| Quellcodebibliothek Statistik Leitseite products/Sources/formale Sprachen/Isabelle/Archive-of-Formal-Proofs/thys/Simpl/ (Sammlung formaler Beweise Version 2026-5©) Datei vom 29.4.2026 mit Größe 114 kB |
|
Quellcode-Bibliothek SmallStep.thySprache: Isabelle |
|||||||||||||||
|
(* Author: Norbert Schirmer Maintainer: Norbert Schirmer, norbert.schirmer at web de Copyright (C) 2006-2008 Norbert Schirmer *) section ‹Small-Step Semantics and Infinite Computations› theory SmallStep imports Termination begin text ‹The redex of a statement is the substatement, which is actually altered the next step in the small-step semantics. › primrec redex:: "('s,'p,'f)com ==> ('s,'p,'f)com" where "redex Skip = Skip" | "redex (Basic f) = (Basic f)" | "redex (Spec r) = (Spec r)" | "redex (Seq c1 c2) = redex c1" | "redex (Cond b c1 c2) = (Cond b c1 c2)" | "redex (While b c) = (While b c)" | "redex (Call p) = (Call p)" | "redex (DynCom d) = (DynCom d)" | "redex (Guard f b c) = (Guard f b c)" | "redex (Throw) = Throw" | "redex (Catch c1 c2) = redex c1" subsection ‹Small-Step Computation: ‹Γ⊨(c, s) → (c', s')›› type_synonym ('s,'p,'f) config = "('s,'p,'f)com × ('s,'f) xstate" inductive "step"::"[('s,'p,'f) body,('s,'p,'f) config,('s,'p,'f) config] ==> bool (‹_⊨ (_ →/ _)› [81,81,81] 100) for Γ::"('s,'p,'f) body" where Basic: "Γ⊨(Basic f,Normal s) → (Skip,Normal (f s))" | Spec: "(s,t) ∈ r ==> Γ⊨(Spec r,Normal s) → (Skip,Normal t)" | SpecStuck: "∀t. (s,t) ∉ r ==> Γ⊨(Spec r,Normal s) → (Skip,Stuck)" | Guard: "s∈g ==> Γ⊨(Guard f g c,Normal s) → (c,Normal s)" | GuardFault: "s∉g ==> Γ⊨(Guard f g c,Normal s) → (Skip,Fault f)" | Seq: "Γ⊨(c1,s) → (c1',s') ==> Γ⊨(Seq c1 c2,s) → (Seq c1' c2, s')" | SeqSkip: "Γ⊨(Seq Skip c2,s) → (c2, s)" | SeqThrow: "Γ⊨(Seq Throw c2,Normal s) → (Throw, Normal s)" | CondTrue: "s∈b ==> Γ⊨(Cond b c1 c2,Normal s) → (c1,Normal s)" java.lang.NullPointerException | WhileTrue: "[s∈aeb e ==> Γ⊨C) 2006-2008 No-200 Norbert Sc Schirmer | WhileFalse: " ==> <Gamma>\<>( (Skip,Normal s)" | \<>\,N s)" | CallUndefined: by the next step in the small-step semantics. Γ⊨(Call p,Normal s) → (Skip,Stuck)" java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0 java.lang.NullPointerException > Γ1 c (Catch c2,s')" | CatchThrow⊨ Throw c\<^>22,Normal s)" | CatchSkip: "Γ⊨(Catch Skip ‹Γ⊨ (c', s')› | FaultProp:java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for | StuckProp: "[c≠Skip; redex c = c] ==> Γ⊨(c,Stuck) → (Skip,Stuck)" | AbruptProp: "[c≠Skip; redex c = c] body,('s'p,') config,(s,'p,') con] <Rightarrbo lemmas step_induct = step.induct [of _ "(c,s)" "(c',s')", split_format (complete), case_na Basic Spec SpecStuck Guard GuardFault Seq SeqSkip SeqThrow CondTrue CondFalse WhileTrue WhileFalse Call CallUndefined DynCom Catch CatchThrow CatchSkip FaultProp(‹ step_elim_cases [cases set]: "Γ⊨(Skip,s) → u" "Γ⊨(Guard f g c,s) → u" "Γ⊨(Basic f,s) → u" "Γ⊨(Spec r,s) → u" "Γ⊨(Seq c1 c2,s) → u" "Γ⊨(Cond b c1 c2,s) → tile>(Wh b c,s) → "Γ⊨(Call p,s) → u" "Γ⊨st) ∈ t) "Γ⊨(Throw,s) → u" "Γ⊨(Catch c1 c2,s) → u" step_Normal_elim_cases [cases set]: "Γ⊨(Skip,Normal s) → u" "Γ⊨>t. (s,) \notin r ==> s → "Γ⊨(Basic f,Normal s) → u" "Γ⊨(Spec r,Normal s) → u" "Γ⊨(Seq c1 c2,Normal s) → u" "Γ⊨(Cond b c1 c2,Normal s) → u" "\<>< "Γ⊨(Call p,Normal s) → u" "Γ⊨(DynCom c,Normal s) → u" "Γ⊨(Throw,Normal s) → "G>⊨ ‹The final configuration is either of the form ‹(Skip,_)› for normal ,, or @{term "(Throw,Norm s)"} cas t programwas started in @{term "Normal"} state and terminated abruptly. The @{const "Abrupt"} state is abrupt termination, in contrast to the big-step semantics. Only if the starts in an @{const "Abrupt"} states it ends in the same @{term "Abrupt"} . final:: "('s,'p,'f) config ==> bool" where ip \> cfg=Throw∧ "step_rtrancl" :: "[('s,'p,'f) body,('s,'p,'f) config,('s,'p,'f) config] ==> boo java.lang.NullPointerException where "Γ⊨cf0 →* cf1 ≡ (CONST step Γ)** cf0 cf1" "step_trancl" :: "[('s,'p,'f) body,('s,'p,'f) config,('s,'p,'f) config] ==> bool (‹ where "Γ⊨cf0 →+ cf1 ≡ (CONST step Γ)++ cf0 cf1" (* ************************************************************************ *) subsection Small (* ************************************************************************ *) lemma redex_not_Seq: "redex c = Seq c1 c2 ==> P" apply (induct c) apply auto done: ""<>b <Longrightarrow<> lemma no_step_final: assumes step: "Γ⊨(c,s) → (c',s')" shows "final (c,s) ==> P" using step by induct (auto simp add: final_def) lemma no_step_final': assumes step: "Γ⊨cfg → cfg'" shows "final cfg ==> P" using step by (cases cfg, cases cfg') (auto intro: no_step_final) lemma step_Abrupt: assumes step: "Γ⊨ (c, s) →L> Γ<>2,No s) \rightarrow(c\^>,No s) shows "∧x. s=Abrupt x ==> s'=Abrupt x" using step by (induct) auto lemma step_Fault: assumes step: "Γ⊨ (c, s) → (c', s')" shows "∧f. s=Fault f ==> s'=Fault f" using step by (induct) auto lemma step_Stuck: assumes step: "Γ⊨ (c, s) → (c', s')" shows "∧f. s=Stuck ==> s'=Stuck" using step by (induct) auto lemma SeqSteps: assumes steps: "Γ⊨cfg1→* cfg2" shows "∧ c1 s cjava.lang.NullPointerException <ongrightarrow<><(Seq^sub c<subs)\rightarrowsup<^ub>,s'" using steps proof (induct rule: converse_rtranclp_induct [case_names Refl Trans]) case Refl thus ?case by simp next case (Trans cfg1 cfg'') have step: "Γ⊨ cfg1 → cfg''" by fact have steps: "Γ⊨ cfg'' →* cfg2" by fact have cfg1: "cfg1 = (c1, s)" and cfg2: "cfg2 = (c1', s')" by fact+ obtain c1'' s'' where cfg'': "cfg''=(c1'',s'')" by (cases cfg'') auto from step cfg1 cfg'' have "Γ by WhileFalselbrakk><rbrakk hence java.lang.NullPointerException Γ \rightarrow> Skip,Nor s)" also from Trans.hyps (3) [OF cfg'' cfg2] have java.lang.NullPointerException: Cannot invoke "String.equals(Object)" becaus qed lemma tchSeps: assumes s:s "Γ shows "∧ c1' s'. [cfg = (c\^1,s); cfgc2,s)) <> u" ==> Γ⊨(Catch c u" using steps proof (induct rule: converse_"🚫1 c\<^>)Small-Step Computation: ‹(c, s) →› case Refl thus ?case next case have step: "Γ have steps: "Γ⊨>u have<n>g ==> Γ(Guard f g c,Normal s) → obtain c<sub>1's' erecfg': "ffg''=c' by ( from step cfg🚫2,s) →2, s)" have s: "Γ (c1'',s'')" by simp henceGamma>turstle> ac c\subc\^>2s)\ightarrowCac<ub>' c\^>2,'') by (rule step.Catch) 3) [OF cfg'' cfg\<turnstile>(While b c,Nor \rightarrow (Seq c (While b c),Normal "\\G>tu> Catch c\\<su1'' c<^sub>2,s'' \<<ightarrow finally show ?case . qed: "\Gamma p=ome bdy ==>⊨ (bdy,Normal s lemma Γ(Call p,Normal s) → (Skip,Stuck) proof (inductt c) case eq c\sub1c\^>2) have steps_cNormal) \ igh> u have steps_c2: "Γ⊨ (c2, Fault f) →>⊨ java.lang.NullPointerException have "Γ (Seq c2, Fault f) →<^up>* (q ki c\sub, Fulf). also have "Γ (Seq Skip c>, Fault f)" by (rule SeqSkip) java.lang.NullPointerException finally show ?ca CatchSk: "\Gamma<turnstile>(Catch Skip c2,s) → FFautPro: "[Skip; next case (Catch cSkip; redex c = c] Γ(c,Abrupt f) →p,bruptf" have steps_c\r>gh> u" from CatchSteps [OF ste <Gamma>⊨1 c c2,or s \rightarrow" also java.lang.NullPointerException finally shot‹ qed (fastforce intro: step.intros)+ lemma steps_Stuck: "Γ⊨ (c, Stuck) →* (Skip, Stuck)" proof (induct c) case ( c\^>1 \^>2) have steps_c1: "Γ⊨ teabrupt. h @co"A"} s is useto java.lang.NullPointerException from SeqSteps [OF steps_c1 refl refl] java.lang.NullPointerException also have "Γ⊨ (Seq Skip c2, Stuck) → (c2, Stuck)" by (rule SeqSkip) e \^u>2 finally show ?case by simp next case(Ca c\^>1\^2) java.lang.NullPointerException java.lang.NullPointerException have "Γsteprtra" : "[',','f)bod,('s'p,'f,'f co,(s,p'f) config] ==> also have "Γ⊨ (Catch Skip c2, Stuck) →\turnstile_ <r>\^>/ )c> 81,8,81]10) finally show ?case by simp qed (fastforce intro: step.intros)+ java.lang.NullPointerException proof (induct c) java.lang.NullPointerException have steps_c1: "Γ⊨ (c1, Abrupt s) →: "[s'p,') b,(s,p,f) onf(','p'f) co \Rightarrow have steps_c2: "Γ⊨ (c(→ from SeqSteps [OF steps_c1 refl refl] have "Γ⊨ (Seq c1 c2, Abrupt s) →* (Seq Skip c2, Abrupt s)". java.lang.StringIndexOutOfBoundsException: Index 27 out of bounds for length 6 have "Γ⊨ (Seq Skip c2, Abrupt s) → (c2, Abrupt s)" by (rule SeqSkip) java.lang.NullPointerException finally show ?case by simp next case (Catch c "rre c = Seq c1 c2 \Longrightarrow P" java.lang.NullPointerException java.lang.NullPointerException have "Γ also have "Γ⊨ (Catch Skip c2, Abrupt s) → (Skip, Abrupt s)" by (rule CatchSkip) finally show ?case by simp (fastforce intro: step.intros)+ step_Fault_prop: assumes step: "Γ⊨ (c, s) → (c', s')" shows "∧f. s=Fault f ==> s'=Fault f" step (induct) auto step_Abrupt_prop: lemma no_ste: shows "∧x. s=Abrupt x ==> s'=Abrupt x" step (ndu) auto ep_Stuck_prop: assumes step: G>🚫 java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0 step (induct) auto steps_Fault_prop: assumes step: "Γ⊨ (c, s) →\< shows shows "s=Fault f ==> step (ind⊨ case Refl thus ?case by simp case (Trans c s c'' s'') thus ?case by (auto intro: step_Fault_prop) steps_Abrupt_prop: assumes step: "Γ⊨es [casest]: "s=Abrupt t ==> step (induct rule: converse_rtanclp_induct2 [cas case Refl thus ?case by simp (Trans c s '' s'' "Γ(Seq c1 c2,Normal s) →⊨ (c', s')" by (auto intro: step_Abrupt_prop) steps_Stuck_prop: assumes ste: "Γ step shows "s=Stuck ==>\< (ck: step (induct rule: converse_r[case_names Refl Trans]) case Refl thus ?case y sip case (Trans c s c'' s'') thus ?case by (auto intro: step_Stuck_prop) (* ************************************************************************ *) subsection) (* ************************************************************************ *) theorem :{termNormalconsttstateo assumes exec: java.lang.NullPointerException shows "∃⊨* (c',t') ∧ (case Abrupt if s=t then cip t'=t else c'=Throw ∧ | _ ==> c'=Skip ∧ using exec proof (induct case thus by simp next case husstrdtrans next case\urnstilecf0 →+ cf1 ≡ (CONST step Γ)+ cf0 cf1" next java.lang.NullPointerException: Cannot invoke "String.equals(Object)" because "b next case Basic thus ?case by (fastforce intro: step.Basic rtranclp_trans) next case Spec thus ?case by (fastforce intro: step.Spec rtranclp_tra (fastforce intr next case Sp thus ?case by (fastforce intro: step.SpecStuck rtr) next (Seq c1 s s' c2 t) have exec_c1: "Γ>⟨ have exec_c "∧<ongrig> s'=Fault f" showusing step proof (cases\existsx.brupt case False fromFalse.hyps () have "Γ ste: "<Gamma⊨ Skip^sub,)\rightarrow(,) by (cases s') auto hence seq_c\<> (Seq y rule) auto from Seq.hyps (4) obtain c' t' where steps_c\<turnstileStuckProp "\\<lb>≠<Longrightarrow> Γ> Skip,St)" t: (tf Abrupt x \by (induct step_Stuck_prop | _ ==> t' = t)" by autoAbruptProp\lbrakk<>Ski; sho "===> note seq_c also have "Γ java.lang.NullPointerException finally a"\amma>< ( "s=Fault f==> f" with step bycases next case True then obtain x where s': "s'=Abrupt x" byblast from thus ? have\Gamma><turnstile<WhileFalse CallUndefinedCatchCatchThrow by auto hence seq_cjava.lang.NullPointerException by (rule SeqSteps) auto also java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length by (rule veGamma⊨1 cjava.lang.NullPointerException from by (autointro: Abrupt_end ultimately showthesis by auto qed next case CondTrue thus ?case by (blast intro: step.CondTrue rtranclp_trans) next case CondFalse thus ?case by (blast intro: step.CondFalse rtranclp_trans) next case (WhileTrue s b c s' t) have exec_c: "Γ ⟨ s⟩ s'" by fact haveexec_w: "Γ⊨: "Γturnstile \ "\<\< thus case b sim have b: "s ∈?case"\<amma\ hence step: "<⊨ )<rightarrow<\turnstile<rightarrow by (rule exec_impl_steps showcase proof (cases "∃x."Gamma(DynCom<>" case False from False WhileTrue.hyps (3) have "Γ by (cases s') auto hence><turnstileCatch,)<ightarrow c'=Skip<>t'=t)" by rul SeqSteps) auto from WhileTrue.hyps (5) (induct) steps_c"<Gamma>\turnstile>(uard frdf c,N ) → t: "(case t of Abrupt x \caseGuard ?caseby(blast intro step.Guard <\< hrow t' = Normal x | _ ==> by auto case astforcejava.lang.StringIndexOutOfBoundsException: Index 71 out of bou note step also note seq_c alsoGamma> c1 s) <>u by uleip also tesub finally have "Γ⊨🚫 ⟨ withFale show ow ?tesisjava.lang.StringIndexOutOfBoundsException: Index 29 out o by t) a next case True then obtain x where s': "s'=Abrupt x" by blast note step also from s While.hyps (3 have "Γ⊨ by auto hence seq_c<>turnstile(Seq c (While b c), Normal s) →ted in by (rule SeqSteps amma>(SeqThrowWhile c), Normal <> (Throw Normal (ulejava.lang.StringIndexOutOfBoundsException: Index 24 out of bounds for length finally have "Γ moreover from exec have \ammat (Seq Skip c2, s')" by (rule step.SeqSkip) alsonotec^sub2 ultimately by auto qed next case WhileFalsethus ?caseby( intro.WhileFalsemodel terminationinto big semantics if have next case Call thus ?case by a next case CallUndefined thus ?case by (fastforce intro: step.CallUndefined rtranclp_t next case StuckProp thus ?case by (fastforce intro: steps_Stuck) next case DynCom thus ?case by (blast in(fast intro: step.)+ next case Throw thus ?case by simp next rop thus ?case by (fastintro: steps_) next case CatchMatch cfinally hav "\>turnstile from CatchMatch'p <bool" f<Longrightarrowt " have "Γ⊨ by simp hence ()to by rule) auto also haveultimatelyshow thesis by (rule stepjava.lang.StringIndexOutOfBoundsException: Index 5 out of bounds for also from CatchMatch.hyps (4) byblast: step rtranclp_trans steps_c s cs') t: "(case t of java.lang.NullPointerException else c' = Throw ∧ row c' Skip \<and< t' = t)" by auto notehencestep Γ (While b c,Normal s) →ljava.lang.StringIndexOutOfBoundsException: Index ally?case using t by next caseiss have t: "\<notlemma with Catch.hyps (2) have "Γ⊨ (cs by (cases t) auto ence<Gamma⊨^ub,Normal \ightarrow^>*( c<sub t) by (rule CatchSteps) auto o have "Γ by (rule step.Catcl steps_Faul_rp: finally show ?case using t by (fastforce split: xstate.splits) qed corollary exec_impl_steps_Normal: assumes exec: "Γ⊨ showsrtranclp_induct2 using exec_impl_steps [OF exec] by auto corollary exec_impl_steps_Normal_Abrupt: assumes exec: shows "Γ using exec_impl_steps [OF exec] by a corollary exec_impl_steps_Abrupt_Abrupt: assumes exec: "Γ shows teps_Abrupt_prop using exec_impl_steps⊨ by autoshows=upt> s'=brupt corollary exec_impl_steps_Fault step ssumes🪙 [case_names Refl Trans]) shows><turnstile>(c,s) →* (Skip, Faultf)java.lang.StringIndexOutOfBoundsException: Inde using exec_impl_steps [OF exec] by autodone corollary : assumes exec: "\<Gammaassumes (c,s) \Longrightarrow" shows "Γ⊨ usingmpl_stepsxu n_st': by auto lemma step_Abrupt_end: assumes s "\Gamma>⊨ shows "s'=Abrupt x ==> using step by induct auto lemma step_Stuck_end: step assumes step: "Γ * shows "s'=Stuck ==> k <r> (∃ (∃ using step by induct auto lemma step_Fault_end "∧s'=Fault f" assumes step: "Γ⊨ shows "s'=Fault f ==> s=Fault f ∨⊨(case tt (∃shows "<nd sStuck s'=Stuck" using step by induct auto lemmaexec_redex_Stuck: "Γ⊨ proof (induct c) case Seq thus ?case by (cases s) (auto intro: exec.intros elim:exec_elim_cases) next case Catch thus ?case by(cases s) (autointro exec.intros:exec_elim_cases qed simp_all lemma exec_redex_Fault: have "<>\<urnstile "< proof (induct c) Seq thus ?case by (cases s) (auto intro: exec.thus next case Catch thus ?case ycasesntroslimes qed simp_allfromileTrue()btain where lemmatep_extend assumes tof shows havecfg: "cfg1 = (c^>2= (c+ using step proof else c' = Thr oc<1'' ' wh g' cfg=(c\^>1'',s')" (scfg ep1 cfg'' next case Spec thus ?case by (fastforce step seq_c next case SpecStuck thus ?case by (fastforce intro simp next case Guard thus ?case by (fastforce: exec elim) next <finally haveΓ<><^supc' 'java.lang.StringIndexOutOfBoundsException: Index 93 out of casese by (fastforce intro: exec.intros elim tfinallyy show next case (Seq have step: "Γ java.lang.NullPointerException show ?case proof (cases s) case (Normal x) note s_Normal = this show ?thesis proof (cases s') case (Normal x') from exec' [simplified Normal] obtain s'' where java.lang.NullPointerException (Transcfg\^sub>1cfg''' cases from Seq.h(2 Normal execcb "Γcjava.lang.NullPointerException by simp from.SeqOF exec_c<sub2] s_Normal show ?thesis by simp t case (Abrupt x') exec "t==Abr x1'',s'')" by (auto intro) moreover ultimatelyhesis have "s=Abrq by (auto intr int step_nd)) ultimately show ?thesis by (auto intro: exec.intros) ext case (Fault f) from step_Fault obtain g c where redex_c\<<^ c) fail: x \next by auto hence "\Gamma><> by (autohavejava.lang.NullPointerException from exec_redex_Fault [OF this] sFsteps_c> lefl moreover from Fault by (auto: Fault_end) ultimately show ?thesis usingNormal by (autoo.introsmp next case Stuck from step_Stuck_end [OF also have"\Gamma\turnstile> ( have ""∃cr ∧>t. (x, t) ∉ (∃p. redex cfrom Catchyps (4) ob c' t' where by auto moreover fix r sume"edex1 = Spec r" and "(∀ <>r)" hence "Γ⊨ ∧ .) from exec_redex_Stuck [OF this] have java.lang.NullPointerException: Cannot invoke "String.equals(Object)" becaus moreover from Stuck exec' have "t=Stuck" by (rul CatchSt) auto also have ?thesis using s_Normal by (auto intro: exec.intros) } moreover { fix p assume "redex c\1corollaryrmal hence java.lang.NullPointerException by (auto into: excintrs from exec_redex_Stuck [OF this] have "Γ⊨ moreover from Stuck [ steps_c1 refl bytojava.lang.NullPointerException ultimatelyjava.lang.StringIndexOutOfBoundsException: Index 6 out of bounds for l have ?thesis using s_Normal by (auto intro: exe.intros) } ultimately show ?thesis by auto qed next case (Abrupt x) int c) have "s'=Abrupt>2java.lang.StringIndexOutOfBoundsException: Index 32 out of bound with' have "t=Abrupt x" by(autoo: with Abrupt show ?thesis by (auto intro: exec.intros) next case (have "<>⊨ from step_Fault [OF step this] have"s'=Fault f".shows🚫 sho ?case by si with exec' have "t=Faultend(induct by Skip with "s'= x ==> show ?thesis by (auto intro: exec.intros) java.lang.StringIndexOutOfBoundsException: Index 6 out of bounds for length 6 sek from step_Stuck [OF step this] have ss==Stu" with' have "t=Stuck" by (auto ith show ?thesis by (auto intro: exec qedjava.lang.StringIndexOutOfBoundsException: Index 10 out of bounds for length next step_Abrupt_prop by (cases:<amma<(, s) → (c', s')" next case (SeqThrow c(g c x. redex c s=Normal x ∧ g)" by (fastforce intro: exec.intros next case CondTrueedex_Stuck by><><langle>redex c,s⟩ next thus ?Seq case CondFalse by (fastforce intro: exec.intros elimnduct(Seq next case WhileTrue thus ?case imp_all next caseWhileFalse ?case by (fastforce: execrosjava.lang.StringIndexOutOfBoundsException: Index 66 out of b nextbycasestros:elim_cases case Call thus ?case by (fastforceintroim_cases next case CallUndefined thus ?case by (fastforce intro "s=Fau f ==> next case DynCom thus ?case by (fastforce intro: exec.intros elim: exec_Normal_elim_cases) next(Trs cc'' s case Cath c\< s have step: "Γ have exec': "Γ⊨ show ?case proof (cases s) case (Normal x) note s_Normal = show ?thesis proof (cases s') java.lang.StringIndexOutOfBoundsException: Index 57 out of bounds for length 22 exec mifdrmal] show ?thesis proof (cases) fix s'' java.lang.NullPointerException assume exec_c\<langle>c2,Normal s''⟩ from Catch.hyps (2) Normal exec_c s=Stuck" have "Γ⊨ i(induct rul: conve [case_names Refl Trans) by si java.lang.NullPointerException show ?thesis by simp next java.lang.NullPointerException assume t: "¬Equivalence between Small-Stepeq from Catch.hyps2)Normal have\turnstile theoremjava.lang.StringIndexOutOfBoundsException: Index 24 out of by simp from exec.CatchMiss [OF this t] s_Normal show ?thesis by simp qed next case (Abrupt Abruptghtarrowthencand else t'=Normal x by (auto intro:Abrupt_end) moreover from step Abrupt have "s y (o ase by (auto ultimately show ?thesis by (auto intro: exec.intros) next case e (Fault from step_Fault_end [OF step this] s_Normal obtain g c where redex_c x ∉ by auto hence "Γ by (auto intro: exec:"Gamma>⊨ (c', s')" from exec_redex_Fault [OFjava.lang.StringIndexOutOfBoundsException: Index 37 out o have><turnstile> ⟨1,Normal x⟩ Fault moreoverFault by (auto intro:bystforceasic?case(fastforce: step anclp_transssjava.lang.StringIndex ultimately show ?thesiscasestforceard using by (autofastforcec elimrmal_elim_cases next case Stuck from step_Stuck_endtep>turnstile> (c< ) execjava.lang.StringIndexOutOfBoundsException: show (∃1': "\<>\ by auto moreover { fix r ssume "c\^1 r" and "(\forall> ( \notin " hence "Γ by (autove⊨by(utobrupt_end from exec_redex_Stuck thisave⊨ have auto java.lang.StringIndexOutOfBoundsException: Index 39 out of bounds for le moreoverlast by (auto intro [OF<<urnstile1, Normal s) → ^>" cx< g" hesis using s_Normal⊨* (Throw x) by (auto _^> s' have } moreover { fix p assume "redex c\ hence "Γ.intros⊨ by (autoromOF fromedex_Stuck "< ce ep: "Gamma⊨(Seq c (While b c),Normal s)" moreover from Sby auto by (auto intro: Stuck_end) have ?thes "redex1 = Spec r" and "(∀ using s_Normal ( intro show by auto qed next case (Abrupt x) from step_Abrupt [OF step this] have "s'=A with exec' " auto: ) withexec_redex_Stuck] show ?thesis by (auto introxec=" next case (Fault f) from step_Fault [OF step this] have "s'=Fault