NEWS
author wenzelm
Sat Nov 24 15:49:43 2012 +0100 (2012-11-24)
changeset 50184 5a16f42a9b44
parent 50183 2b3e24e1c9e7
child 50198 0c7b351a6871
permissions -rw-r--r--
more NEWS/CONTRIBUTORS;
     1 Isabelle NEWS -- history user-relevant changes
     2 ==============================================
     3 
     4 New in this Isabelle version
     5 ----------------------------
     6 
     7 *** General ***
     8 
     9 * Theorem status about oracles and unfinished/failed future proofs is
    10 no longer printed by default, since it is incompatible with
    11 incremental / parallel checking of the persistent document model.  ML
    12 function Thm.peek_status may be used to inspect a snapshot of the
    13 ongoing evaluation process.  Note that in batch mode --- notably
    14 isabelle build --- the system ensures that future proofs of all
    15 accessible theorems in the theory context are finished (as before).
    16 
    17 * Configuration option show_markup controls direct inlining of markup
    18 into the printed representation of formal entities --- notably type
    19 and sort constraints.  This enables Prover IDE users to retrieve that
    20 information via tooltips in the output window, for example.
    21 
    22 * Command 'ML_file' evaluates ML text from a file directly within the
    23 theory, without any predeclaration via 'uses' in the theory header.
    24 
    25 * Old command 'use' command and corresponding keyword 'uses' in the
    26 theory header are legacy features and will be discontinued soon.
    27 Tools that load their additional source files may imitate the
    28 'ML_file' implementation, such that the system can take care of
    29 dependencies properly.
    30 
    31 * Discontinued obsolete method fastsimp / tactic fast_simp_tac, which
    32 is called fastforce / fast_force_tac already since Isabelle2011-1.
    33 
    34 * Updated and extended "isar-ref" and "implementation" manual, reduced
    35 remaining material in old "ref" manual.
    36 
    37 * Improved support for auxiliary contexts indicate block structure for
    38 specifications: nesting of "context fixes ... context assumes ..."
    39 and "class ... context ...".
    40 
    41 * More informative error messages for Isar proof commands involving
    42 lazy enumerations (method applications etc.).
    43 
    44 
    45 *** Prover IDE -- Isabelle/Scala/jEdit ***
    46 
    47 * Parallel terminal proofs ('by') are enabled by default, likewise
    48 proofs that are built into packages like 'datatype', 'function'.  This
    49 allows to "run ahead" checking the theory specifications on the
    50 surface, while the prover is still crunching on internal
    51 justifications.  Unfinished / cancelled proofs are restarted as
    52 required to complete full proof checking eventually.
    53 
    54 * Improved output panel with tooltips, hyperlinks etc. based on the
    55 same Rich_Text_Area as regular Isabelle/jEdit buffers.  Activation of
    56 tooltips leads to some window that supports the same recursively,
    57 which can lead to stacks of tooltips as the semantic document content
    58 is explored.  ESCAPE closes the whole stack, individual windows may be
    59 closed separately, or detached to become independent jEdit dockables.
    60 
    61 * More robust incremental parsing of outer syntax (partial comments,
    62 malformed symbols).  Changing the balance of open/close quotes and
    63 comment delimiters works more conveniently with unfinished situations
    64 that frequently occur in user interaction.
    65 
    66 * More efficient painting and improved reactivity when editing large
    67 files.  More scalable management of formal document content.
    68 
    69 * Smarter handling of tracing messages: output window informs about
    70 accumulated messages; prover transactions are limited to emit maximum
    71 amount of output, before being canceled (cf. system option
    72 "editor_tracing_limit").  This avoids swamping the front-end with
    73 potentially infinite message streams.
    74 
    75 * More plugin options and preferences, based on Isabelle/Scala.  The
    76 jEdit plugin option panel provides access to some Isabelle/Scala
    77 options, including tuning parameters for editor reactivity and color
    78 schemes.
    79 
    80 * Dockable window "Symbols" provides some editing support for Isabelle
    81 symbols.
    82 
    83 * Improved editing support for control styles: subscript, superscript,
    84 bold, reset of style -- operating on single symbols or text
    85 selections.  Cf. keyboard short-cuts C+e DOWN/UP/RIGHT/LEFT.
    86 
    87 * Uniform Java 7 platform on Linux, Mac OS X, Windows: recent updates
    88 from Oracle provide better multi-platform experience.  This version is
    89 now bundled exclusively with Isabelle.
    90 
    91 
    92 *** Pure ***
    93 
    94 * Code generation for Haskell: restrict unqualified imports from
    95 Haskell Prelude to a small set of fundamental operations.
    96 
    97 * Command "export_code": relative file names are interpreted
    98 relatively to master directory of current theory rather than
    99 the rather arbitrary current working directory.
   100 INCOMPATIBILITY.
   101 
   102 * Discontinued obsolete attribute "COMP".  Potential INCOMPATIBILITY,
   103 use regular rule composition via "OF" / "THEN", or explicit proof
   104 structure instead.  Note that Isabelle/ML provides a variety of
   105 operators like COMP, INCR_COMP, COMP_INCR, which need to be applied
   106 with some care where this is really required.
   107 
   108 * Command 'typ' supports an additional variant with explicit sort
   109 constraint, to infer and check the most general type conforming to a
   110 given given sort.  Example (in HOL):
   111 
   112   typ "_ * _ * bool * unit" :: finite
   113 
   114 
   115 *** HOL ***
   116 
   117 * Removed constant "chars".  Prefer "Enum.enum" on type "char"
   118 directly.  INCOMPATIBILITY.
   119 
   120 * Moved operation product, sublists and n_lists from Enum.thy
   121 to List.thy.  INCOMPATIBILITY.
   122 
   123 * Simplified 'typedef' specifications: historical options for implicit
   124 set definition and alternative name have been discontinued.  The
   125 former behavior of "typedef (open) t = A" is now the default, but
   126 written just "typedef t = A".  INCOMPATIBILITY, need to adapt theories
   127 accordingly.
   128 
   129 * Theory "Library/Multiset":
   130 
   131   - Renamed constants
   132       fold_mset ~> Multiset.fold  -- for coherence with other fold combinators
   133 
   134   - Renamed facts
   135       fold_mset_commute ~> fold_mset_comm  -- for coherence with fold_comm
   136 
   137 INCOMPATIBILITY.
   138 
   139 * Theorem UN_o generalized to SUP_comp.  INCOMPATIBILITY.
   140 
   141 * Class "comm_monoid_diff" formalises properties of bounded
   142 subtraction, with natural numbers and multisets as typical instances.
   143 
   144 * Theory "Library/Option_ord" provides instantiation of option type
   145 to lattice type classes.
   146 
   147 * New combinator "Option.these" with type "'a option set => 'a set".
   148 
   149 * Renamed theory Library/List_Prefix to Library/Sublist.
   150 INCOMPATIBILITY.  Related changes are:
   151 
   152   - Renamed constants:
   153 
   154       prefix ~> prefixeq
   155       strict_prefix ~> prefix
   156 
   157     Renamed lemmas accordingly, INCOMPATIBILITY.
   158 
   159   - Replaced constant "postfix" by "suffixeq" with swapped argument order
   160     (i.e., "postfix xs ys" is now "suffixeq ys xs") and dropped old infix
   161     syntax "xs >>= ys"; use "suffixeq ys xs" instead.  Renamed lemmas
   162     accordingly.  INCOMPATIBILITY.
   163 
   164   - New constant "emb" for homeomorphic embedding on lists. New
   165     abbreviation "sub" for special case "emb (op =)".
   166 
   167   - Library/Sublist does no longer provide "order" and "bot" type class
   168     instances for the prefix order (merely corresponding locale
   169     interpretations). The type class instances are to be found in
   170     Library/Prefix_Order. INCOMPATIBILITY.
   171 
   172   - The sublist relation from Library/Sublist_Order is now based on
   173     "Sublist.sub". Replaced lemmas:
   174 
   175       le_list_append_le_same_iff ~> Sublist.sub_append_le_same_iff
   176       le_list_append_mono ~> Sublist.emb_append_mono
   177       le_list_below_empty ~> Sublist.emb_Nil, Sublist.emb_Nil2
   178       le_list_Cons_EX ~> Sublist.emb_ConsD
   179       le_list_drop_Cons2 ~> Sublist.sub_Cons2'
   180       le_list_drop_Cons_neq ~> Sublist.sub_Cons2_neq
   181       le_list_drop_Cons ~> Sublist.sub_Cons'
   182       le_list_drop_many ~> Sublist.sub_drop_many
   183       le_list_filter_left ~> Sublist.sub_filter_left
   184       le_list_rev_drop_many ~> Sublist.sub_rev_drop_many
   185       le_list_rev_take_iff ~> Sublist.sub_append
   186       le_list_same_length ~> Sublist.sub_same_length
   187       le_list_take_many_iff ~> Sublist.sub_append'
   188       less_eq_list.drop ~> less_eq_list_drop
   189       less_eq_list.induct ~> less_eq_list_induct
   190       not_le_list_length ~> Sublist.not_sub_length
   191 
   192     INCOMPATIBILITY.
   193 
   194 * HOL/Rings: renamed lemmas
   195 
   196 left_distrib ~> distrib_right
   197 right_distrib ~> distrib_left
   198 
   199 in class semiring.  INCOMPATIBILITY.
   200 
   201 * HOL/BNF: New (co)datatype package based on bounded natural
   202 functors with support for mixed, nested recursion and interesting
   203 non-free datatypes.
   204 
   205 * HOL/Cardinals: Theories of ordinals and cardinals
   206 (supersedes the AFP entry "Ordinals_and_Cardinals").
   207 
   208 * HOL/Probability:
   209   - Add simproc "measurable" to automatically prove measurability
   210 
   211   - Add induction rules for sigma sets with disjoint union (sigma_sets_induct_disjoint)
   212     and for Borel-measurable functions (borel_measurable_induct).
   213 
   214   - The Daniell-Kolmogorov theorem (the existence the limit of a projective family)
   215 
   216 * Library/Countable_Set.thy: Theory of countable sets.
   217 
   218 * Library/Debug.thy and Library/Parallel.thy: debugging and parallel
   219 execution for code generated towards Isabelle/ML.
   220 
   221 * Library/FuncSet.thy: Extended support for Pi and extensional and introduce the
   222 extensional dependent function space "PiE". Replaces extensional_funcset by an
   223 abbreviation, rename a couple of lemmas from extensional_funcset to PiE:
   224 
   225       extensional_empty ~> PiE_empty
   226       extensional_funcset_empty_domain ~> PiE_empty_domain
   227       extensional_funcset_empty_range ~> PiE_empty_range
   228       extensional_funcset_arb ~> PiE_arb
   229       extensional_funcset_mem > PiE_mem
   230       extensional_funcset_extend_domainI ~> PiE_fun_upd
   231       extensional_funcset_restrict_domain ~> fun_upd_in_PiE
   232       extensional_funcset_extend_domain_eq ~> PiE_insert_eq
   233       card_extensional_funcset ~> card_PiE
   234       finite_extensional_funcset ~> finite_PiE
   235 
   236   INCOMPATIBUILITY.
   237 
   238 * Library/FinFun.thy: theory of almost everywhere constant functions
   239 (supersedes the AFP entry "Code Generation for Functions as Data").
   240 
   241 * Library/Phantom.thy: generic phantom type to make a type parameter
   242 appear in a constant's type. This alternative to adding TYPE('a) as
   243 another parameter avoids unnecessary closures in generated code.
   244 
   245 * Library/RBT_Impl.thy: efficient construction of red-black trees 
   246 from sorted associative lists. Merging two trees with rbt_union may
   247 return a structurally different tree than before. MINOR INCOMPATIBILITY.
   248 
   249 * Library/IArray.thy: immutable arrays with code generation.
   250 
   251 * Simproc "finite_Collect" rewrites set comprehensions into pointfree
   252 expressions.
   253 
   254 * Preprocessing of the code generator rewrites set comprehensions into
   255 pointfree expressions.
   256 
   257 * Quickcheck:
   258 
   259   - added an optimisation for equality premises.
   260     It is switched on by default, and can be switched off by setting
   261     the configuration quickcheck_optimise_equality to false.
   262 
   263 * The SMT solver Z3 has now by default a restricted set of directly
   264 supported features. For the full set of features (div/mod, nonlinear
   265 arithmetic, datatypes/records) with potential proof reconstruction
   266 failures, enable the configuration option "z3_with_extensions".
   267 Minor INCOMPATIBILITY.
   268 
   269 * Sledgehammer:
   270 
   271   - Added MaSh relevance filter based on machine-learning; see the
   272     Sledgehammer manual for details.
   273   - Rationalized type encodings ("type_enc" option).
   274   - Renamed "kill_provers" subcommand to "kill"
   275   - Renamed options:
   276       isar_proof ~> isar_proofs
   277       isar_shrink_factor ~> isar_shrink
   278       max_relevant ~> max_facts
   279       relevance_thresholds ~> fact_thresholds
   280 
   281 
   282 *** Document preparation ***
   283 
   284 * Default for \<euro> is now based on eurosym package, instead of
   285 slightly exotic babel/greek.
   286 
   287 * Document variant NAME may use different LaTeX entry point
   288 document/root_NAME.tex if that file exists, instead of the common
   289 document/root.tex.
   290 
   291 * Simplified custom document/build script, instead of old-style
   292 document/IsaMakefile.  Minor INCOMPATIBILITY.
   293 
   294 
   295 *** ML ***
   296 
   297 * Type Seq.results and related operations support embedded error
   298 messages within lazy enumerations, and thus allow to provide
   299 informative errors in the absence of any usable results.
   300 
   301 * Renamed Position.str_of to Position.here to emphasize that this is a
   302 formal device to inline positions into message text, but not
   303 necessarily printing visible text.
   304 
   305 
   306 *** System ***
   307 
   308 * The default limit for maximum number of worker threads is now 8,
   309 instead of 4.
   310 
   311 * The ML system is configured as regular component, and no longer
   312 picked up from some surrounding directory.  Potential INCOMPATIBILITY
   313 for home-made configurations.
   314 
   315 * The "isabelle logo" tool produces EPS and PDF format simultaneously.
   316 Minor INCOMPATIBILITY in command-line options.
   317 
   318 * Advanced support for Isabelle sessions and build management, see
   319 "system" manual for the chapter of that name, especially the "isabelle
   320 build" tool and its examples.  INCOMPATIBILITY, isabelle usedir /
   321 mkdir / make are rendered obsolete.
   322 
   323 * Discontinued obsolete "isabelle makeall".
   324 
   325 * Discontinued obsolete IsaMakefile and ROOT.ML files from the
   326 Isabelle distribution, except for rudimentary src/HOL/IsaMakefile that
   327 provides some traditional targets that invoke "isabelle build".  Note
   328 that this is inefficient!  Applications of Isabelle/HOL involving
   329 "isabelle make" should be upgraded to use "isabelle build" directly.
   330 
   331 * Discontinued obsolete Isabelle/build script, it is superseded by the
   332 regular isabelle build tool.  For example:
   333 
   334   isabelle build -s -b HOLCF
   335 
   336 * The "isabelle options" tool prints Isabelle system options, as
   337 required for "isabelle build", for example.
   338 
   339 * The "isabelle mkroot" tool prepares session root directories for use
   340 with "isabelle build", similar to former "isabelle mkdir" for
   341 "isabelle usedir".
   342 
   343 * The "isabelle components" tool helps to resolve add-on components
   344 that are not bundled, or referenced from a bare-bones repository
   345 version of Isabelle.
   346 
   347 * The "isabelle install" tool has now a simpler command-line.  Minor
   348 INCOMPATIBILITY.
   349 
   350 * Discontinued support for Poly/ML 5.2.1, which was the last version
   351 without exception positions and advanced ML compiler/toplevel
   352 configuration.
   353 
   354 * Discontinued special treatment of Proof General -- no longer guess
   355 PROOFGENERAL_HOME based on accidental file-system layout.  Minor
   356 INCOMPATIBILITY: provide PROOFGENERAL_HOME and PROOFGENERAL_OPTIONS
   357 settings manually, or use a Proof General version that has been
   358 bundled as Isabelle component.
   359 
   360 * Settings variable ISABELLE_PLATFORM_FAMILY refers to the general
   361 platform family: "linux", "macos", "windows".
   362 
   363 
   364 New in Isabelle2012 (May 2012)
   365 ------------------------------
   366 
   367 *** General ***
   368 
   369 * Prover IDE (PIDE) improvements:
   370 
   371   - more robust Sledgehammer integration (as before the sledgehammer
   372     command-line needs to be typed into the source buffer)
   373   - markup for bound variables
   374   - markup for types of term variables (displayed as tooltips)
   375   - support for user-defined Isar commands within the running session
   376   - improved support for Unicode outside original 16bit range
   377     e.g. glyph for \<A> (thanks to jEdit 4.5.1)
   378 
   379 * Forward declaration of outer syntax keywords within the theory
   380 header -- minor INCOMPATIBILITY for user-defined commands.  Allow new
   381 commands to be used in the same theory where defined.
   382 
   383 * Auxiliary contexts indicate block structure for specifications with
   384 additional parameters and assumptions.  Such unnamed contexts may be
   385 nested within other targets, like 'theory', 'locale', 'class',
   386 'instantiation' etc.  Results from the local context are generalized
   387 accordingly and applied to the enclosing target context.  Example:
   388 
   389   context
   390     fixes x y z :: 'a
   391     assumes xy: "x = y" and yz: "y = z"
   392   begin
   393 
   394   lemma my_trans: "x = z" using xy yz by simp
   395 
   396   end
   397 
   398   thm my_trans
   399 
   400 The most basic application is to factor-out context elements of
   401 several fixes/assumes/shows theorem statements, e.g. see
   402 ~~/src/HOL/Isar_Examples/Group_Context.thy
   403 
   404 Any other local theory specification element works within the "context
   405 ... begin ... end" block as well.
   406 
   407 * Bundled declarations associate attributed fact expressions with a
   408 given name in the context.  These may be later included in other
   409 contexts.  This allows to manage context extensions casually, without
   410 the logical dependencies of locales and locale interpretation.  See
   411 commands 'bundle', 'include', 'including' etc. in the isar-ref manual.
   412 
   413 * Commands 'lemmas' and 'theorems' allow local variables using 'for'
   414 declaration, and results are standardized before being stored.  Thus
   415 old-style "standard" after instantiation or composition of facts
   416 becomes obsolete.  Minor INCOMPATIBILITY, due to potential change of
   417 indices of schematic variables.
   418 
   419 * Rule attributes in local theory declarations (e.g. locale or class)
   420 are now statically evaluated: the resulting theorem is stored instead
   421 of the original expression.  INCOMPATIBILITY in rare situations, where
   422 the historic accident of dynamic re-evaluation in interpretations
   423 etc. was exploited.
   424 
   425 * New tutorial "Programming and Proving in Isabelle/HOL"
   426 ("prog-prove").  It completely supersedes "A Tutorial Introduction to
   427 Structured Isar Proofs" ("isar-overview"), which has been removed.  It
   428 also supersedes "Isabelle/HOL, A Proof Assistant for Higher-Order
   429 Logic" as the recommended beginners tutorial, but does not cover all
   430 of the material of that old tutorial.
   431 
   432 * Updated and extended reference manuals: "isar-ref",
   433 "implementation", "system"; reduced remaining material in old "ref"
   434 manual.
   435 
   436 
   437 *** Pure ***
   438 
   439 * Command 'definition' no longer exports the foundational "raw_def"
   440 into the user context.  Minor INCOMPATIBILITY, may use the regular
   441 "def" result with attribute "abs_def" to imitate the old version.
   442 
   443 * Attribute "abs_def" turns an equation of the form "f x y == t" into
   444 "f == %x y. t", which ensures that "simp" or "unfold" steps always
   445 expand it.  This also works for object-logic equality.  (Formerly
   446 undocumented feature.)
   447 
   448 * Sort constraints are now propagated in simultaneous statements, just
   449 like type constraints.  INCOMPATIBILITY in rare situations, where
   450 distinct sorts used to be assigned accidentally.  For example:
   451 
   452   lemma "P (x::'a::foo)" and "Q (y::'a::bar)"  -- "now illegal"
   453 
   454   lemma "P (x::'a)" and "Q (y::'a::bar)"
   455     -- "now uniform 'a::bar instead of default sort for first occurrence (!)"
   456 
   457 * Rule composition via attribute "OF" (or ML functions OF/MRS) is more
   458 tolerant against multiple unifiers, as long as the final result is
   459 unique.  (As before, rules are composed in canonical right-to-left
   460 order to accommodate newly introduced premises.)
   461 
   462 * Renamed some inner syntax categories:
   463 
   464     num ~> num_token
   465     xnum ~> xnum_token
   466     xstr ~> str_token
   467 
   468 Minor INCOMPATIBILITY.  Note that in practice "num_const" or
   469 "num_position" etc. are mainly used instead (which also include
   470 position information via constraints).
   471 
   472 * Simplified configuration options for syntax ambiguity: see
   473 "syntax_ambiguity_warning" and "syntax_ambiguity_limit" in isar-ref
   474 manual.  Minor INCOMPATIBILITY.
   475 
   476 * Discontinued configuration option "syntax_positions": atomic terms
   477 in parse trees are always annotated by position constraints.
   478 
   479 * Old code generator for SML and its commands 'code_module',
   480 'code_library', 'consts_code', 'types_code' have been discontinued.
   481 Use commands of the generic code generator instead.  INCOMPATIBILITY.
   482 
   483 * Redundant attribute "code_inline" has been discontinued. Use
   484 "code_unfold" instead.  INCOMPATIBILITY.
   485 
   486 * Dropped attribute "code_unfold_post" in favor of the its dual
   487 "code_abbrev", which yields a common pattern in definitions like
   488 
   489   definition [code_abbrev]: "f = t"
   490 
   491 INCOMPATIBILITY.
   492 
   493 * Obsolete 'types' command has been discontinued.  Use 'type_synonym'
   494 instead.  INCOMPATIBILITY.
   495 
   496 * Discontinued old "prems" fact, which used to refer to the accidental
   497 collection of foundational premises in the context (already marked as
   498 legacy since Isabelle2011).
   499 
   500 
   501 *** HOL ***
   502 
   503 * Type 'a set is now a proper type constructor (just as before
   504 Isabelle2008).  Definitions mem_def and Collect_def have disappeared.
   505 Non-trivial INCOMPATIBILITY.  For developments keeping predicates and
   506 sets separate, it is often sufficient to rephrase some set S that has
   507 been accidentally used as predicates by "%x. x : S", and some
   508 predicate P that has been accidentally used as set by "{x. P x}".
   509 Corresponding proofs in a first step should be pruned from any
   510 tinkering with former theorems mem_def and Collect_def as far as
   511 possible.
   512 
   513 For developments which deliberately mix predicates and sets, a
   514 planning step is necessary to determine what should become a predicate
   515 and what a set.  It can be helpful to carry out that step in
   516 Isabelle2011-1 before jumping right into the current release.
   517 
   518 * Code generation by default implements sets as container type rather
   519 than predicates.  INCOMPATIBILITY.
   520 
   521 * New type synonym 'a rel = ('a * 'a) set
   522 
   523 * The representation of numerals has changed.  Datatype "num"
   524 represents strictly positive binary numerals, along with functions
   525 "numeral :: num => 'a" and "neg_numeral :: num => 'a" to represent
   526 positive and negated numeric literals, respectively.  See also
   527 definitions in ~~/src/HOL/Num.thy.  Potential INCOMPATIBILITY, some
   528 user theories may require adaptations as follows:
   529 
   530   - Theorems with number_ring or number_semiring constraints: These
   531     classes are gone; use comm_ring_1 or comm_semiring_1 instead.
   532 
   533   - Theories defining numeric types: Remove number, number_semiring,
   534     and number_ring instances. Defer all theorems about numerals until
   535     after classes one and semigroup_add have been instantiated.
   536 
   537   - Numeral-only simp rules: Replace each rule having a "number_of v"
   538     pattern with two copies, one for numeral and one for neg_numeral.
   539 
   540   - Theorems about subclasses of semiring_1 or ring_1: These classes
   541     automatically support numerals now, so more simp rules and
   542     simprocs may now apply within the proof.
   543 
   544   - Definitions and theorems using old constructors Pls/Min/Bit0/Bit1:
   545     Redefine using other integer operations.
   546 
   547 * Transfer: New package intended to generalize the existing
   548 "descending" method and related theorem attributes from the Quotient
   549 package.  (Not all functionality is implemented yet, but future
   550 development will focus on Transfer as an eventual replacement for the
   551 corresponding parts of the Quotient package.)
   552 
   553   - transfer_rule attribute: Maintains a collection of transfer rules,
   554     which relate constants at two different types. Transfer rules may
   555     relate different type instances of the same polymorphic constant,
   556     or they may relate an operation on a raw type to a corresponding
   557     operation on an abstract type (quotient or subtype). For example:
   558 
   559     ((A ===> B) ===> list_all2 A ===> list_all2 B) map map
   560     (cr_int ===> cr_int ===> cr_int) (%(x,y) (u,v). (x+u, y+v)) plus_int
   561 
   562   - transfer method: Replaces a subgoal on abstract types with an
   563     equivalent subgoal on the corresponding raw types. Constants are
   564     replaced with corresponding ones according to the transfer rules.
   565     Goals are generalized over all free variables by default; this is
   566     necessary for variables whose types change, but can be overridden
   567     for specific variables with e.g. "transfer fixing: x y z".  The
   568     variant transfer' method allows replacing a subgoal with one that
   569     is logically stronger (rather than equivalent).
   570 
   571   - relator_eq attribute: Collects identity laws for relators of
   572     various type constructors, e.g. "list_all2 (op =) = (op =)".  The
   573     transfer method uses these lemmas to infer transfer rules for
   574     non-polymorphic constants on the fly.
   575 
   576   - transfer_prover method: Assists with proving a transfer rule for a
   577     new constant, provided the constant is defined in terms of other
   578     constants that already have transfer rules. It should be applied
   579     after unfolding the constant definitions.
   580 
   581   - HOL/ex/Transfer_Int_Nat.thy: Example theory demonstrating transfer
   582     from type nat to type int.
   583 
   584 * Lifting: New package intended to generalize the quotient_definition
   585 facility of the Quotient package; designed to work with Transfer.
   586 
   587   - lift_definition command: Defines operations on an abstract type in
   588     terms of a corresponding operation on a representation
   589     type.  Example syntax:
   590 
   591     lift_definition dlist_insert :: "'a => 'a dlist => 'a dlist"
   592       is List.insert
   593 
   594     Users must discharge a respectfulness proof obligation when each
   595     constant is defined. (For a type copy, i.e. a typedef with UNIV,
   596     the proof is discharged automatically.) The obligation is
   597     presented in a user-friendly, readable form; a respectfulness
   598     theorem in the standard format and a transfer rule are generated
   599     by the package.
   600 
   601   - Integration with code_abstype: For typedefs (e.g. subtypes
   602     corresponding to a datatype invariant, such as dlist),
   603     lift_definition generates a code certificate theorem and sets up
   604     code generation for each constant.
   605 
   606   - setup_lifting command: Sets up the Lifting package to work with a
   607     user-defined type. The user must provide either a quotient theorem
   608     or a type_definition theorem.  The package configures transfer
   609     rules for equality and quantifiers on the type, and sets up the
   610     lift_definition command to work with the type.
   611 
   612   - Usage examples: See Quotient_Examples/Lift_DList.thy,
   613     Quotient_Examples/Lift_RBT.thy, Quotient_Examples/Lift_FSet.thy,
   614     Word/Word.thy and Library/Float.thy.
   615 
   616 * Quotient package:
   617 
   618   - The 'quotient_type' command now supports a 'morphisms' option with
   619     rep and abs functions, similar to typedef.
   620 
   621   - 'quotient_type' sets up new types to work with the Lifting and
   622     Transfer packages, as with 'setup_lifting'.
   623 
   624   - The 'quotient_definition' command now requires the user to prove a
   625     respectfulness property at the point where the constant is
   626     defined, similar to lift_definition; INCOMPATIBILITY.
   627 
   628   - Renamed predicate 'Quotient' to 'Quotient3', and renamed theorems
   629     accordingly, INCOMPATIBILITY.
   630 
   631 * New diagnostic command 'find_unused_assms' to find potentially
   632 superfluous assumptions in theorems using Quickcheck.
   633 
   634 * Quickcheck:
   635 
   636   - Quickcheck returns variable assignments as counterexamples, which
   637     allows to reveal the underspecification of functions under test.
   638     For example, refuting "hd xs = x", it presents the variable
   639     assignment xs = [] and x = a1 as a counterexample, assuming that
   640     any property is false whenever "hd []" occurs in it.
   641 
   642     These counterexample are marked as potentially spurious, as
   643     Quickcheck also returns "xs = []" as a counterexample to the
   644     obvious theorem "hd xs = hd xs".
   645 
   646     After finding a potentially spurious counterexample, Quickcheck
   647     continues searching for genuine ones.
   648 
   649     By default, Quickcheck shows potentially spurious and genuine
   650     counterexamples. The option "genuine_only" sets quickcheck to only
   651     show genuine counterexamples.
   652 
   653   - The command 'quickcheck_generator' creates random and exhaustive
   654     value generators for a given type and operations.
   655 
   656     It generates values by using the operations as if they were
   657     constructors of that type.
   658 
   659   - Support for multisets.
   660 
   661   - Added "use_subtype" options.
   662 
   663   - Added "quickcheck_locale" configuration to specify how to process
   664     conjectures in a locale context.
   665 
   666 * Nitpick: Fixed infinite loop caused by the 'peephole_optim' option
   667 and affecting 'rat' and 'real'.
   668 
   669 * Sledgehammer:
   670   - Integrated more tightly with SPASS, as described in the ITP 2012
   671     paper "More SPASS with Isabelle".
   672   - Made it try "smt" as a fallback if "metis" fails or times out.
   673   - Added support for the following provers: Alt-Ergo (via Why3 and
   674     TFF1), iProver, iProver-Eq.
   675   - Sped up the minimizer.
   676   - Added "lam_trans", "uncurry_aliases", and "minimize" options.
   677   - Renamed "slicing" ("no_slicing") option to "slice" ("dont_slice").
   678   - Renamed "sound" option to "strict".
   679 
   680 * Metis: Added possibility to specify lambda translations scheme as a
   681 parenthesized argument (e.g., "by (metis (lifting) ...)").
   682 
   683 * SMT: Renamed "smt_fixed" option to "smt_read_only_certificates".
   684 
   685 * Command 'try0': Renamed from 'try_methods'. INCOMPATIBILITY.
   686 
   687 * New "case_product" attribute to generate a case rule doing multiple
   688 case distinctions at the same time.  E.g.
   689 
   690   list.exhaust [case_product nat.exhaust]
   691 
   692 produces a rule which can be used to perform case distinction on both
   693 a list and a nat.
   694 
   695 * New "eventually_elim" method as a generalized variant of the
   696 eventually_elim* rules.  Supports structured proofs.
   697 
   698 * Typedef with implicit set definition is considered legacy.  Use
   699 "typedef (open)" form instead, which will eventually become the
   700 default.
   701 
   702 * Record: code generation can be switched off manually with
   703 
   704   declare [[record_coden = false]]  -- "default true"
   705 
   706 * Datatype: type parameters allow explicit sort constraints.
   707 
   708 * Concrete syntax for case expressions includes constraints for source
   709 positions, and thus produces Prover IDE markup for its bindings.
   710 INCOMPATIBILITY for old-style syntax translations that augment the
   711 pattern notation; e.g. see src/HOL/HOLCF/One.thy for translations of
   712 one_case.
   713 
   714 * Clarified attribute "mono_set": pure declaration without modifying
   715 the result of the fact expression.
   716 
   717 * More default pred/set conversions on a couple of relation operations
   718 and predicates.  Added powers of predicate relations.  Consolidation
   719 of some relation theorems:
   720 
   721   converse_def ~> converse_unfold
   722   rel_comp_def ~> relcomp_unfold
   723   symp_def ~> (modified, use symp_def and sym_def instead)
   724   transp_def ~> transp_trans
   725   Domain_def ~> Domain_unfold
   726   Range_def ~> Domain_converse [symmetric]
   727 
   728 Generalized theorems INF_INT_eq, INF_INT_eq2, SUP_UN_eq, SUP_UN_eq2.
   729 
   730 See theory "Relation" for examples for making use of pred/set
   731 conversions by means of attributes "to_set" and "to_pred".
   732 
   733 INCOMPATIBILITY.
   734 
   735 * Renamed facts about the power operation on relations, i.e., relpow
   736 to match the constant's name:
   737 
   738   rel_pow_1 ~> relpow_1
   739   rel_pow_0_I ~> relpow_0_I
   740   rel_pow_Suc_I ~> relpow_Suc_I
   741   rel_pow_Suc_I2 ~> relpow_Suc_I2
   742   rel_pow_0_E ~> relpow_0_E
   743   rel_pow_Suc_E ~> relpow_Suc_E
   744   rel_pow_E ~> relpow_E
   745   rel_pow_Suc_D2 ~> relpow_Suc_D2
   746   rel_pow_Suc_E2 ~> relpow_Suc_E2
   747   rel_pow_Suc_D2' ~> relpow_Suc_D2'
   748   rel_pow_E2 ~> relpow_E2
   749   rel_pow_add ~> relpow_add
   750   rel_pow_commute ~> relpow
   751   rel_pow_empty ~> relpow_empty:
   752   rtrancl_imp_UN_rel_pow ~> rtrancl_imp_UN_relpow
   753   rel_pow_imp_rtrancl ~> relpow_imp_rtrancl
   754   rtrancl_is_UN_rel_pow ~> rtrancl_is_UN_relpow
   755   rtrancl_imp_rel_pow ~> rtrancl_imp_relpow
   756   rel_pow_fun_conv ~> relpow_fun_conv
   757   rel_pow_finite_bounded1 ~> relpow_finite_bounded1
   758   rel_pow_finite_bounded ~> relpow_finite_bounded
   759   rtrancl_finite_eq_rel_pow ~> rtrancl_finite_eq_relpow
   760   trancl_finite_eq_rel_pow ~> trancl_finite_eq_relpow
   761   single_valued_rel_pow ~> single_valued_relpow
   762 
   763 INCOMPATIBILITY.
   764 
   765 * Theory Relation: Consolidated constant name for relation composition
   766 and corresponding theorem names:
   767 
   768   - Renamed constant rel_comp to relcomp.
   769 
   770   - Dropped abbreviation pred_comp. Use relcompp instead.
   771 
   772   - Renamed theorems:
   773 
   774     rel_compI ~> relcompI
   775     rel_compEpair ~> relcompEpair
   776     rel_compE ~> relcompE
   777     pred_comp_rel_comp_eq ~> relcompp_relcomp_eq
   778     rel_comp_empty1 ~> relcomp_empty1
   779     rel_comp_mono ~> relcomp_mono
   780     rel_comp_subset_Sigma ~> relcomp_subset_Sigma
   781     rel_comp_distrib ~> relcomp_distrib
   782     rel_comp_distrib2 ~> relcomp_distrib2
   783     rel_comp_UNION_distrib ~> relcomp_UNION_distrib
   784     rel_comp_UNION_distrib2 ~> relcomp_UNION_distrib2
   785     single_valued_rel_comp ~> single_valued_relcomp
   786     rel_comp_def ~> relcomp_unfold
   787     converse_rel_comp ~> converse_relcomp
   788     pred_compI ~> relcomppI
   789     pred_compE ~> relcomppE
   790     pred_comp_bot1 ~> relcompp_bot1
   791     pred_comp_bot2 ~> relcompp_bot2
   792     transp_pred_comp_less_eq ~> transp_relcompp_less_eq
   793     pred_comp_mono ~> relcompp_mono
   794     pred_comp_distrib ~> relcompp_distrib
   795     pred_comp_distrib2 ~> relcompp_distrib2
   796     converse_pred_comp ~> converse_relcompp
   797 
   798     finite_rel_comp ~> finite_relcomp
   799 
   800     set_rel_comp ~> set_relcomp
   801 
   802 INCOMPATIBILITY.
   803 
   804 * Theory Divides: Discontinued redundant theorems about div and mod.
   805 INCOMPATIBILITY, use the corresponding generic theorems instead.
   806 
   807   DIVISION_BY_ZERO ~> div_by_0, mod_by_0
   808   zdiv_self ~> div_self
   809   zmod_self ~> mod_self
   810   zdiv_zero ~> div_0
   811   zmod_zero ~> mod_0
   812   zdiv_zmod_equality ~> div_mod_equality2
   813   zdiv_zmod_equality2 ~> div_mod_equality
   814   zmod_zdiv_trivial ~> mod_div_trivial
   815   zdiv_zminus_zminus ~> div_minus_minus
   816   zmod_zminus_zminus ~> mod_minus_minus
   817   zdiv_zminus2 ~> div_minus_right
   818   zmod_zminus2 ~> mod_minus_right
   819   zdiv_minus1_right ~> div_minus1_right
   820   zmod_minus1_right ~> mod_minus1_right
   821   zdvd_mult_div_cancel ~> dvd_mult_div_cancel
   822   zmod_zmult1_eq ~> mod_mult_right_eq
   823   zpower_zmod ~> power_mod
   824   zdvd_zmod ~> dvd_mod
   825   zdvd_zmod_imp_zdvd ~> dvd_mod_imp_dvd
   826   mod_mult_distrib ~> mult_mod_left
   827   mod_mult_distrib2 ~> mult_mod_right
   828 
   829 * Removed redundant theorems nat_mult_2 and nat_mult_2_right; use
   830 generic mult_2 and mult_2_right instead. INCOMPATIBILITY.
   831 
   832 * Finite_Set.fold now qualified.  INCOMPATIBILITY.
   833 
   834 * Consolidated theorem names concerning fold combinators:
   835 
   836   inf_INFI_fold_inf ~> inf_INF_fold_inf
   837   sup_SUPR_fold_sup ~> sup_SUP_fold_sup
   838   INFI_fold_inf ~> INF_fold_inf
   839   SUPR_fold_sup ~> SUP_fold_sup
   840   union_set ~> union_set_fold
   841   minus_set ~> minus_set_fold
   842   INFI_set_fold ~> INF_set_fold
   843   SUPR_set_fold ~> SUP_set_fold
   844   INF_code ~> INF_set_foldr
   845   SUP_code ~> SUP_set_foldr
   846   foldr.simps ~> foldr.simps (in point-free formulation)
   847   foldr_fold_rev ~> foldr_conv_fold
   848   foldl_fold ~> foldl_conv_fold
   849   foldr_foldr ~> foldr_conv_foldl
   850   foldl_foldr ~> foldl_conv_foldr
   851   fold_set_remdups ~> fold_set_fold_remdups
   852   fold_set ~> fold_set_fold
   853   fold1_set ~> fold1_set_fold
   854 
   855 INCOMPATIBILITY.
   856 
   857 * Dropped rarely useful theorems concerning fold combinators:
   858 foldl_apply, foldl_fun_comm, foldl_rev, fold_weak_invariant,
   859 rev_foldl_cons, fold_set_remdups, fold_set, fold_set1,
   860 concat_conv_foldl, foldl_weak_invariant, foldl_invariant,
   861 foldr_invariant, foldl_absorb0, foldl_foldr1_lemma, foldl_foldr1,
   862 listsum_conv_fold, listsum_foldl, sort_foldl_insort, foldl_assoc,
   863 foldr_conv_foldl, start_le_sum, elem_le_sum, sum_eq_0_conv.
