merged
authorwenzelm
Fri Feb 12 22:36:48 2016 +0100 (2016-02-12)
changeset 622841fd4831e9f93
parent 62224 9343649abb09
parent 62283 f005a691df1f
child 62285 747fc3692fca
merged
CONTRIBUTORS
NEWS
     1.1 --- a/.hgtags	Wed Feb 10 15:49:05 2016 +0100
     1.2 +++ b/.hgtags	Fri Feb 12 22:36:48 2016 +0100
     1.3 @@ -32,3 +32,7 @@
     1.4  5ae2a2e74c93eafeb00b1ddeef0404256745ebba Isabelle2015
     1.5  e18444532fce734c2508ccffd84a4b9f166901e3 Isabelle2016-RC0
     1.6  155d30f721dd7e465b9640b550b7f44ecf8b1970 Isabelle2016-RC1
     1.7 +5d513565749e6818ce3bbd1b40739ddc314e17a5 Isabelle2016-RC2
     1.8 +81cbea2babd968353655a825645914672529b310 Isabelle2016-RC3
     1.9 +f4baefee57768cf00b1a9e003770c7573b5d7378 Isabelle2016-RC4
    1.10 +45adb8dc84e1279f415cc00ee7c5e0a542fd339e Isabelle2016-RC5
     2.1 --- a/Admin/Release/CHECKLIST	Wed Feb 10 15:49:05 2016 +0100
     2.2 +++ b/Admin/Release/CHECKLIST	Fri Feb 12 22:36:48 2016 +0100
     2.3 @@ -28,9 +28,9 @@
     2.4  
     2.5  - update https://bitbucket.org/isabelle_project/isabelle-website
     2.6  
     2.7 -- maintain doc/Contents;
     2.8 +- check doc/Contents, src/Tools/jEdit/dist/doc/Contents;
     2.9  
    2.10 -- maintain Logics:
    2.11 +- check Logics:
    2.12      ROOTS
    2.13      lib/html/library_index_content.template
    2.14  
     3.1 --- a/Admin/components/components.sha1	Wed Feb 10 15:49:05 2016 +0100
     3.2 +++ b/Admin/components/components.sha1	Fri Feb 12 22:36:48 2016 +0100
     3.3 @@ -112,10 +112,12 @@
     3.4  b4b624fb5f34d1dc814fb4fb469fafd7d7ea018a  polyml-5.5.3-20150908.tar.gz
     3.5  b668e1f43a41608a8eb365c5e19db6c54c72748a  polyml-5.5.3-20150911.tar.gz
     3.6  1f5cd9b1390dab13861f90dfc06d4180cc107587  polyml-5.5.3-20150916.tar.gz
     3.7 +f78896e588e8ebb4da57bf0c95210b0f0fa9e551  polyml-5.6-1.tar.gz
     3.8  03ba81e595fa6d6df069532d67ad3195c37d9046  polyml-5.6-20151123.tar.gz
     3.9  822f489c18e38ce5ef979ec21dccce4473e09be6  polyml-5.6-20151206.tar.gz
    3.10  bd6a448f0e0d5787747f4f30ca661f9c1868e4a7  polyml-5.6-20151223.tar.gz
    3.11  5b70c12c95a90d858f90c1945011289944ea8e17  polyml-5.6-20160118.tar.gz
    3.12 +5b19dc93082803b82aa553a5cfb3e914606c0ffd  polyml-5.6.tar.gz
    3.13  8ee375cfc38972f080dbc78f07b68dac03efe968  ProofGeneral-3.7.1.1.tar.gz
    3.14  847b52c0676b5eb0fbf0476f64fc08c2d72afd0c  ProofGeneral-4.1.tar.gz
    3.15  8e0b2b432755ef11d964e20637d1bc567d1c0477  ProofGeneral-4.2-1.tar.gz
     4.1 --- a/Admin/components/main	Wed Feb 10 15:49:05 2016 +0100
     4.2 +++ b/Admin/components/main	Fri Feb 12 22:36:48 2016 +0100
     4.3 @@ -10,7 +10,7 @@
     4.4  jfreechart-1.0.14-1
     4.5  jortho-1.0-2
     4.6  kodkodi-1.5.2
     4.7 -polyml-5.6-20160118
     4.8 +polyml-5.6-1
     4.9  scala-2.11.7
    4.10  spass-3.8ds
    4.11  xz-java-1.2-1
     5.1 --- a/Admin/polyml/README	Wed Feb 10 15:49:05 2016 +0100
     5.2 +++ b/Admin/polyml/README	Fri Feb 12 22:36:48 2016 +0100
     5.3 @@ -1,8 +1,19 @@
     5.4  Poly/ML for Isabelle
     5.5  ====================
     5.6  
     5.7 -This is a preview of Poly/ML 5.6, based on
     5.8 -https://github.com/polyml/polyml/ commit 72a1c60e3d00.
     5.9 +This compilation of Poly/ML 5.6 (http://www.polyml.org) is based on the source
    5.10 +distribution from https://github.com/polyml/polyml/releases/tag/v5.6/.
    5.11 +
    5.12 +On Linux the sources have changed as follows, in order to evade a
    5.13 +potential conflict of /bin/bash versus /bin/sh -> dash (notably on
    5.14 +Ubuntu and Debian):
    5.15 +
    5.16 +diff -r src-orig/libpolyml/process_env.cpp src/libpolyml/process_env.cpp
    5.17 +228c228
    5.18 +<                 execve("/bin/sh", argv, environ);
    5.19 +---
    5.20 +>                 execvp("bash", argv);
    5.21 +
    5.22  
    5.23  The included build script is used like this:
    5.24  
    5.25 @@ -14,8 +25,8 @@
    5.26    ./build src x86_64-windows --with-gmp
    5.27  
    5.28  Also note that the separate "sha1" library module is required for
    5.29 -efficient digesting of strings according to SHA-1.
    5.30 +efficient digestion of strings according to SHA-1.
    5.31  
    5.32  
    5.33          Makarius
    5.34 -        18-Jan-2016
    5.35 +        11-Feb-2016
     6.1 --- a/CONTRIBUTORS	Wed Feb 10 15:49:05 2016 +0100
     6.2 +++ b/CONTRIBUTORS	Fri Feb 12 22:36:48 2016 +0100
     6.3 @@ -14,10 +14,6 @@
     6.4    Support for real exponentiation ("powr") in the "approximation" method.
     6.5    (This was removed in Isabelle 2015 due to a changed definition of "powr")
     6.6  
     6.7 -* Summer 2014: Jeremy Avigad, Luke Serafin, CMU, and Johannes Hölzl, TUM
     6.8 -  Proof of the central limit theorem: includes weak convergence,
     6.9 -  characteristic functions, and Levy's uniqueness and continuity theorem.
    6.10 -
    6.11  * Summer 2015 - Winter 2016: Lawrence C Paulson, Cambridge
    6.12    General, homology form of Cauchy's integral theorem and supporting material
    6.13    (ported from HOL Light).
    6.14 @@ -25,6 +21,13 @@
    6.15  * Winter 2015/16: Gerwin Klein, NICTA
    6.16    New print_record command.
    6.17  
    6.18 +* May - December 2015: Makarius Wenzel
    6.19 +  Prover IDE improvements.
    6.20 +  More Isar language elements.
    6.21 +  Document language refinements.
    6.22 +  Poly/ML debugger integration.
    6.23 +  Improved multi-platform and multi-architecture support.
    6.24 +
    6.25  * Winter 2015: Manuel Eberl, TUM
    6.26    The radius of convergence of power series and various summability tests.
    6.27    Harmonic numbers and the Euler-Mascheroni constant.
    6.28 @@ -63,6 +66,10 @@
    6.29    Command to lift a BNF structure on the raw type to the abstract type for
    6.30    typedefs.
    6.31  
    6.32 +* Summer 2014: Jeremy Avigad, Luke Serafin, CMU, and Johannes Hölzl, TUM
    6.33 +  Proof of the central limit theorem: includes weak convergence,
    6.34 +  characteristic functions, and Levy's uniqueness and continuity theorem.
    6.35 +
    6.36  
    6.37  Contributions to Isabelle2015
    6.38  -----------------------------
     7.1 --- a/NEWS	Wed Feb 10 15:49:05 2016 +0100
     7.2 +++ b/NEWS	Fri Feb 12 22:36:48 2016 +0100
     7.3 @@ -66,13 +66,13 @@
     7.4  *** Prover IDE -- Isabelle/Scala/jEdit ***
     7.5  
     7.6  * IDE support for the source-level debugger of Poly/ML, to work with
     7.7 -Isabelle/ML and official Standard ML. Configuration option "ML_debugger"
     7.8 -and commands 'ML_file_debug', 'ML_file_no_debug', 'SML_file_debug',
     7.9 -'SML_file_no_debug' control compilation of sources with debugging
    7.10 -information. The Debugger panel allows to set breakpoints (via context
    7.11 -menu), step through stopped threads, evaluate local ML expressions etc.
    7.12 -At least one Debugger view needs to be active to have any effect on the
    7.13 -running ML program.
    7.14 +Isabelle/ML and official Standard ML. Option "ML_debugger" and commands
    7.15 +'ML_file_debug', 'ML_file_no_debug', 'SML_file_debug',
    7.16 +'SML_file_no_debug' control compilation of sources with or without
    7.17 +debugging information. The Debugger panel allows to set breakpoints (via
    7.18 +context menu), step through stopped threads, evaluate local ML
    7.19 +expressions etc. At least one Debugger view needs to be active to have
    7.20 +any effect on the running ML program.
    7.21  
    7.22  * The State panel manages explicit proof state output, with dynamic
    7.23  auto-update according to cursor movement. Alternatively, the jEdit
    7.24 @@ -95,8 +95,8 @@
    7.25  due to ad-hoc updates by auxiliary GUI components, such as the State
    7.26  panel.
    7.27  
    7.28 -* Improved scheduling for urgent print tasks (e.g. command state output,
    7.29 -interactive queries) wrt. long-running background tasks.
    7.30 +* Slightly improved scheduling for urgent print tasks (e.g. command
    7.31 +state output, interactive queries) wrt. long-running background tasks.
    7.32  
    7.33  * Completion of symbols via prefix of \<name> or \<^name> or \name is
    7.34  always possible, independently of the language context. It is never
    7.35 @@ -106,6 +106,11 @@
    7.36  $ISABELLE_HOME/etc/abbrevs and $ISABELLE_HOME_USER/etc/abbrevs, with
    7.37  support for simple templates using ASCII 007 (bell) as placeholder.
    7.38  
    7.39 +* Symbols \<oplus>, \<Oplus>, \<otimes>, \<Otimes>, \<odot>, \<Odot>, \<ominus>, \<oslash> no longer provide abbreviations for
    7.40 +completion like "+o", "*o", ".o" etc. -- due to conflicts with other
    7.41 +ASCII syntax. INCOMPATIBILITY, use plain backslash-completion or define
    7.42 +suitable abbreviations in $ISABELLE_HOME_USER/etc/abbrevs.
    7.43 +
    7.44  * Action "isabelle-emph" (with keyboard shortcut C+e LEFT) controls
    7.45  emphasized text style; the effect is visible in document output, not in
    7.46  the editor.
    7.47 @@ -183,8 +188,8 @@
    7.48  * Antiquotation @{verbatim [display]} supports option "indent".
    7.49  
    7.50  * Antiquotation @{theory_text} prints uninterpreted theory source text
    7.51 -(outer syntax with command keywords etc.). This may be used in the short
    7.52 -form \<^theory_text>\<open>...\<close>. @{theory_text [display]} supports option "indent".
    7.53 +(Isar outer syntax with command keywords etc.). This may be used in the
    7.54 +short form \<^theory_text>\<open>...\<close>. @{theory_text [display]} supports option "indent".
    7.55  
    7.56  * Antiquotation @{doc ENTRY} provides a reference to the given
    7.57  documentation, with a hyperlink in the Prover IDE.
    7.58 @@ -594,8 +599,8 @@
    7.59    - New commands "lift_bnf" and "copy_bnf" for lifting (copying) a BNF
    7.60      structure on the raw type to an abstract type defined using typedef.
    7.61    - Always generate "case_transfer" theorem.
    7.62 -  - For mutual types, generate slightly stronger "rel_induct", "rel_coinduct",
    7.63 -    and "coinduct" theorems. INCOMPATIBLITY.
    7.64 +  - For mutual types, generate slightly stronger "rel_induct",
    7.65 +    "rel_coinduct", and "coinduct" theorems. INCOMPATIBLITY.
    7.66    - Allow discriminators and selectors with the same name as the type
    7.67      being defined.
    7.68    - Avoid various internal name clashes (e.g., 'datatype f = f').
    7.69 @@ -682,8 +687,8 @@
    7.70        less_eq_multiset.rep_eq ~> subseteq_mset_def
    7.71      INCOMPATIBILITY
    7.72    - Removed lemmas generated by lift_definition:
    7.73 -    less_eq_multiset.abs_eq, less_eq_multiset.rsp less_eq_multiset.transfer
    7.74 -    less_eq_multiset_def
    7.75 +    less_eq_multiset.abs_eq, less_eq_multiset.rsp,
    7.76 +    less_eq_multiset.transfer, less_eq_multiset_def
    7.77      INCOMPATIBILITY
    7.78  
    7.79  * Library/Omega_Words_Fun: Infinite words modeled as functions nat \<Rightarrow> 'a.
    7.80 @@ -708,6 +713,9 @@
    7.81  import of parent, as for general 'locale' expressions. INCOMPATIBILITY,
    7.82  remove '!' and add '?' as required.
    7.83  
    7.84 +* HOL-Decision_Procs: The "approximation" method works with "powr"
    7.85 +(exponentiation on real numbers) again.
    7.86 +
    7.87  * HOL-Multivariate_Analysis: theory Cauchy_Integral_Thm with Contour
    7.88  integrals (= complex path integrals), Cauchy's integral theorem, winding
    7.89  numbers and Cauchy's integral formula, Liouville theorem, Fundamental
    7.90 @@ -1249,9 +1257,6 @@
    7.91  method. See HOL/Decision_Procs/ex/Approximation_Quickcheck_Ex.thy for
    7.92  examples.
    7.93  
    7.94 -* HOL-Decision_Procs: The "approximation" method works with "powr" 
    7.95 -  (exponentiation on real numbers) again.
    7.96 -
    7.97  * HOL-Probability: Reworked measurability prover
    7.98    - applies destructor rules repeatedly
    7.99    - removed application splitting (replaced by destructor rule)
     8.1 --- a/etc/settings	Wed Feb 10 15:49:05 2016 +0100
     8.2 +++ b/etc/settings	Fri Feb 12 22:36:48 2016 +0100
     8.3 @@ -14,7 +14,7 @@
     8.4  
     8.5  ISABELLE_SCALA_BUILD_OPTIONS="-encoding UTF-8 -nowarn -target:jvm-1.7 -Xmax-classfile-name 130"
     8.6  
     8.7 -ISABELLE_JAVA_SYSTEM_OPTIONS="-server -XX:+UseConcMarkSweepGC -XX:+CMSParallelRemarkEnabled -Dfile.encoding=UTF-8 -Disabelle.threads=0"
     8.8 +ISABELLE_JAVA_SYSTEM_OPTIONS="-server -Dfile.encoding=UTF-8 -Disabelle.threads=0"
     8.9  
    8.10  classpath "$ISABELLE_HOME/lib/classes/Pure.jar"
    8.11  
     9.1 --- a/etc/symbols	Wed Feb 10 15:49:05 2016 +0100
     9.2 +++ b/etc/symbols	Fri Feb 12 22:36:48 2016 +0100
     9.3 @@ -295,14 +295,14 @@
     9.4  \<triangleright>        code: 0x0025b9  group: relation
     9.5  \<triangle>             code: 0x0025b3  group: relation
     9.6  \<triangleq>            code: 0x00225c  group: relation
     9.7 -\<oplus>                code: 0x002295  group: operator  abbrev: +o
     9.8 -\<Oplus>                code: 0x002a01  group: operator  abbrev: +O
     9.9 -\<otimes>               code: 0x002297  group: operator  abbrev: *o
    9.10 -\<Otimes>               code: 0x002a02  group: operator  abbrev: *O
    9.11 -\<odot>                 code: 0x002299  group: operator  abbrev: .o
    9.12 -\<Odot>                 code: 0x002a00  group: operator  abbrev: .O
    9.13 -\<ominus>               code: 0x002296  group: operator  abbrev: -o
    9.14 -\<oslash>               code: 0x002298  group: operator  abbrev: /o
    9.15 +\<oplus>                code: 0x002295  group: operator
    9.16 +\<Oplus>                code: 0x002a01  group: operator
    9.17 +\<otimes>               code: 0x002297  group: operator
    9.18 +\<Otimes>               code: 0x002a02  group: operator
    9.19 +\<odot>                 code: 0x002299  group: operator
    9.20 +\<Odot>                 code: 0x002a00  group: operator
    9.21 +\<ominus>               code: 0x002296  group: operator
    9.22 +\<oslash>               code: 0x002298  group: operator
    9.23  \<dots>                 code: 0x002026  group: punctuation abbrev: ...
    9.24  \<cdots>                code: 0x0022ef  group: punctuation
    9.25  \<Sum>                  code: 0x002211  group: operator  abbrev: SUM
    9.26 @@ -357,7 +357,7 @@
    9.27  \<some>                 code: 0x0003f5
    9.28  \<hole>                 code: 0x002311
    9.29  \<newline>              code: 0x0023ce
    9.30 -\<comment>              code: 0x002015  font: IsabelleText
    9.31 +\<comment>              code: 0x002015  group: document  font: IsabelleText
    9.32  \<open>                 code: 0x002039  group: punctuation  font: IsabelleText  abbrev: <<
    9.33  \<close>                code: 0x00203a  group: punctuation  font: IsabelleText  abbrev: >>
    9.34  \<here>                 code: 0x002302  font: IsabelleText
    10.1 --- a/src/Doc/Isar_Ref/Base.thy	Wed Feb 10 15:49:05 2016 +0100
    10.2 +++ b/src/Doc/Isar_Ref/Base.thy	Fri Feb 12 22:36:48 2016 +0100
    10.3 @@ -2,8 +2,14 @@
    10.4  
    10.5  theory Base
    10.6  imports Pure
    10.7 +keywords "\<proof>" :: "qed" % "proof"
    10.8  begin
    10.9  
   10.10 +ML \<open>
   10.11 +  Outer_Syntax.command @{command_keyword "\<proof>"} "dummy proof"
   10.12 +    (Scan.succeed Isar_Cmd.skip_proof);
   10.13 +\<close>
   10.14 +
   10.15  ML_file "../antiquote_setup.ML"
   10.16  
   10.17  end
    11.1 --- a/src/Doc/Isar_Ref/Document_Preparation.thy	Wed Feb 10 15:49:05 2016 +0100
    11.2 +++ b/src/Doc/Isar_Ref/Document_Preparation.thy	Fri Feb 12 22:36:48 2016 +0100
    11.3 @@ -409,6 +409,49 @@
    11.4  \<close>
    11.5  
    11.6  
    11.7 +section \<open>Markdown-like text structure\<close>
    11.8 +
    11.9 +text \<open>
   11.10 +  The markup commands @{command_ref text}, @{command_ref txt}, @{command_ref
   11.11 +  text_raw} (\secref{sec:markup}) consist of plain text. Its internal
   11.12 +  structure consists of paragraphs and (nested) lists, using special Isabelle
   11.13 +  symbols and some rules for indentation and blank lines. This quasi-visual
   11.14 +  format resembles \<^emph>\<open>Markdown\<close>\<^footnote>\<open>@{url "http://commonmark.org"}\<close>, but the
   11.15 +  full complexity of that notation is avoided.
   11.16 +
   11.17 +  This is a summary of the main principles of minimal Markdown in Isabelle:
   11.18 +
   11.19 +    \<^item> List items start with the following markers
   11.20 +      \<^descr>[itemize:] \<^verbatim>\<open>\<^item>\<close>
   11.21 +      \<^descr>[enumerate:] \<^verbatim>\<open>\<^enum>\<close>
   11.22 +      \<^descr>[description:] \<^verbatim>\<open>\<^descr>\<close>
   11.23 +
   11.24 +    \<^item> Adjacent list items with same indentation and same marker are grouped
   11.25 +    into a single list.
   11.26 +
   11.27 +    \<^item> Singleton blank lines separate paragraphs.
   11.28 +
   11.29 +    \<^item> Multiple blank lines escape from the current list hierarchy.
   11.30 +
   11.31 +  Notable differences to official Markdown:
   11.32 +
   11.33 +    \<^item> Indentation of list items needs to match exactly.
   11.34 +
   11.35 +    \<^item> Indentation is unlimited (official Markdown interprets four spaces as
   11.36 +    block quote).
   11.37 +
   11.38 +    \<^item> List items always consist of paragraphs --- there is no notion of
   11.39 +    ``tight'' list.
   11.40 +
   11.41 +    \<^item> Section headings are expressed via Isar document markup commands
   11.42 +    (\secref{sec:markup}).
   11.43 +
   11.44 +    \<^item> URLs, font styles, other special content is expressed via antiquotations
   11.45 +    (\secref{sec:antiq}), usually with proper nesting of sub-languages via
   11.46 +    text cartouches.
   11.47 +\<close>
   11.48 +
   11.49 +
   11.50  section \<open>Markup via command tags \label{sec:tags}\<close>
   11.51  
   11.52  text \<open>
    12.1 --- a/src/Doc/Isar_Ref/First_Order_Logic.thy	Wed Feb 10 15:49:05 2016 +0100
    12.2 +++ b/src/Doc/Isar_Ref/First_Order_Logic.thy	Fri Feb 12 22:36:48 2016 +0100
    12.3 @@ -7,24 +7,21 @@
    12.4  begin
    12.5  
    12.6  text \<open>
    12.7 -  In order to commence a new object-logic within
    12.8 -  Isabelle/Pure we introduce abstract syntactic categories \<open>i\<close>
    12.9 -  for individuals and \<open>o\<close> for object-propositions.  The latter
   12.10 -  is embedded into the language of Pure propositions by means of a
   12.11 -  separate judgment.
   12.12 +  In order to commence a new object-logic within Isabelle/Pure we introduce
   12.13 +  abstract syntactic categories \<open>i\<close> for individuals and \<open>o\<close> for
   12.14 +  object-propositions. The latter is embedded into the language of Pure
   12.15 +  propositions by means of a separate judgment.
   12.16  \<close>
   12.17  
   12.18  typedecl i
   12.19  typedecl o
   12.20  
   12.21 -judgment
   12.22 -  Trueprop :: "o \<Rightarrow> prop"    ("_" 5)
   12.23 +judgment Trueprop :: "o \<Rightarrow> prop"    ("_" 5)
   12.24  
   12.25  text \<open>
   12.26 -  Note that the object-logic judgment is implicit in the
   12.27 -  syntax: writing @{prop A} produces @{term "Trueprop A"} internally.
   12.28 -  From the Pure perspective this means ``@{prop A} is derivable in the
   12.29 -  object-logic''.
   12.30 +  Note that the object-logic judgment is implicit in the syntax: writing
   12.31 +  @{prop A} produces @{term "Trueprop A"} internally. From the Pure
   12.32 +  perspective this means ``@{prop A} is derivable in the object-logic''.
   12.33  \<close>
   12.34  
   12.35  
   12.36 @@ -32,23 +29,20 @@
   12.37  
   12.38  text \<open>
   12.39    Equality is axiomatized as a binary predicate on individuals, with
   12.40 -  reflexivity as introduction, and substitution as elimination
   12.41 -  principle.  Note that the latter is particularly convenient in a
   12.42 -  framework like Isabelle, because syntactic congruences are
   12.43 -  implicitly produced by unification of @{term "B x"} against
   12.44 -  expressions containing occurrences of @{term x}.
   12.45 +  reflexivity as introduction, and substitution as elimination principle. Note
   12.46 +  that the latter is particularly convenient in a framework like Isabelle,
   12.47 +  because syntactic congruences are implicitly produced by unification of
   12.48 +  \<open>B x\<close> against expressions containing occurrences of \<open>x\<close>.
   12.49  \<close>
   12.50  
   12.51 -axiomatization
   12.52 -  equal :: "i \<Rightarrow> i \<Rightarrow> o"  (infix "=" 50)
   12.53 -where
   12.54 -  refl [intro]: "x = x" and
   12.55 -  subst [elim]: "x = y \<Longrightarrow> B x \<Longrightarrow> B y"
   12.56 +axiomatization equal :: "i \<Rightarrow> i \<Rightarrow> o"  (infix "=" 50)
   12.57 +  where refl [intro]: "x = x"
   12.58 +    and subst [elim]: "x = y \<Longrightarrow> B x \<Longrightarrow> B y"
   12.59  
   12.60  text \<open>
   12.61 -  Substitution is very powerful, but also hard to control in
   12.62 -  full generality.  We derive some common symmetry~/ transitivity
   12.63 -  schemes of @{term equal} as particular consequences.
   12.64 +  Substitution is very powerful, but also hard to control in full generality.
   12.65 +  We derive some common symmetry~/ transitivity schemes of @{term equal} as
   12.66 +  particular consequences.
   12.67  \<close>
   12.68  
   12.69  theorem sym [sym]:
   12.70 @@ -87,10 +81,9 @@
   12.71  subsection \<open>Basic group theory\<close>
   12.72  
   12.73  text \<open>
   12.74 -  As an example for equational reasoning we consider some bits of
   12.75 -  group theory.  The subsequent locale definition postulates group
   12.76 -  operations and axioms; we also derive some consequences of this
   12.77 -  specification.
   12.78 +  As an example for equational reasoning we consider some bits of group
   12.79 +  theory. The subsequent locale definition postulates group operations and
   12.80 +  axioms; we also derive some consequences of this specification.
   12.81  \<close>
   12.82  
   12.83  locale group =
   12.84 @@ -125,20 +118,19 @@
   12.85  qed
   12.86  
   12.87  text \<open>
   12.88 -  Reasoning from basic axioms is often tedious.  Our proofs
   12.89 -  work by producing various instances of the given rules (potentially
   12.90 -  the symmetric form) using the pattern ``@{command have}~\<open>eq\<close>~@{command "by"}~\<open>(rule r)\<close>'' and composing the chain of
   12.91 -  results via @{command also}/@{command finally}.  These steps may
   12.92 -  involve any of the transitivity rules declared in
   12.93 -  \secref{sec:framework-ex-equal}, namely @{thm trans} in combining
   12.94 -  the first two results in @{thm right_inv} and in the final steps of
   12.95 -  both proofs, @{thm forw_subst} in the first combination of @{thm
   12.96 +  Reasoning from basic axioms is often tedious. Our proofs work by producing
   12.97 +  various instances of the given rules (potentially the symmetric form) using
   12.98 +  the pattern ``\<^theory_text>\<open>have eq by (rule r)\<close>'' and composing the chain of results
   12.99 +  via \<^theory_text>\<open>also\<close>/\<^theory_text>\<open>finally\<close>. These steps may involve any of the transitivity
  12.100 +  rules declared in \secref{sec:framework-ex-equal}, namely @{thm trans} in
  12.101 +  combining the first two results in @{thm right_inv} and in the final steps
  12.102 +  of both proofs, @{thm forw_subst} in the first combination of @{thm
  12.103    right_unit}, and @{thm back_subst} in all other calculational steps.
  12.104  
  12.105 -  Occasional substitutions in calculations are adequate, but should
  12.106 -  not be over-emphasized.  The other extreme is to compose a chain by
  12.107 -  plain transitivity only, with replacements occurring always in
  12.108 -  topmost position. For example:
  12.109 +  Occasional substitutions in calculations are adequate, but should not be
  12.110 +  over-emphasized. The other extreme is to compose a chain by plain
  12.111 +  transitivity only, with replacements occurring always in topmost position.
  12.112 +  For example:
  12.113  \<close>
  12.114  
  12.115  (*<*)
  12.116 @@ -157,12 +149,11 @@
  12.117  (*>*)
  12.118  
  12.119  text \<open>
  12.120 -  Here we have re-used the built-in mechanism for unfolding
  12.121 -  definitions in order to normalize each equational problem.  A more
  12.122 -  realistic object-logic would include proper setup for the Simplifier
  12.123 -  (\secref{sec:simplifier}), the main automated tool for equational
  12.124 -  reasoning in Isabelle.  Then ``@{command unfolding}~@{thm
  12.125 -  left_inv}~@{command ".."}'' would become ``@{command "by"}~\<open>(simp only: left_inv)\<close>'' etc.
  12.126 +  Here we have re-used the built-in mechanism for unfolding definitions in
  12.127 +  order to normalize each equational problem. A more realistic object-logic
  12.128 +  would include proper setup for the Simplifier (\secref{sec:simplifier}), the
  12.129 +  main automated tool for equational reasoning in Isabelle. Then ``\<^theory_text>\<open>unfolding
  12.130 +  left_inv ..\<close>'' would become ``\<^theory_text>\<open>by (simp only: left_inv)\<close>'' etc.
  12.131  \<close>
  12.132  
  12.133  end
  12.134 @@ -172,33 +163,29 @@
  12.135  
  12.136  text \<open>
  12.137    We axiomatize basic connectives of propositional logic: implication,
  12.138 -  disjunction, and conjunction.  The associated rules are modeled
  12.139 -  after Gentzen's system of Natural Deduction @{cite "Gentzen:1935"}.
  12.140 +  disjunction, and conjunction. The associated rules are modeled after
  12.141 +  Gentzen's system of Natural Deduction @{cite "Gentzen:1935"}.
  12.142  \<close>
  12.143  
  12.144 -axiomatization
  12.145 -  imp :: "o \<Rightarrow> o \<Rightarrow> o"  (infixr "\<longrightarrow>" 25) where
  12.146 -  impI [intro]: "(A \<Longrightarrow> B) \<Longrightarrow> A \<longrightarrow> B" and
  12.147 -  impD [dest]: "(A \<longrightarrow> B) \<Longrightarrow> A \<Longrightarrow> B"
  12.148 +axiomatization imp :: "o \<Rightarrow> o \<Rightarrow> o"  (infixr "\<longrightarrow>" 25)
  12.149 +  where impI [intro]: "(A \<Longrightarrow> B) \<Longrightarrow> A \<longrightarrow> B"
  12.150 +    and impD [dest]: "(A \<longrightarrow> B) \<Longrightarrow> A \<Longrightarrow> B"
  12.151  
  12.152 -axiomatization
  12.153 -  disj :: "o \<Rightarrow> o \<Rightarrow> o"  (infixr "\<or>" 30) where
  12.154 -  disjI\<^sub>1 [intro]: "A \<Longrightarrow> A \<or> B" and
  12.155 -  disjI\<^sub>2 [intro]: "B \<Longrightarrow> A \<or> B" and
  12.156 -  disjE [elim]: "A \<or> B \<Longrightarrow> (A \<Longrightarrow> C) \<Longrightarrow> (B \<Longrightarrow> C) \<Longrightarrow> C"
  12.157 +axiomatization disj :: "o \<Rightarrow> o \<Rightarrow> o"  (infixr "\<or>" 30)
  12.158 +  where disjI\<^sub>1 [intro]: "A \<Longrightarrow> A \<or> B"
  12.159 +    and disjI\<^sub>2 [intro]: "B \<Longrightarrow> A \<or> B"
  12.160 +    and disjE [elim]: "A \<or> B \<Longrightarrow> (A \<Longrightarrow> C) \<Longrightarrow> (B \<Longrightarrow> C) \<Longrightarrow> C"
  12.161  
  12.162 -axiomatization
  12.163 -  conj :: "o \<Rightarrow> o \<Rightarrow> o"  (infixr "\<and>" 35) where
  12.164 -  conjI [intro]: "A \<Longrightarrow> B \<Longrightarrow> A \<and> B" and
  12.165 -  conjD\<^sub>1: "A \<and> B \<Longrightarrow> A" and
  12.166 -  conjD\<^sub>2: "A \<and> B \<Longrightarrow> B"
  12.167 +axiomatization conj :: "o \<Rightarrow> o \<Rightarrow> o"  (infixr "\<and>" 35)
  12.168 +  where conjI [intro]: "A \<Longrightarrow> B \<Longrightarrow> A \<and> B"
  12.169 +    and conjD\<^sub>1: "A \<and> B \<Longrightarrow> A"
  12.170 +    and conjD\<^sub>2: "A \<and> B \<Longrightarrow> B"
  12.171  
  12.172  text \<open>
  12.173 -  The conjunctive destructions have the disadvantage that
  12.174 -  decomposing @{prop "A \<and> B"} involves an immediate decision which
  12.175 -  component should be projected.  The more convenient simultaneous
  12.176 -  elimination @{prop "A \<and> B \<Longrightarrow> (A \<Longrightarrow> B \<Longrightarrow> C) \<Longrightarrow> C"} can be derived as
  12.177 -  follows:
  12.178 +  The conjunctive destructions have the disadvantage that decomposing @{prop
  12.179 +  "A \<and> B"} involves an immediate decision which component should be projected.
  12.180 +  The more convenient simultaneous elimination @{prop "A \<and> B \<Longrightarrow> (A \<Longrightarrow> B \<Longrightarrow> C) \<Longrightarrow>
  12.181 +  C"} can be derived as follows:
  12.182  \<close>
  12.183  
  12.184  theorem conjE [elim]:
  12.185 @@ -210,13 +197,14 @@
  12.186  qed
  12.187  
  12.188  text \<open>
  12.189 -  Here is an example of swapping conjuncts with a single
  12.190 -  intermediate elimination step:
  12.191 +  Here is an example of swapping conjuncts with a single intermediate
  12.192 +  elimination step:
  12.193  \<close>
  12.194  
  12.195  (*<*)
  12.196  lemma "\<And>A. PROP A \<Longrightarrow> PROP A"
  12.197  proof -
  12.198 +  fix A B
  12.199  (*>*)
  12.200    assume "A \<and> B"
  12.201    then obtain B and A ..
  12.202 @@ -226,23 +214,21 @@
  12.203  (*>*)
  12.204  
  12.205  text \<open>
  12.206 -  Note that the analogous elimination rule for disjunction
  12.207 -  ``\<open>\<ASSUMES> A \<or> B \<OBTAINS> A \<BBAR> B\<close>'' coincides with
  12.208 -  the original axiomatization of @{thm disjE}.
  12.209 +  Note that the analogous elimination rule for disjunction ``\<^theory_text>\<open>assumes "A \<or> B"
  12.210 +  obtains A \<BBAR> B\<close>'' coincides with the original axiomatization of @{thm
  12.211 +  disjE}.
  12.212  
  12.213    \<^medskip>
  12.214 -  We continue propositional logic by introducing absurdity
  12.215 -  with its characteristic elimination.  Plain truth may then be
  12.216 -  defined as a proposition that is trivially true.
  12.217 +  We continue propositional logic by introducing absurdity with its
  12.218 +  characteristic elimination. Plain truth may then be defined as a proposition
  12.219 +  that is trivially true.
  12.220  \<close>
  12.221  
  12.222 -axiomatization
  12.223 -  false :: o  ("\<bottom>") where
  12.224 -  falseE [elim]: "\<bottom> \<Longrightarrow> A"
  12.225 +axiomatization false :: o  ("\<bottom>")
  12.226 +  where falseE [elim]: "\<bottom> \<Longrightarrow> A"
  12.227  
  12.228 -definition
  12.229 -  true :: o  ("\<top>") where
  12.230 -  "\<top> \<equiv> \<bottom> \<longrightarrow> \<bottom>"
  12.231 +definition true :: o  ("\<top>")
  12.232 +  where "\<top> \<equiv> \<bottom> \<longrightarrow> \<bottom>"
  12.233  
  12.234  theorem trueI [intro]: \<top>
  12.235    unfolding true_def ..
  12.236 @@ -252,9 +238,8 @@
  12.237    Now negation represents an implication towards absurdity:
  12.238  \<close>
  12.239  
  12.240 -definition
  12.241 -  not :: "o \<Rightarrow> o"  ("\<not> _" [40] 40) where
  12.242 -  "\<not> A \<equiv> A \<longrightarrow> \<bottom>"
  12.243 +definition not :: "o \<Rightarrow> o"  ("\<not> _" [40] 40)
  12.244 +  where "\<not> A \<equiv> A \<longrightarrow> \<bottom>"
  12.245  
  12.246  theorem notI [intro]:
  12.247    assumes "A \<Longrightarrow> \<bottom>"
  12.248 @@ -278,10 +263,10 @@
  12.249  subsection \<open>Classical logic\<close>
  12.250  
  12.251  text \<open>
  12.252 -  Subsequently we state the principle of classical contradiction as a
  12.253 -  local assumption.  Thus we refrain from forcing the object-logic
  12.254 -  into the classical perspective.  Within that context, we may derive
  12.255 -  well-known consequences of the classical principle.