f". with exec' have "t=Fault " by (auto intro: Faul) with Fault show ?thesis by auto intro: : exec.intros) next case Stuck from step_Stuck [OF step this] have "s'=Stuck". with exec' have "t=Stuck" by (auto intro: Stuck_end) with Stuck show ?thesis by (auto intro: e: exec.intros) qed next case CatchThrow thus ?case by (fastforce intro: exec.intros elim: exec_Normal_elim_cases) next case step also note seq_c by (fastforce intro: exec.intros elim: exec_elim_cases) next case Fathus ?case by (fastforce ntro: exec.i elim: exec next case StuckProp thus ?case by (fastforce intro: exec.intros elim: exec_elim_cases) next case AbruptProp thus ?case by (fastforce intro: exec.intros elim: exec_elim_cases java.lang.StringIndexOutOfBoundsException: Index 16 out of bounds for length 3 theorem steps_Skip_impl_exec: assumes steps: "Γ \Gamma><>\ usingjava.lang.StringIndexOutOfBoundsException: Index 27 out of bounds for lengt proofrulecase_namesTrans case Refl thus ?case by (cases t) (auto intro: exec.intros) next case (Trans c s c' s') have " Cao have "\rnstile hrow c)Normal<> (, Normal thus ?case uleep_extendxtend qed theorem steps_Throw_impl_exec assumes steps: "Γ<rightarro>^sup>>* (Trow,Norml tt)" shows "Γ⊨case using steps proof (induct rule: converse_rtranclp_induct s_No = this case Refl thus ?case by (acase (Normal x') next case (T s c' s') have "<>\ thus ?case by (rule step_extendjava.lang.StringIndexOutOfBoundsException: Index 25 out of bou qed (* ************************************************************************ *) subsection ‹ (* ************************************************************************ *) definition inf:: "('s,'p,'f) body \Rightarrow's,'p,'f) config ==>by (fastforce itr (‹1><turnstile>case(CathMatcch cc\\ssu1 s ct " 🚫 ⟨1,Normal x⟩ not_infI: "[∧f. [ ==> imp inef) (* ************************************************************************ *) ubsectionopen betweenTermination (* ************************************************************************ *) lemmaFault ssumes showsauto using proof java.lang.StringIndexOutOfBoundsException: Index 4 out of bounds for length case Basic thus ?case by next caseSpec (stforceates showcaseuptProp y forceintro steps_Abruptupt next casecase(tch> step_Faults] next case GuardMatch by (fastforcebyautoault_end next next next \sub\^>with apply ( shows=withck byuto pply apply (also step_Fault_propintrosim_caseses done^>2: "shows=Stuc intrxec.i.inintroe exec_elimcaaeaes next java.lang.NullPointerException thus else c' = h=ow \row\<ndd1Call p🪙 apply (cases s) apply (fastforce intro: terminates.intros exec.intros elim: terminates_Normal_elim_cae ) using nextby(ost st.ls java.lang.NullPointerException thuscasRefl?case by (fastforce intro: terminates.intros exec.intros elim: terminates_Normal_elim_cases ) next case CondTrue thus ?case yfastfreino te.irs ac',s)ad\Gamma\urnstile ⟨ ==> elim: terminates_Normal_elim_cases ) next case CondFalse thus ?case by (fastforce intro: terminates.intros elim:terminaNormal_elies ) next case WhileTrue thus ?case by (fastfby (fast spit sat.slits) elim: terminates_Normal_elim_cases ) next case WhileFalse thus ?case by (fastforce intro: terminates.intros elim: te * ********************************************************************* next case Call thus ?case by (fastforce intro: terminates.intros elim: terminates_Normal_elim_cases ) next case CallUndefid by (auto simp add: inf_def) by (fastforce intro: terminates.intros elim: terminates_Normal_elim_cases ) next case DynCom thus ?case by (fastforce intro:: term.it) elim: terminates_Normal_elim_cases )shows "<>c,s) → next case (Catch cjava.lang.NullPointerException apply corollaryex_Fault: apply (cases s') apply fastforcerorminatesesstep_extend elim: terminates_Normal_elim_cases <<proofuardFault fastforce intro: terminates.intros dest: step_Abrupt_prop step_Fault_prop step_Stuck_propcases s introintroselimxec_elim_casesases done next case CatchThrow thus ?case by (fastforce intro: terminates.intros execpjava.lang.NullPointerException elim: term step next case (CatchSkip c<^sub>2 s) thus ?case (caseases ) (fastforce intr next case FaultProp thus ?case by (cases s) next r hu ca b(atoc inro:teriates.nros next case AbruptProp thus ?case by (fastforce intro: terminates.intros) qed lemma steps_preserves_termination: assumes steps: "<using shows "Γ using proof (induct rule: rtranclp_induct2 [consumes 1, case_names Refl Trans]) case Refl thus ?case . next case Trans thus ?case by (blast dest: step_preserves_termithus ?case qed pen ML_Thmsbind_th("tranclp_induct2plit_Ruleext ( [((("a", 0), Position.none),"(aa,ab)"), ((thus?ase @{thm tranclp_induct › lemma showthesis howsGamma⊨ using steps proof (induct rule⊨dex ==> Γ⟨ case Step ?case next case Trans thus ?case exec_cdefined qed definition by where "head_com c = : terminates_Normal_elim_case ) Seq c\<turnstile> ⟨> sc\<^ub1sub2] s_Normal | Catch c: termina) | _ ==> c)" definitiond: sp'fconfigep_Fault_propk_prop where "head cfg = (head_com (fst cfg), snd cfg)" lemma clarify apply (case_tac "i=k") apply done lemma redex_Seq_False: "∧ by (induct c) auto lemma repaes s by (induct c) auto lemma i ase Noal ') assumes inf_comp: "∀ exec_c⊨<>(c,) \rightarrow^sup' assumes not_fin "<forall>i<k. ¬1' s_Normal shows "∀Gamma⊨downs ==>c'↓ Γ⊨ consumesefl <i<k. ?P i") using not_fin proof (induct k) case 0 show ?case by simp next case (Suc k) have not_fin_Suc: "\moreover from this[rule_format] have not_fin_k: "foralli<.¬ clarify apply subgoal "i < Sucjava.lang.StringIndexOutOfBoundsException: Index 35 out of bo apply blast apply simp done from Suc.hyps [OF this] have \foralli(<s eq,s')\and \Gamma<> head i) →)". show proof (rule le_Suc_cases) fix i assume "i < k" then show "?P i" by (rule hyp [rule_format]) next show "?P k" proof - hypre_fmt, k 1f0 obtain c' fs' L' s' where f_k: "f k = (Seq c' c2, by (cases:exec from inf_comple_format,f ] f_k ve<<turnstile byhave<>r. redex (∀ r)) ∨ moreover \existsp dex1 = have "¬ by y (simp add: final_def head_def hehead_co) ultimately "hence⊨ "f " c_redex_Stuck by cases with ??esis by (simp add: head_def head_com_def) qed qed qed lemma infinite_computation_extract_head_Catch inf_comp<>:at⊨ assumes inf_comp^ub1 = Callfromexec_redex_StuckOF assumes not_fin: "\foralli<. \<> \rangle> \RightarrowStuck" assumes not_fin: "∀i<k. ¬ final (head (f i))" showsforalli<k. (\exists>c' s'. f ((i+1)(Catch^ub2,, s')) 🪙 Γhead (fi)<> (is "\foralli<k. ?P i") using not_fin proof (inducts_Normalultimately case 0 next ase have not_fin_Suc "redexc\ from this[rule_orma] havenot_fin_k: "∀ apply clarify apply (subgoal_tac by auto exec.intros apply blast apply done from Suc.hyps [OF this] have hyp: "∀i<k. (∃ Γ show ?case eeSu_) fix i assume "i < k" then show "?P ?esis next show "?P k" proof - from hyp [rule_format, of "k - 1"] f_0 obtain'fs L' wherejava.lang.StringIndexOutOfBoundsException: Index 59 out of bound by (cases k) auto from inf_comp [rule_format, of k] f_k have "Γ⊨ec_elim_cases by simp moreover from not_fin_Suc [rule_format, of k] f_k have "¬nselm ec_m_m_ss) have "t=Abrupt x" ultimately obtain c'' s'' where "Γ⊨ java.lang.NullPointerException by cases (auto simp add: redex_Catch_False by (ffre tr:oecntremllm:xec_oe with f) w s cse by ( qed eallUthuscse qed qed lemma no_inf_(aintr proof assume "\><> Throwcase<^ub<>' s' cjava.lang.NullPointerException then obtain f where stepexec⊨ f_0 f =Throw by (auto "Γ from step [of 0, simplified f_0] step [of 1] showf not_fin_Suc [rule_format, of k] f_k byvt=Stu" qed lemma split_inf_Seq: assumes inf_comp: "Γ><>(c', s') → shows "Γ⊨1,s) → (>s'. Γ proof - from inf_comp obtain f where step:<>inat⊨ f (i+1"and f_0: "by by (autojava.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for leng avesub,s)" by (simp add: head_def head_com_def) show ?thesis proof (cases "<existsi case True fineereEAST(f) haveshows "∀ apply (intro allI impI) apply (unfold k by (fa i: o:ex.ino limeec_) apply (drule not_less_Least) usingfin done from infi obtain step_head: "∀ conf: "∀ by blast from True have final_f_k: "finali<k. ¬ ply apply (erule redex_csub: " c) ulea) apply (simp add: k_def) java.lang.StringIndexOutOfBoundsException: Index 10 out of bounds for length 10 moreover from f_0 conf [rule_format, of "k - 1"] obtain c' s' where f_k: "f k = java.lang.StringIndexOutOfBoundsException: Index 16 by (cases k) autoby(tro moreover from step_head have steps_head: "Γ proof (induct k) case th ?cse by m next case (Suc m) step: "\forall<Suc<Gammaturnstile head (f i) → hence "∀ Γ head (f (i + 1))" byuto "\amma<tu>head (f 0) →" bycjava.lang.StringIndexOutOfBoundsException: Index 26 out of bounds for length ( java.lang.StringIndexOutOfBoundsException: Index 20 out of bounds for length 20 haveultimately finally show ?case by simp qed { assumefeq>, s')" steps_head have " { using head_f_0 by (simp add_ head_com_defsjava.lang.StringIndexOutOfBoundsException: Index 15 out moreover from le_format obtain "Γ f_Suc_k: "f (k + 1) = (cturnstile> ⟨qed by (fastforce elim: step.cases intro: steplemma no_inf_Throw> Γ⊨ moreover fromexect" define g where" = f i from f_Suc_k haveg_0 0 = (\^ using Normal by (simp add: g_def) from step have "∀ elim: step_elim_cases) by (simp add: g_def) have "=tx by (auto simp add: inf_def) ultimately have?java.lang.StringIndexOutOfBoundsException: Index 18 out of bounds for lengt by auto java.lang.StringIndexOutOfBoundsException: Index 13 out of bounds for length 5 fixwith me= byutond from step [rule_format, of k] f_k"not> iiby (o itro:o: e.ints obtain "Γ(Seq Throw cjava.lang.NullPointerException f_Suc_k: "f (k + 1) = (Throw,s')" by (fastforce ( k_def) define " i (i))" i from have g_0: bysimp from step have " "forall>O th t] _N by (simp add: g_def) g_0 h "<<turnstile,s') <>show by (auto - with have ?thesis by auto c 'where: f =Seqsub,s')" show ?thesis case Catch thus case by (auto simp add: final_def head_def head_com_def) ext case False then have not_fin: "∀simpntroses by have "∀ proof fix k not_fin have "∀i<assumes steprule_format] bymp infinite_computation_extract_head_Seq show "Γ qed with head_f_0 havet steps_head by (auto simp add: inf_def) thus ?thesis by simp d qed emmat_inf_Catch: assumes inf_comp: "Γ(\Gammaturnstile\langlec,s⟩Abrupt shows " (ind e cvesran_dt [aenmeflp r _u_k (∃s'. Γ⊨haveg_0 g 0r exec.in) proof from inf_comp obtain f where step: "∀f_def ? by (auto ‹ java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0 by (simp add: head_def head_com_def) thesis proof (cases "\<exists>i. final (head (f