   864 INCOMPATIBILITY.  For the common phrases "%xs. List.foldr plus xs 0"
   865 and "List.foldl plus 0", prefer "List.listsum".  Otherwise it can be
   866 useful to boil down "List.foldr" and "List.foldl" to "List.fold" by
   867 unfolding "foldr_conv_fold" and "foldl_conv_fold".
   868 
   869 * Dropped lemmas minus_set_foldr, union_set_foldr, union_coset_foldr,
   870 inter_coset_foldr, Inf_fin_set_foldr, Sup_fin_set_foldr,
   871 Min_fin_set_foldr, Max_fin_set_foldr, Inf_set_foldr, Sup_set_foldr,
   872 INF_set_foldr, SUP_set_foldr.  INCOMPATIBILITY.  Prefer corresponding
   873 lemmas over fold rather than foldr, or make use of lemmas
   874 fold_conv_foldr and fold_rev.
   875 
   876 * Congruence rules Option.map_cong and Option.bind_cong for recursion
   877 through option types.
   878 
   879 * "Transitive_Closure.ntrancl": bounded transitive closure on
   880 relations.
   881 
   882 * Constant "Set.not_member" now qualified.  INCOMPATIBILITY.
   883 
   884 * Theory Int: Discontinued many legacy theorems specific to type int.
   885 INCOMPATIBILITY, use the corresponding generic theorems instead.
   886 
   887   zminus_zminus ~> minus_minus
   888   zminus_0 ~> minus_zero
   889   zminus_zadd_distrib ~> minus_add_distrib
   890   zadd_commute ~> add_commute
   891   zadd_assoc ~> add_assoc
   892   zadd_left_commute ~> add_left_commute
   893   zadd_ac ~> add_ac
   894   zmult_ac ~> mult_ac
   895   zadd_0 ~> add_0_left
   896   zadd_0_right ~> add_0_right
   897   zadd_zminus_inverse2 ~> left_minus
   898   zmult_zminus ~> mult_minus_left
   899   zmult_commute ~> mult_commute
   900   zmult_assoc ~> mult_assoc
   901   zadd_zmult_distrib ~> left_distrib
   902   zadd_zmult_distrib2 ~> right_distrib
   903   zdiff_zmult_distrib ~> left_diff_distrib
   904   zdiff_zmult_distrib2 ~> right_diff_distrib
   905   zmult_1 ~> mult_1_left
   906   zmult_1_right ~> mult_1_right
   907   zle_refl ~> order_refl
   908   zle_trans ~> order_trans
   909   zle_antisym ~> order_antisym
   910   zle_linear ~> linorder_linear
   911   zless_linear ~> linorder_less_linear
   912   zadd_left_mono ~> add_left_mono
   913   zadd_strict_right_mono ~> add_strict_right_mono
   914   zadd_zless_mono ~> add_less_le_mono
   915   int_0_less_1 ~> zero_less_one
   916   int_0_neq_1 ~> zero_neq_one
   917   zless_le ~> less_le
   918   zpower_zadd_distrib ~> power_add
   919   zero_less_zpower_abs_iff ~> zero_less_power_abs_iff
   920   zero_le_zpower_abs ~> zero_le_power_abs
   921 
   922 * Theory Deriv: Renamed
   923 
   924   DERIV_nonneg_imp_nonincreasing ~> DERIV_nonneg_imp_nondecreasing
   925 
   926 * Theory Library/Multiset: Improved code generation of multisets.
   927 
   928 * Theory HOL/Library/Set_Algebras: Addition and multiplication on sets
   929 are expressed via type classes again. The special syntax
   930 \<oplus>/\<otimes> has been replaced by plain +/*. Removed constant
   931 setsum_set, which is now subsumed by Big_Operators.setsum.
   932 INCOMPATIBILITY.
   933 
   934 * Theory HOL/Library/Diagonalize has been removed. INCOMPATIBILITY,
   935 use theory HOL/Library/Nat_Bijection instead.
   936 
   937 * Theory HOL/Library/RBT_Impl: Backing implementation of red-black
   938 trees is now inside a type class context.  Names of affected
   939 operations and lemmas have been prefixed by rbt_.  INCOMPATIBILITY for
   940 theories working directly with raw red-black trees, adapt the names as
   941 follows:
   942 
   943   Operations:
   944   bulkload -> rbt_bulkload
   945   del_from_left -> rbt_del_from_left
   946   del_from_right -> rbt_del_from_right
   947   del -> rbt_del
   948   delete -> rbt_delete
   949   ins -> rbt_ins
   950   insert -> rbt_insert
   951   insertw -> rbt_insert_with
   952   insert_with_key -> rbt_insert_with_key
   953   map_entry -> rbt_map_entry
   954   lookup -> rbt_lookup
   955   sorted -> rbt_sorted
   956   tree_greater -> rbt_greater
   957   tree_less -> rbt_less
   958   tree_less_symbol -> rbt_less_symbol
   959   union -> rbt_union
   960   union_with -> rbt_union_with
   961   union_with_key -> rbt_union_with_key
   962 
   963   Lemmas:
   964   balance_left_sorted -> balance_left_rbt_sorted
   965   balance_left_tree_greater -> balance_left_rbt_greater
   966   balance_left_tree_less -> balance_left_rbt_less
   967   balance_right_sorted -> balance_right_rbt_sorted
   968   balance_right_tree_greater -> balance_right_rbt_greater
   969   balance_right_tree_less -> balance_right_rbt_less
   970   balance_sorted -> balance_rbt_sorted
   971   balance_tree_greater -> balance_rbt_greater
   972   balance_tree_less -> balance_rbt_less
   973   bulkload_is_rbt -> rbt_bulkload_is_rbt
   974   combine_sorted -> combine_rbt_sorted
   975   combine_tree_greater -> combine_rbt_greater
   976   combine_tree_less -> combine_rbt_less
   977   delete_in_tree -> rbt_delete_in_tree
   978   delete_is_rbt -> rbt_delete_is_rbt
   979   del_from_left_tree_greater -> rbt_del_from_left_rbt_greater
   980   del_from_left_tree_less -> rbt_del_from_left_rbt_less
   981   del_from_right_tree_greater -> rbt_del_from_right_rbt_greater
   982   del_from_right_tree_less -> rbt_del_from_right_rbt_less
   983   del_in_tree -> rbt_del_in_tree
   984   del_inv1_inv2 -> rbt_del_inv1_inv2
   985   del_sorted -> rbt_del_rbt_sorted
   986   del_tree_greater -> rbt_del_rbt_greater
   987   del_tree_less -> rbt_del_rbt_less
   988   dom_lookup_Branch -> dom_rbt_lookup_Branch
   989   entries_lookup -> entries_rbt_lookup
   990   finite_dom_lookup -> finite_dom_rbt_lookup
   991   insert_sorted -> rbt_insert_rbt_sorted
   992   insertw_is_rbt -> rbt_insertw_is_rbt
   993   insertwk_is_rbt -> rbt_insertwk_is_rbt
   994   insertwk_sorted -> rbt_insertwk_rbt_sorted
   995   insertw_sorted -> rbt_insertw_rbt_sorted
   996   ins_sorted -> ins_rbt_sorted
   997   ins_tree_greater -> ins_rbt_greater
   998   ins_tree_less -> ins_rbt_less
   999   is_rbt_sorted -> is_rbt_rbt_sorted
  1000   lookup_balance -> rbt_lookup_balance
  1001   lookup_bulkload -> rbt_lookup_rbt_bulkload
  1002   lookup_delete -> rbt_lookup_rbt_delete
  1003   lookup_Empty -> rbt_lookup_Empty
  1004   lookup_from_in_tree -> rbt_lookup_from_in_tree
  1005   lookup_in_tree -> rbt_lookup_in_tree
  1006   lookup_ins -> rbt_lookup_ins
  1007   lookup_insert -> rbt_lookup_rbt_insert
  1008   lookup_insertw -> rbt_lookup_rbt_insertw
  1009   lookup_insertwk -> rbt_lookup_rbt_insertwk
  1010   lookup_keys -> rbt_lookup_keys
  1011   lookup_map -> rbt_lookup_map
  1012   lookup_map_entry -> rbt_lookup_rbt_map_entry
  1013   lookup_tree_greater -> rbt_lookup_rbt_greater
  1014   lookup_tree_less -> rbt_lookup_rbt_less
  1015   lookup_union -> rbt_lookup_rbt_union
  1016   map_entry_color_of -> rbt_map_entry_color_of
  1017   map_entry_inv1 -> rbt_map_entry_inv1
  1018   map_entry_inv2 -> rbt_map_entry_inv2
  1019   map_entry_is_rbt -> rbt_map_entry_is_rbt
  1020   map_entry_sorted -> rbt_map_entry_rbt_sorted
  1021   map_entry_tree_greater -> rbt_map_entry_rbt_greater
  1022   map_entry_tree_less -> rbt_map_entry_rbt_less
  1023   map_tree_greater -> map_rbt_greater
  1024   map_tree_less -> map_rbt_less
  1025   map_sorted -> map_rbt_sorted
  1026   paint_sorted -> paint_rbt_sorted
  1027   paint_lookup -> paint_rbt_lookup
  1028   paint_tree_greater -> paint_rbt_greater
  1029   paint_tree_less -> paint_rbt_less
  1030   sorted_entries -> rbt_sorted_entries
  1031   tree_greater_eq_trans -> rbt_greater_eq_trans
  1032   tree_greater_nit -> rbt_greater_nit
  1033   tree_greater_prop -> rbt_greater_prop
  1034   tree_greater_simps -> rbt_greater_simps
  1035   tree_greater_trans -> rbt_greater_trans
  1036   tree_less_eq_trans -> rbt_less_eq_trans
  1037   tree_less_nit -> rbt_less_nit
  1038   tree_less_prop -> rbt_less_prop
  1039   tree_less_simps -> rbt_less_simps
  1040   tree_less_trans -> rbt_less_trans
  1041   tree_ord_props -> rbt_ord_props
  1042   union_Branch -> rbt_union_Branch
  1043   union_is_rbt -> rbt_union_is_rbt
  1044   unionw_is_rbt -> rbt_unionw_is_rbt
  1045   unionwk_is_rbt -> rbt_unionwk_is_rbt
  1046   unionwk_sorted -> rbt_unionwk_rbt_sorted
  1047 
  1048 * Theory HOL/Library/Float: Floating point numbers are now defined as
  1049 a subset of the real numbers.  All operations are defined using the
  1050 lifing-framework and proofs use the transfer method.  INCOMPATIBILITY.
  1051 
  1052   Changed Operations:
  1053   float_abs -> abs
  1054   float_nprt -> nprt
  1055   float_pprt -> pprt
  1056   pow2 -> use powr
  1057   round_down -> float_round_down
  1058   round_up -> float_round_up
  1059   scale -> exponent
  1060 
  1061   Removed Operations:
  1062   ceiling_fl, lb_mult, lb_mod, ub_mult, ub_mod
  1063 
  1064   Renamed Lemmas:
  1065   abs_float_def -> Float.compute_float_abs
  1066   bitlen_ge0 -> bitlen_nonneg
  1067   bitlen.simps -> Float.compute_bitlen
  1068   float_components -> Float_mantissa_exponent
  1069   float_divl.simps -> Float.compute_float_divl
  1070   float_divr.simps -> Float.compute_float_divr
  1071   float_eq_odd -> mult_powr_eq_mult_powr_iff
  1072   float_power -> real_of_float_power
  1073   lapprox_posrat_def -> Float.compute_lapprox_posrat
  1074   lapprox_rat.simps -> Float.compute_lapprox_rat
  1075   le_float_def' -> Float.compute_float_le
  1076   le_float_def -> less_eq_float.rep_eq
  1077   less_float_def' -> Float.compute_float_less
  1078   less_float_def -> less_float.rep_eq
  1079   normfloat_def -> Float.compute_normfloat
  1080   normfloat_imp_odd_or_zero -> mantissa_not_dvd and mantissa_noteq_0
  1081   normfloat -> normfloat_def
  1082   normfloat_unique -> use normfloat_def
  1083   number_of_float_Float -> Float.compute_float_numeral, Float.compute_float_neg_numeral
  1084   one_float_def -> Float.compute_float_one
  1085   plus_float_def -> Float.compute_float_plus
  1086   rapprox_posrat_def -> Float.compute_rapprox_posrat
  1087   rapprox_rat.simps -> Float.compute_rapprox_rat
  1088   real_of_float_0 -> zero_float.rep_eq
  1089   real_of_float_1 -> one_float.rep_eq
  1090   real_of_float_abs -> abs_float.rep_eq
  1091   real_of_float_add -> plus_float.rep_eq
  1092   real_of_float_minus -> uminus_float.rep_eq
  1093   real_of_float_mult -> times_float.rep_eq
  1094   real_of_float_simp -> Float.rep_eq
  1095   real_of_float_sub -> minus_float.rep_eq
  1096   round_down.simps -> Float.compute_float_round_down
  1097   round_up.simps -> Float.compute_float_round_up
  1098   times_float_def -> Float.compute_float_times
  1099   uminus_float_def -> Float.compute_float_uminus
  1100   zero_float_def -> Float.compute_float_zero
  1101 
  1102   Lemmas not necessary anymore, use the transfer method:
  1103   bitlen_B0, bitlen_B1, bitlen_ge1, bitlen_Min, bitlen_Pls, float_divl,
  1104   float_divr, float_le_simp, float_less1_mantissa_bound,
  1105   float_less_simp, float_less_zero, float_le_zero,
  1106   float_pos_less1_e_neg, float_pos_m_pos, float_split, float_split2,
  1107   floor_pos_exp, lapprox_posrat, lapprox_posrat_bottom, lapprox_rat,
  1108   lapprox_rat_bottom, normalized_float, rapprox_posrat,
  1109   rapprox_posrat_le1, rapprox_rat, real_of_float_ge0_exp,
  1110   real_of_float_neg_exp, real_of_float_nge0_exp, round_down floor_fl,
  1111   round_up, zero_le_float, zero_less_float
  1112 
  1113 * New theory HOL/Library/DAList provides an abstract type for
  1114 association lists with distinct keys.
  1115 
  1116 * Session HOL/IMP: Added new theory of abstract interpretation of
  1117 annotated commands.
  1118 
  1119 * Session HOL-Import: Re-implementation from scratch is faster,
  1120 simpler, and more scalable.  Requires a proof bundle, which is
  1121 available as an external component.  Discontinued old (and mostly
  1122 dead) Importer for HOL4 and HOL Light.  INCOMPATIBILITY.
  1123 
  1124 * Session HOL-Word: Discontinued many redundant theorems specific to
  1125 type 'a word. INCOMPATIBILITY, use the corresponding generic theorems
  1126 instead.
  1127 
  1128   word_sub_alt ~> word_sub_wi
  1129   word_add_alt ~> word_add_def
  1130   word_mult_alt ~> word_mult_def
  1131   word_minus_alt ~> word_minus_def
  1132   word_0_alt ~> word_0_wi
  1133   word_1_alt ~> word_1_wi
  1134   word_add_0 ~> add_0_left
  1135   word_add_0_right ~> add_0_right
  1136   word_mult_1 ~> mult_1_left
  1137   word_mult_1_right ~> mult_1_right
  1138   word_add_commute ~> add_commute
  1139   word_add_assoc ~> add_assoc
  1140   word_add_left_commute ~> add_left_commute
  1141   word_mult_commute ~> mult_commute
  1142   word_mult_assoc ~> mult_assoc
  1143   word_mult_left_commute ~> mult_left_commute
  1144   word_left_distrib ~> left_distrib
  1145   word_right_distrib ~> right_distrib
  1146   word_left_minus ~> left_minus
  1147   word_diff_0_right ~> diff_0_right
  1148   word_diff_self ~> diff_self
  1149   word_sub_def ~> diff_minus
  1150   word_diff_minus ~> diff_minus
  1151   word_add_ac ~> add_ac
  1152   word_mult_ac ~> mult_ac
  1153   word_plus_ac0 ~> add_0_left add_0_right add_ac
  1154   word_times_ac1 ~> mult_1_left mult_1_right mult_ac
  1155   word_order_trans ~> order_trans
  1156   word_order_refl ~> order_refl
  1157   word_order_antisym ~> order_antisym
  1158   word_order_linear ~> linorder_linear
  1159   lenw1_zero_neq_one ~> zero_neq_one
  1160   word_number_of_eq ~> number_of_eq
  1161   word_of_int_add_hom ~> wi_hom_add
  1162   word_of_int_sub_hom ~> wi_hom_sub
  1163   word_of_int_mult_hom ~> wi_hom_mult
  1164   word_of_int_minus_hom ~> wi_hom_neg
  1165   word_of_int_succ_hom ~> wi_hom_succ
  1166   word_of_int_pred_hom ~> wi_hom_pred
  1167   word_of_int_0_hom ~> word_0_wi
  1168   word_of_int_1_hom ~> word_1_wi
  1169 
  1170 * Session HOL-Word: New proof method "word_bitwise" for splitting
  1171 machine word equalities and inequalities into logical circuits,
  1172 defined in HOL/Word/WordBitwise.thy.  Supports addition, subtraction,
  1173 multiplication, shifting by constants, bitwise operators and numeric
  1174 constants.  Requires fixed-length word types, not 'a word.  Solves
  1175 many standard word identities outright and converts more into first
  1176 order problems amenable to blast or similar.  See also examples in
  1177 HOL/Word/Examples/WordExamples.thy.
  1178 
  1179 * Session HOL-Probability: Introduced the type "'a measure" to
  1180 represent measures, this replaces the records 'a algebra and 'a
  1181 measure_space.  The locales based on subset_class now have two
  1182 locale-parameters the space \<Omega> and the set of measurable sets M.
  1183 The product of probability spaces uses now the same constant as the
  1184 finite product of sigma-finite measure spaces "PiM :: ('i => 'a)
  1185 measure".  Most constants are defined now outside of locales and gain
  1186 an additional parameter, like null_sets, almost_eventually or \<mu>'.
  1187 Measure space constructions for distributions and densities now got
  1188 their own constants distr and density.  Instead of using locales to
  1189 describe measure spaces with a finite space, the measure count_space
  1190 and point_measure is introduced.  INCOMPATIBILITY.
  1191 
  1192   Renamed constants:
  1193   measure -> emeasure
  1194   finite_measure.\<mu>' -> measure
  1195   product_algebra_generator -> prod_algebra
  1196   product_prob_space.emb -> prod_emb
  1197   product_prob_space.infprod_algebra -> PiM
  1198 
  1199   Removed locales:
  1200   completeable_measure_space
  1201   finite_measure_space
  1202   finite_prob_space
  1203   finite_product_finite_prob_space
  1204   finite_product_sigma_algebra
  1205   finite_sigma_algebra
  1206   measure_space
  1207   pair_finite_prob_space
  1208   pair_finite_sigma_algebra
  1209   pair_finite_space
  1210   pair_sigma_algebra
  1211   product_sigma_algebra
  1212 
  1213   Removed constants:
  1214   conditional_space
  1215   distribution -> use distr measure, or distributed predicate
  1216   image_space
  1217   joint_distribution -> use distr measure, or distributed predicate
  1218   pair_measure_generator
  1219   product_prob_space.infprod_algebra -> use PiM
  1220   subvimage
  1221 
  1222   Replacement theorems:
  1223   finite_additivity_sufficient -> ring_of_sets.countably_additiveI_finite
  1224   finite_measure.empty_measure -> measure_empty
  1225   finite_measure.finite_continuity_from_above -> finite_measure.finite_Lim_measure_decseq
  1226   finite_measure.finite_continuity_from_below -> finite_measure.finite_Lim_measure_incseq
  1227   finite_measure.finite_measure_countably_subadditive -> finite_measure.finite_measure_subadditive_countably
  1228   finite_measure.finite_measure_eq -> finite_measure.emeasure_eq_measure
  1229   finite_measure.finite_measure -> finite_measure.emeasure_finite
  1230   finite_measure.finite_measure_finite_singleton -> finite_measure.finite_measure_eq_setsum_singleton
  1231   finite_measure.positive_measure' -> measure_nonneg
  1232   finite_measure.real_measure -> finite_measure.emeasure_real
  1233   finite_product_prob_space.finite_measure_times -> finite_product_prob_space.finite_measure_PiM_emb
  1234   finite_product_sigma_algebra.in_P -> sets_PiM_I_finite
  1235   finite_product_sigma_algebra.P_empty -> space_PiM_empty, sets_PiM_empty
  1236   information_space.conditional_entropy_eq -> information_space.conditional_entropy_simple_distributed
  1237   information_space.conditional_entropy_positive -> information_space.conditional_entropy_nonneg_simple
  1238   information_space.conditional_mutual_information_eq_mutual_information -> information_space.conditional_mutual_information_eq_mutual_information_simple
  1239   information_space.conditional_mutual_information_generic_positive -> information_space.conditional_mutual_information_nonneg_simple
  1240   information_space.conditional_mutual_information_positive -> information_space.conditional_mutual_information_nonneg_simple
  1241   information_space.entropy_commute -> information_space.entropy_commute_simple
  1242   information_space.entropy_eq -> information_space.entropy_simple_distributed
  1243   information_space.entropy_generic_eq -> information_space.entropy_simple_distributed
  1244   information_space.entropy_positive -> information_space.entropy_nonneg_simple
  1245   information_space.entropy_uniform_max -> information_space.entropy_uniform
  1246   information_space.KL_eq_0_imp -> information_space.KL_eq_0_iff_eq
  1247   information_space.KL_eq_0 -> information_space.KL_same_eq_0
  1248   information_space.KL_ge_0 -> information_space.KL_nonneg
  1249   information_space.mutual_information_eq -> information_space.mutual_information_simple_distributed
  1250   information_space.mutual_information_positive -> information_space.mutual_information_nonneg_simple
  1251   Int_stable_cuboids -> Int_stable_atLeastAtMost
  1252   Int_stable_product_algebra_generator -> positive_integral
  1253   measure_preserving -> equality "distr M N f = N" "f : measurable M N"
  1254   measure_space.additive -> emeasure_additive
  1255   measure_space.AE_iff_null_set -> AE_iff_null
  1256   measure_space.almost_everywhere_def -> eventually_ae_filter
  1257   measure_space.almost_everywhere_vimage -> AE_distrD
  1258   measure_space.continuity_from_above -> INF_emeasure_decseq
  1259   measure_space.continuity_from_above_Lim -> Lim_emeasure_decseq
  1260   measure_space.continuity_from_below_Lim -> Lim_emeasure_incseq
  1261   measure_space.continuity_from_below -> SUP_emeasure_incseq
  1262   measure_space_density -> emeasure_density
  1263   measure_space.density_is_absolutely_continuous -> absolutely_continuousI_density
  1264   measure_space.integrable_vimage -> integrable_distr
  1265   measure_space.integral_translated_density -> integral_density
  1266   measure_space.integral_vimage -> integral_distr
  1267   measure_space.measure_additive -> plus_emeasure
  1268   measure_space.measure_compl -> emeasure_compl
  1269   measure_space.measure_countable_increasing -> emeasure_countable_increasing
  1270   measure_space.measure_countably_subadditive -> emeasure_subadditive_countably
  1271   measure_space.measure_decseq -> decseq_emeasure
  1272   measure_space.measure_Diff -> emeasure_Diff
  1273   measure_space.measure_Diff_null_set -> emeasure_Diff_null_set
  1274   measure_space.measure_eq_0 -> emeasure_eq_0
  1275   measure_space.measure_finitely_subadditive -> emeasure_subadditive_finite
  1276   measure_space.measure_finite_singleton -> emeasure_eq_setsum_singleton
  1277   measure_space.measure_incseq -> incseq_emeasure
  1278   measure_space.measure_insert -> emeasure_insert
  1279   measure_space.measure_mono -> emeasure_mono
  1280   measure_space.measure_not_negative -> emeasure_not_MInf
  1281   measure_space.measure_preserving_Int_stable -> measure_eqI_generator_eq
  1282   measure_space.measure_setsum -> setsum_emeasure
  1283   measure_space.measure_setsum_split -> setsum_emeasure_cover
  1284   measure_space.measure_space_vimage -> emeasure_distr
  1285   measure_space.measure_subadditive_finite -> emeasure_subadditive_finite
  1286   measure_space.measure_subadditive -> subadditive
  1287   measure_space.measure_top -> emeasure_space
  1288   measure_space.measure_UN_eq_0 -> emeasure_UN_eq_0
  1289   measure_space.measure_Un_null_set -> emeasure_Un_null_set
  1290   measure_space.positive_integral_translated_density -> positive_integral_density
  1291   measure_space.positive_integral_vimage -> positive_integral_distr
  1292   measure_space.real_continuity_from_above -> Lim_measure_decseq
  1293   measure_space.real_continuity_from_below -> Lim_measure_incseq
  1294   measure_space.real_measure_countably_subadditive -> measure_subadditive_countably
  1295   measure_space.real_measure_Diff -> measure_Diff
  1296   measure_space.real_measure_finite_Union -> measure_finite_Union
  1297   measure_space.real_measure_setsum_singleton -> measure_eq_setsum_singleton
  1298   measure_space.real_measure_subadditive -> measure_subadditive
  1299   measure_space.real_measure_Union -> measure_Union
  1300   measure_space.real_measure_UNION -> measure_UNION
  1301   measure_space.simple_function_vimage -> simple_function_comp
  1302   measure_space.simple_integral_vimage -> simple_integral_distr
  1303   measure_space.simple_integral_vimage -> simple_integral_distr
  1304   measure_unique_Int_stable -> measure_eqI_generator_eq
  1305   measure_unique_Int_stable_vimage -> measure_eqI_generator_eq
  1306   pair_sigma_algebra.measurable_cut_fst -> sets_Pair1
  1307   pair_sigma_algebra.measurable_cut_snd -> sets_Pair2
  1308   pair_sigma_algebra.measurable_pair_image_fst -> measurable_Pair1
  1309   pair_sigma_algebra.measurable_pair_image_snd -> measurable_Pair2
  1310   pair_sigma_algebra.measurable_product_swap -> measurable_pair_swap_iff
  1311   pair_sigma_algebra.pair_sigma_algebra_measurable -> measurable_pair_swap
  1312   pair_sigma_algebra.pair_sigma_algebra_swap_measurable -> measurable_pair_swap'
  1313   pair_sigma_algebra.sets_swap -> sets_pair_swap
  1314   pair_sigma_finite.measure_cut_measurable_fst -> pair_sigma_finite.measurable_emeasure_Pair1
  1315   pair_sigma_finite.measure_cut_measurable_snd -> pair_sigma_finite.measurable_emeasure_Pair2
  1316   pair_sigma_finite.measure_preserving_swap -> pair_sigma_finite.distr_pair_swap
  1317   pair_sigma_finite.pair_measure_alt2 -> pair_sigma_finite.emeasure_pair_measure_alt2
  1318   pair_sigma_finite.pair_measure_alt -> pair_sigma_finite.emeasure_pair_measure_alt
  1319   pair_sigma_finite.pair_measure_times -> pair_sigma_finite.emeasure_pair_measure_Times
  1320   prob_space.indep_distribution_eq_measure -> prob_space.indep_vars_iff_distr_eq_PiM
  1321   prob_space.indep_var_distributionD -> prob_space.indep_var_distribution_eq
  1322   prob_space.measure_space_1 -> prob_space.emeasure_space_1
  1323   prob_space.prob_space_vimage -> prob_space_distr
  1324   prob_space.random_variable_restrict -> measurable_restrict
  1325   prob_space_unique_Int_stable -> measure_eqI_prob_space
  1326   product_algebraE -> prod_algebraE_all
  1327   product_algebra_generator_der -> prod_algebra_eq_finite
  1328   product_algebra_generator_into_space -> prod_algebra_sets_into_space
  1329   product_algebraI -> sets_PiM_I_finite
  1330   product_measure_exists -> product_sigma_finite.sigma_finite
  1331   product_prob_space.finite_index_eq_finite_product -> product_prob_space.sets_PiM_generator
  1332   product_prob_space.finite_measure_infprod_emb_Pi -> product_prob_space.measure_PiM_emb
  1333   product_prob_space.infprod_spec -> product_prob_space.emeasure_PiM_emb_not_empty
  1334   product_prob_space.measurable_component -> measurable_component_singleton
  1335   product_prob_space.measurable_emb -> measurable_prod_emb
  1336   product_prob_space.measurable_into_infprod_algebra -> measurable_PiM_single
  1337   product_prob_space.measurable_singleton_infprod -> measurable_component_singleton
  1338   product_prob_space.measure_emb -> emeasure_prod_emb
  1339   product_prob_space.measure_preserving_restrict -> product_prob_space.distr_restrict
  1340   product_sigma_algebra.product_algebra_into_space -> space_closed
  1341   product_sigma_finite.measure_fold -> product_sigma_finite.distr_merge
  1342   product_sigma_finite.measure_preserving_component_singelton -> product_sigma_finite.distr_singleton
  1343   product_sigma_finite.measure_preserving_merge -> product_sigma_finite.distr_merge
  1344   sequence_space.measure_infprod -> sequence_space.measure_PiM_countable
  1345   sets_product_algebra -> sets_PiM
  1346   sigma_algebra.measurable_sigma -> measurable_measure_of
  1347   sigma_finite_measure.disjoint_sigma_finite -> sigma_finite_disjoint
  1348   sigma_finite_measure.RN_deriv_vimage -> sigma_finite_measure.RN_deriv_distr
  1349   sigma_product_algebra_sigma_eq -> sigma_prod_algebra_sigma_eq
  1350   space_product_algebra -> space_PiM
  1351 
  1352 * Session HOL-TPTP: support to parse and import TPTP problems (all
  1353 languages) into Isabelle/HOL.
  1354 
  1355 
  1356 *** FOL ***
  1357 
  1358 * New "case_product" attribute (see HOL).
  1359 
  1360 
  1361 *** ZF ***
  1362 
  1363 * Greater support for structured proofs involving induction or case
  1364 analysis.
  1365 
  1366 * Much greater use of mathematical symbols.
  1367 
  1368 * Removal of many ML theorem bindings.  INCOMPATIBILITY.
  1369 
  1370 
  1371 *** ML ***
  1372 
  1373 * Antiquotation @{keyword "name"} produces a parser for outer syntax
  1374 from a minor keyword introduced via theory header declaration.
  1375 
  1376 * Antiquotation @{command_spec "name"} produces the
  1377 Outer_Syntax.command_spec from a major keyword introduced via theory
  1378 header declaration; it can be passed to Outer_Syntax.command etc.
  1379 
  1380 * Local_Theory.define no longer hard-wires default theorem name
  1381 "foo_def", but retains the binding as given.  If that is Binding.empty
  1382 / Attrib.empty_binding, the result is not registered as user-level
  1383 fact.  The Local_Theory.define_internal variant allows to specify a
  1384 non-empty name (used for the foundation in the background theory),
  1385 while omitting the fact binding in the user-context.  Potential
  1386 INCOMPATIBILITY for derived definitional packages: need to specify
  1387 naming policy for primitive definitions more explicitly.
  1388 
  1389 * Renamed Thm.capply to Thm.apply, and Thm.cabs to Thm.lambda in
  1390 conformance with similar operations in structure Term and Logic.
  1391 
  1392 * Antiquotation @{attributes [...]} embeds attribute source
  1393 representation into the ML text, which is particularly useful with
  1394 declarations like Local_Theory.note.
  1395 
  1396 * Structure Proof_Context follows standard naming scheme.  Old
  1397 ProofContext has been discontinued.  INCOMPATIBILITY.
  1398 
  1399 * Refined Local_Theory.declaration {syntax, pervasive}, with subtle
  1400 change of semantics: update is applied to auxiliary local theory
  1401 context as well.
  1402 
  1403 * Modernized some old-style infix operations:
  1404 
  1405   addeqcongs    ~> Simplifier.add_eqcong
  1406   deleqcongs    ~> Simplifier.del_eqcong
  1407   addcongs      ~> Simplifier.add_cong
  1408   delcongs      ~> Simplifier.del_cong
  1409   setmksimps    ~> Simplifier.set_mksimps
  1410   setmkcong     ~> Simplifier.set_mkcong
  1411   setmksym      ~> Simplifier.set_mksym
  1412   setmkeqTrue   ~> Simplifier.set_mkeqTrue
  1413   settermless   ~> Simplifier.set_termless
  1414   setsubgoaler  ~> Simplifier.set_subgoaler
  1415   addsplits     ~> Splitter.add_split
  1416   delsplits     ~> Splitter.del_split
  1417 
  1418 
  1419 *** System ***
  1420 
  1421 * USER_HOME settings variable points to cross-platform user home
  1422 directory, which coincides with HOME on POSIX systems only.  Likewise,
  1423 the Isabelle path specification "~" now expands to $USER_HOME, instead
  1424 of former $HOME.  A different default for USER_HOME may be set
  1425 explicitly in shell environment, before Isabelle settings are
  1426 evaluated.  Minor INCOMPATIBILITY: need to adapt Isabelle path where
  1427 the generic user home was intended.
  1428 
  1429 * ISABELLE_HOME_WINDOWS refers to ISABELLE_HOME in windows file name
  1430 notation, which is useful for the jEdit file browser, for example.
  1431 
  1432 * ISABELLE_JDK_HOME settings variable points to JDK with javac and jar
  1433 (not just JRE).
  1434 
  1435 
  1436 
  1437 New in Isabelle2011-1 (October 2011)
  1438 ------------------------------------
  1439 
  1440 *** General ***
  1441 
  1442 * Improved Isabelle/jEdit Prover IDE (PIDE), which can be invoked as
  1443 "isabelle jedit" or "ISABELLE_HOME/Isabelle" on the command line.
  1444 
  1445   - Management of multiple theory files directly from the editor
  1446     buffer store -- bypassing the file-system (no requirement to save
  1447     files for checking).
  1448 
  1449   - Markup of formal entities within the text buffer, with semantic
  1450     highlighting, tooltips and hyperlinks to jump to defining source
  1451     positions.
  1452 
  1453   - Improved text rendering, with sub/superscripts in the source
  1454     buffer (including support for copy/paste wrt. output panel, HTML
  1455     theory output and other non-Isabelle text boxes).
  1456 
  1457   - Refined scheduling of proof checking and printing of results,
  1458     based on interactive editor view.  (Note: jEdit folding and
  1459     narrowing allows to restrict buffer perspectives explicitly.)
  1460 
  1461   - Reduced CPU performance requirements, usable on machines with few
  1462     cores.
  1463 
  1464   - Reduced memory requirements due to pruning of unused document
  1465     versions (garbage collection).
  1466 
  1467 See also ~~/src/Tools/jEdit/README.html for further information,
  1468 including some remaining limitations.
  1469 
  1470 * Theory loader: source files are exclusively located via the master
  1471 directory of each theory node (where the .thy file itself resides).
  1472 The global load path (such as src/HOL/Library) has been discontinued.
  1473 Note that the path element ~~ may be used to reference theories in the
  1474 Isabelle home folder -- for instance, "~~/src/HOL/Library/FuncSet".
  1475 INCOMPATIBILITY.
  1476 
  1477 * Theory loader: source files are identified by content via SHA1
  1478 digests.  Discontinued former path/modtime identification and optional
  1479 ISABELLE_FILE_IDENT plugin scripts.
  1480 
  1481 * Parallelization of nested Isar proofs is subject to
  1482 Goal.parallel_proofs_threshold (default 100).  See also isabelle
  1483 usedir option -Q.
  1484 
  1485 * Name space: former unsynchronized references are now proper
  1486 configuration options, with more conventional names:
  1487 
  1488   long_names   ~> names_long
  1489   short_names  ~> names_short
  1490   unique_names ~> names_unique
  1491 
  1492 Minor INCOMPATIBILITY, need to declare options in context like this:
  1493 
  1494   declare [[names_unique = false]]
  1495 
  1496 * Literal facts `prop` may contain dummy patterns, e.g. `_ = _`.  Note
  1497 that the result needs to be unique, which means fact specifications
  1498 may have to be refined after enriching a proof context.
  1499 
  1500 * Attribute "case_names" has been refined: the assumptions in each case
  1501 can be named now by following the case name with [name1 name2 ...].
  1502 
  1503 * Isabelle/Isar reference manual has been updated and extended:
  1504   - "Synopsis" provides a catalog of main Isar language concepts.
  1505   - Formal references in syntax diagrams, via @{rail} antiquotation.
  1506   - Updated material from classic "ref" manual, notably about
  1507     "Classical Reasoner".
  1508 
  1509 
  1510 *** HOL ***
  1511 
  1512 * Class bot and top require underlying partial order rather than
  1513 preorder: uniqueness of bot and top is guaranteed.  INCOMPATIBILITY.
  1514 
  1515 * Class complete_lattice: generalized a couple of lemmas from sets;
  1516 generalized theorems INF_cong and SUP_cong.  New type classes for
  1517 complete boolean algebras and complete linear orders.  Lemmas
  1518 Inf_less_iff, less_Sup_iff, INF_less_iff, less_SUP_iff now reside in
  1519 class complete_linorder.
  1520 
  1521 Changed proposition of lemmas Inf_bool_def, Sup_bool_def, Inf_fun_def,
  1522 Sup_fun_def, Inf_apply, Sup_apply.
  1523 
  1524 Removed redundant lemmas (the right hand side gives hints how to
  1525 replace them for (metis ...), or (simp only: ...) proofs):
  1526 
  1527   Inf_singleton ~> Inf_insert [where A="{}", unfolded Inf_empty inf_top_right]
  1528   Sup_singleton ~> Sup_insert [where A="{}", unfolded Sup_empty sup_bot_right]
  1529   Inf_binary ~> Inf_insert, Inf_empty, and inf_top_right
  1530   Sup_binary ~> Sup_insert, Sup_empty, and sup_bot_right
  1531   Int_eq_Inter ~> Inf_insert, Inf_empty, and inf_top_right
  1532   Un_eq_Union ~> Sup_insert, Sup_empty, and sup_bot_right
  1533   Inter_def ~> INF_def, image_def
  1534   Union_def ~> SUP_def, image_def
  1535   INT_eq ~> INF_def, and image_def
  1536   UN_eq ~> SUP_def, and image_def
  1537   INF_subset ~> INF_superset_mono [OF _ order_refl]
  1538 
  1539 More consistent and comprehensive names:
  1540 
  1541   INTER_eq_Inter_image ~> INF_def
  1542   UNION_eq_Union_image ~> SUP_def
  1543   INFI_def ~> INF_def
  1544   SUPR_def ~> SUP_def
  1545   INF_leI ~> INF_lower
  1546   INF_leI2 ~> INF_lower2
  1547   le_INFI ~> INF_greatest
  1548   le_SUPI ~> SUP_upper
  1549   le_SUPI2 ~> SUP_upper2
  1550   SUP_leI ~> SUP_least
  1551   INFI_bool_eq ~> INF_bool_eq
  1552   SUPR_bool_eq ~> SUP_bool_eq
  1553   INFI_apply ~> INF_apply
  1554   SUPR_apply ~> SUP_apply
  1555   INTER_def ~> INTER_eq
  1556   UNION_def ~> UNION_eq
  1557 
  1558 INCOMPATIBILITY.
  1559 
  1560 * Renamed theory Complete_Lattice to Complete_Lattices.
