*** empty log message ***
authorwenzelm
Thu Mar 07 22:52:07 2002 +0100 (2002-03-07)
changeset 130416faccf7d0f25
parent 13040 02bfd6d622ca
child 13042 d8a345d9e067
*** empty log message ***
doc-src/IsarRef/conversion.tex
doc-src/IsarRef/generic.tex
doc-src/IsarRef/logics.tex
doc-src/IsarRef/refcard.tex
     1.1 --- a/doc-src/IsarRef/conversion.tex	Thu Mar 07 19:07:56 2002 +0100
     1.2 +++ b/doc-src/IsarRef/conversion.tex	Thu Mar 07 22:52:07 2002 +0100
     1.3 @@ -69,14 +69,17 @@
     1.4  
     1.5  ML proof scripts have to be well-behaved by storing theorems properly within
     1.6  the current theory context, in order to enable new-style theories to retrieve
     1.7 -these these later.
     1.8 +these later.
     1.9  
    1.10  \begin{descr}
    1.11 +  
    1.12  \item [$\mathtt{qed}~name$] is the canonical way to conclude a proof script in
    1.13    ML.  This already manages entry in the theorem database of the current
    1.14    theory context.
    1.15 +  
    1.16  \item [$\mathtt{bind_thm}~(name, thm)$ and $\mathtt{bind_thms}~(name, thms)$]
    1.17    store theorems that have been produced in ML in an ad-hoc manner.
    1.18 +
    1.19  \end{descr}
    1.20  
    1.21  Note that the original ``LCF-system'' approach of binding theorem values on
    1.22 @@ -197,7 +200,7 @@
    1.23  ML values of type \texttt{thm}.  After the proof is finished, these premises
    1.24  are discharged again, resulting in the original rule statement.  The ``long
    1.25  format'' of Isabelle/Isar goal statements admits to emulate this technique
    1.26 -closely.  The general ML goal statement for derived rules looks like this:
    1.27 +nicely.  The general ML goal statement for derived rules looks like this:
    1.28  \begin{ttbox}
    1.29   val [\(prem@1\), \dots] = goal "\(\phi@1 \Imp \dots \Imp \psi\)";
    1.30   by \(tac@1\);
    1.31 @@ -218,12 +221,10 @@
    1.32  corresponding atomic statements, typically stemming from the definition of a
    1.33  new concept.  In that case, the general scheme for deriving rules may be
    1.34  greatly simplified, using one of the standard automated proof tools, such as
    1.35 -$simp$, $blast$, or $auto$.  This would work as follows:
    1.36 +$simp$, $blast$, or $auto$.  This could work as follows:
    1.37  \begin{matharray}{l}
    1.38    \LEMMA{}{\texttt"{\phi@1 \Imp \dots \Imp \psi}\texttt"} \\
    1.39 -  \quad \APPLY{unfold~defs} \\
    1.40 -  \quad \APPLY{blast} \\
    1.41 -  \quad \DONE \\
    1.42 +  \quad \BYY{unfold~defs}{blast} \\
    1.43  \end{matharray}
    1.44  Note that classic Isabelle would support this form only in the special case
    1.45  where $\phi@1$, \dots are atomic statements (when using the standard
    1.46 @@ -270,6 +271,9 @@
    1.47    \quad \DONE \\
    1.48  \end{matharray}
    1.49  
    1.50 +In many situations the $atomize$ step above is actually unnecessary,
    1.51 +especially if the subsequent script mainly consists of automated tools.
    1.52 +
    1.53  
    1.54  \subsection{Tactics}\label{sec:conv-tac}
    1.55  
    1.56 @@ -287,7 +291,7 @@
    1.57  For example, method $simp$ replaces all of \texttt{simp_tac}~/
    1.58  \texttt{asm_simp_tac}~/ \texttt{full_simp_tac}~/ \texttt{asm_full_simp_tac},
    1.59  there is also concrete syntax for augmenting the Simplifier context (the
    1.60 -current ``simpset'') in a handsome way.
    1.61 +current ``simpset'') in a convenient way.
    1.62  
    1.63  
    1.64  \subsubsection{Resolution tactics}
    1.65 @@ -458,19 +462,19 @@
    1.66  
    1.67  \medskip Theorem operations may be attached as attributes in the very place
    1.68  where theorems are referenced, say within a method argument.  The subsequent
    1.69 -common ML combinators may be expressed directly in Isar as follows.
    1.70 +ML combinators may be expressed directly in Isar as follows.
    1.71  \begin{matharray}{lll}
    1.72    thm@1~\texttt{RS}~thm@2 & & thm@1~[THEN~thm@2] \\
    1.73    thm@1~\texttt{RSN}~(i, thm@2) & & thm@1~[THEN~[i]~thm@2] \\
    1.74    thm@1~\texttt{COMP}~thm@2 & & thm@1~[COMP~thm@2] \\
    1.75    \relax[thm@1, \dots]~\texttt{MRS}~thm & & thm~[OF~thm@1~\dots] \\
    1.76    \texttt{read_instantiate}~[(x@1, t@1), \dots]~thm & & thm~[where~x@1 = t@1~and~\dots] \\
    1.77 +  \texttt{make_elim}~thm & & thm~[elim_format] \\
    1.78    \texttt{standard}~thm & & thm~[standard] \\
    1.79 -  \texttt{make_elim}~thm & & thm~[elim_format] \\
    1.80  \end{matharray}
    1.81  
    1.82  Note that $OF$ is often more readable as $THEN$; likewise positional
    1.83 -instantiation with $of$ is more handsome than $where$.
    1.84 +instantiation with $of$ is often more appropriate than $where$.
    1.85  
    1.86  The special ML command \texttt{qed_spec_mp} of Isabelle/HOL and FOL may be
    1.87  replaced by passing the result of a proof through $rule_format$.
    1.88 @@ -491,8 +495,8 @@
    1.89    \texttt{AddSDs}~[thm] & & \DECLARE~thm~[dest!] \\[0.5ex]
    1.90    \texttt{AddIffs}~[thm] & & \DECLARE~thm~[iff] \\
    1.91  \end{matharray}
    1.92 -Note that explicit $\DECLARE$ commands are actually needed only very rarely;
    1.93 -Isar admits to declare theorems on-the-fly wherever they emerge.  Consider the
    1.94 +Note that explicit $\DECLARE$ commands are rarely needed in practice; Isar
    1.95 +admits to declare theorems on-the-fly wherever they emerge.  Consider the
    1.96  following ML idiom:
    1.97  \begin{ttbox}
    1.98  Goal "\(\phi\)";
    1.99 @@ -500,7 +504,7 @@
   1.100  qed "name";
   1.101  Addsimps [name];
   1.102  \end{ttbox}
   1.103 -This may be expressed more concisely in Isar like this:
   1.104 +This may be expressed more succinctly in Isar like this:
   1.105  \begin{matharray}{l}
   1.106    \LEMMA{name~[simp]}{\phi} \\
   1.107    \quad\vdots
   1.108 @@ -525,26 +529,32 @@
   1.109  code expressed in the low-level language.
   1.110  
   1.111  As far as Isar proofs are concerned, it is usually much easier to re-use only
   1.112 -definitions and the main statements directly, while following the arrangement
   1.113 -of proof scripts only very loosely.  Ideally, one would also have some
   1.114 -\emph{informal} proof outlines available for guidance as well.  In the worst
   1.115 -case, obscure proof scripts would have to be re-engineered by tracing forth
   1.116 -and backwards, and by educated guessing!
   1.117 +definitions and the main statements, while following the arrangement of proof
   1.118 +scripts only very loosely.  Ideally, one would also have some \emph{informal}
   1.119 +proof outlines available for guidance as well.  In the worst case, obscure
   1.120 +proof scripts would have to be re-engineered by tracing forth and backwards,
   1.121 +and by educated guessing!
   1.122  
   1.123  \medskip This is a possible schedule to embark on actual conversion of legacy
   1.124  proof scripts into Isar proof texts.
   1.125 +
   1.126  \begin{enumerate}
   1.127 +
   1.128  \item Port ML scripts to Isar tactic emulation scripts (see
   1.129    \S\ref{sec:port-scripts}).
   1.130 +
   1.131  \item Get sufficiently acquainted with Isabelle/Isar proof
   1.132    development.\footnote{As there is still no Isar tutorial around, it is best
   1.133      to look at existing Isar examples, see also \S\ref{sec:isar-howto}.}
   1.134 +
   1.135  \item Recover the proof structure of a few important theorems.
   1.136 +
   1.137  \item Rephrase the original intention of the course of reasoning in terms of
   1.138    Isar proof language elements.
   1.139 +
   1.140  \end{enumerate}
   1.141  
   1.142 -Certainly, rewriting formal reasoning in Isar requires much additional effort.
   1.143 +Certainly, rewriting formal reasoning in Isar requires some additional effort.
   1.144  On the other hand, one gains a human-readable representation of
   1.145  machine-checked formal proof.  Depending on the context of application, this
   1.146  might be even indispensable to start with!
     2.1 --- a/doc-src/IsarRef/generic.tex	Thu Mar 07 19:07:56 2002 +0100
     2.2 +++ b/doc-src/IsarRef/generic.tex	Thu Mar 07 22:52:07 2002 +0100
     2.3 @@ -27,7 +27,7 @@
     2.4  \end{rail}
     2.5  
     2.6  \begin{descr}
     2.7 -  
     2.8 +
     2.9  \item [$\AXCLASS~c \subseteq \vec c~~axms$] defines an axiomatic type class as
    2.10    the intersection of existing classes, with additional axioms holding.  Class
    2.11    axioms may not contain more than one type variable.  The class axioms (with
    2.12 @@ -35,18 +35,18 @@
    2.13    a class introduction rule is generated (being bound as $c{.}intro$); this
    2.14    rule is employed by method $intro_classes$ to support instantiation proofs
    2.15    of this class.
