NEWS
author wenzelm
Wed Aug 18 16:04:00 1999 +0200 (1999-08-18)
changeset 7252 d3ed595dd772
parent 7238 36e58620ffc8
child 7261 a141985d660b
permissions -rw-r--r--
replaced 'ProofGeneral' by 'Proof General';
     1 
     2 Isabelle NEWS -- history user-relevant changes
     3 ==============================================
     4 
     5 New in this Isabelle version
     6 ----------------------------
     7 
     8 *** Overview of INCOMPATIBILITIES (see below for more details) ***
     9 
    10 * HOL: The THEN and ELSE parts of conditional expressions (if P then x else y)
    11 are no longer simplified.  (This allows the simplifier to unfold recursive
    12 functional programs.)  To restore the old behaviour, declare
    13 
    14     Delcongs [if_weak_cong];
    15 
    16 * HOL: Removed the obsolete syntax "Compl A"; use -A for set
    17 complement;
    18 
    19 * HOL: the predicate "inj" is now defined by translation to "inj_on";
    20 
    21 * HOL/typedef: fixed type inference for representing set; type
    22 arguments now have to occur explicitly on the rhs as type constraints;
    23 
    24 * ZF: The con_defs part of an inductive definition may no longer refer
    25 to constants declared in the same theory;
    26 
    27 * HOL, ZF: the function mk_cases, generated by the inductive
    28 definition package, has lost an argument.  To simplify its result, it
    29 uses the default simpset instead of a supplied list of theorems.
    30 
    31 * HOL/List: the constructors of type list are now Nil and Cons;
    32 
    33 
    34 *** Proof tools ***
    35 
    36 * Provers/Arith/fast_lin_arith.ML contains a functor for creating a
    37 decision procedure for linear arithmetic. Currently it is used for
    38 types `nat' and `int' in HOL (see below) but can, should and will be
    39 instantiated for other types and logics as well.
    40 
    41 
    42 *** General ***
    43 
    44 * new Isabelle/Isar subsystem provides an alternative to traditional
    45 tactical theorem proving; together with the ProofGeneral/isar user
    46 interface it offers an interactive environment for developing human
    47 readable proof documents (Isar == Intelligible semi-automated
    48 reasoning); see isatool doc isar-ref and
    49 http://isabelle.in.tum.de/Isar/ for more information;
    50 
    51 * native support for Proof General, both for classic Isabelle and
    52 Isabelle/Isar (the latter is slightly better supported and more
    53 robust);
    54 
    55 * Isabelle manuals now also available as PDF;
    56 
    57 * improved browser info generation: better HTML markup (including
    58 colors), graph views in several sizes; isatool usedir now provides a
    59 proper interface for user theories (via -P option);
    60 
    61 * theory loader rewritten from scratch (may not be fully
    62 bug-compatible); old loadpath variable has been replaced by show_path,
    63 add_path, del_path, reset_path functions; new operations such as
    64 update_thy, touch_thy, remove_thy (see also isatool doc ref);
    65 
    66 * improved isatool install: option -k creates KDE application icon,
    67 option -p DIR installs standalone binaries;
    68 
    69 * added ML_PLATFORM setting (useful for cross-platform installations);
    70 more robust handling of platform specific ML images for SML/NJ;
    71 
    72 * path element specification '~~' refers to '$ISABELLE_HOME';
    73 
    74 * in locales, the "assumes" and "defines" parts may be omitted if
    75 empty;
    76 
    77 * new print_mode "xsymbols" for extended symbol support (e.g. genuine
    78 long arrows);
    79 
    80 * new print_mode "HTML";
    81 
    82 * new flag show_tags controls display of tags of theorems (which are
    83 basically just comments that may be attached by some tools);
    84 
    85 * Isamode 2.6 requires patch to accomodate change of Isabelle font
    86 mode and goal output format:
    87 
    88 diff -r Isamode-2.6/elisp/isa-load.el Isamode/elisp/isa-load.el
    89 244c244
    90 <       (list (isa-getenv "ISABELLE") "-msymbols" logic-name)
    91 ---
    92 >       (list (isa-getenv "ISABELLE") "-misabelle_font" "-msymbols" logic-name)
    93 diff -r Isabelle-2.6/elisp/isa-proofstate.el Isamode/elisp/isa-proofstate.el
    94 181c181
    95 < (defconst proofstate-proofstart-regexp "^Level [0-9]+$"
    96 ---
    97 > (defconst proofstate-proofstart-regexp "^Level [0-9]+"
    98 
    99 
   100 *** HOL ***
   101 
   102 ** HOL arithmetic **
   103 
   104 * There are now decision procedures for linear arithmetic over nat and
   105 int:
   106 
   107 1. arith_tac copes with arbitrary formulae involving `=', `<', `<=',
   108 `+', `-', `Suc', `min', `max' and numerical constants; other subterms
   109 are treated as atomic; subformulae not involving type `nat' or `int'
   110 are ignored; quantified subformulae are ignored unless they are
   111 positive universal or negative existential. The tactic has to be
   112 invoked by hand and can be a little bit slow. In particular, the
   113 running time is exponential in the number of occurrences of `min' and
   114 `max', and `-' on `nat'.
   115 
   116 2. fast_arith_tac is a cut-down version of arith_tac: it only takes
   117 (negated) (in)equalities among the premises and the conclusion into
   118 account (i.e. no compound formulae) and does not know about `min' and
   119 `max', and `-' on `nat'. It is fast and is used automatically by the
   120 simplifier.
   121 
   122 NB: At the moment, these decision procedures do not cope with mixed
   123 nat/int formulae where the two parts interact, such as `m < n ==>
   124 int(m) < int(n)'.