  1561 INCOMPATIBILITY.
  1562 
  1563 * Theory Complete_Lattices: lemmas Inf_eq_top_iff, INF_eq_top_iff,
  1564 INF_image, Inf_insert, INF_top, Inf_top_conv, INF_top_conv, SUP_bot,
  1565 Sup_bot_conv, SUP_bot_conv, Sup_eq_top_iff, SUP_eq_top_iff, SUP_image,
  1566 Sup_insert are now declared as [simp].  INCOMPATIBILITY.
  1567 
  1568 * Theory Lattice: lemmas compl_inf_bot, compl_le_comp_iff,
  1569 compl_sup_top, inf_idem, inf_left_idem, inf_sup_absorb, sup_idem,
  1570 sup_inf_absob, sup_left_idem are now declared as [simp].  Minor
  1571 INCOMPATIBILITY.
  1572 
  1573 * Added syntactic classes "inf" and "sup" for the respective
  1574 constants.  INCOMPATIBILITY: Changes in the argument order of the
  1575 (mostly internal) locale predicates for some derived classes.
  1576 
  1577 * Theorem collections ball_simps and bex_simps do not contain theorems
  1578 referring to UNION any longer; these have been moved to collection
  1579 UN_ball_bex_simps.  INCOMPATIBILITY.
  1580 
  1581 * Theory Archimedean_Field: floor now is defined as parameter of a
  1582 separate type class floor_ceiling.
  1583 
  1584 * Theory Finite_Set: more coherent development of fold_set locales:
  1585 
  1586     locale fun_left_comm ~> locale comp_fun_commute
  1587     locale fun_left_comm_idem ~> locale comp_fun_idem
  1588 
  1589 Both use point-free characterization; interpretation proofs may need
  1590 adjustment.  INCOMPATIBILITY.
  1591 
  1592 * Theory Limits: Type "'a net" has been renamed to "'a filter", in
  1593 accordance with standard mathematical terminology. INCOMPATIBILITY.
  1594 
  1595 * Theory Complex_Main: The locale interpretations for the
  1596 bounded_linear and bounded_bilinear locales have been removed, in
  1597 order to reduce the number of duplicate lemmas. Users must use the
  1598 original names for distributivity theorems, potential INCOMPATIBILITY.
  1599 
  1600   divide.add ~> add_divide_distrib
  1601   divide.diff ~> diff_divide_distrib
  1602   divide.setsum ~> setsum_divide_distrib
  1603   mult.add_right ~> right_distrib
  1604   mult.diff_right ~> right_diff_distrib
  1605   mult_right.setsum ~> setsum_right_distrib
  1606   mult_left.diff ~> left_diff_distrib
  1607 
  1608 * Theory Complex_Main: Several redundant theorems have been removed or
  1609 replaced by more general versions. INCOMPATIBILITY.
  1610 
  1611   real_diff_def ~> minus_real_def
  1612   real_divide_def ~> divide_real_def
  1613   real_less_def ~> less_le
  1614   real_abs_def ~> abs_real_def
  1615   real_sgn_def ~> sgn_real_def
  1616   real_mult_commute ~> mult_commute
  1617   real_mult_assoc ~> mult_assoc
  1618   real_mult_1 ~> mult_1_left
  1619   real_add_mult_distrib ~> left_distrib
  1620   real_zero_not_eq_one ~> zero_neq_one
  1621   real_mult_inverse_left ~> left_inverse
  1622   INVERSE_ZERO ~> inverse_zero
  1623   real_le_refl ~> order_refl
  1624   real_le_antisym ~> order_antisym
  1625   real_le_trans ~> order_trans
  1626   real_le_linear ~> linear
  1627   real_le_eq_diff ~> le_iff_diff_le_0
  1628   real_add_left_mono ~> add_left_mono
  1629   real_mult_order ~> mult_pos_pos
  1630   real_mult_less_mono2 ~> mult_strict_left_mono
  1631   real_of_int_real_of_nat ~> real_of_int_of_nat_eq
  1632   real_0_le_divide_iff ~> zero_le_divide_iff
  1633   realpow_two_disj ~> power2_eq_iff
  1634   real_squared_diff_one_factored ~> square_diff_one_factored
  1635   realpow_two_diff ~> square_diff_square_factored
  1636   reals_complete2 ~> complete_real
  1637   real_sum_squared_expand ~> power2_sum
  1638   exp_ln_eq ~> ln_unique
  1639   expi_add ~> exp_add
  1640   expi_zero ~> exp_zero
  1641   lemma_DERIV_subst ~> DERIV_cong
  1642   LIMSEQ_Zfun_iff ~> tendsto_Zfun_iff
  1643   LIMSEQ_const ~> tendsto_const
  1644   LIMSEQ_norm ~> tendsto_norm
  1645   LIMSEQ_add ~> tendsto_add
  1646   LIMSEQ_minus ~> tendsto_minus
  1647   LIMSEQ_minus_cancel ~> tendsto_minus_cancel
  1648   LIMSEQ_diff ~> tendsto_diff
  1649   bounded_linear.LIMSEQ ~> bounded_linear.tendsto
  1650   bounded_bilinear.LIMSEQ ~> bounded_bilinear.tendsto
  1651   LIMSEQ_mult ~> tendsto_mult
  1652   LIMSEQ_inverse ~> tendsto_inverse
  1653   LIMSEQ_divide ~> tendsto_divide
  1654   LIMSEQ_pow ~> tendsto_power
  1655   LIMSEQ_setsum ~> tendsto_setsum
  1656   LIMSEQ_setprod ~> tendsto_setprod
  1657   LIMSEQ_norm_zero ~> tendsto_norm_zero_iff
  1658   LIMSEQ_rabs_zero ~> tendsto_rabs_zero_iff
  1659   LIMSEQ_imp_rabs ~> tendsto_rabs
  1660   LIMSEQ_add_minus ~> tendsto_add [OF _ tendsto_minus]
  1661   LIMSEQ_add_const ~> tendsto_add [OF _ tendsto_const]
  1662   LIMSEQ_diff_const ~> tendsto_diff [OF _ tendsto_const]
  1663   LIMSEQ_Complex ~> tendsto_Complex
  1664   LIM_ident ~> tendsto_ident_at
  1665   LIM_const ~> tendsto_const
  1666   LIM_add ~> tendsto_add
  1667   LIM_add_zero ~> tendsto_add_zero
  1668   LIM_minus ~> tendsto_minus
  1669   LIM_diff ~> tendsto_diff
  1670   LIM_norm ~> tendsto_norm
  1671   LIM_norm_zero ~> tendsto_norm_zero
  1672   LIM_norm_zero_cancel ~> tendsto_norm_zero_cancel
  1673   LIM_norm_zero_iff ~> tendsto_norm_zero_iff
  1674   LIM_rabs ~> tendsto_rabs
  1675   LIM_rabs_zero ~> tendsto_rabs_zero
  1676   LIM_rabs_zero_cancel ~> tendsto_rabs_zero_cancel
  1677   LIM_rabs_zero_iff ~> tendsto_rabs_zero_iff
  1678   LIM_compose ~> tendsto_compose
  1679   LIM_mult ~> tendsto_mult
  1680   LIM_scaleR ~> tendsto_scaleR
  1681   LIM_of_real ~> tendsto_of_real
  1682   LIM_power ~> tendsto_power
  1683   LIM_inverse ~> tendsto_inverse
  1684   LIM_sgn ~> tendsto_sgn
  1685   isCont_LIM_compose ~> isCont_tendsto_compose
  1686   bounded_linear.LIM ~> bounded_linear.tendsto
  1687   bounded_linear.LIM_zero ~> bounded_linear.tendsto_zero
  1688   bounded_bilinear.LIM ~> bounded_bilinear.tendsto
  1689   bounded_bilinear.LIM_prod_zero ~> bounded_bilinear.tendsto_zero
  1690   bounded_bilinear.LIM_left_zero ~> bounded_bilinear.tendsto_left_zero
  1691   bounded_bilinear.LIM_right_zero ~> bounded_bilinear.tendsto_right_zero
  1692   LIM_inverse_fun ~> tendsto_inverse [OF tendsto_ident_at]
  1693 
  1694 * Theory Complex_Main: The definition of infinite series was
  1695 generalized.  Now it is defined on the type class {topological_space,
  1696 comm_monoid_add}.  Hence it is useable also for extended real numbers.
  1697 
  1698 * Theory Complex_Main: The complex exponential function "expi" is now
  1699 a type-constrained abbreviation for "exp :: complex => complex"; thus
  1700 several polymorphic lemmas about "exp" are now applicable to "expi".
  1701 
  1702 * Code generation:
  1703 
  1704   - Theory Library/Code_Char_ord provides native ordering of
  1705     characters in the target language.
  1706 
  1707   - Commands code_module and code_library are legacy, use export_code
  1708     instead.
  1709 
  1710   - Method "evaluation" is legacy, use method "eval" instead.
  1711 
  1712   - Legacy evaluator "SML" is deactivated by default.  May be
  1713     reactivated by the following theory command:
  1714 
  1715       setup {* Value.add_evaluator ("SML", Codegen.eval_term) *}
  1716 
  1717 * Declare ext [intro] by default.  Rare INCOMPATIBILITY.
  1718 
  1719 * New proof method "induction" that gives induction hypotheses the
  1720 name "IH", thus distinguishing them from further hypotheses that come
  1721 from rule induction.  The latter are still called "hyps".  Method
  1722 "induction" is a thin wrapper around "induct" and follows the same
  1723 syntax.
  1724 
  1725 * Method "fastsimp" has been renamed to "fastforce", but "fastsimp" is
  1726 still available as a legacy feature for some time.
  1727 
  1728 * Nitpick:
  1729   - Added "need" and "total_consts" options.
  1730   - Reintroduced "show_skolems" option by popular demand.
  1731   - Renamed attribute: nitpick_def ~> nitpick_unfold.
  1732     INCOMPATIBILITY.
  1733 
  1734 * Sledgehammer:
  1735   - Use quasi-sound (and efficient) translations by default.
  1736   - Added support for the following provers: E-ToFoF, LEO-II,
  1737     Satallax, SNARK, Waldmeister, and Z3 with TPTP syntax.
  1738   - Automatically preplay and minimize proofs before showing them if
  1739     this can be done within reasonable time.
  1740   - sledgehammer available_provers ~> sledgehammer supported_provers.
  1741     INCOMPATIBILITY.
  1742   - Added "preplay_timeout", "slicing", "type_enc", "sound",
  1743     "max_mono_iters", and "max_new_mono_instances" options.
  1744   - Removed "explicit_apply" and "full_types" options as well as "Full
  1745     Types" Proof General menu item. INCOMPATIBILITY.
  1746 
  1747 * Metis:
  1748   - Removed "metisF" -- use "metis" instead. INCOMPATIBILITY.
  1749   - Obsoleted "metisFT" -- use "metis (full_types)" instead.
  1750     INCOMPATIBILITY.
  1751 
  1752 * Command 'try':
  1753   - Renamed 'try_methods' and added "simp:", "intro:", "dest:", and
  1754     "elim:" options. INCOMPATIBILITY.
  1755   - Introduced 'try' that not only runs 'try_methods' but also
  1756     'solve_direct', 'sledgehammer', 'quickcheck', and 'nitpick'.
  1757 
  1758 * Quickcheck:
  1759   - Added "eval" option to evaluate terms for the found counterexample
  1760     (currently only supported by the default (exhaustive) tester).
  1761   - Added post-processing of terms to obtain readable counterexamples
  1762     (currently only supported by the default (exhaustive) tester).
  1763   - New counterexample generator quickcheck[narrowing] enables
  1764     narrowing-based testing.  Requires the Glasgow Haskell compiler
  1765     with its installation location defined in the Isabelle settings
  1766     environment as ISABELLE_GHC.
  1767   - Removed quickcheck tester "SML" based on the SML code generator
  1768     (formly in HOL/Library).
  1769 
  1770 * Function package: discontinued option "tailrec".  INCOMPATIBILITY,
  1771 use 'partial_function' instead.
  1772 
  1773 * Theory Library/Extended_Reals replaces now the positive extended
  1774 reals found in probability theory. This file is extended by
  1775 Multivariate_Analysis/Extended_Real_Limits.
  1776 
  1777 * Theory Library/Old_Recdef: old 'recdef' package has been moved here,
  1778 from where it must be imported explicitly if it is really required.
  1779 INCOMPATIBILITY.
  1780 
  1781 * Theory Library/Wfrec: well-founded recursion combinator "wfrec" has
  1782 been moved here.  INCOMPATIBILITY.
  1783 
  1784 * Theory Library/Saturated provides type of numbers with saturated
  1785 arithmetic.
  1786 
  1787 * Theory Library/Product_Lattice defines a pointwise ordering for the
  1788 product type 'a * 'b, and provides instance proofs for various order
  1789 and lattice type classes.
  1790 
  1791 * Theory Library/Countable now provides the "countable_datatype" proof
  1792 method for proving "countable" class instances for datatypes.
  1793 
  1794 * Theory Library/Cset_Monad allows do notation for computable sets
  1795 (cset) via the generic monad ad-hoc overloading facility.
  1796 
  1797 * Library: Theories of common data structures are split into theories
  1798 for implementation, an invariant-ensuring type, and connection to an
  1799 abstract type. INCOMPATIBILITY.
  1800 
  1801   - RBT is split into RBT and RBT_Mapping.
  1802   - AssocList is split and renamed into AList and AList_Mapping.
  1803   - DList is split into DList_Impl, DList, and DList_Cset.
  1804   - Cset is split into Cset and List_Cset.
  1805 
  1806 * Theory Library/Nat_Infinity has been renamed to
  1807 Library/Extended_Nat, with name changes of the following types and
  1808 constants:
  1809 
  1810   type inat   ~> type enat
  1811   Fin         ~> enat
  1812   Infty       ~> infinity (overloaded)
  1813   iSuc        ~> eSuc
  1814   the_Fin     ~> the_enat
  1815 
  1816 Every theorem name containing "inat", "Fin", "Infty", or "iSuc" has
  1817 been renamed accordingly. INCOMPATIBILITY.
  1818 
  1819 * Session Multivariate_Analysis: The euclidean_space type class now
  1820 fixes a constant "Basis :: 'a set" consisting of the standard
  1821 orthonormal basis for the type. Users now have the option of
  1822 quantifying over this set instead of using the "basis" function, e.g.
  1823 "ALL x:Basis. P x" vs "ALL i<DIM('a). P (basis i)".
  1824 
  1825 * Session Multivariate_Analysis: Type "('a, 'b) cart" has been renamed
  1826 to "('a, 'b) vec" (the syntax "'a ^ 'b" remains unaffected). Constants
  1827 "Cart_nth" and "Cart_lambda" have been respectively renamed to
  1828 "vec_nth" and "vec_lambda"; theorems mentioning those names have
  1829 changed to match. Definition theorems for overloaded constants now use
  1830 the standard "foo_vec_def" naming scheme. A few other theorems have
  1831 been renamed as follows (INCOMPATIBILITY):
  1832 
  1833   Cart_eq          ~> vec_eq_iff
  1834   dist_nth_le_cart ~> dist_vec_nth_le
  1835   tendsto_vector   ~> vec_tendstoI
  1836   Cauchy_vector    ~> vec_CauchyI
  1837 
  1838 * Session Multivariate_Analysis: Several duplicate theorems have been
  1839 removed, and other theorems have been renamed or replaced with more
  1840 general versions. INCOMPATIBILITY.
  1841 
  1842   finite_choice ~> finite_set_choice
  1843   eventually_conjI ~> eventually_conj
  1844   eventually_and ~> eventually_conj_iff
  1845   eventually_false ~> eventually_False
  1846   setsum_norm ~> norm_setsum
  1847   Lim_sequentially ~> LIMSEQ_def
  1848   Lim_ident_at ~> LIM_ident
  1849   Lim_const ~> tendsto_const
  1850   Lim_cmul ~> tendsto_scaleR [OF tendsto_const]
  1851   Lim_neg ~> tendsto_minus
  1852   Lim_add ~> tendsto_add
  1853   Lim_sub ~> tendsto_diff
  1854   Lim_mul ~> tendsto_scaleR
  1855   Lim_vmul ~> tendsto_scaleR [OF _ tendsto_const]
  1856   Lim_null_norm ~> tendsto_norm_zero_iff [symmetric]
  1857   Lim_linear ~> bounded_linear.tendsto
  1858   Lim_component ~> tendsto_euclidean_component
  1859   Lim_component_cart ~> tendsto_vec_nth
  1860   Lim_inner ~> tendsto_inner [OF tendsto_const]
  1861   dot_lsum ~> inner_setsum_left
  1862   dot_rsum ~> inner_setsum_right
  1863   continuous_cmul ~> continuous_scaleR [OF continuous_const]
  1864   continuous_neg ~> continuous_minus
  1865   continuous_sub ~> continuous_diff
  1866   continuous_vmul ~> continuous_scaleR [OF _ continuous_const]
  1867   continuous_mul ~> continuous_scaleR
  1868   continuous_inv ~> continuous_inverse
  1869   continuous_at_within_inv ~> continuous_at_within_inverse
  1870   continuous_at_inv ~> continuous_at_inverse
  1871   continuous_at_norm ~> continuous_norm [OF continuous_at_id]
  1872   continuous_at_infnorm ~> continuous_infnorm [OF continuous_at_id]
  1873   continuous_at_component ~> continuous_component [OF continuous_at_id]
  1874   continuous_on_neg ~> continuous_on_minus
  1875   continuous_on_sub ~> continuous_on_diff
  1876   continuous_on_cmul ~> continuous_on_scaleR [OF continuous_on_const]
  1877   continuous_on_vmul ~> continuous_on_scaleR [OF _ continuous_on_const]
  1878   continuous_on_mul ~> continuous_on_scaleR
  1879   continuous_on_mul_real ~> continuous_on_mult
  1880   continuous_on_inner ~> continuous_on_inner [OF continuous_on_const]
  1881   continuous_on_norm ~> continuous_on_norm [OF continuous_on_id]
  1882   continuous_on_inverse ~> continuous_on_inv
  1883   uniformly_continuous_on_neg ~> uniformly_continuous_on_minus
  1884   uniformly_continuous_on_sub ~> uniformly_continuous_on_diff
  1885   subset_interior ~> interior_mono
  1886   subset_closure ~> closure_mono
  1887   closure_univ ~> closure_UNIV
  1888   real_arch_lt ~> reals_Archimedean2
  1889   real_arch ~> reals_Archimedean3
  1890   real_abs_norm ~> abs_norm_cancel
  1891   real_abs_sub_norm ~> norm_triangle_ineq3
  1892   norm_cauchy_schwarz_abs ~> Cauchy_Schwarz_ineq2
  1893 
  1894 * Session HOL-Probability:
  1895   - Caratheodory's extension lemma is now proved for ring_of_sets.
  1896   - Infinite products of probability measures are now available.
  1897   - Sigma closure is independent, if the generator is independent
  1898   - Use extended reals instead of positive extended
  1899     reals. INCOMPATIBILITY.
  1900 
  1901 * Session HOLCF: Discontinued legacy theorem names, INCOMPATIBILITY.
  1902 
  1903   expand_fun_below ~> fun_below_iff
  1904   below_fun_ext ~> fun_belowI
  1905   expand_cfun_eq ~> cfun_eq_iff
  1906   ext_cfun ~> cfun_eqI
  1907   expand_cfun_below ~> cfun_below_iff
  1908   below_cfun_ext ~> cfun_belowI
  1909   monofun_fun_fun ~> fun_belowD
  1910   monofun_fun_arg ~> monofunE
  1911   monofun_lub_fun ~> adm_monofun [THEN admD]
  1912   cont_lub_fun ~> adm_cont [THEN admD]
  1913   cont2cont_Rep_CFun ~> cont2cont_APP
  1914   cont_Rep_CFun_app ~> cont_APP_app
  1915   cont_Rep_CFun_app_app ~> cont_APP_app_app
  1916   cont_cfun_fun ~> cont_Rep_cfun1 [THEN contE]
  1917   cont_cfun_arg ~> cont_Rep_cfun2 [THEN contE]
  1918   contlub_cfun ~> lub_APP [symmetric]
  1919   contlub_LAM ~> lub_LAM [symmetric]
  1920   thelubI ~> lub_eqI
  1921   UU_I ~> bottomI
  1922   lift_distinct1 ~> lift.distinct(1)
  1923   lift_distinct2 ~> lift.distinct(2)
  1924   Def_not_UU ~> lift.distinct(2)
  1925   Def_inject ~> lift.inject
  1926   below_UU_iff ~> below_bottom_iff
  1927   eq_UU_iff ~> eq_bottom_iff
  1928 
  1929 
  1930 *** Document preparation ***
  1931 
  1932 * Antiquotation @{rail} layouts railroad syntax diagrams, see also
  1933 isar-ref manual, both for description and actual application of the
  1934 same.
  1935 
  1936 * Antiquotation @{value} evaluates the given term and presents its
  1937 result.
  1938 
  1939 * Antiquotations: term style "isub" provides ad-hoc conversion of
  1940 variables x1, y23 into subscripted form x\<^isub>1,
  1941 y\<^isub>2\<^isub>3.
  1942 
  1943 * Predefined LaTeX macros for Isabelle symbols \<bind> and \<then>
  1944 (e.g. see ~~/src/HOL/Library/Monad_Syntax.thy).
  1945 
  1946 * Localized \isabellestyle switch can be used within blocks or groups
  1947 like this:
  1948 
  1949   \isabellestyle{it}  %preferred default
  1950   {\isabellestylett @{text "typewriter stuff"}}
  1951 
  1952 * Discontinued special treatment of hard tabulators.  Implicit
  1953 tab-width is now defined as 1.  Potential INCOMPATIBILITY for visual
  1954 layouts.
  1955 
  1956 
  1957 *** ML ***
  1958 
  1959 * The inner syntax of sort/type/term/prop supports inlined YXML
  1960 representations within quoted string tokens.  By encoding logical
  1961 entities via Term_XML (in ML or Scala) concrete syntax can be
  1962 bypassed, which is particularly useful for producing bits of text
  1963 under external program control.
  1964 
  1965 * Antiquotations for ML and document preparation are managed as theory
  1966 data, which requires explicit setup.
  1967 
  1968 * Isabelle_Process.is_active allows tools to check if the official
  1969 process wrapper is running (Isabelle/Scala/jEdit) or the old TTY loop
  1970 (better known as Proof General).
  1971 
  1972 * Structure Proof_Context follows standard naming scheme.  Old
  1973 ProofContext is still available for some time as legacy alias.
  1974 
  1975 * Structure Timing provides various operations for timing; supersedes
  1976 former start_timing/end_timing etc.
  1977 
  1978 * Path.print is the official way to show file-system paths to users
  1979 (including quotes etc.).
  1980 
  1981 * Inner syntax: identifiers in parse trees of generic categories
  1982 "logic", "aprop", "idt" etc. carry position information (disguised as
  1983 type constraints).  Occasional INCOMPATIBILITY with non-compliant
  1984 translations that choke on unexpected type constraints.  Positions can
  1985 be stripped in ML translations via Syntax.strip_positions /
  1986 Syntax.strip_positions_ast, or via the syntax constant
  1987 "_strip_positions" within parse trees.  As last resort, positions can
  1988 be disabled via the configuration option Syntax.positions, which is
  1989 called "syntax_positions" in Isar attribute syntax.
  1990 
  1991 * Discontinued special status of various ML structures that contribute
  1992 to structure Syntax (Ast, Lexicon, Mixfix, Parser, Printer etc.): less
  1993 pervasive content, no inclusion in structure Syntax.  INCOMPATIBILITY,
  1994 refer directly to Ast.Constant, Lexicon.is_identifier,
  1995 Syntax_Trans.mk_binder_tr etc.
  1996 
  1997 * Typed print translation: discontinued show_sorts argument, which is
  1998 already available via context of "advanced" translation.
  1999 
  2000 * Refined PARALLEL_GOALS tactical: degrades gracefully for schematic
  2001 goal states; body tactic needs to address all subgoals uniformly.
  2002 
  2003 * Slightly more special eq_list/eq_set, with shortcut involving
  2004 pointer equality (assumes that eq relation is reflexive).
  2005 
  2006 * Classical tactics use proper Proof.context instead of historic types
  2007 claset/clasimpset.  Old-style declarations like addIs, addEs, addDs
  2008 operate directly on Proof.context.  Raw type claset retains its use as
  2009 snapshot of the classical context, which can be recovered via
  2010 (put_claset HOL_cs) etc.  Type clasimpset has been discontinued.
  2011 INCOMPATIBILITY, classical tactics and derived proof methods require
  2012 proper Proof.context.
  2013 
  2014 
  2015 *** System ***
  2016 
  2017 * Discontinued support for Poly/ML 5.2, which was the last version
  2018 without proper multithreading and TimeLimit implementation.
  2019 
  2020 * Discontinued old lib/scripts/polyml-platform, which has been
  2021 obsolete since Isabelle2009-2.
  2022 
  2023 * Various optional external tools are referenced more robustly and
  2024 uniformly by explicit Isabelle settings as follows:
  2025 
  2026   ISABELLE_CSDP   (formerly CSDP_EXE)
  2027   ISABELLE_GHC    (formerly EXEC_GHC or GHC_PATH)
  2028   ISABELLE_OCAML  (formerly EXEC_OCAML)
  2029   ISABELLE_SWIPL  (formerly EXEC_SWIPL)
  2030   ISABELLE_YAP    (formerly EXEC_YAP)
  2031 
  2032 Note that automated detection from the file-system or search path has
  2033 been discontinued.  INCOMPATIBILITY.
  2034 
  2035 * Scala layer provides JVM method invocation service for static
  2036 methods of type (String)String, see Invoke_Scala.method in ML.  For
  2037 example:
  2038 
  2039   Invoke_Scala.method "java.lang.System.getProperty" "java.home"
  2040 
  2041 Together with YXML.string_of_body/parse_body and XML.Encode/Decode
  2042 this allows to pass structured values between ML and Scala.
  2043 
  2044 * The IsabelleText fonts includes some further glyphs to support the
  2045 Prover IDE.  Potential INCOMPATIBILITY: users who happen to have
  2046 installed a local copy (which is normally *not* required) need to
  2047 delete or update it from ~~/lib/fonts/.
  2048 
  2049 
  2050 
  2051 New in Isabelle2011 (January 2011)
  2052 ----------------------------------
  2053 
  2054 *** General ***
  2055 
  2056 * Experimental Prover IDE based on Isabelle/Scala and jEdit (see
  2057 src/Tools/jEdit).  This also serves as IDE for Isabelle/ML, with
  2058 useful tooltips and hyperlinks produced from its static analysis.  The
  2059 bundled component provides an executable Isabelle tool that can be run
  2060 like this:
  2061 
  2062   Isabelle2011/bin/isabelle jedit
  2063 
  2064 * Significantly improved Isabelle/Isar implementation manual.
  2065 
  2066 * System settings: ISABELLE_HOME_USER now includes ISABELLE_IDENTIFIER
  2067 (and thus refers to something like $HOME/.isabelle/Isabelle2011),
  2068 while the default heap location within that directory lacks that extra
  2069 suffix.  This isolates multiple Isabelle installations from each
  2070 other, avoiding problems with old settings in new versions.
  2071 INCOMPATIBILITY, need to copy/upgrade old user settings manually.
  2072 
  2073 * Source files are always encoded as UTF-8, instead of old-fashioned
  2074 ISO-Latin-1.  INCOMPATIBILITY.  Isabelle LaTeX documents might require
  2075 the following package declarations:
  2076 
  2077   \usepackage[utf8]{inputenc}
  2078   \usepackage{textcomp}
  2079 
  2080 * Explicit treatment of UTF-8 sequences as Isabelle symbols, such that
  2081 a Unicode character is treated as a single symbol, not a sequence of
  2082 non-ASCII bytes as before.  Since Isabelle/ML string literals may
  2083 contain symbols without further backslash escapes, Unicode can now be
  2084 used here as well.  Recall that Symbol.explode in ML provides a
  2085 consistent view on symbols, while raw explode (or String.explode)
  2086 merely give a byte-oriented representation.
  2087 
  2088 * Theory loader: source files are primarily located via the master
  2089 directory of each theory node (where the .thy file itself resides).
  2090 The global load path is still partially available as legacy feature.
  2091 Minor INCOMPATIBILITY due to subtle change in file lookup: use
  2092 explicit paths, relatively to the theory.
  2093 
  2094 * Special treatment of ML file names has been discontinued.
  2095 Historically, optional extensions .ML or .sml were added on demand --
  2096 at the cost of clarity of file dependencies.  Recall that Isabelle/ML
  2097 files exclusively use the .ML extension.  Minor INCOMPATIBILTY.
  2098 
  2099 * Various options that affect pretty printing etc. are now properly
  2100 handled within the context via configuration options, instead of
  2101 unsynchronized references or print modes.  There are both ML Config.T
  2102 entities and Isar declaration attributes to access these.
  2103 
  2104   ML (Config.T)                 Isar (attribute)
  2105 
  2106   eta_contract                  eta_contract
  2107   show_brackets                 show_brackets
  2108   show_sorts                    show_sorts
  2109   show_types                    show_types
  2110   show_question_marks           show_question_marks
  2111   show_consts                   show_consts
  2112   show_abbrevs                  show_abbrevs
  2113 
  2114   Syntax.ast_trace              syntax_ast_trace
  2115   Syntax.ast_stat               syntax_ast_stat
  2116   Syntax.ambiguity_level        syntax_ambiguity_level
  2117 
  2118   Goal_Display.goals_limit      goals_limit
  2119   Goal_Display.show_main_goal   show_main_goal
  2120 
  2121   Method.rule_trace             rule_trace
  2122 
  2123   Thy_Output.display            thy_output_display
  2124   Thy_Output.quotes             thy_output_quotes
  2125   Thy_Output.indent             thy_output_indent
  2126   Thy_Output.source             thy_output_source
  2127   Thy_Output.break              thy_output_break
  2128 
  2129 Note that corresponding "..._default" references in ML may only be
  2130 changed globally at the ROOT session setup, but *not* within a theory.
  2131 The option "show_abbrevs" supersedes the former print mode
  2132 "no_abbrevs" with inverted meaning.
  2133 
  2134 * More systematic naming of some configuration options.
  2135 INCOMPATIBILITY.
  2136 
  2137   trace_simp  ~>  simp_trace
  2138   debug_simp  ~>  simp_debug
  2139 
  2140 * Support for real valued configuration options, using simplistic
  2141 floating-point notation that coincides with the inner syntax for
  2142 float_token.
  2143 
  2144 * Support for real valued preferences (with approximative PGIP type):
  2145 front-ends need to accept "pgint" values in float notation.
  2146 INCOMPATIBILITY.
  2147 
  2148 * The IsabelleText font now includes Cyrillic, Hebrew, Arabic from
  2149 DejaVu Sans.
  2150 
  2151 * Discontinued support for Poly/ML 5.0 and 5.1 versions.
  2152 
  2153 
  2154 *** Pure ***
  2155 
  2156 * Command 'type_synonym' (with single argument) replaces somewhat
  2157 outdated 'types', which is still available as legacy feature for some
  2158 time.
  2159 
  2160 * Command 'nonterminal' (with 'and' separated list of arguments)
  2161 replaces somewhat outdated 'nonterminals'.  INCOMPATIBILITY.
  2162 
  2163 * Command 'notepad' replaces former 'example_proof' for
  2164 experimentation in Isar without any result.  INCOMPATIBILITY.
  2165 
  2166 * Locale interpretation commands 'interpret' and 'sublocale' accept
  2167 lists of equations to map definitions in a locale to appropriate
  2168 entities in the context of the interpretation.  The 'interpretation'
  2169 command already provided this functionality.
  2170 
  2171 * Diagnostic command 'print_dependencies' prints the locale instances
  2172 that would be activated if the specified expression was interpreted in
  2173 the current context.  Variant "print_dependencies!" assumes a context
  2174 without interpretations.
  2175 
  2176 * Diagnostic command 'print_interps' prints interpretations in proofs
  2177 in addition to interpretations in theories.
  2178 
  2179 * Discontinued obsolete 'global' and 'local' commands to manipulate
  2180 the theory name space.  Rare INCOMPATIBILITY.  The ML functions
  2181 Sign.root_path and Sign.local_path may be applied directly where this
  2182 feature is still required for historical reasons.
  2183 
  2184 * Discontinued obsolete 'constdefs' command.  INCOMPATIBILITY, use
  2185 'definition' instead.
  2186 
  2187 * The "prems" fact, which refers to the accidental collection of
  2188 foundational premises in the context, is now explicitly marked as
  2189 legacy feature and will be discontinued soon.  Consider using "assms"
  2190 of the head statement or reference facts by explicit names.
  2191 
  2192 * Document antiquotations @{class} and @{type} print classes and type
  2193 constructors.
  2194 
  2195 * Document antiquotation @{file} checks file/directory entries within
  2196 the local file system.
  2197 
  2198 
  2199 *** HOL ***
  2200 
  2201 * Coercive subtyping: functions can be declared as coercions and type
  2202 inference will add them as necessary upon input of a term.  Theory
  2203 Complex_Main declares real :: nat => real and real :: int => real as
  2204 coercions. A coercion function f is declared like this:
  2205 
  2206   declare [[coercion f]]
  2207 
  2208 To lift coercions through type constructors (e.g. from nat => real to
  2209 nat list => real list), map functions can be declared, e.g.
  2210 
  2211   declare [[coercion_map map]]
  2212 
  2213 Currently coercion inference is activated only in theories including
  2214 real numbers, i.e. descendants of Complex_Main.  This is controlled by
  2215 the configuration option "coercion_enabled", e.g. it can be enabled in
  2216 other theories like this:
  2217 
  2218   declare [[coercion_enabled]]
  2219 
  2220 * Command 'partial_function' provides basic support for recursive
  2221 function definitions over complete partial orders.  Concrete instances
  2222 are provided for i) the option type, ii) tail recursion on arbitrary
  2223 types, and iii) the heap monad of Imperative_HOL.  See
  2224 src/HOL/ex/Fundefs.thy and src/HOL/Imperative_HOL/ex/Linked_Lists.thy
  2225 for examples.
  2226 
  2227 * Function package: f.psimps rules are no longer implicitly declared
  2228 as [simp].  INCOMPATIBILITY.
  2229 
  2230 * Datatype package: theorems generated for executable equality (class
  2231 "eq") carry proper names and are treated as default code equations.
  2232 
  2233 * Inductive package: now offers command 'inductive_simps' to
  2234 automatically derive instantiated and simplified equations for
  2235 inductive predicates, similar to 'inductive_cases'.
  2236 
  2237 * Command 'enriched_type' allows to register properties of the
  2238 functorial structure of types.
  2239 
  2240 * Improved infrastructure for term evaluation using code generator
  2241 techniques, in particular static evaluation conversions.
  2242 
  2243 * Code generator: Scala (2.8 or higher) has been added to the target
  2244 languages.
  2245 
  2246 * Code generator: globbing constant expressions "*" and "Theory.*"
  2247 have been replaced by the more idiomatic "_" and "Theory._".
  2248 INCOMPATIBILITY.
  2249 
  2250 * Code generator: export_code without explicit file declaration prints
  2251 to standard output.  INCOMPATIBILITY.
  2252 
  2253 * Code generator: do not print function definitions for case
  2254 combinators any longer.
  2255 
  2256 * Code generator: simplification with rules determined with
  2257 src/Tools/Code/code_simp.ML and method "code_simp".
  2258 
  2259 * Code generator for records: more idiomatic representation of record
  2260 types.  Warning: records are not covered by ancient SML code
  2261 generation any longer.  INCOMPATIBILITY.  In cases of need, a suitable
  2262 rep_datatype declaration helps to succeed then:
  2263 
  2264   record 'a foo = ...
  2265   ...
  2266   rep_datatype foo_ext ...
  2267 
  2268 * Records: logical foundation type for records does not carry a
  2269 '_type' suffix any longer (obsolete due to authentic syntax).
  2270 INCOMPATIBILITY.
  2271 
  2272 * Quickcheck now by default uses exhaustive testing instead of random
  2273 testing.  Random testing can be invoked by "quickcheck [random]",
  2274 exhaustive testing by "quickcheck [exhaustive]".
  2275 
  2276 * Quickcheck instantiates polymorphic types with small finite
  2277 datatypes by default. This enables a simple execution mechanism to
  2278 handle quantifiers and function equality over the finite datatypes.
  2279 
  2280 * Quickcheck random generator has been renamed from "code" to
  2281 "random".  INCOMPATIBILITY.
  2282 
  2283 * Quickcheck now has a configurable time limit which is set to 30
  2284 seconds by default. This can be changed by adding [timeout = n] to the
  2285 quickcheck command. The time limit for Auto Quickcheck is still set
  2286 independently.
  2287 
  2288 * Quickcheck in locales considers interpretations of that locale for
  2289 counter example search.
  2290 
  2291 * Sledgehammer:
  2292   - Added "smt" and "remote_smt" provers based on the "smt" proof
  2293     method. See the Sledgehammer manual for details ("isabelle doc
  2294     sledgehammer").
  2295   - Renamed commands:
  2296     sledgehammer atp_info ~> sledgehammer running_provers
  2297     sledgehammer atp_kill ~> sledgehammer kill_provers
  2298     sledgehammer available_atps ~> sledgehammer available_provers
  2299     INCOMPATIBILITY.
  2300   - Renamed options:
  2301     sledgehammer [atps = ...] ~> sledgehammer [provers = ...]
  2302     sledgehammer [atp = ...] ~> sledgehammer [prover = ...]
  2303     sledgehammer [timeout = 77 s] ~> sledgehammer [timeout = 77]
  2304     (and "ms" and "min" are no longer supported)
  2305     INCOMPATIBILITY.
  2306 
  2307 * Nitpick:
  2308   - Renamed options:
  2309     nitpick [timeout = 77 s] ~> nitpick [timeout = 77]
  2310     nitpick [tac_timeout = 777 ms] ~> nitpick [tac_timeout = 0.777]
  2311     INCOMPATIBILITY.
  2312   - Added support for partial quotient types.
  2313   - Added local versions of the "Nitpick.register_xxx" functions.
  2314   - Added "whack" option.
  2315   - Allow registration of quotient types as codatatypes.
  2316   - Improved "merge_type_vars" option to merge more types.
  2317   - Removed unsound "fast_descrs" option.
