Theory WellType
subsection ‹Well-typedness of Java programs›
theory WellType
imports DeclConcepts
begin
text ‹
improvements over Java Specification 1.0:
\begin{itemize}
\item methods of Object can be called upon references of interface or array type
\end{itemize}
simplifications:
\begin{itemize}
\item the type rules include all static checks on statements and expressions,
e.g. definedness of names (of parameters, locals, fields, methods)
\end{itemize}
design issues:
\begin{itemize}
\item unified type judgment for statements, variables, expressions,
expression lists
\item statements are typed like expressions with dummy type Void
\item the typing rules take an extra argument that is capable of determining
the dynamic type of objects. Therefore, they can be used for both
checking static types and determining runtime types in transition semantics.
\end{itemize}
›
type_synonym lenv
= "(lname, ty) table"
record env =
prg:: "prog"
cls:: "qtname"
lcl:: "lenv"
translations
(type) "lenv" <= (type) "(lname, ty) table"
(type) "lenv" <= (type) "lname ⇒ ty option"
(type) "env" <= (type) "⦇prg::prog,cls::qtname,lcl::lenv⦈"
(type) "env" <= (type) "⦇prg::prog,cls::qtname,lcl::lenv,…::'a⦈"
abbreviation
pkg :: "env ⇒ pname"
where "pkg e == pid (cls e)"
subsubsection "Static overloading: maximally specific methods "
type_synonym
emhead = "ref_ty × mhead"
definition
"declrefT" :: "emhead ⇒ ref_ty"
where "declrefT = fst"
definition
"mhd" :: "emhead ⇒ mhead"
where "mhd ≡ snd"
lemma declrefT_simp[simp]:"declrefT (r,m) = r"
by (simp add: declrefT_def)
lemma mhd_simp[simp]:"mhd (r,m) = m"
by (simp add: mhd_def)
lemma static_mhd_simp[simp]: "static (mhd m) = is_static m"
by (cases m) (simp add: member_is_static_simp mhd_def)
lemma mhd_resTy_simp [simp]: "resTy (mhd m) = resTy m"
by (cases m) simp
lemma mhd_is_static_simp [simp]: "is_static (mhd m) = is_static m"
by (cases m) simp
lemma mhd_accmodi_simp [simp]: "accmodi (mhd m) = accmodi m"
by (cases m) simp
definition
cmheads :: "prog ⇒ qtname ⇒ qtname ⇒ sig ⇒ emhead set"
where "cmheads G S C = (λsig. (λ(Cls,mthd). (ClassT Cls,(mhead mthd))) ` set_option (accmethd G S C sig))"
definition
Objectmheads :: "prog ⇒ qtname ⇒ sig ⇒ emhead set" where
"Objectmheads G S =
(λsig. (λ(Cls,mthd). (ClassT Cls,(mhead mthd)))
` set_option (filter_tab (λsig m. accmodi m ≠ Private) (accmethd G S Object) sig))"
definition
accObjectmheads :: "prog ⇒ qtname ⇒ ref_ty ⇒ sig ⇒ emhead set"
where
"accObjectmheads G S T =
(if G⊢RefT T accessible_in (pid S)
then Objectmheads G S
else (λsig. {}))"
primrec mheads :: "prog ⇒ qtname ⇒ ref_ty ⇒ sig ⇒ emhead set"
where
"mheads G S NullT = (λsig. {})"
| "mheads G S (IfaceT I) = (λsig. (λ(I,h).(IfaceT I,h))
` accimethds G (pid S) I sig ∪
accObjectmheads G S (IfaceT I) sig)"
| "mheads G S (ClassT C) = cmheads G S C"
| "mheads G S (ArrayT T) = accObjectmheads G S (ArrayT T)"
definition
appl_methds :: "prog ⇒ qtname ⇒ ref_ty ⇒ sig ⇒ (emhead × ty list) set" where
"appl_methds G S rt = (λ sig.