  12.256 +  Subsequently we state the principle of classical contradiction as a local
  12.257 +  assumption. Thus we refrain from forcing the object-logic into the classical
  12.258 +  perspective. Within that context, we may derive well-known consequences of
  12.259 +  the classical principle.
  12.260  \<close>
  12.261  
  12.262  locale classical =
  12.263 @@ -312,17 +297,15 @@
  12.264  qed
  12.265  
  12.266  text \<open>
  12.267 -  These examples illustrate both classical reasoning and
  12.268 -  non-trivial propositional proofs in general.  All three rules
  12.269 -  characterize classical logic independently, but the original rule is
  12.270 -  already the most convenient to use, because it leaves the conclusion
  12.271 -  unchanged.  Note that @{prop "(\<not> C \<Longrightarrow> C) \<Longrightarrow> C"} fits again into our
  12.272 -  format for eliminations, despite the additional twist that the
  12.273 -  context refers to the main conclusion.  So we may write @{thm
  12.274 -  classical} as the Isar statement ``\<open>\<OBTAINS> \<not> thesis\<close>''.
  12.275 -  This also explains nicely how classical reasoning really works:
  12.276 -  whatever the main \<open>thesis\<close> might be, we may always assume its
  12.277 -  negation!
  12.278 +  These examples illustrate both classical reasoning and non-trivial
  12.279 +  propositional proofs in general. All three rules characterize classical
  12.280 +  logic independently, but the original rule is already the most convenient to
  12.281 +  use, because it leaves the conclusion unchanged. Note that @{prop "(\<not> C \<Longrightarrow> C)
  12.282 +  \<Longrightarrow> C"} fits again into our format for eliminations, despite the additional
  12.283 +  twist that the context refers to the main conclusion. So we may write @{thm
  12.284 +  classical} as the Isar statement ``\<^theory_text>\<open>obtains \<not> thesis\<close>''. This also explains
  12.285 +  nicely how classical reasoning really works: whatever the main \<open>thesis\<close>
  12.286 +  might be, we may always assume its negation!
  12.287  \<close>
  12.288  
  12.289  end
  12.290 @@ -331,28 +314,25 @@
  12.291  subsection \<open>Quantifiers \label{sec:framework-ex-quant}\<close>
  12.292  
  12.293  text \<open>
  12.294 -  Representing quantifiers is easy, thanks to the higher-order nature
  12.295 -  of the underlying framework.  According to the well-known technique
  12.296 -  introduced by Church @{cite "church40"}, quantifiers are operators on
  12.297 -  predicates, which are syntactically represented as \<open>\<lambda>\<close>-terms
  12.298 -  of type @{typ "i \<Rightarrow> o"}.  Binder notation turns \<open>All (\<lambda>x. B
  12.299 -  x)\<close> into \<open>\<forall>x. B x\<close> etc.
  12.300 +  Representing quantifiers is easy, thanks to the higher-order nature of the
  12.301 +  underlying framework. According to the well-known technique introduced by
  12.302 +  Church @{cite "church40"}, quantifiers are operators on predicates, which
  12.303 +  are syntactically represented as \<open>\<lambda>\<close>-terms of type @{typ "i \<Rightarrow> o"}. Binder
  12.304 +  notation turns \<open>All (\<lambda>x. B x)\<close> into \<open>\<forall>x. B x\<close> etc.
  12.305  \<close>
  12.306  
  12.307 -axiomatization
  12.308 -  All :: "(i \<Rightarrow> o) \<Rightarrow> o"  (binder "\<forall>" 10) where
  12.309 -  allI [intro]: "(\<And>x. B x) \<Longrightarrow> \<forall>x. B x" and
  12.310 -  allD [dest]: "(\<forall>x. B x) \<Longrightarrow> B a"
  12.311 +axiomatization All :: "(i \<Rightarrow> o) \<Rightarrow> o"  (binder "\<forall>" 10)
  12.312 +  where allI [intro]: "(\<And>x. B x) \<Longrightarrow> \<forall>x. B x"
  12.313 +    and allD [dest]: "(\<forall>x. B x) \<Longrightarrow> B a"
  12.314  
  12.315 -axiomatization
  12.316 -  Ex :: "(i \<Rightarrow> o) \<Rightarrow> o"  (binder "\<exists>" 10) where
  12.317 -  exI [intro]: "B a \<Longrightarrow> (\<exists>x. B x)" and
  12.318 -  exE [elim]: "(\<exists>x. B x) \<Longrightarrow> (\<And>x. B x \<Longrightarrow> C) \<Longrightarrow> C"
  12.319 +axiomatization Ex :: "(i \<Rightarrow> o) \<Rightarrow> o"  (binder "\<exists>" 10)
  12.320 +  where exI [intro]: "B a \<Longrightarrow> (\<exists>x. B x)"
  12.321 +    and exE [elim]: "(\<exists>x. B x) \<Longrightarrow> (\<And>x. B x \<Longrightarrow> C) \<Longrightarrow> C"
  12.322  
  12.323  text \<open>
  12.324 -  The statement of @{thm exE} corresponds to ``\<open>\<ASSUMES> \<exists>x. B x \<OBTAINS> x \<WHERE> B x\<close>'' in Isar.  In the
  12.325 -  subsequent example we illustrate quantifier reasoning involving all
  12.326 -  four rules:
  12.327 +  The statement of @{thm exE} corresponds to ``\<^theory_text>\<open>assumes "\<exists>x. B x" obtains x
  12.328 +  where "B x"\<close>'' in Isar. In the subsequent example we illustrate quantifier
  12.329 +  reasoning involving all four rules:
  12.330  \<close>
  12.331  
  12.332  theorem
  12.333 @@ -369,43 +349,42 @@
  12.334  
  12.335  text \<open>
  12.336    The main rules of first-order predicate logic from
  12.337 -  \secref{sec:framework-ex-prop} and \secref{sec:framework-ex-quant}
  12.338 -  can now be summarized as follows, using the native Isar statement
  12.339 -  format of \secref{sec:framework-stmt}.
  12.340 +  \secref{sec:framework-ex-prop} and \secref{sec:framework-ex-quant} can now
  12.341 +  be summarized as follows, using the native Isar statement format of
  12.342 +  \secref{sec:framework-stmt}.
  12.343  
  12.344    \<^medskip>
  12.345    \begin{tabular}{l}
  12.346 -  \<open>impI: \<ASSUMES> A \<Longrightarrow> B \<SHOWS> A \<longrightarrow> B\<close> \\
  12.347 -  \<open>impD: \<ASSUMES> A \<longrightarrow> B \<AND> A \<SHOWS> B\<close> \\[1ex]
  12.348 +  \<^theory_text>\<open>impI: assumes "A \<Longrightarrow> B" shows "A \<longrightarrow> B"\<close> \\
  12.349 +  \<^theory_text>\<open>impD: assumes "A \<longrightarrow> B" and A shows B\<close> \\[1ex]
  12.350  
  12.351 -  \<open>disjI\<^sub>1: \<ASSUMES> A \<SHOWS> A \<or> B\<close> \\
  12.352 -  \<open>disjI\<^sub>2: \<ASSUMES> B \<SHOWS> A \<or> B\<close> \\
  12.353 -  \<open>disjE: \<ASSUMES> A \<or> B \<OBTAINS> A \<BBAR> B\<close> \\[1ex]
  12.354 +  \<^theory_text>\<open>disjI\<^sub>1: assumes A shows "A \<or> B"\<close> \\
  12.355 +  \<^theory_text>\<open>disjI\<^sub>2: assumes B shows "A \<or> B"\<close> \\
  12.356 +  \<^theory_text>\<open>disjE: assumes "A \<or> B" obtains A \<BBAR> B\<close> \\[1ex]
  12.357  
  12.358 -  \<open>conjI: \<ASSUMES> A \<AND> B \<SHOWS> A \<and> B\<close> \\
  12.359 -  \<open>conjE: \<ASSUMES> A \<and> B \<OBTAINS> A \<AND> B\<close> \\[1ex]
  12.360 +  \<^theory_text>\<open>conjI: assumes A and B shows A \<and> B\<close> \\
  12.361 +  \<^theory_text>\<open>conjE: assumes "A \<and> B" obtains A and B\<close> \\[1ex]
  12.362  
  12.363 -  \<open>falseE: \<ASSUMES> \<bottom> \<SHOWS> A\<close> \\
  12.364 -  \<open>trueI: \<SHOWS> \<top>\<close> \\[1ex]
  12.365 +  \<^theory_text>\<open>falseE: assumes \<bottom> shows A\<close> \\
  12.366 +  \<^theory_text>\<open>trueI: shows \<top>\<close> \\[1ex]
  12.367  
  12.368 -  \<open>notI: \<ASSUMES> A \<Longrightarrow> \<bottom> \<SHOWS> \<not> A\<close> \\
  12.369 -  \<open>notE: \<ASSUMES> \<not> A \<AND> A \<SHOWS> B\<close> \\[1ex]
  12.370 +  \<^theory_text>\<open>notI: assumes "A \<Longrightarrow> \<bottom>" shows "\<not> A"\<close> \\
  12.371 +  \<^theory_text>\<open>notE: assumes "\<not> A" and A shows B\<close> \\[1ex]
  12.372  
  12.373 -  \<open>allI: \<ASSUMES> \<And>x. B x \<SHOWS> \<forall>x. B x\<close> \\
  12.374 -  \<open>allE: \<ASSUMES> \<forall>x. B x \<SHOWS> B a\<close> \\[1ex]
  12.375 +  \<^theory_text>\<open>allI: assumes "\<And>x. B x" shows "\<forall>x. B x"\<close> \\
  12.376 +  \<^theory_text>\<open>allE: assumes "\<forall>x. B x" shows "B a"\<close> \\[1ex]
  12.377  
  12.378 -  \<open>exI: \<ASSUMES> B a \<SHOWS> \<exists>x. B x\<close> \\
  12.379 -  \<open>exE: \<ASSUMES> \<exists>x. B x \<OBTAINS> a \<WHERE> B a\<close>
  12.380 +  \<^theory_text>\<open>exI: assumes "B a" shows "\<exists>x. B x"\<close> \\
  12.381 +  \<^theory_text>\<open>exE: assumes "\<exists>x. B x" obtains a where "B a"\<close>
  12.382    \end{tabular}
  12.383    \<^medskip>
  12.384  
  12.385 -  This essentially provides a declarative reading of Pure
  12.386 -  rules as Isar reasoning patterns: the rule statements tells how a
  12.387 -  canonical proof outline shall look like.  Since the above rules have
  12.388 -  already been declared as @{attribute (Pure) intro}, @{attribute
  12.389 -  (Pure) elim}, @{attribute (Pure) dest} --- each according to its
  12.390 -  particular shape --- we can immediately write Isar proof texts as
  12.391 -  follows:
  12.392 +  This essentially provides a declarative reading of Pure rules as Isar
  12.393 +  reasoning patterns: the rule statements tells how a canonical proof outline
  12.394 +  shall look like. Since the above rules have already been declared as
  12.395 +  @{attribute (Pure) intro}, @{attribute (Pure) elim}, @{attribute (Pure)
  12.396 +  dest} --- each according to its particular shape --- we can immediately
  12.397 +  write Isar proof texts as follows:
  12.398  \<close>
  12.399  
  12.400  (*<*)
  12.401 @@ -418,47 +397,47 @@
  12.402    have "A \<longrightarrow> B"
  12.403    proof
  12.404      assume A
  12.405 -    show B sorry %noproof
  12.406 +    show B \<proof>
  12.407    qed
  12.408  
  12.409    text_raw \<open>\end{minipage}\qquad\begin{minipage}[t]{0.4\textwidth}\<close>(*<*)next(*>*)
  12.410  
  12.411 -  have "A \<longrightarrow> B" and A sorry %noproof
  12.412 +  have "A \<longrightarrow> B" and A \<proof>
  12.413    then have B ..
  12.414  
  12.415    text_raw \<open>\end{minipage}\\[3ex]\begin{minipage}[t]{0.4\textwidth}\<close>(*<*)next(*>*)
  12.416  
  12.417 -  have A sorry %noproof
  12.418 +  have A \<proof>
  12.419    then have "A \<or> B" ..
  12.420  
  12.421 -  have B sorry %noproof
  12.422 +  have B \<proof>
  12.423    then have "A \<or> B" ..
  12.424  
  12.425    text_raw \<open>\end{minipage}\qquad\begin{minipage}[t]{0.4\textwidth}\<close>(*<*)next(*>*)
  12.426  
  12.427 -  have "A \<or> B" sorry %noproof
  12.428 +  have "A \<or> B" \<proof>
  12.429    then have C
  12.430    proof
  12.431      assume A
  12.432 -    then show C sorry %noproof
  12.433 +    then show C \<proof>
  12.434    next
  12.435      assume B
  12.436 -    then show C sorry %noproof
  12.437 +    then show C \<proof>
  12.438    qed
  12.439  
  12.440    text_raw \<open>\end{minipage}\\[3ex]\begin{minipage}[t]{0.4\textwidth}\<close>(*<*)next(*>*)
  12.441  
  12.442 -  have A and B sorry %noproof
  12.443 +  have A and B \<proof>
  12.444    then have "A \<and> B" ..
  12.445  
  12.446    text_raw \<open>\end{minipage}\qquad\begin{minipage}[t]{0.4\textwidth}\<close>(*<*)next(*>*)
  12.447  
  12.448 -  have "A \<and> B" sorry %noproof
  12.449 +  have "A \<and> B" \<proof>
  12.450    then obtain A and B ..
  12.451  
  12.452    text_raw \<open>\end{minipage}\\[3ex]\begin{minipage}[t]{0.4\textwidth}\<close>(*<*)next(*>*)
  12.453  
  12.454 -  have "\<bottom>" sorry %noproof
  12.455 +  have "\<bottom>" \<proof>
  12.456    then have A ..
  12.457  
  12.458    text_raw \<open>\end{minipage}\qquad\begin{minipage}[t]{0.4\textwidth}\<close>(*<*)next(*>*)
  12.459 @@ -470,12 +449,12 @@
  12.460    have "\<not> A"
  12.461    proof
  12.462      assume A
  12.463 -    then show "\<bottom>" sorry %noproof
  12.464 +    then show "\<bottom>" \<proof>
  12.465    qed
  12.466  
  12.467    text_raw \<open>\end{minipage}\qquad\begin{minipage}[t]{0.4\textwidth}\<close>(*<*)next(*>*)
  12.468  
  12.469 -  have "\<not> A" and A sorry %noproof
  12.470 +  have "\<not> A" and A \<proof>
  12.471    then have B ..
  12.472  
  12.473    text_raw \<open>\end{minipage}\\[3ex]\begin{minipage}[t]{0.4\textwidth}\<close>(*<*)next(*>*)
  12.474 @@ -483,24 +462,24 @@
  12.475    have "\<forall>x. B x"
  12.476    proof
  12.477      fix x
  12.478 -    show "B x" sorry %noproof
  12.479 +    show "B x" \<proof>
  12.480    qed
  12.481  
  12.482    text_raw \<open>\end{minipage}\qquad\begin{minipage}[t]{0.4\textwidth}\<close>(*<*)next(*>*)
  12.483  
  12.484 -  have "\<forall>x. B x" sorry %noproof
  12.485 +  have "\<forall>x. B x" \<proof>
  12.486    then have "B a" ..
  12.487  
  12.488    text_raw \<open>\end{minipage}\\[3ex]\begin{minipage}[t]{0.4\textwidth}\<close>(*<*)next(*>*)
  12.489  
  12.490    have "\<exists>x. B x"
  12.491    proof
  12.492 -    show "B a" sorry %noproof
  12.493 +    show "B a" \<proof>
  12.494    qed
  12.495  
  12.496    text_raw \<open>\end{minipage}\qquad\begin{minipage}[t]{0.4\textwidth}\<close>(*<*)next(*>*)
  12.497  
  12.498 -  have "\<exists>x. B x" sorry %noproof
  12.499 +  have "\<exists>x. B x" \<proof>
  12.500    then obtain a where "B a" ..
  12.501  
  12.502    text_raw \<open>\end{minipage}\<close>
  12.503 @@ -511,11 +490,10 @@
  12.504  
  12.505  text \<open>
  12.506    \<^bigskip>
  12.507 -  Of course, these proofs are merely examples.  As
  12.508 -  sketched in \secref{sec:framework-subproof}, there is a fair amount
  12.509 -  of flexibility in expressing Pure deductions in Isar.  Here the user
  12.510 -  is asked to express himself adequately, aiming at proof texts of
  12.511 -  literary quality.
  12.512 +  Of course, these proofs are merely examples. As sketched in
  12.513 +  \secref{sec:framework-subproof}, there is a fair amount of flexibility in
  12.514 +  expressing Pure deductions in Isar. Here the user is asked to express
  12.515 +  himself adequately, aiming at proof texts of literary quality.
  12.516  \<close>
  12.517  
  12.518  end %visible
    13.1 --- a/src/Doc/Isar_Ref/Framework.thy	Wed Feb 10 15:49:05 2016 +0100
    13.2 +++ b/src/Doc/Isar_Ref/Framework.thy	Fri Feb 12 22:36:48 2016 +0100
    13.3 @@ -8,75 +8,115 @@
    13.4  
    13.5  text \<open>
    13.6    Isabelle/Isar @{cite "Wenzel:1999:TPHOL" and "Wenzel-PhD" and
    13.7 -  "Nipkow-TYPES02" and "Wenzel-Paulson:2006" and "Wenzel:2006:Festschrift"}
    13.8 -  is intended as a generic framework for developing formal
    13.9 -  mathematical documents with full proof checking.  Definitions and
   13.10 -  proofs are organized as theories.  An assembly of theory sources may
   13.11 -  be presented as a printed document; see also
   13.12 -  \chref{ch:document-prep}.
   13.13 +  "Nipkow-TYPES02" and "Wiedijk:1999:Mizar" and "Wenzel-Paulson:2006" and
   13.14 +  "Wenzel:2006:Festschrift"} is a generic framework for developing formal
   13.15 +  mathematical documents with full proof checking. Definitions, statements and
   13.16 +  proofs are organized as theories. A collection of theories sources may be
   13.17 +  presented as a printed document; see also \chref{ch:document-prep}.
   13.18 +
   13.19 +  The main concern of Isar is the design of a human-readable structured proof
   13.20 +  language, which is called the ``primary proof format'' in Isar terminology.
   13.21 +  Such a primary proof language is somewhere in the middle between the
   13.22 +  extremes of primitive proof objects and actual natural language.
   13.23  
   13.24 -  The main objective of Isar is the design of a human-readable
   13.25 -  structured proof language, which is called the ``primary proof
   13.26 -  format'' in Isar terminology.  Such a primary proof language is
   13.27 -  somewhere in the middle between the extremes of primitive proof
   13.28 -  objects and actual natural language.  In this respect, Isar is a bit
   13.29 -  more formalistic than Mizar @{cite "Trybulec:1993:MizarFeatures" and
   13.30 -  "Rudnicki:1992:MizarOverview" and "Wiedijk:1999:Mizar"},
   13.31 -  using logical symbols for certain reasoning schemes where Mizar
   13.32 -  would prefer English words; see @{cite "Wenzel-Wiedijk:2002"} for
   13.33 -  further comparisons of these systems.
   13.34 +  Thus Isar challenges the traditional way of recording informal proofs in
   13.35 +  mathematical prose, as well as the common tendency to see fully formal
   13.36 +  proofs directly as objects of some logical calculus (e.g.\ \<open>\<lambda>\<close>-terms in a
   13.37 +  version of type theory). Technically, Isar is an interpreter of a simple
   13.38 +  block-structured language for describing the data flow of local facts and
   13.39 +  goals, interspersed with occasional invocations of proof methods. Everything
   13.40 +  is reduced to logical inferences internally, but these steps are somewhat
   13.41 +  marginal compared to the overall bookkeeping of the interpretation process.
   13.42 +  Thanks to careful design of the syntax and semantics of Isar language
   13.43 +  elements, a formal record of Isar commands may later appear as an
   13.44 +  intelligible text to the human reader.
   13.45 +
   13.46 +  The Isar proof language has emerged from careful analysis of some inherent
   13.47 +  virtues of the logical framework Isabelle/Pure @{cite "paulson-found" and
   13.48 +  "paulson700"}, notably composition of higher-order natural deduction rules,
   13.49 +  which is a generalization of Gentzen's original calculus @{cite
   13.50 +  "Gentzen:1935"}. The approach of generic inference systems in Pure is
   13.51 +  continued by Isar towards actual proof texts. See also
   13.52 +  \figref{fig:natural-deduction}
   13.53 +
   13.54 +  \begin{figure}[htb]
   13.55 +
   13.56 +  \begin{center}
   13.57 +  \begin{minipage}[t]{0.9\textwidth}
   13.58  
   13.59 -  So Isar challenges the traditional way of recording informal proofs
   13.60 -  in mathematical prose, as well as the common tendency to see fully
   13.61 -  formal proofs directly as objects of some logical calculus (e.g.\
   13.62 -  \<open>\<lambda>\<close>-terms in a version of type theory).  In fact, Isar is
   13.63 -  better understood as an interpreter of a simple block-structured
   13.64 -  language for describing the data flow of local facts and goals,
   13.65 -  interspersed with occasional invocations of proof methods.
   13.66 -  Everything is reduced to logical inferences internally, but these
   13.67 -  steps are somewhat marginal compared to the overall bookkeeping of
   13.68 -  the interpretation process.  Thanks to careful design of the syntax
   13.69 -  and semantics of Isar language elements, a formal record of Isar
   13.70 -  instructions may later appear as an intelligible text to the
   13.71 -  attentive reader.
   13.72 +  \textbf{Inferences:}
   13.73 +  \begin{center}
   13.74 +  \begin{tabular}{l@ {\qquad}l}
   13.75 +  \infer{\<open>B\<close>}{\<open>A \<longrightarrow> B\<close> & \<open>A\<close>} &
   13.76 +  \infer{\<open>A \<longrightarrow> B\<close>}{\infer*{\<open>B\<close>}{\<open>[A]\<close>}} \\
   13.77 +  \end{tabular}
   13.78 +  \end{center}
   13.79 +
   13.80 +  \textbf{Isabelle/Pure:}
   13.81 +  \begin{center}
   13.82 +  \begin{tabular}{l@ {\qquad}l}
   13.83 +  \<open>(A \<longrightarrow> B) \<Longrightarrow> A \<Longrightarrow> B\<close> &
   13.84 +  \<open>(A \<Longrightarrow> B) \<Longrightarrow> A \<longrightarrow> B\<close>
   13.85 +  \end{tabular}
   13.86 +  \end{center}
   13.87  
   13.88 -  The Isar proof language has emerged from careful analysis of some
   13.89 -  inherent virtues of the existing logical framework of Isabelle/Pure
   13.90 -  @{cite "paulson-found" and "paulson700"}, notably composition of higher-order
   13.91 -  natural deduction rules, which is a generalization of Gentzen's
   13.92 -  original calculus @{cite "Gentzen:1935"}.  The approach of generic
   13.93 -  inference systems in Pure is continued by Isar towards actual proof
   13.94 -  texts.
   13.95 +  \textbf{Isabelle/Isar:}
   13.96 +  \begin{center}
   13.97 +  \begin{minipage}[t]{0.4\textwidth}
   13.98 +  @{theory_text [display, indent = 2]
   13.99 +    \<open>have "A \<longrightarrow> B" \<proof>
  13.100 +also have A \<proof>
  13.101 +finally have B .\<close>}
  13.102 +  \end{minipage}
  13.103 +  \begin{minipage}[t]{0.4\textwidth}
  13.104 +  @{theory_text [display, indent = 2]
  13.105 +    \<open>have "A \<longrightarrow> B"
  13.106 +proof
  13.107 +  assume A
  13.108 +  then show B \<proof>
  13.109 +qed\<close>}
  13.110 +  \end{minipage}
  13.111 +  \end{center}
  13.112  
  13.113 -  Concrete applications require another intermediate layer: an
  13.114 -  object-logic.  Isabelle/HOL @{cite "isa-tutorial"} (simply-typed
  13.115 -  set-theory) is being used most of the time; Isabelle/ZF
  13.116 -  @{cite "isabelle-ZF"} is less extensively developed, although it would
  13.117 -  probably fit better for classical mathematics.
  13.118 +  \end{minipage}
  13.119 +  \end{center}
  13.120 +
  13.121 +  \caption{Natural Deduction via inferences according to Gentzen, rules in
  13.122 +  Isabelle/Pure, and proofs in Isabelle/Isar}\label{fig:natural-deduction}
  13.123 +
  13.124 +  \end{figure}
  13.125  
  13.126    \<^medskip>
  13.127 -  In order to illustrate natural deduction in Isar, we shall
  13.128 -  refer to the background theory and library of Isabelle/HOL.  This
  13.129 -  includes common notions of predicate logic, naive set-theory etc.\
  13.130 -  using fairly standard mathematical notation.  From the perspective
  13.131 -  of generic natural deduction there is nothing special about the
  13.132 -  logical connectives of HOL (\<open>\<and>\<close>, \<open>\<or>\<close>, \<open>\<forall>\<close>,
  13.133 -  \<open>\<exists>\<close>, etc.), only the resulting reasoning principles are
  13.134 -  relevant to the user.  There are similar rules available for
  13.135 -  set-theory operators (\<open>\<inter>\<close>, \<open>\<union>\<close>, \<open>\<Inter>\<close>, \<open>\<Union>\<close>, etc.), or any other theory developed in the library (lattice
  13.136 -  theory, topology etc.).
  13.137 +  Concrete applications require another intermediate layer: an object-logic.
  13.138 +  Isabelle/HOL @{cite "isa-tutorial"} (simply-typed set-theory) is most
  13.139 +  commonly used; elementary examples are given in the directory @{file
  13.140 +  "~~/src/HOL/Isar_Examples"}. Some examples demonstrate how to start a fresh
  13.141 +  object-logic from Isabelle/Pure, and use Isar proofs from the very start,
  13.142 +  despite the lack of advanced proof tools at such an early stage (e.g.\ see
  13.143 +  @{file "~~/src/HOL/Isar_Examples/Higher_Order_Logic.thy"}). Isabelle/FOL
  13.144 +  @{cite "isabelle-logics"} and Isabelle/ZF @{cite "isabelle-ZF"} also work,
  13.145 +  but are much less developed.
  13.146  
  13.147 -  Subsequently we briefly review fragments of Isar proof texts
  13.148 -  corresponding directly to such general deduction schemes.  The
  13.149 -  examples shall refer to set-theory, to minimize the danger of
  13.150 -  understanding connectives of predicate logic as something special.
  13.151 +  In order to illustrate natural deduction in Isar, we shall subsequently
  13.152 +  refer to the background theory and library of Isabelle/HOL. This includes
  13.153 +  common notions of predicate logic, naive set-theory etc.\ using fairly
  13.154 +  standard mathematical notation. From the perspective of generic natural
  13.155 +  deduction there is nothing special about the logical connectives of HOL
  13.156 +  (\<open>\<and>\<close>, \<open>\<or>\<close>, \<open>\<forall>\<close>, \<open>\<exists>\<close>, etc.), only the resulting reasoning principles are
  13.157 +  relevant to the user. There are similar rules available for set-theory
  13.158 +  operators (\<open>\<inter>\<close>, \<open>\<union>\<close>, \<open>\<Inter>\<close>, \<open>\<Union>\<close>, etc.), or any other theory developed in the
  13.159 +  library (lattice theory, topology etc.).
  13.160 +
  13.161 +  Subsequently we briefly review fragments of Isar proof texts corresponding
  13.162 +  directly to such general deduction schemes. The examples shall refer to
  13.163 +  set-theory, to minimize the danger of understanding connectives of predicate
  13.164 +  logic as something special.
  13.165  
  13.166    \<^medskip>
  13.167 -  The following deduction performs \<open>\<inter>\<close>-introduction,
  13.168 -  working forwards from assumptions towards the conclusion.  We give
  13.169 -  both the Isar text, and depict the primitive rule involved, as
  13.170 -  determined by unification of the problem against rules that are
  13.171 -  declared in the library context.
  13.172 +  The following deduction performs \<open>\<inter>\<close>-introduction, working forwards from
  13.173 +  assumptions towards the conclusion. We give both the Isar text, and depict
  13.174 +  the primitive rule involved, as determined by unification of fact and goal
  13.175 +  statements against rules that are declared in the library context.
  13.176  \<close>
  13.177  
  13.178  text_raw \<open>\medskip\begin{minipage}{0.6\textwidth}\<close>
  13.179 @@ -84,6 +124,7 @@
  13.180  (*<*)
  13.181  notepad
  13.182  begin
  13.183 +    fix x :: 'a and A B
  13.184  (*>*)
  13.185      assume "x \<in> A" and "x \<in> B"
  13.186      then have "x \<in> A \<inter> B" ..
  13.187 @@ -94,25 +135,25 @@
  13.188  text_raw \<open>\end{minipage}\begin{minipage}{0.4\textwidth}\<close>
  13.189  
  13.190  text \<open>
  13.191 -  \infer{@{prop "x \<in> A \<inter> B"}}{@{prop "x \<in> A"} & @{prop "x \<in> B"}}
  13.192 +  \infer{\<open>x \<in> A \<inter> B\<close>}{\<open>x \<in> A\<close> & \<open>x \<in> B\<close>}
  13.193  \<close>
  13.194  
  13.195  text_raw \<open>\end{minipage}\<close>
  13.196  
  13.197  text \<open>
  13.198    \<^medskip>
  13.199 -  Note that @{command assume} augments the proof
  13.200 -  context, @{command then} indicates that the current fact shall be
  13.201 -  used in the next step, and @{command have} states an intermediate
  13.202 -  goal.  The two dots ``@{command ".."}'' refer to a complete proof of
  13.203 -  this claim, using the indicated facts and a canonical rule from the
  13.204 -  context.  We could have been more explicit here by spelling out the
  13.205 -  final proof step via the @{command "by"} command:
  13.206 +  Note that \<^theory_text>\<open>assume\<close> augments the proof context, \<^theory_text>\<open>then\<close> indicates that the
  13.207 +  current fact shall be used in the next step, and \<^theory_text>\<open>have\<close> states an
  13.208 +  intermediate goal. The two dots ``\<^theory_text>\<open>..\<close>'' refer to a complete proof of this
  13.209 +  claim, using the indicated facts and a canonical rule from the context. We
  13.210 +  could have been more explicit here by spelling out the final proof step via
  13.211 +  the \<^theory_text>\<open>by\<close> command:
  13.212  \<close>
  13.213  
  13.214  (*<*)
  13.215  notepad
  13.216  begin
  13.217 +    fix x :: 'a and A B
  13.218  (*>*)
  13.219      assume "x \<in> A" and "x \<in> B"
  13.220      then have "x \<in> A \<inter> B" by (rule IntI)
  13.221 @@ -121,14 +162,14 @@
  13.222  (*>*)
  13.223  
  13.224  text \<open>
  13.225 -  The format of the \<open>\<inter>\<close>-introduction rule represents
  13.226 -  the most basic inference, which proceeds from given premises to a
  13.227 -  conclusion, without any nested proof context involved.
  13.228 +  The format of the \<open>\<inter>\<close>-introduction rule represents the most basic inference,
  13.229 +  which proceeds from given premises to a conclusion, without any nested proof
  13.230 +  context involved.
  13.231  
  13.232 -  The next example performs backwards introduction on @{term "\<Inter>\<A>"},
  13.233 -  the intersection of all sets within a given set.  This requires a
  13.234 -  nested proof of set membership within a local context, where @{term
  13.235 -  A} is an arbitrary-but-fixed member of the collection:
  13.236 +  The next example performs backwards introduction of \<open>\<Inter>\<A>\<close>, the intersection
  13.237 +  of all sets within a given set. This requires a nested proof of set
  13.238 +  membership within a local context, where \<open>A\<close> is an arbitrary-but-fixed
  13.239 +  member of the collection:
  13.240  \<close>
  13.241  
  13.242  text_raw \<open>\medskip\begin{minipage}{0.6\textwidth}\<close>
  13.243 @@ -136,12 +177,13 @@
  13.244  (*<*)
  13.245  notepad
  13.246  begin
  13.247 +    fix x :: 'a and \<A>
  13.248  (*>*)
  13.249      have "x \<in> \<Inter>\<A>"
  13.250      proof
  13.251        fix A
  13.252        assume "A \<in> \<A>"
  13.253 -      show "x \<in> A" sorry %noproof
  13.254 +      show "x \<in> A" \<proof>
  13.255      qed
  13.256  (*<*)
  13.257  end
  13.258 @@ -150,35 +192,30 @@
  13.259  text_raw \<open>\end{minipage}\begin{minipage}{0.4\textwidth}\<close>
  13.260  
  13.261  text \<open>
  13.262 -  \infer{@{prop "x \<in> \<Inter>\<A>"}}{\infer*{@{prop "x \<in> A"}}{\<open>[A][A \<in> \<A>]\<close>}}
  13.263 +  \infer{\<open>x \<in> \<Inter>\<A>\<close>}{\infer*{\<open>x \<in> A\<close>}{\<open>[A][A \<in> \<A>]\<close>}}
  13.264  \<close>
  13.265  
  13.266  text_raw \<open>\end{minipage}\<close>
  13.267  
  13.268  text \<open>
  13.269    \<^medskip>
  13.270 -  This Isar reasoning pattern again refers to the
  13.271 -  primitive rule depicted above.  The system determines it in the
  13.272 -  ``@{command proof}'' step, which could have been spelled out more
  13.273 -  explicitly as ``@{command proof}~\<open>(rule InterI)\<close>''.  Note
  13.274 -  that the rule involves both a local parameter @{term "A"} and an
  13.275 -  assumption @{prop "A \<in> \<A>"} in the nested reasoning.  This kind of
  13.276 -  compound rule typically demands a genuine sub-proof in Isar, working
  13.277 -  backwards rather than forwards as seen before.  In the proof body we
  13.278 -  encounter the @{command fix}-@{command assume}-@{command show}
  13.279 -  outline of nested sub-proofs that is typical for Isar.  The final
  13.280 -  @{command show} is like @{command have} followed by an additional
  13.281 -  refinement of the enclosing claim, using the rule derived from the
  13.282 -  proof body.
  13.283 +  This Isar reasoning pattern again refers to the primitive rule depicted
  13.284 +  above. The system determines it in the ``\<^theory_text>\<open>proof\<close>'' step, which could have
  13.285 +  been spelled out more explicitly as ``\<^theory_text>\<open>proof (rule InterI)\<close>''. Note that
  13.286 +  the rule involves both a local parameter \<open>A\<close> and an assumption \<open>A \<in> \<A>\<close> in
  13.287 +  the nested reasoning. Such compound rules typically demands a genuine
  13.288 +  subproof in Isar, working backwards rather than forwards as seen before. In
  13.289 +  the proof body we encounter the \<^theory_text>\<open>fix\<close>-\<^theory_text>\<open>assume\<close>-\<^theory_text>\<open>show\<close> outline of nested
  13.290 +  subproofs that is typical for Isar. The final \<^theory_text>\<open>show\<close> is like \<^theory_text>\<open>have\<close>
  13.291 +  followed by an additional refinement of the enclosing claim, using the rule
  13.292 +  derived from the proof body.