  2318   - Added custom symmetry breaking for datatypes, making it possible to reach
  2319     higher cardinalities.
  2320   - Prevent the expansion of too large definitions.
  2321 
  2322 * Proof methods "metis" and "meson" now have configuration options
  2323 "meson_trace", "metis_trace", and "metis_verbose" that can be enabled
  2324 to diagnose these tools. E.g.
  2325 
  2326     using [[metis_trace = true]]
  2327 
  2328 * Auto Solve: Renamed "Auto Solve Direct".  The tool is now available
  2329 manually as command 'solve_direct'.
  2330 
  2331 * The default SMT solver Z3 must be enabled explicitly (due to
  2332 licensing issues) by setting the environment variable
  2333 Z3_NON_COMMERCIAL in etc/settings of the component, for example.  For
  2334 commercial applications, the SMT solver CVC3 is provided as fall-back;
  2335 changing the SMT solver is done via the configuration option
  2336 "smt_solver".
  2337 
  2338 * Remote SMT solvers need to be referred to by the "remote_" prefix,
  2339 i.e. "remote_cvc3" and "remote_z3".
  2340 
  2341 * Added basic SMT support for datatypes, records, and typedefs using
  2342 the oracle mode (no proofs).  Direct support of pairs has been dropped
  2343 in exchange (pass theorems fst_conv snd_conv pair_collapse to the SMT
  2344 support for a similar behavior).  Minor INCOMPATIBILITY.
  2345 
  2346 * Changed SMT configuration options:
  2347   - Renamed:
  2348     z3_proofs ~> smt_oracle (with inverted meaning)
  2349     z3_trace_assms ~> smt_trace_used_facts
  2350     INCOMPATIBILITY.
  2351   - Added:
  2352     smt_verbose
  2353     smt_random_seed
  2354     smt_datatypes
  2355     smt_infer_triggers
  2356     smt_monomorph_limit
  2357     cvc3_options
  2358     remote_cvc3_options
  2359     remote_z3_options
  2360     yices_options
  2361 
  2362 * Boogie output files (.b2i files) need to be declared in the theory
  2363 header.
  2364 
  2365 * Simplification procedure "list_to_set_comprehension" rewrites list
  2366 comprehensions applied to List.set to set comprehensions.  Occasional
  2367 INCOMPATIBILITY, may be deactivated like this:
  2368 
  2369   declare [[simproc del: list_to_set_comprehension]]
  2370 
  2371 * Removed old version of primrec package.  INCOMPATIBILITY.
  2372 
  2373 * Removed simplifier congruence rule of "prod_case", as has for long
  2374 been the case with "split".  INCOMPATIBILITY.
  2375 
  2376 * String.literal is a type, but not a datatype.  INCOMPATIBILITY.
  2377 
  2378 * Removed [split_format ... and ... and ...] version of
  2379 [split_format].  Potential INCOMPATIBILITY.
  2380 
  2381 * Predicate "sorted" now defined inductively, with nice induction
  2382 rules.  INCOMPATIBILITY: former sorted.simps now named sorted_simps.
  2383 
  2384 * Constant "contents" renamed to "the_elem", to free the generic name
  2385 contents for other uses.  INCOMPATIBILITY.
  2386 
  2387 * Renamed class eq and constant eq (for code generation) to class
  2388 equal and constant equal, plus renaming of related facts and various
  2389 tuning.  INCOMPATIBILITY.
  2390 
  2391 * Dropped type classes mult_mono and mult_mono1.  INCOMPATIBILITY.
  2392 
  2393 * Removed output syntax "'a ~=> 'b" for "'a => 'b option".
  2394 INCOMPATIBILITY.
  2395 
  2396 * Renamed theory Fset to Cset, type Fset.fset to Cset.set, in order to
  2397 avoid confusion with finite sets.  INCOMPATIBILITY.
  2398 
  2399 * Abandoned locales equiv, congruent and congruent2 for equivalence
  2400 relations.  INCOMPATIBILITY: use equivI rather than equiv_intro (same
  2401 for congruent(2)).
  2402 
  2403 * Some previously unqualified names have been qualified:
  2404 
  2405   types
  2406     bool ~> HOL.bool
  2407     nat ~> Nat.nat
  2408 
  2409   constants
  2410     Trueprop ~> HOL.Trueprop
  2411     True ~> HOL.True
  2412     False ~> HOL.False
  2413     op & ~> HOL.conj
  2414     op | ~> HOL.disj
  2415     op --> ~> HOL.implies
  2416     op = ~> HOL.eq
  2417     Not ~> HOL.Not
  2418     The ~> HOL.The
  2419     All ~> HOL.All
  2420     Ex ~> HOL.Ex
  2421     Ex1 ~> HOL.Ex1
  2422     Let ~> HOL.Let
  2423     If ~> HOL.If
  2424     Ball ~> Set.Ball
  2425     Bex ~> Set.Bex
  2426     Suc ~> Nat.Suc
  2427     Pair ~> Product_Type.Pair
  2428     fst ~> Product_Type.fst
  2429     snd ~> Product_Type.snd
  2430     curry ~> Product_Type.curry
  2431     op : ~> Set.member
  2432     Collect ~> Set.Collect
  2433 
  2434 INCOMPATIBILITY.
  2435 
  2436 * More canonical naming convention for some fundamental definitions:
  2437 
  2438     bot_bool_eq ~> bot_bool_def
  2439     top_bool_eq ~> top_bool_def
  2440     inf_bool_eq ~> inf_bool_def
  2441     sup_bool_eq ~> sup_bool_def
  2442     bot_fun_eq  ~> bot_fun_def
  2443     top_fun_eq  ~> top_fun_def
  2444     inf_fun_eq  ~> inf_fun_def
  2445     sup_fun_eq  ~> sup_fun_def
  2446 
  2447 INCOMPATIBILITY.
  2448 
  2449 * More stylized fact names:
  2450 
  2451   expand_fun_eq ~> fun_eq_iff
  2452   expand_set_eq ~> set_eq_iff
  2453   set_ext       ~> set_eqI
  2454   nat_number    ~> eval_nat_numeral
  2455 
  2456 INCOMPATIBILITY.
  2457 
  2458 * Refactoring of code-generation specific operations in theory List:
  2459 
  2460   constants
  2461     null ~> List.null
  2462 
  2463   facts
  2464     mem_iff ~> member_def
  2465     null_empty ~> null_def
  2466 
  2467 INCOMPATIBILITY.  Note that these were not supposed to be used
  2468 regularly unless for striking reasons; their main purpose was code
  2469 generation.
  2470 
  2471 Various operations from the Haskell prelude are used for generating
  2472 Haskell code.
  2473 
  2474 * Term "bij f" is now an abbreviation of "bij_betw f UNIV UNIV".  Term
  2475 "surj f" is now an abbreviation of "range f = UNIV".  The theorems
  2476 bij_def and surj_def are unchanged.  INCOMPATIBILITY.
  2477 
  2478 * Abolished some non-alphabetic type names: "prod" and "sum" replace
  2479 "*" and "+" respectively.  INCOMPATIBILITY.
  2480 
  2481 * Name "Plus" of disjoint sum operator "<+>" is now hidden.  Write
  2482 "Sum_Type.Plus" instead.
  2483 
  2484 * Constant "split" has been merged with constant "prod_case"; names of
  2485 ML functions, facts etc. involving split have been retained so far,
  2486 though.  INCOMPATIBILITY.
  2487 
  2488 * Dropped old infix syntax "_ mem _" for List.member; use "_ : set _"
  2489 instead.  INCOMPATIBILITY.
  2490 
  2491 * Removed lemma "Option.is_none_none" which duplicates "is_none_def".
  2492 INCOMPATIBILITY.
  2493 
  2494 * Former theory Library/Enum is now part of the HOL-Main image.
  2495 INCOMPATIBILITY: all constants of the Enum theory now have to be
  2496 referred to by its qualified name.
  2497 
  2498   enum    ~>  Enum.enum
  2499   nlists  ~>  Enum.nlists
  2500   product ~>  Enum.product
  2501 
  2502 * Theory Library/Monad_Syntax provides do-syntax for monad types.
  2503 Syntax in Library/State_Monad has been changed to avoid ambiguities.
  2504 INCOMPATIBILITY.
  2505 
  2506 * Theory Library/SetsAndFunctions has been split into
  2507 Library/Function_Algebras and Library/Set_Algebras; canonical names
  2508 for instance definitions for functions; various improvements.
  2509 INCOMPATIBILITY.
  2510 
  2511 * Theory Library/Multiset provides stable quicksort implementation of
  2512 sort_key.
  2513 
  2514 * Theory Library/Multiset: renamed empty_idemp ~> empty_neutral.
  2515 INCOMPATIBILITY.
  2516 
  2517 * Session Multivariate_Analysis: introduced a type class for euclidean
  2518 space.  Most theorems are now stated in terms of euclidean spaces
  2519 instead of finite cartesian products.
  2520 
  2521   types
  2522     real ^ 'n ~>  'a::real_vector
  2523               ~>  'a::euclidean_space
  2524               ~>  'a::ordered_euclidean_space
  2525         (depends on your needs)
  2526 
  2527   constants
  2528      _ $ _        ~> _ $$ _
  2529      \<chi> x. _  ~> \<chi>\<chi> x. _
  2530      CARD('n)     ~> DIM('a)
  2531 
  2532 Also note that the indices are now natural numbers and not from some
  2533 finite type. Finite cartesian products of euclidean spaces, products
  2534 of euclidean spaces the real and complex numbers are instantiated to
  2535 be euclidean_spaces.  INCOMPATIBILITY.
  2536 
  2537 * Session Probability: introduced pextreal as positive extended real
  2538 numbers.  Use pextreal as value for measures.  Introduce the
  2539 Radon-Nikodym derivative, product spaces and Fubini's theorem for
  2540 arbitrary sigma finite measures.  Introduces Lebesgue measure based on
  2541 the integral in Multivariate Analysis.  INCOMPATIBILITY.
  2542 
  2543 * Session Imperative_HOL: revamped, corrected dozens of inadequacies.
  2544 INCOMPATIBILITY.
  2545 
  2546 * Session SPARK (with image HOL-SPARK) provides commands to load and
  2547 prove verification conditions generated by the SPARK Ada program
  2548 verifier.  See also src/HOL/SPARK and src/HOL/SPARK/Examples.
  2549 
  2550 
  2551 *** HOL-Algebra ***
  2552 
  2553 * Theorems for additive ring operations (locale abelian_monoid and
  2554 descendants) are generated by interpretation from their multiplicative
  2555 counterparts.  Names (in particular theorem names) have the mandatory
  2556 qualifier 'add'.  Previous theorem names are redeclared for
  2557 compatibility.
  2558 
  2559 * Structure "int_ring" is now an abbreviation (previously a
  2560 definition).  This fits more natural with advanced interpretations.
  2561 
  2562 
  2563 *** HOLCF ***
  2564 
  2565 * The domain package now runs in definitional mode by default: The
  2566 former command 'new_domain' is now called 'domain'.  To use the domain
  2567 package in its original axiomatic mode, use 'domain (unsafe)'.
  2568 INCOMPATIBILITY.
  2569 
  2570 * The new class "domain" is now the default sort.  Class "predomain"
  2571 is an unpointed version of "domain". Theories can be updated by
  2572 replacing sort annotations as shown below.  INCOMPATIBILITY.
  2573 
  2574   'a::type ~> 'a::countable
  2575   'a::cpo  ~> 'a::predomain
  2576   'a::pcpo ~> 'a::domain
  2577 
  2578 * The old type class "rep" has been superseded by class "domain".
  2579 Accordingly, users of the definitional package must remove any
  2580 "default_sort rep" declarations.  INCOMPATIBILITY.
  2581 
  2582 * The domain package (definitional mode) now supports unpointed
  2583 predomain argument types, as long as they are marked 'lazy'. (Strict
  2584 arguments must be in class "domain".) For example, the following
  2585 domain definition now works:
  2586 
  2587   domain natlist = nil | cons (lazy "nat discr") (lazy "natlist")
  2588 
  2589 * Theory HOLCF/Library/HOL_Cpo provides cpo and predomain class
  2590 instances for types from main HOL: bool, nat, int, char, 'a + 'b,
  2591 'a option, and 'a list.  Additionally, it configures fixrec and the
  2592 domain package to work with these types.  For example:
  2593 
  2594   fixrec isInl :: "('a + 'b) u -> tr"
  2595     where "isInl$(up$(Inl x)) = TT" | "isInl$(up$(Inr y)) = FF"
  2596 
  2597   domain V = VFun (lazy "V -> V") | VCon (lazy "nat") (lazy "V list")
  2598 
  2599 * The "(permissive)" option of fixrec has been replaced with a
  2600 per-equation "(unchecked)" option. See
  2601 src/HOL/HOLCF/Tutorial/Fixrec_ex.thy for examples. INCOMPATIBILITY.
  2602 
  2603 * The "bifinite" class no longer fixes a constant "approx"; the class
  2604 now just asserts that such a function exists.  INCOMPATIBILITY.
  2605 
  2606 * Former type "alg_defl" has been renamed to "defl".  HOLCF no longer
  2607 defines an embedding of type 'a defl into udom by default; instances
  2608 of "bifinite" and "domain" classes are available in
  2609 src/HOL/HOLCF/Library/Defl_Bifinite.thy.
  2610 
  2611 * The syntax "REP('a)" has been replaced with "DEFL('a)".
  2612 
  2613 * The predicate "directed" has been removed.  INCOMPATIBILITY.
  2614 
  2615 * The type class "finite_po" has been removed.  INCOMPATIBILITY.
  2616 
  2617 * The function "cprod_map" has been renamed to "prod_map".
  2618 INCOMPATIBILITY.
  2619 
  2620 * The monadic bind operator on each powerdomain has new binder syntax
  2621 similar to sets, e.g. "\<Union>\<sharp>x\<in>xs. t" represents
  2622 "upper_bind\<cdot>xs\<cdot>(\<Lambda> x. t)".
  2623 
  2624 * The infix syntax for binary union on each powerdomain has changed
  2625 from e.g. "+\<sharp>" to "\<union>\<sharp>", for consistency with set
  2626 syntax.  INCOMPATIBILITY.
  2627 
  2628 * The constant "UU" has been renamed to "bottom".  The syntax "UU" is
  2629 still supported as an input translation.
  2630 
  2631 * Renamed some theorems (the original names are also still available).
  2632 
  2633   expand_fun_below   ~> fun_below_iff
  2634   below_fun_ext      ~> fun_belowI
  2635   expand_cfun_eq     ~> cfun_eq_iff
  2636   ext_cfun           ~> cfun_eqI
  2637   expand_cfun_below  ~> cfun_below_iff
  2638   below_cfun_ext     ~> cfun_belowI
  2639   cont2cont_Rep_CFun ~> cont2cont_APP
  2640 
  2641 * The Abs and Rep functions for various types have changed names.
  2642 Related theorem names have also changed to match. INCOMPATIBILITY.
  2643 
  2644   Rep_CFun  ~> Rep_cfun
  2645   Abs_CFun  ~> Abs_cfun
  2646   Rep_Sprod ~> Rep_sprod
  2647   Abs_Sprod ~> Abs_sprod
  2648   Rep_Ssum  ~> Rep_ssum
  2649   Abs_Ssum  ~> Abs_ssum
  2650 
  2651 * Lemmas with names of the form *_defined_iff or *_strict_iff have
  2652 been renamed to *_bottom_iff.  INCOMPATIBILITY.
  2653 
  2654 * Various changes to bisimulation/coinduction with domain package:
  2655 
  2656   - Definitions of "bisim" constants no longer mention definedness.
  2657   - With mutual recursion, "bisim" predicate is now curried.
  2658   - With mutual recursion, each type gets a separate coind theorem.
  2659   - Variable names in bisim_def and coinduct rules have changed.
  2660 
  2661 INCOMPATIBILITY.
  2662 
  2663 * Case combinators generated by the domain package for type "foo" are
  2664 now named "foo_case" instead of "foo_when".  INCOMPATIBILITY.
  2665 
  2666 * Several theorems have been renamed to more accurately reflect the
  2667 names of constants and types involved.  INCOMPATIBILITY.
  2668 
  2669   thelub_const    ~> lub_const
  2670   lub_const       ~> is_lub_const
  2671   thelubI         ~> lub_eqI
  2672   is_lub_lub      ~> is_lubD2
  2673   lubI            ~> is_lub_lub
  2674   unique_lub      ~> is_lub_unique
  2675   is_ub_lub       ~> is_lub_rangeD1
  2676   lub_bin_chain   ~> is_lub_bin_chain
  2677   lub_fun         ~> is_lub_fun
  2678   thelub_fun      ~> lub_fun
  2679   thelub_cfun     ~> lub_cfun
  2680   thelub_Pair     ~> lub_Pair
  2681   lub_cprod       ~> is_lub_prod
  2682   thelub_cprod    ~> lub_prod
  2683   minimal_cprod   ~> minimal_prod
  2684   inst_cprod_pcpo ~> inst_prod_pcpo
  2685   UU_I            ~> bottomI
  2686   compact_UU      ~> compact_bottom
  2687   deflation_UU    ~> deflation_bottom
  2688   finite_deflation_UU ~> finite_deflation_bottom
  2689 
  2690 * Many legacy theorem names have been discontinued.  INCOMPATIBILITY.
  2691 
  2692   sq_ord_less_eq_trans ~> below_eq_trans
  2693   sq_ord_eq_less_trans ~> eq_below_trans
  2694   refl_less            ~> below_refl
  2695   trans_less           ~> below_trans
  2696   antisym_less         ~> below_antisym
  2697   antisym_less_inverse ~> po_eq_conv [THEN iffD1]
  2698   box_less             ~> box_below
  2699   rev_trans_less       ~> rev_below_trans
  2700   not_less2not_eq      ~> not_below2not_eq
  2701   less_UU_iff          ~> below_UU_iff
  2702   flat_less_iff        ~> flat_below_iff
  2703   adm_less             ~> adm_below
  2704   adm_not_less         ~> adm_not_below
  2705   adm_compact_not_less ~> adm_compact_not_below
  2706   less_fun_def         ~> below_fun_def
  2707   expand_fun_less      ~> fun_below_iff
  2708   less_fun_ext         ~> fun_belowI
  2709   less_discr_def       ~> below_discr_def
  2710   discr_less_eq        ~> discr_below_eq
  2711   less_unit_def        ~> below_unit_def
  2712   less_cprod_def       ~> below_prod_def
  2713   prod_lessI           ~> prod_belowI
  2714   Pair_less_iff        ~> Pair_below_iff
  2715   fst_less_iff         ~> fst_below_iff
  2716   snd_less_iff         ~> snd_below_iff
  2717   expand_cfun_less     ~> cfun_below_iff
  2718   less_cfun_ext        ~> cfun_belowI
  2719   injection_less       ~> injection_below
  2720   less_up_def          ~> below_up_def
  2721   not_Iup_less         ~> not_Iup_below
  2722   Iup_less             ~> Iup_below
  2723   up_less              ~> up_below
  2724   Def_inject_less_eq   ~> Def_below_Def
  2725   Def_less_is_eq       ~> Def_below_iff
  2726   spair_less_iff       ~> spair_below_iff
  2727   less_sprod           ~> below_sprod
  2728   spair_less           ~> spair_below
  2729   sfst_less_iff        ~> sfst_below_iff
  2730   ssnd_less_iff        ~> ssnd_below_iff
  2731   fix_least_less       ~> fix_least_below
  2732   dist_less_one        ~> dist_below_one
  2733   less_ONE             ~> below_ONE
  2734   ONE_less_iff         ~> ONE_below_iff
  2735   less_sinlD           ~> below_sinlD
  2736   less_sinrD           ~> below_sinrD
  2737 
  2738 
  2739 *** FOL and ZF ***
  2740 
  2741 * All constant names are now qualified internally and use proper
  2742 identifiers, e.g. "IFOL.eq" instead of "op =".  INCOMPATIBILITY.
  2743 
  2744 
  2745 *** ML ***
  2746 
  2747 * Antiquotation @{assert} inlines a function bool -> unit that raises
  2748 Fail if the argument is false.  Due to inlining the source position of
  2749 failed assertions is included in the error output.
  2750 
  2751 * Discontinued antiquotation @{theory_ref}, which is obsolete since ML
  2752 text is in practice always evaluated with a stable theory checkpoint.
  2753 Minor INCOMPATIBILITY, use (Theory.check_thy @{theory}) instead.
  2754 
  2755 * Antiquotation @{theory A} refers to theory A from the ancestry of
  2756 the current context, not any accidental theory loader state as before.
  2757 Potential INCOMPATIBILITY, subtle change in semantics.
  2758 
  2759 * Syntax.pretty_priority (default 0) configures the required priority
  2760 of pretty-printed output and thus affects insertion of parentheses.
  2761 
  2762 * Syntax.default_root (default "any") configures the inner syntax
  2763 category (nonterminal symbol) for parsing of terms.
  2764 
  2765 * Former exception Library.UnequalLengths now coincides with
  2766 ListPair.UnequalLengths.
  2767 
  2768 * Renamed structure MetaSimplifier to Raw_Simplifier.  Note that the
  2769 main functionality is provided by structure Simplifier.
  2770 
  2771 * Renamed raw "explode" function to "raw_explode" to emphasize its
  2772 meaning.  Note that internally to Isabelle, Symbol.explode is used in
  2773 almost all situations.
  2774 
  2775 * Discontinued obsolete function sys_error and exception SYS_ERROR.
  2776 See implementation manual for further details on exceptions in
  2777 Isabelle/ML.
  2778 
  2779 * Renamed setmp_noncritical to Unsynchronized.setmp to emphasize its
  2780 meaning.
  2781 
  2782 * Renamed structure PureThy to Pure_Thy and moved most of its
  2783 operations to structure Global_Theory, to emphasize that this is
  2784 rarely-used global-only stuff.
  2785 
  2786 * Discontinued Output.debug.  Minor INCOMPATIBILITY, use plain writeln
  2787 instead (or tracing for high-volume output).
  2788 
  2789 * Configuration option show_question_marks only affects regular pretty
  2790 printing of types and terms, not raw Term.string_of_vname.
  2791 
  2792 * ML_Context.thm and ML_Context.thms are no longer pervasive.  Rare
  2793 INCOMPATIBILITY, superseded by static antiquotations @{thm} and
  2794 @{thms} for most purposes.
  2795 
  2796 * ML structure Unsynchronized is never opened, not even in Isar
  2797 interaction mode as before.  Old Unsynchronized.set etc. have been
  2798 discontinued -- use plain := instead.  This should be *rare* anyway,
  2799 since modern tools always work via official context data, notably
  2800 configuration options.
  2801 
  2802 * Parallel and asynchronous execution requires special care concerning
  2803 interrupts.  Structure Exn provides some convenience functions that
  2804 avoid working directly with raw Interrupt.  User code must not absorb
  2805 interrupts -- intermediate handling (for cleanup etc.) needs to be
  2806 followed by re-raising of the original exception.  Another common
  2807 source of mistakes are "handle _" patterns, which make the meaning of
  2808 the program subject to physical effects of the environment.
  2809 
  2810 
  2811 
  2812 New in Isabelle2009-2 (June 2010)
  2813 ---------------------------------
  2814 
  2815 *** General ***
  2816 
  2817 * Authentic syntax for *all* logical entities (type classes, type
  2818 constructors, term constants): provides simple and robust
  2819 correspondence between formal entities and concrete syntax.  Within
  2820 the parse tree / AST representations, "constants" are decorated by
  2821 their category (class, type, const) and spelled out explicitly with
  2822 their full internal name.
  2823 
  2824 Substantial INCOMPATIBILITY concerning low-level syntax declarations
  2825 and translations (translation rules and translation functions in ML).
  2826 Some hints on upgrading:
  2827 
  2828   - Many existing uses of 'syntax' and 'translations' can be replaced
  2829     by more modern 'type_notation', 'notation' and 'abbreviation',
  2830     which are independent of this issue.
  2831 
  2832   - 'translations' require markup within the AST; the term syntax
  2833     provides the following special forms:
  2834 
  2835       CONST c   -- produces syntax version of constant c from context
  2836       XCONST c  -- literally c, checked as constant from context
  2837       c         -- literally c, if declared by 'syntax'
  2838 
  2839     Plain identifiers are treated as AST variables -- occasionally the
  2840     system indicates accidental variables via the error "rhs contains
  2841     extra variables".
  2842 
  2843     Type classes and type constructors are marked according to their
  2844     concrete syntax.  Some old translations rules need to be written
  2845     for the "type" category, using type constructor application
  2846     instead of pseudo-term application of the default category
  2847     "logic".
  2848 
  2849   - 'parse_translation' etc. in ML may use the following
  2850     antiquotations:
  2851 
  2852       @{class_syntax c}   -- type class c within parse tree / AST
  2853       @{term_syntax c}    -- type constructor c within parse tree / AST
  2854       @{const_syntax c}   -- ML version of "CONST c" above
  2855       @{syntax_const c}   -- literally c (checked wrt. 'syntax' declarations)
  2856 
  2857   - Literal types within 'typed_print_translations', i.e. those *not*
  2858     represented as pseudo-terms are represented verbatim.  Use @{class
  2859     c} or @{type_name c} here instead of the above syntax
  2860     antiquotations.
  2861 
  2862 Note that old non-authentic syntax was based on unqualified base
  2863 names, so all of the above "constant" names would coincide.  Recall
  2864 that 'print_syntax' and ML_command "set Syntax.trace_ast" help to
  2865 diagnose syntax problems.
  2866 
  2867 * Type constructors admit general mixfix syntax, not just infix.
  2868 
  2869 * Concrete syntax may be attached to local entities without a proof
  2870 body, too.  This works via regular mixfix annotations for 'fix',
  2871 'def', 'obtain' etc. or via the explicit 'write' command, which is
  2872 similar to the 'notation' command in theory specifications.
  2873 
  2874 * Discontinued unnamed infix syntax (legacy feature for many years) --
  2875 need to specify constant name and syntax separately.  Internal ML
  2876 datatype constructors have been renamed from InfixName to Infix etc.
  2877 Minor INCOMPATIBILITY.
  2878 
  2879 * Schematic theorem statements need to be explicitly markup as such,
  2880 via commands 'schematic_lemma', 'schematic_theorem',
  2881 'schematic_corollary'.  Thus the relevance of the proof is made
  2882 syntactically clear, which impacts performance in a parallel or
  2883 asynchronous interactive environment.  Minor INCOMPATIBILITY.
  2884 
  2885 * Use of cumulative prems via "!" in some proof methods has been
  2886 discontinued (old legacy feature).
  2887 
  2888 * References 'trace_simp' and 'debug_simp' have been replaced by
  2889 configuration options stored in the context. Enabling tracing (the
  2890 case of debugging is similar) in proofs works via
  2891 
  2892   using [[trace_simp = true]]
  2893 
  2894 Tracing is then active for all invocations of the simplifier in
  2895 subsequent goal refinement steps. Tracing may also still be enabled or
  2896 disabled via the ProofGeneral settings menu.
  2897 
  2898 * Separate commands 'hide_class', 'hide_type', 'hide_const',
  2899 'hide_fact' replace the former 'hide' KIND command.  Minor
  2900 INCOMPATIBILITY.
  2901 
  2902 * Improved parallelism of proof term normalization: usedir -p2 -q0 is
  2903 more efficient than combinations with -q1 or -q2.
  2904 
  2905 
  2906 *** Pure ***
  2907 
  2908 * Proofterms record type-class reasoning explicitly, using the
  2909 "unconstrain" operation internally.  This eliminates all sort
  2910 constraints from a theorem and proof, introducing explicit
  2911 OFCLASS-premises.  On the proof term level, this operation is
  2912 automatically applied at theorem boundaries, such that closed proofs
  2913 are always free of sort constraints.  INCOMPATIBILITY for tools that
  2914 inspect proof terms.
  2915 
  2916 * Local theory specifications may depend on extra type variables that
  2917 are not present in the result type -- arguments TYPE('a) :: 'a itself
  2918 are added internally.  For example:
  2919 
  2920   definition unitary :: bool where "unitary = (ALL (x::'a) y. x = y)"
  2921 
  2922 * Predicates of locales introduced by classes carry a mandatory
  2923 "class" prefix.  INCOMPATIBILITY.
  2924 
  2925 * Vacuous class specifications observe default sort.  INCOMPATIBILITY.
  2926 
  2927 * Old 'axclass' command has been discontinued.  INCOMPATIBILITY, use
  2928 'class' instead.
  2929 
  2930 * Command 'code_reflect' allows to incorporate generated ML code into
  2931 runtime environment; replaces immature code_datatype antiquotation.
  2932 INCOMPATIBILITY.
  2933 
  2934 * Code generator: simple concept for abstract datatypes obeying
  2935 invariants.
  2936 
  2937 * Code generator: details of internal data cache have no impact on the
  2938 user space functionality any longer.
  2939 
  2940 * Methods "unfold_locales" and "intro_locales" ignore non-locale
  2941 subgoals.  This is more appropriate for interpretations with 'where'.
  2942 INCOMPATIBILITY.
  2943 
  2944 * Command 'example_proof' opens an empty proof body.  This allows to
  2945 experiment with Isar, without producing any persistent result.
  2946 
  2947 * Commands 'type_notation' and 'no_type_notation' declare type syntax
  2948 within a local theory context, with explicit checking of the
  2949 constructors involved (in contrast to the raw 'syntax' versions).
  2950 
  2951 * Commands 'types' and 'typedecl' now work within a local theory
  2952 context -- without introducing dependencies on parameters or
  2953 assumptions, which is not possible in Isabelle/Pure.
  2954 
  2955 * Command 'defaultsort' has been renamed to 'default_sort', it works
  2956 within a local theory context.  Minor INCOMPATIBILITY.
  2957 
  2958 
  2959 *** HOL ***
  2960 
  2961 * Command 'typedef' now works within a local theory context -- without
  2962 introducing dependencies on parameters or assumptions, which is not
  2963 possible in Isabelle/Pure/HOL.  Note that the logical environment may
  2964 contain multiple interpretations of local typedefs (with different
  2965 non-emptiness proofs), even in a global theory context.
  2966 
  2967 * New package for quotient types.  Commands 'quotient_type' and
  2968 'quotient_definition' may be used for defining types and constants by
  2969 quotient constructions.  An example is the type of integers created by
  2970 quotienting pairs of natural numbers:
  2971 
  2972   fun
  2973     intrel :: "(nat * nat) => (nat * nat) => bool"
  2974   where
  2975     "intrel (x, y) (u, v) = (x + v = u + y)"
  2976 
  2977   quotient_type int = "nat * nat" / intrel
  2978     by (auto simp add: equivp_def expand_fun_eq)
  2979 
  2980   quotient_definition
  2981     "0::int" is "(0::nat, 0::nat)"
  2982 
  2983 The method "lifting" can be used to lift of theorems from the
  2984 underlying "raw" type to the quotient type.  The example
  2985 src/HOL/Quotient_Examples/FSet.thy includes such a quotient
  2986 construction and provides a reasoning infrastructure for finite sets.
  2987 
  2988 * Renamed Library/Quotient.thy to Library/Quotient_Type.thy to avoid
  2989 clash with new theory Quotient in Main HOL.
  2990 
  2991 * Moved the SMT binding into the main HOL session, eliminating
  2992 separate HOL-SMT session.
  2993 
  2994 * List membership infix mem operation is only an input abbreviation.
  2995 INCOMPATIBILITY.
  2996 
  2997 * Theory Library/Word.thy has been removed.  Use library Word/Word.thy
  2998 for future developements; former Library/Word.thy is still present in
  2999 the AFP entry RSAPPS.
  3000 
  3001 * Theorem Int.int_induct renamed to Int.int_of_nat_induct and is no
  3002 longer shadowed.  INCOMPATIBILITY.
  3003 
  3004 * Dropped theorem duplicate comp_arith; use semiring_norm instead.
  3005 INCOMPATIBILITY.
  3006 
  3007 * Dropped theorem RealPow.real_sq_order; use power2_le_imp_le instead.
  3008 INCOMPATIBILITY.
  3009 
  3010 * Dropped normalizing_semiring etc; use the facts in semiring classes
  3011 instead.  INCOMPATIBILITY.
  3012 
  3013 * Dropped several real-specific versions of lemmas about floor and
  3014 ceiling; use the generic lemmas from theory "Archimedean_Field"
  3015 instead.  INCOMPATIBILITY.
  3016 
  3017   floor_number_of_eq         ~> floor_number_of
  3018   le_floor_eq_number_of      ~> number_of_le_floor
  3019   le_floor_eq_zero           ~> zero_le_floor
  3020   le_floor_eq_one            ~> one_le_floor
  3021   floor_less_eq_number_of    ~> floor_less_number_of
  3022   floor_less_eq_zero         ~> floor_less_zero
  3023   floor_less_eq_one          ~> floor_less_one
  3024   less_floor_eq_number_of    ~> number_of_less_floor
  3025   less_floor_eq_zero         ~> zero_less_floor
  3026   less_floor_eq_one          ~> one_less_floor
  3027   floor_le_eq_number_of      ~> floor_le_number_of
  3028   floor_le_eq_zero           ~> floor_le_zero
  3029   floor_le_eq_one            ~> floor_le_one
  3030   floor_subtract_number_of   ~> floor_diff_number_of
  3031   floor_subtract_one         ~> floor_diff_one
  3032   ceiling_number_of_eq       ~> ceiling_number_of
  3033   ceiling_le_eq_number_of    ~> ceiling_le_number_of
  3034   ceiling_le_zero_eq         ~> ceiling_le_zero
  3035   ceiling_le_eq_one          ~> ceiling_le_one
  3036   less_ceiling_eq_number_of  ~> number_of_less_ceiling
  3037   less_ceiling_eq_zero       ~> zero_less_ceiling
  3038   less_ceiling_eq_one        ~> one_less_ceiling
  3039   ceiling_less_eq_number_of  ~> ceiling_less_number_of
  3040   ceiling_less_eq_zero       ~> ceiling_less_zero
  3041   ceiling_less_eq_one        ~> ceiling_less_one
  3042   le_ceiling_eq_number_of    ~> number_of_le_ceiling
  3043   le_ceiling_eq_zero         ~> zero_le_ceiling
  3044   le_ceiling_eq_one          ~> one_le_ceiling
  3045   ceiling_subtract_number_of ~> ceiling_diff_number_of
  3046   ceiling_subtract_one       ~> ceiling_diff_one
  3047 
  3048 * Theory "Finite_Set": various folding_XXX locales facilitate the
  3049 application of the various fold combinators on finite sets.
  3050 
  3051 * Library theory "RBT" renamed to "RBT_Impl"; new library theory "RBT"
  3052 provides abstract red-black tree type which is backed by "RBT_Impl" as
  3053 implementation.  INCOMPATIBILTY.
  3054 
  3055 * Theory Library/Coinductive_List has been removed -- superseded by
  3056 AFP/thys/Coinductive.
  3057 
  3058 * Theory PReal, including the type "preal" and related operations, has
  3059 been removed.  INCOMPATIBILITY.
  3060 
  3061 * Real: new development using Cauchy Sequences.
  3062 
  3063 * Split off theory "Big_Operators" containing setsum, setprod,
  3064 Inf_fin, Sup_fin, Min, Max from theory Finite_Set.  INCOMPATIBILITY.
  3065 
  3066 * Theory "Rational" renamed to "Rat", for consistency with "Nat",
  3067 "Int" etc.  INCOMPATIBILITY.
  3068 
  3069 * Constant Rat.normalize needs to be qualified.  INCOMPATIBILITY.
  3070 
  3071 * New set of rules "ac_simps" provides combined assoc / commute
  3072 rewrites for all interpretations of the appropriate generic locales.
  3073 
  3074 * Renamed theory "OrderedGroup" to "Groups" and split theory
  3075 "Ring_and_Field" into theories "Rings" and "Fields"; for more
  3076 appropriate and more consistent names suitable for name prefixes
  3077 within the HOL theories.  INCOMPATIBILITY.
  3078 
  3079 * Some generic constants have been put to appropriate theories:
  3080   - less_eq, less: Orderings
  3081   - zero, one, plus, minus, uminus, times, abs, sgn: Groups
  3082   - inverse, divide: Rings
  3083 INCOMPATIBILITY.
  3084 
  3085 * More consistent naming of type classes involving orderings (and
  3086 lattices):
  3087 
  3088     lower_semilattice                   ~> semilattice_inf
  3089     upper_semilattice                   ~> semilattice_sup
  3090 
  3091     dense_linear_order                  ~> dense_linorder
  3092 
  3093     pordered_ab_group_add               ~> ordered_ab_group_add
  3094     pordered_ab_group_add_abs           ~> ordered_ab_group_add_abs
  3095     pordered_ab_semigroup_add           ~> ordered_ab_semigroup_add
  3096     pordered_ab_semigroup_add_imp_le    ~> ordered_ab_semigroup_add_imp_le
  3097     pordered_cancel_ab_semigroup_add    ~> ordered_cancel_ab_semigroup_add
  3098     pordered_cancel_comm_semiring       ~> ordered_cancel_comm_semiring
  3099     pordered_cancel_semiring            ~> ordered_cancel_semiring
  3100     pordered_comm_monoid_add            ~> ordered_comm_monoid_add
  3101     pordered_comm_ring                  ~> ordered_comm_ring
  3102     pordered_comm_semiring              ~> ordered_comm_semiring
  3103     pordered_ring                       ~> ordered_ring
  3104     pordered_ring_abs                   ~> ordered_ring_abs
  3105     pordered_semiring                   ~> ordered_semiring
  3106 
  3107     ordered_ab_group_add                ~> linordered_ab_group_add
  3108     ordered_ab_semigroup_add            ~> linordered_ab_semigroup_add
  3109     ordered_cancel_ab_semigroup_add     ~> linordered_cancel_ab_semigroup_add
  3110     ordered_comm_semiring_strict        ~> linordered_comm_semiring_strict
  3111     ordered_field                       ~> linordered_field
  3112     ordered_field_no_lb                 ~> linordered_field_no_lb
  3113     ordered_field_no_ub                 ~> linordered_field_no_ub
  3114     ordered_field_dense_linear_order    ~> dense_linordered_field
  3115     ordered_idom                        ~> linordered_idom
  3116     ordered_ring                        ~> linordered_ring
  3117     ordered_ring_le_cancel_factor       ~> linordered_ring_le_cancel_factor
  3118     ordered_ring_less_cancel_factor     ~> linordered_ring_less_cancel_factor
  3119     ordered_ring_strict                 ~> linordered_ring_strict
  3120     ordered_semidom                     ~> linordered_semidom
  3121     ordered_semiring                    ~> linordered_semiring
  3122     ordered_semiring_1                  ~> linordered_semiring_1
  3123     ordered_semiring_1_strict           ~> linordered_semiring_1_strict
  3124     ordered_semiring_strict             ~> linordered_semiring_strict
  3125 
  3126   The following slightly odd type classes have been moved to a
  3127   separate theory Library/Lattice_Algebras:
  3128 
  3129     lordered_ab_group_add               ~> lattice_ab_group_add
  3130     lordered_ab_group_add_abs           ~> lattice_ab_group_add_abs
  3131     lordered_ab_group_add_meet          ~> semilattice_inf_ab_group_add
  3132     lordered_ab_group_add_join          ~> semilattice_sup_ab_group_add
  3133     lordered_ring                       ~> lattice_ring
  3134 
  3135 INCOMPATIBILITY.
  3136 
  3137 * Refined field classes:
  3138   - classes division_ring_inverse_zero, field_inverse_zero,
  3139     linordered_field_inverse_zero include rule inverse 0 = 0 --
  3140     subsumes former division_by_zero class;
  3141   - numerous lemmas have been ported from field to division_ring.