{(mh,pTs') |mh pTs'. mh ∈ mheads G S rt ⦇name=name sig,parTs=pTs'⦈ ∧
G⊢(parTs sig)[≼]pTs'})"
definition
more_spec :: "prog ⇒ emhead × ty list ⇒ emhead × ty list ⇒ bool" where
"more_spec G = (λ(mh,pTs). λ(mh',pTs'). G⊢pTs[≼]pTs')"
definition
max_spec :: "prog ⇒ qtname ⇒ ref_ty ⇒ sig ⇒ (emhead × ty list) set" where
"max_spec G S rt sig = {m. m ∈appl_methds G S rt sig ∧
(∀m'∈appl_methds G S rt sig. more_spec G m' m ⟶ m'=m)}"
lemma max_spec2appl_meths:
"x ∈ max_spec G S T sig ⟹ x ∈ appl_methds G S T sig"
by (auto simp: max_spec_def)
lemma appl_methsD: "(mh,pTs')∈appl_methds G S T ⦇name=mn,parTs=pTs⦈ ⟹
mh ∈ mheads G S T ⦇name=mn,parTs=pTs'⦈ ∧ G⊢pTs[≼]pTs'"
by (auto simp: appl_methds_def)
lemma max_spec2mheads:
"max_spec G S rt ⦇name=mn,parTs=pTs⦈ = insert (mh, pTs') A
⟹ mh ∈ mheads G S rt ⦇name=mn,parTs=pTs'⦈ ∧ G⊢pTs[≼]pTs'"
apply (auto dest: equalityD2 subsetD max_spec2appl_meths appl_methsD)
done
definition
empty_dt :: "dyn_ty"
where "empty_dt = (λa. None)"
definition
invmode :: "('a::type)member_scheme ⇒ expr ⇒ inv_mode" where
"invmode m e = (if is_static m
then Static
else if e=Super then SuperM else IntVir)"
lemma invmode_nonstatic [simp]:
"invmode ⦇access=a,static=False,…=x⦈ (Acc (LVar e)) = IntVir"
apply (unfold invmode_def)
apply (simp (no_asm) add: member_is_static_simp)
done
lemma invmode_Static_eq [simp]: "(invmode m e = Static) = is_static m"
apply (unfold invmode_def)
apply (simp (no_asm))
done
lemma invmode_IntVir_eq: "(invmode m e = IntVir) = (¬(is_static m) ∧ e≠Super)"
apply (unfold invmode_def)
apply (simp (no_asm))
done
lemma Null_staticD:
"a'=Null ⟶ (is_static m) ⟹ invmode m e = IntVir ⟶ a' ≠ Null"
apply (clarsimp simp add: invmode_IntVir_eq)
done
subsubsection "Typing for unary operations"
primrec unop_type :: "unop ⇒ prim_ty"
where
"unop_type UPlus = Integer"
| "unop_type UMinus = Integer"
| "unop_type UBitNot = Integer"
| "unop_type UNot = Boolean"
primrec wt_unop :: "unop ⇒ ty ⇒ bool"
where
"wt_unop UPlus t = (t = PrimT Integer)"
| "wt_unop UMinus t = (t = PrimT Integer)"
| "wt_unop UBitNot t = (t = PrimT Integer)"
| "wt_unop UNot t = (t = PrimT Boolean)"
subsubsection "Typing for binary operations"
primrec binop_type :: "binop ⇒ prim_ty"
where
"binop_type Mul = Integer"
| "binop_type Div = Integer"
| "binop_type Mod = Integer"
| "binop_type Plus = Integer"
| "binop_type Minus = Integer"
| "binop_type LShift = Integer"
| "binop_type RShift = Integer"
| "binop_type RShiftU = Integer"
| "binop_type Less = Boolean"
