updated generated file;
authorwenzelm
Mon Jun 02 22:50:29 2008 +0200 (2008-06-02)
changeset 270428fcf19f2168b
parent 27041 22dcf2fc0aa2
child 27043 3ff111ed85a1
updated generated file;
doc-src/IsarRef/Thy/document/Document_Preparation.tex
doc-src/IsarRef/Thy/document/Generic.tex
doc-src/IsarRef/Thy/document/HOL_Specific.tex
doc-src/IsarRef/Thy/document/Introduction.tex
doc-src/IsarRef/Thy/document/Outer_Syntax.tex
doc-src/IsarRef/Thy/document/Proof.tex
doc-src/IsarRef/Thy/document/Spec.tex
doc-src/IsarRef/Thy/document/pure.tex
     1.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     1.2 +++ b/doc-src/IsarRef/Thy/document/Document_Preparation.tex	Mon Jun 02 22:50:29 2008 +0200
     1.3 @@ -0,0 +1,454 @@
     1.4 +%
     1.5 +\begin{isabellebody}%
     1.6 +\def\isabellecontext{Document{\isacharunderscore}Preparation}%
     1.7 +%
     1.8 +\isadelimtheory
     1.9 +\isanewline
    1.10 +\isanewline
    1.11 +%
    1.12 +\endisadelimtheory
    1.13 +%
    1.14 +\isatagtheory
    1.15 +\isacommand{theory}\isamarkupfalse%
    1.16 +\ Document{\isacharunderscore}Preparation\isanewline
    1.17 +\isakeyword{imports}\ Main\isanewline
    1.18 +\isakeyword{begin}%
    1.19 +\endisatagtheory
    1.20 +{\isafoldtheory}%
    1.21 +%
    1.22 +\isadelimtheory
    1.23 +%
    1.24 +\endisadelimtheory
    1.25 +%
    1.26 +\isamarkupchapter{Document preparation \label{ch:document-prep}%
    1.27 +}
    1.28 +\isamarkuptrue%
    1.29 +%
    1.30 +\begin{isamarkuptext}%
    1.31 +Isabelle/Isar provides a simple document preparation system based on
    1.32 +  existing {PDF-\LaTeX} technology, with full support of hyper-links
    1.33 +  (both local references and URLs) and bookmarks.  Thus the results
    1.34 +  are equally well suited for WWW browsing and as printed copies.
    1.35 +
    1.36 +  \medskip Isabelle generates {\LaTeX} output as part of the run of a
    1.37 +  \emph{logic session} (see also \cite{isabelle-sys}).  Getting
    1.38 +  started with a working configuration for common situations is quite
    1.39 +  easy by using the Isabelle \verb|mkdir| and \verb|make|
    1.40 +  tools.  First invoke
    1.41 +\begin{ttbox}
    1.42 +  isatool mkdir Foo
    1.43 +\end{ttbox}
    1.44 +  to initialize a separate directory for session \verb|Foo| ---
    1.45 +  it is safe to experiment, since \verb|isatool mkdir| never
    1.46 +  overwrites existing files.  Ensure that \verb|Foo/ROOT.ML|
    1.47 +  holds ML commands to load all theories required for this session;
    1.48 +  furthermore \verb|Foo/document/root.tex| should include any
    1.49 +  special {\LaTeX} macro packages required for your document (the
    1.50 +  default is usually sufficient as a start).
    1.51 +
    1.52 +  The session is controlled by a separate \verb|IsaMakefile|
    1.53 +  (with crude source dependencies by default).  This file is located
    1.54 +  one level up from the \verb|Foo| directory location.  Now
    1.55 +  invoke
    1.56 +\begin{ttbox}
    1.57 +  isatool make Foo
    1.58 +\end{ttbox}
    1.59 +  to run the \verb|Foo| session, with browser information and
    1.60 +  document preparation enabled.  Unless any errors are reported by
    1.61 +  Isabelle or {\LaTeX}, the output will appear inside the directory
    1.62 +  \verb|ISABELLE_BROWSER_INFO|, as reported by the batch job in
    1.63 +  verbose mode.
    1.64 +
    1.65 +  \medskip You may also consider to tune the \verb|usedir|
    1.66 +  options in \verb|IsaMakefile|, for example to change the output
    1.67 +  format from \verb|pdf| to \verb|dvi|, or activate the
    1.68 +  \verb|-D| option to retain a second copy of the generated
    1.69 +  {\LaTeX} sources.
    1.70 +
    1.71 +  \medskip See \emph{The Isabelle System Manual} \cite{isabelle-sys}
    1.72 +  for further details on Isabelle logic sessions and theory
    1.73 +  presentation.  The Isabelle/HOL tutorial \cite{isabelle-hol-book}
    1.74 +  also covers theory presentation issues.%
    1.75 +\end{isamarkuptext}%
    1.76 +\isamarkuptrue%
    1.77 +%
    1.78 +\isamarkupsection{Markup commands \label{sec:markup}%
    1.79 +}
    1.80 +\isamarkuptrue%
    1.81 +%
    1.82 +\begin{isamarkuptext}%
    1.83 +\begin{matharray}{rcl}
    1.84 +    \indexdef{}{command}{chapter}\hypertarget{command.chapter}{\hyperlink{command.chapter}{\mbox{\isa{\isacommand{chapter}}}}} & : & \isarkeep{local{\dsh}theory} \\
    1.85 +    \indexdef{}{command}{section}\hypertarget{command.section}{\hyperlink{command.section}{\mbox{\isa{\isacommand{section}}}}} & : & \isarkeep{local{\dsh}theory} \\
    1.86 +    \indexdef{}{command}{subsection}\hypertarget{command.subsection}{\hyperlink{command.subsection}{\mbox{\isa{\isacommand{subsection}}}}} & : & \isarkeep{local{\dsh}theory} \\
    1.87 +    \indexdef{}{command}{subsubsection}\hypertarget{command.subsubsection}{\hyperlink{command.subsubsection}{\mbox{\isa{\isacommand{subsubsection}}}}} & : & \isarkeep{local{\dsh}theory} \\
    1.88 +    \indexdef{}{command}{text}\hypertarget{command.text}{\hyperlink{command.text}{\mbox{\isa{\isacommand{text}}}}} & : & \isarkeep{local{\dsh}theory} \\
    1.89 +    \indexdef{}{command}{text\_raw}\hypertarget{command.text-raw}{\hyperlink{command.text-raw}{\mbox{\isa{\isacommand{text{\isacharunderscore}raw}}}}} & : & \isarkeep{local{\dsh}theory} \\[0.5ex]
    1.90 +    \indexdef{}{command}{sect}\hypertarget{command.sect}{\hyperlink{command.sect}{\mbox{\isa{\isacommand{sect}}}}} & : & \isartrans{proof}{proof} \\
    1.91 +    \indexdef{}{command}{subsect}\hypertarget{command.subsect}{\hyperlink{command.subsect}{\mbox{\isa{\isacommand{subsect}}}}} & : & \isartrans{proof}{proof} \\
    1.92 +    \indexdef{}{command}{subsubsect}\hypertarget{command.subsubsect}{\hyperlink{command.subsubsect}{\mbox{\isa{\isacommand{subsubsect}}}}} & : & \isartrans{proof}{proof} \\
    1.93 +    \indexdef{}{command}{txt}\hypertarget{command.txt}{\hyperlink{command.txt}{\mbox{\isa{\isacommand{txt}}}}} & : & \isartrans{proof}{proof} \\
    1.94 +    \indexdef{}{command}{txt\_raw}\hypertarget{command.txt-raw}{\hyperlink{command.txt-raw}{\mbox{\isa{\isacommand{txt{\isacharunderscore}raw}}}}} & : & \isartrans{proof}{proof} \\
    1.95 +  \end{matharray}
    1.96 +
    1.97 +  Apart from formal comments (see \secref{sec:comments}), markup
    1.98 +  commands provide a structured way to insert text into the document
    1.99 +  generated from a theory (see \cite{isabelle-sys} for more
   1.100 +  information on Isabelle's document preparation tools).
   1.101 +
   1.102 +  \begin{rail}
   1.103 +    ('chapter' | 'section' | 'subsection' | 'subsubsection' | 'text') target? text
   1.104 +    ;
   1.105 +    ('text\_raw' | 'sect' | 'subsect' | 'subsubsect' | 'txt' | 'txt\_raw') text
   1.106 +    ;
   1.107 +  \end{rail}
   1.108 +
   1.109 +  \begin{descr}
   1.110 +
   1.111 +  \item [\hyperlink{command.chapter}{\mbox{\isa{\isacommand{chapter}}}}, \hyperlink{command.section}{\mbox{\isa{\isacommand{section}}}}, \hyperlink{command.subsection}{\mbox{\isa{\isacommand{subsection}}}}, and \hyperlink{command.subsubsection}{\mbox{\isa{\isacommand{subsubsection}}}}] mark chapter and
   1.112 +  section headings.
   1.113 +
   1.114 +  \item [\hyperlink{command.text}{\mbox{\isa{\isacommand{text}}}} and \hyperlink{command.txt}{\mbox{\isa{\isacommand{txt}}}}] specify paragraphs of
   1.115 +  plain text.
   1.116 +
   1.117 +  \item [\hyperlink{command.text-raw}{\mbox{\isa{\isacommand{text{\isacharunderscore}raw}}}} and \hyperlink{command.txt-raw}{\mbox{\isa{\isacommand{txt{\isacharunderscore}raw}}}}] insert
   1.118 +  {\LaTeX} source into the output, without additional markup.  Thus
   1.119 +  the full range of document manipulations becomes available.
   1.120 +
   1.121 +  \end{descr}
   1.122 +
   1.123 +  The \isa{{\isachardoublequote}text{\isachardoublequote}} argument of these markup commands (except for
   1.124 +  \hyperlink{command.text-raw}{\mbox{\isa{\isacommand{text{\isacharunderscore}raw}}}}) may contain references to formal entities
   1.125 +  (``antiquotations'', see also \secref{sec:antiq}).  These are
   1.126 +  interpreted in the present theory context, or the named \isa{{\isachardoublequote}target{\isachardoublequote}}.
   1.127 +
   1.128 +  Any of these markup elements corresponds to a {\LaTeX} command with
   1.129 +  the name prefixed by \verb|\isamarkup|.  For the sectioning
   1.130 +  commands this is a plain macro with a single argument, e.g.\
   1.131 +  \verb|\isamarkupchapter{|\isa{{\isachardoublequote}{\isasymdots}{\isachardoublequote}}\verb|}| for
   1.132 +  \hyperlink{command.chapter}{\mbox{\isa{\isacommand{chapter}}}}.  The \hyperlink{command.text}{\mbox{\isa{\isacommand{text}}}} markup results in a
   1.133 +  {\LaTeX} environment \verb|\begin{isamarkuptext}| \isa{{\isachardoublequote}{\isasymdots}{\isachardoublequote}} \verb|\end{isamarkuptext}|, while \hyperlink{command.text-raw}{\mbox{\isa{\isacommand{text{\isacharunderscore}raw}}}}
   1.134 +  causes the text to be inserted directly into the {\LaTeX} source.
   1.135 +
   1.136 +  \medskip The proof markup commands closely resemble those for theory
   1.137 +  specifications, but have a different formal status and produce
   1.138 +  different {\LaTeX} macros.  Also note that the \indexref{}{command}{header}\hyperlink{command.header}{\mbox{\isa{\isacommand{header}}}} declaration (see \secref{sec:begin-thy}) admits to insert
   1.139 +  section markup just preceding the actual theory definition.%
   1.140 +\end{isamarkuptext}%
   1.141 +\isamarkuptrue%
   1.142 +%
   1.143 +\isamarkupsection{Antiquotations \label{sec:antiq}%
   1.144 +}
   1.145 +\isamarkuptrue%
   1.146 +%
   1.147 +\begin{isamarkuptext}%
   1.148 +\begin{matharray}{rcl}
   1.149 +    \indexdef{}{antiquotation}{theory}\hypertarget{antiquotation.theory}{\hyperlink{antiquotation.theory}{\mbox{\isa{theory}}}} & : & \isarantiq \\
   1.150 +    \indexdef{}{antiquotation}{thm}\hypertarget{antiquotation.thm}{\hyperlink{antiquotation.thm}{\mbox{\isa{thm}}}} & : & \isarantiq \\
   1.151 +    \indexdef{}{antiquotation}{prop}\hypertarget{antiquotation.prop}{\hyperlink{antiquotation.prop}{\mbox{\isa{prop}}}} & : & \isarantiq \\
   1.152 +    \indexdef{}{antiquotation}{term}\hypertarget{antiquotation.term}{\hyperlink{antiquotation.term}{\mbox{\isa{term}}}} & : & \isarantiq \\
   1.153 +    \indexdef{}{antiquotation}{const}\hypertarget{antiquotation.const}{\hyperlink{antiquotation.const}{\mbox{\isa{const}}}} & : & \isarantiq \\
   1.154 +    \indexdef{}{antiquotation}{abbrev}\hypertarget{antiquotation.abbrev}{\hyperlink{antiquotation.abbrev}{\mbox{\isa{abbrev}}}} & : & \isarantiq \\
   1.155 +    \indexdef{}{antiquotation}{typeof}\hypertarget{antiquotation.typeof}{\hyperlink{antiquotation.typeof}{\mbox{\isa{typeof}}}} & : & \isarantiq \\
   1.156 +    \indexdef{}{antiquotation}{typ}\hypertarget{antiquotation.typ}{\hyperlink{antiquotation.typ}{\mbox{\isa{typ}}}} & : & \isarantiq \\
   1.157 +    \indexdef{}{antiquotation}{thm\_style}\hypertarget{antiquotation.thm-style}{\hyperlink{antiquotation.thm-style}{\mbox{\isa{thm{\isacharunderscore}style}}}} & : & \isarantiq \\
   1.158 +    \indexdef{}{antiquotation}{term\_style}\hypertarget{antiquotation.term-style}{\hyperlink{antiquotation.term-style}{\mbox{\isa{term{\isacharunderscore}style}}}} & : & \isarantiq \\
   1.159 +    \indexdef{}{antiquotation}{text}\hypertarget{antiquotation.text}{\hyperlink{antiquotation.text}{\mbox{\isa{text}}}} & : & \isarantiq \\
   1.160 +    \indexdef{}{antiquotation}{goals}\hypertarget{antiquotation.goals}{\hyperlink{antiquotation.goals}{\mbox{\isa{goals}}}} & : & \isarantiq \\
   1.161 +    \indexdef{}{antiquotation}{subgoals}\hypertarget{antiquotation.subgoals}{\hyperlink{antiquotation.subgoals}{\mbox{\isa{subgoals}}}} & : & \isarantiq \\
   1.162 +    \indexdef{}{antiquotation}{prf}\hypertarget{antiquotation.prf}{\hyperlink{antiquotation.prf}{\mbox{\isa{prf}}}} & : & \isarantiq \\
   1.163 +    \indexdef{}{antiquotation}{full\_prf}\hypertarget{antiquotation.full-prf}{\hyperlink{antiquotation.full-prf}{\mbox{\isa{full{\isacharunderscore}prf}}}} & : & \isarantiq \\
   1.164 +    \indexdef{}{antiquotation}{ML}\hypertarget{antiquotation.ML}{\hyperlink{antiquotation.ML}{\mbox{\isa{ML}}}} & : & \isarantiq \\
   1.165 +    \indexdef{}{antiquotation}{ML\_type}\hypertarget{antiquotation.ML-type}{\hyperlink{antiquotation.ML-type}{\mbox{\isa{ML{\isacharunderscore}type}}}} & : & \isarantiq \\
   1.166 +    \indexdef{}{antiquotation}{ML\_struct}\hypertarget{antiquotation.ML-struct}{\hyperlink{antiquotation.ML-struct}{\mbox{\isa{ML{\isacharunderscore}struct}}}} & : & \isarantiq \\
   1.167 +  \end{matharray}
   1.168 +
   1.169 +  The text body of formal comments (see also \secref{sec:comments})
   1.170 +  may contain antiquotations of logical entities, such as theorems,
   1.171 +  terms and types, which are to be presented in the final output
   1.172 +  produced by the Isabelle document preparation system (see also
   1.173 +  \chref{ch:document-prep}).
   1.174 +
   1.175 +  Thus embedding of ``\isa{{\isachardoublequote}{\isacharat}{\isacharbraceleft}term\ {\isacharbrackleft}show{\isacharunderscore}types{\isacharbrackright}\ {\isachardoublequote}f\ x\ {\isacharequal}\ a\ {\isacharplus}\ x{\isachardoublequote}{\isacharbraceright}{\isachardoublequote}}''
   1.176 +  within a text block would cause
   1.177 +  \isa{{\isacharparenleft}f{\isasymColon}{\isacharprime}a\ {\isasymRightarrow}\ {\isacharprime}a{\isacharparenright}\ {\isacharparenleft}x{\isasymColon}{\isacharprime}a{\isacharparenright}\ {\isacharequal}\ {\isacharparenleft}a{\isasymColon}{\isacharprime}a{\isacharparenright}\ {\isacharplus}\ x} to appear in the final {\LaTeX} document.  Also note that theorem
   1.178 +  antiquotations may involve attributes as well.  For example,
   1.179 +  \isa{{\isachardoublequote}{\isacharat}{\isacharbraceleft}thm\ sym\ {\isacharbrackleft}no{\isacharunderscore}vars{\isacharbrackright}{\isacharbraceright}{\isachardoublequote}} would print the theorem's
   1.180 +  statement where all schematic variables have been replaced by fixed
   1.181 +  ones, which are easier to read.
   1.182 +
   1.183 +  \begin{rail}
   1.184 +    atsign lbrace antiquotation rbrace
   1.185 +    ;
   1.186 +
   1.187 +    antiquotation:
   1.188 +      'theory' options name |
   1.189 +      'thm' options thmrefs |
   1.190 +      'prop' options prop |
   1.191 +      'term' options term |
   1.192 +      'const' options term |
   1.193 +      'abbrev' options term |
   1.194 +      'typeof' options term |
   1.195 +      'typ' options type |
   1.196 +      'thm\_style' options name thmref |
   1.197 +      'term\_style' options name term |
   1.198 +      'text' options name |
   1.199 +      'goals' options |
   1.200 +      'subgoals' options |
   1.201 +      'prf' options thmrefs |
   1.202 +      'full\_prf' options thmrefs |
   1.203 +      'ML' options name |
   1.204 +      'ML\_type' options name |
   1.205 +      'ML\_struct' options name
   1.206 +    ;
   1.207 +    options: '[' (option * ',') ']'
   1.208 +    ;
   1.209 +    option: name | name '=' name
   1.210 +    ;
   1.211 +  \end{rail}
   1.212 +
   1.213 +  Note that the syntax of antiquotations may \emph{not} include source
   1.214 +  comments \verb|(*|~\isa{{\isachardoublequote}{\isasymdots}{\isachardoublequote}}~\verb|*)| or verbatim
   1.215 +  text \verb|{|\verb|*|~\isa{{\isachardoublequote}{\isasymdots}{\isachardoublequote}}~\verb|*|\verb|}|.
   1.216 +
   1.217 +  \begin{descr}
   1.218 +  
   1.219 +  \item [\isa{{\isachardoublequote}{\isacharat}{\isacharbraceleft}theory\ A{\isacharbraceright}{\isachardoublequote}}] prints the name \isa{{\isachardoublequote}A{\isachardoublequote}}, which is
   1.220 +  guaranteed to refer to a valid ancestor theory in the current
   1.221 +  context.
   1.222 +
   1.223 +  \item [\isa{{\isachardoublequote}{\isacharat}{\isacharbraceleft}thm\ a\isactrlsub {\isadigit{1}}\ {\isasymdots}\ a\isactrlsub n{\isacharbraceright}{\isachardoublequote}}] prints theorems
   1.224 +  \isa{{\isachardoublequote}a\isactrlsub {\isadigit{1}}\ {\isasymdots}\ a\isactrlsub n{\isachardoublequote}}.  Note that attribute specifications
   1.225 +  may be included as well (see also \secref{sec:syn-att}); the
   1.226 +  \indexref{}{attribute}{no\_vars}\hyperlink{attribute.no-vars}{\mbox{\isa{no{\isacharunderscore}vars}}} rule (see \secref{sec:misc-meth-att}) would
   1.227 +  be particularly useful to suppress printing of schematic variables.
   1.228 +
   1.229 +  \item [\isa{{\isachardoublequote}{\isacharat}{\isacharbraceleft}prop\ {\isasymphi}{\isacharbraceright}{\isachardoublequote}}] prints a well-typed proposition \isa{{\isachardoublequote}{\isasymphi}{\isachardoublequote}}.
   1.230 +
   1.231 +  \item [\isa{{\isachardoublequote}{\isacharat}{\isacharbraceleft}term\ t{\isacharbraceright}{\isachardoublequote}}] prints a well-typed term \isa{{\isachardoublequote}t{\isachardoublequote}}.
   1.232 +
   1.233 +  \item [\isa{{\isachardoublequote}{\isacharat}{\isacharbraceleft}const\ c{\isacharbraceright}{\isachardoublequote}}] prints a logical or syntactic constant
   1.234 +  \isa{{\isachardoublequote}c{\isachardoublequote}}.
   1.235 +  
   1.236 +  \item [\isa{{\isachardoublequote}{\isacharat}{\isacharbraceleft}abbrev\ c\ x\isactrlsub {\isadigit{1}}\ {\isasymdots}\ x\isactrlsub n{\isacharbraceright}{\isachardoublequote}}] prints a constant
   1.237 +  abbreviation \isa{{\isachardoublequote}c\ x\isactrlsub {\isadigit{1}}\ {\isasymdots}\ x\isactrlsub n\ {\isasymequiv}\ rhs{\isachardoublequote}} as defined in
   1.238 +  the current context.
   1.239 +
   1.240 +  \item [\isa{{\isachardoublequote}{\isacharat}{\isacharbraceleft}typeof\ t{\isacharbraceright}{\isachardoublequote}}] prints the type of a well-typed term
   1.241 +  \isa{{\isachardoublequote}t{\isachardoublequote}}.
   1.242 +
   1.243 +  \item [\isa{{\isachardoublequote}{\isacharat}{\isacharbraceleft}typ\ {\isasymtau}{\isacharbraceright}{\isachardoublequote}}] prints a well-formed type \isa{{\isachardoublequote}{\isasymtau}{\isachardoublequote}}.
   1.244 +  
   1.245 +  \item [\isa{{\isachardoublequote}{\isacharat}{\isacharbraceleft}thm{\isacharunderscore}style\ s\ a{\isacharbraceright}{\isachardoublequote}}] prints theorem \isa{a},
   1.246 +  previously applying a style \isa{s} to it (see below).
   1.247 +  
   1.248 +  \item [\isa{{\isachardoublequote}{\isacharat}{\isacharbraceleft}term{\isacharunderscore}style\ s\ t{\isacharbraceright}{\isachardoublequote}}] prints a well-typed term \isa{t} after applying a style \isa{s} to it (see below).
   1.249 +
   1.250 +  \item [\isa{{\isachardoublequote}{\isacharat}{\isacharbraceleft}text\ s{\isacharbraceright}{\isachardoublequote}}] prints uninterpreted source text \isa{s}.  This is particularly useful to print portions of text according
   1.251 +  to the Isabelle {\LaTeX} output style, without demanding
   1.252 +  well-formedness (e.g.\ small pieces of terms that should not be
   1.253 +  parsed or type-checked yet).
   1.254 +
   1.255 +  \item [\isa{{\isachardoublequote}{\isacharat}{\isacharbraceleft}goals{\isacharbraceright}{\isachardoublequote}}] prints the current \emph{dynamic} goal
   1.256 +  state.  This is mainly for support of tactic-emulation scripts
   1.257 +  within Isar --- presentation of goal states does not conform to
   1.258 +  actual human-readable proof documents.
   1.259 +
   1.260 +  Please do not include goal states into document output unless you
   1.261 +  really know what you are doing!
   1.262 +  
   1.263 +  \item [\isa{{\isachardoublequote}{\isacharat}{\isacharbraceleft}subgoals{\isacharbraceright}{\isachardoublequote}}] is similar to \isa{{\isachardoublequote}{\isacharat}{\isacharbraceleft}goals{\isacharbraceright}{\isachardoublequote}}, but
   1.264 +  does not print the main goal.
   1.265 +  
   1.266 +  \item [\isa{{\isachardoublequote}{\isacharat}{\isacharbraceleft}prf\ a\isactrlsub {\isadigit{1}}\ {\isasymdots}\ a\isactrlsub n{\isacharbraceright}{\isachardoublequote}}] prints the (compact)
   1.267 +  proof terms corresponding to the theorems \isa{{\isachardoublequote}a\isactrlsub {\isadigit{1}}\ {\isasymdots}\ a\isactrlsub n{\isachardoublequote}}. Note that this requires proof terms to be switched on
   1.268 +  for the current object logic (see the ``Proof terms'' section of the
   1.269 +  Isabelle reference manual for information on how to do this).
   1.270 +  
   1.271 +  \item [\isa{{\isachardoublequote}{\isacharat}{\isacharbraceleft}full{\isacharunderscore}prf\ a\isactrlsub {\isadigit{1}}\ {\isasymdots}\ a\isactrlsub n{\isacharbraceright}{\isachardoublequote}}] is like \isa{{\isachardoublequote}{\isacharat}{\isacharbraceleft}prf\ a\isactrlsub {\isadigit{1}}\ {\isasymdots}\ a\isactrlsub n{\isacharbraceright}{\isachardoublequote}}, but displays the full proof terms,
   1.272 +  i.e.\ also displays information omitted in the compact proof term,
   1.273 +  which is denoted by ``\isa{{\isacharunderscore}}'' placeholders there.
   1.274 +  
   1.275 +  \item [\isa{{\isachardoublequote}{\isacharat}{\isacharbraceleft}ML\ s{\isacharbraceright}{\isachardoublequote}}, \isa{{\isachardoublequote}{\isacharat}{\isacharbraceleft}ML{\isacharunderscore}type\ s{\isacharbraceright}{\isachardoublequote}}, and \isa{{\isachardoublequote}{\isacharat}{\isacharbraceleft}ML{\isacharunderscore}struct\ s{\isacharbraceright}{\isachardoublequote}}] check text \isa{s} as ML value, type, and
   1.276 +  structure, respectively.  The source is displayed verbatim.
   1.277 +
   1.278 +  \end{descr}
   1.279 +
   1.280 +  \medskip The following standard styles for use with \isa{thm{\isacharunderscore}style} and \isa{term{\isacharunderscore}style} are available:
   1.281 +
   1.282 +  \begin{descr}
   1.283 +  
   1.284 +  \item [\isa{lhs}] extracts the first argument of any application
   1.285 +  form with at least two arguments -- typically meta-level or
   1.286 +  object-level equality, or any other binary relation.
   1.287 +  
   1.288 +  \item [\isa{rhs}] is like \isa{lhs}, but extracts the second
   1.289 +  argument.
   1.290 +  
   1.291 +  \item [\isa{{\isachardoublequote}concl{\isachardoublequote}}] extracts the conclusion \isa{C} from a rule
   1.292 +  in Horn-clause normal form \isa{{\isachardoublequote}A\isactrlsub {\isadigit{1}}\ {\isasymLongrightarrow}\ {\isasymdots}\ A\isactrlsub n\ {\isasymLongrightarrow}\ C{\isachardoublequote}}.
   1.293 +  
   1.294 +  \item [\isa{{\isachardoublequote}prem{\isadigit{1}}{\isachardoublequote}}, \dots, \isa{{\isachardoublequote}prem{\isadigit{9}}{\isachardoublequote}}] extract premise
   1.295 +  number \isa{{\isachardoublequote}{\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ {\isadigit{9}}{\isachardoublequote}}, respectively, from from a rule in
   1.296 +  Horn-clause normal form \isa{{\isachardoublequote}A\isactrlsub {\isadigit{1}}\ {\isasymLongrightarrow}\ {\isasymdots}\ A\isactrlsub n\ {\isasymLongrightarrow}\ C{\isachardoublequote}}
   1.297 +
   1.298 +  \end{descr}
   1.299 +
   1.300 +  \medskip
   1.301 +  The following options are available to tune the output.  Note that most of
   1.302 +  these coincide with ML flags of the same names (see also \cite{isabelle-ref}).
   1.303 +
   1.304 +  \begin{descr}
   1.305 +
   1.306 +  \item[\isa{{\isachardoublequote}show{\isacharunderscore}types\ {\isacharequal}\ bool{\isachardoublequote}} and \isa{{\isachardoublequote}show{\isacharunderscore}sorts\ {\isacharequal}\ bool{\isachardoublequote}}]
   1.307 +  control printing of explicit type and sort constraints.
   1.308 +
   1.309 +  \item[\isa{{\isachardoublequote}show{\isacharunderscore}structs\ {\isacharequal}\ bool{\isachardoublequote}}] controls printing of implicit
   1.310 +  structures.
   1.311 +
   1.312 +  \item[\isa{{\isachardoublequote}long{\isacharunderscore}names\ {\isacharequal}\ bool{\isachardoublequote}}] forces names of types and
   1.313 +  constants etc.\ to be printed in their fully qualified internal
   1.314 +  form.
   1.315 +
   1.316 +  \item[\isa{{\isachardoublequote}short{\isacharunderscore}names\ {\isacharequal}\ bool{\isachardoublequote}}] forces names of types and
   1.317 +  constants etc.\ to be printed unqualified.  Note that internalizing
   1.318 +  the output again in the current context may well yield a different
   1.319 +  result.
   1.320 +
   1.321 +  \item[\isa{{\isachardoublequote}unique{\isacharunderscore}names\ {\isacharequal}\ bool{\isachardoublequote}}] determines whether the printed
   1.322 +  version of qualified names should be made sufficiently long to avoid
   1.323 +  overlap with names declared further back.  Set to \isa{false} for
   1.324 +  more concise output.
   1.325 +
   1.326 +  \item[\isa{{\isachardoublequote}eta{\isacharunderscore}contract\ {\isacharequal}\ bool{\isachardoublequote}}] prints terms in \isa{{\isasymeta}}-contracted form.
   1.327 +
   1.328 +  \item[\isa{{\isachardoublequote}display\ {\isacharequal}\ bool{\isachardoublequote}}] indicates if the text is to be
   1.329 +  output as multi-line ``display material'', rather than a small piece
   1.330 +  of text without line breaks (which is the default).
   1.331 +
   1.332 +  \item[\isa{{\isachardoublequote}break\ {\isacharequal}\ bool{\isachardoublequote}}] controls line breaks in non-display
   1.333 +  material.
   1.334 +
   1.335 +  \item[\isa{{\isachardoublequote}quotes\ {\isacharequal}\ bool{\isachardoublequote}}] indicates if the output should be
   1.336 +  enclosed in double quotes.
   1.337 +
   1.338 +  \item[\isa{{\isachardoublequote}mode\ {\isacharequal}\ name{\isachardoublequote}}] adds \isa{name} to the print mode to
   1.339 +  be used for presentation (see also \cite{isabelle-ref}).  Note that
   1.340 +  the standard setup for {\LaTeX} output is already present by
   1.341 +  default, including the modes \isa{latex} and \isa{xsymbols}.
   1.342 +
   1.343 +  \item[\isa{{\isachardoublequote}margin\ {\isacharequal}\ nat{\isachardoublequote}} and \isa{{\isachardoublequote}indent\ {\isacharequal}\ nat{\isachardoublequote}}] change the
   1.344 +  margin or indentation for pretty printing of display material.
   1.345 +
   1.346 +  \item[\isa{{\isachardoublequote}source\ {\isacharequal}\ bool{\isachardoublequote}}] prints the source text of the
   1.347 +  antiquotation arguments, rather than the actual value.  Note that
   1.348 +  this does not affect well-formedness checks of \hyperlink{antiquotation.thm}{\mbox{\isa{thm}}}, \hyperlink{antiquotation.term}{\mbox{\isa{term}}}, etc. (only the \hyperlink{antiquotation.text}{\mbox{\isa{text}}} antiquotation admits arbitrary output).
   1.349 +
   1.350 +  \item[\isa{{\isachardoublequote}goals{\isacharunderscore}limit\ {\isacharequal}\ nat{\isachardoublequote}}] determines the maximum number of
   1.351 +  goals to be printed.
   1.352 +
   1.353 +  \item[\isa{{\isachardoublequote}locale\ {\isacharequal}\ name{\isachardoublequote}}] specifies an alternative locale
   1.354 +  context used for evaluating and printing the subsequent argument.
   1.355 +
   1.356 +  \end{descr}
   1.357 +
   1.358 +  For boolean flags, ``\isa{{\isachardoublequote}name\ {\isacharequal}\ true{\isachardoublequote}}'' may be abbreviated as
   1.359 +  ``\isa{name}''.  All of the above flags are disabled by default,
   1.360 +  unless changed from ML.
   1.361 +
   1.362 +  \medskip Note that antiquotations do not only spare the author from
   1.363 +  tedious typing of logical entities, but also achieve some degree of
   1.364 +  consistency-checking of informal explanations with formal
   1.365 +  developments: well-formedness of terms and types with respect to the
   1.366 +  current theory or proof context is ensured here.%
   1.367 +\end{isamarkuptext}%
   1.368 +\isamarkuptrue%
   1.369 +%
   1.370 +\isamarkupsection{Tagged commands \label{sec:tags}%
   1.371 +}
   1.372 +\isamarkuptrue%
   1.373 +%
   1.374 +\begin{isamarkuptext}%
   1.375 +Each Isabelle/Isar command may be decorated by presentation tags:
   1.376 +
   1.377 +  \indexouternonterm{tags}
   1.378 +  \begin{rail}
   1.379 +    tags: ( tag * )
   1.380 +    ;
   1.381 +    tag: '\%' (ident | string)
   1.382 +  \end{rail}
   1.383 +
   1.384 +  The tags \isa{{\isachardoublequote}theory{\isachardoublequote}}, \isa{{\isachardoublequote}proof{\isachardoublequote}}, \isa{{\isachardoublequote}ML{\isachardoublequote}} are already
   1.385 +  pre-declared for certain classes of commands:
   1.386 +
   1.387 + \medskip
   1.388 +
   1.389 +  \begin{tabular}{ll}
   1.390 +    \isa{{\isachardoublequote}theory{\isachardoublequote}} & theory begin/end \\
   1.391 +    \isa{{\isachardoublequote}proof{\isachardoublequote}} & all proof commands \\
   1.392 +    \isa{{\isachardoublequote}ML{\isachardoublequote}} & all commands involving ML code \\
   1.393 +  \end{tabular}
   1.394 +
   1.395 +  \medskip The Isabelle document preparation system (see also
   1.396 +  \cite{isabelle-sys}) allows tagged command regions to be presented
   1.397 +  specifically, e.g.\ to fold proof texts, or drop parts of the text
   1.398 +  completely.
   1.399 +
   1.400 +  For example ``\hyperlink{command.by}{\mbox{\isa{\isacommand{by}}}}~\isa{{\isachardoublequote}{\isacharpercent}invisible\ auto{\isachardoublequote}}'' would
   1.401 +  cause that piece of proof to be treated as \isa{invisible} instead
   1.402 +  of \isa{{\isachardoublequote}proof{\isachardoublequote}} (the default), which may be either show or hidden
   1.403 +  depending on the document setup.  In contrast, ``\hyperlink{command.by}{\mbox{\isa{\isacommand{by}}}}~\isa{{\isachardoublequote}{\isacharpercent}visible\ auto{\isachardoublequote}}'' would force this text to be shown
   1.404 +  invariably.
   1.405 +
   1.406 +  Explicit tag specifications within a proof apply to all subsequent
   1.407 +  commands of the same level of nesting.  For example, ``\hyperlink{command.proof}{\mbox{\isa{\isacommand{proof}}}}~\isa{{\isachardoublequote}{\isacharpercent}visible\ {\isasymdots}{\isachardoublequote}}~\hyperlink{command.qed}{\mbox{\isa{\isacommand{qed}}}}'' would force the
   1.408 +  whole sub-proof to be typeset as \isa{visible} (unless some of its
   1.409 +  parts are tagged differently).%
   1.410 +\end{isamarkuptext}%
   1.411 +\isamarkuptrue%
   1.412 +%
   1.413 +\isamarkupsection{Draft presentation%
   1.414 +}
   1.415 +\isamarkuptrue%
   1.416 +%
   1.417 +\begin{isamarkuptext}%
   1.418 +\begin{matharray}{rcl}
   1.419 +    \indexdef{}{command}{display\_drafts}\hypertarget{command.display-drafts}{\hyperlink{command.display-drafts}{\mbox{\isa{\isacommand{display{\isacharunderscore}drafts}}}}}\isa{{\isachardoublequote}\isactrlsup {\isacharasterisk}{\isachardoublequote}} & : & \isarkeep{\cdot} \\
   1.420 +    \indexdef{}{command}{print\_drafts}\hypertarget{command.print-drafts}{\hyperlink{command.print-drafts}{\mbox{\isa{\isacommand{print{\isacharunderscore}drafts}}}}}\isa{{\isachardoublequote}\isactrlsup {\isacharasterisk}{\isachardoublequote}} & : & \isarkeep{\cdot} \\
   1.421 +  \end{matharray}
   1.422 +
   1.423 +  \begin{rail}
   1.424 +    ('display\_drafts' | 'print\_drafts') (name +)
   1.425 +    ;
   1.426 +  \end{rail}
   1.427 +
   1.428 +  \begin{descr}
   1.429 +
   1.430 +  \item [\hyperlink{command.display-drafts}{\mbox{\isa{\isacommand{display{\isacharunderscore}drafts}}}}~\isa{paths} and \hyperlink{command.print-drafts}{\mbox{\isa{\isacommand{print{\isacharunderscore}drafts}}}}~\isa{paths}] perform simple output of a given list
   1.431 +  of raw source files.  Only those symbols that do not require
   1.432 +  additional {\LaTeX} packages are displayed properly, everything else
   1.433 +  is left verbatim.
   1.434 +
   1.435 +  \end{descr}%
   1.436 +\end{isamarkuptext}%
   1.437 +\isamarkuptrue%
   1.438 +%
   1.439 +\isadelimtheory
   1.440 +%
   1.441 +\endisadelimtheory
   1.442 +%
   1.443 +\isatagtheory
   1.444 +\isacommand{end}\isamarkupfalse%
   1.445 +%
   1.446 +\endisatagtheory
   1.447 +{\isafoldtheory}%
   1.448 +%
   1.449 +\isadelimtheory
   1.450 +%
   1.451 +\endisadelimtheory
   1.452 +\isanewline
   1.453 +\end{isabellebody}%
   1.454 +%%% Local Variables:
   1.455 +%%% mode: latex
   1.456 +%%% TeX-master: "root"
   1.457 +%%% End:
     2.1 --- a/doc-src/IsarRef/Thy/document/Generic.tex	Mon Jun 02 22:50:27 2008 +0200
     2.2 +++ b/doc-src/IsarRef/Thy/document/Generic.tex	Mon Jun 02 22:50:29 2008 +0200
     2.3 @@ -24,733 +24,7 @@
     2.4  }
     2.5  \isamarkuptrue%
     2.6  %
     2.7 -\isamarkupsection{Specification commands%
     2.8 -}
     2.9 -\isamarkuptrue%
    2.10 -%
    2.11 -\isamarkupsubsection{Derived specifications%
    2.12 -}
    2.13 -\isamarkuptrue%
    2.14 -%
    2.15 -\begin{isamarkuptext}%
    2.16 -\begin{matharray}{rcll}
    2.17 -    \indexdef{}{command}{axiomatization}\hypertarget{command.axiomatization}{\hyperlink{command.axiomatization}{\mbox{\isa{\isacommand{axiomatization}}}}} & : & \isarkeep{local{\dsh}theory} & (axiomatic!)\\
    2.18 -    \indexdef{}{command}{definition}\hypertarget{command.definition}{\hyperlink{command.definition}{\mbox{\isa{\isacommand{definition}}}}} & : & \isarkeep{local{\dsh}theory} \\
    2.19 -    \indexdef{}{attribute}{defn}\hypertarget{attribute.defn}{\hyperlink{attribute.defn}{\mbox{\isa{defn}}}} & : & \isaratt \\
    2.20 -    \indexdef{}{command}{abbreviation}\hypertarget{command.abbreviation}{\hyperlink{command.abbreviation}{\mbox{\isa{\isacommand{abbreviation}}}}} & : & \isarkeep{local{\dsh}theory} \\
    2.21 -    \indexdef{}{command}{print\_abbrevs}\hypertarget{command.print-abbrevs}{\hyperlink{command.print-abbrevs}{\mbox{\isa{\isacommand{print{\isacharunderscore}abbrevs}}}}}\isa{{\isachardoublequote}\isactrlsup {\isacharasterisk}{\isachardoublequote}} & : & \isarkeep{theory~|~proof} \\
    2.22 -    \indexdef{}{command}{notation}\hypertarget{command.notation}{\hyperlink{command.notation}{\mbox{\isa{\isacommand{notation}}}}} & : & \isarkeep{local{\dsh}theory} \\
    2.23 -    \indexdef{}{command}{no\_notation}\hypertarget{command.no-notation}{\hyperlink{command.no-notation}{\mbox{\isa{\isacommand{no{\isacharunderscore}notation}}}}} & : & \isarkeep{local{\dsh}theory} \\
    2.24 -  \end{matharray}
    2.25 -
    2.26 -  These specification mechanisms provide a slightly more abstract view
    2.27 -  than the underlying primitives of \hyperlink{command.consts}{\mbox{\isa{\isacommand{consts}}}}, \hyperlink{command.defs}{\mbox{\isa{\isacommand{defs}}}} (see \secref{sec:consts}), and \hyperlink{command.axioms}{\mbox{\isa{\isacommand{axioms}}}} (see
    2.28 -  \secref{sec:axms-thms}).  In particular, type-inference is commonly
    2.29 -  available, and result names need not be given.
    2.30 -
    2.31 -  \begin{rail}
    2.32 -    'axiomatization' target? fixes? ('where' specs)?
    2.33 -    ;
    2.34 -    'definition' target? (decl 'where')? thmdecl? prop
    2.35 -    ;
    2.36 -    'abbreviation' target? mode? (decl 'where')? prop
    2.37 -    ;
    2.38 -    ('notation' | 'no\_notation') target? mode? (nameref structmixfix + 'and')
    2.39 -    ;
    2.40 -
    2.41 -    fixes: ((name ('::' type)? mixfix? | vars) + 'and')
    2.42 -    ;
    2.43 -    specs: (thmdecl? props + 'and')
    2.44 -    ;
    2.45 -    decl: name ('::' type)? mixfix?
    2.46 -    ;
    2.47 -  \end{rail}
    2.48 -
    2.49 -  \begin{descr}
    2.50 -  
    2.51 -  \item [\hyperlink{command.axiomatization}{\mbox{\isa{\isacommand{axiomatization}}}}~\isa{{\isachardoublequote}c\isactrlsub {\isadigit{1}}\ {\isasymdots}\ c\isactrlsub m\ {\isasymWHERE}\ {\isasymphi}\isactrlsub {\isadigit{1}}\ {\isasymdots}\ {\isasymphi}\isactrlsub n{\isachardoublequote}}] introduces several constants
    2.52 -  simultaneously and states axiomatic properties for these.  The
    2.53 -  constants are marked as being specified once and for all, which
    2.54 -  prevents additional specifications being issued later on.
    2.55 -  
    2.56 -  Note that axiomatic specifications are only appropriate when
    2.57 -  declaring a new logical system.  Normal applications should only use
    2.58 -  definitional mechanisms!
    2.59 -
    2.60 -  \item [\hyperlink{command.definition}{\mbox{\isa{\isacommand{definition}}}}~\isa{{\isachardoublequote}c\ {\isasymWHERE}\ eq{\isachardoublequote}}] produces an
    2.61 -  internal definition \isa{{\isachardoublequote}c\ {\isasymequiv}\ t{\isachardoublequote}} according to the specification
    2.62 -  given as \isa{eq}, which is then turned into a proven fact.  The
    2.63 -  given proposition may deviate from internal meta-level equality
    2.64 -  according to the rewrite rules declared as \hyperlink{attribute.defn}{\mbox{\isa{defn}}} by the
    2.65 -  object-logic.  This usually covers object-level equality \isa{{\isachardoublequote}x\ {\isacharequal}\ y{\isachardoublequote}} and equivalence \isa{{\isachardoublequote}A\ {\isasymleftrightarrow}\ B{\isachardoublequote}}.  End-users normally need not
    2.66 -  change the \hyperlink{attribute.defn}{\mbox{\isa{defn}}} setup.
