standardized towards new-style formal comments: isabelle update_comments;
authorwenzelm
Tue Jan 16 09:30:00 2018 +0100 (16 months ago)
changeset 674433abf6a722518
parent 67442 f075640b8868
child 67444 100247708f31
standardized towards new-style formal comments: isabelle update_comments;
src/CCL/Gfp.thy
src/CCL/Lfp.thy
src/CTT/CTT.thy
src/Doc/Eisbach/Manual.thy
src/Doc/Functions/Functions.thy
src/Doc/Isar_Ref/Synopsis.thy
src/Doc/Logics_ZF/FOL_examples.thy
src/Doc/Logics_ZF/IFOL_examples.thy
src/Doc/Logics_ZF/If.thy
src/Doc/Logics_ZF/ZF_examples.thy
src/Doc/Prog_Prove/Isar.thy
src/Doc/Sugar/Sugar.thy
src/Doc/Tutorial/Documents/Documents.thy
src/Doc/Tutorial/Protocol/Event.thy
src/Doc/Tutorial/Protocol/Message.thy
src/Doc/Tutorial/Rules/Basic.thy
src/Doc/Tutorial/Rules/TPrimes.thy
src/Doc/Tutorial/Rules/Tacticals.thy
src/Doc/Tutorial/Types/Numbers.thy
src/FOL/ex/Intuitionistic.thy
src/FOL/ex/Locale_Test/Locale_Test1.thy
src/FOLP/ex/Intuitionistic.thy
src/HOL/Algebra/AbelCoset.thy
src/HOL/Algebra/Bij.thy
src/HOL/Algebra/Coset.thy
src/HOL/Algebra/Divisibility.thy
src/HOL/Algebra/Group.thy
src/HOL/Algebra/Ideal.thy
src/HOL/Algebra/IntRing.thy
src/HOL/Algebra/Lattice.thy
src/HOL/Algebra/QuotRing.thy
src/HOL/Algebra/RingHom.thy
src/HOL/Analysis/Brouwer_Fixpoint.thy
src/HOL/Analysis/Cauchy_Integral_Theorem.thy
src/HOL/Analysis/Complex_Transcendental.thy
src/HOL/Analysis/Conformal_Mappings.thy
src/HOL/Analysis/Improper_Integral.thy
src/HOL/Analysis/Linear_Algebra.thy
src/HOL/Analysis/Path_Connected.thy
src/HOL/Analysis/Starlike.thy
src/HOL/Analysis/Tagged_Division.thy
src/HOL/Analysis/Topology_Euclidean_Space.thy
src/HOL/Auth/CertifiedEmail.thy
src/HOL/Auth/Event.thy
src/HOL/Auth/KerberosIV.thy
src/HOL/Auth/KerberosIV_Gets.thy
src/HOL/Auth/KerberosV.thy
src/HOL/Auth/Message.thy
src/HOL/Auth/OtwayRees.thy
src/HOL/Auth/OtwayRees_AN.thy
src/HOL/Auth/OtwayRees_Bad.thy
src/HOL/Auth/Public.thy
src/HOL/Auth/Shared.thy
src/HOL/Auth/Smartcard/EventSC.thy
src/HOL/Auth/Smartcard/Smartcard.thy
src/HOL/Auth/TLS.thy
src/HOL/Auth/Yahalom.thy
src/HOL/Auth/Yahalom2.thy
src/HOL/Auth/ZhouGollmann.thy
src/HOL/Bali/AxSem.thy
src/HOL/Bali/AxSound.thy
src/HOL/Bali/Decl.thy
src/HOL/Bali/DeclConcepts.thy
src/HOL/Bali/DefiniteAssignment.thy
src/HOL/Bali/Eval.thy
src/HOL/Bali/Evaln.thy
src/HOL/Bali/Name.thy
src/HOL/Bali/State.thy
src/HOL/Bali/Table.thy
src/HOL/Bali/Term.thy
src/HOL/Bali/Trans.thy
src/HOL/Bali/Type.thy
src/HOL/Bali/TypeRel.thy
src/HOL/Bali/TypeSafe.thy
src/HOL/Bali/Value.thy
src/HOL/Bali/WellType.thy
src/HOL/Binomial.thy
src/HOL/Cardinals/Wellorder_Extension.thy
src/HOL/Computational_Algebra/Euclidean_Algorithm.thy
src/HOL/Decision_Procs/ex/Approximation_Quickcheck_Ex.thy
src/HOL/Deriv.thy
src/HOL/Finite_Set.thy
src/HOL/Fun_Def.thy
src/HOL/HOL.thy
src/HOL/HOLCF/Cont.thy
src/HOL/HOLCF/IMP/HoareEx.thy
src/HOL/HOLCF/Tutorial/Domain_ex.thy
src/HOL/Hoare/Hoare_Logic.thy
src/HOL/Hoare/SchorrWaite.thy
src/HOL/Hoare_Parallel/Gar_Coll.thy
src/HOL/Hoare_Parallel/Graph.thy
src/HOL/Hoare_Parallel/Mul_Gar_Coll.thy
src/HOL/Hoare_Parallel/OG_Examples.thy
src/HOL/Hoare_Parallel/OG_Hoare.thy
src/HOL/Hoare_Parallel/RG_Examples.thy
src/HOL/Hoare_Parallel/RG_Hoare.thy
src/HOL/Hoare_Parallel/RG_Tran.thy
src/HOL/IMP/Abs_Int0.thy
src/HOL/IMP/Abs_Int1.thy
src/HOL/IMP/Abs_Int2.thy
src/HOL/IMP/Abs_Int3.thy
src/HOL/IMP/Abs_Int_init.thy
src/HOL/IMP/Abs_State.thy
src/HOL/IMP/Big_Step.thy
src/HOL/IMP/Star.thy
src/HOL/Imperative_HOL/Heap.thy
src/HOL/Imperative_HOL/Ref.thy
src/HOL/Induct/ABexp.thy
src/HOL/Induct/Comb.thy
src/HOL/Isar_Examples/Hoare.thy
src/HOL/Library/Cardinality.thy
src/HOL/Library/Code_Test.thy
src/HOL/Library/Extended_Nonnegative_Real.thy
src/HOL/Library/Omega_Words_Fun.thy
src/HOL/List.thy
src/HOL/Metis_Examples/Message.thy
src/HOL/Metis_Examples/Trans_Closure.thy
src/HOL/MicroJava/BV/BVSpec.thy
src/HOL/MicroJava/BV/BVSpecTypeSafe.thy
src/HOL/MicroJava/BV/Effect.thy
src/HOL/MicroJava/BV/JVMType.thy
src/HOL/MicroJava/Comp/CorrCompTp.thy
src/HOL/MicroJava/Comp/LemmasComp.thy
src/HOL/MicroJava/DFA/Kildall.thy
src/HOL/MicroJava/J/Conform.thy
src/HOL/MicroJava/J/Decl.thy
src/HOL/MicroJava/J/Eval.thy
src/HOL/MicroJava/J/Example.thy
src/HOL/MicroJava/J/JTypeSafe.thy
src/HOL/MicroJava/J/State.thy
src/HOL/MicroJava/J/Term.thy
src/HOL/MicroJava/J/Type.thy
src/HOL/MicroJava/J/TypeRel.thy
src/HOL/MicroJava/J/Value.thy
src/HOL/MicroJava/J/WellType.thy
src/HOL/MicroJava/JVM/JVMExec.thy
src/HOL/MicroJava/JVM/JVMExecInstr.thy
src/HOL/MicroJava/JVM/JVMInstructions.thy
src/HOL/MicroJava/JVM/JVMState.thy
src/HOL/Mirabelle/ex/Ex.thy
src/HOL/NanoJava/AxSem.thy
src/HOL/NanoJava/Decl.thy
src/HOL/NanoJava/State.thy
src/HOL/NanoJava/Term.thy
src/HOL/NanoJava/TypeRel.thy
src/HOL/Nominal/Examples/Fsub.thy
src/HOL/Nominal/Examples/SN.thy
src/HOL/Nominal/Nominal.thy
src/HOL/Nonstandard_Analysis/HSEQ.thy
src/HOL/Nonstandard_Analysis/HTranscendental.thy
src/HOL/Nonstandard_Analysis/NSCA.thy
src/HOL/Orderings.thy
src/HOL/Predicate_Compile_Examples/Examples.thy
src/HOL/Probability/ex/Dining_Cryptographers.thy
src/HOL/Product_Type.thy
src/HOL/Proofs/Lambda/NormalForm.thy
src/HOL/Quickcheck_Examples/Quickcheck_Examples.thy
src/HOL/SET_Protocol/Cardholder_Registration.thy
src/HOL/SET_Protocol/Merchant_Registration.thy
src/HOL/SET_Protocol/Message_SET.thy
src/HOL/SET_Protocol/Public_SET.thy
src/HOL/SET_Protocol/Purchase.thy
src/HOL/Set.thy
src/HOL/Set_Interval.thy
src/HOL/Sum_Type.thy
src/HOL/Transcendental.thy
src/HOL/UNITY/Comp/Alloc.thy
src/HOL/UNITY/Comp/Client.thy
src/HOL/UNITY/Comp/Priority.thy
src/HOL/UNITY/Comp/PriorityAux.thy
src/HOL/UNITY/ProgressSets.thy
src/HOL/UNITY/Simple/Lift.thy
src/HOL/UNITY/Simple/Token.thy
src/HOL/UNITY/Transformers.thy
src/HOL/UNITY/UNITY.thy
src/HOL/UNITY/WFair.thy
src/HOL/Unix/Unix.thy
src/HOL/Word/Bool_List_Representation.thy
src/HOL/Word/Word.thy
src/HOL/Word/Word_Miscellaneous.thy
src/HOL/ZF/HOLZF.thy
src/HOL/Zorn.thy
src/HOL/ex/Classical.thy
src/HOL/ex/Dedekind_Real.thy
src/HOL/ex/HarmonicSeries.thy
src/HOL/ex/Meson_Test.thy
src/HOL/ex/NatSum.thy
src/HOL/ex/Records.thy
src/HOL/ex/Set_Theory.thy
src/HOL/ex/Simproc_Tests.thy
src/HOL/ex/Unification.thy
src/ZF/AC/AC_Equiv.thy
src/ZF/Cardinal.thy
src/ZF/CardinalArith.thy
src/ZF/Cardinal_AC.thy
src/ZF/Constructible/AC_in_L.thy
src/ZF/Constructible/DPow_absolute.thy
src/ZF/Constructible/Datatype_absolute.thy
src/ZF/Constructible/Formula.thy
src/ZF/Constructible/Normal.thy
src/ZF/Constructible/Rank.thy
src/ZF/Constructible/Rank_Separation.thy
src/ZF/Constructible/Reflection.thy
src/ZF/Constructible/Relative.thy
src/ZF/Constructible/Satisfies_absolute.thy
src/ZF/Constructible/Separation.thy
src/ZF/Constructible/WF_absolute.thy
src/ZF/Constructible/WFrec.thy
src/ZF/Constructible/Wellorderings.thy
src/ZF/EquivClass.thy
src/ZF/Induct/Binary_Trees.thy
src/ZF/Int_ZF.thy
src/ZF/List_ZF.thy
src/ZF/OrderArith.thy
src/ZF/UNITY/AllocBase.thy
src/ZF/UNITY/Distributor.thy
src/ZF/UNITY/Merge.thy
src/ZF/UNITY/Mutex.thy
src/ZF/UNITY/UNITY.thy
src/ZF/WF.thy
src/ZF/ZF_Base.thy
src/ZF/Zorn.thy
src/ZF/ex/Group.thy
src/ZF/ex/Limit.thy
src/ZF/ex/Primes.thy
src/ZF/ex/Ramsey.thy
     1.1 --- a/src/CCL/Gfp.thy	Tue Jan 16 09:12:16 2018 +0100
     1.2 +++ b/src/CCL/Gfp.thy	Tue Jan 16 09:30:00 2018 +0100
     1.3 @@ -10,7 +10,7 @@
     1.4  begin
     1.5  
     1.6  definition
     1.7 -  gfp :: "['a set\<Rightarrow>'a set] \<Rightarrow> 'a set" where \<comment> "greatest fixed point"
     1.8 +  gfp :: "['a set\<Rightarrow>'a set] \<Rightarrow> 'a set" where \<comment> \<open>greatest fixed point\<close>
     1.9    "gfp(f) == Union({u. u <= f(u)})"
    1.10  
    1.11  (* gfp(f) is the least upper bound of {u. u <= f(u)} *)
     2.1 --- a/src/CCL/Lfp.thy	Tue Jan 16 09:12:16 2018 +0100
     2.2 +++ b/src/CCL/Lfp.thy	Tue Jan 16 09:30:00 2018 +0100
     2.3 @@ -10,7 +10,7 @@
     2.4  begin
     2.5  
     2.6  definition
     2.7 -  lfp :: "['a set\<Rightarrow>'a set] \<Rightarrow> 'a set" where \<comment> "least fixed point"
     2.8 +  lfp :: "['a set\<Rightarrow>'a set] \<Rightarrow> 'a set" where \<comment> \<open>least fixed point\<close>
     2.9    "lfp(f) == Inter({u. f(u) <= u})"
    2.10  
    2.11  (* lfp(f) is the greatest lower bound of {u. f(u) <= u} *)
     3.1 --- a/src/CTT/CTT.thy	Tue Jan 16 09:12:16 2018 +0100
     3.2 +++ b/src/CTT/CTT.thy	Tue Jan 16 09:30:00 2018 +0100
     3.3 @@ -239,12 +239,10 @@
     3.4  
     3.5  
     3.6    \<comment> \<open>The type T\<close>
     3.7 -  \<comment> \<open>
     3.8 -    Martin-Löf's book (page 68) discusses elimination and computation.
     3.9 +  \<comment> \<open>Martin-Löf's book (page 68) discusses elimination and computation.
    3.10      Elimination can be derived by computation and equality of types,
    3.11      but with an extra premise \<open>C(x)\<close> type \<open>x:T\<close>.
    3.12 -    Also computation can be derived from elimination.
    3.13 -  \<close>
    3.14 +    Also computation can be derived from elimination.\<close>
    3.15  
    3.16    TF: "T type" and
    3.17    TI: "tt : T" and
     4.1 --- a/src/Doc/Eisbach/Manual.thy	Tue Jan 16 09:12:16 2018 +0100
     4.2 +++ b/src/Doc/Eisbach/Manual.thy	Tue Jan 16 09:30:00 2018 +0100
     4.3 @@ -249,16 +249,16 @@
     4.4  \<close>
     4.5  
     4.6      lemmas [intros] =
     4.7 -      conjI  \<comment>  \<open>@{thm conjI}\<close>
     4.8 -      impI  \<comment>  \<open>@{thm impI}\<close>
     4.9 -      disjCI  \<comment>  \<open>@{thm disjCI}\<close>
    4.10 -      iffI  \<comment>  \<open>@{thm iffI}\<close>
    4.11 -      notI  \<comment>  \<open>@{thm notI}\<close>
    4.12 +      conjI  \<comment> \<open>@{thm conjI}\<close>
    4.13 +      impI  \<comment> \<open>@{thm impI}\<close>
    4.14 +      disjCI  \<comment> \<open>@{thm disjCI}\<close>
    4.15 +      iffI  \<comment> \<open>@{thm iffI}\<close>
    4.16 +      notI  \<comment> \<open>@{thm notI}\<close>
    4.17  
    4.18      lemmas [elims] =
    4.19 -      impCE  \<comment>  \<open>@{thm impCE}\<close>
    4.20 -      conjE  \<comment>  \<open>@{thm conjE}\<close>
    4.21 -      disjE  \<comment>  \<open>@{thm disjE}\<close>
    4.22 +      impCE  \<comment> \<open>@{thm impCE}\<close>
    4.23 +      conjE  \<comment> \<open>@{thm conjE}\<close>
    4.24 +      disjE  \<comment> \<open>@{thm disjE}\<close>
    4.25  
    4.26      lemma "(A \<or> B) \<and> (A \<longrightarrow> C) \<and> (B \<longrightarrow> C) \<longrightarrow> C"
    4.27        by prop_solver
     5.1 --- a/src/Doc/Functions/Functions.thy	Tue Jan 16 09:12:16 2018 +0100
     5.2 +++ b/src/Doc/Functions/Functions.thy	Tue Jan 16 09:30:00 2018 +0100
     5.3 @@ -1095,11 +1095,11 @@
     5.4    let ?R = "measure (\<lambda>x. 101 - x)"
     5.5    show "wf ?R" ..
     5.6  
     5.7 -  fix n :: nat assume "\<not> 100 < n" \<comment> "Assumptions for both calls"
     5.8 +  fix n :: nat assume "\<not> 100 < n" \<comment> \<open>Assumptions for both calls\<close>
     5.9  
    5.10 -  thus "(n + 11, n) \<in> ?R" by simp \<comment> "Inner call"
    5.11 +  thus "(n + 11, n) \<in> ?R" by simp \<comment> \<open>Inner call\<close>
    5.12  
    5.13 -  assume inner_trm: "f91_dom (n + 11)" \<comment> "Outer call"
    5.14 +  assume inner_trm: "f91_dom (n + 11)" \<comment> \<open>Outer call\<close>
    5.15    with f91_estimate have "n + 11 < f91 (n + 11) + 11" .
    5.16    with \<open>\<not> 100 < n\<close> show "(f91 (n + 11), n) \<in> ?R" by simp
    5.17  qed
     6.1 --- a/src/Doc/Isar_Ref/Synopsis.thy	Tue Jan 16 09:12:16 2018 +0100
     6.2 +++ b/src/Doc/Isar_Ref/Synopsis.thy	Tue Jan 16 09:30:00 2018 +0100
     6.3 @@ -669,9 +669,9 @@
     6.4  begin
     6.5    assume a: A and b: B
     6.6    thm conjI
     6.7 -  thm conjI [of A B]  \<comment> "instantiation"
     6.8 -  thm conjI [of A B, OF a b]  \<comment> "instantiation and composition"
     6.9 -  thm conjI [OF a b]  \<comment> "composition via unification (trivial)"
    6.10 +  thm conjI [of A B]  \<comment> \<open>instantiation\<close>
    6.11 +  thm conjI [of A B, OF a b]  \<comment> \<open>instantiation and composition\<close>
    6.12 +  thm conjI [OF a b]  \<comment> \<open>composition via unification (trivial)\<close>
    6.13    thm conjI [OF \<open>A\<close> \<open>B\<close>]
    6.14  
    6.15    thm conjI [OF disjI1]
    6.16 @@ -704,9 +704,9 @@
    6.17        fix x
    6.18        assume "A x"
    6.19        show "B x" \<proof>
    6.20 -    } \<comment> "implicit block structure made explicit"
    6.21 +    } \<comment> \<open>implicit block structure made explicit\<close>
    6.22      note \<open>\<And>x. A x \<Longrightarrow> B x\<close>
    6.23 -      \<comment> "side exit for the resulting rule"
    6.24 +      \<comment> \<open>side exit for the resulting rule\<close>
    6.25    qed
    6.26  end
    6.27  
    6.28 @@ -722,10 +722,10 @@
    6.29  begin
    6.30    assume r\<^sub>1: "A \<Longrightarrow> B \<Longrightarrow> C"  \<comment> \<open>simple rule (Horn clause)\<close>
    6.31  
    6.32 -  have A \<proof>  \<comment> "prefix of facts via outer sub-proof"
    6.33 +  have A \<proof>  \<comment> \<open>prefix of facts via outer sub-proof\<close>
    6.34    then have C
    6.35    proof (rule r\<^sub>1)
    6.36 -    show B \<proof>  \<comment> "remaining rule premises via inner sub-proof"
    6.37 +    show B \<proof>  \<comment> \<open>remaining rule premises via inner sub-proof\<close>
    6.38    qed
    6.39  
    6.40    have C
     7.1 --- a/src/Doc/Logics_ZF/FOL_examples.thy	Tue Jan 16 09:12:16 2018 +0100
     7.2 +++ b/src/Doc/Logics_ZF/FOL_examples.thy	Tue Jan 16 09:30:00 2018 +0100
     7.3 @@ -3,22 +3,22 @@
     7.4  theory FOL_examples imports FOL begin
     7.5  
     7.6  lemma "EX y. ALL x. P(y)-->P(x)"
     7.7 -  \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
     7.8 +  \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
     7.9  apply (rule exCI)
    7.10 -  \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
    7.11 +  \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
    7.12  apply (rule allI)
    7.13 -  \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
    7.14 +  \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
    7.15  apply (rule impI)
    7.16 -  \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
    7.17 +  \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
    7.18  apply (erule allE)
    7.19 -  \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
    7.20 +  \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
    7.21  txt\<open>see below for @{text allI} combined with @{text swap}\<close>
    7.22  apply (erule allI [THEN [2] swap])
    7.23 -  \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
    7.24 +  \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
    7.25  apply (rule impI)
    7.26 -  \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
    7.27 +  \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
    7.28  apply (erule notE)
    7.29 -  \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
    7.30 +  \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
    7.31  apply assumption
    7.32  done
    7.33  
     8.1 --- a/src/Doc/Logics_ZF/IFOL_examples.thy	Tue Jan 16 09:12:16 2018 +0100
     8.2 +++ b/src/Doc/Logics_ZF/IFOL_examples.thy	Tue Jan 16 09:30:00 2018 +0100
     8.3 @@ -4,35 +4,35 @@
     8.4  
     8.5  text\<open>Quantifier example from the book Logic and Computation\<close>
     8.6  lemma "(EX y. ALL x. Q(x,y)) -->  (ALL x. EX y. Q(x,y))"
     8.7 -  \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
     8.8 +  \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
     8.9  apply (rule impI)
    8.10 -  \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
    8.11 +  \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
    8.12  apply (rule allI)
    8.13 -  \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
    8.14 +  \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
    8.15  apply (rule exI)
    8.16 -  \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
    8.17 +  \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
    8.18  apply (erule exE)
    8.19 -  \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
    8.20 +  \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
    8.21  apply (erule allE)
    8.22 -  \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
    8.23 +  \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
    8.24  txt\<open>Now @{text "apply assumption"} fails\<close>
    8.25  oops
    8.26  
    8.27  text\<open>Trying again, with the same first two steps\<close>
    8.28  lemma "(EX y. ALL x. Q(x,y)) -->  (ALL x. EX y. Q(x,y))"
    8.29 -  \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
    8.30 +  \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
    8.31  apply (rule impI)
    8.32 -  \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
    8.33 +  \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
    8.34  apply (rule allI)
    8.35 -  \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
    8.36 +  \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
    8.37  apply (erule exE)
    8.38 -  \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
    8.39 +  \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
    8.40  apply (rule exI)
    8.41 -  \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
    8.42 +  \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
    8.43  apply (erule allE)
    8.44 -  \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
    8.45 +  \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
    8.46  apply assumption
    8.47 -  \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
    8.48 +  \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
    8.49  done
    8.50  
    8.51  lemma "(EX y. ALL x. Q(x,y)) -->  (ALL x. EX y. Q(x,y))"
    8.52 @@ -40,17 +40,17 @@
    8.53  
    8.54  text\<open>Example of Dyckhoff's method\<close>
    8.55  lemma "~ ~ ((P-->Q) | (Q-->P))"
    8.56 -  \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
    8.57 +  \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
    8.58  apply (unfold not_def)
    8.59 -  \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
    8.60 +  \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
    8.61  apply (rule impI)
    8.62 -  \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
    8.63 +  \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
    8.64  apply (erule disj_impE)
    8.65 -  \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
    8.66 +  \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
    8.67  apply (erule imp_impE)
    8.68 -  \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
    8.69 +  \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
    8.70   apply (erule imp_impE)
    8.71 -  \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
    8.72 +  \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
    8.73  apply assumption 
    8.74  apply (erule FalseE)+
    8.75  done
     9.1 --- a/src/Doc/Logics_ZF/If.thy	Tue Jan 16 09:12:16 2018 +0100
     9.2 +++ b/src/Doc/Logics_ZF/If.thy	Tue Jan 16 09:30:00 2018 +0100
     9.3 @@ -12,32 +12,32 @@
     9.4  
     9.5  lemma ifI:
     9.6      "[| P ==> Q; ~P ==> R |] ==> if(P,Q,R)"
     9.7 -  \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
     9.8 +  \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
     9.9  apply (simp add: if_def)
    9.10 -  \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
    9.11 +  \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
    9.12  apply blast
    9.13  done
    9.14  
    9.15  lemma ifE:
    9.16     "[| if(P,Q,R);  [| P; Q |] ==> S; [| ~P; R |] ==> S |] ==> S"
    9.17 -  \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
    9.18 +  \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
    9.19  apply (simp add: if_def)
    9.20 -  \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
    9.21 +  \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
    9.22  apply blast
    9.23  done
    9.24  
    9.25  lemma if_commute: "if(P, if(Q,A,B), if(Q,C,D)) <-> if(Q, if(P,A,C), if(P,B,D))"
    9.26 -  \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
    9.27 +  \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
    9.28  apply (rule iffI)
    9.29 -  \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
    9.30 +  \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
    9.31  apply (erule ifE)
    9.32 -  \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
    9.33 +  \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
    9.34  apply (erule ifE)
    9.35 -  \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
    9.36 +  \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
    9.37  apply (rule ifI)
    9.38 -  \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
    9.39 +  \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
    9.40  apply (rule ifI)
    9.41 -  \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
    9.42 +  \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
    9.43  oops
    9.44  
    9.45  text\<open>Trying again from the beginning in order to use @{text blast}\<close>
    9.46 @@ -49,34 +49,34 @@
    9.47  
    9.48  
    9.49  lemma "if(if(P,Q,R), A, B) <-> if(P, if(Q,A,B), if(R,A,B))"
    9.50 -  \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
    9.51 +  \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
    9.52  by blast
    9.53  
    9.54  text\<open>Trying again from the beginning in order to prove from the definitions\<close>
    9.55  lemma "if(if(P,Q,R), A, B) <-> if(P, if(Q,A,B), if(R,A,B))"
    9.56 -  \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
    9.57 +  \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
    9.58  apply (simp add: if_def)
    9.59 -  \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
    9.60 +  \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
    9.61  apply blast
    9.62  done
    9.63  
    9.64  
    9.65  text\<open>An invalid formula.  High-level rules permit a simpler diagnosis\<close>
    9.66  lemma "if(if(P,Q,R), A, B) <-> if(P, if(Q,A,B), if(R,B,A))"
    9.67 -  \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
    9.68 +  \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
    9.69  apply auto
    9.70 -  \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
    9.71 +  \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
    9.72  (*The next step will fail unless subgoals remain*)
    9.73  apply (tactic all_tac)
    9.74  oops
    9.75  
    9.76  text\<open>Trying again from the beginning in order to prove from the definitions\<close>
    9.77  lemma "if(if(P,Q,R), A, B) <-> if(P, if(Q,A,B), if(R,B,A))"
    9.78 -  \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
    9.79 +  \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
    9.80  apply (simp add: if_def)
    9.81 -  \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
    9.82 +  \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
    9.83  apply (auto) 
    9.84 -  \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
    9.85 +  \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
    9.86  (*The next step will fail unless subgoals remain*)
    9.87  apply (tactic all_tac)
    9.88  oops
    10.1 --- a/src/Doc/Logics_ZF/ZF_examples.thy	Tue Jan 16 09:12:16 2018 +0100
    10.2 +++ b/src/Doc/Logics_ZF/ZF_examples.thy	Tue Jan 16 09:30:00 2018 +0100
    10.3 @@ -14,9 +14,9 @@
    10.4  
    10.5  text\<open>Induction via tactic emulation\<close>
    10.6  lemma Br_neq_left [rule_format]: "l \<in> bt(A) ==> \<forall>x r. Br(x, l, r) \<noteq> l"
    10.7 -  \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
    10.8 +  \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
    10.9    apply (induct_tac l)
   10.10 -  \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
   10.11 +  \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
   10.12    apply auto
   10.13    done
   10.14  
   10.15 @@ -27,18 +27,18 @@
   10.16  
   10.17  text\<open>The new induction method, which I don't understand\<close>
   10.18  lemma Br_neq_left': "l \<in> bt(A) ==> (!!x r. Br(x, l, r) \<noteq> l)"
   10.19 -  \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
   10.20 +  \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
   10.21    apply (induct set: bt)
   10.22 -  \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
   10.23 +  \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
   10.24    apply auto
   10.25    done
   10.26  
   10.27  lemma Br_iff: "Br(a,l,r) = Br(a',l',r') <-> a=a' & l=l' & r=r'"
   10.28 -  \<comment> "Proving a freeness theorem."
   10.29 +  \<comment> \<open>Proving a freeness theorem.\<close>
   10.30    by (blast elim!: bt.free_elims)
   10.31  
   10.32  inductive_cases Br_in_bt: "Br(a,l,r) \<in> bt(A)"
   10.33 -  \<comment> "An elimination rule, for type-checking."
   10.34 +  \<comment> \<open>An elimination rule, for type-checking.\<close>
   10.35  
   10.36  text \<open>
   10.37  @{thm[display] Br_in_bt[no_vars]}
   10.38 @@ -124,25 +124,25 @@
   10.39  done
   10.40  
   10.41  lemma "Pow(A Int B) = Pow(A) Int Pow(B)"
   10.42 -  \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
   10.43 +  \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
   10.44  apply (rule equalityI)
   10.45 -  \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
   10.46 +  \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
   10.47  apply (rule Int_greatest)
   10.48 -  \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
   10.49 +  \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
   10.50  apply (rule Int_lower1 [THEN Pow_mono])
   10.51 -  \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
   10.52 +  \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
   10.53  apply (rule Int_lower2 [THEN Pow_mono])
   10.54 -  \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
   10.55 +  \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
   10.56  apply (rule subsetI)
   10.57 -  \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
   10.58 +  \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
   10.59  apply (erule IntE)
   10.60 -  \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
   10.61 +  \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
   10.62  apply (rule PowI)
   10.63 -  \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
   10.64 +  \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
   10.65  apply (drule PowD)+
   10.66 -  \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
   10.67 +  \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
   10.68  apply (rule Int_greatest)
   10.69 -  \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
   10.70 +  \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
   10.71  apply (assumption+)
   10.72  done
   10.73  
   10.74 @@ -152,50 +152,50 @@
   10.75  
   10.76  
   10.77  lemma "C\<subseteq>D ==> Union(C) \<subseteq> Union(D)"
   10.78 -  \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
   10.79 +  \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
   10.80  apply (rule subsetI)
   10.81 -  \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
   10.82 +  \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
   10.83  apply (erule UnionE)
   10.84 -  \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
   10.85 +  \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
   10.86  apply (rule UnionI)
   10.87 -  \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
   10.88 +  \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
   10.89  apply (erule subsetD)
   10.90 -  \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
   10.91 +  \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
   10.92  apply assumption 
   10.93 -  \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
   10.94 +  \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
   10.95  apply assumption 
   10.96  done
   10.97  
   10.98  text\<open>A more abstract version of the same proof\<close>
   10.99  
  10.100  lemma "C\<subseteq>D ==> Union(C) \<subseteq> Union(D)"
  10.101 -  \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
  10.102 +  \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
  10.103  apply (rule Union_least)
  10.104 -  \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
  10.105 +  \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
  10.106  apply (rule Union_upper)
  10.107 -  \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
  10.108 +  \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
  10.109  apply (erule subsetD, assumption)
  10.110  done
  10.111  
  10.112  
  10.113  lemma "[| a \<in> A;  f \<in> A->B;  g \<in> C->D;  A \<inter> C = 0 |] ==> (f \<union> g)`a = f`a"
  10.114 -  \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
  10.115 +  \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
  10.116  apply (rule apply_equality)
  10.117 -  \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
  10.118 +  \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
  10.119  apply (rule UnI1)
  10.120 -  \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
  10.121 +  \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
  10.122  apply (rule apply_Pair)
  10.123 -  \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
  10.124 +  \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
  10.125  apply assumption 
  10.126 -  \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
  10.127 +  \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
  10.128  apply assumption 
  10.129 -  \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
  10.130 +  \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
  10.131  apply (rule fun_disjoint_Un)
  10.132 -  \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
  10.133 +  \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
  10.134  apply assumption 
  10.135 -  \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
  10.136 +  \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
  10.137  apply assumption 
  10.138 -  \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
  10.139 +  \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
  10.140  apply assumption 
  10.141  done
  10.142  
    11.1 --- a/src/Doc/Prog_Prove/Isar.thy	Tue Jan 16 09:12:16 2018 +0100
    11.2 +++ b/src/Doc/Prog_Prove/Isar.thy	Tue Jan 16 09:30:00 2018 +0100
    11.3 @@ -1153,10 +1153,10 @@
    11.4  proof(induction "Suc m" arbitrary: m rule: ev.induct)
    11.5    fix n assume IH: "\<And>m. n = Suc m \<Longrightarrow> \<not> ev m"
    11.6    show "\<not> ev (Suc n)"
    11.7 -  proof \<comment>"contradiction"
    11.8 +  proof \<comment> \<open>contradiction\<close>
    11.9      assume "ev(Suc n)"
   11.10      thus False
   11.11 -    proof cases \<comment>"rule inversion"
   11.12 +    proof cases \<comment> \<open>rule inversion\<close>
   11.13        fix k assume "n = Suc k" "ev k"
   11.14        thus False using IH by auto
   11.15      qed
    12.1 --- a/src/Doc/Sugar/Sugar.thy	Tue Jan 16 09:12:16 2018 +0100
    12.2 +++ b/src/Doc/Sugar/Sugar.thy	Tue Jan 16 09:30:00 2018 +0100
    12.3 @@ -455,7 +455,7 @@
    12.4  \<close>
    12.5  lemma True
    12.6  proof -
    12.7 -  \<comment> "pretty trivial"
    12.8 +  \<comment> \<open>pretty trivial\<close>
    12.9    show True by force
   12.10  qed
   12.11  text_raw \<open>
    13.1 --- a/src/Doc/Tutorial/Documents/Documents.thy	Tue Jan 16 09:12:16 2018 +0100
    13.2 +++ b/src/Doc/Tutorial/Documents/Documents.thy	Tue Jan 16 09:30:00 2018 +0100
    13.3 @@ -484,9 +484,9 @@
    13.4  \<close>
    13.5  
    13.6  lemma "A --> A"
    13.7 -  \<comment> "a triviality of propositional logic"
    13.8 -  \<comment> "(should not really bother)"
    13.9 -  by (rule impI) \<comment> "implicit assumption step involved here"
   13.10 +  \<comment> \<open>a triviality of propositional logic\<close>
   13.11 +  \<comment> \<open>(should not really bother)\<close>
   13.12 +  by (rule impI) \<comment> \<open>implicit assumption step involved here\<close>
   13.13  
   13.14  text \<open>
   13.15    \noindent The above output has been produced as follows:
    14.1 --- a/src/Doc/Tutorial/Protocol/Event.thy	Tue Jan 16 09:12:16 2018 +0100
    14.2 +++ b/src/Doc/Tutorial/Protocol/Event.thy	Tue Jan 16 09:30:00 2018 +0100
    14.3 @@ -73,7 +73,7 @@
    14.4                          Says A B X => parts {X} \<union> used evs
    14.5                        | Gets A X   => used evs
    14.6                        | Notes A X  => parts {X} \<union> used evs)"
    14.7 -    \<comment>\<open>The case for @{term Gets} seems anomalous, but @{term Gets} always
    14.8 +    \<comment> \<open>The case for @{term Gets} seems anomalous, but @{term Gets} always
    14.9          follows @{term Says} in real protocols.  Seems difficult to change.
   14.10          See @{text Gets_correct} in theory @{text "Guard/Extensions.thy"}.\<close>
   14.11  
    15.1 --- a/src/Doc/Tutorial/Protocol/Message.thy	Tue Jan 16 09:12:16 2018 +0100
    15.2 +++ b/src/Doc/Tutorial/Protocol/Message.thy	Tue Jan 16 09:30:00 2018 +0100
    15.3 @@ -35,7 +35,7 @@
    15.4  type_synonym key = nat
    15.5  consts invKey :: "key \<Rightarrow> key"
    15.6  (*<*)
    15.7 -consts all_symmetric :: bool        \<comment>\<open>true if all keys are symmetric\<close>
    15.8 +consts all_symmetric :: bool        \<comment> \<open>true if all keys are symmetric\<close>
    15.9  
   15.10  specification (invKey)
   15.11    invKey [simp]: "invKey (invKey K) = K"
   15.12 @@ -88,7 +88,7 @@
   15.13  
   15.14  
   15.15  definition keysFor :: "msg set => key set" where
   15.16 -    \<comment>\<open>Keys useful to decrypt elements of a message set\<close>
   15.17 +    \<comment> \<open>Keys useful to decrypt elements of a message set\<close>
   15.18    "keysFor H == invKey ` {K. \<exists>X. Crypt K X \<in> H}"
   15.19  
   15.20  
    16.1 --- a/src/Doc/Tutorial/Rules/Basic.thy	Tue Jan 16 09:12:16 2018 +0100
    16.2 +++ b/src/Doc/Tutorial/Rules/Basic.thy	Tue Jan 16 09:30:00 2018 +0100
    16.3 @@ -90,11 +90,11 @@
    16.4  
    16.5  lemma "\<lbrakk>x = f x; triple (f x) (f x) x\<rbrakk> \<Longrightarrow> triple x x x"
    16.6  apply (erule ssubst) 
    16.7 -  \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
    16.8 -back \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
    16.9 -back \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
   16.10 -back \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
   16.11 -back \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
   16.12 +  \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
   16.13 +back \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
   16.14 +back \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
   16.15 +back \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
   16.16 +back \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
   16.17  apply assumption
   16.18  done
   16.19  
   16.20 @@ -148,9 +148,9 @@
   16.21  
   16.22  lemma "\<lbrakk>\<not>(P\<longrightarrow>Q); \<not>(R\<longrightarrow>Q)\<rbrakk> \<Longrightarrow> R"
   16.23  apply (erule_tac Q="R\<longrightarrow>Q" in contrapos_np)
   16.24 -        \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
   16.25 +        \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
   16.26  apply (intro impI)
   16.27 -        \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
   16.28 +        \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
   16.29  by (erule notE)
   16.30  
   16.31  text \<open>
   16.32 @@ -160,11 +160,11 @@
   16.33  
   16.34  lemma "(P \<or> Q) \<and> R \<Longrightarrow> P \<or> Q \<and> R"
   16.35  apply (intro disjCI conjI)
   16.36 -        \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
   16.37 +        \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
   16.38  
   16.39  apply (elim conjE disjE)
   16.40   apply assumption
   16.41 -        \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
   16.42 +        \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
   16.43  
   16.44  by (erule contrapos_np, rule conjI)
   16.45  text\<open>
   16.46 @@ -240,18 +240,18 @@
   16.47  text\<open>rename_tac\<close>
   16.48  lemma "x < y \<Longrightarrow> \<forall>x y. P x (f y)"
   16.49  apply (intro allI)
   16.50 -        \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
   16.51 +        \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
   16.52  apply (rename_tac v w)
   16.53 -        \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
   16.54 +        \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
   16.55  oops
   16.56  
   16.57  
   16.58  lemma "\<lbrakk>\<forall>x. P x \<longrightarrow> P (h x); P a\<rbrakk> \<Longrightarrow> P(h (h a))"
   16.59  apply (frule spec)
   16.60 -        \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
   16.61 +        \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
   16.62  apply (drule mp, assumption)
   16.63  apply (drule spec)
   16.64 -        \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
   16.65 +        \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
   16.66  by (drule mp)
   16.67  
   16.68  lemma "\<lbrakk>\<forall>x. P x \<longrightarrow> P (f x); P a\<rbrakk> \<Longrightarrow> P(f (f a))"
   16.69 @@ -275,11 +275,11 @@
   16.70  
   16.71  lemma "\<lbrakk>\<forall>x. P x \<longrightarrow> P (h x); P a\<rbrakk> \<Longrightarrow> P(h (h a))"
   16.72  apply (frule spec)
   16.73 -        \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
   16.74 +        \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
   16.75  apply (drule mp, assumption)
   16.76 -        \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
   16.77 +        \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
   16.78  apply (drule_tac x = "h a" in spec)
   16.79 -        \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
   16.80 +        \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
   16.81  by (drule mp)
   16.82  
   16.83  text \<open>
   16.84 @@ -289,15 +289,15 @@
   16.85  
   16.86  lemma mult_dvd_mono: "\<lbrakk>i dvd m; j dvd n\<rbrakk> \<Longrightarrow> i*j dvd (m*n :: nat)"
   16.87  apply (simp add: dvd_def)
   16.88 -        \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
   16.89 +        \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
   16.90  apply (erule exE) 
   16.91 -        \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
   16.92 +        \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
   16.93  apply (erule exE) 
   16.94 -        \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
   16.95 +        \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
   16.96  apply (rename_tac l)
   16.97 -        \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
   16.98 +        \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
   16.99  apply (rule_tac x="k*l" in exI) 
  16.100 -        \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
  16.101 +        \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
  16.102  apply simp
  16.103  done
  16.104  
  16.105 @@ -433,11 +433,11 @@
  16.106  
  16.107  lemma "\<forall>y. R y y \<Longrightarrow> \<exists>x. \<forall>y. R x y"
  16.108  apply (rule exI) 
  16.109 -  \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
  16.110 +  \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
  16.111  apply (rule allI) 
  16.112 -  \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
  16.113 +  \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
  16.114  apply (drule spec) 
  16.115 -  \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
  16.116 +  \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
  16.117  oops
  16.118  
  16.119  lemma "\<forall>x. \<exists>y. x=y"
    17.1 --- a/src/Doc/Tutorial/Rules/TPrimes.thy	Tue Jan 16 09:12:16 2018 +0100
    17.2 +++ b/src/Doc/Tutorial/Rules/TPrimes.thy	Tue Jan 16 09:30:00 2018 +0100
    17.3 @@ -29,13 +29,13 @@
    17.4  (*gcd(m,n) divides m and n.  The conjunctions don't seem provable separately*)
    17.5  lemma gcd_dvd_both: "(gcd m n dvd m) \<and> (gcd m n dvd n)"
    17.6  apply (induct_tac m n rule: gcd.induct)
    17.7 -  \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
    17.8 +  \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
    17.9  apply (case_tac "n=0")
   17.10  txt\<open>subgoals after the case tac
   17.11  @{subgoals[display,indent=0,margin=65]}
   17.12  \<close>
   17.13  apply (simp_all) 
   17.14 -  \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
   17.15 +  \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
   17.16  by (blast dest: dvd_mod_imp_dvd)
   17.17  
   17.18  
    18.1 --- a/src/Doc/Tutorial/Rules/Tacticals.thy	Tue Jan 16 09:12:16 2018 +0100
    18.2 +++ b/src/Doc/Tutorial/Rules/Tacticals.thy	Tue Jan 16 09:30:00 2018 +0100
    18.3 @@ -22,18 +22,18 @@
    18.4  text\<open>defer and prefer\<close>
    18.5  
    18.6  lemma "hard \<and> (P \<or> ~P) \<and> (Q\<longrightarrow>Q)"
    18.7 -apply (intro conjI)   \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
    18.8 -defer 1   \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
    18.9 -apply blast+   \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
   18.10 +apply (intro conjI)   \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
   18.11 +defer 1   \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
   18.12 +apply blast+   \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
   18.13  oops
   18.14  
   18.15  lemma "ok1 \<and> ok2 \<and> doubtful"
   18.16 -apply (intro conjI)   \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
   18.17 -prefer 3   \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
   18.18 +apply (intro conjI)   \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
   18.19 +prefer 3   \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
   18.20  oops
   18.21  
   18.22  lemma "bigsubgoal1 \<and> bigsubgoal2 \<and> bigsubgoal3 \<and> bigsubgoal4 \<and> bigsubgoal5 \<and> bigsubgoal6"
   18.23 -apply (intro conjI)   \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
   18.24 +apply (intro conjI)   \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
   18.25  txt\<open>@{subgoals[display,indent=0,margin=65]} 
   18.26  A total of 6 subgoals...
   18.27  \<close>
    19.1 --- a/src/Doc/Tutorial/Types/Numbers.thy	Tue Jan 16 09:12:16 2018 +0100
    19.2 +++ b/src/Doc/Tutorial/Types/Numbers.thy	Tue Jan 16 09:30:00 2018 +0100
    19.3 @@ -71,14 +71,14 @@
    19.4  
    19.5  lemma "(n - 1) * (n + 1) = n * n - (1::nat)"
    19.6  apply (clarsimp split: nat_diff_split iff del: less_Suc0)
    19.7 - \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
    19.8 + \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
    19.9  apply (subgoal_tac "n=0", force, arith)
   19.10  done
   19.11  
   19.12  
   19.13  lemma "(n - 2) * (n + 2) = n * n - (4::nat)"
   19.14  apply (simp split: nat_diff_split, clarify)
   19.15 - \<comment>\<open>@{subgoals[display,indent=0,margin=65]}\<close>
   19.16 + \<comment> \<open>@{subgoals[display,indent=0,margin=65]}\<close>
   19.17  apply (subgoal_tac "n=0 | n=1", force, arith)
   19.18  done
   19.19  
    20.1 --- a/src/FOL/ex/Intuitionistic.thy	Tue Jan 16 09:12:16 2018 +0100
    20.2 +++ b/src/FOL/ex/Intuitionistic.thy	Tue Jan 16 09:30:00 2018 +0100
    20.3 @@ -82,12 +82,12 @@
    20.4    The attempt to prove them terminates quickly!\<close>
    20.5  lemma "((P \<longrightarrow> Q) \<longrightarrow> P) \<longrightarrow> P"
    20.6  apply (tactic \<open>IntPr.fast_tac @{context} 1\<close>)?
    20.7 -apply (rule asm_rl) \<comment>\<open>Checks that subgoals remain: proof failed.\<close>
    20.8 +apply (rule asm_rl) \<comment> \<open>Checks that subgoals remain: proof failed.\<close>
    20.9  oops
   20.10  
   20.11  lemma "(P \<and> Q \<longrightarrow> R) \<longrightarrow> (P \<longrightarrow> R) \<or> (Q \<longrightarrow> R)"
   20.12  apply (tactic \<open>IntPr.fast_tac @{context} 1\<close>)?
   20.13 -apply (rule asm_rl) \<comment>\<open>Checks that subgoals remain: proof failed.\<close>
   20.14 +apply (rule asm_rl) \<comment> \<open>Checks that subgoals remain: proof failed.\<close>
   20.15  oops
   20.16  
   20.17  
   20.18 @@ -121,7 +121,7 @@
   20.19  lemma
   20.20    "(\<forall>x. \<exists>y. \<forall>z. p(x) \<and> q(y) \<and> r(z)) \<longleftrightarrow>
   20.21      (\<forall>z. \<exists>y. \<forall>x. p(x) \<and> q(y) \<and> r(z))"
   20.22 -  by (tactic \<open>IntPr.best_dup_tac @{context} 1\<close>)  \<comment>\<open>SLOW\<close>
   20.23 +  by (tactic \<open>IntPr.best_dup_tac @{context} 1\<close>)  \<comment> \<open>SLOW\<close>
   20.24  
   20.25  text\<open>Problem 3.1\<close>
   20.26  lemma "\<not> (\<exists>x. \<forall>y. mem(y,x) \<longleftrightarrow> \<not> mem(x,x))"
   20.27 @@ -239,28 +239,28 @@
   20.28  
   20.29  lemma "((\<forall>x. P(x)) \<longrightarrow> Q) \<longrightarrow> (\<exists>x. P(x) \<longrightarrow> Q)"
   20.30    apply (tactic \<open>IntPr.fast_tac @{context} 1\<close>)?
   20.31 -  apply (rule asm_rl) \<comment>\<open>Checks that subgoals remain: proof failed.\<close>
   20.32 +  apply (rule asm_rl) \<comment> \<open>Checks that subgoals remain: proof failed.\<close>
   20.33    oops
   20.34  
   20.35  lemma "(P \<longrightarrow> (\<exists>x. Q(x))) \<longrightarrow> (\<exists>x. P \<longrightarrow> Q(x))"
   20.36    apply (tactic \<open>IntPr.fast_tac @{context} 1\<close>)?
   20.37 -  apply (rule asm_rl) \<comment>\<open>Checks that subgoals remain: proof failed.\<close>
   20.38 +  apply (rule asm_rl) \<comment> \<open>Checks that subgoals remain: proof failed.\<close>
   20.39    oops
   20.40  
   20.41  lemma "(\<forall>x. P(x) \<or> Q) \<longrightarrow> ((\<forall>x. P(x)) \<or> Q)"
   20.42    apply (tactic \<open>IntPr.fast_tac @{context} 1\<close>)?
   20.43 -  apply (rule asm_rl) \<comment>\<open>Checks that subgoals remain: proof failed.\<close>
   20.44 +  apply (rule asm_rl) \<comment> \<open>Checks that subgoals remain: proof failed.\<close>
   20.45    oops
   20.46  
   20.47  lemma "(\<forall>x. \<not> \<not> P(x)) \<longrightarrow> \<not> \<not> (\<forall>x. P(x))"
   20.48    apply (tactic \<open>IntPr.fast_tac @{context} 1\<close>)?
   20.49 -  apply (rule asm_rl) \<comment>\<open>Checks that subgoals remain: proof failed.\<close>
   20.50 +  apply (rule asm_rl) \<comment> \<open>Checks that subgoals remain: proof failed.\<close>
   20.51    oops
   20.52  
   20.53  text \<open>Classically but not intuitionistically valid.  Proved by a bug in 1986!\<close>
   20.54  lemma "\<exists>x. Q(x) \<longrightarrow> (\<forall>x. Q(x))"
   20.55    apply (tactic \<open>IntPr.fast_tac @{context} 1\<close>)?
   20.56 -  apply (rule asm_rl) \<comment>\<open>Checks that subgoals remain: proof failed.\<close>
   20.57 +  apply (rule asm_rl) \<comment> \<open>Checks that subgoals remain: proof failed.\<close>
   20.58    oops
   20.59  
   20.60  
   20.61 @@ -326,7 +326,7 @@
   20.62    "(\<not> \<not> (\<exists>x. p(x)) \<longleftrightarrow> \<not> \<not> (\<exists>x. q(x))) \<and>
   20.63      (\<forall>x. \<forall>y. p(x) \<and> q(y) \<longrightarrow> (r(x) \<longleftrightarrow> s(y)))
   20.64    \<longrightarrow> ((\<forall>x. p(x) \<longrightarrow> r(x)) \<longleftrightarrow> (\<forall>x. q(x) \<longrightarrow> s(x)))"
   20.65 -  oops  \<comment>\<open>NOT PROVED\<close>
   20.66 +  oops  \<comment> \<open>NOT PROVED\<close>
   20.67  
   20.68  text\<open>27\<close>
   20.69  lemma
   20.70 @@ -398,7 +398,7 @@
   20.71          (\<forall>x z. \<not> P(x,z) \<longrightarrow> (\<exists>y. Q(y,z))) \<and>
   20.72          (\<not> \<not> (\<exists>x y. Q(x,y)) \<longrightarrow> (\<forall>x. R(x,x)))
   20.73      \<longrightarrow> \<not> \<not> (\<forall>x. \<exists>y. R(x,y))"
   20.74 -  oops  \<comment>\<open>NOT PROVED\<close>
   20.75 +  oops  \<comment> \<open>NOT PROVED\<close>
   20.76  
   20.77  text\<open>39\<close>
   20.78  lemma "\<not> (\<exists>x. \<forall>y. F(y,x) \<longleftrightarrow> \<not> F(y,y))"
    21.1 --- a/src/FOL/ex/Locale_Test/Locale_Test1.thy	Tue Jan 16 09:12:16 2018 +0100
    21.2 +++ b/src/FOL/ex/Locale_Test/Locale_Test1.thy	Tue Jan 16 09:30:00 2018 +0100
    21.3 @@ -731,12 +731,12 @@
    21.4  proof -
    21.5    show "dgrp(prod)" by unfold_locales
    21.6    from this interpret d: dgrp .
    21.7 -  \<comment> Unit
    21.8 +  \<comment> \<open>Unit\<close>
    21.9    have "dgrp.one(prod) = glob_one(prod)" by (rule d.one_def)
   21.10    also have "... = glob_one(prod) ** one" by (simp add: rone)
   21.11    also have "... = one" by (simp add: glob_lone)
   21.12    finally show "dgrp.one(prod) = one" .
   21.13 -  \<comment> Inverse
   21.14 +  \<comment> \<open>Inverse\<close>
   21.15    then have "dgrp.inv(prod, x) ** x = inv(x) ** x" by (simp add: glob_linv d.linv linv)
   21.16    then show "dgrp.inv(prod, x) = inv(x)" by (simp add: rcancel)
   21.17  qed
    22.1 --- a/src/FOLP/ex/Intuitionistic.thy	Tue Jan 16 09:12:16 2018 +0100
    22.2 +++ b/src/FOLP/ex/Intuitionistic.thy	Tue Jan 16 09:30:00 2018 +0100
    22.3 @@ -138,7 +138,7 @@
    22.4  
    22.5  text "Problem ~~17"
    22.6  schematic_goal "?p : ~~(((P & (Q-->R))-->S) <-> ((~P | Q | S) & (~P | ~R | S)))"
    22.7 -  by (tactic \<open>IntPr.fast_tac @{context} 1\<close>)  \<comment> slow
    22.8 +  by (tactic \<open>IntPr.fast_tac @{context} 1\<close>)  \<comment> \<open>slow\<close>
    22.9  
   22.10  
   22.11  subsection \<open>Examples with quantifiers\<close>
   22.12 @@ -261,7 +261,7 @@
   22.13          (ALL x. S(x) & R(x) --> L(x)) &  
   22.14          (ALL x. M(x) --> R(x))   
   22.15      --> (ALL x. P(x) & M(x) --> L(x))"
   22.16 -  by (tactic "IntPr.best_tac @{context} 1") \<comment> slow
   22.17 +  by (tactic "IntPr.best_tac @{context} 1") \<comment> \<open>slow\<close>
   22.18  
   22.19  text "Problem 39"
   22.20  schematic_goal "?p : ~ (EX x. ALL y. F(y,x) <-> ~F(y,y))"
   22.21 @@ -270,7 +270,7 @@
   22.22  text "Problem 40.  AMENDED"
   22.23  schematic_goal "?p : (EX y. ALL x. F(x,y) <-> F(x,x)) -->   
   22.24                ~(ALL x. EX y. ALL z. F(z,y) <-> ~ F(z,x))"
   22.25 -  by (tactic "IntPr.best_tac @{context} 1") \<comment> slow
   22.26 +  by (tactic "IntPr.best_tac @{context} 1") \<comment> \<open>slow\<close>
   22.27  
   22.28  text "Problem 44"
   22.29  schematic_goal "?p : (ALL x. f(x) -->                                    
    23.1 --- a/src/HOL/Algebra/AbelCoset.thy	Tue Jan 16 09:12:16 2018 +0100
    23.2 +++ b/src/HOL/Algebra/AbelCoset.thy	Tue Jan 16 09:30:00 2018 +0100
    23.3 @@ -41,12 +41,12 @@
    23.4  
    23.5  definition
    23.6    A_FactGroup :: "[('a,'b) ring_scheme, 'a set] \<Rightarrow> ('a set) monoid" (infixl "A'_Mod" 65)
    23.7 -    \<comment>\<open>Actually defined for groups rather than monoids\<close>
    23.8 +    \<comment> \<open>Actually defined for groups rather than monoids\<close>
    23.9    where "A_FactGroup G H = FactGroup \<lparr>carrier = carrier G, mult = add G, one = zero G\<rparr> H"
   23.10  
   23.11  definition
   23.12    a_kernel :: "('a, 'm) ring_scheme \<Rightarrow> ('b, 'n) ring_scheme \<Rightarrow>  ('a \<Rightarrow> 'b) \<Rightarrow> 'a set"
   23.13 -    \<comment>\<open>the kernel of a homomorphism (additive)\<close>
   23.14 +    \<comment> \<open>the kernel of a homomorphism (additive)\<close>
   23.15    where "a_kernel G H h =
   23.16      kernel \<lparr>carrier = carrier G, mult = add G, one = zero G\<rparr>
   23.17        \<lparr>carrier = carrier H, mult = add H, one = zero H\<rparr> h"
   23.18 @@ -687,7 +687,7 @@
   23.19  by (rule subgroup.rcos_module [OF a_subgroup a_group,
   23.20      folded a_r_coset_def a_inv_def, simplified monoid_record_simps])
   23.21  
   23.22 -\<comment>"variant"
   23.23 +\<comment> \<open>variant\<close>
   23.24  lemma (in abelian_subgroup) a_rcos_module_minus:
   23.25    assumes "ring G"
   23.26    assumes carr: "x \<in> carrier G" "x' \<in> carrier G"
    24.1 --- a/src/HOL/Algebra/Bij.thy	Tue Jan 16 09:12:16 2018 +0100
    24.2 +++ b/src/HOL/Algebra/Bij.thy	Tue Jan 16 09:30:00 2018 +0100
    24.3 @@ -10,7 +10,7 @@
    24.4  
    24.5  definition
    24.6    Bij :: "'a set \<Rightarrow> ('a \<Rightarrow> 'a) set"
    24.7 -    \<comment>\<open>Only extensional functions, since otherwise we get too many.\<close>
    24.8 +    \<comment> \<open>Only extensional functions, since otherwise we get too many.\<close>
    24.9     where "Bij S = extensional S \<inter> {f. bij_betw f S S}"
   24.10  
   24.11  definition
    25.1 --- a/src/HOL/Algebra/Coset.thy	Tue Jan 16 09:12:16 2018 +0100
    25.2 +++ b/src/HOL/Algebra/Coset.thy	Tue Jan 16 09:30:00 2018 +0100
    25.3 @@ -85,7 +85,7 @@
    25.4  
    25.5  lemma (in group) coset_join2:
    25.6       "\<lbrakk>x \<in> carrier G;  subgroup H G;  x\<in>H\<rbrakk> \<Longrightarrow> H #> x = H"
    25.7 -  \<comment>\<open>Alternative proof is to put @{term "x=\<one>"} in \<open>repr_independence\<close>.\<close>
    25.8 +  \<comment> \<open>Alternative proof is to put @{term "x=\<one>"} in \<open>repr_independence\<close>.\<close>
    25.9  by (force simp add: subgroup.m_closed r_coset_def solve_equation)
   25.10  
   25.11  lemma (in monoid) r_coset_subset_G:
   25.12 @@ -831,7 +831,7 @@
   25.13  
   25.14  definition
   25.15    FactGroup :: "[('a,'b) monoid_scheme, 'a set] \<Rightarrow> ('a set) monoid" (infixl "Mod" 65)
   25.16 -    \<comment>\<open>Actually defined for groups rather than monoids\<close>
   25.17 +    \<comment> \<open>Actually defined for groups rather than monoids\<close>
   25.18     where "FactGroup G H = \<lparr>carrier = rcosets\<^bsub>G\<^esub> H, mult = set_mult G, one = H\<rparr>"
   25.19  
   25.20  lemma (in normal) setmult_closed:
   25.21 @@ -897,7 +897,7 @@
   25.22  
   25.23  definition
   25.24    kernel :: "('a, 'm) monoid_scheme \<Rightarrow> ('b, 'n) monoid_scheme \<Rightarrow>  ('a \<Rightarrow> 'b) \<Rightarrow> 'a set"
   25.25 -    \<comment>\<open>the kernel of a homomorphism\<close>
   25.26 +    \<comment> \<open>the kernel of a homomorphism\<close>
   25.27    where "kernel G H h = {x. x \<in> carrier G \<and> h x = \<one>\<^bsub>H\<^esub>}"
   25.28  
   25.29  lemma (in group_hom) subgroup_kernel: "subgroup (kernel G H h) G"
    26.1 --- a/src/HOL/Algebra/Divisibility.thy	Tue Jan 16 09:12:16 2018 +0100
    26.2 +++ b/src/HOL/Algebra/Divisibility.thy	Tue Jan 16 09:30:00 2018 +0100
    26.3 @@ -2106,7 +2106,7 @@
    26.4  qed
    26.5  
    26.6  
    26.7 -\<comment>"A version using @{const factors}, more complicated"
    26.8 +\<comment> \<open>A version using @{const factors}, more complicated\<close>
    26.9  lemma (in factorial_monoid) factors_irreducible_prime:
   26.10    assumes pirr: "irreducible G p"
   26.11      and pcarr: "p \<in> carrier G"
    27.1 --- a/src/HOL/Algebra/Group.thy	Tue Jan 16 09:12:16 2018 +0100
    27.2 +++ b/src/HOL/Algebra/Group.thy	Tue Jan 16 09:30:00 2018 +0100
    27.3 @@ -26,7 +26,7 @@
    27.4  
    27.5  definition
    27.6    Units :: "_ => 'a set"
    27.7 -  \<comment>\<open>The set of invertible elements\<close>
    27.8 +  \<comment> \<open>The set of invertible elements\<close>
    27.9    where "Units G = {y. y \<in> carrier G \<and> (\<exists>x \<in> carrier G. x \<otimes>\<^bsub>G\<^esub> y = \<one>\<^bsub>G\<^esub> \<and> y \<otimes>\<^bsub>G\<^esub> x = \<one>\<^bsub>G\<^esub>)}"
   27.10  
   27.11  consts
   27.12 @@ -98,7 +98,7 @@
   27.13    moreover from x y xinv yinv have "x \<otimes> (y \<otimes> y') \<otimes> x' = \<one>" by simp
   27.14    moreover note x y
   27.15    ultimately show ?thesis unfolding Units_def
   27.16 -    \<comment> "Must avoid premature use of \<open>hyp_subst_tac\<close>."