    2.16 -  
    2.17 +
    2.18    The ``axioms'' are stored as theorems according to the given name
    2.19    specifications, adding the class name $c$ as name space prefix; the same
    2.20    facts are also stored collectively as $c{\dtt}axioms$.
    2.21 -  
    2.22 +
    2.23  \item [$\INSTANCE~c@1 \subseteq c@2$ and $\INSTANCE~t :: (\vec s)c$] setup a
    2.24    goal stating a class relation or type arity.  The proof would usually
    2.25    proceed by $intro_classes$, and then establish the characteristic theorems
    2.26    of the type classes involved.  After finishing the proof, the theory will be
    2.27    augmented by a type signature declaration corresponding to the resulting
    2.28    theorem.
    2.29 -  
    2.30 +
    2.31  \item [$intro_classes$] repeatedly expands all class introduction rules of
    2.32    this theory.  Note that this method usually needs not be named explicitly,
    2.33    as it is already included in the default proof step (of $\PROOFNAME$ etc.).
    2.34 @@ -59,7 +59,7 @@
    2.35  \subsection{Locales and local contexts}\label{sec:locale}
    2.36  
    2.37  Locales are named local contexts, consisting of a list of declaration elements
    2.38 -that are modeled after the Isar proof context commands (cf.\ 
    2.39 +that are modeled after the Isar proof context commands (cf.\
    2.40  \S\ref{sec:proof-context}).
    2.41  
    2.42  \subsubsection{Localized commands}
    2.43 @@ -83,12 +83,12 @@
    2.44  the locale context of $loc$ and augments its body by an appropriate
    2.45  ``$\isarkeyword{notes}$'' element (see below).  The exported view of $a$,
    2.46  after discharging the locale context, is stored as $loc{.}a$ within the global
    2.47 -theory.  A localized goal ``$\LEMMANAME~(\IN~loc)~a:~\phi$'' work similarly,
    2.48 -only that the fact emerges through the subsequent proof,
    2.49 -which may refer to the full infrastructure of the locale context (including
    2.50 -local parameters with typing and concrete syntax, assumptions, definitions
    2.51 -etc.).  Most notably, fact declarations of the locale are active during the
    2.52 -proof, too (e.g.\ local $simp$ rules).
    2.53 +theory.  A localized goal ``$\LEMMANAME~(\IN~loc)~a:~\phi$'' works similarly,
    2.54 +only that the fact emerges through the subsequent proof, which may refer to
    2.55 +the full infrastructure of the locale context (covering local parameters with
    2.56 +typing and concrete syntax, assumptions, definitions etc.).  Most notably,
    2.57 +fact declarations of the locale are active during the proof as well (e.g.\
    2.58 +local $simp$ rules).
    2.59  
    2.60  
    2.61  \subsubsection{Locale specifications}
    2.62 @@ -131,7 +131,7 @@
    2.63  \end{rail}
    2.64  
    2.65  \begin{descr}
    2.66 -  
    2.67 +
    2.68  \item [$\LOCALE~loc~=~import~+~body$] defines new locale $loc$ as a context
    2.69    consisting of a certain view of existing locales ($import$) plus some
    2.70    additional elements ($body$).  Both $import$ and $body$ are optional; the
    2.71 @@ -139,57 +139,59 @@
    2.72    useful to collect declarations of facts later on.  Type-inference on locale
    2.73    expressions automatically takes care of the most general typing that the
    2.74    combined context elements may acquire.
    2.75 -  
    2.76 +
    2.77    The $import$ consists of a structured context expression, consisting of
    2.78    references to existing locales, renamed contexts, or merged contexts.
    2.79    Renaming uses positional notation: $c~\vec x$ means that (a prefix) the
    2.80    fixed parameters of context $c$ are named according to $\vec x$; a
    2.81    ``\texttt{_}'' (underscore).\indexisarthm{_@\texttt{_}} means to skip that
    2.82    position.  Also note that concrete syntax only works with the original name.
    2.83 -  Merging proceeds from left-to-right, suppressing any duplicates emerging
    2.84 -  from different paths through an import hierarchy.
    2.85 -  
    2.86 +  Merging proceeds from left-to-right, suppressing any duplicates stemming
    2.87 +  from different paths through the import hierarchy.
    2.88 +
    2.89    The $body$ consists of basic context elements, further context expressions
    2.90    may be included as well.
    2.91  
    2.92    \begin{descr}
    2.93 -    
    2.94 +
    2.95    \item [$\FIXES{~x::\tau~(mx)}$] declares a local parameter of type $\tau$
    2.96      and mixfix annotation $mx$ (both are optional).  The special syntax
    2.97      declaration ``$(structure)$'' means that $x$ may be referenced
    2.98      implicitly in this context.
    2.99 -    
   2.100 +
   2.101    \item [$\ASSUMES{a}{\vec\phi}$] introduces local premises, similar to
   2.102      $\ASSUMENAME$ within a proof (cf.\ \S\ref{sec:proof-context}).
   2.103 -    
   2.104 +
   2.105    \item [$\DEFINES{a}{x \equiv t}$] defines a previously declared parameter.
   2.106 -    This is close to $\DEFNAME$ within a proof (cf.\ 
   2.107 +    This is close to $\DEFNAME$ within a proof (cf.\
   2.108      \S\ref{sec:proof-context}), but $\DEFINESNAME$ takes an equational
   2.109 -    proposition instead of variable-term.  The left-hand side of the equation
   2.110 -    may have additional arguments, e.g.\ $\DEFINES{}{f~\vec x \equiv t}$.
   2.111 -    
   2.112 +    proposition instead of variable-term pair.  The left-hand side of the
   2.113 +    equation may have additional arguments, e.g.\ ``$\DEFINES{}{f~\vec x
   2.114 +      \equiv t}$''.
   2.115 +
   2.116    \item [$\NOTES{a}{\vec b}$] reconsiders facts within a local context.  Most
   2.117      notably, this may include arbitrary declarations in any attribute
   2.118      specifications included here, e.g.\ a local $simp$ rule.
   2.119 -    
   2.120 +
   2.121    \item [$\INCLUDES{c}$] copies the specified context in a statically scoped
   2.122      manner.
   2.123 -    
   2.124 +
   2.125      In contrast, the initial $import$ specification of a locale expression
   2.126      maintains a dynamic relation to the locales being referenced (benefiting
   2.127      from any later fact declarations in the obvious manner).
   2.128    \end{descr}
   2.129 -  
   2.130 -  Note that $\IS{p}$ patterns given in the syntax of $\ASSUMESNAME$ and
   2.131 -  $\DEFINESNAME$ above is actually illegal in locale definitions.  In the long
   2.132 -  goal format of \S\ref{sec:goals}, term bindings may be included as expected.
   2.133 +
   2.134 +  Note that ``$\IS{p}$'' patterns given in the syntax of $\ASSUMESNAME$ and
   2.135 +  $\DEFINESNAME$ above are actually illegal in locale definitions.  In the
   2.136 +  long goal format of \S\ref{sec:goals}, term bindings may be included as
   2.137 +  expected, though.
   2.138  
   2.139  \item [$\isarkeyword{print_locale}~import~+~body$] prints the specified locale
   2.140    expression in a flattened form.  The notable special case
   2.141    $\isarkeyword{print_locale}~loc$ just prints the contents of the named
   2.142    locale, but keep in mind that type-inference will normalize type variables
   2.143    according to the usual alphabetical order.
   2.144 -  
   2.145 +
   2.146  \item [$\isarkeyword{print_locales}$] prints the names of all locales of the
   2.147    current theory.
   2.148  
   2.149 @@ -206,7 +208,7 @@
   2.150  \end{matharray}
   2.151  
   2.152  Generalized elimination means that additional elements with certain properties
   2.153 -may introduced in the current context, by virtue of a locally proven
   2.154 +may be introduced in the current context, by virtue of a locally proven
   2.155  ``soundness statement''.  Technically speaking, the $\OBTAINNAME$ language
   2.156  element is like a declaration of $\FIXNAME$ and $\ASSUMENAME$ (see also see
   2.157  \S\ref{sec:proof-context}), together with a soundness proof of its additional
   2.158 @@ -224,28 +226,32 @@
   2.159  \begin{matharray}{l}
   2.160    \langle facts~\vec b\rangle \\
   2.161    \OBTAIN{\vec x}{a}{\vec \phi}~~\langle proof\rangle \equiv {} \\[1ex]
   2.162 -  \quad \BG \\
   2.163 +  \quad \HAVE{}{\All{thesis} (\All{\vec x} \vec\phi \Imp thesis) \Imp thesis} \\
   2.164 +  \quad \PROOF{succeed} \\
   2.165    \qquad \FIX{thesis} \\
   2.166 -  \qquad \ASSUME{that~[simp, intro]}{\All{\vec x} \vec\phi \Imp thesis} \\
   2.167 -  \qquad \FROM{\vec b}~\HAVE{}{thesis}~~\langle proof\rangle \\
   2.168 -  \quad \EN \\
   2.169 +  \qquad \ASSUME{that~[intro?]}{\All{\vec x} \vec\phi \Imp thesis} \\
   2.170 +  \qquad \SHOW{}{thesis} \\
   2.171 +  \quad\qquad \APPLY{insert~that} \\
   2.172 +  \quad\qquad \USING{\vec b}~~\langle proof\rangle \\
   2.173 +  \quad \QED{} \\
   2.174    \quad \FIX{\vec x}~\ASSUMENAME^\ast~a\colon~\vec\phi \\
   2.175  \end{matharray}
   2.176  
   2.177  Typically, the soundness proof is relatively straight-forward, often just by
   2.178 -canonical automated tools such as $\BY{simp}$ (see \S\ref{sec:simp}) or
   2.179 -$\BY{blast}$ (see \S\ref{sec:classical-auto}).  Accordingly, the ``$that$''
   2.180 -reduction above is declared as simplification and introduction rule.