    2.67 -  
    2.68 -  Definitions may be presented with explicit arguments on the LHS, as
    2.69 -  well as additional conditions, e.g.\ \isa{{\isachardoublequote}f\ x\ y\ {\isacharequal}\ t{\isachardoublequote}} instead of
    2.70 -  \isa{{\isachardoublequote}f\ {\isasymequiv}\ {\isasymlambda}x\ y{\isachardot}\ t{\isachardoublequote}} and \isa{{\isachardoublequote}y\ {\isasymnoteq}\ {\isadigit{0}}\ {\isasymLongrightarrow}\ g\ x\ y\ {\isacharequal}\ u{\isachardoublequote}} instead of an
    2.71 -  unrestricted \isa{{\isachardoublequote}g\ {\isasymequiv}\ {\isasymlambda}x\ y{\isachardot}\ u{\isachardoublequote}}.
    2.72 -  
    2.73 -  \item [\hyperlink{command.abbreviation}{\mbox{\isa{\isacommand{abbreviation}}}}~\isa{{\isachardoublequote}c\ {\isasymWHERE}\ eq{\isachardoublequote}}] introduces
    2.74 -  a syntactic constant which is associated with a certain term
    2.75 -  according to the meta-level equality \isa{eq}.
    2.76 -  
    2.77 -  Abbreviations participate in the usual type-inference process, but
    2.78 -  are expanded before the logic ever sees them.  Pretty printing of
    2.79 -  terms involves higher-order rewriting with rules stemming from
    2.80 -  reverted abbreviations.  This needs some care to avoid overlapping
    2.81 -  or looping syntactic replacements!
    2.82 -  
    2.83 -  The optional \isa{mode} specification restricts output to a
    2.84 -  particular print mode; using ``\isa{input}'' here achieves the
    2.85 -  effect of one-way abbreviations.  The mode may also include an
    2.86 -  ``\hyperlink{keyword.output}{\mbox{\isa{\isakeyword{output}}}}'' qualifier that affects the concrete syntax
    2.87 -  declared for abbreviations, cf.\ \hyperlink{command.syntax}{\mbox{\isa{\isacommand{syntax}}}} in
    2.88 -  \secref{sec:syn-trans}.
    2.89 -  
    2.90 -  \item [\hyperlink{command.print-abbrevs}{\mbox{\isa{\isacommand{print{\isacharunderscore}abbrevs}}}}] prints all constant abbreviations
    2.91 -  of the current context.
    2.92 -  
    2.93 -  \item [\hyperlink{command.notation}{\mbox{\isa{\isacommand{notation}}}}~\isa{{\isachardoublequote}c\ {\isacharparenleft}mx{\isacharparenright}{\isachardoublequote}}] associates mixfix
    2.94 -  syntax with an existing constant or fixed variable.  This is a
    2.95 -  robust interface to the underlying \hyperlink{command.syntax}{\mbox{\isa{\isacommand{syntax}}}} primitive
    2.96 -  (\secref{sec:syn-trans}).  Type declaration and internal syntactic
    2.97 -  representation of the given entity is retrieved from the context.
    2.98 -  
    2.99 -  \item [\hyperlink{command.no-notation}{\mbox{\isa{\isacommand{no{\isacharunderscore}notation}}}}] is similar to \hyperlink{command.notation}{\mbox{\isa{\isacommand{notation}}}}, but removes the specified syntax annotation from the
   2.100 -  present context.
   2.101 -
   2.102 -  \end{descr}
   2.103 -
   2.104 -  All of these specifications support local theory targets (cf.\
   2.105 -  \secref{sec:target}).%
   2.106 -\end{isamarkuptext}%
   2.107 -\isamarkuptrue%
   2.108 -%
   2.109 -\isamarkupsubsection{Generic declarations%
   2.110 -}
   2.111 -\isamarkuptrue%
   2.112 -%
   2.113 -\begin{isamarkuptext}%
   2.114 -Arbitrary operations on the background context may be wrapped-up as
   2.115 -  generic declaration elements.  Since the underlying concept of local
   2.116 -  theories may be subject to later re-interpretation, there is an
   2.117 -  additional dependency on a morphism that tells the difference of the
   2.118 -  original declaration context wrt.\ the application context
   2.119 -  encountered later on.  A fact declaration is an important special
   2.120 -  case: it consists of a theorem which is applied to the context by
   2.121 -  means of an attribute.
   2.122 -
   2.123 -  \begin{matharray}{rcl}
   2.124 -    \indexdef{}{command}{declaration}\hypertarget{command.declaration}{\hyperlink{command.declaration}{\mbox{\isa{\isacommand{declaration}}}}} & : & \isarkeep{local{\dsh}theory} \\
   2.125 -    \indexdef{}{command}{declare}\hypertarget{command.declare}{\hyperlink{command.declare}{\mbox{\isa{\isacommand{declare}}}}} & : & \isarkeep{local{\dsh}theory} \\
   2.126 -  \end{matharray}
   2.127 -
   2.128 -  \begin{rail}
   2.129 -    'declaration' target? text
   2.130 -    ;
   2.131 -    'declare' target? (thmrefs + 'and')
   2.132 -    ;
   2.133 -  \end{rail}
   2.134 -
   2.135 -  \begin{descr}
   2.136 -
   2.137 -  \item [\hyperlink{command.declaration}{\mbox{\isa{\isacommand{declaration}}}}~\isa{d}] adds the declaration
   2.138 -  function \isa{d} of ML type \verb|declaration|, to the current
   2.139 -  local theory under construction.  In later application contexts, the
   2.140 -  function is transformed according to the morphisms being involved in
   2.141 -  the interpretation hierarchy.
   2.142 -
   2.143 -  \item [\hyperlink{command.declare}{\mbox{\isa{\isacommand{declare}}}}~\isa{thms}] declares theorems to the
   2.144 -  current local theory context.  No theorem binding is involved here,
   2.145 -  unlike \hyperlink{command.theorems}{\mbox{\isa{\isacommand{theorems}}}} or \hyperlink{command.lemmas}{\mbox{\isa{\isacommand{lemmas}}}} (cf.\
   2.146 -  \secref{sec:axms-thms}), so \hyperlink{command.declare}{\mbox{\isa{\isacommand{declare}}}} only has the effect
   2.147 -  of applying attributes as included in the theorem specification.
   2.148 -
   2.149 -  \end{descr}%
   2.150 -\end{isamarkuptext}%
   2.151 -\isamarkuptrue%
   2.152 -%
   2.153 -\isamarkupsubsection{Local theory targets \label{sec:target}%
   2.154 -}
   2.155 -\isamarkuptrue%
   2.156 -%
   2.157 -\begin{isamarkuptext}%
   2.158 -A local theory target is a context managed separately within the
   2.159 -  enclosing theory.  Contexts may introduce parameters (fixed
   2.160 -  variables) and assumptions (hypotheses).  Definitions and theorems
   2.161 -  depending on the context may be added incrementally later on.  Named
   2.162 -  contexts refer to locales (cf.\ \secref{sec:locale}) or type classes
   2.163 -  (cf.\ \secref{sec:class}); the name ``\isa{{\isachardoublequote}{\isacharminus}{\isachardoublequote}}'' signifies the
   2.164 -  global theory context.
   2.165 -
   2.166 -  \begin{matharray}{rcll}
   2.167 -    \indexdef{}{command}{context}\hypertarget{command.context}{\hyperlink{command.context}{\mbox{\isa{\isacommand{context}}}}} & : & \isartrans{theory}{local{\dsh}theory} \\
   2.168 -    \indexdef{}{command}{end}\hypertarget{command.end}{\hyperlink{command.end}{\mbox{\isa{\isacommand{end}}}}} & : & \isartrans{local{\dsh}theory}{theory} \\
   2.169 -  \end{matharray}
   2.170 -
   2.171 -  \indexouternonterm{target}
   2.172 -  \begin{rail}
   2.173 -    'context' name 'begin'
   2.174 -    ;
   2.175 -
   2.176 -    target: '(' 'in' name ')'
   2.177 -    ;
   2.178 -  \end{rail}
   2.179 -
   2.180 -  \begin{descr}
   2.181 -  
   2.182 -  \item [\hyperlink{command.context}{\mbox{\isa{\isacommand{context}}}}~\isa{{\isachardoublequote}c\ {\isasymBEGIN}{\isachardoublequote}}] recommences an
   2.183 -  existing locale or class context \isa{c}.  Note that locale and
   2.184 -  class definitions allow to include the \indexref{}{keyword}{begin}\hyperlink{keyword.begin}{\mbox{\isa{\isakeyword{begin}}}}
   2.185 -  keyword as well, in order to continue the local theory immediately
   2.186 -  after the initial specification.
   2.187 -  
   2.188 -  \item [\hyperlink{command.end}{\mbox{\isa{\isacommand{end}}}}] concludes the current local theory and
   2.189 -  continues the enclosing global theory.  Note that a non-local
   2.190 -  \hyperlink{command.end}{\mbox{\isa{\isacommand{end}}}} has a different meaning: it concludes the theory
   2.191 -  itself (\secref{sec:begin-thy}).
   2.192 -  
   2.193 -  \item [\isa{{\isachardoublequote}{\isacharparenleft}{\isasymIN}\ c{\isacharparenright}{\isachardoublequote}}] given after any local theory command
   2.194 -  specifies an immediate target, e.g.\ ``\hyperlink{command.definition}{\mbox{\isa{\isacommand{definition}}}}~\isa{{\isachardoublequote}{\isacharparenleft}{\isasymIN}\ c{\isacharparenright}\ {\isasymdots}{\isachardoublequote}}'' or ``\hyperlink{command.theorem}{\mbox{\isa{\isacommand{theorem}}}}~\isa{{\isachardoublequote}{\isacharparenleft}{\isasymIN}\ c{\isacharparenright}\ {\isasymdots}{\isachardoublequote}}''.  This works both in a local or
   2.195 -  global theory context; the current target context will be suspended
   2.196 -  for this command only.  Note that ``\isa{{\isachardoublequote}{\isacharparenleft}{\isasymIN}\ {\isacharminus}{\isacharparenright}{\isachardoublequote}}'' will
   2.197 -  always produce a global result independently of the current target
   2.198 -  context.
   2.199 -
   2.200 -  \end{descr}
   2.201 -
   2.202 -  The exact meaning of results produced within a local theory context
   2.203 -  depends on the underlying target infrastructure (locale, type class
   2.204 -  etc.).  The general idea is as follows, considering a context named
   2.205 -  \isa{c} with parameter \isa{x} and assumption \isa{{\isachardoublequote}A{\isacharbrackleft}x{\isacharbrackright}{\isachardoublequote}}.
   2.206 -  
   2.207 -  Definitions are exported by introducing a global version with
   2.208 -  additional arguments; a syntactic abbreviation links the long form
   2.209 -  with the abstract version of the target context.  For example,
   2.210 -  \isa{{\isachardoublequote}a\ {\isasymequiv}\ t{\isacharbrackleft}x{\isacharbrackright}{\isachardoublequote}} becomes \isa{{\isachardoublequote}c{\isachardot}a\ {\isacharquery}x\ {\isasymequiv}\ t{\isacharbrackleft}{\isacharquery}x{\isacharbrackright}{\isachardoublequote}} at the theory
   2.211 -  level (for arbitrary \isa{{\isachardoublequote}{\isacharquery}x{\isachardoublequote}}), together with a local
   2.212 -  abbreviation \isa{{\isachardoublequote}c\ {\isasymequiv}\ c{\isachardot}a\ x{\isachardoublequote}} in the target context (for the
   2.213 -  fixed parameter \isa{x}).
   2.214 -
   2.215 -  Theorems are exported by discharging the assumptions and
   2.216 -  generalizing the parameters of the context.  For example, \isa{{\isachardoublequote}a{\isacharcolon}\ B{\isacharbrackleft}x{\isacharbrackright}{\isachardoublequote}} becomes \isa{{\isachardoublequote}c{\isachardot}a{\isacharcolon}\ A{\isacharbrackleft}{\isacharquery}x{\isacharbrackright}\ {\isasymLongrightarrow}\ B{\isacharbrackleft}{\isacharquery}x{\isacharbrackright}{\isachardoublequote}}, again for arbitrary
   2.217 -  \isa{{\isachardoublequote}{\isacharquery}x{\isachardoublequote}}.%
   2.218 -\end{isamarkuptext}%
   2.219 -\isamarkuptrue%
   2.220 -%
   2.221 -\isamarkupsubsection{Locales \label{sec:locale}%
   2.222 -}
   2.223 -\isamarkuptrue%
   2.224 -%
   2.225 -\begin{isamarkuptext}%
   2.226 -Locales are named local contexts, consisting of a list of
   2.227 -  declaration elements that are modeled after the Isar proof context
   2.228 -  commands (cf.\ \secref{sec:proof-context}).%
   2.229 -\end{isamarkuptext}%
   2.230 -\isamarkuptrue%
   2.231 -%
   2.232 -\isamarkupsubsubsection{Locale specifications%
   2.233 -}
   2.234 -\isamarkuptrue%
   2.235 -%
   2.236 -\begin{isamarkuptext}%
   2.237 -\begin{matharray}{rcl}
   2.238 -    \indexdef{}{command}{locale}\hypertarget{command.locale}{\hyperlink{command.locale}{\mbox{\isa{\isacommand{locale}}}}} & : & \isartrans{theory}{local{\dsh}theory} \\
   2.239 -    \indexdef{}{command}{print\_locale}\hypertarget{command.print-locale}{\hyperlink{command.print-locale}{\mbox{\isa{\isacommand{print{\isacharunderscore}locale}}}}}\isa{{\isachardoublequote}\isactrlsup {\isacharasterisk}{\isachardoublequote}} & : & \isarkeep{theory~|~proof} \\
   2.240 -    \indexdef{}{command}{print\_locales}\hypertarget{command.print-locales}{\hyperlink{command.print-locales}{\mbox{\isa{\isacommand{print{\isacharunderscore}locales}}}}}\isa{{\isachardoublequote}\isactrlsup {\isacharasterisk}{\isachardoublequote}} & : & \isarkeep{theory~|~proof} \\
   2.241 -    \indexdef{}{method}{intro\_locales}\hypertarget{method.intro-locales}{\hyperlink{method.intro-locales}{\mbox{\isa{intro{\isacharunderscore}locales}}}} & : & \isarmeth \\
   2.242 -    \indexdef{}{method}{unfold\_locales}\hypertarget{method.unfold-locales}{\hyperlink{method.unfold-locales}{\mbox{\isa{unfold{\isacharunderscore}locales}}}} & : & \isarmeth \\
   2.243 -  \end{matharray}
   2.244 -
   2.245 -  \indexouternonterm{contextexpr}\indexouternonterm{contextelem}
   2.246 -  \indexisarelem{fixes}\indexisarelem{constrains}\indexisarelem{assumes}
   2.247 -  \indexisarelem{defines}\indexisarelem{notes}\indexisarelem{includes}
   2.248 -  \begin{rail}
   2.249 -    'locale' ('(open)')? name ('=' localeexpr)? 'begin'?
   2.250 -    ;
   2.251 -    'print\_locale' '!'? localeexpr
   2.252 -    ;
   2.253 -    localeexpr: ((contextexpr '+' (contextelem+)) | contextexpr | (contextelem+))
   2.254 -    ;
   2.255 -
   2.256 -    contextexpr: nameref | '(' contextexpr ')' |
   2.257 -    (contextexpr (name mixfix? +)) | (contextexpr + '+')
   2.258 -    ;
   2.259 -    contextelem: fixes | constrains | assumes | defines | notes
   2.260 -    ;
   2.261 -    fixes: 'fixes' ((name ('::' type)? structmixfix? | vars) + 'and')
   2.262 -    ;
   2.263 -    constrains: 'constrains' (name '::' type + 'and')
   2.264 -    ;
   2.265 -    assumes: 'assumes' (thmdecl? props + 'and')
   2.266 -    ;
   2.267 -    defines: 'defines' (thmdecl? prop proppat? + 'and')
   2.268 -    ;
   2.269 -    notes: 'notes' (thmdef? thmrefs + 'and')
   2.270 -    ;
   2.271 -    includes: 'includes' contextexpr
   2.272 -    ;
   2.273 -  \end{rail}
   2.274 -
   2.275 -  \begin{descr}
   2.276 -  
   2.277 -  \item [\hyperlink{command.locale}{\mbox{\isa{\isacommand{locale}}}}~\isa{{\isachardoublequote}loc\ {\isacharequal}\ import\ {\isacharplus}\ body{\isachardoublequote}}] defines a
   2.278 -  new locale \isa{loc} as a context consisting of a certain view of
   2.279 -  existing locales (\isa{import}) plus some additional elements
   2.280 -  (\isa{body}).  Both \isa{import} and \isa{body} are optional;
   2.281 -  the degenerate form \hyperlink{command.locale}{\mbox{\isa{\isacommand{locale}}}}~\isa{loc} defines an empty
   2.282 -  locale, which may still be useful to collect declarations of facts
   2.283 -  later on.  Type-inference on locale expressions automatically takes
   2.284 -  care of the most general typing that the combined context elements
   2.285 -  may acquire.
   2.286 -
   2.287 -  The \isa{import} consists of a structured context expression,
   2.288 -  consisting of references to existing locales, renamed contexts, or
   2.289 -  merged contexts.  Renaming uses positional notation: \isa{{\isachardoublequote}c\ x\isactrlsub {\isadigit{1}}\ {\isasymdots}\ x\isactrlsub n{\isachardoublequote}} means that (a prefix of) the fixed
   2.290 -  parameters of context \isa{c} are named \isa{{\isachardoublequote}x\isactrlsub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ x\isactrlsub n{\isachardoublequote}}; a ``\isa{{\isacharunderscore}}'' (underscore) means to skip that
   2.291 -  position.  Renaming by default deletes concrete syntax, but new
   2.292 -  syntax may by specified with a mixfix annotation.  An exeption of
   2.293 -  this rule is the special syntax declared with ``\isa{{\isachardoublequote}{\isacharparenleft}{\isasymSTRUCTURE}{\isacharparenright}{\isachardoublequote}}'' (see below), which is neither deleted nor can it
   2.294 -  be changed.  Merging proceeds from left-to-right, suppressing any
   2.295 -  duplicates stemming from different paths through the import
   2.296 -  hierarchy.
   2.297 -
   2.298 -  The \isa{body} consists of basic context elements, further context
   2.299 -  expressions may be included as well.
   2.300 -
   2.301 -  \begin{descr}
   2.302 -
   2.303 -  \item [\hyperlink{element.fixes}{\mbox{\isa{\isakeyword{fixes}}}}~\isa{{\isachardoublequote}x\ {\isacharcolon}{\isacharcolon}\ {\isasymtau}\ {\isacharparenleft}mx{\isacharparenright}{\isachardoublequote}}] declares a local
   2.304 -  parameter of type \isa{{\isasymtau}} and mixfix annotation \isa{mx} (both
   2.305 -  are optional).  The special syntax declaration ``\isa{{\isachardoublequote}{\isacharparenleft}{\isasymSTRUCTURE}{\isacharparenright}{\isachardoublequote}}'' means that \isa{x} may be referenced
   2.306 -  implicitly in this context.
   2.307 -
   2.308 -  \item [\hyperlink{element.constrains}{\mbox{\isa{\isakeyword{constrains}}}}~\isa{{\isachardoublequote}x\ {\isacharcolon}{\isacharcolon}\ {\isasymtau}{\isachardoublequote}}] introduces a type
   2.309 -  constraint \isa{{\isasymtau}} on the local parameter \isa{x}.
   2.310 -
   2.311 -  \item [\hyperlink{element.assumes}{\mbox{\isa{\isakeyword{assumes}}}}~\isa{{\isachardoublequote}a{\isacharcolon}\ {\isasymphi}\isactrlsub {\isadigit{1}}\ {\isasymdots}\ {\isasymphi}\isactrlsub n{\isachardoublequote}}]
   2.312 -  introduces local premises, similar to \hyperlink{command.assume}{\mbox{\isa{\isacommand{assume}}}} within a
   2.313 -  proof (cf.\ \secref{sec:proof-context}).
   2.314 -
   2.315 -  \item [\hyperlink{element.defines}{\mbox{\isa{\isakeyword{defines}}}}~\isa{{\isachardoublequote}a{\isacharcolon}\ x\ {\isasymequiv}\ t{\isachardoublequote}}] defines a previously
   2.316 -  declared parameter.  This is similar to \hyperlink{command.def}{\mbox{\isa{\isacommand{def}}}} within a
   2.317 -  proof (cf.\ \secref{sec:proof-context}), but \hyperlink{element.defines}{\mbox{\isa{\isakeyword{defines}}}}
   2.318 -  takes an equational proposition instead of variable-term pair.  The
   2.319 -  left-hand side of the equation may have additional arguments, e.g.\
   2.320 -  ``\hyperlink{element.defines}{\mbox{\isa{\isakeyword{defines}}}}~\isa{{\isachardoublequote}f\ x\isactrlsub {\isadigit{1}}\ {\isasymdots}\ x\isactrlsub n\ {\isasymequiv}\ t{\isachardoublequote}}''.
   2.321 -
   2.322 -  \item [\hyperlink{element.notes}{\mbox{\isa{\isakeyword{notes}}}}~\isa{{\isachardoublequote}a\ {\isacharequal}\ b\isactrlsub {\isadigit{1}}\ {\isasymdots}\ b\isactrlsub n{\isachardoublequote}}]
   2.323 -  reconsiders facts within a local context.  Most notably, this may
   2.324 -  include arbitrary declarations in any attribute specifications
   2.325 -  included here, e.g.\ a local \hyperlink{attribute.simp}{\mbox{\isa{simp}}} rule.
   2.326 -
   2.327 -  \item [\hyperlink{element.includes}{\mbox{\isa{\isakeyword{includes}}}}~\isa{c}] copies the specified context
   2.328 -  in a statically scoped manner.  Only available in the long goal
   2.329 -  format of \secref{sec:goals}.
   2.330 -
   2.331 -  In contrast, the initial \isa{import} specification of a locale
   2.332 -  expression maintains a dynamic relation to the locales being
   2.333 -  referenced (benefiting from any later fact declarations in the
   2.334 -  obvious manner).
   2.335 -
   2.336 -  \end{descr}
   2.337 -  
   2.338 -  Note that ``\isa{{\isachardoublequote}{\isacharparenleft}{\isasymIS}\ p\isactrlsub {\isadigit{1}}\ {\isasymdots}\ p\isactrlsub n{\isacharparenright}{\isachardoublequote}}'' patterns given
   2.339 -  in the syntax of \hyperlink{element.assumes}{\mbox{\isa{\isakeyword{assumes}}}} and \hyperlink{element.defines}{\mbox{\isa{\isakeyword{defines}}}} above
   2.340 -  are illegal in locale definitions.  In the long goal format of
   2.341 -  \secref{sec:goals}, term bindings may be included as expected,
   2.342 -  though.
   2.343 -  
   2.344 -  \medskip By default, locale specifications are ``closed up'' by
   2.345 -  turning the given text into a predicate definition \isa{loc{\isacharunderscore}axioms} and deriving the original assumptions as local lemmas
   2.346 -  (modulo local definitions).  The predicate statement covers only the
   2.347 -  newly specified assumptions, omitting the content of included locale
   2.348 -  expressions.  The full cumulative view is only provided on export,
   2.349 -  involving another predicate \isa{loc} that refers to the complete
   2.350 -  specification text.
   2.351 -  
   2.352 -  In any case, the predicate arguments are those locale parameters
   2.353 -  that actually occur in the respective piece of text.  Also note that
   2.354 -  these predicates operate at the meta-level in theory, but the locale
   2.355 -  packages attempts to internalize statements according to the
   2.356 -  object-logic setup (e.g.\ replacing \isa{{\isasymAnd}} by \isa{{\isasymforall}}, and
   2.357 -  \isa{{\isachardoublequote}{\isasymLongrightarrow}{\isachardoublequote}} by \isa{{\isachardoublequote}{\isasymlongrightarrow}{\isachardoublequote}} in HOL; see also
   2.358 -  \secref{sec:object-logic}).  Separate introduction rules \isa{loc{\isacharunderscore}axioms{\isachardot}intro} and \isa{loc{\isachardot}intro} are provided as well.
   2.359 -  
   2.360 -  The \isa{{\isachardoublequote}{\isacharparenleft}open{\isacharparenright}{\isachardoublequote}} option of a locale specification prevents both
   2.361 -  the current \isa{loc{\isacharunderscore}axioms} and cumulative \isa{loc} predicate
   2.362 -  constructions.  Predicates are also omitted for empty specification
   2.363 -  texts.
   2.364 -
   2.365 -  \item [\hyperlink{command.print-locale}{\mbox{\isa{\isacommand{print{\isacharunderscore}locale}}}}~\isa{{\isachardoublequote}import\ {\isacharplus}\ body{\isachardoublequote}}] prints the
   2.366 -  specified locale expression in a flattened form.  The notable
   2.367 -  special case \hyperlink{command.print-locale}{\mbox{\isa{\isacommand{print{\isacharunderscore}locale}}}}~\isa{loc} just prints the
   2.368 -  contents of the named locale, but keep in mind that type-inference
   2.369 -  will normalize type variables according to the usual alphabetical
   2.370 -  order.  The command omits \hyperlink{element.notes}{\mbox{\isa{\isakeyword{notes}}}} elements by default.
   2.371 -  Use \hyperlink{command.print-locale}{\mbox{\isa{\isacommand{print{\isacharunderscore}locale}}}}\isa{{\isachardoublequote}{\isacharbang}{\isachardoublequote}} to get them included.
   2.372 -
   2.373 -  \item [\hyperlink{command.print-locales}{\mbox{\isa{\isacommand{print{\isacharunderscore}locales}}}}] prints the names of all locales
   2.374 -  of the current theory.
   2.375 -
   2.376 -  \item [\hyperlink{method.intro-locales}{\mbox{\isa{intro{\isacharunderscore}locales}}} and \hyperlink{method.unfold-locales}{\mbox{\isa{unfold{\isacharunderscore}locales}}}]
   2.377 -  repeatedly expand all introduction rules of locale predicates of the
   2.378 -  theory.  While \hyperlink{method.intro-locales}{\mbox{\isa{intro{\isacharunderscore}locales}}} only applies the \isa{loc{\isachardot}intro} introduction rules and therefore does not decend to
   2.379 -  assumptions, \hyperlink{method.unfold-locales}{\mbox{\isa{unfold{\isacharunderscore}locales}}} is more aggressive and applies
   2.380 -  \isa{loc{\isacharunderscore}axioms{\isachardot}intro} as well.  Both methods are aware of locale
   2.381 -  specifications entailed by the context, both from target and
   2.382 -  \hyperlink{element.includes}{\mbox{\isa{\isakeyword{includes}}}} statements, and from interpretations (see
   2.383 -  below).  New goals that are entailed by the current context are
   2.384 -  discharged automatically.
   2.385 -
   2.386 -  \end{descr}%
   2.387 -\end{isamarkuptext}%
   2.388 -\isamarkuptrue%
   2.389 -%
   2.390 -\isamarkupsubsubsection{Interpretation of locales%
   2.391 -}
   2.392 -\isamarkuptrue%
   2.393 -%
   2.394 -\begin{isamarkuptext}%
   2.395 -Locale expressions (more precisely, \emph{context expressions}) may
   2.396 -  be instantiated, and the instantiated facts added to the current
   2.397 -  context.  This requires a proof of the instantiated specification
   2.398 -  and is called \emph{locale interpretation}.  Interpretation is
   2.399 -  possible in theories and locales (command \hyperlink{command.interpretation}{\mbox{\isa{\isacommand{interpretation}}}}) and also within a proof body (command \hyperlink{command.interpret}{\mbox{\isa{\isacommand{interpret}}}}).
   2.400 -
   2.401 -  \begin{matharray}{rcl}
   2.402 -    \indexdef{}{command}{interpretation}\hypertarget{command.interpretation}{\hyperlink{command.interpretation}{\mbox{\isa{\isacommand{interpretation}}}}} & : & \isartrans{theory}{proof(prove)} \\
   2.403 -    \indexdef{}{command}{interpret}\hypertarget{command.interpret}{\hyperlink{command.interpret}{\mbox{\isa{\isacommand{interpret}}}}} & : & \isartrans{proof(state) ~|~ proof(chain)}{proof(prove)} \\
   2.404 -    \indexdef{}{command}{print\_interps}\hypertarget{command.print-interps}{\hyperlink{command.print-interps}{\mbox{\isa{\isacommand{print{\isacharunderscore}interps}}}}}\isa{{\isachardoublequote}\isactrlsup {\isacharasterisk}{\isachardoublequote}} & : &  \isarkeep{theory~|~proof} \\
   2.405 -  \end{matharray}
   2.406 -
   2.407 -  \indexouternonterm{interp}
   2.408 -  \begin{rail}
   2.409 -    'interpretation' (interp | name ('<' | subseteq) contextexpr)
   2.410 -    ;
   2.411 -    'interpret' interp
   2.412 -    ;
   2.413 -    'print\_interps' '!'? name
   2.414 -    ;
   2.415 -    instantiation: ('[' (inst+) ']')?
   2.416 -    ;
   2.417 -    interp: thmdecl? \\ (contextexpr instantiation |
   2.418 -      name instantiation 'where' (thmdecl? prop + 'and'))
   2.419 -    ;
   2.420 -  \end{rail}
   2.421 -
   2.422 -  \begin{descr}
   2.423 -
   2.424 -  \item [\hyperlink{command.interpretation}{\mbox{\isa{\isacommand{interpretation}}}}~\isa{{\isachardoublequote}expr\ insts\ {\isasymWHERE}\ eqns{\isachardoublequote}}]
   2.425 -
   2.426 -  The first form of \hyperlink{command.interpretation}{\mbox{\isa{\isacommand{interpretation}}}} interprets \isa{expr} in the theory.  The instantiation is given as a list of terms
   2.427 -  \isa{insts} and is positional.  All parameters must receive an
   2.428 -  instantiation term --- with the exception of defined parameters.
   2.429 -  These are, if omitted, derived from the defining equation and other
   2.430 -  instantiations.  Use ``\isa{{\isacharunderscore}}'' to omit an instantiation term.
   2.431 -
   2.432 -  The command generates proof obligations for the instantiated
   2.433 -  specifications (assumes and defines elements).  Once these are
   2.434 -  discharged by the user, instantiated facts are added to the theory
   2.435 -  in a post-processing phase.
   2.436 -
   2.437 -  Additional equations, which are unfolded in facts during
   2.438 -  post-processing, may be given after the keyword \hyperlink{keyword.where}{\mbox{\isa{\isakeyword{where}}}}.
   2.439 -  This is useful for interpreting concepts introduced through
   2.440 -  definition specification elements.  The equations must be proved.
   2.441 -  Note that if equations are present, the context expression is
   2.442 -  restricted to a locale name.
   2.443 -
   2.444 -  The command is aware of interpretations already active in the
   2.445 -  theory.  No proof obligations are generated for those, neither is
   2.446 -  post-processing applied to their facts.  This avoids duplication of
   2.447 -  interpreted facts, in particular.  Note that, in the case of a
   2.448 -  locale with import, parts of the interpretation may already be
   2.449 -  active.  The command will only generate proof obligations and
   2.450 -  process facts for new parts.
   2.451 -
   2.452 -  The context expression may be preceded by a name and/or attributes.
   2.453 -  These take effect in the post-processing of facts.  The name is used
   2.454 -  to prefix fact names, for example to avoid accidental hiding of
   2.455 -  other facts.  Attributes are applied after attributes of the
   2.456 -  interpreted facts.
   2.457 -
   2.458 -  Adding facts to locales has the effect of adding interpreted facts
   2.459 -  to the theory for all active interpretations also.  That is,
   2.460 -  interpretations dynamically participate in any facts added to
   2.461 -  locales.
   2.462 -
   2.463 -  \item [\hyperlink{command.interpretation}{\mbox{\isa{\isacommand{interpretation}}}}~\isa{{\isachardoublequote}name\ {\isasymsubseteq}\ expr{\isachardoublequote}}]
   2.464 -
   2.465 -  This form of the command interprets \isa{expr} in the locale
   2.466 -  \isa{name}.  It requires a proof that the specification of \isa{name} implies the specification of \isa{expr}.  As in the
   2.467 -  localized version of the theorem command, the proof is in the
   2.468 -  context of \isa{name}.  After the proof obligation has been
   2.469 -  dischared, the facts of \isa{expr} become part of locale \isa{name} as \emph{derived} context elements and are available when the
   2.470 -  context \isa{name} is subsequently entered.  Note that, like
   2.471 -  import, this is dynamic: facts added to a locale part of \isa{expr} after interpretation become also available in \isa{name}.
   2.472 -  Like facts of renamed context elements, facts obtained by
   2.473 -  interpretation may be accessed by prefixing with the parameter
   2.474 -  renaming (where the parameters are separated by ``\isa{{\isacharunderscore}}'').
   2.475 -
   2.476 -  Unlike interpretation in theories, instantiation is confined to the
   2.477 -  renaming of parameters, which may be specified as part of the
   2.478 -  context expression \isa{expr}.  Using defined parameters in \isa{name} one may achieve an effect similar to instantiation, though.
   2.479 -
   2.480 -  Only specification fragments of \isa{expr} that are not already
   2.481 -  part of \isa{name} (be it imported, derived or a derived fragment
   2.482 -  of the import) are considered by interpretation.  This enables
   2.483 -  circular interpretations.
   2.484 -
   2.485 -  If interpretations of \isa{name} exist in the current theory, the
   2.486 -  command adds interpretations for \isa{expr} as well, with the same
   2.487 -  prefix and attributes, although only for fragments of \isa{expr}
   2.488 -  that are not interpreted in the theory already.
   2.489 -
   2.490 -  \item [\hyperlink{command.interpret}{\mbox{\isa{\isacommand{interpret}}}}~\isa{{\isachardoublequote}expr\ insts\ {\isasymWHERE}\ eqns{\isachardoublequote}}]
   2.491 -  interprets \isa{expr} in the proof context and is otherwise
   2.492 -  similar to interpretation in theories.
   2.493 -
   2.494 -  \item [\hyperlink{command.print-interps}{\mbox{\isa{\isacommand{print{\isacharunderscore}interps}}}}~\isa{loc}] prints the
   2.495 -  interpretations of a particular locale \isa{loc} that are active
   2.496 -  in the current context, either theory or proof context.  The
   2.497 -  exclamation point argument triggers printing of \emph{witness}
   2.498 -  theorems justifying interpretations.  These are normally omitted
   2.499 -  from the output.
   2.500 -  
   2.501 -  \end{descr}
   2.502 -
   2.503 -  \begin{warn}
   2.504 -    Since attributes are applied to interpreted theorems,
   2.505 -    interpretation may modify the context of common proof tools, e.g.\
   2.506 -    the Simplifier or Classical Reasoner.  Since the behavior of such
   2.507 -    automated reasoning tools is \emph{not} stable under
   2.508 -    interpretation morphisms, manual declarations might have to be
   2.509 -    issued.
   2.510 -  \end{warn}
   2.511 -
   2.512 -  \begin{warn}
   2.513 -    An interpretation in a theory may subsume previous
   2.514 -    interpretations.  This happens if the same specification fragment
   2.515 -    is interpreted twice and the instantiation of the second
   2.516 -    interpretation is more general than the interpretation of the
   2.517 -    first.  A warning is issued, since it is likely that these could
   2.518 -    have been generalized in the first place.  The locale package does
   2.519 -    not attempt to remove subsumed interpretations.
   2.520 -  \end{warn}%
   2.521 -\end{isamarkuptext}%
   2.522 -\isamarkuptrue%
   2.523 -%
   2.524 -\isamarkupsubsection{Classes \label{sec:class}%
   2.525 -}
   2.526 -\isamarkuptrue%
   2.527 -%
   2.528 -\begin{isamarkuptext}%
   2.529 -A class is a particular locale with \emph{exactly one} type variable
   2.530 -  \isa{{\isasymalpha}}.  Beyond the underlying locale, a corresponding type class
   2.531 -  is established which is interpreted logically as axiomatic type
   2.532 -  class \cite{Wenzel:1997:TPHOL} whose logical content are the
   2.533 -  assumptions of the locale.  Thus, classes provide the full
   2.534 -  generality of locales combined with the commodity of type classes
   2.535 -  (notably type-inference).  See \cite{isabelle-classes} for a short
   2.536 -  tutorial.
   2.537 -
   2.538 -  \begin{matharray}{rcl}
   2.539 -    \indexdef{}{command}{class}\hypertarget{command.class}{\hyperlink{command.class}{\mbox{\isa{\isacommand{class}}}}} & : & \isartrans{theory}{local{\dsh}theory} \\
   2.540 -    \indexdef{}{command}{instantiation}\hypertarget{command.instantiation}{\hyperlink{command.instantiation}{\mbox{\isa{\isacommand{instantiation}}}}} & : & \isartrans{theory}{local{\dsh}theory} \\
   2.541 -    \indexdef{}{command}{instance}\hypertarget{command.instance}{\hyperlink{command.instance}{\mbox{\isa{\isacommand{instance}}}}} & : & \isartrans{local{\dsh}theory}{local{\dsh}theory} \\
   2.542 -    \indexdef{}{command}{subclass}\hypertarget{command.subclass}{\hyperlink{command.subclass}{\mbox{\isa{\isacommand{subclass}}}}} & : & \isartrans{local{\dsh}theory}{local{\dsh}theory} \\
   2.543 -    \indexdef{}{command}{print\_classes}\hypertarget{command.print-classes}{\hyperlink{command.print-classes}{\mbox{\isa{\isacommand{print{\isacharunderscore}classes}}}}}\isa{{\isachardoublequote}\isactrlsup {\isacharasterisk}{\isachardoublequote}} & : & \isarkeep{theory~|~proof} \\
   2.544 -    \indexdef{}{method}{intro\_classes}\hypertarget{method.intro-classes}{\hyperlink{method.intro-classes}{\mbox{\isa{intro{\isacharunderscore}classes}}}} & : & \isarmeth \\
   2.545 -  \end{matharray}
   2.546 -
   2.547 -  \begin{rail}
   2.548 -    'class' name '=' ((superclassexpr '+' (contextelem+)) | superclassexpr | (contextelem+)) \\
   2.549 -      'begin'?
   2.550 -    ;
   2.551 -    'instantiation' (nameref + 'and') '::' arity 'begin'
   2.552 -    ;
   2.553 -    'instance'
   2.554 -    ;
   2.555 -    'subclass' target? nameref
   2.556 -    ;
   2.557 -    'print\_classes'
   2.558 -    ;
   2.559 -
   2.560 -    superclassexpr: nameref | (nameref '+' superclassexpr)
   2.561 -    ;
   2.562 -  \end{rail}
   2.563 -
   2.564 -  \begin{descr}
   2.565 -
   2.566 -  \item [\hyperlink{command.class}{\mbox{\isa{\isacommand{class}}}}~\isa{{\isachardoublequote}c\ {\isacharequal}\ superclasses\ {\isacharplus}\ body{\isachardoublequote}}] defines
   2.567 -  a new class \isa{c}, inheriting from \isa{superclasses}.  This
   2.568 -  introduces a locale \isa{c} with import of all locales \isa{superclasses}.
   2.569 -
   2.570 -  Any \hyperlink{element.fixes}{\mbox{\isa{\isakeyword{fixes}}}} in \isa{body} are lifted to the global
   2.571 -  theory level (\emph{class operations} \isa{{\isachardoublequote}f\isactrlsub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ f\isactrlsub n{\isachardoublequote}} of class \isa{c}), mapping the local type parameter
   2.572 -  \isa{{\isasymalpha}} to a schematic type variable \isa{{\isachardoublequote}{\isacharquery}{\isasymalpha}\ {\isacharcolon}{\isacharcolon}\ c{\isachardoublequote}}.
   2.573 -
   2.574 -  Likewise, \hyperlink{element.assumes}{\mbox{\isa{\isakeyword{assumes}}}} in \isa{body} are also lifted,
   2.575 -  mapping each local parameter \isa{{\isachardoublequote}f\ {\isacharcolon}{\isacharcolon}\ {\isasymtau}{\isacharbrackleft}{\isasymalpha}{\isacharbrackright}{\isachardoublequote}} to its
   2.576 -  corresponding global constant \isa{{\isachardoublequote}f\ {\isacharcolon}{\isacharcolon}\ {\isasymtau}{\isacharbrackleft}{\isacharquery}{\isasymalpha}\ {\isacharcolon}{\isacharcolon}\ c{\isacharbrackright}{\isachardoublequote}}.  The
   2.577 -  corresponding introduction rule is provided as \isa{c{\isacharunderscore}class{\isacharunderscore}axioms{\isachardot}intro}.  This rule should be rarely needed directly
   2.578 -  --- the \hyperlink{method.intro-classes}{\mbox{\isa{intro{\isacharunderscore}classes}}} method takes care of the details of
   2.579 -  class membership proofs.
   2.580 -
   2.581 -  \item [\hyperlink{command.instantiation}{\mbox{\isa{\isacommand{instantiation}}}}~\isa{{\isachardoublequote}t\ {\isacharcolon}{\isacharcolon}\ {\isacharparenleft}s\isactrlsub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ s\isactrlsub n{\isacharparenright}\ s\ {\isasymBEGIN}{\isachardoublequote}}] opens a theory target (cf.\
   2.582 -  \secref{sec:target}) which allows to specify class operations \isa{{\isachardoublequote}f\isactrlsub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ f\isactrlsub n{\isachardoublequote}} corresponding to sort \isa{s} at the
   2.583 -  particular type instance \isa{{\isachardoublequote}{\isacharparenleft}{\isasymalpha}\isactrlsub {\isadigit{1}}\ {\isacharcolon}{\isacharcolon}\ s\isactrlsub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ {\isasymalpha}\isactrlsub n\ {\isacharcolon}{\isacharcolon}\ s\isactrlsub n{\isacharparenright}\ t{\isachardoublequote}}.  A plain \hyperlink{command.instance}{\mbox{\isa{\isacommand{instance}}}} command
   2.584 -  in the target body poses a goal stating these type arities.  The
   2.585 -  target is concluded by an \indexref{}{command}{end}\hyperlink{command.end}{\mbox{\isa{\isacommand{end}}}} command.
   2.586 -
   2.587 -  Note that a list of simultaneous type constructors may be given;
   2.588 -  this corresponds nicely to mutual recursive type definitions, e.g.\
   2.589 -  in Isabelle/HOL.
   2.590 -
   2.591 -  \item [\hyperlink{command.instance}{\mbox{\isa{\isacommand{instance}}}}] in an instantiation target body sets
   2.592 -  up a goal stating the type arities claimed at the opening \hyperlink{command.instantiation}{\mbox{\isa{\isacommand{instantiation}}}}.  The proof would usually proceed by \hyperlink{method.intro-classes}{\mbox{\isa{intro{\isacharunderscore}classes}}}, and then establish the characteristic theorems of
   2.593 -  the type classes involved.  After finishing the proof, the
   2.594 -  background theory will be augmented by the proven type arities.
   2.595 -
   2.596 -  \item [\hyperlink{command.subclass}{\mbox{\isa{\isacommand{subclass}}}}~\isa{c}] in a class context for class
   2.597 -  \isa{d} sets up a goal stating that class \isa{c} is logically
   2.598 -  contained in class \isa{d}.  After finishing the proof, class
   2.599 -  \isa{d} is proven to be subclass \isa{c} and the locale \isa{c} is interpreted into \isa{d} simultaneously.
   2.600 -
   2.601 -  \item [\hyperlink{command.print-classes}{\mbox{\isa{\isacommand{print{\isacharunderscore}classes}}}}] prints all classes in the current
   2.602 -  theory.
   2.603 -
   2.604 -  \item [\hyperlink{method.intro-classes}{\mbox{\isa{intro{\isacharunderscore}classes}}}] repeatedly expands all class
   2.605 -  introduction rules of this theory.  Note that this method usually
   2.606 -  needs not be named explicitly, as it is already included in the
   2.607 -  default proof step (e.g.\ of \hyperlink{command.proof}{\mbox{\isa{\isacommand{proof}}}}).  In particular,
   2.608 -  instantiation of trivial (syntactic) classes may be performed by a
   2.609 -  single ``\hyperlink{command.ddot}{\mbox{\isa{\isacommand{{\isachardot}{\isachardot}}}}}'' proof step.
   2.610 -
   2.611 -  \end{descr}%
   2.612 -\end{isamarkuptext}%
   2.613 -\isamarkuptrue%
   2.614 -%
   2.615 -\isamarkupsubsubsection{The class target%
   2.616 -}
   2.617 -\isamarkuptrue%
   2.618 -%
   2.619 -\begin{isamarkuptext}%
   2.620 -%FIXME check
   2.621 -
   2.622 -  A named context may refer to a locale (cf.\ \secref{sec:target}).
   2.623 -  If this locale is also a class \isa{c}, apart from the common
   2.624 -  locale target behaviour the following happens.