  13.293  
  13.294    \<^medskip>
  13.295 -  The next example involves @{term "\<Union>\<A>"}, which can be
  13.296 -  characterized as the set of all @{term "x"} such that @{prop "\<exists>A. x
  13.297 -  \<in> A \<and> A \<in> \<A>"}.  The elimination rule for @{prop "x \<in> \<Union>\<A>"} does
  13.298 -  not mention \<open>\<exists>\<close> and \<open>\<and>\<close> at all, but admits to obtain
  13.299 -  directly a local @{term "A"} such that @{prop "x \<in> A"} and @{prop "A
  13.300 -  \<in> \<A>"} hold.  This corresponds to the following Isar proof and
  13.301 -  inference rule, respectively:
  13.302 +  The next example involves \<open>\<Union>\<A>\<close>, which can be characterized as the set of
  13.303 +  all \<open>x\<close> such that \<open>\<exists>A. x \<in> A \<and> A \<in> \<A>\<close>. The elimination rule for \<open>x \<in> \<Union>\<A>\<close>
  13.304 +  does not mention \<open>\<exists>\<close> and \<open>\<and>\<close> at all, but admits to obtain directly a local
  13.305 +  \<open>A\<close> such that \<open>x \<in> A\<close> and \<open>A \<in> \<A>\<close> hold. This corresponds to the following
  13.306 +  Isar proof and inference rule, respectively:
  13.307  \<close>
  13.308  
  13.309  text_raw \<open>\medskip\begin{minipage}{0.6\textwidth}\<close>
  13.310 @@ -186,13 +223,14 @@
  13.311  (*<*)
  13.312  notepad
  13.313  begin
  13.314 +    fix x :: 'a and \<A> C
  13.315  (*>*)
  13.316      assume "x \<in> \<Union>\<A>"
  13.317      then have C
  13.318      proof
  13.319        fix A
  13.320        assume "x \<in> A" and "A \<in> \<A>"
  13.321 -      show C sorry %noproof
  13.322 +      show C \<proof>
  13.323      qed
  13.324  (*<*)
  13.325  end
  13.326 @@ -201,26 +239,25 @@
  13.327  text_raw \<open>\end{minipage}\begin{minipage}{0.4\textwidth}\<close>
  13.328  
  13.329  text \<open>
  13.330 -  \infer{@{prop "C"}}{@{prop "x \<in> \<Union>\<A>"} & \infer*{@{prop "C"}~}{\<open>[A][x \<in> A, A \<in> \<A>]\<close>}}
  13.331 +  \infer{\<open>C\<close>}{\<open>x \<in> \<Union>\<A>\<close> & \infer*{\<open>C\<close>~}{\<open>[A][x \<in> A, A \<in> \<A>]\<close>}}
  13.332  \<close>
  13.333  
  13.334  text_raw \<open>\end{minipage}\<close>
  13.335  
  13.336  text \<open>
  13.337    \<^medskip>
  13.338 -  Although the Isar proof follows the natural
  13.339 -  deduction rule closely, the text reads not as natural as
  13.340 -  anticipated.  There is a double occurrence of an arbitrary
  13.341 -  conclusion @{prop "C"}, which represents the final result, but is
  13.342 -  irrelevant for now.  This issue arises for any elimination rule
  13.343 -  involving local parameters.  Isar provides the derived language
  13.344 -  element @{command obtain}, which is able to perform the same
  13.345 -  elimination proof more conveniently:
  13.346 +  Although the Isar proof follows the natural deduction rule closely, the text
  13.347 +  reads not as natural as anticipated. There is a double occurrence of an
  13.348 +  arbitrary conclusion \<open>C\<close>, which represents the final result, but is
  13.349 +  irrelevant for now. This issue arises for any elimination rule involving
  13.350 +  local parameters. Isar provides the derived language element \<^theory_text>\<open>obtain\<close>,
  13.351 +  which is able to perform the same elimination proof more conveniently:
  13.352  \<close>
  13.353  
  13.354  (*<*)
  13.355  notepad
  13.356  begin
  13.357 +    fix x :: 'a and \<A>
  13.358  (*>*)
  13.359      assume "x \<in> \<Union>\<A>"
  13.360      then obtain A where "x \<in> A" and "A \<in> \<A>" ..
  13.361 @@ -229,9 +266,9 @@
  13.362  (*>*)
  13.363  
  13.364  text \<open>
  13.365 -  Here we avoid to mention the final conclusion @{prop "C"}
  13.366 -  and return to plain forward reasoning.  The rule involved in the
  13.367 -  ``@{command ".."}'' proof is the same as before.
  13.368 +  Here we avoid to mention the final conclusion \<open>C\<close> and return to plain
  13.369 +  forward reasoning. The rule involved in the ``\<^theory_text>\<open>..\<close>'' proof is the same as
  13.370 +  before.
  13.371  \<close>
  13.372  
  13.373  
  13.374 @@ -239,9 +276,9 @@
  13.375  
  13.376  text \<open>
  13.377    The Pure logic @{cite "paulson-found" and "paulson700"} is an intuitionistic
  13.378 -  fragment of higher-order logic @{cite "church40"}.  In type-theoretic
  13.379 -  parlance, there are three levels of \<open>\<lambda>\<close>-calculus with
  13.380 -  corresponding arrows \<open>\<Rightarrow>\<close>/\<open>\<And>\<close>/\<open>\<Longrightarrow>\<close>:
  13.381 +  fragment of higher-order logic @{cite "church40"}. In type-theoretic
  13.382 +  parlance, there are three levels of \<open>\<lambda>\<close>-calculus with corresponding arrows
  13.383 +  \<open>\<Rightarrow>\<close>/\<open>\<And>\<close>/\<open>\<Longrightarrow>\<close>:
  13.384  
  13.385    \<^medskip>
  13.386    \begin{tabular}{ll}
  13.387 @@ -251,39 +288,35 @@
  13.388    \end{tabular}
  13.389    \<^medskip>
  13.390  
  13.391 -  Here only the types of syntactic terms, and the
  13.392 -  propositions of proof terms have been shown.  The \<open>\<lambda>\<close>-structure of proofs can be recorded as an optional feature of
  13.393 -  the Pure inference kernel @{cite "Berghofer-Nipkow:2000:TPHOL"}, but
  13.394 -  the formal system can never depend on them due to \<^emph>\<open>proof
  13.395 -  irrelevance\<close>.
  13.396 +  Here only the types of syntactic terms, and the propositions of proof terms
  13.397 +  have been shown. The \<open>\<lambda>\<close>-structure of proofs can be recorded as an optional
  13.398 +  feature of the Pure inference kernel @{cite "Berghofer-Nipkow:2000:TPHOL"},
  13.399 +  but the formal system can never depend on them due to \<^emph>\<open>proof irrelevance\<close>.
  13.400  
  13.401 -  On top of this most primitive layer of proofs, Pure implements a
  13.402 -  generic calculus for nested natural deduction rules, similar to
  13.403 -  @{cite "Schroeder-Heister:1984"}.  Here object-logic inferences are
  13.404 -  internalized as formulae over \<open>\<And>\<close> and \<open>\<Longrightarrow>\<close>.
  13.405 -  Combining such rule statements may involve higher-order unification
  13.406 -  @{cite "paulson-natural"}.
  13.407 +  On top of this most primitive layer of proofs, Pure implements a generic
  13.408 +  calculus for nested natural deduction rules, similar to @{cite
  13.409 +  "Schroeder-Heister:1984"}. Here object-logic inferences are internalized as
  13.410 +  formulae over \<open>\<And>\<close> and \<open>\<Longrightarrow>\<close>. Combining such rule statements may involve
  13.411 +  higher-order unification @{cite "paulson-natural"}.
  13.412  \<close>
  13.413  
  13.414  
  13.415  subsection \<open>Primitive inferences\<close>
  13.416  
  13.417  text \<open>
  13.418 -  Term syntax provides explicit notation for abstraction \<open>\<lambda>x ::
  13.419 -  \<alpha>. b(x)\<close> and application \<open>b a\<close>, while types are usually
  13.420 -  implicit thanks to type-inference; terms of type \<open>prop\<close> are
  13.421 -  called propositions.  Logical statements are composed via \<open>\<And>x
  13.422 -  :: \<alpha>. B(x)\<close> and \<open>A \<Longrightarrow> B\<close>.  Primitive reasoning operates on
  13.423 -  judgments of the form \<open>\<Gamma> \<turnstile> \<phi>\<close>, with standard introduction
  13.424 -  and elimination rules for \<open>\<And>\<close> and \<open>\<Longrightarrow>\<close> that refer to
  13.425 -  fixed parameters \<open>x\<^sub>1, \<dots>, x\<^sub>m\<close> and hypotheses
  13.426 -  \<open>A\<^sub>1, \<dots>, A\<^sub>n\<close> from the context \<open>\<Gamma>\<close>;
  13.427 -  the corresponding proof terms are left implicit.  The subsequent
  13.428 -  inference rules define \<open>\<Gamma> \<turnstile> \<phi>\<close> inductively, relative to a
  13.429 -  collection of axioms:
  13.430 +  Term syntax provides explicit notation for abstraction \<open>\<lambda>x :: \<alpha>. b(x)\<close> and
  13.431 +  application \<open>b a\<close>, while types are usually implicit thanks to
  13.432 +  type-inference; terms of type \<open>prop\<close> are called propositions. Logical
  13.433 +  statements are composed via \<open>\<And>x :: \<alpha>. B(x)\<close> and \<open>A \<Longrightarrow> B\<close>. Primitive reasoning
  13.434 +  operates on judgments of the form \<open>\<Gamma> \<turnstile> \<phi>\<close>, with standard introduction and
  13.435 +  elimination rules for \<open>\<And>\<close> and \<open>\<Longrightarrow>\<close> that refer to fixed parameters \<open>x\<^sub>1, \<dots>,
  13.436 +  x\<^sub>m\<close> and hypotheses \<open>A\<^sub>1, \<dots>, A\<^sub>n\<close> from the context \<open>\<Gamma>\<close>; the corresponding
  13.437 +  proof terms are left implicit. The subsequent inference rules define \<open>\<Gamma> \<turnstile> \<phi>\<close>
  13.438 +  inductively, relative to a collection of axioms from the implicit background
  13.439 +  theory:
  13.440  
  13.441    \[
  13.442 -  \infer{\<open>\<turnstile> A\<close>}{(\<open>A\<close> \mbox{~axiom})}
  13.443 +  \infer{\<open>\<turnstile> A\<close>}{\<open>A\<close> \mbox{~is axiom}}
  13.444    \qquad
  13.445    \infer{\<open>A \<turnstile> A\<close>}{}
  13.446    \]
  13.447 @@ -300,68 +333,61 @@
  13.448    \infer{\<open>\<Gamma>\<^sub>1 \<union> \<Gamma>\<^sub>2 \<turnstile> B\<close>}{\<open>\<Gamma>\<^sub>1 \<turnstile> A \<Longrightarrow> B\<close> & \<open>\<Gamma>\<^sub>2 \<turnstile> A\<close>}
  13.449    \]
  13.450  
  13.451 -  Furthermore, Pure provides a built-in equality \<open>\<equiv> :: \<alpha> \<Rightarrow> \<alpha> \<Rightarrow>
  13.452 -  prop\<close> with axioms for reflexivity, substitution, extensionality,
  13.453 -  and \<open>\<alpha>\<beta>\<eta>\<close>-conversion on \<open>\<lambda>\<close>-terms.
  13.454 +  Furthermore, Pure provides a built-in equality \<open>\<equiv> :: \<alpha> \<Rightarrow> \<alpha> \<Rightarrow> prop\<close> with
  13.455 +  axioms for reflexivity, substitution, extensionality, and \<open>\<alpha>\<beta>\<eta>\<close>-conversion
  13.456 +  on \<open>\<lambda>\<close>-terms.
  13.457  
  13.458    \<^medskip>
  13.459 -  An object-logic introduces another layer on top of Pure,
  13.460 -  e.g.\ with types \<open>i\<close> for individuals and \<open>o\<close> for
  13.461 -  propositions, term constants \<open>Trueprop :: o \<Rightarrow> prop\<close> as
  13.462 -  (implicit) derivability judgment and connectives like \<open>\<and> :: o
  13.463 -  \<Rightarrow> o \<Rightarrow> o\<close> or \<open>\<forall> :: (i \<Rightarrow> o) \<Rightarrow> o\<close>, and axioms for object-level
  13.464 -  rules such as \<open>conjI: A \<Longrightarrow> B \<Longrightarrow> A \<and> B\<close> or \<open>allI: (\<And>x. B
  13.465 -  x) \<Longrightarrow> \<forall>x. B x\<close>.  Derived object rules are represented as theorems of
  13.466 -  Pure.  After the initial object-logic setup, further axiomatizations
  13.467 -  are usually avoided; plain definitions and derived principles are
  13.468 -  used exclusively.
  13.469 +
  13.470 +  An object-logic introduces another layer on top of Pure, e.g.\ with types
  13.471 +  \<open>i\<close> for individuals and \<open>o\<close> for propositions, term constants \<open>Trueprop :: o
  13.472 +  \<Rightarrow> prop\<close> as (implicit) derivability judgment and connectives like \<open>\<and> :: o \<Rightarrow> o
  13.473 +  \<Rightarrow> o\<close> or \<open>\<forall> :: (i \<Rightarrow> o) \<Rightarrow> o\<close>, and axioms for object-level rules such as
  13.474 +  \<open>conjI: A \<Longrightarrow> B \<Longrightarrow> A \<and> B\<close> or \<open>allI: (\<And>x. B x) \<Longrightarrow> \<forall>x. B x\<close>. Derived object rules
  13.475 +  are represented as theorems of Pure. After the initial object-logic setup,
  13.476 +  further axiomatizations are usually avoided: definitional principles are
  13.477 +  used instead (e.g.\ \<^theory_text>\<open>definition\<close>, \<^theory_text>\<open>inductive\<close>, \<^theory_text>\<open>fun\<close>, \<^theory_text>\<open>function\<close>).
  13.478  \<close>
  13.479  
  13.480  
  13.481  subsection \<open>Reasoning with rules \label{sec:framework-resolution}\<close>
  13.482  
  13.483  text \<open>
  13.484 -  Primitive inferences mostly serve foundational purposes.  The main
  13.485 -  reasoning mechanisms of Pure operate on nested natural deduction
  13.486 -  rules expressed as formulae, using \<open>\<And>\<close> to bind local
  13.487 -  parameters and \<open>\<Longrightarrow>\<close> to express entailment.  Multiple
  13.488 -  parameters and premises are represented by repeating these
  13.489 +  Primitive inferences mostly serve foundational purposes. The main reasoning
  13.490 +  mechanisms of Pure operate on nested natural deduction rules expressed as
  13.491 +  formulae, using \<open>\<And>\<close> to bind local parameters and \<open>\<Longrightarrow>\<close> to express entailment.
  13.492 +  Multiple parameters and premises are represented by repeating these
  13.493    connectives in a right-associative manner.
  13.494  
  13.495 -  Since \<open>\<And>\<close> and \<open>\<Longrightarrow>\<close> commute thanks to the theorem
  13.496 -  @{prop "(A \<Longrightarrow> (\<And>x. B x)) \<equiv> (\<And>x. A \<Longrightarrow> B x)"}, we may assume w.l.o.g.\
  13.497 -  that rule statements always observe the normal form where
  13.498 -  quantifiers are pulled in front of implications at each level of
  13.499 -  nesting.  This means that any Pure proposition may be presented as a
  13.500 -  \<^emph>\<open>Hereditary Harrop Formula\<close> @{cite "Miller:1991"} which is of the
  13.501 -  form \<open>\<And>x\<^sub>1 \<dots> x\<^sub>m. H\<^sub>1 \<Longrightarrow> \<dots> H\<^sub>n \<Longrightarrow>
  13.502 -  A\<close> for \<open>m, n \<ge> 0\<close>, and \<open>A\<close> atomic, and \<open>H\<^sub>1, \<dots>, H\<^sub>n\<close> being recursively of the same format.
  13.503 -  Following the convention that outermost quantifiers are implicit,
  13.504 -  Horn clauses \<open>A\<^sub>1 \<Longrightarrow> \<dots> A\<^sub>n \<Longrightarrow> A\<close> are a special
  13.505 -  case of this.
  13.506 +  Thanks to the Pure theorem @{prop "(A \<Longrightarrow> (\<And>x. B x)) \<equiv> (\<And>x. A \<Longrightarrow> B x)"} the
  13.507 +  connectives \<open>\<And>\<close> and \<open>\<Longrightarrow>\<close> commute. So we may assume w.l.o.g.\ that rule
  13.508 +  statements always observe the normal form where quantifiers are pulled in
  13.509 +  front of implications at each level of nesting. This means that any Pure
  13.510 +  proposition may be presented as a \<^emph>\<open>Hereditary Harrop Formula\<close> @{cite
  13.511 +  "Miller:1991"} which is of the form \<open>\<And>x\<^sub>1 \<dots> x\<^sub>m. H\<^sub>1 \<Longrightarrow> \<dots> H\<^sub>n \<Longrightarrow> A\<close> for \<open>m, n
  13.512 +  \<ge> 0\<close>, and \<open>A\<close> atomic, and \<open>H\<^sub>1, \<dots>, H\<^sub>n\<close> being recursively of the same
  13.513 +  format. Following the convention that outermost quantifiers are implicit,
  13.514 +  Horn clauses \<open>A\<^sub>1 \<Longrightarrow> \<dots> A\<^sub>n \<Longrightarrow> A\<close> are a special case of this.
  13.515  
  13.516 -  For example, \<open>\<inter>\<close>-introduction rule encountered before is
  13.517 -  represented as a Pure theorem as follows:
  13.518 +  For example, the \<open>\<inter>\<close>-introduction rule encountered before is represented as
  13.519 +  a Pure theorem as follows:
  13.520    \[
  13.521    \<open>IntI:\<close>~@{prop "x \<in> A \<Longrightarrow> x \<in> B \<Longrightarrow> x \<in> A \<inter> B"}
  13.522    \]
  13.523  
  13.524 -  This is a plain Horn clause, since no further nesting on
  13.525 -  the left is involved.  The general \<open>\<Inter>\<close>-introduction
  13.526 -  corresponds to a Hereditary Harrop Formula with one additional level
  13.527 -  of nesting:
  13.528 +  This is a plain Horn clause, since no further nesting on the left is
  13.529 +  involved. The general \<open>\<Inter>\<close>-introduction corresponds to a Hereditary Harrop
  13.530 +  Formula with one additional level of nesting:
  13.531    \[
  13.532    \<open>InterI:\<close>~@{prop "(\<And>A. A \<in> \<A> \<Longrightarrow> x \<in> A) \<Longrightarrow> x \<in> \<Inter>\<A>"}
  13.533    \]
  13.534  
  13.535    \<^medskip>
  13.536 -  Goals are also represented as rules: \<open>A\<^sub>1 \<Longrightarrow>
  13.537 -  \<dots> A\<^sub>n \<Longrightarrow> C\<close> states that the sub-goals \<open>A\<^sub>1, \<dots>,
  13.538 -  A\<^sub>n\<close> entail the result \<open>C\<close>; for \<open>n = 0\<close> the
  13.539 -  goal is finished.  To allow \<open>C\<close> being a rule statement
  13.540 -  itself, we introduce the protective marker \<open># :: prop \<Rightarrow>
  13.541 -  prop\<close>, which is defined as identity and hidden from the user.  We
  13.542 -  initialize and finish goal states as follows:
  13.543 +  Goals are also represented as rules: \<open>A\<^sub>1 \<Longrightarrow> \<dots> A\<^sub>n \<Longrightarrow> C\<close> states that the
  13.544 +  subgoals \<open>A\<^sub>1, \<dots>, A\<^sub>n\<close> entail the result \<open>C\<close>; for \<open>n = 0\<close> the goal is
  13.545 +  finished. To allow \<open>C\<close> being a rule statement itself, there is an internal
  13.546 +  protective marker \<open># :: prop \<Rightarrow> prop\<close>, which is defined as identity and
  13.547 +  hidden from the user. We initialize and finish goal states as follows:
  13.548  
  13.549    \[
  13.550    \begin{array}{c@ {\qquad}c}
  13.551 @@ -370,12 +396,12 @@
  13.552    \end{array}
  13.553    \]
  13.554  
  13.555 -  Goal states are refined in intermediate proof steps until
  13.556 -  a finished form is achieved.  Here the two main reasoning principles
  13.557 -  are @{inference resolution}, for back-chaining a rule against a
  13.558 -  sub-goal (replacing it by zero or more sub-goals), and @{inference
  13.559 -  assumption}, for solving a sub-goal (finding a short-circuit with
  13.560 -  local assumptions).  Below \<open>\<^vec>x\<close> stands for \<open>x\<^sub>1, \<dots>, x\<^sub>n\<close> (\<open>n \<ge> 0\<close>).
  13.561 +  Goal states are refined in intermediate proof steps until a finished form is
  13.562 +  achieved. Here the two main reasoning principles are @{inference
  13.563 +  resolution}, for back-chaining a rule against a subgoal (replacing it by
  13.564 +  zero or more subgoals), and @{inference assumption}, for solving a subgoal
  13.565 +  (finding a short-circuit with local assumptions). Below \<open>\<^vec>x\<close> stands
  13.566 +  for \<open>x\<^sub>1, \<dots>, x\<^sub>n\<close> (for \<open>n \<ge> 0\<close>).
  13.567  
  13.568    \[
  13.569    \infer[(@{inference_def resolution})]
  13.570 @@ -397,7 +423,7 @@
  13.571    {\begin{tabular}{rl}
  13.572      \<open>goal:\<close> &
  13.573      \<open>(\<And>\<^vec>x. \<^vec>H \<^vec>x \<Longrightarrow> A \<^vec>x) \<Longrightarrow> C\<close> \\
  13.574 -    \<open>assm unifier:\<close> & \<open>A\<vartheta> = H\<^sub>i\<vartheta>\<close>~~\mbox{(for some~\<open>H\<^sub>i\<close>)} \\
  13.575 +    \<open>assm unifier:\<close> & \<open>A\<vartheta> = H\<^sub>i\<vartheta>\<close>~~\mbox{for some~\<open>H\<^sub>i\<close>} \\
  13.576     \end{tabular}}
  13.577    \]
  13.578  
  13.579 @@ -418,215 +444,166 @@
  13.580    \<^medskip>
  13.581    }
  13.582  
  13.583 -  Compositions of @{inference assumption} after @{inference
  13.584 -  resolution} occurs quite often, typically in elimination steps.
  13.585 -  Traditional Isabelle tactics accommodate this by a combined
  13.586 -  @{inference_def elim_resolution} principle.  In contrast, Isar uses
  13.587 -  a slightly more refined combination, where the assumptions to be
  13.588 -  closed are marked explicitly, using again the protective marker
  13.589 -  \<open>#\<close>:
  13.590 +  Compositions of @{inference assumption} after @{inference resolution} occurs
  13.591 +  quite often, typically in elimination steps. Traditional Isabelle tactics
  13.592 +  accommodate this by a combined @{inference_def elim_resolution} principle.
  13.593 +  In contrast, Isar uses a combined refinement rule as follows:\footnote{For
  13.594 +  simplicity and clarity, the presentation ignores \<^emph>\<open>weak premises\<close> as
  13.595 +  introduced via \<^theory_text>\<open>presume\<close> or \<^theory_text>\<open>show \<dots> when\<close>.}
  13.596  
  13.597 +  {\small
  13.598    \[
  13.599    \infer[(@{inference refinement})]
  13.600 -  {\<open>(\<And>\<^vec>x. \<^vec>H \<^vec>x \<Longrightarrow> \<^vec>G' (\<^vec>a \<^vec>x))\<vartheta> \<Longrightarrow> C\<vartheta>\<close>}
  13.601 +  {\<open>C\<vartheta>\<close>}
  13.602    {\begin{tabular}{rl}
  13.603 -    \<open>sub\<hyphen>proof:\<close> &
  13.604 -    \<open>\<^vec>G \<^vec>a \<Longrightarrow> B \<^vec>a\<close> \\
  13.605 -    \<open>goal:\<close> &
  13.606 +    \<open>subgoal:\<close> &
  13.607      \<open>(\<And>\<^vec>x. \<^vec>H \<^vec>x \<Longrightarrow> B' \<^vec>x) \<Longrightarrow> C\<close> \\
  13.608 -    \<open>goal unifier:\<close> &
  13.609 +    \<open>subproof:\<close> &
  13.610 +    \<open>\<^vec>G \<^vec>a \<Longrightarrow> B \<^vec>a\<close> \quad for schematic \<open>\<^vec>a\<close> \\
  13.611 +    \<open>concl unifier:\<close> &
  13.612      \<open>(\<lambda>\<^vec>x. B (\<^vec>a \<^vec>x))\<vartheta> = B'\<vartheta>\<close> \\
  13.613      \<open>assm unifiers:\<close> &
  13.614 -    \<open>(\<lambda>\<^vec>x. G\<^sub>j (\<^vec>a \<^vec>x))\<vartheta> = #H\<^sub>i\<vartheta>\<close> \\
  13.615 -    & \quad (for each marked \<open>G\<^sub>j\<close> some \<open>#H\<^sub>i\<close>) \\
  13.616 +    \<open>(\<lambda>\<^vec>x. G\<^sub>j (\<^vec>a \<^vec>x))\<vartheta> = H\<^sub>i\<vartheta>\<close> \quad for each \<open>G\<^sub>j\<close> some \<open>H\<^sub>i\<close> \\
  13.617     \end{tabular}}
  13.618 -  \]
  13.619 +  \]}
  13.620  
  13.621 -  Here the \<open>sub\<hyphen>proof\<close> rule stems from the
  13.622 -  main @{command fix}-@{command assume}-@{command show} outline of
  13.623 -  Isar (cf.\ \secref{sec:framework-subproof}): each assumption
  13.624 -  indicated in the text results in a marked premise \<open>G\<close> above.
  13.625 -  The marking enforces resolution against one of the sub-goal's
  13.626 -  premises.  Consequently, @{command fix}-@{command assume}-@{command
  13.627 -  show} enables to fit the result of a sub-proof quite robustly into a
  13.628 -  pending sub-goal, while maintaining a good measure of flexibility.
  13.629 +  Here the \<open>subproof\<close> rule stems from the main \<^theory_text>\<open>fix\<close>-\<^theory_text>\<open>assume\<close>-\<^theory_text>\<open>show\<close>
  13.630 +  outline of Isar (cf.\ \secref{sec:framework-subproof}): each assumption
  13.631 +  indicated in the text results in a marked premise \<open>G\<close> above. Consequently,
  13.632 +  \<^theory_text>\<open>fix\<close>-\<^theory_text>\<open>assume\<close>-\<^theory_text>\<open>show\<close> enables to fit the result of a subproof quite
  13.633 +  robustly into a pending subgoal, while maintaining a good measure of
  13.634 +  flexibility: the subproof only needs to fit modulo unification, and its
  13.635 +  assumptions may be a proper subset of the subgoal premises (see
  13.636 +  \secref{sec:framework-subproof}).
  13.637  \<close>
  13.638  
  13.639  
  13.640  section \<open>The Isar proof language \label{sec:framework-isar}\<close>
  13.641  
  13.642  text \<open>
  13.643 -  Structured proofs are presented as high-level expressions for
  13.644 -  composing entities of Pure (propositions, facts, and goals).  The
  13.645 -  Isar proof language allows to organize reasoning within the
  13.646 -  underlying rule calculus of Pure, but Isar is not another logical
  13.647 -  calculus!
  13.648 +  Structured proofs are presented as high-level expressions for composing
  13.649 +  entities of Pure (propositions, facts, and goals). The Isar proof language
  13.650 +  allows to organize reasoning within the underlying rule calculus of Pure,
  13.651 +  but Isar is not another logical calculus. Isar merely imposes certain
  13.652 +  structure and policies on Pure inferences.
  13.653 +
  13.654 +  Isar is intended as an exercise in minimalism. Approximately half of the
  13.655 +  language is introduced as primitive, the rest defined as derived concepts.
  13.656 +  The grammar in \appref{ap:main-grammar} describes the core language
  13.657 +  (category \<open>proof\<close>), which is embedded into the main outer theory syntax via
  13.658 +  elements that require a proof (e.g.\ \<^theory_text>\<open>theorem\<close>, \<^theory_text>\<open>lemma\<close>, \<^theory_text>\<open>function\<close>,
  13.659 +  \<^theory_text>\<open>termination\<close>).
  13.660  
  13.661 -  Isar is an exercise in sound minimalism.  Approximately half of the
  13.662 -  language is introduced as primitive, the rest defined as derived
  13.663 -  concepts.  The following grammar describes the core language
  13.664 -  (category \<open>proof\<close>), which is embedded into theory
  13.665 -  specification elements such as @{command theorem}; see also
  13.666 -  \secref{sec:framework-stmt} for the separate category \<open>statement\<close>.
  13.667 +  The syntax for terms and propositions is inherited from Pure (and the
  13.668 +  object-logic). A \<open>pattern\<close> is a \<open>term\<close> with schematic variables, to be bound
  13.669 +  by higher-order matching. Simultaneous propositions or facts may be
  13.670 +  separated by the \<^theory_text>\<open>and\<close> keyword.
  13.671 +
  13.672 +  \<^medskip>
  13.673 +  Facts may be referenced by name or proposition. For example, the result of
  13.674 +  ``\<^theory_text>\<open>have a: A \<proof>\<close>'' becomes accessible both via the name \<open>a\<close> and the
  13.675 +  literal proposition \<open>\<open>A\<close>\<close>. Moreover, fact expressions may involve attributes
  13.676 +  that modify either the theorem or the background context. For example, the
  13.677 +  expression ``\<open>a [OF b]\<close>'' refers to the composition of two facts according
  13.678 +  to the @{inference resolution} inference of
  13.679 +  \secref{sec:framework-resolution}, while ``\<open>a [intro]\<close>'' declares a fact as
  13.680 +  introduction rule in the context.
  13.681 +
  13.682 +  The special fact called ``@{fact this}'' always refers to the last result,
  13.683 +  as produced by \<^theory_text>\<open>note\<close>, \<^theory_text>\<open>assume\<close>, \<^theory_text>\<open>have\<close>, or \<^theory_text>\<open>show\<close>. Since \<^theory_text>\<open>note\<close> occurs
  13.684 +  frequently together with \<^theory_text>\<open>then\<close>, there are some abbreviations:
  13.685  
  13.686    \<^medskip>
  13.687    \begin{tabular}{rcl}
  13.688 -    \<open>theory\<hyphen>stmt\<close> & = & @{command "theorem"}~\<open>statement proof  |\<close>~~@{command "definition"}~\<open>\<dots>  |  \<dots>\<close> \\[1ex]
  13.689 -
  13.690 -    \<open>proof\<close> & = & \<open>prfx\<^sup>*\<close>~@{command "proof"}~\<open>method\<^sup>? stmt\<^sup>*\<close>~@{command "qed"}~\<open>method\<^sup>?\<close> \\[1ex]
  13.691 -
  13.692 -    \<open>prfx\<close> & = & @{command "using"}~\<open>facts\<close> \\
  13.693 -    & \<open>|\<close> & @{command "unfolding"}~\<open>facts\<close> \\
  13.694 -
  13.695 -    \<open>stmt\<close> & = & @{command "{"}~\<open>stmt\<^sup>*\<close>~@{command "}"} \\
  13.696 -    & \<open>|\<close> & @{command "next"} \\
  13.697 -    & \<open>|\<close> & @{command "note"}~\<open>name = facts\<close> \\
  13.698 -    & \<open>|\<close> & @{command "let"}~\<open>term = term\<close> \\
  13.699 -    & \<open>|\<close> & @{command "fix"}~\<open>var\<^sup>+\<close> \\
  13.700 -    & \<open>|\<close> & @{command assume}~\<open>\<guillemotleft>inference\<guillemotright> name: props\<close> \\
  13.701 -    & \<open>|\<close> & @{command "then"}\<open>\<^sup>?\<close>~\<open>goal\<close> \\
  13.702 -    \<open>goal\<close> & = & @{command "have"}~\<open>name: props proof\<close> \\
  13.703 -    & \<open>|\<close> & @{command "show"}~\<open>name: props proof\<close> \\
  13.704 -  \end{tabular}
  13.705 -
  13.706 -  \<^medskip>
  13.707 -  Simultaneous propositions or facts may be separated by the
  13.708 -  @{keyword "and"} keyword.
  13.709 -
  13.710 -  \<^medskip>
  13.711 -  The syntax for terms and propositions is inherited from
  13.712 -  Pure (and the object-logic).  A \<open>pattern\<close> is a \<open>term\<close> with schematic variables, to be bound by higher-order
  13.713 -  matching.
  13.714 -
  13.715 -  \<^medskip>
  13.716 -  Facts may be referenced by name or proposition.  For
  13.717 -  example, the result of ``@{command have}~\<open>a: A \<langle>proof\<rangle>\<close>''
  13.718 -  becomes available both as \<open>a\<close> and
  13.719 -  \isacharbackquoteopen\<open>A\<close>\isacharbackquoteclose.  Moreover,
  13.720 -  fact expressions may involve attributes that modify either the
  13.721 -  theorem or the background context.  For example, the expression
  13.722 -  ``\<open>a [OF b]\<close>'' refers to the composition of two facts
  13.723 -  according to the @{inference resolution} inference of
  13.724 -  \secref{sec:framework-resolution}, while ``\<open>a [intro]\<close>''
  13.725 -  declares a fact as introduction rule in the context.
  13.726 -
  13.727 -  The special fact called ``@{fact this}'' always refers to the last
  13.728 -  result, as produced by @{command note}, @{command assume}, @{command
  13.729 -  have}, or @{command show}.  Since @{command note} occurs
  13.730 -  frequently together with @{command then} we provide some
  13.731 -  abbreviations:
  13.732 -
  13.733 -  \<^medskip>
  13.734 -  \begin{tabular}{rcl}
  13.735 -    @{command from}~\<open>a\<close> & \<open>\<equiv>\<close> & @{command note}~\<open>a\<close>~@{command then} \\
  13.736 -    @{command with}~\<open>a\<close> & \<open>\<equiv>\<close> & @{command from}~\<open>a \<AND> this\<close> \\
  13.737 +    \<^theory_text>\<open>from a\<close> & \<open>\<equiv>\<close> & \<^theory_text>\<open>note a then\<close> \\
  13.738 +    \<^theory_text>\<open>with a\<close> & \<open>\<equiv>\<close> & \<^theory_text>\<open>from a and this\<close> \\
  13.739    \end{tabular}
  13.740    \<^medskip>
  13.741  
  13.742 -  The \<open>method\<close> category is essentially a parameter and may be
  13.743 -  populated later.  Methods use the facts indicated by @{command
  13.744 -  "then"} or @{command using}, and then operate on the goal state.
  13.745 -  Some basic methods are predefined: ``@{method "-"}'' leaves the goal
  13.746 -  unchanged, ``@{method this}'' applies the facts as rules to the
  13.747 -  goal, ``@{method (Pure) "rule"}'' applies the facts to another rule and the
  13.748 -  result to the goal (both ``@{method this}'' and ``@{method (Pure) rule}''
  13.749 -  refer to @{inference resolution} of
  13.750 -  \secref{sec:framework-resolution}).  The secondary arguments to
  13.751 -  ``@{method (Pure) rule}'' may be specified explicitly as in ``\<open>(rule
  13.752 -  a)\<close>'', or picked from the context.  In the latter case, the system
  13.753 -  first tries rules declared as @{attribute (Pure) elim} or
  13.754 -  @{attribute (Pure) dest}, followed by those declared as @{attribute
  13.755 -  (Pure) intro}.
  13.756 +  The \<open>method\<close> category is essentially a parameter of the Isar language and
  13.757 +  may be populated later. The command \<^theory_text>\<open>method_setup\<close> allows to define proof
  13.758 +  methods semantically in Isabelle/ML. The Eisbach language allows to define
  13.759 +  proof methods symbolically, as recursive expressions over existing methods
  13.760 +  @{cite "Matichuk-et-al:2014"}; see also @{file "~~/src/HOL/Eisbach"}.
  13.761  
  13.762 -  The default method for @{command proof} is ``@{method standard}''
  13.763 -  (arguments picked from the context), for @{command qed} it is
  13.764 -  ``@{method "succeed"}''.  Further abbreviations for terminal proof steps
  13.765 -  are ``@{command "by"}~\<open>method\<^sub>1 method\<^sub>2\<close>'' for
  13.766 -  ``@{command proof}~\<open>method\<^sub>1\<close>~@{command qed}~\<open>method\<^sub>2\<close>'', and ``@{command ".."}'' for ``@{command
  13.767 -  "by"}~@{method standard}, and ``@{command "."}'' for ``@{command
  13.768 -  "by"}~@{method this}''.  The @{command unfolding} element operates
  13.769 -  directly on the current facts and goal by applying equalities.