   2.181 +canonical automated tools such as ``$\BY{simp}$'' (see \S\ref{sec:simp}) or
   2.182 +``$\BY{blast}$'' (see \S\ref{sec:classical-auto}).  Accordingly, the
   2.183 +``$that$'' reduction above is declared as simplification and introduction
   2.184 +rule.
   2.185  
   2.186  \medskip
   2.187  
   2.188  In a sense, $\OBTAINNAME$ represents at the level of Isar proofs what would be
   2.189  meta-logical existential quantifiers and conjunctions.  This concept has a
   2.190 -broad range of useful applications, ranging from plain elimination (or even
   2.191 +broad range of useful applications, ranging from plain elimination (or
   2.192  introduction) of object-level existentials and conjunctions, to elimination
   2.193  over results of symbolic evaluation of recursive definitions, for example.
   2.194  Also note that $\OBTAINNAME$ without parameters acts much like $\HAVENAME$,
   2.195 -where the result is treated as an assumption.
   2.196 +where the result is treated as a genuine assumption.
   2.197  
   2.198  
   2.199  \subsection{Calculational reasoning}\label{sec:calculation}
   2.200 @@ -277,10 +283,10 @@
   2.201  similar to $\ALSO$ and $\FINALLY$, but only collect further results in
   2.202  $calculation$ without applying any rules yet.
   2.203  
   2.204 -Also note that the automatic term abbreviation ``$\dots$'' has its canonical
   2.205 -application with calculational proofs.  It refers to the argument\footnote{The
   2.206 -  argument of a curried infix expression is its right-hand side.} of the
   2.207 -preceding statement.
   2.208 +Also note that the implicit term abbreviation ``$\dots$'' has its canonical
   2.209 +application with calculational proofs.  It refers to the argument of the
   2.210 +preceding statement. (The argument of a curried infix expression happens to be
   2.211 +its right-hand side.)
   2.212  
   2.213  Isabelle/Isar calculations are implicitly subject to block structure in the
   2.214  sense that new threads of calculational reasoning are commenced for any new
   2.215 @@ -290,9 +296,8 @@
   2.216  
   2.217  \medskip
   2.218  
   2.219 -The Isar calculation proof commands may be defined as
   2.220 -follows:\footnote{Internal bookkeeping such as proper handling of
   2.221 -  block-structure has been suppressed.}
   2.222 +The Isar calculation proof commands may be defined as follows:\footnote{We
   2.223 +  suppress internal bookkeeping such as proper handling of block-structure.}
   2.224  \begin{matharray}{rcl}
   2.225    \ALSO@0 & \equiv & \NOTE{calculation}{this} \\
   2.226    \ALSO@{n+1} & \equiv & \NOTE{calculation}{trans~[OF~calculation~this]} \\[0.5ex]
   2.227 @@ -309,7 +314,7 @@
   2.228  \end{rail}
   2.229  
   2.230  \begin{descr}
   2.231 -  
   2.232 +
   2.233  \item [$\ALSO~(\vec a)$] maintains the auxiliary $calculation$ register as
   2.234    follows.  The first occurrence of $\ALSO$ in some calculational thread
   2.235    initializes $calculation$ by $this$. Any subsequent $\ALSO$ on the same
   2.236 @@ -328,29 +333,29 @@
   2.237  
   2.238  \item [$\MOREOVER$ and $\ULTIMATELY$] are analogous to $\ALSO$ and $\FINALLY$,
   2.239    but collect results only, without applying rules.
   2.240 -  
   2.241 +
   2.242  \item [$\isarkeyword{print_trans_rules}$] prints the list of transitivity
   2.243    rules (for calculational commands $\ALSO$ and $\FINALLY$) and symmetry rules
   2.244    (for the $symmetric$ operation and single step elimination patters) of the
   2.245    current context.
   2.246 -  
   2.247 +
   2.248  \item [$trans$] declares theorems as transitivity rules.
   2.249 -  
   2.250 +
   2.251  \item [$sym$] declares symmetry rules.
   2.252 -  
   2.253 +
   2.254  \item [$symmetric$] resolves a theorem with some rule declared as $sym$ in the
   2.255    current context.  For example, ``$\ASSUME{[symmetric]}{x = y}$'' produces a
   2.256    swapped fact derived from that assumption.
   2.257 -  
   2.258 +
   2.259    In structured proof texts it is often more appropriate to use an explicit
   2.260    single-step elimination proof, such as ``$\ASSUME{}{x = y}~\HENCE{}{y =
   2.261 -    x}~\DDOT$''.  Note that the very same rules known to $symmetric$ are
   2.262 -  declared as $elim$ at the same time.
   2.263 +    x}~\DDOT$''.  The very same rules known to $symmetric$ are declared as
   2.264 +  $elim?$ as well.
   2.265  
   2.266  \end{descr}
   2.267  
   2.268  
   2.269 -\section{Specific proof tools}
   2.270 +\section{Proof tools}
   2.271  
   2.272  \subsection{Miscellaneous methods and attributes}\label{sec:misc-meth-att}
   2.273  
   2.274 @@ -376,11 +381,11 @@
   2.275  \end{rail}
   2.276  
   2.277  \begin{descr}
   2.278 -  
   2.279 +
   2.280  \item [$unfold~\vec a$ and $fold~\vec a$] expand (or fold back again) the
   2.281    given meta-level definitions throughout all goals; any chained facts
   2.282    provided are inserted into the goal and subject to rewriting as well.
   2.283 -  
   2.284 +
   2.285  \item [$insert~\vec a$] inserts theorems as facts into all goals of the proof
   2.286    state.  Note that current facts indicated for forward chaining are ignored.
   2.287  
   2.288 @@ -388,13 +393,13 @@
   2.289    basic $rule$ method (see \S\ref{sec:pure-meth-att}), but apply rules by
   2.290    elim-resolution, destruct-resolution, and forward-resolution, respectively
   2.291    \cite{isabelle-ref}.  The optional natural number argument (default $0$)
   2.292 -  specifies additional assumption steps to be performed.
   2.293 -  
   2.294 +  specifies additional assumption steps to be performed here.
   2.295 +
   2.296    Note that these methods are improper ones, mainly serving for
   2.297    experimentation and tactic script emulation.  Different modes of basic rule
   2.298    application are usually expressed in Isar at the proof language level,
   2.299    rather than via implicit proof state manipulations.  For example, a proper
   2.300 -  single-step elimination would be done using the basic $rule$ method, with
   2.301 +  single-step elimination would be done using the plain $rule$ method, with
   2.302    forward chaining of current facts.
   2.303  
   2.304  \item [$succeed$] yields a single (unchanged) result; it is the identity of
   2.305 @@ -418,8 +423,8 @@
   2.306    where & : & \isaratt \\[0.5ex]
   2.307    unfolded & : & \isaratt \\
   2.308    folded & : & \isaratt \\[0.5ex]
   2.309 -  standard & : & \isaratt \\
   2.310    elim_format & : & \isaratt \\
   2.311 +  standard^* & : & \isaratt \\
   2.312    no_vars^* & : & \isaratt \\
   2.313  \end{matharray}
   2.314  
   2.315 @@ -437,36 +442,38 @@
   2.316  \end{rail}
   2.317  
   2.318  \begin{descr}
   2.319 -  
   2.320 +
   2.321  \item [$tagged~name~args$ and $untagged~name$] add and remove $tags$ of some
   2.322    theorem.  Tags may be any list of strings that serve as comment for some
   2.323    tools (e.g.\ $\LEMMANAME$ causes the tag ``$lemma$'' to be added to the
   2.324    result).  The first string is considered the tag name, the rest its
   2.325    arguments.  Note that untag removes any tags of the same name.
   2.326 -  
   2.327 -\item [$THEN~n~a$ and $COMP~n~a$] compose rules.  $THEN$ resolves with the
   2.328 -  $n$-th premise of $a$; the $COMP$ version skips the automatic lifting
   2.329 -  process that is normally intended (cf.\ \texttt{RS} and \texttt{COMP} in
   2.330 +
   2.331 +\item [$THEN~a$ and $COMP~a$] compose rules by resolution.  $THEN$ resolves
   2.332 +  with the first premise of $a$ (an alternative position may be also
   2.333 +  specified); the $COMP$ version skips the automatic lifting process that is
   2.334 +  normally intended (cf.\ \texttt{RS} and \texttt{COMP} in
   2.335    \cite[\S5]{isabelle-ref}).
   2.336 -  
   2.337 +
   2.338  \item [$where~\vec x = \vec t$] perform named instantiation of schematic
   2.339    variables occurring in a theorem.  Unlike instantiation tactics such as
   2.340    $rule_tac$ (see \S\ref{sec:tactic-commands}), actual schematic variables
   2.341 -  have to be specified (e.g.\ $\Var{x@3}$).
   2.342 -  
   2.343 +  have to be specified on the left-hand side (e.g.\ $\Var{x@3}$).
   2.344 +
   2.345  \item [$unfolded~\vec a$ and $folded~\vec a$] expand and fold back again the
   2.346    given meta-level definitions throughout a rule.
   2.347 -  
   2.348 -\item [$standard$] puts a theorem into the standard form of object-rules, just
   2.349 -  as the ML function \texttt{standard} (see \cite[\S5]{isabelle-ref}).
   2.350 -  
   2.351 +
   2.352  \item [$elim_format$] turns a destruction rule into elimination rule format,
   2.353    by resolving with the rule $\PROP A \Imp (\PROP A \Imp \PROP B) \Imp \PROP
   2.354    B$.
   2.355 -  
   2.356 +
   2.357    Note that the Classical Reasoner (\S\ref{sec:classical-att}) provides its
   2.358    own version of this operation.
   2.359 -  
   2.360 +
   2.361 +\item [$standard$] puts a theorem into the standard form of object-rules at
   2.362 +  the outermost theory level.  Note that this operation violates the local
   2.363 +  proof context (including active locales).