   27.17 +    \<comment> \<open>Must avoid premature use of \<open>hyp_subst_tac\<close>.\<close>
   27.18      apply (rule_tac CollectI)
   27.19      apply (rule)
   27.20      apply (fast)
    28.1 --- a/src/HOL/Algebra/Ideal.thy	Tue Jan 16 09:12:16 2018 +0100
    28.2 +++ b/src/HOL/Algebra/Ideal.thy	Tue Jan 16 09:30:00 2018 +0100
    28.3 @@ -828,7 +828,7 @@
    28.4  
    28.5  subsection \<open>Derived Theorems\<close>
    28.6  
    28.7 -\<comment>"A non-zero cring that has only the two trivial ideals is a field"
    28.8 +\<comment> \<open>A non-zero cring that has only the two trivial ideals is a field\<close>
    28.9  lemma (in cring) trivialideals_fieldI:
   28.10    assumes carrnzero: "carrier R \<noteq> {\<zero>}"
   28.11      and haveideals: "{I. ideal I R} = {{\<zero>}, carrier R}"
   28.12 @@ -921,7 +921,7 @@
   28.13    qed
   28.14  qed (simp add: zeroideal oneideal)
   28.15  
   28.16 -\<comment>"Jacobson Theorem 2.2"
   28.17 +\<comment> \<open>Jacobson Theorem 2.2\<close>
   28.18  lemma (in cring) trivialideals_eq_field:
   28.19    assumes carrnzero: "carrier R \<noteq> {\<zero>}"
   28.20    shows "({I. ideal I R} = {{\<zero>}, carrier R}) = field R"
    29.1 --- a/src/HOL/Algebra/IntRing.thy	Tue Jan 16 09:12:16 2018 +0100
    29.2 +++ b/src/HOL/Algebra/IntRing.thy	Tue Jan 16 09:30:00 2018 +0100
    29.3 @@ -59,14 +59,14 @@
    29.4      and "one \<Z> = 1"
    29.5      and "pow \<Z> x n = x^n"
    29.6  proof -
    29.7 -  \<comment> "Specification"
    29.8 +  \<comment> \<open>Specification\<close>
    29.9    show "monoid \<Z>" by standard auto
   29.10    then interpret int: monoid \<Z> .
   29.11  
   29.12 -  \<comment> "Carrier"
   29.13 +  \<comment> \<open>Carrier\<close>
   29.14    show "carrier \<Z> = UNIV" by simp
   29.15  
   29.16 -  \<comment> "Operations"
   29.17 +  \<comment> \<open>Operations\<close>
   29.18    { fix x y show "mult \<Z> x y = x * y" by simp }
   29.19    show "one \<Z> = 1" by simp
   29.20    show "pow \<Z> x n = x^n" by (induct n) simp_all
   29.21 @@ -75,11 +75,11 @@
   29.22  interpretation int: comm_monoid \<Z>
   29.23    rewrites "finprod \<Z> f A = prod f A"
   29.24  proof -
   29.25 -  \<comment> "Specification"
   29.26 +  \<comment> \<open>Specification\<close>
   29.27    show "comm_monoid \<Z>" by standard auto
   29.28    then interpret int: comm_monoid \<Z> .
   29.29  
   29.30 -  \<comment> "Operations"
   29.31 +  \<comment> \<open>Operations\<close>
   29.32    { fix x y have "mult \<Z> x y = x * y" by simp }
   29.33    note mult = this
   29.34    have one: "one \<Z> = 1" by simp
   29.35 @@ -93,14 +93,14 @@
   29.36      and int_add_eq: "add \<Z> x y = x + y"
   29.37      and int_finsum_eq: "finsum \<Z> f A = sum f A"
   29.38  proof -
   29.39 -  \<comment> "Specification"
   29.40 +  \<comment> \<open>Specification\<close>
   29.41    show "abelian_monoid \<Z>" by standard auto
   29.42    then interpret int: abelian_monoid \<Z> .
   29.43  
   29.44 -  \<comment> "Carrier"
   29.45 +  \<comment> \<open>Carrier\<close>
   29.46    show "carrier \<Z> = UNIV" by simp
   29.47  
   29.48 -  \<comment> "Operations"
   29.49 +  \<comment> \<open>Operations\<close>
   29.50    { fix x y show "add \<Z> x y = x + y" by simp }
   29.51    note add = this
   29.52    show zero: "zero \<Z> = 0"
   29.53 @@ -121,7 +121,7 @@
   29.54      and int_a_inv_eq: "a_inv \<Z> x = - x"
   29.55      and int_a_minus_eq: "a_minus \<Z> x y = x - y"
   29.56  proof -
   29.57 -  \<comment> "Specification"
   29.58 +  \<comment> \<open>Specification\<close>
   29.59    show "abelian_group \<Z>"
   29.60    proof (rule abelian_groupI)
   29.61      fix x
   29.62 @@ -130,7 +130,7 @@
   29.63        by simp arith
   29.64    qed auto
   29.65    then interpret int: abelian_group \<Z> .
   29.66 -  \<comment> "Operations"
   29.67 +  \<comment> \<open>Operations\<close>
   29.68    { fix x y have "add \<Z> x y = x + y" by simp }
   29.69    note add = this
   29.70    have zero: "zero \<Z> = 0" by simp
    30.1 --- a/src/HOL/Algebra/Lattice.thy	Tue Jan 16 09:12:16 2018 +0100
    30.2 +++ b/src/HOL/Algebra/Lattice.thy	Tue Jan 16 09:30:00 2018 +0100
    30.3 @@ -52,11 +52,11 @@
    30.4  
    30.5  definition
    30.6    LEAST_FP :: "('a, 'b) gorder_scheme \<Rightarrow> ('a \<Rightarrow> 'a) \<Rightarrow> 'a" ("LFP\<index>") where
    30.7 -  "LEAST_FP L f = \<Sqinter>\<^bsub>L\<^esub> {u \<in> carrier L. f u \<sqsubseteq>\<^bsub>L\<^esub> u}"    \<comment>\<open>least fixed point\<close>
    30.8 +  "LEAST_FP L f = \<Sqinter>\<^bsub>L\<^esub> {u \<in> carrier L. f u \<sqsubseteq>\<^bsub>L\<^esub> u}"    \<comment> \<open>least fixed point\<close>
    30.9  
   30.10  definition
   30.11    GREATEST_FP:: "('a, 'b) gorder_scheme \<Rightarrow> ('a \<Rightarrow> 'a) \<Rightarrow> 'a" ("GFP\<index>") where
   30.12 -  "GREATEST_FP L f = \<Squnion>\<^bsub>L\<^esub> {u \<in> carrier L. u \<sqsubseteq>\<^bsub>L\<^esub> f u}"    \<comment>\<open>greatest fixed point\<close>
   30.13 +  "GREATEST_FP L f = \<Squnion>\<^bsub>L\<^esub> {u \<in> carrier L. u \<sqsubseteq>\<^bsub>L\<^esub> f u}"    \<comment> \<open>greatest fixed point\<close>
   30.14  
   30.15  
   30.16  subsection \<open>Dual operators\<close>
    31.1 --- a/src/HOL/Algebra/QuotRing.thy	Tue Jan 16 09:12:16 2018 +0100
    31.2 +++ b/src/HOL/Algebra/QuotRing.thy	Tue Jan 16 09:30:00 2018 +0100
    31.3 @@ -84,28 +84,28 @@
    31.4  text \<open>The quotient is a ring\<close>
    31.5  lemma (in ideal) quotient_is_ring: "ring (R Quot I)"
    31.6  apply (rule ringI)
    31.7 -   \<comment>\<open>abelian group\<close>
    31.8 +   \<comment> \<open>abelian group\<close>
    31.9     apply (rule comm_group_abelian_groupI)
   31.10     apply (simp add: FactRing_def)
   31.11     apply (rule a_factorgroup_is_comm_group[unfolded A_FactGroup_def'])
   31.12 -  \<comment>\<open>mult monoid\<close>
   31.13 +  \<comment> \<open>mult monoid\<close>
   31.14    apply (rule monoidI)
   31.15        apply (simp_all add: FactRing_def A_RCOSETS_def RCOSETS_def
   31.16               a_r_coset_def[symmetric])
   31.17 -      \<comment>\<open>mult closed\<close>
   31.18 +      \<comment> \<open>mult closed\<close>
   31.19        apply (clarify)
   31.20        apply (simp add: rcoset_mult_add, fast)
   31.21 -     \<comment>\<open>mult \<open>one_closed\<close>\<close>
   31.22 +     \<comment> \<open>mult \<open>one_closed\<close>\<close>
   31.23       apply force
   31.24 -    \<comment>\<open>mult assoc\<close>
   31.25 +    \<comment> \<open>mult assoc\<close>
   31.26      apply clarify
   31.27      apply (simp add: rcoset_mult_add m_assoc)
   31.28 -   \<comment>\<open>mult one\<close>
   31.29 +   \<comment> \<open>mult one\<close>
   31.30     apply clarify
   31.31     apply (simp add: rcoset_mult_add)
   31.32    apply clarify
   31.33    apply (simp add: rcoset_mult_add)
   31.34 - \<comment>\<open>distr\<close>
   31.35 + \<comment> \<open>distr\<close>
   31.36   apply clarify
   31.37   apply (simp add: rcoset_mult_add a_rcos_sum l_distr)
   31.38  apply clarify
   31.39 @@ -225,7 +225,7 @@
   31.40       apply (simp add: FactRing_def A_RCOSETS_defs a_r_coset_def[symmetric], clarsimp)
   31.41       apply (simp add: rcoset_mult_add) defer 1
   31.42    proof (rule ccontr, simp)
   31.43 -    \<comment>\<open>Quotient is not empty\<close>
   31.44 +    \<comment> \<open>Quotient is not empty\<close>
   31.45      assume "\<zero>\<^bsub>R Quot I\<^esub> = \<one>\<^bsub>R Quot I\<^esub>"
   31.46      then have II1: "I = I +> \<one>" by (simp add: FactRing_def)
   31.47      from a_rcos_self[OF one_closed] have "\<one> \<in> I"
   31.48 @@ -233,11 +233,11 @@
   31.49      then have "I = carrier R" by (rule one_imp_carrier)
   31.50      with I_notcarr show False by simp
   31.51    next
   31.52 -    \<comment>\<open>Existence of Inverse\<close>
   31.53 +    \<comment> \<open>Existence of Inverse\<close>
   31.54      fix a
   31.55      assume IanI: "I +> a \<noteq> I" and acarr: "a \<in> carrier R"
   31.56  
   31.57 -    \<comment>\<open>Helper ideal \<open>J\<close>\<close>
   31.58 +    \<comment> \<open>Helper ideal \<open>J\<close>\<close>
   31.59      define J :: "'a set" where "J = (carrier R #> a) <+> I"
   31.60      have idealJ: "ideal J R"
   31.61        apply (unfold J_def, rule add_ideals)
   31.62 @@ -245,7 +245,7 @@
   31.63        apply (rule is_ideal)
   31.64        done
   31.65  
   31.66 -    \<comment>\<open>Showing @{term "J"} not smaller than @{term "I"}\<close>
   31.67 +    \<comment> \<open>Showing @{term "J"} not smaller than @{term "I"}\<close>
   31.68      have IinJ: "I \<subseteq> J"
   31.69      proof (rule, simp add: J_def r_coset_def set_add_defs)
   31.70        fix x
   31.71 @@ -256,7 +256,7 @@
   31.72        with Zcarr and xI show "\<exists>xa\<in>carrier R. \<exists>k\<in>I. x = xa \<otimes> a \<oplus> k" by fast
   31.73      qed
   31.74  
   31.75 -    \<comment>\<open>Showing @{term "J \<noteq> I"}\<close>
   31.76 +    \<comment> \<open>Showing @{term "J \<noteq> I"}\<close>
   31.77      have anI: "a \<notin> I"
   31.78      proof (rule ccontr, simp)
   31.79        assume "a \<in> I"
   31.80 @@ -274,7 +274,7 @@
   31.81  
   31.82      from aJ and anI have JnI: "J \<noteq> I" by fast
   31.83  
   31.84 -    \<comment>\<open>Deducing @{term "J = carrier R"} because @{term "I"} is maximal\<close>
   31.85 +    \<comment> \<open>Deducing @{term "J = carrier R"} because @{term "I"} is maximal\<close>
   31.86      from idealJ and IinJ have "J = I \<or> J = carrier R"
   31.87      proof (rule I_maximal, unfold J_def)
   31.88        have "carrier R #> a \<subseteq> carrier R"
   31.89 @@ -285,7 +285,7 @@
   31.90  
   31.91      with JnI have Jcarr: "J = carrier R" by simp
   31.92  
   31.93 -    \<comment>\<open>Calculating an inverse for @{term "a"}\<close>
   31.94 +    \<comment> \<open>Calculating an inverse for @{term "a"}\<close>
   31.95      from one_closed[folded Jcarr]
   31.96      have "\<exists>r\<in>carrier R. \<exists>i\<in>I. \<one> = r \<otimes> a \<oplus> i"
   31.97        by (simp add: J_def r_coset_def set_add_defs)
   31.98 @@ -294,7 +294,7 @@
   31.99      from one and rcarr and acarr and iI[THEN a_Hcarr]
  31.100      have rai1: "a \<otimes> r = \<ominus>i \<oplus> \<one>" by algebra
  31.101  
  31.102 -    \<comment>\<open>Lifting to cosets\<close>
  31.103 +    \<comment> \<open>Lifting to cosets\<close>
  31.104      from iI have "\<ominus>i \<oplus> \<one> \<in> I +> \<one>"
  31.105        by (intro a_rcosI, simp, intro a_subset, simp)
  31.106      with rai1 have "a \<otimes> r \<in> I +> \<one>" by simp
    32.1 --- a/src/HOL/Algebra/RingHom.thy	Tue Jan 16 09:12:16 2018 +0100
    32.2 +++ b/src/HOL/Algebra/RingHom.thy	Tue Jan 16 09:30:00 2018 +0100
    32.3 @@ -102,7 +102,7 @@
    32.4  
    32.5  subsection \<open>The Kernel of a Ring Homomorphism\<close>
    32.6  
    32.7 -\<comment>"the kernel of a ring homomorphism is an ideal"
    32.8 +\<comment> \<open>the kernel of a ring homomorphism is an ideal\<close>
    32.9  lemma (in ring_hom_ring) kernel_is_ideal:
   32.10    shows "ideal (a_kernel R S h) R"
   32.11  apply (rule idealI)
    33.1 --- a/src/HOL/Analysis/Brouwer_Fixpoint.thy	Tue Jan 16 09:12:16 2018 +0100
    33.2 +++ b/src/HOL/Analysis/Brouwer_Fixpoint.thy	Tue Jan 16 09:30:00 2018 +0100
    33.3 @@ -130,7 +130,7 @@
    33.4  lemma kuhn_counting_lemma:
    33.5    fixes bnd compo compo' face S F
    33.6    defines "nF s == card {f\<in>F. face f s \<and> compo' f}"
    33.7 -  assumes [simp, intro]: "finite F" \<comment> "faces" and [simp, intro]: "finite S" \<comment> "simplices"
    33.8 +  assumes [simp, intro]: "finite F" \<comment> \<open>faces\<close> and [simp, intro]: "finite S" \<comment> \<open>simplices\<close>
    33.9      and "\<And>f. f \<in> F \<Longrightarrow> bnd f \<Longrightarrow> card {s\<in>S. face f s} = 1"
   33.10      and "\<And>f. f \<in> F \<Longrightarrow> \<not> bnd f \<Longrightarrow> card {s\<in>S. face f s} = 2"
   33.11      and "\<And>s. s \<in> S \<Longrightarrow> compo s \<Longrightarrow> nF s = 1"
   33.12 @@ -2572,7 +2572,7 @@
   33.13          moreover have False if "1 < dd (x - a)"
   33.14            using x that dd2 [of "x - a" 1] \<open>x \<noteq> a\<close> closure_affine_hull
   33.15            by (auto simp: rel_frontier_def)
   33.16 -        ultimately have "dd (x - a) = 1" \<comment>\<open>similar to another proof above\<close>
   33.17 +        ultimately have "dd (x - a) = 1" \<comment> \<open>similar to another proof above\<close>
   33.18            by fastforce
   33.19          with that show ?thesis
   33.20            by (simp add: rel_frontier_def)
    34.1 --- a/src/HOL/Analysis/Cauchy_Integral_Theorem.thy	Tue Jan 16 09:12:16 2018 +0100
    34.2 +++ b/src/HOL/Analysis/Cauchy_Integral_Theorem.thy	Tue Jan 16 09:30:00 2018 +0100
    34.3 @@ -6151,7 +6151,7 @@
    34.4       apply (clarsimp simp del: divide_const_simps)
    34.5       apply (metis add.commute dist_commute le_less_trans mem_ball real_gt_half_sum w)
    34.6       done
    34.7 -  \<comment>\<open>Replacing @{term r} and the original (weak) premises\<close>
    34.8 +  \<comment> \<open>Replacing @{term r} and the original (weak) premises\<close>
    34.9    obtain r where "0 < r" and holfc: "f holomorphic_on cball z r" and w: "w \<in> ball z r"
   34.10      apply (rule that [of "(r + dist w z) / 2"])
   34.11        apply (simp_all add: fh')
    35.1 --- a/src/HOL/Analysis/Complex_Transcendental.thy	Tue Jan 16 09:12:16 2018 +0100
    35.2 +++ b/src/HOL/Analysis/Complex_Transcendental.thy	Tue Jan 16 09:30:00 2018 +0100
    35.3 @@ -2851,7 +2851,7 @@
    35.4  lemma sin_Arcsin [simp]: "sin(Arcsin z) = z"
    35.5  proof -
    35.6    have "\<i>*z*2 + csqrt (1 - z\<^sup>2)*2 = 0 \<longleftrightarrow> (\<i>*z)*2 + csqrt (1 - z\<^sup>2)*2 = 0"
    35.7 -    by (simp add: algebra_simps)  \<comment>\<open>Cancelling a factor of 2\<close>
    35.8 +    by (simp add: algebra_simps)  \<comment> \<open>Cancelling a factor of 2\<close>
    35.9    moreover have "... \<longleftrightarrow> (\<i>*z) + csqrt (1 - z\<^sup>2) = 0"
   35.10      by (metis Arcsin_body_lemma distrib_right no_zero_divisors zero_neq_numeral)
   35.11    ultimately show ?thesis
   35.12 @@ -3024,7 +3024,7 @@
   35.13  lemma cos_Arccos [simp]: "cos(Arccos z) = z"
   35.14  proof -
   35.15    have "z*2 + \<i> * (2 * csqrt (1 - z\<^sup>2)) = 0 \<longleftrightarrow> z*2 + \<i> * csqrt (1 - z\<^sup>2)*2 = 0"
   35.16 -    by (simp add: algebra_simps)  \<comment>\<open>Cancelling a factor of 2\<close>
   35.17 +    by (simp add: algebra_simps)  \<comment> \<open>Cancelling a factor of 2\<close>
   35.18    moreover have "... \<longleftrightarrow> z + \<i> * csqrt (1 - z\<^sup>2) = 0"
   35.19      by (metis distrib_right mult_eq_0_iff zero_neq_numeral)
   35.20    ultimately show ?thesis
    36.1 --- a/src/HOL/Analysis/Conformal_Mappings.thy	Tue Jan 16 09:12:16 2018 +0100
    36.2 +++ b/src/HOL/Analysis/Conformal_Mappings.thy	Tue Jan 16 09:30:00 2018 +0100
    36.3 @@ -980,7 +980,7 @@
    36.4      proof -
    36.5        have f0: "(f \<longlongrightarrow> 0) at_infinity"
    36.6        proof -
    36.7 -        have DIM_complex[intro]: "2 \<le> DIM(complex)"  \<comment>\<open>should not be necessary!\<close>
    36.8 +        have DIM_complex[intro]: "2 \<le> DIM(complex)"  \<comment> \<open>should not be necessary!\<close>
    36.9            by simp
   36.10          have "continuous_on (inverse ` (ball 0 r - {0})) f"
   36.11            using continuous_on_subset holf holomorphic_on_imp_continuous_on by blast
    37.1 --- a/src/HOL/Analysis/Improper_Integral.thy	Tue Jan 16 09:12:16 2018 +0100
    37.2 +++ b/src/HOL/Analysis/Improper_Integral.thy	Tue Jan 16 09:30:00 2018 +0100
    37.3 @@ -1501,7 +1501,7 @@
    37.4        using bounded_integrals_over_subintervals [OF int_gab] unfolding bounded_pos real_norm_def by blast
    37.5      show "(\<lambda>x. f x \<bullet> j) absolutely_integrable_on cbox a b"
    37.6        using g
    37.7 -    proof     \<comment>\<open>A lot of duplication in the two proofs\<close>
    37.8 +    proof     \<comment> \<open>A lot of duplication in the two proofs\<close>
    37.9        assume fg [rule_format]: "\<forall>x\<in>cbox a b. f x \<bullet> j \<le> g x"
   37.10        have "(\<lambda>x. (f x \<bullet> j)) = (\<lambda>x. g x - (g x - (f x \<bullet> j)))"
   37.11          by simp
    38.1 --- a/src/HOL/Analysis/Linear_Algebra.thy	Tue Jan 16 09:12:16 2018 +0100
    38.2 +++ b/src/HOL/Analysis/Linear_Algebra.thy	Tue Jan 16 09:30:00 2018 +0100
    38.3 @@ -1726,7 +1726,7 @@
    38.4    apply auto
    38.5    done
    38.6  
    38.7 -lemma approachable_lt_le2:  \<comment>\<open>like the above, but pushes aside an extra formula\<close>
    38.8 +lemma approachable_lt_le2:  \<comment> \<open>like the above, but pushes aside an extra formula\<close>
    38.9      "(\<exists>(d::real) > 0. \<forall>x. Q x \<longrightarrow> f x < d \<longrightarrow> P x) \<longleftrightarrow> (\<exists>d>0. \<forall>x. f x \<le> d \<longrightarrow> Q x \<longrightarrow> P x)"
   38.10    apply auto
   38.11    apply (rule_tac x="d/2" in exI, auto)
    39.1 --- a/src/HOL/Analysis/Path_Connected.thy	Tue Jan 16 09:12:16 2018 +0100
    39.2 +++ b/src/HOL/Analysis/Path_Connected.thy	Tue Jan 16 09:30:00 2018 +0100
    39.3 @@ -2078,7 +2078,7 @@
    39.4      }
    39.5      then have pcx: "path_component (- s) x (a + C *\<^sub>R (x - a))"
    39.6        by (force simp: closed_segment_def intro!: path_connected_linepath)
    39.7 -    define D where "D = B / norm(y - a)"  \<comment>\<open>massive duplication with the proof above\<close>
    39.8 +    define D where "D = B / norm(y - a)"  \<comment> \<open>massive duplication with the proof above\<close>
    39.9      { fix u
   39.10        assume u: "(1 - u) *\<^sub>R y + u *\<^sub>R (a + D *\<^sub>R (y - a)) \<in> s" and "0 \<le> u" "u \<le> 1"
   39.11        have DD: "1 \<le> 1 + (D - 1) * u"
    40.1 --- a/src/HOL/Analysis/Starlike.thy	Tue Jan 16 09:12:16 2018 +0100
    40.2 +++ b/src/HOL/Analysis/Starlike.thy	Tue Jan 16 09:30:00 2018 +0100
    40.3 @@ -3795,7 +3795,7 @@
    40.4      { fix u v x
    40.5        assume uv: "sum u t = 1" "\<forall>x\<in>s. 0 \<le> v x" "sum v s = 1"
    40.6                   "(\<Sum>x\<in>s. v x *\<^sub>R x) = (\<Sum>v\<in>t. u v *\<^sub>R v)" "x \<in> t"
    40.7 -      then have s: "s = (s - t) \<union> t" \<comment>\<open>split into separate cases\<close>
    40.8 +      then have s: "s = (s - t) \<union> t" \<comment> \<open>split into separate cases\<close>
    40.9          using assms by auto
   40.10        have [simp]: "(\<Sum>x\<in>t. v x *\<^sub>R x) + (\<Sum>x\<in>s - t. v x *\<^sub>R x) = (\<Sum>x\<in>t. u x *\<^sub>R x)"
   40.11                     "sum v t + sum v (s - t) = 1"
   40.12 @@ -3913,7 +3913,7 @@
   40.13        using assms by (simp add: aff_independent_finite)
   40.14      { fix a b and d::real
   40.15        assume ab: "a \<in> s" "b \<in> s" "a \<noteq> b"
   40.16 -      then have s: "s = (s - {a,b}) \<union> {a,b}" \<comment>\<open>split into separate cases\<close>
   40.17 +      then have s: "s = (s - {a,b}) \<union> {a,b}" \<comment> \<open>split into separate cases\<close>
   40.18          by auto
   40.19        have "(\<Sum>x\<in>s. if x = a then - d else if x = b then d else 0) = 0"
   40.20             "(\<Sum>x\<in>s. (if x = a then - d else if x = b then d else 0) *\<^sub>R x) = d *\<^sub>R b - d *\<^sub>R a"
    41.1 --- a/src/HOL/Analysis/Tagged_Division.thy	Tue Jan 16 09:12:16 2018 +0100
    41.2 +++ b/src/HOL/Analysis/Tagged_Division.thy	Tue Jan 16 09:30:00 2018 +0100
    41.3 @@ -2353,10 +2353,10 @@
    41.4      have realff: "(real w) * 2^m < (real v) * 2^n \<longleftrightarrow> w * 2^m < v * 2^n" for m n v w
    41.5        using of_nat_less_iff less_imp_of_nat_less by fastforce
    41.6      have *: "\<forall>v w. ?K0(m,v) \<subseteq> ?K0(n,w) \<or> ?K0(n,w) \<subseteq> ?K0(m,v) \<or> interior(?K0(m,v)) \<inter> interior(?K0(n,w)) = {}"
    41.7 -      for m n \<comment>\<open>The symmetry argument requires a single HOL formula\<close>
    41.8 +      for m n \<comment> \<open>The symmetry argument requires a single HOL formula\<close>
    41.9      proof (rule linorder_wlog [where a=m and b=n], intro allI impI)
   41.10        fix v w m and n::nat
   41.11 -      assume "m \<le> n" \<comment>\<open>WLOG we can assume @{term"m \<le> n"}, when the first disjunct becomes impossible\<close>
   41.12 +      assume "m \<le> n" \<comment> \<open>WLOG we can assume @{term"m \<le> n"}, when the first disjunct becomes impossible\<close>
   41.13        have "?K0(n,w) \<subseteq> ?K0(m,v) \<or> interior(?K0(m,v)) \<inter> interior(?K0(n,w)) = {}"
   41.14          apply (simp add: subset_box disjoint_interval)
   41.15          apply (rule ccontr)
    42.1 --- a/src/HOL/Analysis/Topology_Euclidean_Space.thy	Tue Jan 16 09:12:16 2018 +0100
    42.2 +++ b/src/HOL/Analysis/Topology_Euclidean_Space.thy	Tue Jan 16 09:30:00 2018 +0100
    42.3 @@ -4387,7 +4387,7 @@
    42.4    "compact (s :: 'a::metric_space set) \<longleftrightarrow> seq_compact s"
    42.5    using compact_imp_seq_compact seq_compact_imp_heine_borel by blast
    42.6  
    42.7 -lemma compact_def: \<comment>\<open>this is the definition of compactness in HOL Light\<close>
    42.8 +lemma compact_def: \<comment> \<open>this is the definition of compactness in HOL Light\<close>
    42.9    "compact (S :: 'a::metric_space set) \<longleftrightarrow>
   42.10     (\<forall>f. (\<forall>n. f n \<in> S) \<longrightarrow> (\<exists>l\<in>S. \<exists>r::nat\<Rightarrow>nat. strict_mono r \<and> (f \<circ> r) \<longlonglongrightarrow> l))"
   42.11    unfolding compact_eq_seq_compact_metric seq_compact_def by auto
   42.12 @@ -5036,7 +5036,7 @@
   42.13  lemma Lim_trivial_limit: "trivial_limit net \<Longrightarrow> (f \<longlongrightarrow> l) net"
   42.14    by simp
   42.15  
   42.16 -lemmas continuous_on = continuous_on_def \<comment> "legacy theorem name"
   42.17 +lemmas continuous_on = continuous_on_def \<comment> \<open>legacy theorem name\<close>
   42.18  
   42.19  lemma continuous_within_subset:
   42.20    "continuous (at x within s) f \<Longrightarrow> t \<subseteq> s \<Longrightarrow> continuous (at x within t) f"
    43.1 --- a/src/HOL/Auth/CertifiedEmail.thy	Tue Jan 16 09:12:16 2018 +0100
    43.2 +++ b/src/HOL/Auth/CertifiedEmail.thy	Tue Jan 16 09:30:00 2018 +0100
    43.3 @@ -31,20 +31,20 @@
    43.4  inductive_set certified_mail :: "event list set"
    43.5    where
    43.6  
    43.7 -  Nil: \<comment>\<open>The empty trace\<close>
    43.8 +  Nil: \<comment> \<open>The empty trace\<close>
    43.9       "[] \<in> certified_mail"
   43.10  
   43.11 -| Fake: \<comment>\<open>The Spy may say anything he can say.  The sender field is correct,
   43.12 +| Fake: \<comment> \<open>The Spy may say anything he can say.  The sender field is correct,
   43.13            but agents don't use that information.\<close>
   43.14        "[| evsf \<in> certified_mail; X \<in> synth(analz(spies evsf))|] 
   43.15         ==> Says Spy B X # evsf \<in> certified_mail"
   43.16  
   43.17 -| FakeSSL: \<comment>\<open>The Spy may open SSL sessions with TTP, who is the only agent
   43.18 +| FakeSSL: \<comment> \<open>The Spy may open SSL sessions with TTP, who is the only agent
   43.19      equipped with the necessary credentials to serve as an SSL server.\<close>
   43.20           "[| evsfssl \<in> certified_mail; X \<in> synth(analz(spies evsfssl))|]
   43.21            ==> Notes TTP \<lbrace>Agent Spy, Agent TTP, X\<rbrace> # evsfssl \<in> certified_mail"
   43.22  
   43.23 -| CM1: \<comment>\<open>The sender approaches the recipient.  The message is a number.\<close>
   43.24 +| CM1: \<comment> \<open>The sender approaches the recipient.  The message is a number.\<close>
   43.25   "[|evs1 \<in> certified_mail;
   43.26      Key K \<notin> used evs1;
   43.27      K \<in> symKeys;
   43.28 @@ -55,7 +55,7 @@
   43.29                   Number cleartext, Nonce q, S2TTP\<rbrace> # evs1 
   43.30          \<in> certified_mail"
   43.31  
   43.32 -| CM2: \<comment>\<open>The recipient records @{term S2TTP} while transmitting it and her
   43.33 +| CM2: \<comment> \<open>The recipient records @{term S2TTP} while transmitting it and her
   43.34       password to @{term TTP} over an SSL channel.\<close>
   43.35   "[|evs2 \<in> certified_mail;
   43.36      Gets R \<lbrace>Agent S, Agent TTP, em, Number BothAuth, Number cleartext, 
   43.37 @@ -66,7 +66,7 @@
   43.38     Notes TTP \<lbrace>Agent R, Agent TTP, S2TTP, Key(RPwd R), hr\<rbrace> # evs2
   43.39        \<in> certified_mail"
   43.40  
   43.41 -| CM3: \<comment>\<open>@{term TTP} simultaneously reveals the key to the recipient and gives
   43.42 +| CM3: \<comment> \<open>@{term TTP} simultaneously reveals the key to the recipient and gives
   43.43           a receipt to the sender.  The SSL channel does not authenticate 
   43.44           the client (@{term R}), but @{term TTP} accepts the message only 
   43.45           if the given password is that of the claimed sender, @{term R}.
    44.1 --- a/src/HOL/Auth/Event.thy	Tue Jan 16 09:12:16 2018 +0100
    44.2 +++ b/src/HOL/Auth/Event.thy	Tue Jan 16 09:30:00 2018 +0100
    44.3 @@ -72,7 +72,7 @@
    44.4                          Says A B X => parts {X} \<union> used evs
    44.5                        | Gets A X   => used evs
    44.6                        | Notes A X  => parts {X} \<union> used evs)"
    44.7 -    \<comment>\<open>The case for @{term Gets} seems anomalous, but @{term Gets} always
    44.8 +    \<comment> \<open>The case for @{term Gets} seems anomalous, but @{term Gets} always
    44.9          follows @{term Says} in real protocols.  Seems difficult to change.
   44.10          See \<open>Gets_correct\<close> in theory \<open>Guard/Extensions.thy\<close>.\<close>
   44.11  
    45.1 --- a/src/HOL/Auth/KerberosIV.thy	Tue Jan 16 09:12:16 2018 +0100
    45.2 +++ b/src/HOL/Auth/KerberosIV.thy	Tue Jan 16 09:30:00 2018 +0100
    45.3 @@ -18,7 +18,7 @@
    45.4  
    45.5  axiomatization where
    45.6    Tgs_not_bad [iff]: "Tgs \<notin> bad"
    45.7 -   \<comment>\<open>Tgs is secure --- we already know that Kas is secure\<close>
    45.8 +   \<comment> \<open>Tgs is secure --- we already know that Kas is secure\<close>
    45.9  
   45.10  definition
   45.11   (* authKeys are those contained in an authTicket *)
   45.12 @@ -1343,7 +1343,7 @@
   45.13  apply (erule rev_mp)
   45.14  apply (erule kerbIV.induct)
   45.15  apply (rule_tac [9] impI)+
   45.16 -  \<comment>\<open>The Oops1 case is unusual: must simplify
   45.17 +  \<comment> \<open>The Oops1 case is unusual: must simplify
   45.18      @{term "Authkey \<notin> analz (spies (ev#evs))"}, not letting
   45.19     \<open>analz_mono_contra\<close> weaken it to
   45.20     @{term "Authkey \<notin> analz (spies evs)"},
    46.1 --- a/src/HOL/Auth/KerberosIV_Gets.thy	Tue Jan 16 09:12:16 2018 +0100
    46.2 +++ b/src/HOL/Auth/KerberosIV_Gets.thy	Tue Jan 16 09:30:00 2018 +0100
    46.3 @@ -18,7 +18,7 @@
    46.4  
    46.5  axiomatization where
    46.6    Tgs_not_bad [iff]: "Tgs \<notin> bad"
    46.7 -   \<comment>\<open>Tgs is secure --- we already know that Kas is secure\<close>
    46.8 +   \<comment> \<open>Tgs is secure --- we already know that Kas is secure\<close>
    46.9  
   46.10  definition
   46.11   (* authKeys are those contained in an authTicket *)
   46.12 @@ -1057,7 +1057,7 @@
   46.13          add: analz_image_freshK_simps AKcryptSK_Says shrK_not_AKcryptSK
   46.14               Oops2_not_AKcryptSK Auth_fresh_not_AKcryptSK
   46.15         Serv_fresh_not_AKcryptSK Says_Tgs_AKcryptSK Spy_analz_shrK)
   46.16 -  \<comment>\<open>18 seconds on a 1.8GHz machine??\<close>
   46.17 +  \<comment> \<open>18 seconds on a 1.8GHz machine??\<close>
   46.18  txt\<open>Fake\<close> 
   46.19  apply spy_analz
   46.20  txt\<open>Reception\<close>
   46.21 @@ -1211,7 +1211,7 @@
   46.22  apply (erule rev_mp)
   46.23  apply (erule kerbIV_gets.induct)
   46.24  apply (rule_tac [10] impI)+
   46.25 -  \<comment>\<open>The Oops1 case is unusual: must simplify
   46.26 +  \<comment> \<open>The Oops1 case is unusual: must simplify
   46.27      @{term "Authkey \<notin> analz (spies (ev#evs))"}, not letting
   46.28     \<open>analz_mono_contra\<close> weaken it to
   46.29     @{term "Authkey \<notin> analz (spies evs)"},
    47.1 --- a/src/HOL/Auth/KerberosV.thy	Tue Jan 16 09:12:16 2018 +0100
    47.2 +++ b/src/HOL/Auth/KerberosV.thy	Tue Jan 16 09:30:00 2018 +0100
    47.3 @@ -19,7 +19,7 @@
    47.4  
    47.5  axiomatization where
    47.6    Tgs_not_bad [iff]: "Tgs \<notin> bad"
    47.7 -   \<comment>\<open>Tgs is secure --- we already know that Kas is secure\<close>
    47.8 +   \<comment> \<open>Tgs is secure --- we already know that Kas is secure\<close>
    47.9  
   47.10  definition
   47.11   (* authKeys are those contained in an authTicket *)
   47.12 @@ -1062,7 +1062,7 @@
   47.13  apply (erule rev_mp)
   47.14  apply (erule kerbV.induct)
   47.15  apply (rule_tac [9] impI)+
   47.16 -  \<comment>\<open>The Oops1 case is unusual: must simplify
   47.17 +  \<comment> \<open>The Oops1 case is unusual: must simplify
   47.18      @{term "Authkey \<notin> analz (spies (ev#evs))"}, not letting
   47.19     \<open>analz_mono_contra\<close> weaken it to
   47.20     @{term "Authkey \<notin> analz (spies evs)"},
    48.1 --- a/src/HOL/Auth/Message.thy	Tue Jan 16 09:12:16 2018 +0100
    48.2 +++ b/src/HOL/Auth/Message.thy	Tue Jan 16 09:30:00 2018 +0100
    48.3 @@ -20,8 +20,8 @@
    48.4    key = nat
    48.5  
    48.6  consts
    48.7 -  all_symmetric :: bool        \<comment>\<open>true if all keys are symmetric\<close>
    48.8 -  invKey        :: "key=>key"  \<comment>\<open>inverse of a symmetric key\<close>
    48.9 +  all_symmetric :: bool        \<comment> \<open>true if all keys are symmetric\<close>
   48.10 +  invKey        :: "key=>key"  \<comment> \<open>inverse of a symmetric key\<close>
   48.11  
   48.12  specification (invKey)
   48.13    invKey [simp]: "invKey (invKey K) = K"
   48.14 @@ -35,17 +35,17 @@
   48.15  definition symKeys :: "key set" where
   48.16    "symKeys == {K. invKey K = K}"
   48.17  
   48.18 -datatype  \<comment>\<open>We allow any number of friendly agents\<close>
   48.19 +datatype  \<comment> \<open>We allow any number of friendly agents\<close>
   48.20    agent = Server | Friend nat | Spy
   48.21  
   48.22  datatype
   48.23 -     msg = Agent  agent     \<comment>\<open>Agent names\<close>
   48.24 -         | Number nat       \<comment>\<open>Ordinary integers, timestamps, ...\<close>
   48.25 -         | Nonce  nat       \<comment>\<open>Unguessable nonces\<close>
   48.26 -         | Key    key       \<comment>\<open>Crypto keys\<close>
   48.27 -         | Hash   msg       \<comment>\<open>Hashing\<close>
   48.28 -         | MPair  msg msg   \<comment>\<open>Compound messages\<close>
   48.29 -         | Crypt  key msg   \<comment>\<open>Encryption, public- or shared-key\<close>
   48.30 +     msg = Agent  agent     \<comment> \<open>Agent names\<close>
   48.31 +         | Number nat       \<comment> \<open>Ordinary integers, timestamps, ...\<close>
   48.32 +         | Nonce  nat       \<comment> \<open>Unguessable nonces\<close>
   48.33 +         | Key    key       \<comment> \<open>Crypto keys\<close>
   48.34 +         | Hash   msg       \<comment> \<open>Hashing\<close>
   48.35 +         | MPair  msg msg   \<comment> \<open>Compound messages\<close>
   48.36 +         | Crypt  key msg   \<comment> \<open>Encryption, public- or shared-key\<close>
   48.37  
   48.38  
   48.39  text\<open>Concrete syntax: messages appear as \<open>\<lbrace>A,B,NA\<rbrace>\<close>, etc...\<close>
   48.40 @@ -57,11 +57,11 @@
   48.41  
   48.42  
   48.43  definition HPair :: "[msg,msg] => msg" ("(4Hash[_] /_)" [0, 1000]) where
   48.44 -    \<comment>\<open>Message Y paired with a MAC computed with the help of X\<close>
   48.45 +    \<comment> \<open>Message Y paired with a MAC computed with the help of X\<close>
   48.46      "Hash[X] Y == \<lbrace>Hash\<lbrace>X,Y\<rbrace>, Y\<rbrace>"
   48.47  
   48.48  definition keysFor :: "msg set => key set" where
   48.49 -    \<comment>\<open>Keys useful to decrypt elements of a message set\<close>
   48.50 +    \<comment> \<open>Keys useful to decrypt elements of a message set\<close>
   48.51    "keysFor H == invKey ` {K. \<exists>X. Crypt K X \<in> H}"
   48.52  
   48.53  
   48.54 @@ -317,7 +317,7 @@
   48.55        by simp (metis Suc_n_not_le_n)
   48.56  next
   48.57    case (MPair X Y)
   48.58 -    then show ?case \<comment>\<open>metis works out the necessary sum itself!\<close>
   48.59 +    then show ?case \<comment> \<open>metis works out the necessary sum itself!\<close>
   48.60        by (simp add: parts_insert2) (metis le_trans nat_le_linear)
   48.61  qed auto
   48.62  
    49.1 --- a/src/HOL/Auth/OtwayRees.thy	Tue Jan 16 09:12:16 2018 +0100
    49.2 +++ b/src/HOL/Auth/OtwayRees.thy	Tue Jan 16 09:30:00 2018 +0100
    49.3 @@ -196,7 +196,7 @@
    49.4  apply (erule rev_mp)
    49.5  apply (erule rev_mp)
    49.6  apply (erule otway.induct, simp_all)
    49.7 -apply blast+  \<comment>\<open>OR3 and OR4\<close>
    49.8 +apply blast+  \<comment> \<open>OR3 and OR4\<close>
    49.9  done
   49.10  
   49.11  
   49.12 @@ -259,11 +259,11 @@
   49.13                             Crypt (shrK B) \<lbrace>NB, Key K\<rbrace>\<rbrace> \<in> set evs)"
   49.14  apply (erule otway.induct, force,
   49.15         drule_tac [4] OR2_parts_knows_Spy, simp_all, blast)
   49.16 -  subgoal \<comment>\<open>OR1: by freshness\<close>
   49.17 +  subgoal \<comment> \<open>OR1: by freshness\<close>
   49.18      by blast  
   49.19 -  subgoal \<comment>\<open>OR3\<close>
   49.20 +  subgoal \<comment> \<open>OR3\<close>
   49.21      by (blast dest!: no_nonce_OR1_OR2 intro: unique_NA)
   49.22 -  subgoal \<comment>\<open>OR4\<close>
   49.23 +  subgoal \<comment> \<open>OR4\<close>
   49.24      by (blast intro!: Crypt_imp_OR1) 
   49.25  done
   49.26  
   49.27 @@ -296,15 +296,15 @@
   49.28        Notes Spy \<lbrace>NA, NB, Key K\<rbrace> \<notin> set evs -->
   49.29        Key K \<notin> analz (knows Spy evs)"
   49.30    apply (erule otway.induct, force, simp_all)
   49.31 -  subgoal \<comment>\<open>Fake\<close>
   49.32 +  subgoal \<comment> \<open>Fake\<close>
   49.33      by spy_analz
   49.34 -  subgoal \<comment>\<open>OR2\<close>
   49.35 +  subgoal \<comment> \<open>OR2\<close>
   49.36      by (drule OR2_analz_knows_Spy) (auto simp: analz_insert_eq)
   49.37 -  subgoal \<comment>\<open>OR3\<close>
   49.38 +  subgoal \<comment> \<open>OR3\<close>
   49.39      by (auto simp add: analz_insert_freshK pushes)
   49.40 -  subgoal \<comment>\<open>OR4\<close>
   49.41 +  subgoal \<comment> \<open>OR4\<close>
   49.42      by (drule OR4_analz_knows_Spy) (auto simp: analz_insert_eq)
   49.43 -  subgoal \<comment>\<open>Oops\<close>
   49.44 +  subgoal \<comment> \<open>Oops\<close>
   49.45      by (auto simp add: Says_Server_message_form analz_insert_freshK unique_session_keys)
   49.46    done
   49.47  
   49.48 @@ -372,7 +372,7 @@
   49.49  apply (erule rev_mp, erule rev_mp)
   49.50  apply (erule otway.induct, force,
   49.51         drule_tac [4] OR2_parts_knows_Spy, simp_all)
   49.52 -apply blast+  \<comment>\<open>Fake, OR2\<close>
   49.53 +apply blast+  \<comment> \<open>Fake, OR2\<close>
   49.54  done
   49.55  
   49.56  text\<open>If the encrypted message appears, and B has used Nonce NB,
   49.57 @@ -390,13 +390,13 @@
   49.58                      \<in> set evs)"
   49.59  apply simp
   49.60  apply (erule otway.induct, force, simp_all)
   49.61 -  subgoal \<comment>\<open>Fake\<close>
   49.62 +  subgoal \<comment> \<open>Fake\<close>
   49.63      by blast 
   49.64 -  subgoal \<comment>\<open>OR2\<close>
   49.65 +  subgoal \<comment> \<open>OR2\<close>
   49.66      by (force dest!: OR2_parts_knows_Spy)
   49.67 -  subgoal \<comment>\<open>OR3\<close>
   49.68 -    by (blast dest: unique_NB dest!: no_nonce_OR1_OR2)  \<comment>\<open>OR3\<close>
   49.69 -  subgoal \<comment>\<open>OR4\<close>
   49.70 +  subgoal \<comment> \<open>OR3\<close>
   49.71 +    by (blast dest: unique_NB dest!: no_nonce_OR1_OR2)  \<comment> \<open>OR3\<close>
   49.72 +  subgoal \<comment> \<open>OR4\<close>
   49.73      by (blast dest!: Crypt_imp_OR2) 
   49.74  done
   49.75  
    50.1 --- a/src/HOL/Auth/OtwayRees_AN.thy	Tue Jan 16 09:12:16 2018 +0100
    50.2 +++ b/src/HOL/Auth/OtwayRees_AN.thy	Tue Jan 16 09:30:00 2018 +0100
    50.3 @@ -23,31 +23,31 @@
    50.4  
    50.5  inductive_set otway :: "event list set"
    50.6    where
    50.7 -   Nil: \<comment>\<open>The empty trace\<close>
    50.8 +   Nil: \<comment> \<open>The empty trace\<close>
    50.9          "[] \<in> otway"
   50.10  
   50.11 - | Fake: \<comment>\<open>The Spy may say anything he can say.  The sender field is correct,
   50.12 + | Fake: \<comment> \<open>The Spy may say anything he can say.  The sender field is correct,
   50.13              but agents don't use that information.\<close>
   50.14           "[| evsf \<in> otway;  X \<in> synth (analz (knows Spy evsf)) |]
   50.15            ==> Says Spy B X  # evsf \<in> otway"
   50.16  
   50.17          
   50.18 - | Reception: \<comment>\<open>A message that has been sent can be received by the
   50.19 + | Reception: \<comment> \<open>A message that has been sent can be received by the
   50.20                    intended recipient.\<close>
   50.21                "[| evsr \<in> otway;  Says A B X \<in>set evsr |]
   50.22                 ==> Gets B X # evsr \<in> otway"
   50.23  
   50.24 - | OR1:  \<comment>\<open>Alice initiates a protocol run\<close>
   50.25 + | OR1:  \<comment> \<open>Alice initiates a protocol run\<close>
   50.26           "evs1 \<in> otway
   50.27            ==> Says A B \<lbrace>Agent A, Agent B, Nonce NA\<rbrace> # evs1 \<in> otway"
   50.28  
   50.29 - | OR2:  \<comment>\<open>Bob's response to Alice's message.\<close>
   50.30 + | OR2:  \<comment> \<open>Bob's response to Alice's message.\<close>
   50.31           "[| evs2 \<in> otway;
   50.32               Gets B \<lbrace>Agent A, Agent B, Nonce NA\<rbrace> \<in>set evs2 |]
   50.33            ==> Says B Server \<lbrace>Agent A, Agent B, Nonce NA, Nonce NB\<rbrace>
   50.34                   # evs2 \<in> otway"
   50.35  
   50.36 - | OR3:  \<comment>\<open>The Server receives Bob's message.  Then he sends a new
   50.37 + | OR3:  \<comment> \<open>The Server receives Bob's message.  Then he sends a new
   50.38             session key to Bob with a packet for forwarding to Alice.\<close>
   50.39           "[| evs3 \<in> otway;  Key KAB \<notin> used evs3;
   50.40               Gets Server \<lbrace>Agent A, Agent B, Nonce NA, Nonce NB\<rbrace>
   50.41 @@ -57,7 +57,7 @@
   50.42                   Crypt (shrK B) \<lbrace>Nonce NB, Agent A, Agent B, Key KAB\<rbrace>\<rbrace>
   50.43                # evs3 \<in> otway"
   50.44  
   50.45 - | OR4:  \<comment>\<open>Bob receives the Server's (?) message and compares the Nonces with
   50.46 + | OR4:  \<comment> \<open>Bob receives the Server's (?) message and compares the Nonces with
   50.47               those in the message he previously sent the Server.
   50.48               Need @{term "B \<noteq> Server"} because we allow messages to self.\<close>
   50.49           "[| evs4 \<in> otway;  B \<noteq> Server;
   50.50 @@ -66,7 +66,7 @@
   50.51                 \<in>set evs4 |]
   50.52            ==> Says B A X # evs4 \<in> otway"
   50.53  
   50.54 - | Oops: \<comment>\<open>This message models possible leaks of session keys.  The nonces
   50.55 + | Oops: \<comment> \<open>This message models possible leaks of session keys.  The nonces
   50.56               identify the protocol run.\<close>
   50.57           "[| evso \<in> otway;
   50.58               Says Server B
   50.59 @@ -185,7 +185,7 @@
   50.60          evs \<in> otway |]
   50.61       ==> A=A' & B=B' & NA=NA' & NB=NB'"
   50.62  apply (erule rev_mp, erule rev_mp, erule otway.induct, simp_all)
   50.63 -apply blast+  \<comment>\<open>OR3 and OR4\<close>
   50.64 +apply blast+  \<comment> \<open>OR3 and OR4\<close>
   50.65  done
   50.66  
   50.67  
   50.68 @@ -201,7 +201,7 @@
   50.69                      \<in> set evs)"
   50.70  apply (erule otway.induct, force)
   50.71  apply (simp_all add: ex_disj_distrib)
   50.72 -apply blast+  \<comment>\<open>Fake, OR3\<close>
   50.73 +apply blast+  \<comment> \<open>Fake, OR3\<close>
   50.74  done
   50.75  
   50.76  
   50.77 @@ -232,8 +232,8 @@
   50.78  apply (frule_tac [7] Says_Server_message_form)
   50.79  apply (drule_tac [6] OR4_analz_knows_Spy)
   50.80  apply (simp_all add: analz_insert_eq analz_insert_freshK pushes)
   50.81 -apply spy_analz  \<comment>\<open>Fake\<close>
   50.82 -apply (blast dest: unique_session_keys)+  \<comment>\<open>OR3, OR4, Oops\<close>
   50.83 +apply spy_analz  \<comment> \<open>Fake\<close>
   50.84 +apply (blast dest: unique_session_keys)+  \<comment> \<open>OR3, OR4, Oops\<close>
   50.85  done
   50.86  
   50.87  
   50.88 @@ -270,7 +270,7 @@
   50.89                       Crypt (shrK B) \<lbrace>NB, Agent A, Agent B, Key K\<rbrace>\<rbrace>
   50.90                     \<in> set evs)"
   50.91  apply (erule otway.induct, force, simp_all add: ex_disj_distrib)
   50.92 -apply blast+  \<comment>\<open>Fake, OR3\<close>
   50.93 +apply blast+  \<comment> \<open>Fake, OR3\<close>
   50.94  done
   50.95  
   50.96  
    51.1 --- a/src/HOL/Auth/OtwayRees_Bad.thy	Tue Jan 16 09:12:16 2018 +0100
    51.2 +++ b/src/HOL/Auth/OtwayRees_Bad.thy	Tue Jan 16 09:30:00 2018 +0100
    51.3 @@ -20,27 +20,27 @@
    51.4  
    51.5  inductive_set otway :: "event list set"
    51.6    where
    51.7 -   Nil: \<comment>\<open>The empty trace\<close>
    51.8 +   Nil: \<comment> \<open>The empty trace\<close>
    51.9          "[] \<in> otway"
   51.10  
   51.11 - | Fake: \<comment>\<open>The Spy may say anything he can say.  The sender field is correct,
   51.12 + | Fake: \<comment> \<open>The Spy may say anything he can say.  The sender field is correct,
   51.13              but agents don't use that information.\<close>
   51.14           "[| evsf \<in> otway;  X \<in> synth (analz (knows Spy evsf)) |]
   51.15            ==> Says Spy B X  # evsf \<in> otway"
   51.16  
   51.17          
   51.18 - | Reception: \<comment>\<open>A message that has been sent can be received by the
   51.19 + | Reception: \<comment> \<open>A message that has been sent can be received by the
   51.20                    intended recipient.\<close>
   51.21                "[| evsr \<in> otway;  Says A B X \<in>set evsr |]
   51.22                 ==> Gets B X # evsr \<in> otway"
   51.23  
   51.24 - | OR1:  \<comment>\<open>Alice initiates a protocol run\<close>
   51.25 + | OR1:  \<comment> \<open>Alice initiates a protocol run\<close>
   51.26           "[| evs1 \<in> otway;  Nonce NA \<notin> used evs1 |]
   51.27            ==> Says A B \<lbrace>Nonce NA, Agent A, Agent B,
   51.28                           Crypt (shrK A) \<lbrace>Nonce NA, Agent A, Agent B\<rbrace>\<rbrace>
   51.29                   # evs1 \<in> otway"
   51.30  
   51.31 - | OR2:  \<comment>\<open>Bob's response to Alice's message.