| "binop_type Le = Boolean"
| "binop_type Greater = Boolean"
| "binop_type Ge = Boolean"
| "binop_type Eq = Boolean"
| "binop_type Neq = Boolean"
| "binop_type BitAnd = Integer"
| "binop_type And = Boolean"
| "binop_type BitXor = Integer"
| "binop_type Xor = Boolean"
| "binop_type BitOr = Integer"
| "binop_type Or = Boolean"
| "binop_type CondAnd = Boolean"
| "binop_type CondOr = Boolean"
primrec wt_binop :: "prog ⇒ binop ⇒ ty ⇒ ty ⇒ bool"
where
"wt_binop G Mul t1 t2 = ((t1 = PrimT Integer) ∧ (t2 = PrimT Integer))"
| "wt_binop G Div t1 t2 = ((t1 = PrimT Integer) ∧ (t2 = PrimT Integer))"
| "wt_binop G Mod t1 t2 = ((t1 = PrimT Integer) ∧ (t2 = PrimT Integer))"
| "wt_binop G Plus t1 t2 = ((t1 = PrimT Integer) ∧ (t2 = PrimT Integer))"
| "wt_binop G Minus t1 t2 = ((t1 = PrimT Integer) ∧ (t2 = PrimT Integer))"
| "wt_binop G LShift t1 t2 = ((t1 = PrimT Integer) ∧ (t2 = PrimT Integer))"
| "wt_binop G RShift t1 t2 = ((t1 = PrimT Integer) ∧ (t2 = PrimT Integer))"
| "wt_binop G RShiftU t1 t2 = ((t1 = PrimT Integer) ∧ (t2 = PrimT Integer))"
| "wt_binop G Less t1 t2 = ((t1 = PrimT Integer) ∧ (t2 = PrimT Integer))"
| "wt_binop G Le t1 t2 = ((t1 = PrimT Integer) ∧ (t2 = PrimT Integer))"
| "wt_binop G Greater t1 t2 = ((t1 = PrimT Integer) ∧ (t2 = PrimT Integer))"
| "wt_binop G Ge t1 t2 = ((t1 = PrimT Integer) ∧ (t2 = PrimT Integer))"
| "wt_binop G Eq t1 t2 = (G⊢t1≼t2 ∨ G⊢t2≼t1)"
| "wt_binop G Neq t1 t2 = (G⊢t1≼t2 ∨ G⊢t2≼t1)"
| "wt_binop G BitAnd t1 t2 = ((t1 = PrimT Integer) ∧ (t2 = PrimT Integer))"
| "wt_binop G And t1 t2 = ((t1 = PrimT Boolean) ∧ (t2 = PrimT Boolean))"
| "wt_binop G BitXor t1 t2 = ((t1 = PrimT Integer) ∧ (t2 = PrimT Integer))"
| "wt_binop G Xor t1 t2 = ((t1 = PrimT Boolean) ∧ (t2 = PrimT Boolean))"
| "wt_binop G BitOr t1 t2 = ((t1 = PrimT Integer) ∧ (t2 = PrimT Integer))"
| "wt_binop G Or t1 t2 = ((t1 = PrimT Boolean) ∧ (t2 = PrimT Boolean))"
| "wt_binop G CondAnd t1 t2 = ((t1 = PrimT Boolean) ∧ (t2 = PrimT Boolean))"
| "wt_binop G CondOr t1 t2 = ((t1 = PrimT Boolean) ∧ (t2 = PrimT Boolean))"
subsubsection "Typing for terms"
type_synonym tys = "ty + ty list"
translations
(type) "tys" <= (type) "ty + ty list"
inductive wt :: "env ⇒ dyn_ty ⇒ [term,tys] ⇒ bool" ("_,_⊨_∷_" [51,51,51,51] 50)
and wt_stmt :: "env ⇒ dyn_ty ⇒ stmt ⇒ bool" ("_,_⊨_∷√" [51,51,51] 50)
and ty_expr :: "env ⇒ dyn_ty ⇒ [expr ,ty ] ⇒ bool" ("_,_⊨_∷-_" [51,51,51,51] 50)
and ty_var :: "env ⇒ dyn_ty ⇒ [var ,ty ] ⇒ bool" ("_,_⊨_∷=_" [51,51,51,51] 50)