   125 
   126 * HOL/Numeral provides a generic theory of numerals (encoded
   127 efficiently as bit strings); setup for types nat and int is in place;
   128 INCOMPATIBILITY: since numeral syntax is now polymorphic, rather than
   129 int, existing theories and proof scripts may require a few additional
   130 type constraints;
   131 
   132 * integer division and remainder can now be performed on constant
   133 arguments;
   134 
   135 * many properties of integer multiplication, division and remainder
   136 are now available;
   137 
   138 * An interface to the Stanford Validity Checker (SVC) is available
   139 through the tactic svc_tac.  Propositional tautologies and theorems of
   140 linear arithmetic are proved automatically.  Numeric variables may
   141 have types nat, int or real.  SVC must be installed separately, and
   142 its results must be TAKEN ON TRUST (Isabelle does not check the
   143 proofs, but tags any invocation of the underlying oracle).
   144 
   145 * IsaMakefile: the HOL-Real target now builds an actual image;
   146 
   147 
   148 ** HOL misc **
   149 
   150 * HOL/TLA (Lamport's Temporal Logic of Actions): major reorganization
   151 -- avoids syntactic ambiguities and treats state, transition, and
   152 temporal levels more uniformly; introduces INCOMPATIBILITIES due to
   153 changed syntax and (many) tactics;
   154 
   155 * HOL/datatype: Now also handles arbitrarily branching datatypes
   156   (using function types) such as
   157 
   158   datatype 'a tree = Atom 'a | Branch "nat => 'a tree"
   159 
   160 * HOL/typedef: fixed type inference for representing set; type
   161 arguments now have to occur explicitly on the rhs as type constraints;
   162 
   163 * HOL/recdef (TFL): requires theory Recdef; 'congs' syntax now expects
   164 comma separated list of theorem names rather than an ML expression;
   165 
   166 * HOL/List: the constructors of type list are now Nil and Cons;
   167 INCOMPATIBILITY: while [] and infix # syntax is still there, of
   168 course, ML tools referring to List.list.op # etc. have to be adapted;
   169 
   170 * HOL_quantifiers flag superseded by "HOL" print mode, which is
   171 disabled by default; run isabelle with option -m HOL to get back to
   172 the original Gordon/HOL-style output;
   173 
   174 * HOL/Ord.thy: new bounded quantifier syntax (input only): ALL x<y. P,
   175 ALL x<=y. P, EX x<y. P, EX x<=y. P;
   176 
   177 * HOL basic syntax simplified (more orthogonal): all variants of
   178 All/Ex now support plain / symbolic / HOL notation; plain syntax for
   179 Eps operator is provided as well: "SOME x. P[x]";
   180 
   181 
   182 *** LK ***
   183 
   184 * the notation <<...>> is now available as a notation for sequences of
   185 formulas;
   186 
   187 * the simplifier is now installed
   188 
   189 * the axiom system has been generalized (thanks to Soren Heilmann) 
   190 
   191 * the classical reasoner now has a default rule database
   192 
   193 
   194 *** ZF ***
   195 
   196 * new primrec section allows primitive recursive functions to be given
   197 directly (as in HOL) over datatypes and the natural numbers;
   198 
   199 * new tactics induct_tac and exhaust_tac for induction (or case
   200 analysis) over datatypes and the natural numbers;
   201 
   202 * the datatype declaration of type T now defines the recursor T_rec;
   203 
   204 * simplification automatically does freeness reasoning for datatype
   205 constructors;
   206 
   207 * automatic type-inference, with AddTCs command to insert new
   208 type-checking rules;
   209 
   210 * datatype introduction rules are now added as Safe Introduction rules
   211 to the claset;
   212 
   213 * the syntax "if P then x else y" is now available in addition to
   214 if(P,x,y);
   215 
   216 
   217 *** Internal programming interfaces ***
   218 
   219 * AxClass.axclass_tac lost the theory argument;
   220 
   221 * tuned current_goals_markers semantics: begin / end goal avoids
   222 printing empty lines;
   223 
   224 * removed prs and prs_fn hook, which was broken because it did not
   225 include \n in its semantics, forcing writeln to add one
   226 uncoditionally; replaced prs_fn by writeln_fn; consider std_output:
   227 string -> unit if you really want to output text without newline;
   228 
   229 * Symbol.output subject to print mode; INCOMPATIBILITY: defaults to
   230 plain output, interface builders may have to enable 'isabelle_font'
   231 mode to get Isabelle font glyphs as before;
   232 
   233 * refined token_translation interface; INCOMPATIBILITY: output length
   234 now of type real instead of int;
   235 
   236 * theory loader actions may be traced via new ThyInfo.add_hook
   237 interface (see src/Pure/Thy/thy_info.ML); example application: keep
   238 your own database of information attached to *whole* theories -- as
   239 opposed to intra-theory data slots offered via TheoryDataFun;
   240 
   241 
   242 
   243 New in Isabelle98-1 (October 1998)
   244 ----------------------------------
   245 
   246 *** Overview of INCOMPATIBILITIES (see below for more details) ***
   247 
   248 * several changes of automated proof tools;
   249 
   250 * HOL: major changes to the inductive and datatype packages, including
   251 some minor incompatibilities of theory syntax;
   252 
   253 * HOL: renamed r^-1 to 'converse' from 'inverse'; 'inj_onto' is now
   254 called `inj_on';
   255 
   256 * HOL: removed duplicate thms in Arith:
   257   less_imp_add_less  should be replaced by  trans_less_add1
   258   le_imp_add_le      should be replaced by  trans_le_add1
   259 
   260 * HOL: unary minus is now overloaded (new type constraints may be
   261 required);
   262 
   263 * HOL and ZF: unary minus for integers is now #- instead of #~.  In
   264 ZF, expressions such as n#-1 must be changed to n#- 1, since #-1 is
   265 now taken as an integer constant.
   266 
   267 * Pure: ML function 'theory_of' renamed to 'theory';
   268 
   269 
   270 *** Proof tools ***
   271 
   272 * Simplifier:
   273   1. Asm_full_simp_tac is now more aggressive.
   274      1. It will sometimes reorient premises if that increases their power to
   275         simplify.
   276      2. It does no longer proceed strictly from left to right but may also
   277         rotate premises to achieve further simplification.
   278      For compatibility reasons there is now Asm_lr_simp_tac which is like the
   279      old Asm_full_simp_tac in that it does not rotate premises.