  13.770 +  Methods use the facts indicated by \<^theory_text>\<open>then\<close> or \<^theory_text>\<open>using\<close>, and then operate on
  13.771 +  the goal state. Some basic methods are predefined in Pure: ``@{method "-"}''
  13.772 +  leaves the goal unchanged, ``@{method this}'' applies the facts as rules to
  13.773 +  the goal, ``@{method (Pure) "rule"}'' applies the facts to another rule and
  13.774 +  the result to the goal (both ``@{method this}'' and ``@{method (Pure)
  13.775 +  rule}'' refer to @{inference resolution} of
  13.776 +  \secref{sec:framework-resolution}). The secondary arguments to ``@{method
  13.777 +  (Pure) rule}'' may be specified explicitly as in ``\<open>(rule a)\<close>'', or picked
  13.778 +  from the context. In the latter case, the system first tries rules declared
  13.779 +  as @{attribute (Pure) elim} or @{attribute (Pure) dest}, followed by those
  13.780 +  declared as @{attribute (Pure) intro}.
  13.781 +
  13.782 +  The default method for \<^theory_text>\<open>proof\<close> is ``@{method standard}'' (which subsumes
  13.783 +  @{method rule} with arguments picked from the context), for \<^theory_text>\<open>qed\<close> it is
  13.784 +  ``@{method "succeed"}''. Further abbreviations for terminal proof steps are
  13.785 +  ``\<^theory_text>\<open>by method\<^sub>1 method\<^sub>2\<close>'' for ``\<^theory_text>\<open>proof method\<^sub>1 qed method\<^sub>2\<close>'', and
  13.786 +  ``\<^theory_text>\<open>..\<close>'' for ``\<^theory_text>\<open>by standard\<close>, and ``\<^theory_text>\<open>.\<close>'' for ``\<^theory_text>\<open>by this\<close>''. The command
  13.787 +  ``\<^theory_text>\<open>unfolding facts\<close>'' operates directly on the goal by applying equalities.
  13.788  
  13.789    \<^medskip>
  13.790 -  Block structure can be indicated explicitly by ``@{command
  13.791 -  "{"}~\<open>\<dots>\<close>~@{command "}"}'', although the body of a sub-proof
  13.792 -  already involves implicit nesting.  In any case, @{command next}
  13.793 -  jumps into the next section of a block, i.e.\ it acts like closing
  13.794 -  an implicit block scope and opening another one; there is no direct
  13.795 -  correspondence to subgoals here.
  13.796 +  Block structure can be indicated explicitly by ``\<^theory_text>\<open>{ \<dots> }\<close>'', although the
  13.797 +  body of a subproof ``\<^theory_text>\<open>proof \<dots> qed\<close>'' already provides implicit nesting. In
  13.798 +  both situations, \<^theory_text>\<open>next\<close> jumps into the next section of a block, i.e.\ it
  13.799 +  acts like closing an implicit block scope and opening another one. There is
  13.800 +  no direct connection to subgoals here!
  13.801  
  13.802 -  The remaining elements @{command fix} and @{command assume} build up
  13.803 -  a local context (see \secref{sec:framework-context}), while
  13.804 -  @{command show} refines a pending sub-goal by the rule resulting
  13.805 -  from a nested sub-proof (see \secref{sec:framework-subproof}).
  13.806 -  Further derived concepts will support calculational reasoning (see
  13.807 -  \secref{sec:framework-calc}).
  13.808 +  The commands \<^theory_text>\<open>fix\<close> and \<^theory_text>\<open>assume\<close> build up a local context (see
  13.809 +  \secref{sec:framework-context}), while \<^theory_text>\<open>show\<close> refines a pending subgoal by
  13.810 +  the rule resulting from a nested subproof (see
  13.811 +  \secref{sec:framework-subproof}). Further derived concepts will support
  13.812 +  calculational reasoning (see \secref{sec:framework-calc}).
  13.813  \<close>
  13.814  
  13.815  
  13.816  subsection \<open>Context elements \label{sec:framework-context}\<close>
  13.817  
  13.818  text \<open>
  13.819 -  In judgments \<open>\<Gamma> \<turnstile> \<phi>\<close> of the primitive framework, \<open>\<Gamma>\<close>
  13.820 -  essentially acts like a proof context.  Isar elaborates this idea
  13.821 -  towards a higher-level notion, with additional information for
  13.822 -  type-inference, term abbreviations, local facts, hypotheses etc.
  13.823 +  In judgments \<open>\<Gamma> \<turnstile> \<phi>\<close> of the primitive framework, \<open>\<Gamma>\<close> essentially acts like a
  13.824 +  proof context. Isar elaborates this idea towards a more advanced concept,
  13.825 +  with additional information for type-inference, term abbreviations, local
  13.826 +  facts, hypotheses etc.
  13.827  
  13.828 -  The element @{command fix}~\<open>x :: \<alpha>\<close> declares a local
  13.829 -  parameter, i.e.\ an arbitrary-but-fixed entity of a given type; in
  13.830 -  results exported from the context, \<open>x\<close> may become anything.
  13.831 -  The @{command assume}~\<open>\<guillemotleft>inference\<guillemotright>\<close> element provides a
  13.832 -  general interface to hypotheses: ``@{command assume}~\<open>\<guillemotleft>inference\<guillemotright> A\<close>'' produces \<open>A \<turnstile> A\<close> locally, while the
  13.833 -  included inference tells how to discharge \<open>A\<close> from results
  13.834 -  \<open>A \<turnstile> B\<close> later on.  There is no user-syntax for \<open>\<guillemotleft>inference\<guillemotright>\<close>, i.e.\ it may only occur internally when derived
  13.835 -  commands are defined in ML.
  13.836 +  The element \<^theory_text>\<open>fix x :: \<alpha>\<close> declares a local parameter, i.e.\ an
  13.837 +  arbitrary-but-fixed entity of a given type; in results exported from the
  13.838 +  context, \<open>x\<close> may become anything. The \<^theory_text>\<open>assume \<guillemotleft>inference\<guillemotright>\<close> element provides
  13.839 +  a general interface to hypotheses: \<^theory_text>\<open>assume \<guillemotleft>inference\<guillemotright> A\<close> produces \<open>A \<turnstile> A\<close>
  13.840 +  locally, while the included inference tells how to discharge \<open>A\<close> from
  13.841 +  results \<open>A \<turnstile> B\<close> later on. There is no surface syntax for \<open>\<guillemotleft>inference\<guillemotright>\<close>,
  13.842 +  i.e.\ it may only occur internally when derived commands are defined in ML.
  13.843  
  13.844 -  At the user-level, the default inference for @{command assume} is
  13.845 -  @{inference discharge} as given below.  The additional variants
  13.846 -  @{command presume} and @{command def} are defined as follows:
  13.847 -
  13.848 -  \<^medskip>
  13.849 -  \begin{tabular}{rcl}
  13.850 -    @{command presume}~\<open>A\<close> & \<open>\<equiv>\<close> & @{command assume}~\<open>\<guillemotleft>weak\<hyphen>discharge\<guillemotright> A\<close> \\
  13.851 -    @{command def}~\<open>x \<equiv> a\<close> & \<open>\<equiv>\<close> & @{command fix}~\<open>x\<close>~@{command assume}~\<open>\<guillemotleft>expansion\<guillemotright> x \<equiv> a\<close> \\
  13.852 -  \end{tabular}
  13.853 -  \<^medskip>
  13.854 +  The default inference for \<^theory_text>\<open>assume\<close> is @{inference export} as given below.
  13.855 +  The derived element \<^theory_text>\<open>def x \<equiv> a\<close> is defined as \<^theory_text>\<open>fix x assume \<guillemotleft>expand\<guillemotright> x \<equiv>
  13.856 +  a\<close>, with the subsequent inference @{inference expand}.
  13.857  
  13.858    \[
  13.859 -  \infer[(@{inference_def discharge})]{\<open>\<strut>\<Gamma> - A \<turnstile> #A \<Longrightarrow> B\<close>}{\<open>\<strut>\<Gamma> \<turnstile> B\<close>}
  13.860 -  \]
  13.861 -  \[
  13.862 -  \infer[(@{inference_def "weak\<hyphen>discharge"})]{\<open>\<strut>\<Gamma> - A \<turnstile> A \<Longrightarrow> B\<close>}{\<open>\<strut>\<Gamma> \<turnstile> B\<close>}
  13.863 -  \]
  13.864 -  \[
  13.865 -  \infer[(@{inference_def expansion})]{\<open>\<strut>\<Gamma> - (x \<equiv> a) \<turnstile> B a\<close>}{\<open>\<strut>\<Gamma> \<turnstile> B x\<close>}
  13.866 +  \infer[(@{inference_def export})]{\<open>\<strut>\<Gamma> - A \<turnstile> A \<Longrightarrow> B\<close>}{\<open>\<strut>\<Gamma> \<turnstile> B\<close>}
  13.867 +  \qquad
  13.868 +  \infer[(@{inference_def expand})]{\<open>\<strut>\<Gamma> - (x \<equiv> a) \<turnstile> B a\<close>}{\<open>\<strut>\<Gamma> \<turnstile> B x\<close>}
  13.869    \]
  13.870  
  13.871    \<^medskip>
  13.872 -  Note that @{inference discharge} and @{inference
  13.873 -  "weak\<hyphen>discharge"} differ in the marker for @{prop A}, which is
  13.874 -  relevant when the result of a @{command fix}-@{command
  13.875 -  assume}-@{command show} outline is composed with a pending goal,
  13.876 -  cf.\ \secref{sec:framework-subproof}.
  13.877 -
  13.878 -  The most interesting derived context element in Isar is @{command
  13.879 -  obtain} @{cite \<open>\S5.3\<close> "Wenzel-PhD"}, which supports generalized
  13.880 -  elimination steps in a purely forward manner.  The @{command obtain}
  13.881 -  command takes a specification of parameters \<open>\<^vec>x\<close> and
  13.882 -  assumptions \<open>\<^vec>A\<close> to be added to the context, together
  13.883 -  with a proof of a case rule stating that this extension is
  13.884 +  The most interesting derived context element in Isar is \<^theory_text>\<open>obtain\<close> @{cite
  13.885 +  \<open>\S5.3\<close> "Wenzel-PhD"}, which supports generalized elimination steps in a
  13.886 +  purely forward manner. The \<^theory_text>\<open>obtain\<close> command takes a specification of
  13.887 +  parameters \<open>\<^vec>x\<close> and assumptions \<open>\<^vec>A\<close> to be added to the context,
  13.888 +  together with a proof of a case rule stating that this extension is
  13.889    conservative (i.e.\ may be removed from closed results later on):
  13.890  
  13.891    \<^medskip>
  13.892    \begin{tabular}{l}
  13.893 -  \<open>\<langle>facts\<rangle>\<close>~~@{command obtain}~\<open>\<^vec>x \<WHERE> \<^vec>A \<^vec>x  \<langle>proof\<rangle> \<equiv>\<close> \\[0.5ex]
  13.894 -  \quad @{command have}~\<open>case: \<And>thesis. (\<And>\<^vec>x. \<^vec>A \<^vec>x \<Longrightarrow> thesis) \<Longrightarrow> thesis\<rangle>\<close> \\
  13.895 -  \quad @{command proof}~@{method "-"} \\
  13.896 -  \qquad @{command fix}~\<open>thesis\<close> \\
  13.897 -  \qquad @{command assume}~\<open>[intro]: \<And>\<^vec>x. \<^vec>A \<^vec>x \<Longrightarrow> thesis\<close> \\
  13.898 -  \qquad @{command show}~\<open>thesis\<close>~@{command using}~\<open>\<langle>facts\<rangle> \<langle>proof\<rangle>\<close> \\
  13.899 -  \quad @{command qed} \\
  13.900 -  \quad @{command fix}~\<open>\<^vec>x\<close>~@{command assume}~\<open>\<guillemotleft>elimination case\<guillemotright> \<^vec>A \<^vec>x\<close> \\
  13.901 +  \<^theory_text>\<open>\<langle>facts\<rangle> obtain "\<^vec>x" where "\<^vec>A" "\<^vec>x" \<proof> \<equiv>\<close> \\[0.5ex]
  13.902 +  \quad \<^theory_text>\<open>have "case": "\<And>thesis. (\<And>\<^vec>x. \<^vec>A \<^vec>x \<Longrightarrow> thesis) \<Longrightarrow> thesis"\<close> \\
  13.903 +  \quad \<^theory_text>\<open>proof -\<close> \\
  13.904 +  \qquad \<^theory_text>\<open>fix thesis\<close> \\
  13.905 +  \qquad \<^theory_text>\<open>assume [intro]: "\<And>\<^vec>x. \<^vec>A \<^vec>x \<Longrightarrow> thesis"\<close> \\
  13.906 +  \qquad \<^theory_text>\<open>show thesis using \<langle>facts\<rangle> \<proof>\<close> \\
  13.907 +  \quad \<^theory_text>\<open>qed\<close> \\
  13.908 +  \quad \<^theory_text>\<open>fix "\<^vec>x" assume \<guillemotleft>elimination "case"\<guillemotright> "\<^vec>A \<^vec>x"\<close> \\
  13.909    \end{tabular}
  13.910    \<^medskip>
  13.911  
  13.912 @@ -640,21 +617,18 @@
  13.913      \end{tabular}}
  13.914    \]
  13.915  
  13.916 -  Here the name ``\<open>thesis\<close>'' is a specific convention
  13.917 -  for an arbitrary-but-fixed proposition; in the primitive natural
  13.918 -  deduction rules shown before we have occasionally used \<open>C\<close>.
  13.919 -  The whole statement of ``@{command obtain}~\<open>x\<close>~@{keyword
  13.920 -  "where"}~\<open>A x\<close>'' may be read as a claim that \<open>A x\<close>
  13.921 -  may be assumed for some arbitrary-but-fixed \<open>x\<close>.  Also note
  13.922 -  that ``@{command obtain}~\<open>A \<AND> B\<close>'' without parameters
  13.923 -  is similar to ``@{command have}~\<open>A \<AND> B\<close>'', but the
  13.924 -  latter involves multiple sub-goals.
  13.925 +  Here the name ``\<open>thesis\<close>'' is a specific convention for an
  13.926 +  arbitrary-but-fixed proposition; in the primitive natural deduction rules
  13.927 +  shown before we have occasionally used \<open>C\<close>. The whole statement of
  13.928 +  ``\<^theory_text>\<open>obtain x where A x\<close>'' can be read as a claim that \<open>A x\<close> may be assumed
  13.929 +  for some arbitrary-but-fixed \<open>x\<close>. Also note that ``\<^theory_text>\<open>obtain A and B\<close>''
  13.930 +  without parameters is similar to ``\<^theory_text>\<open>have A and B\<close>'', but the latter
  13.931 +  involves multiple subgoals that need to be proven separately.
  13.932  
  13.933    \<^medskip>
  13.934 -  The subsequent Isar proof texts explain all context
  13.935 -  elements introduced above using the formal proof language itself.
  13.936 -  After finishing a local proof within a block, we indicate the
  13.937 -  exported result via @{command note}.
  13.938 +  The subsequent Isar proof texts explain all context elements introduced
  13.939 +  above using the formal proof language itself. After finishing a local proof
  13.940 +  within a block, the exported result is indicated via \<^theory_text>\<open>note\<close>.
  13.941  \<close>
  13.942  
  13.943  (*<*)
  13.944 @@ -664,25 +638,25 @@
  13.945    text_raw \<open>\begin{minipage}[t]{0.45\textwidth}\<close>
  13.946    {
  13.947      fix x
  13.948 -    have "B x" sorry %noproof
  13.949 +    have "B x" \<proof>
  13.950    }
  13.951    note \<open>\<And>x. B x\<close>
  13.952    text_raw \<open>\end{minipage}\quad\begin{minipage}[t]{0.45\textwidth}\<close>(*<*)next(*>*)
  13.953    {
  13.954      assume A
  13.955 -    have B sorry %noproof
  13.956 +    have B \<proof>
  13.957    }
  13.958    note \<open>A \<Longrightarrow> B\<close>
  13.959    text_raw \<open>\end{minipage}\\[3ex]\begin{minipage}[t]{0.45\textwidth}\<close>(*<*)next(*>*)
  13.960    {
  13.961      def x \<equiv> a
  13.962 -    have "B x" sorry %noproof
  13.963 +    have "B x" \<proof>
  13.964    }
  13.965    note \<open>B a\<close>
  13.966    text_raw \<open>\end{minipage}\quad\begin{minipage}[t]{0.45\textwidth}\<close>(*<*)next(*>*)
  13.967    {
  13.968 -    obtain x where "A x" sorry %noproof
  13.969 -    have B sorry %noproof
  13.970 +    obtain x where "A x" \<proof>
  13.971 +    have B \<proof>
  13.972    }
  13.973    note \<open>B\<close>
  13.974    text_raw \<open>\end{minipage}\<close>
  13.975 @@ -692,118 +666,110 @@
  13.976  
  13.977  text \<open>
  13.978    \<^bigskip>
  13.979 -  This illustrates the meaning of Isar context
  13.980 -  elements without goals getting in between.
  13.981 +  This explains the meaning of Isar context elements without, without goal
  13.982 +  states getting in the way.
  13.983  \<close>
  13.984  
  13.985  
  13.986  subsection \<open>Structured statements \label{sec:framework-stmt}\<close>
  13.987  
  13.988  text \<open>
  13.989 -  The category \<open>statement\<close> of top-level theorem specifications
  13.990 -  is defined as follows:
  13.991 +  The syntax of top-level theorem statements is defined as follows:
  13.992  
  13.993    \<^medskip>
  13.994    \begin{tabular}{rcl}
  13.995 -  \<open>statement\<close> & \<open>\<equiv>\<close> & \<open>name: props \<AND> \<dots>\<close> \\
  13.996 +  \<open>statement\<close> & \<open>\<equiv>\<close> & \<^theory_text>\<open>name: props and \<dots>\<close> \\
  13.997    & \<open>|\<close> & \<open>context\<^sup>* conclusion\<close> \\[0.5ex]
  13.998  
  13.999 -  \<open>context\<close> & \<open>\<equiv>\<close> & \<open>\<FIXES> vars \<AND> \<dots>\<close> \\
 13.1000 -  & \<open>|\<close> & \<open>\<ASSUMES> name: props \<AND> \<dots>\<close> \\
 13.1001 +  \<open>context\<close> & \<open>\<equiv>\<close> & \<^theory_text>\<open>fixes vars and \<dots>\<close> \\
 13.1002 +  & \<open>|\<close> & \<^theory_text>\<open>assumes name: props and \<dots>\<close> \\
 13.1003  
 13.1004 -  \<open>conclusion\<close> & \<open>\<equiv>\<close> & \<open>\<SHOWS> name: props \<AND> \<dots>\<close> \\
 13.1005 -  & \<open>|\<close> & \<open>\<OBTAINS> vars \<AND> \<dots> \<WHERE> name: props \<AND> \<dots>\<close> \\
 13.1006 +  \<open>conclusion\<close> & \<open>\<equiv>\<close> & \<^theory_text>\<open>shows name: props and \<dots>\<close> \\
 13.1007 +  & \<open>|\<close> & \<^theory_text>\<open>obtains vars and \<dots> where name: props and \<dots>\<close> \\
 13.1008    & & \quad \<open>\<BBAR> \<dots>\<close> \\
 13.1009    \end{tabular}
 13.1010  
 13.1011    \<^medskip>
 13.1012 -  A simple \<open>statement\<close> consists of named
 13.1013 -  propositions.  The full form admits local context elements followed
 13.1014 -  by the actual conclusions, such as ``@{keyword "fixes"}~\<open>x\<close>~@{keyword "assumes"}~\<open>A x\<close>~@{keyword "shows"}~\<open>B
 13.1015 -  x\<close>''.  The final result emerges as a Pure rule after discharging
 13.1016 -  the context: @{prop "\<And>x. A x \<Longrightarrow> B x"}.
 13.1017 +  A simple statement consists of named propositions. The full form admits
 13.1018 +  local context elements followed by the actual conclusions, such as ``\<^theory_text>\<open>fixes
 13.1019 +  x assumes A x shows B x\<close>''. The final result emerges as a Pure rule after
 13.1020 +  discharging the context: @{prop "\<And>x. A x \<Longrightarrow> B x"}.
 13.1021  
 13.1022 -  The @{keyword "obtains"} variant is another abbreviation defined
 13.1023 -  below; unlike @{command obtain} (cf.\
 13.1024 -  \secref{sec:framework-context}) there may be several ``cases''
 13.1025 -  separated by ``\<open>\<BBAR>\<close>'', each consisting of several
 13.1026 -  parameters (\<open>vars\<close>) and several premises (\<open>props\<close>).
 13.1027 -  This specifies multi-branch elimination rules.
 13.1028 +  The \<^theory_text>\<open>obtains\<close> variant is another abbreviation defined below; unlike
 13.1029 +  \<^theory_text>\<open>obtain\<close> (cf.\ \secref{sec:framework-context}) there may be several
 13.1030 +  ``cases'' separated by ``\<open>\<BBAR>\<close>'', each consisting of several parameters
 13.1031 +  (\<open>vars\<close>) and several premises (\<open>props\<close>). This specifies multi-branch
 13.1032 +  elimination rules.
 13.1033  
 13.1034    \<^medskip>
 13.1035    \begin{tabular}{l}
 13.1036 -  \<open>\<OBTAINS> \<^vec>x \<WHERE> \<^vec>A \<^vec>x   \<BBAR>   \<dots>   \<equiv>\<close> \\[0.5ex]
 13.1037 -  \quad \<open>\<FIXES> thesis\<close> \\
 13.1038 -  \quad \<open>\<ASSUMES> [intro]: \<And>\<^vec>x. \<^vec>A \<^vec>x \<Longrightarrow> thesis  \<AND>  \<dots>\<close> \\
 13.1039 -  \quad \<open>\<SHOWS> thesis\<close> \\
 13.1040 +  \<^theory_text>\<open>obtains "\<^vec>x" where "\<^vec>A" "\<^vec>x"  "\<BBAR>"  \<dots>  \<equiv>\<close> \\[0.5ex]
 13.1041 +  \quad \<^theory_text>\<open>fixes thesis\<close> \\
 13.1042 +  \quad \<^theory_text>\<open>assumes [intro]: "\<And>\<^vec>x. \<^vec>A \<^vec>x \<Longrightarrow> thesis"  and  \<dots>\<close> \\
 13.1043 +  \quad \<^theory_text>\<open>shows thesis\<close> \\
 13.1044    \end{tabular}
 13.1045    \<^medskip>
 13.1046  
 13.1047    Presenting structured statements in such an ``open'' format usually
 13.1048 -  simplifies the subsequent proof, because the outer structure of the
 13.1049 -  problem is already laid out directly.  E.g.\ consider the following
 13.1050 -  canonical patterns for \<open>\<SHOWS>\<close> and \<open>\<OBTAINS>\<close>,
 13.1051 -  respectively:
 13.1052 +  simplifies the subsequent proof, because the outer structure of the problem
 13.1053 +  is already laid out directly. E.g.\ consider the following canonical
 13.1054 +  patterns for \<^theory_text>\<open>shows\<close> and \<^theory_text>\<open>obtains\<close>, respectively:
 13.1055  \<close>
 13.1056  
 13.1057  text_raw \<open>\begin{minipage}{0.5\textwidth}\<close>
 13.1058  
 13.1059 -theorem
 13.1060 -  fixes x and y
 13.1061 -  assumes "A x" and "B y"
 13.1062 -  shows "C x y"
 13.1063 -proof -
 13.1064 -  from \<open>A x\<close> and \<open>B y\<close>
 13.1065 -  show "C x y" sorry %noproof
 13.1066 -qed
 13.1067 +  theorem
 13.1068 +    fixes x and y
 13.1069 +    assumes "A x" and "B y"
 13.1070 +    shows "C x y"
 13.1071 +  proof -
 13.1072 +    from \<open>A x\<close> and \<open>B y\<close>
 13.1073 +    show "C x y" \<proof>
 13.1074 +  qed
 13.1075  
 13.1076  text_raw \<open>\end{minipage}\begin{minipage}{0.5\textwidth}\<close>
 13.1077  
 13.1078 -theorem
 13.1079 -  obtains x and y
 13.1080 -  where "A x" and "B y"
 13.1081 -proof -
 13.1082 -  have "A a" and "B b" sorry %noproof
 13.1083 -  then show thesis ..
 13.1084 -qed
 13.1085 +  theorem
 13.1086 +    obtains x and y
 13.1087 +    where "A x" and "B y"
 13.1088 +  proof -
 13.1089 +    have "A a" and "B b" \<proof>
 13.1090 +    then show thesis ..
 13.1091 +  qed
 13.1092  
 13.1093  text_raw \<open>\end{minipage}\<close>
 13.1094  
 13.1095  text \<open>
 13.1096    \<^medskip>
 13.1097 -  Here local facts \isacharbackquoteopen\<open>A
 13.1098 -  x\<close>\isacharbackquoteclose\ and \isacharbackquoteopen\<open>B
 13.1099 -  y\<close>\isacharbackquoteclose\ are referenced immediately; there is no
 13.1100 -  need to decompose the logical rule structure again.  In the second
 13.1101 -  proof the final ``@{command then}~@{command show}~\<open>thesis\<close>~@{command ".."}''  involves the local rule case \<open>\<And>x
 13.1102 -  y. A x \<Longrightarrow> B y \<Longrightarrow> thesis\<close> for the particular instance of terms \<open>a\<close> and \<open>b\<close> produced in the body.
 13.1103 +  Here local facts \<open>\<open>A x\<close>\<close> and \<open>\<open>B y\<close>\<close> are referenced immediately; there is no
 13.1104 +  need to decompose the logical rule structure again. In the second proof the
 13.1105 +  final ``\<^theory_text>\<open>then show thesis ..\<close>'' involves the local rule case \<open>\<And>x y. A x \<Longrightarrow> B
 13.1106 +  y \<Longrightarrow> thesis\<close> for the particular instance of terms \<open>a\<close> and \<open>b\<close> produced in the
 13.1107 +  body.
 13.1108  \<close>
 13.1109  
 13.1110  
 13.1111  subsection \<open>Structured proof refinement \label{sec:framework-subproof}\<close>
 13.1112  
 13.1113  text \<open>
 13.1114 -  By breaking up the grammar for the Isar proof language, we may
 13.1115 -  understand a proof text as a linear sequence of individual proof
 13.1116 -  commands.  These are interpreted as transitions of the Isar virtual
 13.1117 -  machine (Isar/VM), which operates on a block-structured
 13.1118 -  configuration in single steps.  This allows users to write proof
 13.1119 -  texts in an incremental manner, and inspect intermediate
 13.1120 -  configurations for debugging.
 13.1121 +  By breaking up the grammar for the Isar proof language, we may understand a
 13.1122 +  proof text as a linear sequence of individual proof commands. These are
 13.1123 +  interpreted as transitions of the Isar virtual machine (Isar/VM), which
 13.1124 +  operates on a block-structured configuration in single steps. This allows
 13.1125 +  users to write proof texts in an incremental manner, and inspect
 13.1126 +  intermediate configurations for debugging.
 13.1127  
 13.1128 -  The basic idea is analogous to evaluating algebraic expressions on a
 13.1129 -  stack machine: \<open>(a + b) \<cdot> c\<close> then corresponds to a sequence
 13.1130 -  of single transitions for each symbol \<open>(, a, +, b, ), \<cdot>, c\<close>.
 13.1131 -  In Isar the algebraic values are facts or goals, and the operations
 13.1132 -  are inferences.
 13.1133 +  The basic idea is analogous to evaluating algebraic expressions on a stack
 13.1134 +  machine: \<open>(a + b) \<cdot> c\<close> then corresponds to a sequence of single transitions
 13.1135 +  for each symbol \<open>(, a, +, b, ), \<cdot>, c\<close>. In Isar the algebraic values are
 13.1136 +  facts or goals, and the operations are inferences.
 13.1137  
 13.1138    \<^medskip>
 13.1139 -  The Isar/VM state maintains a stack of nodes, each node
 13.1140 -  contains the local proof context, the linguistic mode, and a pending
 13.1141 -  goal (optional).  The mode determines the type of transition that
 13.1142 -  may be performed next, it essentially alternates between forward and
 13.1143 -  backward reasoning, with an intermediate stage for chained facts
 13.1144 -  (see \figref{fig:isar-vm}).
 13.1145 +  The Isar/VM state maintains a stack of nodes, each node contains the local
 13.1146 +  proof context, the linguistic mode, and a pending goal (optional). The mode
 13.1147 +  determines the type of transition that may be performed next, it essentially
 13.1148 +  alternates between forward and backward reasoning, with an intermediate
 13.1149 +  stage for chained facts (see \figref{fig:isar-vm}).
 13.1150  
 13.1151    \begin{figure}[htb]
 13.1152    \begin{center}
 13.1153 @@ -812,17 +778,14 @@
 13.1154    \caption{Isar/VM modes}\label{fig:isar-vm}
 13.1155    \end{figure}
 13.1156  
 13.1157 -  For example, in \<open>state\<close> mode Isar acts like a mathematical
 13.1158 -  scratch-pad, accepting declarations like @{command fix}, @{command
 13.1159 -  assume}, and claims like @{command have}, @{command show}.  A goal
 13.1160 -  statement changes the mode to \<open>prove\<close>, which means that we
 13.1161 -  may now refine the problem via @{command unfolding} or @{command
 13.1162 -  proof}.  Then we are again in \<open>state\<close> mode of a proof body,
 13.1163 -  which may issue @{command show} statements to solve pending
 13.1164 -  sub-goals.  A concluding @{command qed} will return to the original
 13.1165 -  \<open>state\<close> mode one level upwards.  The subsequent Isar/VM
 13.1166 -  trace indicates block structure, linguistic mode, goal state, and
 13.1167 -  inferences:
 13.1168 +  For example, in \<open>state\<close> mode Isar acts like a mathematical scratch-pad,
 13.1169 +  accepting declarations like \<^theory_text>\<open>fix\<close>, \<^theory_text>\<open>assume\<close>, and claims like \<^theory_text>\<open>have\<close>,
 13.1170 +  \<^theory_text>\<open>show\<close>. A goal statement changes the mode to \<open>prove\<close>, which means that we
 13.1171 +  may now refine the problem via \<^theory_text>\<open>unfolding\<close> or \<^theory_text>\<open>proof\<close>. Then we are again
 13.1172 +  in \<open>state\<close> mode of a proof body, which may issue \<^theory_text>\<open>show\<close> statements to solve
 13.1173 +  pending subgoals. A concluding \<^theory_text>\<open>qed\<close> will return to the original \<open>state\<close>
 13.1174 +  mode one level upwards. The subsequent Isar/VM trace indicates block
 13.1175 +  structure, linguistic mode, goal state, and inferences:
 13.1176  \<close>
 13.1177  
 13.1178  text_raw \<open>\begingroup\footnotesize\<close>
 13.1179 @@ -833,7 +796,7 @@
 13.1180    proof
 13.1181      assume A
 13.1182      show B
 13.1183 -      sorry %noproof
 13.1184 +      \<proof>
 13.1185    qed
 13.1186    text_raw \<open>\end{minipage}\quad
 13.1187  \begin{minipage}[t]{0.06\textwidth}
 13.1188 @@ -873,13 +836,12 @@
 13.1189  
 13.1190  text \<open>
 13.1191    Here the @{inference refinement} inference from
 13.1192 -  \secref{sec:framework-resolution} mediates composition of Isar
 13.1193 -  sub-proofs nicely.  Observe that this principle incorporates some
 13.1194 -  degree of freedom in proof composition.  In particular, the proof
 13.1195 -  body allows parameters and assumptions to be re-ordered, or commuted
 13.1196 -  according to Hereditary Harrop Form.  Moreover, context elements
 13.1197 -  that are not used in a sub-proof may be omitted altogether.  For
 13.1198 -  example:
 13.1199 +  \secref{sec:framework-resolution} mediates composition of Isar subproofs
 13.1200 +  nicely. Observe that this principle incorporates some degree of freedom in
 13.1201 +  proof composition. In particular, the proof body allows parameters and
 13.1202 +  assumptions to be re-ordered, or commuted according to Hereditary Harrop
 13.1203 +  Form. Moreover, context elements that are not used in a subproof may be
 13.1204 +  omitted altogether. For example:
 13.1205  \<close>
 13.1206  
 13.1207  text_raw \<open>\begin{minipage}{0.5\textwidth}\<close>
 13.1208 @@ -892,7 +854,7 @@
 13.1209    proof -
 13.1210      fix x and y
 13.1211      assume "A x" and "B y"
 13.1212 -    show "C x y" sorry %noproof
 13.1213 +    show "C x y" \<proof>
 13.1214    qed
 13.1215  
 13.1216  text_raw \<open>\end{minipage}\begin{minipage}{0.5\textwidth}\<close>
 13.1217 @@ -904,7 +866,7 @@
 13.1218    proof -
 13.1219      fix x assume "A x"
 13.1220      fix y assume "B y"
 13.1221 -    show "C x y" sorry %noproof
 13.1222 +    show "C x y" \<proof>
 13.1223    qed
 13.1224  
 13.1225  text_raw \<open>\end{minipage}\\[3ex]\begin{minipage}{0.5\textwidth}\<close>
 13.1226 @@ -916,7 +878,7 @@
 13.1227    proof -
 13.1228      fix y assume "B y"
 13.1229      fix x assume "A x"
 13.1230 -    show "C x y" sorry
 13.1231 +    show "C x y" \<proof>
 13.1232    qed
 13.1233  
 13.1234  text_raw \<open>\end{minipage}\begin{minipage}{0.5\textwidth}\<close>
 13.1235 @@ -927,7 +889,7 @@
 13.1236    proof -
 13.1237      fix y assume "B y"
 13.1238      fix x
 13.1239 -    show "C x y" sorry
 13.1240 +    show "C x y" \<proof>
 13.1241    qed
 13.1242  (*<*)
 13.1243  end
 13.1244 @@ -937,17 +899,15 @@
 13.1245  
 13.1246  text \<open>
 13.1247    \<^medskip>
 13.1248 -  Such ``peephole optimizations'' of Isar texts are
 13.1249 -  practically important to improve readability, by rearranging
 13.1250 -  contexts elements according to the natural flow of reasoning in the
 13.1251 -  body, while still observing the overall scoping rules.
 13.1252 +  Such fine-tuning of Isar text is practically important to improve
 13.1253 +  readability. Contexts elements are rearranged according to the natural flow
 13.1254 +  of reasoning in the body, while still observing the overall scoping rules.
 13.1255  
 13.1256    \<^medskip>
 13.1257 -  This illustrates the basic idea of structured proof
 13.1258 -  processing in Isar.  The main mechanisms are based on natural
 13.1259 -  deduction rule composition within the Pure framework.  In
 13.1260 -  particular, there are no direct operations on goal states within the
 13.1261 -  proof body.  Moreover, there is no hidden automated reasoning
 13.1262 +  This illustrates the basic idea of structured proof processing in Isar. The
 13.1263 +  main mechanisms are based on natural deduction rule composition within the
 13.1264 +  Pure framework. In particular, there are no direct operations on goal states
 13.1265 +  within the proof body. Moreover, there is no hidden automated reasoning
 13.1266    involved, just plain unification.
 13.1267  \<close>
 13.1268  
 13.1269 @@ -956,73 +916,69 @@
 13.1270  
 13.1271  text \<open>
 13.1272    The existing Isar infrastructure is sufficiently flexible to support
 13.1273 -  calculational reasoning (chains of transitivity steps) as derived
 13.1274 -  concept.  The generic proof elements introduced below depend on
 13.1275 -  rules declared as @{attribute trans} in the context.  It is left to
 13.1276 -  the object-logic to provide a suitable rule collection for mixed
 13.1277 -  relations of \<open>=\<close>, \<open><\<close>, \<open>\<le>\<close>, \<open>\<subset>\<close>,
 13.1278 -  \<open>\<subseteq>\<close> etc.  Due to the flexibility of rule composition
 13.1279 -  (\secref{sec:framework-resolution}), substitution of equals by
 13.1280 -  equals is covered as well, even substitution of inequalities
 13.1281 -  involving monotonicity conditions; see also @{cite \<open>\S6\<close> "Wenzel-PhD"}
 13.1282 -  and @{cite "Bauer-Wenzel:2001"}.