   51.32 + | OR2:  \<comment> \<open>Bob's response to Alice's message.
   51.33               This variant of the protocol does NOT encrypt NB.\<close>
   51.34           "[| evs2 \<in> otway;  Nonce NB \<notin> used evs2;
   51.35               Gets B \<lbrace>Nonce NA, Agent A, Agent B, X\<rbrace> \<in> set evs2 |]
   51.36 @@ -49,7 +49,7 @@
   51.37                      Crypt (shrK B) \<lbrace>Nonce NA, Agent A, Agent B\<rbrace>\<rbrace>
   51.38                   # evs2 \<in> otway"
   51.39  
   51.40 - | OR3:  \<comment>\<open>The Server receives Bob's message and checks that the three NAs
   51.41 + | OR3:  \<comment> \<open>The Server receives Bob's message and checks that the three NAs
   51.42             match.  Then he sends a new session key to Bob with a packet for
   51.43             forwarding to Alice.\<close>
   51.44           "[| evs3 \<in> otway;  Key KAB \<notin> used evs3;
   51.45 @@ -65,7 +65,7 @@
   51.46                      Crypt (shrK B) \<lbrace>Nonce NB, Key KAB\<rbrace>\<rbrace>
   51.47                   # evs3 \<in> otway"
   51.48  
   51.49 - | OR4:  \<comment>\<open>Bob receives the Server's (?) message and compares the Nonces with
   51.50 + | OR4:  \<comment> \<open>Bob receives the Server's (?) message and compares the Nonces with
   51.51               those in the message he previously sent the Server.
   51.52               Need @{term "B \<noteq> Server"} because we allow messages to self.\<close>
   51.53           "[| evs4 \<in> otway;  B \<noteq> Server;
   51.54 @@ -76,7 +76,7 @@
   51.55                 \<in> set evs4 |]
   51.56            ==> Says B A \<lbrace>Nonce NA, X\<rbrace> # evs4 \<in> otway"
   51.57  
   51.58 - | Oops: \<comment>\<open>This message models possible leaks of session keys.  The nonces
   51.59 + | Oops: \<comment> \<open>This message models possible leaks of session keys.  The nonces
   51.60               identify the protocol run.\<close>
   51.61           "[| evso \<in> otway;
   51.62               Says Server B \<lbrace>Nonce NA, X, Crypt (shrK B) \<lbrace>Nonce NB, Key K\<rbrace>\<rbrace>
   51.63 @@ -202,7 +202,7 @@
   51.64  apply (erule rev_mp)
   51.65  apply (erule rev_mp)
   51.66  apply (erule otway.induct, simp_all)
   51.67 -apply blast+  \<comment>\<open>OR3 and OR4\<close>
   51.68 +apply blast+  \<comment> \<open>OR3 and OR4\<close>
   51.69  done
   51.70  
   51.71  
   51.72 @@ -221,8 +221,8 @@
   51.73  apply (drule_tac [6] OR4_analz_knows_Spy)
   51.74  apply (drule_tac [4] OR2_analz_knows_Spy)
   51.75  apply (simp_all add: analz_insert_eq analz_insert_freshK pushes)
   51.76 -apply spy_analz  \<comment>\<open>Fake\<close>
   51.77 -apply (blast dest: unique_session_keys)+  \<comment>\<open>OR3, OR4, Oops\<close>
   51.78 +apply spy_analz  \<comment> \<open>Fake\<close>
   51.79 +apply (blast dest: unique_session_keys)+  \<comment> \<open>OR3, OR4, Oops\<close>
   51.80  done
   51.81  
   51.82  
   51.83 @@ -266,11 +266,11 @@
   51.84                    Crypt (shrK B) \<lbrace>NB, Key K\<rbrace>\<rbrace> \<in> set evs)"
   51.85  apply (erule otway.induct, force,
   51.86         drule_tac [4] OR2_parts_knows_Spy, simp_all)
   51.87 -apply blast  \<comment>\<open>Fake\<close>
   51.88 -apply blast  \<comment>\<open>OR1: it cannot be a new Nonce, contradiction.\<close>
   51.89 +apply blast  \<comment> \<open>Fake\<close>
   51.90 +apply blast  \<comment> \<open>OR1: it cannot be a new Nonce, contradiction.\<close>
   51.91  txt\<open>OR3 and OR4\<close>
   51.92  apply (simp_all add: ex_disj_distrib)
   51.93 - prefer 2 apply (blast intro!: Crypt_imp_OR1)  \<comment>\<open>OR4\<close>
   51.94 + prefer 2 apply (blast intro!: Crypt_imp_OR1)  \<comment> \<open>OR4\<close>
   51.95  txt\<open>OR3\<close>
   51.96  apply clarify
   51.97  (*The hypotheses at this point suggest an attack in which nonce NB is used
    52.1 --- a/src/HOL/Auth/Public.thy	Tue Jan 16 09:12:16 2018 +0100
    52.2 +++ b/src/HOL/Auth/Public.thy	Tue Jan 16 09:30:00 2018 +0100
    52.3 @@ -132,17 +132,17 @@
    52.4  are symmetric.\<close>
    52.5  
    52.6  consts
    52.7 -  shrK    :: "agent => key"    \<comment>\<open>long-term shared keys\<close>
    52.8 +  shrK    :: "agent => key"    \<comment> \<open>long-term shared keys\<close>
    52.9  
   52.10  specification (shrK)
   52.11    inj_shrK: "inj shrK"
   52.12 -  \<comment>\<open>No two agents have the same long-term key\<close>
   52.13 +  \<comment> \<open>No two agents have the same long-term key\<close>
   52.14     apply (rule exI [of _ "case_agent 0 (\<lambda>n. n + 2) 1"]) 
   52.15     apply (simp add: inj_on_def split: agent.split) 
   52.16     done
   52.17  
   52.18  axiomatization where
   52.19 -  sym_shrK [iff]: "shrK X \<in> symKeys" \<comment>\<open>All shared keys are symmetric\<close>
   52.20 +  sym_shrK [iff]: "shrK X \<in> symKeys" \<comment> \<open>All shared keys are symmetric\<close>
   52.21  
   52.22  text\<open>Injectiveness: Agents' long-term keys are distinct.\<close>
   52.23  lemmas shrK_injective = inj_shrK [THEN inj_eq]
   52.24 @@ -394,7 +394,7 @@
   52.25  by (blast intro: analz_mono [THEN [2] rev_subsetD])
   52.26  
   52.27  lemmas analz_image_freshK_simps =
   52.28 -       simp_thms mem_simps \<comment>\<open>these two allow its use with \<open>only:\<close>\<close>
   52.29 +       simp_thms mem_simps \<comment> \<open>these two allow its use with \<open>only:\<close>\<close>
   52.30         disj_comms 
   52.31         image_insert [THEN sym] image_Un [THEN sym] empty_subsetI insert_subset
   52.32         analz_insert_eq Un_upper2 [THEN analz_mono, THEN subsetD]
    53.1 --- a/src/HOL/Auth/Shared.thy	Tue Jan 16 09:12:16 2018 +0100
    53.2 +++ b/src/HOL/Auth/Shared.thy	Tue Jan 16 09:30:00 2018 +0100
    53.3 @@ -16,7 +16,7 @@
    53.4  
    53.5  specification (shrK)
    53.6    inj_shrK: "inj shrK"
    53.7 -  \<comment>\<open>No two agents have the same long-term key\<close>
    53.8 +  \<comment> \<open>No two agents have the same long-term key\<close>
    53.9     apply (rule exI [of _ "case_agent 0 (\<lambda>n. n + 2) 1"]) 
   53.10     apply (simp add: inj_on_def split: agent.split) 
   53.11     done
   53.12 @@ -175,7 +175,7 @@
   53.13      erase occurrences of forwarded message components (X). **)
   53.14  
   53.15  lemmas analz_image_freshK_simps =
   53.16 -       simp_thms mem_simps \<comment>\<open>these two allow its use with \<open>only:\<close>\<close>
   53.17 +       simp_thms mem_simps \<comment> \<open>these two allow its use with \<open>only:\<close>\<close>
   53.18         disj_comms 
   53.19         image_insert [THEN sym] image_Un [THEN sym] empty_subsetI insert_subset
   53.20         analz_insert_eq Un_upper2 [THEN analz_mono, THEN [2] rev_subsetD]
    54.1 --- a/src/HOL/Auth/Smartcard/EventSC.thy	Tue Jan 16 09:12:16 2018 +0100
    54.2 +++ b/src/HOL/Auth/Smartcard/EventSC.thy	Tue Jan 16 09:30:00 2018 +0100
    54.3 @@ -95,7 +95,7 @@
    54.4                    | C_Gets C X   => used evs
    54.5                    | Outpts C A X  => parts{X} \<union> (used evs)
    54.6                    | A_Gets A X   => used evs)"
    54.7 -    \<comment>\<open>@{term Gets} always follows @{term Says} in real protocols. 
    54.8 +    \<comment> \<open>@{term Gets} always follows @{term Says} in real protocols. 
    54.9         Likewise, @{term C_Gets} will always have to follow @{term Inputs}
   54.10         and @{term A_Gets} will always have to follow @{term Outpts}\<close>
   54.11  
    55.1 --- a/src/HOL/Auth/Smartcard/Smartcard.thy	Tue Jan 16 09:12:16 2018 +0100
    55.2 +++ b/src/HOL/Auth/Smartcard/Smartcard.thy	Tue Jan 16 09:30:00 2018 +0100
    55.3 @@ -25,9 +25,9 @@
    55.4    Pairkey :: "agent * agent => nat" and
    55.5    pairK   :: "agent * agent => key"
    55.6  where
    55.7 -  inj_shrK: "inj shrK" and  \<comment>\<open>No two smartcards store the same key\<close>
    55.8 -  inj_crdK: "inj crdK" and  \<comment>\<open>Nor do two cards\<close>
    55.9 -  inj_pin : "inj pin" and   \<comment>\<open>Nor do two agents have the same pin\<close>
   55.10 +  inj_shrK: "inj shrK" and  \<comment> \<open>No two smartcards store the same key\<close>
   55.11 +  inj_crdK: "inj crdK" and  \<comment> \<open>Nor do two cards\<close>
   55.12 +  inj_pin : "inj pin" and   \<comment> \<open>Nor do two agents have the same pin\<close>
   55.13  
   55.14    (*pairK is injective on each component, if we assume encryption to be a PRF
   55.15      or at least collision free *)
   55.16 @@ -340,7 +340,7 @@
   55.17      erase occurrences of forwarded message components (X). **)
   55.18  
   55.19  lemmas analz_image_freshK_simps =
   55.20 -       simp_thms mem_simps \<comment>\<open>these two allow its use with \<open>only:\<close>\<close>
   55.21 +       simp_thms mem_simps \<comment> \<open>these two allow its use with \<open>only:\<close>\<close>
   55.22         disj_comms 
   55.23         image_insert [THEN sym] image_Un [THEN sym] empty_subsetI insert_subset
   55.24         analz_insert_eq Un_upper2 [THEN analz_mono, THEN [2] rev_subsetD]
    56.1 --- a/src/HOL/Auth/TLS.thy	Tue Jan 16 09:12:16 2018 +0100
    56.2 +++ b/src/HOL/Auth/TLS.thy	Tue Jan 16 09:30:00 2018 +0100
    56.3 @@ -72,14 +72,14 @@
    56.4  
    56.5  specification (PRF)
    56.6    inj_PRF: "inj PRF"
    56.7 -  \<comment>\<open>the pseudo-random function is collision-free\<close>
    56.8 +  \<comment> \<open>the pseudo-random function is collision-free\<close>
    56.9     apply (rule exI [of _ "%(x,y,z). prod_encode(x, prod_encode(y,z))"])
   56.10     apply (simp add: inj_on_def prod_encode_eq)
   56.11     done
   56.12  
   56.13  specification (sessionK)
   56.14    inj_sessionK: "inj sessionK"
   56.15 -  \<comment>\<open>sessionK is collision-free; also, no clientK clashes with any serverK.\<close>
   56.16 +  \<comment> \<open>sessionK is collision-free; also, no clientK clashes with any serverK.\<close>
   56.17     apply (rule exI [of _ 
   56.18           "%((x,y,z), r). prod_encode(case_role 0 1 r, 
   56.19                             prod_encode(x, prod_encode(y,z)))"])
   56.20 @@ -87,25 +87,25 @@
   56.21     done
   56.22  
   56.23  axiomatization where
   56.24 -  \<comment>\<open>sessionK makes symmetric keys\<close>
   56.25 +  \<comment> \<open>sessionK makes symmetric keys\<close>
   56.26    isSym_sessionK: "sessionK nonces \<in> symKeys" and
   56.27  
   56.28 -  \<comment>\<open>sessionK never clashes with a long-term symmetric key  
   56.29 +  \<comment> \<open>sessionK never clashes with a long-term symmetric key  
   56.30       (they don't exist in TLS anyway)\<close>
   56.31    sessionK_neq_shrK [iff]: "sessionK nonces \<noteq> shrK A"
   56.32  
   56.33  
   56.34  inductive_set tls :: "event list set"
   56.35    where
   56.36 -   Nil:  \<comment>\<open>The initial, empty trace\<close>
   56.37 +   Nil:  \<comment> \<open>The initial, empty trace\<close>
   56.38           "[] \<in> tls"
   56.39  
   56.40 - | Fake: \<comment>\<open>The Spy may say anything he can say.  The sender field is correct,
   56.41 + | Fake: \<comment> \<open>The Spy may say anything he can say.  The sender field is correct,
   56.42            but agents don't use that information.\<close>
   56.43           "[| evsf \<in> tls;  X \<in> synth (analz (spies evsf)) |]
   56.44            ==> Says Spy B X # evsf \<in> tls"
   56.45  
   56.46 - | SpyKeys: \<comment>\<open>The spy may apply @{term PRF} and @{term sessionK}
   56.47 + | SpyKeys: \<comment> \<open>The spy may apply @{term PRF} and @{term sessionK}
   56.48                  to available nonces\<close>
   56.49           "[| evsSK \<in> tls;
   56.50               {Nonce NA, Nonce NB, Nonce M} <= analz (spies evsSK) |]
   56.51 @@ -113,7 +113,7 @@
   56.52                             Key (sessionK((NA,NB,M),role))\<rbrace> # evsSK \<in> tls"
   56.53  
   56.54   | ClientHello:
   56.55 -         \<comment>\<open>(7.4.1.2)
   56.56 +         \<comment> \<open>(7.4.1.2)
   56.57             PA represents \<open>CLIENT_VERSION\<close>, \<open>CIPHER_SUITES\<close> and \<open>COMPRESSION_METHODS\<close>.
   56.58             It is uninterpreted but will be confirmed in the FINISHED messages.
   56.59             NA is CLIENT RANDOM, while SID is \<open>SESSION_ID\<close>.
   56.60 @@ -125,7 +125,7 @@
   56.61                  # evsCH  \<in>  tls"
   56.62  
   56.63   | ServerHello:
   56.64 -         \<comment>\<open>7.4.1.3 of the TLS Internet-Draft
   56.65 +         \<comment> \<open>7.4.1.3 of the TLS Internet-Draft
   56.66             PB represents \<open>CLIENT_VERSION\<close>, \<open>CIPHER_SUITE\<close> and \<open>COMPRESSION_METHOD\<close>.
   56.67             SERVER CERTIFICATE (7.4.2) is always present.
   56.68             \<open>CERTIFICATE_REQUEST\<close> (7.4.4) is implied.\<close>
   56.69 @@ -135,11 +135,11 @@
   56.70            ==> Says B A \<lbrace>Nonce NB, Number SID, Number PB\<rbrace> # evsSH  \<in>  tls"
   56.71  
   56.72   | Certificate:
   56.73 -         \<comment>\<open>SERVER (7.4.2) or CLIENT (7.4.6) CERTIFICATE.\<close>
   56.74 +         \<comment> \<open>SERVER (7.4.2) or CLIENT (7.4.6) CERTIFICATE.\<close>
   56.75           "evsC \<in> tls ==> Says B A (certificate B (pubK B)) # evsC  \<in>  tls"
   56.76  
   56.77   | ClientKeyExch:
   56.78 -         \<comment>\<open>CLIENT KEY EXCHANGE (7.4.7).
   56.79 +         \<comment> \<open>CLIENT KEY EXCHANGE (7.4.7).
   56.80             The client, A, chooses PMS, the PREMASTER SECRET.
   56.81             She encrypts PMS using the supplied KB, which ought to be pubK B.
   56.82             We assume @{term "PMS \<notin> range PRF"} because a clash betweem the PMS
   56.83 @@ -154,7 +154,7 @@
   56.84                # evsCX  \<in>  tls"
   56.85  
   56.86   | CertVerify:
   56.87 -        \<comment>\<open>The optional Certificate Verify (7.4.8) message contains the
   56.88 +        \<comment> \<open>The optional Certificate Verify (7.4.8) message contains the
   56.89            specific components listed in the security analysis, F.1.1.2.
   56.90            It adds the pre-master-secret, which is also essential!
   56.91            Checking the signature, which is the only use of A's certificate,
   56.92 @@ -165,12 +165,12 @@
   56.93            ==> Says A B (Crypt (priK A) (Hash\<lbrace>Nonce NB, Agent B, Nonce PMS\<rbrace>))
   56.94                # evsCV  \<in>  tls"
   56.95  
   56.96 -        \<comment>\<open>Finally come the FINISHED messages (7.4.8), confirming PA and PB
   56.97 +        \<comment> \<open>Finally come the FINISHED messages (7.4.8), confirming PA and PB
   56.98            among other things.  The master-secret is PRF(PMS,NA,NB).
   56.99            Either party may send its message first.\<close>
  56.100  
  56.101   | ClientFinished:
  56.102 -        \<comment>\<open>The occurrence of \<open>Notes A \<lbrace>Agent B, Nonce PMS\<rbrace>\<close> stops the
  56.103 +        \<comment> \<open>The occurrence of \<open>Notes A \<lbrace>Agent B, Nonce PMS\<rbrace>\<close> stops the
  56.104            rule's applying when the Spy has satisfied the \<open>Says A B\<close> by
  56.105            repaying messages sent by the true client; in that case, the
  56.106            Spy does not know PMS and could not send ClientFinished.  One
  56.107 @@ -189,7 +189,7 @@
  56.108                # evsCF  \<in>  tls"
  56.109  
  56.110   | ServerFinished:
  56.111 -        \<comment>\<open>Keeping A' and A'' distinct means B cannot even check that the
  56.112 +        \<comment> \<open>Keeping A' and A'' distinct means B cannot even check that the
  56.113            two messages originate from the same source.\<close>
  56.114           "[| evsSF \<in> tls;
  56.115               Says A' B  \<lbrace>Agent A, Nonce NA, Number SID, Number PA\<rbrace>
  56.116 @@ -204,7 +204,7 @@
  56.117                # evsSF  \<in>  tls"
  56.118  
  56.119   | ClientAccepts:
  56.120 -        \<comment>\<open>Having transmitted ClientFinished and received an identical
  56.121 +        \<comment> \<open>Having transmitted ClientFinished and received an identical
  56.122            message encrypted with serverK, the client stores the parameters
  56.123            needed to resume this session.  The "Notes A ..." premise is
  56.124            used to prove \<open>Notes_master_imp_Crypt_PMS\<close>.\<close>
  56.125 @@ -220,7 +220,7 @@
  56.126               Notes A \<lbrace>Number SID, Agent A, Agent B, Nonce M\<rbrace> # evsCA  \<in>  tls"
  56.127  
  56.128   | ServerAccepts:
  56.129 -        \<comment>\<open>Having transmitted ServerFinished and received an identical
  56.130 +        \<comment> \<open>Having transmitted ServerFinished and received an identical
  56.131            message encrypted with clientK, the server stores the parameters
  56.132            needed to resume this session.  The "Says A'' B ..." premise is
  56.133            used to prove \<open>Notes_master_imp_Crypt_PMS\<close>.\<close>
  56.134 @@ -237,7 +237,7 @@
  56.135               Notes B \<lbrace>Number SID, Agent A, Agent B, Nonce M\<rbrace> # evsSA  \<in>  tls"
  56.136  
  56.137   | ClientResume:
  56.138 -         \<comment>\<open>If A recalls the \<open>SESSION_ID\<close>, then she sends a FINISHED
  56.139 +         \<comment> \<open>If A recalls the \<open>SESSION_ID\<close>, then she sends a FINISHED
  56.140               message using the new nonces and stored MASTER SECRET.\<close>
  56.141           "[| evsCR \<in> tls;
  56.142               Says A  B \<lbrace>Agent A, Nonce NA, Number SID, Number PA\<rbrace>: set evsCR;
  56.143 @@ -250,7 +250,7 @@
  56.144                # evsCR  \<in>  tls"
  56.145  
  56.146   | ServerResume:
  56.147 -         \<comment>\<open>Resumption (7.3):  If B finds the \<open>SESSION_ID\<close> then he can 
  56.148 +         \<comment> \<open>Resumption (7.3):  If B finds the \<open>SESSION_ID\<close> then he can 
  56.149               send a FINISHED message using the recovered MASTER SECRET\<close>
  56.150           "[| evsSR \<in> tls;
  56.151               Says A' B \<lbrace>Agent A, Nonce NA, Number SID, Number PA\<rbrace>: set evsSR;
  56.152 @@ -263,7 +263,7 @@
  56.153                  \<in>  tls"
  56.154  
  56.155   | Oops:
  56.156 -         \<comment>\<open>The most plausible compromise is of an old session key.  Losing
  56.157 +         \<comment> \<open>The most plausible compromise is of an old session key.  Losing
  56.158             the MASTER SECRET or PREMASTER SECRET is more serious but
  56.159             rather unlikely.  The assumption @{term "A\<noteq>Spy"} is essential: 
  56.160             otherwise the Spy could learn session keys merely by 
    57.1 --- a/src/HOL/Auth/Yahalom.thy	Tue Jan 16 09:12:16 2018 +0100
    57.2 +++ b/src/HOL/Auth/Yahalom.thy	Tue Jan 16 09:30:00 2018 +0100
    57.3 @@ -53,7 +53,7 @@
    57.4                  # evs3 \<in> yahalom"
    57.5  
    57.6   | YM4:  
    57.7 -       \<comment>\<open>Alice receives the Server's (?) message, checks her Nonce, and
    57.8 +       \<comment> \<open>Alice receives the Server's (?) message, checks her Nonce, and
    57.9             uses the new session key to send Bob his Nonce.  The premise
   57.10             @{term "A \<noteq> Server"} is needed for \<open>Says_Server_not_range\<close>.
   57.11             Alice can check that K is symmetric by its length.\<close>
   57.12 @@ -234,9 +234,9 @@
   57.13  apply (erule yahalom.induct, force,
   57.14         drule_tac [6] YM4_analz_knows_Spy)
   57.15  apply (simp_all add: pushes analz_insert_eq analz_insert_freshK) 
   57.16 -  subgoal \<comment>\<open>Fake\<close> by spy_analz
   57.17 -  subgoal \<comment>\<open>YM3\<close> by blast   
   57.18 -  subgoal \<comment>\<open>Oops\<close> by  (blast dest: unique_session_keys)   
   57.19 +  subgoal \<comment> \<open>Fake\<close> by spy_analz
   57.20 +  subgoal \<comment> \<open>YM3\<close> by blast   
   57.21 +  subgoal \<comment> \<open>Oops\<close> by  (blast dest: unique_session_keys)   
   57.22  done
   57.23  
   57.24  text\<open>Final version\<close>
   57.25 @@ -314,8 +314,8 @@
   57.26  apply (erule yahalom.induct, force,
   57.27         frule_tac [6] YM4_parts_knows_Spy)
   57.28           apply (analz_mono_contra, simp_all)
   57.29 -  subgoal \<comment>\<open>Fake\<close> by blast
   57.30 -  subgoal \<comment>\<open>YM3\<close> by blast   
   57.31 +  subgoal \<comment> \<open>Fake\<close> by blast
   57.32 +  subgoal \<comment> \<open>YM3\<close> by blast   
   57.33  txt\<open>YM4.  A is uncompromised because NB is secure
   57.34    A's certificate guarantees the existence of the Server message\<close>
   57.35  apply (blast dest!: Gets_imp_Says Crypt_Spy_analz_bad
   57.36 @@ -397,10 +397,10 @@
   57.37    @{term Says_Server_KeyWithNonce}, we get @{prop "~ KeyWithNonce K NB
   57.38    evs"}; then simplification can apply the induction hypothesis with
   57.39    @{term "KK = {K}"}.\<close>
   57.40 -  subgoal \<comment>\<open>Fake\<close> by spy_analz
   57.41 -  subgoal \<comment>\<open>YM2\<close> by blast
   57.42 -  subgoal \<comment>\<open>YM3\<close> by blast
   57.43 -  subgoal \<comment>\<open>YM4: If @{prop "A \<in> bad"} then @{term NBa} is known, therefore @{prop "NBa \<noteq> NB"}.\<close>
   57.44 +  subgoal \<comment> \<open>Fake\<close> by spy_analz
   57.45 +  subgoal \<comment> \<open>YM2\<close> by blast
   57.46 +  subgoal \<comment> \<open>YM3\<close> by blast
   57.47 +  subgoal \<comment> \<open>YM4: If @{prop "A \<in> bad"} then @{term NBa} is known, therefore @{prop "NBa \<noteq> NB"}.\<close>
   57.48      by (metis A_trusts_YM3 Gets_imp_analz_Spy Gets_imp_knows_Spy KeyWithNonce_def
   57.49          Spy_analz_shrK analz.Fst analz.Snd analz_shrK_Decrypt parts.Fst parts.Inj)
   57.50  done
   57.51 @@ -484,13 +484,13 @@
   57.52         frule_tac [6] YM4_analz_knows_Spy)
   57.53  apply (simp_all add: split_ifs pushes new_keys_not_analzd analz_insert_eq
   57.54                       analz_insert_freshK)
   57.55 -  subgoal \<comment>\<open>Fake\<close> by spy_analz
   57.56 -  subgoal \<comment>\<open>YM1: NB=NA is impossible anyway, but NA is secret because it is fresh!\<close> by blast
   57.57 -  subgoal \<comment>\<open>YM2\<close> by blast
   57.58 -  subgoal \<comment>\<open>YM3: because no NB can also be an NA\<close> 
   57.59 +  subgoal \<comment> \<open>Fake\<close> by spy_analz
   57.60 +  subgoal \<comment> \<open>YM1: NB=NA is impossible anyway, but NA is secret because it is fresh!\<close> by blast
   57.61 +  subgoal \<comment> \<open>YM2\<close> by blast
   57.62 +  subgoal \<comment> \<open>YM3: because no NB can also be an NA\<close> 
   57.63      by (blast dest!: no_nonce_YM1_YM2 dest: Gets_imp_Says Says_unique_NB)
   57.64 -  subgoal \<comment>\<open>YM4: key K is visible to Spy, contradicting session key secrecy theorem\<close>
   57.65 -    \<comment>\<open>Case analysis on whether Aa is bad;
   57.66 +  subgoal \<comment> \<open>YM4: key K is visible to Spy, contradicting session key secrecy theorem\<close>
   57.67 +    \<comment> \<open>Case analysis on whether Aa is bad;
   57.68              use \<open>Says_unique_NB\<close> to identify message components: @{term "Aa=A"}, @{term "Ba=B"}\<close>
   57.69      apply clarify
   57.70      apply (blast dest!: Says_unique_NB analz_shrK_Decrypt
   57.71 @@ -498,7 +498,7 @@
   57.72                   dest: Gets_imp_Says Says_imp_spies Says_Server_imp_YM2
   57.73                         Spy_not_see_encrypted_key)
   57.74      done
   57.75 -  subgoal \<comment>\<open>Oops case: if the nonce is betrayed now, show that the Oops event is
   57.76 +  subgoal \<comment> \<open>Oops case: if the nonce is betrayed now, show that the Oops event is
   57.77      covered by the quantified Oops assumption.\<close>
   57.78      apply clarsimp
   57.79      apply (metis Says_Server_imp_YM2 Gets_imp_Says Says_Server_not_range Says_unique_NB no_nonce_YM1_YM2 parts.Snd single_Nonce_secrecy spies_partsEs(1))
   57.80 @@ -596,10 +596,10 @@
   57.81  apply (erule yahalom.induct, force,
   57.82         frule_tac [6] YM4_parts_knows_Spy)
   57.83  apply (analz_mono_contra, simp_all)
   57.84 -  subgoal \<comment>\<open>Fake\<close> by blast
   57.85 -  subgoal \<comment>\<open>YM3 because the message @{term "Crypt K (Nonce NB)"} could not exist\<close>
   57.86 +  subgoal \<comment> \<open>Fake\<close> by blast
   57.87 +  subgoal \<comment> \<open>YM3 because the message @{term "Crypt K (Nonce NB)"} could not exist\<close>
   57.88       by (force dest!: Crypt_imp_keysFor)
   57.89 -   subgoal \<comment>\<open>YM4: was @{term "Crypt K (Nonce NB)"} the very last message? If not, use the induction hypothesis,
   57.90 +   subgoal \<comment> \<open>YM4: was @{term "Crypt K (Nonce NB)"} the very last message? If not, use the induction hypothesis,
   57.91                 otherwise by unicity of session keys\<close>
   57.92       by (blast dest!: Gets_imp_Says A_trusts_YM3 B_trusts_YM4_shrK Crypt_Spy_analz_bad
   57.93               dest: Says_imp_knows_Spy [THEN parts.Inj] unique_session_keys)
    58.1 --- a/src/HOL/Auth/Yahalom2.thy	Tue Jan 16 09:12:16 2018 +0100
    58.2 +++ b/src/HOL/Auth/Yahalom2.thy	Tue Jan 16 09:30:00 2018 +0100
    58.3 @@ -144,9 +144,9 @@
    58.4  apply (erule rev_mp)
    58.5  apply (erule yahalom.induct, force,
    58.6         frule_tac [6] YM4_parts_knows_Spy, simp_all)
    58.7 -subgoal \<comment>\<open>Fake\<close> by (force dest!: keysFor_parts_insert)
    58.8 -subgoal \<comment>\<open>YM3 \<close>by blast
    58.9 -subgoal \<comment>\<open>YM4\<close> by (fastforce dest!: Gets_imp_knows_Spy [THEN parts.Inj])
   58.10 +subgoal \<comment> \<open>Fake\<close> by (force dest!: keysFor_parts_insert)
   58.11 +subgoal \<comment> \<open>YM3\<close>by blast
   58.12 +subgoal \<comment> \<open>YM4\<close> by (fastforce dest!: Gets_imp_knows_Spy [THEN parts.Inj])
   58.13  done
   58.14  
   58.15  
   58.16 @@ -400,10 +400,10 @@
   58.17  apply (erule yahalom.induct, force,
   58.18         frule_tac [6] YM4_parts_knows_Spy)
   58.19  apply (analz_mono_contra, simp_all)
   58.20 -  subgoal \<comment>\<open>Fake\<close> by blast
   58.21 -  subgoal \<comment>\<open>YM3 because the message @{term "Crypt K (Nonce NB)"} could not exist\<close>
   58.22 +  subgoal \<comment> \<open>Fake\<close> by blast
   58.23 +  subgoal \<comment> \<open>YM3 because the message @{term "Crypt K (Nonce NB)"} could not exist\<close>
   58.24      by (force dest!: Crypt_imp_keysFor)
   58.25 -  subgoal \<comment>\<open>YM4: was @{term "Crypt K (Nonce NB)"} the very last message? If not, use the induction hypothesis,
   58.26 +  subgoal \<comment> \<open>YM4: was @{term "Crypt K (Nonce NB)"} the very last message? If not, use the induction hypothesis,
   58.27               otherwise by unicity of session keys\<close>
   58.28      by (blast dest!: B_trusts_YM4_shrK dest: secure_unique_session_keys)
   58.29  done
    59.1 --- a/src/HOL/Auth/ZhouGollmann.thy	Tue Jan 16 09:12:16 2018 +0100
    59.2 +++ b/src/HOL/Auth/ZhouGollmann.thy	Tue Jan 16 09:30:00 2018 +0100
    59.3 @@ -21,7 +21,7 @@
    59.4  
    59.5  
    59.6  definition broken :: "agent set" where    
    59.7 -    \<comment>\<open>the compromised honest agents; TTP is included as it's not allowed to
    59.8 +    \<comment> \<open>the compromised honest agents; TTP is included as it's not allowed to
    59.9          use the protocol\<close>
   59.10     "broken == bad - {Spy}"
   59.11  
    60.1 --- a/src/HOL/Bali/AxSem.thy	Tue Jan 16 09:12:16 2018 +0100
    60.2 +++ b/src/HOL/Bali/AxSem.thy	Tue Jan 16 09:30:00 2018 +0100
    60.3 @@ -36,7 +36,7 @@
    60.4  \end{itemize}
    60.5  \<close>
    60.6  
    60.7 -type_synonym  res = vals \<comment>\<open>result entry\<close>
    60.8 +type_synonym  res = vals \<comment> \<open>result entry\<close>
    60.9  
   60.10  abbreviation (input)
   60.11    Val where "Val x == In1 x"
   60.12 @@ -57,7 +57,7 @@
   60.13    "\<lambda>Var:v . b"  == "(\<lambda>v. b) \<circ> CONST the_In2"
   60.14    "\<lambda>Vals:v. b"  == "(\<lambda>v. b) \<circ> CONST the_In3"
   60.15  
   60.16 -  \<comment>\<open>relation on result values, state and auxiliary variables\<close>
   60.17 +  \<comment> \<open>relation on result values, state and auxiliary variables\<close>
   60.18  type_synonym 'a assn = "res \<Rightarrow> state \<Rightarrow> 'a \<Rightarrow> bool"
   60.19  translations
   60.20    (type) "'a assn" <= (type) "vals \<Rightarrow> state \<Rightarrow> 'a \<Rightarrow> bool"
   60.21 @@ -496,7 +496,7 @@
   60.22  
   60.23  | Abrupt:  "G,A\<turnstile>{P\<leftarrow>(undefined3 t) \<and>. Not \<circ> normal} t\<succ> {P}"
   60.24  
   60.25 -  \<comment>\<open>variables\<close>
   60.26 +  \<comment> \<open>variables\<close>
   60.27  | LVar:  " G,A\<turnstile>{Normal (\<lambda>s.. P\<leftarrow>Var (lvar vn s))} LVar vn=\<succ> {P}"
   60.28  
   60.29  | FVar: "\<lbrakk>G,A\<turnstile>{Normal P} .Init C. {Q};
   60.30 @@ -506,7 +506,7 @@
   60.31  | AVar:  "\<lbrakk>G,A\<turnstile>{Normal P} e1-\<succ> {Q};
   60.32            \<forall>a. G,A\<turnstile>{Q\<leftarrow>Val a} e2-\<succ> {\<lambda>Val:i:. avar G i a ..; R}\<rbrakk> \<Longrightarrow>
   60.33                                   G,A\<turnstile>{Normal P} e1.[e2]=\<succ> {R}"
   60.34 -  \<comment>\<open>expressions\<close>
   60.35 +  \<comment> \<open>expressions\<close>
   60.36  
   60.37  | NewC: "\<lbrakk>G,A\<turnstile>{Normal P} .Init C. {Alloc G (CInst C) Q}\<rbrakk> \<Longrightarrow>
   60.38                                   G,A\<turnstile>{Normal P} NewC C-\<succ> {Q}"
   60.39 @@ -569,7 +569,7 @@
   60.40      \<Longrightarrow>
   60.41                                   G,A\<turnstile>{Normal P} Body D c-\<succ> {R}"
   60.42    
   60.43 -  \<comment>\<open>expression lists\<close>
   60.44 +  \<comment> \<open>expression lists\<close>
   60.45  
   60.46  | Nil:                          "G,A\<turnstile>{Normal (P\<leftarrow>Vals [])} []\<doteq>\<succ> {P}"
   60.47  
   60.48 @@ -577,7 +577,7 @@
   60.49            \<forall>v. G,A\<turnstile>{Q\<leftarrow>Val v} es\<doteq>\<succ> {\<lambda>Vals:vs:. R\<leftarrow>Vals (v#vs)}\<rbrakk> \<Longrightarrow>
   60.50                                   G,A\<turnstile>{Normal P} e#es\<doteq>\<succ> {R}"
   60.51  
   60.52 -  \<comment>\<open>statements\<close>
   60.53 +  \<comment> \<open>statements\<close>
   60.54  
   60.55  | Skip:                         "G,A\<turnstile>{Normal (P\<leftarrow>\<diamondsuit>)} .Skip. {P}"
   60.56  
   60.57 @@ -629,8 +629,7 @@
   60.58  
   60.59  \<comment> \<open>Some dummy rules for the intermediate terms \<open>Callee\<close>,
   60.60  \<open>InsInitE\<close>, \<open>InsInitV\<close>, \<open>FinA\<close> only used by the smallstep 
   60.61 -semantics.
   60.62 -\<close>
   60.63 +semantics.\<close>
   60.64  | InsInitV: " G,A\<turnstile>{Normal P} InsInitV c v=\<succ> {Q}"
   60.65  | InsInitE: " G,A\<turnstile>{Normal P} InsInitE c e-\<succ> {Q}"
   60.66  | Callee:    " G,A\<turnstile>{Normal P} Callee l e-\<succ> {Q}"
    61.1 --- a/src/HOL/Bali/AxSound.thy	Tue Jan 16 09:12:16 2018 +0100
    61.2 +++ b/src/HOL/Bali/AxSound.thy	Tue Jan 16 09:30:00 2018 +0100
    61.3 @@ -1993,7 +1993,7 @@
    61.4      assume P: "P Y s0 Z"
    61.5      show "(P'\<leftarrow>=False\<down>=\<diamondsuit>) \<diamondsuit> s3 Z \<and> s3\<Colon>\<preceq>(G,L)"
    61.6      proof -
    61.7 -        \<comment>\<open>From the given hypothesises \<open>valid_e\<close> and \<open>valid_c\<close> 
    61.8 +        \<comment> \<open>From the given hypothesises \<open>valid_e\<close> and \<open>valid_c\<close> 
    61.9             we can only reach the state after unfolding the loop once, i.e. 
   61.10             @{term "P \<diamondsuit> s2 Z"}, where @{term s2} is the state after executing
   61.11             @{term c}. To gain validity of the further execution of while, to
   61.12 @@ -2002,8 +2002,7 @@
   61.13             too. We can achieve this, by performing induction on the 
   61.14             evaluation relation, with all
   61.15             the necessary preconditions to apply \<open>valid_e\<close> and 
   61.16 -           \<open>valid_c\<close> in the goal.
   61.17 -\<close>
   61.18 +           \<open>valid_c\<close> in the goal.\<close>
   61.19        {
   61.20          fix t s s' v 
   61.21          assume "G\<turnstile>s \<midarrow>t\<succ>\<midarrow>n\<rightarrow> (v, s')"
    62.1 --- a/src/HOL/Bali/Decl.thy	Tue Jan 16 09:12:16 2018 +0100
    62.2 +++ b/src/HOL/Bali/Decl.thy	Tue Jan 16 09:30:00 2018 +0100
    62.3 @@ -70,14 +70,14 @@
    62.4    fix x y z::acc_modi
    62.5    show "(x < y) = (x \<le> y \<and> \<not> y \<le> x)"
    62.6      by (auto simp add: le_acc_def less_acc_def split: acc_modi.split) 
    62.7 -  show "x \<le> x"                       \<comment> reflexivity
    62.8 +  show "x \<le> x"                       \<comment> \<open>reflexivity\<close>
    62.9      by (auto simp add: le_acc_def)
   62.10    {
   62.11 -    assume "x \<le> y" "y \<le> z"           \<comment> transitivity 
   62.12 +    assume "x \<le> y" "y \<le> z"           \<comment> \<open>transitivity\<close> 
   62.13      then show "x \<le> z"
   62.14        by (auto simp add: le_acc_def less_acc_def split: acc_modi.split)
   62.15    next
   62.16 -    assume "x \<le> y" "y \<le> x"           \<comment> antisymmetry
   62.17 +    assume "x \<le> y" "y \<le> x"           \<comment> \<open>antisymmetry\<close>
   62.18      moreover have "\<forall> x y. x < (y::acc_modi) \<and> y < x \<longrightarrow> False"
   62.19        by (auto simp add: less_acc_def split: acc_modi.split)
   62.20      ultimately show "x = y" by (unfold le_acc_def) iprover
   62.21 @@ -296,13 +296,13 @@
   62.22  subsection \<open>Interface\<close>
   62.23  
   62.24  
   62.25 -record  ibody = decl +  \<comment>\<open>interface body\<close>
   62.26 -          imethods :: "(sig \<times> mhead) list" \<comment>\<open>method heads\<close>
   62.27 +record  ibody = decl +  \<comment> \<open>interface body\<close>
   62.28 +          imethods :: "(sig \<times> mhead) list" \<comment> \<open>method heads\<close>
   62.29  
   62.30 -record  iface = ibody + \<comment>\<open>interface\<close>
   62.31 -         isuperIfs:: "qtname list" \<comment>\<open>superinterface list\<close>
   62.32 +record  iface = ibody + \<comment> \<open>interface\<close>
   62.33 +         isuperIfs:: "qtname list" \<comment> \<open>superinterface list\<close>
   62.34  type_synonym
   62.35 -        idecl           \<comment>\<open>interface declaration, cf. 9.1\<close>
   62.36 +        idecl           \<comment> \<open>interface declaration, cf. 9.1\<close>
   62.37          = "qtname \<times> iface"
   62.38  
   62.39  translations
   62.40 @@ -325,16 +325,16 @@
   62.41  by (simp add: ibody_def)
   62.42  
   62.43  subsection  \<open>Class\<close>
   62.44 -record cbody = decl +          \<comment>\<open>class body\<close>
   62.45 +record cbody = decl +          \<comment> \<open>class body\<close>
   62.46           cfields:: "fdecl list" 
   62.47           methods:: "mdecl list"
   62.48 -         init   :: "stmt"       \<comment>\<open>initializer\<close>
   62.49 +         init   :: "stmt"       \<comment> \<open>initializer\<close>
   62.50  
   62.51 -record "class" = cbody +           \<comment>\<open>class\<close>
   62.52 -        super   :: "qtname"      \<comment>\<open>superclass\<close>
   62.53 -        superIfs:: "qtname list" \<comment>\<open>implemented interfaces\<close>
   62.54 +record "class" = cbody +           \<comment> \<open>class\<close>
   62.55 +        super   :: "qtname"      \<comment> \<open>superclass\<close>
   62.56 +        superIfs:: "qtname list" \<comment> \<open>implemented interfaces\<close>
   62.57  type_synonym
   62.58 -        cdecl           \<comment>\<open>class declaration, cf. 8.1\<close>
   62.59 +        cdecl           \<comment> \<open>class declaration, cf. 8.1\<close>
   62.60          = "qtname \<times> class"
   62.61  
   62.62  translations
   62.63 @@ -370,16 +370,16 @@
   62.64  subsubsection "standard classes"
   62.65  
   62.66  consts
   62.67 -  Object_mdecls  ::  "mdecl list" \<comment>\<open>methods of Object\<close>
   62.68 -  SXcpt_mdecls   ::  "mdecl list" \<comment>\<open>methods of SXcpts\<close>
   62.69 +  Object_mdecls  ::  "mdecl list" \<comment> \<open>methods of Object\<close>
   62.70 +  SXcpt_mdecls   ::  "mdecl list" \<comment> \<open>methods of SXcpts\<close>
   62.71  
   62.72  definition
   62.73 -  ObjectC ::         "cdecl"      \<comment>\<open>declaration  of root      class\<close> where
   62.74 +  ObjectC ::         "cdecl"      \<comment> \<open>declaration  of root      class\<close> where
   62.75    "ObjectC = (Object,\<lparr>access=Public,cfields=[],methods=Object_mdecls,
   62.76                                    init=Skip,super=undefined,superIfs=[]\<rparr>)"
   62.77  
   62.78  definition
   62.79 -  SXcptC  ::"xname \<Rightarrow> cdecl"      \<comment>\<open>declarations of throwable classes\<close> where
   62.80 +  SXcptC  ::"xname \<Rightarrow> cdecl"      \<comment> \<open>declarations of throwable classes\<close> where
   62.81    "SXcptC xn = (SXcpt xn,\<lparr>access=Public,cfields=[],methods=SXcpt_mdecls,
   62.82                                     init=Skip,
   62.83                                     super=if xn = Throwable then Object 
   62.84 @@ -448,11 +448,11 @@
   62.85  subsubsection "subinterface and subclass relation, in anticipation of TypeRel.thy"
   62.86  
   62.87  definition
   62.88 -  subint1  :: "prog \<Rightarrow> (qtname \<times> qtname) set" \<comment>\<open>direct subinterface\<close>
   62.89 +  subint1  :: "prog \<Rightarrow> (qtname \<times> qtname) set" \<comment> \<open>direct subinterface\<close>
   62.90    where "subint1 G = {(I,J). \<exists>i\<in>iface G I: J\<in>set (isuperIfs i)}"
   62.91  
   62.92  definition
   62.93 -  subcls1  :: "prog \<Rightarrow> (qtname \<times> qtname) set" \<comment>\<open>direct subclass\<close>
   62.94 +  subcls1  :: "prog \<Rightarrow> (qtname \<times> qtname) set" \<comment> \<open>direct subclass\<close>
   62.95    where "subcls1 G = {(C,D). C\<noteq>Object \<and> (\<exists>c\<in>class G C: super c = D)}"
   62.96  
   62.97  abbreviation
   62.98 @@ -815,7 +815,7 @@
   62.99  
  62.100  definition
  62.101    imethds :: "prog \<Rightarrow> qtname \<Rightarrow> (sig,qtname \<times> mhead) tables" where
  62.102 -  \<comment>\<open>methods of an interface, with overriding and inheritance, cf. 9.2\<close>
  62.103 +  \<comment> \<open>methods of an interface, with overriding and inheritance, cf. 9.2\<close>
  62.104    "imethds G I = iface_rec G I
  62.105                (\<lambda>I i ts. (Un_tables ts) \<oplus>\<oplus> 
  62.106                          (set_option \<circ> table_of (map (\<lambda>(s,m). (s,I,m)) (imethods i))))"
    63.1 --- a/src/HOL/Bali/DeclConcepts.thy	Tue Jan 16 09:12:16 2018 +0100
    63.2 +++ b/src/HOL/Bali/DeclConcepts.thy	Tue Jan 16 09:30:00 2018 +0100
    63.3 @@ -250,28 +250,28 @@
    63.4  
    63.5  definition
    63.6    decliface :: "qtname \<times> 'a decl_scheme \<Rightarrow> qtname" where
    63.7 -  "decliface = fst"          \<comment>\<open>get the interface component\<close>
    63.8 +  "decliface = fst"          \<comment> \<open>get the interface component\<close>
    63.9  
   63.10  definition
   63.11    mbr :: "qtname \<times> memberdecl \<Rightarrow> memberdecl" where
   63.12 -  "mbr = snd"            \<comment>\<open>get the memberdecl component\<close>
   63.13 +  "mbr = snd"            \<comment> \<open>get the memberdecl component\<close>
   63.14  
   63.15  definition
   63.16    mthd :: "'b \<times> 'a \<Rightarrow> 'a" where
   63.17 -  "mthd = snd"              \<comment>\<open>get the method component\<close>
   63.18 -    \<comment>\<open>also used for mdecl, mhead\<close>
   63.19 +  "mthd = snd"              \<comment> \<open>get the method component\<close>
   63.20 +    \<comment> \<open>also used for mdecl, mhead\<close>
   63.21  
   63.22  definition
   63.23    fld :: "'b \<times> 'a decl_scheme \<Rightarrow> 'a decl_scheme" where
   63.24 -  "fld = snd"               \<comment>\<open>get the field component\<close>
   63.25 -    \<comment>\<open>also used for \<open>((vname \<times> qtname)\<times> field)\<close>\<close>
   63.26 +  "fld = snd"               \<comment> \<open>get the field component\<close>
   63.27 +    \<comment> \<open>also used for \<open>((vname \<times> qtname)\<times> field)\<close>\<close>
   63.28  
   63.29  \<comment> \<open>some mnemotic selectors for \<open>(vname \<times> qtname)\<close>\<close>
   63.30  
   63.31  definition
   63.32    fname:: "vname \<times> 'a \<Rightarrow> vname"
   63.33    where "fname = fst"
   63.34 -    \<comment>\<open>also used for fdecl\<close>
   63.35 +    \<comment> \<open>also used for fdecl\<close>
   63.36  
   63.37  definition
   63.38    declclassf:: "(vname \<times> qtname) \<Rightarrow> qtname"
   63.39 @@ -326,7 +326,7 @@
   63.40  lemma declclassf_simp[simp]:"declclassf (n,c) = c"
   63.41  by (simp add: declclassf_def)
   63.42  
   63.43 -  \<comment>\<open>some mnemotic selectors for \<open>(vname \<times> qtname)\<close>\<close>
   63.44 +  \<comment> \<open>some mnemotic selectors for \<open>(vname \<times> qtname)\<close>\<close>
   63.45  
   63.46  definition
   63.47    fldname :: "vname \<times> qtname \<Rightarrow> vname"
    64.1 --- a/src/HOL/Bali/DefiniteAssignment.thy	Tue Jan 16 09:12:16 2018 +0100
    64.2 +++ b/src/HOL/Bali/DefiniteAssignment.thy	Tue Jan 16 09:30:00 2018 +0100
    64.3 @@ -59,7 +59,7 @@
    64.4  | "jumpNestingOkS jmps (If(e) c1 Else c2) = (jumpNestingOkS jmps c1 \<and>  
    64.5                                               jumpNestingOkS jmps c2)"
    64.6  | "jumpNestingOkS jmps (l\<bullet> While(e) c) = jumpNestingOkS ({Cont l} \<union> jmps) c"
    64.7 -\<comment>\<open>The label of the while loop only handles continue jumps. Breaks are only
    64.8 +\<comment> \<open>The label of the while loop only handles continue jumps. Breaks are only
    64.9       handled by @{term Lab}\<close>
   64.10  | "jumpNestingOkS jmps (Jmp j) = (j \<in> jmps)"
   64.11  | "jumpNestingOkS jmps (Throw e) = True"
   64.12 @@ -68,9 +68,9 @@
   64.13  | "jumpNestingOkS jmps (c1 Finally c2) = (jumpNestingOkS jmps c1 \<and> 
   64.14                                            jumpNestingOkS jmps c2)"
   64.15  | "jumpNestingOkS jmps (Init C) = True" 
   64.16 - \<comment>\<open>wellformedness of the program must enshure that for all initializers 
   64.17 + \<comment> \<open>wellformedness of the program must enshure that for all initializers 
   64.18        jumpNestingOkS {} holds\<close> 
   64.19 -\<comment>\<open>Dummy analysis for intermediate smallstep term @{term  FinA}\<close>
   64.20 +\<comment> \<open>Dummy analysis for intermediate smallstep term @{term  FinA}\<close>
   64.21  | "jumpNestingOkS jmps (FinA a c) = False"
   64.22  
   64.23  
   64.24 @@ -216,7 +216,7 @@
   64.25                                              | False\<Rightarrow> (case (constVal e1) of
   64.26                                                           None   \<Rightarrow> None
   64.27                                                         | Some v \<Rightarrow> constVal e2)))"
   64.28 -\<comment>\<open>Note that \<open>constVal (Cond b e1 e2)\<close> is stricter as it could be.
   64.29 +\<comment> \<open>Note that \<open>constVal (Cond b e1 e2)\<close> is stricter as it could be.
   64.30       It requires that all tree expressions are constant even if we can decide
   64.31       which branch to choose, provided the constant value of @{term b}\<close>
   64.32  | "constVal (Call accC statT mode objRef mn pTs args) = None"
   64.33 @@ -282,10 +282,10 @@
   64.34  constant false/true will also lead to UNIV.\<close>
   64.35  primrec assigns_if :: "bool \<Rightarrow> expr \<Rightarrow> lname set"
   64.36  where
   64.37 -  "assigns_if b (NewC c)            = UNIV" \<comment>\<open>can never evaluate to Boolean\<close> 
   64.38 -| "assigns_if b (NewA t e)          = UNIV" \<comment>\<open>can never evaluate to Boolean\<close>
   64.39 +  "assigns_if b (NewC c)            = UNIV" \<comment> \<open>can never evaluate to Boolean\<close> 
   64.40 +| "assigns_if b (NewA t e)          = UNIV" \<comment> \<open>can never evaluate to Boolean\<close>
   64.41  | "assigns_if b (Cast t e)          = assigns_if b e" 
   64.42 -| "assigns_if b (Inst e r)          = assignsE e" \<comment>\<open>Inst has type Boolean but
   64.43 +| "assigns_if b (Inst e r)          = assignsE e" \<comment> \<open>Inst has type Boolean but
   64.44                                                         e is a reference type\<close>
   64.45  | "assigns_if b (Lit val)           = (if val=Bool b then {} else UNIV)"  
   64.46  | "assigns_if b (UnOp unop e)       = (case constVal (UnOp unop e) of
   64.47 @@ -311,7 +311,7 @@
   64.48                    else assignsE e1 \<union> assignsE e2))
   64.49         | Some v \<Rightarrow> (if v=Bool b then {} else UNIV))"
   64.50  
   64.51 -| "assigns_if b (Super)      = UNIV" \<comment>\<open>can never evaluate to Boolean\<close>
   64.52 +| "assigns_if b (Super)      = UNIV" \<comment> \<open>can never evaluate to Boolean\<close>
   64.53  | "assigns_if b (Acc v)      = (assignsV v)"
   64.54  | "assigns_if b (v := e)     = (assignsE (Ass v e))"
   64.55  | "assigns_if b (c? e1 : e2) = (assignsE c) \<union>
   64.56 @@ -499,13 +499,13 @@
   64.57  
   64.58   
   64.59  type_synonym breakass = "(label, lname) tables" 
   64.60 -\<comment>\<open>Mapping from a break label, to the set of variables that will be assigned 
   64.61 +\<comment> \<open>Mapping from a break label, to the set of variables that will be assigned 
   64.62       if the evaluation terminates with this break\<close>
   64.63      
   64.64  record assigned = 
   64.65 -         nrm :: "lname set" \<comment>\<open>Definetly assigned variables 
   64.66 +         nrm :: "lname set" \<comment> \<open>Definetly assigned variables 
   64.67                                   for normal completion\<close>
   64.68 -         brk :: "breakass" \<comment>\<open>Definetly assigned variables for 
   64.69 +         brk :: "breakass" \<comment> \<open>Definetly assigned variables for 
   64.70                                  abrupt completion with a break\<close>
   64.71  
   64.72  definition
   64.73 @@ -556,7 +556,7 @@
   64.74            \<Longrightarrow>
   64.75            Env\<turnstile> B \<guillemotright>\<langle>If(e) c1 Else c2\<rangle>\<guillemotright> A"
   64.76  
   64.77 -\<comment>\<open>Note that @{term E} is not further used, because we take the specialized
   64.78 +\<comment> \<open>Note that @{term E} is not further used, because we take the specialized
   64.79       sets that also consider if the expression evaluates to true or false. 
   64.80       Inside of @{term e} there is no {\tt break} or {\tt finally}, so the break
   64.81       map of @{term E} will be the trivial one. So 
   64.82 @@ -571,8 +571,7 @@
   64.83       maps will trivially map to @{term UNIV} and if a break occurs it will map
   64.84       to @{term UNIV} too, because @{term "assigns_if False e = UNIV"}. So
   64.85       in the intersection of the break maps the path @{term c2} will have no
   64.86 -     contribution.