   2.364 +
   2.365  \item [$no_vars$] replaces schematic variables by free ones; this is mainly
   2.366    for tuning output of pretty printed theorems.
   2.367  
   2.368 @@ -554,37 +561,37 @@
   2.369  \end{rail}
   2.370  
   2.371  \begin{descr}
   2.372 -  
   2.373 +
   2.374  \item [$rule_tac$ etc.] do resolution of rules with explicit instantiation.
   2.375    This works the same way as the ML tactics \texttt{res_inst_tac} etc. (see
   2.376    \cite[\S3]{isabelle-ref}).
   2.377 -  
   2.378 -  Note that multiple rules may be only given there is no instantiation.  Then
   2.379 +
   2.380 +  Multiple rules may be only given if there is no instantiation; then
   2.381    $rule_tac$ is the same as \texttt{resolve_tac} in ML (see
   2.382    \cite[\S3]{isabelle-ref}).
   2.383 -  
   2.384 +
   2.385  \item [$cut_tac$] inserts facts into the proof state as assumption of a
   2.386    subgoal, see also \texttt{cut_facts_tac} in \cite[\S3]{isabelle-ref}.  Note
   2.387    that the scope of schematic variables is spread over the main goal
   2.388    statement.  Instantiations may be given as well, see also ML tactic
   2.389    \texttt{cut_inst_tac} in \cite[\S3]{isabelle-ref}.
   2.390 -  
   2.391 +
   2.392  \item [$thin_tac~\phi$] deletes the specified assumption from a subgoal; note
   2.393    that $\phi$ may contain schematic variables.  See also \texttt{thin_tac} in
   2.394    \cite[\S3]{isabelle-ref}.
   2.395 -  
   2.396 +
   2.397  \item [$subgoal_tac~\phi$] adds $\phi$ as an assumption to a subgoal.  See
   2.398    also \texttt{subgoal_tac} and \texttt{subgoals_tac} in
   2.399    \cite[\S3]{isabelle-ref}.
   2.400 -  
   2.401 +
   2.402  \item [$rename_tac~\vec x$] renames parameters of a goal according to the list
   2.403    $\vec x$, which refers to the \emph{suffix} of variables.
   2.404 -  
   2.405 +
   2.406  \item [$rotate_tac~n$] rotates the assumptions of a goal by $n$ positions:
   2.407    from right to left if $n$ is positive, and from left to right if $n$ is
   2.408    negative; the default value is $1$.  See also \texttt{rotate_tac} in
   2.409    \cite[\S3]{isabelle-ref}.
   2.410 -  
   2.411 +
   2.412  \item [$tactic~text$] produces a proof method from any ML text of type
   2.413    \texttt{tactic}.  Apart from the usual ML environment and the current
   2.414    implicit theory context, the ML code may refer to the following locally
   2.415 @@ -643,15 +650,15 @@
   2.416    according to the arguments given.  Note that the \railtterm{only} modifier
   2.417    first removes all other rewrite rules, congruences, and looper tactics
   2.418    (including splits), and then behaves like \railtterm{add}.
   2.419 -  
   2.420 +
   2.421    \medskip The \railtterm{cong} modifiers add or delete Simplifier congruence
   2.422    rules (see also \cite{isabelle-ref}), the default is to add.
   2.423 -  
   2.424 +
   2.425    \medskip The \railtterm{split} modifiers add or delete rules for the
   2.426    Splitter (see also \cite{isabelle-ref}), the default is to add.  This works
   2.427    only if the Simplifier method has been properly setup to include the
   2.428    Splitter (all major object logics such HOL, HOLCF, FOL, ZF do this already).
   2.429 -  
   2.430 +
   2.431  \item [$simp_all$] is similar to $simp$, but acts on all goals (backwards from
   2.432    the last to the first one).
   2.433  
   2.434 @@ -662,24 +669,25 @@
   2.435  simplifying assumptions themselves (cf.\ \texttt{asm_full_simp_tac} in
   2.436  \cite[\S10]{isabelle-ref}).  In structured proofs this is usually quite well
   2.437  behaved in practice: just the local premises of the actual goal are involved,
   2.438 -additional facts may inserted via explicit forward-chaining (using $\THEN$,
   2.439 +additional facts may be inserted via explicit forward-chaining (using $\THEN$,
   2.440  $\FROMNAME$ etc.).  The full context of assumptions is only included if the
   2.441  ``$!$'' (bang) argument is given, which should be used with some care, though.
   2.442  
   2.443  Additional Simplifier options may be specified to tune the behavior further
   2.444 -(mostly for unstructured scripts with many accidental local facts): $(no_asm)$
   2.445 -means assumptions are ignored completely (cf.\ \texttt{simp_tac}),
   2.446 -$(no_asm_simp)$ means assumptions are used in the simplification of the
   2.447 -conclusion but are not themselves simplified (cf.\ \texttt{asm_simp_tac}), and
   2.448 -$(no_asm_use)$ means assumptions are simplified but are not used in the
   2.449 -simplification of each other or the conclusion (cf.  \texttt{full_simp_tac}).
   2.450 +(mostly for unstructured scripts with many accidental local facts):
   2.451 +``$(no_asm)$'' means assumptions are ignored completely (cf.\
   2.452 +\texttt{simp_tac}), ``$(no_asm_simp)$'' means assumptions are used in the
   2.453 +simplification of the conclusion but are not themselves simplified (cf.\
   2.454 +\texttt{asm_simp_tac}), and ``$(no_asm_use)$'' means assumptions are
   2.455 +simplified but are not used in the simplification of each other or the
   2.456 +conclusion (cf.\ \texttt{full_simp_tac}).
   2.457  
   2.458  \medskip
   2.459  
   2.460  The Splitter package is usually configured to work as part of the Simplifier.
   2.461  The effect of repeatedly applying \texttt{split_tac} can be simulated by
   2.462 -$(simp~only\colon~split\colon~\vec a)$.  There is also a separate $split$
   2.463 -method available for single-step case splitting, see \S\ref{sec:basic-eq}.
   2.464 +``$(simp~only\colon~split\colon~\vec a)$''.  There is also a separate $split$
   2.465 +method available for single-step case splitting.
   2.466  
   2.467  
   2.468  \subsubsection{Declaring rules}
   2.469 @@ -729,14 +737,14 @@
   2.470  \end{rail}
   2.471  
   2.472  \begin{descr}
   2.473 -  
   2.474 +
   2.475  \item [$simplified~\vec a$] causes a theorem to be simplified, either by
   2.476    exactly the specified rules $\vec a$, or the implicit Simplifier context if
   2.477    no arguments are given.  The result is fully simplified by default,
   2.478    including assumptions and conclusion; the options $no_asm$ etc.\ tune the
   2.479    Simplifier in the same way as the for the $simp$ method (see
   2.480    \S\ref{sec:simp}).
   2.481 -  
   2.482 +
   2.483    Note that forward simplification restricts the simplifier to its most basic
   2.484    operation of term rewriting; solver and looper tactics \cite{isabelle-ref}
   2.485    are \emph{not} involved here.  The $simplified$ attribute should be only
   2.486 @@ -768,18 +776,18 @@
   2.487  way for automated normalization (see \S\ref{sec:simplifier}).
   2.488  
   2.489  \begin{descr}
   2.490 -  
   2.491 -\item [$subst~thm$] performs a single substitution step using rule $thm$,
   2.492 -  which may be either a meta or object equality.
   2.493 -  
   2.494 -\item [$hypsubst$] performs substitution using some assumption.  Note that
   2.495 -  this only works for equations of the form $x = t$ where $x$ is a free or
   2.496 -  bound variable!
   2.497 -  
   2.498 -\item [$split~thms$] performs single-step case splitting using rules $thms$.
   2.499 +
   2.500 +\item [$subst~a$] performs a single substitution step using rule $a$, which
   2.501 +  may be either a meta or object equality.
   2.502 +
   2.503 +\item [$hypsubst$] performs substitution using some assumption; this only
   2.504 +  works for equations of the form $x = t$ where $x$ is a free or bound
   2.505 +  variable.
   2.506 +
   2.507 +\item [$split~\vec a$] performs single-step case splitting using rules $thms$.
   2.508    By default, splitting is performed in the conclusion of a goal; the $asm$
   2.509    option indicates to operate on assumptions instead.
   2.510 -  
   2.511 +
   2.512    Note that the $simp$ method already involves repeated application of split
   2.513    rules as declared in the current context (see \S\ref{sec:simp}).
   2.514  \end{descr}
   2.515 @@ -804,29 +812,26 @@
   2.516  \end{rail}
   2.517  
   2.518  \begin{descr}
   2.519 -  
   2.520 +
   2.521  \item [$rule$] as offered by the classical reasoner is a refinement over the
   2.522    primitive one (see \S\ref{sec:pure-meth-att}).  Both versions essentially
   2.523    work the same, but the classical version observes the classical rule context
   2.524 -  in addition to the Isabelle/Pure one.
   2.525 -  
   2.526 -  The library of common object logics (HOL, ZF, etc.) usually declare a rich
   2.527 -  collection of classical rules (even if these perfectly OK from the
   2.528 -  intuitionistic viewpoint), but only few declarations to the rule context of
   2.529 -  Isabelle/Pure (\S\ref{sec:pure-meth-att}).
   2.530 -  
   2.531 +  in addition to that of Isabelle/Pure.
   2.532 +
   2.533 +  Common object logics (HOL, ZF, etc.) declare a rich collection of classical
   2.534 +  rules (even if these would qualify as intuitionistic ones), but only few
   2.535 +  declarations to the rule context of Isabelle/Pure
   2.536 +  (\S\ref{sec:pure-meth-att}).
   2.537 +
   2.538  \item [$contradiction$] solves some goal by contradiction, deriving any result
   2.539 -  from both $\neg A$ and $A$.  Facts, which are guaranteed to participate, may
   2.540 -  appear in either order.