   2.625 -
   2.626 -  \begin{itemize}
   2.627 -
   2.628 -  \item Local constant declarations \isa{{\isachardoublequote}g{\isacharbrackleft}{\isasymalpha}{\isacharbrackright}{\isachardoublequote}} referring to the
   2.629 -  local type parameter \isa{{\isasymalpha}} and local parameters \isa{{\isachardoublequote}f{\isacharbrackleft}{\isasymalpha}{\isacharbrackright}{\isachardoublequote}}
   2.630 -  are accompanied by theory-level constants \isa{{\isachardoublequote}g{\isacharbrackleft}{\isacharquery}{\isasymalpha}\ {\isacharcolon}{\isacharcolon}\ c{\isacharbrackright}{\isachardoublequote}}
   2.631 -  referring to theory-level class operations \isa{{\isachardoublequote}f{\isacharbrackleft}{\isacharquery}{\isasymalpha}\ {\isacharcolon}{\isacharcolon}\ c{\isacharbrackright}{\isachardoublequote}}.
   2.632 -
   2.633 -  \item Local theorem bindings are lifted as are assumptions.
   2.634 -
   2.635 -  \item Local syntax refers to local operations \isa{{\isachardoublequote}g{\isacharbrackleft}{\isasymalpha}{\isacharbrackright}{\isachardoublequote}} and
   2.636 -  global operations \isa{{\isachardoublequote}g{\isacharbrackleft}{\isacharquery}{\isasymalpha}\ {\isacharcolon}{\isacharcolon}\ c{\isacharbrackright}{\isachardoublequote}} uniformly.  Type inference
   2.637 -  resolves ambiguities.  In rare cases, manual type annotations are
   2.638 -  needed.
   2.639 -  
   2.640 -  \end{itemize}%
   2.641 -\end{isamarkuptext}%
   2.642 -\isamarkuptrue%
   2.643 -%
   2.644 -\isamarkupsubsection{Axiomatic type classes \label{sec:axclass}%
   2.645 -}
   2.646 -\isamarkuptrue%
   2.647 -%
   2.648 -\begin{isamarkuptext}%
   2.649 -\begin{matharray}{rcl}
   2.650 -    \indexdef{}{command}{axclass}\hypertarget{command.axclass}{\hyperlink{command.axclass}{\mbox{\isa{\isacommand{axclass}}}}} & : & \isartrans{theory}{theory} \\
   2.651 -    \indexdef{}{command}{instance}\hypertarget{command.instance}{\hyperlink{command.instance}{\mbox{\isa{\isacommand{instance}}}}} & : & \isartrans{theory}{proof(prove)} \\
   2.652 -  \end{matharray}
   2.653 -
   2.654 -  Axiomatic type classes are Isabelle/Pure's primitive
   2.655 -  \emph{definitional} interface to type classes.  For practical
   2.656 -  applications, you should consider using classes
   2.657 -  (cf.~\secref{sec:classes}) which provide high level interface.
   2.658 -
   2.659 -  \begin{rail}
   2.660 -    'axclass' classdecl (axmdecl prop +)
   2.661 -    ;
   2.662 -    'instance' (nameref ('<' | subseteq) nameref | nameref '::' arity)
   2.663 -    ;
   2.664 -  \end{rail}
   2.665 -
   2.666 -  \begin{descr}
   2.667 -  
   2.668 -  \item [\hyperlink{command.axclass}{\mbox{\isa{\isacommand{axclass}}}}~\isa{{\isachardoublequote}c\ {\isasymsubseteq}\ c\isactrlsub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ c\isactrlsub n\ axms{\isachardoublequote}}] defines an axiomatic type class as the intersection of
   2.669 -  existing classes, with additional axioms holding.  Class axioms may
   2.670 -  not contain more than one type variable.  The class axioms (with
   2.671 -  implicit sort constraints added) are bound to the given names.
   2.672 -  Furthermore a class introduction rule is generated (being bound as
   2.673 -  \isa{c{\isacharunderscore}class{\isachardot}intro}); this rule is employed by method \hyperlink{method.intro-classes}{\mbox{\isa{intro{\isacharunderscore}classes}}} to support instantiation proofs of this class.
   2.674 -  
   2.675 -  The ``class axioms'' are stored as theorems according to the given
   2.676 -  name specifications, adding \isa{{\isachardoublequote}c{\isacharunderscore}class{\isachardoublequote}} as name space prefix;
   2.677 -  the same facts are also stored collectively as \isa{c{\isacharunderscore}class{\isachardot}axioms}.
   2.678 -  
   2.679 -  \item [\hyperlink{command.instance}{\mbox{\isa{\isacommand{instance}}}}~\isa{{\isachardoublequote}c\isactrlsub {\isadigit{1}}\ {\isasymsubseteq}\ c\isactrlsub {\isadigit{2}}{\isachardoublequote}} and
   2.680 -  \hyperlink{command.instance}{\mbox{\isa{\isacommand{instance}}}}~\isa{{\isachardoublequote}t\ {\isacharcolon}{\isacharcolon}\ {\isacharparenleft}s\isactrlsub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ s\isactrlsub n{\isacharparenright}\ s{\isachardoublequote}}]
   2.681 -  setup a goal stating a class relation or type arity.  The proof
   2.682 -  would usually proceed by \hyperlink{method.intro-classes}{\mbox{\isa{intro{\isacharunderscore}classes}}}, and then establish
   2.683 -  the characteristic theorems of the type classes involved.  After
   2.684 -  finishing the proof, the theory will be augmented by a type
   2.685 -  signature declaration corresponding to the resulting theorem.
   2.686 -
   2.687 -  \end{descr}%
   2.688 -\end{isamarkuptext}%
   2.689 -\isamarkuptrue%
   2.690 -%
   2.691 -\isamarkupsubsection{Arbitrary overloading%
   2.692 -}
   2.693 -\isamarkuptrue%
   2.694 -%
   2.695 -\begin{isamarkuptext}%
   2.696 -Isabelle/Pure's definitional schemes support certain forms of
   2.697 -  overloading (see \secref{sec:consts}).  At most occassions
   2.698 -  overloading will be used in a Haskell-like fashion together with
   2.699 -  type classes by means of \hyperlink{command.instantiation}{\mbox{\isa{\isacommand{instantiation}}}} (see
   2.700 -  \secref{sec:class}).  Sometimes low-level overloading is desirable.
   2.701 -  The \hyperlink{command.overloading}{\mbox{\isa{\isacommand{overloading}}}} target provides a convenient view for
   2.702 -  end-users.
   2.703 -
   2.704 -  \begin{matharray}{rcl}
   2.705 -    \indexdef{}{command}{overloading}\hypertarget{command.overloading}{\hyperlink{command.overloading}{\mbox{\isa{\isacommand{overloading}}}}} & : & \isartrans{theory}{local{\dsh}theory} \\
   2.706 -  \end{matharray}
   2.707 -
   2.708 -  \begin{rail}
   2.709 -    'overloading' \\
   2.710 -    ( string ( '==' | equiv ) term ( '(' 'unchecked' ')' )? + ) 'begin'
   2.711 -  \end{rail}
   2.712 -
   2.713 -  \begin{descr}
   2.714 -
   2.715 -  \item [\hyperlink{command.overloading}{\mbox{\isa{\isacommand{overloading}}}}~\isa{{\isachardoublequote}x\isactrlsub {\isadigit{1}}\ {\isasymequiv}\ c\isactrlsub {\isadigit{1}}\ {\isacharcolon}{\isacharcolon}\ {\isasymtau}\isactrlsub {\isadigit{1}}\ {\isasymAND}\ {\isasymdots}\ x\isactrlsub n\ {\isasymequiv}\ c\isactrlsub n\ {\isacharcolon}{\isacharcolon}\ {\isasymtau}\isactrlsub n\ {\isasymBEGIN}{\isachardoublequote}}]
   2.716 -  opens a theory target (cf.\ \secref{sec:target}) which allows to
   2.717 -  specify constants with overloaded definitions.  These are identified
   2.718 -  by an explicitly given mapping from variable names \isa{{\isachardoublequote}x\isactrlsub i{\isachardoublequote}} to constants \isa{{\isachardoublequote}c\isactrlsub i{\isachardoublequote}} at particular type
   2.719 -  instances.  The definitions themselves are established using common
   2.720 -  specification tools, using the names \isa{{\isachardoublequote}x\isactrlsub i{\isachardoublequote}} as
   2.721 -  reference to the corresponding constants.  The target is concluded
   2.722 -  by \hyperlink{command.end}{\mbox{\isa{\isacommand{end}}}}.
   2.723 -
   2.724 -  A \isa{{\isachardoublequote}{\isacharparenleft}unchecked{\isacharparenright}{\isachardoublequote}} option disables global dependency checks for
   2.725 -  the corresponding definition, which is occasionally useful for
   2.726 -  exotic overloading.  It is at the discretion of the user to avoid
   2.727 -  malformed theory specifications!
   2.728 -
   2.729 -  \end{descr}%
   2.730 -\end{isamarkuptext}%
   2.731 -\isamarkuptrue%
   2.732 -%
   2.733 -\isamarkupsubsection{Configuration options%
   2.734 +\isamarkupsection{Configuration options%
   2.735  }
   2.736  \isamarkuptrue%
   2.737  %
   2.738 @@ -790,7 +64,7 @@
   2.739  \end{isamarkuptext}%
   2.740  \isamarkuptrue%
   2.741  %
   2.742 -\isamarkupsection{Proof tools%
   2.743 +\isamarkupsection{Basic proof tools%
   2.744  }
   2.745  \isamarkuptrue%
   2.746  %
   2.747 @@ -1031,11 +305,11 @@
   2.748  \end{isamarkuptext}%
   2.749  \isamarkuptrue%
   2.750  %
   2.751 -\isamarkupsubsection{The Simplifier \label{sec:simplifier}%
   2.752 +\isamarkupsection{The Simplifier \label{sec:simplifier}%
   2.753  }
   2.754  \isamarkuptrue%
   2.755  %
   2.756 -\isamarkupsubsubsection{Simplification methods%
   2.757 +\isamarkupsubsection{Simplification methods%
   2.758  }
   2.759  \isamarkuptrue%
   2.760  %
   2.761 @@ -1110,7 +384,7 @@
   2.762  \end{isamarkuptext}%
   2.763  \isamarkuptrue%
   2.764  %
   2.765 -\isamarkupsubsubsection{Declaring rules%
   2.766 +\isamarkupsubsection{Declaring rules%
   2.767  }
   2.768  \isamarkuptrue%
   2.769  %
   2.770 @@ -1143,7 +417,7 @@
   2.771  \end{isamarkuptext}%
   2.772  \isamarkuptrue%
   2.773  %
   2.774 -\isamarkupsubsubsection{Simplification procedures%
   2.775 +\isamarkupsubsection{Simplification procedures%
   2.776  }
   2.777  \isamarkuptrue%
   2.778  %
   2.779 @@ -1189,7 +463,7 @@
   2.780  \end{isamarkuptext}%
   2.781  \isamarkuptrue%
   2.782  %
   2.783 -\isamarkupsubsubsection{Forward simplification%
   2.784 +\isamarkupsubsection{Forward simplification%
   2.785  }
   2.786  \isamarkuptrue%
   2.787  %
   2.788 @@ -1224,7 +498,7 @@
   2.789  \end{isamarkuptext}%
   2.790  \isamarkuptrue%
   2.791  %
   2.792 -\isamarkupsubsubsection{Low-level equational reasoning%
   2.793 +\isamarkupsubsection{Low-level equational reasoning%
   2.794  }
   2.795  \isamarkuptrue%
   2.796  %
   2.797 @@ -1290,11 +564,11 @@
   2.798  \end{isamarkuptext}%
   2.799  \isamarkuptrue%
   2.800  %
   2.801 -\isamarkupsubsection{The Classical Reasoner \label{sec:classical}%
   2.802 +\isamarkupsection{The Classical Reasoner \label{sec:classical}%
   2.803  }
   2.804  \isamarkuptrue%
   2.805  %
   2.806 -\isamarkupsubsubsection{Basic methods%
   2.807 +\isamarkupsubsection{Basic methods%
   2.808  }
   2.809  \isamarkuptrue%
   2.810  %
   2.811 @@ -1339,7 +613,7 @@
   2.812  \end{isamarkuptext}%
   2.813  \isamarkuptrue%
   2.814  %
   2.815 -\isamarkupsubsubsection{Automated methods%
   2.816 +\isamarkupsubsection{Automated methods%
   2.817  }
   2.818  \isamarkuptrue%
   2.819  %
   2.820 @@ -1384,7 +658,7 @@
   2.821  \end{isamarkuptext}%
   2.822  \isamarkuptrue%
   2.823  %
   2.824 -\isamarkupsubsubsection{Combined automated methods \label{sec:clasimp}%
   2.825 +\isamarkupsubsection{Combined automated methods \label{sec:clasimp}%
   2.826  }
   2.827  \isamarkuptrue%
   2.828  %
   2.829 @@ -1430,7 +704,7 @@
   2.830  \end{isamarkuptext}%
   2.831  \isamarkuptrue%
   2.832  %
   2.833 -\isamarkupsubsubsection{Declaring rules%
   2.834 +\isamarkupsubsection{Declaring rules%
   2.835  }
   2.836  \isamarkuptrue%
   2.837  %
   2.838 @@ -1486,7 +760,7 @@
   2.839  \end{isamarkuptext}%
   2.840  \isamarkuptrue%
   2.841  %
   2.842 -\isamarkupsubsubsection{Classical operations%
   2.843 +\isamarkupsubsection{Classical operations%
   2.844  }
   2.845  \isamarkuptrue%
   2.846  %
   2.847 @@ -1504,355 +778,6 @@
   2.848  \end{isamarkuptext}%
   2.849  \isamarkuptrue%
   2.850  %
   2.851 -\isamarkupsubsection{Proof by cases and induction \label{sec:cases-induct}%
   2.852 -}
   2.853 -\isamarkuptrue%
   2.854 -%
   2.855 -\isamarkupsubsubsection{Rule contexts%
   2.856 -}
   2.857 -\isamarkuptrue%
   2.858 -%
   2.859 -\begin{isamarkuptext}%
   2.860 -\begin{matharray}{rcl}
   2.861 -    \indexdef{}{command}{case}\hypertarget{command.case}{\hyperlink{command.case}{\mbox{\isa{\isacommand{case}}}}} & : & \isartrans{proof(state)}{proof(state)} \\
   2.862 -    \indexdef{}{command}{print\_cases}\hypertarget{command.print-cases}{\hyperlink{command.print-cases}{\mbox{\isa{\isacommand{print{\isacharunderscore}cases}}}}}\isa{{\isachardoublequote}\isactrlsup {\isacharasterisk}{\isachardoublequote}} & : & \isarkeep{proof} \\
   2.863 -    \indexdef{}{attribute}{case\_names}\hypertarget{attribute.case-names}{\hyperlink{attribute.case-names}{\mbox{\isa{case{\isacharunderscore}names}}}} & : & \isaratt \\
   2.864 -    \indexdef{}{attribute}{case\_conclusion}\hypertarget{attribute.case-conclusion}{\hyperlink{attribute.case-conclusion}{\mbox{\isa{case{\isacharunderscore}conclusion}}}} & : & \isaratt \\
   2.865 -    \indexdef{}{attribute}{params}\hypertarget{attribute.params}{\hyperlink{attribute.params}{\mbox{\isa{params}}}} & : & \isaratt \\
   2.866 -    \indexdef{}{attribute}{consumes}\hypertarget{attribute.consumes}{\hyperlink{attribute.consumes}{\mbox{\isa{consumes}}}} & : & \isaratt \\
   2.867 -  \end{matharray}
   2.868 -
   2.869 -  The puristic way to build up Isar proof contexts is by explicit
   2.870 -  language elements like \hyperlink{command.fix}{\mbox{\isa{\isacommand{fix}}}}, \hyperlink{command.assume}{\mbox{\isa{\isacommand{assume}}}},
   2.871 -  \hyperlink{command.let}{\mbox{\isa{\isacommand{let}}}} (see \secref{sec:proof-context}).  This is adequate
   2.872 -  for plain natural deduction, but easily becomes unwieldy in concrete
   2.873 -  verification tasks, which typically involve big induction rules with
   2.874 -  several cases.
   2.875 -
   2.876 -  The \hyperlink{command.case}{\mbox{\isa{\isacommand{case}}}} command provides a shorthand to refer to a
   2.877 -  local context symbolically: certain proof methods provide an
   2.878 -  environment of named ``cases'' of the form \isa{{\isachardoublequote}c{\isacharcolon}\ x\isactrlsub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ x\isactrlsub m{\isacharcomma}\ {\isasymphi}\isactrlsub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ {\isasymphi}\isactrlsub n{\isachardoublequote}}; the effect of ``\hyperlink{command.case}{\mbox{\isa{\isacommand{case}}}}~\isa{c}'' is then equivalent to ``\hyperlink{command.fix}{\mbox{\isa{\isacommand{fix}}}}~\isa{{\isachardoublequote}x\isactrlsub {\isadigit{1}}\ {\isasymdots}\ x\isactrlsub m{\isachardoublequote}}~\hyperlink{command.assume}{\mbox{\isa{\isacommand{assume}}}}~\isa{{\isachardoublequote}c{\isacharcolon}\ {\isasymphi}\isactrlsub {\isadigit{1}}\ {\isasymdots}\ {\isasymphi}\isactrlsub n{\isachardoublequote}}''.  Term bindings may be covered as well, notably
   2.879 -  \hyperlink{variable.?case}{\mbox{\isa{{\isacharquery}case}}} for the main conclusion.
   2.880 -
   2.881 -  By default, the ``terminology'' \isa{{\isachardoublequote}x\isactrlsub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ x\isactrlsub m{\isachardoublequote}} of
   2.882 -  a case value is marked as hidden, i.e.\ there is no way to refer to
   2.883 -  such parameters in the subsequent proof text.  After all, original
   2.884 -  rule parameters stem from somewhere outside of the current proof
   2.885 -  text.  By using the explicit form ``\hyperlink{command.case}{\mbox{\isa{\isacommand{case}}}}~\isa{{\isachardoublequote}{\isacharparenleft}c\ y\isactrlsub {\isadigit{1}}\ {\isasymdots}\ y\isactrlsub m{\isacharparenright}{\isachardoublequote}}'' instead, the proof author is able to
   2.886 -  chose local names that fit nicely into the current context.
   2.887 -
   2.888 -  \medskip It is important to note that proper use of \hyperlink{command.case}{\mbox{\isa{\isacommand{case}}}} does not provide means to peek at the current goal state,
   2.889 -  which is not directly observable in Isar!  Nonetheless, goal
   2.890 -  refinement commands do provide named cases \isa{{\isachardoublequote}goal\isactrlsub i{\isachardoublequote}}
   2.891 -  for each subgoal \isa{{\isachardoublequote}i\ {\isacharequal}\ {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ n{\isachardoublequote}} of the resulting goal state.
   2.892 -  Using this extra feature requires great care, because some bits of
   2.893 -  the internal tactical machinery intrude the proof text.  In
   2.894 -  particular, parameter names stemming from the left-over of automated
   2.895 -  reasoning tools are usually quite unpredictable.
   2.896 -
   2.897 -  Under normal circumstances, the text of cases emerge from standard
   2.898 -  elimination or induction rules, which in turn are derived from
   2.899 -  previous theory specifications in a canonical way (say from
   2.900 -  \hyperlink{command.inductive}{\mbox{\isa{\isacommand{inductive}}}} definitions).
   2.901 -
   2.902 -  \medskip Proper cases are only available if both the proof method
   2.903 -  and the rules involved support this.  By using appropriate
   2.904 -  attributes, case names, conclusions, and parameters may be also
   2.905 -  declared by hand.  Thus variant versions of rules that have been
   2.906 -  derived manually become ready to use in advanced case analysis
   2.907 -  later.
   2.908 -
   2.909 -  \begin{rail}
   2.910 -    'case' (caseref | '(' caseref ((name | underscore) +) ')')
   2.911 -    ;
   2.912 -    caseref: nameref attributes?
   2.913 -    ;
   2.914 -
   2.915 -    'case\_names' (name +)
   2.916 -    ;
   2.917 -    'case\_conclusion' name (name *)
   2.918 -    ;
   2.919 -    'params' ((name *) + 'and')
   2.920 -    ;
   2.921 -    'consumes' nat?
   2.922 -    ;
   2.923 -  \end{rail}
   2.924 -
   2.925 -  \begin{descr}
   2.926 -  
   2.927 -  \item [\hyperlink{command.case}{\mbox{\isa{\isacommand{case}}}}~\isa{{\isachardoublequote}{\isacharparenleft}c\ x\isactrlsub {\isadigit{1}}\ {\isasymdots}\ x\isactrlsub m{\isacharparenright}{\isachardoublequote}}]
   2.928 -  invokes a named local context \isa{{\isachardoublequote}c{\isacharcolon}\ x\isactrlsub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ x\isactrlsub m{\isacharcomma}\ {\isasymphi}\isactrlsub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ {\isasymphi}\isactrlsub m{\isachardoublequote}}, as provided by an appropriate
   2.929 -  proof method (such as \indexref{}{method}{cases}\hyperlink{method.cases}{\mbox{\isa{cases}}} and \indexref{}{method}{induct}\hyperlink{method.induct}{\mbox{\isa{induct}}}).
   2.930 -  The command ``\hyperlink{command.case}{\mbox{\isa{\isacommand{case}}}}~\isa{{\isachardoublequote}{\isacharparenleft}c\ x\isactrlsub {\isadigit{1}}\ {\isasymdots}\ x\isactrlsub m{\isacharparenright}{\isachardoublequote}}'' abbreviates ``\hyperlink{command.fix}{\mbox{\isa{\isacommand{fix}}}}~\isa{{\isachardoublequote}x\isactrlsub {\isadigit{1}}\ {\isasymdots}\ x\isactrlsub m{\isachardoublequote}}~\hyperlink{command.assume}{\mbox{\isa{\isacommand{assume}}}}~\isa{{\isachardoublequote}c{\isacharcolon}\ {\isasymphi}\isactrlsub {\isadigit{1}}\ {\isasymdots}\ {\isasymphi}\isactrlsub n{\isachardoublequote}}''.
   2.931 -
   2.932 -  \item [\hyperlink{command.print-cases}{\mbox{\isa{\isacommand{print{\isacharunderscore}cases}}}}] prints all local contexts of the
   2.933 -  current state, using Isar proof language notation.
   2.934 -  
   2.935 -  \item [\hyperlink{attribute.case-names}{\mbox{\isa{case{\isacharunderscore}names}}}~\isa{{\isachardoublequote}c\isactrlsub {\isadigit{1}}\ {\isasymdots}\ c\isactrlsub k{\isachardoublequote}}]
   2.936 -  declares names for the local contexts of premises of a theorem;
   2.937 -  \isa{{\isachardoublequote}c\isactrlsub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ c\isactrlsub k{\isachardoublequote}} refers to the \emph{suffix} of the
   2.938 -  list of premises.
   2.939 -  
   2.940 -  \item [\hyperlink{attribute.case-conclusion}{\mbox{\isa{case{\isacharunderscore}conclusion}}}~\isa{{\isachardoublequote}c\ d\isactrlsub {\isadigit{1}}\ {\isasymdots}\ d\isactrlsub k{\isachardoublequote}}] declares names for the conclusions of a named premise
   2.941 -  \isa{c}; here \isa{{\isachardoublequote}d\isactrlsub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ d\isactrlsub k{\isachardoublequote}} refers to the
   2.942 -  prefix of arguments of a logical formula built by nesting a binary
   2.943 -  connective (e.g.\ \isa{{\isachardoublequote}{\isasymor}{\isachardoublequote}}).
   2.944 -  
   2.945 -  Note that proof methods such as \hyperlink{method.induct}{\mbox{\isa{induct}}} and \hyperlink{method.coinduct}{\mbox{\isa{coinduct}}} already provide a default name for the conclusion as a
   2.946 -  whole.  The need to name subformulas only arises with cases that
   2.947 -  split into several sub-cases, as in common co-induction rules.
   2.948 -
   2.949 -  \item [\hyperlink{attribute.params}{\mbox{\isa{params}}}~\isa{{\isachardoublequote}p\isactrlsub {\isadigit{1}}\ {\isasymdots}\ p\isactrlsub m\ {\isasymAND}\ {\isasymdots}\ q\isactrlsub {\isadigit{1}}\ {\isasymdots}\ q\isactrlsub n{\isachardoublequote}}] renames the innermost parameters of
   2.950 -  premises \isa{{\isachardoublequote}{\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ n{\isachardoublequote}} of some theorem.  An empty list of names
   2.951 -  may be given to skip positions, leaving the present parameters
   2.952 -  unchanged.
   2.953 -  
   2.954 -  Note that the default usage of case rules does \emph{not} directly
   2.955 -  expose parameters to the proof context.
   2.956 -  
   2.957 -  \item [\hyperlink{attribute.consumes}{\mbox{\isa{consumes}}}~\isa{n}] declares the number of
   2.958 -  ``major premises'' of a rule, i.e.\ the number of facts to be
   2.959 -  consumed when it is applied by an appropriate proof method.  The
   2.960 -  default value of \hyperlink{attribute.consumes}{\mbox{\isa{consumes}}} is \isa{{\isachardoublequote}n\ {\isacharequal}\ {\isadigit{1}}{\isachardoublequote}}, which is
   2.961 -  appropriate for the usual kind of cases and induction rules for
   2.962 -  inductive sets (cf.\ \secref{sec:hol-inductive}).  Rules without any
   2.963 -  \hyperlink{attribute.consumes}{\mbox{\isa{consumes}}} declaration given are treated as if
   2.964 -  \hyperlink{attribute.consumes}{\mbox{\isa{consumes}}}~\isa{{\isadigit{0}}} had been specified.
   2.965 -  
   2.966 -  Note that explicit \hyperlink{attribute.consumes}{\mbox{\isa{consumes}}} declarations are only
   2.967 -  rarely needed; this is already taken care of automatically by the
   2.968 -  higher-level \hyperlink{attribute.cases}{\mbox{\isa{cases}}}, \hyperlink{attribute.induct}{\mbox{\isa{induct}}}, and
   2.969 -  \hyperlink{attribute.coinduct}{\mbox{\isa{coinduct}}} declarations.
   2.970 -
   2.971 -  \end{descr}%
   2.972 -\end{isamarkuptext}%
   2.973 -\isamarkuptrue%
   2.974 -%
   2.975 -\isamarkupsubsubsection{Proof methods%
   2.976 -}
   2.977 -\isamarkuptrue%
   2.978 -%
   2.979 -\begin{isamarkuptext}%
   2.980 -\begin{matharray}{rcl}
   2.981 -    \indexdef{}{method}{cases}\hypertarget{method.cases}{\hyperlink{method.cases}{\mbox{\isa{cases}}}} & : & \isarmeth \\
   2.982 -    \indexdef{}{method}{induct}\hypertarget{method.induct}{\hyperlink{method.induct}{\mbox{\isa{induct}}}} & : & \isarmeth \\
   2.983 -    \indexdef{}{method}{coinduct}\hypertarget{method.coinduct}{\hyperlink{method.coinduct}{\mbox{\isa{coinduct}}}} & : & \isarmeth \\
   2.984 -  \end{matharray}
   2.985 -
   2.986 -  The \hyperlink{method.cases}{\mbox{\isa{cases}}}, \hyperlink{method.induct}{\mbox{\isa{induct}}}, and \hyperlink{method.coinduct}{\mbox{\isa{coinduct}}}
   2.987 -  methods provide a uniform interface to common proof techniques over
   2.988 -  datatypes, inductive predicates (or sets), recursive functions etc.
   2.989 -  The corresponding rules may be specified and instantiated in a
   2.990 -  casual manner.  Furthermore, these methods provide named local
   2.991 -  contexts that may be invoked via the \hyperlink{command.case}{\mbox{\isa{\isacommand{case}}}} proof command
   2.992 -  within the subsequent proof text.  This accommodates compact proof
   2.993 -  texts even when reasoning about large specifications.
   2.994 -
   2.995 -  The \hyperlink{method.induct}{\mbox{\isa{induct}}} method also provides some additional
   2.996 -  infrastructure in order to be applicable to structure statements
   2.997 -  (either using explicit meta-level connectives, or including facts
   2.998 -  and parameters separately).  This avoids cumbersome encoding of
   2.999 -  ``strengthened'' inductive statements within the object-logic.
  2.1000 -
  2.1001 -  \begin{rail}
  2.1002 -    'cases' (insts * 'and') rule?
  2.1003 -    ;
  2.1004 -    'induct' (definsts * 'and') \\ arbitrary? taking? rule?
  2.1005 -    ;
  2.1006 -    'coinduct' insts taking rule?
  2.1007 -    ;
  2.1008 -
  2.1009 -    rule: ('type' | 'pred' | 'set') ':' (nameref +) | 'rule' ':' (thmref +)
  2.1010 -    ;
  2.1011 -    definst: name ('==' | equiv) term | inst
  2.1012 -    ;
  2.1013 -    definsts: ( definst *)
  2.1014 -    ;
  2.1015 -    arbitrary: 'arbitrary' ':' ((term *) 'and' +)
  2.1016 -    ;
  2.1017 -    taking: 'taking' ':' insts
  2.1018 -    ;
  2.1019 -  \end{rail}
  2.1020 -
  2.1021 -  \begin{descr}
  2.1022 -
  2.1023 -  \item [\hyperlink{method.cases}{\mbox{\isa{cases}}}~\isa{{\isachardoublequote}insts\ R{\isachardoublequote}}] applies method \hyperlink{method.rule}{\mbox{\isa{rule}}} with an appropriate case distinction theorem, instantiated to
  2.1024 -  the subjects \isa{insts}.  Symbolic case names are bound according
  2.1025 -  to the rule's local contexts.
  2.1026 -
  2.1027 -  The rule is determined as follows, according to the facts and
  2.1028 -  arguments passed to the \hyperlink{method.cases}{\mbox{\isa{cases}}} method:
  2.1029 -
  2.1030 -  \medskip
  2.1031 -  \begin{tabular}{llll}
  2.1032 -    facts           &                 & arguments   & rule \\\hline
  2.1033 -                    & \hyperlink{method.cases}{\mbox{\isa{cases}}} &             & classical case split \\
  2.1034 -                    & \hyperlink{method.cases}{\mbox{\isa{cases}}} & \isa{t}   & datatype exhaustion (type of \isa{t}) \\
  2.1035 -    \isa{{\isachardoublequote}{\isasymturnstile}\ A\ t{\isachardoublequote}} & \hyperlink{method.cases}{\mbox{\isa{cases}}} & \isa{{\isachardoublequote}{\isasymdots}{\isachardoublequote}} & inductive predicate/set elimination (of \isa{A}) \\
  2.1036 -    \isa{{\isachardoublequote}{\isasymdots}{\isachardoublequote}}     & \hyperlink{method.cases}{\mbox{\isa{cases}}} & \isa{{\isachardoublequote}{\isasymdots}\ rule{\isacharcolon}\ R{\isachardoublequote}} & explicit rule \isa{R} \\
  2.1037 -  \end{tabular}
  2.1038 -  \medskip
  2.1039 -
  2.1040 -  Several instantiations may be given, referring to the \emph{suffix}
  2.1041 -  of premises of the case rule; within each premise, the \emph{prefix}
  2.1042 -  of variables is instantiated.  In most situations, only a single
  2.1043 -  term needs to be specified; this refers to the first variable of the
  2.1044 -  last premise (it is usually the same for all cases).
  2.1045 -
  2.1046 -  \item [\hyperlink{method.induct}{\mbox{\isa{induct}}}~\isa{{\isachardoublequote}insts\ R{\isachardoublequote}}] is analogous to the
  2.1047 -  \hyperlink{method.cases}{\mbox{\isa{cases}}} method, but refers to induction rules, which are
  2.1048 -  determined as follows:
  2.1049 -
  2.1050 -  \medskip
  2.1051 -  \begin{tabular}{llll}
  2.1052 -    facts           &                  & arguments            & rule \\\hline
  2.1053 -                    & \hyperlink{method.induct}{\mbox{\isa{induct}}} & \isa{{\isachardoublequote}P\ x{\isachardoublequote}}        & datatype induction (type of \isa{x}) \\
  2.1054 -    \isa{{\isachardoublequote}{\isasymturnstile}\ A\ x{\isachardoublequote}} & \hyperlink{method.induct}{\mbox{\isa{induct}}} & \isa{{\isachardoublequote}{\isasymdots}{\isachardoublequote}}          & predicate/set induction (of \isa{A}) \\
  2.1055 -    \isa{{\isachardoublequote}{\isasymdots}{\isachardoublequote}}     & \hyperlink{method.induct}{\mbox{\isa{induct}}} & \isa{{\isachardoublequote}{\isasymdots}\ rule{\isacharcolon}\ R{\isachardoublequote}} & explicit rule \isa{R} \\
  2.1056 -  \end{tabular}
  2.1057 -  \medskip
  2.1058 -  
  2.1059 -  Several instantiations may be given, each referring to some part of
  2.1060 -  a mutual inductive definition or datatype --- only related partial
  2.1061 -  induction rules may be used together, though.  Any of the lists of
  2.1062 -  terms \isa{{\isachardoublequote}P{\isacharcomma}\ x{\isacharcomma}\ {\isasymdots}{\isachardoublequote}} refers to the \emph{suffix} of variables
  2.1063 -  present in the induction rule.  This enables the writer to specify
  2.1064 -  only induction variables, or both predicates and variables, for
  2.1065 -  example.
  2.1066 -  
  2.1067 -  Instantiations may be definitional: equations \isa{{\isachardoublequote}x\ {\isasymequiv}\ t{\isachardoublequote}}
  2.1068 -  introduce local definitions, which are inserted into the claim and
  2.1069 -  discharged after applying the induction rule.  Equalities reappear
  2.1070 -  in the inductive cases, but have been transformed according to the
  2.1071 -  induction principle being involved here.  In order to achieve
  2.1072 -  practically useful induction hypotheses, some variables occurring in
  2.1073 -  \isa{t} need to be fixed (see below).
  2.1074 -  
  2.1075 -  The optional ``\isa{{\isachardoublequote}arbitrary{\isacharcolon}\ x\isactrlsub {\isadigit{1}}\ {\isasymdots}\ x\isactrlsub m{\isachardoublequote}}''
  2.1076 -  specification generalizes variables \isa{{\isachardoublequote}x\isactrlsub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ x\isactrlsub m{\isachardoublequote}} of the original goal before applying induction.  Thus
  2.1077 -  induction hypotheses may become sufficiently general to get the
  2.1078 -  proof through.  Together with definitional instantiations, one may
  2.1079 -  effectively perform induction over expressions of a certain
  2.1080 -  structure.
  2.1081 -  
  2.1082 -  The optional ``\isa{{\isachardoublequote}taking{\isacharcolon}\ t\isactrlsub {\isadigit{1}}\ {\isasymdots}\ t\isactrlsub n{\isachardoublequote}}''
  2.1083 -  specification provides additional instantiations of a prefix of
  2.1084 -  pending variables in the rule.  Such schematic induction rules
  2.1085 -  rarely occur in practice, though.
  2.1086 -
  2.1087 -  \item [\hyperlink{method.coinduct}{\mbox{\isa{coinduct}}}~\isa{{\isachardoublequote}inst\ R{\isachardoublequote}}] is analogous to the
  2.1088 -  \hyperlink{method.induct}{\mbox{\isa{induct}}} method, but refers to coinduction rules, which are
  2.1089 -  determined as follows:
  2.1090 -
  2.1091 -  \medskip
  2.1092 -  \begin{tabular}{llll}
  2.1093 -    goal          &                    & arguments & rule \\\hline
  2.1094 -                  & \hyperlink{method.coinduct}{\mbox{\isa{coinduct}}} & \isa{x} & type coinduction (type of \isa{x}) \\
  2.1095 -    \isa{{\isachardoublequote}A\ x{\isachardoublequote}} & \hyperlink{method.coinduct}{\mbox{\isa{coinduct}}} & \isa{{\isachardoublequote}{\isasymdots}{\isachardoublequote}} & predicate/set coinduction (of \isa{A}) \\
  2.1096 -    \isa{{\isachardoublequote}{\isasymdots}{\isachardoublequote}}   & \hyperlink{method.coinduct}{\mbox{\isa{coinduct}}} & \isa{{\isachardoublequote}{\isasymdots}\ rule{\isacharcolon}\ R{\isachardoublequote}} & explicit rule \isa{R} \\
  2.1097 -  \end{tabular}
  2.1098 -  
  2.1099 -  Coinduction is the dual of induction.  Induction essentially
  2.1100 -  eliminates \isa{{\isachardoublequote}A\ x{\isachardoublequote}} towards a generic result \isa{{\isachardoublequote}P\ x{\isachardoublequote}},
  2.1101 -  while coinduction introduces \isa{{\isachardoublequote}A\ x{\isachardoublequote}} starting with \isa{{\isachardoublequote}B\ x{\isachardoublequote}}, for a suitable ``bisimulation'' \isa{B}.  The cases of a
  2.1102 -  coinduct rule are typically named after the predicates or sets being
  2.1103 -  covered, while the conclusions consist of several alternatives being
  2.1104 -  named after the individual destructor patterns.
  2.1105 -  
  2.1106 -  The given instantiation refers to the \emph{suffix} of variables
  2.1107 -  occurring in the rule's major premise, or conclusion if unavailable.
  2.1108 -  An additional ``\isa{{\isachardoublequote}taking{\isacharcolon}\ t\isactrlsub {\isadigit{1}}\ {\isasymdots}\ t\isactrlsub n{\isachardoublequote}}''
  2.1109 -  specification may be required in order to specify the bisimulation
  2.1110 -  to be used in the coinduction step.
  2.1111 -
  2.1112 -  \end{descr}
  2.1113 -
  2.1114 -  Above methods produce named local contexts, as determined by the
  2.1115 -  instantiated rule as given in the text.  Beyond that, the \hyperlink{method.induct}{\mbox{\isa{induct}}} and \hyperlink{method.coinduct}{\mbox{\isa{coinduct}}} methods guess further instantiations
  2.1116 -  from the goal specification itself.  Any persisting unresolved
  2.1117 -  schematic variables of the resulting rule will render the the
  2.1118 -  corresponding case invalid.  The term binding \hyperlink{variable.?case}{\mbox{\isa{{\isacharquery}case}}} for
  2.1119 -  the conclusion will be provided with each case, provided that term
  2.1120 -  is fully specified.
  2.1121 -
  2.1122 -  The \hyperlink{command.print-cases}{\mbox{\isa{\isacommand{print{\isacharunderscore}cases}}}} command prints all named cases present
  2.1123 -  in the current proof state.
  2.1124 -
  2.1125 -  \medskip Despite the additional infrastructure, both \hyperlink{method.cases}{\mbox{\isa{cases}}}
  2.1126 -  and \hyperlink{method.coinduct}{\mbox{\isa{coinduct}}} merely apply a certain rule, after
  2.1127 -  instantiation, while conforming due to the usual way of monotonic
  2.1128 -  natural deduction: the context of a structured statement \isa{{\isachardoublequote}{\isasymAnd}x\isactrlsub {\isadigit{1}}\ {\isasymdots}\ x\isactrlsub m{\isachardot}\ {\isasymphi}\isactrlsub {\isadigit{1}}\ {\isasymLongrightarrow}\ {\isasymdots}\ {\isasymphi}\isactrlsub n\ {\isasymLongrightarrow}\ {\isasymdots}{\isachardoublequote}}
  2.1129 -  reappears unchanged after the case split.
  2.1130 -
  2.1131 -  The \hyperlink{method.induct}{\mbox{\isa{induct}}} method is fundamentally different in this
  2.1132 -  respect: the meta-level structure is passed through the
  2.1133 -  ``recursive'' course involved in the induction.  Thus the original
  2.1134 -  statement is basically replaced by separate copies, corresponding to
  2.1135 -  the induction hypotheses and conclusion; the original goal context
  2.1136 -  is no longer available.  Thus local assumptions, fixed parameters
  2.1137 -  and definitions effectively participate in the inductive rephrasing
  2.1138 -  of the original statement.
  2.1139 -
  2.1140 -  In induction proofs, local assumptions introduced by cases are split
  2.1141 -  into two different kinds: \isa{hyps} stemming from the rule and
  2.1142 -  \isa{prems} from the goal statement.  This is reflected in the
  2.1143 -  extracted cases accordingly, so invoking ``\hyperlink{command.case}{\mbox{\isa{\isacommand{case}}}}~\isa{c}'' will provide separate facts \isa{c{\isachardot}hyps} and \isa{c{\isachardot}prems},
  2.1144 -  as well as fact \isa{c} to hold the all-inclusive list.
  2.1145 -
  2.1146 -  \medskip Facts presented to either method are consumed according to
  2.1147 -  the number of ``major premises'' of the rule involved, which is
  2.1148 -  usually 0 for plain cases and induction rules of datatypes etc.\ and
  2.1149 -  1 for rules of inductive predicates or sets and the like.  The
  2.1150 -  remaining facts are inserted into the goal verbatim before the
  2.1151 -  actual \isa{cases}, \isa{induct}, or \isa{coinduct} rule is
  2.1152 -  applied.%
  2.1153 -\end{isamarkuptext}%
  2.1154 -\isamarkuptrue%
  2.1155 -%
  2.1156 -\isamarkupsubsubsection{Declaring rules%
  2.1157 -}
  2.1158 -\isamarkuptrue%
  2.1159 -%
  2.1160 -\begin{isamarkuptext}%
  2.1161 -\begin{matharray}{rcl}
  2.1162 -    \indexdef{}{command}{print\_induct\_rules}\hypertarget{command.print-induct-rules}{\hyperlink{command.print-induct-rules}{\mbox{\isa{\isacommand{print{\isacharunderscore}induct{\isacharunderscore}rules}}}}}\isa{{\isachardoublequote}\isactrlsup {\isacharasterisk}{\isachardoublequote}} & : & \isarkeep{theory~|~proof} \\
  2.1163 -    \indexdef{}{attribute}{cases}\hypertarget{attribute.cases}{\hyperlink{attribute.cases}{\mbox{\isa{cases}}}} & : & \isaratt \\
  2.1164 -    \indexdef{}{attribute}{induct}\hypertarget{attribute.induct}{\hyperlink{attribute.induct}{\mbox{\isa{induct}}}} & : & \isaratt \\
  2.1165 -    \indexdef{}{attribute}{coinduct}\hypertarget{attribute.coinduct}{\hyperlink{attribute.coinduct}{\mbox{\isa{coinduct}}}} & : & \isaratt \\
  2.1166 -  \end{matharray}
  2.1167 -
  2.1168 -  \begin{rail}
  2.1169 -    'cases' spec
  2.1170 -    ;
  2.1171 -    'induct' spec
  2.1172 -    ;
  2.1173 -    'coinduct' spec
  2.1174 -    ;
  2.1175 -
  2.1176 -    spec: ('type' | 'pred' | 'set') ':' nameref
  2.1177 -    ;
  2.1178 -  \end{rail}
  2.1179 -
  2.1180 -  \begin{descr}
  2.1181 -
  2.1182 -  \item [\hyperlink{command.print-induct-rules}{\mbox{\isa{\isacommand{print{\isacharunderscore}induct{\isacharunderscore}rules}}}}] prints cases and induct
  2.1183 -  rules for predicates (or sets) and types of the current context.
  2.1184 -  
  2.1185 -  \item [\hyperlink{attribute.cases}{\mbox{\isa{cases}}}, \hyperlink{attribute.induct}{\mbox{\isa{induct}}}, and \hyperlink{attribute.coinduct}{\mbox{\isa{coinduct}}}] (as attributes) augment the corresponding context of
  2.1186 -  rules for reasoning about (co)inductive predicates (or sets) and
  2.1187 -  types, using the corresponding methods of the same name.  Certain
  2.1188 -  definitional packages of object-logics usually declare emerging
  2.1189 -  cases and induction rules as expected, so users rarely need to
  2.1190 -  intervene.
  2.1191 -  
  2.1192 -  Manual rule declarations usually refer to the \hyperlink{attribute.case-names}{\mbox{\isa{case{\isacharunderscore}names}}} and \hyperlink{attribute.params}{\mbox{\isa{params}}} attributes to adjust names of
  2.1193 -  cases and parameters of a rule; the \hyperlink{attribute.consumes}{\mbox{\isa{consumes}}}
  2.1194 -  declaration is taken care of automatically: \hyperlink{attribute.consumes}{\mbox{\isa{consumes}}}~\isa{{\isadigit{0}}} is specified for ``type'' rules and \hyperlink{attribute.consumes}{\mbox{\isa{consumes}}}~\isa{{\isadigit{1}}} for ``predicate'' / ``set'' rules.