   64.87 -\<close>
   64.88 +     contribution.\<close>
   64.89  
   64.90  | Loop: "\<lbrakk>Env\<turnstile> B \<guillemotright>\<langle>e\<rangle>\<guillemotright> E; 
   64.91            Env\<turnstile> (B \<union> assigns_if True e) \<guillemotright>\<langle>c\<rangle>\<guillemotright> C;
   64.92 @@ -580,7 +579,7 @@
   64.93            brk A = brk C\<rbrakk>  
   64.94            \<Longrightarrow>
   64.95            Env\<turnstile> B \<guillemotright>\<langle>l\<bullet> While(e) c\<rangle>\<guillemotright> A"
   64.96 -\<comment>\<open>The \<open>Loop\<close> rule resembles some of the ideas of the \<open>If\<close> rule.
   64.97 +\<comment> \<open>The \<open>Loop\<close> rule resembles some of the ideas of the \<open>If\<close> rule.
   64.98       For the @{term "nrm A"} the set @{term "B \<union> assigns_if False e"} 
   64.99       will be @{term UNIV} if the condition is constantly true. To normally exit
  64.100       the while loop, we must consider the body @{term c} to be completed 
  64.101 @@ -588,8 +587,7 @@
  64.102       the label @{term l} of the loop
  64.103       only handles continue labels, not break labels. The break label will be
  64.104       handled by an enclosing @{term Lab} statement. So we don't have to
  64.105 -     handle the breaks specially. 
  64.106 -\<close>
  64.107 +     handle the breaks specially.\<close>
  64.108  
  64.109  | Jmp: "\<lbrakk>jump=Ret \<longrightarrow> Result \<in> B;
  64.110           nrm A = UNIV;
  64.111 @@ -599,13 +597,12 @@
  64.112                    | Ret     \<Rightarrow> \<lambda> k. UNIV)\<rbrakk> 
  64.113          \<Longrightarrow> 
  64.114          Env\<turnstile> B \<guillemotright>\<langle>Jmp jump\<rangle>\<guillemotright> A"
  64.115 -\<comment>\<open>In case of a break to label @{term l} the corresponding break set is all
  64.116 +\<comment> \<open>In case of a break to label @{term l} the corresponding break set is all
  64.117       variables assigned before the break. The assigned variables for normal
  64.118       completion of the @{term Jmp} is @{term UNIV}, because the statement will
  64.119       never complete normally. For continue and return the break map is the 
  64.120       trivial one. In case of a return we enshure that the result value is
  64.121 -     assigned.
  64.122 -\<close>
  64.123 +     assigned.\<close>
  64.124  
  64.125  | Throw: "\<lbrakk>Env\<turnstile> B \<guillemotright>\<langle>e\<rangle>\<guillemotright> E; nrm A = UNIV; brk A = (\<lambda> l. UNIV)\<rbrakk> 
  64.126           \<Longrightarrow> Env\<turnstile> B \<guillemotright>\<langle>Throw e\<rangle>\<guillemotright> A"
  64.127 @@ -622,7 +619,7 @@
  64.128            brk A = ((brk C1) \<Rightarrow>\<union>\<^sub>\<forall> (nrm C2)) \<Rightarrow>\<inter> (brk C2)\<rbrakk>  
  64.129            \<Longrightarrow>
  64.130            Env\<turnstile> B \<guillemotright>\<langle>c1 Finally c2\<rangle>\<guillemotright> A" 
  64.131 -\<comment>\<open>The set of assigned variables before execution @{term c2} are the same
  64.132 +\<comment> \<open>The set of assigned variables before execution @{term c2} are the same
  64.133       as before execution @{term c1}, because @{term c1} could throw an exception
  64.134       and so we can't guarantee that any variable will be assigned in @{term c1}.
  64.135       The \<open>Finally\<close> statement completes
  64.136 @@ -635,10 +632,9 @@
  64.137       break will appear in the overall result state. We don't know if 
  64.138       @{term c1} completed normally or abruptly (maybe with an exception not only
  64.139       a break) so @{term c1} has no contribution to the break map following this
  64.140 -     path.
  64.141 -\<close>
  64.142 +     path.\<close>
  64.143  
  64.144 -\<comment>\<open>Evaluation of expressions and the break sets of definite assignment:
  64.145 +\<comment> \<open>Evaluation of expressions and the break sets of definite assignment:
  64.146       Thinking of a Java expression we assume that we can never have
  64.147       a break statement inside of a expression. So for all expressions the
  64.148       break sets could be set to the trivial one: @{term "\<lambda> l. UNIV"}. 
  64.149 @@ -657,17 +653,15 @@
  64.150       right now. So we have decided to adjust the rules of definite assignment
  64.151       to fit to these circumstances. If an initialization is involved during
  64.152       evaluation of the expression (evaluation rules \<open>FVar\<close>, \<open>NewC\<close> 
  64.153 -     and \<open>NewA\<close>
  64.154 -\<close>
  64.155 +     and \<open>NewA\<close>\<close>
  64.156  
  64.157  | Init: "Env\<turnstile> B \<guillemotright>\<langle>Init C\<rangle>\<guillemotright> \<lparr>nrm=B,brk=\<lambda> l. UNIV\<rparr>"
  64.158 -\<comment>\<open>Wellformedness of a program will ensure, that every static initialiser 
  64.159 +\<comment> \<open>Wellformedness of a program will ensure, that every static initialiser 
  64.160       is definetly assigned and the jumps are nested correctly. The case here
  64.161       for @{term Init} is just for convenience, to get a proper precondition 
  64.162       for the induction hypothesis in various proofs, so that we don't have to
  64.163       expand the initialisation on every point where it is triggerred by the
  64.164 -     evaluation rules.
  64.165 -\<close>   
  64.166 +     evaluation rules.\<close>   
  64.167  | NewC: "Env\<turnstile> B \<guillemotright>\<langle>NewC C\<rangle>\<guillemotright> \<lparr>nrm=B,brk=\<lambda> l. UNIV\<rparr>" 
  64.168  
  64.169  | NewA: "Env\<turnstile> B \<guillemotright>\<langle>e\<rangle>\<guillemotright> A 
  64.170 @@ -715,9 +709,8 @@
  64.171               nrm A = B; brk A = (\<lambda> k. UNIV)\<rbrakk> 
  64.172               \<Longrightarrow> 
  64.173               Env\<turnstile> B \<guillemotright>\<langle>Acc (LVar vn)\<rangle>\<guillemotright> A"
  64.174 -\<comment>\<open>To properly access a local variable we have to test the definite 
  64.175 -     assignment here. The variable must occur in the set @{term B} 
  64.176 -\<close>
  64.177 +\<comment> \<open>To properly access a local variable we have to test the definite 
  64.178 +     assignment here. The variable must occur in the set @{term B}\<close>
  64.179  
  64.180  | Acc: "\<lbrakk>\<forall> vn. v \<noteq> LVar vn;
  64.181           Env\<turnstile> B \<guillemotright>\<langle>v\<rangle>\<guillemotright> A\<rbrakk>
  64.182 @@ -773,8 +766,7 @@
  64.183        rules, and therefor we have to establish the definite assignment of the
  64.184        sub-evaluation during the type-safety proof. Note that well-typedness is
  64.185        also a precondition for type-safety and so we can omit some assertion 
  64.186 -      that are already ensured by well-typedness. 
  64.187 -\<close>
  64.188 +      that are already ensured by well-typedness.\<close>
  64.189  | Methd: "\<lbrakk>methd (prg Env) D sig = Some m;
  64.190             Env\<turnstile> B \<guillemotright>\<langle>Body (declclass m) (stmt (mbody (mthd m)))\<rangle>\<guillemotright> A
  64.191            \<rbrakk>
  64.192 @@ -796,8 +788,7 @@
  64.193        definite assignment only talks about normal completion and breaks. So
  64.194        for a return the @{term Jump} rule ensures that the result variable is
  64.195        set and then this information must be carried over to the @{term Body}
  64.196 -      rule by the conformance predicate of the state.
  64.197 -\<close>
  64.198 +      rule by the conformance predicate of the state.\<close>
  64.199  | LVar: "Env\<turnstile> B \<guillemotright>\<langle>LVar vn\<rangle>\<guillemotright> \<lparr>nrm=B, brk=\<lambda> l. UNIV\<rparr>" 
  64.200  
  64.201  | FVar: "Env\<turnstile> B \<guillemotright>\<langle>e\<rangle>\<guillemotright> A 
    65.1 --- a/src/HOL/Bali/Eval.thy	Tue Jan 16 09:12:16 2018 +0100
    65.2 +++ b/src/HOL/Bali/Eval.thy	Tue Jan 16 09:30:00 2018 +0100
    65.3 @@ -354,7 +354,7 @@
    65.4  
    65.5  
    65.6  
    65.7 -lemma init_lvars_def2: \<comment>\<open>better suited for simplification\<close> 
    65.8 +lemma init_lvars_def2: \<comment> \<open>better suited for simplification\<close> 
    65.9  "init_lvars G C sig mode a' pvs (x,s) =  
   65.10    set_lvars 
   65.11      (\<lambda> k. 
   65.12 @@ -377,7 +377,7 @@
   65.13      (let m = the (methd G C sig) 
   65.14       in Body (declclass m) (stmt (mbody (mthd m))))"
   65.15  
   65.16 -lemma body_def2: \<comment>\<open>better suited for simplification\<close> 
   65.17 +lemma body_def2: \<comment> \<open>better suited for simplification\<close> 
   65.18  "body G C sig = Body  (declclass (the (methd G C sig))) 
   65.19                        (stmt (mbody (mthd (the (methd G C sig)))))"
   65.20  apply (unfold body_def Let_def)
   65.21 @@ -411,7 +411,7 @@
   65.22                                ,upd_gobj oref n v s)) 
   65.23       in ((the (cs n),f),abupd (raise_if (\<not>i in_bounds k) IndOutBound \<circ> np a') s))"
   65.24  
   65.25 -lemma fvar_def2: \<comment>\<open>better suited for simplification\<close> 
   65.26 +lemma fvar_def2: \<comment> \<open>better suited for simplification\<close> 
   65.27  "fvar C stat fn a' s =  
   65.28    ((the 
   65.29       (values 
   65.30 @@ -426,7 +426,7 @@
   65.31  apply (simp (no_asm) add: Let_def split_beta)
   65.32  done
   65.33  
   65.34 -lemma avar_def2: \<comment>\<open>better suited for simplification\<close> 
   65.35 +lemma avar_def2: \<comment> \<open>better suited for simplification\<close> 
   65.36  "avar G i' a' s =  
   65.37    ((the ((snd(snd(the_Arr (globs (store s) (Heap (the_Addr a')))))) 
   65.38             (Inr (the_Intg i')))
   65.39 @@ -470,7 +470,7 @@
   65.40  
   65.41  inductive
   65.42    halloc :: "[prog,state,obj_tag,loc,state]\<Rightarrow>bool" ("_\<turnstile>_ \<midarrow>halloc _\<succ>_\<rightarrow> _"[61,61,61,61,61]60) for G::prog
   65.43 -where \<comment>\<open>allocating objects on the heap, cf. 12.5\<close>
   65.44 +where \<comment> \<open>allocating objects on the heap, cf. 12.5\<close>
   65.45  
   65.46    Abrupt: 
   65.47    "G\<turnstile>(Some x,s) \<midarrow>halloc oi\<succ>undefined\<rightarrow> (Some x,s)"
   65.48 @@ -482,7 +482,7 @@
   65.49              G\<turnstile>Norm s \<midarrow>halloc oi\<succ>a\<rightarrow> (x,init_obj G oi' (Heap a) s)"
   65.50  
   65.51  inductive sxalloc :: "[prog,state,state]\<Rightarrow>bool" ("_\<turnstile>_ \<midarrow>sxalloc\<rightarrow> _"[61,61,61]60) for G::prog
   65.52 -where \<comment>\<open>allocating exception objects for
   65.53 +where \<comment> \<open>allocating exception objects for
   65.54    standard exceptions (other than OutOfMemory)\<close>
   65.55  
   65.56    Norm:  "G\<turnstile> Norm              s   \<midarrow>sxalloc\<rightarrow>  Norm             s"
   65.57 @@ -512,42 +512,41 @@
   65.58  | "G\<turnstile>s \<midarrow>e=\<succ>vf\<rightarrow>     s' \<equiv> G\<turnstile>s \<midarrow>In2  e\<succ>\<rightarrow> (In2 vf, s')"
   65.59  | "G\<turnstile>s \<midarrow>e\<doteq>\<succ>v \<rightarrow>     s' \<equiv> G\<turnstile>s \<midarrow>In3  e\<succ>\<rightarrow> (In3 v,  s')"
   65.60  
   65.61 -\<comment>\<open>propagation of abrupt completion\<close>
   65.62 +\<comment> \<open>propagation of abrupt completion\<close>
   65.63  
   65.64 -  \<comment>\<open>cf. 14.1, 15.5\<close>
   65.65 +  \<comment> \<open>cf. 14.1, 15.5\<close>
   65.66  | Abrupt: 
   65.67     "G\<turnstile>(Some xc,s) \<midarrow>t\<succ>\<rightarrow> (undefined3 t, (Some xc, s))"
   65.68  
   65.69  
   65.70 -\<comment>\<open>execution of statements\<close>
   65.71 +\<comment> \<open>execution of statements\<close>
   65.72  
   65.73 -  \<comment>\<open>cf. 14.5\<close>
   65.74 +  \<comment> \<open>cf. 14.5\<close>
   65.75  | Skip:                             "G\<turnstile>Norm s \<midarrow>Skip\<rightarrow> Norm s"
   65.76  
   65.77 -  \<comment>\<open>cf. 14.7\<close>
   65.78 +  \<comment> \<open>cf. 14.7\<close>
   65.79  | Expr: "\<lbrakk>G\<turnstile>Norm s0 \<midarrow>e-\<succ>v\<rightarrow> s1\<rbrakk> \<Longrightarrow>
   65.80                                    G\<turnstile>Norm s0 \<midarrow>Expr e\<rightarrow> s1"
   65.81  
   65.82  | Lab:  "\<lbrakk>G\<turnstile>Norm s0 \<midarrow>c \<rightarrow> s1\<rbrakk> \<Longrightarrow>
   65.83                                  G\<turnstile>Norm s0 \<midarrow>l\<bullet> c\<rightarrow> abupd (absorb l) s1"
   65.84 -  \<comment>\<open>cf. 14.2\<close>
   65.85 +  \<comment> \<open>cf. 14.2\<close>
   65.86  | Comp: "\<lbrakk>G\<turnstile>Norm s0 \<midarrow>c1 \<rightarrow> s1;
   65.87            G\<turnstile>     s1 \<midarrow>c2 \<rightarrow> s2\<rbrakk> \<Longrightarrow>
   65.88                                   G\<turnstile>Norm s0 \<midarrow>c1;; c2\<rightarrow> s2"
   65.89  
   65.90 -  \<comment>\<open>cf. 14.8.2\<close>
   65.91 +  \<comment> \<open>cf. 14.8.2\<close>
   65.92  | If:   "\<lbrakk>G\<turnstile>Norm s0 \<midarrow>e-\<succ>b\<rightarrow> s1;
   65.93            G\<turnstile>     s1\<midarrow>(if the_Bool b then c1 else c2)\<rightarrow> s2\<rbrakk> \<Longrightarrow>
   65.94                         G\<turnstile>Norm s0 \<midarrow>If(e) c1 Else c2 \<rightarrow> s2"
   65.95  
   65.96 -  \<comment>\<open>cf. 14.10, 14.10.1\<close>
   65.97 +  \<comment> \<open>cf. 14.10, 14.10.1\<close>
   65.98    
   65.99 -  \<comment>\<open>A continue jump from the while body @{term c} is handled by 
  65.100 +  \<comment> \<open>A continue jump from the while body @{term c} is handled by 
  65.101       this rule. If a continue jump with the proper label was invoked inside 
  65.102       @{term c} this label (Cont l) is deleted out of the abrupt component of 
  65.103       the state before the iterative evaluation of the while statement.
  65.104 -     A break jump is handled by the Lab Statement \<open>Lab l (while\<dots>)\<close>.
  65.105 -\<close>
  65.106 +     A break jump is handled by the Lab Statement \<open>Lab l (while\<dots>)\<close>.\<close>
  65.107  | Loop: "\<lbrakk>G\<turnstile>Norm s0 \<midarrow>e-\<succ>b\<rightarrow> s1;
  65.108            if the_Bool b 
  65.109               then (G\<turnstile>s1 \<midarrow>c\<rightarrow> s2 \<and> 
  65.110 @@ -557,16 +556,16 @@
  65.111  
  65.112  | Jmp: "G\<turnstile>Norm s \<midarrow>Jmp j\<rightarrow> (Some (Jump j), s)"
  65.113     
  65.114 -  \<comment>\<open>cf. 14.16\<close>
  65.115 +  \<comment> \<open>cf. 14.16\<close>
  65.116  | Throw: "\<lbrakk>G\<turnstile>Norm s0 \<midarrow>e-\<succ>a'\<rightarrow> s1\<rbrakk> \<Longrightarrow>
  65.117                                   G\<turnstile>Norm s0 \<midarrow>Throw e\<rightarrow> abupd (throw a') s1"
  65.118  
  65.119 -  \<comment>\<open>cf. 14.18.1\<close>
  65.120 +  \<comment> \<open>cf. 14.18.1\<close>
  65.121  | Try:  "\<lbrakk>G\<turnstile>Norm s0 \<midarrow>c1\<rightarrow> s1; G\<turnstile>s1 \<midarrow>sxalloc\<rightarrow> s2; 
  65.122            if G,s2\<turnstile>catch C then G\<turnstile>new_xcpt_var vn s2 \<midarrow>c2\<rightarrow> s3 else s3 = s2\<rbrakk> \<Longrightarrow>
  65.123                    G\<turnstile>Norm s0 \<midarrow>Try c1 Catch(C vn) c2\<rightarrow> s3"
  65.124  
  65.125 -  \<comment>\<open>cf. 14.18.2\<close>
  65.126 +  \<comment> \<open>cf. 14.18.2\<close>
  65.127  | Fin:  "\<lbrakk>G\<turnstile>Norm s0 \<midarrow>c1\<rightarrow> (x1,s1);
  65.128            G\<turnstile>Norm s1 \<midarrow>c2\<rightarrow> s2;
  65.129            s3=(if (\<exists> err. x1=Some (Error err)) 
  65.130 @@ -574,7 +573,7 @@
  65.131                else abupd (abrupt_if (x1\<noteq>None) x1) s2) \<rbrakk> 
  65.132            \<Longrightarrow>
  65.133            G\<turnstile>Norm s0 \<midarrow>c1 Finally c2\<rightarrow> s3"
  65.134 -  \<comment>\<open>cf. 12.4.2, 8.5\<close>
  65.135 +  \<comment> \<open>cf. 12.4.2, 8.5\<close>
  65.136  | Init: "\<lbrakk>the (class G C) = c;
  65.137            if inited C (globs s0) then s3 = Norm s0
  65.138            else (G\<turnstile>Norm (init_class_obj G C s0) 
  65.139 @@ -582,7 +581,7 @@
  65.140                 G\<turnstile>set_lvars empty s1 \<midarrow>init c\<rightarrow> s2 \<and> s3 = restore_lvars s1 s2)\<rbrakk> 
  65.141                \<Longrightarrow>
  65.142                   G\<turnstile>Norm s0 \<midarrow>Init C\<rightarrow> s3"
  65.143 -   \<comment>\<open>This class initialisation rule is a little bit inaccurate. Look at the
  65.144 +   \<comment> \<open>This class initialisation rule is a little bit inaccurate. Look at the
  65.145        exact sequence:
  65.146        (1) The current class object (the static fields) are initialised
  65.147             (\<open>init_class_obj\<close>),
  65.148 @@ -602,31 +601,30 @@
  65.149        superclass initialisation and afterwards set the correct values.
  65.150        But as long as we don't take memory overflow into account 
  65.151        when allocating class objects, we can leave things as they are for 
  65.152 -      convenience. 
  65.153 -\<close>
  65.154 -\<comment>\<open>evaluation of expressions\<close>
  65.155 +      convenience.\<close>
  65.156 +\<comment> \<open>evaluation of expressions\<close>
  65.157  
  65.158 -  \<comment>\<open>cf. 15.8.1, 12.4.1\<close>
  65.159 +  \<comment> \<open>cf. 15.8.1, 12.4.1\<close>
  65.160  | NewC: "\<lbrakk>G\<turnstile>Norm s0 \<midarrow>Init C\<rightarrow> s1;
  65.161            G\<turnstile>     s1 \<midarrow>halloc (CInst C)\<succ>a\<rightarrow> s2\<rbrakk> \<Longrightarrow>
  65.162                                    G\<turnstile>Norm s0 \<midarrow>NewC C-\<succ>Addr a\<rightarrow> s2"
  65.163  
  65.164 -  \<comment>\<open>cf. 15.9.1, 12.4.1\<close>
  65.165 +  \<comment> \<open>cf. 15.9.1, 12.4.1\<close>
  65.166  | NewA: "\<lbrakk>G\<turnstile>Norm s0 \<midarrow>init_comp_ty T\<rightarrow> s1; G\<turnstile>s1 \<midarrow>e-\<succ>i'\<rightarrow> s2; 
  65.167            G\<turnstile>abupd (check_neg i') s2 \<midarrow>halloc (Arr T (the_Intg i'))\<succ>a\<rightarrow> s3\<rbrakk> \<Longrightarrow>
  65.168                                  G\<turnstile>Norm s0 \<midarrow>New T[e]-\<succ>Addr a\<rightarrow> s3"
  65.169  
  65.170 -  \<comment>\<open>cf. 15.15\<close>
  65.171 +  \<comment> \<open>cf. 15.15\<close>
  65.172  | Cast: "\<lbrakk>G\<turnstile>Norm s0 \<midarrow>e-\<succ>v\<rightarrow> s1;
  65.173            s2 = abupd (raise_if (\<not>G,store s1\<turnstile>v fits T) ClassCast) s1\<rbrakk> \<Longrightarrow>
  65.174                                  G\<turnstile>Norm s0 \<midarrow>Cast T e-\<succ>v\<rightarrow> s2"
  65.175  
  65.176 -  \<comment>\<open>cf. 15.19.2\<close>
  65.177 +  \<comment> \<open>cf. 15.19.2\<close>
  65.178  | Inst: "\<lbrakk>G\<turnstile>Norm s0 \<midarrow>e-\<succ>v\<rightarrow> s1;
  65.179            b = (v\<noteq>Null \<and> G,store s1\<turnstile>v fits RefT T)\<rbrakk> \<Longrightarrow>
  65.180                                G\<turnstile>Norm s0 \<midarrow>e InstOf T-\<succ>Bool b\<rightarrow> s1"
  65.181  
  65.182 -  \<comment>\<open>cf. 15.7.1\<close>
  65.183 +  \<comment> \<open>cf. 15.7.1\<close>
  65.184  | Lit:  "G\<turnstile>Norm s \<midarrow>Lit v-\<succ>v\<rightarrow> Norm s"
  65.185  
  65.186  | UnOp: "\<lbrakk>G\<turnstile>Norm s0 \<midarrow>e-\<succ>v\<rightarrow> s1\<rbrakk> 
  65.187 @@ -638,19 +636,19 @@
  65.188            \<rbrakk> 
  65.189           \<Longrightarrow> G\<turnstile>Norm s0 \<midarrow>BinOp binop e1 e2-\<succ>(eval_binop binop v1 v2)\<rightarrow> s2"
  65.190     
  65.191 -  \<comment>\<open>cf. 15.10.2\<close>
  65.192 +  \<comment> \<open>cf. 15.10.2\<close>
  65.193  | Super: "G\<turnstile>Norm s \<midarrow>Super-\<succ>val_this s\<rightarrow> Norm s"
  65.194  
  65.195 -  \<comment>\<open>cf. 15.2\<close>
  65.196 +  \<comment> \<open>cf. 15.2\<close>
  65.197  | Acc:  "\<lbrakk>G\<turnstile>Norm s0 \<midarrow>va=\<succ>(v,f)\<rightarrow> s1\<rbrakk> \<Longrightarrow>
  65.198                                    G\<turnstile>Norm s0 \<midarrow>Acc va-\<succ>v\<rightarrow> s1"
  65.199  
  65.200 -  \<comment>\<open>cf. 15.25.1\<close>
  65.201 +  \<comment> \<open>cf. 15.25.1\<close>
  65.202  | Ass:  "\<lbrakk>G\<turnstile>Norm s0 \<midarrow>va=\<succ>(w,f)\<rightarrow> s1;
  65.203            G\<turnstile>     s1 \<midarrow>e-\<succ>v  \<rightarrow> s2\<rbrakk> \<Longrightarrow>
  65.204                                     G\<turnstile>Norm s0 \<midarrow>va:=e-\<succ>v\<rightarrow> assign f v s2"
  65.205  
  65.206 -  \<comment>\<open>cf. 15.24\<close>
  65.207 +  \<comment> \<open>cf. 15.24\<close>
  65.208  | Cond: "\<lbrakk>G\<turnstile>Norm s0 \<midarrow>e0-\<succ>b\<rightarrow> s1;
  65.209            G\<turnstile>     s1 \<midarrow>(if the_Bool b then e1 else e2)-\<succ>v\<rightarrow> s2\<rbrakk> \<Longrightarrow>
  65.210                              G\<turnstile>Norm s0 \<midarrow>e0 ? e1 : e2-\<succ>v\<rightarrow> s2"
  65.211 @@ -672,9 +670,8 @@
  65.212                             body was introduced to properly trigger class 
  65.213                             initialisation. Without class initialisation we 
  65.214                             could just evaluate the body statement. 
  65.215 -      \end{itemize}
  65.216 -\<close>
  65.217 -  \<comment>\<open>cf. 15.11.4.1, 15.11.4.2, 15.11.4.4, 15.11.4.5\<close>
  65.218 +      \end{itemize}\<close>
  65.219 +  \<comment> \<open>cf. 15.11.4.1, 15.11.4.2, 15.11.4.4, 15.11.4.5\<close>
  65.220  | Call: 
  65.221    "\<lbrakk>G\<turnstile>Norm s0 \<midarrow>e-\<succ>a'\<rightarrow> s1; G\<turnstile>s1 \<midarrow>args\<doteq>\<succ>vs\<rightarrow> s2;
  65.222      D = invocation_declclass G mode (store s2) a' statT \<lparr>name=mn,parTs=pTs\<rparr>;
  65.223 @@ -683,10 +680,9 @@
  65.224      G\<turnstile>s3' \<midarrow>Methd D \<lparr>name=mn,parTs=pTs\<rparr>-\<succ>v\<rightarrow> s4\<rbrakk>
  65.225     \<Longrightarrow>
  65.226         G\<turnstile>Norm s0 \<midarrow>{accC,statT,mode}e\<cdot>mn({pTs}args)-\<succ>v\<rightarrow> (restore_lvars s2 s4)"
  65.227 -\<comment>\<open>The accessibility check is after @{term init_lvars}, to keep it simple. 
  65.228 +\<comment> \<open>The accessibility check is after @{term init_lvars}, to keep it simple. 
  65.229     @{term init_lvars} already tests for the absence of a null-pointer 
  65.230 -   reference in case of an instance method invocation.
  65.231 -\<close>
  65.232 +   reference in case of an instance method invocation.\<close>
  65.233  
  65.234  | Methd:        "\<lbrakk>G\<turnstile>Norm s0 \<midarrow>body G D sig-\<succ>v\<rightarrow> s1\<rbrakk> \<Longrightarrow>
  65.235                                  G\<turnstile>Norm s0 \<midarrow>Methd D sig-\<succ>v\<rightarrow> s1"
  65.236 @@ -698,40 +694,39 @@
  65.237                    else s2)\<rbrakk> \<Longrightarrow>
  65.238             G\<turnstile>Norm s0 \<midarrow>Body D c-\<succ>the (locals (store s2) Result)
  65.239                \<rightarrow>abupd (absorb Ret) s3"
  65.240 -  \<comment>\<open>cf. 14.15, 12.4.1\<close>
  65.241 -  \<comment>\<open>We filter out a break/continue in @{term s2}, so that we can proof 
  65.242 +  \<comment> \<open>cf. 14.15, 12.4.1\<close>
  65.243 +  \<comment> \<open>We filter out a break/continue in @{term s2}, so that we can proof 
  65.244       definite assignment
  65.245       correct, without the need of conformance of the state. By this the
  65.246       different parts of the typesafety proof can be disentangled a little.\<close>
  65.247  
  65.248 -\<comment>\<open>evaluation of variables\<close>
  65.249 +\<comment> \<open>evaluation of variables\<close>
  65.250  
  65.251 -  \<comment>\<open>cf. 15.13.1, 15.7.2\<close>
  65.252 +  \<comment> \<open>cf. 15.13.1, 15.7.2\<close>
  65.253  | LVar: "G\<turnstile>Norm s \<midarrow>LVar vn=\<succ>lvar vn s\<rightarrow> Norm s"
  65.254  
  65.255 -  \<comment>\<open>cf. 15.10.1, 12.4.1\<close>
  65.256 +  \<comment> \<open>cf. 15.10.1, 12.4.1\<close>
  65.257  | FVar: "\<lbrakk>G\<turnstile>Norm s0 \<midarrow>Init statDeclC\<rightarrow> s1; G\<turnstile>s1 \<midarrow>e-\<succ>a\<rightarrow> s2;
  65.258            (v,s2') = fvar statDeclC stat fn a s2;
  65.259            s3 = check_field_access G accC statDeclC fn stat a s2' \<rbrakk> \<Longrightarrow>
  65.260            G\<turnstile>Norm s0 \<midarrow>{accC,statDeclC,stat}e..fn=\<succ>v\<rightarrow> s3"
  65.261 - \<comment>\<open>The accessibility check is after @{term fvar}, to keep it simple. 
  65.262 + \<comment> \<open>The accessibility check is after @{term fvar}, to keep it simple. 
  65.263      @{term fvar} already tests for the absence of a null-pointer reference 
  65.264 -    in case of an instance field
  65.265 -\<close>
  65.266 +    in case of an instance field\<close>
  65.267  
  65.268 -  \<comment>\<open>cf. 15.12.1, 15.25.1\<close>
  65.269 +  \<comment> \<open>cf. 15.12.1, 15.25.1\<close>
  65.270  | AVar: "\<lbrakk>G\<turnstile> Norm s0 \<midarrow>e1-\<succ>a\<rightarrow> s1; G\<turnstile>s1 \<midarrow>e2-\<succ>i\<rightarrow> s2;
  65.271            (v,s2') = avar G i a s2\<rbrakk> \<Longrightarrow>
  65.272                        G\<turnstile>Norm s0 \<midarrow>e1.[e2]=\<succ>v\<rightarrow> s2'"
  65.273  
  65.274  
  65.275 -\<comment>\<open>evaluation of expression lists\<close>
  65.276 +\<comment> \<open>evaluation of expression lists\<close>
  65.277  
  65.278 -  \<comment>\<open>cf. 15.11.4.2\<close>
  65.279 +  \<comment> \<open>cf. 15.11.4.2\<close>
  65.280  | Nil:
  65.281                                      "G\<turnstile>Norm s0 \<midarrow>[]\<doteq>\<succ>[]\<rightarrow> Norm s0"
  65.282  
  65.283 -  \<comment>\<open>cf. 15.6.4\<close>
  65.284 +  \<comment> \<open>cf. 15.6.4\<close>
  65.285  | Cons: "\<lbrakk>G\<turnstile>Norm s0 \<midarrow>e -\<succ> v \<rightarrow> s1;
  65.286            G\<turnstile>     s1 \<midarrow>es\<doteq>\<succ>vs\<rightarrow> s2\<rbrakk> \<Longrightarrow>
  65.287                                     G\<turnstile>Norm s0 \<midarrow>e#es\<doteq>\<succ>v#vs\<rightarrow> s2"
    66.1 --- a/src/HOL/Bali/Evaln.thy	Tue Jan 16 09:12:16 2018 +0100
    66.2 +++ b/src/HOL/Bali/Evaln.thy	Tue Jan 16 09:30:00 2018 +0100
    66.3 @@ -46,12 +46,12 @@
    66.4  | "G\<turnstile>s \<midarrow>e=\<succ>vf \<midarrow>n\<rightarrow>    s' \<equiv> G\<turnstile>s \<midarrow>In2  e\<succ>\<midarrow>n\<rightarrow> (In2 vf,  s')"
    66.5  | "G\<turnstile>s \<midarrow>e\<doteq>\<succ>v  \<midarrow>n\<rightarrow>    s' \<equiv> G\<turnstile>s \<midarrow>In3  e\<succ>\<midarrow>n\<rightarrow> (In3 v ,  s')"
    66.6  
    66.7 -\<comment>\<open>propagation of abrupt completion\<close>
    66.8 +\<comment> \<open>propagation of abrupt completion\<close>
    66.9  
   66.10  | Abrupt:   "G\<turnstile>(Some xc,s) \<midarrow>t\<succ>\<midarrow>n\<rightarrow> (undefined3 t,(Some xc,s))"
   66.11  
   66.12  
   66.13 -\<comment>\<open>evaluation of variables\<close>
   66.14 +\<comment> \<open>evaluation of variables\<close>
   66.15  
   66.16  | LVar: "G\<turnstile>Norm s \<midarrow>LVar vn=\<succ>lvar vn s\<midarrow>n\<rightarrow> Norm s"
   66.17  
   66.18 @@ -67,7 +67,7 @@
   66.19  
   66.20  
   66.21  
   66.22 -\<comment>\<open>evaluation of expressions\<close>
   66.23 +\<comment> \<open>evaluation of expressions\<close>
   66.24  
   66.25  | NewC: "\<lbrakk>G\<turnstile>Norm s0 \<midarrow>Init C\<midarrow>n\<rightarrow> s1;
   66.26            G\<turnstile>     s1 \<midarrow>halloc (CInst C)\<succ>a\<rightarrow> s2\<rbrakk> \<Longrightarrow>
   66.27 @@ -129,7 +129,7 @@
   66.28           G\<turnstile>Norm s0 \<midarrow>Body D c
   66.29            -\<succ>the (locals (store s2) Result)\<midarrow>n\<rightarrow>abupd (absorb Ret) s3"
   66.30  
   66.31 -\<comment>\<open>evaluation of expression lists\<close>
   66.32 +\<comment> \<open>evaluation of expression lists\<close>
   66.33  
   66.34  | Nil:
   66.35                                  "G\<turnstile>Norm s0 \<midarrow>[]\<doteq>\<succ>[]\<midarrow>n\<rightarrow> Norm s0"
   66.36 @@ -139,7 +139,7 @@
   66.37                               G\<turnstile>Norm s0 \<midarrow>e#es\<doteq>\<succ>v#vs\<midarrow>n\<rightarrow> s2"
   66.38  
   66.39  
   66.40 -\<comment>\<open>execution of statements\<close>
   66.41 +\<comment> \<open>execution of statements\<close>
   66.42  
   66.43  | Skip:                             "G\<turnstile>Norm s \<midarrow>Skip\<midarrow>n\<rightarrow> Norm s"
   66.44  
    67.1 --- a/src/HOL/Bali/Name.thy	Tue Jan 16 09:12:16 2018 +0100
    67.2 +++ b/src/HOL/Bali/Name.thy	Tue Jan 16 09:30:00 2018 +0100
    67.3 @@ -6,17 +6,17 @@
    67.4  theory Name imports Basis begin
    67.5  
    67.6  (* cf. 6.5 *) 
    67.7 -typedecl tnam   \<comment>\<open>ordinary type name, i.e. class or interface name\<close>
    67.8 -typedecl pname  \<comment>\<open>package name\<close>
    67.9 -typedecl mname  \<comment>\<open>method name\<close>
   67.10 -typedecl vname  \<comment>\<open>variable or field name\<close>
   67.11 -typedecl label  \<comment>\<open>label as destination of break or continue\<close>
   67.12 +typedecl tnam   \<comment> \<open>ordinary type name, i.e. class or interface name\<close>
   67.13 +typedecl pname  \<comment> \<open>package name\<close>
   67.14 +typedecl mname  \<comment> \<open>method name\<close>
   67.15 +typedecl vname  \<comment> \<open>variable or field name\<close>
   67.16 +typedecl label  \<comment> \<open>label as destination of break or continue\<close>
   67.17  
   67.18 -datatype ename        \<comment>\<open>expression name\<close> 
   67.19 +datatype ename        \<comment> \<open>expression name\<close> 
   67.20          = VNam vname 
   67.21 -        | Res         \<comment>\<open>special name to model the return value of methods\<close>
   67.22 +        | Res         \<comment> \<open>special name to model the return value of methods\<close>
   67.23  
   67.24 -datatype lname        \<comment>\<open>names for local variables and the This pointer\<close>
   67.25 +datatype lname        \<comment> \<open>names for local variables and the This pointer\<close>
   67.26          = EName ename 
   67.27          | This
   67.28  abbreviation VName   :: "vname \<Rightarrow> lname"
   67.29 @@ -25,7 +25,7 @@
   67.30  abbreviation Result :: lname
   67.31        where "Result == EName Res"
   67.32  
   67.33 -datatype xname          \<comment>\<open>names of standard exceptions\<close>
   67.34 +datatype xname          \<comment> \<open>names of standard exceptions\<close>
   67.35          = Throwable
   67.36          | NullPointer | OutOfMemory | ClassCast   
   67.37          | NegArrSize  | IndOutBound | ArrStore
   67.38 @@ -39,12 +39,12 @@
   67.39  done
   67.40  
   67.41  
   67.42 -datatype tname  \<comment>\<open>type names for standard classes and other type names\<close>
   67.43 +datatype tname  \<comment> \<open>type names for standard classes and other type names\<close>
   67.44          = Object'
   67.45          | SXcpt'   xname
   67.46          | TName   tnam
   67.47  
   67.48 -record   qtname = \<comment>\<open>qualified tname cf. 6.5.3, 6.5.4\<close>
   67.49 +record   qtname = \<comment> \<open>qualified tname cf. 6.5.3, 6.5.4\<close>
   67.50            pid :: pname  
   67.51            tid :: tname
   67.52  
   67.53 @@ -82,7 +82,7 @@
   67.54    (type) "'a qtname_scheme" <= (type) "\<lparr>pid::pname,tid::tname,\<dots>::'a\<rparr>"
   67.55  
   67.56  
   67.57 -axiomatization java_lang::pname \<comment>\<open>package java.lang\<close>
   67.58 +axiomatization java_lang::pname \<comment> \<open>package java.lang\<close>
   67.59  
   67.60  definition
   67.61    Object :: qtname
    68.1 --- a/src/HOL/Bali/State.thy	Tue Jan 16 09:12:16 2018 +0100
    68.2 +++ b/src/HOL/Bali/State.thy	Tue Jan 16 09:30:00 2018 +0100
    68.3 @@ -19,17 +19,17 @@
    68.4  
    68.5  subsubsection "objects"
    68.6  
    68.7 -datatype  obj_tag =     \<comment>\<open>tag for generic object\<close>
    68.8 -          CInst qtname  \<comment>\<open>class instance\<close>
    68.9 -        | Arr  ty int   \<comment>\<open>array with component type and length\<close>
   68.10 -    \<comment>\<open>| CStat qtname   the tag is irrelevant for a class object,
   68.11 +datatype  obj_tag =     \<comment> \<open>tag for generic object\<close>
   68.12 +          CInst qtname  \<comment> \<open>class instance\<close>
   68.13 +        | Arr  ty int   \<comment> \<open>array with component type and length\<close>
   68.14 +    \<comment> \<open>| CStat qtname   the tag is irrelevant for a class object,
   68.15                             i.e. the static fields of a class,
   68.16                             since its type is given already by the reference to 
   68.17                             it (see below)\<close>
   68.18  
   68.19 -type_synonym vn = "fspec + int"                 \<comment>\<open>variable name\<close>
   68.20 +type_synonym vn = "fspec + int"                 \<comment> \<open>variable name\<close>
   68.21  record  obj  = 
   68.22 -          tag :: "obj_tag"                      \<comment>\<open>generalized object\<close>
   68.23 +          tag :: "obj_tag"                      \<comment> \<open>generalized object\<close>
   68.24            "values" :: "(vn, val) table"      
   68.25  
   68.26  translations 
   68.27 @@ -130,7 +130,7 @@
   68.28  
   68.29  subsubsection "object references"
   68.30  
   68.31 -type_synonym oref = "loc + qtname"         \<comment>\<open>generalized object reference\<close>
   68.32 +type_synonym oref = "loc + qtname"         \<comment> \<open>generalized object reference\<close>
   68.33  syntax
   68.34    Heap  :: "loc   \<Rightarrow> oref"
   68.35    Stat  :: "qtname \<Rightarrow> oref"
   68.36 @@ -213,7 +213,7 @@
   68.37  
   68.38  subsubsection "stores"
   68.39  
   68.40 -type_synonym globs               \<comment>\<open>global variables: heap and static variables\<close>
   68.41 +type_synonym globs               \<comment> \<open>global variables: heap and static variables\<close>
   68.42          = "(oref , obj) table"
   68.43  type_synonym heap
   68.44          = "(loc  , obj) table"
   68.45 @@ -580,7 +580,7 @@
   68.46  subsubsection "full program state"
   68.47  
   68.48  type_synonym
   68.49 -  state = "abopt \<times> st"          \<comment>\<open>state including abruption information\<close>
   68.50 +  state = "abopt \<times> st"          \<comment> \<open>state including abruption information\<close>
   68.51  
   68.52  translations
   68.53    (type) "abopt" <= (type) "abrupt option"
    69.1 --- a/src/HOL/Bali/Table.thy	Tue Jan 16 09:12:16 2018 +0100
    69.2 +++ b/src/HOL/Bali/Table.thy	Tue Jan 16 09:30:00 2018 +0100
    69.3 @@ -29,16 +29,16 @@
    69.4  \end{itemize}
    69.5  \<close>
    69.6  
    69.7 -type_synonym ('a, 'b) table    \<comment>\<open>table with key type 'a and contents type 'b\<close>
    69.8 +type_synonym ('a, 'b) table    \<comment> \<open>table with key type 'a and contents type 'b\<close>
    69.9        = "'a \<rightharpoonup> 'b"
   69.10 -type_synonym ('a, 'b) tables   \<comment>\<open>non-unique table with key 'a and contents 'b\<close>
   69.11 +type_synonym ('a, 'b) tables   \<comment> \<open>non-unique table with key 'a and contents 'b\<close>
   69.12        = "'a \<Rightarrow> 'b set"
   69.13  
   69.14  
   69.15  subsubsection "map of / table of"
   69.16  
   69.17  abbreviation
   69.18 -  table_of :: "('a \<times> 'b) list \<Rightarrow> ('a, 'b) table"   \<comment>\<open>concrete table\<close>
   69.19 +  table_of :: "('a \<times> 'b) list \<Rightarrow> ('a, 'b) table"   \<comment> \<open>concrete table\<close>
   69.20    where "table_of \<equiv> map_of"
   69.21  
   69.22  translations
   69.23 @@ -53,7 +53,7 @@
   69.24  
   69.25  definition cond_override :: "('b \<Rightarrow>'b \<Rightarrow> bool) \<Rightarrow> ('a, 'b)table \<Rightarrow> ('a, 'b)table \<Rightarrow> ('a, 'b) table" where
   69.26  
   69.27 -\<comment>\<open>when merging tables old and new, only override an entry of table old when  
   69.28 +\<comment> \<open>when merging tables old and new, only override an entry of table old when  
   69.29     the condition cond holds\<close>
   69.30  "cond_override cond old new =
   69.31   (\<lambda>k.
   69.32 @@ -276,13 +276,13 @@
   69.33    where "(t hidings s entails R) = (\<forall>k. \<forall>x\<in>t k. \<forall>y\<in>s k. R x y)"
   69.34  
   69.35  definition
   69.36 -  \<comment>\<open>variant for unique table:\<close>
   69.37 +  \<comment> \<open>variant for unique table:\<close>
   69.38    hiding_entails :: "('a, 'b) table  \<Rightarrow> ('a, 'c) table  \<Rightarrow> ('b \<Rightarrow> 'c \<Rightarrow> bool) \<Rightarrow> bool"
   69.39      ("_ hiding _ entails _"  20)
   69.40    where "(t hiding  s entails R) = (\<forall>k. \<forall>x\<in>t k: \<forall>y\<in>s k: R x y)"
   69.41  
   69.42  definition
   69.43 -  \<comment>\<open>variant for a unique table and conditional overriding:\<close>
   69.44 +  \<comment> \<open>variant for a unique table and conditional overriding:\<close>
   69.45    cond_hiding_entails :: "('a, 'b) table  \<Rightarrow> ('a, 'c) table  
   69.46                            \<Rightarrow> ('b \<Rightarrow> 'c \<Rightarrow> bool) \<Rightarrow> ('b \<Rightarrow> 'c \<Rightarrow> bool) \<Rightarrow> bool"  
   69.47                            ("_ hiding _ under _ entails _"  20)
    70.1 --- a/src/HOL/Bali/Term.thy	Tue Jan 16 09:12:16 2018 +0100
    70.2 +++ b/src/HOL/Bali/Term.thy	Tue Jan 16 09:30:00 2018 +0100
    70.3 @@ -57,25 +57,25 @@
    70.4  
    70.5  
    70.6  
    70.7 -type_synonym locals = "(lname, val) table"  \<comment>\<open>local variables\<close>
    70.8 +type_synonym locals = "(lname, val) table"  \<comment> \<open>local variables\<close>
    70.9  
   70.10  
   70.11  datatype jump
   70.12 -        = Break label \<comment>\<open>break\<close>
   70.13 -        | Cont label  \<comment>\<open>continue\<close>
   70.14 -        | Ret         \<comment>\<open>return from method\<close>
   70.15 +        = Break label \<comment> \<open>break\<close>
   70.16 +        | Cont label  \<comment> \<open>continue\<close>
   70.17 +        | Ret         \<comment> \<open>return from method\<close>
   70.18  
   70.19 -datatype xcpt        \<comment>\<open>exception\<close>
   70.20 -        = Loc loc    \<comment>\<open>location of allocated execption object\<close>
   70.21 -        | Std xname  \<comment>\<open>intermediate standard exception, see Eval.thy\<close>
   70.22 +datatype xcpt        \<comment> \<open>exception\<close>
   70.23 +        = Loc loc    \<comment> \<open>location of allocated execption object\<close>
   70.24 +        | Std xname  \<comment> \<open>intermediate standard exception, see Eval.thy\<close>
   70.25  
   70.26  datatype error
   70.27 -       =  AccessViolation  \<comment>\<open>Access to a member that isn't permitted\<close>
   70.28 -        | CrossMethodJump  \<comment>\<open>Method exits with a break or continue\<close>
   70.29 +       =  AccessViolation  \<comment> \<open>Access to a member that isn't permitted\<close>
   70.30 +        | CrossMethodJump  \<comment> \<open>Method exits with a break or continue\<close>
   70.31  
   70.32 -datatype abrupt       \<comment>\<open>abrupt completion\<close> 
   70.33 -        = Xcpt xcpt   \<comment>\<open>exception\<close>
   70.34 -        | Jump jump   \<comment>\<open>break, continue, return\<close>
   70.35 +datatype abrupt       \<comment> \<open>abrupt completion\<close> 
   70.36 +        = Xcpt xcpt   \<comment> \<open>exception\<close>
   70.37 +        | Jump jump   \<comment> \<open>break, continue, return\<close>
   70.38          | Error error \<comment> \<open>runtime errors, we wan't to detect and proof absent
   70.39                              in welltyped programms\<close>
   70.40  type_synonym
   70.41 @@ -90,26 +90,26 @@
   70.42  translations
   70.43   (type) "locals" <= (type) "(lname, val) table"
   70.44  
   70.45 -datatype inv_mode                  \<comment>\<open>invocation mode for method calls\<close>
   70.46 -        = Static                   \<comment>\<open>static\<close>
   70.47 -        | SuperM                   \<comment>\<open>super\<close>
   70.48 -        | IntVir                   \<comment>\<open>interface or virtual\<close>
   70.49 +datatype inv_mode                  \<comment> \<open>invocation mode for method calls\<close>
   70.50 +        = Static                   \<comment> \<open>static\<close>
   70.51 +        | SuperM                   \<comment> \<open>super\<close>
   70.52 +        | IntVir                   \<comment> \<open>interface or virtual\<close>
   70.53  
   70.54 -record  sig =              \<comment>\<open>signature of a method, cf. 8.4.2\<close>
   70.55 -          name ::"mname"   \<comment>\<open>acutally belongs to Decl.thy\<close>
   70.56 +record  sig =              \<comment> \<open>signature of a method, cf. 8.4.2\<close>
   70.57 +          name ::"mname"   \<comment> \<open>acutally belongs to Decl.thy\<close>
   70.58            parTs::"ty list"        
   70.59  
   70.60  translations
   70.61    (type) "sig" <= (type) "\<lparr>name::mname,parTs::ty list\<rparr>"
   70.62    (type) "sig" <= (type) "\<lparr>name::mname,parTs::ty list,\<dots>::'a\<rparr>"
   70.63  
   70.64 -\<comment>\<open>function codes for unary operations\<close>
   70.65 +\<comment> \<open>function codes for unary operations\<close>
   70.66  datatype unop =  UPlus    \<comment> \<open>{\tt +} unary plus\<close> 
   70.67                 | UMinus   \<comment> \<open>{\tt -} unary minus\<close>
   70.68                 | UBitNot  \<comment> \<open>{\tt ~} bitwise NOT\<close>
   70.69                 | UNot     \<comment> \<open>{\tt !} logical complement\<close>
   70.70  
   70.71 -\<comment>\<open>function codes for binary operations\<close>
   70.72 +\<comment> \<open>function codes for binary operations\<close>
   70.73  datatype binop = Mul     \<comment> \<open>{\tt * }   multiplication\<close>
   70.74                 | Div     \<comment> \<open>{\tt /}   division\<close>
   70.75                 | Mod     \<comment> \<open>{\tt \%}   remainder\<close>
   70.76 @@ -141,81 +141,81 @@
   70.77  \<close>
   70.78  
   70.79  datatype var
   70.80 -        = LVar lname \<comment>\<open>local variable (incl. parameters)\<close>
   70.81 +        = LVar lname \<comment> \<open>local variable (incl. parameters)\<close>
   70.82          | FVar qtname qtname bool expr vname ("{_,_,_}_.._"[10,10,10,85,99]90)
   70.83 -                     \<comment>\<open>class field\<close>
   70.84 -                     \<comment>\<open>@{term "{accC,statDeclC,stat}e..fn"}\<close>
   70.85 -                     \<comment>\<open>\<open>accC\<close>: accessing class (static class were\<close>
   70.86 -                     \<comment>\<open>the code is declared. Annotation only needed for\<close>
   70.87 -                     \<comment>\<open>evaluation to check accessibility)\<close>
   70.88 -                     \<comment>\<open>\<open>statDeclC\<close>: static declaration class of field\<close>
   70.89 -                     \<comment>\<open>\<open>stat\<close>: static or instance field?\<close>
   70.90 -                     \<comment>\<open>\<open>e\<close>: reference to object\<close>
   70.91 -                     \<comment>\<open>\<open>fn\<close>: field name\<close>
   70.92 +                     \<comment> \<open>class field\<close>
   70.93 +                     \<comment> \<open>@{term "{accC,statDeclC,stat}e..fn"}\<close>
   70.94 +                     \<comment> \<open>\<open>accC\<close>: accessing class (static class were\<close>
   70.95 +                     \<comment> \<open>the code is declared. Annotation only needed for\<close>
   70.96 +                     \<comment> \<open>evaluation to check accessibility)\<close>
   70.97 +                     \<comment> \<open>\<open>statDeclC\<close>: static declaration class of field\<close>
   70.98 +                     \<comment> \<open>\<open>stat\<close>: static or instance field?\<close>
   70.99 +                     \<comment> \<open>\<open>e\<close>: reference to object\<close>
  70.100 +                     \<comment> \<open>\<open>fn\<close>: field name\<close>
  70.101          | AVar expr expr ("_.[_]"[90,10   ]90)
  70.102 -                     \<comment>\<open>array component\<close>
  70.103 -                     \<comment>\<open>@{term "e1.[e2]"}: e1 array reference; e2 index\<close>
  70.104 +                     \<comment> \<open>array component\<close>
  70.105 +                     \<comment> \<open>@{term "e1.[e2]"}: e1 array reference; e2 index\<close>
  70.106          | InsInitV stmt var 
  70.107 -                     \<comment>\<open>insertion of initialization before evaluation\<close>
  70.108 -                     \<comment>\<open>of var (technical term for smallstep semantics.)\<close>
  70.109 +                     \<comment> \<open>insertion of initialization before evaluation\<close>
  70.110 +                     \<comment> \<open>of var (technical term for smallstep semantics.)\<close>
  70.111  
  70.112  and expr
  70.113 -        = NewC qtname         \<comment>\<open>class instance creation\<close>
  70.114 +        = NewC qtname         \<comment> \<open>class instance creation\<close>
  70.115          | NewA ty expr ("New _[_]"[99,10   ]85) 
  70.116 -                              \<comment>\<open>array creation\<close> 
  70.117 -        | Cast ty expr        \<comment>\<open>type cast\<close>
  70.118 +                              \<comment> \<open>array creation\<close> 
  70.119 +        | Cast ty expr        \<comment> \<open>type cast\<close>
  70.120          | Inst expr ref_ty ("_ InstOf _"[85,99] 85)   
  70.121 -                              \<comment>\<open>instanceof\<close>     
  70.122 -        | Lit  val              \<comment>\<open>literal value, references not allowed\<close>
  70.123 -        | UnOp unop expr        \<comment>\<open>unary operation\<close>
  70.124 -        | BinOp binop expr expr \<comment>\<open>binary operation\<close>
  70.125 +                              \<comment> \<open>instanceof\<close>     
  70.126 +        | Lit  val              \<comment> \<open>literal value, references not allowed\<close>
  70.127 +        | UnOp unop expr        \<comment> \<open>unary operation\<close>
  70.128 +        | BinOp binop expr expr \<comment> \<open>binary operation\<close>
  70.129          
  70.130 -        | Super               \<comment>\<open>special Super keyword\<close>
  70.131 -        | Acc  var            \<comment>\<open>variable access\<close>
  70.132 +        | Super               \<comment> \<open>special Super keyword\<close>
  70.133 +        | Acc  var            \<comment> \<open>variable access\<close>
  70.134          | Ass  var expr       ("_:=_"   [90,85   ]85)
  70.135 -                              \<comment>\<open>variable assign\<close> 
  70.136 -        | Cond expr expr expr ("_ ? _ : _" [85,85,80]80) \<comment>\<open>conditional\<close>  
  70.137 +                              \<comment> \<open>variable assign\<close> 
  70.138 +        | Cond expr expr expr ("_ ? _ : _" [85,85,80]80) \<comment> \<open>conditional\<close>  
  70.139          | Call qtname ref_ty inv_mode expr mname "(ty list)" "(expr list)"  
  70.140              ("{_,_,_}_\<cdot>_'( {_}_')"[10,10,10,85,99,10,10]85) 
  70.141 -                    \<comment>\<open>method call\<close> 
  70.142 -                    \<comment>\<open>@{term "{accC,statT,mode}e\<cdot>mn({pTs}args)"} "\<close>
  70.143 -                    \<comment>\<open>\<open>accC\<close>: accessing class (static class were\<close>
  70.144 -                    \<comment>\<open>the call code is declared. Annotation only needed for\<close>
  70.145 -                    \<comment>\<open>evaluation to check accessibility)\<close>
  70.146 -                    \<comment>\<open>\<open>statT\<close>: static declaration class/interface of\<close>
  70.147 -                    \<comment>\<open>method\<close>
  70.148 -                    \<comment>\<open>\<open>mode\<close>: invocation mode\<close>
  70.149 -                    \<comment>\<open>\<open>e\<close>: reference to object\<close>
  70.150 -                    \<comment>\<open>\<open>mn\<close>: field name\<close>   
  70.151 -                    \<comment>\<open>\<open>pTs\<close>: types of parameters\<close>
  70.152 -                    \<comment>\<open>\<open>args\<close>: the actual parameters/arguments\<close> 
  70.153 -        | Methd qtname sig    \<comment>\<open>(folded) method (see below)\<close>
  70.154 -        | Body qtname stmt    \<comment>\<open>(unfolded) method body\<close>
  70.155 +                    \<comment> \<open>method call\<close> 
  70.156 +                    \<comment> \<open>@{term "{accC,statT,mode}e\<cdot>mn({pTs}args)"} "\<close>
  70.157 +                    \<comment> \<open>\<open>accC\<close>: accessing class (static class were\<close>
  70.158 +                    \<comment> \<open>the call code is declared. Annotation only needed for\<close>
  70.159 +                    \<comment> \<open>evaluation to check accessibility)\<close>
  70.160 +                    \<comment> \<open>\<open>statT\<close>: static declaration class/interface of\<close>
  70.161 +                    \<comment> \<open>method\<close>
  70.162 +                    \<comment> \<open>\<open>mode\<close>: invocation mode\<close>
  70.163 +                    \<comment> \<open>\<open>e\<close>: reference to object\<close>
  70.164 +                    \<comment> \<open>\<open>mn\<close>: field name\<close>   
  70.165 +                    \<comment> \<open>\<open>pTs\<close>: types of parameters\<close>
  70.166 +                    \<comment> \<open>\<open>args\<close>: the actual parameters/arguments\<close> 
  70.167 +        | Methd qtname sig    \<comment> \<open>(folded) method (see below)\<close>
  70.168 +        | Body qtname stmt    \<comment> \<open>(unfolded) method body\<close>
  70.169          | InsInitE stmt expr  
  70.170 -                 \<comment>\<open>insertion of initialization before\<close>
  70.171 -                 \<comment>\<open>evaluation of expr (technical term for smallstep sem.)\<close>
  70.172 -        | Callee locals expr  \<comment>\<open>save callers locals in callee-Frame\<close>
  70.173 -                              \<comment>\<open>(technical term for smallstep semantics)\<close>
  70.174 +                 \<comment> \<open>insertion of initialization before\<close>
  70.175 +                 \<comment> \<open>evaluation of expr (technical term for smallstep sem.)\<close>
  70.176 +        | Callee locals expr  \<comment> \<open>save callers locals in callee-Frame\<close>
  70.177 +                              \<comment> \<open>(technical term for smallstep semantics)\<close>
  70.178  and  stmt
  70.179 -        = Skip                  \<comment>\<open>empty      statement\<close>
  70.180 -        | Expr  expr            \<comment>\<open>expression statement\<close>
  70.181 +        = Skip                  \<comment> \<open>empty      statement\<close>
  70.182 +        | Expr  expr            \<comment> \<open>expression statement\<close>
  70.183          | Lab   jump stmt       ("_\<bullet> _" [      99,66]66)
  70.184 -                                \<comment>\<open>labeled statement; handles break\<close>
  70.185 +                                \<comment> \<open>labeled statement; handles break\<close>
  70.186          | Comp  stmt stmt       ("_;; _"                  [      66,65]65)
  70.187          | If'   expr stmt stmt  ("If'(_') _ Else _"       [   80,79,79]70)
  70.188          | Loop  label expr stmt ("_\<bullet> While'(_') _"        [   99,80,79]70)
  70.189 -        | Jmp jump              \<comment>\<open>break, continue, return\<close>
  70.190 +        | Jmp jump              \<comment> \<open>break, continue, return\<close>
  70.191          | Throw expr
  70.192          | TryC  stmt qtname vname stmt ("Try _ Catch'(_ _') _"  [79,99,80,79]70)
  70.193 -             \<comment>\<open>@{term "Try c1 Catch(C vn) c2"}\<close> 
  70.194 -             \<comment>\<open>\<open>c1\<close>: block were exception may be thrown\<close>
  70.195 -             \<comment>\<open>\<open>C\<close>:  execption class to catch\<close>
  70.196 -             \<comment>\<open>\<open>vn\<close>: local name for exception used in \<open>c2\<close>\<close>
  70.197 -             \<comment>\<open>\<open>c2\<close>: block to execute when exception is cateched\<close>
  70.198 +             \<comment> \<open>@{term "Try c1 Catch(C vn) c2"}\<close> 
  70.199 +             \<comment> \<open>\<open>c1\<close>: block were exception may be thrown\<close>
  70.200 +             \<comment> \<open>\<open>C\<close>:  execption class to catch\<close>
  70.201 +             \<comment> \<open>\<open>vn\<close>: local name for exception used in \<open>c2\<close>\<close>
  70.202 +             \<comment> \<open>\<open>c2\<close>: block to execute when exception is cateched\<close>
  70.203          | Fin  stmt  stmt        ("_ Finally _"               [      79,79]70)
  70.204 -        | FinA abopt stmt       \<comment>\<open>Save abruption of first statement\<close> 
  70.205 -                                \<comment>\<open>technical term  for smallstep sem.)\<close>
  70.206 -        | Init  qtname          \<comment>\<open>class initialization\<close>
  70.207 +        | FinA abopt stmt       \<comment> \<open>Save abruption of first statement\<close> 
  70.208 +                                \<comment> \<open>technical term  for smallstep sem.)\<close>
  70.209 +        | Init  qtname          \<comment> \<open>class initialization\<close>
  70.210  
  70.211  datatype_compat var expr stmt
  70.212  
  70.213 @@ -254,7 +254,7 @@
  70.214  
  70.215  abbreviation
  70.216    Return :: "expr \<Rightarrow> stmt"
  70.217 -  where "Return e == Expr (Ass (LVar (EName Res)) e);; Jmp Ret" \<comment>\<open>\tt Res := e;; Jmp Ret\<close>
  70.218 +  where "Return e == Expr (Ass (LVar (EName Res)) e);; Jmp Ret" \<comment> \<open>\tt Res := e;; Jmp Ret\<close>
  70.219  
  70.220  abbreviation
  70.221    StatRef :: "ref_ty \<Rightarrow> expr"
  70.222 @@ -432,7 +432,7 @@
  70.223  where
  70.224    "eval_unop UPlus v = Intg (the_Intg v)"
  70.225  | "eval_unop UMinus v = Intg (- (the_Intg v))"
  70.226 -| "eval_unop UBitNot v = Intg 42"                \<comment> "FIXME: Not yet implemented"
  70.227 +| "eval_unop UBitNot v = Intg 42"                \<comment> \<open>FIXME: Not yet implemented\<close>
  70.228  | "eval_unop UNot v = Bool (\<not> the_Bool v)"
  70.229  
  70.230  subsubsection \<open>Evaluation of binary operations\<close>
  70.231 @@ -444,10 +444,10 @@
  70.232  | "eval_binop Plus    v1 v2 = Intg ((the_Intg v1) + (the_Intg v2))"
  70.233  | "eval_binop Minus   v1 v2 = Intg ((the_Intg v1) - (the_Intg v2))"
  70.234  
  70.235 -\<comment> "Be aware of the explicit coercion of the shift distance to nat"
  70.236 +\<comment> \<open>Be aware of the explicit coercion of the shift distance to nat\<close>
  70.237  | "eval_binop LShift  v1 v2 = Intg ((the_Intg v1) *   (2^(nat (the_Intg v2))))"
  70.238  | "eval_binop RShift  v1 v2 = Intg ((the_Intg v1) div (2^(nat (the_Intg v2))))"
  70.239 -| "eval_binop RShiftU v1 v2 = Intg 42" \<comment>"FIXME: Not yet implemented"
  70.240 +| "eval_binop RShiftU v1 v2 = Intg 42" \<comment> \<open>FIXME: Not yet implemented\<close>
  70.241  
  70.242  | "eval_binop Less    v1 v2 = Bool ((the_Intg v1) < (the_Intg v2))" 
  70.243  | "eval_binop Le      v1 v2 = Bool ((the_Intg v1) \<le> (the_Intg v2))"
  70.244 @@ -456,11 +456,11 @@
  70.245  
  70.246  | "eval_binop Eq      v1 v2 = Bool (v1=v2)"
  70.247  | "eval_binop Neq     v1 v2 = Bool (v1\<noteq>v2)"
  70.248 -| "eval_binop BitAnd  v1 v2 = Intg 42" \<comment> "FIXME: Not yet implemented"
  70.249 +| "eval_binop BitAnd  v1 v2 = Intg 42" \<comment> \<open>FIXME: Not yet implemented\<close>
  70.250  | "eval_binop And     v1 v2 = Bool ((the_Bool v1) \<and> (the_Bool v2))"
  70.251 -| "eval_binop BitXor  v1 v2 = Intg 42" \<comment> "FIXME: Not yet implemented"
  70.252 +| "eval_binop BitXor  v1 v2 = Intg 42" \<comment> \<open>FIXME: Not yet implemented\<close>
  70.253  | "eval_binop Xor     v1 v2 = Bool ((the_Bool v1) \<noteq> (the_Bool v2))"
  70.254 -| "eval_binop BitOr   v1 v2 = Intg 42" \<comment> "FIXME: Not yet implemented"
  70.255 +| "eval_binop BitOr   v1 v2 = Intg 42" \<comment> \<open>FIXME: Not yet implemented\<close>
  70.256  | "eval_binop Or      v1 v2 = Bool ((the_Bool v1) \<or> (the_Bool v2))"
  70.257  | "eval_binop CondAnd v1 v2 = Bool ((the_Bool v1) \<and> (the_Bool v2))"
  70.258  | "eval_binop CondOr  v1 v2 = Bool ((the_Bool v1) \<or> (the_Bool v2))"
    71.1 --- a/src/HOL/Bali/Trans.thy	Tue Jan 16 09:12:16 2018 +0100
    71.2 +++ b/src/HOL/Bali/Trans.thy	Tue Jan 16 09:30:00 2018 +0100
    71.3 @@ -236,14 +236,13 @@
    71.4  | InsInitFVar:
    71.5        "G\<turnstile>(\<langle>InsInitV Skip ({accC,statDeclC,stat}Lit a..fn)\<rangle>,Norm s) 
    71.6          \<mapsto>1 (\<langle>{accC,statDeclC,stat}Lit a..fn\<rangle>,Norm s)"
    71.7 -\<comment>  \<open>Notice, that we do not have literal values for \<open>vars\<close>. 