 13.1283 +  calculational reasoning (chains of transitivity steps) as derived concept.
 13.1284 +  The generic proof elements introduced below depend on rules declared as
 13.1285 +  @{attribute trans} in the context. It is left to the object-logic to provide
 13.1286 +  a suitable rule collection for mixed relations of \<open>=\<close>, \<open><\<close>, \<open>\<le>\<close>, \<open>\<subset>\<close>, \<open>\<subseteq>\<close>
 13.1287 +  etc. Due to the flexibility of rule composition
 13.1288 +  (\secref{sec:framework-resolution}), substitution of equals by equals is
 13.1289 +  covered as well, even substitution of inequalities involving monotonicity
 13.1290 +  conditions; see also @{cite \<open>\S6\<close> "Wenzel-PhD"} and @{cite
 13.1291 +  "Bauer-Wenzel:2001"}.
 13.1292  
 13.1293 -  The generic calculational mechanism is based on the observation that
 13.1294 -  rules such as \<open>trans:\<close>~@{prop "x = y \<Longrightarrow> y = z \<Longrightarrow> x = z"}
 13.1295 -  proceed from the premises towards the conclusion in a deterministic
 13.1296 -  fashion.  Thus we may reason in forward mode, feeding intermediate
 13.1297 -  results into rules selected from the context.  The course of
 13.1298 -  reasoning is organized by maintaining a secondary fact called
 13.1299 -  ``@{fact calculation}'', apart from the primary ``@{fact this}''
 13.1300 -  already provided by the Isar primitives.  In the definitions below,
 13.1301 +  The generic calculational mechanism is based on the observation that rules
 13.1302 +  such as \<open>trans:\<close>~@{prop "x = y \<Longrightarrow> y = z \<Longrightarrow> x = z"} proceed from the premises
 13.1303 +  towards the conclusion in a deterministic fashion. Thus we may reason in
 13.1304 +  forward mode, feeding intermediate results into rules selected from the
 13.1305 +  context. The course of reasoning is organized by maintaining a secondary
 13.1306 +  fact called ``@{fact calculation}'', apart from the primary ``@{fact this}''
 13.1307 +  already provided by the Isar primitives. In the definitions below,
 13.1308    @{attribute OF} refers to @{inference resolution}
 13.1309 -  (\secref{sec:framework-resolution}) with multiple rule arguments,
 13.1310 -  and \<open>trans\<close> represents to a suitable rule from the context:
 13.1311 +  (\secref{sec:framework-resolution}) with multiple rule arguments, and
 13.1312 +  \<open>trans\<close> represents to a suitable rule from the context:
 13.1313  
 13.1314    \begin{matharray}{rcl}
 13.1315 -    @{command "also"}\<open>\<^sub>0\<close> & \equiv & @{command "note"}~\<open>calculation = this\<close> \\
 13.1316 -    @{command "also"}\<open>\<^sub>n\<^sub>+\<^sub>1\<close> & \equiv & @{command "note"}~\<open>calculation = trans [OF calculation this]\<close> \\[0.5ex]
 13.1317 -    @{command "finally"} & \equiv & @{command "also"}~@{command "from"}~\<open>calculation\<close> \\
 13.1318 +    \<^theory_text>\<open>also"\<^sub>0"\<close> & \equiv & \<^theory_text>\<open>note calculation = this\<close> \\
 13.1319 +    \<^theory_text>\<open>also"\<^sub>n\<^sub>+\<^sub>1"\<close> & \equiv & \<^theory_text>\<open>note calculation = trans [OF calculation this]\<close> \\[0.5ex]
 13.1320 +    \<^theory_text>\<open>finally\<close> & \equiv & \<^theory_text>\<open>also from calculation\<close> \\
 13.1321    \end{matharray}
 13.1322  
 13.1323 -  The start of a calculation is determined implicitly in the
 13.1324 -  text: here @{command also} sets @{fact calculation} to the current
 13.1325 -  result; any subsequent occurrence will update @{fact calculation} by
 13.1326 -  combination with the next result and a transitivity rule.  The
 13.1327 -  calculational sequence is concluded via @{command finally}, where
 13.1328 -  the final result is exposed for use in a concluding claim.
 13.1329 +  The start of a calculation is determined implicitly in the text: here
 13.1330 +  \<^theory_text>\<open>also\<close> sets @{fact calculation} to the current result; any subsequent
 13.1331 +  occurrence will update @{fact calculation} by combination with the next
 13.1332 +  result and a transitivity rule. The calculational sequence is concluded via
 13.1333 +  \<^theory_text>\<open>finally\<close>, where the final result is exposed for use in a concluding claim.
 13.1334  
 13.1335 -  Here is a canonical proof pattern, using @{command have} to
 13.1336 -  establish the intermediate results:
 13.1337 +  Here is a canonical proof pattern, using \<^theory_text>\<open>have\<close> to establish the
 13.1338 +  intermediate results:
 13.1339  \<close>
 13.1340  
 13.1341  (*<*)
 13.1342  notepad
 13.1343  begin
 13.1344 +  fix a b c d :: 'a
 13.1345  (*>*)
 13.1346 -  have "a = b" sorry
 13.1347 -  also have "\<dots> = c" sorry
 13.1348 -  also have "\<dots> = d" sorry
 13.1349 +  have "a = b" \<proof>
 13.1350 +  also have "\<dots> = c" \<proof>
 13.1351 +  also have "\<dots> = d" \<proof>
 13.1352    finally have "a = d" .
 13.1353  (*<*)
 13.1354  end
 13.1355  (*>*)
 13.1356  
 13.1357  text \<open>
 13.1358 -  The term ``\<open>\<dots>\<close>'' above is a special abbreviation
 13.1359 -  provided by the Isabelle/Isar syntax layer: it statically refers to
 13.1360 -  the right-hand side argument of the previous statement given in the
 13.1361 -  text.  Thus it happens to coincide with relevant sub-expressions in
 13.1362 -  the calculational chain, but the exact correspondence is dependent
 13.1363 -  on the transitivity rules being involved.
 13.1364 +  The term ``\<open>\<dots>\<close>'' (literal ellipsis) is a special abbreviation provided by
 13.1365 +  the Isabelle/Isar term syntax: it statically refers to the right-hand side
 13.1366 +  argument of the previous statement given in the text. Thus it happens to
 13.1367 +  coincide with relevant sub-expressions in the calculational chain, but the
 13.1368 +  exact correspondence is dependent on the transitivity rules being involved.
 13.1369  
 13.1370    \<^medskip>
 13.1371 -  Symmetry rules such as @{prop "x = y \<Longrightarrow> y = x"} are like
 13.1372 -  transitivities with only one premise.  Isar maintains a separate
 13.1373 -  rule collection declared via the @{attribute sym} attribute, to be
 13.1374 -  used in fact expressions ``\<open>a [symmetric]\<close>'', or single-step
 13.1375 -  proofs ``@{command assume}~\<open>x = y\<close>~@{command then}~@{command
 13.1376 -  have}~\<open>y = x\<close>~@{command ".."}''.
 13.1377 +  Symmetry rules such as @{prop "x = y \<Longrightarrow> y = x"} are like transitivities with
 13.1378 +  only one premise. Isar maintains a separate rule collection declared via the
 13.1379 +  @{attribute sym} attribute, to be used in fact expressions ``\<open>a
 13.1380 +  [symmetric]\<close>'', or single-step proofs ``\<^theory_text>\<open>assume "x = y" then have "y = x"
 13.1381 +  ..\<close>''.
 13.1382  \<close>
 13.1383  
 13.1384  end
 13.1385 \ No newline at end of file
    14.1 --- a/src/Doc/Isar_Ref/HOL_Specific.thy	Wed Feb 10 15:49:05 2016 +0100
    14.2 +++ b/src/Doc/Isar_Ref/HOL_Specific.thy	Fri Feb 12 22:36:48 2016 +0100
    14.3 @@ -642,14 +642,15 @@
    14.4    \<close>}
    14.5  
    14.6    \<^descr> @{command (HOL) "recdef"} defines general well-founded
    14.7 -  recursive functions (using the TFL package), see also
    14.8 -  @{cite "isabelle-HOL"}.  The ``\<open>(permissive)\<close>'' option tells
    14.9 -  TFL to recover from failed proof attempts, returning unfinished
   14.10 -  results.  The \<open>recdef_simp\<close>, \<open>recdef_cong\<close>, and \<open>recdef_wf\<close> hints refer to auxiliary rules to be used in the internal
   14.11 -  automated proof process of TFL.  Additional @{syntax clasimpmod}
   14.12 -  declarations may be given to tune the context of the Simplifier
   14.13 -  (cf.\ \secref{sec:simplifier}) and Classical reasoner (cf.\
   14.14 -  \secref{sec:classical}).
   14.15 +  recursive functions (using the TFL package).  The
   14.16 +  ``\<open>(permissive)\<close>'' option tells TFL to recover from
   14.17 +  failed proof attempts, returning unfinished results.  The
   14.18 +  \<open>recdef_simp\<close>, \<open>recdef_cong\<close>, and
   14.19 +  \<open>recdef_wf\<close> hints refer to auxiliary rules to be used
   14.20 +  in the internal automated proof process of TFL.  Additional
   14.21 +  @{syntax clasimpmod} declarations may be given to tune the context
   14.22 +  of the Simplifier (cf.\ \secref{sec:simplifier}) and Classical
   14.23 +  reasoner (cf.\ \secref{sec:classical}).
   14.24  
   14.25  
   14.26    \<^medskip>
   14.27 @@ -763,9 +764,8 @@
   14.28    These commands are mostly obsolete; @{command (HOL) "datatype"}
   14.29    should be used instead.
   14.30  
   14.31 -  See @{cite "isabelle-HOL"} for more details on datatypes, but beware of
   14.32 -  the old-style theory syntax being used there!  Apart from proper
   14.33 -  proof methods for case-analysis and induction, there are also
   14.34 +  See @{cite "isabelle-datatypes"} for more details on datatypes.  Apart from proper
   14.35 +  proof methods for case analysis and induction, there are also
   14.36    emulations of ML tactics @{method (HOL) case_tac} and @{method (HOL)
   14.37    induct_tac} available, see \secref{sec:hol-induct-tac}; these admit
   14.38    to refer directly to the internal structure of subgoals (including
    15.1 --- a/src/Doc/Isar_Ref/Proof.thy	Wed Feb 10 15:49:05 2016 +0100
    15.2 +++ b/src/Doc/Isar_Ref/Proof.thy	Fri Feb 12 22:36:48 2016 +0100
    15.3 @@ -210,7 +210,7 @@
    15.4  
    15.5    Abbreviations may be either bound by explicit @{command "let"}~\<open>p \<equiv> t\<close>
    15.6    statements, or by annotating assumptions or goal statements with a list of
    15.7 -  patterns ``\<open>(\<IS> p\<^sub>1 \<dots> p\<^sub>n)\<close>''. In both cases, higher-order matching is
    15.8 +  patterns ``\<^theory_text>\<open>(is p\<^sub>1 \<dots> p\<^sub>n)\<close>''. In both cases, higher-order matching is
    15.9    invoked to bind extra-logical term variables, which may be either named
   15.10    schematic variables of the form \<open>?x\<close>, or nameless dummies ``@{variable _}''
   15.11    (underscore). Note that in the @{command "let"} form the patterns occur on
   15.12 @@ -239,13 +239,13 @@
   15.13    The syntax of @{keyword "is"} patterns follows @{syntax term_pat} or
   15.14    @{syntax prop_pat} (see \secref{sec:term-decls}).
   15.15  
   15.16 -    \<^descr> @{command "let"}~\<open>p\<^sub>1 = t\<^sub>1 \<AND> \<dots> p\<^sub>n = t\<^sub>n\<close> binds any text variables
   15.17 -    in patterns \<open>p\<^sub>1, \<dots>, p\<^sub>n\<close> by simultaneous higher-order matching against
   15.18 -    terms \<open>t\<^sub>1, \<dots>, t\<^sub>n\<close>.
   15.19 +    \<^descr> \<^theory_text>\<open>let p\<^sub>1 = t\<^sub>1 and \<dots> p\<^sub>n = t\<^sub>n\<close> binds any text variables in patterns
   15.20 +    \<open>p\<^sub>1, \<dots>, p\<^sub>n\<close> by simultaneous higher-order matching against terms \<open>t\<^sub>1, \<dots>,
   15.21 +    t\<^sub>n\<close>.
   15.22  
   15.23 -    \<^descr> \<open>(\<IS> p\<^sub>1 \<dots> p\<^sub>n)\<close> resembles @{command "let"}, but matches \<open>p\<^sub>1, \<dots>,
   15.24 -    p\<^sub>n\<close> against the preceding statement. Also note that @{keyword "is"} is
   15.25 -    not a separate command, but part of others (such as @{command "assume"},
   15.26 +    \<^descr> \<^theory_text>\<open>(is p\<^sub>1 \<dots> p\<^sub>n)\<close> resembles @{command "let"}, but matches \<open>p\<^sub>1, \<dots>, p\<^sub>n\<close>
   15.27 +    against the preceding statement. Also note that @{keyword "is"} is not a
   15.28 +    separate command, but part of others (such as @{command "assume"},
   15.29      @{command "have"} etc.).
   15.30  
   15.31    Some \<^emph>\<open>implicit\<close> term abbreviations\index{term abbreviations} for goals and
   15.32 @@ -441,14 +441,10 @@
   15.33    warning beforehand. Watch out for the following message:
   15.34    @{verbatim [display] \<open>Local statement fails to refine any pending goal\<close>}
   15.35  
   15.36 -  \<^descr> @{command "hence"} abbreviates ``@{command "then"}~@{command "have"}'',
   15.37 -  i.e.\ claims a local goal to be proven by forward chaining the current
   15.38 -  facts. Note that @{command "hence"} is also equivalent to ``@{command
   15.39 -  "from"}~\<open>this\<close>~@{command "have"}''.
   15.40 -
   15.41 -  \<^descr> @{command "thus"} abbreviates ``@{command "then"}~@{command "show"}''.
   15.42 -  Note that @{command "thus"} is also equivalent to ``@{command
   15.43 -  "from"}~\<open>this\<close>~@{command "show"}''.
   15.44 +  \<^descr> @{command "hence"} expands to ``@{command "then"}~@{command "have"}'' and
   15.45 +  @{command "thus"} expands to ``@{command "then"}~@{command "show"}''. These
   15.46 +  conflations are left-over from early history of Isar. The expanded syntax is
   15.47 +  more orthogonal and improves readability and maintainability of proofs.
   15.48  
   15.49    \<^descr> @{command "print_statement"}~\<open>a\<close> prints facts from the current theory or
   15.50    proof context in long statement form, according to the syntax for @{command
   15.51 @@ -682,11 +678,11 @@
   15.52    forward chaining are passed if so indicated by \<open>proof(chain)\<close> mode.
   15.53  
   15.54    \<^descr> @{command "qed"}~\<open>m\<^sub>2\<close> refines any remaining goals by proof method \<open>m\<^sub>2\<close>
   15.55 -  and concludes the sub-proof by assumption. If the goal had been \<open>show\<close> (or
   15.56 -  \<open>thus\<close>), some pending sub-goal is solved as well by the rule resulting from
   15.57 -  the result \<^emph>\<open>exported\<close> into the enclosing goal context. Thus \<open>qed\<close> may fail
   15.58 -  for two reasons: either \<open>m\<^sub>2\<close> fails, or the resulting rule does not fit to
   15.59 -  any pending goal\<^footnote>\<open>This includes any additional ``strong'' assumptions as
   15.60 +  and concludes the sub-proof by assumption. If the goal had been \<open>show\<close>, some
   15.61 +  pending sub-goal is solved as well by the rule resulting from the result
   15.62 +  \<^emph>\<open>exported\<close> into the enclosing goal context. Thus \<open>qed\<close> may fail for two
   15.63 +  reasons: either \<open>m\<^sub>2\<close> fails, or the resulting rule does not fit to any
   15.64 +  pending goal\<^footnote>\<open>This includes any additional ``strong'' assumptions as
   15.65    introduced by @{command "assume"}.\<close> of the enclosing context. Debugging such
   15.66    a situation might involve temporarily changing @{command "show"} into
   15.67    @{command "have"}, or weakening the local context by replacing occurrences
    16.1 --- a/src/Doc/Isar_Ref/Proof_Script.thy	Wed Feb 10 15:49:05 2016 +0100
    16.2 +++ b/src/Doc/Isar_Ref/Proof_Script.thy	Fri Feb 12 22:36:48 2016 +0100
    16.3 @@ -13,10 +13,13 @@
    16.4  
    16.5    Nonetheless, it is possible to emulate proof scripts by sequential
    16.6    refinements of a proof state in backwards mode, notably with the @{command
    16.7 -  apply} command (see \secref{sec:tactic-commands}). There are also various
    16.8 -  proof methods that allow to refer to implicit goal state information that is
    16.9 -  normally not accessible to structured Isar proofs (see
   16.10 -  \secref{sec:tactics}).
   16.11 +  apply} command (see \secref{sec:tactic-commands}).
   16.12 +
   16.13 +  There are also various proof methods that allow to refer to implicit goal
   16.14 +  state information that is not accessible to structured Isar proofs (see
   16.15 +  \secref{sec:tactics}). Note that the @{command subgoal}
   16.16 +  (\secref{sec:subgoal}) command usually eliminates the need for implicit goal
   16.17 +  state references.
   16.18  \<close>
   16.19  
   16.20  
   16.21 @@ -82,7 +85,7 @@
   16.22  \<close>
   16.23  
   16.24  
   16.25 -section \<open>Explicit subgoal structure\<close>
   16.26 +section \<open>Explicit subgoal structure \label{sec:subgoal}\<close>
   16.27  
   16.28  text \<open>
   16.29    \begin{matharray}{rcl}
   16.30 @@ -130,24 +133,24 @@
   16.31  
   16.32  lemma "\<And>x y z. A x \<Longrightarrow> B y \<Longrightarrow> C z"
   16.33    and "\<And>u v. X u \<Longrightarrow> Y v"
   16.34 -  subgoal sorry
   16.35 -  subgoal sorry
   16.36 +  subgoal \<proof>
   16.37 +  subgoal \<proof>
   16.38    done
   16.39  
   16.40  lemma "\<And>x y z. A x \<Longrightarrow> B y \<Longrightarrow> C z"
   16.41    and "\<And>u v. X u \<Longrightarrow> Y v"
   16.42 -  subgoal for x y z sorry
   16.43 -  subgoal for u v sorry
   16.44 +  subgoal for x y z \<proof>
   16.45 +  subgoal for u v \<proof>
   16.46    done
   16.47  
   16.48  lemma "\<And>x y z. A x \<Longrightarrow> B y \<Longrightarrow> C z"
   16.49    and "\<And>u v. X u \<Longrightarrow> Y v"
   16.50    subgoal premises for x y z
   16.51      using \<open>A x\<close> \<open>B y\<close>
   16.52 -    sorry
   16.53 +    \<proof>
   16.54    subgoal premises for u v
   16.55      using \<open>X u\<close>
   16.56 -    sorry
   16.57 +    \<proof>
   16.58    done
   16.59  
   16.60  lemma "\<And>x y z. A x \<Longrightarrow> B y \<Longrightarrow> C z"
   16.61 @@ -156,21 +159,21 @@
   16.62    proof -
   16.63      have "A x" by (fact prems)
   16.64      moreover have "B y" by (fact prems)
   16.65 -    ultimately show ?thesis sorry
   16.66 +    ultimately show ?thesis \<proof>
   16.67    qed
   16.68    subgoal premises prems for u v
   16.69    proof -
   16.70      have "\<And>x y z. A x \<Longrightarrow> B y \<Longrightarrow> C z" by (fact r)
   16.71      moreover
   16.72      have "X u" by (fact prems)
   16.73 -    ultimately show ?thesis sorry
   16.74 +    ultimately show ?thesis \<proof>
   16.75    qed
   16.76    done
   16.77  
   16.78  lemma "\<And>x y z. A x \<Longrightarrow> B y \<Longrightarrow> C z"
   16.79    subgoal premises prems for \<dots> z
   16.80    proof -
   16.81 -    from prems show "C z" sorry
   16.82 +    from prems show "C z" \<proof>
   16.83    qed
   16.84    done
   16.85  
    17.1 --- a/src/Doc/Isar_Ref/Quick_Reference.thy	Wed Feb 10 15:49:05 2016 +0100
    17.2 +++ b/src/Doc/Isar_Ref/Quick_Reference.thy	Fri Feb 12 22:36:48 2016 +0100
    17.3 @@ -8,43 +8,58 @@
    17.4  
    17.5  section \<open>Proof commands\<close>
    17.6  
    17.7 -subsection \<open>Primitives and basic syntax\<close>
    17.8 +subsection \<open>Main grammar \label{ap:main-grammar}\<close>
    17.9 +
   17.10 +text \<open>
   17.11 +  \begin{tabular}{rcl}
   17.12 +    \<open>main\<close> & = & \<^theory_text>\<open>notepad begin "statement\<^sup>*" end\<close> \\
   17.13 +    & \<open>|\<close> & \<^theory_text>\<open>theorem name: props "proof"\<close> \\
   17.14 +    & \<open>|\<close> & \<^theory_text>\<open>theorem name:\<close> \\
   17.15 +    & & \quad\<^theory_text>\<open>fixes "var\<^sup>+"\<close> \\
   17.16 +    & & \quad\<^theory_text>\<open>assumes name: props\<close> \\
   17.17 +    & & \quad\<^theory_text>\<open>shows name: props "proof"\<close> \\
   17.18 +    \<open>proof\<close> & = & \<^theory_text>\<open>"refinement\<^sup>*" proof "method\<^sup>?" "statement\<^sup>*" qed "method\<^sup>?"\<close> \\
   17.19 +    & \<open>|\<close> & \<^theory_text>\<open>"refinement\<^sup>*" done\<close> \\
   17.20 +    \<open>refinement\<close> & = &  \<^theory_text>\<open>apply method\<close> \\
   17.21 +    & \<open>|\<close> & \<^theory_text>\<open>supply facts\<close> \\
   17.22 +    & \<open>|\<close> & \<^theory_text>\<open>subgoal "proof"\<close> \\
   17.23 +    & \<open>|\<close> & \<^theory_text>\<open>subgoal for "var\<^sup>+" "proof"\<close> \\
   17.24 +    & \<open>|\<close> & \<^theory_text>\<open>using facts\<close> \\
   17.25 +    & \<open>|\<close> & \<^theory_text>\<open>unfolding facts\<close> \\
   17.26 +    \<open>statement\<close> & = & \<^theory_text>\<open>{ "statement\<^sup>*" }\<close> \\
   17.27 +    & \<open>|\<close> & \<^theory_text>\<open>next\<close> \\
   17.28 +    & \<open>|\<close> & \<^theory_text>\<open>note name = facts\<close> \\
   17.29 +    & \<open>|\<close> & \<^theory_text>\<open>let "term" = "term"\<close> \\
   17.30 +    & \<open>|\<close> & \<^theory_text>\<open>write name  (mixfix)\<close> \\
   17.31 +    & \<open>|\<close> & \<^theory_text>\<open>fix "var\<^sup>+"\<close> \\
   17.32 +    & \<open>|\<close> & \<^theory_text>\<open>assume name: props\<close> \\
   17.33 +    & \<open>|\<close> & \<^theory_text>\<open>assume name: props if name: props for "var\<^sup>+"\<close> \\
   17.34 +    & \<open>|\<close> & \<^theory_text>\<open>then"\<^sup>?" goal\<close> \\
   17.35 +    \<open>goal\<close> & = & \<^theory_text>\<open>have name: props "proof"\<close> \\
   17.36 +    & \<open>|\<close> & \<^theory_text>\<open>have name: props if name: props for "var\<^sup>+" "proof"\<close> \\
   17.37 +    & \<open>|\<close> & \<^theory_text>\<open>show name: props "proof"\<close> \\
   17.38 +    & \<open>|\<close> & \<^theory_text>\<open>show name: props if name: props for "var\<^sup>+" "proof"\<close> \\
   17.39 +  \end{tabular}
   17.40 +\<close>
   17.41 +
   17.42 +
   17.43 +subsection \<open>Primitives\<close>
   17.44  
   17.45  text \<open>
   17.46    \begin{tabular}{ll}
   17.47 -    @{command "fix"}~\<open>x\<close> & augment context by \<open>\<And>x. \<box>\<close> \\
   17.48 -    @{command "assume"}~\<open>a: \<phi>\<close> & augment context by \<open>\<phi> \<Longrightarrow> \<box>\<close> \\
   17.49 -    @{command "then"} & indicate forward chaining of facts \\
   17.50 -    @{command "have"}~\<open>a: \<phi>\<close> & prove local result \\
   17.51 -    @{command "show"}~\<open>a: \<phi>\<close> & prove local result, refining some goal \\
   17.52 -    @{command "using"}~\<open>a\<close> & indicate use of additional facts \\
   17.53 -    @{command "unfolding"}~\<open>a\<close> & unfold definitional equations \\
   17.54 -    @{command "proof"}~\<open>m\<^sub>1\<close>~\dots~@{command "qed"}~\<open>m\<^sub>2\<close> & indicate proof structure and refinements \\
   17.55 -    @{command "{"}~\<open>\<dots>\<close>~@{command "}"} & indicate explicit blocks \\
   17.56 -    @{command "next"} & switch blocks \\
   17.57 -    @{command "note"}~\<open>a = b\<close> & reconsider facts \\
   17.58 -    @{command "let"}~\<open>p = t\<close> & abbreviate terms by higher-order matching \\
   17.59 -    @{command "write"}~\<open>c  (mx)\<close> & declare local mixfix syntax \\
   17.60 -  \end{tabular}
   17.61 -
   17.62 -  \<^medskip>
   17.63 -
   17.64 -  \begin{tabular}{rcl}
   17.65 -    \<open>proof\<close> & = & \<open>prfx\<^sup>*\<close>~@{command "proof"}~\<open>method\<^sup>? stmt\<^sup>*\<close>~@{command "qed"}~\<open>method\<^sup>?\<close> \\
   17.66 -    & \<open>|\<close> & \<open>prfx\<^sup>*\<close>~@{command "done"} \\
   17.67 -    \<open>prfx\<close> & = & @{command "apply"}~\<open>method\<close> \\
   17.68 -    & \<open>|\<close> & @{command "using"}~\<open>facts\<close> \\
   17.69 -    & \<open>|\<close> & @{command "unfolding"}~\<open>facts\<close> \\
   17.70 -    \<open>stmt\<close> & = & @{command "{"}~\<open>stmt\<^sup>*\<close>~@{command "}"} \\
   17.71 -    & \<open>|\<close> & @{command "next"} \\
   17.72 -    & \<open>|\<close> & @{command "note"}~\<open>name = facts\<close> \\
   17.73 -    & \<open>|\<close> & @{command "let"}~\<open>term = term\<close> \\
   17.74 -    & \<open>|\<close> & @{command "write"}~\<open>name (mixfix)\<close> \\
   17.75 -    & \<open>|\<close> & @{command "fix"}~\<open>var\<^sup>+\<close> \\
   17.76 -    & \<open>|\<close> & @{command "assume"}~\<open>name: props\<close> \\
   17.77 -    & \<open>|\<close> & @{command "then"}\<open>\<^sup>?\<close>~\<open>goal\<close> \\
   17.78 -    \<open>goal\<close> & = & @{command "have"}~\<open>name: props proof\<close> \\
   17.79 -    & \<open>|\<close> & @{command "show"}~\<open>name: props proof\<close> \\
   17.80 +    \<^theory_text>\<open>fix x\<close> & augment context by \<open>\<And>x. \<box>\<close> \\
   17.81 +    \<^theory_text>\<open>assume a: A\<close> & augment context by \<open>A \<Longrightarrow> \<box>\<close> \\
   17.82 +    \<^theory_text>\<open>then\<close> & indicate forward chaining of facts \\
   17.83 +    \<^theory_text>\<open>have a: A\<close> & prove local result \\
   17.84 +    \<^theory_text>\<open>show a: A\<close> & prove local result, refining some goal \\
   17.85 +    \<^theory_text>\<open>using a\<close> & indicate use of additional facts \\
   17.86 +    \<^theory_text>\<open>unfolding a\<close> & unfold definitional equations \\
   17.87 +    \<^theory_text>\<open>proof m\<^sub>1 \<dots> qed m\<^sub>2\<close> & indicate proof structure and refinements \\
   17.88 +    \<^theory_text>\<open>{ \<dots> }\<close> & indicate explicit blocks \\
   17.89 +    \<^theory_text>\<open>next\<close> & switch proof blocks \\
   17.90 +    \<^theory_text>\<open>note a = b\<close> & reconsider and declare facts \\
   17.91 +    \<^theory_text>\<open>let p = t\<close> & abbreviate terms by higher-order matching \\
   17.92 +    \<^theory_text>\<open>write c  (mx)\<close> & declare local mixfix syntax \\
   17.93    \end{tabular}
   17.94  \<close>
   17.95  
   17.96 @@ -53,17 +68,12 @@
   17.97  
   17.98  text \<open>
   17.99    \begin{tabular}{rcl}
  17.100 -    @{command "by"}~\<open>m\<^sub>1 m\<^sub>2\<close> & \<open>\<equiv>\<close> &
  17.101 -      @{command "proof"}~\<open>m\<^sub>1\<close>~@{command "qed"}~\<open>m\<^sub>2\<close> \\
  17.102 -    @{command ".."} & \<open>\<equiv>\<close> & @{command "by"}~\<open>standard\<close> \\
  17.103 -    @{command "."} & \<open>\<equiv>\<close> & @{command "by"}~\<open>this\<close> \\
  17.104 -    @{command "hence"} & \<open>\<equiv>\<close> & @{command "then"}~@{command "have"} \\
  17.105 -    @{command "thus"} & \<open>\<equiv>\<close> & @{command "then"}~@{command "show"} \\
  17.106 -    @{command "from"}~\<open>a\<close> & \<open>\<equiv>\<close> & @{command "note"}~\<open>a\<close>~@{command "then"} \\
  17.107 -    @{command "with"}~\<open>a\<close> & \<open>\<equiv>\<close> & @{command "from"}~\<open>a \<AND> this\<close> \\
  17.108 -    @{command "from"}~\<open>this\<close> & \<open>\<equiv>\<close> & @{command "then"} \\
  17.109 -    @{command "from"}~\<open>this\<close>~@{command "have"} & \<open>\<equiv>\<close> & @{command "hence"} \\
  17.110 -    @{command "from"}~\<open>this\<close>~@{command "show"} & \<open>\<equiv>\<close> & @{command "thus"} \\
  17.111 +    \<^theory_text>\<open>by m\<^sub>1 m\<^sub>2\<close> & \<open>\<equiv>\<close> & \<^theory_text>\<open>proof m\<^sub>1 qed m\<^sub>2\<close> \\
  17.112 +    \<^theory_text>\<open>..\<close> & \<open>\<equiv>\<close> & \<^theory_text>\<open>by standard\<close> \\
  17.113 +    \<^theory_text>\<open>.\<close> & \<open>\<equiv>\<close> & \<^theory_text>\<open>by this\<close> \\
  17.114 +    \<^theory_text>\<open>from a\<close> & \<open>\<equiv>\<close> & \<^theory_text>\<open>note a then\<close> \\
  17.115 +    \<^theory_text>\<open>with a\<close> & \<open>\<equiv>\<close> & \<^theory_text>\<open>from a and this\<close> \\
  17.116 +    \<^theory_text>\<open>from this\<close> & \<open>\<equiv>\<close> & \<^theory_text>\<open>then\<close> \\
  17.117    \end{tabular}
  17.118  \<close>
  17.119  
  17.120 @@ -72,26 +82,19 @@
  17.121  
  17.122  text \<open>
  17.123    \begin{tabular}{rcl}
  17.124 -    @{command "also"}\<open>\<^sub>0\<close> & \<open>\<approx>\<close> &
  17.125 -      @{command "note"}~\<open>calculation = this\<close> \\
  17.126 -    @{command "also"}\<open>\<^sub>n\<^sub>+\<^sub>1\<close> & \<open>\<approx>\<close> &
  17.127 -      @{command "note"}~\<open>calculation = trans [OF calculation this]\<close> \\
  17.128 -    @{command "finally"} & \<open>\<approx>\<close> &
  17.129 -      @{command "also"}~@{command "from"}~\<open>calculation\<close> \\[0.5ex]
  17.130 -    @{command "moreover"} & \<open>\<approx>\<close> &
  17.131 -      @{command "note"}~\<open>calculation = calculation this\<close> \\
  17.132 -    @{command "ultimately"} & \<open>\<approx>\<close> &
  17.133 -      @{command "moreover"}~@{command "from"}~\<open>calculation\<close> \\[0.5ex]
  17.134 -    @{command "presume"}~\<open>a: \<phi>\<close> & \<open>\<approx>\<close> &
  17.135 -      @{command "assume"}~\<open>a: \<phi>\<close> \\
  17.136 -    @{command "def"}~\<open>a: x \<equiv> t\<close> & \<open>\<approx>\<close> &
  17.137 -      @{command "fix"}~\<open>x\<close>~@{command "assume"}~\<open>a: x \<equiv> t\<close> \\
  17.138 -    @{command "obtain"}~\<open>x \<WHERE> a: \<phi>\<close> & \<open>\<approx>\<close> &
  17.139 -      \<open>\<dots>\<close>~@{command "fix"}~\<open>x\<close>~@{command "assume"}~\<open>a: \<phi>\<close> \\
  17.140 -    @{command "case"}~\<open>c\<close> & \<open>\<approx>\<close> &
  17.141 -      @{command "fix"}~\<open>x\<close>~@{command "assume"}~\<open>c: \<phi>\<close> \\
  17.142 -    @{command "sorry"} & \<open>\<approx>\<close> &
  17.143 -      @{command "by"}~\<open>cheating\<close> \\
  17.144 +    \<^theory_text>\<open>also"\<^sub>0"\<close> & \<open>\<approx>\<close> & \<^theory_text>\<open>note calculation = this\<close> \\
  17.145 +    \<^theory_text>\<open>also"\<^sub>n\<^sub>+\<^sub>1"\<close> & \<open>\<approx>\<close> & \<^theory_text>\<open>note calculation = trans [OF calculation this]\<close> \\
  17.146 +    \<^theory_text>\<open>finally\<close> & \<open>\<approx>\<close> & \<^theory_text>\<open>also from calculation\<close> \\[0.5ex]
  17.147 +    \<^theory_text>\<open>moreover\<close> & \<open>\<approx>\<close> & \<^theory_text>\<open>note calculation = calculation this\<close> \\
  17.148 +    \<^theory_text>\<open>ultimately\<close> & \<open>\<approx>\<close> & \<^theory_text>\<open>moreover from calculation\<close> \\[0.5ex]
  17.149 +    \<^theory_text>\<open>presume a: A\<close> & \<open>\<approx>\<close> & \<^theory_text>\<open>assume a: A\<close> \\
  17.150 +    \<^theory_text>\<open>def "x \<equiv> t"\<close> & \<open>\<approx>\<close> & \<^theory_text>\<open>fix x assume x_def: "x \<equiv> t"\<close> \\
  17.151 +    \<^theory_text>\<open>consider x where A | \<dots>\<close> & \<open>\<approx>\<close> & \<^theory_text>\<open>have thesis\<close> \\
  17.152 +    & & \quad \<^theory_text>\<open>if "\<And>x. A \<Longrightarrow> thesis" and \<dots> for thesis\<close> \\
  17.153 +    \<^theory_text>\<open>obtain x where a: A \<proof>\<close> & \<open>\<approx>\<close> & \<^theory_text>\<open>consider x where A \<proof>\<close> \\
  17.154 +    & & \<^theory_text>\<open>fix x assume a: A\<close> \\
  17.155 +    \<^theory_text>\<open>case c\<close> & \<open>\<approx>\<close> & \<^theory_text>\<open>fix x assume c: A\<close> \\
  17.156 +    \<^theory_text>\<open>sorry\<close> & \<open>\<approx>\<close> & \<^theory_text>\<open>by cheating\<close> \\
  17.157    \end{tabular}
  17.158  \<close>
  17.159  
  17.160 @@ -100,12 +103,11 @@
  17.161  
  17.162  text \<open>
  17.163    \begin{tabular}{ll}
  17.164 -    @{command "print_state"} & print proof state \\
  17.165 -    @{command "print_statement"} & print fact in long statement form \\
  17.166 -    @{command "thm"}~\<open>a\<close> & print fact \\
  17.167 -    @{command "prop"}~\<open>\<phi>\<close> & print proposition \\
  17.168 -    @{command "term"}~\<open>t\<close> & print term \\
  17.169 -    @{command "typ"}~\<open>\<tau>\<close> & print type \\
  17.170 +    \<^theory_text>\<open>typ \<tau>\<close> & print type \\
  17.171 +    \<^theory_text>\<open>term t\<close> & print term \\
  17.172 +    \<^theory_text>\<open>prop \<phi>\<close> & print proposition \\
  17.173 +    \<^theory_text>\<open>thm a\<close> & print fact \\
  17.174 +    \<^theory_text>\<open>print_statement a\<close> & print fact in long statement form \\
  17.175    \end{tabular}
  17.176  \<close>
  17.177  
  17.178 @@ -115,7 +117,7 @@
  17.179  text \<open>
  17.180    \begin{tabular}{ll}
  17.181      \multicolumn{2}{l}{\<^bold>\<open>Single steps (forward-chaining facts)\<close>} \\[0.5ex]
  17.182 -    @{method assumption} & apply some assumption \\
  17.183 +    @{method assumption} & apply some goal assumption \\
  17.184      @{method this} & apply current facts \\
  17.185      @{method rule}~\<open>a\<close> & apply some rule  \\
  17.186      @{method standard} & apply standard rule (default for @{command "proof"}) \\
  17.187 @@ -127,6 +129,8 @@
  17.188      @{method "-"} & no rules \\
  17.189      @{method intro}~\<open>a\<close> & introduction rules \\
  17.190      @{method intro_classes} & class introduction rules \\
  17.191 +    @{method intro_locales} & locale introduction rules (without body) \\
  17.192 +    @{method unfold_locales} & locale introduction rules (with body) \\
  17.193      @{method elim}~\<open>a\<close> & elimination rules \\
  17.194      @{method unfold}~\<open>a\<close> & definitional rewrite rules \\[2ex]
  17.195  
  17.196 @@ -195,18 +199,20 @@
  17.197  \<close>
  17.198  
  17.199  
  17.200 -section \<open>Emulating tactic scripts\<close>
  17.201 +section \<open>Proof scripts\<close>
  17.202  
  17.203  subsection \<open>Commands\<close>
  17.204  
  17.205  text \<open>
  17.206    \begin{tabular}{ll}
  17.207 -    @{command "apply"}~\<open>m\<close> & apply proof method at initial position \\
  17.208 -    @{command "apply_end"}~\<open>m\<close> & apply proof method near terminal position \\
  17.209 -    @{command "done"} & complete proof \\
  17.210 -    @{command "defer"}~\<open>n\<close> & move subgoal to end \\
  17.211 -    @{command "prefer"}~\<open>n\<close> & move subgoal to beginning \\
  17.212 -    @{command "back"} & backtrack last command \\
  17.213 +    \<^theory_text>\<open>apply m\<close> & apply proof method during backwards refinement \\
  17.214 +    \<^theory_text>\<open>apply_end m\<close> & apply proof method (as if in terminal position) \\
  17.215 +    \<^theory_text>\<open>supply a\<close> & supply facts during backwards refinement \\
  17.216 +    \<^theory_text>\<open>subgoal\<close> & nested proof during backwards refinement \\
  17.217 +    \<^theory_text>\<open>defer n\<close> & move subgoal to end \\
  17.218 +    \<^theory_text>\<open>prefer n\<close> & move subgoal to start \\
  17.219 +    \<^theory_text>\<open>back\<close> & backtrack last command \\
  17.220 +    \<^theory_text>\<open>done\<close> & complete proof \\
  17.221    \end{tabular}
  17.222  \<close>
  17.223  
    18.1 --- a/src/Doc/Isar_Ref/Synopsis.thy	Wed Feb 10 15:49:05 2016 +0100
    18.2 +++ b/src/Doc/Isar_Ref/Synopsis.thy	Fri Feb 12 22:36:48 2016 +0100
    18.3 @@ -53,7 +53,7 @@
    18.4    assume a: A
    18.5  
    18.6    txt \<open>Via proof (``let''):\<close>
    18.7 -  have b: B sorry
    18.8 +  have b: B \<proof>
    18.9  
   18.10    txt \<open>Via abbreviation (``let''):\<close>
   18.11    note c = a b
   18.12 @@ -156,8 +156,8 @@
   18.13  notepad
   18.14  begin
   18.15    {
   18.16 -    have a: A sorry
   18.17 -    have b: B sorry
   18.18 +    have a: A \<proof>
   18.19 +    have b: B \<proof>
   18.20      note a b
   18.21    }
   18.22    note this
   18.23 @@ -174,15 +174,15 @@
   18.24  begin
   18.25  
   18.26    {
   18.27 -    have a: A sorry
   18.28 +    have a: A \<proof>
   18.29    next
   18.30      have b: B
   18.31      proof -
   18.32 -      show B sorry
   18.33 +      show B \<proof>
   18.34      next
   18.35 -      have c: C sorry
   18.36 +      have c: C \<proof>
   18.37      next
   18.38 -      have d: D sorry
   18.39 +      have d: D \<proof>
   18.40      qed
   18.41    }
   18.42  
   18.43 @@ -190,19 +190,19 @@
   18.44  
   18.45    {
   18.46      {
   18.47 -      have a: A sorry
   18.48 +      have a: A \<proof>
   18.49      }
   18.50      {
   18.51        have b: B
   18.52        proof -
   18.53          {
   18.54 -          show B sorry
   18.55 +          show B \<proof>
   18.56          }
   18.57          {
   18.58 -          have c: C sorry
   18.59 +          have c: C \<proof>
   18.60          }
   18.61          {
   18.62 -          have d: D sorry
   18.63 +          have d: D \<proof>
   18.64          }
   18.65        qed
   18.66      }
   18.67 @@ -235,7 +235,7 @@
   18.68    have "x = y"
   18.69    proof -
   18.70      term ?thesis
   18.71 -    show ?thesis sorry
   18.72 +    show ?thesis \<proof>
   18.73      term ?thesis  \<comment> \<open>static!\<close>
   18.74    qed
   18.75    term "\<dots>"
   18.76 @@ -260,31 +260,31 @@
   18.77  notepad
   18.78  begin
   18.79    txt \<open>Plain bottom-up calculation:\<close>
   18.80 -  have "a = b" sorry
   18.81 +  have "a = b" \<proof>
   18.82    also
   18.83 -  have "b = c" sorry
   18.84 +  have "b = c" \<proof>
   18.85    also
   18.86 -  have "c = d" sorry
   18.87 +  have "c = d" \<proof>
   18.88    finally
   18.89    have "a = d" .