  3142 INCOMPATIBILITY.
  3143 
  3144 * Refined algebra theorem collections:
  3145   - dropped theorem group group_simps, use algebra_simps instead;
  3146   - dropped theorem group ring_simps, use field_simps instead;
  3147   - proper theorem collection field_simps subsumes former theorem
  3148     groups field_eq_simps and field_simps;
  3149   - dropped lemma eq_minus_self_iff which is a duplicate for
  3150     equal_neg_zero.
  3151 INCOMPATIBILITY.
  3152 
  3153 * Theory Finite_Set and List: some lemmas have been generalized from
  3154 sets to lattices:
  3155 
  3156   fun_left_comm_idem_inter      ~> fun_left_comm_idem_inf
  3157   fun_left_comm_idem_union      ~> fun_left_comm_idem_sup
  3158   inter_Inter_fold_inter        ~> inf_Inf_fold_inf
  3159   union_Union_fold_union        ~> sup_Sup_fold_sup
  3160   Inter_fold_inter              ~> Inf_fold_inf
  3161   Union_fold_union              ~> Sup_fold_sup
  3162   inter_INTER_fold_inter        ~> inf_INFI_fold_inf
  3163   union_UNION_fold_union        ~> sup_SUPR_fold_sup
  3164   INTER_fold_inter              ~> INFI_fold_inf
  3165   UNION_fold_union              ~> SUPR_fold_sup
  3166 
  3167 * Theory "Complete_Lattice": lemmas top_def and bot_def have been
  3168 replaced by the more convenient lemmas Inf_empty and Sup_empty.
  3169 Dropped lemmas Inf_insert_simp and Sup_insert_simp, which are subsumed
  3170 by Inf_insert and Sup_insert.  Lemmas Inf_UNIV and Sup_UNIV replace
  3171 former Inf_Univ and Sup_Univ.  Lemmas inf_top_right and sup_bot_right
  3172 subsume inf_top and sup_bot respectively.  INCOMPATIBILITY.
  3173 
  3174 * Reorganized theory Multiset: swapped notation of pointwise and
  3175 multiset order:
  3176 
  3177   - pointwise ordering is instance of class order with standard syntax
  3178     <= and <;
  3179   - multiset ordering has syntax <=# and <#; partial order properties
  3180     are provided by means of interpretation with prefix
  3181     multiset_order;
  3182   - less duplication, less historical organization of sections,
  3183     conversion from associations lists to multisets, rudimentary code
  3184     generation;
  3185   - use insert_DiffM2 [symmetric] instead of elem_imp_eq_diff_union,
  3186     if needed.
  3187 
  3188 Renamed:
  3189 
  3190   multiset_eq_conv_count_eq  ~>  multiset_ext_iff
  3191   multi_count_ext  ~>  multiset_ext
  3192   diff_union_inverse2  ~>  diff_union_cancelR
  3193 
  3194 INCOMPATIBILITY.
  3195 
  3196 * Theory Permutation: replaced local "remove" by List.remove1.
  3197 
  3198 * Code generation: ML and OCaml code is decorated with signatures.
  3199 
  3200 * Theory List: added transpose.
  3201 
  3202 * Library/Nat_Bijection.thy is a collection of bijective functions
  3203 between nat and other types, which supersedes the older libraries
  3204 Library/Nat_Int_Bij.thy and HOLCF/NatIso.thy.  INCOMPATIBILITY.
  3205 
  3206   Constants:
  3207   Nat_Int_Bij.nat2_to_nat         ~> prod_encode
  3208   Nat_Int_Bij.nat_to_nat2         ~> prod_decode
  3209   Nat_Int_Bij.int_to_nat_bij      ~> int_encode
  3210   Nat_Int_Bij.nat_to_int_bij      ~> int_decode
  3211   Countable.pair_encode           ~> prod_encode
  3212   NatIso.prod2nat                 ~> prod_encode
  3213   NatIso.nat2prod                 ~> prod_decode
  3214   NatIso.sum2nat                  ~> sum_encode
  3215   NatIso.nat2sum                  ~> sum_decode
  3216   NatIso.list2nat                 ~> list_encode
  3217   NatIso.nat2list                 ~> list_decode
  3218   NatIso.set2nat                  ~> set_encode
  3219   NatIso.nat2set                  ~> set_decode
  3220 
  3221   Lemmas:
  3222   Nat_Int_Bij.bij_nat_to_int_bij  ~> bij_int_decode
  3223   Nat_Int_Bij.nat2_to_nat_inj     ~> inj_prod_encode
  3224   Nat_Int_Bij.nat2_to_nat_surj    ~> surj_prod_encode
  3225   Nat_Int_Bij.nat_to_nat2_inj     ~> inj_prod_decode
  3226   Nat_Int_Bij.nat_to_nat2_surj    ~> surj_prod_decode
  3227   Nat_Int_Bij.i2n_n2i_id          ~> int_encode_inverse
  3228   Nat_Int_Bij.n2i_i2n_id          ~> int_decode_inverse
  3229   Nat_Int_Bij.surj_nat_to_int_bij ~> surj_int_encode
  3230   Nat_Int_Bij.surj_int_to_nat_bij ~> surj_int_decode
  3231   Nat_Int_Bij.inj_nat_to_int_bij  ~> inj_int_encode
  3232   Nat_Int_Bij.inj_int_to_nat_bij  ~> inj_int_decode
  3233   Nat_Int_Bij.bij_nat_to_int_bij  ~> bij_int_encode
  3234   Nat_Int_Bij.bij_int_to_nat_bij  ~> bij_int_decode
  3235 
  3236 * Sledgehammer:
  3237   - Renamed ATP commands:
  3238     atp_info     ~> sledgehammer running_atps
  3239     atp_kill     ~> sledgehammer kill_atps
  3240     atp_messages ~> sledgehammer messages
  3241     atp_minimize ~> sledgehammer minimize
  3242     print_atps   ~> sledgehammer available_atps
  3243     INCOMPATIBILITY.
  3244   - Added user's manual ("isabelle doc sledgehammer").
  3245   - Added option syntax and "sledgehammer_params" to customize
  3246     Sledgehammer's behavior.  See the manual for details.
  3247   - Modified the Isar proof reconstruction code so that it produces
  3248     direct proofs rather than proofs by contradiction.  (This feature
  3249     is still experimental.)
  3250   - Made Isar proof reconstruction work for SPASS, remote ATPs, and in
  3251     full-typed mode.
  3252   - Added support for TPTP syntax for SPASS via the "spass_tptp" ATP.
  3253 
  3254 * Nitpick:
  3255   - Added and implemented "binary_ints" and "bits" options.
  3256   - Added "std" option and implemented support for nonstandard models.
  3257   - Added and implemented "finitize" option to improve the precision
  3258     of infinite datatypes based on a monotonicity analysis.
  3259   - Added support for quotient types.
  3260   - Added support for "specification" and "ax_specification"
  3261     constructs.
  3262   - Added support for local definitions (for "function" and
  3263     "termination" proofs).
  3264   - Added support for term postprocessors.
  3265   - Optimized "Multiset.multiset" and "FinFun.finfun".
  3266   - Improved efficiency of "destroy_constrs" optimization.
  3267   - Fixed soundness bugs related to "destroy_constrs" optimization and
  3268     record getters.
  3269   - Fixed soundness bug related to higher-order constructors.
  3270   - Fixed soundness bug when "full_descrs" is enabled.
  3271   - Improved precision of set constructs.
  3272   - Added "atoms" option.
  3273   - Added cache to speed up repeated Kodkod invocations on the same
  3274     problems.
  3275   - Renamed "MiniSatJNI", "zChaffJNI", "BerkMinAlloy", and
  3276     "SAT4JLight" to "MiniSat_JNI", "zChaff_JNI", "BerkMin_Alloy", and
  3277     "SAT4J_Light".  INCOMPATIBILITY.
  3278   - Removed "skolemize", "uncurry", "sym_break", "flatten_prop",
  3279     "sharing_depth", and "show_skolems" options.  INCOMPATIBILITY.
  3280   - Removed "nitpick_intro" attribute.  INCOMPATIBILITY.
  3281 
  3282 * Method "induct" now takes instantiations of the form t, where t is not
  3283   a variable, as a shorthand for "x == t", where x is a fresh variable.
  3284   If this is not intended, t has to be enclosed in parentheses.
  3285   By default, the equalities generated by definitional instantiations
  3286   are pre-simplified, which may cause parameters of inductive cases
  3287   to disappear, or may even delete some of the inductive cases.
  3288   Use "induct (no_simp)" instead of "induct" to restore the old
  3289   behaviour. The (no_simp) option is also understood by the "cases"
  3290   and "nominal_induct" methods, which now perform pre-simplification, too.
  3291   INCOMPATIBILITY.
  3292 
  3293 
  3294 *** HOLCF ***
  3295 
  3296 * Variable names in lemmas generated by the domain package have
  3297 changed; the naming scheme is now consistent with the HOL datatype
  3298 package.  Some proof scripts may be affected, INCOMPATIBILITY.
  3299 
  3300 * The domain package no longer defines the function "foo_copy" for
  3301 recursive domain "foo".  The reach lemma is now stated directly in
  3302 terms of "foo_take".  Lemmas and proofs that mention "foo_copy" must
  3303 be reformulated in terms of "foo_take", INCOMPATIBILITY.
  3304 
  3305 * Most definedness lemmas generated by the domain package (previously
  3306 of the form "x ~= UU ==> foo$x ~= UU") now have an if-and-only-if form
  3307 like "foo$x = UU <-> x = UU", which works better as a simp rule.
  3308 Proofs that used definedness lemmas as intro rules may break,
  3309 potential INCOMPATIBILITY.
  3310 
  3311 * Induction and casedist rules generated by the domain package now
  3312 declare proper case_names (one called "bottom", and one named for each
  3313 constructor).  INCOMPATIBILITY.
  3314 
  3315 * For mutually-recursive domains, separate "reach" and "take_lemma"
  3316 rules are generated for each domain, INCOMPATIBILITY.
  3317 
  3318   foo_bar.reach       ~> foo.reach  bar.reach
  3319   foo_bar.take_lemmas ~> foo.take_lemma  bar.take_lemma
  3320 
  3321 * Some lemmas generated by the domain package have been renamed for
  3322 consistency with the datatype package, INCOMPATIBILITY.
  3323 
  3324   foo.ind        ~> foo.induct
  3325   foo.finite_ind ~> foo.finite_induct
  3326   foo.coind      ~> foo.coinduct
  3327   foo.casedist   ~> foo.exhaust
  3328   foo.exhaust    ~> foo.nchotomy
  3329 
  3330 * For consistency with other definition packages, the fixrec package
  3331 now generates qualified theorem names, INCOMPATIBILITY.
  3332 
  3333   foo_simps  ~> foo.simps
  3334   foo_unfold ~> foo.unfold
  3335   foo_induct ~> foo.induct
  3336 
  3337 * The "fixrec_simp" attribute has been removed.  The "fixrec_simp"
  3338 method and internal fixrec proofs now use the default simpset instead.
  3339 INCOMPATIBILITY.
  3340 
  3341 * The "contlub" predicate has been removed.  Proof scripts should use
  3342 lemma contI2 in place of monocontlub2cont, INCOMPATIBILITY.
  3343 
  3344 * The "admw" predicate has been removed, INCOMPATIBILITY.
  3345 
  3346 * The constants cpair, cfst, and csnd have been removed in favor of
  3347 Pair, fst, and snd from Isabelle/HOL, INCOMPATIBILITY.
  3348 
  3349 
  3350 *** ML ***
  3351 
  3352 * Antiquotations for basic formal entities:
  3353 
  3354     @{class NAME}         -- type class
  3355     @{class_syntax NAME}  -- syntax representation of the above
  3356 
  3357     @{type_name NAME}     -- logical type
  3358     @{type_abbrev NAME}   -- type abbreviation
  3359     @{nonterminal NAME}   -- type of concrete syntactic category
  3360     @{type_syntax NAME}   -- syntax representation of any of the above
  3361 
  3362     @{const_name NAME}    -- logical constant (INCOMPATIBILITY)
  3363     @{const_abbrev NAME}  -- abbreviated constant
  3364     @{const_syntax NAME}  -- syntax representation of any of the above
  3365 
  3366 * Antiquotation @{syntax_const NAME} ensures that NAME refers to a raw
  3367 syntax constant (cf. 'syntax' command).
  3368 
  3369 * Antiquotation @{make_string} inlines a function to print arbitrary
  3370 values similar to the ML toplevel.  The result is compiler dependent
  3371 and may fall back on "?" in certain situations.
  3372 
  3373 * Diagnostic commands 'ML_val' and 'ML_command' may refer to
  3374 antiquotations @{Isar.state} and @{Isar.goal}.  This replaces impure
  3375 Isar.state() and Isar.goal(), which belong to the old TTY loop and do
  3376 not work with the asynchronous Isar document model.
  3377 
  3378 * Configuration options now admit dynamic default values, depending on
  3379 the context or even global references.
  3380 
  3381 * SHA1.digest digests strings according to SHA-1 (see RFC 3174).  It
  3382 uses an efficient external library if available (for Poly/ML).
  3383 
  3384 * Renamed some important ML structures, while keeping the old names
  3385 for some time as aliases within the structure Legacy:
  3386 
  3387   OuterKeyword  ~>  Keyword
  3388   OuterLex      ~>  Token
  3389   OuterParse    ~>  Parse
  3390   OuterSyntax   ~>  Outer_Syntax
  3391   PrintMode     ~>  Print_Mode
  3392   SpecParse     ~>  Parse_Spec
  3393   ThyInfo       ~>  Thy_Info
  3394   ThyLoad       ~>  Thy_Load
  3395   ThyOutput     ~>  Thy_Output
  3396   TypeInfer     ~>  Type_Infer
  3397 
  3398 Note that "open Legacy" simplifies porting of sources, but forgetting
  3399 to remove it again will complicate porting again in the future.
  3400 
  3401 * Most operations that refer to a global context are named
  3402 accordingly, e.g. Simplifier.global_context or
  3403 ProofContext.init_global.  There are some situations where a global
  3404 context actually works, but under normal circumstances one needs to
  3405 pass the proper local context through the code!
  3406 
  3407 * Discontinued old TheoryDataFun with its copy/init operation -- data
  3408 needs to be pure.  Functor Theory_Data_PP retains the traditional
  3409 Pretty.pp argument to merge, which is absent in the standard
  3410 Theory_Data version.
  3411 
  3412 * Sorts.certify_sort and derived "cert" operations for types and terms
  3413 no longer minimize sorts.  Thus certification at the boundary of the
  3414 inference kernel becomes invariant under addition of class relations,
  3415 which is an important monotonicity principle.  Sorts are now minimized
  3416 in the syntax layer only, at the boundary between the end-user and the
  3417 system.  Subtle INCOMPATIBILITY, may have to use Sign.minimize_sort
  3418 explicitly in rare situations.
  3419 
  3420 * Renamed old-style Drule.standard to Drule.export_without_context, to
  3421 emphasize that this is in no way a standard operation.
  3422 INCOMPATIBILITY.
  3423 
  3424 * Subgoal.FOCUS (and variants): resulting goal state is normalized as
  3425 usual for resolution.  Rare INCOMPATIBILITY.
  3426 
  3427 * Renamed varify/unvarify operations to varify_global/unvarify_global
  3428 to emphasize that these only work in a global situation (which is
  3429 quite rare).
  3430 
  3431 * Curried take and drop in library.ML; negative length is interpreted
  3432 as infinity (as in chop).  Subtle INCOMPATIBILITY.
  3433 
  3434 * Proof terms: type substitutions on proof constants now use canonical
  3435 order of type variables.  INCOMPATIBILITY for tools working with proof
  3436 terms.
  3437 
  3438 * Raw axioms/defs may no longer carry sort constraints, and raw defs
  3439 may no longer carry premises.  User-level specifications are
  3440 transformed accordingly by Thm.add_axiom/add_def.
  3441 
  3442 
  3443 *** System ***
  3444 
  3445 * Discontinued special HOL_USEDIR_OPTIONS for the main HOL image;
  3446 ISABELLE_USEDIR_OPTIONS applies uniformly to all sessions.  Note that
  3447 proof terms are enabled unconditionally in the new HOL-Proofs image.
  3448 
  3449 * Discontinued old ISABELLE and ISATOOL environment settings (legacy
  3450 feature since Isabelle2009).  Use ISABELLE_PROCESS and ISABELLE_TOOL,
  3451 respectively.
  3452 
  3453 * Old lib/scripts/polyml-platform is superseded by the
  3454 ISABELLE_PLATFORM setting variable, which defaults to the 32 bit
  3455 variant, even on a 64 bit machine.  The following example setting
  3456 prefers 64 bit if available:
  3457 
  3458   ML_PLATFORM="${ISABELLE_PLATFORM64:-$ISABELLE_PLATFORM}"
  3459 
  3460 * The preliminary Isabelle/jEdit application demonstrates the emerging
  3461 Isabelle/Scala layer for advanced prover interaction and integration.
  3462 See src/Tools/jEdit or "isabelle jedit" provided by the properly built
  3463 component.
  3464 
  3465 * "IsabelleText" is a Unicode font derived from Bitstream Vera Mono
  3466 and Bluesky TeX fonts.  It provides the usual Isabelle symbols,
  3467 similar to the default assignment of the document preparation system
  3468 (cf. isabellesym.sty).  The Isabelle/Scala class Isabelle_System
  3469 provides some operations for direct access to the font without asking
  3470 the user for manual installation.
  3471 
  3472 
  3473 
  3474 New in Isabelle2009-1 (December 2009)
  3475 -------------------------------------
  3476 
  3477 *** General ***
  3478 
  3479 * Discontinued old form of "escaped symbols" such as \\<forall>.  Only
  3480 one backslash should be used, even in ML sources.
  3481 
  3482 
  3483 *** Pure ***
  3484 
  3485 * Locale interpretation propagates mixins along the locale hierarchy.
  3486 The currently only available mixins are the equations used to map
  3487 local definitions to terms of the target domain of an interpretation.
  3488 
  3489 * Reactivated diagnostic command 'print_interps'.  Use "print_interps
  3490 loc" to print all interpretations of locale "loc" in the theory.
  3491 Interpretations in proofs are not shown.
  3492 
  3493 * Thoroughly revised locales tutorial.  New section on conditional
  3494 interpretation.
  3495 
  3496 * On instantiation of classes, remaining undefined class parameters
  3497 are formally declared.  INCOMPATIBILITY.
  3498 
  3499 
  3500 *** Document preparation ***
  3501 
  3502 * New generalized style concept for printing terms: @{foo (style) ...}
  3503 instead of @{foo_style style ...}  (old form is still retained for
  3504 backward compatibility).  Styles can be also applied for
  3505 antiquotations prop, term_type and typeof.
  3506 
  3507 
  3508 *** HOL ***
  3509 
  3510 * New proof method "smt" for a combination of first-order logic with
  3511 equality, linear and nonlinear (natural/integer/real) arithmetic, and
  3512 fixed-size bitvectors; there is also basic support for higher-order
  3513 features (esp. lambda abstractions).  It is an incomplete decision
  3514 procedure based on external SMT solvers using the oracle mechanism;
  3515 for the SMT solver Z3, this method is proof-producing.  Certificates
  3516 are provided to avoid calling the external solvers solely for
  3517 re-checking proofs.  Due to a remote SMT service there is no need for
  3518 installing SMT solvers locally.  See src/HOL/SMT.
  3519 
  3520 * New commands to load and prove verification conditions generated by
  3521 the Boogie program verifier or derived systems (e.g. the Verifying C
  3522 Compiler (VCC) or Spec#).  See src/HOL/Boogie.
  3523 
  3524 * New counterexample generator tool 'nitpick' based on the Kodkod
  3525 relational model finder.  See src/HOL/Tools/Nitpick and
  3526 src/HOL/Nitpick_Examples.
  3527 
  3528 * New commands 'code_pred' and 'values' to invoke the predicate
  3529 compiler and to enumerate values of inductive predicates.
  3530 
  3531 * A tabled implementation of the reflexive transitive closure.
  3532 
  3533 * New implementation of quickcheck uses generic code generator;
  3534 default generators are provided for all suitable HOL types, records
  3535 and datatypes.  Old quickcheck can be re-activated importing theory
  3536 Library/SML_Quickcheck.
  3537 
  3538 * New testing tool Mirabelle for automated proof tools.  Applies
  3539 several tools and tactics like sledgehammer, metis, or quickcheck, to
  3540 every proof step in a theory.  To be used in batch mode via the
  3541 "mirabelle" utility.
  3542 
  3543 * New proof method "sos" (sum of squares) for nonlinear real
  3544 arithmetic (originally due to John Harison). It requires theory
  3545 Library/Sum_Of_Squares.  It is not a complete decision procedure but
  3546 works well in practice on quantifier-free real arithmetic with +, -,
  3547 *, ^, =, <= and <, i.e. boolean combinations of equalities and
  3548 inequalities between polynomials.  It makes use of external
  3549 semidefinite programming solvers.  Method "sos" generates a
  3550 certificate that can be pasted into the proof thus avoiding the need
  3551 to call an external tool every time the proof is checked.  See
  3552 src/HOL/Library/Sum_Of_Squares.
  3553 
  3554 * New method "linarith" invokes existing linear arithmetic decision
  3555 procedure only.
  3556 
  3557 * New command 'atp_minimal' reduces result produced by Sledgehammer.
  3558 
  3559 * New Sledgehammer option "Full Types" in Proof General settings menu.
  3560 Causes full type information to be output to the ATPs.  This slows
  3561 ATPs down considerably but eliminates a source of unsound "proofs"
  3562 that fail later.
  3563 
  3564 * New method "metisFT": A version of metis that uses full type
  3565 information in order to avoid failures of proof reconstruction.
  3566 
  3567 * New evaluator "approximate" approximates an real valued term using
  3568 the same method as the approximation method.
  3569 
  3570 * Method "approximate" now supports arithmetic expressions as
  3571 boundaries of intervals and implements interval splitting and Taylor
  3572 series expansion.
  3573 
  3574 * ML antiquotation @{code_datatype} inserts definition of a datatype
  3575 generated by the code generator; e.g. see src/HOL/Predicate.thy.
  3576 
  3577 * New theory SupInf of the supremum and infimum operators for sets of
  3578 reals.
  3579 
  3580 * New theory Probability, which contains a development of measure
  3581 theory, eventually leading to Lebesgue integration and probability.
  3582 
  3583 * Extended Multivariate Analysis to include derivation and Brouwer's
  3584 fixpoint theorem.
  3585 
  3586 * Reorganization of number theory, INCOMPATIBILITY:
  3587   - new number theory development for nat and int, in theories Divides
  3588     and GCD as well as in new session Number_Theory
  3589   - some constants and facts now suffixed with _nat and _int
  3590     accordingly
  3591   - former session NumberTheory now named Old_Number_Theory, including
  3592     theories Legacy_GCD and Primes (prefer Number_Theory if possible)
  3593   - moved theory Pocklington from src/HOL/Library to
  3594     src/HOL/Old_Number_Theory
  3595 
  3596 * Theory GCD includes functions Gcd/GCD and Lcm/LCM for the gcd and
  3597 lcm of finite and infinite sets. It is shown that they form a complete
  3598 lattice.
  3599 
  3600 * Class semiring_div requires superclass no_zero_divisors and proof of
  3601 div_mult_mult1; theorems div_mult_mult1, div_mult_mult2,
  3602 div_mult_mult1_if, div_mult_mult1 and div_mult_mult2 have been
  3603 generalized to class semiring_div, subsuming former theorems
  3604 zdiv_zmult_zmult1, zdiv_zmult_zmult1_if, zdiv_zmult_zmult1 and
  3605 zdiv_zmult_zmult2.  div_mult_mult1 is now [simp] by default.
  3606 INCOMPATIBILITY.
  3607 
  3608 * Refinements to lattice classes and sets:
  3609   - less default intro/elim rules in locale variant, more default
  3610     intro/elim rules in class variant: more uniformity
  3611   - lemma ge_sup_conv renamed to le_sup_iff, in accordance with
  3612     le_inf_iff
  3613   - dropped lemma alias inf_ACI for inf_aci (same for sup_ACI and
  3614     sup_aci)
  3615   - renamed ACI to inf_sup_aci
  3616   - new class "boolean_algebra"
  3617   - class "complete_lattice" moved to separate theory
  3618     "Complete_Lattice"; corresponding constants (and abbreviations)
  3619     renamed and with authentic syntax:
  3620     Set.Inf ~>    Complete_Lattice.Inf
  3621     Set.Sup ~>    Complete_Lattice.Sup
  3622     Set.INFI ~>   Complete_Lattice.INFI
  3623     Set.SUPR ~>   Complete_Lattice.SUPR
  3624     Set.Inter ~>  Complete_Lattice.Inter
  3625     Set.Union ~>  Complete_Lattice.Union
  3626     Set.INTER ~>  Complete_Lattice.INTER
  3627     Set.UNION ~>  Complete_Lattice.UNION
  3628   - authentic syntax for
  3629     Set.Pow
  3630     Set.image
  3631   - mere abbreviations:
  3632     Set.empty               (for bot)
  3633     Set.UNIV                (for top)
  3634     Set.inter               (for inf, formerly Set.Int)
  3635     Set.union               (for sup, formerly Set.Un)
  3636     Complete_Lattice.Inter  (for Inf)
  3637     Complete_Lattice.Union  (for Sup)
  3638     Complete_Lattice.INTER  (for INFI)
  3639     Complete_Lattice.UNION  (for SUPR)
  3640   - object-logic definitions as far as appropriate
  3641 
  3642 INCOMPATIBILITY.  Care is required when theorems Int_subset_iff or
  3643 Un_subset_iff are explicitly deleted as default simp rules; then also
  3644 their lattice counterparts le_inf_iff and le_sup_iff have to be
  3645 deleted to achieve the desired effect.
  3646 
  3647 * Rules inf_absorb1, inf_absorb2, sup_absorb1, sup_absorb2 are no simp
  3648 rules by default any longer; the same applies to min_max.inf_absorb1
  3649 etc.  INCOMPATIBILITY.
  3650 
  3651 * Rules sup_Int_eq and sup_Un_eq are no longer declared as
  3652 pred_set_conv by default.  INCOMPATIBILITY.
  3653 
  3654 * Power operations on relations and functions are now one dedicated
  3655 constant "compow" with infix syntax "^^".  Power operation on
  3656 multiplicative monoids retains syntax "^" and is now defined generic
  3657 in class power.  INCOMPATIBILITY.
  3658 
  3659 * Relation composition "R O S" now has a more standard argument order:
  3660 "R O S = {(x, z). EX y. (x, y) : R & (y, z) : S}".  INCOMPATIBILITY,
  3661 rewrite propositions with "S O R" --> "R O S". Proofs may occasionally
  3662 break, since the O_assoc rule was not rewritten like this.  Fix using
  3663 O_assoc[symmetric].  The same applies to the curried version "R OO S".
  3664 
  3665 * Function "Inv" is renamed to "inv_into" and function "inv" is now an
  3666 abbreviation for "inv_into UNIV".  Lemmas are renamed accordingly.
  3667 INCOMPATIBILITY.
  3668 
  3669 * Most rules produced by inductive and datatype package have mandatory
  3670 prefixes.  INCOMPATIBILITY.
  3671 
  3672 * Changed "DERIV_intros" to a dynamic fact, which can be augmented by
  3673 the attribute of the same name.  Each of the theorems in the list
  3674 DERIV_intros assumes composition with an additional function and
  3675 matches a variable to the derivative, which has to be solved by the
  3676 Simplifier.  Hence (auto intro!: DERIV_intros) computes the derivative
  3677 of most elementary terms.  Former Maclauren.DERIV_tac and
  3678 Maclauren.deriv_tac should be replaced by (auto intro!: DERIV_intros).
  3679 INCOMPATIBILITY.
  3680 
  3681 * Code generator attributes follow the usual underscore convention:
  3682     code_unfold     replaces    code unfold
  3683     code_post       replaces    code post
  3684     etc.
  3685   INCOMPATIBILITY.
  3686 
  3687 * Renamed methods:
  3688     sizechange -> size_change
  3689     induct_scheme -> induction_schema
  3690   INCOMPATIBILITY.
  3691 
  3692 * Discontinued abbreviation "arbitrary" of constant "undefined".
  3693 INCOMPATIBILITY, use "undefined" directly.
  3694 
  3695 * Renamed theorems:
  3696     Suc_eq_add_numeral_1 -> Suc_eq_plus1
  3697     Suc_eq_add_numeral_1_left -> Suc_eq_plus1_left
  3698     Suc_plus1 -> Suc_eq_plus1
  3699     *anti_sym -> *antisym*
  3700     vector_less_eq_def -> vector_le_def
  3701   INCOMPATIBILITY.
  3702 
  3703 * Added theorem List.map_map as [simp].  Removed List.map_compose.
  3704 INCOMPATIBILITY.
  3705 
  3706 * Removed predicate "M hassize n" (<--> card M = n & finite M).
  3707 INCOMPATIBILITY.
  3708 
  3709 
  3710 *** HOLCF ***
  3711 
  3712 * Theory Representable defines a class "rep" of domains that are
  3713 representable (via an ep-pair) in the universal domain type "udom".
  3714 Instances are provided for all type constructors defined in HOLCF.
  3715 
  3716 * The 'new_domain' command is a purely definitional version of the
  3717 domain package, for representable domains.  Syntax is identical to the
  3718 old domain package.  The 'new_domain' package also supports indirect
  3719 recursion using previously-defined type constructors.  See
  3720 src/HOLCF/ex/New_Domain.thy for examples.
  3721 
  3722 * Method "fixrec_simp" unfolds one step of a fixrec-defined constant
  3723 on the left-hand side of an equation, and then performs
  3724 simplification.  Rewriting is done using rules declared with the
  3725 "fixrec_simp" attribute.  The "fixrec_simp" method is intended as a
  3726 replacement for "fixpat"; see src/HOLCF/ex/Fixrec_ex.thy for examples.
  3727 
  3728 * The pattern-match compiler in 'fixrec' can now handle constructors
  3729 with HOL function types.  Pattern-match combinators for the Pair
  3730 constructor are pre-configured.
  3731 
  3732 * The 'fixrec' package now produces better fixed-point induction rules
  3733 for mutually-recursive definitions:  Induction rules have conclusions
  3734 of the form "P foo bar" instead of "P <foo, bar>".
  3735 
  3736 * The constant "sq_le" (with infix syntax "<<" or "\<sqsubseteq>") has
  3737 been renamed to "below".  The name "below" now replaces "less" in many
  3738 theorem names.  (Legacy theorem names using "less" are still supported
  3739 as well.)
  3740 
  3741 * The 'fixrec' package now supports "bottom patterns".  Bottom
  3742 patterns can be used to generate strictness rules, or to make
  3743 functions more strict (much like the bang-patterns supported by the
  3744 Glasgow Haskell Compiler).  See src/HOLCF/ex/Fixrec_ex.thy for
  3745 examples.
  3746 
  3747 
  3748 *** ML ***
  3749 
  3750 * Support for Poly/ML 5.3.0, with improved reporting of compiler
  3751 errors and run-time exceptions, including detailed source positions.
  3752 
  3753 * Structure Name_Space (formerly NameSpace) now manages uniquely
  3754 identified entries, with some additional information such as source
  3755 position, logical grouping etc.
  3756 
  3757 * Theory and context data is now introduced by the simplified and
  3758 modernized functors Theory_Data, Proof_Data, Generic_Data.  Data needs
  3759 to be pure, but the old TheoryDataFun for mutable data (with explicit
  3760 copy operation) is still available for some time.
  3761 
  3762 * Structure Synchronized (cf. src/Pure/Concurrent/synchronized.ML)
  3763 provides a high-level programming interface to synchronized state
  3764 variables with atomic update.  This works via pure function
  3765 application within a critical section -- its runtime should be as
  3766 short as possible; beware of deadlocks if critical code is nested,
  3767 either directly or indirectly via other synchronized variables!
  3768 
  3769 * Structure Unsynchronized (cf. src/Pure/ML-Systems/unsynchronized.ML)
  3770 wraps raw ML references, explicitly indicating their non-thread-safe
  3771 behaviour.  The Isar toplevel keeps this structure open, to
  3772 accommodate Proof General as well as quick and dirty interactive
  3773 experiments with references.
  3774 
  3775 * PARALLEL_CHOICE and PARALLEL_GOALS provide basic support for
  3776 parallel tactical reasoning.
  3777 
  3778 * Tacticals Subgoal.FOCUS, Subgoal.FOCUS_PREMS, Subgoal.FOCUS_PARAMS
  3779 are similar to SUBPROOF, but are slightly more flexible: only the
  3780 specified parts of the subgoal are imported into the context, and the
  3781 body tactic may introduce new subgoals and schematic variables.
  3782 
  3783 * Old tactical METAHYPS, which does not observe the proof context, has
  3784 been renamed to Old_Goals.METAHYPS and awaits deletion.  Use SUBPROOF
  3785 or Subgoal.FOCUS etc.
  3786 
  3787 * Renamed functor TableFun to Table, and GraphFun to Graph.  (Since
  3788 functors have their own ML name space there is no point to mark them
  3789 separately.)  Minor INCOMPATIBILITY.
  3790 
  3791 * Renamed NamedThmsFun to Named_Thms.  INCOMPATIBILITY.
  3792 
  3793 * Renamed several structures FooBar to Foo_Bar.  Occasional,
  3794 INCOMPATIBILITY.
  3795 
  3796 * Operations of structure Skip_Proof no longer require quick_and_dirty
  3797 mode, which avoids critical setmp.
  3798 
  3799 * Eliminated old Attrib.add_attributes, Method.add_methods and related
  3800 combinators for "args".  INCOMPATIBILITY, need to use simplified
  3801 Attrib/Method.setup introduced in Isabelle2009.
  3802 
  3803 * Proper context for simpset_of, claset_of, clasimpset_of.  May fall
  3804 back on global_simpset_of, global_claset_of, global_clasimpset_of as
  3805 last resort.  INCOMPATIBILITY.
  3806 
  3807 * Display.pretty_thm now requires a proper context (cf. former
  3808 ProofContext.pretty_thm).  May fall back on Display.pretty_thm_global
  3809 or even Display.pretty_thm_without_context as last resort.
  3810 INCOMPATIBILITY.
  3811 
  3812 * Discontinued Display.pretty_ctyp/cterm etc.  INCOMPATIBILITY, use
  3813 Syntax.pretty_typ/term directly, preferably with proper context
  3814 instead of global theory.
  3815 
  3816 
  3817 *** System ***
  3818 
  3819 * Further fine tuning of parallel proof checking, scales up to 8 cores
  3820 (max. speedup factor 5.0).  See also Goal.parallel_proofs in ML and
  3821 usedir option -q.
  3822 
  3823 * Support for additional "Isabelle components" via etc/components, see
  3824 also the system manual.
  3825 
  3826 * The isabelle makeall tool now operates on all components with
  3827 IsaMakefile, not just hardwired "logics".
  3828 
  3829 * Removed "compress" option from isabelle-process and isabelle usedir;
  3830 this is always enabled.
  3831 
  3832 * Discontinued support for Poly/ML 4.x versions.
  3833 
  3834 * Isabelle tool "wwwfind" provides web interface for 'find_theorems'
  3835 on a given logic image.  This requires the lighttpd webserver and is
  3836 currently supported on Linux only.
  3837 
  3838 
  3839 
  3840 New in Isabelle2009 (April 2009)
  3841 --------------------------------
  3842 
  3843 *** General ***
  3844 
  3845 * Simplified main Isabelle executables, with less surprises on
  3846 case-insensitive file-systems (such as Mac OS).
  3847 
  3848   - The main Isabelle tool wrapper is now called "isabelle" instead of
  3849     "isatool."
  3850 
  3851   - The former "isabelle" alias for "isabelle-process" has been
  3852     removed (should rarely occur to regular users).
  3853 
  3854   - The former "isabelle-interface" and its alias "Isabelle" have been
  3855     removed (interfaces are now regular Isabelle tools).
  3856 
  3857 Within scripts and make files, the Isabelle environment variables
  3858 ISABELLE_TOOL and ISABELLE_PROCESS replace old ISATOOL and ISABELLE,
  3859 respectively.  (The latter are still available as legacy feature.)
  3860 
  3861 The old isabelle-interface wrapper could react in confusing ways if
  3862 the interface was uninstalled or changed otherwise.  Individual
  3863 interface tool configuration is now more explicit, see also the
  3864 Isabelle system manual.  In particular, Proof General is now available
  3865 via "isabelle emacs".
  3866 
  3867 INCOMPATIBILITY, need to adapt derivative scripts.  Users may need to
  3868 purge installed copies of Isabelle executables and re-run "isabelle
  3869 install -p ...", or use symlinks.
  3870 
  3871 * The default for ISABELLE_HOME_USER is now ~/.isabelle instead of the
  3872 old ~/isabelle, which was slightly non-standard and apt to cause
  3873 surprises on case-insensitive file-systems (such as Mac OS).
  3874 
  3875 INCOMPATIBILITY, need to move existing ~/isabelle/etc,
  3876 ~/isabelle/heaps, ~/isabelle/browser_info to the new place.  Special
  3877 care is required when using older releases of Isabelle.  Note that
  3878 ISABELLE_HOME_USER can be changed in Isabelle/etc/settings of any
  3879 Isabelle distribution, in order to use the new ~/.isabelle uniformly.
  3880 
  3881 * Proofs of fully specified statements are run in parallel on
  3882 multi-core systems.  A speedup factor of 2.5 to 3.2 can be expected on
  3883 a regular 4-core machine, if the initial heap space is made reasonably
  3884 large (cf. Poly/ML option -H).  (Requires Poly/ML 5.2.1 or later.)
  3885 
  3886 * The main reference manuals ("isar-ref", "implementation", and
  3887 "system") have been updated and extended.  Formally checked references
  3888 as hyperlinks are now available uniformly.
  3889 
  3890 
  3891 *** Pure ***
  3892 
  3893 * Complete re-implementation of locales.  INCOMPATIBILITY in several
  3894 respects.  The most important changes are listed below.  See the
  3895 Tutorial on Locales ("locales" manual) for details.
  3896 
  3897 - In locale expressions, instantiation replaces renaming.  Parameters
  3898 must be declared in a for clause.  To aid compatibility with previous
  3899 parameter inheritance, in locale declarations, parameters that are not
  3900 'touched' (instantiation position "_" or omitted) are implicitly added
  3901 with their syntax at the beginning of the for clause.