    71.8 +\<comment> \<open>Notice, that we do not have literal values for \<open>vars\<close>. 
    71.9  The rules for accessing variables (\<open>Acc\<close>) and assigning to variables 
   71.10  (\<open>Ass\<close>), test this with the predicate \<open>groundVar\<close>.  After 
   71.11  initialisation is done and the \<open>FVar\<close> is evaluated, we can't just 
   71.12  throw away the \<open>InsInitFVar\<close> term and return a literal value, as in the 
   71.13  cases of \<open>New\<close>  or \<open>NewC\<close>. Instead we just return the evaluated 
   71.14 -\<open>FVar\<close> and test for initialisation in the rule \<open>FVar\<close>. 
   71.15 -\<close>
   71.16 +\<open>FVar\<close> and test for initialisation in the rule \<open>FVar\<close>.\<close>
   71.17  
   71.18  
   71.19  | AVarE1: "\<lbrakk>G\<turnstile>(\<langle>e1\<rangle>,Norm s) \<mapsto>1 (\<langle>e1'\<rangle>,s')\<rbrakk> 
    72.1 --- a/src/HOL/Bali/Type.thy	Tue Jan 16 09:12:16 2018 +0100
    72.2 +++ b/src/HOL/Bali/Type.thy	Tue Jan 16 09:30:00 2018 +0100
    72.3 @@ -14,21 +14,21 @@
    72.4  \end{itemize}
    72.5  \<close>
    72.6  
    72.7 -datatype prim_ty        \<comment>\<open>primitive type, cf. 4.2\<close>
    72.8 -        = Void          \<comment>\<open>result type of void methods\<close>
    72.9 +datatype prim_ty        \<comment> \<open>primitive type, cf. 4.2\<close>
   72.10 +        = Void          \<comment> \<open>result type of void methods\<close>
   72.11          | Boolean
   72.12          | Integer
   72.13  
   72.14  
   72.15 -datatype ref_ty         \<comment>\<open>reference type, cf. 4.3\<close>
   72.16 -        = NullT         \<comment>\<open>null type, cf. 4.1\<close>
   72.17 -        | IfaceT qtname \<comment>\<open>interface type\<close>
   72.18 -        | ClassT qtname \<comment>\<open>class type\<close>
   72.19 -        | ArrayT ty     \<comment>\<open>array type\<close>
   72.20 +datatype ref_ty         \<comment> \<open>reference type, cf. 4.3\<close>
   72.21 +        = NullT         \<comment> \<open>null type, cf. 4.1\<close>
   72.22 +        | IfaceT qtname \<comment> \<open>interface type\<close>
   72.23 +        | ClassT qtname \<comment> \<open>class type\<close>
   72.24 +        | ArrayT ty     \<comment> \<open>array type\<close>
   72.25  
   72.26 -and ty                  \<comment>\<open>any type, cf. 4.1\<close>
   72.27 -        = PrimT prim_ty \<comment>\<open>primitive type\<close>
   72.28 -        | RefT  ref_ty  \<comment>\<open>reference type\<close>
   72.29 +and ty                  \<comment> \<open>any type, cf. 4.1\<close>
   72.30 +        = PrimT prim_ty \<comment> \<open>primitive type\<close>
   72.31 +        | RefT  ref_ty  \<comment> \<open>reference type\<close>
   72.32  
   72.33  abbreviation "NT == RefT NullT"
   72.34  abbreviation "Iface I == RefT (IfaceT I)"
    73.1 --- a/src/HOL/Bali/TypeRel.thy	Tue Jan 16 09:12:16 2018 +0100
    73.2 +++ b/src/HOL/Bali/TypeRel.thy	Tue Jan 16 09:30:00 2018 +0100
    73.3 @@ -32,8 +32,8 @@
    73.4  (*subclseq, by translation*)                 (* subclass + identity       *)
    73.5  
    73.6  definition
    73.7 -  implmt1 :: "prog \<Rightarrow> (qtname \<times> qtname) set" \<comment>\<open>direct implementation\<close>
    73.8 -  \<comment>\<open>direct implementation, cf. 8.1.3\<close>
    73.9 +  implmt1 :: "prog \<Rightarrow> (qtname \<times> qtname) set" \<comment> \<open>direct implementation\<close>
   73.10 +  \<comment> \<open>direct implementation, cf. 8.1.3\<close>
   73.11    where "implmt1 G = {(C,I). C\<noteq>Object \<and> (\<exists>c\<in>class G C: I\<in>set (superIfs c))}"
   73.12  
   73.13  
   73.14 @@ -43,7 +43,7 @@
   73.15  
   73.16  abbreviation
   73.17    subint_syntax :: "prog => [qtname, qtname] => bool" ("_\<turnstile>_\<preceq>I _"  [71,71,71] 70)
   73.18 -  where "G\<turnstile>I \<preceq>I J == (I,J) \<in>(subint1 G)^*" \<comment>\<open>cf. 9.1.3\<close>
   73.19 +  where "G\<turnstile>I \<preceq>I J == (I,J) \<in>(subint1 G)^*" \<comment> \<open>cf. 9.1.3\<close>
   73.20  
   73.21  abbreviation
   73.22    implmt1_syntax :: "prog => [qtname, qtname] => bool" ("_\<turnstile>_\<leadsto>1_"  [71,71,71] 70)
   73.23 @@ -334,7 +334,7 @@
   73.24  apply auto
   73.25  done
   73.26  
   73.27 -inductive \<comment>\<open>implementation, cf. 8.1.4\<close>
   73.28 +inductive \<comment> \<open>implementation, cf. 8.1.4\<close>
   73.29    implmt :: "prog \<Rightarrow> qtname \<Rightarrow> qtname \<Rightarrow> bool" ("_\<turnstile>_\<leadsto>_" [71,71,71] 70)
   73.30    for G :: prog
   73.31  where
   73.32 @@ -369,13 +369,13 @@
   73.33  subsubsection "widening relation"
   73.34  
   73.35  inductive
   73.36 - \<comment>\<open>widening, viz. method invocation conversion, cf. 5.3
   73.37 + \<comment> \<open>widening, viz. method invocation conversion, cf. 5.3
   73.38                              i.e. kind of syntactic subtyping\<close>
   73.39    widen :: "prog \<Rightarrow> ty \<Rightarrow> ty \<Rightarrow> bool" ("_\<turnstile>_\<preceq>_" [71,71,71] 70)
   73.40    for G :: prog
   73.41  where
   73.42 -  refl:    "G\<turnstile>T\<preceq>T" \<comment>\<open>identity conversion, cf. 5.1.1\<close>
   73.43 -| subint:  "G\<turnstile>I\<preceq>I J  \<Longrightarrow> G\<turnstile>Iface I\<preceq> Iface J" \<comment>\<open>wid.ref.conv.,cf. 5.1.4\<close>
   73.44 +  refl:    "G\<turnstile>T\<preceq>T" \<comment> \<open>identity conversion, cf. 5.1.1\<close>
   73.45 +| subint:  "G\<turnstile>I\<preceq>I J  \<Longrightarrow> G\<turnstile>Iface I\<preceq> Iface J" \<comment> \<open>wid.ref.conv.,cf. 5.1.4\<close>
   73.46  | int_obj: "G\<turnstile>Iface I\<preceq> Class Object"
   73.47  | subcls:  "G\<turnstile>C\<preceq>\<^sub>C D  \<Longrightarrow> G\<turnstile>Class C\<preceq> Class D"
   73.48  | implmt:  "G\<turnstile>C\<leadsto>I   \<Longrightarrow> G\<turnstile>Class C\<preceq> Iface I"
   73.49 @@ -594,7 +594,7 @@
   73.50  *)
   73.51  
   73.52  (* more detailed than necessary for type-safety, see above rules. *)
   73.53 -inductive \<comment>\<open>narrowing reference conversion, cf. 5.1.5\<close>
   73.54 +inductive \<comment> \<open>narrowing reference conversion, cf. 5.1.5\<close>
   73.55    narrow :: "prog \<Rightarrow> ty \<Rightarrow> ty \<Rightarrow> bool" ("_\<turnstile>_\<succ>_" [71,71,71] 70)
   73.56    for G :: prog
   73.57  where
   73.58 @@ -645,7 +645,7 @@
   73.59  
   73.60  subsubsection "casting relation"
   73.61  
   73.62 -inductive \<comment>\<open>casting conversion, cf. 5.5\<close>
   73.63 +inductive \<comment> \<open>casting conversion, cf. 5.5\<close>
   73.64    cast :: "prog \<Rightarrow> ty \<Rightarrow> ty \<Rightarrow> bool" ("_\<turnstile>_\<preceq>? _" [71,71,71] 70)
   73.65    for G :: prog
   73.66  where
    74.1 --- a/src/HOL/Bali/TypeSafe.thy	Tue Jan 16 09:12:16 2018 +0100
    74.2 +++ b/src/HOL/Bali/TypeSafe.thy	Tue Jan 16 09:30:00 2018 +0100
    74.3 @@ -588,7 +588,7 @@
    74.4  qed
    74.5  
    74.6  corollary DynT_mheadsE [consumes 7]: 
    74.7 -\<comment>\<open>Same as \<open>DynT_mheadsD\<close> but better suited for application in 
    74.8 +\<comment> \<open>Same as \<open>DynT_mheadsD\<close> but better suited for application in 
    74.9  typesafety proof\<close>
   74.10   assumes invC_compatible: "G\<turnstile>mode\<rightarrow>invC\<preceq>statT" 
   74.11       and wf: "wf_prog G" 
   74.12 @@ -1906,8 +1906,7 @@
   74.13            called type safe. To remedy the situation we would have to change
   74.14            the evaulation rule, so that it only has a type safe evaluation if
   74.15            we actually get a boolean value for the condition. That b is actually
   74.16 -          a boolean value is part of @{term hyp_e}. See also Loop 
   74.17 -\<close>
   74.18 +          a boolean value is part of @{term hyp_e}. See also Loop\<close>
   74.19    next
   74.20      case (Loop s0 e b s1 c s2 l s3 L accC T A)
   74.21      note eval_e = \<open>G\<turnstile>Norm s0 \<midarrow>e-\<succ>b\<rightarrow> s1\<close>
   74.22 @@ -2624,8 +2623,7 @@
   74.23            values of the expected types, and arbitrary if the inputs have 
   74.24            unexpected types. The proof can easily be adapted since we
   74.25            have the hypothesis that the values have a proper type.
   74.26 -          This also applies to unary operations.
   74.27 -\<close>
   74.28 +          This also applies to unary operations.\<close>
   74.29      from eval_e1 have 
   74.30        s0_s1:"dom (locals (store ((Norm s0)::state))) \<subseteq> dom (locals (store s1))"
   74.31        by (rule dom_locals_eval_mono_elim)
    75.1 --- a/src/HOL/Bali/Value.thy	Tue Jan 16 09:12:16 2018 +0100
    75.2 +++ b/src/HOL/Bali/Value.thy	Tue Jan 16 09:30:00 2018 +0100
    75.3 @@ -7,14 +7,14 @@
    75.4  
    75.5  theory Value imports Type begin
    75.6  
    75.7 -typedecl loc            \<comment>\<open>locations, i.e. abstract references on objects\<close>
    75.8 +typedecl loc            \<comment> \<open>locations, i.e. abstract references on objects\<close>
    75.9  
   75.10  datatype val
   75.11 -        = Unit          \<comment>\<open>dummy result value of void methods\<close>
   75.12 -        | Bool bool     \<comment>\<open>Boolean value\<close>
   75.13 -        | Intg int      \<comment>\<open>integer value\<close>
   75.14 -        | Null          \<comment>\<open>null reference\<close>
   75.15 -        | Addr loc      \<comment>\<open>addresses, i.e. locations of objects\<close>
   75.16 +        = Unit          \<comment> \<open>dummy result value of void methods\<close>
   75.17 +        | Bool bool     \<comment> \<open>Boolean value\<close>
   75.18 +        | Intg int      \<comment> \<open>integer value\<close>
   75.19 +        | Null          \<comment> \<open>null reference\<close>
   75.20 +        | Addr loc      \<comment> \<open>addresses, i.e. locations of objects\<close>
   75.21  
   75.22  
   75.23  primrec the_Bool :: "val \<Rightarrow> bool"
   75.24 @@ -36,13 +36,13 @@
   75.25  | "typeof dt  Null = Some NT"
   75.26  | "typeof dt (Addr a) = dt a"
   75.27  
   75.28 -primrec defpval :: "prim_ty \<Rightarrow> val"  \<comment>\<open>default value for primitive types\<close>
   75.29 +primrec defpval :: "prim_ty \<Rightarrow> val"  \<comment> \<open>default value for primitive types\<close>
   75.30  where
   75.31    "defpval Void = Unit"
   75.32  | "defpval Boolean = Bool False"
   75.33  | "defpval Integer = Intg 0"
   75.34  
   75.35 -primrec default_val :: "ty \<Rightarrow> val"  \<comment>\<open>default value for all types\<close>
   75.36 +primrec default_val :: "ty \<Rightarrow> val"  \<comment> \<open>default value for all types\<close>
   75.37  where
   75.38    "default_val (PrimT pt) = defpval pt"
   75.39  | "default_val (RefT  r ) = Null"
    76.1 --- a/src/HOL/Bali/WellType.thy	Tue Jan 16 09:12:16 2018 +0100
    76.2 +++ b/src/HOL/Bali/WellType.thy	Tue Jan 16 09:30:00 2018 +0100
    76.3 @@ -29,12 +29,12 @@
    76.4  \<close>
    76.5  
    76.6  type_synonym lenv
    76.7 -        = "(lname, ty) table"  \<comment>\<open>local variables, including This and Result\<close>
    76.8 +        = "(lname, ty) table"  \<comment> \<open>local variables, including This and Result\<close>
    76.9  
   76.10  record env = 
   76.11 -         prg:: "prog"    \<comment>\<open>program\<close>
   76.12 -         cls:: "qtname"  \<comment>\<open>current package and class name\<close>
   76.13 -         lcl:: "lenv"    \<comment>\<open>local environment\<close>     
   76.14 +         prg:: "prog"    \<comment> \<open>program\<close>
   76.15 +         cls:: "qtname"  \<comment> \<open>current package and class name\<close>
   76.16 +         lcl:: "lenv"    \<comment> \<open>local environment\<close>     
   76.17    
   76.18  translations
   76.19    (type) "lenv" <= (type) "(lname, ty) table"
   76.20 @@ -44,7 +44,7 @@
   76.21  
   76.22  
   76.23  abbreviation
   76.24 -  pkg :: "env \<Rightarrow> pname" \<comment>\<open>select the current package from an environment\<close>
   76.25 +  pkg :: "env \<Rightarrow> pname" \<comment> \<open>select the current package from an environment\<close>
   76.26    where "pkg e == pid (cls e)"
   76.27  
   76.28  subsubsection "Static overloading: maximally specific methods "
   76.29 @@ -52,7 +52,7 @@
   76.30  type_synonym
   76.31    emhead = "ref_ty \<times> mhead"
   76.32  
   76.33 -\<comment>\<open>Some mnemotic selectors for emhead\<close>
   76.34 +\<comment> \<open>Some mnemotic selectors for emhead\<close>
   76.35  definition
   76.36    "declrefT" :: "emhead \<Rightarrow> ref_ty"
   76.37    where "declrefT = fst"
   76.38 @@ -107,20 +107,20 @@
   76.39  | "mheads G S (ArrayT T) = accObjectmheads G S (ArrayT T)"
   76.40  
   76.41  definition
   76.42 -  \<comment>\<open>applicable methods, cf. 15.11.2.1\<close>
   76.43 +  \<comment> \<open>applicable methods, cf. 15.11.2.1\<close>
   76.44    appl_methds :: "prog \<Rightarrow> qtname \<Rightarrow>  ref_ty \<Rightarrow> sig \<Rightarrow> (emhead \<times> ty list) set" where
   76.45    "appl_methds G S rt = (\<lambda> sig. 
   76.46        {(mh,pTs') |mh pTs'. mh \<in> mheads G S rt \<lparr>name=name sig,parTs=pTs'\<rparr> \<and> 
   76.47                             G\<turnstile>(parTs sig)[\<preceq>]pTs'})"
   76.48  
   76.49  definition
   76.50 -  \<comment>\<open>more specific methods, cf. 15.11.2.2\<close>
   76.51 +  \<comment> \<open>more specific methods, cf. 15.11.2.2\<close>
   76.52    more_spec :: "prog \<Rightarrow> emhead \<times> ty list \<Rightarrow> emhead \<times> ty list \<Rightarrow> bool" where
   76.53    "more_spec G = (\<lambda>(mh,pTs). \<lambda>(mh',pTs'). G\<turnstile>pTs[\<preceq>]pTs')"
   76.54  (*more_spec G \<equiv>\<lambda>((d,h),pTs). \<lambda>((d',h'),pTs'). G\<turnstile>RefT d\<preceq>RefT d'\<and>G\<turnstile>pTs[\<preceq>]pTs'*)
   76.55  
   76.56  definition
   76.57 -  \<comment>\<open>maximally specific methods, cf. 15.11.2.2\<close>
   76.58 +  \<comment> \<open>maximally specific methods, cf. 15.11.2.2\<close>
   76.59    max_spec :: "prog \<Rightarrow> qtname \<Rightarrow> ref_ty \<Rightarrow> sig \<Rightarrow> (emhead \<times> ty list) set" where
   76.60    "max_spec G S rt sig = {m. m \<in>appl_methds G S rt sig \<and>
   76.61                            (\<forall>m'\<in>appl_methds G S rt sig. more_spec G m' m \<longrightarrow> m'=m)}"
   76.62 @@ -262,13 +262,13 @@
   76.63  | "E,dt\<Turnstile>e\<Colon>=T \<equiv> E,dt\<Turnstile>In2  e\<Colon>Inl T"
   76.64  | "E,dt\<Turnstile>e\<Colon>\<doteq>T \<equiv> E,dt\<Turnstile>In3  e\<Colon>Inr T"
   76.65  
   76.66 -\<comment>\<open>well-typed statements\<close>
   76.67 +\<comment> \<open>well-typed statements\<close>
   76.68  
   76.69  | Skip:                                 "E,dt\<Turnstile>Skip\<Colon>\<surd>"
   76.70  
   76.71  | Expr: "\<lbrakk>E,dt\<Turnstile>e\<Colon>-T\<rbrakk> \<Longrightarrow>
   76.72                                           E,dt\<Turnstile>Expr e\<Colon>\<surd>"
   76.73 -  \<comment>\<open>cf. 14.6\<close>
   76.74 +  \<comment> \<open>cf. 14.6\<close>
   76.75  | Lab:  "E,dt\<Turnstile>c\<Colon>\<surd> \<Longrightarrow>                   
   76.76                                           E,dt\<Turnstile>l\<bullet> c\<Colon>\<surd>" 
   76.77  
   76.78 @@ -276,62 +276,61 @@
   76.79            E,dt\<Turnstile>c2\<Colon>\<surd>\<rbrakk> \<Longrightarrow>
   76.80                                           E,dt\<Turnstile>c1;; c2\<Colon>\<surd>"
   76.81  
   76.82 -  \<comment>\<open>cf. 14.8\<close>
   76.83 +  \<comment> \<open>cf. 14.8\<close>
   76.84  | If:   "\<lbrakk>E,dt\<Turnstile>e\<Colon>-PrimT Boolean;
   76.85            E,dt\<Turnstile>c1\<Colon>\<surd>;
   76.86            E,dt\<Turnstile>c2\<Colon>\<surd>\<rbrakk> \<Longrightarrow>
   76.87                                           E,dt\<Turnstile>If(e) c1 Else c2\<Colon>\<surd>"
   76.88  
   76.89 -  \<comment>\<open>cf. 14.10\<close>
   76.90 +  \<comment> \<open>cf. 14.10\<close>
   76.91  | Loop: "\<lbrakk>E,dt\<Turnstile>e\<Colon>-PrimT Boolean;
   76.92            E,dt\<Turnstile>c\<Colon>\<surd>\<rbrakk> \<Longrightarrow>
   76.93                                           E,dt\<Turnstile>l\<bullet> While(e) c\<Colon>\<surd>"
   76.94 -  \<comment>\<open>cf. 14.13, 14.15, 14.16\<close>
   76.95 +  \<comment> \<open>cf. 14.13, 14.15, 14.16\<close>
   76.96  | Jmp:                                   "E,dt\<Turnstile>Jmp jump\<Colon>\<surd>"
   76.97  
   76.98 -  \<comment>\<open>cf. 14.16\<close>
   76.99 +  \<comment> \<open>cf. 14.16\<close>
  76.100  | Throw: "\<lbrakk>E,dt\<Turnstile>e\<Colon>-Class tn;
  76.101            prg E\<turnstile>tn\<preceq>\<^sub>C SXcpt Throwable\<rbrakk> \<Longrightarrow>
  76.102                                           E,dt\<Turnstile>Throw e\<Colon>\<surd>"
  76.103 -  \<comment>\<open>cf. 14.18\<close>
  76.104 +  \<comment> \<open>cf. 14.18\<close>
  76.105  | Try:  "\<lbrakk>E,dt\<Turnstile>c1\<Colon>\<surd>; prg E\<turnstile>tn\<preceq>\<^sub>C SXcpt Throwable;
  76.106            lcl E (VName vn)=None; E \<lparr>lcl := lcl E(VName vn\<mapsto>Class tn)\<rparr>,dt\<Turnstile>c2\<Colon>\<surd>\<rbrakk>
  76.107            \<Longrightarrow>
  76.108                                           E,dt\<Turnstile>Try c1 Catch(tn vn) c2\<Colon>\<surd>"
  76.109  
  76.110 -  \<comment>\<open>cf. 14.18\<close>
  76.111 +  \<comment> \<open>cf. 14.18\<close>
  76.112  | Fin:  "\<lbrakk>E,dt\<Turnstile>c1\<Colon>\<surd>; E,dt\<Turnstile>c2\<Colon>\<surd>\<rbrakk> \<Longrightarrow>
  76.113                                           E,dt\<Turnstile>c1 Finally c2\<Colon>\<surd>"
  76.114  
  76.115  | Init: "\<lbrakk>is_class (prg E) C\<rbrakk> \<Longrightarrow>
  76.116                                           E,dt\<Turnstile>Init C\<Colon>\<surd>"
  76.117 -  \<comment>\<open>@{term Init} is created on the fly during evaluation (see Eval.thy). 
  76.118 +  \<comment> \<open>@{term Init} is created on the fly during evaluation (see Eval.thy). 
  76.119       The class isn't necessarily accessible from the points @{term Init} 
  76.120       is called. Therefor we only demand @{term is_class} and not 
  76.121 -     @{term is_acc_class} here. 
  76.122 -\<close>
  76.123 +     @{term is_acc_class} here.\<close>
  76.124  
  76.125 -\<comment>\<open>well-typed expressions\<close>
  76.126 +\<comment> \<open>well-typed expressions\<close>
  76.127  
  76.128 -  \<comment>\<open>cf. 15.8\<close>
  76.129 +  \<comment> \<open>cf. 15.8\<close>
  76.130  | NewC: "\<lbrakk>is_acc_class (prg E) (pkg E) C\<rbrakk> \<Longrightarrow>
  76.131                                           E,dt\<Turnstile>NewC C\<Colon>-Class C"
  76.132 -  \<comment>\<open>cf. 15.9\<close>
  76.133 +  \<comment> \<open>cf. 15.9\<close>
  76.134  | NewA: "\<lbrakk>is_acc_type (prg E) (pkg E) T;
  76.135            E,dt\<Turnstile>i\<Colon>-PrimT Integer\<rbrakk> \<Longrightarrow>
  76.136                                           E,dt\<Turnstile>New T[i]\<Colon>-T.[]"
  76.137  
  76.138 -  \<comment>\<open>cf. 15.15\<close>
  76.139 +  \<comment> \<open>cf. 15.15\<close>
  76.140  | Cast: "\<lbrakk>E,dt\<Turnstile>e\<Colon>-T; is_acc_type (prg E) (pkg E) T';
  76.141            prg E\<turnstile>T\<preceq>? T'\<rbrakk> \<Longrightarrow>
  76.142                                           E,dt\<Turnstile>Cast T' e\<Colon>-T'"
  76.143  
  76.144 -  \<comment>\<open>cf. 15.19.2\<close>
  76.145 +  \<comment> \<open>cf. 15.19.2\<close>
  76.146  | Inst: "\<lbrakk>E,dt\<Turnstile>e\<Colon>-RefT T; is_acc_type (prg E) (pkg E) (RefT T');
  76.147            prg E\<turnstile>RefT T\<preceq>? RefT T'\<rbrakk> \<Longrightarrow>
  76.148                                           E,dt\<Turnstile>e InstOf T'\<Colon>-PrimT Boolean"
  76.149  
  76.150 -  \<comment>\<open>cf. 15.7.1\<close>
  76.151 +  \<comment> \<open>cf. 15.7.1\<close>
  76.152  | Lit:  "\<lbrakk>typeof dt x = Some T\<rbrakk> \<Longrightarrow>
  76.153                                           E,dt\<Turnstile>Lit x\<Colon>-T"
  76.154  
  76.155 @@ -344,28 +343,28 @@
  76.156             \<Longrightarrow>
  76.157             E,dt\<Turnstile>BinOp binop e1 e2\<Colon>-T"
  76.158    
  76.159 -  \<comment>\<open>cf. 15.10.2, 15.11.1\<close>
  76.160 +  \<comment> \<open>cf. 15.10.2, 15.11.1\<close>
  76.161  | Super: "\<lbrakk>lcl E This = Some (Class C); C \<noteq> Object;
  76.162            class (prg E) C = Some c\<rbrakk> \<Longrightarrow>
  76.163                                           E,dt\<Turnstile>Super\<Colon>-Class (super c)"
  76.164  
  76.165 -  \<comment>\<open>cf. 15.13.1, 15.10.1, 15.12\<close>
  76.166 +  \<comment> \<open>cf. 15.13.1, 15.10.1, 15.12\<close>
  76.167  | Acc:  "\<lbrakk>E,dt\<Turnstile>va\<Colon>=T\<rbrakk> \<Longrightarrow>
  76.168                                           E,dt\<Turnstile>Acc va\<Colon>-T"
  76.169  
  76.170 -  \<comment>\<open>cf. 15.25, 15.25.1\<close>
  76.171 +  \<comment> \<open>cf. 15.25, 15.25.1\<close>
  76.172  | Ass:  "\<lbrakk>E,dt\<Turnstile>va\<Colon>=T; va \<noteq> LVar This;
  76.173            E,dt\<Turnstile>v \<Colon>-T';
  76.174            prg E\<turnstile>T'\<preceq>T\<rbrakk> \<Longrightarrow>
  76.175                                           E,dt\<Turnstile>va:=v\<Colon>-T'"
  76.176  
  76.177 -  \<comment>\<open>cf. 15.24\<close>
  76.178 +  \<comment> \<open>cf. 15.24\<close>
  76.179  | Cond: "\<lbrakk>E,dt\<Turnstile>e0\<Colon>-PrimT Boolean;
  76.180            E,dt\<Turnstile>e1\<Colon>-T1; E,dt\<Turnstile>e2\<Colon>-T2;
  76.181            prg E\<turnstile>T1\<preceq>T2 \<and> T = T2  \<or>  prg E\<turnstile>T2\<preceq>T1 \<and> T = T1\<rbrakk> \<Longrightarrow>
  76.182                                           E,dt\<Turnstile>e0 ? e1 : e2\<Colon>-T"
  76.183  
  76.184 -  \<comment>\<open>cf. 15.11.1, 15.11.2, 15.11.3\<close>
  76.185 +  \<comment> \<open>cf. 15.11.1, 15.11.2, 15.11.3\<close>
  76.186  | Call: "\<lbrakk>E,dt\<Turnstile>e\<Colon>-RefT statT;
  76.187            E,dt\<Turnstile>ps\<Colon>\<doteq>pTs;
  76.188            max_spec (prg E) (cls E) statT \<lparr>name=mn,parTs=pTs\<rparr> 
  76.189 @@ -377,7 +376,7 @@
  76.190            methd (prg E) C sig = Some m;
  76.191            E,dt\<Turnstile>Body (declclass m) (stmt (mbody (mthd m)))\<Colon>-T\<rbrakk> \<Longrightarrow>
  76.192                                           E,dt\<Turnstile>Methd C sig\<Colon>-T"
  76.193 - \<comment>\<open>The class @{term C} is the dynamic class of the method call 
  76.194 + \<comment> \<open>The class @{term C} is the dynamic class of the method call 
  76.195      (cf. Eval.thy). 
  76.196      It hasn't got to be directly accessible from the current package 
  76.197      @{term "(pkg E)"}. 
  76.198 @@ -385,43 +384,41 @@
  76.199      @{term Call}). 
  76.200      Note that l is just a dummy value. It is only used in the smallstep 
  76.201      semantics. To proof typesafety directly for the smallstep semantics 
  76.202 -    we would have to assume conformance of l here!
  76.203 -\<close>
  76.204 +    we would have to assume conformance of l here!\<close>
  76.205  
  76.206  | Body: "\<lbrakk>is_class (prg E) D;
  76.207            E,dt\<Turnstile>blk\<Colon>\<surd>;
  76.208            (lcl E) Result = Some T;
  76.209            is_type (prg E) T\<rbrakk> \<Longrightarrow>
  76.210                                           E,dt\<Turnstile>Body D blk\<Colon>-T"
  76.211 -\<comment>\<open>The class @{term D} implementing the method must not directly be 
  76.212 +\<comment> \<open>The class @{term D} implementing the method must not directly be 
  76.213       accessible  from the current package @{term "(pkg E)"}, but can also 
  76.214       be indirectly accessible due to inheritance (enshured in @{term Call})
  76.215      The result type hasn't got to be accessible in Java! (If it is not 
  76.216      accessible you can only assign it to Object).
  76.217 -    For dummy value l see rule @{term Methd}. 
  76.218 -\<close>
  76.219 +    For dummy value l see rule @{term Methd}.\<close>
  76.220  
  76.221 -\<comment>\<open>well-typed variables\<close>
  76.222 +\<comment> \<open>well-typed variables\<close>
  76.223  
  76.224 -  \<comment>\<open>cf. 15.13.1\<close>
  76.225 +  \<comment> \<open>cf. 15.13.1\<close>
  76.226  | LVar: "\<lbrakk>lcl E vn = Some T; is_acc_type (prg E) (pkg E) T\<rbrakk> \<Longrightarrow>
  76.227                                           E,dt\<Turnstile>LVar vn\<Colon>=T"
  76.228 -  \<comment>\<open>cf. 15.10.1\<close>
  76.229 +  \<comment> \<open>cf. 15.10.1\<close>
  76.230  | FVar: "\<lbrakk>E,dt\<Turnstile>e\<Colon>-Class C; 
  76.231            accfield (prg E) (cls E) C fn = Some (statDeclC,f)\<rbrakk> \<Longrightarrow>
  76.232                           E,dt\<Turnstile>{cls E,statDeclC,is_static f}e..fn\<Colon>=(type f)"
  76.233 -  \<comment>\<open>cf. 15.12\<close>
  76.234 +  \<comment> \<open>cf. 15.12\<close>
  76.235  | AVar: "\<lbrakk>E,dt\<Turnstile>e\<Colon>-T.[]; 
  76.236            E,dt\<Turnstile>i\<Colon>-PrimT Integer\<rbrakk> \<Longrightarrow>
  76.237                                           E,dt\<Turnstile>e.[i]\<Colon>=T"
  76.238  
  76.239  
  76.240 -\<comment>\<open>well-typed expression lists\<close>
  76.241 +\<comment> \<open>well-typed expression lists\<close>
  76.242  
  76.243 -  \<comment>\<open>cf. 15.11.???\<close>
  76.244 +  \<comment> \<open>cf. 15.11.???\<close>
  76.245  | Nil:                                  "E,dt\<Turnstile>[]\<Colon>\<doteq>[]"
  76.246  
  76.247 -  \<comment>\<open>cf. 15.11.???\<close>
  76.248 +  \<comment> \<open>cf. 15.11.???\<close>
  76.249  | Cons: "\<lbrakk>E,dt\<Turnstile>e \<Colon>-T;
  76.250            E,dt\<Turnstile>es\<Colon>\<doteq>Ts\<rbrakk> \<Longrightarrow>
  76.251                                           E,dt\<Turnstile>e#es\<Colon>\<doteq>T#Ts"
  76.252 @@ -588,13 +585,12 @@
  76.253  apply auto
  76.254  done
  76.255  
  76.256 -\<comment>\<open>In the special syntax to distinguish the typing judgements for expressions, 
  76.257 +\<comment> \<open>In the special syntax to distinguish the typing judgements for expressions, 
  76.258       statements, variables and expression lists the kind of term corresponds
  76.259       to the kind of type in the end e.g. An statement (injection @{term In3} 
  76.260      into terms, always has type void (injection @{term Inl} into the generalised
  76.261      types. The following simplification procedures establish these kinds of
  76.262 -    correlation. 
  76.263 -\<close>
  76.264 +    correlation.\<close>
  76.265  
  76.266  lemma wt_expr_eq: "E,dt\<Turnstile>In1l t\<Colon>U = (\<exists>T. U=Inl T \<and> E,dt\<Turnstile>t\<Colon>-T)"
  76.267    by (auto, frule wt_Inj_elim, auto)
    77.1 --- a/src/HOL/Binomial.thy	Tue Jan 16 09:12:16 2018 +0100
    77.2 +++ b/src/HOL/Binomial.thy	Tue Jan 16 09:30:00 2018 +0100
    77.3 @@ -1194,7 +1194,7 @@
    77.4  qed
    77.5  
    77.6  lemma card_length_sum_list: "card {l::nat list. size l = m \<and> sum_list l = N} = (N + m - 1) choose N"
    77.7 -  \<comment> "by Holden Lee, tidied by Tobias Nipkow"
    77.8 +  \<comment> \<open>by Holden Lee, tidied by Tobias Nipkow\<close>
    77.9  proof (cases m)
   77.10    case 0
   77.11    then show ?thesis
   77.12 @@ -1205,7 +1205,7 @@
   77.13      by (simp add: Suc)
   77.14    then show ?thesis
   77.15    proof (induct "N + m - 1" arbitrary: N m)
   77.16 -    case 0  \<comment> "In the base case, the only solution is [0]."
   77.17 +    case 0  \<comment> \<open>In the base case, the only solution is [0].\<close>
   77.18      have [simp]: "{l::nat list. length l = Suc 0 \<and> (\<forall>n\<in>set l. n = 0)} = {[0]}"
   77.19        by (auto simp: length_Suc_conv)
   77.20      have "m = 1 \<and> N = 0"
    78.1 --- a/src/HOL/Cardinals/Wellorder_Extension.thy	Tue Jan 16 09:12:16 2018 +0100
    78.2 +++ b/src/HOL/Cardinals/Wellorder_Extension.thy	Tue Jan 16 09:30:00 2018 +0100
    78.3 @@ -160,7 +160,7 @@
    78.4        \<open>Refl m\<close> and \<open>x \<notin> Field m\<close>
    78.5        by (auto simp: I_def init_seg_of_def refl_on_def)
    78.6      ultimately
    78.7 -    \<comment>\<open>This contradicts maximality of m:\<close>
    78.8 +    \<comment> \<open>This contradicts maximality of m:\<close>
    78.9      show False using max and \<open>x \<notin> Field m\<close> unfolding Field_def by blast
   78.10    qed
   78.11    have "p \<subseteq> m"
    79.1 --- a/src/HOL/Computational_Algebra/Euclidean_Algorithm.thy	Tue Jan 16 09:12:16 2018 +0100
    79.2 +++ b/src/HOL/Computational_Algebra/Euclidean_Algorithm.thy	Tue Jan 16 09:30:00 2018 +0100
    79.3 @@ -69,8 +69,7 @@
    79.4  qualified definition lcm :: "'a \<Rightarrow> 'a \<Rightarrow> 'a"
    79.5    where "lcm a b = normalize (a * b) div gcd a b"
    79.6  
    79.7 -qualified definition Lcm :: "'a set \<Rightarrow> 'a" \<comment>
    79.8 -    \<open>Somewhat complicated definition of Lcm that has the advantage of working
    79.9 +qualified definition Lcm :: "'a set \<Rightarrow> 'a" \<comment> \<open>Somewhat complicated definition of Lcm that has the advantage of working
   79.10      for infinite sets as well\<close>
   79.11    where
   79.12    [code del]: "Lcm A = (if \<exists>l. l \<noteq> 0 \<and> (\<forall>a\<in>A. a dvd l) then
    80.1 --- a/src/HOL/Decision_Procs/ex/Approximation_Quickcheck_Ex.thy	Tue Jan 16 09:12:16 2018 +0100
    80.2 +++ b/src/HOL/Decision_Procs/ex/Approximation_Quickcheck_Ex.thy	Tue Jan 16 09:30:00 2018 +0100
    80.3 @@ -31,7 +31,7 @@
    80.4    shows "x > 1 \<Longrightarrow> x \<le> 2 ^ 20 * log 2 x + 1 \<and> (sin x)\<^sup>2 + (cos x)\<^sup>2 = 1"
    80.5    using [[quickcheck_approximation_custom_seed = 1]]
    80.6    using [[quickcheck_approximation_epsilon = 0.00000001]]
    80.7 -    \<comment>\<open>avoids spurious counterexamples in approximate computation of @{term "(sin x)\<^sup>2 + (cos x)\<^sup>2"}
    80.8 +    \<comment> \<open>avoids spurious counterexamples in approximate computation of @{term "(sin x)\<^sup>2 + (cos x)\<^sup>2"}
    80.9        and therefore avoids expensive failing attempts for certification\<close>
   80.10    quickcheck[approximation, expect=counterexample, size=20]
   80.11    oops
    81.1 --- a/src/HOL/Deriv.thy	Tue Jan 16 09:12:16 2018 +0100
    81.2 +++ b/src/HOL/Deriv.thy	Tue Jan 16 09:30:00 2018 +0100
    81.3 @@ -1216,14 +1216,14 @@
    81.4    then show ?thesis
    81.5    proof cases
    81.6      case 1
    81.7 -    \<comment>\<open>@{term f} attains its maximum within the interval\<close>
    81.8 +    \<comment> \<open>@{term f} attains its maximum within the interval\<close>
    81.9      obtain d where d: "0 < d" and bound: "\<forall>y. \<bar>x - y\<bar> < d \<longrightarrow> a \<le> y \<and> y \<le> b"
   81.10        using lemma_interval [OF 1] by blast
   81.11      then have bound': "\<forall>y. \<bar>x - y\<bar> < d \<longrightarrow> f y \<le> f x"
   81.12        using x_max by blast
   81.13      obtain l where der: "DERIV f x :> l"
   81.14        using differentiableD [OF dif [OF conjI [OF 1]]] ..
   81.15 -    \<comment>\<open>the derivative at a local maximum is zero\<close>
   81.16 +    \<comment> \<open>the derivative at a local maximum is zero\<close>
   81.17      have "l = 0"
   81.18        by (rule DERIV_local_max [OF der d bound'])
   81.19      with 1 der show ?thesis by auto
    82.1 --- a/src/HOL/Finite_Set.thy	Tue Jan 16 09:12:16 2018 +0100
    82.2 +++ b/src/HOL/Finite_Set.thy	Tue Jan 16 09:30:00 2018 +0100
    82.3 @@ -67,7 +67,7 @@
    82.4  
    82.5  subsubsection \<open>Choice principles\<close>
    82.6  
    82.7 -lemma ex_new_if_finite: \<comment> "does not depend on def of finite at all"
    82.8 +lemma ex_new_if_finite: \<comment> \<open>does not depend on def of finite at all\<close>
    82.9    assumes "\<not> finite (UNIV :: 'a set)" and "finite A"
   82.10    shows "\<exists>a::'a. a \<notin> A"
   82.11  proof -
    83.1 --- a/src/HOL/Fun_Def.thy	Tue Jan 16 09:12:16 2018 +0100
    83.2 +++ b/src/HOL/Fun_Def.thy	Tue Jan 16 09:30:00 2018 +0100
    83.3 @@ -295,7 +295,7 @@
    83.4  ML_file "Tools/Function/scnp_reconstruct.ML"
    83.5  ML_file "Tools/Function/fun_cases.ML"
    83.6  
    83.7 -ML_val \<comment> "setup inactive"
    83.8 +ML_val \<comment> \<open>setup inactive\<close>
    83.9  \<open>
   83.10    Context.theory_map (Function_Common.set_termination_prover
   83.11      (K (ScnpReconstruct.decomp_scnp_tac [ScnpSolve.MAX, ScnpSolve.MIN, ScnpSolve.MS])))
    84.1 --- a/src/HOL/HOL.thy	Tue Jan 16 09:12:16 2018 +0100
    84.2 +++ b/src/HOL/HOL.thy	Tue Jan 16 09:30:00 2018 +0100
    84.3 @@ -1341,8 +1341,7 @@
    84.4    if_False
    84.5    if_cancel
    84.6    if_eq_cancel
    84.7 -  imp_disjL \<comment>
    84.8 -   \<open>In general it seems wrong to add distributive laws by default: they
    84.9 +  imp_disjL \<comment> \<open>In general it seems wrong to add distributive laws by default: they
   84.10      might cause exponential blow-up.  But \<open>imp_disjL\<close> has been in for a while
   84.11      and cannot be removed without affecting existing proofs.  Moreover,
   84.12      rewriting by \<open>(P \<or> Q \<longrightarrow> R) = ((P \<longrightarrow> R) \<and> (Q \<longrightarrow> R))\<close> might be justified on the
    85.1 --- a/src/HOL/HOLCF/Cont.thy	Tue Jan 16 09:12:16 2018 +0100
    85.2 +++ b/src/HOL/HOLCF/Cont.thy	Tue Jan 16 09:30:00 2018 +0100
    85.3 @@ -18,7 +18,7 @@
    85.4  
    85.5  subsection \<open>Definitions\<close>
    85.6  
    85.7 -definition monofun :: "('a \<Rightarrow> 'b) \<Rightarrow> bool"  \<comment> "monotonicity"
    85.8 +definition monofun :: "('a \<Rightarrow> 'b) \<Rightarrow> bool"  \<comment> \<open>monotonicity\<close>
    85.9    where "monofun f \<longleftrightarrow> (\<forall>x y. x \<sqsubseteq> y \<longrightarrow> f x \<sqsubseteq> f y)"
   85.10  
   85.11  definition cont :: "('a::cpo \<Rightarrow> 'b::cpo) \<Rightarrow> bool"
    86.1 --- a/src/HOL/HOLCF/IMP/HoareEx.thy	Tue Jan 16 09:12:16 2018 +0100
    86.2 +++ b/src/HOL/HOLCF/IMP/HoareEx.thy	Tue Jan 16 09:30:00 2018 +0100
    86.3 @@ -24,7 +24,7 @@
    86.4    apply (unfold hoare_valid_def)
    86.5    apply (simp (no_asm))
    86.6    apply (rule fix_ind)
    86.7 -    apply (simp (no_asm)) \<comment> "simplifier with enhanced \<open>adm\<close>-tactic"
    86.8 +    apply (simp (no_asm)) \<comment> \<open>simplifier with enhanced \<open>adm\<close>-tactic\<close>
    86.9     apply (simp (no_asm))
   86.10    apply (simp (no_asm))
   86.11    apply blast
    87.1 --- a/src/HOL/HOLCF/Tutorial/Domain_ex.thy	Tue Jan 16 09:12:16 2018 +0100
    87.2 +++ b/src/HOL/HOLCF/Tutorial/Domain_ex.thy	Tue Jan 16 09:30:00 2018 +0100
    87.3 @@ -57,7 +57,7 @@
    87.4  \<close>
    87.5  
    87.6  domain 'a d7 = d7a "'a d7 \<oplus> int lift" | d7b "'a \<otimes> 'a d7" | d7c (lazy "'a d7 \<rightarrow> 'a")
    87.7 -  \<comment> "Indirect recursion detected, skipping proofs of (co)induction rules"
    87.8 +  \<comment> \<open>Indirect recursion detected, skipping proofs of (co)induction rules\<close>
    87.9  
   87.10  text \<open>Note that \<open>d7.induct\<close> is absent.\<close>
   87.11  
   87.12 @@ -94,12 +94,12 @@
   87.13  domain 'a flattree = Tip | Branch "'a flattree" "'a flattree"
   87.14  
   87.15  lemma "\<lbrakk>P \<bottom>; P Tip; \<And>x y. \<lbrakk>x \<noteq> \<bottom>; y \<noteq> \<bottom>; P x; P y\<rbrakk> \<Longrightarrow> P (Branch\<cdot>x\<cdot>y)\<rbrakk> \<Longrightarrow> P x"
   87.16 -by (rule flattree.induct) \<comment> "no admissibility requirement"
   87.17 +by (rule flattree.induct) \<comment> \<open>no admissibility requirement\<close>
   87.18  
   87.19  text \<open>Trivial datatypes will produce a warning message.\<close>
   87.20  
   87.21  domain triv = Triv triv triv
   87.22 -  \<comment> "domain \<open>Domain_ex.triv\<close> is empty!"
   87.23 +  \<comment> \<open>domain \<open>Domain_ex.triv\<close> is empty!\<close>
   87.24  
   87.25  lemma "(x::triv) = \<bottom>" by (induct x, simp_all)
   87.26  
    88.1 --- a/src/HOL/Hoare/Hoare_Logic.thy	Tue Jan 16 09:12:16 2018 +0100
    88.2 +++ b/src/HOL/Hoare/Hoare_Logic.thy	Tue Jan 16 09:30:00 2018 +0100
    88.3 @@ -92,7 +92,7 @@
    88.4  lemma Compl_Collect: "-(Collect b) = {x. ~(b x)}"
    88.5    by blast
    88.6  
    88.7 -lemmas AbortRule = SkipRule  \<comment> "dummy version"
    88.8 +lemmas AbortRule = SkipRule  \<comment> \<open>dummy version\<close>
    88.9  ML_file "hoare_tac.ML"
   88.10  
   88.11  method_setup vcg = \<open>
    89.1 --- a/src/HOL/Hoare/SchorrWaite.thy	Tue Jan 16 09:12:16 2018 +0100
    89.2 +++ b/src/HOL/Hoare/SchorrWaite.thy	Tue Jan 16 09:30:00 2018 +0100
    89.3 @@ -11,7 +11,7 @@
    89.4  section \<open>Machinery for the Schorr-Waite proof\<close>
    89.5  
    89.6  definition
    89.7 -  \<comment> "Relations induced by a mapping"
    89.8 +  \<comment> \<open>Relations induced by a mapping\<close>
    89.9    rel :: "('a \<Rightarrow> 'a ref) \<Rightarrow> ('a \<times> 'a) set"
   89.10    where "rel m = {(x,y). m x = Ref y}"
   89.11  
   89.12 @@ -83,7 +83,7 @@
   89.13  done
   89.14  
   89.15  definition
   89.16 -  \<comment> "Restriction of a relation"
   89.17 +  \<comment> \<open>Restriction of a relation\<close>
   89.18    restr ::"('a \<times> 'a) set \<Rightarrow> ('a \<Rightarrow> bool) \<Rightarrow> ('a \<times> 'a) set"       ("(_/ | _)" [50, 51] 50)
   89.19    where "restr r m = {(x,y). (x,y) \<in> r \<and> \<not> m x}"
   89.20  
   89.21 @@ -115,7 +115,7 @@
   89.22  done
   89.23  
   89.24  definition
   89.25 -  \<comment> "A short form for the stack mapping function for List"
   89.26 +  \<comment> \<open>A short form for the stack mapping function for List\<close>
   89.27    S :: "('a \<Rightarrow> bool) \<Rightarrow> ('a \<Rightarrow> 'a ref) \<Rightarrow> ('a \<Rightarrow> 'a ref) \<Rightarrow> ('a \<Rightarrow> 'a ref)"
   89.28    where "S c l r = (\<lambda>x. if c x then r x else l x)"
   89.29  
   89.30 @@ -146,7 +146,7 @@
   89.31  done
   89.32  
   89.33  primrec
   89.34 -  \<comment>"Recursive definition of what is means for a the graph/stack structure to be reconstructible"
   89.35 +  \<comment> \<open>Recursive definition of what is means for a the graph/stack structure to be reconstructible\<close>
   89.36    stkOk :: "('a \<Rightarrow> bool) \<Rightarrow> ('a \<Rightarrow> 'a ref) \<Rightarrow> ('a \<Rightarrow> 'a ref) \<Rightarrow> ('a \<Rightarrow> 'a ref) \<Rightarrow> ('a \<Rightarrow> 'a ref) \<Rightarrow> 'a ref \<Rightarrow>'a list \<Rightarrow>  bool"
   89.37  where
   89.38    stkOk_nil:  "stkOk c l r iL iR t [] = True"
   89.39 @@ -314,7 +314,7 @@
   89.40              with i3 have poI3: "R = reachable ?Rb ?B"  by (simp add:reachable_def) 
   89.41              moreover
   89.42  
   89.43 -            \<comment> "If it is reachable and not marked, it is still reachable using..."