   18.90  
   18.91    txt \<open>Variant using the \<open>\<dots>\<close> abbreviation:\<close>
   18.92 -  have "a = b" sorry
   18.93 +  have "a = b" \<proof>
   18.94    also
   18.95 -  have "\<dots> = c" sorry
   18.96 +  have "\<dots> = c" \<proof>
   18.97    also
   18.98 -  have "\<dots> = d" sorry
   18.99 +  have "\<dots> = d" \<proof>
  18.100    finally
  18.101    have "a = d" .
  18.102  
  18.103    txt \<open>Top-down version with explicit claim at the head:\<close>
  18.104    have "a = d"
  18.105    proof -
  18.106 -    have "a = b" sorry
  18.107 +    have "a = b" \<proof>
  18.108      also
  18.109 -    have "\<dots> = c" sorry
  18.110 +    have "\<dots> = c" \<proof>
  18.111      also
  18.112 -    have "\<dots> = d" sorry
  18.113 +    have "\<dots> = d" \<proof>
  18.114      finally
  18.115      show ?thesis .
  18.116    qed
  18.117 @@ -292,11 +292,11 @@
  18.118    txt \<open>Mixed inequalities (require suitable base type):\<close>
  18.119    fix a b c d :: nat
  18.120  
  18.121 -  have "a < b" sorry
  18.122 +  have "a < b" \<proof>
  18.123    also
  18.124 -  have "b \<le> c" sorry
  18.125 +  have "b \<le> c" \<proof>
  18.126    also
  18.127 -  have "c = d" sorry
  18.128 +  have "c = d" \<proof>
  18.129    finally
  18.130    have "a < d" .
  18.131  end
  18.132 @@ -313,43 +313,35 @@
  18.133  \<close>
  18.134  
  18.135  
  18.136 -subsection \<open>Degenerate calculations and bigstep reasoning\<close>
  18.137 +subsection \<open>Degenerate calculations\<close>
  18.138  
  18.139 -text \<open>The Idea is to append \<open>this\<close> to \<open>calculation\<close>,
  18.140 -  without rule composition.\<close>
  18.141 +text \<open>The Idea is to append \<open>this\<close> to \<open>calculation\<close>, without rule composition.
  18.142 +  This is occasionally useful to avoid naming intermediate facts.\<close>
  18.143  
  18.144  notepad
  18.145  begin
  18.146    txt \<open>A vacuous proof:\<close>
  18.147 -  have A sorry
  18.148 +  have A \<proof>
  18.149    moreover
  18.150 -  have B sorry
  18.151 +  have B \<proof>
  18.152    moreover
  18.153 -  have C sorry
  18.154 +  have C \<proof>
  18.155    ultimately
  18.156    have A and B and C .
  18.157  next
  18.158    txt \<open>Slightly more content (trivial bigstep reasoning):\<close>
  18.159 -  have A sorry
  18.160 +  have A \<proof>
  18.161    moreover
  18.162 -  have B sorry
  18.163 +  have B \<proof>
  18.164    moreover
  18.165 -  have C sorry
  18.166 +  have C \<proof>
  18.167    ultimately
  18.168    have "A \<and> B \<and> C" by blast
  18.169 -next
  18.170 -  txt \<open>More ambitious bigstep reasoning involving structured results:\<close>
  18.171 -  have "A \<or> B \<or> C" sorry
  18.172 -  moreover
  18.173 -  { assume A have R sorry }
  18.174 -  moreover
  18.175 -  { assume B have R sorry }
  18.176 -  moreover
  18.177 -  { assume C have R sorry }
  18.178 -  ultimately
  18.179 -  have R by blast  \<comment> \<open>``big-bang integration'' of proof blocks (occasionally fragile)\<close>
  18.180  end
  18.181  
  18.182 +text \<open>Note that For multi-branch case splitting, it is better to use @{command
  18.183 +  consider}.\<close>
  18.184 +
  18.185  
  18.186  section \<open>Induction\<close>
  18.187  
  18.188 @@ -367,11 +359,11 @@
  18.189    fix n :: nat
  18.190    have "P n"
  18.191    proof (rule nat.induct)  \<comment> \<open>fragile rule application!\<close>
  18.192 -    show "P 0" sorry
  18.193 +    show "P 0" \<proof>
  18.194    next
  18.195      fix n :: nat
  18.196      assume "P n"
  18.197 -    show "P (Suc n)" sorry
  18.198 +    show "P (Suc n)" \<proof>
  18.199    qed
  18.200  end
  18.201  
  18.202 @@ -394,10 +386,10 @@
  18.203    have "P n"
  18.204    proof (induct n)
  18.205      case 0
  18.206 -    show ?case sorry
  18.207 +    show ?case \<proof>
  18.208    next
  18.209      case (Suc n)
  18.210 -    from Suc.hyps show ?case sorry
  18.211 +    from Suc.hyps show ?case \<proof>
  18.212    qed
  18.213  end
  18.214  
  18.215 @@ -456,29 +448,29 @@
  18.216    have "P n"
  18.217    proof (induct n)
  18.218      case 0
  18.219 -    show "P 0" sorry
  18.220 +    show "P 0" \<proof>
  18.221    next
  18.222      case (Suc n)
  18.223 -    from \<open>P n\<close> show "P (Suc n)" sorry
  18.224 +    from \<open>P n\<close> show "P (Suc n)" \<proof>
  18.225    qed
  18.226  
  18.227    have "A n \<Longrightarrow> P n"
  18.228    proof (induct n)
  18.229      case 0
  18.230 -    from \<open>A 0\<close> show "P 0" sorry
  18.231 +    from \<open>A 0\<close> show "P 0" \<proof>
  18.232    next
  18.233      case (Suc n)
  18.234      from \<open>A n \<Longrightarrow> P n\<close>
  18.235 -      and \<open>A (Suc n)\<close> show "P (Suc n)" sorry
  18.236 +      and \<open>A (Suc n)\<close> show "P (Suc n)" \<proof>
  18.237    qed
  18.238  
  18.239    have "\<And>x. Q x n"
  18.240    proof (induct n)
  18.241      case 0
  18.242 -    show "Q x 0" sorry
  18.243 +    show "Q x 0" \<proof>
  18.244    next
  18.245      case (Suc n)
  18.246 -    from \<open>\<And>x. Q x n\<close> show "Q x (Suc n)" sorry
  18.247 +    from \<open>\<And>x. Q x n\<close> show "Q x (Suc n)" \<proof>
  18.248      txt \<open>Local quantification admits arbitrary instances:\<close>
  18.249      note \<open>Q a n\<close> and \<open>Q b n\<close>
  18.250    qed
  18.251 @@ -502,11 +494,11 @@
  18.252    then have "Q x n"
  18.253    proof (induct n arbitrary: x)
  18.254      case 0
  18.255 -    from \<open>A x 0\<close> show "Q x 0" sorry
  18.256 +    from \<open>A x 0\<close> show "Q x 0" \<proof>
  18.257    next
  18.258      case (Suc n)
  18.259      from \<open>\<And>x. A x n \<Longrightarrow> Q x n\<close>  \<comment> \<open>arbitrary instances can be produced here\<close>
  18.260 -      and \<open>A x (Suc n)\<close> show "Q x (Suc n)" sorry
  18.261 +      and \<open>A x (Suc n)\<close> show "Q x (Suc n)" \<proof>
  18.262    qed
  18.263  end
  18.264  
  18.265 @@ -532,13 +524,13 @@
  18.266      case 0
  18.267      note prem = \<open>A (a x)\<close>
  18.268        and defn = \<open>0 = a x\<close>
  18.269 -    show "P (a x)" sorry
  18.270 +    show "P (a x)" \<proof>
  18.271    next
  18.272      case (Suc n)
  18.273      note hyp = \<open>\<And>x. n = a x \<Longrightarrow> A (a x) \<Longrightarrow> P (a x)\<close>
  18.274        and prem = \<open>A (a x)\<close>
  18.275        and defn = \<open>Suc n = a x\<close>
  18.276 -    show "P (a x)" sorry
  18.277 +    show "P (a x)" \<proof>
  18.278    qed
  18.279  end
  18.280  
  18.281 @@ -628,7 +620,7 @@
  18.282  begin
  18.283    {
  18.284      fix x
  18.285 -    have "B x" sorry
  18.286 +    have "B x" \<proof>
  18.287    }
  18.288    have "\<And>x. B x" by fact
  18.289  
  18.290 @@ -636,7 +628,7 @@
  18.291  
  18.292    {
  18.293      assume A
  18.294 -    have B sorry
  18.295 +    have B \<proof>
  18.296    }
  18.297    have "A \<Longrightarrow> B" by fact
  18.298  
  18.299 @@ -644,15 +636,15 @@
  18.300  
  18.301    {
  18.302      def x \<equiv> t
  18.303 -    have "B x" sorry
  18.304 +    have "B x" \<proof>
  18.305    }
  18.306    have "B t" by fact
  18.307  
  18.308  next
  18.309  
  18.310    {
  18.311 -    obtain x :: 'a where "B x" sorry
  18.312 -    have C sorry
  18.313 +    obtain x :: 'a where "B x" \<proof>
  18.314 +    have C \<proof>
  18.315    }
  18.316    have C by fact
  18.317  
  18.318 @@ -703,7 +695,7 @@
  18.319    proof -
  18.320      fix x
  18.321      assume "A x"
  18.322 -    show "B x" sorry
  18.323 +    show "B x" \<proof>
  18.324    qed
  18.325  
  18.326    have "\<And>x. A x \<Longrightarrow> B x"
  18.327 @@ -711,7 +703,7 @@
  18.328      {
  18.329        fix x
  18.330        assume "A x"
  18.331 -      show "B x" sorry
  18.332 +      show "B x" \<proof>
  18.333      } \<comment> "implicit block structure made explicit"
  18.334      note \<open>\<And>x. A x \<Longrightarrow> B x\<close>
  18.335        \<comment> "side exit for the resulting rule"
  18.336 @@ -728,41 +720,41 @@
  18.337  
  18.338  notepad
  18.339  begin
  18.340 -  assume r1: "A \<Longrightarrow> B \<Longrightarrow> C"  \<comment> \<open>simple rule (Horn clause)\<close>
  18.341 +  assume r\<^sub>1: "A \<Longrightarrow> B \<Longrightarrow> C"  \<comment> \<open>simple rule (Horn clause)\<close>
  18.342  
  18.343 -  have A sorry  \<comment> "prefix of facts via outer sub-proof"
  18.344 +  have A \<proof>  \<comment> "prefix of facts via outer sub-proof"
  18.345    then have C
  18.346 -  proof (rule r1)
  18.347 -    show B sorry  \<comment> "remaining rule premises via inner sub-proof"
  18.348 +  proof (rule r\<^sub>1)
  18.349 +    show B \<proof>  \<comment> "remaining rule premises via inner sub-proof"
  18.350    qed
  18.351  
  18.352    have C
  18.353 -  proof (rule r1)
  18.354 -    show A sorry
  18.355 -    show B sorry
  18.356 +  proof (rule r\<^sub>1)
  18.357 +    show A \<proof>
  18.358 +    show B \<proof>
  18.359    qed
  18.360  
  18.361 -  have A and B sorry
  18.362 +  have A and B \<proof>
  18.363    then have C
  18.364 -  proof (rule r1)
  18.365 +  proof (rule r\<^sub>1)
  18.366    qed
  18.367  
  18.368 -  have A and B sorry
  18.369 -  then have C by (rule r1)
  18.370 +  have A and B \<proof>
  18.371 +  then have C by (rule r\<^sub>1)
  18.372  
  18.373  next
  18.374  
  18.375 -  assume r2: "A \<Longrightarrow> (\<And>x. B1 x \<Longrightarrow> B2 x) \<Longrightarrow> C"  \<comment> \<open>nested rule\<close>
  18.376 +  assume r\<^sub>2: "A \<Longrightarrow> (\<And>x. B\<^sub>1 x \<Longrightarrow> B\<^sub>2 x) \<Longrightarrow> C"  \<comment> \<open>nested rule\<close>
  18.377  
  18.378 -  have A sorry
  18.379 +  have A \<proof>
  18.380    then have C
  18.381 -  proof (rule r2)
  18.382 +  proof (rule r\<^sub>2)
  18.383      fix x
  18.384 -    assume "B1 x"
  18.385 -    show "B2 x" sorry
  18.386 +    assume "B\<^sub>1 x"
  18.387 +    show "B\<^sub>2 x" \<proof>
  18.388    qed
  18.389  
  18.390 -  txt \<open>The compound rule premise @{prop "\<And>x. B1 x \<Longrightarrow> B2 x"} is better
  18.391 +  txt \<open>The compound rule premise @{prop "\<And>x. B\<^sub>1 x \<Longrightarrow> B\<^sub>2 x"} is better
  18.392      addressed via @{command fix}~/ @{command assume}~/ @{command show}
  18.393      in the nested proof body.\<close>
  18.394  end
  18.395 @@ -777,35 +769,35 @@
  18.396  
  18.397  notepad
  18.398  begin
  18.399 -  have "A \<longrightarrow> B" and A sorry
  18.400 +  have "A \<longrightarrow> B" and A \<proof>
  18.401    then have B ..
  18.402  
  18.403 -  have A sorry
  18.404 +  have A \<proof>
  18.405    then have "A \<or> B" ..
  18.406  
  18.407 -  have B sorry
  18.408 +  have B \<proof>
  18.409    then have "A \<or> B" ..
  18.410  
  18.411 -  have "A \<or> B" sorry
  18.412 +  have "A \<or> B" \<proof>
  18.413    then have C
  18.414    proof
  18.415      assume A
  18.416 -    then show C sorry
  18.417 +    then show C \<proof>
  18.418    next
  18.419      assume B
  18.420 -    then show C sorry
  18.421 +    then show C \<proof>
  18.422    qed
  18.423  
  18.424 -  have A and B sorry
  18.425 +  have A and B \<proof>
  18.426    then have "A \<and> B" ..
  18.427  
  18.428 -  have "A \<and> B" sorry
  18.429 +  have "A \<and> B" \<proof>
  18.430    then have A ..
  18.431  
  18.432 -  have "A \<and> B" sorry
  18.433 +  have "A \<and> B" \<proof>
  18.434    then have B ..
  18.435  
  18.436 -  have False sorry
  18.437 +  have False \<proof>
  18.438    then have A ..
  18.439  
  18.440    have True ..
  18.441 @@ -813,36 +805,36 @@
  18.442    have "\<not> A"
  18.443    proof
  18.444      assume A
  18.445 -    then show False sorry
  18.446 +    then show False \<proof>
  18.447    qed
  18.448  
  18.449 -  have "\<not> A" and A sorry
  18.450 +  have "\<not> A" and A \<proof>
  18.451    then have B ..
  18.452  
  18.453    have "\<forall>x. P x"
  18.454    proof
  18.455      fix x
  18.456 -    show "P x" sorry
  18.457 +    show "P x" \<proof>
  18.458    qed
  18.459  
  18.460 -  have "\<forall>x. P x" sorry
  18.461 +  have "\<forall>x. P x" \<proof>
  18.462    then have "P a" ..
  18.463  
  18.464    have "\<exists>x. P x"
  18.465    proof
  18.466 -    show "P a" sorry
  18.467 +    show "P a" \<proof>
  18.468    qed
  18.469  
  18.470 -  have "\<exists>x. P x" sorry
  18.471 +  have "\<exists>x. P x" \<proof>
  18.472    then have C
  18.473    proof
  18.474      fix a
  18.475      assume "P a"
  18.476 -    show C sorry
  18.477 +    show C \<proof>
  18.478    qed
  18.479  
  18.480    txt \<open>Less awkward version using @{command obtain}:\<close>
  18.481 -  have "\<exists>x. P x" sorry
  18.482 +  have "\<exists>x. P x" \<proof>
  18.483    then obtain a where "P a" ..
  18.484  end
  18.485  
  18.486 @@ -853,32 +845,32 @@
  18.487  begin
  18.488    have "A \<and> B"
  18.489    proof  \<comment> \<open>two strictly isolated subproofs\<close>
  18.490 -    show A sorry
  18.491 +    show A \<proof>
  18.492    next
  18.493 -    show B sorry
  18.494 +    show B \<proof>
  18.495    qed
  18.496  
  18.497    have "A \<and> B"
  18.498    proof  \<comment> \<open>one simultaneous sub-proof\<close>
  18.499 -    show A and B sorry
  18.500 +    show A and B \<proof>
  18.501    qed
  18.502  
  18.503    have "A \<and> B"
  18.504    proof  \<comment> \<open>two subproofs in the same context\<close>
  18.505 -    show A sorry
  18.506 -    show B sorry
  18.507 +    show A \<proof>
  18.508 +    show B \<proof>
  18.509    qed
  18.510  
  18.511    have "A \<and> B"
  18.512    proof  \<comment> \<open>swapped order\<close>
  18.513 -    show B sorry
  18.514 -    show A sorry
  18.515 +    show B \<proof>
  18.516 +    show A \<proof>
  18.517    qed
  18.518  
  18.519    have "A \<and> B"
  18.520    proof  \<comment> \<open>sequential subproofs\<close>
  18.521 -    show A sorry
  18.522 -    show B using \<open>A\<close> sorry
  18.523 +    show A \<proof>
  18.524 +    show B using \<open>A\<close> \<proof>
  18.525    qed
  18.526  end
  18.527  
  18.528 @@ -893,23 +885,23 @@
  18.529  
  18.530  notepad
  18.531  begin
  18.532 -  have "x \<in> A" and "x \<in> B" sorry
  18.533 +  have "x \<in> A" and "x \<in> B" \<proof>
  18.534    then have "x \<in> A \<inter> B" ..
  18.535  
  18.536 -  have "x \<in> A" sorry
  18.537 +  have "x \<in> A" \<proof>
  18.538    then have "x \<in> A \<union> B" ..
  18.539  
  18.540 -  have "x \<in> B" sorry
  18.541 +  have "x \<in> B" \<proof>
  18.542    then have "x \<in> A \<union> B" ..
  18.543  
  18.544 -  have "x \<in> A \<union> B" sorry
  18.545 +  have "x \<in> A \<union> B" \<proof>
  18.546    then have C
  18.547    proof
  18.548      assume "x \<in> A"
  18.549 -    then show C sorry
  18.550 +    then show C \<proof>
  18.551    next
  18.552      assume "x \<in> B"
  18.553 -    then show C sorry
  18.554 +    then show C \<proof>
  18.555    qed
  18.556  
  18.557  next
  18.558 @@ -917,19 +909,19 @@
  18.559    proof
  18.560      fix a
  18.561      assume "a \<in> A"
  18.562 -    show "x \<in> a" sorry
  18.563 +    show "x \<in> a" \<proof>
  18.564    qed
  18.565  
  18.566 -  have "x \<in> \<Inter>A" sorry
  18.567 +  have "x \<in> \<Inter>A" \<proof>
  18.568    then have "x \<in> a"
  18.569    proof
  18.570 -    show "a \<in> A" sorry
  18.571 +    show "a \<in> A" \<proof>
  18.572    qed
  18.573  
  18.574 -  have "a \<in> A" and "x \<in> a" sorry
  18.575 +  have "a \<in> A" and "x \<in> a" \<proof>
  18.576    then have "x \<in> \<Union>A" ..
  18.577  
  18.578 -  have "x \<in> \<Union>A" sorry
  18.579 +  have "x \<in> \<Union>A" \<proof>
  18.580    then obtain a where "a \<in> A" and "x \<in> a" ..
  18.581  end
  18.582  
  18.583 @@ -960,21 +952,21 @@
  18.584  notepad
  18.585  begin
  18.586    assume r:
  18.587 -    "A1 \<Longrightarrow> A2 \<Longrightarrow>  (* assumptions *)
  18.588 -      (\<And>x y. B1 x y \<Longrightarrow> C1 x y \<Longrightarrow> R) \<Longrightarrow>  (* case 1 *)
  18.589 -      (\<And>x y. B2 x y \<Longrightarrow> C2 x y \<Longrightarrow> R) \<Longrightarrow>  (* case 2 *)
  18.590 +    "A\<^sub>1 \<Longrightarrow> A\<^sub>2 \<Longrightarrow>  (* assumptions *)
  18.591 +      (\<And>x y. B\<^sub>1 x y \<Longrightarrow> C\<^sub>1 x y \<Longrightarrow> R) \<Longrightarrow>  (* case 1 *)
  18.592 +      (\<And>x y. B\<^sub>2 x y \<Longrightarrow> C\<^sub>2 x y \<Longrightarrow> R) \<Longrightarrow>  (* case 2 *)
  18.593        R  (* main conclusion *)"
  18.594  
  18.595 -  have A1 and A2 sorry
  18.596 +  have A\<^sub>1 and A\<^sub>2 \<proof>
  18.597    then have R
  18.598    proof (rule r)
  18.599      fix x y
  18.600 -    assume "B1 x y" and "C1 x y"
  18.601 -    show ?thesis sorry
  18.602 +    assume "B\<^sub>1 x y" and "C\<^sub>1 x y"
  18.603 +    show ?thesis \<proof>
  18.604    next
  18.605      fix x y
  18.606 -    assume "B2 x y" and "C2 x y"
  18.607 -    show ?thesis sorry
  18.608 +    assume "B\<^sub>2 x y" and "C\<^sub>2 x y"
  18.609 +    show ?thesis \<proof>
  18.610    qed
  18.611  end
  18.612  
  18.613 @@ -1003,11 +995,11 @@
  18.614  print_statement disjE
  18.615  
  18.616  lemma
  18.617 -  assumes A1 and A2  \<comment> \<open>assumptions\<close>
  18.618 +  assumes A\<^sub>1 and A\<^sub>2  \<comment> \<open>assumptions\<close>
  18.619    obtains
  18.620 -    (case1)  x y where "B1 x y" and "C1 x y"
  18.621 -  | (case2)  x y where "B2 x y" and "C2 x y"
  18.622 -  sorry
  18.623 +    (case\<^sub>1)  x y where "B\<^sub>1 x y" and "C\<^sub>1 x y"
  18.624 +  | (case\<^sub>2)  x y where "B\<^sub>2 x y" and "C\<^sub>2 x y"
  18.625 +  \<proof>
  18.626  
  18.627  
  18.628  subsubsection \<open>Example\<close>
  18.629 @@ -1024,10 +1016,10 @@
  18.630    have C
  18.631    proof (cases "x = y" rule: tertium_non_datur)
  18.632      case T
  18.633 -    from \<open>x = y\<close> show ?thesis sorry
  18.634 +    from \<open>x = y\<close> show ?thesis \<proof>
  18.635    next
  18.636      case F
  18.637 -    from \<open>x \<noteq> y\<close> show ?thesis sorry
  18.638 +    from \<open>x \<noteq> y\<close> show ?thesis \<proof>
  18.639    qed
  18.640  end
  18.641  
  18.642 @@ -1047,14 +1039,44 @@
  18.643    have C
  18.644    proof (cases x)
  18.645      case Foo
  18.646 -    from \<open>x = Foo\<close> show ?thesis sorry
  18.647 +    from \<open>x = Foo\<close> show ?thesis \<proof>
  18.648    next
  18.649      case (Bar a)
  18.650 -    from \<open>x = Bar a\<close> show ?thesis sorry
  18.651 +    from \<open>x = Bar a\<close> show ?thesis \<proof>
  18.652    qed
  18.653  end
  18.654  
  18.655  
  18.656 +subsection \<open>Elimination statements and case-splitting\<close>
  18.657 +
  18.658 +text \<open>
  18.659 +  The @{command consider} states rules for generalized elimination and case
  18.660 +  splitting. This is like a toplevel statement \<^theory_text>\<open>theorem obtains\<close> used within
  18.661 +  a proof body; or like a multi-branch \<^theory_text>\<open>obtain\<close> without activation of the
  18.662 +  local context elements yet.
  18.663 +
  18.664 +  The proof method @{method cases} is able to use such rules with
  18.665 +  forward-chaining (e.g.\ via \<^theory_text>\<open>then\<close>). This leads to the subsequent pattern
  18.666 +  for case-splitting in a particular situation within a proof.
  18.667 +\<close>
  18.668 +
  18.669 +notepad
  18.670 +begin
  18.671 +  consider (a) A | (b) B | (c) C
  18.672 +    \<proof>  \<comment> \<open>typically \<^theory_text>\<open>by auto\<close>, \<^theory_text>\<open>by blast\<close> etc.\<close>
  18.673 +  then have something
  18.674 +  proof cases
  18.675 +    case a
  18.676 +    then show ?thesis \<proof>
  18.677 +  next
  18.678 +    case b
  18.679 +    then show ?thesis \<proof>
  18.680 +  next
  18.681 +    case c
  18.682 +    then show ?thesis \<proof>
  18.683 +  qed
  18.684 +end
  18.685 +
  18.686  subsection \<open>Obtaining local contexts\<close>
  18.687  
  18.688  text \<open>A single ``case'' branch may be inlined into Isar proof text
  18.689 @@ -1065,13 +1087,13 @@
  18.690  begin
  18.691    fix B :: "'a \<Rightarrow> bool"
  18.692  
  18.693 -  obtain x where "B x" sorry
  18.694 +  obtain x where "B x" \<proof>
  18.695    note \<open>B x\<close>
  18.696  
  18.697    txt \<open>Conclusions from this context may not mention @{term x} again!\<close>
  18.698    {
  18.699 -    obtain x where "B x" sorry
  18.700 -    from \<open>B x\<close> have C sorry
  18.701 +    obtain x where "B x" \<proof>
  18.702 +    from \<open>B x\<close> have C \<proof>
  18.703    }
  18.704    note \<open>C\<close>
  18.705  end
    19.1 --- a/src/Doc/Isar_Ref/document/style.sty	Wed Feb 10 15:49:05 2016 +0100
    19.2 +++ b/src/Doc/Isar_Ref/document/style.sty	Fri Feb 12 22:36:48 2016 +0100
    19.3 @@ -16,9 +16,11 @@
    19.4  
    19.5  %% Isar
    19.6  \newcommand{\isasymBBAR}{{\,\newdimen{\tmpheight}\settoheight\tmpheight{\isacharbar}\rule{1pt}{\tmpheight}\,}}
    19.7 -\isafoldtag{noproof}\def\isafoldnoproof{~\isafold{proof}}
    19.8  \renewcommand{\isacommand}[1]{\isakeyword{\isadigitreset#1}}
    19.9  
   19.10 +\newcommand{\isasymproof}{\isamath{\,\langle\mathit{proof}\rangle}}
   19.11 +
   19.12 +
   19.13  %% ML
   19.14  \newenvironment{mldecls}{\par\noindent\begingroup\def\isanewline{\\}\begin{tabular}{ll}}{\end{tabular}\medskip\endgroup}
   19.15  
    20.1 --- a/src/Doc/JEdit/JEdit.thy	Wed Feb 10 15:49:05 2016 +0100
    20.2 +++ b/src/Doc/JEdit/JEdit.thy	Fri Feb 12 22:36:48 2016 +0100
    20.3 @@ -1016,16 +1016,15 @@
    20.4  
    20.5  text \<open>
    20.6    The \<^emph>\<open>Query\<close> panel provides various GUI forms to request extra information
    20.7 -  from the prover. In old times the user would have issued some diagnostic
    20.8 -  command like @{command find_theorems} and inspected its output, but this is
    20.9 -  now integrated into the Prover IDE.
   20.10 +  from the prover, as a replacement of old-style diagnostic commands like
   20.11 +  @{command find_theorems}. There are input fields and buttons for a
   20.12 +  particular query command, with output in a dedicated text area.
   20.13  
   20.14 -  A \<^emph>\<open>Query\<close> window provides some input fields and buttons for a particular
   20.15 -  query command, with output in a dedicated text area. There are various query
   20.16 -  modes: \<^emph>\<open>Find Theorems\<close>, \<^emph>\<open>Find Constants\<close>, \<^emph>\<open>Print Context\<close>, e.g.\ see
   20.17 -  \figref{fig:query}. As usual in jEdit, multiple \<^emph>\<open>Query\<close> windows may be
   20.18 -  active at the same time: any number of floating instances, but at most one
   20.19 -  docked instance (which is used by default).
   20.20 +  The main query modes are presented as separate tabs: \<^emph>\<open>Find Theorems\<close>,
   20.21 +  \<^emph>\<open>Find Constants\<close>, \<^emph>\<open>Print Context\<close>, e.g.\ see \figref{fig:query}. As usual
   20.22 +  in jEdit, multiple \<^emph>\<open>Query\<close> windows may be active at the same time: any
   20.23 +  number of floating instances, but at most one docked instance (which is used
   20.24 +  by default).
   20.25  
   20.26    \begin{figure}[!htb]
   20.27    \begin{center}
   20.28 @@ -1101,20 +1100,20 @@
   20.29    The \<^emph>\<open>Query\<close> panel in \<^emph>\<open>Print Context\<close> mode prints information from the
   20.30    theory or proof context, or proof state. See also the Isar commands
   20.31    @{command_ref print_context}, @{command_ref print_cases}, @{command_ref
   20.32 -  print_term_bindings}, @{command_ref print_theorems}, @{command_ref
   20.33 -  print_state} described in @{cite "isabelle-isar-ref"}.
   20.34 +  print_term_bindings}, @{command_ref print_theorems}, described in @{cite
   20.35 +  "isabelle-isar-ref"}.