and ty_exprs :: "env ⇒ dyn_ty ⇒ [expr list, ty list] ⇒ bool"
("_,_⊨_∷≐_" [51,51,51,51] 50)
where
"E,dt⊨s∷√ ≡ E,dt⊨In1r s∷Inl (PrimT Void)"
| "E,dt⊨e∷-T ≡ E,dt⊨In1l e∷Inl T"
| "E,dt⊨e∷=T ≡ E,dt⊨In2 e∷Inl T"
| "E,dt⊨e∷≐T ≡ E,dt⊨In3 e∷Inr T"
| Skip: "E,dt⊨Skip∷√"
| Expr: "⟦E,dt⊨e∷-T⟧ ⟹
E,dt⊨Expr e∷√"
| Lab: "E,dt⊨c∷√ ⟹
E,dt⊨l∙ c∷√"
| Comp: "⟦E,dt⊨c1∷√;
E,dt⊨c2∷√⟧ ⟹
E,dt⊨c1;; c2∷√"
| If: "⟦E,dt⊨e∷-PrimT Boolean;
E,dt⊨c1∷√;
E,dt⊨c2∷√⟧ ⟹
E,dt⊨If(e) c1 Else c2∷√"
| Loop: "⟦E,dt⊨e∷-PrimT Boolean;
E,dt⊨c∷√⟧ ⟹
E,dt⊨l∙ While(e) c∷√"
| Jmp: "E,dt⊨Jmp jump∷√"
| Throw: "⟦E,dt⊨e∷-Class tn;
prg E⊢tn≼⇩C SXcpt Throwable⟧ ⟹
E,dt⊨Throw e∷√"
| Try: "⟦E,dt⊨c1∷√; prg E⊢tn≼⇩C SXcpt Throwable;
lcl E (VName vn)=None; E ⦇lcl := (lcl E)(VName vn↦Class tn)⦈,dt⊨c2∷√⟧
⟹
E,dt⊨Try c1 Catch(tn vn) c2∷√"
| Fin: "⟦E,dt⊨c1∷√; E,dt⊨c2∷√⟧ ⟹
E,dt⊨c1 Finally c2∷√"
| Init: "⟦is_class (prg E) C⟧ ⟹
E,dt⊨Init C∷√"
| NewC: "⟦is_acc_class (prg E) (pkg E) C⟧ ⟹
E,dt⊨NewC C∷-Class C"
| NewA: "⟦is_acc_type (prg E) (pkg E) T;
E,dt⊨i∷-PrimT Integer⟧ ⟹
E,dt⊨New T[i]∷-T.[]"
| Cast: "⟦E,dt⊨e∷-T; is_acc_type (prg E) (pkg E) T';
prg E⊢T≼? T'⟧ ⟹
E,dt⊨Cast T' e∷-T'"
| Inst: "⟦E,dt⊨e∷-RefT T; is_acc_type (prg E) (pkg E) (RefT T');
prg E⊢RefT T≼? RefT T'⟧ ⟹
E,dt⊨e InstOf T'∷-PrimT Boolean"
| Lit: "⟦typeof dt x = Some T⟧ ⟹
E,dt⊨Lit x∷-T"
| UnOp: "⟦E,dt⊨e∷-Te; wt_unop unop Te; T=PrimT (unop_type unop)⟧
⟹
E,dt⊨UnOp unop e∷-T"
| BinOp: "⟦E,dt⊨e1∷-T1; E,dt⊨e2∷-T2; wt_binop (prg E) binop T1 T2;
T=PrimT (binop_type binop)⟧
⟹
E,dt⊨BinOp binop e1 e2∷-T"
| Super: "⟦lcl E This = Some (Class C); C ≠ Object;
class (prg E) C = Some c⟧ ⟹
E,dt⊨Super∷-Class (super c)"
| Acc: "⟦E,dt⊨va∷=T⟧ ⟹
E,dt⊨Acc va∷-T"
| Ass: "⟦E,dt⊨va∷=T; va ≠ LVar This;
E,dt⊨v ∷-T';
prg E⊢T'≼T⟧ ⟹
E,dt⊨va:=v∷-T'"
| Cond: "⟦E,dt⊨e0∷-PrimT Boolean;
E,dt⊨e1∷-T1; E,dt⊨e2∷-T2;
prg E⊢T1≼T2 ∧ T = T2 ∨ prg E⊢T2≼T1 ∧ T = T1⟧ ⟹
E,dt⊨e0 ? e1 : e2∷-T"
| Call: "⟦E,dt⊨e∷-RefT statT;
E,dt⊨ps∷≐pTs;
max_spec (prg E) (cls E) statT ⦇name=mn,parTs=pTs⦈
= {((statDeclT,m),pTs')}
⟧ ⟹
E,dt⊨{cls E,statT,invmode m e}e⋅mn({pTs'}ps)∷-(resTy m)"
| Methd: "⟦is_class (prg E) C;
methd (prg E) C sig = Some m;
E,dt⊨Body (declclass m) (stmt (mbody (mthd m)))∷-T⟧ ⟹
E,dt⊨Methd C sig∷-T"
| Body: "⟦is_class (prg E) D;
E,dt⊨blk∷√;
(lcl E) Result = Some T;
is_type (prg E) T⟧ ⟹
E,dt⊨Body D blk∷-T"
| LVar: "⟦lcl E vn = Some T; is_acc_type (prg E) (pkg E) T⟧ ⟹
E,dt⊨LVar vn∷=T"
| FVar: "⟦E,dt⊨e∷-Class C;
accfield (prg E) (cls E) C fn = Some (statDeclC,f)⟧ ⟹
E,dt⊨{cls E,statDeclC,is_static f}e..fn∷=(type f)"