  3902 
  3903 - Syntax from abbreviations and definitions in locales is available in
  3904 locale expressions and context elements.  The latter is particularly
  3905 useful in locale declarations.
  3906 
  3907 - More flexible mechanisms to qualify names generated by locale
  3908 expressions.  Qualifiers (prefixes) may be specified in locale
  3909 expressions, and can be marked as mandatory (syntax: "name!:") or
  3910 optional (syntax "name?:").  The default depends for plain "name:"
  3911 depends on the situation where a locale expression is used: in
  3912 commands 'locale' and 'sublocale' prefixes are optional, in
  3913 'interpretation' and 'interpret' prefixes are mandatory.  The old
  3914 implicit qualifiers derived from the parameter names of a locale are
  3915 no longer generated.
  3916 
  3917 - Command "sublocale l < e" replaces "interpretation l < e".  The
  3918 instantiation clause in "interpretation" and "interpret" (square
  3919 brackets) is no longer available.  Use locale expressions.
  3920 
  3921 - When converting proof scripts, mandatory qualifiers in
  3922 'interpretation' and 'interpret' should be retained by default, even
  3923 if this is an INCOMPATIBILITY compared to former behavior.  In the
  3924 worst case, use the "name?:" form for non-mandatory ones.  Qualifiers
  3925 in locale expressions range over a single locale instance only.
  3926 
  3927 - Dropped locale element "includes".  This is a major INCOMPATIBILITY.
  3928 In existing theorem specifications replace the includes element by the
  3929 respective context elements of the included locale, omitting those
  3930 that are already present in the theorem specification.  Multiple
  3931 assume elements of a locale should be replaced by a single one
  3932 involving the locale predicate.  In the proof body, declarations (most
  3933 notably theorems) may be regained by interpreting the respective
  3934 locales in the proof context as required (command "interpret").
  3935 
  3936 If using "includes" in replacement of a target solely because the
  3937 parameter types in the theorem are not as general as in the target,
  3938 consider declaring a new locale with additional type constraints on
  3939 the parameters (context element "constrains").
  3940 
  3941 - Discontinued "locale (open)".  INCOMPATIBILITY.
  3942 
  3943 - Locale interpretation commands no longer attempt to simplify goal.
  3944 INCOMPATIBILITY: in rare situations the generated goal differs.  Use
  3945 methods intro_locales and unfold_locales to clarify.
  3946 
  3947 - Locale interpretation commands no longer accept interpretation
  3948 attributes.  INCOMPATIBILITY.
  3949 
  3950 * Class declaration: so-called "base sort" must not be given in import
  3951 list any longer, but is inferred from the specification.  Particularly
  3952 in HOL, write
  3953 
  3954     class foo = ...
  3955 
  3956 instead of
  3957 
  3958     class foo = type + ...
  3959 
  3960 * Class target: global versions of theorems stemming do not carry a
  3961 parameter prefix any longer.  INCOMPATIBILITY.
  3962 
  3963 * Class 'instance' command no longer accepts attached definitions.
  3964 INCOMPATIBILITY, use proper 'instantiation' target instead.
  3965 
  3966 * Recovered hiding of consts, which was accidentally broken in
  3967 Isabelle2007.  Potential INCOMPATIBILITY, ``hide const c'' really
  3968 makes c inaccessible; consider using ``hide (open) const c'' instead.
  3969 
  3970 * Slightly more coherent Pure syntax, with updated documentation in
  3971 isar-ref manual.  Removed locales meta_term_syntax and
  3972 meta_conjunction_syntax: TERM and &&& (formerly &&) are now permanent,
  3973 INCOMPATIBILITY in rare situations.  Note that &&& should not be used
  3974 directly in regular applications.
  3975 
  3976 * There is a new syntactic category "float_const" for signed decimal
  3977 fractions (e.g. 123.45 or -123.45).
  3978 
  3979 * Removed exotic 'token_translation' command.  INCOMPATIBILITY, use ML
  3980 interface with 'setup' command instead.
  3981 
  3982 * Command 'local_setup' is similar to 'setup', but operates on a local
  3983 theory context.
  3984 
  3985 * The 'axiomatization' command now only works within a global theory
  3986 context.  INCOMPATIBILITY.
  3987 
  3988 * Goal-directed proof now enforces strict proof irrelevance wrt. sort
  3989 hypotheses.  Sorts required in the course of reasoning need to be
  3990 covered by the constraints in the initial statement, completed by the
  3991 type instance information of the background theory.  Non-trivial sort
  3992 hypotheses, which rarely occur in practice, may be specified via
  3993 vacuous propositions of the form SORT_CONSTRAINT('a::c).  For example:
  3994 
  3995   lemma assumes "SORT_CONSTRAINT('a::empty)" shows False ...
  3996 
  3997 The result contains an implicit sort hypotheses as before --
  3998 SORT_CONSTRAINT premises are eliminated as part of the canonical rule
  3999 normalization.
  4000 
  4001 * Generalized Isar history, with support for linear undo, direct state
  4002 addressing etc.
  4003 
  4004 * Changed defaults for unify configuration options:
  4005 
  4006   unify_trace_bound = 50 (formerly 25)
  4007   unify_search_bound = 60 (formerly 30)
  4008 
  4009 * Different bookkeeping for code equations (INCOMPATIBILITY):
  4010 
  4011   a) On theory merge, the last set of code equations for a particular
  4012      constant is taken (in accordance with the policy applied by other
  4013      parts of the code generator framework).
  4014 
  4015   b) Code equations stemming from explicit declarations (e.g. code
  4016      attribute) gain priority over default code equations stemming
  4017      from definition, primrec, fun etc.
  4018 
  4019 * Keyword 'code_exception' now named 'code_abort'.  INCOMPATIBILITY.
  4020 
  4021 * Unified theorem tables for both code generators.  Thus [code
  4022 func] has disappeared and only [code] remains.  INCOMPATIBILITY.
  4023 
  4024 * Command 'find_consts' searches for constants based on type and name
  4025 patterns, e.g.
  4026 
  4027     find_consts "_ => bool"
  4028 
  4029 By default, matching is against subtypes, but it may be restricted to
  4030 the whole type.  Searching by name is possible.  Multiple queries are
  4031 conjunctive and queries may be negated by prefixing them with a
  4032 hyphen:
  4033 
  4034     find_consts strict: "_ => bool" name: "Int" -"int => int"
  4035 
  4036 * New 'find_theorems' criterion "solves" matches theorems that
  4037 directly solve the current goal (modulo higher-order unification).
  4038 
  4039 * Auto solve feature for main theorem statements: whenever a new goal
  4040 is stated, "find_theorems solves" is called; any theorems that could
  4041 solve the lemma directly are listed as part of the goal state.
  4042 Cf. associated options in Proof General Isabelle settings menu,
  4043 enabled by default, with reasonable timeout for pathological cases of
  4044 higher-order unification.
  4045 
  4046 
  4047 *** Document preparation ***
  4048 
  4049 * Antiquotation @{lemma} now imitates a regular terminal proof,
  4050 demanding keyword 'by' and supporting the full method expression
  4051 syntax just like the Isar command 'by'.
  4052 
  4053 
  4054 *** HOL ***
  4055 
  4056 * Integrated main parts of former image HOL-Complex with HOL.  Entry
  4057 points Main and Complex_Main remain as before.
  4058 
  4059 * Logic image HOL-Plain provides a minimal HOL with the most important
  4060 tools available (inductive, datatype, primrec, ...).  This facilitates
  4061 experimentation and tool development.  Note that user applications
  4062 (and library theories) should never refer to anything below theory
  4063 Main, as before.
  4064 
  4065 * Logic image HOL-Main stops at theory Main, and thus facilitates
  4066 experimentation due to shorter build times.
  4067 
  4068 * Logic image HOL-NSA contains theories of nonstandard analysis which
  4069 were previously part of former HOL-Complex.  Entry point Hyperreal
  4070 remains valid, but theories formerly using Complex_Main should now use
  4071 new entry point Hypercomplex.
  4072 
  4073 * Generic ATP manager for Sledgehammer, based on ML threads instead of
  4074 Posix processes.  Avoids potentially expensive forking of the ML
  4075 process.  New thread-based implementation also works on non-Unix
  4076 platforms (Cygwin).  Provers are no longer hardwired, but defined
  4077 within the theory via plain ML wrapper functions.  Basic Sledgehammer
  4078 commands are covered in the isar-ref manual.
  4079 
  4080 * Wrapper scripts for remote SystemOnTPTP service allows to use
  4081 sledgehammer without local ATP installation (Vampire etc.). Other
  4082 provers may be included via suitable ML wrappers, see also
  4083 src/HOL/ATP_Linkup.thy.
  4084 
  4085 * ATP selection (E/Vampire/Spass) is now via Proof General's settings
  4086 menu.
  4087 
  4088 * The metis method no longer fails because the theorem is too trivial
  4089 (contains the empty clause).
  4090 
  4091 * The metis method now fails in the usual manner, rather than raising
  4092 an exception, if it determines that it cannot prove the theorem.
  4093 
  4094 * Method "coherent" implements a prover for coherent logic (see also
  4095 src/Tools/coherent.ML).
  4096 
  4097 * Constants "undefined" and "default" replace "arbitrary".  Usually
  4098 "undefined" is the right choice to replace "arbitrary", though
  4099 logically there is no difference.  INCOMPATIBILITY.
  4100 
  4101 * Command "value" now integrates different evaluation mechanisms.  The
  4102 result of the first successful evaluation mechanism is printed.  In
  4103 square brackets a particular named evaluation mechanisms may be
  4104 specified (currently, [SML], [code] or [nbe]).  See further
  4105 src/HOL/ex/Eval_Examples.thy.
  4106 
  4107 * Normalization by evaluation now allows non-leftlinear equations.
  4108 Declare with attribute [code nbe].
  4109 
  4110 * Methods "case_tac" and "induct_tac" now refer to the very same rules
  4111 as the structured Isar versions "cases" and "induct", cf. the
  4112 corresponding "cases" and "induct" attributes.  Mutual induction rules
  4113 are now presented as a list of individual projections
  4114 (e.g. foo_bar.inducts for types foo and bar); the old format with
  4115 explicit HOL conjunction is no longer supported.  INCOMPATIBILITY, in
  4116 rare situations a different rule is selected --- notably nested tuple
  4117 elimination instead of former prod.exhaust: use explicit (case_tac t
  4118 rule: prod.exhaust) here.
  4119 
  4120 * Attributes "cases", "induct", "coinduct" support "del" option.
  4121 
  4122 * Removed fact "case_split_thm", which duplicates "case_split".
  4123 
  4124 * The option datatype has been moved to a new theory Option.  Renamed
  4125 option_map to Option.map, and o2s to Option.set, INCOMPATIBILITY.
  4126 
  4127 * New predicate "strict_mono" classifies strict functions on partial
  4128 orders.  With strict functions on linear orders, reasoning about
  4129 (in)equalities is facilitated by theorems "strict_mono_eq",
  4130 "strict_mono_less_eq" and "strict_mono_less".
  4131 
  4132 * Some set operations are now proper qualified constants with
  4133 authentic syntax.  INCOMPATIBILITY:
  4134 
  4135     op Int ~>   Set.Int
  4136     op Un ~>    Set.Un
  4137     INTER ~>    Set.INTER
  4138     UNION ~>    Set.UNION
  4139     Inter ~>    Set.Inter
  4140     Union ~>    Set.Union
  4141     {} ~>       Set.empty
  4142     UNIV ~>     Set.UNIV
  4143 
  4144 * Class complete_lattice with operations Inf, Sup, INFI, SUPR now in
  4145 theory Set.
  4146 
  4147 * Auxiliary class "itself" has disappeared -- classes without any
  4148 parameter are treated as expected by the 'class' command.
  4149 
  4150 * Leibnitz's Series for Pi and the arcus tangens and logarithm series.
  4151 
  4152 * Common decision procedures (Cooper, MIR, Ferrack, Approximation,
  4153 Dense_Linear_Order) are now in directory HOL/Decision_Procs.
  4154 
  4155 * Theory src/HOL/Decision_Procs/Approximation provides the new proof
  4156 method "approximation".  It proves formulas on real values by using
  4157 interval arithmetic.  In the formulas are also the transcendental
  4158 functions sin, cos, tan, atan, ln, exp and the constant pi are
  4159 allowed. For examples see
  4160 src/HOL/Descision_Procs/ex/Approximation_Ex.thy.
  4161 
  4162 * Theory "Reflection" now resides in HOL/Library.
  4163 
  4164 * Entry point to Word library now simply named "Word".
  4165 INCOMPATIBILITY.
  4166 
  4167 * Made source layout more coherent with logical distribution
  4168 structure:
  4169 
  4170     src/HOL/Library/RType.thy ~> src/HOL/Typerep.thy
  4171     src/HOL/Library/Code_Message.thy ~> src/HOL/
  4172     src/HOL/Library/GCD.thy ~> src/HOL/
  4173     src/HOL/Library/Order_Relation.thy ~> src/HOL/
  4174     src/HOL/Library/Parity.thy ~> src/HOL/
  4175     src/HOL/Library/Univ_Poly.thy ~> src/HOL/
  4176     src/HOL/Real/ContNotDenum.thy ~> src/HOL/Library/
  4177     src/HOL/Real/Lubs.thy ~> src/HOL/
  4178     src/HOL/Real/PReal.thy ~> src/HOL/
  4179     src/HOL/Real/Rational.thy ~> src/HOL/
  4180     src/HOL/Real/RComplete.thy ~> src/HOL/
  4181     src/HOL/Real/RealDef.thy ~> src/HOL/
  4182     src/HOL/Real/RealPow.thy ~> src/HOL/
  4183     src/HOL/Real/Real.thy ~> src/HOL/
  4184     src/HOL/Complex/Complex_Main.thy ~> src/HOL/
  4185     src/HOL/Complex/Complex.thy ~> src/HOL/
  4186     src/HOL/Complex/FrechetDeriv.thy ~> src/HOL/Library/
  4187     src/HOL/Complex/Fundamental_Theorem_Algebra.thy ~> src/HOL/Library/
  4188     src/HOL/Hyperreal/Deriv.thy ~> src/HOL/
  4189     src/HOL/Hyperreal/Fact.thy ~> src/HOL/
  4190     src/HOL/Hyperreal/Integration.thy ~> src/HOL/
  4191     src/HOL/Hyperreal/Lim.thy ~> src/HOL/
  4192     src/HOL/Hyperreal/Ln.thy ~> src/HOL/
  4193     src/HOL/Hyperreal/Log.thy ~> src/HOL/
  4194     src/HOL/Hyperreal/MacLaurin.thy ~> src/HOL/
  4195     src/HOL/Hyperreal/NthRoot.thy ~> src/HOL/
  4196     src/HOL/Hyperreal/Series.thy ~> src/HOL/
  4197     src/HOL/Hyperreal/SEQ.thy ~> src/HOL/
  4198     src/HOL/Hyperreal/Taylor.thy ~> src/HOL/
  4199     src/HOL/Hyperreal/Transcendental.thy ~> src/HOL/
  4200     src/HOL/Real/Float ~> src/HOL/Library/
  4201     src/HOL/Real/HahnBanach ~> src/HOL/HahnBanach
  4202     src/HOL/Real/RealVector.thy ~> src/HOL/
  4203 
  4204     src/HOL/arith_data.ML ~> src/HOL/Tools
  4205     src/HOL/hologic.ML ~> src/HOL/Tools
  4206     src/HOL/simpdata.ML ~> src/HOL/Tools
  4207     src/HOL/int_arith1.ML ~> src/HOL/Tools/int_arith.ML
  4208     src/HOL/int_factor_simprocs.ML ~> src/HOL/Tools
  4209     src/HOL/nat_simprocs.ML ~> src/HOL/Tools
  4210     src/HOL/Real/float_arith.ML ~> src/HOL/Tools
  4211     src/HOL/Real/float_syntax.ML ~> src/HOL/Tools
  4212     src/HOL/Real/rat_arith.ML ~> src/HOL/Tools
  4213     src/HOL/Real/real_arith.ML ~> src/HOL/Tools
  4214 
  4215     src/HOL/Library/Array.thy ~> src/HOL/Imperative_HOL
  4216     src/HOL/Library/Heap_Monad.thy ~> src/HOL/Imperative_HOL
  4217     src/HOL/Library/Heap.thy ~> src/HOL/Imperative_HOL
  4218     src/HOL/Library/Imperative_HOL.thy ~> src/HOL/Imperative_HOL
  4219     src/HOL/Library/Ref.thy ~> src/HOL/Imperative_HOL
  4220     src/HOL/Library/Relational.thy ~> src/HOL/Imperative_HOL
  4221 
  4222 * If methods "eval" and "evaluation" encounter a structured proof
  4223 state with !!/==>, only the conclusion is evaluated to True (if
  4224 possible), avoiding strange error messages.
  4225 
  4226 * Method "sizechange" automates termination proofs using (a
  4227 modification of) the size-change principle.  Requires SAT solver.  See
  4228 src/HOL/ex/Termination.thy for examples.
  4229 
  4230 * Simplifier: simproc for let expressions now unfolds if bound
  4231 variable occurs at most once in let expression body.  INCOMPATIBILITY.
  4232 
  4233 * Method "arith": Linear arithmetic now ignores all inequalities when
  4234 fast_arith_neq_limit is exceeded, instead of giving up entirely.
  4235 
  4236 * New attribute "arith" for facts that should always be used
  4237 automatically by arithmetic. It is intended to be used locally in
  4238 proofs, e.g.
  4239 
  4240   assumes [arith]: "x > 0"
  4241 
  4242 Global usage is discouraged because of possible performance impact.
  4243 
  4244 * New classes "top" and "bot" with corresponding operations "top" and
  4245 "bot" in theory Orderings; instantiation of class "complete_lattice"
  4246 requires instantiation of classes "top" and "bot".  INCOMPATIBILITY.
  4247 
  4248 * Changed definition lemma "less_fun_def" in order to provide an
  4249 instance for preorders on functions; use lemma "less_le" instead.
  4250 INCOMPATIBILITY.
  4251 
  4252 * Theory Orderings: class "wellorder" moved here, with explicit
  4253 induction rule "less_induct" as assumption.  For instantiation of
  4254 "wellorder" by means of predicate "wf", use rule wf_wellorderI.
  4255 INCOMPATIBILITY.
  4256 
  4257 * Theory Orderings: added class "preorder" as superclass of "order".
  4258 INCOMPATIBILITY: Instantiation proofs for order, linorder
  4259 etc. slightly changed.  Some theorems named order_class.* now named
  4260 preorder_class.*.
  4261 
  4262 * Theory Relation: renamed "refl" to "refl_on", "reflexive" to "refl,
  4263 "diag" to "Id_on".
  4264 
  4265 * Theory Finite_Set: added a new fold combinator of type
  4266 
  4267   ('a => 'b => 'b) => 'b => 'a set => 'b
  4268 
  4269 Occasionally this is more convenient than the old fold combinator
  4270 which is now defined in terms of the new one and renamed to
  4271 fold_image.
  4272 
  4273 * Theories Ring_and_Field and OrderedGroup: The lemmas "group_simps"
  4274 and "ring_simps" have been replaced by "algebra_simps" (which can be
  4275 extended with further lemmas!).  At the moment both still exist but
  4276 the former will disappear at some point.
  4277 
  4278 * Theory Power: Lemma power_Suc is now declared as a simp rule in
  4279 class recpower.  Type-specific simp rules for various recpower types
  4280 have been removed.  INCOMPATIBILITY, rename old lemmas as follows:
  4281 
  4282 rat_power_0    -> power_0
  4283 rat_power_Suc  -> power_Suc
  4284 realpow_0      -> power_0
  4285 realpow_Suc    -> power_Suc
  4286 complexpow_0   -> power_0
  4287 complexpow_Suc -> power_Suc
  4288 power_poly_0   -> power_0
  4289 power_poly_Suc -> power_Suc
  4290 
  4291 * Theories Ring_and_Field and Divides: Definition of "op dvd" has been
  4292 moved to separate class dvd in Ring_and_Field; a couple of lemmas on
  4293 dvd has been generalized to class comm_semiring_1.  Likewise a bunch
  4294 of lemmas from Divides has been generalized from nat to class
  4295 semiring_div.  INCOMPATIBILITY.  This involves the following theorem
  4296 renames resulting from duplicate elimination:
  4297 
  4298     dvd_def_mod ~>          dvd_eq_mod_eq_0
  4299     zero_dvd_iff ~>         dvd_0_left_iff
  4300     dvd_0 ~>                dvd_0_right
  4301     DIVISION_BY_ZERO_DIV ~> div_by_0
  4302     DIVISION_BY_ZERO_MOD ~> mod_by_0
  4303     mult_div ~>             div_mult_self2_is_id
  4304     mult_mod ~>             mod_mult_self2_is_0
  4305 
  4306 * Theory IntDiv: removed many lemmas that are instances of class-based
  4307 generalizations (from Divides and Ring_and_Field).  INCOMPATIBILITY,
  4308 rename old lemmas as follows:
  4309 
  4310 dvd_diff               -> nat_dvd_diff
  4311 dvd_zminus_iff         -> dvd_minus_iff
  4312 mod_add1_eq            -> mod_add_eq
  4313 mod_mult1_eq           -> mod_mult_right_eq
  4314 mod_mult1_eq'          -> mod_mult_left_eq
  4315 mod_mult_distrib_mod   -> mod_mult_eq
  4316 nat_mod_add_left_eq    -> mod_add_left_eq
  4317 nat_mod_add_right_eq   -> mod_add_right_eq
  4318 nat_mod_div_trivial    -> mod_div_trivial
  4319 nat_mod_mod_trivial    -> mod_mod_trivial
  4320 zdiv_zadd_self1        -> div_add_self1
  4321 zdiv_zadd_self2        -> div_add_self2
  4322 zdiv_zmult_self1       -> div_mult_self2_is_id
  4323 zdiv_zmult_self2       -> div_mult_self1_is_id
  4324 zdvd_triv_left         -> dvd_triv_left
  4325 zdvd_triv_right        -> dvd_triv_right
  4326 zdvd_zmult_cancel_disj -> dvd_mult_cancel_left
  4327 zmod_eq0_zdvd_iff      -> dvd_eq_mod_eq_0[symmetric]
  4328 zmod_zadd_left_eq      -> mod_add_left_eq
  4329 zmod_zadd_right_eq     -> mod_add_right_eq
  4330 zmod_zadd_self1        -> mod_add_self1
  4331 zmod_zadd_self2        -> mod_add_self2
  4332 zmod_zadd1_eq          -> mod_add_eq
  4333 zmod_zdiff1_eq         -> mod_diff_eq
  4334 zmod_zdvd_zmod         -> mod_mod_cancel
  4335 zmod_zmod_cancel       -> mod_mod_cancel
  4336 zmod_zmult_self1       -> mod_mult_self2_is_0
  4337 zmod_zmult_self2       -> mod_mult_self1_is_0
  4338 zmod_1                 -> mod_by_1
  4339 zdiv_1                 -> div_by_1
  4340 zdvd_abs1              -> abs_dvd_iff
  4341 zdvd_abs2              -> dvd_abs_iff
  4342 zdvd_refl              -> dvd_refl
  4343 zdvd_trans             -> dvd_trans
  4344 zdvd_zadd              -> dvd_add
  4345 zdvd_zdiff             -> dvd_diff
  4346 zdvd_zminus_iff        -> dvd_minus_iff
  4347 zdvd_zminus2_iff       -> minus_dvd_iff
  4348 zdvd_zmultD            -> dvd_mult_right
  4349 zdvd_zmultD2           -> dvd_mult_left
  4350 zdvd_zmult_mono        -> mult_dvd_mono
  4351 zdvd_0_right           -> dvd_0_right
  4352 zdvd_0_left            -> dvd_0_left_iff
  4353 zdvd_1_left            -> one_dvd
  4354 zminus_dvd_iff         -> minus_dvd_iff
  4355 
  4356 * Theory Rational: 'Fract k 0' now equals '0'.  INCOMPATIBILITY.
  4357 
  4358 * The real numbers offer decimal input syntax: 12.34 is translated
  4359 into 1234/10^2. This translation is not reversed upon output.
  4360 
  4361 * Theory Library/Polynomial defines an abstract type 'a poly of
  4362 univariate polynomials with coefficients of type 'a.  In addition to
  4363 the standard ring operations, it also supports div and mod.  Code
  4364 generation is also supported, using list-style constructors.
  4365 
  4366 * Theory Library/Inner_Product defines a class of real_inner for real
  4367 inner product spaces, with an overloaded operation inner :: 'a => 'a
  4368 => real.  Class real_inner is a subclass of real_normed_vector from
  4369 theory RealVector.
  4370 
  4371 * Theory Library/Product_Vector provides instances for the product
  4372 type 'a * 'b of several classes from RealVector and Inner_Product.
  4373 Definitions of addition, subtraction, scalar multiplication, norms,
  4374 and inner products are included.
  4375 
  4376 * Theory Library/Bit defines the field "bit" of integers modulo 2.  In
  4377 addition to the field operations, numerals and case syntax are also
  4378 supported.
  4379 
  4380 * Theory Library/Diagonalize provides constructive version of Cantor's
  4381 first diagonalization argument.
  4382 
  4383 * Theory Library/GCD: Curried operations gcd, lcm (for nat) and zgcd,
  4384 zlcm (for int); carried together from various gcd/lcm developements in
  4385 the HOL Distribution.  Constants zgcd and zlcm replace former igcd and
  4386 ilcm; corresponding theorems renamed accordingly.  INCOMPATIBILITY,
  4387 may recover tupled syntax as follows:
  4388 
  4389     hide (open) const gcd
  4390     abbreviation gcd where
  4391       "gcd == (%(a, b). GCD.gcd a b)"
  4392     notation (output)
  4393       GCD.gcd ("gcd '(_, _')")
  4394 
  4395 The same works for lcm, zgcd, zlcm.
  4396 
  4397 * Theory Library/Nat_Infinity: added addition, numeral syntax and more
  4398 instantiations for algebraic structures.  Removed some duplicate
  4399 theorems.  Changes in simp rules.  INCOMPATIBILITY.
  4400 
  4401 * ML antiquotation @{code} takes a constant as argument and generates
  4402 corresponding code in background and inserts name of the corresponding
  4403 resulting ML value/function/datatype constructor binding in place.
  4404 All occurrences of @{code} with a single ML block are generated
  4405 simultaneously.  Provides a generic and safe interface for
  4406 instrumentalizing code generation.  See
  4407 src/HOL/Decision_Procs/Ferrack.thy for a more ambitious application.
  4408 In future you ought to refrain from ad-hoc compiling generated SML
  4409 code on the ML toplevel.  Note that (for technical reasons) @{code}
  4410 cannot refer to constants for which user-defined serializations are
  4411 set.  Refer to the corresponding ML counterpart directly in that
  4412 cases.
  4413 
  4414 * Command 'rep_datatype': instead of theorem names the command now
  4415 takes a list of terms denoting the constructors of the type to be
  4416 represented as datatype.  The characteristic theorems have to be
  4417 proven.  INCOMPATIBILITY.  Also observe that the following theorems
  4418 have disappeared in favour of existing ones:
  4419 
  4420     unit_induct                 ~> unit.induct
  4421     prod_induct                 ~> prod.induct
  4422     sum_induct                  ~> sum.induct
  4423     Suc_Suc_eq                  ~> nat.inject
  4424     Suc_not_Zero Zero_not_Suc   ~> nat.distinct
  4425 
  4426 
  4427 *** HOL-Algebra ***
  4428 
  4429 * New locales for orders and lattices where the equivalence relation
  4430 is not restricted to equality.  INCOMPATIBILITY: all order and lattice
  4431 locales use a record structure with field eq for the equivalence.
  4432 
  4433 * New theory of factorial domains.
  4434 
  4435 * Units_l_inv and Units_r_inv are now simp rules by default.
  4436 INCOMPATIBILITY.  Simplifier proof that require deletion of l_inv
  4437 and/or r_inv will now also require deletion of these lemmas.
  4438 
  4439 * Renamed the following theorems, INCOMPATIBILITY:
  4440 
  4441 UpperD ~> Upper_memD
  4442 LowerD ~> Lower_memD
  4443 least_carrier ~> least_closed
  4444 greatest_carrier ~> greatest_closed
  4445 greatest_Lower_above ~> greatest_Lower_below
  4446 one_zero ~> carrier_one_zero
  4447 one_not_zero ~> carrier_one_not_zero  (collision with assumption)
  4448 
  4449 
  4450 *** HOL-Nominal ***
  4451 
  4452 * Nominal datatypes can now contain type-variables.
  4453 
  4454 * Commands 'nominal_inductive' and 'equivariance' work with local
  4455 theory targets.
  4456 
  4457 * Nominal primrec can now works with local theory targets and its
  4458 specification syntax now conforms to the general format as seen in
  4459 'inductive' etc.
  4460 
  4461 * Method "perm_simp" honours the standard simplifier attributes
  4462 (no_asm), (no_asm_use) etc.
  4463 
  4464 * The new predicate #* is defined like freshness, except that on the
  4465 left hand side can be a set or list of atoms.
  4466 
  4467 * Experimental command 'nominal_inductive2' derives strong induction
  4468 principles for inductive definitions.  In contrast to
  4469 'nominal_inductive', which can only deal with a fixed number of
  4470 binders, it can deal with arbitrary expressions standing for sets of
  4471 atoms to be avoided.  The only inductive definition we have at the
  4472 moment that needs this generalisation is the typing rule for Lets in
  4473 the algorithm W:
  4474 
  4475  Gamma |- t1 : T1   (x,close Gamma T1)::Gamma |- t2 : T2   x#Gamma
  4476  -----------------------------------------------------------------
  4477          Gamma |- Let x be t1 in t2 : T2
  4478 
  4479 In this rule one wants to avoid all the binders that are introduced by
  4480 "close Gamma T1".  We are looking for other examples where this
  4481 feature might be useful.  Please let us know.
  4482 
  4483 
  4484 *** HOLCF ***
  4485 
  4486 * Reimplemented the simplification procedure for proving continuity
  4487 subgoals.  The new simproc is extensible; users can declare additional
  4488 continuity introduction rules with the attribute [cont2cont].
  4489 
  4490 * The continuity simproc now uses a different introduction rule for
  4491 solving continuity subgoals on terms with lambda abstractions.  In
  4492 some rare cases the new simproc may fail to solve subgoals that the
  4493 old one could solve, and "simp add: cont2cont_LAM" may be necessary.
  4494 Potential INCOMPATIBILITY.
  4495 
  4496 * Command 'fixrec': specification syntax now conforms to the general
  4497 format as seen in 'inductive' etc.  See src/HOLCF/ex/Fixrec_ex.thy for
  4498 examples.  INCOMPATIBILITY.
  4499 
  4500 
  4501 *** ZF ***
  4502 
  4503 * Proof of Zorn's Lemma for partial orders.
  4504 
  4505 
  4506 *** ML ***
  4507 
  4508 * Multithreading for Poly/ML 5.1/5.2 is no longer supported, only for
  4509 Poly/ML 5.2.1 or later.  Important note: the TimeLimit facility
  4510 depends on multithreading, so timouts will not work before Poly/ML
  4511 5.2.1!
  4512 
  4513 * High-level support for concurrent ML programming, see
  4514 src/Pure/Cuncurrent.  The data-oriented model of "future values" is
  4515 particularly convenient to organize independent functional
  4516 computations.  The concept of "synchronized variables" provides a
  4517 higher-order interface for components with shared state, avoiding the
  4518 delicate details of mutexes and condition variables.  (Requires
  4519 Poly/ML 5.2.1 or later.)
  4520 
  4521 * ML bindings produced via Isar commands are stored within the Isar
  4522 context (theory or proof).  Consequently, commands like 'use' and 'ML'
  4523 become thread-safe and work with undo as expected (concerning
  4524 top-level bindings, not side-effects on global references).
  4525 INCOMPATIBILITY, need to provide proper Isar context when invoking the
  4526 compiler at runtime; really global bindings need to be given outside a
  4527 theory.  (Requires Poly/ML 5.2 or later.)
  4528 
  4529 * Command 'ML_prf' is analogous to 'ML' but works within a proof
  4530 context.  Top-level ML bindings are stored within the proof context in
  4531 a purely sequential fashion, disregarding the nested proof structure.
  4532 ML bindings introduced by 'ML_prf' are discarded at the end of the
  4533 proof.  (Requires Poly/ML 5.2 or later.)
  4534 
  4535 * Simplified ML attribute and method setup, cf. functions Attrib.setup
  4536 and Method.setup, as well as Isar commands 'attribute_setup' and
  4537 'method_setup'.  INCOMPATIBILITY for 'method_setup', need to simplify
  4538 existing code accordingly, or use plain 'setup' together with old
  4539 Method.add_method.
  4540 
  4541 * Simplified ML oracle interface Thm.add_oracle promotes 'a -> cterm
  4542 to 'a -> thm, while results are always tagged with an authentic oracle
  4543 name.  The Isar command 'oracle' is now polymorphic, no argument type
  4544 is specified.  INCOMPATIBILITY, need to simplify existing oracle code
  4545 accordingly.  Note that extra performance may be gained by producing
  4546 the cterm carefully, avoiding slow Thm.cterm_of.
  4547 
  4548 * Simplified interface for defining document antiquotations via
  4549 ThyOutput.antiquotation, ThyOutput.output, and optionally
  4550 ThyOutput.maybe_pretty_source.  INCOMPATIBILITY, need to simplify user
  4551 antiquotations accordingly, see src/Pure/Thy/thy_output.ML for common
  4552 examples.
  4553 
  4554 * More systematic treatment of long names, abstract name bindings, and
  4555 name space operations.  Basic operations on qualified names have been
  4556 move from structure NameSpace to Long_Name, e.g. Long_Name.base_name,
  4557 Long_Name.append.  Old type bstring has been mostly replaced by
  4558 abstract type binding (see structure Binding), which supports precise
  4559 qualification by packages and local theory targets, as well as proper
  4560 tracking of source positions.  INCOMPATIBILITY, need to wrap old
  4561 bstring values into Binding.name, or better pass through abstract
  4562 bindings everywhere.  See further src/Pure/General/long_name.ML,
  4563 src/Pure/General/binding.ML and src/Pure/General/name_space.ML
  4564 
  4565 * Result facts (from PureThy.note_thms, ProofContext.note_thms,
  4566 LocalTheory.note etc.) now refer to the *full* internal name, not the
  4567 bstring as before.  INCOMPATIBILITY, not detected by ML type-checking!
  4568 
  4569 * Disposed old type and term read functions (Sign.read_def_typ,
  4570 Sign.read_typ, Sign.read_def_terms, Sign.read_term,
  4571 Thm.read_def_cterms, Thm.read_cterm etc.).  INCOMPATIBILITY, should
  4572 use regular Syntax.read_typ, Syntax.read_term, Syntax.read_typ_global,
  4573 Syntax.read_term_global etc.; see also OldGoals.read_term as last
  4574 resort for legacy applications.
  4575 
  4576 * Disposed old declarations, tactics, tactic combinators that refer to
  4577 the simpset or claset of an implicit theory (such as Addsimps,
  4578 Simp_tac, SIMPSET).  INCOMPATIBILITY, should use @{simpset} etc. in
  4579 embedded ML text, or local_simpset_of with a proper context passed as
  4580 explicit runtime argument.
  4581 
  4582 * Rules and tactics that read instantiations (read_instantiate,
  4583 res_inst_tac, thin_tac, subgoal_tac etc.) now demand a proper proof
  4584 context, which is required for parsing and type-checking.  Moreover,
  4585 the variables are specified as plain indexnames, not string encodings
  4586 thereof.  INCOMPATIBILITY.
  4587 
  4588 * Generic Toplevel.add_hook interface allows to analyze the result of
  4589 transactions.  E.g. see src/Pure/ProofGeneral/proof_general_pgip.ML
  4590 for theorem dependency output of transactions resulting in a new
  4591 theory state.
  4592 
  4593 * ML antiquotations: block-structured compilation context indicated by
  4594 \<lbrace> ... \<rbrace>; additional antiquotation forms:
  4595 
  4596   @{binding name}                         - basic name binding
  4597   @{let ?pat = term}                      - term abbreviation (HO matching)
  4598   @{note name = fact}                     - fact abbreviation
  4599   @{thm fact}                             - singleton fact (with attributes)
  4600   @{thms fact}                            - general fact (with attributes)
  4601   @{lemma prop by method}                 - singleton goal
  4602   @{lemma prop by meth1 meth2}            - singleton goal
  4603   @{lemma prop1 ... propN by method}      - general goal
  4604   @{lemma prop1 ... propN by meth1 meth2} - general goal
  4605   @{lemma (open) ...}                     - open derivation
  4606 
  4607 
  4608 *** System ***
  4609 
  4610 * The Isabelle "emacs" tool provides a specific interface to invoke
  4611 Proof General / Emacs, with more explicit failure if that is not
  4612 installed (the old isabelle-interface script silently falls back on
  4613 isabelle-process).  The PROOFGENERAL_HOME setting determines the
  4614 installation location of the Proof General distribution.
  4615 
  4616 * Isabelle/lib/classes/Pure.jar provides basic support to integrate
  4617 the Isabelle process into a JVM/Scala application.  See
  4618 Isabelle/lib/jedit/plugin for a minimal example.  (The obsolete Java
  4619 process wrapper has been discontinued.)
  4620 
  4621 * Added homegrown Isabelle font with unicode layout, see lib/fonts.
  4622 
  4623 * Various status messages (with exact source position information) are
  4624 emitted, if proper markup print mode is enabled.  This allows
  4625 user-interface components to provide detailed feedback on internal
  4626 prover operations.
  4627 
  4628 
  4629 
  4630 New in Isabelle2008 (June 2008)
  4631 -------------------------------
  4632 
  4633 *** General ***
  4634 
  4635 * The Isabelle/Isar Reference Manual (isar-ref) has been reorganized
  4636 and updated, with formally checked references as hyperlinks.
  4637 
  4638 * Theory loader: use_thy (and similar operations) no longer set the
  4639 implicit ML context, which was occasionally hard to predict and in
  4640 conflict with concurrency.  INCOMPATIBILITY, use ML within Isar which
  4641 provides a proper context already.
  4642 
  4643 * Theory loader: old-style ML proof scripts being *attached* to a thy
  4644 file are no longer supported.  INCOMPATIBILITY, regular 'uses' and
  4645 'use' within a theory file will do the job.
  4646 
  4647 * Name space merge now observes canonical order, i.e. the second space
  4648 is inserted into the first one, while existing entries in the first
  4649 space take precedence.  INCOMPATIBILITY in rare situations, may try to
  4650 swap theory imports.
  4651 
  4652 * Syntax: symbol \<chi> is now considered a letter.  Potential
  4653 INCOMPATIBILITY in identifier syntax etc.
  4654 
  4655 * Outer syntax: string tokens no longer admit escaped white space,
  4656 which was an accidental (undocumented) feature.  INCOMPATIBILITY, use
  4657 white space without escapes.