   20.36  \<close>
   20.37  
   20.38  
   20.39  section \<open>Tooltips and hyperlinks \label{sec:tooltips-hyperlinks}\<close>
   20.40  
   20.41  text \<open>
   20.42 -  Formally processed text (prover input or output) contains rich markup
   20.43 -  information that can be explored further by using the \<^verbatim>\<open>CONTROL\<close> modifier
   20.44 -  key on Linux and Windows, or \<^verbatim>\<open>COMMAND\<close> on Mac OS X. Hovering with the mouse
   20.45 -  while the modifier is pressed reveals a \<^emph>\<open>tooltip\<close> (grey box over the text
   20.46 -  with a yellow popup) and/or a \<^emph>\<open>hyperlink\<close> (black rectangle over the text
   20.47 -  with change of mouse pointer); see also \figref{fig:tooltip}.
   20.48 +  Formally processed text (prover input or output) contains rich markup that
   20.49 +  can be explored by using the \<^verbatim>\<open>CONTROL\<close> modifier key on Linux and Windows,
   20.50 +  or \<^verbatim>\<open>COMMAND\<close> on Mac OS X. Hovering with the mouse while the modifier is
   20.51 +  pressed reveals a \<^emph>\<open>tooltip\<close> (grey box over the text with a yellow popup)
   20.52 +  and/or a \<^emph>\<open>hyperlink\<close> (black rectangle over the text with change of mouse
   20.53 +  pointer); see also \figref{fig:tooltip}.
   20.54  
   20.55    \begin{figure}[!htb]
   20.56    \begin{center}
   20.57 @@ -1124,7 +1123,7 @@
   20.58    \label{fig:tooltip}
   20.59    \end{figure}
   20.60  
   20.61 -  Tooltip popups use the same rendering mechanisms as the main text area, and
   20.62 +  Tooltip popups use the same rendering technology as the main text area, and
   20.63    further tooltips and/or hyperlinks may be exposed recursively by the same
   20.64    mechanism; see \figref{fig:nested-tooltips}.
   20.65  
   20.66 @@ -1146,13 +1145,12 @@
   20.67    a mouse click (while the \<^verbatim>\<open>CONTROL\<close> or \<^verbatim>\<open>COMMAND\<close> modifier key is still
   20.68    pressed). Such jumps to other text locations are recorded by the
   20.69    \<^emph>\<open>Navigator\<close> plugin, which is bundled with Isabelle/jEdit and enabled by
   20.70 -  default, including navigation arrows in the main jEdit toolbar.
   20.71 +  default. There are usually navigation arrows in the main jEdit toolbar.
   20.72  
   20.73 -  Also note that the link target may be a file that is itself not subject to
   20.74 -  formal document processing of the editor session and thus prevents further
   20.75 +  Note that the link target may be a file that is itself not subject to formal
   20.76 +  document processing of the editor session and thus prevents further
   20.77    exploration: the chain of hyperlinks may end in some source file of the
   20.78 -  underlying logic image, or within the ML bootstrap sources of
   20.79 -  Isabelle/Pure.
   20.80 +  underlying logic image, or within the ML bootstrap sources of Isabelle/Pure.
   20.81  \<close>
   20.82  
   20.83  
   20.84 @@ -1263,6 +1261,17 @@
   20.85    syntax keyword. Non-word abbreviations like \<^verbatim>\<open>-->\<close> are inserted more
   20.86    aggressively, except for single-character abbreviations like \<^verbatim>\<open>!\<close> above.
   20.87  
   20.88 +  Completion via abbreviations like \<^verbatim>\<open>ALL\<close> or \<^verbatim>\<open>-->\<close> depends on the semantic
   20.89 +  language context (\secref{sec:completion-context}). In contrast, backslash
   20.90 +  sequences like \<^verbatim>\<open>\forall\<close> \<^verbatim>\<open>\<forall>\<close> are always possible, but require
   20.91 +  additional interaction to confirm (via popup).
   20.92 +
   20.93 +  The latter is important in ambiguous situations, e.g.\ for Isabelle document
   20.94 +  source, which may contain formal symbols or informal {\LaTeX} macros.
   20.95 +  Backslash sequences also help when input is broken, and thus escapes its
   20.96 +  normal semantic context: e.g.\ antiquotations or string literals in ML,
   20.97 +  which do not allow arbitrary backslash sequences.
   20.98 +
   20.99    \<^medskip>
  20.100    Additional abbreviations may be specified in @{file
  20.101    "$ISABELLE_HOME/etc/abbrevs"} and @{file_unchecked
  20.102 @@ -1272,13 +1281,6 @@
  20.103    than just one symbol; otherwise the meaning is the same as a symbol
  20.104    specification ``\<open>sym\<close>~\<^verbatim>\<open>abbrev:\<close>~\<open>abbrev\<close>'' within @{file_unchecked
  20.105    "etc/symbols"}.
  20.106 -
  20.107 -  \<^medskip>
  20.108 -  Symbol completion depends on the semantic language context
  20.109 -  (\secref{sec:completion-context}), to enable or disable that aspect for a
  20.110 -  particular sub-language of Isabelle. For example, symbol completion is
  20.111 -  suppressed within document source to avoid confusion with {\LaTeX} macros
  20.112 -  that use similar notation.
  20.113  \<close>
  20.114  
  20.115  
  20.116 @@ -1310,13 +1312,12 @@
  20.117  subsubsection \<open>File-system paths\<close>
  20.118  
  20.119  text \<open>
  20.120 -  Depending on prover markup about file-system path specifications in the
  20.121 -  source text, e.g.\ for the argument of a load command
  20.122 -  (\secref{sec:aux-files}), the completion mechanism explores the directory
  20.123 -  content and offers the result as completion popup. Relative path
  20.124 -  specifications are understood wrt.\ the \<^emph>\<open>master directory\<close> of the document
  20.125 -  node (\secref{sec:buffer-node}) of the enclosing editor buffer; this
  20.126 -  requires a proper theory, not an auxiliary file.
  20.127 +  Depending on prover markup about file-system paths in the source text, e.g.\
  20.128 +  for the argument of a load command (\secref{sec:aux-files}), the completion
  20.129 +  mechanism explores the directory content and offers the result as completion
  20.130 +  popup. Relative path specifications are understood wrt.\ the \<^emph>\<open>master
  20.131 +  directory\<close> of the document node (\secref{sec:buffer-node}) of the enclosing
  20.132 +  editor buffer; this requires a proper theory, not an auxiliary file.
  20.133  
  20.134    A suffix of slashes may be used to continue the exploration of an already
  20.135    recognized directory name.
  20.136 @@ -1351,8 +1352,8 @@
  20.137    \<^medskip>
  20.138    Dictionary lookup uses some educated guesses about lower-case, upper-case,
  20.139    and capitalized words. This is oriented on common use in English, where this
  20.140 -  aspect is not decisive for proper spelling, in contrast to German, for
  20.141 -  example.
  20.142 +  aspect is not decisive for proper spelling (in contrast to German, for
  20.143 +  example).
  20.144  \<close>
  20.145  
  20.146  
  20.147 @@ -1366,22 +1367,17 @@
  20.148    editor mode (see also \secref{sec:buffer-node}).
  20.149  
  20.150    The semantic \<^emph>\<open>language context\<close> provides information about nested
  20.151 -  sub-languages of Isabelle: keywords are only completed for outer syntax,
  20.152 -  symbols or antiquotations for languages that support them. E.g.\ there is no
  20.153 -  symbol completion for ML source, but within ML strings, comments,
  20.154 -  antiquotations.
  20.155 +  sub-languages of Isabelle: keywords are only completed for outer syntax, and
  20.156 +  antiquotations for languages that support them. Symbol abbreviations only
  20.157 +  work for specific sub-languages: e.g.\ ``\<^verbatim>\<open>=>\<close>'' is \<^emph>\<open>not\<close> completed in
  20.158 +  regular ML source, but is completed within ML strings, comments,
  20.159 +  antiquotations. Backslash representations of symbols like ``\<^verbatim>\<open>\foobar\<close>'' or
  20.160 +  ``\<^verbatim>\<open>\<foobar>\<close>'' work in any context --- after additional confirmation.
  20.161  
  20.162    The prover may produce \<^emph>\<open>no completion\<close> markup in exceptional situations, to
  20.163    tell that some language keywords should be excluded from further completion
  20.164 -  attempts. For example, \<^verbatim>\<open>:\<close> within accepted Isar syntax looses its meaning
  20.165 -  as abbreviation for symbol \<open>\<in>\<close>.
  20.166 -
  20.167 -  \<^medskip>
  20.168 -  The completion context is \<^emph>\<open>ignored\<close> for built-in templates and symbols in
  20.169 -  their explicit form ``\<^verbatim>\<open>\<foobar>\<close>''; see also
  20.170 -  \secref{sec:completion-varieties}. This allows to complete within broken
  20.171 -  input that escapes its normal semantic context, e.g.\ antiquotations or
  20.172 -  string literals in ML, which do not allow arbitrary backslash sequences.
  20.173 +  attempts. For example, ``\<^verbatim>\<open>:\<close>'' within accepted Isar syntax looses its
  20.174 +  meaning as abbreviation for symbol ``\<open>\<in>\<close>''.
  20.175  \<close>
  20.176  
  20.177  
  20.178 @@ -1420,7 +1416,7 @@
  20.179      (enabled by default) controls whether replacement text should be inserted
  20.180      immediately without popup, regardless of @{system_option
  20.181      jedit_completion_delay}. This aggressive mode of completion is restricted
  20.182 -    to Isabelle symbols and their abbreviations (\secref{sec:symbols}).
  20.183 +    to symbol abbreviations that are not plain words (\secref{sec:symbols}).
  20.184  
  20.185      \<^enum> Completion of symbol abbreviations with only one relevant character in
  20.186      the text always enforces an explicit popup, regardless of
  20.187 @@ -1439,7 +1435,7 @@
  20.188    \<^verbatim>\<open>PAGE_DOWN\<close>, but all other key events are passed to the underlying text
  20.189    area. This allows to ignore unwanted completions most of the time and
  20.190    continue typing quickly. Thus the popup serves as a mechanism of
  20.191 -  confirmation of proposed items, but the default is to continue without
  20.192 +  confirmation of proposed items, while the default is to continue without
  20.193    completion.
  20.194  
  20.195    The meaning of special keys is as follows:
  20.196 @@ -1534,7 +1530,7 @@
  20.197  
  20.198    A @{system_option jedit_completion_delay}~\<^verbatim>\<open>> 0\<close> postpones the processing of
  20.199    key events, until after the user has stopped typing for the given time span,
  20.200 -  but @{system_option jedit_completion_immediate}~\<^verbatim>\<open>"= true\<close> means that
  20.201 +  but @{system_option jedit_completion_immediate}~\<^verbatim>\<open>= true\<close> means that
  20.202    abbreviations of Isabelle symbols are handled nonetheless.
  20.203  
  20.204    \<^item> @{system_option_def jedit_completion_path_ignore} specifies ``glob''
  20.205 @@ -1562,10 +1558,10 @@
  20.206  text \<open>
  20.207    Continuous document processing works asynchronously in the background.
  20.208    Visible document source that has been evaluated may get augmented by
  20.209 -  additional results of \<^emph>\<open>asynchronous print functions\<close>. The canonical example
  20.210 -  is proof state output, which is always enabled. More heavy-weight print
  20.211 -  functions may be applied, in order to prove or disprove parts of the formal
  20.212 -  text by other means.
  20.213 +  additional results of \<^emph>\<open>asynchronous print functions\<close>. An example for that
  20.214 +  is proof state output, if that is enabled in the Output panel
  20.215 +  (\secref{sec:output}). More heavy-weight print functions may be applied as
  20.216 +  well, e.g.\ to prove or disprove parts of the formal text by other means.
  20.217  
  20.218    Isabelle/HOL provides various automatically tried tools that operate on
  20.219    outermost goal statements (e.g.\ @{command lemma}, @{command theorem}),
  20.220 @@ -1575,8 +1571,8 @@
  20.221    information sign in the gutter (see \figref{fig:auto-tools}). The message
  20.222    content may be shown as for other output (see also \secref{sec:output}).
  20.223    Some tools produce output with \<^emph>\<open>sendback\<close> markup, which means that clicking
  20.224 -  on certain parts of the output inserts that text into the source in the
  20.225 -  proper place.
  20.226 +  on certain parts of the text inserts that into the source in the proper
  20.227 +  place.
  20.228  
  20.229    \begin{figure}[!htb]
  20.230    \begin{center}
  20.231 @@ -1722,8 +1718,11 @@
  20.232  section \<open>Markdown structure\<close>
  20.233  
  20.234  text \<open>
  20.235 -  FIXME
  20.236 -  \figref{fig:markdown-document}
  20.237 +  Document text is internally structured in paragraphs and nested lists, using
  20.238 +  notation that is similar to Markdown\<^footnote>\<open>@{url "http://commonmark.org"}\<close>. There
  20.239 +  are special control symbols for items of different kinds of lists,
  20.240 +  corresponding to \<^verbatim>\<open>itemize\<close>, \<^verbatim>\<open>enumerate\<close>, \<^verbatim>\<open>description\<close> in {\LaTeX}. This
  20.241 +  is illustrated in for \<^verbatim>\<open>itemize\<close> in \figref{fig:markdown-document}.
  20.242  
  20.243    \begin{figure}[!htb]
  20.244    \begin{center}
  20.245 @@ -1732,6 +1731,12 @@
  20.246    \caption{Markdown structure within document text}
  20.247    \label{fig:markdown-document}
  20.248    \end{figure}
  20.249 +
  20.250 +  Items take colour according to the depth of nested lists. This helps to
  20.251 +  explore the implicit rules for list structure interactively. There is also
  20.252 +  markup for individual paragraphs in the text: it may be explored via mouse
  20.253 +  hovering with \<^verbatim>\<open>CONTROL\<close> / \<^verbatim>\<open>COMMAND\<close> as usual
  20.254 +  (\secref{sec:tooltips-hyperlinks}).
  20.255  \<close>
  20.256  
  20.257  
  20.258 @@ -1774,19 +1779,95 @@
  20.259  \<close>
  20.260  
  20.261  
  20.262 -chapter \<open>ML debugger\<close>
  20.263 +chapter \<open>ML debugging within the Prover IDE\<close>
  20.264  
  20.265  text \<open>
  20.266 -  FIXME
  20.267 -  \figref{fig:ml-debugger}
  20.268 +  Isabelle/ML is based on Poly/ML\<^footnote>\<open>@{url "http://www.polyml.org"}\<close> and thus
  20.269 +  benefits from the source-level debugger of that implementation of Standard
  20.270 +  ML. The Prover IDE provides the \<^emph>\<open>Debugger\<close> dockable to connect to running
  20.271 +  ML threads, inspect the stack frame with local ML bindings, and evaluate ML
  20.272 +  expressions in a particular run-time context. A typical debugger session is
  20.273 +  shown in \figref{fig:ml-debugger}.
  20.274 +
  20.275 +  ML debugging depends on the following pre-requisites.
  20.276 +
  20.277 +    \<^enum> ML source needs to be compiled with debugging enabled. This may be
  20.278 +    controlled for particular chunks of ML sources using any of the subsequent
  20.279 +    facilities.
  20.280 +
  20.281 +      \<^enum> The system option @{system_option_ref ML_debugger} as implicit state
  20.282 +      of the Isabelle process. It may be changed in the menu \<^emph>\<open>Plugins /
  20.283 +      Plugin Options / Isabelle / General\<close>. ML modules need to be reloaded and
  20.284 +      recompiled to pick up that option as intended.
  20.285 +
  20.286 +      \<^enum> The configuration option @{attribute_ref ML_debugger}, with an
  20.287 +      attribute of the same name, to update a global or local context (e.g.\
  20.288 +      with the @{command declare} command).
  20.289 +
  20.290 +      \<^enum> Commands that modify @{attribute ML_debugger} state for individual
  20.291 +      files: @{command_ref ML_file_debug}, @{command_ref ML_file_no_debug},
  20.292 +      @{command_ref SML_file_debug}, @{command_ref SML_file_no_debug}.
  20.293 +
  20.294 +    The instrumentation of ML code for debugging causes minor run-time
  20.295 +    overhead. ML modules that implement critical system infrastructure may
  20.296 +    lead to deadlocks or other undefined behaviour, when put under debugger
  20.297 +    control!
  20.298 +
  20.299 +    \<^enum> The \<^emph>\<open>Debugger\<close> panel needs to be active, otherwise the program ignores
  20.300 +    debugger instrumentation of the compiler and runs unmanaged. It is also
  20.301 +    possible to start debugging with the panel open, and later undock it, to
  20.302 +    let the program continue unhindered.
  20.303 +
  20.304 +    \<^enum> The ML program needs to be stopped at a suitable breakpoint, which may
  20.305 +    be activated individually or globally as follows.
  20.306 +
  20.307 +    For ML sources that have been compiled with debugger support, the IDE
  20.308 +    visualizes possible breakpoints in the text. A breakpoint may be toggled
  20.309 +    by pointing accurately with the mouse, with a right-click to activate
  20.310 +    jEdit's context menu and its \<^emph>\<open>Toggle Breakpoint\<close> item. Alternatively, the
  20.311 +    \<^emph>\<open>Break\<close> checkbox in the \<^emph>\<open>Debugger\<close> panel may be enabled to stop ML
  20.312 +    threads always at the next possible breakpoint.
  20.313 +
  20.314 +  Note that the state of individual breakpoints \<^emph>\<open>gets lost\<close> when the
  20.315 +  coresponding ML source is re-compiled! This may happen unintentionally,
  20.316 +  e.g.\ when following hyperlinks into ML modules that have not been loaded
  20.317 +  into the IDE before.
  20.318  
  20.319    \begin{figure}[!htb]
  20.320    \begin{center}
  20.321    \includegraphics[scale=0.333]{ml-debugger}
  20.322    \end{center}
  20.323 -  \caption{ML debugger}
  20.324 +  \caption{ML debugger session}
  20.325    \label{fig:ml-debugger}
  20.326    \end{figure}
  20.327 +
  20.328 +  The debugger panel (\figref{fig:ml-debugger}) shows a list of all threads
  20.329 +  that are presently stopped. Each thread shows a stack of all function
  20.330 +  invocations that lead to the current breakpoint at the top.
  20.331 +
  20.332 +  It is possible to jump between stack positions freely, by clicking on this
  20.333 +  list. The current situation is displayed in the big output window, as a
  20.334 +  local ML environment with names and printed values.
  20.335 +
  20.336 +  ML expressions may be evaluated in the current context by entering snippets
  20.337 +  of source into the text fields labeled \<open>Context\<close> and \<open>ML\<close>, and pushing the
  20.338 +  \<open>Eval\<close> button. By default, the source is interpreted as Isabelle/ML with the
  20.339 +  usual support for antiquotations (like @{command ML}, @{command ML_file}).
  20.340 +  Alternatively, strict Standard ML may be enforced via the \<^emph>\<open>SML\<close> checkbox
  20.341 +  (like @{command SML_file}).
  20.342 +
  20.343 +  The context for Isabelle/ML is optional, it may evaluate to a value of type
  20.344 +  @{ML_type theory}, @{ML_type Proof.context}, or @{ML_type Context.generic}.
  20.345 +  Thus the given ML expression (with its antiquotations) may be subject to the
  20.346 +  intended dynamic run-time context, instead of the static compile-time
  20.347 +  context.
  20.348 +
  20.349 +  \<^medskip>
  20.350 +  The buttons labeled \<^emph>\<open>Continue\<close>, \<^emph>\<open>Step\<close>, \<^emph>\<open>Step over\<close>, \<^emph>\<open>Step out\<close>
  20.351 +  recommence execution of the program, with different policies concerning
  20.352 +  nested function invocations. The debugger always moves the cursor within the
  20.353 +  ML source to the next breakpoint position, and offers new stack frames as
  20.354 +  before.
  20.355  \<close>
  20.356  
  20.357  
  20.358 @@ -1812,10 +1893,10 @@
  20.359  
  20.360    It is also possible to reveal individual timing information via some tooltip
  20.361    for the corresponding command keyword, using the technique of mouse hovering
  20.362 -  with \<^verbatim>\<open>CONTROL\<close>~/ \<^verbatim>\<open>COMMAND\<close> modifier key as explained in
  20.363 -  \secref{sec:tooltips-hyperlinks}. Actual display of timing depends on the
  20.364 -  global option @{system_option_ref jedit_timing_threshold}, which can be
  20.365 -  configured in \<^emph>\<open>Plugin Options~/ Isabelle~/ General\<close>.
  20.366 +  with \<^verbatim>\<open>CONTROL\<close>~/ \<^verbatim>\<open>COMMAND\<close> modifier (\secref{sec:tooltips-hyperlinks}).
  20.367 +  Actual display of timing depends on the global option @{system_option_ref
  20.368 +  jedit_timing_threshold}, which can be configured in \<^emph>\<open>Plugin Options~/
  20.369 +  Isabelle~/ General\<close>.
  20.370  
  20.371    \<^medskip>
  20.372    The \<^emph>\<open>Monitor\<close> panel visualizes various data collections about recent
  20.373 @@ -1831,11 +1912,11 @@
  20.374  section \<open>Low-level output\<close>
  20.375  
  20.376  text \<open>
  20.377 -  Prover output is normally shown directly in the main text area or secondary
  20.378 -  \<^emph>\<open>Output\<close> panels, as explained in \secref{sec:output}.
  20.379 -
  20.380 -  Beyond this, it is occasionally useful to inspect low-level output channels
  20.381 -  via some of the following additional panels:
  20.382 +  Prover output is normally shown directly in the main text area or specific
  20.383 +  panels like \<^emph>\<open>Output\<close> (\secref{sec:output}) or \<^emph>\<open>State\<close>
  20.384 +  (\secref{sec:state-output}). Beyond this, it is occasionally useful to
  20.385 +  inspect low-level output channels via some of the following additional
  20.386 +  panels:
  20.387  
  20.388    \<^item> \<^emph>\<open>Protocol\<close> shows internal messages between the Isabelle/Scala and
  20.389    Isabelle/ML side of the PIDE document editing protocol. Recording of
  20.390 @@ -1914,8 +1995,16 @@
  20.391    \<^item> \<^bold>\<open>Problem:\<close> Mac OS X system fonts sometimes lead to character drop-outs in
  20.392    the main text area.
  20.393  
  20.394 -  \<^bold>\<open>Workaround:\<close> Use the default \<^verbatim>\<open>IsabelleText\<close> font. (Do not install that
  20.395 -  font on the system.)
  20.396 +  \<^bold>\<open>Workaround:\<close> Use the default \<^verbatim>\<open>IsabelleText\<close> font.
  20.397 +
  20.398 +  \<^item> \<^bold>\<open>Problem:\<close> Mac OS X with Retina display has problems to determine the
  20.399 +  font metrics of \<^verbatim>\<open>IsabelleText\<close> accurately, notably in plain Swing text
  20.400 +  fields (e.g.\ in the \<^emph>\<open>Search and Replace\<close> dialog).
  20.401 +
  20.402 +  \<^bold>\<open>Workaround:\<close> Install \<^verbatim>\<open>IsabelleText\<close> and \<^verbatim>\<open>IsabelleTextBold\<close> on the system
  20.403 +  with \<^emph>\<open>Font Book\<close>, despite the warnings in \secref{sec:symbols} against
  20.404 +  that! The \<^verbatim>\<open>.ttf\<close> font files reside in some directory @{file_unchecked
  20.405 +  "$ISABELLE_HOME/contrib/isabelle_fonts-XYZ"}.
  20.406  
  20.407    \<^item> \<^bold>\<open>Problem:\<close> Some Linux/X11 input methods such as IBus tend to disrupt key
  20.408    event handling of Java/AWT/Swing.
    21.1 --- a/src/Doc/ROOT	Wed Feb 10 15:49:05 2016 +0100
    21.2 +++ b/src/Doc/ROOT	Fri Feb 12 22:36:48 2016 +0100
    21.3 @@ -126,7 +126,7 @@
    21.4      "root.tex"
    21.5  
    21.6  session Implementation (doc) in "Implementation" = "HOL-Proofs" +
    21.7 -  options [document_variants = "implementation", quick_and_dirty]
    21.8 +  options [condition = ML_SYSTEM_POLYML, document_variants = "implementation", quick_and_dirty]
    21.9    theories
   21.10      Eq
   21.11      Integration
    22.1 --- a/src/Doc/manual.bib	Wed Feb 10 15:49:05 2016 +0100
    22.2 +++ b/src/Doc/manual.bib	Fri Feb 12 22:36:48 2016 +0100
    22.3 @@ -306,6 +306,12 @@
    22.4    series = 	 LNCS,
    22.5    publisher = Springer}
    22.6  
    22.7 +@manual{isabelle-datatypes,
    22.8 +  author	= {Julian Biendarra and Jasmin Christian Blanchette and Martin Desharnais and Lorenz Panny and Andrei Popescu and Dmitriy Traytel},
    22.9 +  title		= {Defining (Co)datatypes and Primitively (Co)recursive Functions in {Isabelle\slash HOL}},
   22.10 +  institution	= {TU Munich},
   22.11 +  note          = {\url{http://isabelle.in.tum.de/doc/datatypes.pdf}}}
   22.12 +
   22.13  @book{Bird-Wadler,author="Richard Bird and Philip Wadler",
   22.14  title="Introduction to Functional Programming",publisher=PH,year=1988}
   22.15  
   22.16 @@ -373,12 +379,6 @@
   22.17    pages = "93--110"
   22.18  }
   22.19  
   22.20 -@manual{isabelle-datatypes,
   22.21 -  author	= {Jasmin Christian Blanchette and Martin Desharnais and Lorenz Panny and Andrei Popescu and Dmitriy Traytel},
   22.22 -  title		= {Defining (Co)datatypes in Isabelle/HOL},
   22.23 -  institution	= {TU Munich},
   22.24 -  note          = {\url{http://isabelle.in.tum.de/doc/datatypes.pdf}}}
   22.25 -
   22.26  @inproceedings{why3,
   22.27    author = {Fran\c{c}ois Bobot and Jean-Christophe Filli\^atre and Claude March\'e and Andrei Paskevich},
   22.28    title = {{Why3}: Shepherd Your Herd of Provers},
   22.29 @@ -1121,6 +1121,22 @@
   22.30    year		= 1984,
   22.31    publisher	= {Bibliopolis}}
   22.32  
   22.33 +@inproceedings{Matichuk-et-al:2014,
   22.34 +  author    = {Daniel Matichuk and Makarius Wenzel and Toby C. Murray},
   22.35 +  title     = {An {Isabelle} Proof Method Language},
   22.36 +  editor    = {Gerwin Klein and Ruben Gamboa},
   22.37 +  booktitle = {Interactive Theorem Proving - 5th International Conference, {ITP}
   22.38 +               2014, Held as Part of the Vienna Summer of Logic, {VSL} 2014, Vienna,
   22.39 +               Austria},
   22.40 +  year      = {2014},
   22.41 +  url       = {http://dx.doi.org/10.1007/978-3-319-08970-6_25},
   22.42 +  doi       = {10.1007/978-3-319-08970-6_25},
   22.43 +  series    = LNCS,
   22.44 +  volume    = {8558},
   22.45 +  publisher = {Springer},
   22.46 +  year      = {2014},
   22.47 +}
   22.48 +
   22.49  @incollection{melham89,
   22.50    author	= {Thomas F. Melham},
   22.51    title		= {Automating Recursive Type Definitions in Higher Order
    23.1 --- a/src/HOL/Isar_Examples/Cantor.thy	Wed Feb 10 15:49:05 2016 +0100
    23.2 +++ b/src/HOL/Isar_Examples/Cantor.thy	Fri Feb 12 22:36:48 2016 +0100
    23.3 @@ -71,6 +71,7 @@
    23.4    from * have "\<exists>x. ?D = f x" ..
    23.5    then obtain a where "?D = f a" ..
    23.6    then have "?D a \<longleftrightarrow> f a a" by (rule arg_cong)
    23.7 +  then have "\<not> f a a \<longleftrightarrow> f a a" .
    23.8    then show False by (rule iff_contradiction)
    23.9  qed
   23.10  
    24.1 --- a/src/HOL/Isar_Examples/Higher_Order_Logic.thy	Wed Feb 10 15:49:05 2016 +0100
    24.2 +++ b/src/HOL/Isar_Examples/Higher_Order_Logic.thy	Fri Feb 12 22:36:48 2016 +0100
    24.3 @@ -282,6 +282,7 @@
    24.4    from * have "\<exists>x. ?D = f x" ..
    24.5    then obtain a where "?D = f a" ..
    24.6    then have "?D a \<longleftrightarrow> f a a" using refl by (rule subst)
    24.7 +  then have "\<not> f a a \<longleftrightarrow> f a a" .
    24.8    then show \<bottom> by (rule iff_contradiction)
    24.9  qed
   24.10  
    25.1 --- a/src/HOL/Mirabelle/lib/scripts/mirabelle.pl	Wed Feb 10 15:49:05 2016 +0100
    25.2 +++ b/src/HOL/Mirabelle/lib/scripts/mirabelle.pl	Fri Feb 12 22:36:48 2016 +0100
    25.3 @@ -157,8 +157,11 @@
    25.4  
    25.5  if ($output_log) { print "Mirabelle: $thy_file\n"; }
    25.6  
    25.7 -my $result = system "\"$ENV{'ISABELLE_PROCESS'}\" " .
    25.8 -  "-o quick_and_dirty -e 'Multithreading.max_threads_setmp 1 use_thy \"$path/$new_thy_name\" handle _ => exit 1;\n' -q $mirabelle_logic" . $quiet;
    25.9 +my $cmd =
   25.10 +  "\"$ENV{'ISABELLE_PROCESS'}\" " .
   25.11 +  "-o quick_and_dirty -e 'Multithreading.max_threads_setmp 1 use_thy \"$path/$new_thy_name\" handle _ => exit 1;\n' -q $mirabelle_logic" .
   25.12 +  $quiet;
   25.13 +my $result = system "bash", "-c", $cmd;
   25.14  
   25.15  if ($output_log) {
   25.16    my $outcome = ($result ? "failure" : "success");
    26.1 --- a/src/HOL/ROOT	Wed Feb 10 15:49:05 2016 +0100
    26.2 +++ b/src/HOL/ROOT	Fri Feb 12 22:36:48 2016 +0100
    26.3 @@ -18,7 +18,7 @@
    26.4    description {*
    26.5      HOL-Main with explicit proof terms.
    26.6    *}
    26.7 -  options [document = false, quick_and_dirty = false]
    26.8 +  options [condition = ML_SYSTEM_POLYML, document = false, quick_and_dirty = false]
    26.9    theories Proofs (*sequential change of global flag!*)
   26.10    theories "~~/src/HOL/Library/Old_Datatype"
   26.11    files
   26.12 @@ -252,17 +252,17 @@
   26.13      Generate_Target_Nat
   26.14      Generate_Efficient_Datastructures
   26.15      Generate_Pretty_Char
   26.16 -  theories [condition = ISABELLE_GHC]
   26.17 +  theories [condition = "ML_SYSTEM_POLYML,ISABELLE_GHC"]
   26.18      Code_Test_GHC
   26.19 -  theories [condition = ISABELLE_MLTON]
   26.20 +  theories [condition = "ML_SYSTEM_POLYML,ISABELLE_MLTON"]
   26.21      Code_Test_MLton
   26.22 -  theories [condition = ISABELLE_OCAMLC]
   26.23 +  theories [condition = "ML_SYSTEM_POLYML,ISABELLE_OCAMLC"]
   26.24      Code_Test_OCaml
   26.25 -  theories [condition = ISABELLE_POLYML]
   26.26 +  theories [condition = "ML_SYSTEM_POLYML,ISABELLE_POLYML"]
   26.27      Code_Test_PolyML
   26.28 -  theories [condition = ISABELLE_SCALA]
   26.29 +  theories [condition = "ML_SYSTEM_POLYML,ISABELLE_SCALA"]
   26.30      Code_Test_Scala
   26.31 -  theories [condition = ISABELLE_SMLNJ]
   26.32 +  theories [condition = "ML_SYSTEM_POLYML,ISABELLE_SMLNJ"]
   26.33      Code_Test_SMLNJ
   26.34  
   26.35  session "HOL-Metis_Examples" in Metis_Examples = HOL +
   26.36 @@ -398,7 +398,7 @@
   26.37    theories Decision_Procs
   26.38  
   26.39  session "HOL-Proofs-ex" in "Proofs/ex" = "HOL-Proofs" +
   26.40 -  options [document = false, parallel_proofs = 0]
   26.41 +  options [condition = ML_SYSTEM_POLYML, document = false, parallel_proofs = 0]
   26.42    theories
   26.43      Hilbert_Classical
   26.44      XML_Data
   26.45 @@ -432,7 +432,8 @@
   26.46      The paper "More Church-Rosser Proofs (in Isabelle/HOL)" describes the whole
   26.47      theory (see http://www.in.tum.de/~nipkow/pubs/jar2001.html).