| AVar: "⟦E,dt⊨e∷-T.[];
E,dt⊨i∷-PrimT Integer⟧ ⟹
E,dt⊨e.[i]∷=T"
| Nil: "E,dt⊨[]∷≐[]"
| Cons: "⟦E,dt⊨e ∷-T;
E,dt⊨es∷≐Ts⟧ ⟹
E,dt⊨e#es∷≐T#Ts"
abbreviation
wt_syntax :: "env ⇒ [term,tys] ⇒ bool" ("_⊢_∷_" [51,51,51] 50)
where "E⊢t∷T == E,empty_dt⊨t∷ T"
abbreviation
wt_stmt_syntax :: "env ⇒ stmt ⇒ bool" ("_⊢_∷√" [51,51 ] 50)
where "E⊢s∷√ == E⊢In1r s ∷ Inl (PrimT Void)"
abbreviation
ty_expr_syntax :: "env ⇒ [expr, ty] ⇒ bool" ("_⊢_∷-_" [51,51,51] 50)
where "E⊢e∷-T == E⊢In1l e ∷ Inl T"
abbreviation
ty_var_syntax :: "env ⇒ [var, ty] ⇒ bool" ("_⊢_∷=_" [51,51,51] 50)
where "E⊢e∷=T == E⊢In2 e ∷ Inl T"
abbreviation
ty_exprs_syntax :: "env ⇒ [expr list, ty list] ⇒ bool" ("_⊢_∷≐_" [51,51,51] 50)
where "E⊢e∷≐T == E⊢In3 e ∷ Inr T"
notation (ASCII)
wt_syntax ("_|-_::_" [51,51,51] 50) and
wt_stmt_syntax ("_|-_:<>" [51,51 ] 50) and
ty_expr_syntax ("_|-_:-_" [51,51,51] 50) and
ty_var_syntax ("_|-_:=_" [51,51,51] 50) and
ty_exprs_syntax ("_|-_:#_" [51,51,51] 50)
declare not_None_eq [simp del]
declare if_split [split del] if_split_asm [split del]
declare split_paired_All [simp del] split_paired_Ex [simp del]
setup ‹map_theory_simpset (fn ctxt => ctxt delloop "split_all_tac")›
inductive_cases wt_elim_cases [cases set]:
"E,dt⊨In2 (LVar vn) ∷T"
"E,dt⊨In2 ({accC,statDeclC,s}e..fn)∷T"
"E,dt⊨In2 (e.[i]) ∷T"
"E,dt⊨In1l (NewC C) ∷T"
"E,dt⊨In1l (New T'[i]) ∷T"
"E,dt⊨In1l (Cast T' e) ∷T"
"E,dt⊨In1l (e InstOf T') ∷T"
"E,dt⊨In1l (Lit x) ∷T"
"E,dt⊨In1l (UnOp unop e) ∷T"
"E,dt⊨In1l (BinOp binop e1 e2) ∷T"
"E,dt⊨In1l (Super) ∷T"
"E,dt⊨In1l (Acc va) ∷T"
"E,dt⊨In1l (Ass va v) ∷T"
"E,dt⊨In1l (e0 ? e1 : e2) ∷T"
"E,dt⊨In1l ({accC,statT,mode}e⋅mn({pT'}p))∷T"
"E,dt⊨In1l (Methd C sig) ∷T"
"E,dt⊨In1l (Body D blk) ∷T"
"E,dt⊨In3 ([]) ∷Ts"
"E,dt⊨In3 (e#es) ∷Ts"
"E,dt⊨In1r Skip ∷x"
"E,dt⊨In1r (Expr e) ∷x"
"E,dt⊨In1r (c1;; c2) ∷x"
"E,dt⊨In1r (l∙ c) ∷x"
"E,dt⊨In1r (If(e) c1 Else c2) ∷x"
"E,dt⊨In1r (l∙ While(e) c) ∷x"
"E,dt⊨In1r (Jmp jump) ∷x"
"E,dt⊨In1r (Throw e) ∷x"
"E,dt⊨In1r (Try c1 Catch(tn vn) c2)∷x"
"E,dt⊨In1r (c1 Finally c2) ∷x"
"E,dt⊨In1r (Init C) ∷x"
declare not_None_eq [simp]
declare if_split [split] if_split_asm [split]
declare split_paired_All [simp] split_paired_Ex [simp]
setup ‹map_theory_simpset (fn ctxt => ctxt addloop ("split_all_tac", split_all_tac))›
lemma is_acc_class_is_accessible:
"is_acc_class G P C ⟹ G⊢(Class C) accessible_in P"
by (auto simp add: is_acc_class_def)
lemma is_acc_iface_is_iface: "is_acc_iface G P I ⟹ is_iface G I"
by (auto simp add: is_acc_iface_def)