   2.541 +  from both $\neg A$ and $A$.  Chained facts, which are guaranteed to
   2.542 +  participate, may appear in either order.
   2.543  
   2.544  \item [$intro$ and $elim$] repeatedly refine some goal by intro- or
   2.545 -  elim-resolution, after having inserted any facts.  Omitting the arguments
   2.546 -  refers to any suitable rules declared in the context, otherwise only the
   2.547 -  explicitly given ones may be applied.  The latter form admits better control
   2.548 -  of what actually happens, thus it is very appropriate as an initial method
   2.549 -  for $\PROOFNAME$ that splits up certain connectives of the goal, before
   2.550 -  entering the actual sub-proof.
   2.551 -  
   2.552 +  elim-resolution, after having inserted any chained facts.  Exactly the rules
   2.553 +  given as arguments are taken into account; this allows fine-tuned
   2.554 +  decomposition of a proof problem, in contrast to common automated tools.
   2.555 +
   2.556  \end{descr}
   2.557  
   2.558  
   2.559 @@ -864,14 +869,11 @@
   2.560    \cite[\S11]{isabelle-ref} for more information.
   2.561  \end{descr}
   2.562  
   2.563 -Any of above methods support additional modifiers of the context of classical
   2.564 -rules.  Their semantics is analogous to the attributes given in
   2.565 -\S\ref{sec:classical-mod}.  Facts provided by forward chaining are
   2.566 -inserted\footnote{These methods usually cannot make proper use of actual rules
   2.567 -  inserted that way, though.} into the goal before doing the search.  The
   2.568 -``!''~argument causes the full context of assumptions to be included as well.
   2.569 -This is slightly less hazardous than for the Simplifier (see
   2.570 -\S\ref{sec:simp}).
   2.571 +Any of the above methods support additional modifiers of the context of
   2.572 +classical rules.  Their semantics is analogous to the attributes given before.
   2.573 +Facts provided by forward chaining are inserted into the goal before
   2.574 +commencing proof search.  The ``!''~argument causes the full context of
   2.575 +assumptions to be included as well.
   2.576  
   2.577  
   2.578  \subsubsection{Combined automated methods}\label{sec:clasimp}
   2.579 @@ -948,23 +950,22 @@
   2.580  \item [$intro$, $elim$, and $dest$] declare introduction, elimination, and
   2.581    destruction rules, respectively.  By default, rules are considered as
   2.582    \emph{unsafe} (i.e.\ not applied blindly without backtracking), while a
   2.583 -  single ``!'' classifies as \emph{safe}, and ``?'' as \emph{extra} (i.e.\ not
   2.584 -  applied in the search-oriented automated methods, but only in single-step
   2.585 -  methods such as $rule$).
   2.586 +  single ``!'' classifies as \emph{safe}.  Rule declarations marked by ``?''
   2.587 +  coincide with those of Isabelle/Pure, cf.\ \S\ref{sec:pure-meth-att} (i.e.\
   2.588 +  are only applied in single steps of the $rule$ method).
   2.589  
   2.590  \item [$rule~del$] deletes introduction, elimination, or destruction rules from
   2.591    the context.
   2.592 -  
   2.593 -\item [$iff$] declares a logical equivalences to the Simplifier and the
   2.594 +
   2.595 +\item [$iff$] declares logical equivalences to the Simplifier and the
   2.596    Classical reasoner at the same time.  Non-conditional rules result in a
   2.597    ``safe'' introduction and elimination pair; conditional ones are considered
   2.598    ``unsafe''.  Rules with negative conclusion are automatically inverted
   2.599 -  (using $\neg$-elimination).
   2.600 -  
   2.601 -  The ``?'' version of $iff$ declares rules to the Pure context only, and
   2.602 -  omits the Simplifier declaration.  Thus the declaration does not have any
   2.603 -  effect on automated proof tools, but only on the single-step $rule$ method
   2.604 -  (see \S\ref{sec:misc-meth-att}).
   2.605 +  (using $\neg$ elimination internally).
   2.606 +
   2.607 +  The ``?'' version of $iff$ declares rules to the Isabelle/Pure context only,
   2.608 +  and omits the Simplifier declaration.
   2.609 +
   2.610  \end{descr}
   2.611  
   2.612  
   2.613 @@ -978,13 +979,13 @@
   2.614  \end{matharray}
   2.615  
   2.616  \begin{descr}
   2.617 -  
   2.618 +
   2.619  \item [$elim_format$] turns a destruction rule into elimination rule format;
   2.620    this operation is similar to the the intuitionistic version
   2.621    (\S\ref{sec:misc-meth-att}), but each premise of the resulting rule acquires
   2.622 -  an additional local fact of the negated main thesis -- according to the
   2.623 +  an additional local fact of the negated main thesis; according to the
   2.624    classical principle $(\neg A \Imp A) \Imp A$.
   2.625 -  
   2.626 +
   2.627  \item [$swapped$] turns an introduction rule into an elimination, by resolving
   2.628    with the classical swap principle $(\neg B \Imp A) \Imp (\neg A \Imp B)$.
   2.629  
   2.630 @@ -1016,13 +1017,13 @@
   2.631  The $\CASENAME$ command provides a shorthand to refer to certain parts of
   2.632  logical context symbolically.  Proof methods may provide an environment of
   2.633  named ``cases'' of the form $c\colon \vec x, \vec \phi$.  Then the effect of
   2.634 -``$\CASE{c}$'' is that of ``$\FIX{\vec x}~\ASSUME{c}{\vec\phi}$''; term
   2.635 -bindings may be covered as well, such as $\Var{case}$.
   2.636 +``$\CASE{c}$'' is that of ``$\FIX{\vec x}~\ASSUME{c}{\vec\phi}$''.  Term
   2.637 +bindings may be covered as well, such as $\Var{case}$ for the intended
   2.638 +conclusion.
   2.639  
   2.640  Normally the ``terminology'' of a case value (i.e.\ the parameters $\vec x$)
   2.641 -are marked as hidden.  Using the alternative form ``$(\CASE{c}~\vec x)$''
   2.642 -enables proof writers to choose their own naming for the subsequent proof
   2.643 -text.
   2.644 +are marked as hidden.  Using the explicit form ``$\CASE{(c~\vec x)}$'' enables
   2.645 +proof writers to choose their own names for the subsequent proof text.
   2.646  
   2.647  \medskip
   2.648  
   2.649 @@ -1030,7 +1031,8 @@
   2.650  to peek at the current goal state, which is generally considered
   2.651  non-observable in Isar.  The text of the cases basically emerge from standard
   2.652  elimination or induction rules, which in turn are derived from previous theory
   2.653 -specifications in a canonical way (say via $\isarkeyword{inductive}$).
   2.654 +specifications in a canonical way (say from $\isarkeyword{inductive}$
   2.655 +definitions).
   2.656  
   2.657  Named cases may be exhibited in the current proof context only if both the
   2.658  proof method and the rules involved support this.  Case names and parameters
   2.659 @@ -1042,7 +1044,7 @@
   2.660  \railterm{casenames}
   2.661  
   2.662  \begin{rail}
   2.663 -  'case' caseref | ('(' caseref ((name | underscore) +) ')')
   2.664 +  'case' (caseref | '(' caseref ((name | underscore) +) ')')
   2.665    ;
   2.666    caseref: nameref attributes?
   2.667    ;
   2.668 @@ -1056,35 +1058,35 @@
   2.669  \end{rail}
   2.670  
   2.671  \begin{descr}
   2.672 -  
   2.673 -\item [$\CASE{c}$] invokes a named local context $c\colon \vec x, \vec \phi$,
   2.674 -  as provided by an appropriate proof method (such as $cases$ and $induct$,
   2.675 -  see \S\ref{sec:cases-induct-meth}).  The command $\CASE{c}$ abbreviates
   2.676 -  $\FIX{\vec x}~\ASSUME{c}{\vec\phi}$.
   2.677 -  
   2.678 +
   2.679 +\item [$\CASE{(c~\vec x)}$] invokes a named local context $c\colon \vec x,
   2.680 +  \vec \phi$, as provided by an appropriate proof method (such as $cases$ and
   2.681 +  $induct$, see \S\ref{sec:cases-induct-meth}).  The command ``$\CASE{(c~\vec
   2.682 +    x)}$'' abbreviates ``$\FIX{\vec x}~\ASSUME{c}{\vec\phi}$''.
   2.683 +
   2.684  \item [$\isarkeyword{print_cases}$] prints all local contexts of the current
   2.685    state, using Isar proof language notation.  This is a diagnostic command;
   2.686    $undo$ does not apply.
   2.687 -  
   2.688 +
   2.689  \item [$case_names~\vec c$] declares names for the local contexts of premises
   2.690    of some theorem; $\vec c$ refers to the \emph{suffix} of the list of
   2.691    premises.
   2.692 -  
   2.693 +
   2.694  \item [$params~\vec p@1 \dots \vec p@n$] renames the innermost parameters of
   2.695    premises $1, \dots, n$ of some theorem.  An empty list of names may be given
   2.696    to skip positions, leaving the present parameters unchanged.
   2.697 -  
   2.698 +
   2.699    Note that the default usage of case rules does \emph{not} directly expose
   2.700    parameters to the proof context (see also \S\ref{sec:cases-induct-meth}).
   2.701 -  
   2.702 +
   2.703  \item [$consumes~n$] declares the number of ``major premises'' of a rule,
   2.704    i.e.\ the number of facts to be consumed when it is applied by an
   2.705    appropriate proof method (cf.\ \S\ref{sec:cases-induct-meth}).  The default
   2.706    value of $consumes$ is $n = 1$, which is appropriate for the usual kind of
   2.707 -  cases and induction rules for inductive sets (cf.\ 
   2.708 +  cases and induction rules for inductive sets (cf.\
   2.709    \S\ref{sec:hol-inductive}).  Rules without any $consumes$ declaration given
   2.710    are treated as if $consumes~0$ had been specified.