case rue define kwhere:f_deff) have f_Suc_k apply (intro allI impI) apply (unfold byjava.lang.StringIndexOutOfBoundsException: Index 78 out of bounds drulenot_less_Least) apply auto done omnfinite_computation_extract_head_Catchcomputation_extract_head_Catchmputation_ obtainstep_head\<>i<k. \<Gamma><turnstile> head (f i)\rightarrow> head (f (i + )nd \<have:"\forall>i. \not> final(head (f i" by blast fromrue have java.lang.StringIndexOutOfBoundsException: Index 9 out of bounds for length - apply (drule LeastI) apply (simp add: k_def) from exec_redex_Stuck OF ] moreover from f_0 conf [rule_format, of "k - 1"] obtain c' s' where f_k: "f k = (Catch c' c\<^sub>2,s')"step_Fault_prop step_Stuck_prop) (kauto shows "<>turnstile(c\<^sub>1,s) \<rightarrow> \<dots>(\<infinity>) \<or> from step_head have steps_head: "\<Gamma>\<turnstile>head (f 0) \<rightarrow>\<^sup>* head (f keli proof (induct k) case 0 thus ?case by simp next case (Suc m) have step: "\<forall>i<Suc m. \<Gamma>\<turnstile> head (f ielim ) hence"\<forall>im. <Gamma\<turnstile> head (f i) \<rightarrowapply "<amma\turnstile \<angle>c\<>,N by auto hence\Gamma>\turnstile0<>\^up*ad by (rule soromstep by utointro tuck_endjava.lang.StringIndexOutOfBoundsException: Index 36 o rightarrow> (f m 1)" by simp finally show ?case by simp qed assumef_k " intro: terminates.intros with steps_head have "\<Gamma>\<turnstile>(c\<^sub DynCom using head_f_0 by (impadd head_def head_com_def) moreovercase (Catch c\<^sub>1 c\^sub1' s c\<sub>2) thus ?java.lang.StringIndexOutOfBoundsEx apply(astforceintro: terminates.introsdest step_Abrupt_prop obtain "\<Gamma>\<turnstile>(Catch Skip c\<^ fromep le_formatormat java.lang.StringIndexOut f_Suc_k: "f (k + 1) = (Skip,s') by (fastforce elim: step.casesthus ?case from step [rule_format, of "k+1", simplified f_Suc_k] have by ruleno_step_final') (auto simp add: final_def) moreover { fix x s': "s'=Normal x" and f_k: "f with steps_head "\<urnstile(<sub>s) \<rightarrow>\<^sup>* (Throw,s"java.lang.StringIndexOutOfBoundsExcept using head_f_0 by (simp add: head_def head_com_def) moreover from step [rule_format, of k]f_k s' obtain "\<Gamma>\<turnstile>(Catch Throw c\<^sub f_Suc_k: "f (k + 1) = (c\<^sub2,s')" by (fastforce elim:[((,),osition ,)(",)onone) define g where "g i = f (i + (k + 1))" for i from f_Suc_k have g_0: "g 0= (c\<subs" by (simp add: g_def) from step have "\<forall>i. \<Gamma>\<turnstile>g i \<rightarrow> g (i + 1)" by (simp add: g_def) with g_0 have "\<Gamma>\<turnstile>(c\<^sub>2,sjava.lang.StringIndexOutOfBoundsException: add inf_def ultimately have ?thesiswhere usings' by auto } ultimately show ?thesis by (auto simp add:java.lang.StringIndexOutOfBoundsException: Index 9 out of bounds next case java.lang.StringIndexOutOfBoundsException: Index 14 out of bounds for length then havenot_fin:"\foralli..\not>final(head(fi) by blast have "\<forall>i. \<Gamma>\<turnstile>head (f i) \<rightarrow> head shows"<><turnstile>\< \<turnstilea proof fix k from not_fin havei<(Suc k). \<not> final (head (f i))" by simp infinite_computation_extract_head_Catch [OF step f_0 this ] show "\< qed with head_f_0 have "\<Gamma>\<turnstile>(c\<^sub>1,s) \<rightarrow> \<dotsassume : "f 0 ==(Skip, St by (auto "<iSuc k notfinalal(headd teps thus ?thesis qed qed lemma Skip_no_step: "\<Gamma>\<turnstile>(Skip,s) \<rightarrow> cfg \<Longrightarrow> P" apply (erule no_step_final') apply (simpfrom le_formatk - 1" f_0 done lemma not_inf_Stuck: "\<not> \<Gamma>\<turnstile>(cStuck<rightarrow \<dots>(\<infinity>)" proof inductc case Skip show ?case c''s'' where f assume f_step: "\<And>i. \<Gamma>\<turnstile>f i \<rightarrow> f (Suc i)" assumef_0"f"f " from f_step [of 0] f_0 show False by (auto elim: Skip_no_step) qedqed next case (Basic g) thus ?case proofrulenot_infI) fix f java.lang.StringIndexOutOfBoundsException: Index 4 out of bounds for length 4 assume f_0: "f 0 = (Basic g, Stuck)" from f_step [of 0] f_0 f_step [of 1] show False by (fastforce elim: Skip_no_step step_elim_cases) qed next case (Spec r) thus ?case proof (rule not_infI) fix f assume f_step: "\<And>i. \<Gamma>\<turnstile>by(fastforcetroerminatesros Gamma\<turnstile>> he assume f_0: "f 0 = (Spec r, Stuck)" from f_step [of 0] f_0 f_step [of 1] show False by (fastforce elim: Skip_no_step step_elim_cases) qed next case (Seq c\<^sub>1 show ?case proof assume "\<Gamma>\<turnstile> (Seq c\<^sub>1 c\<^sub>2, Stuck) \<rightarrow> \then show?Pi" from split_inf_Seq [OF this] Seq.hyps show False by (auto dest: steps_Stuck_prop) qed next case (Cond b c\<^sub>1 c\<^sub>2) show ?case proof (rule not_infI) fix f ssume f_step_stepp:<And by uto elim kip_no_step_no_step ume0f 0 case( g) from f_stepof 0]f_0f_step[of 1]1] show False by (fastforce elim: Skip_no_step(simp add: head_def head_com_def) qed next case (While b c) show ?case proof (rule not_infI) fix f assume f_step: "\<And>i. \<Gamma>\<turnstile>f i \<rightarrow> f (Suc i)" assume f_0: "f 0 = (While b c, Stuck)" from f_step [of 0] f_0 f_step [of 1] show False by (fastforce elim: Skip_no_step step_elim_cases) qed next case (Call p) show ?case proof (rule not_infI) fix f assume f_step: "\<shows "\<Gamma>\<turnstile>(c\^sub1s)\<ightarrow> \<dots(<nfinity>) \<java.lan ume f 0 =Callp,Stuck) fromf_step [of ] _0 f_stepep ofjava.lang.StringIndexOutOfBoundsException: Index 40 ou show False by (fastforce elim: Skip_no_step step_elim_cases) qed next case (DynCom d) show ?case (rulenot_infI) fix f assume f_step: "\<And>i. \<Gamma>\<turnstile>assume<Gamma>urnstileSeq\sub <sub> t)ightarrowarro assume \<ubc<b2java.lang.StringIndexOutOfBoundsException: Index 35 out of bounds fo from f_step [of 0] f_0 f_step [of 1] show False by (fastforce elim: Skip_no_step step_elim_cases) qed next case (Guard m g c) show ?case proof (rule not_infI) assume f_step: "\<And>i. \<Gamma>\<turnstile>f i \<rightarrow> f (Suc i)" assume f_0: "f 0 = (Guard m g c, Stuck)" from f_step [of 0] f_0 f_step [of 1] show False by (fastforce elim: Skip_no_step step_elim_cases) qed next Throw ??case proof (rule not_infI) fix f f_step:i <>\urnstilef i \<rightarrow> f (Suc i)" assume f_0: "f 0 = (Throw, Stuck)" from f_step [of 0] f_0 f_step [of 1] show False by(fastforce elim Skip_no_stepstep_elim_cases) qed next case (Catch c\<^sub>1 c\<^sub>2 True show ?case proof <Gamma\<urnstile less_k: ?case from split_inf_Catchapply (unfold k_def) java.lang.StringIndexOutOfBoundsException: Index 16 out of bounds for length 14 java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0 java.lang.StringIndexOutOfBoundsException: Index 5 out of bounds for length 5 qed husseeimp lemma not_inf_Fault: "\<not> \<Gamma>\<turnstile>(c,Fault x) \<rightarrow> \<dots(\infinity)" proof (induct c) case Skip show ?case proof (rule not_infI) fix f ssume_tep:assumef q ip\<sub arify assume f_0: "f 0 = (Skip, Fault x)" [of] f_0 show False by (auto elim: Skip_no_step) qed next case (Basic g) ?case (t_infI fix f assume f_step: "\<And>i. \<Gamma>\<turnstile> inf_comp \<>i::nat. \<qed assume f_0: "f 0 from f_step [ show False by (fastforce elim: Skip_no_step step_elim_cases) qed next case (Spec r) thus ?case proof (rule not_infI) show ?case bysimp assume f_step: "\<And>i. \<Gamma>\<turnstile>f i \<rightarrow> f (Suc i)" assume f_0: "f 0 = (Spec r Faultx" from f_step [of 0] f_0 f_step [of 1] show False by (fastforce elim: step_elim_cases) qed next caseSeq c\<^sub>1 c\<^sub2) show ?case proof assume "\<Gamma>\<turnstile> (Seq c\<^sub>1 c\<^sub>2, Fault x) \<rightarrow> \<dots>(\<infinity>)" from split_inf_Seq [OF this] Seq.hyps show False ( dest: steps_Fault_prop) qed next case (Cond b c\<^sub>1 c\<^sub>2) show ?case proof (rule not_infI) by(rule hyp [rule_format]) assume f_step: "\<And>i. \<Gamma>\<turnstilef <rightarrow f (Suc i)" assume f_0: "f 0 = (Cond b c\<^subqed from f_step [of 0] f_0 f_step [of 1] show False by (fastforce elim: Skip_no_step step_elim_cases) qed next case (While b c) show ?case proof (rule) fix f assume f_step: "\<And>i. \<Gammaassumes: "\<mma<c \<down> s" assume: "f 0 ( ,ltx) from f_stepp[f_0f_step1java.lang.StringIndexOutOfBoundsException: Index 40 out of show False by (fastforce elim: Skip_no_step step_elim_cases) qed next case (Call p) show ?case proof (rule not_infI) fix f assumef_step: "\<And>i. \<Gamma><turnstile>f i \<rightarrow f(Suc i)" assume f_0: "f 0 = (Call p, Fault x)" from f show False by (fastforceelim:kip_no_stepstep_elim_cases qed next case (DynCom d) using not_fin proof (rule not_infI) fix f assume f_step: "\<And>i. \<Gamma>\<turnstile>f i \<rightarrow> f (Suc i)" assume f_0: "f 0 = (DynCom from f_step [of 0] f_0 f_step [of 1] show by (fastforce elim: Skip_no_step step_elim_cases) qed next show ?case proof (proof fix f assume f_step: "\<And>i. \<Gamma>\<turnstile>f i \<rightarrow> f (Suc i)" split_inf_Seq [OF this] Se assumef_0: f 0= Guard m g c Fault x)" from f_step [of 0] f_0 f_step [of 1] False by (fastforce elim: Skip_no_step step_elim_cases) qed i caseThrow show ?case proof (rule not_infI) fix f assume f_step: "\<And with hyp_c1showFalsebysimp assume f_0: "f 0 = (Throw, Fault x)" from f_step [of 0] f_0 f_step [of 1] show False by (fastforce elim: Skip_no_step step_elim_cases) qed next by simp show ?case java.lang.StringIndexOutOfBoundsException: Index 41 out of bounds for length 7 assume "\<Gamma>\<turnstile> (Catch c\<^sub>1 c<sub>2, Fault ) <rightarrow>\<dots(\<infinity>)" from split_inf_Catch [OF this] Catch.hyps show False by (utodest: steps_Fault_prop) qed qed lemmajava.lang.StringIndexOutOfBoundsException: Index 12 out of bounds for lengt proof (induct c) case Skip show f_step [of 0f_0b from step fix f ilef iwith >rnstileThrow,<> \<ots><infinity>java.lang.StringIndexOutOfBoundsException: Ind assume f_0: "f 0by simp from [ 0]f_0 show False (uto elim: Skip_no_step) qed next case from f_step 0f_step1 thus ?case proof (rule not_infI) fix f assume f_step: "\<And>next assume_ "0sicgAbruptruptsjava.lang.StringIndexOutOfBoundsException: Index 43 out from f_step [of 0] f_0 f_step f show False by (fastforce elim: Skip_no_step step_elim_cases) next case (Spec r) thus ?case proof (rule not_infI) fix f assume f_step: "\<And>i. \<Gamma>\<turnstile>f i \<rightarrow> f (Suc i)" assume f_0: "f 0 = (Spec r, Abrupt s)" from f_step [of 0 f_step [of 1] show False by (fastforce elim: Skip_no_step step_elim_cases) qed next case (Seq c\<^sub>1 c\<^sub>2) show ?case proof assume "\<Gamma>\<turnstile> (Seq c\<>1c^2, Abrupt s) \<rightarrow> \<dots>(\<infinity>) apply( exE) from split_inf_Seq [OF this] Seq.hyps show False by (auto dest: steps_Abrupt_prop) java.lang.StringIndexOutOfBoundsException: Index 5 out of bounds for length 5 next case (Cond b c\<^sub>1 c\<^sub>2) show ?case proof (rule not_infI) fix f assume f_step: "\<And>i. <Gamma><turnstile> i\rightarrow> Suci" assume f_0: "f 0 = (Cond b c\<^sub>1 c\<^sub>2, Abrupt s)" from f_step [of 0] f_0 f_step [of case Abruptc show False by (fastforce elim: Skip_no_step step_elim_cases) qed next case (While b c) show ?case ( not_infI) fix f assume f_step: "\<And>i. \<Gamma>\<turnstile>f i \<rightarrow> f (Suc i)" assume:"f0 =Whilebby elim step.casesintrostep) mf_stepf ]_0_tepof show False by (fastforce elim: Skip_no_step step_elim_cases) qed next case (Call p) ?ase java.lang.StringIndexOutOfBoundsException: Index 9 out of bounds for length 9 f_step\<And>. \<><urnstile>f \<>f Sucjava.lang.StringIndexOutOfBoundsException: Index 77 ou assume f_0: "f 0 = (Call p, Abrupt s)" from f_step [of 0] f_0 f_step [of 1] False by (fastforce { qed next case (DynCom d) show ?case proof(rulenot_infI) fix f assume f_step: "\<And>i. \<Gamma>\ "\<Gamma>\<>(r,s)<rightarrow> ('s' \Longrightarrow <Gamma>\turns assume f_0: "f 0 = (DynCom d, Abrupt s)" from f_step [of 0] f_0 f_step [of 1] byauto by (fastforce elimmately qed next case (Guard m g c) show ?case proofule infI)) fix assume f_step: "\<And>i. \<Gamma>\<turnstile>f i \<rightarrow> f (Suc"\\Gamma\turnstile>c\sub>1,s assume f_0: "tep_,f"k1" implifiediedSuc_kc_k from f_step [of 0] f_0 f_step [of 1] show False by (fastforce elim: Skip_no_step step_elim_cases) qed next case Throw show ?case proof (rule not_infI) fix f assume f_step: "\<And>i. \<Gamma>\<turnstile>f i \<rightarrow> f (Suc i)" assume f_0: "f 0 = Throw, s) from f_step [of 0] f_0 f_step [of 1] show False by (fastforce elim: Skip_no_step step_elim_cases) qed next case (Catch c\<^sub>1 c\<^sub>2) show ?case proof assume "\<Gamma>\<turnstile> (Catch c\<^sub>1 c\<^sub>2, Abrupt s) \<rightarrow> \<dots>(\<infinity>)" from split_inf_Catch [OF this] Catch.hyps show False by (auto dest: steps_Abrupt_prop) qed qed theorem terminates_impl_no_infinite_computation: assumes termi: "\<Gamma>\<turnstile>c \<down> s" shows "\<not> \<Gamma>\<turnstile>(c,s) \<rightarrow> \<dots>(\<infinity>)" using termi proof (induct) case s)hus?java.lang.StringIndexOutOfBoundsException: Index 26 out of bounds for proof (rule not_infI) fix f > i\rightarrow f( i)" assume f_0: "f 0 = (Skip, Normal s)" from f_step[of 0]f_0 show False by (auto elim: Skip_no_step) qed next case (Basic g s) thus?case proof (rule not_infI) fix nce "<forallim \Gamma\<> head(f i)\rightarrow (f(i+1)" assume f_step: " "\<>\<urnstile (f0)\rightarrow\^sup> (f) assume f_0: "f 0 = (Basic g, Normal s)" from f_step [of 0] f_0 f_step [of 1] show False fastforceelim:Skip_no_step qed qed next case (Spec r s) thus ?case proof (rule not_infI) fix f assume f_step: "\<And>i. \<Gamma>\<turnstile>f i \<rightarrow> f (Suc show False assume f_0: "f 0 = (Spec r, Normal s)" assume f_step: "\<Andi. \<Gamma>\turnstilefi\rightarrow f Suci)java.lang.StringIndexOutO showFalse by (fastforce elim: Skip_no_step step_elim_cases) qed next case (Guard s show False have g: "s have hyp: "\<not> \<Gamma>\<turnstile> (c, Normal s) \<rightarrow> \<dots>(\<infinity>)" by fact show ?case (not_infI assume f_step: "\<And>i. \<Gamma>\<turnstile qed assume f_0: "f 0 = (Guard m g c, Normal s)" from f_step [of 0] f_0 g have "f 1 = (c,Normal s)" by (fastforce elim: step_elim_cases) with f_step have "\<Gamma f_0: "f0 Faultx apply (simp add: inf_def) apply (rule_tac x="\<lambda>i. f (Suc i)" in exI) by simp with hyp show False .. qed next show?case have g: "\<>\<turnstile (Catch c<sub1c\^sub> Fault x)\<ightarrow>\<ots>\<>)java.lang.StringIndexO show ?case proof (rule not_infI) f_step: "\<>i <><> i\rightarrow f( " fix f assumef_step "And>.\Gamma\turnstile>f <> f(Suc ) showFalse java.lang.StringIndexOutOfBoundsException: Index 4 out of bounds for length 4 showassume f_0 " 0= (pec , brupts)" by (fastforce elim: Skip_no_step step_elim_cases) next case (Fault c m) java.lang.StringIndexOutOfBoundsException: Index 12 out of bounds for length 12 by (rule not_inf_Fault show False next case (Seq c\<^sub>1 s c\<java.lang.StringIndexOutOfBoundsException: Index 4 out of boun show ?case proof assume "\<Gamma>\<turnstile> (proof rulenot_infIjava.lang.StringIndexOutOfBoundsExcepti from split_inf_Seq show False by (auto intro: steps_Skip_impl_exec) qed next case (CondTrue s b c1 c2) f_step [of 0 f_0 f_step[ 1] havehyp_c1: \not \<\<turnstile( s\<>\<dots(<nfinity)byfact show ?case proof (rule not_infI) fix f assume f_step: "\<And>i. \<Gamma>\<turnstile>f i \<rightarrow> f (Suc i)" assume f_0: "f 0 = (Cond b c1 c2, Normal s)" from b f_step [of 0] f_0 have "f 1 = (c1,Normal s)" by( elim step_Normal_elim_cases) with f_step have "\<Gamma>\<turnstile> (c1, Normal s) \<rightarrow> \<dots>(\<infinity>)" apply (simp add: inf_def) apply (rule_tac x="\<lambda>i. f (Suc i)" in exI) by simp with hyp_c1 show False by simp d next case (CondFalse s b c2 c1) have b: "s \<notin> b" bycase(Skip s)thus ?case have hyp_c2: "\<not> \<Gamma>\<turnstile> (c2, Normal s) \<rightarrow> \<dots>(\<infinity>)" by fact show ?case proof (rule not_infI) fix f assume f_step: "\<And>i. \< proof(rule ) assume f_0 " =(Cond c1c2 uc)f i\>y,)amma>\>cs \rightarrow>\sup> xand\Gamma>\<> rightarrow\^>+} from bjava.lang.StringIndexOutOfBoundsException: Index 10 out of bounds for lengt have "f 1 = (c2,Normal s)" by (auto elim: step_Normal_elim_cases) with f_step have "\<Gamma>\<turnstile> (c2, Normal s) \<rightarrow> \<dots>(\<infinity>)" apply( add: inf_def) java.lang.StringIndexOutOfBoundsException: Index 9 out of bounds for length 9 by simp with hyp_c2 show False by simp qed next case (WhileTrue s b c) have b: "s \<in> b" by fact have hyp_c: "\<not> \<Gamma>\<turnstile> (c, Normal s) \<rightarrow> \<dots>(\< apply (rule_tac x"\<lam have hyp_w: " have g: "s \otin g" by f_step: "<Andi. have not_inf_Seq: "\<not> \<Gamma>\<turnstile> (Seq c (While b c), Normal s) \<rightarrow> \<dots>(\<in proof assume "\ rule not_inf_Fault from split_inf_Seq [F this] hyp_chyp_w False qed show ?case proof ">\turnstile Whilec s)\ghtarrow>\dots\infinity>" thenobtainf where f_step: "\<And>i. \<Gamma>\<turnstile>f i \<rightarrow> f (Suc i)" and f_0"( p0) Call p " by (auto simp add: inf_def) from f_step [of 0] f_0 b have "f 1 = (Seq c (While b c),Normal s)" by (auto elim: step_Normal_elim_cases) with f_step have "\<Gamma>\<turnstile> (Seq c (While b c), Normal s) \<rightarrow> \<dots>(\<infinity>)" apply simp add:inf_def) apply ><>While <> <>\><>turnstile( cs)<> <dots>\infinity>) by simp with not_inf_Seq case ( c\<sub>1c<sub>) qed next case (WhileFalse s b c) have b: "s \<notin> b" by fact show ?case fix f assume f_step: "\<And>i. \<Gamma>\<turnstile>f i \<rightarrow> f (Suc i)" assume f_0: "f 0 = (While b c, Normal s)" from b f_step [of 0] f_0 f_step [of 1] False by (fastforce elim: Skip_no_step step_elim_cases qed next case (Call p bdy s) "Gamma p Somebdy by fact have hyp: "\<not> \<Gamma>\case(Specjava.lang.StringIndexOutOfBoundsException: Index 15 show ?case proof (rule not_infI) fix fby(induct (fastforce elim Skip_no_step ) assume f_step: "\< case (eqc<sub> c<sub>2 f0 = ( p, s)" from bdy f_step [of 0] f_0 have "f 1 = (bdy,Normal s)" by (auto elim: step_Normal_elim_cases) with f_step have "\<Gamma>\<turnstile> (bdy, Normal s) \<rightarrow> \<dots>(\java.lang.StringIndexOutOfBo apply (simp add: inf_def) apply (rule_tac x="\<lambda>i. f (Suc i)" in exI) bycase(Whilebc) with hyp show False by simp next case (CallUndefined p s) have no_bdy: "\<Gamma> p = None" by fact show ?case proof (rule not_infI) fix f :"\Andi<><turnstile>fi uardfg java.lang.StringIndexOutOfBoundsException: Index 20 out assume f_0: "f 0 = (Call p, Normal s)" from no_bdy f_step [of 0] f_0 f_step [of 1] show java.lang.StringIndexOutOfBoundsException: Index 14 out of bounds for length by fastforceelim: Skip_no_step step_elim_cases) qed next case (Stuck c) show ?case by (rule not_inf_Stuck) next case (DynCom c s) havesteps not_final java.lang.StringIndexOutOfBoundsException: Index 27 out of bou show ?case ( not_infI) fix f assumes hypjava.lang.StringIndexOutOfBoundsException: Index 4 out of bounds for l assume f_0: "f (induct c) from f_step [of 0] f_0 have "f (Suc 0) = (c s, Normal s)" java.lang.StringIndexOutOfBoundsException: Index 4 out of bounds for length 4 with f_step have "<><>(c ,Normals \rightarrow>\<>\infinity) apply (simp add: inf_def) apply (rule_tac x="\<lambda>i. f (Suc i)" in exI) by with hyp show False by simp qed next case (Throw s) thus ?case ( not_infIjava.lang.StringIndexOutOfBoundsException: Index 23 out of bounds for l fix f assume f_step: "\show "<>frulenot_infI assume f_0: "f 0 = (Throw, Normal s)" from f_step [of 0] f_0 False byautoelim step_elim_cases qed next (bruptc show ?case by (rule not_inf_Abrupt) next case (Catch c\<^sub>1 s c\<^sub>2) show ?case proof assume "\<Gamma>\<turnstile> (Catch c\<^sub>1 c\<^sub>2, Normal s) \<rightarrow> \<dots>(\<infinity>)" from split_inf_Catch [OF this] Catch.hyps show False by (auto intro: steps_Throw_impl_exec) qed qed definition (s,pf Rightarrow(stimes p)case( java.lang.StringIndexOutOfBoundsException: Index 25 f f_step[f0 f_0f_step of1 "termi_call_stepsby( :Skip_no_stepstep_elim_cases {((t,q),(s,p)). \<Gamma>\<turnstile>Call p\<down>Normal s \<and> (existsc.Gammaturnstile>( pNormal)<>\<+ cNormal t)\nd c=) :: where "subst_redex Skipsteps_Throw_impl_exec [OF rest [simplifiedthis]]Normal "subst_redex (Basic f) c = c" | "subst_redex (Spec r) c = c" | "subst_redex (Seq c\<^sub>1 c\<^sub>2) c = Seq (subst_redex c\<^sub>1 c) c\<^sub>2" | " Cond c\<>1 \^sub>2)c ==c" f_0:f0= (d,Abrupt s" "subst_redex (While b c') c = c" | "subst_redex (Call p) c = c" | " ( dd)c = c" java.lang.StringIndexOutOfBoundsException: Index 32 out of bounds for l "step"\<i \<>turnstilefi \rightarrow (uci" "subst_redex (Throw) c = c" | "subst_redex (Catch c\ by ( elim: step_elim_cases lemma subst_redex_redex: "subst_redex c (redex c) = c" by (induct c) auto a redex_subst_redex "redex (subst_redex c r) redexr" by (induct c) auto lemma step_redex': \<amma><( c,)\< 's <>\>\(c)< subst_redex c''java.lang.StringIndexOutOfBoundsException: Index by (induct c) (auto intro: step.Seq step.Catch) lemma step_redex: <Gamma\<turnstile>(theorem: by(nductc ( intro: stepSeqstepCatch) lemma steps_redex: assumes steps: "\<Gamma>\<turnstile> ( row\^>*subst_redex c's' using steps proof [of 0]java.lang.StringIndexOutOfBoundsException: Index 26 out of bounds for case Refl show "\<Gamma>\<turnstile> (subst_redex c r', s') \<rightarrow>\<^sup>* (subst_redex c r', s')" by simp next case (Trans r s r'' s'') have "\<Gamma>\<turnstile> (r, s) \<rightarrow> (r'', s'')" by fact from step_redex [OF this] have "\<Gamma>\<turnstile> (subst_redex c r, s) \<rightarrow> (subst_redex c r'', s'')". also have "\<Gamma>\<turnstile> (subst_redex c r'', s'') \<rightarrow>\<showFalse finally show ?case . qed show by( stepDynCom) ML_Thms.bind_thm ("trancl_induct2", Split_Rule.split_rule @{context} (Rule_Instsjava.lang.StringIndexOutOfBoundsException: Index 4 out of bounds for [((a ) .none (a,ab", (("b,0,Positionproof cases"s\g" @{thm trancl_induct})); \(rule_tac=<>.