lemma is_acc_iface_Iface_is_accessible:
"is_acc_iface G P I ⟹ G⊢(Iface I) accessible_in P"
by (auto simp add: is_acc_iface_def)
lemma is_acc_type_is_type: "is_acc_type G P T ⟹ is_type G T"
by (auto simp add: is_acc_type_def)
lemma is_acc_iface_is_accessible:
"is_acc_type G P T ⟹ G⊢T accessible_in P"
by (auto simp add: is_acc_type_def)
lemma wt_Methd_is_methd:
"E⊢In1l (Methd C sig)∷T ⟹ is_methd (prg E) C sig"
apply (erule_tac wt_elim_cases)
apply clarsimp
apply (erule is_methdI, assumption)
done
text ‹Special versions of some typing rules, better suited to pattern
match the conclusion (no selectors in the conclusion)
›
lemma wt_Call:
"⟦E,dt⊨e∷-RefT statT; E,dt⊨ps∷≐pTs;
max_spec (prg E) (cls E) statT ⦇name=mn,parTs=pTs⦈
= {((statDeclC,m),pTs')};rT=(resTy m);accC=cls E;
mode = invmode m e⟧ ⟹ E,dt⊨{accC,statT,mode}e⋅mn({pTs'}ps)∷-rT"
by (auto elim: wt.Call)
lemma invocationTypeExpr_noClassD:
"⟦ E⊢e∷-RefT statT⟧
⟹ (∀ statC. statT ≠ ClassT statC) ⟶ invmode m e ≠ SuperM"
proof -
assume wt: "E⊢e∷-RefT statT"
show ?thesis
proof (cases "e=Super")
case True
with wt obtain "C" where "statT = ClassT C" by (blast elim: wt_elim_cases)
then show ?thesis by blast
next
case False then show ?thesis
by (auto simp add: invmode_def)
qed
qed
lemma wt_Super:
"⟦lcl E This = Some (Class C); C ≠ Object; class (prg E) C = Some c; D=super c⟧
⟹ E,dt⊨Super∷-Class D"
by (auto elim: wt.Super)
lemma wt_FVar:
"⟦E,dt⊨e∷-Class C; accfield (prg E) (cls E) C fn = Some (statDeclC,f);
sf=is_static f; fT=(type f); accC=cls E⟧
⟹ E,dt⊨{accC,statDeclC,sf}e..fn∷=fT"
by (auto dest: wt.FVar)
lemma wt_init [iff]: "E,dt⊨Init C∷√ = is_class (prg E) C"
by (auto elim: wt_elim_cases intro: "wt.Init")
declare wt.Skip [iff]
lemma wt_StatRef:
"is_acc_type (prg E) (pkg E) (RefT rt) ⟹ E⊢StatRef rt∷-RefT rt"
apply (rule wt.Cast)
apply (rule wt.Lit)
apply (simp (no_asm))
apply (simp (no_asm_simp))
apply (rule cast.widen)
apply (simp (no_asm))
done
lemma wt_Inj_elim:
"⋀E. E,dt⊨t∷U ⟹ case t of
In1 ec ⇒ (case ec of
Inl e ⇒ ∃T. U=Inl T
| Inr s ⇒ U=Inl (PrimT Void))
| In2 e ⇒ (∃T. U=Inl T)
| In3 e ⇒ (∃T. U=Inr T)"
apply (erule wt.induct)
apply auto
done
lemma wt_expr_eq: "E,dt⊨In1l t∷U = (∃T. U=Inl T ∧ E,dt⊨t∷-T)"
by (auto, frule wt_Inj_elim, auto)
lemma wt_var_eq: "E,dt⊨In2 t∷U = (∃T. U=Inl T ∧ E,dt⊨t∷=T)"
by (auto, frule wt_Inj_elim, auto)
lemma wt_exprs_eq: "E,dt⊨In3 t∷U = (∃Ts. U=Inr Ts ∧ E,dt⊨t∷≐Ts)"
by (auto, frule wt_Inj_elim, auto)
lemma wt_stmt_eq: "E,dt⊨In1r t∷U = (U=Inl(PrimT Void)∧E,dt⊨t∷√)"