   280   2. The simplifier now knows a little bit about nat-arithmetic.
   281 
   282 * Classical reasoner: wrapper mechanism for the classical reasoner now
   283 allows for selected deletion of wrappers, by introduction of names for
   284 wrapper functionals.  This implies that addbefore, addSbefore,
   285 addaltern, and addSaltern now take a pair (name, tactic) as argument,
   286 and that adding two tactics with the same name overwrites the first
   287 one (emitting a warning).
   288   type wrapper = (int -> tactic) -> (int -> tactic)
   289   setWrapper, setSWrapper, compWrapper and compSWrapper are replaced by
   290   addWrapper, addSWrapper: claset * (string * wrapper) -> claset
   291   delWrapper, delSWrapper: claset *  string            -> claset
   292   getWrapper is renamed to appWrappers, getSWrapper to appSWrappers;
   293 
   294 * Classical reasoner: addbefore/addSbefore now have APPEND/ORELSE
   295 semantics; addbefore now affects only the unsafe part of step_tac
   296 etc.; this affects addss/auto_tac/force_tac, so EXISTING PROOFS MAY
   297 FAIL, but proofs should be fixable easily, e.g. by replacing Auto_tac
   298 by Force_tac;
   299 
   300 * Classical reasoner: setwrapper to setWrapper and compwrapper to
   301 compWrapper; added safe wrapper (and access functions for it);
   302 
   303 * HOL/split_all_tac is now much faster and fails if there is nothing
   304 to split.  Some EXISTING PROOFS MAY REQUIRE ADAPTION because the order
   305 and the names of the automatically generated variables have changed.
   306 split_all_tac has moved within claset() from unsafe wrappers to safe
   307 wrappers, which means that !!-bound variables are split much more
   308 aggressively, and safe_tac and clarify_tac now split such variables.
   309 If this splitting is not appropriate, use delSWrapper "split_all_tac".
   310 Note: the same holds for record_split_tac, which does the job of
   311 split_all_tac for record fields.
   312 
   313 * HOL/Simplifier: Rewrite rules for case distinctions can now be added
   314 permanently to the default simpset using Addsplits just like
   315 Addsimps. They can be removed via Delsplits just like
   316 Delsimps. Lower-case versions are also available.
   317 
   318 * HOL/Simplifier: The rule split_if is now part of the default
   319 simpset. This means that the simplifier will eliminate all occurrences
   320 of if-then-else in the conclusion of a goal. To prevent this, you can
   321 either remove split_if completely from the default simpset by
   322 `Delsplits [split_if]' or remove it in a specific call of the
   323 simplifier using `... delsplits [split_if]'.  You can also add/delete
   324 other case splitting rules to/from the default simpset: every datatype
   325 generates suitable rules `split_t_case' and `split_t_case_asm' (where
   326 t is the name of the datatype).
   327 
   328 * Classical reasoner / Simplifier combination: new force_tac (and
   329 derivatives Force_tac, force) combines rewriting and classical
   330 reasoning (and whatever other tools) similarly to auto_tac, but is
   331 aimed to solve the given subgoal completely.
   332 
   333 
   334 *** General ***
   335 
   336 * new top-level commands `Goal' and `Goalw' that improve upon `goal'
   337 and `goalw': the theory is no longer needed as an explicit argument -
   338 the current theory context is used; assumptions are no longer returned
   339 at the ML-level unless one of them starts with ==> or !!; it is
   340 recommended to convert to these new commands using isatool fixgoal
   341 (backup your sources first!);
   342 
   343 * new top-level commands 'thm' and 'thms' for retrieving theorems from
   344 the current theory context, and 'theory' to lookup stored theories;
   345 
   346 * new theory section 'locale' for declaring constants, assumptions and
   347 definitions that have local scope;
   348 
   349 * new theory section 'nonterminals' for purely syntactic types;
   350 
   351 * new theory section 'setup' for generic ML setup functions
   352 (e.g. package initialization);
   353 
   354 * the distribution now includes Isabelle icons: see
   355 lib/logo/isabelle-{small,tiny}.xpm;
   356 
   357 * isatool install - install binaries with absolute references to
   358 ISABELLE_HOME/bin;
   359 
   360 * isatool logo -- create instances of the Isabelle logo (as EPS);
   361 
   362 * print mode 'emacs' reserved for Isamode;
   363 
   364 * support multiple print (ast) translations per constant name;
   365 
   366 * theorems involving oracles are now printed with a suffixed [!];
   367 
   368 
   369 *** HOL ***
   370 
   371 * there is now a tutorial on Isabelle/HOL (do 'isatool doc tutorial');
   372 
   373 * HOL/inductive package reorganized and improved: now supports mutual
   374 definitions such as
   375 
   376   inductive EVEN ODD
   377     intrs
   378       null "0 : EVEN"
   379       oddI "n : EVEN ==> Suc n : ODD"
   380       evenI "n : ODD ==> Suc n : EVEN"
   381 
   382 new theorem list "elims" contains an elimination rule for each of the
   383 recursive sets; inductive definitions now handle disjunctive premises
   384 correctly (also ZF);
   385 
   386 INCOMPATIBILITIES: requires Inductive as an ancestor; component
   387 "mutual_induct" no longer exists - the induction rule is always
   388 contained in "induct";
   389 
   390 
   391 * HOL/datatype package re-implemented and greatly improved: now
   392 supports mutually recursive datatypes such as
   393 
   394   datatype
   395     'a aexp = IF_THEN_ELSE ('a bexp) ('a aexp) ('a aexp)
   396             | SUM ('a aexp) ('a aexp)
   397             | DIFF ('a aexp) ('a aexp)
   398             | NUM 'a
   399   and
   400     'a bexp = LESS ('a aexp) ('a aexp)
   401             | AND ('a bexp) ('a bexp)
   402             | OR ('a bexp) ('a bexp)
   403 
   404 as well as indirectly recursive datatypes such as
   405 
   406   datatype
   407     ('a, 'b) term = Var 'a
   408                   | App 'b ((('a, 'b) term) list)
   409 
   410 The new tactic  mutual_induct_tac [<var_1>, ..., <var_n>] i  performs
   411 induction on mutually / indirectly recursive datatypes.