  4658 
  4659 * Outer syntax: string tokens may contain arbitrary character codes
  4660 specified via 3 decimal digits (as in SML).  E.g. "foo\095bar" for
  4661 "foo_bar".
  4662 
  4663 
  4664 *** Pure ***
  4665 
  4666 * Context-dependent token translations.  Default setup reverts locally
  4667 fixed variables, and adds hilite markup for undeclared frees.
  4668 
  4669 * Unused theorems can be found using the new command 'unused_thms'.
  4670 There are three ways of invoking it:
  4671 
  4672 (1) unused_thms
  4673      Only finds unused theorems in the current theory.
  4674 
  4675 (2) unused_thms thy_1 ... thy_n -
  4676      Finds unused theorems in the current theory and all of its ancestors,
  4677      excluding the theories thy_1 ... thy_n and all of their ancestors.
  4678 
  4679 (3) unused_thms thy_1 ... thy_n - thy'_1 ... thy'_m
  4680      Finds unused theorems in the theories thy'_1 ... thy'_m and all of
  4681      their ancestors, excluding the theories thy_1 ... thy_n and all of
  4682      their ancestors.
  4683 
  4684 In order to increase the readability of the list produced by
  4685 unused_thms, theorems that have been created by a particular instance
  4686 of a theory command such as 'inductive' or 'function' are considered
  4687 to belong to the same "group", meaning that if at least one theorem in
  4688 this group is used, the other theorems in the same group are no longer
  4689 reported as unused.  Moreover, if all theorems in the group are
  4690 unused, only one theorem in the group is displayed.
  4691 
  4692 Note that proof objects have to be switched on in order for
  4693 unused_thms to work properly (i.e. !proofs must be >= 1, which is
  4694 usually the case when using Proof General with the default settings).
  4695 
  4696 * Authentic naming of facts disallows ad-hoc overwriting of previous
  4697 theorems within the same name space.  INCOMPATIBILITY, need to remove
  4698 duplicate fact bindings, or even accidental fact duplications.  Note
  4699 that tools may maintain dynamically scoped facts systematically, using
  4700 PureThy.add_thms_dynamic.
  4701 
  4702 * Command 'hide' now allows to hide from "fact" name space as well.
  4703 
  4704 * Eliminated destructive theorem database, simpset, claset, and
  4705 clasimpset.  Potential INCOMPATIBILITY, really need to observe linear
  4706 update of theories within ML code.
  4707 
  4708 * Eliminated theory ProtoPure and CPure, leaving just one Pure theory.
  4709 INCOMPATIBILITY, object-logics depending on former Pure require
  4710 additional setup PureThy.old_appl_syntax_setup; object-logics
  4711 depending on former CPure need to refer to Pure.
  4712 
  4713 * Commands 'use' and 'ML' are now purely functional, operating on
  4714 theory/local_theory.  Removed former 'ML_setup' (on theory), use 'ML'
  4715 instead.  Added 'ML_val' as mere diagnostic replacement for 'ML'.
  4716 INCOMPATIBILITY.
  4717 
  4718 * Command 'setup': discontinued implicit version with ML reference.
  4719 
  4720 * Instantiation target allows for simultaneous specification of class
  4721 instance operations together with an instantiation proof.
  4722 Type-checking phase allows to refer to class operations uniformly.
  4723 See src/HOL/Complex/Complex.thy for an Isar example and
  4724 src/HOL/Library/Eval.thy for an ML example.
  4725 
  4726 * Indexing of literal facts: be more serious about including only
  4727 facts from the visible specification/proof context, but not the
  4728 background context (locale etc.).  Affects `prop` notation and method
  4729 "fact".  INCOMPATIBILITY: need to name facts explicitly in rare
  4730 situations.
  4731 
  4732 * Method "cases", "induct", "coinduct": removed obsolete/undocumented
  4733 "(open)" option, which used to expose internal bound variables to the
  4734 proof text.
  4735 
  4736 * Isar statements: removed obsolete case "rule_context".
  4737 INCOMPATIBILITY, better use explicit fixes/assumes.
  4738 
  4739 * Locale proofs: default proof step now includes 'unfold_locales';
  4740 hence 'proof' without argument may be used to unfold locale
  4741 predicates.
  4742 
  4743 
  4744 *** Document preparation ***
  4745 
  4746 * Simplified pdfsetup.sty: color/hyperref is used unconditionally for
  4747 both pdf and dvi (hyperlinks usually work in xdvi as well); removed
  4748 obsolete thumbpdf setup (contemporary PDF viewers do this on the
  4749 spot); renamed link color from "darkblue" to "linkcolor" (default
  4750 value unchanged, can be redefined via \definecolor); no longer sets
  4751 "a4paper" option (unnecessary or even intrusive).
  4752 
  4753 * Antiquotation @{lemma A method} proves proposition A by the given
  4754 method (either a method name or a method name plus (optional) method
  4755 arguments in parentheses) and prints A just like @{prop A}.
  4756 
  4757 
  4758 *** HOL ***
  4759 
  4760 * New primrec package.  Specification syntax conforms in style to
  4761 definition/function/....  No separate induction rule is provided.  The
  4762 "primrec" command distinguishes old-style and new-style specifications
  4763 by syntax.  The former primrec package is now named OldPrimrecPackage.
  4764 When adjusting theories, beware: constants stemming from new-style
  4765 primrec specifications have authentic syntax.
  4766 
  4767 * Metis prover is now an order of magnitude faster, and also works
  4768 with multithreading.
  4769 
  4770 * Metis: the maximum number of clauses that can be produced from a
  4771 theorem is now given by the attribute max_clauses.  Theorems that
  4772 exceed this number are ignored, with a warning printed.
  4773 
  4774 * Sledgehammer no longer produces structured proofs by default. To
  4775 enable, declare [[sledgehammer_full = true]].  Attributes
  4776 reconstruction_modulus, reconstruction_sorts renamed
  4777 sledgehammer_modulus, sledgehammer_sorts.  INCOMPATIBILITY.
  4778 
  4779 * Method "induct_scheme" derives user-specified induction rules
  4780 from well-founded induction and completeness of patterns. This factors
  4781 out some operations that are done internally by the function package
  4782 and makes them available separately.  See
  4783 src/HOL/ex/Induction_Scheme.thy for examples.
  4784 
  4785 * More flexible generation of measure functions for termination
  4786 proofs: Measure functions can be declared by proving a rule of the
  4787 form "is_measure f" and giving it the [measure_function] attribute.
  4788 The "is_measure" predicate is logically meaningless (always true), and
  4789 just guides the heuristic.  To find suitable measure functions, the
  4790 termination prover sets up the goal "is_measure ?f" of the appropriate
  4791 type and generates all solutions by prolog-style backwards proof using
  4792 the declared rules.
  4793 
  4794 This setup also deals with rules like
  4795 
  4796   "is_measure f ==> is_measure (list_size f)"
  4797 
  4798 which accommodates nested datatypes that recurse through lists.
  4799 Similar rules are predeclared for products and option types.
  4800 
  4801 * Turned the type of sets "'a set" into an abbreviation for "'a => bool"
  4802 
  4803   INCOMPATIBILITIES:
  4804 
  4805   - Definitions of overloaded constants on sets have to be replaced by
  4806     definitions on => and bool.
  4807 
  4808   - Some definitions of overloaded operators on sets can now be proved
  4809     using the definitions of the operators on => and bool.  Therefore,
  4810     the following theorems have been renamed:
  4811 
  4812       subset_def   -> subset_eq
  4813       psubset_def  -> psubset_eq
  4814       set_diff_def -> set_diff_eq
  4815       Compl_def    -> Compl_eq
  4816       Sup_set_def  -> Sup_set_eq
  4817       Inf_set_def  -> Inf_set_eq
  4818       sup_set_def  -> sup_set_eq
  4819       inf_set_def  -> inf_set_eq
  4820 
  4821   - Due to the incompleteness of the HO unification algorithm, some
  4822     rules such as subst may require manual instantiation, if some of
  4823     the unknowns in the rule is a set.
  4824 
  4825   - Higher order unification and forward proofs:
  4826     The proof pattern
  4827 
  4828       have "P (S::'a set)" <...>
  4829       then have "EX S. P S" ..
  4830 
  4831     no longer works (due to the incompleteness of the HO unification
  4832     algorithm) and must be replaced by the pattern
  4833 
  4834       have "EX S. P S"
  4835       proof
  4836         show "P S" <...>
  4837       qed
  4838 
  4839   - Calculational reasoning with subst (or similar rules):
  4840     The proof pattern
  4841 
  4842       have "P (S::'a set)" <...>
  4843       also have "S = T" <...>
  4844       finally have "P T" .
  4845 
  4846     no longer works (for similar reasons as the previous example) and
  4847     must be replaced by something like
  4848 
  4849       have "P (S::'a set)" <...>
  4850       moreover have "S = T" <...>
  4851       ultimately have "P T" by simp
  4852 
  4853   - Tactics or packages written in ML code:
  4854     Code performing pattern matching on types via
  4855 
  4856       Type ("set", [T]) => ...
  4857 
  4858     must be rewritten. Moreover, functions like strip_type or
  4859     binder_types no longer return the right value when applied to a
  4860     type of the form
  4861 
  4862       T1 => ... => Tn => U => bool
  4863 
  4864     rather than
  4865 
  4866       T1 => ... => Tn => U set
  4867 
  4868 * Merged theories Wellfounded_Recursion, Accessible_Part and
  4869 Wellfounded_Relations to theory Wellfounded.
  4870 
  4871 * Explicit class "eq" for executable equality.  INCOMPATIBILITY.
  4872 
  4873 * Class finite no longer treats UNIV as class parameter.  Use class
  4874 enum from theory Library/Enum instead to achieve a similar effect.
  4875 INCOMPATIBILITY.
  4876 
  4877 * Theory List: rule list_induct2 now has explicitly named cases "Nil"
  4878 and "Cons".  INCOMPATIBILITY.
  4879 
  4880 * HOL (and FOL): renamed variables in rules imp_elim and swap.
  4881 Potential INCOMPATIBILITY.
  4882 
  4883 * Theory Product_Type: duplicated lemmas split_Pair_apply and
  4884 injective_fst_snd removed, use split_eta and prod_eqI instead.
  4885 Renamed upd_fst to apfst and upd_snd to apsnd.  INCOMPATIBILITY.
  4886 
  4887 * Theory Nat: removed redundant lemmas that merely duplicate lemmas of
  4888 the same name in theory Orderings:
  4889 
  4890   less_trans
  4891   less_linear
  4892   le_imp_less_or_eq
  4893   le_less_trans
  4894   less_le_trans
  4895   less_not_sym
  4896   less_asym
  4897 
  4898 Renamed less_imp_le to less_imp_le_nat, and less_irrefl to
  4899 less_irrefl_nat.  Potential INCOMPATIBILITY due to more general types
  4900 and different variable names.
  4901 
  4902 * Library/Option_ord.thy: Canonical order on option type.
  4903 
  4904 * Library/RBT.thy: Red-black trees, an efficient implementation of
  4905 finite maps.
  4906 
  4907 * Library/Countable.thy: Type class for countable types.
  4908 
  4909 * Theory Int: The representation of numerals has changed.  The infix
  4910 operator BIT and the bit datatype with constructors B0 and B1 have
  4911 disappeared.  INCOMPATIBILITY, use "Int.Bit0 x" and "Int.Bit1 y" in
  4912 place of "x BIT bit.B0" and "y BIT bit.B1", respectively.  Theorems
  4913 involving BIT, B0, or B1 have been renamed with "Bit0" or "Bit1"
  4914 accordingly.
  4915 
  4916 * Theory Nat: definition of <= and < on natural numbers no longer
  4917 depend on well-founded relations.  INCOMPATIBILITY.  Definitions
  4918 le_def and less_def have disappeared.  Consider lemmas not_less
  4919 [symmetric, where ?'a = nat] and less_eq [symmetric] instead.
  4920 
  4921 * Theory Finite_Set: locales ACf, ACe, ACIf, ACIfSL and ACIfSLlin
  4922 (whose purpose mainly is for various fold_set functionals) have been
  4923 abandoned in favor of the existing algebraic classes
  4924 ab_semigroup_mult, comm_monoid_mult, ab_semigroup_idem_mult,
  4925 lower_semilattice (resp. upper_semilattice) and linorder.
  4926 INCOMPATIBILITY.
  4927 
  4928 * Theory Transitive_Closure: induct and cases rules now declare proper
  4929 case_names ("base" and "step").  INCOMPATIBILITY.
  4930 
  4931 * Theorem Inductive.lfp_ordinal_induct generalized to complete
  4932 lattices.  The form set-specific version is available as
  4933 Inductive.lfp_ordinal_induct_set.
  4934 
  4935 * Renamed theorems "power.simps" to "power_int.simps".
  4936 INCOMPATIBILITY.
  4937 
  4938 * Class semiring_div provides basic abstract properties of semirings
  4939 with division and modulo operations.  Subsumes former class dvd_mod.
  4940 
  4941 * Merged theories IntDef, Numeral and IntArith into unified theory
  4942 Int.  INCOMPATIBILITY.
  4943 
  4944 * Theory Library/Code_Index: type "index" now represents natural
  4945 numbers rather than integers.  INCOMPATIBILITY.
  4946 
  4947 * New class "uminus" with operation "uminus" (split of from class
  4948 "minus" which now only has operation "minus", binary).
  4949 INCOMPATIBILITY.
  4950 
  4951 * Constants "card", "internal_split", "option_map" now with authentic
  4952 syntax.  INCOMPATIBILITY.
  4953 
  4954 * Definitions subset_def, psubset_def, set_diff_def, Compl_def,
  4955 le_bool_def, less_bool_def, le_fun_def, less_fun_def, inf_bool_def,
  4956 sup_bool_def, Inf_bool_def, Sup_bool_def, inf_fun_def, sup_fun_def,
  4957 Inf_fun_def, Sup_fun_def, inf_set_def, sup_set_def, Inf_set_def,
  4958 Sup_set_def, le_def, less_def, option_map_def now with object
  4959 equality.  INCOMPATIBILITY.
  4960 
  4961 * Records. Removed K_record, and replaced it by pure lambda term
  4962 %x. c. The simplifier setup is now more robust against eta expansion.
  4963 INCOMPATIBILITY: in cases explicitly referring to K_record.
  4964 
  4965 * Library/Multiset: {#a, b, c#} abbreviates {#a#} + {#b#} + {#c#}.
  4966 
  4967 * Library/ListVector: new theory of arithmetic vector operations.
  4968 
  4969 * Library/Order_Relation: new theory of various orderings as sets of
  4970 pairs.  Defines preorders, partial orders, linear orders and
  4971 well-orders on sets and on types.
  4972 
  4973 
  4974 *** ZF ***
  4975 
  4976 * Renamed some theories to allow to loading both ZF and HOL in the
  4977 same session:
  4978 
  4979   Datatype  -> Datatype_ZF
  4980   Inductive -> Inductive_ZF
  4981   Int       -> Int_ZF
  4982   IntDiv    -> IntDiv_ZF
  4983   Nat       -> Nat_ZF
  4984   List      -> List_ZF
  4985   Main      -> Main_ZF
  4986 
  4987 INCOMPATIBILITY: ZF theories that import individual theories below
  4988 Main might need to be adapted.  Regular theory Main is still
  4989 available, as trivial extension of Main_ZF.
  4990 
  4991 
  4992 *** ML ***
  4993 
  4994 * ML within Isar: antiquotation @{const name} or @{const
  4995 name(typargs)} produces statically-checked Const term.
  4996 
  4997 * Functor NamedThmsFun: data is available to the user as dynamic fact
  4998 (of the same name).  Removed obsolete print command.
  4999 
  5000 * Removed obsolete "use_legacy_bindings" function.
  5001 
  5002 * The ``print mode'' is now a thread-local value derived from a global
  5003 template (the former print_mode reference), thus access becomes
  5004 non-critical.  The global print_mode reference is for session
  5005 management only; user-code should use print_mode_value,
  5006 print_mode_active, PrintMode.setmp etc.  INCOMPATIBILITY.
  5007 
  5008 * Functions system/system_out provide a robust way to invoke external
  5009 shell commands, with propagation of interrupts (requires Poly/ML
  5010 5.2.1).  Do not use OS.Process.system etc. from the basis library!
  5011 
  5012 
  5013 *** System ***
  5014 
  5015 * Default settings: PROOFGENERAL_OPTIONS no longer impose xemacs ---
  5016 in accordance with Proof General 3.7, which prefers GNU emacs.
  5017 
  5018 * isatool tty runs Isabelle process with plain tty interaction;
  5019 optional line editor may be specified via ISABELLE_LINE_EDITOR
  5020 setting, the default settings attempt to locate "ledit" and "rlwrap".
  5021 
  5022 * isatool browser now works with Cygwin as well, using general
  5023 "javapath" function defined in Isabelle process environment.
  5024 
  5025 * YXML notation provides a simple and efficient alternative to
  5026 standard XML transfer syntax.  See src/Pure/General/yxml.ML and
  5027 isatool yxml as described in the Isabelle system manual.
  5028 
  5029 * JVM class isabelle.IsabelleProcess (located in Isabelle/lib/classes)
  5030 provides general wrapper for managing an Isabelle process in a robust
  5031 fashion, with ``cooked'' output from stdin/stderr.
  5032 
  5033 * Rudimentary Isabelle plugin for jEdit (see Isabelle/lib/jedit),
  5034 based on Isabelle/JVM process wrapper (see Isabelle/lib/classes).
  5035 
  5036 * Removed obsolete THIS_IS_ISABELLE_BUILD feature.  NB: the documented
  5037 way of changing the user's settings is via
  5038 ISABELLE_HOME_USER/etc/settings, which is a fully featured bash
  5039 script.
  5040 
  5041 * Multithreading.max_threads := 0 refers to the number of actual CPU
  5042 cores of the underlying machine, which is a good starting point for
  5043 optimal performance tuning.  The corresponding usedir option -M allows
  5044 "max" as an alias for "0".  WARNING: does not work on certain versions
  5045 of Mac OS (with Poly/ML 5.1).
  5046 
  5047 * isabelle-process: non-ML sessions are run with "nice", to reduce the
  5048 adverse effect of Isabelle flooding interactive front-ends (notably
  5049 ProofGeneral / XEmacs).
  5050 
  5051 
  5052 
  5053 New in Isabelle2007 (November 2007)
  5054 -----------------------------------
  5055 
  5056 *** General ***
  5057 
  5058 * More uniform information about legacy features, notably a
  5059 warning/error of "Legacy feature: ...", depending on the state of the
  5060 tolerate_legacy_features flag (default true). FUTURE INCOMPATIBILITY:
  5061 legacy features will disappear eventually.
  5062 
  5063 * Theory syntax: the header format ``theory A = B + C:'' has been
  5064 discontinued in favour of ``theory A imports B C begin''.  Use isatool
  5065 fixheaders to convert existing theory files.  INCOMPATIBILITY.
  5066 
  5067 * Theory syntax: the old non-Isar theory file format has been
  5068 discontinued altogether.  Note that ML proof scripts may still be used
  5069 with Isar theories; migration is usually quite simple with the ML
  5070 function use_legacy_bindings.  INCOMPATIBILITY.
  5071 
  5072 * Theory syntax: some popular names (e.g. 'class', 'declaration',
  5073 'fun', 'help', 'if') are now keywords.  INCOMPATIBILITY, use double
  5074 quotes.
  5075 
  5076 * Theory loader: be more serious about observing the static theory
  5077 header specifications (including optional directories), but not the
  5078 accidental file locations of previously successful loads.  The strict
  5079 update policy of former update_thy is now already performed by
  5080 use_thy, so the former has been removed; use_thys updates several
  5081 theories simultaneously, just as 'imports' within a theory header
  5082 specification, but without merging the results.  Potential
  5083 INCOMPATIBILITY: may need to refine theory headers and commands
  5084 ROOT.ML which depend on load order.
  5085 
  5086 * Theory loader: optional support for content-based file
  5087 identification, instead of the traditional scheme of full physical
  5088 path plus date stamp; configured by the ISABELLE_FILE_IDENT setting
  5089 (cf. the system manual).  The new scheme allows to work with
  5090 non-finished theories in persistent session images, such that source
  5091 files may be moved later on without requiring reloads.
  5092 
  5093 * Theory loader: old-style ML proof scripts being *attached* to a thy
  5094 file (with the same base name as the theory) are considered a legacy
  5095 feature, which will disappear eventually. Even now, the theory loader
  5096 no longer maintains dependencies on such files.
  5097 
  5098 * Syntax: the scope for resolving ambiguities via type-inference is
  5099 now limited to individual terms, instead of whole simultaneous
  5100 specifications as before. This greatly reduces the complexity of the
  5101 syntax module and improves flexibility by separating parsing and
  5102 type-checking. INCOMPATIBILITY: additional type-constraints (explicit
  5103 'fixes' etc.) are required in rare situations.
  5104 
  5105 * Syntax: constants introduced by new-style packages ('definition',
  5106 'abbreviation' etc.) are passed through the syntax module in
  5107 ``authentic mode''. This means that associated mixfix annotations
  5108 really stick to such constants, independently of potential name space
  5109 ambiguities introduced later on. INCOMPATIBILITY: constants in parse
  5110 trees are represented slightly differently, may need to adapt syntax
  5111 translations accordingly. Use CONST marker in 'translations' and
  5112 @{const_syntax} antiquotation in 'parse_translation' etc.
  5113 
  5114 * Legacy goal package: reduced interface to the bare minimum required
  5115 to keep existing proof scripts running.  Most other user-level
  5116 functions are now part of the OldGoals structure, which is *not* open
  5117 by default (consider isatool expandshort before open OldGoals).
  5118 Removed top_sg, prin, printyp, pprint_term/typ altogether, because
  5119 these tend to cause confusion about the actual goal (!) context being
  5120 used here, which is not necessarily the same as the_context().
  5121 
  5122 * Command 'find_theorems': supports "*" wild-card in "name:"
  5123 criterion; "with_dups" option.  Certain ProofGeneral versions might
  5124 support a specific search form (see ProofGeneral/CHANGES).
  5125 
  5126 * The ``prems limit'' option (cf. ProofContext.prems_limit) is now -1
  5127 by default, which means that "prems" (and also "fixed variables") are
  5128 suppressed from proof state output.  Note that the ProofGeneral
  5129 settings mechanism allows to change and save options persistently, but
  5130 older versions of Isabelle will fail to start up if a negative prems
  5131 limit is imposed.
  5132 
  5133 * Local theory targets may be specified by non-nested blocks of
  5134 ``context/locale/class ... begin'' followed by ``end''.  The body may
  5135 contain definitions, theorems etc., including any derived mechanism
  5136 that has been implemented on top of these primitives.  This concept
  5137 generalizes the existing ``theorem (in ...)'' towards more versatility
  5138 and scalability.
  5139 
  5140 * Proof General interface: proper undo of final 'end' command;
  5141 discontinued Isabelle/classic mode (ML proof scripts).
  5142 
  5143 
  5144 *** Document preparation ***
  5145 
  5146 * Added antiquotation @{theory name} which prints the given name,
  5147 after checking that it refers to a valid ancestor theory in the
  5148 current context.
  5149 
  5150 * Added antiquotations @{ML_type text} and @{ML_struct text} which
  5151 check the given source text as ML type/structure, printing verbatim.
  5152 
  5153 * Added antiquotation @{abbrev "c args"} which prints the abbreviation
  5154 "c args == rhs" given in the current context.  (Any number of
  5155 arguments may be given on the LHS.)
  5156 
  5157 
  5158 *** Pure ***
  5159 
  5160 * The 'class' package offers a combination of axclass and locale to
  5161 achieve Haskell-like type classes in Isabelle.  Definitions and
  5162 theorems within a class context produce both relative results (with
  5163 implicit parameters according to the locale context), and polymorphic
  5164 constants with qualified polymorphism (according to the class
  5165 context).  Within the body context of a 'class' target, a separate
  5166 syntax layer ("user space type system") takes care of converting
  5167 between global polymorphic consts and internal locale representation.
  5168 See src/HOL/ex/Classpackage.thy for examples (as well as main HOL).
  5169 "isatool doc classes" provides a tutorial.
  5170 
  5171 * Generic code generator framework allows to generate executable
  5172 code for ML and Haskell (including Isabelle classes).  A short usage
  5173 sketch:
  5174 
  5175     internal compilation:
  5176         export_code <list of constants (term syntax)> in SML
  5177     writing SML code to a file:
  5178         export_code <list of constants (term syntax)> in SML <filename>
  5179     writing OCaml code to a file:
  5180         export_code <list of constants (term syntax)> in OCaml <filename>
  5181     writing Haskell code to a bunch of files:
  5182         export_code <list of constants (term syntax)> in Haskell <filename>
  5183 
  5184     evaluating closed propositions to True/False using code generation:
  5185         method ``eval''
  5186 
  5187 Reasonable default setup of framework in HOL.
  5188 
  5189 Theorem attributs for selecting and transforming function equations theorems:
  5190 
  5191     [code fun]:        select a theorem as function equation for a specific constant
  5192     [code fun del]:    deselect a theorem as function equation for a specific constant
  5193     [code inline]:     select an equation theorem for unfolding (inlining) in place
  5194     [code inline del]: deselect an equation theorem for unfolding (inlining) in place
  5195 
  5196 User-defined serializations (target in {SML, OCaml, Haskell}):
  5197 
  5198     code_const <and-list of constants (term syntax)>
  5199       {(target) <and-list of const target syntax>}+
  5200 
  5201     code_type <and-list of type constructors>
  5202       {(target) <and-list of type target syntax>}+
  5203 
  5204     code_instance <and-list of instances>
  5205       {(target)}+
  5206         where instance ::= <type constructor> :: <class>
  5207 
  5208     code_class <and_list of classes>
  5209       {(target) <and-list of class target syntax>}+
  5210         where class target syntax ::= <class name> {where {<classop> == <target syntax>}+}?
  5211 
  5212 code_instance and code_class only are effective to target Haskell.
  5213 
  5214 For example usage see src/HOL/ex/Codegenerator.thy and
  5215 src/HOL/ex/Codegenerator_Pretty.thy.  A separate tutorial on code
  5216 generation from Isabelle/HOL theories is available via "isatool doc
  5217 codegen".
  5218 
  5219 * Code generator: consts in 'consts_code' Isar commands are now
  5220 referred to by usual term syntax (including optional type
  5221 annotations).
  5222 
  5223 * Command 'no_translations' removes translation rules from theory
  5224 syntax.
  5225 
  5226 * Overloaded definitions are now actually checked for acyclic
  5227 dependencies.  The overloading scheme is slightly more general than
  5228 that of Haskell98, although Isabelle does not demand an exact
  5229 correspondence to type class and instance declarations.
  5230 INCOMPATIBILITY, use ``defs (unchecked overloaded)'' to admit more
  5231 exotic versions of overloading -- at the discretion of the user!
  5232 
  5233 Polymorphic constants are represented via type arguments, i.e. the
  5234 instantiation that matches an instance against the most general
  5235 declaration given in the signature.  For example, with the declaration
  5236 c :: 'a => 'a => 'a, an instance c :: nat => nat => nat is represented
  5237 as c(nat).  Overloading is essentially simultaneous structural
  5238 recursion over such type arguments.  Incomplete specification patterns
  5239 impose global constraints on all occurrences, e.g. c('a * 'a) on the
  5240 LHS means that more general c('a * 'b) will be disallowed on any RHS.
  5241 Command 'print_theory' outputs the normalized system of recursive
  5242 equations, see section "definitions".
  5243 
  5244 * Configuration options are maintained within the theory or proof
  5245 context (with name and type bool/int/string), providing a very simple
  5246 interface to a poor-man's version of general context data.  Tools may
  5247 declare options in ML (e.g. using Attrib.config_int) and then refer to
  5248 these values using Config.get etc.  Users may change options via an
  5249 associated attribute of the same name.  This form of context
  5250 declaration works particularly well with commands 'declare' or
  5251 'using', for example ``declare [[foo = 42]]''.  Thus it has become
  5252 very easy to avoid global references, which would not observe Isar
  5253 toplevel undo/redo and fail to work with multithreading.
  5254 
  5255 Various global ML references of Pure and HOL have been turned into
  5256 configuration options:
  5257 
  5258   Unify.search_bound		unify_search_bound
  5259   Unify.trace_bound		unify_trace_bound
  5260   Unify.trace_simp		unify_trace_simp
  5261   Unify.trace_types		unify_trace_types
  5262   Simplifier.simp_depth_limit	simp_depth_limit
  5263   Blast.depth_limit		blast_depth_limit
  5264   DatatypeProp.dtK		datatype_distinctness_limit
  5265   fast_arith_neq_limit  	fast_arith_neq_limit
  5266   fast_arith_split_limit	fast_arith_split_limit
  5267 
  5268 * Named collections of theorems may be easily installed as context
  5269 data using the functor NamedThmsFun (see also
  5270 src/Pure/Tools/named_thms.ML).  The user may add or delete facts via
  5271 attributes; there is also a toplevel print command.  This facility is
  5272 just a common case of general context data, which is the preferred way
  5273 for anything more complex than just a list of facts in canonical
  5274 order.
  5275 
  5276 * Isar: command 'declaration' augments a local theory by generic
  5277 declaration functions written in ML.  This enables arbitrary content
  5278 being added to the context, depending on a morphism that tells the
  5279 difference of the original declaration context wrt. the application
  5280 context encountered later on.
  5281 
  5282 * Isar: proper interfaces for simplification procedures.  Command
  5283 'simproc_setup' declares named simprocs (with match patterns, and body
  5284 text in ML).  Attribute "simproc" adds/deletes simprocs in the current
  5285 context.  ML antiquotation @{simproc name} retrieves named simprocs.
  5286 
  5287 * Isar: an extra pair of brackets around attribute declarations
  5288 abbreviates a theorem reference involving an internal dummy fact,
  5289 which will be ignored later --- only the effect of the attribute on
  5290 the background context will persist.  This form of in-place
  5291 declarations is particularly useful with commands like 'declare' and
  5292 'using', for example ``have A using [[simproc a]] by simp''.
  5293 
  5294 * Isar: method "assumption" (and implicit closing of subproofs) now
  5295 takes simple non-atomic goal assumptions into account: after applying
  5296 an assumption as a rule the resulting subgoals are solved by atomic
  5297 assumption steps.  This is particularly useful to finish 'obtain'
  5298 goals, such as "!!x. (!!x. P x ==> thesis) ==> P x ==> thesis",
  5299 without referring to the original premise "!!x. P x ==> thesis" in the
  5300 Isar proof context.  POTENTIAL INCOMPATIBILITY: method "assumption" is
  5301 more permissive.
  5302 
  5303 * Isar: implicit use of prems from the Isar proof context is
  5304 considered a legacy feature.  Common applications like ``have A .''
  5305 may be replaced by ``have A by fact'' or ``note `A`''.  In general,
  5306 referencing facts explicitly here improves readability and
  5307 maintainability of proof texts.
  5308 
  5309 * Isar: improper proof element 'guess' is like 'obtain', but derives
  5310 the obtained context from the course of reasoning!  For example:
  5311 
  5312   assume "EX x y. A x & B y"   -- "any previous fact"
  5313   then guess x and y by clarify
  5314 
  5315 This technique is potentially adventurous, depending on the facts and
  5316 proof tools being involved here.
  5317 
  5318 * Isar: known facts from the proof context may be specified as literal
  5319 propositions, using ASCII back-quote syntax.  This works wherever
  5320 named facts used to be allowed so far, in proof commands, proof
  5321 methods, attributes etc.  Literal facts are retrieved from the context
  5322 according to unification of type and term parameters.  For example,
  5323 provided that "A" and "A ==> B" and "!!x. P x ==> Q x" are known
  5324 theorems in the current context, then these are valid literal facts:
  5325 `A` and `A ==> B` and `!!x. P x ==> Q x" as well as `P a ==> Q a` etc.
  5326 
  5327 There is also a proof method "fact" which does the same composition
  5328 for explicit goal states, e.g. the following proof texts coincide with
  5329 certain special cases of literal facts:
  5330 
  5331   have "A" by fact                 ==  note `A`
  5332   have "A ==> B" by fact           ==  note `A ==> B`
  5333   have "!!x. P x ==> Q x" by fact  ==  note `!!x. P x ==> Q x`
  5334   have "P a ==> Q a" by fact       ==  note `P a ==> Q a`
  5335 
  5336 * Isar: ":" (colon) is no longer a symbolic identifier character in
  5337 outer syntax.  Thus symbolic identifiers may be used without
  5338 additional white space in declarations like this: ``assume *: A''.
  5339 
  5340 * Isar: 'print_facts' prints all local facts of the current context,
  5341 both named and unnamed ones.
  5342 
  5343 * Isar: 'def' now admits simultaneous definitions, e.g.:
  5344 
  5345   def x == "t" and y == "u"
  5346 
  5347 * Isar: added command 'unfolding', which is structurally similar to
  5348 'using', but affects both the goal state and facts by unfolding given
  5349 rewrite rules.  Thus many occurrences of the 'unfold' method or
  5350 'unfolded' attribute may be replaced by first-class proof text.
  5351 
  5352 * Isar: methods 'unfold' / 'fold', attributes 'unfolded' / 'folded',
  5353 and command 'unfolding' now all support object-level equalities
  5354 (potentially conditional).  The underlying notion of rewrite rule is
  5355 analogous to the 'rule_format' attribute, but *not* that of the
  5356 Simplifier (which is usually more generous).
  5357 
  5358 * Isar: the new attribute [rotated n] (default n = 1) rotates the
  5359 premises of a theorem by n. Useful in conjunction with drule.
  5360 
  5361 * Isar: the goal restriction operator [N] (default N = 1) evaluates a
  5362 method expression within a sandbox consisting of the first N
  5363 sub-goals, which need to exist.  For example, ``simp_all [3]''
  5364 simplifies the first three sub-goals, while (rule foo, simp_all)[]
  5365 simplifies all new goals that emerge from applying rule foo to the
  5366 originally first one.
  5367 
  5368 * Isar: schematic goals are no longer restricted to higher-order
  5369 patterns; e.g. ``lemma "?P(?x)" by (rule TrueI)'' now works as
  5370 expected.
  5371 
  5372 * Isar: the conclusion of a long theorem statement is now either
  5373 'shows' (a simultaneous conjunction, as before), or 'obtains'
  5374 (essentially a disjunction of cases with local parameters and
  5375 assumptions).  The latter allows to express general elimination rules
  5376 adequately; in this notation common elimination rules look like this:
  5377 
  5378   lemma exE:    -- "EX x. P x ==> (!!x. P x ==> thesis) ==> thesis"
  5379     assumes "EX x. P x"
  5380     obtains x where "P x"
  5381 
  5382   lemma conjE:  -- "A & B ==> (A ==> B ==> thesis) ==> thesis"
  5383     assumes "A & B"
  5384     obtains A and B
  5385 
  5386   lemma disjE:  -- "A | B ==> (A ==> thesis) ==> (B ==> thesis) ==> thesis"
  5387     assumes "A | B"
  5388     obtains
  5389       A
  5390     | B
  5391 
  5392 The subsequent classical rules even refer to the formal "thesis"
  5393 explicitly:
  5394 
  5395   lemma classical:     -- "(~ thesis ==> thesis) ==> thesis"
  5396     obtains "~ thesis"
  5397 
  5398   lemma Peirce's_Law:  -- "((thesis ==> something) ==> thesis) ==> thesis"
  5399     obtains "thesis ==> something"
  5400 
  5401 The actual proof of an 'obtains' statement is analogous to that of the
  5402 Isar proof element 'obtain', only that there may be several cases.
  5403 Optional case names may be specified in parentheses; these will be
  5404 available both in the present proof and as annotations in the
  5405 resulting rule, for later use with the 'cases' method (cf. attribute
  5406 case_names).
  5407 
  5408 * Isar: the assumptions of a long theorem statement are available as
  5409 "assms" fact in the proof context.  This is more appropriate than the
  5410 (historical) "prems", which refers to all assumptions of the current
  5411 context, including those from the target locale, proof body etc.
  5412 
  5413 * Isar: 'print_statement' prints theorems from the current theory or
  5414 proof context in long statement form, according to the syntax of a
  5415 top-level lemma.
  5416 
  5417 * Isar: 'obtain' takes an optional case name for the local context
  5418 introduction rule (default "that").
  5419 
  5420 * Isar: removed obsolete 'concl is' patterns.  INCOMPATIBILITY, use
  5421 explicit (is "_ ==> ?foo") in the rare cases where this still happens
  5422 to occur.
  5423 
  5424 * Pure: syntax "CONST name" produces a fully internalized constant
  5425 according to the current context.  This is particularly useful for
  5426 syntax translations that should refer to internal constant
  5427 representations independently of name spaces.
  5428 
  5429 * Pure: syntax constant for foo (binder "FOO ") is called "foo_binder"
  5430 instead of "FOO ". This allows multiple binder declarations to coexist
  5431 in the same context.  INCOMPATIBILITY.
  5432 
  5433 * Isar/locales: 'notation' provides a robust interface to the 'syntax'
  5434 primitive that also works in a locale context (both for constants and
  5435 fixed variables). Type declaration and internal syntactic representation
  5436 of given constants retrieved from the context. Likewise, the
  5437 'no_notation' command allows to remove given syntax annotations from the
  5438 current context.
  5439 
  5440 * Isar/locales: new derived specification elements 'axiomatization',
  5441 'definition', 'abbreviation', which support type-inference, admit
  5442 object-level specifications (equality, equivalence).  See also the
  5443 isar-ref manual.  Examples:
  5444 
  5445   axiomatization
  5446     eq  (infix "===" 50) where
  5447     eq_refl: "x === x" and eq_subst: "x === y ==> P x ==> P y"
  5448 
  5449   definition "f x y = x + y + 1"
  5450   definition g where "g x = f x x"
  5451 
  5452   abbreviation
  5453     neq  (infix "=!=" 50) where
  5454     "x =!= y == ~ (x === y)"
  5455 
  5456 These specifications may be also used in a locale context.  Then the
  5457 constants being introduced depend on certain fixed parameters, and the
  5458 constant name is qualified by the locale base name.  An internal
  5459 abbreviation takes care for convenient input and output, making the
  5460 parameters implicit and using the original short name.  See also
  5461 src/HOL/ex/Abstract_NAT.thy for an example of deriving polymorphic
  5462 entities from a monomorphic theory.
  5463 
  5464 Presently, abbreviations are only available 'in' a target locale, but
  5465 not inherited by general import expressions.  Also note that
  5466 'abbreviation' may be used as a type-safe replacement for 'syntax' +
  5467 'translations' in common applications.  The "no_abbrevs" print mode
  5468 prevents folding of abbreviations in term output.
  5469 
  5470 Concrete syntax is attached to specified constants in internal form,
  5471 independently of name spaces.  The parse tree representation is
  5472 slightly different -- use 'notation' instead of raw 'syntax', and
  5473 'translations' with explicit "CONST" markup to accommodate this.