   2.711 -  
   2.712 +
   2.713    Note that explicit $consumes$ declarations are only rarely needed; this is
   2.714    already taken care of automatically by the higher-level $cases$ and $induct$
   2.715    declarations, see also \S\ref{sec:cases-induct-att}.
   2.716 @@ -1104,39 +1106,32 @@
   2.717  and induction over datatypes, inductive sets, and recursive functions.  The
   2.718  corresponding rules may be specified and instantiated in a casual manner.
   2.719  Furthermore, these methods provide named local contexts that may be invoked
   2.720 -via the $\CASENAME$ proof command within the subsequent proof text (cf.\ 
   2.721 +via the $\CASENAME$ proof command within the subsequent proof text (cf.\
   2.722  \S\ref{sec:rule-cases}).  This accommodates compact proof texts even when
   2.723  reasoning about large specifications.
   2.724  
   2.725 -Note that the full spectrum of this generic functionality is currently only
   2.726 -supported by Isabelle/HOL, when used in conjunction with advanced definitional
   2.727 -packages (see especially \S\ref{sec:hol-datatype} and
   2.728 -\S\ref{sec:hol-inductive}).
   2.729 -
   2.730  \begin{rail}
   2.731    'cases' spec
   2.732    ;
   2.733    'induct' spec
   2.734    ;
   2.735  
   2.736 -  spec: open? args rule? params?
   2.737 +  spec: open? args rule?
   2.738    ;
   2.739    open: '(' 'open' ')'
   2.740    ;
   2.741 -  args: (insts * 'and') 
   2.742 +  args: (insts * 'and')
   2.743    ;
   2.744    rule: ('type' | 'set') ':' nameref | 'rule' ':' thmref
   2.745    ;
   2.746 -  params: 'of' ':' insts
   2.747 -  ;
   2.748  \end{rail}
   2.749  
   2.750  \begin{descr}
   2.751 -  
   2.752 -\item [$cases~insts~R~ps$] applies method $rule$ with an appropriate case
   2.753 +
   2.754 +\item [$cases~insts~R$] applies method $rule$ with an appropriate case
   2.755    distinction theorem, instantiated to the subjects $insts$.  Symbolic case
   2.756    names are bound according to the rule's local contexts.
   2.757 -  
   2.758 +
   2.759    The rule is determined as follows, according to the facts and arguments
   2.760    passed to the $cases$ method:
   2.761    \begin{matharray}{llll}
   2.762 @@ -1146,28 +1141,21 @@
   2.763      \edrv a \in A   & cases & \dots     & \Text{inductive set elimination (of $A$)} \\
   2.764      \dots           & cases & \dots ~ R & \Text{explicit rule $R$} \\
   2.765    \end{matharray}
   2.766 -  
   2.767 +
   2.768    Several instantiations may be given, referring to the \emph{suffix} of
   2.769    premises of the case rule; within each premise, the \emph{prefix} of
   2.770    variables is instantiated.  In most situations, only a single term needs to
   2.771    be specified; this refers to the first variable of the last premise (it is
   2.772    usually the same for all cases).
   2.773 -  
   2.774 -  Additional parameters may be specified as $ps$; these are applied after the
   2.775 -  primary instantiation in the same manner as by the $of$ attribute (cf.\ 
   2.776 -  \S\ref{sec:pure-meth-att}).  This feature is rarely needed in practice; a
   2.777 -  typical application would be to specify additional arguments for rules
   2.778 -  stemming from parameterized inductive definitions (see also
   2.779 -  \S\ref{sec:hol-inductive}).
   2.780 -  
   2.781 -  The $open$ option causes the parameters of the new local contexts to be
   2.782 -  exposed to the current proof context.  Thus local variables stemming from
   2.783 +
   2.784 +  The ``$(open)$'' option causes the parameters of the new local contexts to
   2.785 +  be exposed to the current proof context.  Thus local variables stemming from
   2.786    distant parts of the theory development may be introduced in an implicit
   2.787    manner, which can be quite confusing to the reader.  Furthermore, this
   2.788    option may cause unwanted hiding of existing local variables, resulting in
   2.789    less robust proof texts.
   2.790 -  
   2.791 -\item [$induct~insts~R~ps$] is analogous to the $cases$ method, but refers to
   2.792 +
   2.793 +\item [$induct~insts~R$] is analogous to the $cases$ method, but refers to
   2.794    induction rules, which are determined as follows:
   2.795    \begin{matharray}{llll}
   2.796      \Text{facts}    &        & \Text{arguments} & \Text{rule} \\\hline
   2.797 @@ -1175,30 +1163,25 @@
   2.798      \edrv x \in A   & induct & \dots         & \Text{set induction (of $A$)} \\
   2.799      \dots           & induct & \dots ~ R     & \Text{explicit rule $R$} \\
   2.800    \end{matharray}
   2.801 -  
   2.802 +
   2.803    Several instantiations may be given, each referring to some part of a mutual
   2.804    inductive definition or datatype --- only related partial induction rules
   2.805    may be used together, though.  Any of the lists of terms $P, x, \dots$
   2.806    refers to the \emph{suffix} of variables present in the induction rule.
   2.807    This enables the writer to specify only induction variables, or both
   2.808    predicates and variables, for example.
   2.809 -  
   2.810 -  Additional parameters (including the $open$ option) may be given in the same
   2.811 -  way as for $cases$, see above.
   2.812 +
   2.813 +  The ``$(open)$'' option works the same way as for $cases$.
   2.814  
   2.815  \end{descr}
   2.816  
   2.817  Above methods produce named local contexts (cf.\ \S\ref{sec:rule-cases}), as
   2.818 -determined by the instantiated rule \emph{before} it has been applied to the
   2.819 -internal proof state.\footnote{As a general principle, Isar proof text may
   2.820 -  never refer to parts of proof states directly.} Thus proper use of symbolic
   2.821 -cases usually require the rule to be instantiated fully, as far as the
   2.822 -emerging local contexts and subgoals are concerned.  In particular, for
   2.823 -induction both the predicates and variables have to be specified.  Otherwise
   2.824 -the $\CASENAME$ command would refuse to invoke cases containing schematic
   2.825 -variables.  Furthermore the resulting local goal statement is bound to the
   2.826 -term variable $\Var{case}$\indexisarvar{case} --- for each case where it is
   2.827 -fully specified.
   2.828 +determined by the instantiated rule as specified in the text.  Beyond that,
   2.829 +the $induct$ method guesses further instantiations from the goal specification
   2.830 +itself.  Any persisting unresolved schematic variables of the resulting rule
   2.831 +will render the the corresponding case invalid.  The term binding
   2.832 +$\Var{case}$\indexisarvar{case} for the conclusion will be provided with each
   2.833 +case, provided that term is fully specified.
   2.834  
   2.835  The $\isarkeyword{print_cases}$ command (\S\ref{sec:rule-cases}) prints all
   2.836  named cases present in the current proof state.
   2.837 @@ -1224,17 +1207,11 @@
   2.838  
   2.839  Facts presented to either method are consumed according to the number of
   2.840  ``major premises'' of the rule involved (see also \S\ref{sec:cases-induct}),
   2.841 -which is usually $0$ for plain cases and induction rules of datatypes etc.\ 
   2.842 +which is usually $0$ for plain cases and induction rules of datatypes etc.\
   2.843  and $1$ for rules of inductive sets and the like.  The remaining facts are
   2.844  inserted into the goal verbatim before the actual $cases$ or $induct$ rule is
   2.845  applied (thus facts may be even passed through an induction).
   2.846  
   2.847 -Note that whenever facts are present, the default rule selection scheme would
   2.848 -provide a ``set'' rule only, with the first fact consumed and the rest
   2.849 -inserted into the goal.  In order to pass all facts into a ``type'' rule
   2.850 -instead, one would have to specify this explicitly, e.g.\ by appending
   2.851 -``$type: name$'' to the method argument.
   2.852 -
   2.853  
   2.854  \subsubsection{Declaring rules}\label{sec:cases-induct-att}
   2.855  
   2.856 @@ -1256,22 +1233,22 @@
   2.857  \end{rail}
   2.858  
   2.859  \begin{descr}
   2.860 -  
   2.861 +
   2.862  \item [$\isarkeyword{print_induct_rules}$] prints cases and induct rules for
   2.863    sets and types of the current context.
   2.864 -  
   2.865 +
   2.866  \item [$cases$ and $induct$] (as attributes) augment the corresponding context
   2.867    of rules for reasoning about inductive sets and types, using the
   2.868    corresponding methods of the same name.  Certain definitional packages of
   2.869    object-logics usually declare emerging cases and induction rules as
   2.870    expected, so users rarely need to intervene.
   2.871 -  
   2.872 +
   2.873    Manual rule declarations usually include the the $case_names$ and $ps$
   2.874    attributes to adjust names of cases and parameters of a rule (see
   2.875    \S\ref{sec:rule-cases}); the $consumes$ declaration is taken care of
   2.876    automatically: $consumes~0$ is specified for ``type'' rules and $consumes~1$
   2.877    for ``set'' rules.
   2.878 -  
   2.879 +
   2.880  \end{descr}
   2.881  
   2.882  %%% Local Variables:
     3.1 --- a/doc-src/IsarRef/logics.tex	Thu Mar 07 19:07:56 2002 +0100
     3.2 +++ b/doc-src/IsarRef/logics.tex	Thu Mar 07 22:52:07 2002 +0100
     3.3 @@ -18,11 +18,13 @@
     3.4  The very starting point for any Isabelle object-logic is a ``truth judgment''
     3.5  that links object-level statements to the meta-logic (with its minimal
     3.6  language of $prop$ that covers universal quantification $\Forall$ and
     3.7 -implication $\Imp$).  Common object-logics are sufficiently expressive to
     3.8 -\emph{internalize} rule statements over $\Forall$ and $\Imp$ within their own
     3.9 -language.  This is useful in certain situations where a rule needs to be
    3.10 -viewed as an atomic statement from the meta-level perspective (e.g.\ $\All x x
    3.11 -\in A \Imp P(x)$ versus $\forall x \in A. P(x)$).