   89.44 +            \<comment> \<open>If it is reachable and not marked, it is still reachable using...\<close>
   89.45              let "\<forall>x. x \<in> R \<and> \<not> m x \<longrightarrow> x \<in> reachable ?Ra ?A"  =  ?I4        
   89.46              let "?Rb" = "relS {l, r(p \<rightarrow> t)} | m"
   89.47              let "?B" = "{p} \<union> set (map (r(p \<rightarrow> t)) stack_tl)"
   89.48 @@ -331,7 +331,7 @@
   89.49                  by (clarsimp simp:restr_def relS_def) 
   89.50                    (fastforce simp add:rel_def Image_iff addrs_def dest:rel_upd1)
   89.51              qed
   89.52 -            \<comment> "We now bring a term from the right to the left of the subset relation."
   89.53 +            \<comment> \<open>We now bring a term from the right to the left of the subset relation.\<close>
   89.54              hence subset: "?Ra\<^sup>* `` addrs ?A - ?Rb\<^sup>* `` addrs ?T \<subseteq> ?Rb\<^sup>* `` addrs ?B"
   89.55                by blast
   89.56              have poI4: "\<forall>x. x \<in> R \<and> \<not> m x \<longrightarrow> x \<in> reachable ?Rb ?B"
   89.57 @@ -350,7 +350,7 @@
   89.58              qed
   89.59              moreover
   89.60  
   89.61 -            \<comment> "If it is marked, then it is reachable"
   89.62 +            \<comment> \<open>If it is marked, then it is reachable\<close>
   89.63              from i5 have poI5: "\<forall>x. m x \<longrightarrow> x \<in> R" .
   89.64              moreover
   89.65  
   89.66 @@ -371,11 +371,11 @@
   89.67          }
   89.68          moreover
   89.69  
   89.70 -        \<comment> "Proofs of the Swing and Push arm follow."
   89.71 -        \<comment> "Since they are in principle simmilar to the Pop arm proof,"
   89.72 -        \<comment> "we show fewer comments and use frequent pattern matching."
   89.73 +        \<comment> \<open>Proofs of the Swing and Push arm follow.\<close>
   89.74 +        \<comment> \<open>Since they are in principle simmilar to the Pop arm proof,\<close>
   89.75 +        \<comment> \<open>we show fewer comments and use frequent pattern matching.\<close>
   89.76          {
   89.77 -          \<comment> "Swing arm"
   89.78 +          \<comment> \<open>Swing arm\<close>
   89.79            assume ifB1: "?ifB1" and nifB2: "\<not>?ifB2"
   89.80            from ifB1 whileB have pNotNull: "p \<noteq> Null" by clarsimp
   89.81            then obtain addr_p where addr_p_eq: "p = Ref addr_p" by clarsimp
   89.82 @@ -419,7 +419,7 @@
   89.83              have swI3: "?swI3" by (simp add:reachable_def) 
   89.84              moreover
   89.85  
   89.86 -            \<comment> "If it is reachable and not marked, it is still reachable using..."
   89.87 +            \<comment> \<open>If it is reachable and not marked, it is still reachable using...\<close>
   89.88              let "\<forall>x. x \<in> R \<and> \<not> m x \<longrightarrow> x \<in> reachable ?Ra ?A" = ?I4
   89.89              let "\<forall>x. x \<in> R \<and> \<not> m x \<longrightarrow> x \<in> reachable ?Rb ?B" = ?swI4
   89.90              let ?T = "{t}"
   89.91 @@ -449,7 +449,7 @@
   89.92              qed
   89.93              moreover
   89.94              
   89.95 -            \<comment> "If it is marked, then it is reachable"
   89.96 +            \<comment> \<open>If it is marked, then it is reachable\<close>
   89.97              from i5
   89.98              have "?swI5" .
   89.99              moreover
  89.100 @@ -472,7 +472,7 @@
  89.101          moreover
  89.102  
  89.103          {
  89.104 -          \<comment> "Push arm"
  89.105 +          \<comment> \<open>Push arm\<close>
  89.106            assume nifB1: "\<not>?ifB1"
  89.107            from nifB1 whileB have tNotNull: "t \<noteq> Null" by clarsimp
  89.108            then obtain addr_t where addr_t_eq: "t = Ref addr_t" by clarsimp
  89.109 @@ -516,7 +516,7 @@
  89.110              have puI3: "?puI3" by (simp add:reachable_def) 
  89.111              moreover
  89.112              
  89.113 -            \<comment> "If it is reachable and not marked, it is still reachable using..."
  89.114 +            \<comment> \<open>If it is reachable and not marked, it is still reachable using...\<close>
  89.115              let "\<forall>x. x \<in> R \<and> \<not> m x \<longrightarrow> x \<in> reachable ?Ra ?A" = ?I4
  89.116              let "\<forall>x. x \<in> R \<and> \<not> ?new_m x \<longrightarrow> x \<in> reachable ?Rb ?B" = ?puI4
  89.117              let ?T = "{t}"
  89.118 @@ -546,7 +546,7 @@
  89.119              qed  
  89.120              moreover
  89.121              
  89.122 -            \<comment> "If it is marked, then it is reachable"
  89.123 +            \<comment> \<open>If it is marked, then it is reachable\<close>
  89.124              from i5
  89.125              have "?puI5"
  89.126                by (auto simp:addrs_def i3 reachable_def addr_t_eq fun_upd_apply intro:self_reachable)
    90.1 --- a/src/HOL/Hoare_Parallel/Gar_Coll.thy	Tue Jan 16 09:12:16 2018 +0100
    90.2 +++ b/src/HOL/Hoare_Parallel/Gar_Coll.thy	Tue Jan 16 09:30:00 2018 +0100
    90.3 @@ -162,7 +162,7 @@
    90.4        apply force
    90.5       apply force
    90.6      apply force
    90.7 -\<comment>\<open>4 subgoals left\<close>
    90.8 +\<comment> \<open>4 subgoals left\<close>
    90.9  apply clarify
   90.10  apply(simp add:Proper_Edges_def Proper_Roots_def Graph6 Graph7 Graph8 Graph12)
   90.11  apply (erule disjE)
   90.12 @@ -188,10 +188,10 @@
   90.13  apply(erule subset_psubset_trans)
   90.14  apply(erule Graph11)
   90.15  apply fast
   90.16 -\<comment>\<open>3 subgoals left\<close>
   90.17 +\<comment> \<open>3 subgoals left\<close>
   90.18  apply force
   90.19  apply force
   90.20 -\<comment>\<open>last\<close>
   90.21 +\<comment> \<open>last\<close>
   90.22  apply clarify
   90.23  apply simp
   90.24  apply(subgoal_tac "ind x = length (E x)")
   90.25 @@ -246,10 +246,10 @@
   90.26         apply force
   90.27        apply force
   90.28       apply force
   90.29 -\<comment>\<open>5 subgoals left\<close>
   90.30 +\<comment> \<open>5 subgoals left\<close>
   90.31  apply clarify
   90.32  apply(simp add:BtoW_def Proper_Edges_def)
   90.33 -\<comment>\<open>4 subgoals left\<close>
   90.34 +\<comment> \<open>4 subgoals left\<close>
   90.35  apply clarify
   90.36  apply(simp add:Proper_Edges_def Graph6 Graph7 Graph8 Graph12)
   90.37  apply (erule disjE)
   90.38 @@ -286,7 +286,7 @@
   90.39  apply(erule subset_psubset_trans)
   90.40  apply(erule Graph11)
   90.41  apply fast
   90.42 -\<comment>\<open>2 subgoals left\<close>
   90.43 +\<comment> \<open>2 subgoals left\<close>
   90.44  apply clarify
   90.45  apply(simp add:Proper_Edges_def Graph6 Graph7 Graph8 Graph12)
   90.46  apply (erule disjE)
   90.47 @@ -303,7 +303,7 @@
   90.48    apply arith
   90.49   apply (simp add: BtoW_def)
   90.50  apply (simp add: BtoW_def)
   90.51 -\<comment>\<open>last\<close>
   90.52 +\<comment> \<open>last\<close>
   90.53  apply clarify
   90.54  apply simp
   90.55  apply(subgoal_tac "ind x = length (E x)")
   90.56 @@ -520,7 +520,7 @@
   90.57    "interfree_aux (Some Propagate_Black, {}, Some Redirect_Edge)"
   90.58  apply (unfold modules )
   90.59  apply interfree_aux
   90.60 -\<comment>\<open>11 subgoals left\<close>
   90.61 +\<comment> \<open>11 subgoals left\<close>
   90.62  apply(clarify, simp add:abbrev Graph6 Graph12)
   90.63  apply(clarify, simp add:abbrev Graph6 Graph12)
   90.64  apply(clarify, simp add:abbrev Graph6 Graph12)
   90.65 @@ -535,7 +535,7 @@
   90.66   apply (force simp add:BtoW_def)
   90.67  apply(erule Graph4)
   90.68     apply simp+
   90.69 -\<comment>\<open>7 subgoals left\<close>
   90.70 +\<comment> \<open>7 subgoals left\<close>
   90.71  apply(clarify, simp add:abbrev Graph6 Graph12)
   90.72  apply(erule conjE)+
   90.73  apply(erule disjE, erule disjI1, rule disjI2, rule allI, (rule impI)+, case_tac "R=i", rule conjI, erule sym)
   90.74 @@ -547,7 +547,7 @@
   90.75   apply (force simp add:BtoW_def)
   90.76  apply(erule Graph4)
   90.77     apply simp+
   90.78 -\<comment>\<open>6 subgoals left\<close>
   90.79 +\<comment> \<open>6 subgoals left\<close>
   90.80  apply(clarify, simp add:abbrev Graph6 Graph12)
   90.81  apply(erule conjE)+
   90.82  apply(rule conjI)
   90.83 @@ -562,9 +562,9 @@
   90.84      apply simp+
   90.85  apply(simp add:BtoW_def nth_list_update)
   90.86  apply force
   90.87 -\<comment>\<open>5 subgoals left\<close>
   90.88 +\<comment> \<open>5 subgoals left\<close>
   90.89  apply(clarify, simp add:abbrev Graph6 Graph12)
   90.90 -\<comment>\<open>4 subgoals left\<close>
   90.91 +\<comment> \<open>4 subgoals left\<close>
   90.92  apply(clarify, simp add:abbrev Graph6 Graph12)
   90.93  apply(rule conjI)
   90.94   apply(erule disjE, erule disjI1, rule disjI2, rule allI, (rule impI)+, case_tac "R=i", rule conjI, erule sym)
   90.95 @@ -588,9 +588,9 @@
   90.96    apply simp+
   90.97   apply(force simp add:BtoW_def)
   90.98  apply(force simp add:BtoW_def)
   90.99 -\<comment>\<open>3 subgoals left\<close>
  90.100 +\<comment> \<open>3 subgoals left\<close>
  90.101  apply(clarify, simp add:abbrev Graph6 Graph12)
  90.102 -\<comment>\<open>2 subgoals left\<close>
  90.103 +\<comment> \<open>2 subgoals left\<close>
  90.104  apply(clarify, simp add:abbrev Graph6 Graph12)
  90.105  apply(erule disjE, erule disjI1, rule disjI2, rule allI, (rule impI)+, case_tac "R=i", rule conjI, erule sym)
  90.106   apply clarify
  90.107 @@ -615,21 +615,21 @@
  90.108    "interfree_aux (Some Propagate_Black, {}, Some Color_Target)"
  90.109  apply (unfold modules )
  90.110  apply interfree_aux
  90.111 -\<comment>\<open>11 subgoals left\<close>
  90.112 +\<comment> \<open>11 subgoals left\<close>
  90.113  apply(clarify, simp add:abbrev Graph7 Graph8 Graph12)+
  90.114  apply(erule conjE)+
  90.115  apply(erule disjE,rule disjI1,erule psubset_subset_trans,erule Graph9,
  90.116        case_tac "M x!T=Black", rule disjI2,rotate_tac -1, simp add: Graph10, clarify,
  90.117        erule allE, erule impE, assumption, erule impE, assumption,
  90.118        simp add:BtoW_def, rule disjI1, erule subset_psubset_trans, erule Graph11, force)
  90.119 -\<comment>\<open>7 subgoals left\<close>
  90.120 +\<comment> \<open>7 subgoals left\<close>
  90.121  apply(clarify, simp add:abbrev Graph7 Graph8 Graph12)
  90.122  apply(erule conjE)+
  90.123  apply(erule disjE,rule disjI1,erule psubset_subset_trans,erule Graph9,
  90.124        case_tac "M x!T=Black", rule disjI2,rotate_tac -1, simp add: Graph10, clarify,
  90.125        erule allE, erule impE, assumption, erule impE, assumption,
  90.126        simp add:BtoW_def, rule disjI1, erule subset_psubset_trans, erule Graph11, force)
  90.127 -\<comment>\<open>6 subgoals left\<close>
  90.128 +\<comment> \<open>6 subgoals left\<close>
  90.129  apply(clarify, simp add:abbrev Graph7 Graph8 Graph12)
  90.130  apply clarify
  90.131  apply (rule conjI)
  90.132 @@ -638,9 +638,9 @@
  90.133        erule allE, erule impE, assumption, erule impE, assumption,
  90.134        simp add:BtoW_def, rule disjI1, erule subset_psubset_trans, erule Graph11, force)
  90.135  apply(simp add:nth_list_update)
  90.136 -\<comment>\<open>5 subgoals left\<close>
  90.137 +\<comment> \<open>5 subgoals left\<close>
  90.138  apply(clarify, simp add:abbrev Graph7 Graph8 Graph12)
  90.139 -\<comment>\<open>4 subgoals left\<close>
  90.140 +\<comment> \<open>4 subgoals left\<close>
  90.141  apply(clarify, simp add:abbrev Graph7 Graph8 Graph12)
  90.142  apply (rule conjI)
  90.143   apply(erule disjE,rule disjI1,erule psubset_subset_trans,erule Graph9,
  90.144 @@ -651,15 +651,15 @@
  90.145  apply(simp add:nth_list_update)
  90.146  apply(rule impI,rule impI, case_tac "M x!T=Black",rotate_tac -1, force simp add: BtoW_def Graph10,
  90.147        erule subset_psubset_trans, erule Graph11, force)
  90.148 -\<comment>\<open>3 subgoals left\<close>
  90.149 +\<comment> \<open>3 subgoals left\<close>
  90.150  apply(clarify, simp add:abbrev Graph7 Graph8 Graph12)
  90.151 -\<comment>\<open>2 subgoals left\<close>
  90.152 +\<comment> \<open>2 subgoals left\<close>
  90.153  apply(clarify, simp add:abbrev Graph7 Graph8 Graph12)
  90.154  apply(erule disjE,rule disjI1,erule psubset_subset_trans,erule Graph9,
  90.155        case_tac "M x!T=Black", rule disjI2,rotate_tac -1, simp add: Graph10, clarify,
  90.156        erule allE, erule impE, assumption, erule impE, assumption,
  90.157        simp add:BtoW_def, rule disjI1, erule subset_psubset_trans, erule Graph11, force)
  90.158 -\<comment>\<open>3 subgoals left\<close>
  90.159 +\<comment> \<open>3 subgoals left\<close>
  90.160  apply(simp add:abbrev)
  90.161  done
  90.162  
  90.163 @@ -674,9 +674,9 @@
  90.164    "interfree_aux (Some Count, {}, Some Redirect_Edge)"
  90.165  apply (unfold modules)
  90.166  apply interfree_aux
  90.167 -\<comment>\<open>9 subgoals left\<close>
  90.168 +\<comment> \<open>9 subgoals left\<close>
  90.169  apply(simp_all add:abbrev Graph6 Graph12)
  90.170 -\<comment>\<open>6 subgoals left\<close>
  90.171 +\<comment> \<open>6 subgoals left\<close>
  90.172  apply(clarify, simp add:abbrev Graph6 Graph12,
  90.173        erule disjE,erule disjI1,rule disjI2,rule subset_trans, erule Graph3,force,force)+
  90.174  done
  90.175 @@ -693,17 +693,17 @@
  90.176    "interfree_aux (Some Count, {}, Some Color_Target)"
  90.177  apply (unfold modules )
  90.178  apply interfree_aux
  90.179 -\<comment>\<open>9 subgoals left\<close>
  90.180 +\<comment> \<open>9 subgoals left\<close>
  90.181  apply(simp_all add:abbrev Graph7 Graph8 Graph12)
  90.182 -\<comment>\<open>6 subgoals left\<close>
  90.183 +\<comment> \<open>6 subgoals left\<close>
  90.184  apply(clarify,simp add:abbrev Graph7 Graph8 Graph12,
  90.185        erule disjE, erule disjI1, rule disjI2,erule subset_trans, erule Graph9)+
  90.186 -\<comment>\<open>2 subgoals left\<close>
  90.187 +\<comment> \<open>2 subgoals left\<close>
  90.188  apply(clarify, simp add:abbrev Graph7 Graph8 Graph12)
  90.189  apply(rule conjI)
  90.190   apply(erule disjE, erule disjI1, rule disjI2,erule subset_trans, erule Graph9)
  90.191  apply(simp add:nth_list_update)
  90.192 -\<comment>\<open>1 subgoal left\<close>
  90.193 +\<comment> \<open>1 subgoal left\<close>
  90.194  apply(clarify, simp add:abbrev Graph7 Graph8 Graph12,
  90.195        erule disjE, erule disjI1, rule disjI2,erule subset_trans, erule Graph9)
  90.196  done
  90.197 @@ -769,9 +769,9 @@
  90.198  apply(simp_all add:collector_mutator_interfree)
  90.199  apply(unfold modules collector_defs Mut_init_def)
  90.200  apply(tactic  \<open>TRYALL (interfree_aux_tac @{context})\<close>)
  90.201 -\<comment>\<open>32 subgoals left\<close>
  90.202 +\<comment> \<open>32 subgoals left\<close>
  90.203  apply(simp_all add:Graph6 Graph7 Graph8 Append_to_free0 Append_to_free1 Graph12)
  90.204 -\<comment>\<open>20 subgoals left\<close>
  90.205 +\<comment> \<open>20 subgoals left\<close>
  90.206  apply(tactic\<open>TRYALL (clarify_tac @{context})\<close>)
  90.207  apply(simp_all add:Graph6 Graph7 Graph8 Append_to_free0 Append_to_free1 Graph12)
  90.208  apply(tactic \<open>TRYALL (eresolve_tac @{context} [disjE])\<close>)
  90.209 @@ -800,10 +800,10 @@
  90.210  apply(simp_all add:collector_mutator_interfree)
  90.211  apply(unfold modules collector_defs Mut_init_def)
  90.212  apply(tactic  \<open>TRYALL (interfree_aux_tac @{context})\<close>)
  90.213 -\<comment>\<open>64 subgoals left\<close>
  90.214 +\<comment> \<open>64 subgoals left\<close>
  90.215  apply(simp_all add:nth_list_update Invariants Append_to_free0)+
  90.216  apply(tactic\<open>TRYALL (clarify_tac @{context})\<close>)
  90.217 -\<comment>\<open>4 subgoals left\<close>
  90.218 +\<comment> \<open>4 subgoals left\<close>
  90.219  apply force
  90.220  apply(simp add:Append_to_free2)
  90.221  apply force
    91.1 --- a/src/HOL/Hoare_Parallel/Graph.thy	Tue Jan 16 09:12:16 2018 +0100
    91.2 +++ b/src/HOL/Hoare_Parallel/Graph.thy	Tue Jan 16 09:30:00 2018 +0100
    91.3 @@ -191,12 +191,12 @@
    91.4  apply clarify
    91.5  apply simp
    91.6  apply(case_tac "\<exists>i<length path - 1. (fst(E!R),T)=(path!(Suc i),path!i)")
    91.7 -\<comment>\<open>the changed edge is part of the path\<close>
    91.8 +\<comment> \<open>the changed edge is part of the path\<close>
    91.9   apply(erule exE)
   91.10   apply(drule_tac P = "\<lambda>i. i<length path - 1 \<and> (fst(E!R),T)=(path!Suc i,path!i)" in Ex_first_occurrence)
   91.11   apply clarify
   91.12   apply(erule disjE)
   91.13 -\<comment>\<open>T is NOT a root\<close>
   91.14 +\<comment> \<open>T is NOT a root\<close>
   91.15    apply clarify
   91.16    apply(rule_tac x = "(take m path)@patha" in exI)
   91.17    apply(subgoal_tac "\<not>(length path\<le>m)")
   91.18 @@ -240,7 +240,7 @@
   91.19    apply(subgoal_tac "Suc (i - m)=(Suc i - m)" )
   91.20      prefer 2 apply arith
   91.21     apply simp
   91.22 -\<comment>\<open>T is a root\<close>
   91.23 +\<comment> \<open>T is a root\<close>
   91.24   apply(case_tac "m=0")
   91.25    apply force
   91.26   apply(rule_tac x = "take (Suc m) path" in exI)
   91.27 @@ -253,7 +253,7 @@
   91.28   apply(case_tac "R=j")
   91.29    apply(force simp add: nth_list_update)
   91.30   apply(force simp add: nth_list_update)
   91.31 -\<comment>\<open>the changed edge is not part of the path\<close>
   91.32 +\<comment> \<open>the changed edge is not part of the path\<close>
   91.33  apply(rule_tac x = "path" in exI)
   91.34  apply simp
   91.35  apply clarify
   91.36 @@ -276,7 +276,7 @@
   91.37  apply(erule disjE)
   91.38   prefer 2 apply force
   91.39  apply clarify
   91.40 -\<comment>\<open>there exist a black node in the path to T\<close>
   91.41 +\<comment> \<open>there exist a black node in the path to T\<close>
   91.42  apply(case_tac "\<exists>m<length path. M!(path!m)=Black")
   91.43   apply(erule exE)
   91.44   apply(drule_tac P = "\<lambda>m. m<length path \<and> M!(path!m)=Black" in Ex_first_occurrence)
   91.45 @@ -318,7 +318,7 @@
   91.46  apply(erule disjE)
   91.47   prefer 2 apply force
   91.48  apply clarify
   91.49 -\<comment>\<open>there exist a black node in the path to T\<close>
   91.50 +\<comment> \<open>there exist a black node in the path to T\<close>
   91.51  apply(case_tac "\<exists>m<length path. M!(path!m)=Black")
   91.52   apply(erule exE)
   91.53   apply(drule_tac P = "\<lambda>m. m<length path \<and> M!(path!m)=Black" in Ex_first_occurrence)
    92.1 --- a/src/HOL/Hoare_Parallel/Mul_Gar_Coll.thy	Tue Jan 16 09:12:16 2018 +0100
    92.2 +++ b/src/HOL/Hoare_Parallel/Mul_Gar_Coll.thy	Tue Jan 16 09:30:00 2018 +0100
    92.3 @@ -249,12 +249,12 @@
    92.4  apply(unfold Mul_Propagate_Black_def)
    92.5  apply annhoare
    92.6  apply(simp_all add:Mul_PBInv_def mul_collector_defs Mul_Auxk_def Graph6 Graph7 Graph8 Graph12 mul_collector_defs Queue_def)
    92.7 -\<comment>\<open>8 subgoals left\<close>
    92.8 +\<comment> \<open>8 subgoals left\<close>
    92.9  apply force
   92.10  apply force
   92.11  apply force
   92.12  apply(force simp add:BtoW_def Graph_defs)
   92.13 -\<comment>\<open>4 subgoals left\<close>
   92.14 +\<comment> \<open>4 subgoals left\<close>
   92.15  apply clarify
   92.16  apply(simp add: mul_collector_defs Graph12 Graph6 Graph7 Graph8)
   92.17  apply(disjE_tac)
   92.18 @@ -269,7 +269,7 @@
   92.19    apply(force)
   92.20   apply(force)
   92.21  apply(rule disjI2, rule disjI1, erule subset_psubset_trans, erule Graph11, force)
   92.22 -\<comment>\<open>2 subgoals left\<close>
   92.23 +\<comment> \<open>2 subgoals left\<close>
   92.24  apply clarify
   92.25  apply(conjI_tac)
   92.26  apply(disjE_tac)
   92.27 @@ -278,7 +278,7 @@
   92.28  apply(erule less_SucE)
   92.29   apply force
   92.30  apply (simp add:BtoW_def)
   92.31 -\<comment>\<open>1 subgoal left\<close>
   92.32 +\<comment> \<open>1 subgoal left\<close>
   92.33  apply clarify
   92.34  apply simp
   92.35  apply(disjE_tac)
   92.36 @@ -342,11 +342,11 @@
   92.37  apply (unfold Mul_Count_def)
   92.38  apply annhoare
   92.39  apply(simp_all add:Mul_CountInv_def mul_collector_defs Mul_Auxk_def Graph6 Graph7 Graph8 Graph12 mul_collector_defs Queue_def)
   92.40 -\<comment>\<open>7 subgoals left\<close>
   92.41 +\<comment> \<open>7 subgoals left\<close>
   92.42  apply force
   92.43  apply force
   92.44  apply force
   92.45 -\<comment>\<open>4 subgoals left\<close>
   92.46 +\<comment> \<open>4 subgoals left\<close>
   92.47  apply clarify
   92.48  apply(conjI_tac)
   92.49  apply(disjE_tac)
   92.50 @@ -357,7 +357,7 @@
   92.51   back
   92.52   apply force
   92.53  apply force
   92.54 -\<comment>\<open>3 subgoals left\<close>
   92.55 +\<comment> \<open>3 subgoals left\<close>
   92.56  apply clarify
   92.57  apply(conjI_tac)
   92.58  apply(disjE_tac)
   92.59 @@ -369,9 +369,9 @@
   92.60  apply simp
   92.61  apply(rotate_tac -1)
   92.62  apply (force simp add:Blacks_def)
   92.63 -\<comment>\<open>2 subgoals left\<close>
   92.64 +\<comment> \<open>2 subgoals left\<close>
   92.65  apply force
   92.66 -\<comment>\<open>1 subgoal left\<close>
   92.67 +\<comment> \<open>1 subgoal left\<close>
   92.68  apply clarify
   92.69  apply(drule_tac x = "ind x" in le_imp_less_or_eq)
   92.70  apply (simp_all add:Blacks_def)
   92.71 @@ -566,7 +566,7 @@
   92.72  apply (unfold mul_modules)
   92.73  apply interfree_aux
   92.74  apply(simp_all add:mul_mutator_defs mul_collector_defs Mul_PBInv_def nth_list_update Graph6)
   92.75 -\<comment>\<open>7 subgoals left\<close>
   92.76 +\<comment> \<open>7 subgoals left\<close>
   92.77  apply clarify
   92.78  apply(disjE_tac)
   92.79    apply(simp_all add:Graph6)
   92.80 @@ -574,7 +574,7 @@
   92.81  apply(rule conjI)
   92.82   apply(rule impI,rule disjI2,rule disjI1,erule le_trans,force simp add:Queue_def less_Suc_eq_le le_length_filter_update)
   92.83  apply(rule impI,rule disjI2,rule disjI1,erule le_trans,force simp add:Queue_def less_Suc_eq_le le_length_filter_update)
   92.84 -\<comment>\<open>6 subgoals left\<close>
   92.85 +\<comment> \<open>6 subgoals left\<close>
   92.86  apply clarify
   92.87  apply(disjE_tac)
   92.88    apply(simp_all add:Graph6)
   92.89 @@ -582,7 +582,7 @@
   92.90  apply(rule conjI)
   92.91   apply(rule impI,rule disjI2,rule disjI1,erule le_trans,force simp add:Queue_def less_Suc_eq_le le_length_filter_update)
   92.92  apply(rule impI,rule disjI2,rule disjI1,erule le_trans,force simp add:Queue_def less_Suc_eq_le le_length_filter_update)
   92.93 -\<comment>\<open>5 subgoals left\<close>
   92.94 +\<comment> \<open>5 subgoals left\<close>
   92.95  apply clarify
   92.96  apply(disjE_tac)
   92.97    apply(simp_all add:Graph6)
   92.98 @@ -606,7 +606,7 @@
   92.99   apply(force simp add:Queue_def less_Suc_eq_le less_length_filter_update)
  92.100  apply(rule impI,rule disjI2,rule disjI2,rule disjI1, erule le_less_trans)
  92.101  apply(force simp add:Queue_def less_Suc_eq_le less_length_filter_update)
  92.102 -\<comment>\<open>4 subgoals left\<close>
  92.103 +\<comment> \<open>4 subgoals left\<close>
  92.104  apply clarify
  92.105  apply(disjE_tac)
  92.106    apply(simp_all add:Graph6)
  92.107 @@ -630,7 +630,7 @@
  92.108   apply(force simp add:Queue_def less_Suc_eq_le less_length_filter_update)
  92.109  apply(rule impI,rule disjI2,rule disjI2,rule disjI1, erule le_less_trans)
  92.110  apply(force simp add:Queue_def less_Suc_eq_le less_length_filter_update)
  92.111 -\<comment>\<open>3 subgoals left\<close>
  92.112 +\<comment> \<open>3 subgoals left\<close>
  92.113  apply clarify
  92.114  apply(disjE_tac)
  92.115    apply(simp_all add:Graph6)
  92.116 @@ -686,7 +686,7 @@
  92.117   apply (force simp add: nth_list_update)
  92.118  apply(rule impI, (rule disjI2)+, erule le_trans)
  92.119  apply(force simp add:Queue_def less_Suc_eq_le le_length_filter_update)
  92.120 -\<comment>\<open>2 subgoals left\<close>
  92.121 +\<comment> \<open>2 subgoals left\<close>
  92.122  apply clarify
  92.123  apply(rule conjI)
  92.124   apply(disjE_tac)
  92.125 @@ -756,7 +756,7 @@
  92.126   apply(rule disjI1, erule less_le_trans)
  92.127   apply(force simp add:Queue_def less_Suc_eq_le le_length_filter_update)
  92.128  apply force
  92.129 -\<comment>\<open>1 subgoal left\<close>
  92.130 +\<comment> \<open>1 subgoal left\<close>
  92.131  apply clarify
  92.132  apply(disjE_tac)
  92.133    apply(simp_all add:Graph6)
  92.134 @@ -795,7 +795,7 @@
  92.135  apply (unfold mul_modules)
  92.136  apply interfree_aux
  92.137  apply(simp_all add: mul_collector_defs mul_mutator_defs)
  92.138 -\<comment>\<open>7 subgoals left\<close>
  92.139 +\<comment> \<open>7 subgoals left\<close>
  92.140  apply clarify
  92.141  apply (simp add:Graph7 Graph8 Graph12)
  92.142  apply(disjE_tac)
  92.143 @@ -805,7 +805,7 @@
  92.144    apply(force simp add:Queue_def less_Suc_eq_le le_length_filter_update Graph10)
  92.145   apply((rule disjI2)+,erule subset_psubset_trans, erule Graph11, simp)
  92.146  apply((rule disjI2)+,erule psubset_subset_trans, simp add: Graph9)
  92.147 -\<comment>\<open>6 subgoals left\<close>
  92.148 +\<comment> \<open>6 subgoals left\<close>
  92.149  apply clarify
  92.150  apply (simp add:Graph7 Graph8 Graph12)
  92.151  apply(disjE_tac)
  92.152 @@ -815,7 +815,7 @@
  92.153    apply(force simp add:Queue_def less_Suc_eq_le le_length_filter_update Graph10)
  92.154   apply((rule disjI2)+,erule subset_psubset_trans, erule Graph11, simp)
  92.155  apply((rule disjI2)+,erule psubset_subset_trans, simp add: Graph9)
  92.156 -\<comment>\<open>5 subgoals left\<close>
  92.157 +\<comment> \<open>5 subgoals left\<close>
  92.158  apply clarify
  92.159  apply (simp add:mul_collector_defs Mul_PBInv_def Graph7 Graph8 Graph12)
  92.160  apply(disjE_tac)
  92.161 @@ -833,7 +833,7 @@
  92.162   apply(erule le_trans)
  92.163   apply(force simp add:Queue_def less_Suc_eq_le le_length_filter_update Graph10)
  92.164  apply(rule disjI2,rule disjI1,erule subset_psubset_trans, erule Graph11, simp)
  92.165 -\<comment>\<open>4 subgoals left\<close>
  92.166 +\<comment> \<open>4 subgoals left\<close>
  92.167  apply clarify
  92.168  apply (simp add:mul_collector_defs Mul_PBInv_def Graph7 Graph8 Graph12)
  92.169  apply(disjE_tac)
  92.170 @@ -851,7 +851,7 @@
  92.171   apply(erule le_trans)
  92.172   apply(force simp add:Queue_def less_Suc_eq_le le_length_filter_update Graph10)
  92.173  apply(rule disjI2,rule disjI1,erule subset_psubset_trans, erule Graph11, simp)
  92.174 -\<comment>\<open>3 subgoals left\<close>
  92.175 +\<comment> \<open>3 subgoals left\<close>
  92.176  apply clarify
  92.177  apply (simp add:mul_collector_defs Mul_PBInv_def Graph7 Graph8 Graph12)
  92.178  apply(case_tac "M x!(T (Muts x!j))=Black")
  92.179 @@ -866,7 +866,7 @@
  92.180  apply(rule conjI)
  92.181   apply(rule disjI2,rule disjI1, erule subset_psubset_trans,simp add:Graph11)
  92.182  apply (force simp add:nth_list_update)
  92.183 -\<comment>\<open>2 subgoals left\<close>
  92.184 +\<comment> \<open>2 subgoals left\<close>
  92.185  apply clarify
  92.186  apply(simp add:Mul_Auxk_def Graph7 Graph8 Graph12)
  92.187  apply(case_tac "M x!(T (Muts x!j))=Black")
  92.188 @@ -887,7 +887,7 @@
  92.189  apply(rule conjI)
  92.190   apply(rule disjI2,rule disjI1, erule subset_psubset_trans,simp add:Graph11)
  92.191  apply (force simp add:nth_list_update)
  92.192 -\<comment>\<open>1 subgoal left\<close>
  92.193 +\<comment> \<open>1 subgoal left\<close>
  92.194  apply clarify
  92.195  apply (simp add:mul_collector_defs Mul_PBInv_def Graph7 Graph8 Graph12)
  92.196  apply(case_tac "M x!(T (Muts x!j))=Black")
  92.197 @@ -914,7 +914,7 @@
  92.198    interfree_aux (Some(Mul_Count n ),{},Some(Mul_Redirect_Edge j n))"
  92.199  apply (unfold mul_modules)
  92.200  apply interfree_aux
  92.201 -\<comment>\<open>9 subgoals left\<close>
  92.202 +\<comment> \<open>9 subgoals left\<close>
  92.203  apply(simp add:mul_mutator_defs mul_collector_defs Mul_CountInv_def Graph6)
  92.204  apply clarify
  92.205  apply disjE_tac
  92.206 @@ -928,9 +928,9 @@
  92.207    apply(rule impI,rule disjI2,rule disjI2,rule disjI1,erule le_trans,force simp add:Queue_def less_Suc_eq_le le_length_filter_update)
  92.208   apply(rule impI,rule disjI2,rule disjI2,rule disjI1,erule le_trans,force simp add:Queue_def less_Suc_eq_le le_length_filter_update)
  92.209  apply(simp add:Graph6)
  92.210 -\<comment>\<open>8 subgoals left\<close>
  92.211 +\<comment> \<open>8 subgoals left\<close>
  92.212  apply(simp add:mul_mutator_defs nth_list_update)
  92.213 -\<comment>\<open>7 subgoals left\<close>
  92.214 +\<comment> \<open>7 subgoals left\<close>
  92.215  apply(simp add:mul_mutator_defs mul_collector_defs)
  92.216  apply clarify
  92.217  apply disjE_tac
  92.218 @@ -944,7 +944,7 @@
  92.219    apply(rule impI,rule disjI2,rule disjI2,rule disjI1,erule le_trans,force simp add:Queue_def less_Suc_eq_le le_length_filter_update)
  92.220   apply(rule impI,rule disjI2,rule disjI2,rule disjI1,erule le_trans,force simp add:Queue_def less_Suc_eq_le le_length_filter_update)
  92.221  apply(simp add:Graph6)
  92.222 -\<comment>\<open>6 subgoals left\<close>
  92.223 +\<comment> \<open>6 subgoals left\<close>
  92.224  apply(simp add:mul_mutator_defs mul_collector_defs Mul_CountInv_def)
  92.225  apply clarify
  92.226  apply disjE_tac
  92.227 @@ -958,7 +958,7 @@
  92.228    apply(rule impI,rule disjI2,rule disjI2,rule disjI1,erule le_trans,force simp add:Queue_def less_Suc_eq_le le_length_filter_update)
  92.229   apply(rule impI,rule disjI2,rule disjI2,rule disjI1,erule le_trans,force simp add:Queue_def less_Suc_eq_le le_length_filter_update)
  92.230  apply(simp add:Graph6)
  92.231 -\<comment>\<open>5 subgoals left\<close>
  92.232 +\<comment> \<open>5 subgoals left\<close>
  92.233  apply(simp add:mul_mutator_defs mul_collector_defs Mul_CountInv_def)
  92.234  apply clarify
  92.235  apply disjE_tac
  92.236 @@ -972,7 +972,7 @@
  92.237    apply(rule impI,rule disjI2,rule disjI2,rule disjI1,erule le_trans,force simp add:Queue_def less_Suc_eq_le le_length_filter_update)
  92.238   apply(rule impI,rule disjI2,rule disjI2,rule disjI1,erule le_trans,force simp add:Queue_def less_Suc_eq_le le_length_filter_update)
  92.239  apply(simp add:Graph6)
  92.240 -\<comment>\<open>4 subgoals left\<close>
  92.241 +\<comment> \<open>4 subgoals left\<close>
  92.242  apply(simp add:mul_mutator_defs mul_collector_defs Mul_CountInv_def)
  92.243  apply clarify
  92.244  apply disjE_tac
  92.245 @@ -986,9 +986,9 @@
  92.246    apply(rule impI,rule disjI2,rule disjI2,rule disjI1,erule le_trans,force simp add:Queue_def less_Suc_eq_le le_length_filter_update)
  92.247   apply(rule impI,rule disjI2,rule disjI2,rule disjI1,erule le_trans,force simp add:Queue_def less_Suc_eq_le le_length_filter_update)
  92.248  apply(simp add:Graph6)
  92.249 -\<comment>\<open>3 subgoals left\<close>
  92.250 +\<comment> \<open>3 subgoals left\<close>
  92.251  apply(simp add:mul_mutator_defs nth_list_update)
  92.252 -\<comment>\<open>2 subgoals left\<close>
  92.253 +\<comment> \<open>2 subgoals left\<close>
  92.254  apply(simp add:mul_mutator_defs mul_collector_defs Mul_CountInv_def)
  92.255  apply clarify
  92.256  apply disjE_tac
  92.257 @@ -1002,7 +1002,7 @@
  92.258    apply(rule impI,rule disjI2,rule disjI2,rule disjI1,erule le_trans,force simp add:Queue_def less_Suc_eq_le le_length_filter_update)
  92.259   apply(rule impI,rule disjI2,rule disjI2,rule disjI1,erule le_trans,force simp add:Queue_def less_Suc_eq_le le_length_filter_update)
  92.260  apply(simp add:Graph6)
  92.261 -\<comment>\<open>1 subgoal left\<close>
  92.262 +\<comment> \<open>1 subgoal left\<close>
  92.263  apply(simp add:mul_mutator_defs nth_list_update)
  92.264  done
  92.265  
  92.266 @@ -1019,7 +1019,7 @@
  92.267  apply (unfold mul_modules)
  92.268  apply interfree_aux
  92.269  apply(simp_all add:mul_collector_defs mul_mutator_defs Mul_CountInv_def)
  92.270 -\<comment>\<open>6 subgoals left\<close>
  92.271 +\<comment> \<open>6 subgoals left\<close>
  92.272  apply clarify
  92.273  apply disjE_tac
  92.274    apply (simp add: Graph7 Graph8 Graph12)
  92.275 @@ -1033,7 +1033,7 @@
  92.276   apply((rule disjI2)+,(erule subset_psubset_trans)+, simp add: Graph11)
  92.277  apply (simp add: Graph7 Graph8 Graph12)
  92.278  apply((rule disjI2)+,erule psubset_subset_trans, simp add: Graph9)
  92.279 -\<comment>\<open>5 subgoals left\<close>
  92.280 +\<comment> \<open>5 subgoals left\<close>
  92.281  apply clarify
  92.282  apply disjE_tac
  92.283    apply (simp add: Graph7 Graph8 Graph12)
  92.284 @@ -1047,7 +1047,7 @@
  92.285   apply((rule disjI2)+,(erule subset_psubset_trans)+, simp add: Graph11)
  92.286  apply (simp add: Graph7 Graph8 Graph12)
  92.287  apply((rule disjI2)+,erule psubset_subset_trans, simp add: Graph9)
  92.288 -\<comment>\<open>4 subgoals left\<close>
  92.289 +\<comment> \<open>4 subgoals left\<close>
  92.290  apply clarify
  92.291  apply disjE_tac
  92.292    apply (simp add: Graph7 Graph8 Graph12)
  92.293 @@ -1061,7 +1061,7 @@
  92.294   apply((rule disjI2)+,(erule subset_psubset_trans)+, simp add: Graph11)
  92.295  apply (simp add: Graph7 Graph8 Graph12)
  92.296  apply((rule disjI2)+,erule psubset_subset_trans, simp add: Graph9)
  92.297 -\<comment>\<open>3 subgoals left\<close>
  92.298 +\<comment> \<open>3 subgoals left\<close>
  92.299  apply clarify
  92.300  apply disjE_tac
  92.301    apply (simp add: Graph7 Graph8 Graph12)
  92.302 @@ -1075,7 +1075,7 @@
  92.303   apply((rule disjI2)+,(erule subset_psubset_trans)+, simp add: Graph11)
  92.304  apply (simp add: Graph7 Graph8 Graph12)
  92.305  apply((rule disjI2)+,erule psubset_subset_trans, simp add: Graph9)
  92.306 -\<comment>\<open>2 subgoals left\<close>
  92.307 +\<comment> \<open>2 subgoals left\<close>
  92.308  apply clarify
  92.309  apply disjE_tac
  92.310    apply (simp add: Graph7 Graph8 Graph12 nth_list_update)
  92.311 @@ -1093,7 +1093,7 @@
  92.312  apply(rule conjI)
  92.313   apply((rule disjI2)+,erule psubset_subset_trans, simp add: Graph9)
  92.314  apply (simp add: nth_list_update)
  92.315 -\<comment>\<open>1 subgoal left\<close>
  92.316 +\<comment> \<open>1 subgoal left\<close>
  92.317  apply clarify
  92.318  apply disjE_tac
  92.319    apply (simp add: Graph7 Graph8 Graph12)
  92.320 @@ -1171,11 +1171,11 @@
  92.321  apply(simp_all add:mul_collector_mutator_interfree)
  92.322  apply(unfold mul_modules mul_collector_defs mul_mutator_defs)
  92.323  apply(tactic  \<open>TRYALL (interfree_aux_tac @{context})\<close>)
  92.324 -\<comment>\<open>42 subgoals left\<close>
  92.325 +\<comment> \<open>42 subgoals left\<close>
  92.326  apply (clarify,simp add:Graph6 Graph7 Graph8 Append_to_free0 Append_to_free1 Graph12)+
  92.327 -\<comment>\<open>24 subgoals left\<close>
  92.328 +\<comment> \<open>24 subgoals left\<close>
  92.329  apply(simp_all add:Graph6 Graph7 Graph8 Append_to_free0 Append_to_free1 Graph12)
  92.330 -\<comment>\<open>14 subgoals left\<close>
  92.331 +\<comment> \<open>14 subgoals left\<close>
  92.332  apply(tactic \<open>TRYALL (clarify_tac @{context})\<close>)
  92.333  apply(simp_all add:Graph6 Graph7 Graph8 Append_to_free0 Append_to_free1 Graph12)
  92.334  apply(tactic \<open>TRYALL (resolve_tac @{context} [conjI])\<close>)
  92.335 @@ -1184,57 +1184,57 @@
  92.336  apply(tactic \<open>TRYALL (eresolve_tac @{context} [conjE])\<close>)
  92.337  apply(tactic \<open>TRYALL (eresolve_tac @{context} [disjE])\<close>)
  92.338  apply(tactic \<open>TRYALL (eresolve_tac @{context} [disjE])\<close>)
  92.339 -\<comment>\<open>72 subgoals left\<close>
  92.340 +\<comment> \<open>72 subgoals left\<close>
  92.341  apply(simp_all add:Graph6 Graph7 Graph8 Append_to_free0 Append_to_free1 Graph12)
  92.342 -\<comment>\<open>35 subgoals left\<close>
  92.343 +\<comment> \<open>35 subgoals left\<close>
  92.344  apply(tactic \<open>TRYALL(EVERY'[resolve_tac @{context} [disjI1],
  92.345      resolve_tac @{context} [subset_trans],
  92.346      eresolve_tac @{context} @{thms Graph3},
  92.347      force_tac @{context},
  92.348      assume_tac @{context}])\<close>)
  92.349 -\<comment>\<open>28 subgoals left\<close>
  92.350 +\<comment> \<open>28 subgoals left\<close>
  92.351  apply(tactic \<open>TRYALL (eresolve_tac @{context} [conjE])\<close>)
  92.352  apply(tactic \<open>TRYALL (eresolve_tac @{context} [disjE])\<close>)
  92.353 -\<comment>\<open>34 subgoals left\<close>
  92.354 +\<comment> \<open>34 subgoals left\<close>
  92.355  apply(rule disjI2,rule disjI1,erule le_trans,force simp add:Queue_def less_Suc_eq_le le_length_filter_update)
  92.356  apply(rule disjI2,rule disjI1,erule le_trans,force simp add:Queue_def less_Suc_eq_le le_length_filter_update)
  92.357  apply(case_tac [!] "M x!(T (Muts x ! j))=Black")
  92.358  apply(simp_all add:Graph10)
  92.359 -\<comment>\<open>47 subgoals left\<close>
  92.360 +\<comment> \<open>47 subgoals left\<close>
  92.361  apply(tactic \<open>TRYALL(EVERY'[REPEAT o resolve_tac @{context} [disjI2],
  92.362      eresolve_tac @{context} @{thms subset_psubset_trans},
  92.363      eresolve_tac @{context} @{thms Graph11},
  92.364      force_tac @{context}])\<close>)
  92.365 -\<comment>\<open>41 subgoals left\<close>
  92.366 +\<comment> \<open>41 subgoals left\<close>
  92.367  apply(tactic \<open>TRYALL(EVERY'[resolve_tac @{context} [disjI2],
  92.368      resolve_tac @{context} [disjI1],
  92.369      eresolve_tac @{context} @{thms le_trans},
  92.370      force_tac (@{context} addsimps @{thms Queue_def less_Suc_eq_le le_length_filter_update})])\<close>)
  92.371 -\<comment>\<open>35 subgoals left\<close>
  92.372 +\<comment> \<open>35 subgoals left\<close>
  92.373  apply(tactic \<open>TRYALL(EVERY'[resolve_tac @{context} [disjI2],
  92.374      resolve_tac @{context} [disjI1],
  92.375      eresolve_tac @{context} @{thms psubset_subset_trans},
  92.376      resolve_tac @{context} @{thms Graph9},
  92.377      force_tac @{context}])\<close>)
  92.378 -\<comment>\<open>31 subgoals left\<close>
  92.379 +\<comment> \<open>31 subgoals left\<close>
  92.380  apply(tactic \<open>TRYALL(EVERY'[resolve_tac @{context} [disjI2],
  92.381      resolve_tac @{context} [disjI1],
  92.382      eresolve_tac @{context} @{thms subset_psubset_trans},
  92.383      eresolve_tac @{context} @{thms Graph11},
  92.384      force_tac @{context}])\<close>)
  92.385 -\<comment>\<open>29 subgoals left\<close>
  92.386 +\<comment> \<open>29 subgoals left\<close>
  92.387  apply(tactic \<open>TRYALL(EVERY'[REPEAT o resolve_tac @{context} [disjI2],
  92.388      eresolve_tac @{context} @{thms subset_psubset_trans},
  92.389      eresolve_tac @{context} @{thms subset_psubset_trans},
  92.390      eresolve_tac @{context} @{thms Graph11},
  92.391      force_tac @{context}])\<close>)
  92.392 -\<comment>\<open>25 subgoals left\<close>
  92.393 +\<comment> \<open>25 subgoals left\<close>
  92.394  apply(tactic \<open>TRYALL(EVERY'[resolve_tac @{context} [disjI2],
  92.395      resolve_tac @{context} [disjI2],
  92.396      resolve_tac @{context} [disjI1],
  92.397      eresolve_tac @{context} @{thms le_trans},
  92.398      force_tac (@{context} addsimps @{thms Queue_def less_Suc_eq_le le_length_filter_update})])\<close>)
  92.399 -\<comment>\<open>10 subgoals left\<close>
  92.400 +\<comment> \<open>10 subgoals left\<close>
  92.401  apply(rule disjI2,rule disjI2,rule conjI,erule less_le_trans,force simp add:Queue_def less_Suc_eq_le le_length_filter_update, rule disjI1, rule less_imp_le, erule less_le_trans, force simp add:Queue_def less_Suc_eq_le le_length_filter_update)+
  92.402  done
  92.403  
  92.404 @@ -1247,9 +1247,9 @@
  92.405  apply(simp_all add:mul_collector_mutator_interfree)
  92.406  apply(unfold mul_modules mul_collector_defs mul_mutator_defs)
  92.407  apply(tactic  \<open>TRYALL (interfree_aux_tac @{context})\<close>)
  92.408 -\<comment>\<open>76 subgoals left\<close>
  92.409 +\<comment> \<open>76 subgoals left\<close>
  92.410  apply (clarsimp simp add: nth_list_update)+
  92.411 -\<comment>\<open>56 subgoals left\<close>
  92.412 +\<comment> \<open>56 subgoals left\<close>
  92.413  apply (clarsimp simp add: Mul_AppendInv_def Append_to_free0 nth_list_update)+
  92.414  done
  92.415  
  92.416 @@ -1269,7 +1269,7 @@
  92.417   COEND
  92.418   \<lbrace>False\<rbrace>"
  92.419  apply oghoare
  92.420 -\<comment>\<open>Strengthening the precondition\<close>
  92.421 +\<comment> \<open>Strengthening the precondition\<close>
  92.422  apply(rule Int_greatest)
  92.423   apply (case_tac n)
  92.424    apply(force simp add: Mul_Collector_def mul_mutator_defs mul_collector_defs nth_append)
  92.425 @@ -1279,15 +1279,15 @@
  92.426  apply(case_tac i)
  92.427   apply(simp add:Mul_Collector_def mul_mutator_defs mul_collector_defs nth_append)
  92.428  apply(simp add: Mul_Mutator_def mul_mutator_defs mul_collector_defs nth_append nth_map_upt)
  92.429 -\<comment>\<open>Collector\<close>
  92.430 +\<comment> \<open>Collector\<close>
  92.431  apply(rule Mul_Collector)
  92.432 -\<comment>\<open>Mutator\<close>
  92.433 +\<comment> \<open>Mutator\<close>
  92.434  apply(erule Mul_Mutator)
  92.435 -\<comment>\<open>Interference freedom\<close>
  92.436 +\<comment> \<open>Interference freedom\<close>
  92.437  apply(simp add:Mul_interfree_Collector_Mutator)
  92.438  apply(simp add:Mul_interfree_Mutator_Collector)
  92.439  apply(simp add:Mul_interfree_Mutator_Mutator)
  92.440 -\<comment>\<open>Weakening of the postcondition\<close>
  92.441 +\<comment> \<open>Weakening of the postcondition\<close>
  92.442  apply(case_tac n)
  92.443   apply(simp add:Mul_Collector_def mul_mutator_defs mul_collector_defs nth_append)
  92.444  apply(simp add:Mul_Mutator_def mul_mutator_defs mul_collector_defs nth_append)
    93.1 --- a/src/HOL/Hoare_Parallel/OG_Examples.thy	Tue Jan 16 09:12:16 2018 +0100
    93.2 +++ b/src/HOL/Hoare_Parallel/OG_Examples.thy	Tue Jan 16 09:30:00 2018 +0100
    93.3 @@ -41,7 +41,7 @@
    93.4    COEND
    93.5    \<lbrace>\<acute>pr1=0 \<and> \<not>\<acute>in1 \<and> \<acute>pr2=0 \<and> \<not>\<acute>in2\<rbrace>"
    93.6  apply oghoare
    93.7 -\<comment>\<open>104 verification conditions.\<close>
    93.8 +\<comment> \<open>104 verification conditions.\<close>
    93.9  apply auto
   93.10  done
   93.11  
   93.12 @@ -89,7 +89,7 @@
   93.13    COEND
   93.14    \<lbrace>False\<rbrace>"
   93.15  apply oghoare
   93.16 -\<comment>\<open>122 vc\<close>
   93.17 +\<comment> \<open>122 vc\<close>
   93.18  apply auto
   93.19  done
   93.20  
   93.21 @@ -116,7 +116,7 @@
   93.22    COEND
   93.23    \<lbrace>False\<rbrace>"
   93.24  apply oghoare
   93.25 -\<comment>\<open>38 vc\<close>
   93.26 +\<comment> \<open>38 vc\<close>
   93.27  apply auto
   93.28  done
   93.29  
   93.30 @@ -135,7 +135,7 @@
   93.31   COEND
   93.32    \<lbrace>False\<rbrace>"
   93.33  apply oghoare
   93.34 -\<comment>\<open>20 vc\<close>
   93.35 +\<comment> \<open>20 vc\<close>
   93.36  apply auto
   93.37  done
   93.38  
   93.39 @@ -167,40 +167,40 @@
   93.40   COEND
   93.41    \<lbrace>False\<rbrace>"
   93.42  apply oghoare
   93.43 -\<comment>\<open>35 vc\<close>
   93.44 +\<comment> \<open>35 vc\<close>
   93.45  apply simp_all
   93.46 -\<comment>\<open>16 vc\<close>
   93.47 +\<comment> \<open>16 vc\<close>
   93.48  apply(tactic \<open>ALLGOALS (clarify_tac @{context})\<close>)
   93.49 -\<comment>\<open>11 vc\<close>
   93.50 +\<comment> \<open>11 vc\<close>
   93.51  apply simp_all
   93.52  apply(tactic \<open>ALLGOALS (clarify_tac @{context})\<close>)