  2.1195 -
  2.1196 -  \end{descr}%
  2.1197 -\end{isamarkuptext}%
  2.1198 -\isamarkuptrue%
  2.1199 -%
  2.1200  \isamarkupsection{General logic setup \label{sec:object-logic}%
  2.1201  }
  2.1202  \isamarkuptrue%
     3.1 --- a/doc-src/IsarRef/Thy/document/HOL_Specific.tex	Mon Jun 02 22:50:27 2008 +0200
     3.2 +++ b/doc-src/IsarRef/Thy/document/HOL_Specific.tex	Mon Jun 02 22:50:29 2008 +0200
     3.3 @@ -1154,7 +1154,6 @@
     3.4  %
     3.5  \endisadelimtheory
     3.6  \isanewline
     3.7 -\isanewline
     3.8  \end{isabellebody}%
     3.9  %%% Local Variables:
    3.10  %%% mode: latex
     4.1 --- a/doc-src/IsarRef/Thy/document/Introduction.tex	Mon Jun 02 22:50:27 2008 +0200
     4.2 +++ b/doc-src/IsarRef/Thy/document/Introduction.tex	Mon Jun 02 22:50:29 2008 +0200
     4.3 @@ -73,10 +73,22 @@
     4.4  
     4.5    \medskip The Isabelle/Isar framework is generic and should work
     4.6    reasonably well for any Isabelle object-logic that conforms to the
     4.7 -  natural deduction view of the Isabelle/Pure framework.  Major
     4.8 -  Isabelle logics like HOL \cite{isabelle-HOL}, HOLCF
     4.9 -  \cite{MuellerNvOS99}, FOL \cite{isabelle-logics}, and ZF
    4.10 -  \cite{isabelle-ZF} have already been set up for end-users.%
    4.11 +  natural deduction view of the Isabelle/Pure framework.  Specific
    4.12 +  language elements introduced by the major object-logics are
    4.13 +  described in \chref{ch:hol} (Isabelle/HOL), \chref{ch:holcf}
    4.14 +  (Isabelle/HOLCF), and \chref{ch:zf} (Isabelle/ZF).  The main
    4.15 +  language elements are already provided by the Isabelle/Pure
    4.16 +  framework. Nevertheless, examples given in the generic parts will
    4.17 +  usually refer to Isabelle/HOL as well.
    4.18 +
    4.19 +  \medskip Isar commands may be either \emph{proper} document
    4.20 +  constructors, or \emph{improper commands}.  Some proof methods and
    4.21 +  attributes introduced later are classified as improper as well.
    4.22 +  Improper Isar language elements, which are marked by ``\isa{{\isachardoublequote}\isactrlsup {\isacharasterisk}{\isachardoublequote}}'' in the subsequent chapters; they are often helpful
    4.23 +  when developing proof documents, but their use is discouraged for
    4.24 +  the final human-readable outcome.  Typical examples are diagnostic
    4.25 +  commands that print terms or theorems according to the current
    4.26 +  context; other commands emulate old-style tactical theorem proving.%
    4.27  \end{isamarkuptext}%
    4.28  \isamarkuptrue%
    4.29  %
    4.30 @@ -108,7 +120,7 @@
    4.31  \end{isamarkuptext}%
    4.32  \isamarkuptrue%
    4.33  %
    4.34 -\isamarkupsubsection{Proof General%
    4.35 +\isamarkupsubsection{Emacs Proof General%
    4.36  }
    4.37  \isamarkuptrue%
    4.38  %
    4.39 @@ -198,7 +210,7 @@
    4.40    hand, the plain ASCII sources easily become somewhat unintelligible.
    4.41    For example, \isa{{\isachardoublequote}{\isasymLongrightarrow}{\isachardoublequote}} would appear as \verb|\<Longrightarrow>| according
    4.42    the default set of Isabelle symbols.  Nevertheless, the Isabelle
    4.43 -  document preparation system (see \secref{sec:document-prep}) will be
    4.44 +  document preparation system (see \chref{ch:document-prep}) will be
    4.45    happy to print non-ASCII symbols properly.  It is even possible to
    4.46    invent additional notation beyond the display capabilities of Emacs
    4.47    and X-Symbol.%
    4.48 @@ -243,58 +255,6 @@
    4.49  \end{isamarkuptext}%
    4.50  \isamarkuptrue%
    4.51  %
    4.52 -\isamarkupsubsection{Document preparation \label{sec:document-prep}%
    4.53 -}
    4.54 -\isamarkuptrue%
    4.55 -%
    4.56 -\begin{isamarkuptext}%
    4.57 -Isabelle/Isar provides a simple document preparation system based on
    4.58 -  existing {PDF-\LaTeX} technology, with full support of hyper-links
    4.59 -  (both local references and URLs) and bookmarks.  Thus the results
    4.60 -  are equally well suited for WWW browsing and as printed copies.
    4.61 -
    4.62 -  \medskip Isabelle generates {\LaTeX} output as part of the run of a
    4.63 -  \emph{logic session} (see also \cite{isabelle-sys}).  Getting
    4.64 -  started with a working configuration for common situations is quite
    4.65 -  easy by using the Isabelle \verb|mkdir| and \verb|make|
    4.66 -  tools.  First invoke
    4.67 -\begin{ttbox}
    4.68 -  isatool mkdir Foo
    4.69 -\end{ttbox}
    4.70 -  to initialize a separate directory for session \verb|Foo| ---
    4.71 -  it is safe to experiment, since \verb|isatool mkdir| never
    4.72 -  overwrites existing files.  Ensure that \verb|Foo/ROOT.ML|
    4.73 -  holds ML commands to load all theories required for this session;
    4.74 -  furthermore \verb|Foo/document/root.tex| should include any
    4.75 -  special {\LaTeX} macro packages required for your document (the
    4.76 -  default is usually sufficient as a start).
    4.77 -
    4.78 -  The session is controlled by a separate \verb|IsaMakefile|
    4.79 -  (with crude source dependencies by default).  This file is located
    4.80 -  one level up from the \verb|Foo| directory location.  Now
    4.81 -  invoke
    4.82 -\begin{ttbox}
    4.83 -  isatool make Foo
    4.84 -\end{ttbox}
    4.85 -  to run the \verb|Foo| session, with browser information and
    4.86 -  document preparation enabled.  Unless any errors are reported by
    4.87 -  Isabelle or {\LaTeX}, the output will appear inside the directory
    4.88 -  \verb|ISABELLE_BROWSER_INFO|, as reported by the batch job in
    4.89 -  verbose mode.
    4.90 -
    4.91 -  \medskip You may also consider to tune the \verb|usedir|
    4.92 -  options in \verb|IsaMakefile|, for example to change the output
    4.93 -  format from \verb|pdf| to \verb|dvi|, or activate the
    4.94 -  \verb|-D| option to retain a second copy of the generated
    4.95 -  {\LaTeX} sources.
    4.96 -
    4.97 -  \medskip See \emph{The Isabelle System Manual} \cite{isabelle-sys}
    4.98 -  for further details on Isabelle logic sessions and theory
    4.99 -  presentation.  The Isabelle/HOL tutorial \cite{isabelle-hol-book}
   4.100 -  also covers theory presentation issues.%
   4.101 -\end{isamarkuptext}%
   4.102 -\isamarkuptrue%
   4.103 -%
   4.104  \isamarkupsubsection{How to write Isar proofs anyway? \label{sec:isar-howto}%
   4.105  }
   4.106  \isamarkuptrue%
     5.1 --- a/doc-src/IsarRef/Thy/document/Outer_Syntax.tex	Mon Jun 02 22:50:27 2008 +0200
     5.2 +++ b/doc-src/IsarRef/Thy/document/Outer_Syntax.tex	Mon Jun 02 22:50:29 2008 +0200
     5.3 @@ -20,7 +20,7 @@
     5.4  %
     5.5  \endisadelimtheory
     5.6  %
     5.7 -\isamarkupchapter{Syntax primitives%
     5.8 +\isamarkupchapter{Outer syntax%
     5.9  }
    5.10  \isamarkuptrue%
    5.11  %
    5.12 @@ -496,276 +496,6 @@
    5.13  \end{isamarkuptext}%
    5.14  \isamarkuptrue%
    5.15  %
    5.16 -\isamarkupsubsection{Antiquotations \label{sec:antiq}%
    5.17 -}
    5.18 -\isamarkuptrue%
    5.19 -%
    5.20 -\begin{isamarkuptext}%
    5.21 -\begin{matharray}{rcl}
    5.22 -    \indexdef{}{antiquotation}{theory}\hypertarget{antiquotation.theory}{\hyperlink{antiquotation.theory}{\mbox{\isa{theory}}}} & : & \isarantiq \\
    5.23 -    \indexdef{}{antiquotation}{thm}\hypertarget{antiquotation.thm}{\hyperlink{antiquotation.thm}{\mbox{\isa{thm}}}} & : & \isarantiq \\
    5.24 -    \indexdef{}{antiquotation}{prop}\hypertarget{antiquotation.prop}{\hyperlink{antiquotation.prop}{\mbox{\isa{prop}}}} & : & \isarantiq \\
    5.25 -    \indexdef{}{antiquotation}{term}\hypertarget{antiquotation.term}{\hyperlink{antiquotation.term}{\mbox{\isa{term}}}} & : & \isarantiq \\
    5.26 -    \indexdef{}{antiquotation}{const}\hypertarget{antiquotation.const}{\hyperlink{antiquotation.const}{\mbox{\isa{const}}}} & : & \isarantiq \\
    5.27 -    \indexdef{}{antiquotation}{abbrev}\hypertarget{antiquotation.abbrev}{\hyperlink{antiquotation.abbrev}{\mbox{\isa{abbrev}}}} & : & \isarantiq \\
    5.28 -    \indexdef{}{antiquotation}{typeof}\hypertarget{antiquotation.typeof}{\hyperlink{antiquotation.typeof}{\mbox{\isa{typeof}}}} & : & \isarantiq \\
    5.29 -    \indexdef{}{antiquotation}{typ}\hypertarget{antiquotation.typ}{\hyperlink{antiquotation.typ}{\mbox{\isa{typ}}}} & : & \isarantiq \\
    5.30 -    \indexdef{}{antiquotation}{thm\_style}\hypertarget{antiquotation.thm-style}{\hyperlink{antiquotation.thm-style}{\mbox{\isa{thm{\isacharunderscore}style}}}} & : & \isarantiq \\
    5.31 -    \indexdef{}{antiquotation}{term\_style}\hypertarget{antiquotation.term-style}{\hyperlink{antiquotation.term-style}{\mbox{\isa{term{\isacharunderscore}style}}}} & : & \isarantiq \\
    5.32 -    \indexdef{}{antiquotation}{text}\hypertarget{antiquotation.text}{\hyperlink{antiquotation.text}{\mbox{\isa{text}}}} & : & \isarantiq \\
    5.33 -    \indexdef{}{antiquotation}{goals}\hypertarget{antiquotation.goals}{\hyperlink{antiquotation.goals}{\mbox{\isa{goals}}}} & : & \isarantiq \\
    5.34 -    \indexdef{}{antiquotation}{subgoals}\hypertarget{antiquotation.subgoals}{\hyperlink{antiquotation.subgoals}{\mbox{\isa{subgoals}}}} & : & \isarantiq \\
    5.35 -    \indexdef{}{antiquotation}{prf}\hypertarget{antiquotation.prf}{\hyperlink{antiquotation.prf}{\mbox{\isa{prf}}}} & : & \isarantiq \\
    5.36 -    \indexdef{}{antiquotation}{full\_prf}\hypertarget{antiquotation.full-prf}{\hyperlink{antiquotation.full-prf}{\mbox{\isa{full{\isacharunderscore}prf}}}} & : & \isarantiq \\
    5.37 -    \indexdef{}{antiquotation}{ML}\hypertarget{antiquotation.ML}{\hyperlink{antiquotation.ML}{\mbox{\isa{ML}}}} & : & \isarantiq \\
    5.38 -    \indexdef{}{antiquotation}{ML\_type}\hypertarget{antiquotation.ML-type}{\hyperlink{antiquotation.ML-type}{\mbox{\isa{ML{\isacharunderscore}type}}}} & : & \isarantiq \\
    5.39 -    \indexdef{}{antiquotation}{ML\_struct}\hypertarget{antiquotation.ML-struct}{\hyperlink{antiquotation.ML-struct}{\mbox{\isa{ML{\isacharunderscore}struct}}}} & : & \isarantiq \\
    5.40 -  \end{matharray}
    5.41 -
    5.42 -  The text body of formal comments (see also \secref{sec:comments})
    5.43 -  may contain antiquotations of logical entities, such as theorems,
    5.44 -  terms and types, which are to be presented in the final output
    5.45 -  produced by the Isabelle document preparation system (see also
    5.46 -  \secref{sec:document-prep}).
    5.47 -
    5.48 -  Thus embedding of ``\isa{{\isachardoublequote}{\isacharat}{\isacharbraceleft}term\ {\isacharbrackleft}show{\isacharunderscore}types{\isacharbrackright}\ {\isachardoublequote}f\ x\ {\isacharequal}\ a\ {\isacharplus}\ x{\isachardoublequote}{\isacharbraceright}{\isachardoublequote}}''
    5.49 -  within a text block would cause
    5.50 -  \isa{{\isacharparenleft}f{\isasymColon}{\isacharprime}a\ {\isasymRightarrow}\ {\isacharprime}a{\isacharparenright}\ {\isacharparenleft}x{\isasymColon}{\isacharprime}a{\isacharparenright}\ {\isacharequal}\ {\isacharparenleft}a{\isasymColon}{\isacharprime}a{\isacharparenright}\ {\isacharplus}\ x} to appear in the final {\LaTeX} document.  Also note that theorem
    5.51 -  antiquotations may involve attributes as well.  For example,
    5.52 -  \isa{{\isachardoublequote}{\isacharat}{\isacharbraceleft}thm\ sym\ {\isacharbrackleft}no{\isacharunderscore}vars{\isacharbrackright}{\isacharbraceright}{\isachardoublequote}} would print the theorem's
    5.53 -  statement where all schematic variables have been replaced by fixed
    5.54 -  ones, which are easier to read.
    5.55 -
    5.56 -  \begin{rail}
    5.57 -    atsign lbrace antiquotation rbrace
    5.58 -    ;
    5.59 -
    5.60 -    antiquotation:
    5.61 -      'theory' options name |
    5.62 -      'thm' options thmrefs |
    5.63 -      'prop' options prop |
    5.64 -      'term' options term |
    5.65 -      'const' options term |
    5.66 -      'abbrev' options term |
    5.67 -      'typeof' options term |
    5.68 -      'typ' options type |
    5.69 -      'thm\_style' options name thmref |
    5.70 -      'term\_style' options name term |
    5.71 -      'text' options name |
    5.72 -      'goals' options |
    5.73 -      'subgoals' options |
    5.74 -      'prf' options thmrefs |
    5.75 -      'full\_prf' options thmrefs |
    5.76 -      'ML' options name |
    5.77 -      'ML\_type' options name |
    5.78 -      'ML\_struct' options name
    5.79 -    ;
    5.80 -    options: '[' (option * ',') ']'
    5.81 -    ;
    5.82 -    option: name | name '=' name
    5.83 -    ;
    5.84 -  \end{rail}
    5.85 -
    5.86 -  Note that the syntax of antiquotations may \emph{not} include source
    5.87 -  comments \verb|(*|~\isa{{\isachardoublequote}{\isasymdots}{\isachardoublequote}}~\verb|*)| or verbatim
    5.88 -  text \verb|{|\verb|*|~\isa{{\isachardoublequote}{\isasymdots}{\isachardoublequote}}~\verb|*|\verb|}|.
    5.89 -
    5.90 -  \begin{descr}
    5.91 -  
    5.92 -  \item [\isa{{\isachardoublequote}{\isacharat}{\isacharbraceleft}theory\ A{\isacharbraceright}{\isachardoublequote}}] prints the name \isa{{\isachardoublequote}A{\isachardoublequote}}, which is
    5.93 -  guaranteed to refer to a valid ancestor theory in the current
    5.94 -  context.
    5.95 -
    5.96 -  \item [\isa{{\isachardoublequote}{\isacharat}{\isacharbraceleft}thm\ a\isactrlsub {\isadigit{1}}\ {\isasymdots}\ a\isactrlsub n{\isacharbraceright}{\isachardoublequote}}] prints theorems
    5.97 -  \isa{{\isachardoublequote}a\isactrlsub {\isadigit{1}}\ {\isasymdots}\ a\isactrlsub n{\isachardoublequote}}.  Note that attribute specifications
    5.98 -  may be included as well (see also \secref{sec:syn-att}); the
    5.99 -  \indexref{}{attribute}{no\_vars}\hyperlink{attribute.no-vars}{\mbox{\isa{no{\isacharunderscore}vars}}} rule (see \secref{sec:misc-meth-att}) would
   5.100 -  be particularly useful to suppress printing of schematic variables.
   5.101 -
   5.102 -  \item [\isa{{\isachardoublequote}{\isacharat}{\isacharbraceleft}prop\ {\isasymphi}{\isacharbraceright}{\isachardoublequote}}] prints a well-typed proposition \isa{{\isachardoublequote}{\isasymphi}{\isachardoublequote}}.
   5.103 -
   5.104 -  \item [\isa{{\isachardoublequote}{\isacharat}{\isacharbraceleft}term\ t{\isacharbraceright}{\isachardoublequote}}] prints a well-typed term \isa{{\isachardoublequote}t{\isachardoublequote}}.
   5.105 -
   5.106 -  \item [\isa{{\isachardoublequote}{\isacharat}{\isacharbraceleft}const\ c{\isacharbraceright}{\isachardoublequote}}] prints a logical or syntactic constant
   5.107 -  \isa{{\isachardoublequote}c{\isachardoublequote}}.
   5.108 -  
   5.109 -  \item [\isa{{\isachardoublequote}{\isacharat}{\isacharbraceleft}abbrev\ c\ x\isactrlsub {\isadigit{1}}\ {\isasymdots}\ x\isactrlsub n{\isacharbraceright}{\isachardoublequote}}] prints a constant
   5.110 -  abbreviation \isa{{\isachardoublequote}c\ x\isactrlsub {\isadigit{1}}\ {\isasymdots}\ x\isactrlsub n\ {\isasymequiv}\ rhs{\isachardoublequote}} as defined in
   5.111 -  the current context.
   5.112 -
   5.113 -  \item [\isa{{\isachardoublequote}{\isacharat}{\isacharbraceleft}typeof\ t{\isacharbraceright}{\isachardoublequote}}] prints the type of a well-typed term
   5.114 -  \isa{{\isachardoublequote}t{\isachardoublequote}}.
   5.115 -
   5.116 -  \item [\isa{{\isachardoublequote}{\isacharat}{\isacharbraceleft}typ\ {\isasymtau}{\isacharbraceright}{\isachardoublequote}}] prints a well-formed type \isa{{\isachardoublequote}{\isasymtau}{\isachardoublequote}}.
   5.117 -  
   5.118 -  \item [\isa{{\isachardoublequote}{\isacharat}{\isacharbraceleft}thm{\isacharunderscore}style\ s\ a{\isacharbraceright}{\isachardoublequote}}] prints theorem \isa{a},
   5.119 -  previously applying a style \isa{s} to it (see below).
   5.120 -  
   5.121 -  \item [\isa{{\isachardoublequote}{\isacharat}{\isacharbraceleft}term{\isacharunderscore}style\ s\ t{\isacharbraceright}{\isachardoublequote}}] prints a well-typed term \isa{t} after applying a style \isa{s} to it (see below).
   5.122 -
   5.123 -  \item [\isa{{\isachardoublequote}{\isacharat}{\isacharbraceleft}text\ s{\isacharbraceright}{\isachardoublequote}}] prints uninterpreted source text \isa{s}.  This is particularly useful to print portions of text according
   5.124 -  to the Isabelle {\LaTeX} output style, without demanding
   5.125 -  well-formedness (e.g.\ small pieces of terms that should not be
   5.126 -  parsed or type-checked yet).
   5.127 -
   5.128 -  \item [\isa{{\isachardoublequote}{\isacharat}{\isacharbraceleft}goals{\isacharbraceright}{\isachardoublequote}}] prints the current \emph{dynamic} goal
   5.129 -  state.  This is mainly for support of tactic-emulation scripts
   5.130 -  within Isar --- presentation of goal states does not conform to
   5.131 -  actual human-readable proof documents.
   5.132 -
   5.133 -  Please do not include goal states into document output unless you
   5.134 -  really know what you are doing!
   5.135 -  
   5.136 -  \item [\isa{{\isachardoublequote}{\isacharat}{\isacharbraceleft}subgoals{\isacharbraceright}{\isachardoublequote}}] is similar to \isa{{\isachardoublequote}{\isacharat}{\isacharbraceleft}goals{\isacharbraceright}{\isachardoublequote}}, but
   5.137 -  does not print the main goal.
   5.138 -  
   5.139 -  \item [\isa{{\isachardoublequote}{\isacharat}{\isacharbraceleft}prf\ a\isactrlsub {\isadigit{1}}\ {\isasymdots}\ a\isactrlsub n{\isacharbraceright}{\isachardoublequote}}] prints the (compact)
   5.140 -  proof terms corresponding to the theorems \isa{{\isachardoublequote}a\isactrlsub {\isadigit{1}}\ {\isasymdots}\ a\isactrlsub n{\isachardoublequote}}. Note that this requires proof terms to be switched on
   5.141 -  for the current object logic (see the ``Proof terms'' section of the
   5.142 -  Isabelle reference manual for information on how to do this).
   5.143 -  
   5.144 -  \item [\isa{{\isachardoublequote}{\isacharat}{\isacharbraceleft}full{\isacharunderscore}prf\ a\isactrlsub {\isadigit{1}}\ {\isasymdots}\ a\isactrlsub n{\isacharbraceright}{\isachardoublequote}}] is like \isa{{\isachardoublequote}{\isacharat}{\isacharbraceleft}prf\ a\isactrlsub {\isadigit{1}}\ {\isasymdots}\ a\isactrlsub n{\isacharbraceright}{\isachardoublequote}}, but displays the full proof terms,
   5.145 -  i.e.\ also displays information omitted in the compact proof term,
   5.146 -  which is denoted by ``\isa{{\isacharunderscore}}'' placeholders there.
   5.147 -  
   5.148 -  \item [\isa{{\isachardoublequote}{\isacharat}{\isacharbraceleft}ML\ s{\isacharbraceright}{\isachardoublequote}}, \isa{{\isachardoublequote}{\isacharat}{\isacharbraceleft}ML{\isacharunderscore}type\ s{\isacharbraceright}{\isachardoublequote}}, and \isa{{\isachardoublequote}{\isacharat}{\isacharbraceleft}ML{\isacharunderscore}struct\ s{\isacharbraceright}{\isachardoublequote}}] check text \isa{s} as ML value, type, and
   5.149 -  structure, respectively.  The source is displayed verbatim.
   5.150 -
   5.151 -  \end{descr}
   5.152 -
   5.153 -  \medskip The following standard styles for use with \isa{thm{\isacharunderscore}style} and \isa{term{\isacharunderscore}style} are available:
   5.154 -
   5.155 -  \begin{descr}
   5.156 -  
   5.157 -  \item [\isa{lhs}] extracts the first argument of any application
   5.158 -  form with at least two arguments -- typically meta-level or
   5.159 -  object-level equality, or any other binary relation.
   5.160 -  
   5.161 -  \item [\isa{rhs}] is like \isa{lhs}, but extracts the second
   5.162 -  argument.
   5.163 -  
   5.164 -  \item [\isa{{\isachardoublequote}concl{\isachardoublequote}}] extracts the conclusion \isa{C} from a rule
   5.165 -  in Horn-clause normal form \isa{{\isachardoublequote}A\isactrlsub {\isadigit{1}}\ {\isasymLongrightarrow}\ {\isasymdots}\ A\isactrlsub n\ {\isasymLongrightarrow}\ C{\isachardoublequote}}.
   5.166 -  
   5.167 -  \item [\isa{{\isachardoublequote}prem{\isadigit{1}}{\isachardoublequote}}, \dots, \isa{{\isachardoublequote}prem{\isadigit{9}}{\isachardoublequote}}] extract premise
   5.168 -  number \isa{{\isachardoublequote}{\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ {\isadigit{9}}{\isachardoublequote}}, respectively, from from a rule in
   5.169 -  Horn-clause normal form \isa{{\isachardoublequote}A\isactrlsub {\isadigit{1}}\ {\isasymLongrightarrow}\ {\isasymdots}\ A\isactrlsub n\ {\isasymLongrightarrow}\ C{\isachardoublequote}}
   5.170 -
   5.171 -  \end{descr}
   5.172 -
   5.173 -  \medskip
   5.174 -  The following options are available to tune the output.  Note that most of
   5.175 -  these coincide with ML flags of the same names (see also \cite{isabelle-ref}).
   5.176 -
   5.177 -  \begin{descr}
   5.178 -
   5.179 -  \item[\isa{{\isachardoublequote}show{\isacharunderscore}types\ {\isacharequal}\ bool{\isachardoublequote}} and \isa{{\isachardoublequote}show{\isacharunderscore}sorts\ {\isacharequal}\ bool{\isachardoublequote}}]
   5.180 -  control printing of explicit type and sort constraints.
   5.181 -
   5.182 -  \item[\isa{{\isachardoublequote}show{\isacharunderscore}structs\ {\isacharequal}\ bool{\isachardoublequote}}] controls printing of implicit
   5.183 -  structures.
   5.184 -
   5.185 -  \item[\isa{{\isachardoublequote}long{\isacharunderscore}names\ {\isacharequal}\ bool{\isachardoublequote}}] forces names of types and
   5.186 -  constants etc.\ to be printed in their fully qualified internal
   5.187 -  form.
   5.188 -
   5.189 -  \item[\isa{{\isachardoublequote}short{\isacharunderscore}names\ {\isacharequal}\ bool{\isachardoublequote}}] forces names of types and
   5.190 -  constants etc.\ to be printed unqualified.  Note that internalizing
   5.191 -  the output again in the current context may well yield a different
   5.192 -  result.
   5.193 -
   5.194 -  \item[\isa{{\isachardoublequote}unique{\isacharunderscore}names\ {\isacharequal}\ bool{\isachardoublequote}}] determines whether the printed
   5.195 -  version of qualified names should be made sufficiently long to avoid
   5.196 -  overlap with names declared further back.  Set to \isa{false} for
   5.197 -  more concise output.
   5.198 -
   5.199 -  \item[\isa{{\isachardoublequote}eta{\isacharunderscore}contract\ {\isacharequal}\ bool{\isachardoublequote}}] prints terms in \isa{{\isasymeta}}-contracted form.
   5.200 -
   5.201 -  \item[\isa{{\isachardoublequote}display\ {\isacharequal}\ bool{\isachardoublequote}}] indicates if the text is to be
   5.202 -  output as multi-line ``display material'', rather than a small piece
   5.203 -  of text without line breaks (which is the default).
   5.204 -
   5.205 -  \item[\isa{{\isachardoublequote}break\ {\isacharequal}\ bool{\isachardoublequote}}] controls line breaks in non-display
   5.206 -  material.
   5.207 -
   5.208 -  \item[\isa{{\isachardoublequote}quotes\ {\isacharequal}\ bool{\isachardoublequote}}] indicates if the output should be
   5.209 -  enclosed in double quotes.
   5.210 -
   5.211 -  \item[\isa{{\isachardoublequote}mode\ {\isacharequal}\ name{\isachardoublequote}}] adds \isa{name} to the print mode to
   5.212 -  be used for presentation (see also \cite{isabelle-ref}).  Note that
   5.213 -  the standard setup for {\LaTeX} output is already present by
   5.214 -  default, including the modes \isa{latex} and \isa{xsymbols}.
   5.215 -
   5.216 -  \item[\isa{{\isachardoublequote}margin\ {\isacharequal}\ nat{\isachardoublequote}} and \isa{{\isachardoublequote}indent\ {\isacharequal}\ nat{\isachardoublequote}}] change the
   5.217 -  margin or indentation for pretty printing of display material.
   5.218 -
   5.219 -  \item[\isa{{\isachardoublequote}source\ {\isacharequal}\ bool{\isachardoublequote}}] prints the source text of the
   5.220 -  antiquotation arguments, rather than the actual value.  Note that
   5.221 -  this does not affect well-formedness checks of \hyperlink{antiquotation.thm}{\mbox{\isa{thm}}}, \hyperlink{antiquotation.term}{\mbox{\isa{term}}}, etc. (only the \hyperlink{antiquotation.text}{\mbox{\isa{text}}} antiquotation admits arbitrary output).
   5.222 -
   5.223 -  \item[\isa{{\isachardoublequote}goals{\isacharunderscore}limit\ {\isacharequal}\ nat{\isachardoublequote}}] determines the maximum number of
   5.224 -  goals to be printed.
   5.225 -
   5.226 -  \item[\isa{{\isachardoublequote}locale\ {\isacharequal}\ name{\isachardoublequote}}] specifies an alternative locale
   5.227 -  context used for evaluating and printing the subsequent argument.
   5.228 -
   5.229 -  \end{descr}
   5.230 -
   5.231 -  For boolean flags, ``\isa{{\isachardoublequote}name\ {\isacharequal}\ true{\isachardoublequote}}'' may be abbreviated as
   5.232 -  ``\isa{name}''.  All of the above flags are disabled by default,
   5.233 -  unless changed from ML.
   5.234 -
   5.235 -  \medskip Note that antiquotations do not only spare the author from
   5.236 -  tedious typing of logical entities, but also achieve some degree of
   5.237 -  consistency-checking of informal explanations with formal
   5.238 -  developments: well-formedness of terms and types with respect to the
   5.239 -  current theory or proof context is ensured here.%
   5.240 -\end{isamarkuptext}%
   5.241 -\isamarkuptrue%
   5.242 -%
   5.243 -\isamarkupsubsection{Tagged commands \label{sec:tags}%
   5.244 -}
   5.245 -\isamarkuptrue%
   5.246 -%
   5.247 -\begin{isamarkuptext}%
   5.248 -Each Isabelle/Isar command may be decorated by presentation tags:
   5.249 -
   5.250 -  \indexouternonterm{tags}
   5.251 -  \begin{rail}
   5.252 -    tags: ( tag * )
   5.253 -    ;
   5.254 -    tag: '\%' (ident | string)
   5.255 -  \end{rail}
   5.256 -
   5.257 -  The tags \isa{{\isachardoublequote}theory{\isachardoublequote}}, \isa{{\isachardoublequote}proof{\isachardoublequote}}, \isa{{\isachardoublequote}ML{\isachardoublequote}} are already
   5.258 -  pre-declared for certain classes of commands:
   5.259 -
   5.260 - \medskip
   5.261 -
   5.262 -  \begin{tabular}{ll}
   5.263 -    \isa{{\isachardoublequote}theory{\isachardoublequote}} & theory begin/end \\
   5.264 -    \isa{{\isachardoublequote}proof{\isachardoublequote}} & all proof commands \\
   5.265 -    \isa{{\isachardoublequote}ML{\isachardoublequote}} & all commands involving ML code \\
   5.266 -  \end{tabular}
   5.267 -
   5.268 -  \medskip The Isabelle document preparation system (see also
   5.269 -  \cite{isabelle-sys}) allows tagged command regions to be presented
   5.270 -  specifically, e.g.\ to fold proof texts, or drop parts of the text
   5.271 -  completely.
   5.272 -
   5.273 -  For example ``\hyperlink{command.by}{\mbox{\isa{\isacommand{by}}}}~\isa{{\isachardoublequote}{\isacharpercent}invisible\ auto{\isachardoublequote}}'' would
   5.274 -  cause that piece of proof to be treated as \isa{invisible} instead
   5.275 -  of \isa{{\isachardoublequote}proof{\isachardoublequote}} (the default), which may be either show or hidden
   5.276 -  depending on the document setup.  In contrast, ``\hyperlink{command.by}{\mbox{\isa{\isacommand{by}}}}~\isa{{\isachardoublequote}{\isacharpercent}visible\ auto{\isachardoublequote}}'' would force this text to be shown
   5.277 -  invariably.
   5.278 -
   5.279 -  Explicit tag specifications within a proof apply to all subsequent
   5.280 -  commands of the same level of nesting.  For example, ``\hyperlink{command.proof}{\mbox{\isa{\isacommand{proof}}}}~\isa{{\isachardoublequote}{\isacharpercent}visible\ {\isasymdots}{\isachardoublequote}}~\hyperlink{command.qed}{\mbox{\isa{\isacommand{qed}}}}'' would force the
   5.281 -  whole sub-proof to be typeset as \isa{visible} (unless some of its
   5.282 -  parts are tagged differently).%
   5.283 -\end{isamarkuptext}%
   5.284 -\isamarkuptrue%
   5.285 -%
   5.286  \isadelimtheory
   5.287  %
   5.288  \endisadelimtheory
     6.1 --- a/doc-src/IsarRef/Thy/document/Proof.tex	Mon Jun 02 22:50:27 2008 +0200
     6.2 +++ b/doc-src/IsarRef/Thy/document/Proof.tex	Mon Jun 02 22:50:29 2008 +0200
     6.3 @@ -1018,6 +1018,355 @@
     6.4  \end{isamarkuptext}%
     6.5  \isamarkuptrue%
     6.6  %
     6.7 +\isamarkupsection{Proof by cases and induction \label{sec:cases-induct}%
     6.8 +}
     6.9 +\isamarkuptrue%
    6.10 +%
    6.11 +\isamarkupsubsection{Rule contexts%
    6.12 +}
    6.13 +\isamarkuptrue%
    6.14 +%
    6.15 +\begin{isamarkuptext}%
    6.16 +\begin{matharray}{rcl}
    6.17 +    \indexdef{}{command}{case}\hypertarget{command.case}{\hyperlink{command.case}{\mbox{\isa{\isacommand{case}}}}} & : & \isartrans{proof(state)}{proof(state)} \\
    6.18 +    \indexdef{}{command}{print\_cases}\hypertarget{command.print-cases}{\hyperlink{command.print-cases}{\mbox{\isa{\isacommand{print{\isacharunderscore}cases}}}}}\isa{{\isachardoublequote}\isactrlsup {\isacharasterisk}{\isachardoublequote}} & : & \isarkeep{proof} \\
    6.19 +    \indexdef{}{attribute}{case\_names}\hypertarget{attribute.case-names}{\hyperlink{attribute.case-names}{\mbox{\isa{case{\isacharunderscore}names}}}} & : & \isaratt \\
    6.20 +    \indexdef{}{attribute}{case\_conclusion}\hypertarget{attribute.case-conclusion}{\hyperlink{attribute.case-conclusion}{\mbox{\isa{case{\isacharunderscore}conclusion}}}} & : & \isaratt \\
    6.21 +    \indexdef{}{attribute}{params}\hypertarget{attribute.params}{\hyperlink{attribute.params}{\mbox{\isa{params}}}} & : & \isaratt \\
    6.22 +    \indexdef{}{attribute}{consumes}\hypertarget{attribute.consumes}{\hyperlink{attribute.consumes}{\mbox{\isa{consumes}}}} & : & \isaratt \\
    6.23 +  \end{matharray}
    6.24 +
    6.25 +  The puristic way to build up Isar proof contexts is by explicit
    6.26 +  language elements like \hyperlink{command.fix}{\mbox{\isa{\isacommand{fix}}}}, \hyperlink{command.assume}{\mbox{\isa{\isacommand{assume}}}},
    6.27 +  \hyperlink{command.let}{\mbox{\isa{\isacommand{let}}}} (see \secref{sec:proof-context}).  This is adequate
    6.28 +  for plain natural deduction, but easily becomes unwieldy in concrete
    6.29 +  verification tasks, which typically involve big induction rules with
    6.30 +  several cases.
    6.31 +
    6.32 +  The \hyperlink{command.case}{\mbox{\isa{\isacommand{case}}}} command provides a shorthand to refer to a
    6.33 +  local context symbolically: certain proof methods provide an
    6.34 +  environment of named ``cases'' of the form \isa{{\isachardoublequote}c{\isacharcolon}\ x\isactrlsub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ x\isactrlsub m{\isacharcomma}\ {\isasymphi}\isactrlsub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ {\isasymphi}\isactrlsub n{\isachardoublequote}}; the effect of ``\hyperlink{command.case}{\mbox{\isa{\isacommand{case}}}}~\isa{c}'' is then equivalent to ``\hyperlink{command.fix}{\mbox{\isa{\isacommand{fix}}}}~\isa{{\isachardoublequote}x\isactrlsub {\isadigit{1}}\ {\isasymdots}\ x\isactrlsub m{\isachardoublequote}}~\hyperlink{command.assume}{\mbox{\isa{\isacommand{assume}}}}~\isa{{\isachardoublequote}c{\isacharcolon}\ {\isasymphi}\isactrlsub {\isadigit{1}}\ {\isasymdots}\ {\isasymphi}\isactrlsub n{\isachardoublequote}}''.  Term bindings may be covered as well, notably
    6.35 +  \hyperlink{variable.?case}{\mbox{\isa{{\isacharquery}case}}} for the main conclusion.
    6.36 +
    6.37 +  By default, the ``terminology'' \isa{{\isachardoublequote}x\isactrlsub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ x\isactrlsub m{\isachardoublequote}} of
    6.38 +  a case value is marked as hidden, i.e.\ there is no way to refer to
    6.39 +  such parameters in the subsequent proof text.  After all, original
    6.40 +  rule parameters stem from somewhere outside of the current proof
    6.41 +  text.  By using the explicit form ``\hyperlink{command.case}{\mbox{\isa{\isacommand{case}}}}~\isa{{\isachardoublequote}{\isacharparenleft}c\ y\isactrlsub {\isadigit{1}}\ {\isasymdots}\ y\isactrlsub m{\isacharparenright}{\isachardoublequote}}'' instead, the proof author is able to
    6.42 +  chose local names that fit nicely into the current context.
    6.43 +
    6.44 +  \medskip It is important to note that proper use of \hyperlink{command.case}{\mbox{\isa{\isacommand{case}}}} does not provide means to peek at the current goal state,
    6.45 +  which is not directly observable in Isar!  Nonetheless, goal
    6.46 +  refinement commands do provide named cases \isa{{\isachardoublequote}goal\isactrlsub i{\isachardoublequote}}
    6.47 +  for each subgoal \isa{{\isachardoublequote}i\ {\isacharequal}\ {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ n{\isachardoublequote}} of the resulting goal state.
    6.48 +  Using this extra feature requires great care, because some bits of
    6.49 +  the internal tactical machinery intrude the proof text.  In
    6.50 +  particular, parameter names stemming from the left-over of automated
    6.51 +  reasoning tools are usually quite unpredictable.
    6.52 +
    6.53 +  Under normal circumstances, the text of cases emerge from standard
    6.54 +  elimination or induction rules, which in turn are derived from
    6.55 +  previous theory specifications in a canonical way (say from
    6.56 +  \hyperlink{command.inductive}{\mbox{\isa{\isacommand{inductive}}}} definitions).
    6.57 +
    6.58 +  \medskip Proper cases are only available if both the proof method
    6.59 +  and the rules involved support this.  By using appropriate
    6.60 +  attributes, case names, conclusions, and parameters may be also
    6.61 +  declared by hand.  Thus variant versions of rules that have been
    6.62 +  derived manually become ready to use in advanced case analysis
    6.63 +  later.
    6.64 +
    6.65 +  \begin{rail}
    6.66 +    'case' (caseref | '(' caseref ((name | underscore) +) ')')
    6.67 +    ;
    6.68 +    caseref: nameref attributes?
    6.69 +    ;
    6.70 +
    6.71 +    'case\_names' (name +)
    6.72 +    ;
    6.73 +    'case\_conclusion' name (name *)
    6.74 +    ;
    6.75 +    'params' ((name *) + 'and')
    6.76 +    ;
    6.77 +    'consumes' nat?
    6.78 +    ;
    6.79 +  \end{rail}
    6.80 +
    6.81 +  \begin{descr}
    6.82 +  
    6.83 +  \item [\hyperlink{command.case}{\mbox{\isa{\isacommand{case}}}}~\isa{{\isachardoublequote}{\isacharparenleft}c\ x\isactrlsub {\isadigit{1}}\ {\isasymdots}\ x\isactrlsub m{\isacharparenright}{\isachardoublequote}}]
    6.84 +  invokes a named local context \isa{{\isachardoublequote}c{\isacharcolon}\ x\isactrlsub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ x\isactrlsub m{\isacharcomma}\ {\isasymphi}\isactrlsub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ {\isasymphi}\isactrlsub m{\isachardoublequote}}, as provided by an appropriate
    6.85 +  proof method (such as \indexref{}{method}{cases}\hyperlink{method.cases}{\mbox{\isa{cases}}} and \indexref{}{method}{induct}\hyperlink{method.induct}{\mbox{\isa{induct}}}).
    6.86 +  The command ``\hyperlink{command.case}{\mbox{\isa{\isacommand{case}}}}~\isa{{\isachardoublequote}{\isacharparenleft}c\ x\isactrlsub {\isadigit{1}}\ {\isasymdots}\ x\isactrlsub m{\isacharparenright}{\isachardoublequote}}'' abbreviates ``\hyperlink{command.fix}{\mbox{\isa{\isacommand{fix}}}}~\isa{{\isachardoublequote}x\isactrlsub {\isadigit{1}}\ {\isasymdots}\ x\isactrlsub m{\isachardoublequote}}~\hyperlink{command.assume}{\mbox{\isa{\isacommand{assume}}}}~\isa{{\isachardoublequote}c{\isacharcolon}\ {\isasymphi}\isactrlsub {\isadigit{1}}\ {\isasymdots}\ {\isasymphi}\isactrlsub n{\isachardoublequote}}''.
    6.87 +
    6.88 +  \item [\hyperlink{command.print-cases}{\mbox{\isa{\isacommand{print{\isacharunderscore}cases}}}}] prints all local contexts of the
    6.89 +  current state, using Isar proof language notation.
    6.90 +  
    6.91 +  \item [\hyperlink{attribute.case-names}{\mbox{\isa{case{\isacharunderscore}names}}}~\isa{{\isachardoublequote}c\isactrlsub {\isadigit{1}}\ {\isasymdots}\ c\isactrlsub k{\isachardoublequote}}]
    6.92 +  declares names for the local contexts of premises of a theorem;
    6.93 +  \isa{{\isachardoublequote}c\isactrlsub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ c\isactrlsub k{\isachardoublequote}} refers to the \emph{suffix} of the
    6.94 +  list of premises.
    6.95 +  
    6.96 +  \item [\hyperlink{attribute.case-conclusion}{\mbox{\isa{case{\isacharunderscore}conclusion}}}~\isa{{\isachardoublequote}c\ d\isactrlsub {\isadigit{1}}\ {\isasymdots}\ d\isactrlsub k{\isachardoublequote}}] declares names for the conclusions of a named premise
    6.97 +  \isa{c}; here \isa{{\isachardoublequote}d\isactrlsub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ d\isactrlsub k{\isachardoublequote}} refers to the
    6.98 +  prefix of arguments of a logical formula built by nesting a binary
    6.99 +  connective (e.g.\ \isa{{\isachardoublequote}{\isasymor}{\isachardoublequote}}).
   6.100 +  
   6.101 +  Note that proof methods such as \hyperlink{method.induct}{\mbox{\isa{induct}}} and \hyperlink{method.coinduct}{\mbox{\isa{coinduct}}} already provide a default name for the conclusion as a
   6.102 +  whole.  The need to name subformulas only arises with cases that
   6.103 +  split into several sub-cases, as in common co-induction rules.
   6.104 +
   6.105 +  \item [\hyperlink{attribute.params}{\mbox{\isa{params}}}~\isa{{\isachardoublequote}p\isactrlsub {\isadigit{1}}\ {\isasymdots}\ p\isactrlsub m\ {\isasymAND}\ {\isasymdots}\ q\isactrlsub {\isadigit{1}}\ {\isasymdots}\ q\isactrlsub n{\isachardoublequote}}] renames the innermost parameters of
   6.106 +  premises \isa{{\isachardoublequote}{\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ n{\isachardoublequote}} of some theorem.  An empty list of names
   6.107 +  may be given to skip positions, leaving the present parameters
   6.108 +  unchanged.
   6.109 +  
   6.110 +  Note that the default usage of case rules does \emph{not} directly
   6.111 +  expose parameters to the proof context.