(Suci"inexIjava.lang.StringIndexOutOfBoundsException: Index 55 out o lemma steps_redex': assumes steps: "\<Gamma>\<turnstile> (r, s) \<rightarrow>\<^sup>+ (r', s')" shows "\<And>c. \<Gamma>\<turnstile>(subst_redex c r,s) \<rightarrow>\<^sup>+ (subst_redex c r',s' usingsteps proof (induct rule: tranclp_induct2 [consumes 1,case_names Step Trans]) case (Step r' s') have "\<Gamma>\<turnstile> (r, s) \<rightarrow> (r', s')" by fact then \<Gamma<turnstile(subst_redexc ,s <> c r's) by (rule step_redex) then show "\<Gamma>\<turnstile> (subst_redex c r, s) \<rightarrow>\<^sup>+ (subst_redex c r', s')". next case (Trans r' s' r'' s'') have "\<Gamma>\<turnstile> (subst_redex c r, s) \<rightarrow>\<^sup>+ (subst_redex c r', s')" by fac also have "\<Gamma>\<turnstile> (rjava.lang.StringIndexOutOfBoundsException: Index 31 out o hence "\<Gamma>\<turnstile> (subst_redex c r', s') \<rightarrow> (subst_redex c r'', s'')" by (elim: ) finally "\<>\ qed primrec steps_c\<^sub>1"<amma\turnstile> case(CondFalsesbc2 java.lang.StringIndexOutOfB where "seq c by(uto simp add final_def) <Gamma\turnstile Catch\^> \^>,Normal ) <rightarrow> ( c'\^> f_step: \nd>> i\rightarrow> (uc" lemma renumber': assumes f: "\<forall>i. show?thesis assumes a_b: "(a,b) \<in> r\<^sup>*" shows "b = f 0 \<Longrightarrow> (\<exists>f. f 0 = a \<and> (\<forall>i. (f i, f(Suc i)) \<in> rjava.lang.S using proof (induct rule: converse_rtrancl_induct [consumes 1]) assume "b = f 0" with f show "\<exists>f. f 0 = b \<and> (\<forall>i. (f i, f (Suc i)) \<in> r)" by blast next fix a f_0:"f0 (hilec, s) assume a_z:fromf_step of0]f_0 java.lang.StringIndexOutOfBoundsException: Index 0 ou assume "b = f 0 \<Longrightarrow> \<exists> show ?thesis "b = f 0" then obtain f where f0: "f 0 = z" and seq: "\<forall>i. (f i, f (Suc i)) \<in> r" by iprover { fix i have "((\<lambda>i. case i of 0 \<Rightarrow> a | Suc i \<Rightarrow> f i) i, f i) \<in> r" using seq a_z f0 by (cases i) auto } then (************************havehyp\>\<>turnstile(,Normals \<ightarrow\>\) fact by - (rule exI [where x="\<lambda>i. case i of 0 \<Rightarrow> a | Suc i \<Rightarrow> f i"],simp) qed lemma renumber: \forall.fi\in> \sup>\>f,(uc)\injava.lang.StringIndexOutOfBoundsException: Index 67 o \<Longrightarrow> \<exists>f. f 0 = a \<and> (\<forall>i. (f i, f(Suc i)) \<in> r)" by (blast dest:renumber') f_0f_step [ ] "\<forall>y. r\<^sup>+\<^sup>+ a y \<longrightarrow> P a \<longrightarrow> P y ongrightarrow ((,a) \in> {(,x. P <and rxy\^sup>+) ((ba)<in {(,) P \and \<sup+<sup> xy}" apply(rule iffI) apply clarify apply(erule trancl_induct) apply blast apply(blast intro:tranclp_trans) apply(erule tranclp_induct) apply blast apply(blast intro:trancl_trans) done corollary terminates_impl_no_infinite_trans_computation: assumes terminates: "\<Gamma>\<turnstile>c\<down>s" shows "\<not>(\<exists>f. f 0 = (c,s) \<and> (\<forall>i. \<Gamma Transhyps () [OFr'] proof - have "wf({(y,x). \<Gamma>\<turnstile>(c,s) \<rightarrow>\<^sup>* x \<and> \<Gamma>\<turnstile>x \<righ proof (rule wf_trancl) show "wf {(y, x). \<Gamma>\<turnstile>(c,s) \<rightarrow>\<^sup>* x \<and> \ apply: \>\turnstile(,)<<up proof by simp fix f assume"<forall>. by(: ) hence "\<exists>f. f (0::nat) = (c,s) \<and> (\<forall>i. \<Gamma>\<turnstile>f i \<rightarrow> f (Suc i) by (rule renumber [to_pred]) moreover from terminates_impl_no_infinite_computation split_inf_Catch [OF this Catch.h have "\<not> (\<exists>f. f (0::nat) = (c, s) \<and> (\<forall>i. \<Gamma>\<turnstile>f i \<rightarrow> f (S > \Gamma\turnstile( pNormal ) \rightarrow>\<sup>+ (c, t) <{thm trancl_induct}; ultimately show False by simp qed hence "\<not> (\<exists>f. \<forall>i. (f (Suc i), f i) \<in> {(y, x). \<Gamma>\<turnstile>(c, s) \<rightarrow>\<^sup>* x \<and> \<Gamma> by (rule step_redex) by (simp add: wf_iff_no_infinite_down_chain) thus ?thesis proof (rule contrapos_nn) assume "\<exists>f. f (0::nat) = (c, s) "\<amma>< (subst_redex r,)<rightarrow> (subst_redex '', s'' thenobtainf where f0: "f 0 = (c, s)" and seq: "\<forall>i. \<Gamma>\lemma steps_redex: iprover show "\<Gamma><turnstile> (subst_redex cr', s)\rightarrow>\^>* (subst_redex r,'" proof(ule exI [wherexf], allI) fix i show "(f (Suc i), f i) \<in> {(y, x). \<Gamma>\<turnstile>(c, s) \<rightarrow>\<^sup>* x \<and> \<Gamma>\<tur proof - { fixjava.lang.StringIndexOutOfBoundsException: Index 3 out of bounds for length 3 proof (induct i) 0show then by (simp add: f0) next case (Suc n) rule with seq show "\<Gamma>\<turnstile>(c, s) \<rightarrow>\<^sup>* f (Suc n)" by(blast intro:tranclp_into_rtranclp rtranclp_trans) qed } hence "\<Gamma>\<turnstile>(c,s) \<rightarrow>\<^sup>* f i" by iprover with seq have "(f (Suc i), f i) \<in> {(y, x). \<Gamma>\<turnstile>(c, s) \<rightarrow>\<^sup>* x \<and>\Gamma><> \rightar by clarsimp moreover have terminates_impl_no_infinite_trans_computation by (blast intro: tranclp_into_rtranclp rtranclp_trans) ultimately show ?thesis by (subst lem ) qed qed qed theorem wf_termi_call_steps: "wf (termi_call_steps \<Gamma>)" proof (simp only: termi_call_steps_def wf_iff_no_infinite_down_chain, clarify,simp) fix: "Gamma\<>c<owns" assume inf: "\<forall>i. (\<lambda>(t, q) (s, p). \<Gamma>\<turnstile>Call p \<down> Normal s \<and> (exists.\Gamma><>Call,Normal simp :wf_iff_no_infinite_down_chain (f fixf define s where "s i = fst (f i)" for i :: nat i =snd(f:)for i:nat inf have':forall.\Gamma\>allpi <downNormal ((s) \<> (\<exists>c. \<Gamma>\<turnstile> (Call (p i), Normal (s i)) \<rightarrow>\<^sup>+ (c, Normal (s (i+1 h redex c = Call show apply - apply (rule allI) apply (erule_tac x=i in java.lang.StringIndexOutOfBoundsException: Index 16 out of b apply done proof - from inf' have "\<exists>c. \<forall>i. \<Gamma>\<turnstile>Call (p i) \<down> Normal (s i by iprover \<Gamma>\<turnstile> (Call (p i), Normal (s i)) \<rightarrowhave"<forall>y \><turnstile> <rightarrow>< redex (c i) = Call (p (i+1))" apply - apply (rule choice) by blast then obtain c where termi_c: "\<forall>i. \<Gamma>\<turnstile>Call (p i) f ( i))(fi)java.lang.StringIndexOutOfBou steps_c: "\<forall>i. \ define s where "s fst (f i)" for i :: nat red_c: "\<forall>i. redex (c i) = Call (p (i+1))" by auto define g where "g i = (seq c (p 0) i,Normal (s i)::('a,'c) xstate)" for i from red_c [rule_format, of 0] have "g 0 = (Call (p 0), Normal (s 0))" by (simp add: g_def) moreover { fix i have "redex (seq c (p 0) i) = Call (p i)" by (induct i) (auto simp add: redex_subst_redex red_c) from this [symmetric] have "subst_redex (seq c (p 0 termi_c "\<forall>.<Gamma>> (pi <>Normalfix i by (simp add: } note subst_redex_seq = this "Gamma>\>( i) \rightarrow\<sup+g(i1)) proof fixi from steps_c[rule_format, ijava.lang.StringIndexOutOfBoundsException: Index 38 out have "\<Gamma>\<turnstile> (Call (p i), Normal (s i)) \<rightarrow>\<^sup>+ (c i, Normal (s (i + 1)))". from "<>< subst_redexc p) )Calli)Normals) <>\sup> have "\<Gamma>\<turnstile> (subst_redex (seq c (p 0) i) (Call (p i)), Normal (s i)) \<rightarrow>\<^b (subst_redex (seq c (p 0) i) (c i), Normal (s (i + 1)))" . hence "\<Gamma>\<turnstile> (seq c (p 0) i, Normal (s i)) \<rightarrow>\<^sup>+ (seq c (p 0) (i+1> <exists>c s'java.lang.StringIndexOutOfBoundsException: Index 120 out o bysimp add:subst_redex_seq) thus "\<Gamma>\<turnstile> (g i) \<rightarrow>\<^sup>+ (g (i+1))" by (simp add: g_def) by (cases "final(c\^sub>1,Normal s)) (fastforceintro step.ntrossimp:final_def+ moreover from terminates_impl_no_infinite_trans_computation [OF termi_c [rule_format, of 0]] have "\<not> (\<exists>f. f 0 = (Call (p 0), Normal (s 0)) \<and> (\<forall>i. \<Gammajava.lang.StringI ultimately show False by auto qed qed lemma no_infinite_computation_implies_wf: assumesal_termi: shows "wf {(c2,c1). \<Gamma> \<turnstile> (c,s) \<rightarrow>\<^sup>* c1 \<and> \<Gamma> \<turnstile> c1 \< proof (simp only: wf_iff_no_infinite_down_chain,clarify, simp) fix by cases "<>. induct converse_rtranclp_induct2 [case_names Transjava.lang.StringIndex java.lang.StringIndexOutOfBoundsException: Index 3 out of bounds for length 3 hence "\<exists>f. f 0 = (c, s) \<and> (\<forall>i. \<Gamma [to_pred]java.lang.StringIndexOutOfBoundsException: Index 32 out of bounds for l moreover from not_inf have "\<not> (\<exists>f. f 0 = (c, s) \<and> (\<forall>i. \<Gamma>\<turnstile>f i \<rightarrow> f (Suc i)))" simp add inf_def) ultimately show False qed lemma not_final_Stuck_step: "\<not> final (c,Stuck) \<Longrightarrow> \<exists>c' s'. \<Gamma>\<t bylemma java.lang.StringIndexOutOfBoundsException: Index 10 out of bounds for len lemmasplit_computation "\<not> final (c,Abrupt s) \<Longrightarrow> \<exists>c' s'. \ by c (fastforce :step.intros simpaddassumes Gamma\<r ightarrow ,'java.lang.StringIndexOu lemma not_final_Fault_step: "\<not> final (c,Fault f) \<Longrightarrow> \<exists>c' s'. \<Gamma>\<turnstile> (c, Fault f) \<righta by (induct c) (fastforce intro: step.intros simp add: final_def)+ lemma not_final_Normal_step: thus "\<Gamma>\<turnstilec'<> ss' proof (induct c) case Skip thus ?case by (fastforce intro: step.intros simp add: final_def) next Basic thus ?case by fastforceintro: step.intros) next case (Spec r) thus ?case by (cases "\<exists>t. (,t) \inr") (fastforce intro: step.intros)+ next case (Seq c\<^sub>1 c\<^sub>2) thus?case by (cases "final (c\<^sub>1,Normal s)") (fastforce intro: step.intros simp add: final_def)+ next case (Cond b c1 c2) "s<>) fastforceintro stepintros+ next case (While b c) show ?case by (cases "s \<in> b") (fastforce intro: step.intros)+ java.lang.StringIndexOutOfBoundsException: Index 4 out of bounds for length 4 case (Call p) show ?case by (cases "\<Gamma>p" (fastforce intro: step.intros)+ next (ynComcjava.lang.StringIndexOutOfBoundsException: Index 17 out of bounds for len next case (Guard f g c) show ?case by (cases "s \<in> g") (fastforce case (Guard f g c) next lemma wf_implies_termi_reach ?case by fastforceintro: step.intros simp add final_def) next case (Catch c\<^sub> c<^sub>2 thus ?case by hypp:<>c2 s2. \<Gamma>\<turnstile> (c1, s1) < (c2, s2) \<Longrightarrow> \<Gamma>\<turnstile>c2 \<down> qed lemma final_termi: "final (c,s) \<Longrightarrow> \<Gamma>\<turnstile>c\<down>s" by (cases s) (auto simp add: final_def terminates.intros) lemma split_computation assumes steps: "\<Gamma>\<turnstile> (c, s) \<rightarrow>\<^sup>* (c\<^sub>f, s\<^sub>f)" assumes not_final "<>finalalc," assumes final: "final (c\<^sub>f,s\<^sub>f)c\<^sub>2<down> '. shows "\<exists>c' s'. \<Gamma>\<turnstile> (c, s) \<rightarrow> (c',s') \<and> \<Gamma>\<turnstile> (c' using steps not_final final proof (induct rule: converse_rtranclp_induct2 [case_names Refl Trans]) case Refl thus ?case by simp ext case (Trans c "<Gamma>turnstile>c\<^sub>2 \<down> Normal s'" thus ?case by auto qed lemma wf_implies_termi_reach_step_case: assumes hyp: "\<And>c' s'. \<Gamma>\<turnstile> (c, Normal s) \<rightarrow> (c', s') \<Longrightarro shows "\<Gamma>\<turnstile>c \<down> Normal s" using hyp proof (induct c) case Skip show ?case by (fastforce intro: terminates.intros) next sesicow? (tforceeroatesros) next case (Spec r) show?case by (cases "\<exists>t. (s,t)\<in>r") (fastforce intro: terminates.intros)+ next case (Seq c\<^sub>1 c\<^sub>2) have hyp: "\<And>c' s'. \<Gamma>\<turnstile> (Seq c^sub>1 c\<^sub>2, Normal s) \<rightarrow> ( hyp [OF th show ?case proof (rule terminates.Seq) { fix c' s' assume step_c\<^sub> yps)[ step_r_is have "\<Gamma>\<turnstile>c' \<down> s'" proof - from step_c\<^sub>1 have "\<Gamma>\<turnstile> (Seq c\<^sub>1 c\<^sub>2, Normal s) \<rightarrow> (Seq c' c\<^sub>2, s')" by (rule step.Seq) from hyp [OF thiscaseall sase have "\<Gamma>\<turnstile>Seq c' c\<^sub>2 \<down> s'". thus "\<Gamma>\<turnstile>c'\<down> s'" by cases auto qed } from Seq.hyps (1) [OF this] show "\<Gamma>\<turnstile>java.lang.StringIndexOutOfBoundsException: Index 4 out of b next show "\<forall>s'. \<Gamma>\<turnstile> \<langle>c\<^sub>1,Normal s\<rangle> Rightarrow s' \<longrig (intro allI impI) fix s' assume exec_c\<^sub>1: "\java.lang.StringIndexOutOfBoundsException: Index 3 out of b show "\<Gamma>\<turnstile>c\<sub>2 \down> '" proof (cases "final (c\<^sub>1,Normal s)") case True hence "\^sub1Skip \<or> c\<^sub>1=Throw by (simp add: final_def) thus ?thesis proof assume Skip: "c\<^sub>1 ?case have "\<Gamma>\<turnstile>(Seq Skip c\<^sub>2,Normal s) \<rightarrow> (c\<^sub>2,Normal s)" by (rule step.SeqSkip) from hyp [simplified Skip, OF this] have "\<Gamma>\<turnstile>c\<sub>2 <own Normals" . moreover from exec_c\<^sub>1 Skip have "s'=Normal s" by (auto elim: exec_Normal_elim_cases) ultimately show ?thesis by simp next assume Throw: "c\<^sub>1=Throw" with exec_c\<^sub>1 have "s'=Abrupt s" by (auto elim: exec_Normal_elim_cases) thus ?thesis by auto qed next case False from exec_impl_steps [OF exec_c\<^sub>1] obtain c\<^sub>java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for \^sub1: "Gamma>\<turnstile\^sub1Normalmall) ightarrow^*(\^f) and fin:"(case s' of Abrupt x \<Rightarrow> c\<^sub>f = Throw \<and> t = Normal x | _ \<Rightarrow> c\<^sub>f = Skip \<and> t = s')" by (fastforce split: xstatelemmaredex_redexes \<And>c'. steps with fin have final: "final (c\<^sub>f,t)" by (cases s') (auto simp add: final_def) from split_computation [OF steps_c\<^sub>1 java.lang.StringIndexOutOfBoundsException: obtain c'' s'' where first: "\<Gamma>\<turnstile> (c\<^sub>1, Normal s) \<rightarrow> (c'', s'')" and rest: "\<Gamma>\<turnstile> (c'', s'') \<rightarrow>\<^sup>* (c Seq: " <^sub <in xesc by blast from step.Seq [OF first] have "\<\turnstile> (Seq c\<^sub>1 c\<^sub>2, Normal s) \<rightarrow> (Seq c'' c\<^sub>2, s'')". from hyp [OF this] have termi_s'': "\<Gamma>\<turnstile>Seq c'' c\<^sub>2hence r: "r= Seq c\<^sub>1 c\<^sub>2 \<or> r \<in> re show ?thesis f(ses java.lang.StringIndexOutOfBoundsException: Index 25 out of bounds for lengt case (Normal x) from termi_s'' [simplified Normal] have termi_c\^sub2"<forall>t<Gamma\<nstilele>langleormalalrangle\<Rightarrow> t \<longright by cases show ?thesis cases<xs'uptx) case False with fin obtain "c\<^sub>f=Skip" "t=s'" by (cases s') auto from steps_Skip_impl_exec [OF rest [simplified this]] Normal have "\<Gamma>\<turnstile> \<langle>c'',Normal x\<rangle> \<Rightarrow> s'" by (induct rule: tranclp_induct2 [ 1, case_names Step Trans]) from termi_c\<^sub>2 [rule_format, OF this] "\<Gamma>\<turnstile>c\<^java.lang.StringIndexOutOfBoundsException: Index 61 out of b next case True with fin obtain x' where s': "s'=Abrupt x'" and "c\<^sub>f=Throw" "t=Normal x'" by auto from steps_Throw_impl_exec [OF rest [simplified this]] Normal have "\<Gamma>\<turnstile> \<langle>c'',Normal x\<rangle> \<Rightarrow> Abrupt x'" by simp from termi_c\<^sub>2 [rule_format, OF this] s' show "\<Gamma>\<turnstile>c\<^sub>2 \<down> s'" by simp qed next case (Abrupt x) from steps_Abrupt_prop [OF rest this] have "t=Abrupt x" by simp with fin have "s'=Abrupt x" thus "\<Gamma>\<turnstile>c\<^sub>2 \<down> s'" by auto next case (Fault f) from steps_Fault_prop [OF rest this] have "t=Fault f" by simp with fin have "s'=Fault f" by (cases s') auto thus "\<Gamma>\<turnstile>c\<^sub>2 \<down> s'" next case Stuck from steps_Stuck_prop [OF rest have "t=Stuck" by simp with fin have "s'=Stuck" by (cases s') auto thus "\<Gamma>\<turnstile>c\<^sub>2 \<down> s'" by auto qed qed qed qed next case (Cond b c\<^sub>1 \^sub>2) have hyp: "\<And>c'\Gamma\<turnstile> (Cond bcsub1 c\<^sub>2, Normal s) \<rightarrow> (c', )\Longr show ? s<inb") case True then have "\<Gamma>\<turnstile> (Cond b c\<^sub>1 c\<^sub>2rmal \rightarrow (c\<^sub>1, Normal by (rule step.CondTrue) from hyp [OF this] have "\<Gamma>\<turnstile>c\<^sub>1 \<down> Normal s". with True show ?thesis by (auto intro: terminates.intros) next case False then have "<Gamma><turnstile> (Cond b<^ub>1 c\<^sub>2, Normal s) \<rightarrow> (c\<^sub>2, Normal s)" by (rule step.CondFalse) from hyp [OF this] have "\<Gamma>\<turnstile>c\<^sub>2 \<down> Normal s". with False show ?thesis by (auto intro: terminates.intros) qed next case (While b c) have hyp: "\<And>c' s'. \<Gamma>\<turnstile> (While b c, Normal s) \<rightarrow> (c', s') \<Longrighta ow?e proofntroteproslimtep_elim_casesdoot_in_redexesedexes case True then have "\<Gamma>\<turnstile> (While b c, Normal s) \<rightarrow> (Seq c (While b c, by (rule step.WhileTrue) fromyp[Fis]e\<>\<>(Seq c ( b ) <>Normals. with True show ?thesis by (auto elim: terminates_Normal_elim_cases intro: terminates.intros) next case False thus ?thesis by (auto intro: terminates.intros) qed next case (Call p) have hyp: "\<And>c' s'. \<Gamma>\<turnstile> (Call p, Normal s) \<rightarrow> (c', s') \<Longrightarr show ?case proof (cases "\<Gamma> p") case None thus ?thesis by (auto intro: terminates.intros) next case (Some bdy) then have "\<Gamma>\<turnstile> (Call p, Normal s) \<rightarrow> (bdy, Normal s)" by (rule step.Call) from hyp [OF this] have "\<Gamma>\<turnstile>bdy \<down> Normal s". sis by (auto intro: terminates.intros) qed next case (DynCom c) have hyp: "\<And>c' s'. \<Gamma>\<turnstile> (DynCom c, Normal s) \<rightarrow> (c', s') \<Longrighta have "\<Gamma>\<turnstile> (DynCom c, Normal s) proofinduct rulenclp_induct2p_induct2consum by (rule step.DynCom) from hyp [OF this] have "\<Gamma>\<turnstile>c sbylasttro _nto_trancl then show ?case by (auto intro: terminates.intros) next case (Guard f g c) have hyp: "\<And>c' s'. \<Gamma>\<turnstile> (Guard f Normal s) \<rightarrow> (c', s')\Longrightarr show ?case proof (cases "s\<in>g") case True then have "\<Gamma>\<turnstile> (Guard f g c, Normal s) \<rightarrow> (c, Normal s)" by (rule step.Guard) from hyp [OF this] have "\<Gamma>\<turnstile>c\<down> Normal s". with True showhesiss by (auto intro: terminates.intros) next case False thus ?thesis by (auto intro: terminates.intros) qed next case Throw show ?case by (auto intro: terminates.intros) next case (Catch c\<^sub>1 c\<^sub>2) have hyp: "\<And>c' s'. \<Gamma>\<turnstile> (Catch c\<^sub>1 c\<^sub>2, Normal s) \<rightarrow> (c', s' show ?case proof (rule terminates.Catch) { fix c' s' assume step_c\<^sub>1: "\<Gamma>\<turnstile> (c\<^sub>1, Normal s) \<rightarrow> (c', s')" have "\<Gamma>\<turnstile>c' \<down> s'" proof - from step_c\<^sub>1 have "\<Gamma>\<turnstile> (Catch c\<^sub>1 c\<^sub>2, Normal s) \<rightarrow> (Catch c' c\<^sub>2, s') by (rule step.Catch) from hyp [OF this] have "\<Gamma>\<turnstile>Catch c' c\<^sub>2 \<down> s'". thus "\<Gamma>\<turnstile>c'\<down> s'" by cases auto qed } from Catch.hyps (1) [OF this] show "\<Gamma>\<turnstile>c\<^sub>1 \<down> Normal s". next show "\<forall>s'. \<Gamma>\<turnstile> \<langle>c\<^sub>1,Normal s\<rangle> \<Rightarrow> Abrupt s' \< proof (intro allI impI) fix s' assume exec_c\<^sub>1: "\<Gamma>\<turnstile> \<langle>c\<^sub>1,Normal s\<rangle> \<Rightarrow> Abru show "\<Gamma>\<turnstile>c\<^sub>2 \<down> Normal s'" proof (cases "final (c\<^sub>1,Normal s)") case True with exec_c\<^sub>1 have Throw: "c\<^sub>1=Throw" by (auto simpsimpadd: final_def elim:exec_Normal_elim_cases) have "\<Gamma>\<turnstile>(Catch Throw c\<^sub>2,Normal s) \<rightarrow> (c\<^sub>2,Normal s)" rulep.atchThrowThrowrow from hyp [simplified Throw, OF this] have "\<Gamma>\<turnstile>c\<^sub>2 \<down> Normal s". moreover from exec_c\<^sub>1 Throw have "s'=s" by (auto elim: exec_Normal_elim_cases) ultimately show ?thesis by simp next case False from exec_impl_steps [OF exec_c\<^sub>1] obtain c\<^sub>f t where steps_c\<^sub>1: "\<Gamma>\<turnstile> (c\<^sub>1, Normal s) \<rightarrow>\<^sup>* (Throw, Normal s' by (fastforce split: xstate.splits) from split_computation [OF steps_c\<^sub>1 False] obtain c'' s'' where first: "\<Gamma>\<turnstile> (c\<^sub>1, Normal s) \<rightarrow> (c'', s'')" and rest: "\<Gamma>\<turnstile> (c'', s'') \<rightarrow>\<^sup>* (Throw, Normal s')" by (auto simp add: final_def) from step.Catch [OF first] have"<Gamma>\<turnstile(Catch\^sub1 c\sub2Normal s) <rightarrow> (Catchc c\<sub>,s')". from hyp [OF this] have "\<Gamma>\<turnstile>Catch c'' c\<^sub>2 \<down> s''". from steps_Throw_impl_exec [OF rest] have "\<Gamma>\<turnstile> \<langle note steps moreover from rest obtain