    3.12 +implication $\Imp$).
    3.13 +
    3.14 +Common object-logics are sufficiently expressive to internalize rule
    3.15 +statements over $\Forall$ and $\Imp$ within their own language.  This is
    3.16 +useful in certain situations where a rule needs to be viewed as an atomic
    3.17 +statement from the meta-level perspective, e.g.\ $\All x x \in A \Imp P(x)$
    3.18 +versus $\forall x \in A. P(x)$.
    3.19  
    3.20  From the following language elements, only the $atomize$ method and
    3.21  $rule_format$ attribute are occasionally required by end-users, the rest is
    3.22 @@ -31,34 +33,36 @@
    3.23  realistic examples.
    3.24  
    3.25  Generic tools may refer to the information provided by object-logic
    3.26 -declarations internally (e.g.\ locales \S\ref{sec:locale}, or the Classical
    3.27 -Reasoner \S\ref{sec:classical}).
    3.28 +declarations internally.
    3.29 +
    3.30 +\railalias{ruleformat}{rule\_format}
    3.31 +\railterm{ruleformat}
    3.32  
    3.33  \begin{rail}
    3.34    'judgment' constdecl
    3.35    ;
    3.36 -  atomize ('(' 'full' ')')?
    3.37 +  'atomize' ('(' 'full' ')')?
    3.38    ;
    3.39    ruleformat ('(' 'noasm' ')')?
    3.40    ;
    3.41  \end{rail}
    3.42  
    3.43  \begin{descr}
    3.44 -
    3.45 -\item [$\isarkeyword{judgment}~c::\sigma~~syn$] declares constant $c$ as the
    3.46 +  
    3.47 +\item [$\isarkeyword{judgment}~c::\sigma~~(mx)$] declares constant $c$ as the
    3.48    truth judgment of the current object-logic.  Its type $\sigma$ should
    3.49    specify a coercion of the category of object-level propositions to $prop$ of
    3.50 -  the Pure meta-logic; the mixfix annotation $syn$ would typically just link
    3.51 +  the Pure meta-logic; the mixfix annotation $(mx)$ would typically just link
    3.52    the object language (internally of syntactic category $logic$) with that of
    3.53    $prop$.  Only one $\isarkeyword{judgment}$ declaration may be given in any
    3.54    theory development.
    3.55 -
    3.56 +  
    3.57  \item [$atomize$] (as a method) rewrites any non-atomic premises of a
    3.58    sub-goal, using the meta-level equations declared via $atomize$ (as an
    3.59    attribute) beforehand.  As a result, heavily nested goals become amenable to
    3.60    fundamental operations such as resolution (cf.\ the $rule$ method) and
    3.61    proof-by-assumption (cf.\ $assumption$).  Giving the ``$(full)$'' option
    3.62 -  here means to turn the subgoal into an object-statement (if possible),
    3.63 +  here means to turn the whole subgoal into an object-statement (if possible),
    3.64    including the outermost parameters and assumptions as well.
    3.65  
    3.66    A typical collection of $atomize$ rules for a particular object-logic would
    3.67 @@ -106,7 +110,7 @@
    3.68    
    3.69  \item [$\isarkeyword{typedecl}~(\vec\alpha)t$] is similar to the original
    3.70    $\isarkeyword{typedecl}$ of Isabelle/Pure (see \S\ref{sec:types-pure}), but
    3.71 -  also declares type arity $t :: (term, \dots, term) term$, making $t$ an
    3.72 +  also declares type arity $t :: (type, \dots, type) type$, making $t$ an
    3.73    actual HOL type constructor.
    3.74    
    3.75  \item [$\isarkeyword{typedef}~(\vec\alpha)t = A$] sets up a goal stating
    3.76 @@ -120,21 +124,22 @@
    3.77    $Abs_t$ (this may be changed via an explicit $\isarkeyword{morphisms}$
    3.78    declaration).
    3.79    
    3.80 -  Theorems $Rep_t$, $Rep_inverse$, and $Abs_inverse$ provide the most basic
    3.81 -  characterization as a corresponding injection/surjection pair (in both
    3.82 +  Theorems $Rep_t$, $Rep_t_inverse$, and $Abs_t_inverse$ provide the most
    3.83 +  basic characterization as a corresponding injection/surjection pair (in both
    3.84    directions).  Rules $Rep_t_inject$ and $Abs_t_inject$ provide a slightly
    3.85 -  more comfortable view on the injectivity part, suitable for automated proof
    3.86 -  tools (e.g.\ in $simp$ or $iff$ declarations).  Rules $Rep_t_cases$,
    3.87 -  $Rep_t_induct$, and $Abs_t_cases$, $Abs_t_induct$ provide alternative views
    3.88 -  on surjectivity; these are already declared as type or set rules for the
    3.89 -  generic $cases$ and $induct$ methods.
    3.90 +  more convenient view on the injectivity part, suitable for automated proof
    3.91 +  tools (e.g.\ in $simp$ or $iff$ declarations).  Rules
    3.92 +  $Rep_t_cases/Rep_t_induct$, and $Abs_t_cases/Abs_t_induct$ provide
    3.93 +  alternative views on surjectivity; these are already declared as set or type
    3.94 +  rules for the generic $cases$ and $induct$ methods.
    3.95  \end{descr}
    3.96  
    3.97 -Raw type declarations are rarely used in practice; the main application is
    3.98 -with experimental (or even axiomatic!) theory fragments.  Instead of primitive
    3.99 -HOL type definitions, user-level theories usually refer to higher-level
   3.100 -packages such as $\isarkeyword{record}$ (see \S\ref{sec:hol-record}) or
   3.101 -$\isarkeyword{datatype}$ (see \S\ref{sec:hol-datatype}).
   3.102 +Note that raw type declarations are rarely used in practice; the main
   3.103 +application is with experimental (or even axiomatic!) theory fragments.
   3.104 +Instead of primitive HOL type definitions, user-level theories usually refer
   3.105 +to higher-level packages such as $\isarkeyword{record}$ (see
   3.106 +\S\ref{sec:hol-record}) or $\isarkeyword{datatype}$ (see
   3.107 +\S\ref{sec:hol-datatype}).
   3.108  
   3.109  
   3.110  \subsection{Adhoc tuples}
   3.111 @@ -153,13 +158,12 @@
   3.112  \end{rail}
   3.113  
   3.114  \begin{descr}
   3.115 -
   3.116 +  
   3.117  \item [$split_format~\vec p@1 \dots \vec p@n$] puts expressions of low-level
   3.118    tuple types into canonical form as specified by the arguments given; $\vec
   3.119 -  p@i$ refers to occurrences in premise $i$ of the rule.  The
   3.120 -  $split_format~(complete)$ form causes \emph{all} arguments in function
   3.121 -  applications to be represented canonically according to their tuple type
   3.122 -  structure.
   3.123 +  p@i$ refers to occurrences in premise $i$ of the rule.  The $(complete)$
   3.124 +  option causes \emph{all} arguments in function applications to be
   3.125 +  represented canonically according to their tuple type structure.
   3.126  
   3.127    Note that these operations tend to invent funny names for new local
   3.128    parameters to be introduced.
   3.129 @@ -169,8 +173,8 @@
   3.130  
   3.131  \subsection{Records}\label{sec:hol-record}
   3.132  
   3.133 -In principle, records merely generalize the concept of tuples where components
   3.134 -may be addressed by labels instead of just position.  The logical
   3.135 +In principle, records merely generalize the concept of tuples, where
   3.136 +components may be addressed by labels instead of just position.  The logical
   3.137  infrastructure of records in Isabelle/HOL is slightly more advanced, though,
   3.138  supporting truly extensible record schemes.  This admits operations that are
   3.139  polymorphic with respect to record extension, yielding ``object-oriented''
   3.140 @@ -203,8 +207,8 @@
   3.141  ``$\more$'' notation (which is actually part of the syntax).  The improper
   3.142  field ``$\more$'' of a record scheme is called the \emph{more part}.
   3.143  Logically it is just a free variable, which is occasionally referred to as
   3.144 -\emph{row variable} in the literature.  The more part of a record scheme may
   3.145 -be instantiated by zero or more further components.  For example, the above
   3.146 +``row variable'' in the literature.  The more part of a record scheme may be
   3.147 +instantiated by zero or more further components.  For example, the previous
   3.148  scheme may get instantiated to $\record{x = a\fs y = b\fs z = c\fs \more =
   3.149    m'}$, where $m'$ refers to a different more part.  Fixed records are special
   3.150  instances of record schemes, where ``$\more$'' is properly terminated by the
   3.151 @@ -295,11 +299,11 @@
   3.152  reverse than in the actual term.  Since repeated updates are just function
   3.153  applications, fields may be freely permuted in $\record{x \asn a\fs y \asn
   3.154    b\fs z \asn c}$, as far as logical equality is concerned.  Thus
   3.155 -commutativity of updates can be proven within the logic for any two fields,
   3.156 -but not as a general theorem: fields are not first-class values.
   3.157 +commutativity of independent updates can be proven within the logic for any
   3.158 +two fields, but not as a general theorem.
   3.159  
   3.160  \medskip The \textbf{make} operation provides a cumulative record constructor
   3.161 -functions:
   3.162 +function:
   3.163  \begin{matharray}{lll}
   3.164    t{\dtt}make & \ty & \vec\sigma \To \record{\vec c \ty \vec \sigma} \\
   3.165  \end{matharray}
   3.166 @@ -336,25 +340,26 @@
   3.167      \record{\vec d \ty \vec \rho, \vec c \ty \vec\sigma} \\
   3.168  \end{matharray}
   3.169  
   3.170 -\noindent Note that $t{\dtt}make$ and $t{\dtt}fields$ are actually coincide for root records.