   6.112 +  
   6.113 +  \item [\hyperlink{attribute.consumes}{\mbox{\isa{consumes}}}~\isa{n}] declares the number of
   6.114 +  ``major premises'' of a rule, i.e.\ the number of facts to be
   6.115 +  consumed when it is applied by an appropriate proof method.  The
   6.116 +  default value of \hyperlink{attribute.consumes}{\mbox{\isa{consumes}}} is \isa{{\isachardoublequote}n\ {\isacharequal}\ {\isadigit{1}}{\isachardoublequote}}, which is
   6.117 +  appropriate for the usual kind of cases and induction rules for
   6.118 +  inductive sets (cf.\ \secref{sec:hol-inductive}).  Rules without any
   6.119 +  \hyperlink{attribute.consumes}{\mbox{\isa{consumes}}} declaration given are treated as if
   6.120 +  \hyperlink{attribute.consumes}{\mbox{\isa{consumes}}}~\isa{{\isadigit{0}}} had been specified.
   6.121 +  
   6.122 +  Note that explicit \hyperlink{attribute.consumes}{\mbox{\isa{consumes}}} declarations are only
   6.123 +  rarely needed; this is already taken care of automatically by the
   6.124 +  higher-level \hyperlink{attribute.cases}{\mbox{\isa{cases}}}, \hyperlink{attribute.induct}{\mbox{\isa{induct}}}, and
   6.125 +  \hyperlink{attribute.coinduct}{\mbox{\isa{coinduct}}} declarations.
   6.126 +
   6.127 +  \end{descr}%
   6.128 +\end{isamarkuptext}%
   6.129 +\isamarkuptrue%
   6.130 +%
   6.131 +\isamarkupsubsection{Proof methods%
   6.132 +}
   6.133 +\isamarkuptrue%
   6.134 +%
   6.135 +\begin{isamarkuptext}%
   6.136 +\begin{matharray}{rcl}
   6.137 +    \indexdef{}{method}{cases}\hypertarget{method.cases}{\hyperlink{method.cases}{\mbox{\isa{cases}}}} & : & \isarmeth \\
   6.138 +    \indexdef{}{method}{induct}\hypertarget{method.induct}{\hyperlink{method.induct}{\mbox{\isa{induct}}}} & : & \isarmeth \\
   6.139 +    \indexdef{}{method}{coinduct}\hypertarget{method.coinduct}{\hyperlink{method.coinduct}{\mbox{\isa{coinduct}}}} & : & \isarmeth \\
   6.140 +  \end{matharray}
   6.141 +
   6.142 +  The \hyperlink{method.cases}{\mbox{\isa{cases}}}, \hyperlink{method.induct}{\mbox{\isa{induct}}}, and \hyperlink{method.coinduct}{\mbox{\isa{coinduct}}}
   6.143 +  methods provide a uniform interface to common proof techniques over
   6.144 +  datatypes, inductive predicates (or sets), recursive functions etc.
   6.145 +  The corresponding rules may be specified and instantiated in a
   6.146 +  casual manner.  Furthermore, these methods provide named local
   6.147 +  contexts that may be invoked via the \hyperlink{command.case}{\mbox{\isa{\isacommand{case}}}} proof command
   6.148 +  within the subsequent proof text.  This accommodates compact proof
   6.149 +  texts even when reasoning about large specifications.
   6.150 +
   6.151 +  The \hyperlink{method.induct}{\mbox{\isa{induct}}} method also provides some additional
   6.152 +  infrastructure in order to be applicable to structure statements
   6.153 +  (either using explicit meta-level connectives, or including facts
   6.154 +  and parameters separately).  This avoids cumbersome encoding of
   6.155 +  ``strengthened'' inductive statements within the object-logic.
   6.156 +
   6.157 +  \begin{rail}
   6.158 +    'cases' (insts * 'and') rule?
   6.159 +    ;
   6.160 +    'induct' (definsts * 'and') \\ arbitrary? taking? rule?
   6.161 +    ;
   6.162 +    'coinduct' insts taking rule?
   6.163 +    ;
   6.164 +
   6.165 +    rule: ('type' | 'pred' | 'set') ':' (nameref +) | 'rule' ':' (thmref +)
   6.166 +    ;
   6.167 +    definst: name ('==' | equiv) term | inst
   6.168 +    ;
   6.169 +    definsts: ( definst *)
   6.170 +    ;
   6.171 +    arbitrary: 'arbitrary' ':' ((term *) 'and' +)
   6.172 +    ;
   6.173 +    taking: 'taking' ':' insts
   6.174 +    ;
   6.175 +  \end{rail}
   6.176 +
   6.177 +  \begin{descr}
   6.178 +
   6.179 +  \item [\hyperlink{method.cases}{\mbox{\isa{cases}}}~\isa{{\isachardoublequote}insts\ R{\isachardoublequote}}] applies method \hyperlink{method.rule}{\mbox{\isa{rule}}} with an appropriate case distinction theorem, instantiated to
   6.180 +  the subjects \isa{insts}.  Symbolic case names are bound according
   6.181 +  to the rule's local contexts.
   6.182 +
   6.183 +  The rule is determined as follows, according to the facts and
   6.184 +  arguments passed to the \hyperlink{method.cases}{\mbox{\isa{cases}}} method:
   6.185 +
   6.186 +  \medskip
   6.187 +  \begin{tabular}{llll}
   6.188 +    facts           &                 & arguments   & rule \\\hline
   6.189 +                    & \hyperlink{method.cases}{\mbox{\isa{cases}}} &             & classical case split \\
   6.190 +                    & \hyperlink{method.cases}{\mbox{\isa{cases}}} & \isa{t}   & datatype exhaustion (type of \isa{t}) \\
   6.191 +    \isa{{\isachardoublequote}{\isasymturnstile}\ A\ t{\isachardoublequote}} & \hyperlink{method.cases}{\mbox{\isa{cases}}} & \isa{{\isachardoublequote}{\isasymdots}{\isachardoublequote}} & inductive predicate/set elimination (of \isa{A}) \\
   6.192 +    \isa{{\isachardoublequote}{\isasymdots}{\isachardoublequote}}     & \hyperlink{method.cases}{\mbox{\isa{cases}}} & \isa{{\isachardoublequote}{\isasymdots}\ rule{\isacharcolon}\ R{\isachardoublequote}} & explicit rule \isa{R} \\
   6.193 +  \end{tabular}
   6.194 +  \medskip
   6.195 +
   6.196 +  Several instantiations may be given, referring to the \emph{suffix}
   6.197 +  of premises of the case rule; within each premise, the \emph{prefix}
   6.198 +  of variables is instantiated.  In most situations, only a single
   6.199 +  term needs to be specified; this refers to the first variable of the
   6.200 +  last premise (it is usually the same for all cases).
   6.201 +
   6.202 +  \item [\hyperlink{method.induct}{\mbox{\isa{induct}}}~\isa{{\isachardoublequote}insts\ R{\isachardoublequote}}] is analogous to the
   6.203 +  \hyperlink{method.cases}{\mbox{\isa{cases}}} method, but refers to induction rules, which are
   6.204 +  determined as follows:
   6.205 +
   6.206 +  \medskip
   6.207 +  \begin{tabular}{llll}
   6.208 +    facts           &                  & arguments            & rule \\\hline
   6.209 +                    & \hyperlink{method.induct}{\mbox{\isa{induct}}} & \isa{{\isachardoublequote}P\ x{\isachardoublequote}}        & datatype induction (type of \isa{x}) \\
   6.210 +    \isa{{\isachardoublequote}{\isasymturnstile}\ A\ x{\isachardoublequote}} & \hyperlink{method.induct}{\mbox{\isa{induct}}} & \isa{{\isachardoublequote}{\isasymdots}{\isachardoublequote}}          & predicate/set induction (of \isa{A}) \\
   6.211 +    \isa{{\isachardoublequote}{\isasymdots}{\isachardoublequote}}     & \hyperlink{method.induct}{\mbox{\isa{induct}}} & \isa{{\isachardoublequote}{\isasymdots}\ rule{\isacharcolon}\ R{\isachardoublequote}} & explicit rule \isa{R} \\
   6.212 +  \end{tabular}
   6.213 +  \medskip
   6.214 +  
   6.215 +  Several instantiations may be given, each referring to some part of
   6.216 +  a mutual inductive definition or datatype --- only related partial
   6.217 +  induction rules may be used together, though.  Any of the lists of
   6.218 +  terms \isa{{\isachardoublequote}P{\isacharcomma}\ x{\isacharcomma}\ {\isasymdots}{\isachardoublequote}} refers to the \emph{suffix} of variables
   6.219 +  present in the induction rule.  This enables the writer to specify
   6.220 +  only induction variables, or both predicates and variables, for
   6.221 +  example.
   6.222 +  
   6.223 +  Instantiations may be definitional: equations \isa{{\isachardoublequote}x\ {\isasymequiv}\ t{\isachardoublequote}}
   6.224 +  introduce local definitions, which are inserted into the claim and
   6.225 +  discharged after applying the induction rule.  Equalities reappear
   6.226 +  in the inductive cases, but have been transformed according to the
   6.227 +  induction principle being involved here.  In order to achieve
   6.228 +  practically useful induction hypotheses, some variables occurring in
   6.229 +  \isa{t} need to be fixed (see below).
   6.230 +  
   6.231 +  The optional ``\isa{{\isachardoublequote}arbitrary{\isacharcolon}\ x\isactrlsub {\isadigit{1}}\ {\isasymdots}\ x\isactrlsub m{\isachardoublequote}}''
   6.232 +  specification generalizes variables \isa{{\isachardoublequote}x\isactrlsub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ x\isactrlsub m{\isachardoublequote}} of the original goal before applying induction.  Thus
   6.233 +  induction hypotheses may become sufficiently general to get the
   6.234 +  proof through.  Together with definitional instantiations, one may
   6.235 +  effectively perform induction over expressions of a certain
   6.236 +  structure.
   6.237 +  
   6.238 +  The optional ``\isa{{\isachardoublequote}taking{\isacharcolon}\ t\isactrlsub {\isadigit{1}}\ {\isasymdots}\ t\isactrlsub n{\isachardoublequote}}''
   6.239 +  specification provides additional instantiations of a prefix of
   6.240 +  pending variables in the rule.  Such schematic induction rules
   6.241 +  rarely occur in practice, though.
   6.242 +
   6.243 +  \item [\hyperlink{method.coinduct}{\mbox{\isa{coinduct}}}~\isa{{\isachardoublequote}inst\ R{\isachardoublequote}}] is analogous to the
   6.244 +  \hyperlink{method.induct}{\mbox{\isa{induct}}} method, but refers to coinduction rules, which are
   6.245 +  determined as follows:
   6.246 +
   6.247 +  \medskip
   6.248 +  \begin{tabular}{llll}
   6.249 +    goal          &                    & arguments & rule \\\hline
   6.250 +                  & \hyperlink{method.coinduct}{\mbox{\isa{coinduct}}} & \isa{x} & type coinduction (type of \isa{x}) \\
   6.251 +    \isa{{\isachardoublequote}A\ x{\isachardoublequote}} & \hyperlink{method.coinduct}{\mbox{\isa{coinduct}}} & \isa{{\isachardoublequote}{\isasymdots}{\isachardoublequote}} & predicate/set coinduction (of \isa{A}) \\
   6.252 +    \isa{{\isachardoublequote}{\isasymdots}{\isachardoublequote}}   & \hyperlink{method.coinduct}{\mbox{\isa{coinduct}}} & \isa{{\isachardoublequote}{\isasymdots}\ rule{\isacharcolon}\ R{\isachardoublequote}} & explicit rule \isa{R} \\
   6.253 +  \end{tabular}
   6.254 +  
   6.255 +  Coinduction is the dual of induction.  Induction essentially
   6.256 +  eliminates \isa{{\isachardoublequote}A\ x{\isachardoublequote}} towards a generic result \isa{{\isachardoublequote}P\ x{\isachardoublequote}},
   6.257 +  while coinduction introduces \isa{{\isachardoublequote}A\ x{\isachardoublequote}} starting with \isa{{\isachardoublequote}B\ x{\isachardoublequote}}, for a suitable ``bisimulation'' \isa{B}.  The cases of a
   6.258 +  coinduct rule are typically named after the predicates or sets being
   6.259 +  covered, while the conclusions consist of several alternatives being
   6.260 +  named after the individual destructor patterns.
   6.261 +  
   6.262 +  The given instantiation refers to the \emph{suffix} of variables
   6.263 +  occurring in the rule's major premise, or conclusion if unavailable.
   6.264 +  An additional ``\isa{{\isachardoublequote}taking{\isacharcolon}\ t\isactrlsub {\isadigit{1}}\ {\isasymdots}\ t\isactrlsub n{\isachardoublequote}}''
   6.265 +  specification may be required in order to specify the bisimulation
   6.266 +  to be used in the coinduction step.
   6.267 +
   6.268 +  \end{descr}
   6.269 +
   6.270 +  Above methods produce named local contexts, as determined by the
   6.271 +  instantiated rule as given in the text.  Beyond that, the \hyperlink{method.induct}{\mbox{\isa{induct}}} and \hyperlink{method.coinduct}{\mbox{\isa{coinduct}}} methods guess further instantiations
   6.272 +  from the goal specification itself.  Any persisting unresolved
   6.273 +  schematic variables of the resulting rule will render the the
   6.274 +  corresponding case invalid.  The term binding \hyperlink{variable.?case}{\mbox{\isa{{\isacharquery}case}}} for
   6.275 +  the conclusion will be provided with each case, provided that term
   6.276 +  is fully specified.
   6.277 +
   6.278 +  The \hyperlink{command.print-cases}{\mbox{\isa{\isacommand{print{\isacharunderscore}cases}}}} command prints all named cases present
   6.279 +  in the current proof state.
   6.280 +
   6.281 +  \medskip Despite the additional infrastructure, both \hyperlink{method.cases}{\mbox{\isa{cases}}}
   6.282 +  and \hyperlink{method.coinduct}{\mbox{\isa{coinduct}}} merely apply a certain rule, after
   6.283 +  instantiation, while conforming due to the usual way of monotonic
   6.284 +  natural deduction: the context of a structured statement \isa{{\isachardoublequote}{\isasymAnd}x\isactrlsub {\isadigit{1}}\ {\isasymdots}\ x\isactrlsub m{\isachardot}\ {\isasymphi}\isactrlsub {\isadigit{1}}\ {\isasymLongrightarrow}\ {\isasymdots}\ {\isasymphi}\isactrlsub n\ {\isasymLongrightarrow}\ {\isasymdots}{\isachardoublequote}}
   6.285 +  reappears unchanged after the case split.
   6.286 +
   6.287 +  The \hyperlink{method.induct}{\mbox{\isa{induct}}} method is fundamentally different in this
   6.288 +  respect: the meta-level structure is passed through the
   6.289 +  ``recursive'' course involved in the induction.  Thus the original
   6.290 +  statement is basically replaced by separate copies, corresponding to
   6.291 +  the induction hypotheses and conclusion; the original goal context
   6.292 +  is no longer available.  Thus local assumptions, fixed parameters
   6.293 +  and definitions effectively participate in the inductive rephrasing
   6.294 +  of the original statement.
   6.295 +
   6.296 +  In induction proofs, local assumptions introduced by cases are split
   6.297 +  into two different kinds: \isa{hyps} stemming from the rule and
   6.298 +  \isa{prems} from the goal statement.  This is reflected in the
   6.299 +  extracted cases accordingly, so invoking ``\hyperlink{command.case}{\mbox{\isa{\isacommand{case}}}}~\isa{c}'' will provide separate facts \isa{c{\isachardot}hyps} and \isa{c{\isachardot}prems},
   6.300 +  as well as fact \isa{c} to hold the all-inclusive list.
   6.301 +
   6.302 +  \medskip Facts presented to either method are consumed according to
   6.303 +  the number of ``major premises'' of the rule involved, which is
   6.304 +  usually 0 for plain cases and induction rules of datatypes etc.\ and
   6.305 +  1 for rules of inductive predicates or sets and the like.  The
   6.306 +  remaining facts are inserted into the goal verbatim before the
   6.307 +  actual \isa{cases}, \isa{induct}, or \isa{coinduct} rule is
   6.308 +  applied.%
   6.309 +\end{isamarkuptext}%
   6.310 +\isamarkuptrue%
   6.311 +%
   6.312 +\isamarkupsubsection{Declaring rules%
   6.313 +}
   6.314 +\isamarkuptrue%
   6.315 +%
   6.316 +\begin{isamarkuptext}%
   6.317 +\begin{matharray}{rcl}
   6.318 +    \indexdef{}{command}{print\_induct\_rules}\hypertarget{command.print-induct-rules}{\hyperlink{command.print-induct-rules}{\mbox{\isa{\isacommand{print{\isacharunderscore}induct{\isacharunderscore}rules}}}}}\isa{{\isachardoublequote}\isactrlsup {\isacharasterisk}{\isachardoublequote}} & : & \isarkeep{theory~|~proof} \\
   6.319 +    \indexdef{}{attribute}{cases}\hypertarget{attribute.cases}{\hyperlink{attribute.cases}{\mbox{\isa{cases}}}} & : & \isaratt \\
   6.320 +    \indexdef{}{attribute}{induct}\hypertarget{attribute.induct}{\hyperlink{attribute.induct}{\mbox{\isa{induct}}}} & : & \isaratt \\
   6.321 +    \indexdef{}{attribute}{coinduct}\hypertarget{attribute.coinduct}{\hyperlink{attribute.coinduct}{\mbox{\isa{coinduct}}}} & : & \isaratt \\
   6.322 +  \end{matharray}
   6.323 +
   6.324 +  \begin{rail}
   6.325 +    'cases' spec
   6.326 +    ;
   6.327 +    'induct' spec
   6.328 +    ;
   6.329 +    'coinduct' spec
   6.330 +    ;
   6.331 +
   6.332 +    spec: ('type' | 'pred' | 'set') ':' nameref
   6.333 +    ;
   6.334 +  \end{rail}
   6.335 +
   6.336 +  \begin{descr}
   6.337 +
   6.338 +  \item [\hyperlink{command.print-induct-rules}{\mbox{\isa{\isacommand{print{\isacharunderscore}induct{\isacharunderscore}rules}}}}] prints cases and induct
   6.339 +  rules for predicates (or sets) and types of the current context.
   6.340 +  
   6.341 +  \item [\hyperlink{attribute.cases}{\mbox{\isa{cases}}}, \hyperlink{attribute.induct}{\mbox{\isa{induct}}}, and \hyperlink{attribute.coinduct}{\mbox{\isa{coinduct}}}] (as attributes) augment the corresponding context of
   6.342 +  rules for reasoning about (co)inductive predicates (or sets) and
   6.343 +  types, using the corresponding methods of the same name.  Certain
   6.344 +  definitional packages of object-logics usually declare emerging
   6.345 +  cases and induction rules as expected, so users rarely need to
   6.346 +  intervene.
   6.347 +  
   6.348 +  Manual rule declarations usually refer to the \hyperlink{attribute.case-names}{\mbox{\isa{case{\isacharunderscore}names}}} and \hyperlink{attribute.params}{\mbox{\isa{params}}} attributes to adjust names of
   6.349 +  cases and parameters of a rule; the \hyperlink{attribute.consumes}{\mbox{\isa{consumes}}}
   6.350 +  declaration is taken care of automatically: \hyperlink{attribute.consumes}{\mbox{\isa{consumes}}}~\isa{{\isadigit{0}}} is specified for ``type'' rules and \hyperlink{attribute.consumes}{\mbox{\isa{consumes}}}~\isa{{\isadigit{1}}} for ``predicate'' / ``set'' rules.
   6.351 +
   6.352 +  \end{descr}%
   6.353 +\end{isamarkuptext}%
   6.354 +\isamarkuptrue%
   6.355 +%
   6.356  \isadelimtheory
   6.357  %
   6.358  \endisadelimtheory
     7.1 --- a/doc-src/IsarRef/Thy/document/Spec.tex	Mon Jun 02 22:50:27 2008 +0200
     7.2 +++ b/doc-src/IsarRef/Thy/document/Spec.tex	Mon Jun 02 22:50:29 2008 +0200
     7.3 @@ -32,21 +32,23 @@
     7.4  \begin{matharray}{rcl}
     7.5      \indexdef{}{command}{header}\hypertarget{command.header}{\hyperlink{command.header}{\mbox{\isa{\isacommand{header}}}}} & : & \isarkeep{toplevel} \\
     7.6      \indexdef{}{command}{theory}\hypertarget{command.theory}{\hyperlink{command.theory}{\mbox{\isa{\isacommand{theory}}}}} & : & \isartrans{toplevel}{theory} \\
     7.7 -    \indexdef{}{command}{end}\hypertarget{command.end}{\hyperlink{command.end}{\mbox{\isa{\isacommand{end}}}}} & : & \isartrans{theory}{toplevel} \\
     7.8 +    \indexdef{global}{command}{end}\hypertarget{command.global.end}{\hyperlink{command.global.end}{\mbox{\isa{\isacommand{end}}}}} & : & \isartrans{theory}{toplevel} \\
     7.9    \end{matharray}
    7.10  
    7.11 -  Isabelle/Isar theories are defined via theory, which contain both
    7.12 -  specifications and proofs; occasionally definitional mechanisms also
    7.13 -  require some explicit proof.
    7.14 +  Isabelle/Isar theories are defined via theory file, which contain
    7.15 +  both specifications and proofs; occasionally definitional mechanisms
    7.16 +  also require some explicit proof.  The theory body may be
    7.17 +  sub-structered by means of \emph{local theory} target mechanisms,
    7.18 +  notably \hyperlink{command.locale}{\mbox{\isa{\isacommand{locale}}}} and \hyperlink{command.class}{\mbox{\isa{\isacommand{class}}}}.
    7.19  
    7.20    The first ``real'' command of any theory has to be \hyperlink{command.theory}{\mbox{\isa{\isacommand{theory}}}}, which starts a new theory based on the merge of existing
    7.21    ones.  Just preceding the \hyperlink{command.theory}{\mbox{\isa{\isacommand{theory}}}} keyword, there may be
    7.22    an optional \hyperlink{command.header}{\mbox{\isa{\isacommand{header}}}} declaration, which is relevant to
    7.23    document preparation only; it acts very much like a special
    7.24 -  pre-theory markup command (cf.\ \secref{sec:markup-thy} and
    7.25 -  \secref{sec:markup-thy}).  The \hyperlink{command.end}{\mbox{\isa{\isacommand{end}}}} command concludes a
    7.26 -  theory development; it has to be the very last command of any theory
    7.27 -  file loaded in batch-mode.
    7.28 +  pre-theory markup command (cf.\ \secref{sec:markup} and).  The
    7.29 +  \hyperlink{command.global.end}{\mbox{\isa{\isacommand{end}}}} command
    7.30 +  concludes a theory development; it has to be the very last command
    7.31 +  of any theory file loaded in batch-mode.
    7.32  
    7.33    \begin{rail}
    7.34      'header' text
    7.35 @@ -62,8 +64,7 @@
    7.36    \item [\hyperlink{command.header}{\mbox{\isa{\isacommand{header}}}}~\isa{{\isachardoublequote}text{\isachardoublequote}}] provides plain text
    7.37    markup just preceding the formal beginning of a theory.  In actual
    7.38    document preparation the corresponding {\LaTeX} macro \verb|\isamarkupheader| may be redefined to produce chapter or section
    7.39 -  headings.  See also \secref{sec:markup-thy} and
    7.40 -  \secref{sec:markup-prf} for further markup commands.
    7.41 +  headings.  See also \secref{sec:markup} for further markup commands.
    7.42    
    7.43    \item [\hyperlink{command.theory}{\mbox{\isa{\isacommand{theory}}}}~\isa{{\isachardoublequote}A\ {\isasymIMPORTS}\ B\isactrlsub {\isadigit{1}}\ {\isasymdots}\ B\isactrlsub n\ {\isasymBEGIN}{\isachardoublequote}}] starts a new theory \isa{A} based on the
    7.44    merge of existing theories \isa{{\isachardoublequote}B\isactrlsub {\isadigit{1}}\ {\isasymdots}\ B\isactrlsub n{\isachardoublequote}}.
    7.45 @@ -82,13 +83,1255 @@
    7.46    text (typically via explicit \indexref{}{command}{use}\hyperlink{command.use}{\mbox{\isa{\isacommand{use}}}} in the body text,
    7.47    see \secref{sec:ML}).
    7.48    
    7.49 -  \item [\hyperlink{command.end}{\mbox{\isa{\isacommand{end}}}}] concludes the current theory definition or
    7.50 -  context switch.
    7.51 +  \item [\hyperlink{command.global.end}{\mbox{\isa{\isacommand{end}}}}] concludes the current theory
    7.52 +  definition.
    7.53 +
    7.54 +  \end{descr}%
    7.55 +\end{isamarkuptext}%
    7.56 +\isamarkuptrue%
    7.57 +%
    7.58 +\isamarkupsection{Local theory targets \label{sec:target}%
    7.59 +}
    7.60 +\isamarkuptrue%
    7.61 +%
    7.62 +\begin{isamarkuptext}%
    7.63 +A local theory target is a context managed separately within the
    7.64 +  enclosing theory.  Contexts may introduce parameters (fixed
    7.65 +  variables) and assumptions (hypotheses).  Definitions and theorems
    7.66 +  depending on the context may be added incrementally later on.  Named
    7.67 +  contexts refer to locales (cf.\ \secref{sec:locale}) or type classes
    7.68 +  (cf.\ \secref{sec:class}); the name ``\isa{{\isachardoublequote}{\isacharminus}{\isachardoublequote}}'' signifies the
    7.69 +  global theory context.
    7.70 +
    7.71 +  \begin{matharray}{rcll}
    7.72 +    \indexdef{}{command}{context}\hypertarget{command.context}{\hyperlink{command.context}{\mbox{\isa{\isacommand{context}}}}} & : & \isartrans{theory}{local{\dsh}theory} \\
    7.73 +    \indexdef{local}{command}{end}\hypertarget{command.local.end}{\hyperlink{command.local.end}{\mbox{\isa{\isacommand{end}}}}} & : & \isartrans{local{\dsh}theory}{theory} \\
    7.74 +  \end{matharray}
    7.75 +
    7.76 +  \indexouternonterm{target}
    7.77 +  \begin{rail}
    7.78 +    'context' name 'begin'
    7.79 +    ;
    7.80 +
    7.81 +    target: '(' 'in' name ')'
    7.82 +    ;
    7.83 +  \end{rail}
    7.84 +
    7.85 +  \begin{descr}
    7.86 +  
    7.87 +  \item [\hyperlink{command.context}{\mbox{\isa{\isacommand{context}}}}~\isa{{\isachardoublequote}c\ {\isasymBEGIN}{\isachardoublequote}}] recommences an
    7.88 +  existing locale or class context \isa{c}.  Note that locale and
    7.89 +  class definitions allow to include the \indexref{}{keyword}{begin}\hyperlink{keyword.begin}{\mbox{\isa{\isakeyword{begin}}}}
    7.90 +  keyword as well, in order to continue the local theory immediately
    7.91 +  after the initial specification.
    7.92 +  
    7.93 +  \item [\hyperlink{command.local.end}{\mbox{\isa{\isacommand{end}}}}] concludes the current local theory
    7.94 +  and continues the enclosing global theory.  Note that a global
    7.95 +  \hyperlink{command.global.end}{\mbox{\isa{\isacommand{end}}}} has a different meaning: it concludes the
    7.96 +  theory itself (\secref{sec:begin-thy}).
    7.97 +  
    7.98 +  \item [\isa{{\isachardoublequote}{\isacharparenleft}{\isasymIN}\ c{\isacharparenright}{\isachardoublequote}}] given after any local theory command
    7.99 +  specifies an immediate target, e.g.\ ``\hyperlink{command.definition}{\mbox{\isa{\isacommand{definition}}}}~\isa{{\isachardoublequote}{\isacharparenleft}{\isasymIN}\ c{\isacharparenright}\ {\isasymdots}{\isachardoublequote}}'' or ``\hyperlink{command.theorem}{\mbox{\isa{\isacommand{theorem}}}}~\isa{{\isachardoublequote}{\isacharparenleft}{\isasymIN}\ c{\isacharparenright}\ {\isasymdots}{\isachardoublequote}}''.  This works both in a local or
   7.100 +  global theory context; the current target context will be suspended
   7.101 +  for this command only.  Note that ``\isa{{\isachardoublequote}{\isacharparenleft}{\isasymIN}\ {\isacharminus}{\isacharparenright}{\isachardoublequote}}'' will
   7.102 +  always produce a global result independently of the current target
   7.103 +  context.
   7.104 +
   7.105 +  \end{descr}
   7.106 +
   7.107 +  The exact meaning of results produced within a local theory context
   7.108 +  depends on the underlying target infrastructure (locale, type class
   7.109 +  etc.).  The general idea is as follows, considering a context named
   7.110 +  \isa{c} with parameter \isa{x} and assumption \isa{{\isachardoublequote}A{\isacharbrackleft}x{\isacharbrackright}{\isachardoublequote}}.
   7.111 +  
   7.112 +  Definitions are exported by introducing a global version with
   7.113 +  additional arguments; a syntactic abbreviation links the long form
   7.114 +  with the abstract version of the target context.  For example,
   7.115 +  \isa{{\isachardoublequote}a\ {\isasymequiv}\ t{\isacharbrackleft}x{\isacharbrackright}{\isachardoublequote}} becomes \isa{{\isachardoublequote}c{\isachardot}a\ {\isacharquery}x\ {\isasymequiv}\ t{\isacharbrackleft}{\isacharquery}x{\isacharbrackright}{\isachardoublequote}} at the theory
   7.116 +  level (for arbitrary \isa{{\isachardoublequote}{\isacharquery}x{\isachardoublequote}}), together with a local
   7.117 +  abbreviation \isa{{\isachardoublequote}c\ {\isasymequiv}\ c{\isachardot}a\ x{\isachardoublequote}} in the target context (for the
   7.118 +  fixed parameter \isa{x}).
   7.119 +
   7.120 +  Theorems are exported by discharging the assumptions and
   7.121 +  generalizing the parameters of the context.  For example, \isa{{\isachardoublequote}a{\isacharcolon}\ B{\isacharbrackleft}x{\isacharbrackright}{\isachardoublequote}} becomes \isa{{\isachardoublequote}c{\isachardot}a{\isacharcolon}\ A{\isacharbrackleft}{\isacharquery}x{\isacharbrackright}\ {\isasymLongrightarrow}\ B{\isacharbrackleft}{\isacharquery}x{\isacharbrackright}{\isachardoublequote}}, again for arbitrary
   7.122 +  \isa{{\isachardoublequote}{\isacharquery}x{\isachardoublequote}}.%
   7.123 +\end{isamarkuptext}%
   7.124 +\isamarkuptrue%
   7.125 +%
   7.126 +\isamarkupsection{Basic specification elements%
   7.127 +}
   7.128 +\isamarkuptrue%
   7.129 +%
   7.130 +\begin{isamarkuptext}%
   7.131 +\begin{matharray}{rcll}
   7.132 +    \indexdef{}{command}{axiomatization}\hypertarget{command.axiomatization}{\hyperlink{command.axiomatization}{\mbox{\isa{\isacommand{axiomatization}}}}} & : & \isarkeep{local{\dsh}theory} & (axiomatic!)\\
   7.133 +    \indexdef{}{command}{definition}\hypertarget{command.definition}{\hyperlink{command.definition}{\mbox{\isa{\isacommand{definition}}}}} & : & \isarkeep{local{\dsh}theory} \\
   7.134 +    \indexdef{}{attribute}{defn}\hypertarget{attribute.defn}{\hyperlink{attribute.defn}{\mbox{\isa{defn}}}} & : & \isaratt \\
   7.135 +    \indexdef{}{command}{abbreviation}\hypertarget{command.abbreviation}{\hyperlink{command.abbreviation}{\mbox{\isa{\isacommand{abbreviation}}}}} & : & \isarkeep{local{\dsh}theory} \\
   7.136 +    \indexdef{}{command}{print\_abbrevs}\hypertarget{command.print-abbrevs}{\hyperlink{command.print-abbrevs}{\mbox{\isa{\isacommand{print{\isacharunderscore}abbrevs}}}}}\isa{{\isachardoublequote}\isactrlsup {\isacharasterisk}{\isachardoublequote}} & : & \isarkeep{theory~|~proof} \\
   7.137 +    \indexdef{}{command}{notation}\hypertarget{command.notation}{\hyperlink{command.notation}{\mbox{\isa{\isacommand{notation}}}}} & : & \isarkeep{local{\dsh}theory} \\
   7.138 +    \indexdef{}{command}{no\_notation}\hypertarget{command.no-notation}{\hyperlink{command.no-notation}{\mbox{\isa{\isacommand{no{\isacharunderscore}notation}}}}} & : & \isarkeep{local{\dsh}theory} \\
   7.139 +  \end{matharray}
   7.140 +
   7.141 +  These specification mechanisms provide a slightly more abstract view
   7.142 +  than the underlying primitives of \hyperlink{command.consts}{\mbox{\isa{\isacommand{consts}}}}, \hyperlink{command.defs}{\mbox{\isa{\isacommand{defs}}}} (see \secref{sec:consts}), and \hyperlink{command.axioms}{\mbox{\isa{\isacommand{axioms}}}} (see
   7.143 +  \secref{sec:axms-thms}).  In particular, type-inference is commonly
   7.144 +  available, and result names need not be given.
   7.145 +
   7.146 +  \begin{rail}
   7.147 +    'axiomatization' target? fixes? ('where' specs)?
   7.148 +    ;
   7.149 +    'definition' target? (decl 'where')? thmdecl? prop
   7.150 +    ;
   7.151 +    'abbreviation' target? mode? (decl 'where')? prop
   7.152 +    ;
   7.153 +    ('notation' | 'no\_notation') target? mode? (nameref structmixfix + 'and')
   7.154 +    ;
   7.155 +
   7.156 +    fixes: ((name ('::' type)? mixfix? | vars) + 'and')
   7.157 +    ;
   7.158 +    specs: (thmdecl? props + 'and')
   7.159 +    ;
   7.160 +    decl: name ('::' type)? mixfix?
   7.161 +    ;
   7.162 +  \end{rail}
   7.163 +
   7.164 +  \begin{descr}
   7.165 +  
   7.166 +  \item [\hyperlink{command.axiomatization}{\mbox{\isa{\isacommand{axiomatization}}}}~\isa{{\isachardoublequote}c\isactrlsub {\isadigit{1}}\ {\isasymdots}\ c\isactrlsub m\ {\isasymWHERE}\ {\isasymphi}\isactrlsub {\isadigit{1}}\ {\isasymdots}\ {\isasymphi}\isactrlsub n{\isachardoublequote}}] introduces several constants
   7.167 +  simultaneously and states axiomatic properties for these.  The
   7.168 +  constants are marked as being specified once and for all, which
   7.169 +  prevents additional specifications being issued later on.
   7.170 +  
   7.171 +  Note that axiomatic specifications are only appropriate when
   7.172 +  declaring a new logical system.  Normal applications should only use
   7.173 +  definitional mechanisms!
   7.174 +
   7.175 +  \item [\hyperlink{command.definition}{\mbox{\isa{\isacommand{definition}}}}~\isa{{\isachardoublequote}c\ {\isasymWHERE}\ eq{\isachardoublequote}}] produces an
   7.176 +  internal definition \isa{{\isachardoublequote}c\ {\isasymequiv}\ t{\isachardoublequote}} according to the specification
   7.177 +  given as \isa{eq}, which is then turned into a proven fact.  The
   7.178 +  given proposition may deviate from internal meta-level equality
   7.179 +  according to the rewrite rules declared as \hyperlink{attribute.defn}{\mbox{\isa{defn}}} by the
   7.180 +  object-logic.  This usually covers object-level equality \isa{{\isachardoublequote}x\ {\isacharequal}\ y{\isachardoublequote}} and equivalence \isa{{\isachardoublequote}A\ {\isasymleftrightarrow}\ B{\isachardoublequote}}.  End-users normally need not
   7.181 +  change the \hyperlink{attribute.defn}{\mbox{\isa{defn}}} setup.
   7.182 +  
   7.183 +  Definitions may be presented with explicit arguments on the LHS, as
   7.184 +  well as additional conditions, e.g.\ \isa{{\isachardoublequote}f\ x\ y\ {\isacharequal}\ t{\isachardoublequote}} instead of
   7.185 +  \isa{{\isachardoublequote}f\ {\isasymequiv}\ {\isasymlambda}x\ y{\isachardot}\ t{\isachardoublequote}} and \isa{{\isachardoublequote}y\ {\isasymnoteq}\ {\isadigit{0}}\ {\isasymLongrightarrow}\ g\ x\ y\ {\isacharequal}\ u{\isachardoublequote}} instead of an
   7.186 +  unrestricted \isa{{\isachardoublequote}g\ {\isasymequiv}\ {\isasymlambda}x\ y{\isachardot}\ u{\isachardoublequote}}.
   7.187 +  
   7.188 +  \item [\hyperlink{command.abbreviation}{\mbox{\isa{\isacommand{abbreviation}}}}~\isa{{\isachardoublequote}c\ {\isasymWHERE}\ eq{\isachardoublequote}}] introduces
   7.189 +  a syntactic constant which is associated with a certain term
   7.190 +  according to the meta-level equality \isa{eq}.
   7.191 +  
   7.192 +  Abbreviations participate in the usual type-inference process, but
   7.193 +  are expanded before the logic ever sees them.  Pretty printing of
   7.194 +  terms involves higher-order rewriting with rules stemming from
   7.195 +  reverted abbreviations.  This needs some care to avoid overlapping
   7.196 +  or looping syntactic replacements!
   7.197 +  
   7.198 +  The optional \isa{mode} specification restricts output to a
   7.199 +  particular print mode; using ``\isa{input}'' here achieves the
   7.200 +  effect of one-way abbreviations.  The mode may also include an
   7.201 +  ``\hyperlink{keyword.output}{\mbox{\isa{\isakeyword{output}}}}'' qualifier that affects the concrete syntax
   7.202 +  declared for abbreviations, cf.\ \hyperlink{command.syntax}{\mbox{\isa{\isacommand{syntax}}}} in
   7.203 +  \secref{sec:syn-trans}.
   7.204 +  
   7.205 +  \item [\hyperlink{command.print-abbrevs}{\mbox{\isa{\isacommand{print{\isacharunderscore}abbrevs}}}}] prints all constant abbreviations
   7.206 +  of the current context.
   7.207 +  
   7.208 +  \item [\hyperlink{command.notation}{\mbox{\isa{\isacommand{notation}}}}~\isa{{\isachardoublequote}c\ {\isacharparenleft}mx{\isacharparenright}{\isachardoublequote}}] associates mixfix
   7.209 +  syntax with an existing constant or fixed variable.  This is a
   7.210 +  robust interface to the underlying \hyperlink{command.syntax}{\mbox{\isa{\isacommand{syntax}}}} primitive
   7.211 +  (\secref{sec:syn-trans}).  Type declaration and internal syntactic
   7.212 +  representation of the given entity is retrieved from the context.
   7.213 +  
   7.214 +  \item [\hyperlink{command.no-notation}{\mbox{\isa{\isacommand{no{\isacharunderscore}notation}}}}] is similar to \hyperlink{command.notation}{\mbox{\isa{\isacommand{notation}}}}, but removes the specified syntax annotation from the
   7.215 +  present context.
   7.216 +
   7.217 +  \end{descr}
   7.218 +
   7.219 +  All of these specifications support local theory targets (cf.\
   7.220 +  \secref{sec:target}).%
   7.221 +\end{isamarkuptext}%
   7.222 +\isamarkuptrue%
   7.223 +%
   7.224 +\isamarkupsection{Generic declarations%
   7.225 +}
   7.226 +\isamarkuptrue%
   7.227 +%
   7.228 +\begin{isamarkuptext}%
   7.229 +Arbitrary operations on the background context may be wrapped-up as
   7.230 +  generic declaration elements.  Since the underlying concept of local
   7.231 +  theories may be subject to later re-interpretation, there is an
   7.232 +  additional dependency on a morphism that tells the difference of the
   7.233 +  original declaration context wrt.\ the application context
   7.234 +  encountered later on.  A fact declaration is an important special
   7.235 +  case: it consists of a theorem which is applied to the context by
   7.236 +  means of an attribute.
   7.237 +
   7.238 +  \begin{matharray}{rcl}
   7.239 +    \indexdef{}{command}{declaration}\hypertarget{command.declaration}{\hyperlink{command.declaration}{\mbox{\isa{\isacommand{declaration}}}}} & : & \isarkeep{local{\dsh}theory} \\
   7.240 +    \indexdef{}{command}{declare}\hypertarget{command.declare}{\hyperlink{command.declare}{\mbox{\isa{\isacommand{declare}}}}} & : & \isarkeep{local{\dsh}theory} \\
   7.241 +  \end{matharray}
   7.242 +
   7.243 +  \begin{rail}
   7.244 +    'declaration' target? text
   7.245 +    ;
   7.246 +    'declare' target? (thmrefs + 'and')
   7.247 +    ;
   7.248 +  \end{rail}
   7.249 +
   7.250 +  \begin{descr}
   7.251 +
   7.252 +  \item [\hyperlink{command.declaration}{\mbox{\isa{\isacommand{declaration}}}}~\isa{d}] adds the declaration
   7.253 +  function \isa{d} of ML type \verb|declaration|, to the current
   7.254 +  local theory under construction.  In later application contexts, the
   7.255 +  function is transformed according to the morphisms being involved in
   7.256 +  the interpretation hierarchy.
   7.257 +
   7.258 +  \item [\hyperlink{command.declare}{\mbox{\isa{\isacommand{declare}}}}~\isa{thms}] declares theorems to the
   7.259 +  current local theory context.  No theorem binding is involved here,
   7.260 +  unlike \hyperlink{command.theorems}{\mbox{\isa{\isacommand{theorems}}}} or \hyperlink{command.lemmas}{\mbox{\isa{\isacommand{lemmas}}}} (cf.\
   7.261 +  \secref{sec:axms-thms}), so \hyperlink{command.declare}{\mbox{\isa{\isacommand{declare}}}} only has the effect
   7.262 +  of applying attributes as included in the theorem specification.
   7.263 +
   7.264 +  \end{descr}%
   7.265 +\end{isamarkuptext}%
   7.266 +\isamarkuptrue%
   7.267 +%
   7.268 +\isamarkupsection{Locales \label{sec:locale}%
   7.269 +}
   7.270 +\isamarkuptrue%
   7.271 +%
   7.272 +\begin{isamarkuptext}%
   7.273 +Locales are named local contexts, consisting of a list of
   7.274 +  declaration elements that are modeled after the Isar proof context
   7.275 +  commands (cf.\ \secref{sec:proof-context}).%
   7.276 +\end{isamarkuptext}%
   7.277 +\isamarkuptrue%
   7.278 +%
   7.279 +\isamarkupsubsection{Locale specifications%
   7.280 +}
   7.281 +\isamarkuptrue%
   7.282 +%
   7.283 +\begin{isamarkuptext}%
   7.284 +\begin{matharray}{rcl}
   7.285 +    \indexdef{}{command}{locale}\hypertarget{command.locale}{\hyperlink{command.locale}{\mbox{\isa{\isacommand{locale}}}}} & : & \isartrans{theory}{local{\dsh}theory} \\
   7.286 +    \indexdef{}{command}{print\_locale}\hypertarget{command.print-locale}{\hyperlink{command.print-locale}{\mbox{\isa{\isacommand{print{\isacharunderscore}locale}}}}}\isa{{\isachardoublequote}\isactrlsup {\isacharasterisk}{\isachardoublequote}} & : & \isarkeep{theory~|~proof} \\
   7.287 +    \indexdef{}{command}{print\_locales}\hypertarget{command.print-locales}{\hyperlink{command.print-locales}{\mbox{\isa{\isacommand{print{\isacharunderscore}locales}}}}}\isa{{\isachardoublequote}\isactrlsup {\isacharasterisk}{\isachardoublequote}} & : & \isarkeep{theory~|~proof} \\
   7.288 +    \indexdef{}{method}{intro\_locales}\hypertarget{method.intro-locales}{\hyperlink{method.intro-locales}{\mbox{\isa{intro{\isacharunderscore}locales}}}} & : & \isarmeth \\
   7.289 +    \indexdef{}{method}{unfold\_locales}\hypertarget{method.unfold-locales}{\hyperlink{method.unfold-locales}{\mbox{\isa{unfold{\isacharunderscore}locales}}}} & : & \isarmeth \\
   7.290 +  \end{matharray}
   7.291 +
   7.292 +  \indexouternonterm{contextexpr}\indexouternonterm{contextelem}
   7.293 +  \indexisarelem{fixes}\indexisarelem{constrains}\indexisarelem{assumes}
   7.294 +  \indexisarelem{defines}\indexisarelem{notes}\indexisarelem{includes}
   7.295 +  \begin{rail}
   7.296 +    'locale' ('(open)')? name ('=' localeexpr)? 'begin'?