   412 
   413 Primrec equations are now stored in theory and can be accessed via
   414 <function_name>.simps.
   415 
   416 INCOMPATIBILITIES:
   417 
   418   - Theories using datatypes must now have theory Datatype as an
   419     ancestor.
   420   - The specific <typename>.induct_tac no longer exists - use the
   421     generic induct_tac instead.
   422   - natE has been renamed to nat.exhaust - use exhaust_tac
   423     instead of res_inst_tac ... natE. Note that the variable
   424     names in nat.exhaust differ from the names in natE, this
   425     may cause some "fragile" proofs to fail.
   426   - The theorems split_<typename>_case and split_<typename>_case_asm
   427     have been renamed to <typename>.split and <typename>.split_asm.
   428   - Since default sorts of type variables are now handled correctly,
   429     some datatype definitions may have to be annotated with explicit
   430     sort constraints.
   431   - Primrec definitions no longer require function name and type
   432     of recursive argument.
   433 
   434 Consider using isatool fixdatatype to adapt your theories and proof
   435 scripts to the new package (backup your sources first!).
   436 
   437 
   438 * HOL/record package: considerably improved implementation; now
   439 includes concrete syntax for record types, terms, updates; theorems
   440 for surjective pairing and splitting !!-bound record variables; proof
   441 support is as follows:
   442 
   443   1) standard conversions (selectors or updates applied to record
   444 constructor terms) are part of the standard simpset;
   445 
   446   2) inject equations of the form ((x, y) = (x', y')) == x=x' & y=y' are
   447 made part of standard simpset and claset via addIffs;
   448 
   449   3) a tactic for record field splitting (record_split_tac) is part of
   450 the standard claset (addSWrapper);
   451 
   452 To get a better idea about these rules you may retrieve them via
   453 something like 'thms "foo.simps"' or 'thms "foo.iffs"', where "foo" is
   454 the name of your record type.
   455 
   456 The split tactic 3) conceptually simplifies by the following rule:
   457 
   458   "(!!x. PROP ?P x) == (!!a b. PROP ?P (a, b))"
   459 
   460 Thus any record variable that is bound by meta-all will automatically
   461 blow up into some record constructor term, consequently the
   462 simplifications of 1), 2) apply.  Thus force_tac, auto_tac etc. shall
   463 solve record problems automatically.
   464 
   465 
   466 * reorganized the main HOL image: HOL/Integ and String loaded by
   467 default; theory Main includes everything;
   468 
   469 * automatic simplification of integer sums and comparisons, using cancellation;
   470 
   471 * added option_map_eq_Some and not_Some_eq to the default simpset and claset;
   472 
   473 * added disj_not1 = "(~P | Q) = (P --> Q)" to the default simpset;
   474 
   475 * many new identities for unions, intersections, set difference, etc.;
   476 
   477 * expand_if, expand_split, expand_sum_case and expand_nat_case are now
   478 called split_if, split_split, split_sum_case and split_nat_case (to go
   479 with add/delsplits);
   480 
   481 * HOL/Prod introduces simplification procedure unit_eq_proc rewriting
   482 (?x::unit) = (); this is made part of the default simpset, which COULD
   483 MAKE EXISTING PROOFS FAIL under rare circumstances (consider
   484 'Delsimprocs [unit_eq_proc];' as last resort); also note that
   485 unit_abs_eta_conv is added in order to counter the effect of
   486 unit_eq_proc on (%u::unit. f u), replacing it by f rather than by
   487 %u.f();
   488 
   489 * HOL/Fun INCOMPATIBILITY: `inj_onto' is now called `inj_on' (which
   490 makes more sense);
   491 
   492 * HOL/Set INCOMPATIBILITY: rule `equals0D' is now a well-formed destruct rule;
   493   It and 'sym RS equals0D' are now in the default  claset, giving automatic
   494   disjointness reasoning but breaking a few old proofs.
   495 
   496 * HOL/Relation INCOMPATIBILITY: renamed the relational operator r^-1
   497 to 'converse' from 'inverse' (for compatibility with ZF and some
   498 literature);
   499 
   500 * HOL/recdef can now declare non-recursive functions, with {} supplied as
   501 the well-founded relation;
   502 
   503 * HOL/Set INCOMPATIBILITY: the complement of set A is now written -A instead of
   504     Compl A.  The "Compl" syntax remains available as input syntax for this
   505     release ONLY.
   506 
   507 * HOL/Update: new theory of function updates:
   508     f(a:=b) == %x. if x=a then b else f x
   509 may also be iterated as in f(a:=b,c:=d,...);
   510 
   511 * HOL/Vimage: new theory for inverse image of a function, syntax f-``B;
   512 
   513 * HOL/List:
   514   - new function list_update written xs[i:=v] that updates the i-th
   515     list position. May also be iterated as in xs[i:=a,j:=b,...].
   516   - new function `upt' written [i..j(] which generates the list
   517     [i,i+1,...,j-1], i.e. the upper bound is excluded. To include the upper
   518     bound write [i..j], which is a shorthand for [i..j+1(].
   519   - new lexicographic orderings and corresponding wellfoundedness theorems.
   520 
   521 * HOL/Arith:
   522   - removed 'pred' (predecessor) function;
   523   - generalized some theorems about n-1;
   524   - many new laws about "div" and "mod";
   525   - new laws about greatest common divisors (see theory ex/Primes);
   526 
   527 * HOL/Relation: renamed the relational operator r^-1 "converse"
   528 instead of "inverse";
   529 
   530 * HOL/Induct/Multiset: a theory of multisets, including the wellfoundedness
   531   of the multiset ordering;
   532 
   533 * directory HOL/Real: a construction of the reals using Dedekind cuts
   534   (not included by default);
   535 
   536 * directory HOL/UNITY: Chandy and Misra's UNITY formalism;
   537 
   538 * directory HOL/Hoare: a new version of Hoare logic which permits many-sorted
   539   programs, i.e. different program variables may have different types.