   93.53 -\<comment>\<open>10 subgoals left\<close>
   93.54 +\<comment> \<open>10 subgoals left\<close>
   93.55  apply(erule less_SucE)
   93.56   apply simp
   93.57  apply simp
   93.58 -\<comment>\<open>9 subgoals left\<close>
   93.59 +\<comment> \<open>9 subgoals left\<close>
   93.60  apply(case_tac "i=k")
   93.61   apply force
   93.62  apply simp
   93.63  apply(case_tac "i=l")
   93.64   apply force
   93.65  apply force
   93.66 -\<comment>\<open>8 subgoals left\<close>
   93.67 +\<comment> \<open>8 subgoals left\<close>
   93.68  prefer 8
   93.69  apply force
   93.70  apply force
   93.71 -\<comment>\<open>6 subgoals left\<close>
   93.72 +\<comment> \<open>6 subgoals left\<close>
   93.73  prefer 6
   93.74  apply(erule_tac x=j in allE)
   93.75  apply fastforce
   93.76 -\<comment>\<open>5 subgoals left\<close>
   93.77 +\<comment> \<open>5 subgoals left\<close>
   93.78  prefer 5
   93.79  apply(case_tac [!] "j=k")
   93.80 -\<comment>\<open>10 subgoals left\<close>
   93.81 +\<comment> \<open>10 subgoals left\<close>
   93.82  apply simp_all
   93.83  apply(erule_tac x=k in allE)
   93.84  apply force
   93.85 -\<comment>\<open>9 subgoals left\<close>
   93.86 +\<comment> \<open>9 subgoals left\<close>
   93.87  apply(case_tac "j=l")
   93.88   apply simp
   93.89   apply(erule_tac x=k in allE)
   93.90 @@ -211,7 +211,7 @@
   93.91  apply(erule_tac x=k in allE)
   93.92  apply(erule_tac x=l in allE)
   93.93  apply force
   93.94 -\<comment>\<open>8 subgoals left\<close>
   93.95 +\<comment> \<open>8 subgoals left\<close>
   93.96  apply force
   93.97  apply(case_tac "j=l")
   93.98   apply simp
   93.99 @@ -220,21 +220,21 @@
  93.100  apply force
  93.101  apply force
  93.102  apply force
  93.103 -\<comment>\<open>5 subgoals left\<close>
  93.104 +\<comment> \<open>5 subgoals left\<close>
  93.105  apply(erule_tac x=k in allE)
  93.106  apply(erule_tac x=l in allE)
  93.107  apply(case_tac "j=l")
  93.108   apply force
  93.109  apply force
  93.110  apply force
  93.111 -\<comment>\<open>3 subgoals left\<close>
  93.112 +\<comment> \<open>3 subgoals left\<close>
  93.113  apply(erule_tac x=k in allE)
  93.114  apply(erule_tac x=l in allE)
  93.115  apply(case_tac "j=l")
  93.116   apply force
  93.117  apply force
  93.118  apply force
  93.119 -\<comment>\<open>1 subgoals left\<close>
  93.120 +\<comment> \<open>1 subgoals left\<close>
  93.121  apply(erule_tac x=k in allE)
  93.122  apply(erule_tac x=l in allE)
  93.123  apply(case_tac "j=l")
  93.124 @@ -294,9 +294,9 @@
  93.125    COEND
  93.126    \<lbrace>f(\<acute>x)=0 \<or> f(\<acute>y)=0\<rbrace>"
  93.127  apply oghoare
  93.128 -\<comment>\<open>98 verification conditions\<close>
  93.129 +\<comment> \<open>98 verification conditions\<close>
  93.130  apply auto
  93.131 -\<comment>\<open>auto takes about 3 minutes !!\<close>
  93.132 +\<comment> \<open>auto takes about 3 minutes !!\<close>
  93.133  done
  93.134  
  93.135  text \<open>Easier Version: without AWAIT.  Apt and Olderog. page 256:\<close>
  93.136 @@ -327,9 +327,9 @@
  93.137    COEND
  93.138    \<lbrace>f(\<acute>x)=0 \<or> f(\<acute>y)=0\<rbrace>"
  93.139  apply oghoare
  93.140 -\<comment>\<open>20 vc\<close>
  93.141 +\<comment> \<open>20 vc\<close>
  93.142  apply auto
  93.143 -\<comment>\<open>auto takes aprox. 2 minutes.\<close>
  93.144 +\<comment> \<open>auto takes aprox. 2 minutes.\<close>
  93.145  done
  93.146  
  93.147  subsection \<open>Producer/Consumer\<close>
  93.148 @@ -429,19 +429,19 @@
  93.149   COEND
  93.150   \<lbrace> \<forall>k<length a. (a ! k)=(\<acute>b ! k)\<rbrace>"
  93.151  apply oghoare
  93.152 -\<comment>\<open>138 vc\<close>
  93.153 +\<comment> \<open>138 vc\<close>
  93.154  apply(tactic \<open>ALLGOALS (clarify_tac @{context})\<close>)
  93.155 -\<comment>\<open>112 subgoals left\<close>
  93.156 +\<comment> \<open>112 subgoals left\<close>
  93.157  apply(simp_all (no_asm))
  93.158 -\<comment>\<open>43 subgoals left\<close>
  93.159 +\<comment> \<open>43 subgoals left\<close>
  93.160  apply(tactic \<open>ALLGOALS (conjI_Tac @{context} (K all_tac))\<close>)
  93.161 -\<comment>\<open>419 subgoals left\<close>
  93.162 +\<comment> \<open>419 subgoals left\<close>
  93.163  apply(tactic \<open>ALLGOALS (clarify_tac @{context})\<close>)
  93.164 -\<comment>\<open>99 subgoals left\<close>
  93.165 +\<comment> \<open>99 subgoals left\<close>
  93.166  apply(simp_all only:length_0_conv [THEN sym])
  93.167 -\<comment>\<open>20 subgoals left\<close>
  93.168 +\<comment> \<open>20 subgoals left\<close>
  93.169  apply (simp_all del:length_0_conv length_greater_0_conv add: nth_list_update mod_lemma)
  93.170 -\<comment>\<open>9 subgoals left\<close>
  93.171 +\<comment> \<open>9 subgoals left\<close>
  93.172  apply (force simp add:less_Suc_eq)
  93.173  apply(hypsubst_thin, drule sym)
  93.174  apply (force simp add:less_Suc_eq)+
    94.1 --- a/src/HOL/Hoare_Parallel/OG_Hoare.thy	Tue Jan 16 09:12:16 2018 +0100
    94.2 +++ b/src/HOL/Hoare_Parallel/OG_Hoare.thy	Tue Jan 16 09:30:00 2018 +0100
    94.3 @@ -120,19 +120,19 @@
    94.4  apply (unfold com_validity_def)
    94.5  apply(rule oghoare_induct)
    94.6  apply simp_all
    94.7 -\<comment>\<open>Basic\<close>
    94.8 +\<comment> \<open>Basic\<close>
    94.9      apply(simp add: SEM_def sem_def)
   94.10      apply(fast dest: rtrancl_imp_UN_relpow Basic_ntran)
   94.11 -\<comment>\<open>Seq\<close>
   94.12 +\<comment> \<open>Seq\<close>
   94.13     apply(rule impI)
   94.14     apply(rule subset_trans)
   94.15      prefer 2 apply simp
   94.16     apply(simp add: L3_5ii L3_5i)
   94.17 -\<comment>\<open>Cond\<close>
   94.18 +\<comment> \<open>Cond\<close>
   94.19    apply(simp add: L3_5iv)
   94.20 -\<comment>\<open>While\<close>
   94.21 +\<comment> \<open>While\<close>
   94.22   apply (force simp add: L3_5v dest: SEM_fwhile)
   94.23 -\<comment>\<open>Conseq\<close>
   94.24 +\<comment> \<open>Conseq\<close>
   94.25  apply(force simp add: SEM_def sem_def)
   94.26  done
   94.27  
   94.28 @@ -175,11 +175,11 @@
   94.29   (\<forall>q. \<turnstile> c q \<longrightarrow> (if co' = None then t\<in>q else t \<in> pre(the co') \<and> \<turnstile> (the co') q )))"
   94.30  apply(rule ann_transition_transition.induct [THEN conjunct1])
   94.31  apply simp_all
   94.32 -\<comment>\<open>Basic\<close>
   94.33 +\<comment> \<open>Basic\<close>
   94.34           apply clarify
   94.35           apply(frule ann_hoare_case_analysis)
   94.36           apply force
   94.37 -\<comment>\<open>Seq\<close>
   94.38 +\<comment> \<open>Seq\<close>
   94.39          apply clarify
   94.40          apply(frule ann_hoare_case_analysis,simp)
   94.41          apply(fast intro: AnnConseq)
   94.42 @@ -190,21 +190,21 @@
   94.43          apply force
   94.44         apply(rule AnnSeq,simp)
   94.45         apply(fast intro: AnnConseq)
   94.46 -\<comment>\<open>Cond1\<close>
   94.47 +\<comment> \<open>Cond1\<close>
   94.48        apply clarify
   94.49        apply(frule ann_hoare_case_analysis,simp)
   94.50        apply(fast intro: AnnConseq)
   94.51       apply clarify
   94.52       apply(frule ann_hoare_case_analysis,simp)
   94.53       apply(fast intro: AnnConseq)
   94.54 -\<comment>\<open>Cond2\<close>
   94.55 +\<comment> \<open>Cond2\<close>
   94.56      apply clarify
   94.57      apply(frule ann_hoare_case_analysis,simp)
   94.58      apply(fast intro: AnnConseq)
   94.59     apply clarify
   94.60     apply(frule ann_hoare_case_analysis,simp)
   94.61     apply(fast intro: AnnConseq)
   94.62 -\<comment>\<open>While\<close>
   94.63 +\<comment> \<open>While\<close>
   94.64    apply clarify
   94.65    apply(frule ann_hoare_case_analysis,simp)
   94.66    apply force
   94.67 @@ -215,7 +215,7 @@
   94.68    apply simp
   94.69   apply(rule AnnWhile)
   94.70    apply simp_all
   94.71 -\<comment>\<open>Await\<close>
   94.72 +\<comment> \<open>Await\<close>
   94.73  apply(frule ann_hoare_case_analysis,simp)
   94.74  apply clarify
   94.75  apply(drule atom_hoare_sound)
   94.76 @@ -349,7 +349,7 @@
   94.77  prefer 11
   94.78  apply(rule TrueI)
   94.79  apply simp_all
   94.80 -\<comment>\<open>Basic\<close>
   94.81 +\<comment> \<open>Basic\<close>
   94.82     apply(erule_tac x = "i" in all_dupE, erule (1) notE impE)
   94.83     apply(erule_tac x = "j" in allE , erule (1) notE impE)
   94.84     apply(simp add: interfree_def)
   94.85 @@ -366,12 +366,12 @@
   94.86      apply(force intro: converse_rtrancl_into_rtrancl
   94.87            simp add: com_validity_def SEM_def sem_def All_None_def)
   94.88     apply(simp add:assertions_lemma)
   94.89 -\<comment>\<open>Seqs\<close>
   94.90 +\<comment> \<open>Seqs\<close>
   94.91    apply(erule_tac x = "Ts[i:=(Some c0, pre c1)]" in allE)
   94.92    apply(drule  Parallel_Strong_Soundness_Seq,simp+)
   94.93   apply(erule_tac x = "Ts[i:=(Some c0, pre c1)]" in allE)
   94.94   apply(drule  Parallel_Strong_Soundness_Seq,simp+)
   94.95 -\<comment>\<open>Await\<close>
   94.96 +\<comment> \<open>Await\<close>
   94.97  apply(rule_tac x = "i" in allE , assumption , erule (1) notE impE)
   94.98  apply(erule_tac x = "j" in allE , erule (1) notE impE)
   94.99  apply(simp add: interfree_def)
  94.100 @@ -398,9 +398,9 @@
  94.101    else t\<in>pre(the(com(Rs ! j))) \<and> \<turnstile> the(com(Rs ! j)) post(Ts ! j))) \<and> interfree Rs"
  94.102  apply(erule rtrancl_induct2)
  94.103   apply clarify
  94.104 -\<comment>\<open>Base\<close>
  94.105 +\<comment> \<open>Base\<close>
  94.106   apply force
  94.107 -\<comment>\<open>Induction step\<close>
  94.108 +\<comment> \<open>Induction step\<close>
  94.109  apply clarify
  94.110  apply(drule Parallel_length_post_PStar)
  94.111  apply clarify
  94.112 @@ -432,7 +432,7 @@
  94.113  apply (unfold com_validity_def)
  94.114  apply(rule oghoare_induct)
  94.115  apply(rule TrueI)+
  94.116 -\<comment>\<open>Parallel\<close>
  94.117 +\<comment> \<open>Parallel\<close>
  94.118        apply(simp add: SEM_def sem_def)
  94.119        apply(clarify, rename_tac x y i Ts')
  94.120        apply(frule Parallel_length_post_PStar)
  94.121 @@ -446,19 +446,19 @@
  94.122        apply(drule_tac s = "length Rs" in sym)
  94.123        apply(erule allE, erule impE, assumption)
  94.124        apply(force dest: nth_mem simp add: All_None_def)
  94.125 -\<comment>\<open>Basic\<close>
  94.126 +\<comment> \<open>Basic\<close>
  94.127      apply(simp add: SEM_def sem_def)
  94.128      apply(force dest: rtrancl_imp_UN_relpow Basic_ntran)
  94.129 -\<comment>\<open>Seq\<close>
  94.130 +\<comment> \<open>Seq\<close>
  94.131     apply(rule subset_trans)
  94.132      prefer 2 apply assumption
  94.133     apply(simp add: L3_5ii L3_5i)
  94.134 -\<comment>\<open>Cond\<close>
  94.135 +\<comment> \<open>Cond\<close>
  94.136    apply(simp add: L3_5iv)
  94.137 -\<comment>\<open>While\<close>
  94.138 +\<comment> \<open>While\<close>
  94.139   apply(simp add: L3_5v)
  94.140   apply (blast dest: SEM_fwhile)
  94.141 -\<comment>\<open>Conseq\<close>
  94.142 +\<comment> \<open>Conseq\<close>
  94.143  apply(auto simp add: SEM_def sem_def)
  94.144  done
  94.145  
    95.1 --- a/src/HOL/Hoare_Parallel/RG_Examples.thy	Tue Jan 16 09:12:16 2018 +0100
    95.2 +++ b/src/HOL/Hoare_Parallel/RG_Examples.thy	Tue Jan 16 09:30:00 2018 +0100
    95.3 @@ -269,7 +269,7 @@
    95.4    \<lbrace>\<forall>i<n. (\<acute>X i) mod n=i \<and> (\<forall>j<\<acute>X i. j mod n=i \<longrightarrow> \<not>P(B!j)) \<and>
    95.5      (\<acute>Y i<m \<longrightarrow> P(B!(\<acute>Y i)) \<and> \<acute>Y i\<le> m+i) \<and> (\<exists>j<n. \<acute>Y j \<le> \<acute>X i)\<rbrace>]"
    95.6  apply(rule Parallel)
    95.7 -\<comment>\<open>5 subgoals left\<close>
    95.8 +\<comment> \<open>5 subgoals left\<close>
    95.9  apply force+
   95.10  apply clarify
   95.11  apply simp
    96.1 --- a/src/HOL/Hoare_Parallel/RG_Hoare.thy	Tue Jan 16 09:12:16 2018 +0100
    96.2 +++ b/src/HOL/Hoare_Parallel/RG_Hoare.thy	Tue Jan 16 09:30:00 2018 +0100
    96.3 @@ -458,7 +458,7 @@
    96.4    apply(subgoal_tac "x\<in> cp (Some(Await b P)) s")
    96.5    apply(erule_tac i=i in unique_ctran_Await,force,simp_all)
    96.6    apply(simp add:cp_def)
    96.7 -\<comment>\<open>here starts the different part.\<close>
    96.8 +\<comment> \<open>here starts the different part.\<close>
    96.9   apply(erule ctran.cases,simp_all)
   96.10   apply(drule Star_imp_cptn)
   96.11   apply clarify
   96.12 @@ -740,7 +740,7 @@
   96.13    apply (simp del:list.map)
   96.14    apply(simp only:last_lift_not_None)
   96.15   apply simp
   96.16 -\<comment>\<open>\<open>\<exists>i<length x. fst (x ! i) = Some Q\<close>\<close>
   96.17 +\<comment> \<open>\<open>\<exists>i<length x. fst (x ! i) = Some Q\<close>\<close>
   96.18  apply(erule exE)
   96.19  apply(drule_tac n=i and P="\<lambda>i. i < length x \<and> fst (x ! i) = Some Q" in Ex_first_occurrence)
   96.20  apply clarify
   96.21 @@ -882,13 +882,13 @@
   96.22  apply(erule cptn_mod.induct)
   96.23  apply safe
   96.24  apply (simp_all del:last.simps)
   96.25 -\<comment>\<open>5 subgoals left\<close>
   96.26 +\<comment> \<open>5 subgoals left\<close>
   96.27  apply(simp add:comm_def)
   96.28 -\<comment>\<open>4 subgoals left\<close>
   96.29 +\<comment> \<open>4 subgoals left\<close>
   96.30  apply(rule etran_in_comm)
   96.31  apply(erule mp)
   96.32  apply(erule tl_of_assum_in_assum,simp)
   96.33 -\<comment>\<open>While-None\<close>
   96.34 +\<comment> \<open>While-None\<close>
   96.35  apply(ind_cases "((Some (While b P), s), None, t) \<in> ctran" for s t)
   96.36  apply(simp add:comm_def)
   96.37  apply(simp add:cptn_iff_cptn_mod [THEN sym])
   96.38 @@ -913,7 +913,7 @@
   96.39   apply simp
   96.40  apply clarify
   96.41  apply (simp add:last_length)
   96.42 -\<comment>\<open>WhileOne\<close>
   96.43 +\<comment> \<open>WhileOne\<close>
   96.44  apply(thin_tac "P = While b P \<longrightarrow> Q" for Q)
   96.45  apply(rule ctran_in_comm,simp)
   96.46  apply(simp add:Cons_lift del:list.map)
   96.47 @@ -949,23 +949,23 @@
   96.48   apply(case_tac "fst(xs!i)")
   96.49    apply force
   96.50   apply force
   96.51 -\<comment>\<open>last=None\<close>
   96.52 +\<comment> \<open>last=None\<close>
   96.53  apply clarify
   96.54  apply(subgoal_tac "(map (lift (While b P)) ((Some P, sa) # xs))\<noteq>[]")
   96.55   apply(drule last_conv_nth)
   96.56   apply (simp del:list.map)
   96.57   apply(simp only:last_lift_not_None)
   96.58  apply simp
   96.59 -\<comment>\<open>WhileMore\<close>
   96.60 +\<comment> \<open>WhileMore\<close>
   96.61  apply(thin_tac "P = While b P \<longrightarrow> Q" for Q)
   96.62  apply(rule ctran_in_comm,simp del:last.simps)
   96.63 -\<comment>\<open>metiendo la hipotesis antes de dividir la conclusion.\<close>
   96.64 +\<comment> \<open>metiendo la hipotesis antes de dividir la conclusion.\<close>
   96.65  apply(subgoal_tac "(Some (While b P), snd (last ((Some P, sa) # xs))) # ys \<in> assum (pre, rely)")
   96.66   apply (simp del:last.simps)
   96.67   prefer 2
   96.68   apply(erule assum_after_body)
   96.69    apply (simp del:last.simps)+
   96.70 -\<comment>\<open>lo de antes.\<close>
   96.71 +\<comment> \<open>lo de antes.\<close>
   96.72  apply(simp add:comm_def del:list.map last.simps)
   96.73  apply(rule conjI)
   96.74   apply clarify
   96.75 @@ -1001,7 +1001,7 @@
   96.76    apply(case_tac "fst(xs!i)")
   96.77     apply force
   96.78   apply force
   96.79 -\<comment>\<open>\<open>i \<ge> length xs\<close>\<close>
   96.80 +\<comment> \<open>\<open>i \<ge> length xs\<close>\<close>
   96.81  apply(subgoal_tac "i-length xs <length ys")
   96.82   prefer 2
   96.83   apply arith
   96.84 @@ -1012,7 +1012,7 @@
   96.85   apply(erule mp)
   96.86   apply(case_tac "last((Some P, sa) # xs)")
   96.87   apply(simp add:lift_def del:last.simps)
   96.88 -\<comment>\<open>\<open>i>length xs\<close>\<close>
   96.89 +\<comment> \<open>\<open>i>length xs\<close>\<close>
   96.90  apply(case_tac "i-length xs")
   96.91   apply arith
   96.92  apply(simp add:nth_append del:list.map last.simps)
   96.93 @@ -1021,7 +1021,7 @@
   96.94   prefer 2
   96.95   apply arith
   96.96  apply simp
   96.97 -\<comment>\<open>last=None\<close>
   96.98 +\<comment> \<open>last=None\<close>
   96.99  apply clarify
  96.100  apply(case_tac ys)
  96.101   apply(simp add:Cons_lift del:list.map last.simps)
  96.102 @@ -1107,16 +1107,16 @@
  96.103    \<longrightarrow> (snd(clist!i!j), snd(clist!i!Suc j)) \<in> Guar(xs!i)"
  96.104  apply(unfold par_cp_def)
  96.105  apply (rule ccontr)
  96.106 -\<comment>\<open>By contradiction:\<close>
  96.107 +\<comment> \<open>By contradiction:\<close>
  96.108  apply simp
  96.109  apply(erule exE)
  96.110 -\<comment>\<open>the first c-tran that does not satisfy the guarantee-condition is from \<open>\<sigma>_i\<close> at step \<open>m\<close>.\<close>
  96.111 +\<comment> \<open>the first c-tran that does not satisfy the guarantee-condition is from \<open>\<sigma>_i\<close> at step \<open>m\<close>.\<close>
  96.112  apply(drule_tac n=j and P="\<lambda>j. \<exists>i. H i j" for H in Ex_first_occurrence)
  96.113  apply(erule exE)
  96.114  apply clarify
  96.115 -\<comment>\<open>\<open>\<sigma>_i \<in> A(pre, rely_1)\<close>\<close>
  96.116 +\<comment> \<open>\<open>\<sigma>_i \<in> A(pre, rely_1)\<close>\<close>
  96.117  apply(subgoal_tac "take (Suc (Suc m)) (clist!i) \<in> assum(Pre(xs!i), Rely(xs!i))")
  96.118 -\<comment>\<open>but this contradicts \<open>\<Turnstile> \<sigma>_i sat [pre_i,rely_i,guar_i,post_i]\<close>\<close>
  96.119 +\<comment> \<open>but this contradicts \<open>\<Turnstile> \<sigma>_i sat [pre_i,rely_i,guar_i,post_i]\<close>\<close>
  96.120   apply(erule_tac x=i and P="\<lambda>i. H i \<longrightarrow> \<Turnstile> (J i) sat [I i,K i,M i,N i]" for H J I K M N in allE,erule impE,assumption)
  96.121   apply(simp add:com_validity_def)
  96.122   apply(erule_tac x=s in allE)
  96.123 @@ -1142,9 +1142,9 @@
  96.124  apply(simp add:conjoin_def compat_label_def)
  96.125  apply clarify
  96.126  apply(erule_tac x=ia and P="\<lambda>j. H j \<longrightarrow> (P j) \<or> Q j" for H P Q in allE,simp)
  96.127 -\<comment>\<open>each etran in \<open>\<sigma>_1[0\<dots>m]\<close> corresponds to\<close>
  96.128 +\<comment> \<open>each etran in \<open>\<sigma>_1[0\<dots>m]\<close> corresponds to\<close>
  96.129  apply(erule disjE)
  96.130 -\<comment>\<open>a c-tran in some \<open>\<sigma>_{ib}\<close>\<close>
  96.131 +\<comment> \<open>a c-tran in some \<open>\<sigma>_{ib}\<close>\<close>
  96.132   apply clarify
  96.133   apply(case_tac "i=ib",simp)
  96.134    apply(erule etranE,simp)
  96.135 @@ -1160,7 +1160,7 @@
  96.136   apply(simp add:same_state_def)
  96.137   apply(erule_tac x=i and P="\<lambda>j. (T j) \<longrightarrow> (\<forall>i. (H j i) \<longrightarrow> (snd (d j i))=(snd (e j i)))" for T H d e in all_dupE)
  96.138   apply(erule_tac x=ib and P="\<lambda>j. (T j) \<longrightarrow> (\<forall>i. (H j i) \<longrightarrow> (snd (d j i))=(snd (e j i)))" for T H d e in allE,simp)
  96.139 -\<comment>\<open>or an e-tran in \<open>\<sigma>\<close>,
  96.140 +\<comment> \<open>or an e-tran in \<open>\<sigma>\<close>,
  96.141  therefore it satisfies \<open>rely \<or> guar_{ib}\<close>\<close>
  96.142  apply (force simp add:par_assum_def same_state_def)
  96.143  done
    97.1 --- a/src/HOL/Hoare_Parallel/RG_Tran.thy	Tue Jan 16 09:12:16 2018 +0100
    97.2 +++ b/src/HOL/Hoare_Parallel/RG_Tran.thy	Tue Jan 16 09:30:00 2018 +0100
    97.3 @@ -178,20 +178,20 @@
    97.4    \<longrightarrow> (Some a, s) # (Q, t) # xs \<in> cptn_mod"
    97.5  apply(induct a)
    97.6  apply simp_all
    97.7 -\<comment>\<open>basic\<close>
    97.8 +\<comment> \<open>basic\<close>
    97.9  apply clarify
   97.10  apply(erule ctran.cases,simp_all)
   97.11  apply(rule CptnModNone,rule Basic,simp)
   97.12  apply clarify
   97.13  apply(erule ctran.cases,simp_all)
   97.14 -\<comment>\<open>Seq1\<close>
   97.15 +\<comment> \<open>Seq1\<close>
   97.16  apply(rule_tac xs="[(None,ta)]" in CptnModSeq2)
   97.17    apply(erule CptnModNone)
   97.18    apply(rule CptnModOne)
   97.19   apply simp
   97.20  apply simp
   97.21  apply(simp add:lift_def)
   97.22 -\<comment>\<open>Seq2\<close>
   97.23 +\<comment> \<open>Seq2\<close>
   97.24  apply(erule_tac x=sa in allE)
   97.25  apply(erule_tac x="Some P2" in allE)
   97.26  apply(erule allE,erule impE, assumption)
   97.27 @@ -208,12 +208,12 @@
   97.28    apply (simp add:last_length)
   97.29   apply (simp add:last_length)
   97.30  apply(simp add:lift_def)
   97.31 -\<comment>\<open>Cond\<close>
   97.32 +\<comment> \<open>Cond\<close>
   97.33  apply clarify
   97.34  apply(erule ctran.cases,simp_all)
   97.35  apply(force elim: CptnModCondT)
   97.36  apply(force elim: CptnModCondF)
   97.37 -\<comment>\<open>While\<close>
   97.38 +\<comment> \<open>While\<close>
   97.39  apply  clarify
   97.40  apply(erule ctran.cases,simp_all)
   97.41  apply(rule CptnModNone,erule WhileF,simp)
   97.42 @@ -223,7 +223,7 @@
   97.43   apply(force elim:CptnModWhile1)
   97.44  apply clarify
   97.45  apply(force simp add:last_length elim:CptnModWhile2)
   97.46 -\<comment>\<open>await\<close>
   97.47 +\<comment> \<open>await\<close>
   97.48  apply clarify
   97.49  apply(erule ctran.cases,simp_all)
   97.50  apply(rule CptnModNone,erule Await,simp+)
   97.51 @@ -295,7 +295,7 @@
   97.52        apply(erule CondT,simp)
   97.53      apply(rule CptnComp)
   97.54       apply(erule CondF,simp)
   97.55 -\<comment>\<open>Seq1\<close>
   97.56 +\<comment> \<open>Seq1\<close>
   97.57  apply(erule cptn.cases,simp_all)
   97.58    apply(rule CptnOne)
   97.59   apply clarify
   97.60 @@ -315,7 +315,7 @@
   97.61   apply(rule Seq2,simp)
   97.62  apply(drule_tac P=P1 in lift_is_cptn)
   97.63  apply(simp add:lift_def)
   97.64 -\<comment>\<open>Seq2\<close>
   97.65 +\<comment> \<open>Seq2\<close>
   97.66  apply(rule cptn_append_is_cptn)
   97.67    apply(drule_tac P=P1 in lift_is_cptn)
   97.68    apply(simp add:lift_def)
   97.69 @@ -325,12 +325,12 @@
   97.70   apply(rule last_fst_esp)
   97.71   apply (simp add:last_length)
   97.72  apply(simp add:Cons_lift lift_def split_def last_conv_nth)
   97.73 -\<comment>\<open>While1\<close>
   97.74 +\<comment> \<open>While1\<close>
   97.75  apply(rule CptnComp)
   97.76   apply(rule WhileT,simp)
   97.77  apply(drule_tac P="While b P" in lift_is_cptn)
   97.78  apply(simp add:lift_def)
   97.79 -\<comment>\<open>While2\<close>
   97.80 +\<comment> \<open>While2\<close>
   97.81  apply(rule CptnComp)
   97.82   apply(rule WhileT,simp)
   97.83  apply(rule cptn_append_is_cptn)
   97.84 @@ -496,7 +496,7 @@
   97.85  apply clarify
   97.86  apply(erule_tac x="0" and P="\<lambda>j. H j \<longrightarrow> (P j \<or> Q j)" for H P Q in all_dupE, simp)
   97.87  apply(erule disjE)
   97.88 -\<comment>\<open>first step is a Component step\<close>
   97.89 +\<comment> \<open>first step is a Component step\<close>
   97.90   apply clarify 
   97.91   apply simp
   97.92   apply(subgoal_tac "a=(xs[i:=(fst(clist!i!0))])")
   97.93 @@ -516,7 +516,7 @@
   97.94    apply(erule etranE,simp)
   97.95   apply(rule ParCptnComp)
   97.96    apply(erule ParComp,simp)
   97.97 -\<comment>\<open>applying the induction hypothesis\<close>
   97.98 +\<comment> \<open>applying the induction hypothesis\<close>
   97.99   apply(erule_tac x="xs[i := fst (clist ! i ! 0)]" in allE)
  97.100   apply(erule_tac x="snd (clist ! i ! 0)" in allE)
  97.101   apply(erule mp)
  97.102 @@ -630,7 +630,7 @@
  97.103     apply(erule_tac x=ia and P="\<lambda>j. H j \<longrightarrow> (length (s j) = t)" for H s t in allE,force)
  97.104    apply force
  97.105   apply(erule_tac x=ia and P="\<lambda>j. H j \<longrightarrow> (length (s j) = t)" for H s t in allE,force)
  97.106 -\<comment>\<open>first step is an environmental step\<close>
  97.107 +\<comment> \<open>first step is an environmental step\<close>
  97.108  apply clarify
  97.109  apply(erule par_etran.cases)
  97.110  apply simp
    98.1 --- a/src/HOL/IMP/Abs_Int0.thy	Tue Jan 16 09:12:16 2018 +0100
    98.2 +++ b/src/HOL/IMP/Abs_Int0.thy	Tue Jan 16 09:30:00 2018 +0100
    98.3 @@ -232,7 +232,7 @@
    98.4  proof(simp add: CS_def AI_def)
    98.5    assume 1: "pfp (step' \<top>) (bot c) = Some C"
    98.6    have pfp': "step' \<top> C \<le> C" by(rule pfp_pfp[OF 1])
    98.7 -  have 2: "step (\<gamma>\<^sub>o \<top>) (\<gamma>\<^sub>c C) \<le> \<gamma>\<^sub>c C"  \<comment>"transfer the pfp'"
    98.8 +  have 2: "step (\<gamma>\<^sub>o \<top>) (\<gamma>\<^sub>c C) \<le> \<gamma>\<^sub>c C"  \<comment> \<open>transfer the pfp'\<close>
    98.9    proof(rule order_trans)
   98.10      show "step (\<gamma>\<^sub>o \<top>) (\<gamma>\<^sub>c C) \<le> \<gamma>\<^sub>c (step' \<top> C)" by(rule step_step')
   98.11      show "... \<le> \<gamma>\<^sub>c C" by (metis mono_gamma_c[OF pfp'])
    99.1 --- a/src/HOL/IMP/Abs_Int1.thy	Tue Jan 16 09:12:16 2018 +0100
    99.2 +++ b/src/HOL/IMP/Abs_Int1.thy	Tue Jan 16 09:30:00 2018 +0100
    99.3 @@ -59,7 +59,7 @@
    99.4  proof(simp add: CS_def AI_def)
    99.5    assume 1: "pfp (step' \<top>) (bot c) = Some C"
    99.6    have pfp': "step' \<top> C \<le> C" by(rule pfp_pfp[OF 1])
    99.7 -  have 2: "step (\<gamma>\<^sub>o \<top>) (\<gamma>\<^sub>c C) \<le> \<gamma>\<^sub>c C"  \<comment>"transfer the pfp'"
    99.8 +  have 2: "step (\<gamma>\<^sub>o \<top>) (\<gamma>\<^sub>c C) \<le> \<gamma>\<^sub>c C"  \<comment> \<open>transfer the pfp'\<close>
    99.9    proof(rule order_trans)
   99.10      show "step (\<gamma>\<^sub>o \<top>) (\<gamma>\<^sub>c C) \<le> \<gamma>\<^sub>c (step' \<top> C)" by(rule step_step')
   99.11      show "... \<le> \<gamma>\<^sub>c C" by (metis mono_gamma_c[OF pfp'])
   100.1 --- a/src/HOL/IMP/Abs_Int2.thy	Tue Jan 16 09:12:16 2018 +0100
   100.2 +++ b/src/HOL/IMP/Abs_Int2.thy	Tue Jan 16 09:30:00 2018 +0100
   100.3 @@ -170,7 +170,7 @@
   100.4  proof(simp add: CS_def AI_def)
   100.5    assume 1: "pfp (step' \<top>) (bot c) = Some C"
   100.6    have pfp': "step' \<top> C \<le> C" by(rule pfp_pfp[OF 1])
   100.7 -  have 2: "step (\<gamma>\<^sub>o \<top>) (\<gamma>\<^sub>c C) \<le> \<gamma>\<^sub>c C"  \<comment>"transfer the pfp'"
   100.8 +  have 2: "step (\<gamma>\<^sub>o \<top>) (\<gamma>\<^sub>c C) \<le> \<gamma>\<^sub>c C"  \<comment> \<open>transfer the pfp'\<close>
   100.9    proof(rule order_trans)
  100.10      show "step (\<gamma>\<^sub>o \<top>) (\<gamma>\<^sub>c C) \<le> \<gamma>\<^sub>c (step' \<top> C)" by(rule step_step')
  100.11      show "... \<le> \<gamma>\<^sub>c C" by (metis mono_gamma_c[OF pfp'])
   101.1 --- a/src/HOL/IMP/Abs_Int3.thy	Tue Jan 16 09:12:16 2018 +0100
   101.2 +++ b/src/HOL/IMP/Abs_Int3.thy	Tue Jan 16 09:30:00 2018 +0100
   101.3 @@ -552,7 +552,7 @@
   101.4    case 3 thus ?case by(rule m_ivl_widen)
   101.5  next
   101.6    case 4 from 4(2) show ?case by(rule n_ivl_narrow)
   101.7 -  \<comment> "note that the first assms is unnecessary for intervals"
   101.8 +  \<comment> \<open>note that the first assms is unnecessary for intervals\<close>
   101.9  qed
  101.10  
  101.11  lemma iter_winden_step_ivl_termination:
   102.1 --- a/src/HOL/IMP/Abs_Int_init.thy	Tue Jan 16 09:12:16 2018 +0100
   102.2 +++ b/src/HOL/IMP/Abs_Int_init.thy	Tue Jan 16 09:30:00 2018 +0100
   102.3 @@ -4,6 +4,6 @@
   102.4          Vars Collecting Abs_Int_Tests
   102.5  begin
   102.6  
   102.7 -hide_const (open) top bot dom  \<comment>"to avoid qualified names"
   102.8 +hide_const (open) top bot dom  \<comment> \<open>to avoid qualified names\<close>
   102.9  
  102.10  end
   103.1 --- a/src/HOL/IMP/Abs_State.thy	Tue Jan 16 09:12:16 2018 +0100
   103.2 +++ b/src/HOL/IMP/Abs_State.thy	Tue Jan 16 09:30:00 2018 +0100
   103.3 @@ -10,15 +10,15 @@
   103.4  "fun_rep [] = (\<lambda>x. \<top>)" |
   103.5  "fun_rep ((x,a)#ps) = (fun_rep ps) (x := a)"
   103.6  
   103.7 -lemma fun_rep_map_of[code]: \<comment>"original def is too slow"
   103.8 +lemma fun_rep_map_of[code]: \<comment> \<open>original def is too slow\<close>
   103.9    "fun_rep ps = (%x. case map_of ps x of None \<Rightarrow> \<top> | Some a \<Rightarrow> a)"
  103.10  by(induction ps rule: fun_rep.induct) auto
  103.11  
  103.12  definition eq_st :: "('a::top) st_rep \<Rightarrow> 'a st_rep \<Rightarrow> bool" where
  103.13  "eq_st S1 S2 = (fun_rep S1 = fun_rep S2)"
  103.14  
  103.15 -hide_type st  \<comment>"hide previous def to avoid long names"
  103.16 -declare [[typedef_overloaded]] \<comment>"allow quotient types to depend on classes"
  103.17 +hide_type st  \<comment> \<open>hide previous def to avoid long names\<close>
  103.18 +declare [[typedef_overloaded]] \<comment> \<open>allow quotient types to depend on classes\<close>
  103.19  
  103.20  quotient_type 'a st = "('a::top) st_rep" / eq_st
  103.21  morphisms rep_st St
   104.1 --- a/src/HOL/IMP/Big_Step.thy	Tue Jan 16 09:12:16 2018 +0100
   104.2 +++ b/src/HOL/IMP/Big_Step.thy	Tue Jan 16 09:30:00 2018 +0100
   104.3 @@ -120,7 +120,7 @@
   104.4  shows "t = s"
   104.5  proof-
   104.6    from assms show ?thesis
   104.7 -  proof cases  \<comment>"inverting assms"
   104.8 +  proof cases  \<comment> \<open>inverting assms\<close>
   104.9      case IfTrue thm IfTrue
  104.10      thus ?thesis by blast
  104.11    next
  104.12 @@ -147,7 +147,7 @@
  104.13    with c1
  104.14    show "(c1;; (c2;; c3), s) \<Rightarrow> s'" by (rule Seq)
  104.15  next
  104.16 -  \<comment> "The other direction is analogous"
  104.17 +  \<comment> \<open>The other direction is analogous\<close>
  104.18    assume "(c1;; (c2;; c3), s) \<Rightarrow> s'"
  104.19    thus "(c1;; c2;; c3, s) \<Rightarrow> s'" by auto
  104.20  qed
  104.21 @@ -176,40 +176,40 @@
  104.22  lemma unfold_while:
  104.23    "(WHILE b DO c) \<sim> (IF b THEN c;; WHILE b DO c ELSE SKIP)" (is "?w \<sim> ?iw")
  104.24  proof -
  104.25 -  \<comment> "to show the equivalence, we look at the derivation tree for"
  104.26 -  \<comment> "each side and from that construct a derivation tree for the other side"
  104.27 +  \<comment> \<open>to show the equivalence, we look at the derivation tree for\<close>
  104.28 +  \<comment> \<open>each side and from that construct a derivation tree for the other side\<close>
  104.29    have "(?iw, s) \<Rightarrow> t" if assm: "(?w, s) \<Rightarrow> t" for s t
  104.30    proof -
  104.31      from assm show ?thesis
  104.32 -    proof cases \<comment>"rule inversion on \<open>(?w, s) \<Rightarrow> t\<close>"
  104.33 +    proof cases \<comment> \<open>rule inversion on \<open>(?w, s) \<Rightarrow> t\<close>\<close>
  104.34        case WhileFalse
  104.35        thus ?thesis by blast
  104.36      next
  104.37        case WhileTrue
  104.38        from \<open>bval b s\<close> \<open>(?w, s) \<Rightarrow> t\<close> obtain s' where
  104.39          "(c, s) \<Rightarrow> s'" and "(?w, s') \<Rightarrow> t" by auto
  104.40 -      \<comment> "now we can build a derivation tree for the @{text IF}"
  104.41 -      \<comment> "first, the body of the True-branch:"
  104.42 +      \<comment> \<open>now we can build a derivation tree for the @{text IF}\<close>
  104.43 +      \<comment> \<open>first, the body of the True-branch:\<close>
  104.44        hence "(c;; ?w, s) \<Rightarrow> t" by (rule Seq)
  104.45 -      \<comment> "then the whole @{text IF}"
  104.46 +      \<comment> \<open>then the whole @{text IF}\<close>
  104.47        with \<open>bval b s\<close> show ?thesis by (rule IfTrue)
  104.48      qed
  104.49    qed
  104.50    moreover
  104.51 -  \<comment> "now the other direction:"
  104.52 +  \<comment> \<open>now the other direction:\<close>
  104.53    have "(?w, s) \<Rightarrow> t" if assm: "(?iw, s) \<Rightarrow> t" for s t
  104.54    proof -
  104.55      from assm show ?thesis
  104.56 -    proof cases \<comment>"rule inversion on \<open>(?iw, s) \<Rightarrow> t\<close>"
  104.57 +    proof cases \<comment> \<open>rule inversion on \<open>(?iw, s) \<Rightarrow> t\<close>\<close>
  104.58        case IfFalse
  104.59        hence "s = t" using \<open>(?iw, s) \<Rightarrow> t\<close> by blast
  104.60        thus ?thesis using \<open>\<not>bval b s\<close> by blast
  104.61      next
  104.62        case IfTrue
  104.63 -      \<comment> "and for this, only the Seq-rule is applicable:"
  104.64 +      \<comment> \<open>and for this, only the Seq-rule is applicable:\<close>
  104.65        from \<open>(c;; ?w, s) \<Rightarrow> t\<close> obtain s' where
  104.66          "(c, s) \<Rightarrow> s'" and "(?w, s') \<Rightarrow> t" by auto
  104.67 -      \<comment> "with this information, we can build a derivation tree for @{text WHILE}"
  104.68 +      \<comment> \<open>with this information, we can build a derivation tree for @{text WHILE}\<close>
  104.69        with \<open>bval b s\<close> show ?thesis by (rule WhileTrue)
  104.70      qed
  104.71    qed
  104.72 @@ -267,14 +267,14 @@
  104.73  theorem
  104.74    "(c,s) \<Rightarrow> t  \<Longrightarrow>  (c,s) \<Rightarrow> t'  \<Longrightarrow>  t' = t"
  104.75  proof (induction arbitrary: t' rule: big_step.induct)
  104.76 -  \<comment> "the only interesting case, @{text WhileTrue}:"
  104.77 +  \<comment> \<open>the only interesting case, @{text WhileTrue}:\<close>
  104.78    fix b c s s\<^sub>1 t t'
  104.79 -  \<comment> "The assumptions of the rule:"
  104.80 +  \<comment> \<open>The assumptions of the rule:\<close>
  104.81    assume "bval b s" and "(c,s) \<Rightarrow> s\<^sub>1" and "(WHILE b DO c,s\<^sub>1) \<Rightarrow> t"
  104.82    \<comment> \<open>Ind.Hyp; note the @{text"\<And>"} because of arbitrary:\<close>
  104.83    assume IHc: "\<And>t'. (c,s) \<Rightarrow> t' \<Longrightarrow> t' = s\<^sub>1"
  104.84    assume IHw: "\<And>t'. (WHILE b DO c,s\<^sub>1) \<Rightarrow> t' \<Longrightarrow> t' = t"
  104.85 -  \<comment> "Premise of implication:"
  104.86 +  \<comment> \<open>Premise of implication:\<close>
  104.87    assume "(WHILE b DO c,s) \<Rightarrow> t'"
  104.88    with \<open>bval b s\<close> obtain s\<^sub>1' where
  104.89        c: "(c,s) \<Rightarrow> s\<^sub>1'" and
  104.90 @@ -282,7 +282,7 @@
  104.91      by auto
  104.92    from c IHc have "s\<^sub>1' = s\<^sub>1" by blast
  104.93    with w IHw show "t' = t" by blast
  104.94 -qed blast+ \<comment> "prove the rest automatically"
  104.95 +qed blast+ \<comment> \<open>prove the rest automatically\<close>
  104.96  text_raw\<open>}%endsnip\<close>
  104.97  
  104.98  end
   105.1 --- a/src/HOL/IMP/Star.thy	Tue Jan 16 09:12:16 2018 +0100
   105.2 +++ b/src/HOL/IMP/Star.thy	Tue Jan 16 09:30:00 2018 +0100
   105.3 @@ -7,7 +7,7 @@
   105.4  refl:  "star r x x" |
   105.5  step:  "r x y \<Longrightarrow> star r y z \<Longrightarrow> star r x z"
   105.6  
   105.7 -hide_fact (open) refl step  \<comment>"names too generic"
   105.8 +hide_fact (open) refl step  \<comment> \<open>names too generic\<close>
   105.9  
  105.10  lemma star_trans:
  105.11    "star r x y \<Longrightarrow> star r y z \<Longrightarrow> star r x z"
   106.1 --- a/src/HOL/Imperative_HOL/Heap.thy	Tue Jan 16 09:12:16 2018 +0100
   106.2 +++ b/src/HOL/Imperative_HOL/Heap.thy	Tue Jan 16 09:30:00 2018 +0100
   106.3 @@ -44,8 +44,8 @@
   106.4    but keeping them separate makes some later proofs simpler.
   106.5  \<close>
   106.6  
   106.7 -type_synonym addr = nat \<comment> "untyped heap references"
   106.8 -type_synonym heap_rep = nat \<comment> "representable values"
   106.9 +type_synonym addr = nat \<comment> \<open>untyped heap references\<close>
  106.10 +type_synonym heap_rep = nat \<comment> \<open>representable values\<close>
  106.11  
  106.12  record heap =
  106.13    arrays :: "typerep \<Rightarrow> addr \<Rightarrow> heap_rep list"
  106.14 @@ -55,8 +55,8 @@
  106.15  definition empty :: heap where
  106.16    "empty = \<lparr>arrays = (\<lambda>_ _. []), refs = (\<lambda>_ _. 0), lim = 0\<rparr>"
  106.17  
  106.18 -datatype 'a array = Array addr \<comment> "note the phantom type 'a"
  106.19 -datatype 'a ref = Ref addr \<comment> "note the phantom type 'a"
  106.20 +datatype 'a array = Array addr \<comment> \<open>note the phantom type 'a\<close>
  106.21 +datatype 'a ref = Ref addr \<comment> \<open>note the phantom type 'a\<close>
  106.22  
  106.23  primrec addr_of_array :: "'a array \<Rightarrow> addr" where
  106.24    "addr_of_array (Array x) = x"
   107.1 --- a/src/HOL/Imperative_HOL/Ref.thy	Tue Jan 16 09:12:16 2018 +0100
   107.2 +++ b/src/HOL/Imperative_HOL/Ref.thy	Tue Jan 16 09:30:00 2018 +0100
   107.3 @@ -61,7 +61,7 @@
   107.4  text \<open>Primitives\<close>
   107.5  
   107.6  lemma noteq_sym: "r =!= s \<Longrightarrow> s =!= r"
   107.7 -  and unequal [simp]: "r \<noteq> r' \<longleftrightarrow> r =!= r'" \<comment> "same types!"
   107.8 +  and unequal [simp]: "r \<noteq> r' \<longleftrightarrow> r =!= r'" \<comment> \<open>same types!\<close>
   107.9    by (auto simp add: noteq_def)
  107.10  
  107.11  lemma noteq_irrefl: "r =!= r \<Longrightarrow> False"
   108.1 --- a/src/HOL/Induct/ABexp.thy	Tue Jan 16 09:12:16 2018 +0100
   108.2 +++ b/src/HOL/Induct/ABexp.thy	Tue Jan 16 09:30:00 2018 +0100
   108.3 @@ -55,7 +55,7 @@
   108.4    "evala env (substa (Var (v := a')) a) = evala (env (v := evala env a')) a"
   108.5  and subst1_bexp:
   108.6    "evalb env (substb (Var (v := a')) b) = evalb (env (v := evala env a')) b"
   108.7 -    \<comment>  \<open>one variable\<close>
   108.8 +    \<comment> \<open>one variable\<close>
   108.9    by (induct a and b) simp_all
  108.10  
  108.11  lemma subst_all_aexp:
   109.1 --- a/src/HOL/Induct/Comb.thy	Tue Jan 16 09:12:16 2018 +0100
   109.2 +++ b/src/HOL/Induct/Comb.thy	Tue Jan 16 09:30:00 2018 +0100
   109.3 @@ -70,7 +70,7 @@
   109.4  
   109.5  definition
   109.6    diamond   :: "('a * 'a)set \<Rightarrow> bool" where
   109.7 -    \<comment>\<open>confluence; Lambda/Commutation treats this more abstractly\<close>
   109.8 +    \<comment> \<open>confluence; Lambda/Commutation treats this more abstractly\<close>
   109.9    "diamond(r) = (\<forall>x y. (x,y) \<in> r --> 
  109.10                    (\<forall>y'. (x,y') \<in> r --> 
  109.11                      (\<exists>z. (y,z) \<in> r & (y',z) \<in> r)))"
   110.1 --- a/src/HOL/Isar_Examples/Hoare.thy	Tue Jan 16 09:12:16 2018 +0100
   110.2 +++ b/src/HOL/Isar_Examples/Hoare.thy	Tue Jan 16 09:30:00 2018 +0100
   110.3 @@ -400,7 +400,7 @@
   110.4  lemma Compl_Collect: "- Collect b = {x. \<not> b x}"
   110.5    by blast
   110.6  
   110.7 -lemmas AbortRule = SkipRule  \<comment> "dummy version"
   110.8 +lemmas AbortRule = SkipRule  \<comment> \<open>dummy version\<close>
   110.9  
  110.10  ML_file "~~/src/HOL/Hoare/hoare_tac.ML"
  110.11  
   111.1 --- a/src/HOL/Library/Cardinality.thy	Tue Jan 16 09:12:16 2018 +0100
   111.2 +++ b/src/HOL/Library/Cardinality.thy	Tue Jan 16 09:30:00 2018 +0100
   111.3 @@ -519,7 +519,7 @@
   111.4       (\<lambda>_. List.coset xs \<subseteq> set ys))"
   111.5  by simp
   111.6  
   111.7 -notepad begin \<comment> "test code setup"
   111.8 +notepad begin \<comment> \<open>test code setup\<close>
   111.9  have "List.coset [True] = set [False] \<and> 
  111.10        List.coset [] \<subseteq> List.set [True, False] \<and> 
  111.11        finite (List.coset [True])"
   112.1 --- a/src/HOL/Library/Code_Test.thy	Tue Jan 16 09:12:16 2018 +0100
   112.2 +++ b/src/HOL/Library/Code_Test.thy	Tue Jan 16 09:30:00 2018 +0100
   112.3 @@ -132,10 +132,8 @@
   112.4    "xml_of_term (Code_Evaluation.Const x ty) = [xml.tagged (STR ''0'') (Some x) (xml_of_typ ty)]"
   112.5    "xml_of_term (Code_Evaluation.App t1 t2)  = [xml.tagged (STR ''5'') None [xml.node (xml_of_term t1), xml.node (xml_of_term t2)]]"
   112.6    "xml_of_term (Code_Evaluation.Abs x ty t) = [xml.tagged (STR ''4'') (Some x) [xml.node (xml_of_typ ty), xml.node (xml_of_term t)]]"
   112.7 -  \<comment> \<open>
   112.8 -    FIXME: @{const Code_Evaluation.Free} is used only in @{theory Quickcheck_Narrowing} to represent
   112.9 -    uninstantiated parameters in constructors. Here, we always translate them to @{ML Free} variables.
  112.10 -\<close>
  112.11 +  \<comment> \<open>FIXME: @{const Code_Evaluation.Free} is used only in @{theory Quickcheck_Narrowing} to represent
  112.12 +    uninstantiated parameters in constructors. Here, we always translate them to @{ML Free} variables.\<close>
  112.13    "xml_of_term (Code_Evaluation.Free x ty)  = [xml.tagged (STR ''1'') (Some x) (xml_of_typ ty)]"
  112.14  by(simp_all add: xml_of_term_def xml_tree_anything)
  112.15  
   113.1 --- a/src/HOL/Library/Extended_Nonnegative_Real.thy	Tue Jan 16 09:12:16 2018 +0100
   113.2 +++ b/src/HOL/Library/Extended_Nonnegative_Real.thy	Tue Jan 16 09:30:00 2018 +0100
   113.3 @@ -330,7 +330,7 @@
   113.4  
   113.5  end
   113.6  
   113.7 -lemma ennreal_zero_less_one: "0 < (1::ennreal)" \<comment> \<open>TODO: remove \<close>
   113.8 +lemma ennreal_zero_less_one: "0 < (1::ennreal)" \<comment> \<open>TODO: remove\<close>
   113.9    by transfer auto
  113.10  
  113.11  instance ennreal :: dioid
   114.1 --- a/src/HOL/Library/Omega_Words_Fun.thy	Tue Jan 16 09:12:16 2018 +0100
   114.2 +++ b/src/HOL/Library/Omega_Words_Fun.thy	Tue Jan 16 09:30:00 2018 +0100
   114.3 @@ -529,20 +529,20 @@
   114.4  proof -
   114.5    have "\<exists>k. range (suffix k x) \<subseteq> limit x"
   114.6    proof -
   114.7 -    \<comment> "The set of letters that are not in the limit is certainly finite."
   114.8 +    \<comment> \<open>The set of letters that are not in the limit is certainly finite.\<close>
   114.9      from fin have "finite (range x - limit x)"
  114.10        by simp
  114.11 -    \<comment> "Moreover, any such letter occurs only finitely often"
  114.12 +    \<comment> \<open>Moreover, any such letter occurs only finitely often\<close>
  114.13      moreover
  114.14      have "\<forall>a \<in> range x - limit x. finite (x -` {a})"
  114.15        by (auto simp add: limit_vimage)
  114.16 -    \<comment> "Thus, there are only finitely many occurrences of such letters."
  114.17 +    \<comment> \<open>Thus, there are only finitely many occurrences of such letters.\<close>
  114.18      ultimately have "finite (UN a : range x - limit x. x -` {a})"
  114.19        by (blast intro: finite_UN_I)
  114.20 -    \<comment> "Therefore these occurrences are within some initial interval."
  114.21 +    \<comment> \<open>Therefore these occurrences are within some initial interval.\<close>
  114.22      then obtain k where "(UN a : range x - limit x. x -` {a}) \<subseteq> {..<k}"
  114.23        by (blast dest: finite_nat_bounded)
  114.24 -    \<comment> "This is just the bound we are looking for."
  114.25 +    \<comment> \<open>This is just the bound we are looking for.\<close>
  114.26      hence "\<forall>m. k \<le> m \<longrightarrow> x m \<in> limit x"
  114.27        by (auto simp add: limit_vimage)
  114.28      hence "range (suffix k x) \<subseteq> limit x"
  114.29 @@ -624,11 +624,11 @@
  114.30      fix a assume a: "a \<in> set w"
  114.31      then obtain k where k: "k < length w \<and> w!k = a"
  114.32        by (auto simp add: set_conv_nth)
  114.33 -    \<comment> "the following bound is terrible, but it simplifies the proof"
  114.34 +    \<comment> \<open>the following bound is terrible, but it simplifies the proof\<close>
  114.35      from nempty k have "\<forall>m. w\<^sup>\<omega> ((Suc m)*(length w) + k) = a"
  114.36        by (simp add: mod_add_left_eq [symmetric])
  114.37      moreover
  114.38 -    \<comment> "why is the following so hard to prove??"