   7.297 +    ;
   7.298 +    'print\_locale' '!'? localeexpr
   7.299 +    ;
   7.300 +    localeexpr: ((contextexpr '+' (contextelem+)) | contextexpr | (contextelem+))
   7.301 +    ;
   7.302 +
   7.303 +    contextexpr: nameref | '(' contextexpr ')' |
   7.304 +    (contextexpr (name mixfix? +)) | (contextexpr + '+')
   7.305 +    ;
   7.306 +    contextelem: fixes | constrains | assumes | defines | notes
   7.307 +    ;
   7.308 +    fixes: 'fixes' ((name ('::' type)? structmixfix? | vars) + 'and')
   7.309 +    ;
   7.310 +    constrains: 'constrains' (name '::' type + 'and')
   7.311 +    ;
   7.312 +    assumes: 'assumes' (thmdecl? props + 'and')
   7.313 +    ;
   7.314 +    defines: 'defines' (thmdecl? prop proppat? + 'and')
   7.315 +    ;
   7.316 +    notes: 'notes' (thmdef? thmrefs + 'and')
   7.317 +    ;
   7.318 +    includes: 'includes' contextexpr
   7.319 +    ;
   7.320 +  \end{rail}
   7.321 +
   7.322 +  \begin{descr}
   7.323 +  
   7.324 +  \item [\hyperlink{command.locale}{\mbox{\isa{\isacommand{locale}}}}~\isa{{\isachardoublequote}loc\ {\isacharequal}\ import\ {\isacharplus}\ body{\isachardoublequote}}] defines a
   7.325 +  new locale \isa{loc} as a context consisting of a certain view of
   7.326 +  existing locales (\isa{import}) plus some additional elements
   7.327 +  (\isa{body}).  Both \isa{import} and \isa{body} are optional;
   7.328 +  the degenerate form \hyperlink{command.locale}{\mbox{\isa{\isacommand{locale}}}}~\isa{loc} defines an empty
   7.329 +  locale, which may still be useful to collect declarations of facts
   7.330 +  later on.  Type-inference on locale expressions automatically takes
   7.331 +  care of the most general typing that the combined context elements
   7.332 +  may acquire.
   7.333 +
   7.334 +  The \isa{import} consists of a structured context expression,
   7.335 +  consisting of references to existing locales, renamed contexts, or
   7.336 +  merged contexts.  Renaming uses positional notation: \isa{{\isachardoublequote}c\ x\isactrlsub {\isadigit{1}}\ {\isasymdots}\ x\isactrlsub n{\isachardoublequote}} means that (a prefix of) the fixed
   7.337 +  parameters of context \isa{c} are named \isa{{\isachardoublequote}x\isactrlsub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ x\isactrlsub n{\isachardoublequote}}; a ``\isa{{\isacharunderscore}}'' (underscore) means to skip that
   7.338 +  position.  Renaming by default deletes concrete syntax, but new
   7.339 +  syntax may by specified with a mixfix annotation.  An exeption of
   7.340 +  this rule is the special syntax declared with ``\isa{{\isachardoublequote}{\isacharparenleft}{\isasymSTRUCTURE}{\isacharparenright}{\isachardoublequote}}'' (see below), which is neither deleted nor can it
   7.341 +  be changed.  Merging proceeds from left-to-right, suppressing any
   7.342 +  duplicates stemming from different paths through the import
   7.343 +  hierarchy.
   7.344 +
   7.345 +  The \isa{body} consists of basic context elements, further context
   7.346 +  expressions may be included as well.
   7.347 +
   7.348 +  \begin{descr}
   7.349 +
   7.350 +  \item [\hyperlink{element.fixes}{\mbox{\isa{\isakeyword{fixes}}}}~\isa{{\isachardoublequote}x\ {\isacharcolon}{\isacharcolon}\ {\isasymtau}\ {\isacharparenleft}mx{\isacharparenright}{\isachardoublequote}}] declares a local
   7.351 +  parameter of type \isa{{\isasymtau}} and mixfix annotation \isa{mx} (both
   7.352 +  are optional).  The special syntax declaration ``\isa{{\isachardoublequote}{\isacharparenleft}{\isasymSTRUCTURE}{\isacharparenright}{\isachardoublequote}}'' means that \isa{x} may be referenced
   7.353 +  implicitly in this context.
   7.354 +
   7.355 +  \item [\hyperlink{element.constrains}{\mbox{\isa{\isakeyword{constrains}}}}~\isa{{\isachardoublequote}x\ {\isacharcolon}{\isacharcolon}\ {\isasymtau}{\isachardoublequote}}] introduces a type
   7.356 +  constraint \isa{{\isasymtau}} on the local parameter \isa{x}.
   7.357 +
   7.358 +  \item [\hyperlink{element.assumes}{\mbox{\isa{\isakeyword{assumes}}}}~\isa{{\isachardoublequote}a{\isacharcolon}\ {\isasymphi}\isactrlsub {\isadigit{1}}\ {\isasymdots}\ {\isasymphi}\isactrlsub n{\isachardoublequote}}]
   7.359 +  introduces local premises, similar to \hyperlink{command.assume}{\mbox{\isa{\isacommand{assume}}}} within a
   7.360 +  proof (cf.\ \secref{sec:proof-context}).
   7.361 +
   7.362 +  \item [\hyperlink{element.defines}{\mbox{\isa{\isakeyword{defines}}}}~\isa{{\isachardoublequote}a{\isacharcolon}\ x\ {\isasymequiv}\ t{\isachardoublequote}}] defines a previously
   7.363 +  declared parameter.  This is similar to \hyperlink{command.def}{\mbox{\isa{\isacommand{def}}}} within a
   7.364 +  proof (cf.\ \secref{sec:proof-context}), but \hyperlink{element.defines}{\mbox{\isa{\isakeyword{defines}}}}
   7.365 +  takes an equational proposition instead of variable-term pair.  The
   7.366 +  left-hand side of the equation may have additional arguments, e.g.\
   7.367 +  ``\hyperlink{element.defines}{\mbox{\isa{\isakeyword{defines}}}}~\isa{{\isachardoublequote}f\ x\isactrlsub {\isadigit{1}}\ {\isasymdots}\ x\isactrlsub n\ {\isasymequiv}\ t{\isachardoublequote}}''.
   7.368 +
   7.369 +  \item [\hyperlink{element.notes}{\mbox{\isa{\isakeyword{notes}}}}~\isa{{\isachardoublequote}a\ {\isacharequal}\ b\isactrlsub {\isadigit{1}}\ {\isasymdots}\ b\isactrlsub n{\isachardoublequote}}]
   7.370 +  reconsiders facts within a local context.  Most notably, this may
   7.371 +  include arbitrary declarations in any attribute specifications
   7.372 +  included here, e.g.\ a local \hyperlink{attribute.simp}{\mbox{\isa{simp}}} rule.
   7.373 +
   7.374 +  \item [\hyperlink{element.includes}{\mbox{\isa{\isakeyword{includes}}}}~\isa{c}] copies the specified context
   7.375 +  in a statically scoped manner.  Only available in the long goal
   7.376 +  format of \secref{sec:goals}.
   7.377 +
   7.378 +  In contrast, the initial \isa{import} specification of a locale
   7.379 +  expression maintains a dynamic relation to the locales being
   7.380 +  referenced (benefiting from any later fact declarations in the
   7.381 +  obvious manner).
   7.382 +
   7.383 +  \end{descr}
   7.384 +  
   7.385 +  Note that ``\isa{{\isachardoublequote}{\isacharparenleft}{\isasymIS}\ p\isactrlsub {\isadigit{1}}\ {\isasymdots}\ p\isactrlsub n{\isacharparenright}{\isachardoublequote}}'' patterns given
   7.386 +  in the syntax of \hyperlink{element.assumes}{\mbox{\isa{\isakeyword{assumes}}}} and \hyperlink{element.defines}{\mbox{\isa{\isakeyword{defines}}}} above
   7.387 +  are illegal in locale definitions.  In the long goal format of
   7.388 +  \secref{sec:goals}, term bindings may be included as expected,
   7.389 +  though.
   7.390 +  
   7.391 +  \medskip By default, locale specifications are ``closed up'' by
   7.392 +  turning the given text into a predicate definition \isa{loc{\isacharunderscore}axioms} and deriving the original assumptions as local lemmas
   7.393 +  (modulo local definitions).  The predicate statement covers only the
   7.394 +  newly specified assumptions, omitting the content of included locale
   7.395 +  expressions.  The full cumulative view is only provided on export,
   7.396 +  involving another predicate \isa{loc} that refers to the complete
   7.397 +  specification text.
   7.398 +  
   7.399 +  In any case, the predicate arguments are those locale parameters
   7.400 +  that actually occur in the respective piece of text.  Also note that
   7.401 +  these predicates operate at the meta-level in theory, but the locale
   7.402 +  packages attempts to internalize statements according to the
   7.403 +  object-logic setup (e.g.\ replacing \isa{{\isasymAnd}} by \isa{{\isasymforall}}, and
   7.404 +  \isa{{\isachardoublequote}{\isasymLongrightarrow}{\isachardoublequote}} by \isa{{\isachardoublequote}{\isasymlongrightarrow}{\isachardoublequote}} in HOL; see also
   7.405 +  \secref{sec:object-logic}).  Separate introduction rules \isa{loc{\isacharunderscore}axioms{\isachardot}intro} and \isa{loc{\isachardot}intro} are provided as well.
   7.406 +  
   7.407 +  The \isa{{\isachardoublequote}{\isacharparenleft}open{\isacharparenright}{\isachardoublequote}} option of a locale specification prevents both
   7.408 +  the current \isa{loc{\isacharunderscore}axioms} and cumulative \isa{loc} predicate
   7.409 +  constructions.  Predicates are also omitted for empty specification
   7.410 +  texts.
   7.411 +
   7.412 +  \item [\hyperlink{command.print-locale}{\mbox{\isa{\isacommand{print{\isacharunderscore}locale}}}}~\isa{{\isachardoublequote}import\ {\isacharplus}\ body{\isachardoublequote}}] prints the
   7.413 +  specified locale expression in a flattened form.  The notable
   7.414 +  special case \hyperlink{command.print-locale}{\mbox{\isa{\isacommand{print{\isacharunderscore}locale}}}}~\isa{loc} just prints the
   7.415 +  contents of the named locale, but keep in mind that type-inference
   7.416 +  will normalize type variables according to the usual alphabetical
   7.417 +  order.  The command omits \hyperlink{element.notes}{\mbox{\isa{\isakeyword{notes}}}} elements by default.
   7.418 +  Use \hyperlink{command.print-locale}{\mbox{\isa{\isacommand{print{\isacharunderscore}locale}}}}\isa{{\isachardoublequote}{\isacharbang}{\isachardoublequote}} to get them included.
   7.419 +
   7.420 +  \item [\hyperlink{command.print-locales}{\mbox{\isa{\isacommand{print{\isacharunderscore}locales}}}}] prints the names of all locales
   7.421 +  of the current theory.
   7.422 +
   7.423 +  \item [\hyperlink{method.intro-locales}{\mbox{\isa{intro{\isacharunderscore}locales}}} and \hyperlink{method.unfold-locales}{\mbox{\isa{unfold{\isacharunderscore}locales}}}]
   7.424 +  repeatedly expand all introduction rules of locale predicates of the
   7.425 +  theory.  While \hyperlink{method.intro-locales}{\mbox{\isa{intro{\isacharunderscore}locales}}} only applies the \isa{loc{\isachardot}intro} introduction rules and therefore does not decend to
   7.426 +  assumptions, \hyperlink{method.unfold-locales}{\mbox{\isa{unfold{\isacharunderscore}locales}}} is more aggressive and applies
   7.427 +  \isa{loc{\isacharunderscore}axioms{\isachardot}intro} as well.  Both methods are aware of locale
   7.428 +  specifications entailed by the context, both from target and
   7.429 +  \hyperlink{element.includes}{\mbox{\isa{\isakeyword{includes}}}} statements, and from interpretations (see
   7.430 +  below).  New goals that are entailed by the current context are
   7.431 +  discharged automatically.
   7.432 +
   7.433 +  \end{descr}%
   7.434 +\end{isamarkuptext}%
   7.435 +\isamarkuptrue%
   7.436 +%
   7.437 +\isamarkupsubsection{Interpretation of locales%
   7.438 +}
   7.439 +\isamarkuptrue%
   7.440 +%
   7.441 +\begin{isamarkuptext}%
   7.442 +Locale expressions (more precisely, \emph{context expressions}) may
   7.443 +  be instantiated, and the instantiated facts added to the current
   7.444 +  context.  This requires a proof of the instantiated specification
   7.445 +  and is called \emph{locale interpretation}.  Interpretation is
   7.446 +  possible in theories and locales (command \hyperlink{command.interpretation}{\mbox{\isa{\isacommand{interpretation}}}}) and also within a proof body (command \hyperlink{command.interpret}{\mbox{\isa{\isacommand{interpret}}}}).
   7.447 +
   7.448 +  \begin{matharray}{rcl}
   7.449 +    \indexdef{}{command}{interpretation}\hypertarget{command.interpretation}{\hyperlink{command.interpretation}{\mbox{\isa{\isacommand{interpretation}}}}} & : & \isartrans{theory}{proof(prove)} \\
   7.450 +    \indexdef{}{command}{interpret}\hypertarget{command.interpret}{\hyperlink{command.interpret}{\mbox{\isa{\isacommand{interpret}}}}} & : & \isartrans{proof(state) ~|~ proof(chain)}{proof(prove)} \\
   7.451 +    \indexdef{}{command}{print\_interps}\hypertarget{command.print-interps}{\hyperlink{command.print-interps}{\mbox{\isa{\isacommand{print{\isacharunderscore}interps}}}}}\isa{{\isachardoublequote}\isactrlsup {\isacharasterisk}{\isachardoublequote}} & : &  \isarkeep{theory~|~proof} \\
   7.452 +  \end{matharray}
   7.453 +
   7.454 +  \indexouternonterm{interp}
   7.455 +  \begin{rail}
   7.456 +    'interpretation' (interp | name ('<' | subseteq) contextexpr)
   7.457 +    ;
   7.458 +    'interpret' interp
   7.459 +    ;
   7.460 +    'print\_interps' '!'? name
   7.461 +    ;
   7.462 +    instantiation: ('[' (inst+) ']')?
   7.463 +    ;
   7.464 +    interp: thmdecl? \\ (contextexpr instantiation |
   7.465 +      name instantiation 'where' (thmdecl? prop + 'and'))
   7.466 +    ;
   7.467 +  \end{rail}
   7.468 +
   7.469 +  \begin{descr}
   7.470 +
   7.471 +  \item [\hyperlink{command.interpretation}{\mbox{\isa{\isacommand{interpretation}}}}~\isa{{\isachardoublequote}expr\ insts\ {\isasymWHERE}\ eqns{\isachardoublequote}}]
   7.472 +
   7.473 +  The first form of \hyperlink{command.interpretation}{\mbox{\isa{\isacommand{interpretation}}}} interprets \isa{expr} in the theory.  The instantiation is given as a list of terms
   7.474 +  \isa{insts} and is positional.  All parameters must receive an
   7.475 +  instantiation term --- with the exception of defined parameters.
   7.476 +  These are, if omitted, derived from the defining equation and other
   7.477 +  instantiations.  Use ``\isa{{\isacharunderscore}}'' to omit an instantiation term.
   7.478 +
   7.479 +  The command generates proof obligations for the instantiated
   7.480 +  specifications (assumes and defines elements).  Once these are
   7.481 +  discharged by the user, instantiated facts are added to the theory
   7.482 +  in a post-processing phase.
   7.483 +
   7.484 +  Additional equations, which are unfolded in facts during
   7.485 +  post-processing, may be given after the keyword \hyperlink{keyword.where}{\mbox{\isa{\isakeyword{where}}}}.
   7.486 +  This is useful for interpreting concepts introduced through
   7.487 +  definition specification elements.  The equations must be proved.
   7.488 +  Note that if equations are present, the context expression is
   7.489 +  restricted to a locale name.
   7.490 +
   7.491 +  The command is aware of interpretations already active in the
   7.492 +  theory.  No proof obligations are generated for those, neither is
   7.493 +  post-processing applied to their facts.  This avoids duplication of
   7.494 +  interpreted facts, in particular.  Note that, in the case of a
   7.495 +  locale with import, parts of the interpretation may already be
   7.496 +  active.  The command will only generate proof obligations and
   7.497 +  process facts for new parts.
   7.498 +
   7.499 +  The context expression may be preceded by a name and/or attributes.
   7.500 +  These take effect in the post-processing of facts.  The name is used
   7.501 +  to prefix fact names, for example to avoid accidental hiding of
   7.502 +  other facts.  Attributes are applied after attributes of the
   7.503 +  interpreted facts.
   7.504 +
   7.505 +  Adding facts to locales has the effect of adding interpreted facts
   7.506 +  to the theory for all active interpretations also.  That is,
   7.507 +  interpretations dynamically participate in any facts added to
   7.508 +  locales.
   7.509 +
   7.510 +  \item [\hyperlink{command.interpretation}{\mbox{\isa{\isacommand{interpretation}}}}~\isa{{\isachardoublequote}name\ {\isasymsubseteq}\ expr{\isachardoublequote}}]
   7.511 +
   7.512 +  This form of the command interprets \isa{expr} in the locale
   7.513 +  \isa{name}.  It requires a proof that the specification of \isa{name} implies the specification of \isa{expr}.  As in the
   7.514 +  localized version of the theorem command, the proof is in the
   7.515 +  context of \isa{name}.  After the proof obligation has been
   7.516 +  dischared, the facts of \isa{expr} become part of locale \isa{name} as \emph{derived} context elements and are available when the
   7.517 +  context \isa{name} is subsequently entered.  Note that, like
   7.518 +  import, this is dynamic: facts added to a locale part of \isa{expr} after interpretation become also available in \isa{name}.
   7.519 +  Like facts of renamed context elements, facts obtained by
   7.520 +  interpretation may be accessed by prefixing with the parameter
   7.521 +  renaming (where the parameters are separated by ``\isa{{\isacharunderscore}}'').
   7.522 +
   7.523 +  Unlike interpretation in theories, instantiation is confined to the
   7.524 +  renaming of parameters, which may be specified as part of the
   7.525 +  context expression \isa{expr}.  Using defined parameters in \isa{name} one may achieve an effect similar to instantiation, though.
   7.526 +
   7.527 +  Only specification fragments of \isa{expr} that are not already
   7.528 +  part of \isa{name} (be it imported, derived or a derived fragment
   7.529 +  of the import) are considered by interpretation.  This enables
   7.530 +  circular interpretations.
   7.531 +
   7.532 +  If interpretations of \isa{name} exist in the current theory, the
   7.533 +  command adds interpretations for \isa{expr} as well, with the same
   7.534 +  prefix and attributes, although only for fragments of \isa{expr}
   7.535 +  that are not interpreted in the theory already.
   7.536 +
   7.537 +  \item [\hyperlink{command.interpret}{\mbox{\isa{\isacommand{interpret}}}}~\isa{{\isachardoublequote}expr\ insts\ {\isasymWHERE}\ eqns{\isachardoublequote}}]
   7.538 +  interprets \isa{expr} in the proof context and is otherwise
   7.539 +  similar to interpretation in theories.
   7.540 +
   7.541 +  \item [\hyperlink{command.print-interps}{\mbox{\isa{\isacommand{print{\isacharunderscore}interps}}}}~\isa{loc}] prints the
   7.542 +  interpretations of a particular locale \isa{loc} that are active
   7.543 +  in the current context, either theory or proof context.  The
   7.544 +  exclamation point argument triggers printing of \emph{witness}
   7.545 +  theorems justifying interpretations.  These are normally omitted
   7.546 +  from the output.
   7.547 +  
   7.548 +  \end{descr}
   7.549 +
   7.550 +  \begin{warn}
   7.551 +    Since attributes are applied to interpreted theorems,
   7.552 +    interpretation may modify the context of common proof tools, e.g.\
   7.553 +    the Simplifier or Classical Reasoner.  Since the behavior of such
   7.554 +    automated reasoning tools is \emph{not} stable under
   7.555 +    interpretation morphisms, manual declarations might have to be
   7.556 +    issued.
   7.557 +  \end{warn}
   7.558 +
   7.559 +  \begin{warn}
   7.560 +    An interpretation in a theory may subsume previous
   7.561 +    interpretations.  This happens if the same specification fragment
   7.562 +    is interpreted twice and the instantiation of the second
   7.563 +    interpretation is more general than the interpretation of the
   7.564 +    first.  A warning is issued, since it is likely that these could
   7.565 +    have been generalized in the first place.  The locale package does
   7.566 +    not attempt to remove subsumed interpretations.
   7.567 +  \end{warn}%
   7.568 +\end{isamarkuptext}%
   7.569 +\isamarkuptrue%
   7.570 +%
   7.571 +\isamarkupsection{Classes \label{sec:class}%
   7.572 +}
   7.573 +\isamarkuptrue%
   7.574 +%
   7.575 +\begin{isamarkuptext}%
   7.576 +A class is a particular locale with \emph{exactly one} type variable
   7.577 +  \isa{{\isasymalpha}}.  Beyond the underlying locale, a corresponding type class
   7.578 +  is established which is interpreted logically as axiomatic type
   7.579 +  class \cite{Wenzel:1997:TPHOL} whose logical content are the
   7.580 +  assumptions of the locale.  Thus, classes provide the full
   7.581 +  generality of locales combined with the commodity of type classes
   7.582 +  (notably type-inference).  See \cite{isabelle-classes} for a short
   7.583 +  tutorial.
   7.584 +
   7.585 +  \begin{matharray}{rcl}
   7.586 +    \indexdef{}{command}{class}\hypertarget{command.class}{\hyperlink{command.class}{\mbox{\isa{\isacommand{class}}}}} & : & \isartrans{theory}{local{\dsh}theory} \\
   7.587 +    \indexdef{}{command}{instantiation}\hypertarget{command.instantiation}{\hyperlink{command.instantiation}{\mbox{\isa{\isacommand{instantiation}}}}} & : & \isartrans{theory}{local{\dsh}theory} \\
   7.588 +    \indexdef{}{command}{instance}\hypertarget{command.instance}{\hyperlink{command.instance}{\mbox{\isa{\isacommand{instance}}}}} & : & \isartrans{local{\dsh}theory}{local{\dsh}theory} \\
   7.589 +    \indexdef{}{command}{subclass}\hypertarget{command.subclass}{\hyperlink{command.subclass}{\mbox{\isa{\isacommand{subclass}}}}} & : & \isartrans{local{\dsh}theory}{local{\dsh}theory} \\
   7.590 +    \indexdef{}{command}{print\_classes}\hypertarget{command.print-classes}{\hyperlink{command.print-classes}{\mbox{\isa{\isacommand{print{\isacharunderscore}classes}}}}}\isa{{\isachardoublequote}\isactrlsup {\isacharasterisk}{\isachardoublequote}} & : & \isarkeep{theory~|~proof} \\
   7.591 +    \indexdef{}{method}{intro\_classes}\hypertarget{method.intro-classes}{\hyperlink{method.intro-classes}{\mbox{\isa{intro{\isacharunderscore}classes}}}} & : & \isarmeth \\
   7.592 +  \end{matharray}
   7.593 +
   7.594 +  \begin{rail}
   7.595 +    'class' name '=' ((superclassexpr '+' (contextelem+)) | superclassexpr | (contextelem+)) \\
   7.596 +      'begin'?
   7.597 +    ;
   7.598 +    'instantiation' (nameref + 'and') '::' arity 'begin'
   7.599 +    ;
   7.600 +    'instance'
   7.601 +    ;
   7.602 +    'subclass' target? nameref
   7.603 +    ;
   7.604 +    'print\_classes'
   7.605 +    ;
   7.606 +
   7.607 +    superclassexpr: nameref | (nameref '+' superclassexpr)
   7.608 +    ;
   7.609 +  \end{rail}
   7.610 +
   7.611 +  \begin{descr}
   7.612 +
   7.613 +  \item [\hyperlink{command.class}{\mbox{\isa{\isacommand{class}}}}~\isa{{\isachardoublequote}c\ {\isacharequal}\ superclasses\ {\isacharplus}\ body{\isachardoublequote}}] defines
   7.614 +  a new class \isa{c}, inheriting from \isa{superclasses}.  This
   7.615 +  introduces a locale \isa{c} with import of all locales \isa{superclasses}.
   7.616 +
   7.617 +  Any \hyperlink{element.fixes}{\mbox{\isa{\isakeyword{fixes}}}} in \isa{body} are lifted to the global
   7.618 +  theory level (\emph{class operations} \isa{{\isachardoublequote}f\isactrlsub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ f\isactrlsub n{\isachardoublequote}} of class \isa{c}), mapping the local type parameter
   7.619 +  \isa{{\isasymalpha}} to a schematic type variable \isa{{\isachardoublequote}{\isacharquery}{\isasymalpha}\ {\isacharcolon}{\isacharcolon}\ c{\isachardoublequote}}.
   7.620 +
   7.621 +  Likewise, \hyperlink{element.assumes}{\mbox{\isa{\isakeyword{assumes}}}} in \isa{body} are also lifted,
   7.622 +  mapping each local parameter \isa{{\isachardoublequote}f\ {\isacharcolon}{\isacharcolon}\ {\isasymtau}{\isacharbrackleft}{\isasymalpha}{\isacharbrackright}{\isachardoublequote}} to its
   7.623 +  corresponding global constant \isa{{\isachardoublequote}f\ {\isacharcolon}{\isacharcolon}\ {\isasymtau}{\isacharbrackleft}{\isacharquery}{\isasymalpha}\ {\isacharcolon}{\isacharcolon}\ c{\isacharbrackright}{\isachardoublequote}}.  The
   7.624 +  corresponding introduction rule is provided as \isa{c{\isacharunderscore}class{\isacharunderscore}axioms{\isachardot}intro}.  This rule should be rarely needed directly
   7.625 +  --- the \hyperlink{method.intro-classes}{\mbox{\isa{intro{\isacharunderscore}classes}}} method takes care of the details of
   7.626 +  class membership proofs.
   7.627 +
   7.628 +  \item [\hyperlink{command.instantiation}{\mbox{\isa{\isacommand{instantiation}}}}~\isa{{\isachardoublequote}t\ {\isacharcolon}{\isacharcolon}\ {\isacharparenleft}s\isactrlsub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ s\isactrlsub n{\isacharparenright}\ s\ {\isasymBEGIN}{\isachardoublequote}}] opens a theory target (cf.\
   7.629 +  \secref{sec:target}) which allows to specify class operations \isa{{\isachardoublequote}f\isactrlsub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ f\isactrlsub n{\isachardoublequote}} corresponding to sort \isa{s} at the
   7.630 +  particular type instance \isa{{\isachardoublequote}{\isacharparenleft}{\isasymalpha}\isactrlsub {\isadigit{1}}\ {\isacharcolon}{\isacharcolon}\ s\isactrlsub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ {\isasymalpha}\isactrlsub n\ {\isacharcolon}{\isacharcolon}\ s\isactrlsub n{\isacharparenright}\ t{\isachardoublequote}}.  A plain \hyperlink{command.instance}{\mbox{\isa{\isacommand{instance}}}} command
   7.631 +  in the target body poses a goal stating these type arities.  The
   7.632 +  target is concluded by an \indexref{local}{command}{end}\hyperlink{command.local.end}{\mbox{\isa{\isacommand{end}}}} command.
   7.633 +
   7.634 +  Note that a list of simultaneous type constructors may be given;
   7.635 +  this corresponds nicely to mutual recursive type definitions, e.g.\
   7.636 +  in Isabelle/HOL.
   7.637 +
   7.638 +  \item [\hyperlink{command.instance}{\mbox{\isa{\isacommand{instance}}}}] in an instantiation target body sets
   7.639 +  up a goal stating the type arities claimed at the opening \hyperlink{command.instantiation}{\mbox{\isa{\isacommand{instantiation}}}}.  The proof would usually proceed by \hyperlink{method.intro-classes}{\mbox{\isa{intro{\isacharunderscore}classes}}}, and then establish the characteristic theorems of
   7.640 +  the type classes involved.  After finishing the proof, the
   7.641 +  background theory will be augmented by the proven type arities.
   7.642 +
   7.643 +  \item [\hyperlink{command.subclass}{\mbox{\isa{\isacommand{subclass}}}}~\isa{c}] in a class context for class
   7.644 +  \isa{d} sets up a goal stating that class \isa{c} is logically
   7.645 +  contained in class \isa{d}.  After finishing the proof, class
   7.646 +  \isa{d} is proven to be subclass \isa{c} and the locale \isa{c} is interpreted into \isa{d} simultaneously.
   7.647 +
   7.648 +  \item [\hyperlink{command.print-classes}{\mbox{\isa{\isacommand{print{\isacharunderscore}classes}}}}] prints all classes in the current
   7.649 +  theory.
   7.650 +
   7.651 +  \item [\hyperlink{method.intro-classes}{\mbox{\isa{intro{\isacharunderscore}classes}}}] repeatedly expands all class
   7.652 +  introduction rules of this theory.  Note that this method usually
   7.653 +  needs not be named explicitly, as it is already included in the
   7.654 +  default proof step (e.g.\ of \hyperlink{command.proof}{\mbox{\isa{\isacommand{proof}}}}).  In particular,
   7.655 +  instantiation of trivial (syntactic) classes may be performed by a
   7.656 +  single ``\hyperlink{command.ddot}{\mbox{\isa{\isacommand{{\isachardot}{\isachardot}}}}}'' proof step.
   7.657  
   7.658    \end{descr}%
   7.659  \end{isamarkuptext}%
   7.660  \isamarkuptrue%
   7.661  %
   7.662 +\isamarkupsubsection{The class target%
   7.663 +}
   7.664 +\isamarkuptrue%
   7.665 +%
   7.666 +\begin{isamarkuptext}%
   7.667 +%FIXME check
   7.668 +
   7.669 +  A named context may refer to a locale (cf.\ \secref{sec:target}).
   7.670 +  If this locale is also a class \isa{c}, apart from the common
   7.671 +  locale target behaviour the following happens.
   7.672 +
   7.673 +  \begin{itemize}
   7.674 +
   7.675 +  \item Local constant declarations \isa{{\isachardoublequote}g{\isacharbrackleft}{\isasymalpha}{\isacharbrackright}{\isachardoublequote}} referring to the
   7.676 +  local type parameter \isa{{\isasymalpha}} and local parameters \isa{{\isachardoublequote}f{\isacharbrackleft}{\isasymalpha}{\isacharbrackright}{\isachardoublequote}}
   7.677 +  are accompanied by theory-level constants \isa{{\isachardoublequote}g{\isacharbrackleft}{\isacharquery}{\isasymalpha}\ {\isacharcolon}{\isacharcolon}\ c{\isacharbrackright}{\isachardoublequote}}
   7.678 +  referring to theory-level class operations \isa{{\isachardoublequote}f{\isacharbrackleft}{\isacharquery}{\isasymalpha}\ {\isacharcolon}{\isacharcolon}\ c{\isacharbrackright}{\isachardoublequote}}.
   7.679 +
   7.680 +  \item Local theorem bindings are lifted as are assumptions.
   7.681 +
   7.682 +  \item Local syntax refers to local operations \isa{{\isachardoublequote}g{\isacharbrackleft}{\isasymalpha}{\isacharbrackright}{\isachardoublequote}} and
   7.683 +  global operations \isa{{\isachardoublequote}g{\isacharbrackleft}{\isacharquery}{\isasymalpha}\ {\isacharcolon}{\isacharcolon}\ c{\isacharbrackright}{\isachardoublequote}} uniformly.  Type inference
   7.684 +  resolves ambiguities.  In rare cases, manual type annotations are
   7.685 +  needed.
   7.686 +  
   7.687 +  \end{itemize}%
   7.688 +\end{isamarkuptext}%
   7.689 +\isamarkuptrue%
   7.690 +%
   7.691 +\isamarkupsection{Axiomatic type classes \label{sec:axclass}%
   7.692 +}
   7.693 +\isamarkuptrue%
   7.694 +%
   7.695 +\begin{isamarkuptext}%
   7.696 +\begin{warn}
   7.697 +  This describes the old interface to axiomatic type-classes in
   7.698 +  Isabelle.  See \secref{sec:class} for a more recent higher-level
   7.699 +  view on the same ideas.
   7.700 +  \end{warn}
   7.701 +
   7.702 +  \begin{matharray}{rcl}
   7.703 +    \indexdef{}{command}{axclass}\hypertarget{command.axclass}{\hyperlink{command.axclass}{\mbox{\isa{\isacommand{axclass}}}}} & : & \isartrans{theory}{theory} \\
   7.704 +    \indexdef{}{command}{instance}\hypertarget{command.instance}{\hyperlink{command.instance}{\mbox{\isa{\isacommand{instance}}}}} & : & \isartrans{theory}{proof(prove)} \\
   7.705 +  \end{matharray}
   7.706 +
   7.707 +  Axiomatic type classes are Isabelle/Pure's primitive
   7.708 +  \emph{definitional} interface to type classes.  For practical
   7.709 +  applications, you should consider using classes
   7.710 +  (cf.~\secref{sec:classes}) which provide high level interface.
   7.711 +
   7.712 +  \begin{rail}
   7.713 +    'axclass' classdecl (axmdecl prop +)
   7.714 +    ;
   7.715 +    'instance' (nameref ('<' | subseteq) nameref | nameref '::' arity)
   7.716 +    ;
   7.717 +  \end{rail}
   7.718 +
   7.719 +  \begin{descr}
   7.720 +  
   7.721 +  \item [\hyperlink{command.axclass}{\mbox{\isa{\isacommand{axclass}}}}~\isa{{\isachardoublequote}c\ {\isasymsubseteq}\ c\isactrlsub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ c\isactrlsub n\ axms{\isachardoublequote}}] defines an axiomatic type class as the intersection of
   7.722 +  existing classes, with additional axioms holding.  Class axioms may
   7.723 +  not contain more than one type variable.  The class axioms (with
   7.724 +  implicit sort constraints added) are bound to the given names.
   7.725 +  Furthermore a class introduction rule is generated (being bound as
   7.726 +  \isa{c{\isacharunderscore}class{\isachardot}intro}); this rule is employed by method \hyperlink{method.intro-classes}{\mbox{\isa{intro{\isacharunderscore}classes}}} to support instantiation proofs of this class.
   7.727 +  
   7.728 +  The ``class axioms'' are stored as theorems according to the given
   7.729 +  name specifications, adding \isa{{\isachardoublequote}c{\isacharunderscore}class{\isachardoublequote}} as name space prefix;
   7.730 +  the same facts are also stored collectively as \isa{c{\isacharunderscore}class{\isachardot}axioms}.
   7.731 +  
   7.732 +  \item [\hyperlink{command.instance}{\mbox{\isa{\isacommand{instance}}}}~\isa{{\isachardoublequote}c\isactrlsub {\isadigit{1}}\ {\isasymsubseteq}\ c\isactrlsub {\isadigit{2}}{\isachardoublequote}} and
   7.733 +  \hyperlink{command.instance}{\mbox{\isa{\isacommand{instance}}}}~\isa{{\isachardoublequote}t\ {\isacharcolon}{\isacharcolon}\ {\isacharparenleft}s\isactrlsub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ s\isactrlsub n{\isacharparenright}\ s{\isachardoublequote}}]
   7.734 +  setup a goal stating a class relation or type arity.  The proof
   7.735 +  would usually proceed by \hyperlink{method.intro-classes}{\mbox{\isa{intro{\isacharunderscore}classes}}}, and then establish
   7.736 +  the characteristic theorems of the type classes involved.  After
   7.737 +  finishing the proof, the theory will be augmented by a type
   7.738 +  signature declaration corresponding to the resulting theorem.
   7.739 +
   7.740 +  \end{descr}%
   7.741 +\end{isamarkuptext}%
   7.742 +\isamarkuptrue%
   7.743 +%
   7.744 +\isamarkupsection{Unrestricted overloading%
   7.745 +}
   7.746 +\isamarkuptrue%
   7.747 +%
   7.748 +\begin{isamarkuptext}%
   7.749 +Isabelle/Pure's definitional schemes support certain forms of
   7.750 +  overloading (see \secref{sec:consts}).  At most occassions
   7.751 +  overloading will be used in a Haskell-like fashion together with
   7.752 +  type classes by means of \hyperlink{command.instantiation}{\mbox{\isa{\isacommand{instantiation}}}} (see
   7.753 +  \secref{sec:class}).  Sometimes low-level overloading is desirable.
   7.754 +  The \hyperlink{command.overloading}{\mbox{\isa{\isacommand{overloading}}}} target provides a convenient view for
   7.755 +  end-users.
   7.756 +
   7.757 +  \begin{matharray}{rcl}
   7.758 +    \indexdef{}{command}{overloading}\hypertarget{command.overloading}{\hyperlink{command.overloading}{\mbox{\isa{\isacommand{overloading}}}}} & : & \isartrans{theory}{local{\dsh}theory} \\
   7.759 +  \end{matharray}
   7.760 +
   7.761 +  \begin{rail}
   7.762 +    'overloading' \\
   7.763 +    ( string ( '==' | equiv ) term ( '(' 'unchecked' ')' )? + ) 'begin'
   7.764 +  \end{rail}
   7.765 +
   7.766 +  \begin{descr}
   7.767 +
   7.768 +  \item [\hyperlink{command.overloading}{\mbox{\isa{\isacommand{overloading}}}}~\isa{{\isachardoublequote}x\isactrlsub {\isadigit{1}}\ {\isasymequiv}\ c\isactrlsub {\isadigit{1}}\ {\isacharcolon}{\isacharcolon}\ {\isasymtau}\isactrlsub {\isadigit{1}}\ {\isasymAND}\ {\isasymdots}\ x\isactrlsub n\ {\isasymequiv}\ c\isactrlsub n\ {\isacharcolon}{\isacharcolon}\ {\isasymtau}\isactrlsub n\ {\isasymBEGIN}{\isachardoublequote}}]
   7.769 +  opens a theory target (cf.\ \secref{sec:target}) which allows to
   7.770 +  specify constants with overloaded definitions.  These are identified
   7.771 +  by an explicitly given mapping from variable names \isa{{\isachardoublequote}x\isactrlsub i{\isachardoublequote}} to constants \isa{{\isachardoublequote}c\isactrlsub i{\isachardoublequote}} at particular type
   7.772 +  instances.  The definitions themselves are established using common
   7.773 +  specification tools, using the names \isa{{\isachardoublequote}x\isactrlsub i{\isachardoublequote}} as
   7.774 +  reference to the corresponding constants.  The target is concluded
   7.775 +  by \hyperlink{command.local.end}{\mbox{\isa{\isacommand{end}}}}.
   7.776 +
   7.777 +  A \isa{{\isachardoublequote}{\isacharparenleft}unchecked{\isacharparenright}{\isachardoublequote}} option disables global dependency checks for
   7.778 +  the corresponding definition, which is occasionally useful for
   7.779 +  exotic overloading.  It is at the discretion of the user to avoid
   7.780 +  malformed theory specifications!
   7.781 +
   7.782 +  \end{descr}%
   7.783 +\end{isamarkuptext}%
   7.784 +\isamarkuptrue%
   7.785 +%
   7.786 +\isamarkupsection{Incorporating ML code \label{sec:ML}%
   7.787 +}
   7.788 +\isamarkuptrue%
   7.789 +%
   7.790 +\begin{isamarkuptext}%
   7.791 +\begin{matharray}{rcl}
   7.792 +    \indexdef{}{command}{use}\hypertarget{command.use}{\hyperlink{command.use}{\mbox{\isa{\isacommand{use}}}}} & : & \isarkeep{theory~|~local{\dsh}theory} \\
   7.793 +    \indexdef{}{command}{ML}\hypertarget{command.ML}{\hyperlink{command.ML}{\mbox{\isa{\isacommand{ML}}}}} & : & \isarkeep{theory~|~local{\dsh}theory} \\
   7.794 +    \indexdef{}{command}{ML\_val}\hypertarget{command.ML-val}{\hyperlink{command.ML-val}{\mbox{\isa{\isacommand{ML{\isacharunderscore}val}}}}} & : & \isartrans{\cdot}{\cdot} \\
   7.795 +    \indexdef{}{command}{ML\_command}\hypertarget{command.ML-command}{\hyperlink{command.ML-command}{\mbox{\isa{\isacommand{ML{\isacharunderscore}command}}}}} & : & \isartrans{\cdot}{\cdot} \\
   7.796 +    \indexdef{}{command}{setup}\hypertarget{command.setup}{\hyperlink{command.setup}{\mbox{\isa{\isacommand{setup}}}}} & : & \isartrans{theory}{theory} \\
   7.797 +    \indexdef{}{command}{method\_setup}\hypertarget{command.method-setup}{\hyperlink{command.method-setup}{\mbox{\isa{\isacommand{method{\isacharunderscore}setup}}}}} & : & \isartrans{theory}{theory} \\
   7.798 +  \end{matharray}
   7.799 +
   7.800 +  \begin{rail}
   7.801 +    'use' name
   7.802 +    ;
   7.803 +    ('ML' | 'ML\_val' | 'ML\_command' | 'setup') text
   7.804 +    ;
   7.805 +    'method\_setup' name '=' text text
   7.806 +    ;
   7.807 +  \end{rail}
   7.808 +
   7.809 +  \begin{descr}
   7.810 +
   7.811 +  \item [\hyperlink{command.use}{\mbox{\isa{\isacommand{use}}}}~\isa{{\isachardoublequote}file{\isachardoublequote}}] reads and executes ML
   7.812 +  commands from \isa{{\isachardoublequote}file{\isachardoublequote}}.  The current theory context is passed
   7.813 +  down to the ML toplevel and may be modified, using \verb|"Context.>>"| or derived ML commands.  The file name is checked with
   7.814 +  the \indexref{}{keyword}{uses}\hyperlink{keyword.uses}{\mbox{\isa{\isakeyword{uses}}}} dependency declaration given in the theory
   7.815 +  header (see also \secref{sec:begin-thy}).
   7.816 +  
   7.817 +  \item [\hyperlink{command.ML}{\mbox{\isa{\isacommand{ML}}}}~\isa{{\isachardoublequote}text{\isachardoublequote}}] is similar to \hyperlink{command.use}{\mbox{\isa{\isacommand{use}}}}, but executes ML commands directly from the given \isa{{\isachardoublequote}text{\isachardoublequote}}.
   7.818 +
   7.819 +  \item [\hyperlink{command.ML-val}{\mbox{\isa{\isacommand{ML{\isacharunderscore}val}}}} and \hyperlink{command.ML-command}{\mbox{\isa{\isacommand{ML{\isacharunderscore}command}}}}] are
   7.820 +  diagnostic versions of \hyperlink{command.ML}{\mbox{\isa{\isacommand{ML}}}}, which means that the context
   7.821 +  may not be updated.  \hyperlink{command.ML-val}{\mbox{\isa{\isacommand{ML{\isacharunderscore}val}}}} echos the bindings produced
   7.822 +  at the ML toplevel, but \hyperlink{command.ML-command}{\mbox{\isa{\isacommand{ML{\isacharunderscore}command}}}} is silent.
   7.823 +  
   7.824 +  \item [\hyperlink{command.setup}{\mbox{\isa{\isacommand{setup}}}}~\isa{{\isachardoublequote}text{\isachardoublequote}}] changes the current theory
   7.825 +  context by applying \isa{{\isachardoublequote}text{\isachardoublequote}}, which refers to an ML expression
   7.826 +  of type \verb|"theory -> theory"|.  This enables to initialize
   7.827 +  any object-logic specific tools and packages written in ML, for
   7.828 +  example.
   7.829 +  
   7.830 +  \item [\hyperlink{command.method-setup}{\mbox{\isa{\isacommand{method{\isacharunderscore}setup}}}}~\isa{{\isachardoublequote}name\ {\isacharequal}\ text\ description{\isachardoublequote}}]
   7.831 +  defines a proof method in the current theory.  The given \isa{{\isachardoublequote}text{\isachardoublequote}} has to be an ML expression of type \verb|"Args.src ->|\isasep\isanewline%
   7.832 +\verb|  Proof.context -> Proof.method"|.  Parsing concrete method syntax
   7.833 +  from \verb|Args.src| input can be quite tedious in general.  The
   7.834 +  following simple examples are for methods without any explicit
   7.835 +  arguments, or a list of theorems, respectively.