   540 
   541 * calling (stac rew i) now fails if "rew" has no effect on the goal
   542   [previously, this check worked only if the rewrite rule was unconditional]
   543   Now rew can involve either definitions or equalities (either == or =).
   544 
   545 
   546 *** ZF ***
   547 
   548 * theory Main includes everything; INCOMPATIBILITY: theory ZF.thy contains
   549   only the theorems proved on ZF.ML;
   550 
   551 * ZF INCOMPATIBILITY: rule `equals0D' is now a well-formed destruct rule;
   552   It and 'sym RS equals0D' are now in the default  claset, giving automatic
   553   disjointness reasoning but breaking a few old proofs.
   554 
   555 * ZF/Update: new theory of function updates
   556     with default rewrite rule  f(x:=y) ` z = if(z=x, y, f`z)
   557   may also be iterated as in f(a:=b,c:=d,...);
   558 
   559 * in  let x=t in u(x), neither t nor u(x) has to be an FOL term.
   560 
   561 * calling (stac rew i) now fails if "rew" has no effect on the goal
   562   [previously, this check worked only if the rewrite rule was unconditional]
   563   Now rew can involve either definitions or equalities (either == or =).
   564 
   565 * case_tac provided for compatibility with HOL
   566     (like the old excluded_middle_tac, but with subgoals swapped)
   567 
   568 
   569 *** Internal programming interfaces ***
   570 
   571 * Pure: several new basic modules made available for general use, see
   572 also src/Pure/README;
   573 
   574 * improved the theory data mechanism to support encapsulation (data
   575 kind name replaced by private Object.kind, acting as authorization
   576 key); new type-safe user interface via functor TheoryDataFun; generic
   577 print_data function becomes basically useless;
   578 
   579 * removed global_names compatibility flag -- all theory declarations
   580 are qualified by default;
   581 
   582 * module Pure/Syntax now offers quote / antiquote translation
   583 functions (useful for Hoare logic etc. with implicit dependencies);
   584 see HOL/ex/Antiquote for an example use;
   585 
   586 * Simplifier now offers conversions (asm_)(full_)rewrite: simpset ->
   587 cterm -> thm;
   588 
   589 * new tactical CHANGED_GOAL for checking that a tactic modifies a
   590 subgoal;
   591 
   592 * Display.print_goals function moved to Locale.print_goals;
   593 
   594 * standard print function for goals supports current_goals_markers
   595 variable for marking begin of proof, end of proof, start of goal; the
   596 default is ("", "", ""); setting current_goals_markers := ("<proof>",
   597 "</proof>", "<goal>") causes SGML like tagged proof state printing,
   598 for example;
   599 
   600 
   601 
   602 New in Isabelle98 (January 1998)
   603 --------------------------------
   604 
   605 *** Overview of INCOMPATIBILITIES (see below for more details) ***
   606 
   607 * changed lexical syntax of terms / types: dots made part of long
   608 identifiers, e.g. "%x.x" no longer possible, should be "%x. x";
   609 
   610 * simpset (and claset) reference variable replaced by functions
   611 simpset / simpset_ref;
   612 
   613 * no longer supports theory aliases (via merge) and non-trivial
   614 implicit merge of thms' signatures;
   615 
   616 * most internal names of constants changed due to qualified names;
   617 
   618 * changed Pure/Sequence interface (see Pure/seq.ML);
   619 
   620 
   621 *** General Changes ***
   622 
   623 * hierachically structured name spaces (for consts, types, axms, thms
   624 etc.); new lexical class 'longid' (e.g. Foo.bar.x) may render much of
   625 old input syntactically incorrect (e.g. "%x.x"); COMPATIBILITY:
   626 isatool fixdots ensures space after dots (e.g. "%x. x"); set
   627 long_names for fully qualified output names; NOTE: ML programs
   628 (special tactics, packages etc.) referring to internal names may have
   629 to be adapted to cope with fully qualified names; in case of severe
   630 backward campatibility problems try setting 'global_names' at compile
   631 time to have enrything declared within a flat name space; one may also
   632 fine tune name declarations in theories via the 'global' and 'local'
   633 section;
   634 
   635 * reimplemented the implicit simpset and claset using the new anytype
   636 data filed in signatures; references simpset:simpset ref etc. are
   637 replaced by functions simpset:unit->simpset and
   638 simpset_ref:unit->simpset ref; COMPATIBILITY: use isatool fixclasimp
   639 to patch your ML files accordingly;
   640 
   641 * HTML output now includes theory graph data for display with Java
   642 applet or isatool browser; data generated automatically via isatool
   643 usedir (see -i option, ISABELLE_USEDIR_OPTIONS);
   644 
   645 * defs may now be conditional; improved rewrite_goals_tac to handle
   646 conditional equations;
   647 
   648 * defs now admits additional type arguments, using TYPE('a) syntax;
   649 
   650 * theory aliases via merge (e.g. M=A+B+C) no longer supported, always
   651 creates a new theory node; implicit merge of thms' signatures is
   652 restricted to 'trivial' ones; COMPATIBILITY: one may have to use
   653 transfer:theory->thm->thm in (rare) cases;
   654 
   655 * improved handling of draft signatures / theories; draft thms (and
   656 ctyps, cterms) are automatically promoted to real ones;
   657 
   658 * slightly changed interfaces for oracles: admit many per theory, named
   659 (e.g. oracle foo = mlfun), additional name argument for invoke_oracle;
   660 
   661 * print_goals: optional output of const types (set show_consts and
   662 show_types);
   663 
   664 * improved output of warnings (###) and errors (***);
   665 
   666 * subgoal_tac displays a warning if the new subgoal has type variables;
   667 
   668 * removed old README and Makefiles;
   669 
   670 * replaced print_goals_ref hook by print_current_goals_fn and result_error_fn;
   671 
   672 * removed obsolete init_pps and init_database;
   673 
   674 * deleted the obsolete tactical STATE, which was declared by