   3.171 +\noindent Note that $t{\dtt}make$ and $t{\dtt}fields$ actually coincide for root records.
   3.172  
   3.173  
   3.174  \subsubsection{Derived rules and proof tools}\label{sec:hol-record-thms}
   3.175  
   3.176  The record package proves several results internally, declaring these facts to
   3.177  appropriate proof tools.  This enables users to reason about record structures
   3.178 -quite comfortably.  Assume that $t$ is a record type as specified above.
   3.179 +quite conveniently.  Assume that $t$ is a record type as specified above.
   3.180  
   3.181  \begin{enumerate}
   3.182 -
   3.183 +  
   3.184  \item Standard conversions for selectors or updates applied to record
   3.185    constructor terms are made part of the default Simplifier context; thus
   3.186    proofs by reduction of basic operations merely require the $simp$ method
   3.187 -  without further arguments.  These rules are available as $t{\dtt}simps$.
   3.188 -
   3.189 +  without further arguments.  These rules are available as $t{\dtt}simps$,
   3.190 +  too.
   3.191 +  
   3.192  \item Selectors applied to updated records are automatically reduced by an
   3.193 -  internal simplification procedure, which is also part of the default
   3.194 -  Simplifier context.
   3.195 +  internal simplification procedure, which is also part of the standard
   3.196 +  Simplifier setup.
   3.197  
   3.198  \item Inject equations of a form analogous to $((x, y) = (x', y')) \equiv x=x'
   3.199    \conj y=y'$ are declared to the Simplifier and Classical Reasoner as $iff$
   3.200 @@ -368,10 +373,10 @@
   3.201    terms are provided both in $cases$ and $induct$ format (cf.\ the generic
   3.202    proof methods of the same name, \S\ref{sec:cases-induct}).  Several
   3.203    variations are available, for fixed records, record schemes, more parts etc.
   3.204 -
   3.205 +  
   3.206    The generic proof methods are sufficiently smart to pick the most sensible
   3.207    rule according to the type of the indicated record expression: users just
   3.208 -  need to apply something like ``$(cases r)$'' to a certain proof problem.
   3.209 +  need to apply something like ``$(cases~r)$'' to a certain proof problem.
   3.210  
   3.211  \item The derived record operations $t{\dtt}make$, $t{\dtt}fields$,
   3.212    $t{\dtt}extend$, $t{\dtt}truncate$ are \emph{not} treated automatically, but
   3.213 @@ -471,7 +476,7 @@
   3.214    
   3.215  \item [$\isarkeyword{recdef}$] defines general well-founded recursive
   3.216    functions (using the TFL package), see also \cite{isabelle-HOL}.  The
   3.217 -  $(permissive)$ option tells TFL to recover from failed proof attempts,
   3.218 +  ``$(permissive)$'' option tells TFL to recover from failed proof attempts,
   3.219    returning unfinished results.  The $recdef_simp$, $recdef_cong$, and
   3.220    $recdef_wf$ hints refer to auxiliary rules to be used in the internal
   3.221    automated proof process of TFL.  Additional $clasimpmod$ declarations (cf.\ 
   3.222 @@ -496,8 +501,8 @@
   3.223  $\isarkeyword{recdef}$ are numbered (starting from $1$).
   3.224  
   3.225  The equations provided by these packages may be referred later as theorem list
   3.226 -$f\mathord.simps$, where $f$ is the (collective) name of the functions
   3.227 -defined.  Individual equations may be named explicitly as well; note that for
   3.228 +$f{\dtt}simps$, where $f$ is the (collective) name of the functions defined.
   3.229 +Individual equations may be named explicitly as well; note that for
   3.230  $\isarkeyword{recdef}$ each specification given by the user may result in
   3.231  several theorems.
   3.232  
   3.233 @@ -631,10 +636,10 @@
   3.234    both goal addressing and dynamic instantiation.  Note that named rule cases
   3.235    are \emph{not} provided as would be by the proper $induct$ and $cases$ proof
   3.236    methods (see \S\ref{sec:cases-induct}).
   3.237 -
   3.238 +  
   3.239  \item [$ind_cases$ and $\isarkeyword{inductive_cases}$] provide an interface
   3.240 -  to the \texttt{mk_cases} operation.  Rules are simplified in an unrestricted
   3.241 -  forward manner.
   3.242 +  to the internal \texttt{mk_cases} operation.  Rules are simplified in an
   3.243 +  unrestricted forward manner.
   3.244  
   3.245    While $ind_cases$ is a proof method to apply the result immediately as
   3.246    elimination rules, $\isarkeyword{inductive_cases}$ provides case split
   3.247 @@ -648,7 +653,7 @@
   3.248  from executable specifications, both functional and relational programs.
   3.249  Isabelle/HOL instantiates these mechanisms in a way that is amenable to
   3.250  end-user applications.  See \cite{isabelle-HOL} for further information (this
   3.251 -actually covers the new-style theory format).
   3.252 +actually covers the new-style theory format as well).
   3.253  
   3.254  \indexisarcmd{generate-code}\indexisarcmd{consts-code}\indexisarcmd{types-code}
   3.255  \indexisaratt{code}
   3.256 @@ -727,10 +732,10 @@
   3.257    dtrules: 'distinct' thmrefs 'inject' thmrefs 'induction' thmrefs
   3.258  \end{rail}
   3.259  
   3.260 -Recursive domains in HOLCF are analogous to datatypes in classical HOL (cf.\
   3.261 -\S\ref{sec:hol-datatype}).  Mutual recursive is supported, but no nesting nor
   3.262 +Recursive domains in HOLCF are analogous to datatypes in classical HOL (cf.\ 
   3.263 +\S\ref{sec:hol-datatype}).  Mutual recursion is supported, but no nesting nor
   3.264  arbitrary branching.  Domain constructors may be strict (default) or lazy, the
   3.265 -latter admits to introduce infinitary objects in the typical LCF manner (e.g.\
   3.266 +latter admits to introduce infinitary objects in the typical LCF manner (e.g.\ 
   3.267  lazy lists).  See also \cite{MuellerNvOS99} for a general discussion of HOLCF
   3.268  domains.
   3.269  
   3.270 @@ -742,7 +747,7 @@
   3.271  The ZF logic is essentially untyped, so the concept of ``type checking'' is
   3.272  performed as logical reasoning about set-membership statements.  A special
   3.273  method assists users in this task; a version of this is already declared as a
   3.274 -``solver'' in the default Simplifier context.
   3.275 +``solver'' in the standard Simplifier setup.
   3.276  
   3.277  \indexisarcmd{print-tcset}\indexisaratt{typecheck}\indexisaratt{TC}
   3.278  
   3.279 @@ -779,7 +784,7 @@
   3.280  
   3.281  In ZF everything is a set.  The generic inductive package also provides a
   3.282  specific view for ``datatype'' specifications.  Coinductive definitions are
   3.283 -available as well.
   3.284 +available in both cases, too.
   3.285  
   3.286  \indexisarcmdof{ZF}{inductive}\indexisarcmdof{ZF}{coinductive}
   3.287  \indexisarcmdof{ZF}{datatype}\indexisarcmdof{ZF}{codatatype}
     4.1 --- a/doc-src/IsarRef/refcard.tex	Thu Mar 07 19:07:56 2002 +0100
     4.2 +++ b/doc-src/IsarRef/refcard.tex	Thu Mar 07 22:52:07 2002 +0100
     4.3 @@ -48,7 +48,7 @@
     4.4    \HENCENAME & \equiv & \THEN~\HAVENAME \\
     4.5    \THUSNAME & \equiv & \THEN~\SHOWNAME \\
     4.6    \FROM{\vec a} & \equiv & \NOTE{this}{\vec a}~\THEN \\
     4.7 -  \WITH{\vec a} & \equiv & \FROM{\vec a~this} \\[1ex]
     4.8 +  \WITH{\vec a} & \equiv & \FROM{\vec a~\AND~this} \\[1ex]
     4.9    \FROM{this} & \equiv & \THEN \\
    4.10    \FROM{this}~\HAVENAME & \equiv & \HENCENAME \\
    4.11    \FROM{this}~\SHOWNAME & \equiv & \THUSNAME \\
    4.12 @@ -120,18 +120,18 @@
    4.13    \multicolumn{2}{l}{\textbf{Operations}} \\[0.5ex]
    4.14    $OF~\vec a$ & rule applied to facts (skipping ``$_$'') \\
    4.15    $of~\vec t$ & rule applied to terms (skipping ``$_$'') \\
    4.16 -  $symmetric$ & resolution with symmetry of equality \\
    4.17 -  $THEN~b$ & resolution with other rule \\
    4.18 +  $symmetric$ & resolution with symmetry rule \\
    4.19 +  $THEN~b$ & resolution with another rule \\
    4.20    $rule_format$ & result put into standard rule format \\
    4.21 -  $elim_format$ & destruct rule turned into elimination rule format \\
    4.22 -  $standard$ & result put into standard form \\[1ex]
    4.23 +  $elim_format$ & destruct rule turned into elimination rule format \\[1ex]
    4.24  
    4.25    \multicolumn{2}{l}{\textbf{Declarations}} \\[0.5ex]
    4.26    $simp$ & Simplifier rule \\
    4.27 -  $intro$, $elim$, $dest$ & Classical Reasoner rule \\
    4.28 +  $intro$, $elim$, $dest$ & Pure or Classical Reasoner rule \\
    4.29    $iff$ & Simplifier + Classical Reasoner rule \\
    4.30    $split$ & case split rule \\
    4.31    $trans$ & transitivity rule \\
    4.32 +  $sym$ & symmetry rule \\
    4.33  \end{tabular}
    4.34  
    4.35