   7.836 +
   7.837 +%FIXME proper antiquotations
   7.838 +{\footnotesize
   7.839 +\begin{verbatim}
   7.840 + Method.no_args (Method.METHOD (fn facts => foobar_tac))
   7.841 + Method.thms_args (fn thms => Method.METHOD (fn facts => foobar_tac))
   7.842 + Method.ctxt_args (fn ctxt => Method.METHOD (fn facts => foobar_tac))
   7.843 + Method.thms_ctxt_args (fn thms => fn ctxt =>
   7.844 +    Method.METHOD (fn facts => foobar_tac))
   7.845 +\end{verbatim}
   7.846 +}
   7.847 +
   7.848 +  Note that mere tactic emulations may ignore the \isa{facts}
   7.849 +  parameter above.  Proper proof methods would do something
   7.850 +  appropriate with the list of current facts, though.  Single-rule
   7.851 +  methods usually do strict forward-chaining (e.g.\ by using \verb|Drule.multi_resolves|), while automatic ones just insert the facts
   7.852 +  using \verb|Method.insert_tac| before applying the main tactic.
   7.853 +
   7.854 +  \end{descr}%
   7.855 +\end{isamarkuptext}%
   7.856 +\isamarkuptrue%
   7.857 +%
   7.858 +\isamarkupsection{Primitive specification elements%
   7.859 +}
   7.860 +\isamarkuptrue%
   7.861 +%
   7.862 +\isamarkupsubsection{Type classes and sorts \label{sec:classes}%
   7.863 +}
   7.864 +\isamarkuptrue%
   7.865 +%
   7.866 +\begin{isamarkuptext}%
   7.867 +\begin{matharray}{rcll}
   7.868 +    \indexdef{}{command}{classes}\hypertarget{command.classes}{\hyperlink{command.classes}{\mbox{\isa{\isacommand{classes}}}}} & : & \isartrans{theory}{theory} \\
   7.869 +    \indexdef{}{command}{classrel}\hypertarget{command.classrel}{\hyperlink{command.classrel}{\mbox{\isa{\isacommand{classrel}}}}} & : & \isartrans{theory}{theory} & (axiomatic!) \\
   7.870 +    \indexdef{}{command}{defaultsort}\hypertarget{command.defaultsort}{\hyperlink{command.defaultsort}{\mbox{\isa{\isacommand{defaultsort}}}}} & : & \isartrans{theory}{theory} \\
   7.871 +    \indexdef{}{command}{class\_deps}\hypertarget{command.class-deps}{\hyperlink{command.class-deps}{\mbox{\isa{\isacommand{class{\isacharunderscore}deps}}}}} & : & \isarkeep{theory~|~proof} \\
   7.872 +  \end{matharray}
   7.873 +
   7.874 +  \begin{rail}
   7.875 +    'classes' (classdecl +)
   7.876 +    ;
   7.877 +    'classrel' (nameref ('<' | subseteq) nameref + 'and')
   7.878 +    ;
   7.879 +    'defaultsort' sort
   7.880 +    ;
   7.881 +  \end{rail}
   7.882 +
   7.883 +  \begin{descr}
   7.884 +
   7.885 +  \item [\hyperlink{command.classes}{\mbox{\isa{\isacommand{classes}}}}~\isa{{\isachardoublequote}c\ {\isasymsubseteq}\ c\isactrlsub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ c\isactrlsub n{\isachardoublequote}}]
   7.886 +  declares class \isa{c} to be a subclass of existing classes \isa{{\isachardoublequote}c\isactrlsub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ c\isactrlsub n{\isachardoublequote}}.  Cyclic class structures are not permitted.
   7.887 +
   7.888 +  \item [\hyperlink{command.classrel}{\mbox{\isa{\isacommand{classrel}}}}~\isa{{\isachardoublequote}c\isactrlsub {\isadigit{1}}\ {\isasymsubseteq}\ c\isactrlsub {\isadigit{2}}{\isachardoublequote}}] states
   7.889 +  subclass relations between existing classes \isa{{\isachardoublequote}c\isactrlsub {\isadigit{1}}{\isachardoublequote}} and
   7.890 +  \isa{{\isachardoublequote}c\isactrlsub {\isadigit{2}}{\isachardoublequote}}.  This is done axiomatically!  The \indexref{}{command}{instance}\hyperlink{command.instance}{\mbox{\isa{\isacommand{instance}}}} command (see \secref{sec:axclass}) provides a way to
   7.891 +  introduce proven class relations.
   7.892 +
   7.893 +  \item [\hyperlink{command.defaultsort}{\mbox{\isa{\isacommand{defaultsort}}}}~\isa{s}] makes sort \isa{s} the
   7.894 +  new default sort for any type variables given without sort
   7.895 +  constraints.  Usually, the default sort would be only changed when
   7.896 +  defining a new object-logic.
   7.897 +
   7.898 +  \item [\hyperlink{command.class-deps}{\mbox{\isa{\isacommand{class{\isacharunderscore}deps}}}}] visualizes the subclass relation,
   7.899 +  using Isabelle's graph browser tool (see also \cite{isabelle-sys}).
   7.900 +
   7.901 +  \end{descr}%
   7.902 +\end{isamarkuptext}%
   7.903 +\isamarkuptrue%
   7.904 +%
   7.905 +\isamarkupsubsection{Types and type abbreviations \label{sec:types-pure}%
   7.906 +}
   7.907 +\isamarkuptrue%
   7.908 +%
   7.909 +\begin{isamarkuptext}%
   7.910 +\begin{matharray}{rcll}
   7.911 +    \indexdef{}{command}{types}\hypertarget{command.types}{\hyperlink{command.types}{\mbox{\isa{\isacommand{types}}}}} & : & \isartrans{theory}{theory} \\
   7.912 +    \indexdef{}{command}{typedecl}\hypertarget{command.typedecl}{\hyperlink{command.typedecl}{\mbox{\isa{\isacommand{typedecl}}}}} & : & \isartrans{theory}{theory} \\
   7.913 +    \indexdef{}{command}{nonterminals}\hypertarget{command.nonterminals}{\hyperlink{command.nonterminals}{\mbox{\isa{\isacommand{nonterminals}}}}} & : & \isartrans{theory}{theory} \\
   7.914 +    \indexdef{}{command}{arities}\hypertarget{command.arities}{\hyperlink{command.arities}{\mbox{\isa{\isacommand{arities}}}}} & : & \isartrans{theory}{theory} & (axiomatic!) \\
   7.915 +  \end{matharray}
   7.916 +
   7.917 +  \begin{rail}
   7.918 +    'types' (typespec '=' type infix? +)
   7.919 +    ;
   7.920 +    'typedecl' typespec infix?
   7.921 +    ;
   7.922 +    'nonterminals' (name +)
   7.923 +    ;
   7.924 +    'arities' (nameref '::' arity +)
   7.925 +    ;
   7.926 +  \end{rail}
   7.927 +
   7.928 +  \begin{descr}
   7.929 +
   7.930 +  \item [\hyperlink{command.types}{\mbox{\isa{\isacommand{types}}}}~\isa{{\isachardoublequote}{\isacharparenleft}{\isasymalpha}\isactrlsub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ {\isasymalpha}\isactrlsub n{\isacharparenright}\ t\ {\isacharequal}\ {\isasymtau}{\isachardoublequote}}]
   7.931 +  introduces \emph{type synonym} \isa{{\isachardoublequote}{\isacharparenleft}{\isasymalpha}\isactrlsub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ {\isasymalpha}\isactrlsub n{\isacharparenright}\ t{\isachardoublequote}}
   7.932 +  for existing type \isa{{\isachardoublequote}{\isasymtau}{\isachardoublequote}}.  Unlike actual type definitions, as
   7.933 +  are available in Isabelle/HOL for example, type synonyms are just
   7.934 +  purely syntactic abbreviations without any logical significance.
   7.935 +  Internally, type synonyms are fully expanded.
   7.936 +  
   7.937 +  \item [\hyperlink{command.typedecl}{\mbox{\isa{\isacommand{typedecl}}}}~\isa{{\isachardoublequote}{\isacharparenleft}{\isasymalpha}\isactrlsub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ {\isasymalpha}\isactrlsub n{\isacharparenright}\ t{\isachardoublequote}}]
   7.938 +  declares a new type constructor \isa{t}, intended as an actual
   7.939 +  logical type (of the object-logic, if available).
   7.940 +
   7.941 +  \item [\hyperlink{command.nonterminals}{\mbox{\isa{\isacommand{nonterminals}}}}~\isa{c}] declares type
   7.942 +  constructors \isa{c} (without arguments) to act as purely
   7.943 +  syntactic types, i.e.\ nonterminal symbols of Isabelle's inner
   7.944 +  syntax of terms or types.
   7.945 +
   7.946 +  \item [\hyperlink{command.arities}{\mbox{\isa{\isacommand{arities}}}}~\isa{{\isachardoublequote}t\ {\isacharcolon}{\isacharcolon}\ {\isacharparenleft}s\isactrlsub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ s\isactrlsub n{\isacharparenright}\ s{\isachardoublequote}}] augments Isabelle's order-sorted signature of types by new type
   7.947 +  constructor arities.  This is done axiomatically!  The \indexref{}{command}{instance}\hyperlink{command.instance}{\mbox{\isa{\isacommand{instance}}}} command (see \S\ref{sec:axclass}) provides a way to
   7.948 +  introduce proven type arities.
   7.949 +
   7.950 +  \end{descr}%
   7.951 +\end{isamarkuptext}%
   7.952 +\isamarkuptrue%
   7.953 +%
   7.954 +\isamarkupsubsection{Constants and definitions \label{sec:consts}%
   7.955 +}
   7.956 +\isamarkuptrue%
   7.957 +%
   7.958 +\begin{isamarkuptext}%
   7.959 +Definitions essentially express abbreviations within the logic.  The
   7.960 +  simplest form of a definition is \isa{{\isachardoublequote}c\ {\isacharcolon}{\isacharcolon}\ {\isasymsigma}\ {\isasymequiv}\ t{\isachardoublequote}}, where \isa{c} is a newly declared constant.  Isabelle also allows derived forms
   7.961 +  where the arguments of \isa{c} appear on the left, abbreviating a
   7.962 +  prefix of \isa{{\isasymlambda}}-abstractions, e.g.\ \isa{{\isachardoublequote}c\ {\isasymequiv}\ {\isasymlambda}x\ y{\isachardot}\ t{\isachardoublequote}} may be
   7.963 +  written more conveniently as \isa{{\isachardoublequote}c\ x\ y\ {\isasymequiv}\ t{\isachardoublequote}}.  Moreover,
   7.964 +  definitions may be weakened by adding arbitrary pre-conditions:
   7.965 +  \isa{{\isachardoublequote}A\ {\isasymLongrightarrow}\ c\ x\ y\ {\isasymequiv}\ t{\isachardoublequote}}.
   7.966 +
   7.967 +  \medskip The built-in well-formedness conditions for definitional
   7.968 +  specifications are:
   7.969 +
   7.970 +  \begin{itemize}
   7.971 +
   7.972 +  \item Arguments (on the left-hand side) must be distinct variables.
   7.973 +
   7.974 +  \item All variables on the right-hand side must also appear on the
   7.975 +  left-hand side.
   7.976 +
   7.977 +  \item All type variables on the right-hand side must also appear on
   7.978 +  the left-hand side; this prohibits \isa{{\isachardoublequote}{\isadigit{0}}\ {\isacharcolon}{\isacharcolon}\ nat\ {\isasymequiv}\ length\ {\isacharparenleft}{\isacharbrackleft}{\isacharbrackright}\ {\isacharcolon}{\isacharcolon}\ {\isasymalpha}\ list{\isacharparenright}{\isachardoublequote}} for example.
   7.979 +
   7.980 +  \item The definition must not be recursive.  Most object-logics
   7.981 +  provide definitional principles that can be used to express
   7.982 +  recursion safely.
   7.983 +
   7.984 +  \end{itemize}
   7.985 +
   7.986 +  Overloading means that a constant being declared as \isa{{\isachardoublequote}c\ {\isacharcolon}{\isacharcolon}\ {\isasymalpha}\ decl{\isachardoublequote}} may be defined separately on type instances \isa{{\isachardoublequote}c\ {\isacharcolon}{\isacharcolon}\ {\isacharparenleft}{\isasymbeta}\isactrlsub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ {\isasymbeta}\isactrlsub n{\isacharparenright}\ t\ decl{\isachardoublequote}} for each type constructor \isa{t}.  The right-hand side may mention overloaded constants
   7.987 +  recursively at type instances corresponding to the immediate
   7.988 +  argument types \isa{{\isachardoublequote}{\isasymbeta}\isactrlsub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ {\isasymbeta}\isactrlsub n{\isachardoublequote}}.  Incomplete
   7.989 +  specification patterns impose global constraints on all occurrences,
   7.990 +  e.g.\ \isa{{\isachardoublequote}d\ {\isacharcolon}{\isacharcolon}\ {\isasymalpha}\ {\isasymtimes}\ {\isasymalpha}{\isachardoublequote}} on the left-hand side means that all
   7.991 +  corresponding occurrences on some right-hand side need to be an
   7.992 +  instance of this, general \isa{{\isachardoublequote}d\ {\isacharcolon}{\isacharcolon}\ {\isasymalpha}\ {\isasymtimes}\ {\isasymbeta}{\isachardoublequote}} will be disallowed.
   7.993 +
   7.994 +  \begin{matharray}{rcl}
   7.995 +    \indexdef{}{command}{consts}\hypertarget{command.consts}{\hyperlink{command.consts}{\mbox{\isa{\isacommand{consts}}}}} & : & \isartrans{theory}{theory} \\
   7.996 +    \indexdef{}{command}{defs}\hypertarget{command.defs}{\hyperlink{command.defs}{\mbox{\isa{\isacommand{defs}}}}} & : & \isartrans{theory}{theory} \\
   7.997 +    \indexdef{}{command}{constdefs}\hypertarget{command.constdefs}{\hyperlink{command.constdefs}{\mbox{\isa{\isacommand{constdefs}}}}} & : & \isartrans{theory}{theory} \\
   7.998 +  \end{matharray}
   7.999 +
  7.1000 +  \begin{rail}
  7.1001 +    'consts' ((name '::' type mixfix?) +)
  7.1002 +    ;
  7.1003 +    'defs' ('(' 'unchecked'? 'overloaded'? ')')? \\ (axmdecl prop +)
  7.1004 +    ;
  7.1005 +  \end{rail}
  7.1006 +
  7.1007 +  \begin{rail}
  7.1008 +    'constdefs' structs? (constdecl? constdef +)
  7.1009 +    ;
  7.1010 +
  7.1011 +    structs: '(' 'structure' (vars + 'and') ')'
  7.1012 +    ;
  7.1013 +    constdecl:  ((name '::' type mixfix | name '::' type | name mixfix) 'where'?) | name 'where'
  7.1014 +    ;
  7.1015 +    constdef: thmdecl? prop
  7.1016 +    ;
  7.1017 +  \end{rail}
  7.1018 +
  7.1019 +  \begin{descr}
  7.1020 +
  7.1021 +  \item [\hyperlink{command.consts}{\mbox{\isa{\isacommand{consts}}}}~\isa{{\isachardoublequote}c\ {\isacharcolon}{\isacharcolon}\ {\isasymsigma}{\isachardoublequote}}] declares constant
  7.1022 +  \isa{c} to have any instance of type scheme \isa{{\isasymsigma}}.  The
  7.1023 +  optional mixfix annotations may attach concrete syntax to the
  7.1024 +  constants declared.
  7.1025 +  
  7.1026 +  \item [\hyperlink{command.defs}{\mbox{\isa{\isacommand{defs}}}}~\isa{{\isachardoublequote}name{\isacharcolon}\ eqn{\isachardoublequote}}] introduces \isa{eqn}
  7.1027 +  as a definitional axiom for some existing constant.
  7.1028 +  
  7.1029 +  The \isa{{\isachardoublequote}{\isacharparenleft}unchecked{\isacharparenright}{\isachardoublequote}} option disables global dependency checks
  7.1030 +  for this definition, which is occasionally useful for exotic
  7.1031 +  overloading.  It is at the discretion of the user to avoid malformed
  7.1032 +  theory specifications!
  7.1033 +  
  7.1034 +  The \isa{{\isachardoublequote}{\isacharparenleft}overloaded{\isacharparenright}{\isachardoublequote}} option declares definitions to be
  7.1035 +  potentially overloaded.  Unless this option is given, a warning
  7.1036 +  message would be issued for any definitional equation with a more
  7.1037 +  special type than that of the corresponding constant declaration.
  7.1038 +  
  7.1039 +  \item [\hyperlink{command.constdefs}{\mbox{\isa{\isacommand{constdefs}}}}] provides a streamlined combination of
  7.1040 +  constants declarations and definitions: type-inference takes care of
  7.1041 +  the most general typing of the given specification (the optional
  7.1042 +  type constraint may refer to type-inference dummies ``\isa{{\isacharunderscore}}'' as usual).  The resulting type declaration needs to agree with
  7.1043 +  that of the specification; overloading is \emph{not} supported here!
  7.1044 +  
  7.1045 +  The constant name may be omitted altogether, if neither type nor
  7.1046 +  syntax declarations are given.  The canonical name of the
  7.1047 +  definitional axiom for constant \isa{c} will be \isa{c{\isacharunderscore}def},
  7.1048 +  unless specified otherwise.  Also note that the given list of
  7.1049 +  specifications is processed in a strictly sequential manner, with
  7.1050 +  type-checking being performed independently.
  7.1051 +  
  7.1052 +  An optional initial context of \isa{{\isachardoublequote}{\isacharparenleft}structure{\isacharparenright}{\isachardoublequote}} declarations
  7.1053 +  admits use of indexed syntax, using the special symbol \verb|\<index>| (printed as ``\isa{{\isachardoublequote}{\isasymindex}{\isachardoublequote}}'').  The latter concept is
  7.1054 +  particularly useful with locales (see also \S\ref{sec:locale}).
  7.1055 +
  7.1056 +  \end{descr}%
  7.1057 +\end{isamarkuptext}%
  7.1058 +\isamarkuptrue%
  7.1059 +%
  7.1060 +\isamarkupsection{Axioms and theorems \label{sec:axms-thms}%
  7.1061 +}
  7.1062 +\isamarkuptrue%
  7.1063 +%
  7.1064 +\begin{isamarkuptext}%
  7.1065 +\begin{matharray}{rcll}
  7.1066 +    \indexdef{}{command}{axioms}\hypertarget{command.axioms}{\hyperlink{command.axioms}{\mbox{\isa{\isacommand{axioms}}}}} & : & \isartrans{theory}{theory} & (axiomatic!) \\
  7.1067 +    \indexdef{}{command}{lemmas}\hypertarget{command.lemmas}{\hyperlink{command.lemmas}{\mbox{\isa{\isacommand{lemmas}}}}} & : & \isarkeep{local{\dsh}theory} \\
  7.1068 +    \indexdef{}{command}{theorems}\hypertarget{command.theorems}{\hyperlink{command.theorems}{\mbox{\isa{\isacommand{theorems}}}}} & : & isarkeep{local{\dsh}theory} \\
  7.1069 +  \end{matharray}
  7.1070 +
  7.1071 +  \begin{rail}
  7.1072 +    'axioms' (axmdecl prop +)
  7.1073 +    ;
  7.1074 +    ('lemmas' | 'theorems') target? (thmdef? thmrefs + 'and')
  7.1075 +    ;
  7.1076 +  \end{rail}
  7.1077 +
  7.1078 +  \begin{descr}
  7.1079 +  
  7.1080 +  \item [\hyperlink{command.axioms}{\mbox{\isa{\isacommand{axioms}}}}~\isa{{\isachardoublequote}a{\isacharcolon}\ {\isasymphi}{\isachardoublequote}}] introduces arbitrary
  7.1081 +  statements as axioms of the meta-logic.  In fact, axioms are
  7.1082 +  ``axiomatic theorems'', and may be referred later just as any other
  7.1083 +  theorem.
  7.1084 +  
  7.1085 +  Axioms are usually only introduced when declaring new logical
  7.1086 +  systems.  Everyday work is typically done the hard way, with proper
  7.1087 +  definitions and proven theorems.
  7.1088 +  
  7.1089 +  \item [\hyperlink{command.lemmas}{\mbox{\isa{\isacommand{lemmas}}}}~\isa{{\isachardoublequote}a\ {\isacharequal}\ b\isactrlsub {\isadigit{1}}\ {\isasymdots}\ b\isactrlsub n{\isachardoublequote}}]
  7.1090 +  retrieves and stores existing facts in the theory context, or the
  7.1091 +  specified target context (see also \secref{sec:target}).  Typical
  7.1092 +  applications would also involve attributes, to declare Simplifier
  7.1093 +  rules, for example.
  7.1094 +  
  7.1095 +  \item [\hyperlink{command.theorems}{\mbox{\isa{\isacommand{theorems}}}}] is essentially the same as \hyperlink{command.lemmas}{\mbox{\isa{\isacommand{lemmas}}}}, but marks the result as a different kind of facts.
  7.1096 +
  7.1097 +  \end{descr}%
  7.1098 +\end{isamarkuptext}%
  7.1099 +\isamarkuptrue%
  7.1100 +%
  7.1101 +\isamarkupsection{Oracles%
  7.1102 +}
  7.1103 +\isamarkuptrue%
  7.1104 +%
  7.1105 +\begin{isamarkuptext}%
  7.1106 +\begin{matharray}{rcl}
  7.1107 +    \indexdef{}{command}{oracle}\hypertarget{command.oracle}{\hyperlink{command.oracle}{\mbox{\isa{\isacommand{oracle}}}}} & : & \isartrans{theory}{theory} \\
  7.1108 +  \end{matharray}
  7.1109 +
  7.1110 +  The oracle interface promotes a given ML function \verb|theory -> T -> term| to \verb|theory -> T -> thm|, for some
  7.1111 +  type \verb|T| given by the user.  This acts like an infinitary
  7.1112 +  specification of axioms -- there is no internal check of the
  7.1113 +  correctness of the results!  The inference kernel records oracle
  7.1114 +  invocations within the internal derivation object of theorems, and
  7.1115 +  the pretty printer attaches ``\isa{{\isachardoublequote}{\isacharbrackleft}{\isacharbang}{\isacharbrackright}{\isachardoublequote}}'' to indicate results
  7.1116 +  that are not fully checked by Isabelle inferences.
  7.1117 +
  7.1118 +  \begin{rail}
  7.1119 +    'oracle' name '(' type ')' '=' text
  7.1120 +    ;
  7.1121 +  \end{rail}
  7.1122 +
  7.1123 +  \begin{descr}
  7.1124 +
  7.1125 +  \item [\hyperlink{command.oracle}{\mbox{\isa{\isacommand{oracle}}}}~\isa{{\isachardoublequote}name\ {\isacharparenleft}type{\isacharparenright}\ {\isacharequal}\ text{\isachardoublequote}}] turns the
  7.1126 +  given ML expression \isa{{\isachardoublequote}text{\isachardoublequote}} of type
  7.1127 +  \verb|theory ->|~\isa{{\isachardoublequote}type{\isachardoublequote}}~\verb|-> term| into an
  7.1128 +  ML function of type
  7.1129 +  \verb|theory ->|~\isa{{\isachardoublequote}type{\isachardoublequote}}~\verb|-> thm|, which is
  7.1130 +  bound to the global identifier \verb|name|.
  7.1131 +
  7.1132 +  \end{descr}%
  7.1133 +\end{isamarkuptext}%
  7.1134 +\isamarkuptrue%
  7.1135 +%
  7.1136 +\isamarkupsection{Name spaces%
  7.1137 +}
  7.1138 +\isamarkuptrue%
  7.1139 +%
  7.1140 +\begin{isamarkuptext}%
  7.1141 +\begin{matharray}{rcl}
  7.1142 +    \indexdef{}{command}{global}\hypertarget{command.global}{\hyperlink{command.global}{\mbox{\isa{\isacommand{global}}}}} & : & \isartrans{theory}{theory} \\
  7.1143 +    \indexdef{}{command}{local}\hypertarget{command.local}{\hyperlink{command.local}{\mbox{\isa{\isacommand{local}}}}} & : & \isartrans{theory}{theory} \\
  7.1144 +    \indexdef{}{command}{hide}\hypertarget{command.hide}{\hyperlink{command.hide}{\mbox{\isa{\isacommand{hide}}}}} & : & \isartrans{theory}{theory} \\
  7.1145 +  \end{matharray}
  7.1146 +
  7.1147 +  \begin{rail}
  7.1148 +    'hide' ('(open)')? name (nameref + )
  7.1149 +    ;
  7.1150 +  \end{rail}
  7.1151 +
  7.1152 +  Isabelle organizes any kind of name declarations (of types,
  7.1153 +  constants, theorems etc.) by separate hierarchically structured name
  7.1154 +  spaces.  Normally the user does not have to control the behavior of
  7.1155 +  name spaces by hand, yet the following commands provide some way to
  7.1156 +  do so.
  7.1157 +
  7.1158 +  \begin{descr}
  7.1159 +
  7.1160 +  \item [\hyperlink{command.global}{\mbox{\isa{\isacommand{global}}}} and \hyperlink{command.local}{\mbox{\isa{\isacommand{local}}}}] change the
  7.1161 +  current name declaration mode.  Initially, theories start in
  7.1162 +  \hyperlink{command.local}{\mbox{\isa{\isacommand{local}}}} mode, causing all names to be automatically
  7.1163 +  qualified by the theory name.  Changing this to \hyperlink{command.global}{\mbox{\isa{\isacommand{global}}}}
  7.1164 +  causes all names to be declared without the theory prefix, until
  7.1165 +  \hyperlink{command.local}{\mbox{\isa{\isacommand{local}}}} is declared again.
  7.1166 +  
  7.1167 +  Note that global names are prone to get hidden accidently later,
  7.1168 +  when qualified names of the same base name are introduced.
  7.1169 +  
  7.1170 +  \item [\hyperlink{command.hide}{\mbox{\isa{\isacommand{hide}}}}~\isa{{\isachardoublequote}space\ names{\isachardoublequote}}] fully removes
  7.1171 +  declarations from a given name space (which may be \isa{{\isachardoublequote}class{\isachardoublequote}},
  7.1172 +  \isa{{\isachardoublequote}type{\isachardoublequote}}, \isa{{\isachardoublequote}const{\isachardoublequote}}, or \isa{{\isachardoublequote}fact{\isachardoublequote}}); with the \isa{{\isachardoublequote}{\isacharparenleft}open{\isacharparenright}{\isachardoublequote}} option, only the base name is hidden.  Global
  7.1173 +  (unqualified) names may never be hidden.
  7.1174 +  
  7.1175 +  Note that hiding name space accesses has no impact on logical
  7.1176 +  declarations -- they remain valid internally.  Entities that are no
  7.1177 +  longer accessible to the user are printed with the special qualifier
  7.1178 +  ``\isa{{\isachardoublequote}{\isacharquery}{\isacharquery}{\isachardoublequote}}'' prefixed to the full internal name.
  7.1179 +
  7.1180 +  \end{descr}%
  7.1181 +\end{isamarkuptext}%
  7.1182 +\isamarkuptrue%
  7.1183 +%
  7.1184 +\isamarkupsection{Syntax and translations \label{sec:syn-trans}%
  7.1185 +}
  7.1186 +\isamarkuptrue%
  7.1187 +%
  7.1188 +\begin{isamarkuptext}%
  7.1189 +\begin{matharray}{rcl}
  7.1190 +    \indexdef{}{command}{syntax}\hypertarget{command.syntax}{\hyperlink{command.syntax}{\mbox{\isa{\isacommand{syntax}}}}} & : & \isartrans{theory}{theory} \\
  7.1191 +    \indexdef{}{command}{no\_syntax}\hypertarget{command.no-syntax}{\hyperlink{command.no-syntax}{\mbox{\isa{\isacommand{no{\isacharunderscore}syntax}}}}} & : & \isartrans{theory}{theory} \\
  7.1192 +    \indexdef{}{command}{translations}\hypertarget{command.translations}{\hyperlink{command.translations}{\mbox{\isa{\isacommand{translations}}}}} & : & \isartrans{theory}{theory} \\
  7.1193 +    \indexdef{}{command}{no\_translations}\hypertarget{command.no-translations}{\hyperlink{command.no-translations}{\mbox{\isa{\isacommand{no{\isacharunderscore}translations}}}}} & : & \isartrans{theory}{theory} \\
  7.1194 +  \end{matharray}
  7.1195 +
  7.1196 +  \begin{rail}
  7.1197 +    ('syntax' | 'no\_syntax') mode? (constdecl +)
  7.1198 +    ;
  7.1199 +    ('translations' | 'no\_translations') (transpat ('==' | '=>' | '<=' | rightleftharpoons | rightharpoonup | leftharpoondown) transpat +)
  7.1200 +    ;
  7.1201 +
  7.1202 +    mode: ('(' ( name | 'output' | name 'output' ) ')')
  7.1203 +    ;
  7.1204 +    transpat: ('(' nameref ')')? string
  7.1205 +    ;
  7.1206 +  \end{rail}
  7.1207 +
  7.1208 +  \begin{descr}
  7.1209 +  
  7.1210 +  \item [\hyperlink{command.syntax}{\mbox{\isa{\isacommand{syntax}}}}~\isa{{\isachardoublequote}{\isacharparenleft}mode{\isacharparenright}\ decls{\isachardoublequote}}] is similar to
  7.1211 +  \hyperlink{command.consts}{\mbox{\isa{\isacommand{consts}}}}~\isa{decls}, except that the actual logical
  7.1212 +  signature extension is omitted.  Thus the context free grammar of
  7.1213 +  Isabelle's inner syntax may be augmented in arbitrary ways,
  7.1214 +  independently of the logic.  The \isa{mode} argument refers to the
  7.1215 +  print mode that the grammar rules belong; unless the \indexref{}{keyword}{output}\hyperlink{keyword.output}{\mbox{\isa{\isakeyword{output}}}} indicator is given, all productions are added both to the
  7.1216 +  input and output grammar.
  7.1217 +  
  7.1218 +  \item [\hyperlink{command.no-syntax}{\mbox{\isa{\isacommand{no{\isacharunderscore}syntax}}}}~\isa{{\isachardoublequote}{\isacharparenleft}mode{\isacharparenright}\ decls{\isachardoublequote}}] removes
  7.1219 +  grammar declarations (and translations) resulting from \isa{decls}, which are interpreted in the same manner as for \hyperlink{command.syntax}{\mbox{\isa{\isacommand{syntax}}}} above.
  7.1220 +  
  7.1221 +  \item [\hyperlink{command.translations}{\mbox{\isa{\isacommand{translations}}}}~\isa{rules}] specifies syntactic
  7.1222 +  translation rules (i.e.\ macros): parse~/ print rules (\isa{{\isachardoublequote}{\isasymrightleftharpoons}{\isachardoublequote}}),
  7.1223 +  parse rules (\isa{{\isachardoublequote}{\isasymrightharpoonup}{\isachardoublequote}}), or print rules (\isa{{\isachardoublequote}{\isasymleftharpoondown}{\isachardoublequote}}).
  7.1224 +  Translation patterns may be prefixed by the syntactic category to be
  7.1225 +  used for parsing; the default is \isa{logic}.
  7.1226 +  
  7.1227 +  \item [\hyperlink{command.no-translations}{\mbox{\isa{\isacommand{no{\isacharunderscore}translations}}}}~\isa{rules}] removes syntactic
  7.1228 +  translation rules, which are interpreted in the same manner as for
  7.1229 +  \hyperlink{command.translations}{\mbox{\isa{\isacommand{translations}}}} above.
  7.1230 +
  7.1231 +  \end{descr}%
  7.1232 +\end{isamarkuptext}%
  7.1233 +\isamarkuptrue%
  7.1234 +%
  7.1235 +\isamarkupsection{Syntax translation functions%
  7.1236 +}
  7.1237 +\isamarkuptrue%
  7.1238 +%
  7.1239 +\begin{isamarkuptext}%
  7.1240 +\begin{matharray}{rcl}
  7.1241 +    \indexdef{}{command}{parse\_ast\_translation}\hypertarget{command.parse-ast-translation}{\hyperlink{command.parse-ast-translation}{\mbox{\isa{\isacommand{parse{\isacharunderscore}ast{\isacharunderscore}translation}}}}} & : & \isartrans{theory}{theory} \\
  7.1242 +    \indexdef{}{command}{parse\_translation}\hypertarget{command.parse-translation}{\hyperlink{command.parse-translation}{\mbox{\isa{\isacommand{parse{\isacharunderscore}translation}}}}} & : & \isartrans{theory}{theory} \\
  7.1243 +    \indexdef{}{command}{print\_translation}\hypertarget{command.print-translation}{\hyperlink{command.print-translation}{\mbox{\isa{\isacommand{print{\isacharunderscore}translation}}}}} & : & \isartrans{theory}{theory} \\
  7.1244 +    \indexdef{}{command}{typed\_print\_translation}\hypertarget{command.typed-print-translation}{\hyperlink{command.typed-print-translation}{\mbox{\isa{\isacommand{typed{\isacharunderscore}print{\isacharunderscore}translation}}}}} & : & \isartrans{theory}{theory} \\
  7.1245 +    \indexdef{}{command}{print\_ast\_translation}\hypertarget{command.print-ast-translation}{\hyperlink{command.print-ast-translation}{\mbox{\isa{\isacommand{print{\isacharunderscore}ast{\isacharunderscore}translation}}}}} & : & \isartrans{theory}{theory} \\
  7.1246 +    \indexdef{}{command}{token\_translation}\hypertarget{command.token-translation}{\hyperlink{command.token-translation}{\mbox{\isa{\isacommand{token{\isacharunderscore}translation}}}}} & : & \isartrans{theory}{theory} \\
  7.1247 +  \end{matharray}
  7.1248 +
  7.1249 +  \begin{rail}
  7.1250 +  ( 'parse\_ast\_translation' | 'parse\_translation' | 'print\_translation' |
  7.1251 +    'typed\_print\_translation' | 'print\_ast\_translation' ) ('(advanced)')? text
  7.1252 +  ;
  7.1253 +
  7.1254 +  'token\_translation' text
  7.1255 +  ;
  7.1256 +  \end{rail}
  7.1257 +
  7.1258 +  Syntax translation functions written in ML admit almost arbitrary
  7.1259 +  manipulations of Isabelle's inner syntax.  Any of the above commands
  7.1260 +  have a single \railqtok{text} argument that refers to an ML
  7.1261 +  expression of appropriate type, which are as follows by default:
  7.1262 +
  7.1263 +%FIXME proper antiquotations
  7.1264 +\begin{ttbox}
  7.1265 +val parse_ast_translation   : (string * (ast list -> ast)) list
  7.1266 +val parse_translation       : (string * (term list -> term)) list
  7.1267 +val print_translation       : (string * (term list -> term)) list
  7.1268 +val typed_print_translation :
  7.1269 +  (string * (bool -> typ -> term list -> term)) list
  7.1270 +val print_ast_translation   : (string * (ast list -> ast)) list
  7.1271 +val token_translation       :
  7.1272 +  (string * string * (string -> string * real)) list
  7.1273 +\end{ttbox}
  7.1274 +
  7.1275 +  If the \isa{{\isachardoublequote}{\isacharparenleft}advanced{\isacharparenright}{\isachardoublequote}} option is given, the corresponding
  7.1276 +  translation functions may depend on the current theory or proof
  7.1277 +  context.  This allows to implement advanced syntax mechanisms, as
  7.1278 +  translations functions may refer to specific theory declarations or
  7.1279 +  auxiliary proof data.
  7.1280 +
  7.1281 +  See also \cite[\S8]{isabelle-ref} for more information on the
  7.1282 +  general concept of syntax transformations in Isabelle.
  7.1283 +
  7.1284 +%FIXME proper antiquotations
  7.1285 +\begin{ttbox}
  7.1286 +val parse_ast_translation:
  7.1287 +  (string * (Context.generic -> ast list -> ast)) list
  7.1288 +val parse_translation:
  7.1289 +  (string * (Context.generic -> term list -> term)) list
  7.1290 +val print_translation:
  7.1291 +  (string * (Context.generic -> term list -> term)) list
  7.1292 +val typed_print_translation:
  7.1293 +  (string * (Context.generic -> bool -> typ -> term list -> term)) list
  7.1294 +val print_ast_translation:
  7.1295 +  (string * (Context.generic -> ast list -> ast)) list
  7.1296 +\end{ttbox}%
  7.1297 +\end{isamarkuptext}%
  7.1298 +\isamarkuptrue%
  7.1299 +%
  7.1300  \isadelimtheory
  7.1301  %
  7.1302  \endisadelimtheory
     8.1 --- a/doc-src/IsarRef/Thy/document/pure.tex	Mon Jun 02 22:50:27 2008 +0200
     8.2 +++ b/doc-src/IsarRef/Thy/document/pure.tex	Mon Jun 02 22:50:29 2008 +0200
     8.3 @@ -24,629 +24,6 @@
     8.4  }
     8.5  \isamarkuptrue%
     8.6  %
     8.7 -\begin{isamarkuptext}%
     8.8 -Subsequently, we introduce the main part of Pure theory and proof
     8.9 -  commands, together with fundamental proof methods and attributes.
    8.10 -  \Chref{ch:gen-tools} describes further Isar elements provided by
    8.11 -  generic tools and packages (such as the Simplifier) that are either
    8.12 -  part of Pure Isabelle or pre-installed in most object logics.
    8.13 -  Specific language elements introduced by the major object-logics are
    8.14 -  described in \chref{ch:hol} (Isabelle/HOL), \chref{ch:holcf}
    8.15 -  (Isabelle/HOLCF), and \chref{ch:zf} (Isabelle/ZF).  Nevertheless,
    8.16 -  examples given in the generic parts will usually refer to
    8.17 -  Isabelle/HOL as well.
    8.18 -
    8.19 -  \medskip Isar commands may be either \emph{proper} document
    8.20 -  constructors, or \emph{improper commands}.  Some proof methods and
    8.21 -  attributes introduced later are classified as improper as well.
    8.22 -  Improper Isar language elements, which are subsequently marked by
    8.23 -  ``\isa{{\isachardoublequote}\isactrlsup {\isacharasterisk}{\isachardoublequote}}'', are often helpful when developing proof
    8.24 -  documents, while their use is discouraged for the final
    8.25 -  human-readable outcome.  Typical examples are diagnostic commands
    8.26 -  that print terms or theorems according to the current context; other
    8.27 -  commands emulate old-style tactical theorem proving.%
    8.28 -\end{isamarkuptext}%
    8.29 -\isamarkuptrue%
    8.30 -%
    8.31 -\isamarkupsection{Theory commands%
    8.32 -}
    8.33 -\isamarkuptrue%
    8.34 -%
    8.35 -\isamarkupsubsection{Markup commands \label{sec:markup-thy}%
    8.36 -}
    8.37 -\isamarkuptrue%
    8.38 -%
    8.39 -\begin{isamarkuptext}%
    8.40 -\begin{matharray}{rcl}
    8.41 -    \indexdef{}{command}{chapter}\hypertarget{command.chapter}{\hyperlink{command.chapter}{\mbox{\isa{\isacommand{chapter}}}}} & : & \isarkeep{local{\dsh}theory} \\
    8.42 -    \indexdef{}{command}{section}\hypertarget{command.section}{\hyperlink{command.section}{\mbox{\isa{\isacommand{section}}}}} & : & \isarkeep{local{\dsh}theory} \\
    8.43 -    \indexdef{}{command}{subsection}\hypertarget{command.subsection}{\hyperlink{command.subsection}{\mbox{\isa{\isacommand{subsection}}}}} & : & \isarkeep{local{\dsh}theory} \\
    8.44 -    \indexdef{}{command}{subsubsection}\hypertarget{command.subsubsection}{\hyperlink{command.subsubsection}{\mbox{\isa{\isacommand{subsubsection}}}}} & : & \isarkeep{local{\dsh}theory} \\
    8.45 -    \indexdef{}{command}{text}\hypertarget{command.text}{\hyperlink{command.text}{\mbox{\isa{\isacommand{text}}}}} & : & \isarkeep{local{\dsh}theory} \\
    8.46 -    \indexdef{}{command}{text\_raw}\hypertarget{command.text-raw}{\hyperlink{command.text-raw}{\mbox{\isa{\isacommand{text{\isacharunderscore}raw}}}}} & : & \isarkeep{local{\dsh}theory} \\
    8.47 -  \end{matharray}
    8.48 -
    8.49 -  Apart from formal comments (see \secref{sec:comments}), markup
    8.50 -  commands provide a structured way to insert text into the document
    8.51 -  generated from a theory (see \cite{isabelle-sys} for more
    8.52 -  information on Isabelle's document preparation tools).
    8.53 -
    8.54 -  \begin{rail}
    8.55 -    ('chapter' | 'section' | 'subsection' | 'subsubsection' | 'text') target? text
    8.56 -    ;
    8.57 -    'text\_raw' text
    8.58 -    ;
    8.59 -  \end{rail}
    8.60 -
    8.61 -  \begin{descr}
    8.62 -
    8.63 -  \item [\hyperlink{command.chapter}{\mbox{\isa{\isacommand{chapter}}}}, \hyperlink{command.section}{\mbox{\isa{\isacommand{section}}}}, \hyperlink{command.subsection}{\mbox{\isa{\isacommand{subsection}}}}, and \hyperlink{command.subsubsection}{\mbox{\isa{\isacommand{subsubsection}}}}] mark chapter and
    8.64 -  section headings.
    8.65 -
    8.66 -  \item [\hyperlink{command.text}{\mbox{\isa{\isacommand{text}}}}] specifies paragraphs of plain text.
    8.67 -
    8.68 -  \item [\hyperlink{command.text-raw}{\mbox{\isa{\isacommand{text{\isacharunderscore}raw}}}}] inserts {\LaTeX} source into the
    8.69 -  output, without additional markup.  Thus the full range of document
    8.70 -  manipulations becomes available.
    8.71 -
    8.72 -  \end{descr}
    8.73 -
    8.74 -  The \isa{{\isachardoublequote}text{\isachardoublequote}} argument of these markup commands (except for
    8.75 -  \hyperlink{command.text-raw}{\mbox{\isa{\isacommand{text{\isacharunderscore}raw}}}}) may contain references to formal entities
    8.76 -  (``antiquotations'', see also \secref{sec:antiq}).  These are
    8.77 -  interpreted in the present theory context, or the named \isa{{\isachardoublequote}target{\isachardoublequote}}.
    8.78 -
    8.79 -  Any of these markup elements corresponds to a {\LaTeX} command with
    8.80 -  the name prefixed by \verb|\isamarkup|.  For the sectioning
    8.81 -  commands this is a plain macro with a single argument, e.g.\
    8.82 -  \verb|\isamarkupchapter{|\isa{{\isachardoublequote}{\isasymdots}{\isachardoublequote}}\verb|}| for
    8.83 -  \hyperlink{command.chapter}{\mbox{\isa{\isacommand{chapter}}}}.  The \hyperlink{command.text}{\mbox{\isa{\isacommand{text}}}} markup results in a
    8.84 -  {\LaTeX} environment \verb|\begin{isamarkuptext}| \isa{{\isachardoublequote}{\isasymdots}{\isachardoublequote}} \verb|\end{isamarkuptext}|, while \hyperlink{command.text-raw}{\mbox{\isa{\isacommand{text{\isacharunderscore}raw}}}}
    8.85 -  causes the text to be inserted directly into the {\LaTeX} source.
    8.86 -
    8.87 -  \medskip Additional markup commands are available for proofs (see
    8.88 -  \secref{sec:markup-prf}).  Also note that the \indexref{}{command}{header}\hyperlink{command.header}{\mbox{\isa{\isacommand{header}}}} declaration (see \secref{sec:begin-thy}) admits to insert
    8.89 -  section markup just preceding the actual theory definition.%
    8.90 -\end{isamarkuptext}%
    8.91 -\isamarkuptrue%
    8.92 -%
    8.93 -\isamarkupsubsection{Type classes and sorts \label{sec:classes}%
    8.94 -}
    8.95 -\isamarkuptrue%
    8.96 -%
    8.97 -\begin{isamarkuptext}%
    8.98 -\begin{matharray}{rcll}
    8.99 -    \indexdef{}{command}{classes}\hypertarget{command.classes}{\hyperlink{command.classes}{\mbox{\isa{\isacommand{classes}}}}} & : & \isartrans{theory}{theory} \\
   8.100 -    \indexdef{}{command}{classrel}\hypertarget{command.classrel}{\hyperlink{command.classrel}{\mbox{\isa{\isacommand{classrel}}}}} & : & \isartrans{theory}{theory} & (axiomatic!) \\
   8.101 -    \indexdef{}{command}{defaultsort}\hypertarget{command.defaultsort}{\hyperlink{command.defaultsort}{\mbox{\isa{\isacommand{defaultsort}}}}} & : & \isartrans{theory}{theory} \\
   8.102 -    \indexdef{}{command}{class\_deps}\hypertarget{command.class-deps}{\hyperlink{command.class-deps}{\mbox{\isa{\isacommand{class{\isacharunderscore}deps}}}}} & : & \isarkeep{theory~|~proof} \\
   8.103 -  \end{matharray}
   8.104 -
   8.105 -  \begin{rail}
   8.106 -    'classes' (classdecl +)
   8.107 -    ;
   8.108 -    'classrel' (nameref ('<' | subseteq) nameref + 'and')
   8.109 -    ;
   8.110 -    'defaultsort' sort
   8.111 -    ;
   8.112 -  \end{rail}
   8.113 -
   8.114 -  \begin{descr}
   8.115 -
   8.116 -  \item [\hyperlink{command.classes}{\mbox{\isa{\isacommand{classes}}}}~\isa{{\isachardoublequote}c\ {\isasymsubseteq}\ c\isactrlsub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ c\isactrlsub n{\isachardoublequote}}]
   8.117 -  declares class \isa{c} to be a subclass of existing classes \isa{{\isachardoublequote}c\isactrlsub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ c\isactrlsub n{\isachardoublequote}}.  Cyclic class structures are not permitted.