   675     fun STATE tacfun st = tacfun st st;
   676 
   677 * cd and use now support path variables, e.g. $ISABELLE_HOME, or ~
   678 (which abbreviates $HOME);
   679 
   680 * changed Pure/Sequence interface (see Pure/seq.ML); COMPATIBILITY:
   681 use isatool fixseq to adapt your ML programs (this works for fully
   682 qualified references to the Sequence structure only!);
   683 
   684 * use_thy no longer requires writable current directory; it always
   685 reloads .ML *and* .thy file, if either one is out of date;
   686 
   687 
   688 *** Classical Reasoner ***
   689 
   690 * Clarify_tac, clarify_tac, clarify_step_tac, Clarify_step_tac: new
   691 tactics that use classical reasoning to simplify a subgoal without
   692 splitting it into several subgoals;
   693 
   694 * Safe_tac: like safe_tac but uses the default claset;
   695 
   696 
   697 *** Simplifier ***
   698 
   699 * added simplification meta rules:
   700     (asm_)(full_)simplify: simpset -> thm -> thm;
   701 
   702 * simplifier.ML no longer part of Pure -- has to be loaded by object
   703 logics (again);
   704 
   705 * added prems argument to simplification procedures;
   706 
   707 * HOL, FOL, ZF: added infix function `addsplits':
   708   instead of `<simpset> setloop (split_tac <thms>)'
   709   you can simply write `<simpset> addsplits <thms>'
   710 
   711 
   712 *** Syntax ***
   713 
   714 * TYPE('a) syntax for type reflection terms;
   715 
   716 * no longer handles consts with name "" -- declare as 'syntax' instead;
   717 
   718 * pretty printer: changed order of mixfix annotation preference (again!);
   719 
   720 * Pure: fixed idt/idts vs. pttrn/pttrns syntactic categories;
   721 
   722 
   723 *** HOL ***
   724 
   725 * HOL: there is a new splitter `split_asm_tac' that can be used e.g.
   726   with `addloop' of the simplifier to faciliate case splitting in premises.
   727 
   728 * HOL/TLA: Stephan Merz's formalization of Lamport's Temporal Logic of Actions;
   729 
   730 * HOL/Auth: new protocol proofs including some for the Internet
   731   protocol TLS;
   732 
   733 * HOL/Map: new theory of `maps' a la VDM;
   734 
   735 * HOL/simplifier: simplification procedures nat_cancel_sums for
   736 cancelling out common nat summands from =, <, <= (in)equalities, or
   737 differences; simplification procedures nat_cancel_factor for
   738 cancelling common factor from =, <, <= (in)equalities over natural
   739 sums; nat_cancel contains both kinds of procedures, it is installed by
   740 default in Arith.thy -- this COULD MAKE EXISTING PROOFS FAIL;
   741 
   742 * HOL/simplifier: terms of the form
   743   `? x. P1(x) & ... & Pn(x) & x=t & Q1(x) & ... Qn(x)'  (or t=x)
   744   are rewritten to
   745   `P1(t) & ... & Pn(t) & Q1(t) & ... Qn(t)',
   746   and those of the form
   747   `! x. P1(x) & ... & Pn(x) & x=t & Q1(x) & ... Qn(x) --> R(x)'  (or t=x)
   748   are rewritten to
   749   `P1(t) & ... & Pn(t) & Q1(t) & ... Qn(t) --> R(t)',
   750 
   751 * HOL/datatype
   752   Each datatype `t' now comes with a theorem `split_t_case' of the form
   753 
   754   P(t_case f1 ... fn x) =
   755      ( (!y1 ... ym1. x = C1 y1 ... ym1 --> P(f1 y1 ... ym1)) &
   756         ...
   757        (!y1 ... ymn. x = Cn y1 ... ymn --> P(f1 y1 ... ymn))
   758      )
   759 
   760   and a theorem `split_t_case_asm' of the form
   761 
   762   P(t_case f1 ... fn x) =
   763     ~( (? y1 ... ym1. x = C1 y1 ... ym1 & ~P(f1 y1 ... ym1)) |
   764         ...
   765        (? y1 ... ymn. x = Cn y1 ... ymn & ~P(f1 y1 ... ymn))
   766      )
   767   which can be added to a simpset via `addsplits'. The existing theorems
   768   expand_list_case and expand_option_case have been renamed to
   769   split_list_case and split_option_case.
   770 
   771 * HOL/Arithmetic:
   772   - `pred n' is automatically converted to `n-1'.
   773     Users are strongly encouraged not to use `pred' any longer,
   774     because it will disappear altogether at some point.
   775   - Users are strongly encouraged to write "0 < n" rather than
   776     "n ~= 0". Theorems and proof tools have been modified towards this
   777     `standard'.
   778 
   779 * HOL/Lists:
   780   the function "set_of_list" has been renamed "set" (and its theorems too);
   781   the function "nth" now takes its arguments in the reverse order and
   782   has acquired the infix notation "!" as in "xs!n".
   783 
   784 * HOL/Set: UNIV is now a constant and is no longer translated to Compl{};
   785 
   786 * HOL/Set: The operator (UN x.B x) now abbreviates (UN x:UNIV. B x) and its
   787   specialist theorems (like UN1_I) are gone.  Similarly for (INT x.B x);
   788 
   789 * HOL/record: extensible records with schematic structural subtyping
   790 (single inheritance); EXPERIMENTAL version demonstrating the encoding,
   791 still lacks various theorems and concrete record syntax;
   792 
   793 
   794 *** HOLCF ***
   795 
   796 * removed "axioms" and "generated by" sections;
   797 
   798 * replaced "ops" section by extended "consts" section, which is capable of
   799   handling the continuous function space "->" directly;
   800 
   801 * domain package:
   802   . proves theorems immediately and stores them in the theory,
   803   . creates hierachical name space,
   804   . now uses normal mixfix annotations (instead of cinfix...),
   805   . minor changes to some names and values (for consistency),
   806   . e.g. cases -> casedist, dists_eq -> dist_eqs, [take_lemma] -> take_lemmas,
   807   . separator between mutual domain defs: changed "," to "and",
   808   . improved handling of sort constraints;  now they have to
   809     appear on the left-hand side of the equations only;
   810 
   811 * fixed LAM <x,y,zs>.b syntax;
   812 
   813 * added extended adm_tac to simplifier in HOLCF -- can now discharge
   814 adm (%x. P (t x)), where P is chainfinite and t continuous;
   815 
   816 
   817 *** FOL and ZF ***
   818 
   819 * FOL: there is a new splitter `split_asm_tac' that can be used e.g.