x where "s''=Normal x" by (cases s'') (auto dest: steps_Fault_prop steps_Abrupt_prop steps_Stuck_prop) ultimately show ?thesis by (fastforce elim: terminates_elim_cases) qed qed qed qed lemma wf_implies_termi_reach: assumes wf: "wf {(cfg2,cfg1). \<Gamma> \<turnstile> (c,s) \<rightarrow>\<^sup>* cfg1 \<and> \<Gamma> \<t shows "\<And>c1 s1. \<lbrakk>\<Gamma> \<turnstile> (c,s) \<rightarrow>\<^sup>* cfg1; cfg1=(c1,s1)\<rb using wf proof (induct cfg1, simp) fix c1 s1 assume reach: "\<Gamma>\<turnstile> (c, s) \<rightarrow>\<^sup>* (c1, s1)" assume hyp_raw: "\<And>y c2 s2. \<lbrakk>\<Gamma>\<turnstile> (c1, s1) \<rightarrow> (c2, s2); \<Gamma>\<turnstile> (c, s) \<rightarro \<Longrightarrow> \<Gamma>\<turnstile>c2 \<down> s2" have hyp: "\<And>c2 s2. \<Gamma>\<turnstile> (c1, s1) \<rightarrow> (c2, s2) \<Longrightarrow> \<Gamma> apply - apply (rule hyp_raw) apply assumption using reach apply simp apply (rule refl) done show "\<Gamma>\<turnstile>c1 \<down> s1" proof (cases s1) case (Normal s1') with wf_implies_termi_reach_step_case [OF hyp [simplified Normal]] show ?thesis by auto qed (auto intro: terminates.intros) qed theorem no_infinite_computation_impl_terminates: assumes not_inf: "\<not> \<Gamma>\<turnstile> (c, s) \<rightarrow> \<dots>(\<infinity>)" shows "\<Gamma>\<turnstile>c\<down>s" proof - from no_infinite_computation_implies_wf [OF not_inf] have wf: "wf {(c2, c1). \<Gamma>\<turnstile>(c, s) \<rightarrow>\<^sup>* c1 \<and> \<Gamma>\<turnstile>c show ?thesis by (rule wf_implies_termi_reach [OF wf]) auto qed corollary terminates_iff_no_infinite_computation: "\<Gamma>\<turnstile>c\<down>s = (\<not> \<Gamma>\<turnstile> (c, s) \<rightarrow> \<dots>(\<infinity>))" apply (rule) apply (erule terminates_impl_no_infinite_computation) apply (erule no_infinite_computation_impl_terminates) done (* ************************************************************************* *) subsection ‹Generalised Redexes› (* ************************************************************************* *) text ‹ an important lemma for the completeness proof of the Hoare-logic for correctness we need a generalisation of @{const "redex"} that not only the redex itself but all the enclosing statements as well. › primrec redexes:: "('s,'p,'f)com ==> ('s,'p,'f)com set" where "redexes Skip = {Skip}" | "redexes (Basic f) = {Basic f}" | "redexes (Spec r) = {Spec r}" | "redexes (Seq c1 c2) = {Seq c1 c2} ∪ redexes c1" | "redexes (Cond b c1 c2) = {Cond b c1 c2}" | "redexes (While b c) = {While b c}" | "redexes (Call p) = {Call p}" | "redexes (DynCom d) = {DynCom d}" | "redexes (Guard f b c) = {Guard f b c}" | "redexes (Throw) = {Throw}" | "redexes (Catch c1 c2) = {Catch c1 c2} ∪ redexes c1" lemma root_in_redexes: "c ∈ redexes c" apply (induct c) apply auto done lemma redex_in_redexes: "redex c ∈ redexes c" apply (induct c) apply auto done lemma redex_redexes: "∧c'. [c' ∈ redexes c; redex c' = c'] ==> redex c = c'" apply (induct c) apply auto done lemma step_redexes: shows "∧r r'. [Γ⊨(r,s) → (r',s'); r ∈ redexes c] ==> ∃c'. Γ⊨(c,s) → (c',s') ∧ r' ∈ redexes c'" proof (induct c) case Skip thus ?case by (fastforce intro: step.intros elim: step_elim_cases) next case Basic thus ?case by (fastforce intro: step.intros elim: step_elim_cases) next case Spec thus ?case by (fastforce intro: step.intros elim: step_elim_cases) next case (Seq c1 c2) have "r ∈ redexes (Seq c1 c2)" by fact hence r: "r = Seq c1 c2 ∨ r ∈ redexes c1" by simp have step_r: "Γ⊨ (r, s) → (r', s')" by fact from r show ?case proof assume "r = Seq c1 c2" with step_r show ?case by (auto simp add: root_in_redexes) next assume r: "r ∈ redexes c1" from Seq.hyps (1) [OF step_r this] obtain c' where step_c1: "Γ⊨ (c1, s) → (c', s')" and r': "r' ∈ redexes c'" by blast from step.Seq [OF step_c1] have "Γ⊨ (Seq c1 c2, s) → (Seq c' c2, s')". with r' show ?case by auto qed next case Cond thus ?case by (fastforce intro: step.intros elim: step_elim_cases simp add: root_in_redexes) next case While thus ?case by (fastforce intro: step.intros elim: step_elim_cases simp add: root_in_redexes) next case Call thus ?case by (fastforce intro: step.intros elim: step_elim_cases simp add: root_in_redexes) next case DynCom thus ?case by (fastforce intro: step.intros elim: step_elim_cases simp add: root_in_redexes) next case Guard thus ?case by (fastforce intro: step.intros elim: step_elim_cases simp add: root_in_redexes) next case Throw thus ?case by (fastforce intro: step.intros elim: step_elim_cases simp add: root_in_redexes) next case (Catch c1 c2) have "r ∈ redexes (Catch c1 c2)" by fact hence r: "r = Catch c1 c2 ∨ r ∈ redexes c1" by simp have step_r: "Γ⊨ (r, s) → (r', s')" by fact from r show ?case proof assume "r = Catch c1 c2" with step_r show ?case by (auto simp add: root_in_redexes) next assume r: "r ∈ redexes c1" from Catch.hyps (1) [OF step_r this] obtain c' where step_c1: "Γ⊨ (c1, s) → (c', s')" and r': "r' ∈ redexes c'" by blast from step.Catch [OF step_c1] have "Γ⊨ (Catch c1 c2, s) → (Catch c' c2, s')". with r' show ?case by auto qed qed lemma steps_redexes: assumes steps: "Γ⊨ (r, s) →* (r', s')" shows "∧c. r ∈ redexes c ==> ∃c'. Γ⊨(c,s) →* (c',s') ∧ r' ∈ redexes c'" using steps proof (induct rule: converse_rtranclp_induct2 [case_names Refl Trans]) case Refl then show "∃c'. Γ⊨ (c, s') →* (c', s') ∧ r' ∈ redexes c'" by auto next case (Trans r s r'' s'') have "Γ⊨ (r, s) → (r'', s'')" "r ∈ redexes c" by fact+ from step_redexes [OF this] obtain c' where step: "Γ⊨ (c, s) → (c', s'')" and r'': "r'' ∈ redexes c'" by blast note step also from Trans.hyps (3) [OF r''] obtain c'' where steps: "Γ⊨ (c', s'') →* (c'', s')" and r': "r' ∈ redexes c''" by blast note steps finally show ?case using r' by blast qed lemma steps_redexes': assumes steps: "Γ⊨ (r, s) →+ (r', s')" shows "∧c. r ∈ redexes c ==> ∃c'. Γ⊨(c,s) →+ (c',s') ∧ r' ∈ redexes c'" using steps proof (induct rule: tranclp_induct2 [consumes 1, case_names Step Trans]) case (Step r' s' c') have "Γ⊨ (r, s) → (r', s')" "r ∈ redexes c'" by fact+ from step_redexes [OF this] show ?case by (blast intro: r_into_trancl) next case (Trans r' s' r'' s'') from Trans obtain c' where steps: "Γ⊨ (c, s) →+ (c', s')" and r': "r' ∈ redexes c'" by blast note steps moreover have "Γ⊨ (r', s') → (r'', s'')" by fact from step_redexes [OF this r'] obtain c'' where step: "Γ⊨ (c', s') → (c'', s'')" and r'': "r'' ∈ redexes c''" by blast note step finally show ?case using r'' by blast qed lemma step_redexes_Seq: assumes step: "Γ⊨(r,s) → (r',s')" assumes Seq: "Seq r c2 ∈ redexes c" shows "∃c'. Γ⊨(c,s) → (c',s') ∧ Seq r' c2 ∈ redexes c'" proof - from step.Seq [OF step] have "Γ⊨ (Seq r c2, s) → (Seq r' c2, s')". from step_redexes [OF this Seq] show ?thesis . qed lemma steps_redexes_Seq: assumes steps: "Γ⊨ (r, s) →* (r', s')" shows "∧c. Seq r c2 ∈ redexes c ==> ∃c'. Γ⊨(c,s) →* (c',s') ∧ Seq r' c2 ∈ redexes c'" using steps proof (induct rule: converse_rtranclp_induct2 [case_names Refl Trans]) case Refl then show ?case by (auto) next case (Trans r s r'' s'') have "Γ⊨ (r, s) → (r'', s'')" "Seq r c2 ∈ redexes c" by fact+ from step_redexes_Seq [OF this] obtain c' where step: "Γ⊨ (c, s) → (c', s'')" and r'': "Seq r'' c2 ∈ redexes c'" by blast note step also from Trans.hyps (3) [OF r''] obtain c'' where steps: "Γ⊨ (c', s'') →* (c'', s')" and r': "Seq r' c2 ∈ redexes c''" by blast note steps finally show ?case using r' by blast qed lemma steps_redexes_Seq': assumes steps: "Γ⊨ (r, s) →+ (r', s')" shows "∧c. Seq r c2 ∈ redexes c ==> ∃c'. Γ⊨(c,s) →+ (c',s') ∧ Seq r' c2 ∈ redexes c'" using steps proof (induct rule: tranclp_induct2 [consumes 1, case_names Step Trans]) case (Step r' s' c') have "Γ⊨ (r, s) → (r', s')" "Seq r c2 ∈ redexes c'" by fact+ from step_redexes_Seq [OF this] show ?case by (blast intro: r_into_trancl) next case (Trans r' s' r'' s'') from Trans obtain c' where steps: "Γ⊨ (c, s) →+ (c', s')" and r': "Seq r' c2 ∈ redexes c'" by blast note steps moreover have "Γ⊨ (r', s') → (r'', s'')" by fact from step_redexes_Seq [OF this r'] obtain c'' where step: "Γ⊨ (c', s') → (c'', s'')" and r'': "Seq r'' c2 ∈ redexes c''" by blast note step finally show ?case using r'' by blast qed lemma step_redexes_Catch: assumes step: "Γ⊨(r,s) → (r',s')" assumes Catch: "Catch r c2 ∈ redexes c" shows "∃c'. Γ⊨(c,s) → (c',s') ∧ Catch r' c2 ∈ redexes c'" proof - from step.Catch [OF step] have "Γ⊨ (Catch r c2, s) → (Catch r' c2, s')". from step_redexes [OF this Catch] show ?thesis . qed lemma steps_redexes_Catch: assumes steps: "Γ⊨ (r, s) →* (r', s')" shows "∧c. Catch r c2 ∈ redexes c ==> ∃c'. Γ⊨(c,s) →* (c',s') ∧ Catch r' c2 ∈ redexes c'" using steps proof (induct rule: converse_rtranclp_induct2 [case_names Refl Trans]) case Refl then show ?case by (auto) next case (Trans r s r'' s'') have "Γ⊨ (r, s) → (r'', s'')" "Catch r c2 ∈ redexes c" by fact+ from step_redexes_Catch [OF this] obtain c' where step: "Γ⊨ (c, s) → (c', s'')" and r'': "Catch r'' c2 ∈ by blast note step o ranssh() [O '] btain'' wheere steps:"<⊨* (c'', s')" and bolol | wsymbol s ers,,[membe]), tes java.lang.StringIndexOutOfBoundsException: Index 9 out of bounds for length 9 show ?case usingarcter0C)]), by (CH xF9)]), qed lemma steps_redexes_Catch': assumes steps: "Γ+ (r', s')" shows "size_binsL JSON_cfg JSON_inp2)<comment33720› tjava.lang.StringIndexOutOfBoundsException: Index 12 out of bounds for length 12 usingjava.lang.StringIndexOutOfBoundsException: Index 11 out of bounds for lengt proof etranclp_induct2 se_names Step "PagesRefresh" row2 ∈ from step_redexes_CatchFhis show rce by (blast intror_into_trancl next case (Trans r' s' r'' s'') from Trans obtain c' where steps: "Γ⊨ (c, s) →+ (c', s')" and r': "Catch r' c2 ∈ redexes c'" by blast note steps moreover have "Γ⊨ (r', s') → (r'', s'')" by fact from step_redexes_Catch [OF this r'] obtain c'' where step: "Γ⊨ (c', s') → (c'', s'')" and r'': "Catch r'' c2 ∈ redexes c''" by blast note step finally show ?case using r'' by blast qed lemma redexes_subset:"∧c'. c' ∈ redexes c ==> redexes c' ⊆ redexes c" by (induct c) auto lemma redexes_preserves_termination: assumes termi: "Γ⊨c↓s" shows "∧c'. c' ∈ redexes c ==> Γ⊨c'↓s" using termi by induct (auto intro: terminates.intros) end
¤ Die Informationen auf dieser Webseite wurden nach bestem Wissen sorgfältig zusammengestellt. Es wird jedoch weder Vollständigkeit, noch Richtigkeit, noch Qualität der bereit gestellten Informationen zugesichert.0.162Bemerkung: (vorverarbeitet am 2026-06-10) ¤*Bot Zugriff |
|
||||||||||||||
2026-06-09