   8.118 -
   8.119 -  \item [\hyperlink{command.classrel}{\mbox{\isa{\isacommand{classrel}}}}~\isa{{\isachardoublequote}c\isactrlsub {\isadigit{1}}\ {\isasymsubseteq}\ c\isactrlsub {\isadigit{2}}{\isachardoublequote}}] states
   8.120 -  subclass relations between existing classes \isa{{\isachardoublequote}c\isactrlsub {\isadigit{1}}{\isachardoublequote}} and
   8.121 -  \isa{{\isachardoublequote}c\isactrlsub {\isadigit{2}}{\isachardoublequote}}.  This is done axiomatically!  The \indexref{}{command}{instance}\hyperlink{command.instance}{\mbox{\isa{\isacommand{instance}}}} command (see \secref{sec:axclass}) provides a way to
   8.122 -  introduce proven class relations.
   8.123 -
   8.124 -  \item [\hyperlink{command.defaultsort}{\mbox{\isa{\isacommand{defaultsort}}}}~\isa{s}] makes sort \isa{s} the
   8.125 -  new default sort for any type variables given without sort
   8.126 -  constraints.  Usually, the default sort would be only changed when
   8.127 -  defining a new object-logic.
   8.128 -
   8.129 -  \item [\hyperlink{command.class-deps}{\mbox{\isa{\isacommand{class{\isacharunderscore}deps}}}}] visualizes the subclass relation,
   8.130 -  using Isabelle's graph browser tool (see also \cite{isabelle-sys}).
   8.131 -
   8.132 -  \end{descr}%
   8.133 -\end{isamarkuptext}%
   8.134 -\isamarkuptrue%
   8.135 -%
   8.136 -\isamarkupsubsection{Primitive types and type abbreviations \label{sec:types-pure}%
   8.137 -}
   8.138 -\isamarkuptrue%
   8.139 -%
   8.140 -\begin{isamarkuptext}%
   8.141 -\begin{matharray}{rcll}
   8.142 -    \indexdef{}{command}{types}\hypertarget{command.types}{\hyperlink{command.types}{\mbox{\isa{\isacommand{types}}}}} & : & \isartrans{theory}{theory} \\
   8.143 -    \indexdef{}{command}{typedecl}\hypertarget{command.typedecl}{\hyperlink{command.typedecl}{\mbox{\isa{\isacommand{typedecl}}}}} & : & \isartrans{theory}{theory} \\
   8.144 -    \indexdef{}{command}{nonterminals}\hypertarget{command.nonterminals}{\hyperlink{command.nonterminals}{\mbox{\isa{\isacommand{nonterminals}}}}} & : & \isartrans{theory}{theory} \\
   8.145 -    \indexdef{}{command}{arities}\hypertarget{command.arities}{\hyperlink{command.arities}{\mbox{\isa{\isacommand{arities}}}}} & : & \isartrans{theory}{theory} & (axiomatic!) \\
   8.146 -  \end{matharray}
   8.147 -
   8.148 -  \begin{rail}
   8.149 -    'types' (typespec '=' type infix? +)
   8.150 -    ;
   8.151 -    'typedecl' typespec infix?
   8.152 -    ;
   8.153 -    'nonterminals' (name +)
   8.154 -    ;
   8.155 -    'arities' (nameref '::' arity +)
   8.156 -    ;
   8.157 -  \end{rail}
   8.158 -
   8.159 -  \begin{descr}
   8.160 -
   8.161 -  \item [\hyperlink{command.types}{\mbox{\isa{\isacommand{types}}}}~\isa{{\isachardoublequote}{\isacharparenleft}{\isasymalpha}\isactrlsub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ {\isasymalpha}\isactrlsub n{\isacharparenright}\ t\ {\isacharequal}\ {\isasymtau}{\isachardoublequote}}]
   8.162 -  introduces \emph{type synonym} \isa{{\isachardoublequote}{\isacharparenleft}{\isasymalpha}\isactrlsub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ {\isasymalpha}\isactrlsub n{\isacharparenright}\ t{\isachardoublequote}}
   8.163 -  for existing type \isa{{\isachardoublequote}{\isasymtau}{\isachardoublequote}}.  Unlike actual type definitions, as
   8.164 -  are available in Isabelle/HOL for example, type synonyms are just
   8.165 -  purely syntactic abbreviations without any logical significance.
   8.166 -  Internally, type synonyms are fully expanded.
   8.167 -  
   8.168 -  \item [\hyperlink{command.typedecl}{\mbox{\isa{\isacommand{typedecl}}}}~\isa{{\isachardoublequote}{\isacharparenleft}{\isasymalpha}\isactrlsub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ {\isasymalpha}\isactrlsub n{\isacharparenright}\ t{\isachardoublequote}}]
   8.169 -  declares a new type constructor \isa{t}, intended as an actual
   8.170 -  logical type (of the object-logic, if available).
   8.171 -
   8.172 -  \item [\hyperlink{command.nonterminals}{\mbox{\isa{\isacommand{nonterminals}}}}~\isa{c}] declares type
   8.173 -  constructors \isa{c} (without arguments) to act as purely
   8.174 -  syntactic types, i.e.\ nonterminal symbols of Isabelle's inner
   8.175 -  syntax of terms or types.
   8.176 -
   8.177 -  \item [\hyperlink{command.arities}{\mbox{\isa{\isacommand{arities}}}}~\isa{{\isachardoublequote}t\ {\isacharcolon}{\isacharcolon}\ {\isacharparenleft}s\isactrlsub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ s\isactrlsub n{\isacharparenright}\ s{\isachardoublequote}}] augments Isabelle's order-sorted signature of types by new type
   8.178 -  constructor arities.  This is done axiomatically!  The \indexref{}{command}{instance}\hyperlink{command.instance}{\mbox{\isa{\isacommand{instance}}}} command (see \S\ref{sec:axclass}) provides a way to
   8.179 -  introduce proven type arities.
   8.180 -
   8.181 -  \end{descr}%
   8.182 -\end{isamarkuptext}%
   8.183 -\isamarkuptrue%
   8.184 -%
   8.185 -\isamarkupsubsection{Primitive constants and definitions \label{sec:consts}%
   8.186 -}
   8.187 -\isamarkuptrue%
   8.188 -%
   8.189 -\begin{isamarkuptext}%
   8.190 -Definitions essentially express abbreviations within the logic.  The
   8.191 -  simplest form of a definition is \isa{{\isachardoublequote}c\ {\isacharcolon}{\isacharcolon}\ {\isasymsigma}\ {\isasymequiv}\ t{\isachardoublequote}}, where \isa{c} is a newly declared constant.  Isabelle also allows derived forms
   8.192 -  where the arguments of \isa{c} appear on the left, abbreviating a
   8.193 -  prefix of \isa{{\isasymlambda}}-abstractions, e.g.\ \isa{{\isachardoublequote}c\ {\isasymequiv}\ {\isasymlambda}x\ y{\isachardot}\ t{\isachardoublequote}} may be
   8.194 -  written more conveniently as \isa{{\isachardoublequote}c\ x\ y\ {\isasymequiv}\ t{\isachardoublequote}}.  Moreover,
   8.195 -  definitions may be weakened by adding arbitrary pre-conditions:
   8.196 -  \isa{{\isachardoublequote}A\ {\isasymLongrightarrow}\ c\ x\ y\ {\isasymequiv}\ t{\isachardoublequote}}.
   8.197 -
   8.198 -  \medskip The built-in well-formedness conditions for definitional
   8.199 -  specifications are:
   8.200 -
   8.201 -  \begin{itemize}
   8.202 -
   8.203 -  \item Arguments (on the left-hand side) must be distinct variables.
   8.204 -
   8.205 -  \item All variables on the right-hand side must also appear on the
   8.206 -  left-hand side.
   8.207 -
   8.208 -  \item All type variables on the right-hand side must also appear on
   8.209 -  the left-hand side; this prohibits \isa{{\isachardoublequote}{\isadigit{0}}\ {\isacharcolon}{\isacharcolon}\ nat\ {\isasymequiv}\ length\ {\isacharparenleft}{\isacharbrackleft}{\isacharbrackright}\ {\isacharcolon}{\isacharcolon}\ {\isasymalpha}\ list{\isacharparenright}{\isachardoublequote}} for example.
   8.210 -
   8.211 -  \item The definition must not be recursive.  Most object-logics
   8.212 -  provide definitional principles that can be used to express
   8.213 -  recursion safely.
   8.214 -
   8.215 -  \end{itemize}
   8.216 -
   8.217 -  Overloading means that a constant being declared as \isa{{\isachardoublequote}c\ {\isacharcolon}{\isacharcolon}\ {\isasymalpha}\ decl{\isachardoublequote}} may be defined separately on type instances \isa{{\isachardoublequote}c\ {\isacharcolon}{\isacharcolon}\ {\isacharparenleft}{\isasymbeta}\isactrlsub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ {\isasymbeta}\isactrlsub n{\isacharparenright}\ t\ decl{\isachardoublequote}} for each type constructor \isa{t}.  The right-hand side may mention overloaded constants
   8.218 -  recursively at type instances corresponding to the immediate
   8.219 -  argument types \isa{{\isachardoublequote}{\isasymbeta}\isactrlsub {\isadigit{1}}{\isacharcomma}\ {\isasymdots}{\isacharcomma}\ {\isasymbeta}\isactrlsub n{\isachardoublequote}}.  Incomplete
   8.220 -  specification patterns impose global constraints on all occurrences,
   8.221 -  e.g.\ \isa{{\isachardoublequote}d\ {\isacharcolon}{\isacharcolon}\ {\isasymalpha}\ {\isasymtimes}\ {\isasymalpha}{\isachardoublequote}} on the left-hand side means that all
   8.222 -  corresponding occurrences on some right-hand side need to be an
   8.223 -  instance of this, general \isa{{\isachardoublequote}d\ {\isacharcolon}{\isacharcolon}\ {\isasymalpha}\ {\isasymtimes}\ {\isasymbeta}{\isachardoublequote}} will be disallowed.
   8.224 -
   8.225 -  \begin{matharray}{rcl}
   8.226 -    \indexdef{}{command}{consts}\hypertarget{command.consts}{\hyperlink{command.consts}{\mbox{\isa{\isacommand{consts}}}}} & : & \isartrans{theory}{theory} \\
   8.227 -    \indexdef{}{command}{defs}\hypertarget{command.defs}{\hyperlink{command.defs}{\mbox{\isa{\isacommand{defs}}}}} & : & \isartrans{theory}{theory} \\
   8.228 -    \indexdef{}{command}{constdefs}\hypertarget{command.constdefs}{\hyperlink{command.constdefs}{\mbox{\isa{\isacommand{constdefs}}}}} & : & \isartrans{theory}{theory} \\
   8.229 -  \end{matharray}
   8.230 -
   8.231 -  \begin{rail}
   8.232 -    'consts' ((name '::' type mixfix?) +)
   8.233 -    ;
   8.234 -    'defs' ('(' 'unchecked'? 'overloaded'? ')')? \\ (axmdecl prop +)
   8.235 -    ;
   8.236 -  \end{rail}
   8.237 -
   8.238 -  \begin{rail}
   8.239 -    'constdefs' structs? (constdecl? constdef +)
   8.240 -    ;
   8.241 -
   8.242 -    structs: '(' 'structure' (vars + 'and') ')'
   8.243 -    ;
   8.244 -    constdecl:  ((name '::' type mixfix | name '::' type | name mixfix) 'where'?) | name 'where'
   8.245 -    ;
   8.246 -    constdef: thmdecl? prop
   8.247 -    ;
   8.248 -  \end{rail}
   8.249 -
   8.250 -  \begin{descr}
   8.251 -
   8.252 -  \item [\hyperlink{command.consts}{\mbox{\isa{\isacommand{consts}}}}~\isa{{\isachardoublequote}c\ {\isacharcolon}{\isacharcolon}\ {\isasymsigma}{\isachardoublequote}}] declares constant
   8.253 -  \isa{c} to have any instance of type scheme \isa{{\isasymsigma}}.  The
   8.254 -  optional mixfix annotations may attach concrete syntax to the
   8.255 -  constants declared.
   8.256 -  
   8.257 -  \item [\hyperlink{command.defs}{\mbox{\isa{\isacommand{defs}}}}~\isa{{\isachardoublequote}name{\isacharcolon}\ eqn{\isachardoublequote}}] introduces \isa{eqn}
   8.258 -  as a definitional axiom for some existing constant.
   8.259 -  
   8.260 -  The \isa{{\isachardoublequote}{\isacharparenleft}unchecked{\isacharparenright}{\isachardoublequote}} option disables global dependency checks
   8.261 -  for this definition, which is occasionally useful for exotic
   8.262 -  overloading.  It is at the discretion of the user to avoid malformed
   8.263 -  theory specifications!
   8.264 -  
   8.265 -  The \isa{{\isachardoublequote}{\isacharparenleft}overloaded{\isacharparenright}{\isachardoublequote}} option declares definitions to be
   8.266 -  potentially overloaded.  Unless this option is given, a warning
   8.267 -  message would be issued for any definitional equation with a more
   8.268 -  special type than that of the corresponding constant declaration.
   8.269 -  
   8.270 -  \item [\hyperlink{command.constdefs}{\mbox{\isa{\isacommand{constdefs}}}}] provides a streamlined combination of
   8.271 -  constants declarations and definitions: type-inference takes care of
   8.272 -  the most general typing of the given specification (the optional
   8.273 -  type constraint may refer to type-inference dummies ``\isa{{\isacharunderscore}}'' as usual).  The resulting type declaration needs to agree with
   8.274 -  that of the specification; overloading is \emph{not} supported here!
   8.275 -  
   8.276 -  The constant name may be omitted altogether, if neither type nor
   8.277 -  syntax declarations are given.  The canonical name of the
   8.278 -  definitional axiom for constant \isa{c} will be \isa{c{\isacharunderscore}def},
   8.279 -  unless specified otherwise.  Also note that the given list of
   8.280 -  specifications is processed in a strictly sequential manner, with
   8.281 -  type-checking being performed independently.
   8.282 -  
   8.283 -  An optional initial context of \isa{{\isachardoublequote}{\isacharparenleft}structure{\isacharparenright}{\isachardoublequote}} declarations
   8.284 -  admits use of indexed syntax, using the special symbol \verb|\<index>| (printed as ``\isa{{\isachardoublequote}{\isasymindex}{\isachardoublequote}}'').  The latter concept is
   8.285 -  particularly useful with locales (see also \S\ref{sec:locale}).
   8.286 -
   8.287 -  \end{descr}%
   8.288 -\end{isamarkuptext}%
   8.289 -\isamarkuptrue%
   8.290 -%
   8.291 -\isamarkupsubsection{Syntax and translations \label{sec:syn-trans}%
   8.292 -}
   8.293 -\isamarkuptrue%
   8.294 -%
   8.295 -\begin{isamarkuptext}%
   8.296 -\begin{matharray}{rcl}
   8.297 -    \indexdef{}{command}{syntax}\hypertarget{command.syntax}{\hyperlink{command.syntax}{\mbox{\isa{\isacommand{syntax}}}}} & : & \isartrans{theory}{theory} \\
   8.298 -    \indexdef{}{command}{no\_syntax}\hypertarget{command.no-syntax}{\hyperlink{command.no-syntax}{\mbox{\isa{\isacommand{no{\isacharunderscore}syntax}}}}} & : & \isartrans{theory}{theory} \\
   8.299 -    \indexdef{}{command}{translations}\hypertarget{command.translations}{\hyperlink{command.translations}{\mbox{\isa{\isacommand{translations}}}}} & : & \isartrans{theory}{theory} \\
   8.300 -    \indexdef{}{command}{no\_translations}\hypertarget{command.no-translations}{\hyperlink{command.no-translations}{\mbox{\isa{\isacommand{no{\isacharunderscore}translations}}}}} & : & \isartrans{theory}{theory} \\
   8.301 -  \end{matharray}
   8.302 -
   8.303 -  \begin{rail}
   8.304 -    ('syntax' | 'no\_syntax') mode? (constdecl +)
   8.305 -    ;
   8.306 -    ('translations' | 'no\_translations') (transpat ('==' | '=>' | '<=' | rightleftharpoons | rightharpoonup | leftharpoondown) transpat +)
   8.307 -    ;
   8.308 -
   8.309 -    mode: ('(' ( name | 'output' | name 'output' ) ')')
   8.310 -    ;
   8.311 -    transpat: ('(' nameref ')')? string
   8.312 -    ;
   8.313 -  \end{rail}
   8.314 -
   8.315 -  \begin{descr}
   8.316 -  
   8.317 -  \item [\hyperlink{command.syntax}{\mbox{\isa{\isacommand{syntax}}}}~\isa{{\isachardoublequote}{\isacharparenleft}mode{\isacharparenright}\ decls{\isachardoublequote}}] is similar to
   8.318 -  \hyperlink{command.consts}{\mbox{\isa{\isacommand{consts}}}}~\isa{decls}, except that the actual logical
   8.319 -  signature extension is omitted.  Thus the context free grammar of
   8.320 -  Isabelle's inner syntax may be augmented in arbitrary ways,
   8.321 -  independently of the logic.  The \isa{mode} argument refers to the
   8.322 -  print mode that the grammar rules belong; unless the \indexref{}{keyword}{output}\hyperlink{keyword.output}{\mbox{\isa{\isakeyword{output}}}} indicator is given, all productions are added both to the
   8.323 -  input and output grammar.
   8.324 -  
   8.325 -  \item [\hyperlink{command.no-syntax}{\mbox{\isa{\isacommand{no{\isacharunderscore}syntax}}}}~\isa{{\isachardoublequote}{\isacharparenleft}mode{\isacharparenright}\ decls{\isachardoublequote}}] removes
   8.326 -  grammar declarations (and translations) resulting from \isa{decls}, which are interpreted in the same manner as for \hyperlink{command.syntax}{\mbox{\isa{\isacommand{syntax}}}} above.
   8.327 -  
   8.328 -  \item [\hyperlink{command.translations}{\mbox{\isa{\isacommand{translations}}}}~\isa{rules}] specifies syntactic
   8.329 -  translation rules (i.e.\ macros): parse~/ print rules (\isa{{\isachardoublequote}{\isasymrightleftharpoons}{\isachardoublequote}}),
   8.330 -  parse rules (\isa{{\isachardoublequote}{\isasymrightharpoonup}{\isachardoublequote}}), or print rules (\isa{{\isachardoublequote}{\isasymleftharpoondown}{\isachardoublequote}}).
   8.331 -  Translation patterns may be prefixed by the syntactic category to be
   8.332 -  used for parsing; the default is \isa{logic}.
   8.333 -  
   8.334 -  \item [\hyperlink{command.no-translations}{\mbox{\isa{\isacommand{no{\isacharunderscore}translations}}}}~\isa{rules}] removes syntactic
   8.335 -  translation rules, which are interpreted in the same manner as for
   8.336 -  \hyperlink{command.translations}{\mbox{\isa{\isacommand{translations}}}} above.
   8.337 -
   8.338 -  \end{descr}%
   8.339 -\end{isamarkuptext}%
   8.340 -\isamarkuptrue%
   8.341 -%
   8.342 -\isamarkupsubsection{Axioms and theorems \label{sec:axms-thms}%
   8.343 -}
   8.344 -\isamarkuptrue%
   8.345 -%
   8.346 -\begin{isamarkuptext}%
   8.347 -\begin{matharray}{rcll}
   8.348 -    \indexdef{}{command}{axioms}\hypertarget{command.axioms}{\hyperlink{command.axioms}{\mbox{\isa{\isacommand{axioms}}}}} & : & \isartrans{theory}{theory} & (axiomatic!) \\
   8.349 -    \indexdef{}{command}{lemmas}\hypertarget{command.lemmas}{\hyperlink{command.lemmas}{\mbox{\isa{\isacommand{lemmas}}}}} & : & \isarkeep{local{\dsh}theory} \\
   8.350 -    \indexdef{}{command}{theorems}\hypertarget{command.theorems}{\hyperlink{command.theorems}{\mbox{\isa{\isacommand{theorems}}}}} & : & isarkeep{local{\dsh}theory} \\
   8.351 -  \end{matharray}
   8.352 -
   8.353 -  \begin{rail}
   8.354 -    'axioms' (axmdecl prop +)
   8.355 -    ;
   8.356 -    ('lemmas' | 'theorems') target? (thmdef? thmrefs + 'and')
   8.357 -    ;
   8.358 -  \end{rail}
   8.359 -
   8.360 -  \begin{descr}
   8.361 -  
   8.362 -  \item [\hyperlink{command.axioms}{\mbox{\isa{\isacommand{axioms}}}}~\isa{{\isachardoublequote}a{\isacharcolon}\ {\isasymphi}{\isachardoublequote}}] introduces arbitrary
   8.363 -  statements as axioms of the meta-logic.  In fact, axioms are
   8.364 -  ``axiomatic theorems'', and may be referred later just as any other
   8.365 -  theorem.
   8.366 -  
   8.367 -  Axioms are usually only introduced when declaring new logical
   8.368 -  systems.  Everyday work is typically done the hard way, with proper
   8.369 -  definitions and proven theorems.
   8.370 -  
   8.371 -  \item [\hyperlink{command.lemmas}{\mbox{\isa{\isacommand{lemmas}}}}~\isa{{\isachardoublequote}a\ {\isacharequal}\ b\isactrlsub {\isadigit{1}}\ {\isasymdots}\ b\isactrlsub n{\isachardoublequote}}]
   8.372 -  retrieves and stores existing facts in the theory context, or the
   8.373 -  specified target context (see also \secref{sec:target}).  Typical
   8.374 -  applications would also involve attributes, to declare Simplifier
   8.375 -  rules, for example.
   8.376 -  
   8.377 -  \item [\hyperlink{command.theorems}{\mbox{\isa{\isacommand{theorems}}}}] is essentially the same as \hyperlink{command.lemmas}{\mbox{\isa{\isacommand{lemmas}}}}, but marks the result as a different kind of facts.
   8.378 -
   8.379 -  \end{descr}%
   8.380 -\end{isamarkuptext}%
   8.381 -\isamarkuptrue%
   8.382 -%
   8.383 -\isamarkupsubsection{Name spaces%
   8.384 -}
   8.385 -\isamarkuptrue%
   8.386 -%
   8.387 -\begin{isamarkuptext}%
   8.388 -\begin{matharray}{rcl}
   8.389 -    \indexdef{}{command}{global}\hypertarget{command.global}{\hyperlink{command.global}{\mbox{\isa{\isacommand{global}}}}} & : & \isartrans{theory}{theory} \\
   8.390 -    \indexdef{}{command}{local}\hypertarget{command.local}{\hyperlink{command.local}{\mbox{\isa{\isacommand{local}}}}} & : & \isartrans{theory}{theory} \\
   8.391 -    \indexdef{}{command}{hide}\hypertarget{command.hide}{\hyperlink{command.hide}{\mbox{\isa{\isacommand{hide}}}}} & : & \isartrans{theory}{theory} \\
   8.392 -  \end{matharray}
   8.393 -
   8.394 -  \begin{rail}
   8.395 -    'hide' ('(open)')? name (nameref + )
   8.396 -    ;
   8.397 -  \end{rail}
   8.398 -
   8.399 -  Isabelle organizes any kind of name declarations (of types,
   8.400 -  constants, theorems etc.) by separate hierarchically structured name
   8.401 -  spaces.  Normally the user does not have to control the behavior of
   8.402 -  name spaces by hand, yet the following commands provide some way to
   8.403 -  do so.
   8.404 -
   8.405 -  \begin{descr}
   8.406 -
   8.407 -  \item [\hyperlink{command.global}{\mbox{\isa{\isacommand{global}}}} and \hyperlink{command.local}{\mbox{\isa{\isacommand{local}}}}] change the
   8.408 -  current name declaration mode.  Initially, theories start in
   8.409 -  \hyperlink{command.local}{\mbox{\isa{\isacommand{local}}}} mode, causing all names to be automatically
   8.410 -  qualified by the theory name.  Changing this to \hyperlink{command.global}{\mbox{\isa{\isacommand{global}}}}
   8.411 -  causes all names to be declared without the theory prefix, until
   8.412 -  \hyperlink{command.local}{\mbox{\isa{\isacommand{local}}}} is declared again.
   8.413 -  
   8.414 -  Note that global names are prone to get hidden accidently later,
   8.415 -  when qualified names of the same base name are introduced.
   8.416 -  
   8.417 -  \item [\hyperlink{command.hide}{\mbox{\isa{\isacommand{hide}}}}~\isa{{\isachardoublequote}space\ names{\isachardoublequote}}] fully removes
   8.418 -  declarations from a given name space (which may be \isa{{\isachardoublequote}class{\isachardoublequote}},
   8.419 -  \isa{{\isachardoublequote}type{\isachardoublequote}}, \isa{{\isachardoublequote}const{\isachardoublequote}}, or \isa{{\isachardoublequote}fact{\isachardoublequote}}); with the \isa{{\isachardoublequote}{\isacharparenleft}open{\isacharparenright}{\isachardoublequote}} option, only the base name is hidden.  Global
   8.420 -  (unqualified) names may never be hidden.
   8.421 -  
   8.422 -  Note that hiding name space accesses has no impact on logical
   8.423 -  declarations -- they remain valid internally.  Entities that are no
   8.424 -  longer accessible to the user are printed with the special qualifier
   8.425 -  ``\isa{{\isachardoublequote}{\isacharquery}{\isacharquery}{\isachardoublequote}}'' prefixed to the full internal name.
   8.426 -
   8.427 -  \end{descr}%
   8.428 -\end{isamarkuptext}%
   8.429 -\isamarkuptrue%
   8.430 -%
   8.431 -\isamarkupsubsection{Incorporating ML code \label{sec:ML}%
   8.432 -}
   8.433 -\isamarkuptrue%
   8.434 -%
   8.435 -\begin{isamarkuptext}%
   8.436 -\begin{matharray}{rcl}
   8.437 -    \indexdef{}{command}{use}\hypertarget{command.use}{\hyperlink{command.use}{\mbox{\isa{\isacommand{use}}}}} & : & \isarkeep{theory~|~local{\dsh}theory} \\
   8.438 -    \indexdef{}{command}{ML}\hypertarget{command.ML}{\hyperlink{command.ML}{\mbox{\isa{\isacommand{ML}}}}} & : & \isarkeep{theory~|~local{\dsh}theory} \\
   8.439 -    \indexdef{}{command}{ML\_val}\hypertarget{command.ML-val}{\hyperlink{command.ML-val}{\mbox{\isa{\isacommand{ML{\isacharunderscore}val}}}}} & : & \isartrans{\cdot}{\cdot} \\
   8.440 -    \indexdef{}{command}{ML\_command}\hypertarget{command.ML-command}{\hyperlink{command.ML-command}{\mbox{\isa{\isacommand{ML{\isacharunderscore}command}}}}} & : & \isartrans{\cdot}{\cdot} \\
   8.441 -    \indexdef{}{command}{setup}\hypertarget{command.setup}{\hyperlink{command.setup}{\mbox{\isa{\isacommand{setup}}}}} & : & \isartrans{theory}{theory} \\
   8.442 -    \indexdef{}{command}{method\_setup}\hypertarget{command.method-setup}{\hyperlink{command.method-setup}{\mbox{\isa{\isacommand{method{\isacharunderscore}setup}}}}} & : & \isartrans{theory}{theory} \\
   8.443 -  \end{matharray}
   8.444 -
   8.445 -  \begin{rail}
   8.446 -    'use' name
   8.447 -    ;
   8.448 -    ('ML' | 'ML\_val' | 'ML\_command' | 'setup') text
   8.449 -    ;
   8.450 -    'method\_setup' name '=' text text
   8.451 -    ;
   8.452 -  \end{rail}
   8.453 -
   8.454 -  \begin{descr}
   8.455 -
   8.456 -  \item [\hyperlink{command.use}{\mbox{\isa{\isacommand{use}}}}~\isa{{\isachardoublequote}file{\isachardoublequote}}] reads and executes ML
   8.457 -  commands from \isa{{\isachardoublequote}file{\isachardoublequote}}.  The current theory context is passed
   8.458 -  down to the ML toplevel and may be modified, using \verb|"Context.>>"| or derived ML commands.  The file name is checked with
   8.459 -  the \indexref{}{keyword}{uses}\hyperlink{keyword.uses}{\mbox{\isa{\isakeyword{uses}}}} dependency declaration given in the theory
   8.460 -  header (see also \secref{sec:begin-thy}).
   8.461 -  
   8.462 -  \item [\hyperlink{command.ML}{\mbox{\isa{\isacommand{ML}}}}~\isa{{\isachardoublequote}text{\isachardoublequote}}] is similar to \hyperlink{command.use}{\mbox{\isa{\isacommand{use}}}}, but executes ML commands directly from the given \isa{{\isachardoublequote}text{\isachardoublequote}}.
   8.463 -
   8.464 -  \item [\hyperlink{command.ML-val}{\mbox{\isa{\isacommand{ML{\isacharunderscore}val}}}} and \hyperlink{command.ML-command}{\mbox{\isa{\isacommand{ML{\isacharunderscore}command}}}}] are
   8.465 -  diagnostic versions of \hyperlink{command.ML}{\mbox{\isa{\isacommand{ML}}}}, which means that the context
   8.466 -  may not be updated.  \hyperlink{command.ML-val}{\mbox{\isa{\isacommand{ML{\isacharunderscore}val}}}} echos the bindings produced
   8.467 -  at the ML toplevel, but \hyperlink{command.ML-command}{\mbox{\isa{\isacommand{ML{\isacharunderscore}command}}}} is silent.
   8.468 -  
   8.469 -  \item [\hyperlink{command.setup}{\mbox{\isa{\isacommand{setup}}}}~\isa{{\isachardoublequote}text{\isachardoublequote}}] changes the current theory
   8.470 -  context by applying \isa{{\isachardoublequote}text{\isachardoublequote}}, which refers to an ML expression
   8.471 -  of type \verb|"theory -> theory"|.  This enables to initialize
   8.472 -  any object-logic specific tools and packages written in ML, for
   8.473 -  example.
   8.474 -  
   8.475 -  \item [\hyperlink{command.method-setup}{\mbox{\isa{\isacommand{method{\isacharunderscore}setup}}}}~\isa{{\isachardoublequote}name\ {\isacharequal}\ text\ description{\isachardoublequote}}]
   8.476 -  defines a proof method in the current theory.  The given \isa{{\isachardoublequote}text{\isachardoublequote}} has to be an ML expression of type \verb|"Args.src ->|\isasep\isanewline%
   8.477 -\verb|  Proof.context -> Proof.method"|.  Parsing concrete method syntax
   8.478 -  from \verb|Args.src| input can be quite tedious in general.  The
   8.479 -  following simple examples are for methods without any explicit
   8.480 -  arguments, or a list of theorems, respectively.
   8.481 -
   8.482 -%FIXME proper antiquotations
   8.483 -{\footnotesize
   8.484 -\begin{verbatim}
   8.485 - Method.no_args (Method.METHOD (fn facts => foobar_tac))
   8.486 - Method.thms_args (fn thms => Method.METHOD (fn facts => foobar_tac))
   8.487 - Method.ctxt_args (fn ctxt => Method.METHOD (fn facts => foobar_tac))
   8.488 - Method.thms_ctxt_args (fn thms => fn ctxt =>
   8.489 -    Method.METHOD (fn facts => foobar_tac))
   8.490 -\end{verbatim}
   8.491 -}
   8.492 -
   8.493 -  Note that mere tactic emulations may ignore the \isa{facts}
   8.494 -  parameter above.  Proper proof methods would do something
   8.495 -  appropriate with the list of current facts, though.  Single-rule
   8.496 -  methods usually do strict forward-chaining (e.g.\ by using \verb|Drule.multi_resolves|), while automatic ones just insert the facts
   8.497 -  using \verb|Method.insert_tac| before applying the main tactic.
   8.498 -
   8.499 -  \end{descr}%
   8.500 -\end{isamarkuptext}%
   8.501 -\isamarkuptrue%
   8.502 -%
   8.503 -\isamarkupsubsection{Syntax translation functions%
   8.504 -}
   8.505 -\isamarkuptrue%
   8.506 -%
   8.507 -\begin{isamarkuptext}%
   8.508 -\begin{matharray}{rcl}
   8.509 -    \indexdef{}{command}{parse\_ast\_translation}\hypertarget{command.parse-ast-translation}{\hyperlink{command.parse-ast-translation}{\mbox{\isa{\isacommand{parse{\isacharunderscore}ast{\isacharunderscore}translation}}}}} & : & \isartrans{theory}{theory} \\
   8.510 -    \indexdef{}{command}{parse\_translation}\hypertarget{command.parse-translation}{\hyperlink{command.parse-translation}{\mbox{\isa{\isacommand{parse{\isacharunderscore}translation}}}}} & : & \isartrans{theory}{theory} \\
   8.511 -    \indexdef{}{command}{print\_translation}\hypertarget{command.print-translation}{\hyperlink{command.print-translation}{\mbox{\isa{\isacommand{print{\isacharunderscore}translation}}}}} & : & \isartrans{theory}{theory} \\
   8.512 -    \indexdef{}{command}{typed\_print\_translation}\hypertarget{command.typed-print-translation}{\hyperlink{command.typed-print-translation}{\mbox{\isa{\isacommand{typed{\isacharunderscore}print{\isacharunderscore}translation}}}}} & : & \isartrans{theory}{theory} \\
   8.513 -    \indexdef{}{command}{print\_ast\_translation}\hypertarget{command.print-ast-translation}{\hyperlink{command.print-ast-translation}{\mbox{\isa{\isacommand{print{\isacharunderscore}ast{\isacharunderscore}translation}}}}} & : & \isartrans{theory}{theory} \\
   8.514 -    \indexdef{}{command}{token\_translation}\hypertarget{command.token-translation}{\hyperlink{command.token-translation}{\mbox{\isa{\isacommand{token{\isacharunderscore}translation}}}}} & : & \isartrans{theory}{theory} \\
   8.515 -  \end{matharray}
   8.516 -
   8.517 -  \begin{rail}
   8.518 -  ( 'parse\_ast\_translation' | 'parse\_translation' | 'print\_translation' |
   8.519 -    'typed\_print\_translation' | 'print\_ast\_translation' ) ('(advanced)')? text
   8.520 -  ;
   8.521 -
   8.522 -  'token\_translation' text
   8.523 -  ;
   8.524 -  \end{rail}
   8.525 -
   8.526 -  Syntax translation functions written in ML admit almost arbitrary
   8.527 -  manipulations of Isabelle's inner syntax.  Any of the above commands
   8.528 -  have a single \railqtok{text} argument that refers to an ML
   8.529 -  expression of appropriate type, which are as follows by default:
   8.530 -
   8.531 -%FIXME proper antiquotations
   8.532 -\begin{ttbox}
   8.533 -val parse_ast_translation   : (string * (ast list -> ast)) list
   8.534 -val parse_translation       : (string * (term list -> term)) list
   8.535 -val print_translation       : (string * (term list -> term)) list
   8.536 -val typed_print_translation :
   8.537 -  (string * (bool -> typ -> term list -> term)) list
   8.538 -val print_ast_translation   : (string * (ast list -> ast)) list
   8.539 -val token_translation       :
   8.540 -  (string * string * (string -> string * real)) list
   8.541 -\end{ttbox}
   8.542 -
   8.543 -  If the \isa{{\isachardoublequote}{\isacharparenleft}advanced{\isacharparenright}{\isachardoublequote}} option is given, the corresponding
   8.544 -  translation functions may depend on the current theory or proof
   8.545 -  context.  This allows to implement advanced syntax mechanisms, as
   8.546 -  translations functions may refer to specific theory declarations or
   8.547 -  auxiliary proof data.
   8.548 -
   8.549 -  See also \cite[\S8]{isabelle-ref} for more information on the
   8.550 -  general concept of syntax transformations in Isabelle.
   8.551 -
   8.552 -%FIXME proper antiquotations
   8.553 -\begin{ttbox}
   8.554 -val parse_ast_translation:
   8.555 -  (string * (Context.generic -> ast list -> ast)) list
   8.556 -val parse_translation:
   8.557 -  (string * (Context.generic -> term list -> term)) list
   8.558 -val print_translation:
   8.559 -  (string * (Context.generic -> term list -> term)) list
   8.560 -val typed_print_translation:
   8.561 -  (string * (Context.generic -> bool -> typ -> term list -> term)) list
   8.562 -val print_ast_translation:
   8.563 -  (string * (Context.generic -> ast list -> ast)) list
   8.564 -\end{ttbox}%
   8.565 -\end{isamarkuptext}%
   8.566 -\isamarkuptrue%
   8.567 -%
   8.568 -\isamarkupsubsection{Oracles%
   8.569 -}
   8.570 -\isamarkuptrue%
   8.571 -%
   8.572 -\begin{isamarkuptext}%
   8.573 -\begin{matharray}{rcl}
   8.574 -    \indexdef{}{command}{oracle}\hypertarget{command.oracle}{\hyperlink{command.oracle}{\mbox{\isa{\isacommand{oracle}}}}} & : & \isartrans{theory}{theory} \\
   8.575 -  \end{matharray}
   8.576 -
   8.577 -  The oracle interface promotes a given ML function \verb|theory -> T -> term| to \verb|theory -> T -> thm|, for some
   8.578 -  type \verb|T| given by the user.  This acts like an infinitary
   8.579 -  specification of axioms -- there is no internal check of the
   8.580 -  correctness of the results!  The inference kernel records oracle
   8.581 -  invocations within the internal derivation object of theorems, and
   8.582 -  the pretty printer attaches ``\isa{{\isachardoublequote}{\isacharbrackleft}{\isacharbang}{\isacharbrackright}{\isachardoublequote}}'' to indicate results
   8.583 -  that are not fully checked by Isabelle inferences.
   8.584 -
   8.585 -  \begin{rail}
   8.586 -    'oracle' name '(' type ')' '=' text
   8.587 -    ;
   8.588 -  \end{rail}
   8.589 -
   8.590 -  \begin{descr}
   8.591 -
   8.592 -  \item [\hyperlink{command.oracle}{\mbox{\isa{\isacommand{oracle}}}}~\isa{{\isachardoublequote}name\ {\isacharparenleft}type{\isacharparenright}\ {\isacharequal}\ text{\isachardoublequote}}] turns the
   8.593 -  given ML expression \isa{{\isachardoublequote}text{\isachardoublequote}} of type
   8.594 -  \verb|theory ->|~\isa{{\isachardoublequote}type{\isachardoublequote}}~\verb|-> term| into an
   8.595 -  ML function of type
   8.596 -  \verb|theory ->|~\isa{{\isachardoublequote}type{\isachardoublequote}}~\verb|-> thm|, which is
   8.597 -  bound to the global identifier \verb|name|.
   8.598 -
   8.599 -  \end{descr}%
   8.600 -\end{isamarkuptext}%
   8.601 -\isamarkuptrue%
   8.602 -%
   8.603 -\isamarkupsection{Proof commands%
   8.604 -}
   8.605 -\isamarkuptrue%
   8.606 -%
   8.607 -\isamarkupsubsection{Markup commands \label{sec:markup-prf}%
   8.608 -}
   8.609 -\isamarkuptrue%
   8.610 -%
   8.611 -\begin{isamarkuptext}%
   8.612 -\begin{matharray}{rcl}
   8.613 -    \indexdef{}{command}{sect}\hypertarget{command.sect}{\hyperlink{command.sect}{\mbox{\isa{\isacommand{sect}}}}} & : & \isartrans{proof}{proof} \\
   8.614 -    \indexdef{}{command}{subsect}\hypertarget{command.subsect}{\hyperlink{command.subsect}{\mbox{\isa{\isacommand{subsect}}}}} & : & \isartrans{proof}{proof} \\
   8.615 -    \indexdef{}{command}{subsubsect}\hypertarget{command.subsubsect}{\hyperlink{command.subsubsect}{\mbox{\isa{\isacommand{subsubsect}}}}} & : & \isartrans{proof}{proof} \\
   8.616 -    \indexdef{}{command}{txt}\hypertarget{command.txt}{\hyperlink{command.txt}{\mbox{\isa{\isacommand{txt}}}}} & : & \isartrans{proof}{proof} \\
   8.617 -    \indexdef{}{command}{txt\_raw}\hypertarget{command.txt-raw}{\hyperlink{command.txt-raw}{\mbox{\isa{\isacommand{txt{\isacharunderscore}raw}}}}} & : & \isartrans{proof}{proof} \\
   8.618 -  \end{matharray}
   8.619 -
   8.620 -  These markup commands for proof mode closely correspond to the ones
   8.621 -  of theory mode (see \S\ref{sec:markup-thy}).
   8.622 -
   8.623 -  \begin{rail}
   8.624 -    ('sect' | 'subsect' | 'subsubsect' | 'txt' | 'txt\_raw') text
   8.625 -    ;
   8.626 -  \end{rail}%
   8.627 -\end{isamarkuptext}%
   8.628 -\isamarkuptrue%
   8.629 -%
   8.630  \isamarkupsection{Other commands%
   8.631  }
   8.632  \isamarkuptrue%
   8.633 @@ -871,15 +248,11 @@
   8.634      \indexdef{}{command}{cd}\hypertarget{command.cd}{\hyperlink{command.cd}{\mbox{\isa{\isacommand{cd}}}}}\isa{{\isachardoublequote}\isactrlsup {\isacharasterisk}{\isachardoublequote}} & : & \isarkeep{\cdot} \\
   8.635      \indexdef{}{command}{pwd}\hypertarget{command.pwd}{\hyperlink{command.pwd}{\mbox{\isa{\isacommand{pwd}}}}}\isa{{\isachardoublequote}\isactrlsup {\isacharasterisk}{\isachardoublequote}} & : & \isarkeep{\cdot} \\
   8.636      \indexdef{}{command}{use\_thy}\hypertarget{command.use-thy}{\hyperlink{command.use-thy}{\mbox{\isa{\isacommand{use{\isacharunderscore}thy}}}}}\isa{{\isachardoublequote}\isactrlsup {\isacharasterisk}{\isachardoublequote}} & : & \isarkeep{\cdot} \\
   8.637 -    \indexdef{}{command}{display\_drafts}\hypertarget{command.display-drafts}{\hyperlink{command.display-drafts}{\mbox{\isa{\isacommand{display{\isacharunderscore}drafts}}}}}\isa{{\isachardoublequote}\isactrlsup {\isacharasterisk}{\isachardoublequote}} & : & \isarkeep{\cdot} \\
   8.638 -    \indexdef{}{command}{print\_drafts}\hypertarget{command.print-drafts}{\hyperlink{command.print-drafts}{\mbox{\isa{\isacommand{print{\isacharunderscore}drafts}}}}}\isa{{\isachardoublequote}\isactrlsup {\isacharasterisk}{\isachardoublequote}} & : & \isarkeep{\cdot} \\
   8.639    \end{matharray}
   8.640  
   8.641    \begin{rail}
   8.642      ('cd' | 'use\_thy' | 'update\_thy') name
   8.643      ;
   8.644 -    ('display\_drafts' | 'print\_drafts') (name +)
   8.645 -    ;
   8.646    \end{rail}
   8.647  
   8.648    \begin{descr}
   8.649 @@ -893,11 +266,6 @@
   8.650    These system commands are scarcely used when working interactively,
   8.651    since loading of theories is done automatically as required.
   8.652  
   8.653 -  \item [\hyperlink{command.display-drafts}{\mbox{\isa{\isacommand{display{\isacharunderscore}drafts}}}}~\isa{paths} and \hyperlink{command.print-drafts}{\mbox{\isa{\isacommand{print{\isacharunderscore}drafts}}}}~\isa{paths}] perform simple output of a given list
   8.654 -  of raw source files.  Only those symbols that do not require
   8.655 -  additional {\LaTeX} packages are displayed properly, everything else
   8.656 -  is left verbatim.
   8.657 -
   8.658    \end{descr}%
   8.659  \end{isamarkuptext}%
   8.660  \isamarkuptrue%