by blast qedshowcase
lemma redexes_subset:"∧proof (cases "∈ by (induct c) auto
lemma redexes_preserves_termination: assumes termi: "Γ⊨2 Normal s)s) → s)" shows"∧c'. c' ∈ redexes c ==> Γ⊨c'↓s" using termi by induct (auto intro: terminates.intros)
end
Messung V0.5 in Prozent
¤ Die Informationen auf dieser Webseite wurden
nach bestem Wissen sorgfältig zusammengestellt. Es wird jedoch weder Vollständigkeit, noch Richtigkeit,
noch Qualität der bereit gestellten Informationen zugesichert.0.180Bemerkung:
¤
Die Informationen auf dieser Webseite wurden
nach bestem Wissen sorgfältig zusammengestellt. Es wird jedoch weder Vollständigkeit, noch Richtigkeit,
noch Qualität der bereit gestellten Informationen zugesichert.
Bemerkung:
Die farbliche Syntaxdarstellung und die Messung sind noch experimentell.