   26.48    *}
   26.49 -  options [print_mode = "no_brackets", parallel_proofs = 0, quick_and_dirty = false]
   26.50 +  options [condition = ML_SYSTEM_POLYML, print_mode = "no_brackets",
   26.51 +    parallel_proofs = 0, quick_and_dirty = false]
   26.52    theories [document = false]
   26.53      "~~/src/HOL/Library/Code_Target_Int"
   26.54    theories
   26.55 @@ -845,7 +846,7 @@
   26.56    theories Ex
   26.57  
   26.58  session "HOL-Word-SMT_Examples" in SMT_Examples = "HOL-Word" +
   26.59 -  options [document = false, quick_and_dirty]
   26.60 +  options [condition = ML_SYSTEM_POLYML, document = false, quick_and_dirty]
   26.61    theories
   26.62      Boogie
   26.63      SMT_Examples
   26.64 @@ -992,7 +993,7 @@
   26.65  
   26.66  session "HOL-Predicate_Compile_Examples" in Predicate_Compile_Examples = HOL +
   26.67    options [document = false]
   26.68 -  theories
   26.69 +  theories [condition = ML_SYSTEM_POLYML]
   26.70      Examples
   26.71      Predicate_Compile_Tests
   26.72      Predicate_Compile_Quickcheck_Examples
   26.73 @@ -1003,13 +1004,13 @@
   26.74      Hotel_Example_Small_Generator *)
   26.75      IMP_3
   26.76      IMP_4
   26.77 -  theories [condition = "ISABELLE_SWIPL"]
   26.78 +  theories [condition = ISABELLE_SWIPL]
   26.79      Code_Prolog_Examples
   26.80      Context_Free_Grammar_Example
   26.81      Hotel_Example_Prolog
   26.82      Lambda_Example
   26.83      List_Examples
   26.84 -  theories [condition = "ISABELLE_SWIPL", quick_and_dirty]
   26.85 +  theories [condition = ISABELLE_SWIPL, quick_and_dirty]
   26.86      Reg_Exp_Example
   26.87  
   26.88  session HOLCF (main) in HOLCF = HOL +
    27.1 --- a/src/HOL/TPTP/TPTP_Parser/tptp_reconstruct.ML	Wed Feb 10 15:49:05 2016 +0100
    27.2 +++ b/src/HOL/TPTP/TPTP_Parser/tptp_reconstruct.ML	Fri Feb 12 22:36:48 2016 +0100
    27.3 @@ -1070,9 +1070,7 @@
    27.4                   rec_inf_tac)
    27.5               end)
    27.6          fun ignore_interpretation_exn f x = SOME (f x)
    27.7 -          handle
    27.8 -              INTERPRET_INFERENCE => NONE
    27.9 -            | exn => reraise exn
   27.10 +          handle INTERPRET_INFERENCE => NONE
   27.11        in
   27.12          if List.null skel then
   27.13            raise SKELETON
    28.1 --- a/src/HOL/TPTP/TPTP_Proof_Reconstruction.thy	Wed Feb 10 15:49:05 2016 +0100
    28.2 +++ b/src/HOL/TPTP/TPTP_Proof_Reconstruction.thy	Fri Feb 12 22:36:48 2016 +0100
    28.3 @@ -875,8 +875,8 @@
    28.4          in
    28.5            use_candidate target_ty params' (candidate_param :: acc) val_ty
    28.6          end
    28.7 -        handle TYPE ("dest_funT", _, _) => NONE
    28.8 -             | DEST_LIST => NONE
    28.9 +        handle TYPE ("dest_funT", _, _) => NONE  (* FIXME fragile *)
   28.10 +             | _ => NONE  (* FIXME avoid catch-all handler *)
   28.11  
   28.12      val (skolem_const_ty, params') = skolem_const_info_of conclusion
   28.13  
    29.1 --- a/src/HOL/ex/Cubic_Quartic.thy	Wed Feb 10 15:49:05 2016 +0100
    29.2 +++ b/src/HOL/ex/Cubic_Quartic.thy	Fri Feb 12 22:36:48 2016 +0100
    29.3 @@ -2,7 +2,7 @@
    29.4      Author:     Amine Chaieb
    29.5  *)
    29.6  
    29.7 -header "The Cubic and Quartic Root Formulas"
    29.8 +section "The Cubic and Quartic Root Formulas"
    29.9  
   29.10  theory Cubic_Quartic
   29.11  imports Complex_Main
    30.1 --- a/src/HOL/ex/Pythagoras.thy	Wed Feb 10 15:49:05 2016 +0100
    30.2 +++ b/src/HOL/ex/Pythagoras.thy	Fri Feb 12 22:36:48 2016 +0100
    30.3 @@ -2,7 +2,7 @@
    30.4      Author:     Amine Chaieb
    30.5  *)
    30.6  
    30.7 -header "The Pythagorean Theorem"
    30.8 +section "The Pythagorean Theorem"
    30.9  
   30.10  theory Pythagoras
   30.11  imports Complex_Main
    31.1 --- a/src/Pure/Concurrent/event_timer.ML	Wed Feb 10 15:49:05 2016 +0100
    31.2 +++ b/src/Pure/Concurrent/event_timer.ML	Fri Feb 12 22:36:48 2016 +0100
    31.3 @@ -110,7 +110,7 @@
    31.4  
    31.5  fun shutdown () =
    31.6    uninterruptible (fn restore_attributes => fn () =>
    31.7 -    if Synchronized.change_result state (fn st as State {requests, status, manager} =>
    31.8 +    if Synchronized.change_result state (fn st as State {requests, manager, ...} =>
    31.9        if is_shutdown Normal st then (false, st)
   31.10        else if is_shutdown Shutdown_Ack st orelse is_shutdown_req st then
   31.11          raise Fail "Concurrent attempt to shutdown event timer"
    32.1 --- a/src/Pure/Concurrent/future.scala	Wed Feb 10 15:49:05 2016 +0100
    32.2 +++ b/src/Pure/Concurrent/future.scala	Fri Feb 12 22:36:48 2016 +0100
    32.3 @@ -88,7 +88,7 @@
    32.4        status.change(_ => Finished(if (Thread.interrupted) Exn.Exn(Exn.Interrupt()) else result))
    32.5      }
    32.6    }
    32.7 -  private val task = Standard_Thread.pool.submit(new Callable[A] { def call = body })
    32.8 +  private val task = Standard_Thread.pool.submit(new Callable[Unit] { def call = try_run() })
    32.9  
   32.10    def join_result: Exn.Result[A] =
   32.11    {
    33.1 --- a/src/Pure/Concurrent/standard_thread.scala	Wed Feb 10 15:49:05 2016 +0100
    33.2 +++ b/src/Pure/Concurrent/standard_thread.scala	Fri Feb 12 22:36:48 2016 +0100
    33.3 @@ -56,8 +56,7 @@
    33.4  
    33.5    /* delayed events */
    33.6  
    33.7 -  final class Delay private [Standard_Thread](
    33.8 -    first: Boolean, delay: => Time, cancel: () => Unit, event: => Unit)
    33.9 +  final class Delay private [Standard_Thread](first: Boolean, delay: => Time, event: => Unit)
   33.10    {
   33.11      private var running: Option[Event_Timer.Request] = None
   33.12  
   33.13 @@ -73,8 +72,8 @@
   33.14      {
   33.15        val new_run =
   33.16          running match {
   33.17 -          case Some(request) => if (first) false else { request.cancel; cancel(); true }
   33.18 -          case None => cancel(); true
   33.19 +          case Some(request) => if (first) false else { request.cancel; true }
   33.20 +          case None => true
   33.21          }
   33.22        if (new_run)
   33.23          running = Some(Event_Timer.request(Time.now() + delay)(run))
   33.24 @@ -83,8 +82,8 @@
   33.25      def revoke(): Unit = synchronized
   33.26      {
   33.27        running match {
   33.28 -        case Some(request) => request.cancel; cancel(); running = None
   33.29 -        case None => cancel()
   33.30 +        case Some(request) => request.cancel; running = None
   33.31 +        case None =>
   33.32        }
   33.33      }
   33.34  
   33.35 @@ -94,20 +93,16 @@
   33.36          case Some(request) =>
   33.37            val alt_time = Time.now() + alt_delay
   33.38            if (request.time < alt_time && request.cancel) {
   33.39 -            cancel()
   33.40              running = Some(Event_Timer.request(alt_time)(run))
   33.41            }
   33.42 -          else cancel()
   33.43 -        case None => cancel()
   33.44 +        case None =>
   33.45        }
   33.46      }
   33.47    }
   33.48  
   33.49    // delayed event after first invocation
   33.50 -  def delay_first(delay: => Time, cancel: () => Unit = () => ())(event: => Unit): Delay =
   33.51 -    new Delay(true, delay, cancel, event)
   33.52 +  def delay_first(delay: => Time)(event: => Unit): Delay = new Delay(true, delay, event)
   33.53  
   33.54    // delayed event after last invocation
   33.55 -  def delay_last(delay: => Time, cancel: () => Unit = () => ())(event: => Unit): Delay =
   33.56 -    new Delay(false, delay, cancel, event)
   33.57 +  def delay_last(delay: => Time)(event: => Unit): Delay = new Delay(false, delay, event)
   33.58  }
    34.1 --- a/src/Pure/GUI/gui_thread.scala	Wed Feb 10 15:49:05 2016 +0100
    34.2 +++ b/src/Pure/GUI/gui_thread.scala	Fri Feb 12 22:36:48 2016 +0100
    34.3 @@ -49,9 +49,9 @@
    34.4  
    34.5    /* delayed events */
    34.6  
    34.7 -  def delay_first(delay: => Time, cancel: () => Unit = () => ())(event: => Unit)
    34.8 -    : Standard_Thread.Delay = Standard_Thread.delay_first(delay, cancel) { later { event } }
    34.9 +  def delay_first(delay: => Time)(event: => Unit): Standard_Thread.Delay =
   34.10 +    Standard_Thread.delay_first(delay) { later { event } }
   34.11  
   34.12 -  def delay_last(delay: => Time, cancel: () => Unit = () => ())(event: => Unit)
   34.13 -    : Standard_Thread.Delay = Standard_Thread.delay_last(delay, cancel) { later { event } }
   34.14 +  def delay_last(delay: => Time)(event: => Unit): Standard_Thread.Delay =
   34.15 +    Standard_Thread.delay_last(delay) { later { event } }
   34.16  }
    35.1 --- a/src/Pure/General/binding.ML	Wed Feb 10 15:49:05 2016 +0100
    35.2 +++ b/src/Pure/General/binding.ML	Fri Feb 12 22:36:48 2016 +0100
    35.3 @@ -31,7 +31,7 @@
    35.4    val prefix_of: binding -> (string * bool) list
    35.5    val map_prefix: ((string * bool) list -> (string * bool) list) -> binding -> binding
    35.6    val prefix: bool -> string -> binding -> binding
    35.7 -  val restricted_default: (bool * scope) option -> binding -> binding
    35.8 +  val restricted: (bool * scope) option -> binding -> binding
    35.9    val concealed: binding -> binding
   35.10    val pretty: binding -> Pretty.T
   35.11    val print: binding -> string
   35.12 @@ -135,14 +135,9 @@
   35.13  
   35.14  (* visibility flags *)
   35.15  
   35.16 -fun restricted strict scope =
   35.17 -  map_binding (fn (_, concealed, prefix, qualifier, name, pos) =>
   35.18 -    (SOME (strict, scope), concealed, prefix, qualifier, name, pos));
   35.19 -
   35.20 -fun restricted_default restricted' =
   35.21 +fun restricted default =
   35.22    map_binding (fn (restricted, concealed, prefix, qualifier, name, pos) =>
   35.23 -    (if is_some restricted then restricted else restricted',
   35.24 -      concealed, prefix, qualifier, name, pos));
   35.25 +    (if is_some restricted then restricted else default, concealed, prefix, qualifier, name, pos));
   35.26  
   35.27  val concealed =
   35.28    map_binding (fn (restricted, _, prefix, qualifier, name, pos) =>
    36.1 --- a/src/Pure/General/completion.scala	Wed Feb 10 15:49:05 2016 +0100
    36.2 +++ b/src/Pure/General/completion.scala	Fri Feb 12 22:36:48 2016 +0100
    36.3 @@ -322,7 +322,9 @@
    36.4          if path.is_file
    36.5          entry <- Abbrevs_Parser.parse_file(path)
    36.6        } yield entry
    36.7 -    symbol_abbrevs ::: more_abbrevs
    36.8 +    val remove_abbrevs = (for { (a, b) <- more_abbrevs if b == "" } yield a).toSet
    36.9 +
   36.10 +    (symbol_abbrevs ::: more_abbrevs).filterNot({ case (a, _) => remove_abbrevs.contains(a) })
   36.11    }
   36.12  
   36.13    private val caret_indicator = '\u0007'
    37.1 --- a/src/Pure/General/name_space.ML	Wed Feb 10 15:49:05 2016 +0100
    37.2 +++ b/src/Pure/General/name_space.ML	Fri Feb 12 22:36:48 2016 +0100
    37.3 @@ -389,7 +389,7 @@
    37.4    concealed' ? concealed;
    37.5  
    37.6  fun transform_binding (Naming {restricted, concealed, ...}) =
    37.7 -  Binding.restricted_default restricted #>
    37.8 +  Binding.restricted restricted #>
    37.9    concealed ? Binding.concealed;
   37.10  
   37.11  
    38.1 --- a/src/Pure/General/symbol.scala	Wed Feb 10 15:49:05 2016 +0100
    38.2 +++ b/src/Pure/General/symbol.scala	Fri Feb 12 22:36:48 2016 +0100
    38.3 @@ -255,7 +255,7 @@
    38.4          tab.get(x) match {
    38.5            case None => tab += (x -> y)
    38.6            case Some(z) =>
    38.7 -            error("Duplicate mapping of " + quote(x) + " to " + quote(y) + " vs. " + quote(z))
    38.8 +            error("Duplicate symbol mapping of " + quote(x) + " to " + quote(y) + " vs. " + quote(z))
    38.9          }
   38.10        }
   38.11        tab
    39.1 --- a/src/Pure/General/symbol_pos.ML	Wed Feb 10 15:49:05 2016 +0100
    39.2 +++ b/src/Pure/General/symbol_pos.ML	Fri Feb 12 22:36:48 2016 +0100
    39.3 @@ -71,7 +71,7 @@
    39.4          fun split syms =
    39.5            (case take_prefix (fn (s, _) => s <> "\n") syms of
    39.6              (line, []) => [line]
    39.7 -          | (line, nl :: rest) => line :: split rest);
    39.8 +          | (line, _ :: rest) => line :: split rest);
    39.9        in split list end;
   39.10  
   39.11  val trim_blanks = trim (Symbol.is_blank o symbol);
    40.1 --- a/src/Pure/General/url.scala	Wed Feb 10 15:49:05 2016 +0100
    40.2 +++ b/src/Pure/General/url.scala	Fri Feb 12 22:36:48 2016 +0100
    40.3 @@ -12,6 +12,9 @@
    40.4  
    40.5  object Url
    40.6  {
    40.7 +  def escape(name: String): String =
    40.8 +    (for (c <- name.iterator) yield if (c == '\'') "%27" else new String(Array(c))).mkString
    40.9 +
   40.10    def apply(name: String): URL =
   40.11    {
   40.12      try { new URL(name) }
    41.1 --- a/src/Pure/Isar/named_target.ML	Wed Feb 10 15:49:05 2016 +0100
    41.2 +++ b/src/Pure/Isar/named_target.ML	Fri Feb 12 22:36:48 2016 +0100
    41.3 @@ -86,7 +86,7 @@
    41.4    | abbrev (locale, false) = Generic_Target.locale_abbrev locale
    41.5    | abbrev (class, true) = Class.abbrev class;
    41.6  
    41.7 -fun declaration ("", _) flags decl = Generic_Target.theory_declaration decl
    41.8 +fun declaration ("", _) _ decl = Generic_Target.theory_declaration decl
    41.9    | declaration (locale, _) flags decl = Generic_Target.locale_declaration locale flags decl;
   41.10  
   41.11  fun theory_registration ("", _) = Generic_Target.theory_registration
    42.1 --- a/src/Pure/Isar/outer_syntax.scala	Wed Feb 10 15:49:05 2016 +0100
    42.2 +++ b/src/Pure/Isar/outer_syntax.scala	Fri Feb 12 22:36:48 2016 +0100
    42.3 @@ -166,9 +166,9 @@
    42.4            if (tok.is_command) {
    42.5              if (tok.is_command_kind(keywords, Keyword.theory_goal)) (2, 1)
    42.6              else if (tok.is_command_kind(keywords, Keyword.theory)) (1, 0)
    42.7 +            else if (tok.is_command_kind(keywords, Keyword.proof_open)) (y + 2, y + 1)
    42.8              else if (tok.is_command_kind(keywords, Keyword.PRF_BLOCK == _)) (y + 2, y + 1)
    42.9 -            else if (tok.is_command_kind(keywords, Keyword.QED_BLOCK == _)) (y + 1, y - 3)
   42.10 -            else if (tok.is_command_kind(keywords, Keyword.proof_open)) (y + 2, y + 1)
   42.11 +            else if (tok.is_command_kind(keywords, Keyword.QED_BLOCK == _)) (y + 1, y - 2)
   42.12              else if (tok.is_command_kind(keywords, Keyword.proof_close)) (y + 1, y - 1)
   42.13              else if (tok.is_command_kind(keywords, Keyword.qed_global)) (1, 0)
   42.14              else (x, y)
    43.1 --- a/src/Pure/Isar/toplevel.ML	Wed Feb 10 15:49:05 2016 +0100
    43.2 +++ b/src/Pure/Isar/toplevel.ML	Fri Feb 12 22:36:48 2016 +0100
    43.3 @@ -212,10 +212,6 @@
    43.4  fun reset_presentation (Theory (gthy, _)) = Theory (gthy, NONE)
    43.5    | reset_presentation node = node;
    43.6  
    43.7 -fun map_theory f (Theory (gthy, ctxt)) =
    43.8 -      Theory (Context.mapping f (Local_Theory.raw_theory f) gthy, ctxt)
    43.9 -  | map_theory _ node = node;
   43.10 -
   43.11  in
   43.12  
   43.13  fun apply_transaction f g node =
    44.1 --- a/src/Pure/ML/ml_antiquotations.ML	Wed Feb 10 15:49:05 2016 +0100
    44.2 +++ b/src/Pure/ML/ml_antiquotations.ML	Fri Feb 12 22:36:48 2016 +0100
    44.3 @@ -11,7 +11,7 @@
    44.4  
    44.5  val _ = Theory.setup
    44.6   (ML_Antiquotation.value @{binding cartouche}
    44.7 -    (Args.context -- Scan.lift (Parse.position Args.cartouche_input) >> (fn (ctxt, (source, pos)) =>
    44.8 +    (Scan.lift Args.cartouche_input >> (fn source =>
    44.9        "Input.source true " ^ ML_Syntax.print_string (Input.text_of source) ^ " " ^
   44.10          ML_Syntax.atomic (ML_Syntax.print_range (Input.range_of source)))) #>
   44.11  
    45.1 --- a/src/Pure/PIDE/markup.ML	Wed Feb 10 15:49:05 2016 +0100
    45.2 +++ b/src/Pure/PIDE/markup.ML	Fri Feb 12 22:36:48 2016 +0100
    45.3 @@ -28,7 +28,7 @@
    45.4    val is_delimited: Properties.T -> bool
    45.5    val language: {name: string, symbols: bool, antiquotes: bool, delimited: bool} -> T
    45.6    val language': {name: string, symbols: bool, antiquotes: bool} -> bool -> T
    45.7 -  val language_outer: bool -> T
    45.8 +  val language_Isar: bool -> T
    45.9    val language_method: T
   45.10    val language_attribute: T
   45.11    val language_sort: bool -> T
   45.12 @@ -301,7 +301,7 @@
   45.13  fun language' {name, symbols, antiquotes} delimited =
   45.14    language {name = name, symbols = symbols, antiquotes = antiquotes, delimited = delimited};
   45.15  
   45.16 -val language_outer = language' {name = "", symbols = true, antiquotes = false};
   45.17 +val language_Isar = language' {name = "Isar", symbols = true, antiquotes = false};
   45.18  val language_method =
   45.19    language {name = "method", symbols = true, antiquotes = false, delimited = false};
   45.20  val language_attribute =
    46.1 --- a/src/Pure/Syntax/syntax_phases.ML	Wed Feb 10 15:49:05 2016 +0100
    46.2 +++ b/src/Pure/Syntax/syntax_phases.ML	Fri Feb 12 22:36:48 2016 +0100
    46.3 @@ -581,7 +581,7 @@
    46.4              (mark Ts t1 $ mark Ts t2);
    46.5    in mark [] tm end;
    46.6  
    46.7 -fun prune_types ctxt tm =
    46.8 +fun prune_types tm =
    46.9    let
   46.10      fun regard t t' seen =
   46.11        if Type_Annotation.is_omitted (Type_Annotation.fastype_of [] t) then (t, seen)
   46.12 @@ -651,7 +651,7 @@
   46.13            in Ast.mk_appl (constrain (c $ Syntax.free x) X) (map ast_of ts) end
   46.14        | (Const ("_idtdummy", T), ts) =>
   46.15            Ast.mk_appl (constrain (Syntax.const "_idtdummy") T) (map ast_of ts)
   46.16 -      | (const as Const (c, T), ts) => trans c (Type_Annotation.smash T) ts
   46.17 +      | (Const (c, T), ts) => trans c (Type_Annotation.smash T) ts
   46.18        | (t, ts) => Ast.mk_appl (simple_ast_of ctxt t) (map ast_of ts))
   46.19  
   46.20      and trans a T args = ast_of (trf a ctxt T args)
   46.21 @@ -672,7 +672,7 @@
   46.22    in
   46.23      tm
   46.24      |> mark_aprop
   46.25 -    |> show_types ? prune_types ctxt
   46.26 +    |> show_types ? prune_types
   46.27      |> Variable.revert_bounds ctxt
   46.28      |> mark_atoms is_syntax_const ctxt
   46.29      |> ast_of
    47.1 --- a/src/Pure/System/options.scala	Wed Feb 10 15:49:05 2016 +0100
    47.2 +++ b/src/Pure/System/options.scala	Fri Feb 12 22:36:48 2016 +0100
    47.3 @@ -387,48 +387,52 @@
    47.4  
    47.5  class Options_Variable
    47.6  {
    47.7 -  private var options = Options.empty
    47.8 +  private var options: Option[Options] = None
    47.9 +
   47.10 +  def store(new_options: Options): Unit = synchronized { options = Some(new_options) }
   47.11  
   47.12 -  def value: Options = synchronized { options }
   47.13 -  def update(new_options: Options): Unit = synchronized { options = new_options }
   47.14 +  def value: Options = synchronized {
   47.15 +    options match {
   47.16 +      case Some(opts) => opts
   47.17 +      case None => error("Uninitialized Isabelle system options")
   47.18 +    }
   47.19 +  }
   47.20  
   47.21 -  def + (name: String, x: String): Unit = synchronized { options = options + (name, x) }
   47.22 +  private def upd(f: Options => Options): Unit = synchronized { options = Some(f(value)) }
   47.23 +
   47.24 +  def + (name: String, x: String): Unit = upd(opts => opts + (name, x))
   47.25  
   47.26    class Bool_Access
   47.27    {
   47.28 -    def apply(name: String): Boolean = synchronized { options.bool(name) }
   47.29 -    def update(name: String, x: Boolean): Unit =
   47.30 -      synchronized { options = options.bool.update(name, x) }
   47.31 +    def apply(name: String): Boolean = value.bool(name)
   47.32 +    def update(name: String, x: Boolean): Unit = upd(opts => opts.bool.update(name, x))
   47.33    }
   47.34    val bool = new Bool_Access
   47.35  
   47.36    class Int_Access
   47.37    {
   47.38 -    def apply(name: String): Int = synchronized { options.int(name) }
   47.39 -    def update(name: String, x: Int): Unit =
   47.40 -      synchronized { options = options.int.update(name, x) }
   47.41 +    def apply(name: String): Int = value.int(name)
   47.42 +    def update(name: String, x: Int): Unit = upd(opts => opts.int.update(name, x))
   47.43    }
   47.44    val int = new Int_Access
   47.45  
   47.46    class Real_Access
   47.47    {
   47.48 -    def apply(name: String): Double = synchronized { options.real(name) }
   47.49 -    def update(name: String, x: Double): Unit =
   47.50 -      synchronized { options = options.real.update(name, x) }
   47.51 +    def apply(name: String): Double = value.real(name)
   47.52 +    def update(name: String, x: Double): Unit = upd(opts => opts.real.update(name, x))
   47.53    }
   47.54    val real = new Real_Access
   47.55  
   47.56    class String_Access
   47.57    {
   47.58 -    def apply(name: String): String = synchronized { options.string(name) }
   47.59 -    def update(name: String, x: String): Unit =
   47.60 -      synchronized { options = options.string.update(name, x) }
   47.61 +    def apply(name: String): String = value.string(name)
   47.62 +    def update(name: String, x: String): Unit = upd(opts => opts.string.update(name, x))
   47.63    }
   47.64    val string = new String_Access
   47.65  
   47.66    class Seconds_Access
   47.67    {
   47.68 -    def apply(name: String): Time = synchronized { options.seconds(name) }
   47.69 +    def apply(name: String): Time = value.seconds(name)
   47.70    }
   47.71    val seconds = new Seconds_Access
   47.72  }
    48.1 --- a/src/Pure/Thy/document_antiquotations.ML	Wed Feb 10 15:49:05 2016 +0100
    48.2 +++ b/src/Pure/Thy/document_antiquotations.ML	Fri Feb 12 22:36:48 2016 +0100
    48.3 @@ -87,7 +87,7 @@
    48.4          let
    48.5            val _ =
    48.6              Context_Position.report ctxt (Input.pos_of source)
    48.7 -              (Markup.language_outer (Input.is_delimited source));
    48.8 +              (Markup.language_Isar (Input.is_delimited source));
    48.9  
   48.10            val keywords = Thy_Header.get_keywords' ctxt;
   48.11            val toks =
   48.12 @@ -217,7 +217,9 @@
   48.13    Theory.setup
   48.14     (entity_antiquotation @{binding command} Outer_Syntax.check_command
   48.15       (enclose "\\isacommand{" "}" o Output.output) #>
   48.16 -    entity_antiquotation @{binding method} Method.check_name Output.output #>
   48.17 -    entity_antiquotation @{binding attribute} Attrib.check_name Output.output);
   48.18 +    entity_antiquotation @{binding method} Method.check_name
   48.19 +     (enclose "\\isa{" "}" o Output.output) #>
   48.20 +    entity_antiquotation @{binding attribute} Attrib.check_name
   48.21 +     (enclose "\\isa{" "}" o Output.output));
   48.22  
   48.23  end;
    49.1 --- a/src/Pure/Tools/check_source.scala	Wed Feb 10 15:49:05 2016 +0100
    49.2 +++ b/src/Pure/Tools/check_source.scala	Fri Feb 12 22:36:48 2016 +0100
    49.3 @@ -44,7 +44,7 @@
    49.4      Isabelle_System.hg("--repository " + File.shell_path(root) + " root").check_error
    49.5      for {
    49.6        file <- Isabelle_System.hg("manifest", root).check_error.out_lines
    49.7 -      if file.endsWith(".thy") || file.endsWith(".ML")
    49.8 +      if file.endsWith(".thy") || file.endsWith(".ML") || file.endsWith("/ROOT")
    49.9      } check_file(root + Path.explode(file))
   49.10    }
   49.11  
    50.1 --- a/src/Pure/Tools/main.scala	Wed Feb 10 15:49:05 2016 +0100
    50.2 +++ b/src/Pure/Tools/main.scala	Fri Feb 12 22:36:48 2016 +0100
    50.3 @@ -105,6 +105,7 @@
    50.4          val env = env0.asInstanceOf[java.util.Map[String, String]]
    50.5          env.put("ISABELLE_HOME", File.platform_path(isabelle_home))
    50.6          env.put("ISABELLE_HOME_USER", File.platform_path(isabelle_home_user))
    50.7 +        env.remove("ISABELLE_ROOT")
    50.8        }
    50.9      }
   50.10  
    51.1 --- a/src/Tools/jEdit/src/context_menu.scala	Wed Feb 10 15:49:05 2016 +0100
    51.2 +++ b/src/Tools/jEdit/src/context_menu.scala	Fri Feb 12 22:36:48 2016 +0100
    51.3 @@ -21,22 +21,23 @@
    51.4  class Context_Menu extends DynamicContextMenuService
    51.5  {
    51.6    def createMenu(text_area: JEditTextArea, evt: MouseEvent): Array[JMenuItem] =
    51.7 -  {
    51.8 -    PIDE.dismissed_popups(text_area.getView)
    51.9 +    if (evt == null) null
   51.10 +    else {
   51.11 +      PIDE.dismissed_popups(text_area.getView)
   51.12  
   51.13 -    val items1 =
   51.14 -      if (evt != null && evt.getSource == text_area.getPainter) {
   51.15 -        val offset = text_area.xyToOffset(evt.getX, evt.getY)
   51.16 -        if (offset >= 0)
   51.17 -          Spell_Checker.context_menu(text_area, offset) :::
   51.18 -          Debugger_Dockable.context_menu(text_area, offset)
   51.19 +      val items1 =
   51.20 +        if (evt != null && evt.getSource == text_area.getPainter) {
   51.21 +          val offset = text_area.xyToOffset(evt.getX, evt.getY)
   51.22 +          if (offset >= 0)
   51.23 +            Spell_Checker.context_menu(text_area, offset) :::
   51.24 +            Debugger_Dockable.context_menu(text_area, offset)
   51.25 +          else Nil
   51.26 +        }
   51.27          else Nil
   51.28 -      }
   51.29 -      else Nil
   51.30 +
   51.31 +      val items2 = Bibtex_JEdit.context_menu(text_area)
   51.32  
   51.33 -    val items2 = Bibtex_JEdit.context_menu(text_area)
   51.34 -
   51.35 -    val items = items1 ::: items2
   51.36 -    if (items.isEmpty) null else items.toArray
   51.37 +      val items = items1 ::: items2
   51.38 +      if (items.isEmpty) null else items.toArray
   51.39    }
   51.40  }
    52.1 --- a/src/Tools/jEdit/src/document_model.scala	Wed Feb 10 15:49:05 2016 +0100
    52.2 +++ b/src/Tools/jEdit/src/document_model.scala	Fri Feb 12 22:36:48 2016 +0100
    52.3 @@ -309,6 +309,7 @@
    52.4      for (text_area <- JEdit_Lib.jedit_text_areas(buffer))
    52.5        Untyped.method(Class.forName("org.gjt.sp.jedit.textarea.TextArea"), "foldStructureChanged").
    52.6          invoke(text_area)
    52.7 +    buffer.invalidateCachedFoldLevels
    52.8    }
    52.9  
   52.10    private def init_token_marker()
    53.1 --- a/src/Tools/jEdit/src/jedit_editor.scala	Wed Feb 10 15:49:05 2016 +0100
    53.2 +++ b/src/Tools/jEdit/src/jedit_editor.scala	Fri Feb 12 22:36:48 2016 +0100
    53.3 @@ -223,7 +223,7 @@
    53.4        val external = true
    53.5        def follow(view: View): Unit =
    53.6          Standard_Thread.fork("hyperlink_url") {
    53.7 -          try { Isabelle_System.open(name) }
    53.8 +          try { Isabelle_System.open(Url.escape(name)) }
    53.9            catch {
   53.10              case exn: Throwable =>
   53.11                GUI_Thread.later {
    54.1 --- a/src/Tools/jEdit/src/jedit_lib.scala	Wed Feb 10 15:49:05 2016 +0100
    54.2 +++ b/src/Tools/jEdit/src/jedit_lib.scala	Fri Feb 12 22:36:48 2016 +0100
    54.3 @@ -16,7 +16,7 @@
    54.4  import scala.annotation.tailrec
    54.5  import scala.util.parsing.input.CharSequenceReader
    54.6  
    54.7 -import org.gjt.sp.jedit.{jEdit, Buffer, View, GUIUtilities, Debug}
    54.8 +import org.gjt.sp.jedit.{jEdit, Buffer, View, GUIUtilities, Debug, EditPane}
    54.9  import org.gjt.sp.jedit.gui.KeyEventWorkaround
   54.10  import org.gjt.sp.jedit.buffer.{JEditBuffer, LineManager}
   54.11  import org.gjt.sp.jedit.textarea.{JEditTextArea, TextArea, TextAreaPainter}
   54.12 @@ -130,6 +130,10 @@
   54.13  
   54.14    def jedit_views(): Iterator[View] = jEdit.getViews().iterator
   54.15  
   54.16 +  def jedit_edit_panes(view: View): Iterator[EditPane] =
   54.17 +    if (view == null) Iterator.empty
   54.18 +    else view.getEditPanes().iterator.filter(_ != null)
   54.19 +
   54.20    def jedit_text_areas(view: View): Iterator[JEditTextArea] =
   54.21      if (view == null) Iterator.empty
   54.22      else view.getEditPanes().iterator.filter(_ != null).map(_.getTextArea).filter(_ != null)
    55.1 --- a/src/Tools/jEdit/src/jedit_options.scala	Wed Feb 10 15:49:05 2016 +0100
    55.2 +++ b/src/Tools/jEdit/src/jedit_options.scala	Fri Feb 12 22:36:48 2016 +0100
    55.3 @@ -96,7 +96,7 @@
    55.4              val title = opt_title
    55.5              def load = text = value.check_name(opt_name).value
    55.6              def save =
    55.7 -              try { update(value + (opt_name, text)) }
    55.8 +              try { store(value + (opt_name, text)) }
    55.9                catch {
   55.10                  case ERROR(msg) =>
   55.11                    GUI.error_dialog(this.peer, "Failed to update options",
    56.1 --- a/src/Tools/jEdit/src/output_dockable.scala	Wed Feb 10 15:49:05 2016 +0100
    56.2 +++ b/src/Tools/jEdit/src/output_dockable.scala	Fri Feb 12 22:36:48 2016 +0100
    56.3 @@ -129,6 +129,7 @@
    56.4      Session.Consumer[Any](getClass.getName) {
    56.5        case _: Session.Global_Options =>
    56.6          GUI_Thread.later {
    56.7 +          handle_resize()
    56.8            output_state_button.selected = output_state
    56.9            handle_update(do_update, None)
   56.10          }
    57.1 --- a/src/Tools/jEdit/src/plugin.scala	Wed Feb 10 15:49:05 2016 +0100
    57.2 +++ b/src/Tools/jEdit/src/plugin.scala	Fri Feb 12 22:36:48 2016 +0100
    57.3 @@ -19,8 +19,8 @@
    57.4  import org.gjt.sp.jedit.buffer.JEditBuffer
    57.5  import org.gjt.sp.jedit.syntax.ModeProvider
    57.6  import org.gjt.sp.jedit.msg.{EditorStarted, BufferUpdate, EditPaneUpdate, PropertiesChanged}
    57.7 -
    57.8  import org.gjt.sp.util.SyntaxUtilities
    57.9 +import org.gjt.sp.util.Log
   57.10  
   57.11  
   57.12  object PIDE
   57.13 @@ -377,6 +377,15 @@
   57.14            }
   57.15  
   57.16          case msg: PropertiesChanged =>
   57.17 +          for {
   57.18 +            view <- JEdit_Lib.jedit_views
   57.19 +            edit_pane <- JEdit_Lib.jedit_edit_panes(view)
   57.20 +          } {
   57.21 +            val buffer = edit_pane.getBuffer
   57.22 +            val text_area = edit_pane.getTextArea
   57.23 +            if (buffer != null && text_area != null) PIDE.init_view(buffer, text_area)
   57.24 +          }
   57.25 +
   57.26            PIDE.spell_checker.update(PIDE.options.value)
   57.27            PIDE.session.update_options(PIDE.options.value)
   57.28  
   57.29 @@ -391,7 +400,7 @@
   57.30        Debug.DISABLE_SEARCH_DIALOG_POOL = true
   57.31  
   57.32        PIDE.plugin = this
   57.33 -      PIDE.options.update(Options.init())
   57.34 +      PIDE.options.store(Options.init())
   57.35        PIDE.completion_history.load()
   57.36        PIDE.spell_checker.update(PIDE.options.value)
   57.37  
   57.38 @@ -420,6 +429,7 @@
   57.39        case exn: Throwable =>
   57.40          PIDE.startup_failure = Some(exn)
   57.41          PIDE.startup_notified = false
   57.42 +        Log.log(Log.ERROR, this, exn)
   57.43      }
   57.44    }
   57.45  
    58.1 --- a/src/Tools/jEdit/src/text_overview.scala	Wed Feb 10 15:49:05 2016 +0100
    58.2 +++ b/src/Tools/jEdit/src/text_overview.scala	Fri Feb 12 22:36:48 2016 +0100
    58.3 @@ -72,6 +72,9 @@
    58.4    private var current_overview = Overview()
    58.5    private var current_colors: List[(Color, Int, Int)] = Nil
    58.6  
    58.7 +  private val delay_repaint =
    58.8 +    GUI_Thread.delay_first(PIDE.options.seconds("editor_update_delay")) { repaint() }
    58.9 +
   58.10    override def paintComponent(gfx: Graphics)
   58.11    {
   58.12      super.paintComponent(gfx)
   58.13 @@ -83,7 +86,7 @@
   58.14          val overview = get_overview()
   58.15  
   58.16          if (rendering.snapshot.is_outdated || overview != current_overview) {
   58.17 -          invoke()
   58.18 +          delay_repaint.invoke()
   58.19  
   58.20            gfx.setColor(rendering.outdated_color)
   58.21            gfx.asInstanceOf[Graphics2D].fill(gfx.getClipBounds)
   58.22 @@ -103,23 +106,21 @@
   58.23  
   58.24    /* asynchronous refresh */
   58.25  
   58.26 -  private var future_refresh: Option[Future[Unit]] = None
   58.27 -  private def cancel(): Unit = future_refresh.map(_.cancel)
   58.28 +  private val future_refresh = Synchronized(Future.value(()))
   58.29 +  private def is_running(): Boolean = !future_refresh.value.is_finished
   58.30  
   58.31    def invoke(): Unit = delay_refresh.invoke()
   58.32 -  def revoke(): Unit = delay_refresh.revoke()
   58.33 +  def revoke(): Unit = { delay_refresh.revoke(); future_refresh.change(x => { x.cancel; x }) }
   58.34  
   58.35    private val delay_refresh =
   58.36 -    GUI_Thread.delay_first(PIDE.options.seconds("editor_update_delay"), cancel _) {
   58.37 +    GUI_Thread.delay_first(PIDE.options.seconds("editor_update_delay")) {
   58.38        doc_view.rich_text_area.robust_body(()) {
   58.39          JEdit_Lib.buffer_lock(buffer) {
   58.40            val rendering = doc_view.get_rendering()
   58.41            val overview = get_overview()
   58.42  
   58.43 -          if (rendering.snapshot.is_outdated) invoke()
   58.44 +          if (rendering.snapshot.is_outdated || is_running()) invoke()
   58.45            else {
   58.46 -            cancel()
   58.47 -
   58.48              val line_offsets =
   58.49              {
   58.50                val line_manager = JEdit_Lib.buffer_line_manager(buffer)
   58.51 @@ -128,8 +129,8 @@
   58.52                a
   58.53              }
   58.54  
   58.55 -            future_refresh =
   58.56 -              Some(Future.fork {
   58.57 +            future_refresh.change(_ =>
   58.58 +              Future.fork {
   58.59                  val line_count = overview.line_count
   58.60                  val char_count = overview.char_count
   58.61                  val L = overview.L
   58.62 @@ -170,7 +171,8 @@
   58.63                    current_colors = new_colors
   58.64                    repaint()
   58.65                  }
   58.66 -              })
   58.67 +              }
   58.68 +            )
   58.69            }
   58.70          }
   58.71        }