  5474 
  5475 * Pure/Isar: unified syntax for new-style specification mechanisms
  5476 (e.g.  'definition', 'abbreviation', or 'inductive' in HOL) admits
  5477 full type inference and dummy patterns ("_").  For example:
  5478 
  5479   definition "K x _ = x"
  5480 
  5481   inductive conj for A B
  5482   where "A ==> B ==> conj A B"
  5483 
  5484 * Pure: command 'print_abbrevs' prints all constant abbreviations of
  5485 the current context.  Print mode "no_abbrevs" prevents inversion of
  5486 abbreviations on output.
  5487 
  5488 * Isar/locales: improved parameter handling: use of locales "var" and
  5489 "struct" no longer necessary; - parameter renamings are no longer
  5490 required to be injective.  For example, this allows to define
  5491 endomorphisms as locale endom = homom mult mult h.
  5492 
  5493 * Isar/locales: changed the way locales with predicates are defined.
  5494 Instead of accumulating the specification, the imported expression is
  5495 now an interpretation.  INCOMPATIBILITY: different normal form of
  5496 locale expressions.  In particular, in interpretations of locales with
  5497 predicates, goals repesenting already interpreted fragments are not
  5498 removed automatically.  Use methods `intro_locales' and
  5499 `unfold_locales'; see below.
  5500 
  5501 * Isar/locales: new methods `intro_locales' and `unfold_locales'
  5502 provide backward reasoning on locales predicates.  The methods are
  5503 aware of interpretations and discharge corresponding goals.
  5504 `intro_locales' is less aggressive then `unfold_locales' and does not
  5505 unfold predicates to assumptions.
  5506 
  5507 * Isar/locales: the order in which locale fragments are accumulated
  5508 has changed.  This enables to override declarations from fragments due
  5509 to interpretations -- for example, unwanted simp rules.
  5510 
  5511 * Isar/locales: interpretation in theories and proof contexts has been
  5512 extended.  One may now specify (and prove) equations, which are
  5513 unfolded in interpreted theorems.  This is useful for replacing
  5514 defined concepts (constants depending on locale parameters) by
  5515 concepts already existing in the target context.  Example:
  5516 
  5517   interpretation partial_order ["op <= :: [int, int] => bool"]
  5518     where "partial_order.less (op <=) (x::int) y = (x < y)"
  5519 
  5520 Typically, the constant `partial_order.less' is created by a
  5521 definition specification element in the context of locale
  5522 partial_order.
  5523 
  5524 * Method "induct": improved internal context management to support
  5525 local fixes and defines on-the-fly. Thus explicit meta-level
  5526 connectives !!  and ==> are rarely required anymore in inductive goals
  5527 (using object-logic connectives for this purpose has been long
  5528 obsolete anyway). Common proof patterns are explained in
  5529 src/HOL/Induct/Common_Patterns.thy, see also
  5530 src/HOL/Isar_examples/Puzzle.thy and src/HOL/Lambda for realistic
  5531 examples.
  5532 
  5533 * Method "induct": improved handling of simultaneous goals. Instead of
  5534 introducing object-level conjunction, the statement is now split into
  5535 several conclusions, while the corresponding symbolic cases are nested
  5536 accordingly. INCOMPATIBILITY, proofs need to be structured explicitly,
  5537 see src/HOL/Induct/Common_Patterns.thy, for example.
  5538 
  5539 * Method "induct": mutual induction rules are now specified as a list
  5540 of rule sharing the same induction cases. HOL packages usually provide
  5541 foo_bar.inducts for mutually defined items foo and bar (e.g. inductive
  5542 predicates/sets or datatypes). INCOMPATIBILITY, users need to specify
  5543 mutual induction rules differently, i.e. like this:
  5544 
  5545   (induct rule: foo_bar.inducts)
  5546   (induct set: foo bar)
  5547   (induct pred: foo bar)
  5548   (induct type: foo bar)
  5549 
  5550 The ML function ProjectRule.projections turns old-style rules into the
  5551 new format.
  5552 
  5553 * Method "coinduct": dual of induction, see
  5554 src/HOL/Library/Coinductive_List.thy for various examples.
  5555 
  5556 * Method "cases", "induct", "coinduct": the ``(open)'' option is
  5557 considered a legacy feature.
  5558 
  5559 * Attribute "symmetric" produces result with standardized schematic
  5560 variables (index 0).  Potential INCOMPATIBILITY.
  5561 
  5562 * Simplifier: by default the simplifier trace only shows top level
  5563 rewrites now. That is, trace_simp_depth_limit is set to 1 by
  5564 default. Thus there is less danger of being flooded by the trace. The
  5565 trace indicates where parts have been suppressed.
  5566 
  5567 * Provers/classical: removed obsolete classical version of elim_format
  5568 attribute; classical elim/dest rules are now treated uniformly when
  5569 manipulating the claset.
  5570 
  5571 * Provers/classical: stricter checks to ensure that supplied intro,
  5572 dest and elim rules are well-formed; dest and elim rules must have at
  5573 least one premise.
  5574 
  5575 * Provers/classical: attributes dest/elim/intro take an optional
  5576 weight argument for the rule (just as the Pure versions).  Weights are
  5577 ignored by automated tools, but determine the search order of single
  5578 rule steps.
  5579 
  5580 * Syntax: input syntax now supports dummy variable binding "%_. b",
  5581 where the body does not mention the bound variable.  Note that dummy
  5582 patterns implicitly depend on their context of bounds, which makes
  5583 "{_. _}" match any set comprehension as expected.  Potential
  5584 INCOMPATIBILITY -- parse translations need to cope with syntactic
  5585 constant "_idtdummy" in the binding position.
  5586 
  5587 * Syntax: removed obsolete syntactic constant "_K" and its associated
  5588 parse translation.  INCOMPATIBILITY -- use dummy abstraction instead,
  5589 for example "A -> B" => "Pi A (%_. B)".
  5590 
  5591 * Pure: 'class_deps' command visualizes the subclass relation, using
  5592 the graph browser tool.
  5593 
  5594 * Pure: 'print_theory' now suppresses certain internal declarations by
  5595 default; use '!' option for full details.
  5596 
  5597 
  5598 *** HOL ***
  5599 
  5600 * Method "metis" proves goals by applying the Metis general-purpose
  5601 resolution prover (see also http://gilith.com/software/metis/).
  5602 Examples are in the directory MetisExamples.  WARNING: the
  5603 Isabelle/HOL-Metis integration does not yet work properly with
  5604 multi-threading.
  5605 
  5606 * Command 'sledgehammer' invokes external automatic theorem provers as
  5607 background processes.  It generates calls to the "metis" method if
  5608 successful. These can be pasted into the proof.  Users do not have to
  5609 wait for the automatic provers to return.  WARNING: does not really
  5610 work with multi-threading.
  5611 
  5612 * New "auto_quickcheck" feature tests outermost goal statements for
  5613 potential counter-examples.  Controlled by ML references
  5614 auto_quickcheck (default true) and auto_quickcheck_time_limit (default
  5615 5000 milliseconds).  Fails silently if statements is outside of
  5616 executable fragment, or any other codgenerator problem occurs.
  5617 
  5618 * New constant "undefined" with axiom "undefined x = undefined".
  5619 
  5620 * Added class "HOL.eq", allowing for code generation with polymorphic
  5621 equality.
  5622 
  5623 * Some renaming of class constants due to canonical name prefixing in
  5624 the new 'class' package:
  5625 
  5626     HOL.abs ~> HOL.abs_class.abs
  5627     HOL.divide ~> HOL.divide_class.divide
  5628     0 ~> HOL.zero_class.zero
  5629     1 ~> HOL.one_class.one
  5630     op + ~> HOL.plus_class.plus
  5631     op - ~> HOL.minus_class.minus
  5632     uminus ~> HOL.minus_class.uminus
  5633     op * ~> HOL.times_class.times
  5634     op < ~> HOL.ord_class.less
  5635     op <= > HOL.ord_class.less_eq
  5636     Nat.power ~> Power.power_class.power
  5637     Nat.size ~> Nat.size_class.size
  5638     Numeral.number_of ~> Numeral.number_class.number_of
  5639     FixedPoint.Inf ~> Lattices.complete_lattice_class.Inf
  5640     FixedPoint.Sup ~> Lattices.complete_lattice_class.Sup
  5641     Orderings.min ~> Orderings.ord_class.min
  5642     Orderings.max ~> Orderings.ord_class.max
  5643     Divides.op div ~> Divides.div_class.div
  5644     Divides.op mod ~> Divides.div_class.mod
  5645     Divides.op dvd ~> Divides.div_class.dvd
  5646 
  5647 INCOMPATIBILITY.  Adaptions may be required in the following cases:
  5648 
  5649 a) User-defined constants using any of the names "plus", "minus",
  5650 "times", "less" or "less_eq". The standard syntax translations for
  5651 "+", "-" and "*" may go wrong.  INCOMPATIBILITY: use more specific
  5652 names.
  5653 
  5654 b) Variables named "plus", "minus", "times", "less", "less_eq"
  5655 INCOMPATIBILITY: use more specific names.
  5656 
  5657 c) Permutative equations (e.g. "a + b = b + a")
  5658 Since the change of names also changes the order of terms, permutative
  5659 rewrite rules may get applied in a different order. Experience shows
  5660 that this is rarely the case (only two adaptions in the whole Isabelle
  5661 distribution).  INCOMPATIBILITY: rewrite proofs
  5662 
  5663 d) ML code directly refering to constant names
  5664 This in general only affects hand-written proof tactics, simprocs and
  5665 so on.  INCOMPATIBILITY: grep your sourcecode and replace names.
  5666 Consider using @{const_name} antiquotation.
  5667 
  5668 * New class "default" with associated constant "default".
  5669 
  5670 * Function "sgn" is now overloaded and available on int, real, complex
  5671 (and other numeric types), using class "sgn".  Two possible defs of
  5672 sgn are given as equational assumptions in the classes sgn_if and
  5673 sgn_div_norm; ordered_idom now also inherits from sgn_if.
  5674 INCOMPATIBILITY.
  5675 
  5676 * Locale "partial_order" now unified with class "order" (cf. theory
  5677 Orderings), added parameter "less".  INCOMPATIBILITY.
  5678 
  5679 * Renamings in classes "order" and "linorder": facts "refl", "trans" and
  5680 "cases" to "order_refl", "order_trans" and "linorder_cases", to avoid
  5681 clashes with HOL "refl" and "trans".  INCOMPATIBILITY.
  5682 
  5683 * Classes "order" and "linorder": potential INCOMPATIBILITY due to
  5684 changed order of proof goals in instance proofs.
  5685 
  5686 * The transitivity reasoner for partial and linear orders is set up
  5687 for classes "order" and "linorder".  Instances of the reasoner are available
  5688 in all contexts importing or interpreting the corresponding locales.
  5689 Method "order" invokes the reasoner separately; the reasoner
  5690 is also integrated with the Simplifier as a solver.  Diagnostic
  5691 command 'print_orders' shows the available instances of the reasoner
  5692 in the current context.
  5693 
  5694 * Localized monotonicity predicate in theory "Orderings"; integrated
  5695 lemmas max_of_mono and min_of_mono with this predicate.
  5696 INCOMPATIBILITY.
  5697 
  5698 * Formulation of theorem "dense" changed slightly due to integration
  5699 with new class dense_linear_order.
  5700 
  5701 * Uniform lattice theory development in HOL.
  5702 
  5703     constants "meet" and "join" now named "inf" and "sup"
  5704     constant "Meet" now named "Inf"
  5705 
  5706     classes "meet_semilorder" and "join_semilorder" now named
  5707       "lower_semilattice" and "upper_semilattice"
  5708     class "lorder" now named "lattice"
  5709     class "comp_lat" now named "complete_lattice"
  5710 
  5711     Instantiation of lattice classes allows explicit definitions
  5712     for "inf" and "sup" operations (or "Inf" and "Sup" for complete lattices).
  5713 
  5714   INCOMPATIBILITY.  Theorem renames:
  5715 
  5716     meet_left_le            ~> inf_le1
  5717     meet_right_le           ~> inf_le2
  5718     join_left_le            ~> sup_ge1
  5719     join_right_le           ~> sup_ge2
  5720     meet_join_le            ~> inf_sup_ord
  5721     le_meetI                ~> le_infI
  5722     join_leI                ~> le_supI
  5723     le_meet                 ~> le_inf_iff
  5724     le_join                 ~> ge_sup_conv
  5725     meet_idempotent         ~> inf_idem
  5726     join_idempotent         ~> sup_idem
  5727     meet_comm               ~> inf_commute
  5728     join_comm               ~> sup_commute
  5729     meet_leI1               ~> le_infI1
  5730     meet_leI2               ~> le_infI2
  5731     le_joinI1               ~> le_supI1
  5732     le_joinI2               ~> le_supI2
  5733     meet_assoc              ~> inf_assoc
  5734     join_assoc              ~> sup_assoc
  5735     meet_left_comm          ~> inf_left_commute
  5736     meet_left_idempotent    ~> inf_left_idem
  5737     join_left_comm          ~> sup_left_commute
  5738     join_left_idempotent    ~> sup_left_idem
  5739     meet_aci                ~> inf_aci
  5740     join_aci                ~> sup_aci
  5741     le_def_meet             ~> le_iff_inf
  5742     le_def_join             ~> le_iff_sup
  5743     join_absorp2            ~> sup_absorb2
  5744     join_absorp1            ~> sup_absorb1
  5745     meet_absorp1            ~> inf_absorb1
  5746     meet_absorp2            ~> inf_absorb2
  5747     meet_join_absorp        ~> inf_sup_absorb
  5748     join_meet_absorp        ~> sup_inf_absorb
  5749     distrib_join_le         ~> distrib_sup_le
  5750     distrib_meet_le         ~> distrib_inf_le
  5751 
  5752     add_meet_distrib_left   ~> add_inf_distrib_left
  5753     add_join_distrib_left   ~> add_sup_distrib_left
  5754     is_join_neg_meet        ~> is_join_neg_inf
  5755     is_meet_neg_join        ~> is_meet_neg_sup
  5756     add_meet_distrib_right  ~> add_inf_distrib_right
  5757     add_join_distrib_right  ~> add_sup_distrib_right
  5758     add_meet_join_distribs  ~> add_sup_inf_distribs
  5759     join_eq_neg_meet        ~> sup_eq_neg_inf
  5760     meet_eq_neg_join        ~> inf_eq_neg_sup
  5761     add_eq_meet_join        ~> add_eq_inf_sup
  5762     meet_0_imp_0            ~> inf_0_imp_0
  5763     join_0_imp_0            ~> sup_0_imp_0
  5764     meet_0_eq_0             ~> inf_0_eq_0
  5765     join_0_eq_0             ~> sup_0_eq_0
  5766     neg_meet_eq_join        ~> neg_inf_eq_sup
  5767     neg_join_eq_meet        ~> neg_sup_eq_inf
  5768     join_eq_if              ~> sup_eq_if
  5769 
  5770     mono_meet               ~> mono_inf
  5771     mono_join               ~> mono_sup
  5772     meet_bool_eq            ~> inf_bool_eq
  5773     join_bool_eq            ~> sup_bool_eq
  5774     meet_fun_eq             ~> inf_fun_eq
  5775     join_fun_eq             ~> sup_fun_eq
  5776     meet_set_eq             ~> inf_set_eq
  5777     join_set_eq             ~> sup_set_eq
  5778     meet1_iff               ~> inf1_iff
  5779     meet2_iff               ~> inf2_iff
  5780     meet1I                  ~> inf1I
  5781     meet2I                  ~> inf2I
  5782     meet1D1                 ~> inf1D1
  5783     meet2D1                 ~> inf2D1
  5784     meet1D2                 ~> inf1D2
  5785     meet2D2                 ~> inf2D2
  5786     meet1E                  ~> inf1E
  5787     meet2E                  ~> inf2E
  5788     join1_iff               ~> sup1_iff
  5789     join2_iff               ~> sup2_iff
  5790     join1I1                 ~> sup1I1
  5791     join2I1                 ~> sup2I1
  5792     join1I1                 ~> sup1I1
  5793     join2I2                 ~> sup1I2
  5794     join1CI                 ~> sup1CI
  5795     join2CI                 ~> sup2CI
  5796     join1E                  ~> sup1E
  5797     join2E                  ~> sup2E
  5798 
  5799     is_meet_Meet            ~> is_meet_Inf
  5800     Meet_bool_def           ~> Inf_bool_def
  5801     Meet_fun_def            ~> Inf_fun_def
  5802     Meet_greatest           ~> Inf_greatest
  5803     Meet_lower              ~> Inf_lower
  5804     Meet_set_def            ~> Inf_set_def
  5805 
  5806     Sup_def                 ~> Sup_Inf
  5807     Sup_bool_eq             ~> Sup_bool_def
  5808     Sup_fun_eq              ~> Sup_fun_def
  5809     Sup_set_eq              ~> Sup_set_def
  5810 
  5811     listsp_meetI            ~> listsp_infI
  5812     listsp_meet_eq          ~> listsp_inf_eq
  5813 
  5814     meet_min                ~> inf_min
  5815     join_max                ~> sup_max
  5816 
  5817 * Added syntactic class "size"; overloaded constant "size" now has
  5818 type "'a::size ==> bool"
  5819 
  5820 * Internal reorganisation of `size' of datatypes: size theorems
  5821 "foo.size" are no longer subsumed by "foo.simps" (but are still
  5822 simplification rules by default!); theorems "prod.size" now named
  5823 "*.size".
  5824 
  5825 * Class "div" now inherits from class "times" rather than "type".
  5826 INCOMPATIBILITY.
  5827 
  5828 * HOL/Finite_Set: "name-space" locales Lattice, Distrib_lattice,
  5829 Linorder etc.  have disappeared; operations defined in terms of
  5830 fold_set now are named Inf_fin, Sup_fin.  INCOMPATIBILITY.
  5831 
  5832 * HOL/Nat: neq0_conv no longer declared as iff.  INCOMPATIBILITY.
  5833 
  5834 * HOL-Word: New extensive library and type for generic, fixed size
  5835 machine words, with arithmetic, bit-wise, shifting and rotating
  5836 operations, reflection into int, nat, and bool lists, automation for
  5837 linear arithmetic (by automatic reflection into nat or int), including
  5838 lemmas on overflow and monotonicity.  Instantiated to all appropriate
  5839 arithmetic type classes, supporting automatic simplification of
  5840 numerals on all operations.
  5841 
  5842 * Library/Boolean_Algebra: locales for abstract boolean algebras.
  5843 
  5844 * Library/Numeral_Type: numbers as types, e.g. TYPE(32).
  5845 
  5846 * Code generator library theories:
  5847   - Code_Integer represents HOL integers by big integer literals in target
  5848     languages.
  5849   - Code_Char represents HOL characters by character literals in target
  5850     languages.
  5851   - Code_Char_chr like Code_Char, but also offers treatment of character
  5852     codes; includes Code_Integer.
  5853   - Executable_Set allows to generate code for finite sets using lists.
  5854   - Executable_Rat implements rational numbers as triples (sign, enumerator,
  5855     denominator).
  5856   - Executable_Real implements a subset of real numbers, namly those
  5857     representable by rational numbers.
  5858   - Efficient_Nat implements natural numbers by integers, which in general will
  5859     result in higher efficency; pattern matching with 0/Suc is eliminated;
  5860     includes Code_Integer.
  5861   - Code_Index provides an additional datatype index which is mapped to
  5862     target-language built-in integers.
  5863   - Code_Message provides an additional datatype message_string which is isomorphic to
  5864     strings; messages are mapped to target-language strings.
  5865 
  5866 * New package for inductive predicates
  5867 
  5868   An n-ary predicate p with m parameters z_1, ..., z_m can now be defined via
  5869 
  5870     inductive
  5871       p :: "U_1 => ... => U_m => T_1 => ... => T_n => bool"
  5872       for z_1 :: U_1 and ... and z_n :: U_m
  5873     where
  5874       rule_1: "... ==> p z_1 ... z_m t_1_1 ... t_1_n"
  5875     | ...
  5876 
  5877   with full support for type-inference, rather than
  5878 
  5879     consts s :: "U_1 => ... => U_m => (T_1 * ... * T_n) set"
  5880 
  5881     abbreviation p :: "U_1 => ... => U_m => T_1 => ... => T_n => bool"
  5882     where "p z_1 ... z_m x_1 ... x_n == (x_1, ..., x_n) : s z_1 ... z_m"
  5883 
  5884     inductive "s z_1 ... z_m"
  5885     intros
  5886       rule_1: "... ==> (t_1_1, ..., t_1_n) : s z_1 ... z_m"
  5887       ...
  5888 
  5889   For backward compatibility, there is a wrapper allowing inductive
  5890   sets to be defined with the new package via
  5891 
  5892     inductive_set
  5893       s :: "U_1 => ... => U_m => (T_1 * ... * T_n) set"
  5894       for z_1 :: U_1 and ... and z_n :: U_m
  5895     where
  5896       rule_1: "... ==> (t_1_1, ..., t_1_n) : s z_1 ... z_m"
  5897     | ...
  5898 
  5899   or
  5900 
  5901     inductive_set
  5902       s :: "U_1 => ... => U_m => (T_1 * ... * T_n) set"
  5903       and p :: "U_1 => ... => U_m => T_1 => ... => T_n => bool"
  5904       for z_1 :: U_1 and ... and z_n :: U_m
  5905     where
  5906       "p z_1 ... z_m x_1 ... x_n == (x_1, ..., x_n) : s z_1 ... z_m"
  5907     | rule_1: "... ==> p z_1 ... z_m t_1_1 ... t_1_n"
  5908     | ...
  5909 
  5910   if the additional syntax "p ..." is required.
  5911 
  5912   Numerous examples can be found in the subdirectories src/HOL/Auth,
  5913   src/HOL/Bali, src/HOL/Induct, and src/HOL/MicroJava.
  5914 
  5915   INCOMPATIBILITIES:
  5916 
  5917   - Since declaration and definition of inductive sets or predicates
  5918     is no longer separated, abbreviations involving the newly
  5919     introduced sets or predicates must be specified together with the
  5920     introduction rules after the 'where' keyword (see above), rather
  5921     than before the actual inductive definition.
  5922 
  5923   - The variables in induction and elimination rules are now
  5924     quantified in the order of their occurrence in the introduction
  5925     rules, rather than in alphabetical order. Since this may break
  5926     some proofs, these proofs either have to be repaired, e.g. by
  5927     reordering the variables a_i_1 ... a_i_{k_i} in Isar 'case'
  5928     statements of the form
  5929 
  5930       case (rule_i a_i_1 ... a_i_{k_i})
  5931 
  5932     or the old order of quantification has to be restored by explicitly adding
  5933     meta-level quantifiers in the introduction rules, i.e.
  5934 
  5935       | rule_i: "!!a_i_1 ... a_i_{k_i}. ... ==> p z_1 ... z_m t_i_1 ... t_i_n"
  5936 
  5937   - The format of the elimination rules is now
  5938 
  5939       p z_1 ... z_m x_1 ... x_n ==>
  5940         (!!a_1_1 ... a_1_{k_1}. x_1 = t_1_1 ==> ... ==> x_n = t_1_n ==> ... ==> P)
  5941         ==> ... ==> P
  5942 
  5943     for predicates and
  5944 
  5945       (x_1, ..., x_n) : s z_1 ... z_m ==>
  5946         (!!a_1_1 ... a_1_{k_1}. x_1 = t_1_1 ==> ... ==> x_n = t_1_n ==> ... ==> P)
  5947         ==> ... ==> P
  5948 
  5949     for sets rather than
  5950 
  5951       x : s z_1 ... z_m ==>
  5952         (!!a_1_1 ... a_1_{k_1}. x = (t_1_1, ..., t_1_n) ==> ... ==> P)
  5953         ==> ... ==> P
  5954 
  5955     This may require terms in goals to be expanded to n-tuples
  5956     (e.g. using case_tac or simplification with the split_paired_all
  5957     rule) before the above elimination rule is applicable.
  5958 
  5959   - The elimination or case analysis rules for (mutually) inductive
  5960     sets or predicates are now called "p_1.cases" ... "p_k.cases". The
  5961     list of rules "p_1_..._p_k.elims" is no longer available.
  5962 
  5963 * New package "function"/"fun" for general recursive functions,
  5964 supporting mutual and nested recursion, definitions in local contexts,
  5965 more general pattern matching and partiality. See HOL/ex/Fundefs.thy
  5966 for small examples, and the separate tutorial on the function
  5967 package. The old recdef "package" is still available as before, but
  5968 users are encouraged to use the new package.
  5969 
  5970 * Method "lexicographic_order" automatically synthesizes termination
  5971 relations as lexicographic combinations of size measures.
  5972 
  5973 * Case-expressions allow arbitrary constructor-patterns (including
  5974 "_") and take their order into account, like in functional
  5975 programming.  Internally, this is translated into nested
  5976 case-expressions; missing cases are added and mapped to the predefined
  5977 constant "undefined". In complicated cases printing may no longer show
  5978 the original input but the internal form. Lambda-abstractions allow
  5979 the same form of pattern matching: "% pat1 => e1 | ..." is an
  5980 abbreviation for "%x. case x of pat1 => e1 | ..." where x is a new
  5981 variable.
  5982 
  5983 * IntDef: The constant "int :: nat => int" has been removed; now "int"
  5984 is an abbreviation for "of_nat :: nat => int". The simplification
  5985 rules for "of_nat" have been changed to work like "int" did
  5986 previously.  Potential INCOMPATIBILITY:
  5987   - "of_nat (Suc m)" simplifies to "1 + of_nat m" instead of "of_nat m + 1"
  5988   - of_nat_diff and of_nat_mult are no longer default simp rules
  5989 
  5990 * Method "algebra" solves polynomial equations over (semi)rings using
  5991 Groebner bases. The (semi)ring structure is defined by locales and the
  5992 tool setup depends on that generic context. Installing the method for
  5993 a specific type involves instantiating the locale and possibly adding
  5994 declarations for computation on the coefficients.  The method is
  5995 already instantiated for natural numbers and for the axiomatic class
  5996 of idoms with numerals.  See also the paper by Chaieb and Wenzel at
  5997 CALCULEMUS 2007 for the general principles underlying this
  5998 architecture of context-aware proof-tools.
  5999 
  6000 * Method "ferrack" implements quantifier elimination over
  6001 special-purpose dense linear orders using locales (analogous to
  6002 "algebra"). The method is already installed for class
  6003 {ordered_field,recpower,number_ring} which subsumes real, hyperreal,
  6004 rat, etc.
  6005 
  6006 * Former constant "List.op @" now named "List.append".  Use ML
  6007 antiquotations @{const_name List.append} or @{term " ... @ ... "} to
  6008 circumvent possible incompatibilities when working on ML level.
  6009 
  6010 * primrec: missing cases mapped to "undefined" instead of "arbitrary".
  6011 
  6012 * New function listsum :: 'a list => 'a for arbitrary monoids.
  6013 Special syntax: "SUM x <- xs. f x" (and latex variants)
  6014 
  6015 * New syntax for Haskell-like list comprehension (input only), eg.
  6016 [(x,y). x <- xs, y <- ys, x ~= y], see also src/HOL/List.thy.
  6017 
  6018 * The special syntax for function "filter" has changed from [x :
  6019 xs. P] to [x <- xs. P] to avoid an ambiguity caused by list
  6020 comprehension syntax, and for uniformity.  INCOMPATIBILITY.
  6021 
  6022 * [a..b] is now defined for arbitrary linear orders.  It used to be
  6023 defined on nat only, as an abbreviation for [a..<Suc b]
  6024 INCOMPATIBILITY.
  6025 
  6026 * Renamed lemma "set_take_whileD"  to "set_takeWhileD".
  6027 
  6028 * New functions "sorted" and "sort" in src/HOL/List.thy.
  6029 
  6030 * New lemma collection field_simps (an extension of ring_simps) for
  6031 manipulating (in)equations involving division. Multiplies with all
  6032 denominators that can be proved to be non-zero (in equations) or
  6033 positive/negative (in inequations).
  6034 
  6035 * Lemma collections ring_eq_simps, group_eq_simps and ring_distrib
  6036 have been improved and renamed to ring_simps, group_simps and
  6037 ring_distribs.  Removed lemmas field_xyz in theory Ring_and_Field
  6038 because they were subsumed by lemmas xyz.  INCOMPATIBILITY.
  6039 
  6040 * Theory Library/Commutative_Ring: switched from recdef to function
  6041 package; constants add, mul, pow now curried.  Infix syntax for
  6042 algebraic operations.
  6043 
  6044 * Dropped redundant lemma def_imp_eq in favor of meta_eq_to_obj_eq.
  6045 INCOMPATIBILITY.
  6046 
  6047 * Dropped redundant lemma if_def2 in favor of if_bool_eq_conj.
  6048 INCOMPATIBILITY.
  6049 
  6050 * HOL/records: generalised field-update to take a function on the
  6051 field rather than the new value: r(|A := x|) is translated to A_update
  6052 (K x) r The K-combinator that is internally used is called K_record.
  6053 INCOMPATIBILITY: Usage of the plain update functions has to be
  6054 adapted.
  6055 
  6056 * Class "semiring_0" now contains annihilation axioms x * 0 = 0 and 0
  6057 * x = 0, which are required for a semiring.  Richer structures do not
  6058 inherit from semiring_0 anymore, because this property is a theorem
  6059 there, not an axiom.  INCOMPATIBILITY: In instances of semiring_0,
  6060 there is more to prove, but this is mostly trivial.
  6061 
  6062 * Class "recpower" is generalized to arbitrary monoids, not just
  6063 commutative semirings.  INCOMPATIBILITY: may need to incorporate
  6064 commutativity or semiring properties additionally.
  6065 
  6066 * Constant "List.list_all2" in List.thy now uses authentic syntax.
  6067 INCOMPATIBILITY: translations containing list_all2 may go wrong,
  6068 better use 'abbreviation'.
  6069 
  6070 * Renamed constant "List.op mem" to "List.member".  INCOMPATIBILITY.
  6071 
  6072 * Numeral syntax: type 'bin' which was a mere type copy of 'int' has
  6073 been abandoned in favour of plain 'int'.  INCOMPATIBILITY --
  6074 significant changes for setting up numeral syntax for types:
  6075   - New constants Numeral.pred and Numeral.succ instead
  6076       of former Numeral.bin_pred and Numeral.bin_succ.
  6077   - Use integer operations instead of bin_add, bin_mult and so on.
  6078   - Numeral simplification theorems named Numeral.numeral_simps instead of Bin_simps.
  6079   - ML structure Bin_Simprocs now named Int_Numeral_Base_Simprocs.
  6080 
  6081 See src/HOL/Integ/IntArith.thy for an example setup.
  6082 
  6083 * Command 'normal_form' computes the normal form of a term that may
  6084 contain free variables.  For example ``normal_form "rev [a, b, c]"''
  6085 produces ``[b, c, a]'' (without proof).  This command is suitable for
  6086 heavy-duty computations because the functions are compiled to ML
  6087 first.  Correspondingly, a method "normalization" is provided.  See
  6088 further src/HOL/ex/NormalForm.thy and src/Tools/nbe.ML.
  6089 
  6090 * Alternative iff syntax "A <-> B" for equality on bool (with priority
  6091 25 like -->); output depends on the "iff" print_mode, the default is
  6092 "A = B" (with priority 50).
  6093 
  6094 * Relations less (<) and less_eq (<=) are also available on type bool.
  6095 Modified syntax to disallow nesting without explicit parentheses,
  6096 e.g. "(x < y) < z" or "x < (y < z)", but NOT "x < y < z".  Potential
  6097 INCOMPATIBILITY.
  6098 
  6099 * "LEAST x:A. P" expands to "LEAST x. x:A & P" (input only).
  6100 
  6101 * Relation composition operator "op O" now has precedence 75 and binds
  6102 stronger than union and intersection. INCOMPATIBILITY.
  6103 
  6104 * The old set interval syntax "{m..n(}" (and relatives) has been
  6105 removed.  Use "{m..<n}" (and relatives) instead.
  6106 
  6107 * In the context of the assumption "~(s = t)" the Simplifier rewrites
  6108 "t = s" to False (by simproc "neq").  INCOMPATIBILITY, consider using
  6109 ``declare [[simproc del: neq]]''.
  6110 
  6111 * Simplifier: "m dvd n" where m and n are numbers is evaluated to
  6112 True/False.
  6113 
  6114 * Theorem Cons_eq_map_conv no longer declared as "simp".
  6115 
  6116 * Theorem setsum_mult renamed to setsum_right_distrib.
  6117 
  6118 * Prefer ex1I over ex_ex1I in single-step reasoning, e.g. by the
  6119 ``rule'' method.
  6120 
  6121 * Reimplemented methods "sat" and "satx", with several improvements:
  6122 goals no longer need to be stated as "<prems> ==> False", equivalences
  6123 (i.e. "=" on type bool) are handled, variable names of the form
  6124 "lit_<n>" are no longer reserved, significant speedup.
  6125 
  6126 * Methods "sat" and "satx" can now replay MiniSat proof traces.
  6127 zChaff is still supported as well.
  6128 
  6129 * 'inductive' and 'datatype': provide projections of mutual rules,
  6130 bundled as foo_bar.inducts;
  6131 
  6132 * Library: moved theories Parity, GCD, Binomial, Infinite_Set to
  6133 Library.
  6134 
  6135 * Library: moved theory Accessible_Part to main HOL.
  6136 
  6137 * Library: added theory Coinductive_List of potentially infinite lists
  6138 as greatest fixed-point.
  6139 
  6140 * Library: added theory AssocList which implements (finite) maps as
  6141 association lists.
  6142 
  6143 * Method "evaluation" solves goals (i.e. a boolean expression)
  6144 efficiently by compiling it to ML.  The goal is "proved" (via an
  6145 oracle) if it evaluates to True.
  6146 
  6147 * Linear arithmetic now splits certain operators (e.g. min, max, abs)
  6148 also when invoked by the simplifier.  This results in the Simplifier
  6149 being more powerful on arithmetic goals.  INCOMPATIBILITY.
  6150 Configuration option fast_arith_split_limit=0 recovers the old
  6151 behavior.
  6152 
  6153 * Support for hex (0x20) and binary (0b1001) numerals.
  6154 
  6155 * New method: reify eqs (t), where eqs are equations for an
  6156 interpretation I :: 'a list => 'b => 'c and t::'c is an optional
  6157 parameter, computes a term s::'b and a list xs::'a list and proves the
  6158 theorem I xs s = t. This is also known as reification or quoting. The
  6159 resulting theorem is applied to the subgoal to substitute t with I xs
  6160 s.  If t is omitted, the subgoal itself is reified.
  6161 
  6162 * New method: reflection corr_thm eqs (t). The parameters eqs and (t)
  6163 are as explained above. corr_thm is a theorem for I vs (f t) = I vs t,
  6164 where f is supposed to be a computable function (in the sense of code
  6165 generattion). The method uses reify to compute s and xs as above then
  6166 applies corr_thm and uses normalization by evaluation to "prove" f s =
  6167 r and finally gets the theorem t = r, which is again applied to the
  6168 subgoal. An Example is available in src/HOL/ex/ReflectionEx.thy.
  6169 
  6170 * Reflection: Automatic reification now handels binding, an example is
  6171 available in src/HOL/ex/ReflectionEx.thy
  6172 
  6173 * HOL-Statespace: ``State Spaces: The Locale Way'' introduces a
  6174 command 'statespace' that is similar to 'record', but introduces an
  6175 abstract specification based on the locale infrastructure instead of
  6176 HOL types.  This leads to extra flexibility in composing state spaces,
  6177 in particular multiple inheritance and renaming of components.
  6178 
  6179 
  6180 *** HOL-Complex ***
  6181 
  6182 * Hyperreal: Functions root and sqrt are now defined on negative real
  6183 inputs so that root n (- x) = - root n x and sqrt (- x) = - sqrt x.
  6184 Nonnegativity side conditions have been removed from many lemmas, so
  6185 that more subgoals may now be solved by simplification; potential
  6186 INCOMPATIBILITY.
  6187 
  6188 * Real: new type classes formalize real normed vector spaces and
  6189 algebras, using new overloaded constants scaleR :: real => 'a => 'a
  6190 and norm :: 'a => real.
  6191 
  6192 * Real: constant of_real :: real => 'a::real_algebra_1 injects from
  6193 reals into other types. The overloaded constant Reals :: 'a set is now
  6194 defined as range of_real; potential INCOMPATIBILITY.
  6195 
  6196 * Real: proper support for ML code generation, including 'quickcheck'.
  6197 Reals are implemented as arbitrary precision rationals.
  6198 
  6199 * Hyperreal: Several constants that previously worked only for the
  6200 reals have been generalized, so they now work over arbitrary vector
  6201 spaces. Type annotations may need to be added in some cases; potential
  6202 INCOMPATIBILITY.
  6203 
  6204   Infinitesimal  :: ('a::real_normed_vector) star set
  6205   HFinite        :: ('a::real_normed_vector) star set
  6206   HInfinite      :: ('a::real_normed_vector) star set
  6207   approx         :: ('a::real_normed_vector) star => 'a star => bool
  6208   monad          :: ('a::real_normed_vector) star => 'a star set
  6209   galaxy         :: ('a::real_normed_vector) star => 'a star set
  6210   (NS)LIMSEQ     :: [nat => 'a::real_normed_vector, 'a] => bool
  6211   (NS)convergent :: (nat => 'a::real_normed_vector) => bool
  6212   (NS)Bseq       :: (nat => 'a::real_normed_vector) => bool
  6213   (NS)Cauchy     :: (nat => 'a::real_normed_vector) => bool
  6214   (NS)LIM        :: ['a::real_normed_vector => 'b::real_normed_vector, 'a, 'b] => bool
  6215   is(NS)Cont     :: ['a::real_normed_vector => 'b::real_normed_vector, 'a] => bool
  6216   deriv          :: ['a::real_normed_field => 'a, 'a, 'a] => bool
  6217   sgn            :: 'a::real_normed_vector => 'a
  6218   exp            :: 'a::{recpower,real_normed_field,banach} => 'a
  6219 
  6220 * Complex: Some complex-specific constants are now abbreviations for
  6221 overloaded ones: complex_of_real = of_real, cmod = norm, hcmod =
  6222 hnorm.  Other constants have been entirely removed in favor of the
  6223 polymorphic versions (INCOMPATIBILITY):
  6224 
  6225   approx        <-- capprox
  6226   HFinite       <-- CFinite
  6227   HInfinite     <-- CInfinite
  6228   Infinitesimal <-- CInfinitesimal
  6229   monad         <-- cmonad
  6230   galaxy        <-- cgalaxy
  6231   (NS)LIM       <-- (NS)CLIM, (NS)CRLIM
  6232   is(NS)Cont    <-- is(NS)Contc, is(NS)contCR
  6233   (ns)deriv     <-- (ns)cderiv
  6234 
  6235 
  6236 *** HOL-Algebra ***
  6237