   820   with `addloop' of the simplifier to faciliate case splitting in premises.
   821 
   822 * qed_spec_mp, qed_goal_spec_mp, qed_goalw_spec_mp are available, as
   823 in HOL, they strip ALL and --> from proved theorems;
   824 
   825 
   826 
   827 New in Isabelle94-8 (May 1997)
   828 ------------------------------
   829 
   830 *** General Changes ***
   831 
   832 * new utilities to build / run / maintain Isabelle etc. (in parts
   833 still somewhat experimental); old Makefiles etc. still functional;
   834 
   835 * new 'Isabelle System Manual';
   836 
   837 * INSTALL text, together with ./configure and ./build scripts;
   838 
   839 * reimplemented type inference for greater efficiency, better error
   840 messages and clean internal interface;
   841 
   842 * prlim command for dealing with lots of subgoals (an easier way of
   843 setting goals_limit);
   844 
   845 
   846 *** Syntax ***
   847 
   848 * supports alternative (named) syntax tables (parser and pretty
   849 printer); internal interface is provided by add_modesyntax(_i);
   850 
   851 * Pure, FOL, ZF, HOL, HOLCF now support symbolic input and output; to
   852 be used in conjunction with the Isabelle symbol font; uses the
   853 "symbols" syntax table;
   854 
   855 * added token_translation interface (may translate name tokens in
   856 arbitrary ways, dependent on their type (free, bound, tfree, ...) and
   857 the current print_mode); IMPORTANT: user print translation functions
   858 are responsible for marking newly introduced bounds
   859 (Syntax.mark_boundT);
   860 
   861 * token translations for modes "xterm" and "xterm_color" that display
   862 names in bold, underline etc. or colors (which requires a color
   863 version of xterm);
   864 
   865 * infixes may now be declared with names independent of their syntax;
   866 
   867 * added typed_print_translation (like print_translation, but may
   868 access type of constant);
   869 
   870 
   871 *** Classical Reasoner ***
   872 
   873 Blast_tac: a new tactic!  It is often more powerful than fast_tac, but has
   874 some limitations.  Blast_tac...
   875   + ignores addss, addbefore, addafter; this restriction is intrinsic
   876   + ignores elimination rules that don't have the correct format
   877         (the conclusion MUST be a formula variable)
   878   + ignores types, which can make HOL proofs fail
   879   + rules must not require higher-order unification, e.g. apply_type in ZF
   880     [message "Function Var's argument not a bound variable" relates to this]
   881   + its proof strategy is more general but can actually be slower
   882 
   883 * substitution with equality assumptions no longer permutes other
   884 assumptions;
   885 
   886 * minor changes in semantics of addafter (now called addaltern); renamed
   887 setwrapper to setWrapper and compwrapper to compWrapper; added safe wrapper
   888 (and access functions for it);
   889 
   890 * improved combination of classical reasoner and simplifier:
   891   + functions for handling clasimpsets
   892   + improvement of addss: now the simplifier is called _after_ the
   893     safe steps.
   894   + safe variant of addss called addSss: uses safe simplifications
   895     _during_ the safe steps. It is more complete as it allows multiple
   896     instantiations of unknowns (e.g. with slow_tac).
   897 
   898 *** Simplifier ***
   899 
   900 * added interface for simplification procedures (functions that
   901 produce *proven* rewrite rules on the fly, depending on current
   902 redex);
   903 
   904 * ordering on terms as parameter (used for ordered rewriting);
   905 
   906 * new functions delcongs, deleqcongs, and Delcongs. richer rep_ss;
   907 
   908 * the solver is now split into a safe and an unsafe part.
   909 This should be invisible for the normal user, except that the
   910 functions setsolver and addsolver have been renamed to setSolver and
   911 addSolver; added safe_asm_full_simp_tac;
   912 
   913 
   914 *** HOL ***
   915 
   916 * a generic induction tactic `induct_tac' which works for all datatypes and
   917 also for type `nat';
   918 
   919 * a generic case distinction tactic `exhaust_tac' which works for all
   920 datatypes and also for type `nat';
   921 
   922 * each datatype comes with a function `size';
   923 
   924 * patterns in case expressions allow tuple patterns as arguments to
   925 constructors, for example `case x of [] => ... | (x,y,z)#ps => ...';
   926 
   927 * primrec now also works with type nat;
   928 
   929 * recdef: a new declaration form, allows general recursive functions to be
   930 defined in theory files.  See HOL/ex/Fib, HOL/ex/Primes, HOL/Subst/Unify.
   931 
   932 * the constant for negation has been renamed from "not" to "Not" to
   933 harmonize with FOL, ZF, LK, etc.;
   934 
   935 * HOL/ex/LFilter theory of a corecursive "filter" functional for
   936 infinite lists;
   937 
   938 * HOL/Modelcheck demonstrates invocation of model checker oracle;
   939 
   940 * HOL/ex/Ring.thy declares cring_simp, which solves equational
   941 problems in commutative rings, using axiomatic type classes for + and *;
   942 
   943 * more examples in HOL/MiniML and HOL/Auth;
   944 
   945 * more default rewrite rules for quantifiers, union/intersection;
   946 
   947 * a new constant `arbitrary == @x.False';
   948 
   949 * HOLCF/IOA replaces old HOL/IOA;
   950 
   951 * HOLCF changes: derived all rules and arities
   952   + axiomatic type classes instead of classes
   953   + typedef instead of faking type definitions
   954   + eliminated the internal constants less_fun, less_cfun, UU_fun, UU_cfun etc.