by (auto, frule wt_Inj_elim, auto, frule wt_Inj_elim, auto)
simproc_setup wt_expr ("E,dt⊨In1l t∷U") = ‹
K (K (fn ct =>
(case Thm.term_of ct of
(_ $ _ $ _ $ _ $ (Const _ $ _)) => NONE
| _ => SOME (mk_meta_eq @{thm wt_expr_eq}))))›
simproc_setup wt_var ("E,dt⊨In2 t∷U") = ‹
K (K (fn ct =>
(case Thm.term_of ct of
(_ $ _ $ _ $ _ $ (Const _ $ _)) => NONE
| _ => SOME (mk_meta_eq @{thm wt_var_eq}))))›
simproc_setup wt_exprs ("E,dt⊨In3 t∷U") = ‹
K (K (fn ct =>
(case Thm.term_of ct of
(_ $ _ $ _ $ _ $ (Const _ $ _)) => NONE
| _ => SOME (mk_meta_eq @{thm wt_exprs_eq}))))›
simproc_setup wt_stmt ("E,dt⊨In1r t∷U") = ‹
K (K (fn ct =>
(case Thm.term_of ct of
(_ $ _ $ _ $ _ $ (Const _ $ _)) => NONE
| _ => SOME (mk_meta_eq @{thm wt_stmt_eq}))))›
lemma wt_elim_BinOp:
"⟦E,dt⊨In1l (BinOp binop e1 e2)∷T;
⋀T1 T2 T3.
⟦E,dt⊨e1∷-T1; E,dt⊨e2∷-T2; wt_binop (prg E) binop T1 T2;
E,dt⊨(if b then In1l e2 else In1r Skip)∷T3;
T = Inl (PrimT (binop_type binop))⟧
⟹ P⟧
⟹ P"
apply (erule wt_elim_cases)
apply (cases b)
apply auto
done
lemma Inj_eq_lemma [simp]:
"(∀T. (∃T'. T = Inj T' ∧ P T') ⟶ Q T) = (∀T'. P T' ⟶ Q (Inj T'))"
by auto
lemma single_valued_tys_lemma [rule_format (no_asm)]:
"∀S T. G⊢S≼T ⟶ G⊢T≼S ⟶ S = T ⟹ E,dt⊨t∷T ⟹
G = prg E ⟶ (∀T'. E,dt⊨t∷T' ⟶ T = T')"
apply (cases "E", erule wt.induct)
apply (safe del: disjE)
apply (simp_all (no_asm_use) split del: if_split_asm)
apply (safe del: disjE)
apply (tactic ‹ALLGOALS (fn i =>
if i = 11 then EVERY'
[Rule_Insts.thin_tac \<^context> "E,dt⊨e0∷-PrimT Boolean" [(\<^binding>‹E›, NONE, NoSyn)],
Rule_Insts.thin_tac \<^context> "E,dt⊨e1∷-T1" [(\<^binding>‹E›, NONE, NoSyn), (\<^binding>‹T1›, NONE, NoSyn)],
Rule_Insts.thin_tac \<^context> "E,dt⊨e2∷-T2" [(\<^binding>‹E›, NONE, NoSyn), (\<^binding>‹T2›, NONE, NoSyn)]] i
else Rule_Insts.thin_tac \<^context> "All P" [(\<^binding>‹P›, NONE, NoSyn)] i)›)
apply (tactic ‹ALLGOALS (eresolve_tac \<^context> @{thms wt_elim_cases})›)
apply (simp_all (no_asm_use) split del: if_split_asm)
apply (erule_tac [12] V = "All P" for P in thin_rl)
apply (blast del: equalityCE dest: sym [THEN trans])+
done
lemma single_valued_tys:
"ws_prog (prg E) ⟹ single_valued {(t,T). E,dt⊨t∷T}"
apply (unfold single_valued_def)
apply clarsimp
apply (rule single_valued_tys_lemma)
apply (auto intro!: widen_antisym)
done
lemma typeof_empty_is_type: "typeof (λa. None) v = Some T ⟹ is_type G T"
by (induct v) auto
lemma typeof_is_type: "(∀a. v ≠ Addr a) ⟹ ∃T. typeof dt v = Some T ∧ is_type G T"
by (induct v) auto
end