  114.39 +    \<comment> \<open>why is the following so hard to prove??\<close>
  114.40      have "\<forall>m. m < (Suc m)*(length w) + k"
  114.41      proof
  114.42        fix m
  114.43 @@ -672,10 +672,10 @@
  114.44    shows "\<exists>a \<in> (f -` {x}). a \<in> limit w"
  114.45  proof (rule ccontr)
  114.46    assume contra: "\<not> ?thesis"
  114.47 -  \<comment> "hence, every element in the pre-image occurs only finitely often"
  114.48 +  \<comment> \<open>hence, every element in the pre-image occurs only finitely often\<close>
  114.49    then have "\<forall>a \<in> (f -` {x}). finite {n. w n = a}"
  114.50      by (simp add: limit_def Inf_many_def)
  114.51 -  \<comment> "so there are only finitely many occurrences of any such element"
  114.52 +  \<comment> \<open>so there are only finitely many occurrences of any such element\<close>
  114.53    with fin have "finite (\<Union> a \<in> (f -` {x}). {n. w n = a})"
  114.54      by auto
  114.55    \<comment> \<open>these are precisely those positions where $x$ occurs in $f \circ w$\<close>
  114.56 @@ -683,7 +683,7 @@
  114.57    have "(\<Union> a \<in> (f -` {x}). {n. w n = a}) = {n. f(w n) = x}"
  114.58      by auto
  114.59    ultimately
  114.60 -  \<comment> "so $x$ can occur only finitely often in the translated word"
  114.61 +  \<comment> \<open>so $x$ can occur only finitely often in the translated word\<close>
  114.62    have "finite {n. f(w n) = x}"
  114.63      by simp
  114.64    \<comment> \<open>\ldots\ which yields a contradiction\<close>
   115.1 --- a/src/HOL/List.thy	Tue Jan 16 09:12:16 2018 +0100
   115.2 +++ b/src/HOL/List.thy	Tue Jan 16 09:30:00 2018 +0100
   115.3 @@ -1296,7 +1296,7 @@
   115.4  
   115.5  subsubsection \<open>@{const set}\<close>
   115.6  
   115.7 -declare list.set[code_post]  \<comment>"pretty output"
   115.8 +declare list.set[code_post]  \<comment> \<open>pretty output\<close>
   115.9  
  115.10  lemma finite_set [iff]: "finite (set xs)"
  115.11  by (induct xs) auto
   116.1 --- a/src/HOL/Metis_Examples/Message.thy	Tue Jan 16 09:12:16 2018 +0100
   116.2 +++ b/src/HOL/Metis_Examples/Message.thy	Tue Jan 16 09:30:00 2018 +0100
   116.3 @@ -19,8 +19,8 @@
   116.4  type_synonym key = nat
   116.5  
   116.6  consts
   116.7 -  all_symmetric :: bool        \<comment>\<open>true if all keys are symmetric\<close>
   116.8 -  invKey        :: "key=>key"  \<comment>\<open>inverse of a symmetric key\<close>
   116.9 +  all_symmetric :: bool        \<comment> \<open>true if all keys are symmetric\<close>
  116.10 +  invKey        :: "key=>key"  \<comment> \<open>inverse of a symmetric key\<close>
  116.11  
  116.12  specification (invKey)
  116.13    invKey [simp]: "invKey (invKey K) = K"
  116.14 @@ -34,17 +34,17 @@
  116.15  definition symKeys :: "key set" where
  116.16    "symKeys == {K. invKey K = K}"
  116.17  
  116.18 -datatype  \<comment>\<open>We allow any number of friendly agents\<close>
  116.19 +datatype  \<comment> \<open>We allow any number of friendly agents\<close>
  116.20    agent = Server | Friend nat | Spy
  116.21  
  116.22  datatype
  116.23 -     msg = Agent  agent     \<comment>\<open>Agent names\<close>
  116.24 -         | Number nat       \<comment>\<open>Ordinary integers, timestamps, ...\<close>
  116.25 -         | Nonce  nat       \<comment>\<open>Unguessable nonces\<close>
  116.26 -         | Key    key       \<comment>\<open>Crypto keys\<close>
  116.27 -         | Hash   msg       \<comment>\<open>Hashing\<close>
  116.28 -         | MPair  msg msg   \<comment>\<open>Compound messages\<close>
  116.29 -         | Crypt  key msg   \<comment>\<open>Encryption, public- or shared-key\<close>
  116.30 +     msg = Agent  agent     \<comment> \<open>Agent names\<close>
  116.31 +         | Number nat       \<comment> \<open>Ordinary integers, timestamps, ...\<close>
  116.32 +         | Nonce  nat       \<comment> \<open>Unguessable nonces\<close>
  116.33 +         | Key    key       \<comment> \<open>Crypto keys\<close>
  116.34 +         | Hash   msg       \<comment> \<open>Hashing\<close>
  116.35 +         | MPair  msg msg   \<comment> \<open>Compound messages\<close>
  116.36 +         | Crypt  key msg   \<comment> \<open>Encryption, public- or shared-key\<close>
  116.37  
  116.38  
  116.39  text\<open>Concrete syntax: messages appear as \<open>\<lbrace>A,B,NA\<rbrace>\<close>, etc...\<close>
  116.40 @@ -56,11 +56,11 @@
  116.41  
  116.42  
  116.43  definition HPair :: "[msg,msg] => msg" ("(4Hash[_] /_)" [0, 1000]) where
  116.44 -    \<comment>\<open>Message Y paired with a MAC computed with the help of X\<close>
  116.45 +    \<comment> \<open>Message Y paired with a MAC computed with the help of X\<close>
  116.46      "Hash[X] Y == \<lbrace> Hash\<lbrace>X,Y\<rbrace>, Y\<rbrace>"
  116.47  
  116.48  definition keysFor :: "msg set => key set" where
  116.49 -    \<comment>\<open>Keys useful to decrypt elements of a message set\<close>
  116.50 +    \<comment> \<open>Keys useful to decrypt elements of a message set\<close>
  116.51    "keysFor H == invKey ` {K. \<exists>X. Crypt K X \<in> H}"
  116.52  
  116.53  
   117.1 --- a/src/HOL/Metis_Examples/Trans_Closure.thy	Tue Jan 16 09:12:16 2018 +0100
   117.2 +++ b/src/HOL/Metis_Examples/Trans_Closure.thy	Tue Jan 16 09:30:00 2018 +0100
   117.3 @@ -16,11 +16,11 @@
   117.4  type_synonym addr = nat
   117.5  
   117.6  datatype val
   117.7 -  = Unit        \<comment> "dummy result value of void expressions"
   117.8 -  | Null        \<comment> "null reference"
   117.9 -  | Bool bool   \<comment> "Boolean value"
  117.10 -  | Intg int    \<comment> "integer value"
  117.11 -  | Addr addr   \<comment> "addresses of objects in the heap"
  117.12 +  = Unit        \<comment> \<open>dummy result value of void expressions\<close>
  117.13 +  | Null        \<comment> \<open>null reference\<close>
  117.14 +  | Bool bool   \<comment> \<open>Boolean value\<close>
  117.15 +  | Intg int    \<comment> \<open>integer value\<close>
  117.16 +  | Addr addr   \<comment> \<open>addresses of objects in the heap\<close>
  117.17  
  117.18  consts R :: "(addr \<times> addr) set"
  117.19  
   118.1 --- a/src/HOL/MicroJava/BV/BVSpec.thy	Tue Jan 16 09:12:16 2018 +0100
   118.2 +++ b/src/HOL/MicroJava/BV/BVSpec.thy	Tue Jan 16 09:30:00 2018 +0100
   118.3 @@ -16,20 +16,20 @@
   118.4  \<close>
   118.5  
   118.6  definition
   118.7 -  \<comment> "The program counter will always be inside the method:"
   118.8 +  \<comment> \<open>The program counter will always be inside the method:\<close>
   118.9    check_bounded :: "instr list \<Rightarrow> exception_table \<Rightarrow> bool" where
  118.10    "check_bounded ins et \<longleftrightarrow>
  118.11    (\<forall>pc < length ins. \<forall>pc' \<in> set (succs (ins!pc) pc). pc' < length ins) \<and>
  118.12                       (\<forall>e \<in> set et. fst (snd (snd e)) < length ins)"
  118.13  
  118.14  definition
  118.15 -  \<comment> "The method type only contains declared classes:"
  118.16 +  \<comment> \<open>The method type only contains declared classes:\<close>
  118.17    check_types :: "jvm_prog \<Rightarrow> nat \<Rightarrow> nat \<Rightarrow> JVMType.state list \<Rightarrow> bool" where
  118.18    "check_types G mxs mxr phi \<longleftrightarrow> set phi \<subseteq> states G mxs mxr"
  118.19  
  118.20  definition
  118.21 -  \<comment> "An instruction is welltyped if it is applicable and its effect"
  118.22 -  \<comment> "is compatible with the type at all successor instructions:"
  118.23 +  \<comment> \<open>An instruction is welltyped if it is applicable and its effect\<close>
  118.24 +  \<comment> \<open>is compatible with the type at all successor instructions:\<close>
  118.25    wt_instr :: "[instr,jvm_prog,ty,method_type,nat,p_count,
  118.26                  exception_table,p_count] \<Rightarrow> bool" where
  118.27    "wt_instr i G rT phi mxs max_pc et pc \<longleftrightarrow>
  118.28 @@ -43,10 +43,10 @@
  118.29    G \<turnstile> Some ([],(OK (Class C))#((map OK pTs))@(replicate mxl Err)) <=' phi!0"
  118.30  
  118.31  definition
  118.32 -  \<comment> "A method is welltyped if the body is not empty, if execution does not"
  118.33 -  \<comment> "leave the body, if the method type covers all instructions and mentions"
  118.34 -  \<comment> "declared classes only, if the method calling convention is respected, and"
  118.35 -  \<comment> "if all instructions are welltyped."
  118.36 +  \<comment> \<open>A method is welltyped if the body is not empty, if execution does not\<close>
  118.37 +  \<comment> \<open>leave the body, if the method type covers all instructions and mentions\<close>
  118.38 +  \<comment> \<open>declared classes only, if the method calling convention is respected, and\<close>
  118.39 +  \<comment> \<open>if all instructions are welltyped.\<close>
  118.40    wt_method :: "[jvm_prog,cname,ty list,ty,nat,nat,instr list,
  118.41                   exception_table,method_type] \<Rightarrow> bool" where
  118.42    "wt_method G C pTs rT mxs mxl ins et phi \<longleftrightarrow>
  118.43 @@ -59,7 +59,7 @@
  118.44    (\<forall>pc. pc<max_pc \<longrightarrow> wt_instr (ins!pc) G rT phi mxs max_pc et pc))"
  118.45  
  118.46  definition
  118.47 -  \<comment> "A program is welltyped if it is wellformed and all methods are welltyped"
  118.48 +  \<comment> \<open>A program is welltyped if it is wellformed and all methods are welltyped\<close>
  118.49    wt_jvm_prog :: "[jvm_prog,prog_type] \<Rightarrow> bool" where
  118.50    "wt_jvm_prog G phi \<longleftrightarrow>
  118.51    wf_prog (\<lambda>G C (sig,rT,(maxs,maxl,b,et)).
   119.1 --- a/src/HOL/MicroJava/BV/BVSpecTypeSafe.thy	Tue Jan 16 09:12:16 2018 +0100
   119.2 +++ b/src/HOL/MicroJava/BV/BVSpecTypeSafe.thy	Tue Jan 16 09:30:00 2018 +0100
   119.3 @@ -136,23 +136,23 @@
   119.4    \<Longrightarrow> G,phi \<turnstile>JVM (find_handler G (Some xcp) hp frs)\<surd>" 
   119.5    (is "\<And>f. \<lbrakk> ?wt; ?adr; ?hp; ?correct (None, hp, f#frs) \<rbrakk> \<Longrightarrow> ?correct (?find frs)")
   119.6  proof (induct frs) 
   119.7 -  \<comment> "the base case is trivial, as it should be"
   119.8 +  \<comment> \<open>the base case is trivial, as it should be\<close>
   119.9    show "?correct (?find [])" by (simp add: correct_state_def)
  119.10  
  119.11 -  \<comment> "we will need both forms \<open>wt_jvm_prog\<close> and \<open>wf_prog\<close> later"
  119.12 +  \<comment> \<open>we will need both forms \<open>wt_jvm_prog\<close> and \<open>wf_prog\<close> later\<close>
  119.13    assume wt: ?wt 
  119.14    then obtain mb where wf: "wf_prog mb G" by (simp add: wt_jvm_prog_def)
  119.15  
  119.16 -  \<comment> "these two don't change in the induction:"
  119.17 +  \<comment> \<open>these two don't change in the induction:\<close>
  119.18    assume adr: ?adr
  119.19    assume hp: ?hp
  119.20    
  119.21 -  \<comment> "the assumption for the cons case:"
  119.22 +  \<comment> \<open>the assumption for the cons case:\<close>
  119.23    fix f f' frs' 
  119.24    assume cr: "?correct (None, hp, f#f'#frs')" 
  119.25  
  119.26 -  \<comment> "the induction hypothesis as produced by Isabelle, immediatly simplified
  119.27 -    with the fixed assumptions above"
  119.28 +  \<comment> \<open>the induction hypothesis as produced by Isabelle, immediatly simplified
  119.29 +    with the fixed assumptions above\<close>
  119.30    assume "\<And>f. \<lbrakk> ?wt; ?adr; ?hp; ?correct (None, hp, f#frs') \<rbrakk> \<Longrightarrow> ?correct (?find frs')"  
  119.31    with wt adr hp 
  119.32    have IH: "\<And>f. ?correct (None, hp, f#frs') \<Longrightarrow> ?correct (?find frs')" by blast
  119.33 @@ -355,7 +355,7 @@
  119.34        phi_pc': "phi C sig ! handler = Some (ST', LT')" and
  119.35        frame': "correct_frame G hp (ST',LT') maxl ins ?f'" 
  119.36      proof (cases "ins!pc")
  119.37 -      case Return \<comment> "can't generate exceptions:"
  119.38 +      case Return \<comment> \<open>can't generate exceptions:\<close>
  119.39        with xp' have False by (simp add: split_beta split: if_split_asm)
  119.40        thus ?thesis ..
  119.41      next
  119.42 @@ -570,7 +570,7 @@
  119.43        }
  119.44        ultimately
  119.45        show ?thesis by (rule that)
  119.46 -    qed (use xp' in auto) \<comment> "the other instructions don't generate exceptions"
  119.47 +    qed (use xp' in auto) \<comment> \<open>the other instructions don't generate exceptions\<close>
  119.48  
  119.49      from state' meth hp_ok "class" frames phi_pc' frame' prehp
  119.50      have ?thesis by (unfold correct_state_def) simp
   120.1 --- a/src/HOL/MicroJava/BV/Effect.thy	Tue Jan 16 09:12:16 2018 +0100
   120.2 +++ b/src/HOL/MicroJava/BV/Effect.thy	Tue Jan 16 09:30:00 2018 +0100
   120.3 @@ -52,9 +52,9 @@
   120.4                                           = (PrimT Integer#ST,LT)" |
   120.5  "eff' (Ifcmpeq b, G, (ts1#ts2#ST,LT))   = (ST,LT)" |
   120.6  "eff' (Goto b, G, s)                    = s" |
   120.7 -  \<comment> "Return has no successor instruction in the same method"
   120.8 +  \<comment> \<open>Return has no successor instruction in the same method\<close>
   120.9  "eff' (Return, G, s)                    = s" |
  120.10 -  \<comment> "Throw always terminates abruptly"
  120.11 +  \<comment> \<open>Throw always terminates abruptly\<close>
  120.12  "eff' (Throw, G, s)                     = s" |
  120.13  "eff' (Invoke C mn fpTs, G, (ST,LT))    = (let ST' = drop (length fpTs) ST 
  120.14    in  (fst (snd (the (method (G,C) (mn,fpTs))))#(tl ST'),LT))" 
   121.1 --- a/src/HOL/MicroJava/BV/JVMType.thy	Tue Jan 16 09:12:16 2018 +0100
   121.2 +++ b/src/HOL/MicroJava/BV/JVMType.thy	Tue Jan 16 09:30:00 2018 +0100
   121.3 @@ -12,8 +12,8 @@
   121.4  type_synonym locvars_type = "ty err list"
   121.5  type_synonym opstack_type = "ty list"
   121.6  type_synonym state_type = "opstack_type \<times> locvars_type"
   121.7 -type_synonym state = "state_type option err"    \<comment> "for Kildall"
   121.8 -type_synonym method_type = "state_type option list"   \<comment> "for BVSpec"
   121.9 +type_synonym state = "state_type option err"    \<comment> \<open>for Kildall\<close>
  121.10 +type_synonym method_type = "state_type option list"   \<comment> \<open>for BVSpec\<close>
  121.11  type_synonym class_type = "sig \<Rightarrow> method_type"
  121.12  type_synonym prog_type = "cname \<Rightarrow> class_type"
  121.13  
   122.1 --- a/src/HOL/MicroJava/Comp/CorrCompTp.thy	Tue Jan 16 09:12:16 2018 +0100
   122.2 +++ b/src/HOL/MicroJava/Comp/CorrCompTp.thy	Tue Jan 16 09:30:00 2018 +0100
   122.3 @@ -1269,7 +1269,7 @@
   122.4    apply (intro strip)
   122.5    apply (rule conjI)
   122.6  
   122.7 -   \<comment> "app"
   122.8 +   \<comment> \<open>app\<close>
   122.9     apply (rule Call_app [THEN app_mono_mxs])
  122.10         apply assumption+
  122.11       apply (rule HOL.refl)
  122.12 @@ -1281,7 +1281,7 @@
  122.13    apply (simp add: wf_prog_ws_prog [THEN comp_method])
  122.14    apply (simp add: max_spec_preserves_length [symmetric])
  122.15  
  122.16 -  \<comment> "\<open>check_type\<close>"
  122.17 +  \<comment> \<open>\<open>check_type\<close>\<close>
  122.18    apply (simp add: max_ssize_def ssize_sto_def)
  122.19    apply (simp add: max_of_list_def)
  122.20    apply (subgoal_tac "(max (length pTsa + length ST) (length ST)) = (length pTsa + length ST)")
   123.1 --- a/src/HOL/MicroJava/Comp/LemmasComp.thy	Tue Jan 16 09:12:16 2018 +0100
   123.2 +++ b/src/HOL/MicroJava/Comp/LemmasComp.thy	Tue Jan 16 09:30:00 2018 +0100
   123.3 @@ -349,7 +349,7 @@
   123.4          apply (simp add: map_of_map2)
   123.5          apply (simp (no_asm_simp) add: compMethod_def split_beta)
   123.6  
   123.7 -       \<comment> "remaining subgoals"
   123.8 +       \<comment> \<open>remaining subgoals\<close>
   123.9         apply (auto intro: inv_f_eq simp add: inj_on_def is_class_def)
  123.10    done
  123.11  
   124.1 --- a/src/HOL/MicroJava/DFA/Kildall.thy	Tue Jan 16 09:12:16 2018 +0100
   124.2 +++ b/src/HOL/MicroJava/DFA/Kildall.thy	Tue Jan 16 09:30:00 2018 +0100
   124.3 @@ -348,10 +348,10 @@
   124.4   r = "{(ss',ss) . ss <[r] ss'} <*lex*> finite_psubset"
   124.5         in while_rule)
   124.6  
   124.7 -\<comment> "Invariant holds initially:"
   124.8 +\<comment> \<open>Invariant holds initially:\<close>
   124.9  apply (simp add:stables_def)
  124.10  
  124.11 -\<comment> "Invariant is preserved:"
  124.12 +\<comment> \<open>Invariant is preserved:\<close>
  124.13  apply(simp add: stables_def split_paired_all)
  124.14  apply(rename_tac ss w)
  124.15  apply(subgoal_tac "(SOME p. p \<in> w) \<in> w")
  124.16 @@ -393,16 +393,16 @@
  124.17  apply (blast dest!: boundedD)
  124.18  
  124.19  
  124.20 -\<comment> "Postcondition holds upon termination:"
  124.21 +\<comment> \<open>Postcondition holds upon termination:\<close>
  124.22  apply(clarsimp simp add: stables_def split_paired_all)
  124.23  
  124.24 -\<comment> "Well-foundedness of the termination relation:"
  124.25 +\<comment> \<open>Well-foundedness of the termination relation:\<close>
  124.26  apply (rule wf_lex_prod)
  124.27   apply (insert orderI [THEN acc_le_listI])
  124.28   apply (simp add: acc_def lesssub_def wfP_wf_eq [symmetric])
  124.29  apply (rule wf_finite_psubset) 
  124.30  
  124.31 -\<comment> "Loop decreases along termination relation:"
  124.32 +\<comment> \<open>Loop decreases along termination relation:\<close>
  124.33  apply(simp add: stables_def split_paired_all)
  124.34  apply(rename_tac ss w)
  124.35  apply(subgoal_tac "(SOME p. p \<in> w) \<in> w")
   125.1 --- a/src/HOL/MicroJava/J/Conform.thy	Tue Jan 16 09:12:16 2018 +0100
   125.2 +++ b/src/HOL/MicroJava/J/Conform.thy	Tue Jan 16 09:30:00 2018 +0100
   125.3 @@ -7,7 +7,7 @@
   125.4  
   125.5  theory Conform imports State WellType Exceptions begin
   125.6  
   125.7 -type_synonym 'c env' = "'c prog \<times> (vname \<rightharpoonup> ty)"  \<comment> "same as \<open>env\<close> of \<open>WellType.thy\<close>"
   125.8 +type_synonym 'c env' = "'c prog \<times> (vname \<rightharpoonup> ty)"  \<comment> \<open>same as \<open>env\<close> of \<open>WellType.thy\<close>\<close>
   125.9  
  125.10  definition hext :: "aheap => aheap => bool" ("_ \<le>| _" [51,51] 50) where
  125.11   "h\<le>|h' == \<forall>a C fs. h a = Some(C,fs) --> (\<exists>fs'. h' a = Some(C,fs'))"
   126.1 --- a/src/HOL/MicroJava/J/Decl.thy	Tue Jan 16 09:12:16 2018 +0100
   126.2 +++ b/src/HOL/MicroJava/J/Decl.thy	Tue Jan 16 09:30:00 2018 +0100
   126.3 @@ -8,23 +8,23 @@
   126.4  theory Decl imports Type begin
   126.5  
   126.6  type_synonym 
   126.7 -  fdecl    = "vname \<times> ty"        \<comment> "field declaration, cf. 8.3 (, 9.3)"
   126.8 +  fdecl    = "vname \<times> ty"        \<comment> \<open>field declaration, cf. 8.3 (, 9.3)\<close>
   126.9  
  126.10  type_synonym
  126.11 -  sig      = "mname \<times> ty list"   \<comment> "signature of a method, cf. 8.4.2"
  126.12 +  sig      = "mname \<times> ty list"   \<comment> \<open>signature of a method, cf. 8.4.2\<close>
  126.13  
  126.14  type_synonym
  126.15 -  'c mdecl = "sig \<times> ty \<times> 'c"     \<comment> "method declaration in a class"
  126.16 +  'c mdecl = "sig \<times> ty \<times> 'c"     \<comment> \<open>method declaration in a class\<close>
  126.17  
  126.18  type_synonym
  126.19    'c "class" = "cname \<times> fdecl list \<times> 'c mdecl list" 
  126.20 -  \<comment> "class = superclass, fields, methods"
  126.21 +  \<comment> \<open>class = superclass, fields, methods\<close>
  126.22  
  126.23  type_synonym
  126.24 -  'c cdecl = "cname \<times> 'c class"  \<comment> "class declaration, cf. 8.1"
  126.25 +  'c cdecl = "cname \<times> 'c class"  \<comment> \<open>class declaration, cf. 8.1\<close>
  126.26  
  126.27  type_synonym
  126.28 -  'c prog  = "'c cdecl list"     \<comment> "program"
  126.29 +  'c prog  = "'c cdecl list"     \<comment> \<open>program\<close>
  126.30  
  126.31  
  126.32  translations
   127.1 --- a/src/HOL/MicroJava/J/Eval.thy	Tue Jan 16 09:12:16 2018 +0100
   127.2 +++ b/src/HOL/MicroJava/J/Eval.thy	Tue Jan 16 09:30:00 2018 +0100
   127.3 @@ -8,7 +8,7 @@
   127.4  theory Eval imports State WellType begin
   127.5  
   127.6  
   127.7 -  \<comment> "Auxiliary notions"
   127.8 +  \<comment> \<open>Auxiliary notions\<close>
   127.9  
  127.10  definition fits :: "java_mb prog \<Rightarrow> state \<Rightarrow> val \<Rightarrow> ty \<Rightarrow> bool" ("_,_\<turnstile>_ fits _"[61,61,61,61]60) where
  127.11   "G,s\<turnstile>a' fits T  \<equiv> case T of PrimT T' \<Rightarrow> False | RefT T' \<Rightarrow> a'=Null \<or> G\<turnstile>obj_ty(lookup_obj s a')\<preceq>T"
  127.12 @@ -23,7 +23,7 @@
  127.13   "new_xcpt_var vn \<equiv>  \<lambda>(x,s). Norm (lupd(vn\<mapsto>the x) s)"
  127.14  
  127.15  
  127.16 -  \<comment> "Evaluation relations"
  127.17 +  \<comment> \<open>Evaluation relations\<close>
  127.18  
  127.19  inductive
  127.20    eval :: "[java_mb prog,xstate,expr,val,xstate] => bool "
  127.21 @@ -36,21 +36,21 @@
  127.22    for G :: "java_mb prog"
  127.23  where
  127.24  
  127.25 -  \<comment> "evaluation of expressions"
  127.26 +  \<comment> \<open>evaluation of expressions\<close>
  127.27  
  127.28 -  XcptE:"G\<turnstile>(Some xc,s) -e\<succ>undefined-> (Some xc,s)"  \<comment> "cf. 15.5"
  127.29 +  XcptE:"G\<turnstile>(Some xc,s) -e\<succ>undefined-> (Some xc,s)"  \<comment> \<open>cf. 15.5\<close>
  127.30  
  127.31 -  \<comment> "cf. 15.8.1"
  127.32 +  \<comment> \<open>cf. 15.8.1\<close>
  127.33  | NewC: "[| h = heap s; (a,x) = new_Addr h;
  127.34              h'= h(a\<mapsto>(C,init_vars (fields (G,C)))) |] ==>
  127.35           G\<turnstile>Norm s -NewC C\<succ>Addr a-> c_hupd h' (x,s)"
  127.36  
  127.37 -  \<comment> "cf. 15.15"
  127.38 +  \<comment> \<open>cf. 15.15\<close>
  127.39  | Cast: "[| G\<turnstile>Norm s0 -e\<succ>v-> (x1,s1);
  127.40              x2 = raise_if (\<not> cast_ok G C (heap s1) v) ClassCast x1 |] ==>
  127.41           G\<turnstile>Norm s0 -Cast C e\<succ>v-> (x2,s1)"
  127.42  
  127.43 -  \<comment> "cf. 15.7.1"
  127.44 +  \<comment> \<open>cf. 15.7.1\<close>
  127.45  | Lit:  "G\<turnstile>Norm s -Lit v\<succ>v-> Norm s"
  127.46  
  127.47  | BinOp:"[| G\<turnstile>Norm s -e1\<succ>v1-> s1;
  127.48 @@ -59,27 +59,27 @@
  127.49                             | Add => Intg (the_Intg v1 + the_Intg v2)) |] ==>
  127.50           G\<turnstile>Norm s -BinOp bop e1 e2\<succ>v-> s2"
  127.51  
  127.52 -  \<comment> "cf. 15.13.1, 15.2"
  127.53 +  \<comment> \<open>cf. 15.13.1, 15.2\<close>
  127.54  | LAcc: "G\<turnstile>Norm s -LAcc v\<succ>the (locals s v)-> Norm s"
  127.55  
  127.56 -  \<comment> "cf. 15.25.1"
  127.57 +  \<comment> \<open>cf. 15.25.1\<close>
  127.58  | LAss: "[| G\<turnstile>Norm s -e\<succ>v-> (x,(h,l));
  127.59              l' = (if x = None then l(va\<mapsto>v) else l) |] ==>
  127.60           G\<turnstile>Norm s -va::=e\<succ>v-> (x,(h,l'))"
  127.61  
  127.62 -  \<comment> "cf. 15.10.1, 15.2"
  127.63 +  \<comment> \<open>cf. 15.10.1, 15.2\<close>
  127.64  | FAcc: "[| G\<turnstile>Norm s0 -e\<succ>a'-> (x1,s1); 
  127.65              v = the (snd (the (heap s1 (the_Addr a'))) (fn,T)) |] ==>
  127.66           G\<turnstile>Norm s0 -{T}e..fn\<succ>v-> (np a' x1,s1)"
  127.67  
  127.68 -  \<comment> "cf. 15.25.1"
  127.69 +  \<comment> \<open>cf. 15.25.1\<close>
  127.70  | FAss: "[| G\<turnstile>     Norm s0  -e1\<succ>a'-> (x1,s1); a = the_Addr a';
  127.71              G\<turnstile>(np a' x1,s1) -e2\<succ>v -> (x2,s2);
  127.72              h  = heap s2; (c,fs) = the (h a);
  127.73              h' = h(a\<mapsto>(c,(fs((fn,T)\<mapsto>v)))) |] ==>
  127.74           G\<turnstile>Norm s0 -{T}e1..fn:=e2\<succ>v-> c_hupd h' (x2,s2)"
  127.75  
  127.76 -  \<comment> "cf. 15.11.4.1, 15.11.4.2, 15.11.4.4, 15.11.4.5, 14.15"
  127.77 +  \<comment> \<open>cf. 15.11.4.1, 15.11.4.2, 15.11.4.4, 15.11.4.5, 14.15\<close>
  127.78  | Call: "[| G\<turnstile>Norm s0 -e\<succ>a'-> s1; a = the_Addr a';
  127.79              G\<turnstile>s1 -ps[\<succ>]pvs-> (x,(h,l)); dynT = fst (the (h a));
  127.80              (md,rT,pns,lvars,blk,res) = the (method (G,dynT) (mn,pTs));
  127.81 @@ -88,43 +88,43 @@
  127.82           G\<turnstile>Norm s0 -{C}e..mn({pTs}ps)\<succ>v-> (x4,(heap s4,l))"
  127.83  
  127.84  
  127.85 -  \<comment> "evaluation of expression lists"
  127.86 +  \<comment> \<open>evaluation of expression lists\<close>
  127.87  
  127.88 -  \<comment> "cf. 15.5"
  127.89 +  \<comment> \<open>cf. 15.5\<close>
  127.90  | XcptEs:"G\<turnstile>(Some xc,s) -e[\<succ>]undefined-> (Some xc,s)"
  127.91  
  127.92 -  \<comment> "cf. 15.11.???"
  127.93 +  \<comment> \<open>cf. 15.11.???\<close>
  127.94  | Nil:  "G\<turnstile>Norm s0 -[][\<succ>][]-> Norm s0"
  127.95  
  127.96 -  \<comment> "cf. 15.6.4"
  127.97 +  \<comment> \<open>cf. 15.6.4\<close>
  127.98  | Cons: "[| G\<turnstile>Norm s0 -e  \<succ> v -> s1;
  127.99              G\<turnstile>     s1 -es[\<succ>]vs-> s2 |] ==>
 127.100           G\<turnstile>Norm s0 -e#es[\<succ>]v#vs-> s2"
 127.101  
 127.102  
 127.103 -  \<comment> "execution of statements"
 127.104 +  \<comment> \<open>execution of statements\<close>
 127.105  
 127.106 -  \<comment> "cf. 14.1"
 127.107 +  \<comment> \<open>cf. 14.1\<close>
 127.108  | XcptS:"G\<turnstile>(Some xc,s) -c-> (Some xc,s)"
 127.109  
 127.110 -  \<comment> "cf. 14.5"
 127.111 +  \<comment> \<open>cf. 14.5\<close>
 127.112  | Skip: "G\<turnstile>Norm s -Skip-> Norm s"
 127.113  
 127.114 -  \<comment> "cf. 14.7"
 127.115 +  \<comment> \<open>cf. 14.7\<close>
 127.116  | Expr: "[| G\<turnstile>Norm s0 -e\<succ>v-> s1 |] ==>
 127.117           G\<turnstile>Norm s0 -Expr e-> s1"
 127.118  
 127.119 -  \<comment> "cf. 14.2"
 127.120 +  \<comment> \<open>cf. 14.2\<close>
 127.121  | Comp: "[| G\<turnstile>Norm s0 -c1-> s1;
 127.122              G\<turnstile>     s1 -c2-> s2|] ==>
 127.123           G\<turnstile>Norm s0 -c1;; c2-> s2"
 127.124  
 127.125 -  \<comment> "cf. 14.8.2"
 127.126 +  \<comment> \<open>cf. 14.8.2\<close>
 127.127  | Cond: "[| G\<turnstile>Norm s0  -e\<succ>v-> s1;
 127.128              G\<turnstile> s1 -(if the_Bool v then c1 else c2)-> s2|] ==>
 127.129           G\<turnstile>Norm s0 -If(e) c1 Else c2-> s2"
 127.130  
 127.131 -  \<comment> "cf. 14.10, 14.10.1"
 127.132 +  \<comment> \<open>cf. 14.10, 14.10.1\<close>
 127.133  | LoopF:"[| G\<turnstile>Norm s0 -e\<succ>v-> s1; \<not>the_Bool v |] ==>
 127.134           G\<turnstile>Norm s0 -While(e) c-> s1"
 127.135  | LoopT:"[| G\<turnstile>Norm s0 -e\<succ>v-> s1;  the_Bool v;
   128.1 --- a/src/HOL/MicroJava/J/Example.thy	Tue Jan 16 09:12:16 2018 +0100
   128.2 +++ b/src/HOL/MicroJava/J/Example.thy	Tue Jan 16 09:30:00 2018 +0100
   128.3 @@ -135,7 +135,7 @@
   128.4  lemma map_of_Cons2 [simp]: "aa\<noteq>k ==> map_of ((k,bb)#ps) aa = map_of ps aa"
   128.5  apply (simp (no_asm_simp))
   128.6  done
   128.7 -declare map_of_Cons [simp del] \<comment> "sic!"
   128.8 +declare map_of_Cons [simp del] \<comment> \<open>sic!\<close>
   128.9  
  128.10  lemma class_tprg_Object [simp]: "class tprg Object = Some (undefined, [], [])"
  128.11  apply (unfold ObjectC_def class_def)
  128.12 @@ -377,25 +377,25 @@
  128.13  lemmas t = ty_expr_ty_exprs_wt_stmt.intros
  128.14  schematic_goal wt_test: "(tprg, empty(e\<mapsto>Class Base))\<turnstile>  
  128.15    Expr(e::=NewC Ext);; Expr({Base}LAcc e..foo({?pTs'}[Lit Null]))\<surd>"
  128.16 -apply (rule ty_expr_ty_exprs_wt_stmt.intros) \<comment> ";;"
  128.17 -apply  (rule t) \<comment> "Expr"
  128.18 -apply  (rule t) \<comment> "LAss"
  128.19 +apply (rule ty_expr_ty_exprs_wt_stmt.intros) \<comment> \<open>;;\<close>
  128.20 +apply  (rule t) \<comment> \<open>Expr\<close>
  128.21 +apply  (rule t) \<comment> \<open>LAss\<close>
  128.22  apply    simp \<comment> \<open>\<open>e \<noteq> This\<close>\<close>
  128.23 -apply    (rule t) \<comment> "LAcc"
  128.24 +apply    (rule t) \<comment> \<open>LAcc\<close>
  128.25  apply     (simp (no_asm))
  128.26  apply    (simp (no_asm))
  128.27 -apply   (rule t) \<comment> "NewC"
  128.28 +apply   (rule t) \<comment> \<open>NewC\<close>
  128.29  apply   (simp (no_asm))
  128.30  apply  (simp (no_asm))
  128.31 -apply (rule t) \<comment> "Expr"
  128.32 -apply (rule t) \<comment> "Call"
  128.33 -apply   (rule t) \<comment> "LAcc"
  128.34 +apply (rule t) \<comment> \<open>Expr\<close>
  128.35 +apply (rule t) \<comment> \<open>Call\<close>
  128.36 +apply   (rule t) \<comment> \<open>LAcc\<close>
  128.37  apply    (simp (no_asm))
  128.38  apply   (simp (no_asm))
  128.39 -apply  (rule t) \<comment> "Cons"
  128.40 -apply   (rule t) \<comment> "Lit"
  128.41 +apply  (rule t) \<comment> \<open>Cons\<close>
  128.42 +apply   (rule t) \<comment> \<open>Lit\<close>
  128.43  apply   (simp (no_asm))
  128.44 -apply  (rule t) \<comment> "Nil"
  128.45 +apply  (rule t) \<comment> \<open>Nil\<close>
  128.46  apply (simp (no_asm))
  128.47  apply (rule max_spec_foo_Base)
  128.48  done
  128.49 @@ -408,38 +408,38 @@
  128.50  " [|new_Addr (heap (snd s0)) = (a, None)|] ==>  
  128.51    tprg\<turnstile>s0 -test-> ?s"
  128.52  apply (unfold test_def)
  128.53 -\<comment> "?s = s3 "
  128.54 -apply (rule e) \<comment> ";;"
  128.55 -apply  (rule e) \<comment> "Expr"
  128.56 -apply  (rule e) \<comment> "LAss"
  128.57 -apply   (rule e) \<comment> "NewC"
  128.58 +\<comment> \<open>?s = s3\<close>
  128.59 +apply (rule e) \<comment> \<open>;;\<close>
  128.60 +apply  (rule e) \<comment> \<open>Expr\<close>
  128.61 +apply  (rule e) \<comment> \<open>LAss\<close>
  128.62 +apply   (rule e) \<comment> \<open>NewC\<close>
  128.63  apply    force
  128.64  apply   force
  128.65  apply  (simp (no_asm))
  128.66  apply (erule thin_rl)
  128.67 -apply (rule e) \<comment> "Expr"
  128.68 -apply (rule e) \<comment> "Call"
  128.69 -apply       (rule e) \<comment> "LAcc"
  128.70 +apply (rule e) \<comment> \<open>Expr\<close>
  128.71 +apply (rule e) \<comment> \<open>Call\<close>
  128.72 +apply       (rule e) \<comment> \<open>LAcc\<close>
  128.73  apply      force
  128.74 -apply     (rule e) \<comment> "Cons"
  128.75 -apply      (rule e) \<comment> "Lit"
  128.76 -apply     (rule e) \<comment> "Nil"
  128.77 +apply     (rule e) \<comment> \<open>Cons\<close>
  128.78 +apply      (rule e) \<comment> \<open>Lit\<close>
  128.79 +apply     (rule e) \<comment> \<open>Nil\<close>
  128.80  apply    (simp (no_asm))
  128.81  apply   (force simp add: foo_Ext_def)
  128.82  apply  (simp (no_asm))
  128.83 -apply  (rule e) \<comment> "Expr"
  128.84 -apply  (rule e) \<comment> "FAss"
  128.85 -apply       (rule e) \<comment> "Cast"
  128.86 -apply        (rule e) \<comment> "LAcc"
  128.87 +apply  (rule e) \<comment> \<open>Expr\<close>
  128.88 +apply  (rule e) \<comment> \<open>FAss\<close>
  128.89 +apply       (rule e) \<comment> \<open>Cast\<close>
  128.90 +apply        (rule e) \<comment> \<open>LAcc\<close>
  128.91  apply       (simp (no_asm))
  128.92  apply      (simp (no_asm))
  128.93  apply     (simp (no_asm))
  128.94 -apply     (rule e) \<comment> "XcptE"
  128.95 +apply     (rule e) \<comment> \<open>XcptE\<close>
  128.96  apply    (simp (no_asm))
  128.97  apply   (rule surjective_pairing [symmetric, THEN[2]trans], subst prod.inject, force)
  128.98  apply  (simp (no_asm))
  128.99  apply (simp (no_asm))
 128.100 -apply (rule e) \<comment> "XcptE"
 128.101 +apply (rule e) \<comment> \<open>XcptE\<close>
 128.102  done
 128.103  
 128.104  end
   129.1 --- a/src/HOL/MicroJava/J/JTypeSafe.thy	Tue Jan 16 09:12:16 2018 +0100
   129.2 +++ b/src/HOL/MicroJava/J/JTypeSafe.thy	Tue Jan 16 09:30:00 2018 +0100
   129.3 @@ -198,15 +198,15 @@
   129.4  apply( rule eval_evals_exec_induct)
   129.5  apply( unfold c_hupd_def)
   129.6  
   129.7 -\<comment> "several simplifications, XcptE, XcptEs, XcptS, Skip, Nil??"
   129.8 +\<comment> \<open>several simplifications, XcptE, XcptEs, XcptS, Skip, Nil??\<close>
   129.9  apply( simp_all)
  129.10  apply( tactic "ALLGOALS (REPEAT o resolve_tac @{context} [impI, allI])")
  129.11  apply( tactic \<open>ALLGOALS (eresolve_tac @{context} [@{thm ty_expr.cases}, @{thm ty_exprs.cases}, @{thm wt_stmt.cases}]
  129.12    THEN_ALL_NEW (full_simp_tac (put_simpset (simpset_of @{theory_context Conform}) @{context})))\<close>)
  129.13  apply(tactic "ALLGOALS (EVERY' [REPEAT o (eresolve_tac @{context} [conjE]), REPEAT o hyp_subst_tac @{context}])")
  129.14  
  129.15 -\<comment> "Level 7"
  129.16 -\<comment> "15 NewC"
  129.17 +\<comment> \<open>Level 7\<close>
  129.18 +\<comment> \<open>15 NewC\<close>
  129.19  apply (drule sym)
  129.20  apply( drule new_AddrD)
  129.21  apply( erule disjE)
  129.22 @@ -221,13 +221,13 @@
  129.23  apply(  rule_tac [2] rtrancl.rtrancl_refl)
  129.24  apply( simp (no_asm))
  129.25  
  129.26 -\<comment> "for Cast"
  129.27 +\<comment> \<open>for Cast\<close>
  129.28  defer 1
  129.29  
  129.30 -\<comment> "14 Lit"
  129.31 +\<comment> \<open>14 Lit\<close>
  129.32  apply( erule conf_litval)
  129.33  
  129.34 -\<comment> "13 BinOp"
  129.35 +\<comment> \<open>13 BinOp\<close>
  129.36  apply (tactic "forward_hyp_tac @{context}")
  129.37  apply (tactic "forward_hyp_tac @{context}")
  129.38  apply( rule conjI, erule (1) hext_trans)
  129.39 @@ -236,34 +236,34 @@
  129.40  apply( drule eval_no_xcpt)
  129.41  apply( simp split: binop.split)
  129.42  
  129.43 -\<comment> "12 LAcc"
  129.44 +\<comment> \<open>12 LAcc\<close>
  129.45  apply simp
  129.46  apply( fast elim: conforms_localD [THEN lconfD])
  129.47  
  129.48 -\<comment> "for FAss"
  129.49 +\<comment> \<open>for FAss\<close>
  129.50  apply( tactic \<open>EVERY'[eresolve_tac @{context} [@{thm ty_expr.cases}, @{thm ty_exprs.cases}, @{thm wt_stmt.cases}] 
  129.51         THEN_ALL_NEW (full_simp_tac @{context}), REPEAT o (eresolve_tac @{context} [conjE]), hyp_subst_tac @{context}] 3\<close>)
  129.52  
  129.53 -\<comment> "for if"
  129.54 +\<comment> \<open>for if\<close>
  129.55  apply( tactic \<open>(Induct_Tacs.case_tac @{context} "the_Bool v" [] NONE THEN_ALL_NEW
  129.56    (asm_full_simp_tac @{context})) 7\<close>)
  129.57  
  129.58  apply (tactic "forward_hyp_tac @{context}")
  129.59  
  129.60 -\<comment> "11+1 if"
  129.61 +\<comment> \<open>11+1 if\<close>
  129.62  prefer 7
  129.63  apply(  fast intro: hext_trans)
  129.64  prefer 7
  129.65  apply(  fast intro: hext_trans)
  129.66  
  129.67 -\<comment> "10 Expr"
  129.68 +\<comment> \<open>10 Expr\<close>
  129.69  prefer 6
  129.70  apply( fast)
  129.71  
  129.72 -\<comment> "9 ???"
  129.73 +\<comment> \<open>9 ???\<close>
  129.74  apply( simp_all)
  129.75  
  129.76 -\<comment> "8 Cast"
  129.77 +\<comment> \<open>8 Cast\<close>
  129.78  prefer 8
  129.79  apply (rule conjI)
  129.80    apply (fast intro: conforms_xcpt_change xconf_raise_if)
  129.81 @@ -275,7 +275,7 @@
  129.82    apply assumption+
  129.83  
  129.84  
  129.85 -\<comment> "7 LAss"
  129.86 +\<comment> \<open>7 LAss\<close>
  129.87  apply (fold fun_upd_def)
  129.88  apply( tactic \<open>(eresolve_tac @{context} [@{thm ty_expr.cases}, @{thm ty_exprs.cases}, @{thm wt_stmt.cases}]
  129.89                   THEN_ALL_NEW (full_simp_tac @{context})) 1\<close>)
  129.90 @@ -284,13 +284,13 @@
  129.91  apply (simp)
  129.92  apply( blast intro: conforms_upd_local conf_widen)
  129.93  
  129.94 -\<comment> "6 FAcc"
  129.95 +\<comment> \<open>6 FAcc\<close>
  129.96  apply (rule conjI) 
  129.97    apply (simp add: np_def)
  129.98    apply (fast intro: conforms_xcpt_change xconf_raise_if)
  129.99  apply( fast elim!: FAcc_type_sound)
 129.100  
 129.101 -\<comment> "5 While"
 129.102 +\<comment> \<open>5 While\<close>
 129.103  prefer 5
 129.104  apply(erule_tac V = "a \<longrightarrow> b" for a b in thin_rl)
 129.105  apply(drule (1) ty_expr_ty_exprs_wt_stmt.Loop)
 129.106 @@ -298,7 +298,7 @@
 129.107  
 129.108  apply (tactic "forward_hyp_tac @{context}")
 129.109  
 129.110 -\<comment> "4 Cond"
 129.111 +\<comment> \<open>4 Cond\<close>
 129.112  prefer 4
 129.113  apply (case_tac "the_Bool v")
 129.114  apply simp
 129.115 @@ -306,31 +306,31 @@
 129.116  apply simp
 129.117  apply( fast dest: evals_no_xcpt intro: conf_hext hext_trans)
 129.118  
 129.119 -\<comment> "3 ;;"
 129.120 +\<comment> \<open>3 ;;\<close>
 129.121  prefer 3
 129.122  apply( fast dest: evals_no_xcpt intro: conf_hext hext_trans)
 129.123  
 129.124  
 129.125 -\<comment> "2 FAss"
 129.126 +\<comment> \<open>2 FAss\<close>
 129.127  apply (subgoal_tac "(np a' x1, aa, ba) ::\<preceq> (G, lT)")
 129.128    prefer 2
 129.129    apply (simp add: np_def)
 129.130    apply (fast intro: conforms_xcpt_change xconf_raise_if)
 129.131  apply( case_tac "x2")
 129.132 -  \<comment> "x2 = None"
 129.133 +  \<comment> \<open>x2 = None\<close>
 129.134    apply (simp)
 129.135    apply (tactic "forward_hyp_tac @{context}", clarify)
 129.136    apply( drule eval_no_xcpt)
 129.137    apply( erule FAss_type_sound, rule HOL.refl, assumption+)
 129.138 -  \<comment> "x2 = Some a"
 129.139 +  \<comment> \<open>x2 = Some a\<close>
 129.140    apply (  simp (no_asm_simp))
 129.141    apply(  fast intro: hext_trans)
 129.142  
 129.143  
 129.144  apply( tactic "prune_params_tac @{context}")
 129.145 -\<comment> "Level 52"
 129.146 +\<comment> \<open>Level 52\<close>
 129.147  
 129.148 -\<comment> "1 Call"
 129.149 +\<comment> \<open>1 Call\<close>
 129.150  apply( case_tac "x")
 129.151  prefer 2
 129.152  apply(  clarsimp)
   130.1 --- a/src/HOL/MicroJava/J/State.thy	Tue Jan 16 09:12:16 2018 +0100
   130.2 +++ b/src/HOL/MicroJava/J/State.thy	Tue Jan 16 09:30:00 2018 +0100
   130.3 @@ -10,10 +10,10 @@
   130.4  begin
   130.5  
   130.6  type_synonym 
   130.7 -  fields' = "(vname \<times> cname \<rightharpoonup> val)"  \<comment> "field name, defining class, value"
   130.8 +  fields' = "(vname \<times> cname \<rightharpoonup> val)"  \<comment> \<open>field name, defining class, value\<close>
   130.9  
  130.10  type_synonym
  130.11 -  obj = "cname \<times> fields'"    \<comment> "class instance with class name and fields"
  130.12 +  obj = "cname \<times> fields'"    \<comment> \<open>class instance with class name and fields\<close>
  130.13  
  130.14  definition obj_ty :: "obj => ty" where
  130.15   "obj_ty obj  == Class (fst obj)"
  130.16 @@ -22,10 +22,10 @@
  130.17   "init_vars == map_of o map (\<lambda>(n,T). (n,default_val T))"
  130.18  
  130.19  type_synonym aheap = "loc \<rightharpoonup> obj"    \<comment> \<open>"\<open>heap\<close>" used in a translation below\<close>
  130.20 -type_synonym locals = "vname \<rightharpoonup> val"  \<comment> "simple state, i.e. variable contents"
  130.21 +type_synonym locals = "vname \<rightharpoonup> val"  \<comment> \<open>simple state, i.e. variable contents\<close>
  130.22  
  130.23 -type_synonym state = "aheap \<times> locals"      \<comment> "heap, local parameter including This"
  130.24 -type_synonym xstate = "val option \<times> state" \<comment> "state including exception information"
  130.25 +type_synonym state = "aheap \<times> locals"      \<comment> \<open>heap, local parameter including This\<close>
  130.26 +type_synonym xstate = "val option \<times> state" \<comment> \<open>state including exception information\<close>
  130.27  
  130.28  abbreviation (input)
  130.29    heap :: "state => aheap"
   131.1 --- a/src/HOL/MicroJava/J/Term.thy	Tue Jan 16 09:12:16 2018 +0100
   131.2 +++ b/src/HOL/MicroJava/J/Term.thy	Tue Jan 16 09:30:00 2018 +0100
   131.3 @@ -6,26 +6,26 @@
   131.4  
   131.5  theory Term imports Value begin
   131.6  
   131.7 -datatype binop = Eq | Add    \<comment> "function codes for binary operation"
   131.8 +datatype binop = Eq | Add    \<comment> \<open>function codes for binary operation\<close>
   131.9  
  131.10  datatype expr
  131.11 -  = NewC cname               \<comment> "class instance creation"
  131.12 -  | Cast cname expr          \<comment> "type cast"
  131.13 -  | Lit val                  \<comment> "literal value, also references"
  131.14 -  | BinOp binop expr expr    \<comment> "binary operation"
  131.15 -  | LAcc vname               \<comment> "local (incl. parameter) access"
  131.16 -  | LAss vname expr          ("_::=_" [90,90]90)      \<comment> "local assign"
  131.17 -  | FAcc cname expr vname    ("{_}_.._" [10,90,99]90) \<comment> "field access"
  131.18 +  = NewC cname               \<comment> \<open>class instance creation\<close>
  131.19 +  | Cast cname expr          \<comment> \<open>type cast\<close>
  131.20 +  | Lit val                  \<comment> \<open>literal value, also references\<close>
  131.21 +  | BinOp binop expr expr    \<comment> \<open>binary operation\<close>
  131.22 +  | LAcc vname               \<comment> \<open>local (incl. parameter) access\<close>
  131.23 +  | LAss vname expr          ("_::=_" [90,90]90)      \<comment> \<open>local assign\<close>
  131.24 +  | FAcc cname expr vname    ("{_}_.._" [10,90,99]90) \<comment> \<open>field access\<close>
  131.25    | FAss cname expr vname 
  131.26 -                    expr     ("{_}_.._:=_" [10,90,99,90]90) \<comment> "field ass."
  131.27 +                    expr     ("{_}_.._:=_" [10,90,99,90]90) \<comment> \<open>field ass.\<close>
  131.28    | Call cname expr mname 
  131.29 -    "ty list" "expr list"    ("{_}_.._'( {_}_')" [10,90,99,10,10] 90) \<comment> "method call"
  131.30 +    "ty list" "expr list"    ("{_}_.._'( {_}_')" [10,90,99,10,10] 90) \<comment> \<open>method call\<close>
  131.31  
  131.32  datatype_compat expr
  131.33  
  131.34  datatype stmt
  131.35 -  = Skip                     \<comment> "empty statement"
  131.36 -  | Expr expr                \<comment> "expression statement"
  131.37 +  = Skip                     \<comment> \<open>empty statement\<close>
  131.38 +  | Expr expr                \<comment> \<open>expression statement\<close>
  131.39    | Comp stmt stmt       ("_;; _"             [61,60]60)
  131.40    | Cond expr stmt stmt  ("If '(_') _ Else _" [80,79,79]70)
  131.41    | Loop expr stmt       ("While '(_') _"     [80,79]70)
   132.1 --- a/src/HOL/MicroJava/J/Type.thy	Tue Jan 16 09:12:16 2018 +0100
   132.2 +++ b/src/HOL/MicroJava/J/Type.thy	Tue Jan 16 09:30:00 2018 +0100
   132.3 @@ -44,20 +44,20 @@
   132.4  
   132.5  end
   132.6  
   132.7 - \<comment> "exceptions"
   132.8 + \<comment> \<open>exceptions\<close>
   132.9  datatype 
  132.10    xcpt   
  132.11    = NullPointer
  132.12    | ClassCast
  132.13    | OutOfMemory
  132.14  
  132.15 -\<comment> "class names"
  132.16 +\<comment> \<open>class names\<close>
  132.17  datatype cname  
  132.18    = Object 
  132.19    | Xcpt xcpt 
  132.20    | Cname cnam 
  132.21  
  132.22 -typedecl vnam   \<comment> "variable or field name"
  132.23 +typedecl vnam   \<comment> \<open>variable or field name\<close>
  132.24  
  132.25  instantiation vnam :: equal
  132.26  begin
  132.27 @@ -92,7 +92,7 @@
  132.28  
  132.29  end
  132.30  
  132.31 -typedecl mname  \<comment> "method name"
  132.32 +typedecl mname  \<comment> \<open>method name\<close>
  132.33  
  132.34  instantiation mname :: equal
  132.35  begin
  132.36 @@ -127,26 +127,26 @@
  132.37  
  132.38  end
  132.39  
  132.40 -\<comment> "names for \<open>This\<close> pointer and local/field variables"
  132.41 +\<comment> \<open>names for \<open>This\<close> pointer and local/field variables\<close>
  132.42  datatype vname 
  132.43    = This
  132.44    | VName vnam
  132.45  
  132.46 -\<comment> "primitive type, cf. 4.2"
  132.47 +\<comment> \<open>primitive type, cf. 4.2\<close>
  132.48  datatype prim_ty 
  132.49 -  = Void          \<comment> "'result type' of void methods"
  132.50 +  = Void          \<comment> \<open>'result type' of void methods\<close>
  132.51    | Boolean
  132.52    | Integer
  132.53  
  132.54 -\<comment> "reference type, cf. 4.3"
  132.55 +\<comment> \<open>reference type, cf. 4.3\<close>
  132.56  datatype ref_ty   
  132.57 -  = NullT         \<comment> "null type, cf. 4.1"
  132.58 -  | ClassT cname  \<comment> "class type"
  132.59 +  = NullT         \<comment> \<open>null type, cf. 4.1\<close>
  132.60 +  | ClassT cname  \<comment> \<open>class type\<close>
  132.61  
  132.62 -\<comment> "any type, cf. 4.1"
  132.63 +\<comment> \<open>any type, cf. 4.1\<close>
  132.64  datatype ty 
  132.65 -  = PrimT prim_ty \<comment> "primitive type"
  132.66 -  | RefT  ref_ty  \<comment> "reference type"
  132.67 +  = PrimT prim_ty \<comment> \<open>primitive type\<close>
  132.68 +  | RefT  ref_ty  \<comment> \<open>reference type\<close>
  132.69  
  132.70  abbreviation NT :: ty
  132.71    where "NT == RefT NullT"
   133.1 --- a/src/HOL/MicroJava/J/TypeRel.thy	Tue Jan 16 09:12:16 2018 +0100
   133.2 +++ b/src/HOL/MicroJava/J/TypeRel.thy	Tue Jan 16 09:30:00 2018 +0100
   133.3 @@ -8,7 +8,7 @@
   133.4  imports Decl
   133.5  begin
   133.6  
   133.7 -\<comment> "direct subclass, cf. 8.1.3"
   133.8 +\<comment> \<open>direct subclass, cf. 8.1.3\<close>
   133.9  
  133.10  inductive_set
  133.11    subcls1 :: "'c prog => (cname \<times> cname) set"
  133.12 @@ -177,12 +177,12 @@
  133.13  qed
  133.14  
  133.15  definition "method" :: "'c prog \<times> cname => (sig \<rightharpoonup> cname \<times> ty \<times> 'c)"
  133.16 -  \<comment> "methods of a class, with inheritance, overriding and hiding, cf. 8.4.6"
  133.17 +  \<comment> \<open>methods of a class, with inheritance, overriding and hiding, cf. 8.4.6\<close>
  133.18    where [code]: "method \<equiv> \<lambda>(G,C). class_rec G C empty (\<lambda>C fs ms ts.
  133.19                             ts ++ map_of (map (\<lambda>(s,m). (s,(C,m))) ms))"
  133.20  
  133.21  definition fields :: "'c prog \<times> cname => ((vname \<times> cname) \<times> ty) list"
  133.22 -  \<comment> "list of fields of a class, including inherited and hidden ones"
  133.23 +  \<comment> \<open>list of fields of a class, including inherited and hidden ones\<close>
  133.24    where [code]: "fields \<equiv> \<lambda>(G,C). class_rec G C [] (\<lambda>C fs ms ts.
  133.25                             map (\<lambda>(fn,ft). ((fn,C),ft)) fs @ ts)"
  133.26  
  133.27 @@ -215,12 +215,12 @@
  133.28  done
  133.29  
  133.30  
  133.31 -\<comment> "widening, viz. method invocation conversion,cf. 5.3 i.e. sort of syntactic subtyping"
  133.32 +\<comment> \<open>widening, viz. method invocation conversion,cf. 5.3 i.e. sort of syntactic subtyping\<close>
  133.33  inductive
  133.34    widen   :: "'c prog => [ty   , ty   ] => bool" ("_ \<turnstile> _ \<preceq> _"   [71,71,71] 70)
  133.35    for G :: "'c prog"
  133.36  where
  133.37 -  refl   [intro!, simp]:       "G\<turnstile>      T \<preceq> T"   \<comment> "identity conv., cf. 5.1.1"
  133.38 +  refl   [intro!, simp]:       "G\<turnstile>      T \<preceq> T"   \<comment> \<open>identity conv., cf. 5.1.1\<close>
  133.39  | subcls         : "G\<turnstile>C\<preceq>C D ==> G\<turnstile>Class C \<preceq>