   955   + new axclasses cpo, chfin, flat with flat < chfin < pcpo < cpo < po
   956   + eliminated the types void, one, tr
   957   + use unit lift and bool lift (with translations) instead of one and tr
   958   + eliminated blift from Lift3.thy (use Def instead of blift)
   959   all eliminated rules are derived as theorems --> no visible changes ;
   960 
   961 
   962 *** ZF ***
   963 
   964 * ZF now has Fast_tac, Simp_tac and Auto_tac.  Union_iff is a now a default
   965 rewrite rule; this may affect some proofs.  eq_cs is gone but can be put back
   966 as ZF_cs addSIs [equalityI];
   967 
   968 
   969 
   970 New in Isabelle94-7 (November 96)
   971 ---------------------------------
   972 
   973 * allowing negative levels (as offsets) in prlev and choplev;
   974 
   975 * super-linear speedup for large simplifications;
   976 
   977 * FOL, ZF and HOL now use miniscoping: rewriting pushes
   978 quantifications in as far as possible (COULD MAKE EXISTING PROOFS
   979 FAIL); can suppress it using the command Delsimps (ex_simps @
   980 all_simps); De Morgan laws are also now included, by default;
   981 
   982 * improved printing of ==>  :  ~:
   983 
   984 * new object-logic "Sequents" adds linear logic, while replacing LK
   985 and Modal (thanks to Sara Kalvala);
   986 
   987 * HOL/Auth: correctness proofs for authentication protocols;
   988 
   989 * HOL: new auto_tac combines rewriting and classical reasoning (many
   990 examples on HOL/Auth);
   991 
   992 * HOL: new command AddIffs for declaring theorems of the form P=Q to
   993 the rewriter and classical reasoner simultaneously;
   994 
   995 * function uresult no longer returns theorems in "standard" format;
   996 regain previous version by: val uresult = standard o uresult;
   997 
   998 
   999 
  1000 New in Isabelle94-6
  1001 -------------------
  1002 
  1003 * oracles -- these establish an interface between Isabelle and trusted
  1004 external reasoners, which may deliver results as theorems;
  1005 
  1006 * proof objects (in particular record all uses of oracles);
  1007 
  1008 * Simp_tac, Fast_tac, etc. that refer to implicit simpset / claset;
  1009 
  1010 * "constdefs" section in theory files;
  1011 
  1012 * "primrec" section (HOL) no longer requires names;
  1013 
  1014 * internal type "tactic" now simply "thm -> thm Sequence.seq";
  1015 
  1016 
  1017 
  1018 New in Isabelle94-5
  1019 -------------------
  1020 
  1021 * reduced space requirements;
  1022 
  1023 * automatic HTML generation from theories;
  1024 
  1025 * theory files no longer require "..." (quotes) around most types;
  1026 
  1027 * new examples, including two proofs of the Church-Rosser theorem;
  1028 
  1029 * non-curried (1994) version of HOL is no longer distributed;
  1030 
  1031 
  1032 
  1033 New in Isabelle94-4
  1034 -------------------
  1035 
  1036 * greatly reduced space requirements;
  1037 
  1038 * theory files (.thy) no longer require \...\ escapes at line breaks;
  1039 
  1040 * searchable theorem database (see the section "Retrieving theorems" on
  1041 page 8 of the Reference Manual);
  1042 
  1043 * new examples, including Grabczewski's monumental case study of the
  1044 Axiom of Choice;
  1045 
  1046 * The previous version of HOL renamed to Old_HOL;
  1047 
  1048 * The new version of HOL (previously called CHOL) uses a curried syntax
  1049 for functions.  Application looks like f a b instead of f(a,b);
  1050 
  1051 * Mutually recursive inductive definitions finally work in HOL;
  1052 
  1053 * In ZF, pattern-matching on tuples is now available in all abstractions and
  1054 translates to the operator "split";
  1055 
  1056 
  1057 
  1058 New in Isabelle94-3
  1059 -------------------
  1060 
  1061 * new infix operator, addss, allowing the classical reasoner to
  1062 perform simplification at each step of its search.  Example:
  1063         fast_tac (cs addss ss)
  1064 
  1065 * a new logic, CHOL, the same as HOL, but with a curried syntax
  1066 for functions.  Application looks like f a b instead of f(a,b).  Also pairs
  1067 look like (a,b) instead of <a,b>;
  1068 
  1069 * PLEASE NOTE: CHOL will eventually replace HOL!
  1070 
  1071 * In CHOL, pattern-matching on tuples is now available in all abstractions.
  1072 It translates to the operator "split".  A new theory of integers is available;
  1073 
  1074 * In ZF, integer numerals now denote two's-complement binary integers.
  1075 Arithmetic operations can be performed by rewriting.  See ZF/ex/Bin.ML;
  1076 
  1077 * Many new examples: I/O automata, Church-Rosser theorem, equivalents
  1078 of the Axiom of Choice;
  1079 
  1080 
  1081 
  1082 New in Isabelle94-2
  1083 -------------------
  1084 
  1085 * Significantly faster resolution;
  1086 
  1087 * the different sections in a .thy file can now be mixed and repeated
  1088 freely;
  1089 
  1090 * Database of theorems for FOL, HOL and ZF.  New
  1091 commands including qed, qed_goal and bind_thm store theorems in the database.
  1092 
  1093 * Simple database queries: return a named theorem (get_thm) or all theorems of
  1094 a given theory (thms_of), or find out what theory a theorem was proved in
  1095 (theory_of_thm);
  1096 
  1097 * Bugs fixed in the inductive definition and datatype packages;
  1098 
  1099 * The classical reasoner provides deepen_tac and depth_tac, making FOL_dup_cs
  1100 and HOL_dup_cs obsolete;
  1101 
  1102 * Syntactic ambiguities caused by the new treatment of syntax in Isabelle94-1
  1103 have been removed;
  1104 
  1105 * Simpler definition of function space in ZF;
  1106 
  1107 * new results about cardinal and ordinal arithmetic in ZF;
  1108 
  1109 * 'subtype' facility in HOL for introducing new types as subsets of existing
  1110 types;
  1111 
  1112 
  1113 $Id$